WO2016138652A1 - Method for obtaining member resource data, and corresponding device and apparatus - Google Patents

Method for obtaining member resource data, and corresponding device and apparatus Download PDF

Info

Publication number
WO2016138652A1
WO2016138652A1 PCT/CN2015/073663 CN2015073663W WO2016138652A1 WO 2016138652 A1 WO2016138652 A1 WO 2016138652A1 CN 2015073663 W CN2015073663 W CN 2015073663W WO 2016138652 A1 WO2016138652 A1 WO 2016138652A1
Authority
WO
WIPO (PCT)
Prior art keywords
resource
virtual resource
target virtual
member resource
request
Prior art date
Application number
PCT/CN2015/073663
Other languages
French (fr)
Chinese (zh)
Inventor
陈剑峰
李炜
程浩
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2015/073663 priority Critical patent/WO2016138652A1/en
Publication of WO2016138652A1 publication Critical patent/WO2016138652A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method, a corresponding device, and a device for acquiring member resource data.
  • Machine-to-Machine Communications is a networked application and service centered on machine intelligence interaction. It embeds wireless or wired communication modules and application modules inside the machine. Realize data communication without manual intervention to meet the information needs of users in monitoring, command and dispatch, data acquisition and measurement.
  • the application of the M2M technology in the smart home field wherein the temperature sensor, the humidity sensor, and the oxygen concentration sensor are all provided with a communication module, which can send the collected data to the gateway, and the gateway can not only send the data of the sensor.
  • a communication module which can send the collected data to the gateway, and the gateway can not only send the data of the sensor.
  • the mobile phone it is also possible to run an application that provides room comfort, and perform a mixture of temperature data, humidity data, and oxygen concentration data to obtain a comfort index.
  • the user can send a request for obtaining a comfort index to the gateway, receive data of the comfort index returned by the gateway, and know the current comfort level of the room.
  • Both physical and application objects in the M2M system are represented as resources, described by resource structures, are independently addressable, can be searched and discovered, and have unique identifiers, usually with universal resource identifiers (English: Uniform Resource Identifier (URI) is used as the resource identifier.
  • URI Uniform Resource Identifier
  • the smart home system, temperature sensor, humidity sensor, oxygen concentration sensor and other sensing devices are abstracted into resources after being registered to the smart home system, and are described by a set of common attributes, one of which is
  • the data provided by the physical device (such as temperature value, humidity value, oxygen concentration value).
  • the service that provides the comfort index in the gateway is also a resource.
  • the resource does not correspond to a specific physical entity, but is an application object corresponding to the service, and is called a virtual resource.
  • a virtual resource passes through an existing resource (which may be a resource abstracted by a physical device).
  • the data provided by the existing virtual resources is subjected to a hybrid processing, thereby obtaining new information that is not included in the existing resources.
  • the application service providing the "comfort index" is a virtual resource, which is assigned a URI, which can be abstracted according to physical devices such as a temperature sensor, a humidity sensor, and an oxygen concentration sensor.
  • the resource that provides data for the virtual resource is called a member resource of the virtual resource.
  • the resource corresponding to the temperature sensor, the humidity sensor, and the oxygen concentration sensor are member resources of the virtual resource that provides the application service of the “comfort index”.
  • the member resources of a virtual resource may also be other existing virtual resources.
  • an application service that provides a "comfort index” uses a "user clothing index” when calculating a comfort index, and " The user's clothing index is obtained by an application according to the user's body temperature detected by the wearable device and the image data of the user photographed by the camera.
  • the service providing the "user's clothing index” is itself a virtual resource, and also provides a "comfort index”. Member resources of the application service.
  • the list of member resources used by the virtual resource will be stored as an attribute of the virtual resource.
  • the virtual resource provider (such as the gateway in FIG. 1) receives the operation request for the virtual resource from the terminal, the virtual resource provider needs to acquire data from each member resource to perform the operation requested by the terminal.
  • the embodiments of the present invention provide a method for acquiring member resource data, and a corresponding device and device, which are used to solve the problem that it is difficult to collect member resource data of a virtual resource in a safe and effective manner in the prior art.
  • an embodiment of the present invention provides a method for acquiring member resource data, including:
  • the virtual resource provider receives the virtual resource request sent by the terminal, where the virtual resource request includes the identifier information of the application that initiates the virtual resource request in the terminal, and the identifier information of the target virtual resource requested by the application;
  • the virtual resource provider locates the target virtual resource according to the identifier information of the target virtual resource, and determines, according to the attribute information of the target virtual resource, the member that provides the target virtual resource. Member resource provider of the resource;
  • the virtual resource providing direction sends the member resource request to the member resource provider
  • the virtual resource provider receives the data of the member resource returned by the member resource provider according to the identifier information of the target virtual resource included in the member resource request and the identifier information of the application.
  • the method after receiving the data of the member resource returned by the member resource provider, the method further includes:
  • an embodiment of the present invention provides a method for responding to a member resource request, including:
  • the member resource provider receives the member resource request sent by the virtual resource provider
  • the obtaining, by the member resource request, the identifier information of the application that is the resource original requester includes:
  • the obtaining, by the member resource request, the identifier information of the application that is the resource original requester includes:
  • the first possible implementation of the second aspect and the second possible implementation of the second aspect, in a third possible implementation of the second aspect, before the path returns the data of the member resource, it also includes:
  • an apparatus for acquiring member resource data including:
  • a first receiving module configured to receive a virtual resource request sent by the terminal, where the virtual resource request includes identifier information of an application that initiates the virtual resource request in the terminal, and identifier information of the target virtual resource requested by the application ;
  • a determining module configured to locate the target virtual resource according to the identifier information of the target virtual resource, and determine, according to the attribute information of the target virtual resource, a member resource provider that provides a member resource of the target virtual resource;
  • a sending module configured to send a member resource request to the member resource provider
  • a second receiving module configured to receive, by the member resource provider, data of the member resource returned according to the identifier information of the target virtual resource included in the member resource request and the identifier information of the application.
  • the device further includes:
  • a second determining module configured to determine, according to the received data of the member resource, data corresponding to the target virtual resource
  • a second sending module configured to return, to the terminal, the determined data corresponding to the target virtual resource.
  • an embodiment of the present invention provides an apparatus for responding to a member resource request, including:
  • a receiving module configured to receive a member resource request sent by the virtual resource provider
  • An authentication module configured to obtain, from the member resource request, identifier information of an application that is a resource original requester, and determine, according to the identifier information of the application, that the application has permission to access a member resource;
  • a sending module configured to obtain, from the member resource request, identifier information of the target virtual resource, and determine, according to the identifier information of the target virtual resource, a path for returning data to the virtual resource provider, according to the determined The path returns data for the member resource.
  • the authentication module is specifically configured to: obtain a value of an initiator parameter in the member resource request, and set a value of the initiator parameter As identification information of the application;
  • the sending module is specifically configured to: obtain a value of the virtual parameter in the member resource request, and use the value of the virtual parameter as the identifier information of the target virtual resource.
  • the authentication module is specifically configured to: acquire a value of an original requester parameter in the member resource request, and use the original requester parameter Value as the identification information of the application;
  • the sending module is specifically configured to: obtain a value of an initiator parameter in the member resource request, and use a value of the initiator parameter as identifier information of the target virtual resource.
  • the authentication module is further used And determining, according to the identifier information of the target virtual resource, whether the target virtual resource has the right to access the member resource.
  • an embodiment of the present invention provides an apparatus for acquiring member resource data, including:
  • An interface configured to receive a virtual resource request sent by the terminal, where the virtual resource request includes identifier information of an application that initiates the virtual resource request in the terminal, and is requested by the application Identification information of the target virtual resource;
  • a storage unit for storing instructions
  • the processor is configured to be configured to execute the instruction, locate the target virtual resource according to the identifier information of the target virtual resource, and determine to provide according to the attribute information of the target virtual resource.
  • a member resource provider of the member resource of the target virtual resource controlling the interface to send a member resource request to the member resource provider; and controlling the interface to receive the member resource provider according to the member resource request.
  • the processor is further configured to: determine, according to the received data of the member resource, data corresponding to the target virtual resource; The interface returns the determined data corresponding to the target virtual resource to the terminal.
  • an embodiment of the present invention provides a device that responds to a member resource request, including:
  • An interface configured to receive a member resource request sent by a virtual resource provider
  • a storage unit for storing instructions
  • the processor is connected to the interface and the storage unit, respectively, for executing the instruction, acquiring identifier information of an application as a resource original requester from the member resource request, and according to the identifier of the application Determining, by the information, that the application has the right to access the member resource, obtaining the identifier information of the target virtual resource from the member resource request, and determining, according to the identifier information of the target virtual resource, a path for returning data to the virtual resource provider. And controlling the interface to return data of the member resource according to the determined path.
  • the processor is configured to: obtain, from the member resource request, identifier information of an application that is a resource original requester, specifically: acquiring a value of an initiator parameter in the member resource request, where the value of the initiator parameter is used as identifier information of the application;
  • the processor is configured to: obtain the identifier information of the target virtual resource from the member resource request, specifically: obtain a value of the virtual parameter in the member resource request, and use the value of the virtual parameter as the target virtual resource Identification information.
  • the processor is configured to: obtain, from the member resource request, identifier information of an application that is a resource original requester, specifically: acquiring Determining a value of the original requester parameter in the member resource request, and using the value of the original requester parameter as the identification information of the application;
  • the processor is configured to: obtain the identifier information of the target virtual resource from the member resource request, specifically: obtain the value of the initiator parameter in the member resource request, and use the value of the initiator parameter as the target Identification information of the virtual resource.
  • the processor is configured to: Before the returning the data of the member resource according to the determined path, the interface is further configured to: determine, according to the identifier information of the target virtual resource, whether the target virtual resource has the right to access the member resource, and Determining, when the target virtual resource has the right to access the member resource, obtaining the identifier information of the target virtual resource from the member resource request, and determining to return to the virtual resource provider according to the identifier information of the target virtual resource a path of the data, and controlling the interface to return data of the member resource according to the determined path.
  • the member resource request sent by the virtual resource providing direction member resource provider includes the identifier information of the target virtual resource that needs to collect the member resource data in the virtual resource provider, and the target information is requested in the terminal.
  • the identification information of the application of the virtual resource enables the member resource provider to verify whether the application has the right to access the member resource according to the identification information of the application, ensure the data security, and determine the virtual information according to the identification information of the target virtual resource.
  • the resource provider returns the path of the data, avoiding directly returning the data to the terminal, and realizing the safe and effective collection of the member resource data.
  • FIG. 1 is a schematic diagram of M2M communication in the field of smart home in the background art
  • 2a is a schematic diagram of a request for sending a member resource in a forwarding manner in the prior art
  • 2b is a schematic diagram of a request for sending a member resource in a request manner in the prior art
  • FIG. 3 is a schematic flowchart of a method for acquiring member resource data according to an embodiment of the present invention
  • FIG. 4 is a schematic flowchart of a method for responding to a member resource request according to an embodiment of the present invention
  • 5a-5b are schematic diagrams of an application example 1 according to an embodiment of the present invention.
  • 6a-6b are schematic diagrams of an application example 2 according to an embodiment of the present invention.
  • FIG. 7 is a schematic block diagram showing the structure of an apparatus 300 according to an embodiment of the present invention.
  • FIG. 8 is a schematic block diagram showing the structure of an apparatus 400 according to an embodiment of the present invention.
  • FIG. 9 is a schematic block diagram showing the structure of a device 500 according to an embodiment of the present invention.
  • FIG. 10 is a schematic block diagram showing the structure of a device 600 according to an embodiment of the present invention.
  • the two devices in the M2M system can communicate with each other to implement information transmission.
  • the party requesting the information needs to send a resource request (Request) to the party providing the information.
  • the Request mainly includes the following parameters:
  • the originator parameter (From), referred to as the fr parameter, indicates the initiator of the resource request
  • the target resource parameter (To), referred to as the to parameter, represents the target resource pointed to by the resource request;
  • Operation type parameter indicating the type of the specific operation requested for the target resource, including: operation to read the data of the target resource (Retrieve), operation to create a new resource under the target resource (Create: to), update The operation of the target resource (Update); the operation of deleting the target resource (Delete), and so on.
  • the terminal when the terminal requests to acquire virtual resource data, the terminal according to the target virtual
  • the identification information of the resource eg, the universal resource identifier URI
  • the parameter is the identification information of the application App that initiates the virtual resource request in the terminal
  • the target resource parameter (to parameter) is the identification information of the target virtual resource VR requested by the application
  • the virtual resource provider refers to the virtual resource where the virtual resource is located.
  • the device as shown in the gateway in Figure 1.
  • the virtual resource provider After receiving the Request1, the virtual resource provider needs to collect data from each member resource of the target virtual resource to determine the data of the target virtual resource. Therefore, the virtual resource provider first needs to locate the requested VR according to the to parameter of the virtual resource request, and then determines Ab1 according to the member resources Ab1 and Ab2 of the target virtual resource recorded in the attribute information of the located VR. Identification information of Ab2. Since the identification information of Ab1 and Ab2 can indicate the addresses of Ab1 and Ab2, the identification information of Ab1 and Ab2 is determined, and the member resource providers that provide Ab1 and Ab2 are determined.
  • the virtual resource provides a member resource request to each member resource provider.
  • the sending member resource request mainly has the following implementation manners:
  • the virtual resource provider modifies the received to parameter in Request1 to the identification information of each member resource, and sends the modified request to the member resource provider.
  • the fr parameter in the modified virtual resource request remains unchanged, that is, the fr parameter in the member resource request received by the member resource provider is still the identification information of the application that initiates the virtual resource request in the terminal, and therefore, The way image is called the forwarding method.
  • the member resource provider can verify whether the APP in the terminal has the right to access the member resource according to the fr parameter in the member resource request. However, when the member resource provider returns the data, the member resource directly returns the data according to the fr parameter.
  • the terminal where the application is located not the virtual resource provider. Therefore, the terminal finally receives the data of each member resource of the target virtual resource, instead of the target virtual resource data that is aggregated according to the member resource data.
  • the to parameter of the member resource request sent in the request mode is still for each member.
  • the identification information of the resource, but different from the forwarding mode, the fr parameter is the identification information of the target virtual resource in the virtual resource provider.
  • the member resource provider can return the data to the virtual resource provider, because the member resource request lacks the information of the original requester of the target virtual resource, it cannot verify whether the application that initiated the virtual resource request in the terminal has Access to the resources of each member does not meet the security requirements of M2M communication.
  • the embodiment of the present invention provides a method for acquiring the member resource data, including: The virtual resource provider receives the virtual resource request sent by the terminal, where the virtual resource request includes the identifier information of the application that initiates the virtual resource request in the terminal, and the identifier information of the target virtual resource requested by the application; the virtual resource The provider locates the target virtual resource according to the identifier information of the target virtual resource, and determines a member resource provider that provides the member resource of the target virtual resource according to the attribute information of the target virtual resource; And the member resource provider sends the member resource request; and receives the identifier information of the target virtual resource that is included in the member resource request and the identifier information of the application, and returns the data of the member resource. .
  • the identifier information of the target virtual resource that includes the data of the member resource in the virtual resource provider, and the identifier of the application that requests the target virtual resource in the terminal, is included in the member resource request sent by the member resource provider.
  • the member resource provider can verify whether the application has the right to access the member resource according to the identification information of the application, ensure the security of the information, and determine the return data to the virtual resource provider according to the identification information of the target virtual resource.
  • the path avoids directly returning data to the terminal, and achieves safe and effective collection of member resource data.
  • another aspect of the embodiment of the present invention provides a method for responding to a member resource request, including: a member resource provider receiving a member resource request sent by a virtual resource provider; and obtaining, as the resource original request, the member resource request Identification information of the application of the application, and determining, according to the identification information of the application, that the application has permission to access member resources; from the member And obtaining, by the resource request, identifier information of the target virtual resource, and determining a path for returning data to the virtual resource provider according to the identifier information of the target virtual resource, and returning data of the member resource according to the determined path.
  • the member resource provider can verify whether the application has the right to access the member resource according to the identification information of the application, ensure the security of the information, and determine the path to return the data to the virtual resource provider according to the identification information of the target virtual resource. To avoid direct return of data to the terminal, and to achieve safe and effective collection of member resource data.
  • FIG. 3 is a schematic flowchart of a method for acquiring member resource data according to an embodiment of the present invention, where the process includes the following steps:
  • Step 101 The virtual resource provider receives the virtual resource request sent by the terminal, where the virtual resource request includes the identifier information of the application that initiates the virtual resource request in the terminal, and the identifier information of the target virtual resource requested by the application.
  • the identifier that is unique in the M2M system, and the identifier information in the embodiment of the present invention is assigned. It may be the identifier itself, or may be information formed after the identifier is compiled, and the identifier of the resource may be unambiguously determined by the compiled identification information.
  • the identification information can be a resource identifier URI.
  • the virtual resource request received by the virtual resource provider includes at least an initiator parameter (fr parameter) and a target parameter (to parameter), wherein the fr parameter is identification information of an application that initiates the virtual resource request in the terminal, and the to parameter is the application. Identification information of the requested target virtual resource.
  • Step 102 The virtual resource provider locates the target virtual resource according to the identifier information of the target virtual resource, and determines a member resource provider that provides the member resource of the target virtual resource according to the attribute information of the target virtual resource.
  • the virtual resource provider extracts the to parameter from the virtual resource request, and the virtual resource pointed to by the to parameter is the target virtual resource requested by the terminal. Therefore, the target virtual resource may be located according to the to parameter.
  • the identification information of the member resources of the virtual resource is stored in the attribute information of the virtual resource. Therefore, the virtual resource provider can determine the identification information of each member resource of the target virtual resource according to the attribute information of the target virtual resource. Since the identification information of the member resource can indicate the location where the member resource is located, the identification information of the member resource is known, and the member resource provider that provides the member resource is also known.
  • Step 103 The virtual resource providing direction sends a member resource request to the member resource provider.
  • the virtual resource sends a member resource request to the member resource provider where each member resource is located, wherein, in order to ensure that the member resource provider can return the data of the member resource to the virtual resource provider, the target virtual resource is mixed and processed.
  • the member resource request includes the identification information of the target virtual resource, and the member resource provider can determine the path of the returned data according to the identification information of the target virtual resource in the member resource request.
  • the member resource provider will authenticate the original requester of the member resource to determine its access to the member resources.
  • the original requester of the member resource refers to the initial requester that triggers the operation of acquiring the member resource.
  • the App requests the virtual resource VR in the terminal, and the VR needs to request the data of the member resources Ab1, Ab2, Ab3, and Ab1 itself is also
  • the data of the member resources Ab4 and Ab5 needs to be requested.
  • the original requestor is the App in the terminal.
  • the member resource request sent by the virtual resource provider further includes information of the original requester, that is, an application requesting the target virtual resource in the terminal. Identification information.
  • the member resource provider can obtain the identification information of the application from the member resource request, and determine whether the application has the right to access the target member resource according to the identification information of the application.
  • the access authority information of the member resource may be saved in the attribute information of the member resource, and the member resource provider performs the authentication according to the access authority information recorded by the attribute information.
  • Can also be local maintenance on the server or member resource provider There is a list of access rights of the target member resource, and the member resource provider can query the access permission list for authentication.
  • Step 104 Receive data of the member resources returned by the member resource provider according to the identification information of the target virtual resource included in the member resource request and the identification information of the application.
  • the member resource provider determines the path of the returned data according to the identification information of the target virtual resource, and returns the data of the member resource to the member resource. Therefore, the virtual resource provider can receive the data of the member resources returned by each member resource provider.
  • the member resource request sent by the virtual resource providing direction member resource provider includes the identifier information of the target virtual resource that needs to collect the member resource data in the virtual resource provider, and the target virtual object is requested in the terminal.
  • the identification information of the application of the resource enables the member resource provider to verify whether the application has the right to access the member resource according to the identification information of the application, ensure data security, and determine the virtual resource according to the identification information of the target virtual resource.
  • the provider returns the path of the data, avoids directly returning the data to the terminal, and realizes the safe and effective collection of the member resource data.
  • step 103 may have two implementation manners:
  • the parameter of the member resource request sent by the virtual resource provider includes an initiator parameter and a virtual parameter.
  • the value of the initiator parameter is the identification information of the application, and is used to enable the member resource provider to determine whether the application has access to the member resource.
  • Permission; the value of the virtual parameter is the identification information of the target virtual resource, and is used to enable the member resource provider to determine the path to return data to the virtual resource provider.
  • the initiator parameter in the member resource request is identifier information of the application requesting the target virtual resource in the terminal, so that the member resource provider can verify whether the application has the right to access the member resource.
  • a virtual parameter (English: Virtual Reference, referred to as vr) is added to the member resource request to indicate that the member resource request is from the virtual resource provider, and the member is received.
  • the party requesting the resource needs to determine the path of the returned data according to the virtual parameter to return the data to the virtual resource provider for the virtual resource.
  • the source is subjected to a coagulation process.
  • the vr parameter included in the resource request is a null value
  • the virtual resource request may also include a vr parameter, but the vr parameter is a null value, and the virtual resource provider still needs to determine a path for returning data to the terminal according to the initiator parameter.
  • the foregoing method 1 corresponds to the forwarding mode in the prior art (refer to FIG. 2a).
  • the virtual parameter is added to the member resource request, and the value of the virtual parameter is the identification information of the target virtual resource that needs to be mixed according to the member resource.
  • the member resource provider that receives the member resource request determines the path of the returned data according to the virtual parameter, thereby avoiding directly returning the data to the terminal.
  • the parameter of the member resource request sent by the virtual resource provider includes an initiator parameter and an original requester parameter.
  • the value of the initiator parameter is identifier information of the target virtual resource, and is used to enable the member resource provider to determine to return to the virtual resource provider.
  • the path of the data; the value of the original requester parameter is the identification information of the application, which is used to enable the member resource provider to determine whether the application has permission to access the member resource.
  • the initiator parameter in the member resource request is the identifier information of the target virtual resource that needs to acquire the member resource for the hybrid processing, so that the member resource provider determines the path to return the data to the virtual resource provider.
  • the member resource request also includes an original requester parameter (English: Create Reference, referred to as: cr), which is used to identify the original requester of the member resource.
  • the application App in the terminal requests the virtual resource VR in the virtual resource provider, and the VR needs to acquire Ab1 in the member resource provider 1 and Ab2 in the member resource provider 2, and the virtual resource provides the direction member resource provider 1 2
  • the cr parameter needs to be added to the member resource request, and the value of the cr parameter is the identification information of the application A.
  • the virtual resource request sent by the terminal to the virtual resource provider may also include a cr parameter, where the value of the cr parameter is the identifier information of the application requesting the virtual resource, so that the virtual resource providing direction sends the member resource to the member resource provider.
  • the cr parameter is added to the member resource request.
  • the foregoing method 2 corresponds to the request mode in the prior art (refer to FIG. 2b). Since the original requester parameter is added in the member resource request, the value of the original requester parameter is the identifier of the application requesting the target virtual resource in the terminal. The information enables the member resource provider receiving the member resource request to verify whether the application has the right to access the member resource according to the original requester parameter to ensure data security.
  • the target virtual resource pointed to by the to parameter in the virtual resource request received by the virtual resource provider may be a virtual resource that has not been created yet, and the virtual resource provider firstly according to the target included in the virtual resource request.
  • the attribute information of the virtual resource is used to create the target virtual resource, and then the member resource request is sent to each member resource provider corresponding to the target virtual resource.
  • the method further includes the following steps: determining data corresponding to the target virtual resource according to the received data of the member resource; and returning, to the terminal, the data corresponding to the determined target virtual resource.
  • the virtual resource provider after receiving the data of each member resource of the target virtual resource, the virtual resource provider performs a hybrid processing according to the received data, determines data of the target virtual resource, and then returns the determined data to the terminal requesting the target virtual
  • the application of the resource wherein the path of the virtual resource providing direction return data to the terminal is determined according to the identification information of the application included in the virtual resource request sent by the terminal.
  • the data returned to the terminal is the data after the virtual resource is mixed, and the correctness of the returned data is ensured, and the member resource provider corresponding to the target virtual resource verifies the application of the target virtual resource in the terminal.
  • the program's access rights ensure secure access to data.
  • the parameter of the member resource request sent by the virtual resource provider further includes a target resource parameter, where the value of the target resource parameter is identifier information of the member resource of the target virtual resource, so that the member resource of the member resource request is received.
  • the provider locates the target member resource based on the target resource parameter.
  • the embodiment of the present invention further provides a method for responding to a member resource request.
  • FIG. 4 it is a schematic flowchart of the method. The process includes the following steps:
  • Step 201 The member resource provider receives the member resource request sent by the virtual resource provider.
  • Step 202 Obtain identification information of an application as a resource original requester from the member resource request, and determine, according to the identification information of the application, the application has the right to access the target member resource;
  • Step 203 Obtain identification information of the target virtual resource from the member resource request, and determine a path for returning data to the virtual resource provider according to the identification information of the target virtual resource, and return data of the member resource according to the determined path.
  • the member resource request received by the member resource provider includes the identifier information of the target virtual resource that initiates the member resource request in the virtual resource provider, and the identifier information of the original requester that requests the target virtual resource.
  • the member resource provider verifies the authority of the original requester of the resource according to the identification information of the original requester (ie, the application requesting the target virtual resource in the terminal), and after determining that the original requester has the access right, according to the virtual
  • the identification information of the resource determines the path of the returned data, and returns the data of the member resource according to the determined path.
  • the member resource provider can verify whether the original requester of the resource has the right to access the member resource according to the identification information of the application requesting the virtual resource in the terminal, thereby ensuring the security of the information, and providing the virtual resource according to the request for sending the member resource.
  • the identification information of the virtual resource requesting the member resource in the party determines the path of the returned data, and avoids directly returning the data to the terminal, thereby realizing the safe and effective collection of the member resource data.
  • the manner in which the member resource provider responds to the member resource request is different according to the type of the member resource request sent by the virtual resource provider, and specifically includes the following two methods: first, corresponding to the implementation manner 1 of step 103.
  • the member resource request includes the initiator (fr) parameter and the forwarding (vr) parameter
  • the identification information of the application as the resource original requester is obtained from the member resource request, and when executed, specifically: acquiring The value of the initiator parameter in the member resource request, and the value of the initiator parameter is used as the identification information of the application.
  • step 203 the identifier information of the target virtual resource is obtained from the member resource request.
  • the value of the virtual parameter in the member resource request is obtained, and the value of the virtual parameter is used as the identifier information of the target virtual resource.
  • the member resource provider parses the value of the fr parameter in the member resource request into the identifier information of the original requester of the resource, and verifies whether the application in the terminal has the right to access the member resource according to the value of the fr parameter;
  • the value is parsed into the identification information of the target virtual resource directly requesting the member resource data, and the value of the vr parameter is used to determine the path of the returned member resource data.
  • the resource requester is obtained from the member resource request.
  • the identification information of the application when executed, specifically: obtaining the value of the original requester parameter in the member resource request, and using the value of the original requester parameter as the identification information of the application.
  • step 203 the identifier information of the target virtual resource is obtained from the member resource request, and the value of the initiator parameter in the member resource request is obtained as the identifier information of the target virtual resource.
  • the member resource provider parses the value of the cr parameter in the member resource request into the identifier information of the original requester of the resource, and verifies whether the application in the terminal has the right to access the member resource according to the value of the cr parameter;
  • the value is parsed into the identification information of the target virtual resource directly requesting the member resource data, and the value of the fr parameter is used to determine the path of the member resource data.
  • step 203 the method further includes the following steps:
  • the member resource provider not only needs to verify the access rights of the original requester of the resource, but also the direct requester of the member resource, that is, whether the target virtual resource that needs to obtain the member resource for the hybrid processing in the virtual resource provider has access.
  • the permissions of member resources further protect the security of the data.
  • the member resource request received by the member resource provider further includes a target resource parameter (to parameter), and the value of the to parameter in the member resource request is identifier information of the target member resource requested by the virtual resource, so that the member The resource provider locates the target member resource that needs to return data according to the to parameter.
  • a target resource parameter to parameter
  • the member resource provider may send a message to the virtual resource provider to inform the original requester that the user does not have the right to access the member resource to notify the virtual resource provider.
  • the member resource provider needs to perform operations consistent with steps 102-104 to determine the data of Ab1.
  • the member resource provider needs to determine that each sub-member resource of Ab1 is Ab3, Ab4, and the corresponding sub-member resource provider according to the attribute information of Ab1, and then send a sub-member resource request to each sub-member resource provider, the sub-member
  • the resource request includes the identification information of the Ab1 and the identification information of the application (ie, the original resource requester) requesting the virtual resource in the terminal, where the former is used to enable each sub-member resource provider to determine the path of the returned data, and the latter Used to enable each child member resource provider to verify the access rights of the original requester of the resource.
  • the data of the member resources is determined according to the data returned by each sub-member resource provider.
  • the member resource provider performs step 203 to return the determined data to the virtual resource provider.
  • each level of member resources is verified to verify the access rights of the original requesters of the resources to ensure data security, and each level of member resources returns the data directly to the upper level. Resources to avoid errors in data return paths.
  • the embodiment of the present invention further provides a method for acquiring data of a virtual resource, where the method includes the following steps:
  • the terminal sends a virtual resource request to the virtual resource provider, where the identifier information of the application that initiates the virtual resource request in the terminal is an original requester parameter of the virtual resource request, and is used to determine whether the application has access to the requested target virtual resource. Permissions for member resources;
  • the terminal adds an original requester (cr) parameter to the virtual resource request to indicate the original requester of the resource, so that the virtual resource that receives the virtual resource request is provided in a direction-related manner.
  • cr original requester
  • a member resource provider sends a member resource request, it is in progress.
  • the original requester parameter is also added in the resource request, so that each member resource provider can verify whether the original requester of the resource has the right to access the member resource according to the original requester parameter, thereby ensuring data security.
  • the application App in the terminal requests to acquire the virtual resource VR1, and the terminal determines the virtual resource provider that provides the VR1 according to the identification information of the VR1, and then sends a virtual resource request (Request1) to the virtual resource provider, the virtual
  • the resource request includes an initiator parameter (fr parameter), a target resource parameter (to parameter), and a virtual parameter (vr parameter), wherein the fr parameter is the identification information of the App, the to parameter is the identification information of the VR1, and the vr parameter is empty.
  • fr parameter is the identification information of the App
  • the to parameter is the identification information of the VR1
  • the vr parameter is empty.
  • the virtual resource provider After receiving the virtual resource request, the virtual resource provider locates VR1 according to the to parameter in the virtual resource request, reads the attribute information of VR1, determines that the member resources of VR1 include Ab1 and Ab2, and determines Ab1 according to the identification information of the three.
  • Ab2 is provided by member resource providers 1, 2, respectively.
  • the virtual resource providing direction member resource provider 1 sends a member resource request (Request2)
  • the to parameter of Request2 is the identification information of Ab1
  • the fr parameter is the identification information of the App
  • the vr parameter is the identification information of VR1.
  • the virtual resource provider also sends a member resource request Request3 to the member resource provider 2, which will not be described in detail herein.
  • the member resource provider 1 After receiving the member resource request, the member resource provider 1 locates Ab1 according to the to parameter, and then verifies whether the original requester App of the resource has the right to access Ab1 according to the fr parameter, and determines to return according to the vr parameter after determining that the App has the access right. The path to the data, returning the data of Ab1 to the virtual resource provider.
  • the member resource provider 2 responds to the Request3 in a manner consistent with it, and will not be described in detail herein.
  • the virtual resource provider After receiving the data returned by the member resource providers 1, 2, the virtual resource provider performs a hybrid processing according to the returned data to determine the data of the VR1. Then, according to the fr parameter in the received virtual resource request, the path of returning data to the terminal is determined, and the data of VR1 is returned to the App.
  • the member resource provider 1 when the Ab1 itself is a virtual resource, after receiving the member resource request, the member resource provider 1 locates the Ab1 according to the to parameter in the member resource request, and reads the attribute information of the Ab1 to determine
  • the member resources of Ab1 are Ab3 and Ab4, and it is determined according to the identification information of Ab3 and Ab4 that the two are provided by the member resource providers 3 and 4, respectively.
  • the member resource provider 1 sends a member resource request (Request4, Request5, respectively) to the member resource provider 3, 4, respectively, to send Request4 to the member resource provider 3 as an example, and the to parameter of Request4 is the identification information of Ab3.
  • the fr parameter is the identification information of the App, and the vr parameter is the identification information of the Ab1.
  • the virtual resource provider 3, 4 responds to the member resource request in the same manner as the member resource provider 1 responds to the member resource request, and will not be described in detail herein.
  • the virtual resource providing direction may send two independent member resource requests to the member resource provider when sending the member resource request, respectively, for the Ab1.
  • Ab2 may also be a request to send a member resource, in which it is declared to acquire Ab1 and Ab2.
  • the fr parameter is the identification information of the App
  • the to parameter is the identification information of the VR1
  • the cr parameter is the identification information of the App
  • the fr parameter is the same as the value of the cr parameter.
  • the virtual resource provider After receiving the Request1, the virtual resource provider locates VR1 according to the to parameter in Request1, reads the attribute information of VR1, determines that the member resources of VR1 include Ab1 and Ab2, and determines that Ab1 and Ab2 are respectively members according to the identification information of the three. Resource providers 1, 2 are provided.
  • the virtual resource providing direction member resource providers 1, 2 send member resource requests (Request2, Request3 respectively), sending Request2 as an example
  • the to parameter of Request2 is the identification information of Ab1
  • the fr parameter is the identification information of VR1
  • cr The parameter is the identification information of the App.
  • the member resource provider 1 After receiving the Request2, the member resource provider 1 locates Ab1 according to the to parameter in Request2, and then verifies whether the original requester App of the resource has the right to access Ab1 according to the cr parameter, and after determining that the App has the access right, according to the fr parameter Determine the path to return data, will Ab1 The data is returned to the virtual resource provider.
  • the member resource provider 2 responds in the same way and will not be described in detail here.
  • the virtual resource provider After receiving the data returned by the member resource providers 1, 2, the virtual resource provider performs a hybrid processing according to the returned data to determine the data of the VR1. Then, according to the fr parameter in the received Request1, the path for returning data to the terminal is determined, and the data of VR1 is returned to the App.
  • the member resource provider 1 when the Ab1 itself is a virtual resource, after receiving the Request2, the member resource provider 1 locates the Ab1 according to the to parameter in the Request2, reads the attribute information of the Ab1, and determines the member resources of the Ab1. It is Ab3, Ab4, and according to the identification information of Ab3 and Ab4, the two are respectively provided by the member resource providers 3, 4.
  • the member resource provider 1 sends a member resource request to the member resource providers 3 and 4 respectively (Request4, Request5, respectively, to send Request4 to the member resource provider 3 as an example, and the to parameter of Request4 is the identification information of Ab3,
  • the fr parameter is the identification information of Ab1
  • the cr parameter is the identification information of the App.
  • the virtual resource provider 3, 4 responds to the member resource request in the same manner as the member resource provider 1 responds to the member resource request, and will not be described in detail herein.
  • the embodiment of the present invention further provides an apparatus 300 for acquiring data of a member resource.
  • the apparatus 300 includes:
  • the first receiving module 301 is configured to receive a virtual resource request sent by the terminal, where the virtual resource request includes identifier information of the application that initiates the virtual resource request in the terminal, and identifier information of the target virtual resource requested by the application;
  • the determining module 302 is configured to locate the target virtual resource according to the identification information of the target virtual resource, and determine, according to the attribute information of the target virtual resource, a member resource provider that provides the member resource of the target virtual resource;
  • the sending module 303 is configured to send a member resource request to the member resource provider.
  • the second receiving module 304 is configured to receive, by the member resource provider, the data of the returned member resource according to the identifier information of the target virtual resource included in the member resource request and the identifier information of the application.
  • the parameter of the member resource request sent by the sending module 303 includes an initiator parameter and a virtual parameter, where the initiator parameter is the identification information of the application, and is used to enable the member resource provider to determine whether the application has the right to access the member resource; the virtual parameter is the identification information of the target virtual resource, and is used to enable the member resource provider. Determine the path to return data to the virtual resource provider.
  • the parameter of the member resource request sent by the sending module 303 includes an initiator parameter and an original requester parameter.
  • the initiator parameter is identifier information of the target virtual resource, and is used to enable the member resource provider to determine the virtual resource provider.
  • the original requester parameter is the identification information of the application, which is used to enable the member resource provider to determine whether the application has permission to access the member resources.
  • the device 300 further includes:
  • a second determining module configured to determine, according to data of the received member resources, data corresponding to the target virtual resource
  • the second sending module is configured to return, to the terminal, data corresponding to the determined target virtual resource.
  • the method corresponding to FIG. 3 in the embodiment of the present invention is based on two aspects of the same inventive concept.
  • the implementation process of the method has been described in detail above, so that those skilled in the art can clearly understand according to the foregoing description.
  • the structure and implementation process of the device 300 in this embodiment are not described herein for the sake of brevity of the description.
  • the embodiment of the present invention further provides an apparatus 400 for responding to a member resource request.
  • the apparatus 400 includes:
  • the receiving module 401 is configured to receive a member resource request sent by the virtual resource provider.
  • the authentication module 402 is configured to obtain, from the member resource request, identifier information of the application that is the resource original requester, and determine, according to the identifier information of the application, that the application has the right to access the member resource;
  • the sending module 403 is configured to obtain the identifier information of the target virtual resource from the member resource request, and determine a path for returning data to the virtual resource provider according to the identifier information of the target virtual resource, and return data of the member resource according to the determined path.
  • the authentication module 402 is specifically configured to: obtain a value of an initiator parameter in the member resource request, and use a value of the initiator parameter as the identifier information of the application;
  • the sending module 403 is specifically configured to: obtain a value of the virtual parameter in the member resource request, and use the value of the virtual parameter as the identifier information of the target virtual resource.
  • the authentication module 402 is specifically configured to: obtain the value of the original requester parameter in the member resource request, and use the value of the original requester parameter as the identification information of the application;
  • the sending module 403 is specifically configured to: obtain the value of the initiator parameter in the member resource request, and use the value of the initiator parameter as the identifier information of the target virtual resource.
  • the authentication module 402 is further configured to: determine, according to the identifier information of the target virtual resource, whether the target virtual resource has the right to access the member resource.
  • the sending module 403 is specifically configured to: when the authentication result indicates that the target virtual resource and the application have the right to access the member resource, obtain the identifier information of the target virtual resource from the member resource request, and determine the direction according to the identifier information of the target virtual resource.
  • the virtual resource provider returns the path of the data and returns the data of the member resource according to the determined path.
  • the method of the device 400 in this embodiment and the method corresponding to FIG. 4 are based on two aspects under the same inventive concept.
  • the implementation process of the method has been described in detail above, so that those skilled in the art can clearly understand according to the foregoing description.
  • the structure and implementation process of the device 400 in this embodiment are not described herein for the sake of brevity of the description.
  • the embodiment of the present invention further includes an apparatus 500 for acquiring data of a member resource.
  • the apparatus 500 includes: a bus 501, and a processor 502, a storage unit 503, and an interface 504 connected to the bus 501. .
  • the interface 504 is configured to receive a virtual resource request sent by the terminal, where the virtual resource request includes identifier information of the application that initiates the virtual resource request in the terminal, and identifier information of the target virtual resource requested by the application;
  • the storage unit 503 is configured to store an instruction
  • the processor 502 is configured to execute an instruction stored by the storage unit 503, locate the target virtual resource according to the identification information of the target virtual resource, and determine a member resource provider that provides the member resource of the target virtual resource according to the attribute information of the target virtual resource; the control interface 504 Sending a member resource request to the member resource provider; and the control interface 504 receives the member resource provider according to the member resource request packet
  • the identification information of the target virtual resource and the identification information of the application, and the data of the returned member resource is configured to execute an instruction stored by the storage unit 503, locate the target virtual resource according to the identification information of the target virtual resource, and determine a member resource provider that provides the member resource of the target virtual resource according to the attribute information of the target virtual resource; the control interface 504 Sending a member resource request to the member resource provider; and the control interface 504 receives the member resource provider according to the member resource request packet
  • the identification information of the target virtual resource and the identification information of the application, and the data of the returned member resource is configured to execute an instruction stored by the storage
  • the processor 502 is further configured to: determine data corresponding to the target virtual resource according to the received data of the member resource; and control the interface to return the data corresponding to the determined target virtual resource to the terminal.
  • the method of the device 500 in this embodiment and the method corresponding to FIG. 3 are based on two aspects under the same inventive concept.
  • the implementation process of the method has been described in detail above, so that those skilled in the art can clearly understand according to the foregoing description.
  • the structure and implementation process of the device 500 in this embodiment are not described herein for the sake of brevity of the description.
  • the embodiment of the present invention further provides a device 600 for responding to a member resource request.
  • the device 600 includes a bus 601, and a processor 602, a storage unit 603, and an interface 604 connected to the bus.
  • the interface 604 is configured to receive a member resource request sent by the virtual resource provider, and the storage unit 603 is configured to store the instruction.
  • the processor 602 is configured to execute the instruction stored by the storage unit 603, obtain the identification information of the application as the resource original requester from the member resource request, and determine, according to the identification information of the application, the application has the right to access the member resource;
  • the resource request obtains the identification information of the target virtual resource, and determines a path for returning data to the virtual resource provider according to the identification information of the target virtual resource, and the control interface 604 returns the data of the member resource according to the determined path.
  • the processor 602 is configured to: obtain the identifier information of the application that is the resource original requester from the member resource request, specifically: obtain the value of the initiator parameter in the member resource request, and use the value of the initiator parameter as Identification information of the application;
  • the processor 602 is configured to: obtain the identifier information of the target virtual resource from the member resource request, specifically: obtain the value of the virtual parameter in the member resource request, and use the value of the virtual parameter as the identifier information of the target virtual resource.
  • the processor 602 is configured to: obtain, from the member resource request, the identifier information of the application that is the original requester of the resource, specifically: acquiring the original requester parameter in the member resource request. Value, the value of the original requester parameter is used as the identification information of the application;
  • the processor 602 is configured to: obtain the identifier information of the target virtual resource from the member resource request, specifically: obtain the value of the initiator parameter in the member resource request, and use the value of the initiator parameter as the identifier information of the target virtual resource.
  • the processor 602 is configured to: before the control interface 604 returns the data of the member resource according to the determined path, the method is further configured to: determine, according to the identifier information of the target virtual resource, whether the target virtual resource has the right to access the member resource, and When the target virtual resource has the right to access the member resource, the identifier information of the target virtual resource is obtained from the member resource request, and the path of returning data to the virtual resource provider is determined according to the identifier information of the target virtual resource, and the control interface determines according to the The path returns the data of the member resource.
  • the method of the device 600 in this embodiment and the method corresponding to FIG. 4 are based on two aspects under the same inventive concept.
  • the implementation process of the method has been described in detail above, so that those skilled in the art can clearly understand according to the foregoing description.
  • the structure and implementation process of the device 600 in this embodiment are not described herein for the sake of brevity of the description.
  • the member resource request sent by the virtual resource providing direction member resource provider includes the identifier information of the target virtual resource that needs to collect the member resource data in the virtual resource provider, and the target information is requested in the terminal.
  • the identification information of the application of the virtual resource enables the member resource provider to verify whether the application has the right to access the member resource according to the identification information of the application, ensure the data security, and determine the virtual information according to the identification information of the target virtual resource.
  • the resource provider returns the path of the data, avoiding directly returning the data to the terminal, and realizing the safe and effective collection of the member resource data.
  • embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware. Moreover, the present invention may employ computer-usable storage media (including but not limited to disks) in one or more of the computer-usable program code embodied therein. The form of a computer program product implemented on a memory, CD-ROM, optical memory, or the like.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed are a method for obtaining member resource data, and a corresponding device and apparatus, which are intended to solve the problem of difficulty in securely and effectively collecting member resource data of a virtual resource in the prior art. The method comprises: a virtual resource provider receives a virtual resource request sent by a terminal, the virtual resource request comprising identification information about an application that initiates the virtual resource request in the terminal and identification information about a target virtual resource requested by the application; locate, according to the identification information about the target virtual resource, the target virtual resource and determine, according to attribute information about the target virtual resource, a member resource provider that provides a member resource of the target virtual resource; send a member resource request to the member resource provider; and receive member resource data returned by the member resource provider according to the identification information about the target virtual resource and the identification information about the application in the member resource request.

Description

一种获取成员资源数据的方法及对应装置、设备Method for acquiring member resource data, corresponding device and device 技术领域Technical field
本发明涉及通信技术领域,特别涉及一种获取成员资源数据的方法及对应装置、设备。The present invention relates to the field of communications technologies, and in particular, to a method, a corresponding device, and a device for acquiring member resource data.
背景技术Background technique
机器通信(英文:Machine-to-Machine Communications,简称:M2M)是一种以机器智能交互为核心的、网络化的应用与服务,其通过在机器内部嵌入无线或有线通信模块以及应用程序模块,实现无需人工干预的数据通信,以满足用户对监控、指挥调度、数据采集和测量等方面的信息化需求。Machine-to-Machine Communications (M2M) is a networked application and service centered on machine intelligence interaction. It embeds wireless or wired communication modules and application modules inside the machine. Realize data communication without manual intervention to meet the information needs of users in monitoring, command and dispatch, data acquisition and measurement.
参照图1,为M2M技术在智能家居领域的应用,其中,温度传感器、湿度传感器、氧气浓度传感器上皆设置有通信模块,能够将收集的数据发送给网关,而网关不仅能够将传感器的数据发送给手机,还能够运行提供房间舒适度的应用程序,对温度数据、湿度数据、氧气浓度数据进行混聚(Mash-up)处理,得到舒适度指数。用户可以向网关发送获取舒适度指数请求,接收网关返回的舒适度指数的数据,获知房间当前的舒适程度。Referring to FIG. 1 , the application of the M2M technology in the smart home field, wherein the temperature sensor, the humidity sensor, and the oxygen concentration sensor are all provided with a communication module, which can send the collected data to the gateway, and the gateway can not only send the data of the sensor. For the mobile phone, it is also possible to run an application that provides room comfort, and perform a mixture of temperature data, humidity data, and oxygen concentration data to obtain a comfort index. The user can send a request for obtaining a comfort index to the gateway, receive data of the comfort index returned by the gateway, and know the current comfort level of the room.
M2M系统中的物理实体和应用程序对象都被表示为资源,用资源结构来描述,是独立可寻址的,能够被搜索和发现,且具有唯一的标识,通常用通用资源标识符(英文:Uniform Resource Identifier,简称:URI)作为资源标识。Both physical and application objects in the M2M system are represented as resources, described by resource structures, are independently addressable, can be searched and discovered, and have unique identifiers, usually with universal resource identifiers (English: Uniform Resource Identifier (URI) is used as the resource identifier.
如图1所示的智能家居系统,温度传感器、湿度传感器、氧气浓度传感器等传感设备注册到智能家居系统后被抽象为资源,用一组通用的属性对其进行描述,其中的一个属性为该物理设备提供的数据(如温度值、湿度值、氧气浓度值)。而网关中提供舒适度指数的服务也是一种资源,这类资源不对应具体的物理实体,而是对应提供服务的应用程序对象,被称为虚拟资源。As shown in Figure 1, the smart home system, temperature sensor, humidity sensor, oxygen concentration sensor and other sensing devices are abstracted into resources after being registered to the smart home system, and are described by a set of common attributes, one of which is The data provided by the physical device (such as temperature value, humidity value, oxygen concentration value). The service that provides the comfort index in the gateway is also a resource. The resource does not correspond to a specific physical entity, but is an application object corresponding to the service, and is called a virtual resource.
虚拟资源通过对已存在的资源(可以是由物理设备抽象出的资源,也可 以是已存在的其它虚拟资源)提供的数据进行混聚处理,进而得到已有资源所不包含的新的信息。沿用图1所示的智能家居系统,提供“舒适度指数”的应用服务即为虚拟资源,为其分配有URI,该虚拟资源能够根据温度传感器、湿度传感器、氧气浓度传感器等物理设备所抽象出的资源所提供的数据,得到当前的舒适度指数。其中,为虚拟资源提供数据的资源称为虚拟资源的成员资源,如温度传感器、湿度传感器、氧气浓度传感器对应的资源均为提供“舒适度指数”的应用服务这一虚拟资源的成员资源。A virtual resource passes through an existing resource (which may be a resource abstracted by a physical device). The data provided by the existing virtual resources is subjected to a hybrid processing, thereby obtaining new information that is not included in the existing resources. Following the smart home system shown in Figure 1, the application service providing the "comfort index" is a virtual resource, which is assigned a URI, which can be abstracted according to physical devices such as a temperature sensor, a humidity sensor, and an oxygen concentration sensor. The data provided by the resources to get the current comfort index. The resource that provides data for the virtual resource is called a member resource of the virtual resource. For example, the resource corresponding to the temperature sensor, the humidity sensor, and the oxygen concentration sensor are member resources of the virtual resource that provides the application service of the “comfort index”.
实际情况中,一个虚拟资源的成员资源也可以是已存在的其它虚拟资源,例如,提供“舒适度指数”的应用服务在计算舒适度指数时,还要用到“用户衣着指数”,而“用户衣着指数”为一应用程序根据可穿戴设备检测的用户身体温度、以及摄像头拍摄的用户的图像数据得到,提供“用户衣着指数”的服务本身即为虚拟资源,也是提供“舒适度指数”的应用服务的成员资源。In actual situations, the member resources of a virtual resource may also be other existing virtual resources. For example, an application service that provides a "comfort index" uses a "user clothing index" when calculating a comfort index, and " The user's clothing index is obtained by an application according to the user's body temperature detected by the wearable device and the image data of the user photographed by the camera. The service providing the "user's clothing index" is itself a virtual resource, and also provides a "comfort index". Member resources of the application service.
当一个新的虚拟资源在M2M系统中注册(或发布)时,该虚拟资源用到的成员资源的列表将会作为虚拟资源的一项属性存储起来。当虚拟资源提供方(如图1中的网关)收到来自终端的针对虚拟资源的操作请求后,虚拟资源提供方需要从各成员资源处获取数据,以执行终端所请求的操作。但是,现有技术中缺乏一种安全、有效的收集虚拟资源的成员资源数据的方法。When a new virtual resource is registered (or published) in the M2M system, the list of member resources used by the virtual resource will be stored as an attribute of the virtual resource. After the virtual resource provider (such as the gateway in FIG. 1) receives the operation request for the virtual resource from the terminal, the virtual resource provider needs to acquire data from each member resource to perform the operation requested by the terminal. However, there is a lack of a safe and effective method of collecting member resource data of virtual resources in the prior art.
发明内容Summary of the invention
本发明实施例提供一种获取成员资源数据的方法及对应装置、设备,用于解决现有技术中难以安全、有效地收集虚拟资源的成员资源数据的问题。The embodiments of the present invention provide a method for acquiring member resource data, and a corresponding device and device, which are used to solve the problem that it is difficult to collect member resource data of a virtual resource in a safe and effective manner in the prior art.
第一方面,本发明实施例提供一种获取成员资源数据的方法,包括:In a first aspect, an embodiment of the present invention provides a method for acquiring member resource data, including:
虚拟资源提供方接收终端发送的虚拟资源请求,所述虚拟资源请求包含终端中发起所述虚拟资源请求的应用程序的标识信息,以及所述应用程序所请求的目标虚拟资源的标识信息;The virtual resource provider receives the virtual resource request sent by the terminal, where the virtual resource request includes the identifier information of the application that initiates the virtual resource request in the terminal, and the identifier information of the target virtual resource requested by the application;
虚拟资源提供方根据所述目标虚拟资源的标识信息定位所述目标虚拟资源,并根据所述目标虚拟资源的属性信息确定提供所述目标虚拟资源的成员 资源的成员资源提供方;The virtual resource provider locates the target virtual resource according to the identifier information of the target virtual resource, and determines, according to the attribute information of the target virtual resource, the member that provides the target virtual resource. Member resource provider of the resource;
虚拟资源提供方向所述成员资源提供方发送成员资源请求;The virtual resource providing direction sends the member resource request to the member resource provider;
虚拟资源提供方接收所述成员资源提供方根据所述成员资源请求包含的所述目标虚拟资源的标识信息以及所述应用程序的标识信息,返回的所述成员资源的数据。The virtual resource provider receives the data of the member resource returned by the member resource provider according to the identifier information of the target virtual resource included in the member resource request and the identifier information of the application.
基于第一方面,在第一方面的第一种可能的实现方式中,接收所述成员资源提供方返回的所述成员资源的数据之后,还包括:Based on the first aspect, in a first possible implementation manner of the first aspect, after receiving the data of the member resource returned by the member resource provider, the method further includes:
根据接收的所述成员资源的数据确定出所述目标虚拟资源对应的数据;Determining data corresponding to the target virtual resource according to the received data of the member resource;
向所述终端返回确定出的所述目标虚拟资源对应的数据。Returning, to the terminal, the determined data corresponding to the target virtual resource.
第二方面,本发明实施例提供一种响应成员资源请求的方法,包括:In a second aspect, an embodiment of the present invention provides a method for responding to a member resource request, including:
成员资源提供方接收虚拟资源提供方发送的成员资源请求;The member resource provider receives the member resource request sent by the virtual resource provider;
从所述成员资源请求中获取作为资源原始请求者的应用程序的标识信息,并根据所述应用程序的标识信息确定所述应用程序有访问成员资源的权限;Obtaining, from the member resource request, identifier information of an application as a resource original requester, and determining, according to the identifier information of the application, that the application has permission to access a member resource;
从所述成员资源请求中获取目标虚拟资源的标识信息,并根据所述目标虚拟资源的标识信息确定向所述虚拟资源提供方返回数据的路径,并根据确定出的所述路径返回所述成员资源的数据。And obtaining, by the member resource request, identifier information of the target virtual resource, and determining, according to the identifier information of the target virtual resource, a path for returning data to the virtual resource provider, and returning the member according to the determined path. Resource data.
基于第二方面,在第二方面的第一种可能的实现方式中,从所述成员资源请求中获取作为资源原始请求者的应用程序的标识信息,包括:Based on the second aspect, in a first possible implementation manner of the second aspect, the obtaining, by the member resource request, the identifier information of the application that is the resource original requester, includes:
获取所述成员资源请求中的发起者参数的值,将所述发起者参数的值作为所述应用程序的标识信息;Obtaining a value of an initiator parameter in the member resource request, and using a value of the initiator parameter as identifier information of the application;
所述从所述成员资源请求中获取目标虚拟资源的标识信息,包括:And obtaining the identifier information of the target virtual resource from the member resource request, including:
获取所述成员资源请求中的虚拟参数的值,将所述虚拟参数的值作为所述目标虚拟资源的标识信息。Obtaining a value of the virtual parameter in the member resource request, and using a value of the virtual parameter as the identifier information of the target virtual resource.
基于第二方面,在第二方面的第二种可能的实现方式中,从所述成员资源请求中获取作为资源原始请求者的应用程序的标识信息,包括:Based on the second aspect, in a second possible implementation manner of the second aspect, the obtaining, by the member resource request, the identifier information of the application that is the resource original requester, includes:
获取所述成员资源请求中的原始请求者参数的值,将所述原始请求者参 数的值作为所述应用程序的标识信息;Obtaining a value of an original requester parameter in the member resource request, and the original requester is The value of the number is used as the identification information of the application;
所述从所述成员资源请求中获取目标虚拟资源的标识信息,包括:And obtaining the identifier information of the target virtual resource from the member resource request, including:
获取所述成员资源请求中的发起者参数的值,将所述发起者参数的值作为所述目标虚拟资源的标识信息。Obtaining a value of an initiator parameter in the member resource request, and using a value of the initiator parameter as identifier information of the target virtual resource.
基于第二方面、第二方面的第一种可能的实现方式以及第二方面的第二种可能的实现方式,在第二方面的第三种可能的实现方式中,在根据确定出的所述路径返回所述成员资源的数据之前,还包括:Based on the second aspect, the first possible implementation of the second aspect, and the second possible implementation of the second aspect, in a third possible implementation of the second aspect, Before the path returns the data of the member resource, it also includes:
根据所述目标虚拟资源的标识信息确定所述目标虚拟资源是否有访问所述成员资源的权限,并在确定所述目标虚拟资源有访问所述成员资源的权限时,执行所述从所述成员资源请求中获取目标虚拟资源的标识信息,并根据所述目标虚拟资源的标识信息确定向所述虚拟资源提供方返回数据的路径,并根据确定出的所述路径返回所述成员资源的数据的步骤。Determining, according to the identifier information of the target virtual resource, whether the target virtual resource has the right to access the member resource, and executing the slave member when determining that the target virtual resource has the right to access the member resource And obtaining, by the resource request, the identifier information of the target virtual resource, and determining, according to the identifier information of the target virtual resource, a path for returning data to the virtual resource provider, and returning data of the member resource according to the determined path. step.
第三方面,本发明实施例提供一种获取成员资源数据的装置,包括:In a third aspect, an embodiment of the present invention provides an apparatus for acquiring member resource data, including:
第一接收模块,用于接收终端发送的虚拟资源请求,所述虚拟资源请求包含终端中发起所述虚拟资源请求的应用程序的标识信息,以及所述应用程序所请求的目标虚拟资源的标识信息;a first receiving module, configured to receive a virtual resource request sent by the terminal, where the virtual resource request includes identifier information of an application that initiates the virtual resource request in the terminal, and identifier information of the target virtual resource requested by the application ;
确定模块,用于根据所述目标虚拟资源的标识信息定位所述目标虚拟资源,并根据所述目标虚拟资源的属性信息确定提供所述目标虚拟资源的成员资源的成员资源提供方;a determining module, configured to locate the target virtual resource according to the identifier information of the target virtual resource, and determine, according to the attribute information of the target virtual resource, a member resource provider that provides a member resource of the target virtual resource;
发送模块,用于向所述成员资源提供方发送成员资源请求;a sending module, configured to send a member resource request to the member resource provider;
第二接收模块,用于接收所述成员资源提供方根据所述成员资源请求包含的所述目标虚拟资源的标识信息以及所述应用程序的标识信息,返回的所述成员资源的数据。And a second receiving module, configured to receive, by the member resource provider, data of the member resource returned according to the identifier information of the target virtual resource included in the member resource request and the identifier information of the application.
基于第三方面,在第三方面的第一种可能的实现方式中,所述装置还包括:Based on the third aspect, in a first possible implementation manner of the third aspect, the device further includes:
第二确定模块,用于根据接收的所述成员资源的数据确定出所述目标虚拟资源对应的数据; a second determining module, configured to determine, according to the received data of the member resource, data corresponding to the target virtual resource;
第二发送模块,用于向所述终端返回确定出的所述目标虚拟资源对应的数据。And a second sending module, configured to return, to the terminal, the determined data corresponding to the target virtual resource.
第四方面,本发明实施例提供一种响应成员资源请求的装置,包括:In a fourth aspect, an embodiment of the present invention provides an apparatus for responding to a member resource request, including:
接收模块,用于接收虚拟资源提供方发送的成员资源请求;a receiving module, configured to receive a member resource request sent by the virtual resource provider;
鉴权模块,用于从所述成员资源请求中获取作为资源原始请求者的应用程序的标识信息,并根据所述应用程序的标识信息确定所述应用程序有访问成员资源的权限;An authentication module, configured to obtain, from the member resource request, identifier information of an application that is a resource original requester, and determine, according to the identifier information of the application, that the application has permission to access a member resource;
发送模块,用于从所述成员资源请求中获取目标虚拟资源的标识信息,并根据所述目标虚拟资源的标识信息确定向所述虚拟资源提供方返回数据的路径,并根据确定出的所述路径返回所述成员资源的数据。a sending module, configured to obtain, from the member resource request, identifier information of the target virtual resource, and determine, according to the identifier information of the target virtual resource, a path for returning data to the virtual resource provider, according to the determined The path returns data for the member resource.
基于第四方面,在第四方面的第一种可能的实现方式中,所述鉴权模块具体用于:获取所述成员资源请求中的发起者参数的值,将所述发起者参数的值作为所述应用程序的标识信息;According to the fourth aspect, in a first possible implementation manner of the fourth aspect, the authentication module is specifically configured to: obtain a value of an initiator parameter in the member resource request, and set a value of the initiator parameter As identification information of the application;
所述发送模块具体用于:获取所述成员资源请求中的虚拟参数的值,将所述虚拟参数的值作为所述目标虚拟资源的标识信息。The sending module is specifically configured to: obtain a value of the virtual parameter in the member resource request, and use the value of the virtual parameter as the identifier information of the target virtual resource.
基于第四方面,在第四方面的第二种可能的实现方式中,所述鉴权模块具体用于:获取所述成员资源请求中的原始请求者参数的值,将所述原始请求者参数的值作为所述应用程序的标识信息;According to the fourth aspect, in a second possible implementation manner of the fourth aspect, the authentication module is specifically configured to: acquire a value of an original requester parameter in the member resource request, and use the original requester parameter Value as the identification information of the application;
所述发送模块具体用于:获取所述成员资源请求中的发起者参数的值,将所述发起者参数的值作为所述目标虚拟资源的标识信息。The sending module is specifically configured to: obtain a value of an initiator parameter in the member resource request, and use a value of the initiator parameter as identifier information of the target virtual resource.
基于第四方面、第四方面的第一种可能的实现方式以及第四方面的第二种可能的实现方式,在第四方面的第三种可能的实现方式中,所述鉴权模块还用于:根据所述目标虚拟资源的标识信息确定所述目标虚拟资源是否有访问所述成员资源的权限。Based on the fourth aspect, the first possible implementation manner of the fourth aspect, and the second possible implementation manner of the fourth aspect, in a third possible implementation manner of the fourth aspect, the authentication module is further used And determining, according to the identifier information of the target virtual resource, whether the target virtual resource has the right to access the member resource.
第五方面,本发明实施例提供一种获取成员资源数据的设备,包括:In a fifth aspect, an embodiment of the present invention provides an apparatus for acquiring member resource data, including:
接口,用于接收终端发送的虚拟资源请求,所述虚拟资源请求包含终端中发起所述虚拟资源请求的应用程序的标识信息,以及所述应用程序所请求 的目标虚拟资源的标识信息;An interface, configured to receive a virtual resource request sent by the terminal, where the virtual resource request includes identifier information of an application that initiates the virtual resource request in the terminal, and is requested by the application Identification information of the target virtual resource;
存储单元,用于存储指令;a storage unit for storing instructions;
处理器,分别与所述接口、所述存储单元连接,用于执行所述指令,根据所述目标虚拟资源的标识信息定位所述目标虚拟资源,并根据所述目标虚拟资源的属性信息确定提供所述目标虚拟资源的成员资源的成员资源提供方;控制所述接口向所述成员资源提供方发送成员资源请求;以及控制所述接口接收所述成员资源提供方根据所述成员资源请求包含的所述目标虚拟资源的标识信息以及所述应用程序的标识信息,返回的所述成员资源的数据。And the processor is configured to be configured to execute the instruction, locate the target virtual resource according to the identifier information of the target virtual resource, and determine to provide according to the attribute information of the target virtual resource. a member resource provider of the member resource of the target virtual resource; controlling the interface to send a member resource request to the member resource provider; and controlling the interface to receive the member resource provider according to the member resource request The identification information of the target virtual resource and the identification information of the application, and the returned data of the member resource.
基于第五方面,在第五方面的第一种可能的实现方式中,所述处理器还用于:根据接收的所述成员资源的数据确定出所述目标虚拟资源对应的数据;并控制所述接口向所述终端返回确定出的所述目标虚拟资源对应的数据。The fifth aspect, in a first possible implementation manner of the fifth aspect, the processor is further configured to: determine, according to the received data of the member resource, data corresponding to the target virtual resource; The interface returns the determined data corresponding to the target virtual resource to the terminal.
第六方面,本发明实施例提供一种响应成员资源请求的设备,包括:In a sixth aspect, an embodiment of the present invention provides a device that responds to a member resource request, including:
接口,用于接收虚拟资源提供方发送的成员资源请求;An interface, configured to receive a member resource request sent by a virtual resource provider;
存储单元,用于存储指令;a storage unit for storing instructions;
处理器,分别与所述接口、所述存储单元相连,用于执行所述指令,从所述成员资源请求中获取作为资源原始请求者的应用程序的标识信息,并根据所述应用程序的标识信息确定所述应用程序有访问成员资源的权限;从所述成员资源请求中获取目标虚拟资源的标识信息,并根据所述目标虚拟资源的标识信息确定向所述虚拟资源提供方返回数据的路径,并控制所述接口根据确定出的所述路径返回所述成员资源的数据。The processor is connected to the interface and the storage unit, respectively, for executing the instruction, acquiring identifier information of an application as a resource original requester from the member resource request, and according to the identifier of the application Determining, by the information, that the application has the right to access the member resource, obtaining the identifier information of the target virtual resource from the member resource request, and determining, according to the identifier information of the target virtual resource, a path for returning data to the virtual resource provider. And controlling the interface to return data of the member resource according to the determined path.
基于第六方面,在第六方面的第一种可能的实现方式中,所述处理器用于:从所述成员资源请求中获取作为资源原始请求者的应用程序的标识信息,具体为:获取所述成员资源请求中的发起者参数的值,将所述发起者参数的值作为所述应用程序的标识信息;According to the sixth aspect, in a first possible implementation manner of the sixth aspect, the processor is configured to: obtain, from the member resource request, identifier information of an application that is a resource original requester, specifically: acquiring a value of an initiator parameter in the member resource request, where the value of the initiator parameter is used as identifier information of the application;
所述处理器用于:从所述成员资源请求中获取目标虚拟资源的标识信息,具体为:获取所述成员资源请求中的虚拟参数的值,将所述虚拟参数的值作为所述目标虚拟资源的标识信息。 The processor is configured to: obtain the identifier information of the target virtual resource from the member resource request, specifically: obtain a value of the virtual parameter in the member resource request, and use the value of the virtual parameter as the target virtual resource Identification information.
基于第六方面,在第六方面的第二种可能的实现方式中,所述处理器用于:从所述成员资源请求中获取作为资源原始请求者的应用程序的标识信息,具体为:获取所述成员资源请求中的原始请求者参数的值,将所述原始请求者参数的值作为所述应用程序的标识信息;According to the sixth aspect, in a second possible implementation manner of the sixth aspect, the processor is configured to: obtain, from the member resource request, identifier information of an application that is a resource original requester, specifically: acquiring Determining a value of the original requester parameter in the member resource request, and using the value of the original requester parameter as the identification information of the application;
所述处理器用于:从所述成员资源请求中获取目标虚拟资源的标识信息,具体为:获取所述成员资源请求中的发起者参数的值,将所述发起者参数的值作为所述目标虚拟资源的标识信息。The processor is configured to: obtain the identifier information of the target virtual resource from the member resource request, specifically: obtain the value of the initiator parameter in the member resource request, and use the value of the initiator parameter as the target Identification information of the virtual resource.
基于第六方面、第六方面的第一种可能的实现方式以及第六方面的第二种可能的实现方式,在第六方面的第三种可能的实现方式中,所述处理器用于:控制所述接口根据确定出的所述路径返回所述成员资源的数据之前,还用于:根据所述目标虚拟资源的标识信息确定所述目标虚拟资源是否有访问所述成员资源的权限,并在确定所述目标虚拟资源有访问所述成员资源的权限时,从所述成员资源请求中获取目标虚拟资源的标识信息,并根据所述目标虚拟资源的标识信息确定向所述虚拟资源提供方返回数据的路径,并控制所述接口根据确定出的所述路径返回所述成员资源的数据。Based on the sixth aspect, the first possible implementation manner of the sixth aspect, and the second possible implementation manner of the sixth aspect, in a third possible implementation manner of the sixth aspect, the processor is configured to: Before the returning the data of the member resource according to the determined path, the interface is further configured to: determine, according to the identifier information of the target virtual resource, whether the target virtual resource has the right to access the member resource, and Determining, when the target virtual resource has the right to access the member resource, obtaining the identifier information of the target virtual resource from the member resource request, and determining to return to the virtual resource provider according to the identifier information of the target virtual resource a path of the data, and controlling the interface to return data of the member resource according to the determined path.
本发明实施例中提供的一个或多个技术方案,至少具有如下技术效果或优点:One or more technical solutions provided in the embodiments of the present invention have at least the following technical effects or advantages:
本发明实施例提供的技术方案中,虚拟资源提供方向成员资源提供方发送的成员资源请求中同时包含虚拟资源提供方中需要收集成员资源数据的目标虚拟资源的标识信息,以及终端中请求该目标虚拟资源的应用程序的标识信息,使得成员资源提供方既能够根据应用程序的标识信息验证该应用程序是否有访问成员资源的权限,保证数据安全,又能够根据目标虚拟资源的标识信息确定向虚拟资源提供方返回数据的路径,避免直接将数据返回给终端,实现了成员资源数据的安全、有效的收集。In the technical solution provided by the embodiment of the present invention, the member resource request sent by the virtual resource providing direction member resource provider includes the identifier information of the target virtual resource that needs to collect the member resource data in the virtual resource provider, and the target information is requested in the terminal. The identification information of the application of the virtual resource enables the member resource provider to verify whether the application has the right to access the member resource according to the identification information of the application, ensure the data security, and determine the virtual information according to the identification information of the target virtual resource. The resource provider returns the path of the data, avoiding directly returning the data to the terminal, and realizing the safe and effective collection of the member resource data.
附图说明DRAWINGS
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中 所需要使用的附图作简要介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solution in the embodiment of the present invention, the following description will be made on the embodiment. BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are incorporated in the drawings, FIG. Other figures are obtained from these figures.
图1为背景技术中智能家居领域内M2M通信的示意图;1 is a schematic diagram of M2M communication in the field of smart home in the background art;
图2a为现有技术中以转发方式发送成员资源请求的示意图;2a is a schematic diagram of a request for sending a member resource in a forwarding manner in the prior art;
图2b为现有技术中以请求方式发送成员资源请求的示意图;2b is a schematic diagram of a request for sending a member resource in a request manner in the prior art;
图3为本发明实施例中获取成员资源数据的方法的流程示意图;3 is a schematic flowchart of a method for acquiring member resource data according to an embodiment of the present invention;
图4为本发明实施例中响应成员资源请求的方法的流程示意图;4 is a schematic flowchart of a method for responding to a member resource request according to an embodiment of the present invention;
图5a-图5b为本发明实施例中应用实例1的示意图;5a-5b are schematic diagrams of an application example 1 according to an embodiment of the present invention;
图6a-图6b为本发明实施例中应用实例2的示意图;6a-6b are schematic diagrams of an application example 2 according to an embodiment of the present invention;
图7为本发明实施例中装置300的结构示意框图;FIG. 7 is a schematic block diagram showing the structure of an apparatus 300 according to an embodiment of the present invention;
图8为本发明实施例中装置400的结构示意框图;FIG. 8 is a schematic block diagram showing the structure of an apparatus 400 according to an embodiment of the present invention; FIG.
图9为本发明实施例中设备500的结构示意框图;FIG. 9 is a schematic block diagram showing the structure of a device 500 according to an embodiment of the present invention;
图10为本发明实施例中设备600的结构示意框图。FIG. 10 is a schematic block diagram showing the structure of a device 600 according to an embodiment of the present invention.
具体实施方式detailed description
为了便于理解本发明实施例提供的技术方案,先介绍相关的现有技术:In order to facilitate understanding of the technical solutions provided by the embodiments of the present invention, related related technologies are first introduced:
M2M系统中的两个设备之间可以进行通信,实现信息传递,其中,请求获取信息的一方要向提供信息的一方发送资源请求(Request),Request主要包含以下参数:The two devices in the M2M system can communicate with each other to implement information transmission. The party requesting the information needs to send a resource request (Request) to the party providing the information. The Request mainly includes the following parameters:
发起者参数(From),简称为fr参数,表示资源请求的发起者;The originator parameter (From), referred to as the fr parameter, indicates the initiator of the resource request;
目标资源参数(To),简称为to参数,表示资源请求所指向的目标资源;The target resource parameter (To), referred to as the to parameter, represents the target resource pointed to by the resource request;
操作类型参数(Operation),表示针对目标资源的所请求的具体操作的类型,包括:读取目标资源的数据的操作(Retrieve)、在目标资源下创建新资源的操作(Create:to)、更新目标资源的操作(Update);删除目标资源的操作(Delete),等等。Operation type parameter (Operation), indicating the type of the specific operation requested for the target resource, including: operation to read the data of the target resource (Retrieve), operation to create a new resource under the target resource (Create: to), update The operation of the target resource (Update); the operation of deleting the target resource (Delete), and so on.
参照图2a及图2b,在终端请求获取虚拟资源数据时,终端根据目标虚拟 资源的标识信息(如,通用资源标识符URI)确定出发送资源请求的路径,并根据确定出的路径向虚拟资源提供方发送虚拟资源请求(Request1),虚拟资源请求中的发起者参数(fr参数)为终端中发起虚拟资源请求的应用程序App的标识信息,目标资源参数(to参数)为该应用程序所请求的目标虚拟资源VR的标识信息,虚拟资源提供方指的是虚拟资源所在的设备,如图1中的网关。Referring to FIG. 2a and FIG. 2b, when the terminal requests to acquire virtual resource data, the terminal according to the target virtual The identification information of the resource (eg, the universal resource identifier URI) determines a path for sending the resource request, and sends a virtual resource request (Request1) to the virtual resource provider according to the determined path, and the initiator parameter in the virtual resource request (fr) The parameter is the identification information of the application App that initiates the virtual resource request in the terminal, the target resource parameter (to parameter) is the identification information of the target virtual resource VR requested by the application, and the virtual resource provider refers to the virtual resource where the virtual resource is located. The device, as shown in the gateway in Figure 1.
虚拟资源提供方在接收Request1后,需要向目标虚拟资源的各成员资源收集数据,才能确定出目标虚拟资源的数据。因此,虚拟资源提供方首先要根据虚拟资源请求的to参数定位出被请求的VR,然后,根据定位出的VR的属性信息中记录的该目标虚拟资源的成员资源Ab1、Ab2,确定出Ab1、Ab2的标识信息。由于Ab1、Ab2的标识信息能够表示Ab1、Ab2的地址,因此,确定出Ab1、Ab2的标识信息,也就确定出提供Ab1、Ab2的成员资源提供方。After receiving the Request1, the virtual resource provider needs to collect data from each member resource of the target virtual resource to determine the data of the target virtual resource. Therefore, the virtual resource provider first needs to locate the requested VR according to the to parameter of the virtual resource request, and then determines Ab1 according to the member resources Ab1 and Ab2 of the target virtual resource recorded in the attribute information of the located VR. Identification information of Ab2. Since the identification information of Ab1 and Ab2 can indicate the addresses of Ab1 and Ab2, the identification information of Ab1 and Ab2 is determined, and the member resource providers that provide Ab1 and Ab2 are determined.
然后,虚拟资源提供方向各成员资源提供方发送成员资源请求,现有技术中,发送成员资源请求主要有以下实现方式:Then, the virtual resource provides a member resource request to each member resource provider. In the prior art, the sending member resource request mainly has the following implementation manners:
方式1,转发方式。Mode 1, forwarding mode.
继续参照图2a,虚拟资源提供方将接收的Request1中的to参数修改为各成员资源的标识信息,并将修改后的请求发送给成员资源提供方。其中,修改后的虚拟资源请求中的fr参数保持不变,即成员资源提供方接收的成员资源请求中的fr参数仍然为终端中发起虚拟资源请求的应用程序的标识信息,因此,将这种方式形象的称为转发方式。With continued reference to FIG. 2a, the virtual resource provider modifies the received to parameter in Request1 to the identification information of each member resource, and sends the modified request to the member resource provider. The fr parameter in the modified virtual resource request remains unchanged, that is, the fr parameter in the member resource request received by the member resource provider is still the identification information of the application that initiates the virtual resource request in the terminal, and therefore, The way image is called the forwarding method.
转发方式下,成员资源提供方能够根据成员资源请求中的fr参数验证终端中的App是否有访问成员资源的权限,但是,成员资源提供方在返回数据时,会根据fr参数将数据直接返回给应用程序所在的终端,而不是虚拟资源提供方,因此,终端最终收到的是目标虚拟资源的各成员资源的数据,而不是根据成员资源数据混聚而成的目标虚拟资源数据。In the forwarding mode, the member resource provider can verify whether the APP in the terminal has the right to access the member resource according to the fr parameter in the member resource request. However, when the member resource provider returns the data, the member resource directly returns the data according to the fr parameter. The terminal where the application is located, not the virtual resource provider. Therefore, the terminal finally receives the data of each member resource of the target virtual resource, instead of the target virtual resource data that is aggregated according to the member resource data.
方式2,请求方式。Mode 2, request method.
继续参照图2b,请求方式下发送的成员资源请求的to参数仍然为各成员 资源的标识信息,但与转发方式不同,fr参数为虚拟资源提供方中的目标虚拟资源的标识信息。With continued reference to Figure 2b, the to parameter of the member resource request sent in the request mode is still for each member. The identification information of the resource, but different from the forwarding mode, the fr parameter is the identification information of the target virtual resource in the virtual resource provider.
请求方式下,虽然成员资源提供方能够将数据返回给虚拟资源提供方,但是,由于成员资源请求中缺乏目标虚拟资源的原始请求者的信息,不能验证终端中发起虚拟资源请求的应用程序是否有访问各成员资源的权限,不满足M2M通信的安全性的要求。In the request mode, although the member resource provider can return the data to the virtual resource provider, because the member resource request lacks the information of the original requester of the target virtual resource, it cannot verify whether the application that initiated the virtual resource request in the terminal has Access to the resources of each member does not meet the security requirements of M2M communication.
因此,现有技术的上述两种方式均不能实现安全、有效地收集虚拟资源的成员资源的数据,针对这一问题,本发明实施例一方面提供了一种获取成员资源数据的方法,包括:虚拟资源提供方接收终端发送的虚拟资源请求,所述虚拟资源请求包含终端中发起所述虚拟资源请求的应用程序的标识信息,以及所述应用程序所请求的目标虚拟资源的标识信息;虚拟资源提供方根据所述目标虚拟资源的标识信息定位所述目标虚拟资源,并根据所述目标虚拟资源的属性信息确定提供所述目标虚拟资源的成员资源的成员资源提供方;虚拟资源提供方向所述成员资源提供方发送成员资源请求;以及接收所述成员资源提供方根据所述成员资源请求包含的所述目标虚拟资源的标识信息以及所述应用程序的标识信息,返回的所述成员资源的数据。Therefore, the above two methods of the prior art cannot implement the data collection of the member resources of the virtual resource in a safe and effective manner. To solve the problem, the embodiment of the present invention provides a method for acquiring the member resource data, including: The virtual resource provider receives the virtual resource request sent by the terminal, where the virtual resource request includes the identifier information of the application that initiates the virtual resource request in the terminal, and the identifier information of the target virtual resource requested by the application; the virtual resource The provider locates the target virtual resource according to the identifier information of the target virtual resource, and determines a member resource provider that provides the member resource of the target virtual resource according to the attribute information of the target virtual resource; And the member resource provider sends the member resource request; and receives the identifier information of the target virtual resource that is included in the member resource request and the identifier information of the application, and returns the data of the member resource. .
由于虚拟资源提供方向成员资源提供方发送的成员资源请求中同时包含虚拟资源提供方中需要收集成员资源的数据的目标虚拟资源的标识信息,以及终端中请求该目标虚拟资源的应用程序的标识信息,使得成员资源提供方既能够根据应用程序的标识信息验证该应用程序是否有访问成员资源的权限,保证信息的安全性,又能够根据目标虚拟资源的标识信息确定向虚拟资源提供方返回数据的路径,避免直接将数据返回给终端,实现了成员资源数据的安全、有效的收集。The identifier information of the target virtual resource that includes the data of the member resource in the virtual resource provider, and the identifier of the application that requests the target virtual resource in the terminal, is included in the member resource request sent by the member resource provider. The member resource provider can verify whether the application has the right to access the member resource according to the identification information of the application, ensure the security of the information, and determine the return data to the virtual resource provider according to the identification information of the target virtual resource. The path avoids directly returning data to the terminal, and achieves safe and effective collection of member resource data.
对应的,本发明实施例另一方面还提供一种响应成员资源请求的方法,包括:成员资源提供方接收虚拟资源提供方发送的成员资源请求;从所述成员资源请求中获取作为资源原始请求者的应用程序的标识信息,并根据所述应用程序的标识信息确定所述应用程序有访问成员资源的权限;从所述成员 资源请求中获取目标虚拟资源的标识信息,并根据所述目标虚拟资源的标识信息确定向所述虚拟资源提供方返回数据的路径,并根据确定出的所述路径返回所述成员资源的数据。Correspondingly, another aspect of the embodiment of the present invention provides a method for responding to a member resource request, including: a member resource provider receiving a member resource request sent by a virtual resource provider; and obtaining, as the resource original request, the member resource request Identification information of the application of the application, and determining, according to the identification information of the application, that the application has permission to access member resources; from the member And obtaining, by the resource request, identifier information of the target virtual resource, and determining a path for returning data to the virtual resource provider according to the identifier information of the target virtual resource, and returning data of the member resource according to the determined path.
由于成员资源提供方既能够根据应用程序的标识信息验证该应用程序是否有访问成员资源的权限,保证信息的安全性,又能够根据目标虚拟资源的标识信息确定向虚拟资源提供方返回数据的路径,避免直接将数据返回给终端,实现了成员资源数据的安全、有效的收集。The member resource provider can verify whether the application has the right to access the member resource according to the identification information of the application, ensure the security of the information, and determine the path to return the data to the virtual resource provider according to the identification information of the target virtual resource. To avoid direct return of data to the terminal, and to achieve safe and effective collection of member resource data.
下面通过附图以及具体实施例对本发明技术方案做详细的说明,应当理解本发明实施例以及实施例中的具体特征是对本发明技术方案的详细的说明,而不是对本发明技术方案的限定,在不冲突的情况下,本发明实施例以及实施例中的技术特征可以相互组合。The technical solutions of the present invention are described in detail below with reference to the accompanying drawings and specific embodiments. It is understood that the specific features of the embodiments and the embodiments of the present invention are the detailed description of the technical solutions of the present invention, and are not limited to the technical solutions of the present invention. In the case of no conflict, the technical features of the embodiments of the present invention and the embodiments may be combined with each other.
参照图3,为本发明实施例提供的一种获取成员资源数据的方法的流程示意图,该流程包括如下步骤:FIG. 3 is a schematic flowchart of a method for acquiring member resource data according to an embodiment of the present invention, where the process includes the following steps:
步骤101:虚拟资源提供方接收终端发送的虚拟资源请求,该虚拟资源请求包含终端中发起虚拟资源请求的应用程序的标识信息,以及该应用程序所请求的目标虚拟资源的标识信息。Step 101: The virtual resource provider receives the virtual resource request sent by the terminal, where the virtual resource request includes the identifier information of the application that initiates the virtual resource request in the terminal, and the identifier information of the target virtual resource requested by the application.
具体的,抽象为资源的物理设备、应用程序以及数据等注册到M2M系统之后,都会被分配具有唯一性的、能够标识其在M2M系统中所处位置的标识,本发明实施例中的标识信息可以是该标识本身,也可以是该标识编译后形成的信息,通过编译后的标识信息可以毫无疑义地确定出资源的标识。例如,标识信息可以是资源标识符URI。Specifically, after the physical device, the application, and the data, which are abstracted as the resource, are registered in the M2M system, the identifier that is unique in the M2M system, and the identifier information in the embodiment of the present invention is assigned. It may be the identifier itself, or may be information formed after the identifier is compiled, and the identifier of the resource may be unambiguously determined by the compiled identification information. For example, the identification information can be a resource identifier URI.
虚拟资源提供方接收的虚拟资源请求至少包括发起者参数(fr参数)、目标参数(to参数),其中fr参数为终端中发起虚拟资源请求的应用程序的标识信息,而to参数为该应用程序所请求的目标虚拟资源的标识信息。The virtual resource request received by the virtual resource provider includes at least an initiator parameter (fr parameter) and a target parameter (to parameter), wherein the fr parameter is identification information of an application that initiates the virtual resource request in the terminal, and the to parameter is the application. Identification information of the requested target virtual resource.
步骤102:虚拟资源提供方根据目标虚拟资源的标识信息定位目标虚拟资源,并根据目标虚拟资源的属性信息确定提供目标虚拟资源的成员资源的成员资源提供方。 Step 102: The virtual resource provider locates the target virtual resource according to the identifier information of the target virtual resource, and determines a member resource provider that provides the member resource of the target virtual resource according to the attribute information of the target virtual resource.
具体的,虚拟资源提供方从虚拟资源请求中提取to参数,to参数指向的虚拟资源即为终端请求的目标虚拟资源,因此,根据to参数可以定位出目标虚拟资源。Specifically, the virtual resource provider extracts the to parameter from the virtual resource request, and the virtual resource pointed to by the to parameter is the target virtual resource requested by the terminal. Therefore, the target virtual resource may be located according to the to parameter.
在M2M系统中,虚拟资源的成员资源的标识信息保存在虚拟资源的属性信息内,因此,虚拟资源提供方可以根据目标虚拟资源的属性信息确定出目标虚拟资源的各成员资源的标识信息。由于成员资源的标识信息能够表示成员资源所处的位置,因此,获知成员资源的标识信息,也就获知提供该成员资源的成员资源提供方。In the M2M system, the identification information of the member resources of the virtual resource is stored in the attribute information of the virtual resource. Therefore, the virtual resource provider can determine the identification information of each member resource of the target virtual resource according to the attribute information of the target virtual resource. Since the identification information of the member resource can indicate the location where the member resource is located, the identification information of the member resource is known, and the member resource provider that provides the member resource is also known.
步骤103:虚拟资源提供方向成员资源提供方发送成员资源请求。Step 103: The virtual resource providing direction sends a member resource request to the member resource provider.
具体的,虚拟资源向各成员资源所在的成员资源提供方发送成员资源请求,其中,为了保证成员资源提供方能够把成员资源的数据返回至虚拟资源提供方,供目标虚拟资源进行混聚处理,成员资源请求中包含有目标虚拟资源的标识信息,成员资源提供方根据成员资源请求中的目标虚拟资源的标识信息即可确定返回数据的路径。Specifically, the virtual resource sends a member resource request to the member resource provider where each member resource is located, wherein, in order to ensure that the member resource provider can return the data of the member resource to the virtual resource provider, the target virtual resource is mixed and processed. The member resource request includes the identification information of the target virtual resource, and the member resource provider can determine the path of the returned data according to the identification information of the target virtual resource in the member resource request.
另外,为了保障数据的安全,成员资源提供方将对成员资源的原始请求者进行鉴权,以确定其有访问成员资源的权限。所谓成员资源的原始请求者,指的是触发获取成员资源的操作的最初请求者,如:终端中App请求虚拟资源VR,而VR需要请求成员资源Ab1、Ab2、Ab3的数据,而Ab1本身也是一个虚拟资源,需要请求成员资源Ab4、Ab5的数据,则对于VR、Ab1、Ab2、Ab3、Ab4、Ab5而言,原始请求者均为终端中的App。In addition, in order to ensure data security, the member resource provider will authenticate the original requester of the member resource to determine its access to the member resources. The original requester of the member resource refers to the initial requester that triggers the operation of acquiring the member resource. For example, the App requests the virtual resource VR in the terminal, and the VR needs to request the data of the member resources Ab1, Ab2, Ab3, and Ab1 itself is also For a virtual resource, the data of the member resources Ab4 and Ab5 needs to be requested. For VR, Ab1, Ab2, Ab3, Ab4, Ab5, the original requestor is the App in the terminal.
本发明实施例中,为了使得成员资源提供方能够对原始请求者进行鉴权,虚拟资源提供方发送的成员资源请求中还包含原始请求者的信息,即终端中请求目标虚拟资源的应用程序的标识信息。成员资源提供方能够从成员资源请求中获取该应用程序的标识信息,并根据该应用程序的标识信息判断该应用程序是否有访问目标成员资源的权限。具体实施时,可以在成员资源的属性信息中保存成员资源的访问权限信息,成员资源提供方根据属性信息记录的访问权限信息进行鉴权。也可以是在服务器上或成员资源提供方本地维护 有目标成员资源的访问权限列表,成员资源提供方可以查询该访问权限列表进行鉴权。In the embodiment of the present invention, in order to enable the member resource provider to authenticate the original requester, the member resource request sent by the virtual resource provider further includes information of the original requester, that is, an application requesting the target virtual resource in the terminal. Identification information. The member resource provider can obtain the identification information of the application from the member resource request, and determine whether the application has the right to access the target member resource according to the identification information of the application. During the specific implementation, the access authority information of the member resource may be saved in the attribute information of the member resource, and the member resource provider performs the authentication according to the access authority information recorded by the attribute information. Can also be local maintenance on the server or member resource provider There is a list of access rights of the target member resource, and the member resource provider can query the access permission list for authentication.
步骤104:接收成员资源提供方根据成员资源请求包含的目标虚拟资源的标识信息以及应用程序的标识信息,返回的成员资源的数据。Step 104: Receive data of the member resources returned by the member resource provider according to the identification information of the target virtual resource included in the member resource request and the identification information of the application.
具体的,各成员资源提供方在根据应用程序的标识信息确定应用程序有访问成员资源的权限后,将根据目标虚拟资源的标识信息确定返回数据的路径,将成员资源的数据返回给成员资源提供方,因此,虚拟资源提供方能够接收到各成员资源提供方返回的成员资源的数据。Specifically, after determining, according to the identification information of the application, the application resource has the right to access the member resource, the member resource provider determines the path of the returned data according to the identification information of the target virtual resource, and returns the data of the member resource to the member resource. Therefore, the virtual resource provider can receive the data of the member resources returned by each member resource provider.
本发明实施例上述技术方案中,虚拟资源提供方向成员资源提供方发送的成员资源请求中同时包含虚拟资源提供方中需要收集成员资源数据的目标虚拟资源的标识信息,以及终端中请求该目标虚拟资源的应用程序的标识信息,使得成员资源提供方既能够根据应用程序的标识信息验证该应用程序是否有访问成员资源的权限,保证数据安全,又能够根据目标虚拟资源的标识信息确定向虚拟资源提供方返回数据的路径,避免直接将数据返回给终端,实现了成员资源数据的安全、有效的收集。In the foregoing technical solution of the embodiment of the present invention, the member resource request sent by the virtual resource providing direction member resource provider includes the identifier information of the target virtual resource that needs to collect the member resource data in the virtual resource provider, and the target virtual object is requested in the terminal. The identification information of the application of the resource enables the member resource provider to verify whether the application has the right to access the member resource according to the identification information of the application, ensure data security, and determine the virtual resource according to the identification information of the target virtual resource. The provider returns the path of the data, avoids directly returning the data to the terminal, and realizes the safe and effective collection of the member resource data.
可选的,本发明实施例中,步骤103可以有两种实施方式:Optionally, in the embodiment of the present invention, step 103 may have two implementation manners:
方式一method one
虚拟资源提供方发送的成员资源请求的参数包括发起者参数以及虚拟参数;其中,发起者参数的值为该应用程序的标识信息,用于使成员资源提供方判断应用程序是否有访问成员资源的权限;虚拟参数的值为目标虚拟资源的标识信息,用于使成员资源提供方确定向虚拟资源提供方返回数据的路径。The parameter of the member resource request sent by the virtual resource provider includes an initiator parameter and a virtual parameter. The value of the initiator parameter is the identification information of the application, and is used to enable the member resource provider to determine whether the application has access to the member resource. Permission; the value of the virtual parameter is the identification information of the target virtual resource, and is used to enable the member resource provider to determine the path to return data to the virtual resource provider.
具体的,成员资源请求中的发起者参数为终端中请求目标虚拟资源的应用程序的标识信息,以使成员资源提供方能够验证该应用程序是否有访问成员资源的权限。而且,为了避免成员资源提供方将数据直接返回终端,在成员资源请求中还添加了虚拟参数(英文:Virtual Reference,简称:vr),用于表示成员资源请求来自虚拟资源提供方,接收该成员资源请求的一方需要根据虚拟参数确定返回数据的路径,以将数据返回给虚拟资源提供方,供虚拟资 源进行混聚处理。Specifically, the initiator parameter in the member resource request is identifier information of the application requesting the target virtual resource in the terminal, so that the member resource provider can verify whether the application has the right to access the member resource. Moreover, in order to prevent the member resource provider from directly returning the data to the terminal, a virtual parameter (English: Virtual Reference, referred to as vr) is added to the member resource request to indicate that the member resource request is from the virtual resource provider, and the member is received. The party requesting the resource needs to determine the path of the returned data according to the virtual parameter to return the data to the virtual resource provider for the virtual resource. The source is subjected to a coagulation process.
可选的,资源请求包含的vr参数为空值时,表明该资源请求不是由虚拟资源提供方转发而来的,接收资源请求的一方需要根据资源请求中的发起者参数确定返回数据的路径。例如,终端向虚拟资源提供方发送虚拟资源请求时,虚拟资源请求中也可以包含vr参数,只不过vr参数为空值,虚拟资源提供方仍然需要根据发起者参数确定向终端返回数据的路径。Optionally, when the vr parameter included in the resource request is a null value, it indicates that the resource request is not forwarded by the virtual resource provider, and the party that receives the resource request needs to determine the path of the returned data according to the initiator parameter in the resource request. For example, when the terminal sends a virtual resource request to the virtual resource provider, the virtual resource request may also include a vr parameter, but the vr parameter is a null value, and the virtual resource provider still needs to determine a path for returning data to the terminal according to the initiator parameter.
上述方式一与现有技术中的转发方式(参照图2a)相对应,由于在成员资源请求中增加了虚拟参数,虚拟参数的数值为需要根据成员资源进行混聚处理的目标虚拟资源的标识信息,使接收成员资源请求的成员资源提供方根据虚拟参数来确定返回数据的路径,进而避免将数据直接返回给终端。The foregoing method 1 corresponds to the forwarding mode in the prior art (refer to FIG. 2a). The virtual parameter is added to the member resource request, and the value of the virtual parameter is the identification information of the target virtual resource that needs to be mixed according to the member resource. The member resource provider that receives the member resource request determines the path of the returned data according to the virtual parameter, thereby avoiding directly returning the data to the terminal.
方式二Way two
虚拟资源提供方发送的成员资源请求的参数包括发起者参数以及原始请求者参数;其中,发起者参数的值为目标虚拟资源的标识信息,用于使成员资源提供方确定向虚拟资源提供方返回数据的路径;原始请求者参数的值为该应用程序的标识信息,用于使成员资源提供方判断应用程序是否有访问成员资源的权限。The parameter of the member resource request sent by the virtual resource provider includes an initiator parameter and an original requester parameter. The value of the initiator parameter is identifier information of the target virtual resource, and is used to enable the member resource provider to determine to return to the virtual resource provider. The path of the data; the value of the original requester parameter is the identification information of the application, which is used to enable the member resource provider to determine whether the application has permission to access the member resource.
具体的,成员资源请求中的发起者参数为需要获取成员资源进行混聚处理的目标虚拟资源的标识信息,以使成员资源提供方确定向虚拟资源提供方返回数据的路径。而且,成员资源请求中还包括原始请求者参数(英文:Create Reference,简称:cr),用于标识成员资源的原始请求者。Specifically, the initiator parameter in the member resource request is the identifier information of the target virtual resource that needs to acquire the member resource for the hybrid processing, so that the member resource provider determines the path to return the data to the virtual resource provider. Moreover, the member resource request also includes an original requester parameter (English: Create Reference, referred to as: cr), which is used to identify the original requester of the member resource.
例如,终端中的应用程序App请求虚拟资源提供方中的虚拟资源VR,而VR需要获取成员资源提供方1中的Ab1以及成员资源提供方2中的Ab2,虚拟资源提供方向成员资源提供方1、2发送成员资源请求时,需要在成员资源请求中增加cr参数,cr参数的值为应用程序A的标识信息。For example, the application App in the terminal requests the virtual resource VR in the virtual resource provider, and the VR needs to acquire Ab1 in the member resource provider 1 and Ab2 in the member resource provider 2, and the virtual resource provides the direction member resource provider 1 2 When the member resource request is sent, the cr parameter needs to be added to the member resource request, and the value of the cr parameter is the identification information of the application A.
可选的,终端向虚拟资源提供方发送的虚拟资源请求中也可以包含cr参数,cr参数的值为请求虚拟资源的应用程序的标识信息,以使虚拟资源提供方向成员资源提供方发送成员资源请求时,在成员资源请求中添加该cr参数。 Optionally, the virtual resource request sent by the terminal to the virtual resource provider may also include a cr parameter, where the value of the cr parameter is the identifier information of the application requesting the virtual resource, so that the virtual resource providing direction sends the member resource to the member resource provider. When requested, the cr parameter is added to the member resource request.
上述方式二与现有技术中的请求方式(参照图2b)相对应,由于在成员资源请求中增加了原始请求者参数,原始请求者参数的数值为终端中请求目标虚拟资源的应用程序的标识信息,使接收成员资源请求的成员资源提供方能够根据原始请求者参数验证该应用程序是否有访问成员资源的权限,以保证数据安全。The foregoing method 2 corresponds to the request mode in the prior art (refer to FIG. 2b). Since the original requester parameter is added in the member resource request, the value of the original requester parameter is the identifier of the application requesting the target virtual resource in the terminal. The information enables the member resource provider receiving the member resource request to verify whether the application has the right to access the member resource according to the original requester parameter to ensure data security.
可选的,步骤101中,虚拟资源提供方接收的虚拟资源请求中to参数指向的目标虚拟资源可能是一个当前尚未创建的虚拟资源,虚拟资源提供方首先将根据虚拟资源请求中包含的该目标虚拟资源的属性信息创建该目标虚拟资源,然后,再向该目标虚拟资源对应的各成员资源提供方发送成员资源请求。Optionally, in step 101, the target virtual resource pointed to by the to parameter in the virtual resource request received by the virtual resource provider may be a virtual resource that has not been created yet, and the virtual resource provider firstly according to the target included in the virtual resource request. The attribute information of the virtual resource is used to create the target virtual resource, and then the member resource request is sent to each member resource provider corresponding to the target virtual resource.
可选的,在步骤104之后,还可以包括如下步骤:根据接收的成员资源的数据确定出目标虚拟资源对应的数据;并向终端返回确定出的目标虚拟资源对应的数据。Optionally, after the step 104, the method further includes the following steps: determining data corresponding to the target virtual resource according to the received data of the member resource; and returning, to the terminal, the data corresponding to the determined target virtual resource.
具体的,虚拟资源提供方接收到目标虚拟资源的各成员资源的数据之后,根据接收的数据进行混聚处理,确定出目标虚拟资源的数据,然后将确定出的数据返回给终端中请求目标虚拟资源的应用程序,其中,虚拟资源提供方向终端返回数据的路径根据终端发送的虚拟资源请求中包含的应用程序的标识信息来确定。Specifically, after receiving the data of each member resource of the target virtual resource, the virtual resource provider performs a hybrid processing according to the received data, determines data of the target virtual resource, and then returns the determined data to the terminal requesting the target virtual The application of the resource, wherein the path of the virtual resource providing direction return data to the terminal is determined according to the identification information of the application included in the virtual resource request sent by the terminal.
本发明实施例中,返回给终端的数据为虚拟资源混聚处理后的数据,保证了返回数据的正确性,而且,目标虚拟资源对应的成员资源提供方会验证终端中请求目标虚拟资源的应用程序的访问权限,保证了数据的安全访问。In the embodiment of the present invention, the data returned to the terminal is the data after the virtual resource is mixed, and the correctness of the returned data is ensured, and the member resource provider corresponding to the target virtual resource verifies the application of the target virtual resource in the terminal. The program's access rights ensure secure access to data.
可选的,步骤103中,虚拟资源提供方发送的成员资源请求的参数还包括目标资源参数,目标资源参数的值为目标虚拟资源的成员资源的标识信息,以使接收成员资源请求的成员资源提供方根据目标资源参数定位出目标成员资源。Optionally, in step 103, the parameter of the member resource request sent by the virtual resource provider further includes a target resource parameter, where the value of the target resource parameter is identifier information of the member resource of the target virtual resource, so that the member resource of the member resource request is received. The provider locates the target member resource based on the target resource parameter.
基于相同的技术构思,本发明实施例还提供了一种响应成员资源请求的方法,参照图4,为该方法的流程示意图,流程包括如下步骤: Based on the same technical concept, the embodiment of the present invention further provides a method for responding to a member resource request. Referring to FIG. 4, it is a schematic flowchart of the method. The process includes the following steps:
步骤201:成员资源提供方接收虚拟资源提供方发送的成员资源请求;Step 201: The member resource provider receives the member resource request sent by the virtual resource provider.
步骤202:从成员资源请求中获取作为资源原始请求者的应用程序的标识信息,并根据应用程序的标识信息确定该应用程序有访问目标成员资源的权限;Step 202: Obtain identification information of an application as a resource original requester from the member resource request, and determine, according to the identification information of the application, the application has the right to access the target member resource;
步骤203:从成员资源请求中获取目标虚拟资源的标识信息,并根据目标虚拟资源的标识信息确定向虚拟资源提供方返回数据的路径,并根据确定出的路径返回成员资源的数据。Step 203: Obtain identification information of the target virtual resource from the member resource request, and determine a path for returning data to the virtual resource provider according to the identification information of the target virtual resource, and return data of the member resource according to the determined path.
具体的,成员资源提供方接收的成员资源请求中同时包含虚拟资源提供方中发起成员资源请求的目标虚拟资源的标识信息,以及请求目标虚拟资源的原始请求者的标识信息。成员资源提供方根据其中的原始请求者(即,终端中请求目标虚拟资源的应用程序)的标识信息来验证资源的原始请求者的权限,并在确定原始请求者有访问权限之后,根据该虚拟资源的标识信息确定返回数据的路径,并根据确定出的路径返回成员资源的数据。Specifically, the member resource request received by the member resource provider includes the identifier information of the target virtual resource that initiates the member resource request in the virtual resource provider, and the identifier information of the original requester that requests the target virtual resource. The member resource provider verifies the authority of the original requester of the resource according to the identification information of the original requester (ie, the application requesting the target virtual resource in the terminal), and after determining that the original requester has the access right, according to the virtual The identification information of the resource determines the path of the returned data, and returns the data of the member resource according to the determined path.
由于成员资源提供方既能够根据终端中请求虚拟资源的应用程序的标识信息验证资源的原始请求者是否有访问成员资源的权限,保证信息的安全性,又能够根据发送成员资源请求的虚拟资源提供方中请求成员资源的虚拟资源的标识信息确定返回数据的路径,避免直接将数据返回给终端,实现了成员资源数据的安全、有效的收集。The member resource provider can verify whether the original requester of the resource has the right to access the member resource according to the identification information of the application requesting the virtual resource in the terminal, thereby ensuring the security of the information, and providing the virtual resource according to the request for sending the member resource. The identification information of the virtual resource requesting the member resource in the party determines the path of the returned data, and avoids directly returning the data to the terminal, thereby realizing the safe and effective collection of the member resource data.
可选的,根据虚拟资源提供方发送的成员资源请求的类型的不同,成员资源提供方响应成员资源请求的方式不同,具体包括以下两种方式:其一,与步骤103的实现方式一相对应,在成员资源请求包含发起者(fr)参数、转发(vr)参数时,步骤202中,从成员资源请求中获取作为资源原始请求者的应用程序的标识信息,在执行时,具体为:获取成员资源请求中的发起者参数的值,将发起者参数的值作为应用程序的标识信息。Optionally, the manner in which the member resource provider responds to the member resource request is different according to the type of the member resource request sent by the virtual resource provider, and specifically includes the following two methods: first, corresponding to the implementation manner 1 of step 103. When the member resource request includes the initiator (fr) parameter and the forwarding (vr) parameter, in step 202, the identification information of the application as the resource original requester is obtained from the member resource request, and when executed, specifically: acquiring The value of the initiator parameter in the member resource request, and the value of the initiator parameter is used as the identification information of the application.
而步骤203中,从成员资源请求中获取目标虚拟资源的标识信息,在执行时,具体为:获取成员资源请求中的虚拟参数的值,将虚拟参数的值作为目标虚拟资源的标识信息。 In step 203, the identifier information of the target virtual resource is obtained from the member resource request. When executed, the value of the virtual parameter in the member resource request is obtained, and the value of the virtual parameter is used as the identifier information of the target virtual resource.
具体的,成员资源提供方将成员资源请求中的fr参数的值解析为资源的原始请求者的标识信息,并根据fr参数的值验证终端中应用程序是否有访问成员资源的权限;将vr参数的值解析为直接请求成员资源数据的目标虚拟资源的标识信息,用vr参数的值来确定返回成员资源数据的路径。Specifically, the member resource provider parses the value of the fr parameter in the member resource request into the identifier information of the original requester of the resource, and verifies whether the application in the terminal has the right to access the member resource according to the value of the fr parameter; The value is parsed into the identification information of the target virtual resource directly requesting the member resource data, and the value of the vr parameter is used to determine the path of the returned member resource data.
其二,与步骤103的实现方式二相对应,在成员资源请求包含发起者(fr)参数、原始请求者(cr)参数时,步骤202中,从成员资源请求中获取作为资源原始请求者的应用程序的标识信息,在执行时,具体为:获取成员资源请求中的原始请求者参数的值,将原始请求者参数的值作为应用程序的标识信息。Second, corresponding to the implementation manner 2 of step 103, when the member resource request includes the initiator (fr) parameter and the original requester (cr) parameter, in step 202, the resource requester is obtained from the member resource request. The identification information of the application, when executed, specifically: obtaining the value of the original requester parameter in the member resource request, and using the value of the original requester parameter as the identification information of the application.
而步骤203中,从成员资源请求中获取目标虚拟资源的标识信息,在执行时,具体为:获取成员资源请求中的发起者参数的值,将发起者参数的值作为目标虚拟资源的标识信息。In step 203, the identifier information of the target virtual resource is obtained from the member resource request, and the value of the initiator parameter in the member resource request is obtained as the identifier information of the target virtual resource. .
具体的,成员资源提供方将成员资源请求中的cr参数的值解析为资源的原始请求者的标识信息,并根据cr参数的值验证终端中应用程序是否有访问成员资源的权限;将fr参数的值解析为直接请求成员资源数据的目标虚拟资源的标识信息,用fr参数的值来确定返回成员资源数据的路径。Specifically, the member resource provider parses the value of the cr parameter in the member resource request into the identifier information of the original requester of the resource, and verifies whether the application in the terminal has the right to access the member resource according to the value of the cr parameter; The value is parsed into the identification information of the target virtual resource directly requesting the member resource data, and the value of the fr parameter is used to determine the path of the member resource data.
可选的,在步骤203之前,还包括如下步骤:Optionally, before step 203, the method further includes the following steps:
根据目标虚拟资源的标识信息确定目标虚拟资源是否有访问成员资源的权限,并在确定目标虚拟资源有访问所述成员资源的权限时,执行步骤203。And determining, according to the identifier information of the target virtual resource, whether the target virtual resource has the right to access the member resource, and performing the step 203 when determining that the target virtual resource has the right to access the member resource.
具体的,成员资源提供方不仅要验证资源的原始请求者的访问权限,还要验证成员资源的直接请求者,即虚拟资源提供方中需要获取成员资源进行混聚处理的目标虚拟资源是否有访问成员资源的权限,进一步保护数据的安全性。Specifically, the member resource provider not only needs to verify the access rights of the original requester of the resource, but also the direct requester of the member resource, that is, whether the target virtual resource that needs to obtain the member resource for the hybrid processing in the virtual resource provider has access. The permissions of member resources further protect the security of the data.
可选的,成员资源提供方接收的成员资源请求中还包括目标资源参数(to参数),成员资源请求中的to参数的值为虚拟资源所请求的目标成员资源的标识信息,以使的成员资源提供方根据to参数定位出需要返回数据的目标成员资源。 Optionally, the member resource request received by the member resource provider further includes a target resource parameter (to parameter), and the value of the to parameter in the member resource request is identifier information of the target member resource requested by the virtual resource, so that the member The resource provider locates the target member resource that needs to return data according to the to parameter.
可选的,如果成员资源提供方验证原始请求者的访问权限时,验证结果表明原始请求者没有返回数据的权限,则不向虚拟资源提供方返回成员资源的数据。优选的,成员资源提供方可以向虚拟资源提供方发送告知原始请求者不具有访问成员资源的权项的报文,以告知虚拟资源提供方。Optionally, if the member resource provider verifies the access right of the original requester, and the verification result indicates that the original requester does not have the right to return data, the data of the member resource is not returned to the virtual resource provider. Preferably, the member resource provider may send a message to the virtual resource provider to inform the original requester that the user does not have the right to access the member resource to notify the virtual resource provider.
可选的,在成员资源请求中的to参数指向的成员资源Ab1自身也是一个虚拟资源时,成员资源提供方需要执行与步骤102~104一致的操作,进而确定出Ab1的数据。Optionally, when the member resource Ab1 pointed to by the to parameter in the member resource request is also a virtual resource, the member resource provider needs to perform operations consistent with steps 102-104 to determine the data of Ab1.
即:成员资源提供方需要根据Ab1的属性信息确定出Ab1的各子成员资源为Ab3、Ab4以及对应的子成员资源提供方,然后,向各子成员资源提供方发送子成员资源请求,子成员资源请求中包含有Ab1的标识信息以及终端中请求虚拟资源的应用程序(即,资源原始请求者)的标识信息,其中,前者用于使各子成员资源提供方确定返回数据的路径,而后者用于使各子成员资源提供方验证资源原始请求者的访问权限。然后,根据各子成员资源提供方返回的数据进行混聚处理确定出成员资源的数据。然后,成员资源提供方执行步骤203,向虚拟资源提供方返回确定出的数据。That is, the member resource provider needs to determine that each sub-member resource of Ab1 is Ab3, Ab4, and the corresponding sub-member resource provider according to the attribute information of Ab1, and then send a sub-member resource request to each sub-member resource provider, the sub-member The resource request includes the identification information of the Ab1 and the identification information of the application (ie, the original resource requester) requesting the virtual resource in the terminal, where the former is used to enable each sub-member resource provider to determine the path of the returned data, and the latter Used to enable each child member resource provider to verify the access rights of the original requester of the resource. Then, the data of the member resources is determined according to the data returned by each sub-member resource provider. Then, the member resource provider performs step 203 to return the determined data to the virtual resource provider.
由于在虚拟资源涉及到多级成员资源时,让每一级成员资源都验证资源的原始请求者的访问权限,以保证数据安全,而且,每一级成员资源均将数据返回直接的上一级资源,避免数据返回路径的错误。Since the virtual resources involve multiple levels of member resources, each level of member resources is verified to verify the access rights of the original requesters of the resources to ensure data security, and each level of member resources returns the data directly to the upper level. Resources to avoid errors in data return paths.
基于相同的技术构思,本发明实施例还提供了一种获取虚拟资源的数据的方法,该方法执行时包括如下步骤:Based on the same technical concept, the embodiment of the present invention further provides a method for acquiring data of a virtual resource, where the method includes the following steps:
终端向虚拟资源提供方发送虚拟资源请求,其中,终端中发起虚拟资源请求的应用程序的标识信息为虚拟资源请求的原始请求者参数,用于判断应用程序是否有访问被请求的目标虚拟资源的成员资源的权限;The terminal sends a virtual resource request to the virtual resource provider, where the identifier information of the application that initiates the virtual resource request in the terminal is an original requester parameter of the virtual resource request, and is used to determine whether the application has access to the requested target virtual resource. Permissions for member resources;
接收虚拟资源提供方返回的虚拟资源的数据。Receive data of the virtual resource returned by the virtual resource provider.
具体的,终端像虚拟资源提供方发送虚拟资源请求时,在虚拟资源请求中增加原始请求者(cr)参数,用于表示资源的原始请求者,以使接收虚拟资源请求的虚拟资源提供方向相关成员资源提供方发送成员资源请求时,在成 员资源请求中同样增加该原始请求者参数,进而使得各成员资源提供方能够根据原始请求者参数来验证资源的原始请求者是否有访问成员资源的权限,保证数据的安全。Specifically, when the virtual resource provider sends a virtual resource request, the terminal adds an original requester (cr) parameter to the virtual resource request to indicate the original requester of the resource, so that the virtual resource that receives the virtual resource request is provided in a direction-related manner. When a member resource provider sends a member resource request, it is in progress. The original requester parameter is also added in the resource request, so that each member resource provider can verify whether the original requester of the resource has the right to access the member resource according to the original requester parameter, thereby ensuring data security.
为了便于理解本发明实施例提供的技术方案,下面以应用实例进行详细说明。In order to facilitate the understanding of the technical solutions provided by the embodiments of the present invention, the following is a detailed description of the application examples.
应用实例1Application example 1
参照图5a,首先,终端中的应用程序App请求获取虚拟资源VR1,终端根据VR1的标识信息确定出提供VR1的虚拟资源提供方,然后向虚拟资源提供方发送虚拟资源请求(Request1),该虚拟资源请求中包含发起者参数(fr参数)、目标资源参数(to参数),以及虚拟参数(vr参数),其中,fr参数为App的标识信息,to参数为VR1的标识信息,vr参数为空值,表明虚拟资源请求不是通过转发方式发送的。Referring to FIG. 5a, first, the application App in the terminal requests to acquire the virtual resource VR1, and the terminal determines the virtual resource provider that provides the VR1 according to the identification information of the VR1, and then sends a virtual resource request (Request1) to the virtual resource provider, the virtual The resource request includes an initiator parameter (fr parameter), a target resource parameter (to parameter), and a virtual parameter (vr parameter), wherein the fr parameter is the identification information of the App, the to parameter is the identification information of the VR1, and the vr parameter is empty. A value indicating that the virtual resource request was not sent by forwarding.
虚拟资源提供方接收到虚拟资源请求之后,根据虚拟资源请求中的to参数定位出VR1,读取VR1的属性信息确定VR1的成员资源包括Ab1、Ab2,并根据三者的标识信息确定出Ab1、Ab2分别由成员资源提供方1、2提供。After receiving the virtual resource request, the virtual resource provider locates VR1 according to the to parameter in the virtual resource request, reads the attribute information of VR1, determines that the member resources of VR1 include Ab1 and Ab2, and determines Ab1 according to the identification information of the three. Ab2 is provided by member resource providers 1, 2, respectively.
然后,虚拟资源提供方向成员资源提供方1发送成员资源请求(Request2),Request2的to参数为Ab1的标识信息,fr参数为App的标识信息,vr参数为VR1的标识信息。同理,虚拟资源提供方也要向成员资源提供方2发送成员资源请求Request3,在此不再详述。Then, the virtual resource providing direction member resource provider 1 sends a member resource request (Request2), the to parameter of Request2 is the identification information of Ab1, the fr parameter is the identification information of the App, and the vr parameter is the identification information of VR1. Similarly, the virtual resource provider also sends a member resource request Request3 to the member resource provider 2, which will not be described in detail herein.
成员资源提供方1接收成员资源请求后,根据to参数定位Ab1,然后,根据fr参数来验证资源的原始请求者App是否有访问Ab1的权限,在确定App有访问权限之后,根据vr参数确定返回数据的路径,将Ab1的数据返回给虚拟资源提供方。成员资源提供方2响应Request3的方式与之一致,在此不再详述。After receiving the member resource request, the member resource provider 1 locates Ab1 according to the to parameter, and then verifies whether the original requester App of the resource has the right to access Ab1 according to the fr parameter, and determines to return according to the vr parameter after determining that the App has the access right. The path to the data, returning the data of Ab1 to the virtual resource provider. The member resource provider 2 responds to the Request3 in a manner consistent with it, and will not be described in detail herein.
而虚拟资源提供方接收到成员资源提供方1、2返回的数据之后,根据返回的数据进行混聚处理,确定出VR1的数据。然后,根据接收的虚拟资源请求中的fr参数确定出向终端返回数据的路径,将VR1的数据返回给App。 After receiving the data returned by the member resource providers 1, 2, the virtual resource provider performs a hybrid processing according to the returned data to determine the data of the VR1. Then, according to the fr parameter in the received virtual resource request, the path of returning data to the terminal is determined, and the data of VR1 is returned to the App.
可选的,参照图5b,在Ab1本身是一个虚拟资源时,成员资源提供方1在接收成员资源请求之后,根据成员资源请求中的to参数定位出出Ab1,读取Ab1的属性信息,确定Ab1的成员资源为Ab3、Ab4,并根据Ab3、Ab4的标识信息确定所述二者分别由成员资源提供方3、4提供。Optionally, referring to FIG. 5b, when the Ab1 itself is a virtual resource, after receiving the member resource request, the member resource provider 1 locates the Ab1 according to the to parameter in the member resource request, and reads the attribute information of the Ab1 to determine The member resources of Ab1 are Ab3 and Ab4, and it is determined according to the identification information of Ab3 and Ab4 that the two are provided by the member resource providers 3 and 4, respectively.
然后,成员资源提供方1向分别向成员资源提供方3、4发送成员资源请求(分别为Request4、Request5),以向成员资源提供方3发送Request4为例,Request4的to参数为Ab3的标识信息,fr参数为App的标识信息,vr参数为Ab1的标识信息。Then, the member resource provider 1 sends a member resource request (Request4, Request5, respectively) to the member resource provider 3, 4, respectively, to send Request4 to the member resource provider 3 as an example, and the to parameter of Request4 is the identification information of Ab3. The fr parameter is the identification information of the App, and the vr parameter is the identification information of the Ab1.
而虚拟资源提供方3、4响应成员资源请求的方式与成员资源提供方1响应成员资源请求的方式相同,在此不再详述。The virtual resource provider 3, 4 responds to the member resource request in the same manner as the member resource provider 1 responds to the member resource request, and will not be described in detail herein.
可选的,在VR1的成员资源Ab1、Ab2由同一个成员资源提供方提供时,虚拟资源提供方向成员资源提供方发送成员资源请求时,可以发送两条独立的成员资源请求,分别针对Ab1、Ab2,也可以是发送一条成员资源请求,在该成员资源请求中声明要获取Ab1和Ab2。Optionally, when the member resources Ab1 and Ab2 of the VR1 are provided by the same member resource provider, the virtual resource providing direction may send two independent member resource requests to the member resource provider when sending the member resource request, respectively, for the Ab1. Ab2, may also be a request to send a member resource, in which it is declared to acquire Ab1 and Ab2.
应用实例2Application example 2
参照图6a,首先,终端向虚拟资源提供方发送的Request1中,fr参数为App的标识信息,to参数为VR1的标识信息,cr参数为App的标识信息,fr参数与cr参数的值相同。Referring to FIG. 6a, first, in the Request1 sent by the terminal to the virtual resource provider, the fr parameter is the identification information of the App, the to parameter is the identification information of the VR1, the cr parameter is the identification information of the App, and the fr parameter is the same as the value of the cr parameter.
虚拟资源提供方接收到Request1之后,根据Request1中的to参数定位出VR1,读取VR1的属性信息确定VR1的成员资源包括Ab1、Ab2,并根据三者的标识信息确定出Ab1、Ab2分别由成员资源提供方1、2提供。After receiving the Request1, the virtual resource provider locates VR1 according to the to parameter in Request1, reads the attribute information of VR1, determines that the member resources of VR1 include Ab1 and Ab2, and determines that Ab1 and Ab2 are respectively members according to the identification information of the three. Resource providers 1, 2 are provided.
然后,虚拟资源提供方向成员资源提供方1、2发送成员资源请求(分别为Request2、Request3),以发送Request2为例,Request2的to参数为Ab1的标识信息,fr参数为VR1的标识信息,cr参数为App的标识信息。Then, the virtual resource providing direction member resource providers 1, 2 send member resource requests (Request2, Request3 respectively), sending Request2 as an example, the to parameter of Request2 is the identification information of Ab1, and the fr parameter is the identification information of VR1, cr The parameter is the identification information of the App.
成员资源提供方1接收到Request2后,根据Request2中的to参数定位Ab1,然后,根据cr参数来验证资源的原始请求者App是否有访问Ab1的权限,在确定App有访问权限之后,根据fr参数确定返回数据的路径,将Ab1 的数据返回给虚拟资源提供方。成员资源提供方2的响应方式与之相同,在此不再详述。After receiving the Request2, the member resource provider 1 locates Ab1 according to the to parameter in Request2, and then verifies whether the original requester App of the resource has the right to access Ab1 according to the cr parameter, and after determining that the App has the access right, according to the fr parameter Determine the path to return data, will Ab1 The data is returned to the virtual resource provider. The member resource provider 2 responds in the same way and will not be described in detail here.
而虚拟资源提供方接收到成员资源提供方1、2返回的数据之后,根据返回的数据进行混聚处理,确定出VR1的数据。然后,根据接收的Request1中的fr参数确定出向终端返回数据的路径,将VR1的数据返回给App。After receiving the data returned by the member resource providers 1, 2, the virtual resource provider performs a hybrid processing according to the returned data to determine the data of the VR1. Then, according to the fr parameter in the received Request1, the path for returning data to the terminal is determined, and the data of VR1 is returned to the App.
可选的,参照图6b,在Ab1本身是一个虚拟资源时,成员资源提供方1在接收Request2之后,根据Request2中的to参数定位出出Ab1,读取Ab1的属性信息,确定Ab1的成员资源为Ab3、Ab4,并根据Ab3、Ab4的标识信息确定所述二者分别由成员资源提供方3、4提供。Optionally, referring to FIG. 6b, when the Ab1 itself is a virtual resource, after receiving the Request2, the member resource provider 1 locates the Ab1 according to the to parameter in the Request2, reads the attribute information of the Ab1, and determines the member resources of the Ab1. It is Ab3, Ab4, and according to the identification information of Ab3 and Ab4, the two are respectively provided by the member resource providers 3, 4.
然后,成员资源提供方1向分别向成员资源提供方3、4发送成员资源请求(分别为Request4、Request5,以向成员资源提供方3发送Request4为例,Request4的to参数为Ab3的标识信息,fr参数为Ab1的标识信息,cr参数为App的标识信息。Then, the member resource provider 1 sends a member resource request to the member resource providers 3 and 4 respectively (Request4, Request5, respectively, to send Request4 to the member resource provider 3 as an example, and the to parameter of Request4 is the identification information of Ab3, The fr parameter is the identification information of Ab1, and the cr parameter is the identification information of the App.
而虚拟资源提供方3、4响应成员资源请求的方式与成员资源提供方1响应成员资源请求的方式相同,在此不再详述。The virtual resource provider 3, 4 responds to the member resource request in the same manner as the member resource provider 1 responds to the member resource request, and will not be described in detail herein.
基于相同的技术构思,本发明实施例还提供了一种获取成员资源的数据的装置300,参照图7,装置300包括:Based on the same technical concept, the embodiment of the present invention further provides an apparatus 300 for acquiring data of a member resource. Referring to FIG. 7, the apparatus 300 includes:
第一接收模块301,用于接收终端发送的虚拟资源请求,虚拟资源请求包含终端中发起虚拟资源请求的应用程序的标识信息,以及应用程序所请求的目标虚拟资源的标识信息;The first receiving module 301 is configured to receive a virtual resource request sent by the terminal, where the virtual resource request includes identifier information of the application that initiates the virtual resource request in the terminal, and identifier information of the target virtual resource requested by the application;
确定模块302,用于根据目标虚拟资源的标识信息定位目标虚拟资源,并根据目标虚拟资源的属性信息确定提供目标虚拟资源的成员资源的成员资源提供方;The determining module 302 is configured to locate the target virtual resource according to the identification information of the target virtual resource, and determine, according to the attribute information of the target virtual resource, a member resource provider that provides the member resource of the target virtual resource;
发送模块303,用于向成员资源提供方发送成员资源请求;The sending module 303 is configured to send a member resource request to the member resource provider.
第二接收模块304,用于接收成员资源提供方根据成员资源请求包含的目标虚拟资源的标识信息以及应用程序的标识信息,返回的成员资源的数据。The second receiving module 304 is configured to receive, by the member resource provider, the data of the returned member resource according to the identifier information of the target virtual resource included in the member resource request and the identifier information of the application.
可选的,发送模块303发送的成员资源请求的参数包括发起者参数以及 虚拟参数;其中,发起者参数为应用程序的标识信息,用于使成员资源提供方判断应用程序是否有访问成员资源的权限;虚拟参数为目标虚拟资源的标识信息,用于使成员资源提供方确定向虚拟资源提供方返回数据的路径。Optionally, the parameter of the member resource request sent by the sending module 303 includes an initiator parameter and a virtual parameter, where the initiator parameter is the identification information of the application, and is used to enable the member resource provider to determine whether the application has the right to access the member resource; the virtual parameter is the identification information of the target virtual resource, and is used to enable the member resource provider. Determine the path to return data to the virtual resource provider.
可选的,发送模块303发送的成员资源请求的参数包括发起者参数以及原始请求者参数;其中,发起者参数为目标虚拟资源的标识信息,用于使成员资源提供方确定向虚拟资源提供方返回数据的路径;原始请求者参数为应用程序的标识信息,用于使成员资源提供方判断应用程序是否有访问成员资源的权限。Optionally, the parameter of the member resource request sent by the sending module 303 includes an initiator parameter and an original requester parameter. The initiator parameter is identifier information of the target virtual resource, and is used to enable the member resource provider to determine the virtual resource provider. Returns the path of the data; the original requester parameter is the identification information of the application, which is used to enable the member resource provider to determine whether the application has permission to access the member resources.
可选的,装置300还包括:Optionally, the device 300 further includes:
第二确定模块,用于根据接收的成员资源的数据确定出目标虚拟资源对应的数据;a second determining module, configured to determine, according to data of the received member resources, data corresponding to the target virtual resource;
第二发送模块,用于向终端返回确定出的目标虚拟资源对应的数据。The second sending module is configured to return, to the terminal, data corresponding to the determined target virtual resource.
本实施例中的装置300与图3对应的方法是基于同一发明构思下的两个方面,在前面已经对方法的实施过程作了详细的描述,所以本领域技术人员可根据前述描述清楚地了解本实施例中的装置300的结构及实施过程,为了说明书的简洁,在此就不再赘述了。The method corresponding to FIG. 3 in the embodiment of the present invention is based on two aspects of the same inventive concept. The implementation process of the method has been described in detail above, so that those skilled in the art can clearly understand according to the foregoing description. The structure and implementation process of the device 300 in this embodiment are not described herein for the sake of brevity of the description.
基于相同的技术构思,本发明实施例还提供了一种响应成员资源请求的装置400,参照图8,装置400包括:Based on the same technical concept, the embodiment of the present invention further provides an apparatus 400 for responding to a member resource request. Referring to FIG. 8, the apparatus 400 includes:
接收模块401,用于接收虚拟资源提供方发送的成员资源请求;The receiving module 401 is configured to receive a member resource request sent by the virtual resource provider.
鉴权模块402,用于从成员资源请求中获取作为资源原始请求者的应用程序的标识信息,并根据应用程序的标识信息确定应用程序有访问成员资源的权限;The authentication module 402 is configured to obtain, from the member resource request, identifier information of the application that is the resource original requester, and determine, according to the identifier information of the application, that the application has the right to access the member resource;
发送模块403,用于从成员资源请求中获取目标虚拟资源的标识信息,并根据目标虚拟资源的标识信息确定向虚拟资源提供方返回数据的路径,并根据确定出的路径返回成员资源的数据。The sending module 403 is configured to obtain the identifier information of the target virtual resource from the member resource request, and determine a path for returning data to the virtual resource provider according to the identifier information of the target virtual resource, and return data of the member resource according to the determined path.
可选的,鉴权模块402具体用于:获取成员资源请求中的发起者参数的值,将发起者参数的值作为应用程序的标识信息; Optionally, the authentication module 402 is specifically configured to: obtain a value of an initiator parameter in the member resource request, and use a value of the initiator parameter as the identifier information of the application;
发送模块403具体用于:获取成员资源请求中的虚拟参数的值,将虚拟参数的值作为目标虚拟资源的标识信息。The sending module 403 is specifically configured to: obtain a value of the virtual parameter in the member resource request, and use the value of the virtual parameter as the identifier information of the target virtual resource.
可选的,鉴权模块402具体用于:获取成员资源请求中的原始请求者参数的值,将原始请求者参数的值作为应用程序的标识信息;Optionally, the authentication module 402 is specifically configured to: obtain the value of the original requester parameter in the member resource request, and use the value of the original requester parameter as the identification information of the application;
发送模块403具体用于:获取成员资源请求中的发起者参数的值,将发起者参数的值作为目标虚拟资源的标识信息。The sending module 403 is specifically configured to: obtain the value of the initiator parameter in the member resource request, and use the value of the initiator parameter as the identifier information of the target virtual resource.
可选的,鉴权模块402还用于:根据目标虚拟资源的标识信息确定目标虚拟资源是否有访问成员资源的权限。Optionally, the authentication module 402 is further configured to: determine, according to the identifier information of the target virtual resource, whether the target virtual resource has the right to access the member resource.
发送模块403具体用于:在鉴权结果表明目标虚拟资源与应用程序均具有访问成员资源的权限时,从成员资源请求中获取目标虚拟资源的标识信息,并根据目标虚拟资源的标识信息确定向虚拟资源提供方返回数据的路径,并根据确定出的路径返回成员资源的数据。The sending module 403 is specifically configured to: when the authentication result indicates that the target virtual resource and the application have the right to access the member resource, obtain the identifier information of the target virtual resource from the member resource request, and determine the direction according to the identifier information of the target virtual resource. The virtual resource provider returns the path of the data and returns the data of the member resource according to the determined path.
本实施例中的装置400与图4对应的方法是基于同一发明构思下的两个方面,在前面已经对方法的实施过程作了详细的描述,所以本领域技术人员可根据前述描述清楚地了解本实施例中的装置400的结构及实施过程,为了说明书的简洁,在此就不再赘述了。The method of the device 400 in this embodiment and the method corresponding to FIG. 4 are based on two aspects under the same inventive concept. The implementation process of the method has been described in detail above, so that those skilled in the art can clearly understand according to the foregoing description. The structure and implementation process of the device 400 in this embodiment are not described herein for the sake of brevity of the description.
基于相同的技术构思,本发明实施例还包括一种获取成员资源的数据的设备500,参照图9,设备500包括:总线501、以及连接到总线501的处理器502、存储单元503、接口504。Based on the same technical concept, the embodiment of the present invention further includes an apparatus 500 for acquiring data of a member resource. Referring to FIG. 9, the apparatus 500 includes: a bus 501, and a processor 502, a storage unit 503, and an interface 504 connected to the bus 501. .
其中,接口504用于接收终端发送的虚拟资源请求,虚拟资源请求包含终端中发起虚拟资源请求的应用程序的标识信息,以及应用程序所请求的目标虚拟资源的标识信息;The interface 504 is configured to receive a virtual resource request sent by the terminal, where the virtual resource request includes identifier information of the application that initiates the virtual resource request in the terminal, and identifier information of the target virtual resource requested by the application;
存储单元503用于存储指令;The storage unit 503 is configured to store an instruction;
处理器502用于执行存储单元503存储的指令,根据目标虚拟资源的标识信息定位目标虚拟资源,并根据目标虚拟资源的属性信息确定提供目标虚拟资源的成员资源的成员资源提供方;控制接口504向成员资源提供方发送成员资源请求;以及控制接口504接收成员资源提供方根据成员资源请求包 含的目标虚拟资源的标识信息以及应用程序的标识信息,返回的成员资源的数据。The processor 502 is configured to execute an instruction stored by the storage unit 503, locate the target virtual resource according to the identification information of the target virtual resource, and determine a member resource provider that provides the member resource of the target virtual resource according to the attribute information of the target virtual resource; the control interface 504 Sending a member resource request to the member resource provider; and the control interface 504 receives the member resource provider according to the member resource request packet The identification information of the target virtual resource and the identification information of the application, and the data of the returned member resource.
可选的,处理器502还用于:根据接收的成员资源的数据确定出目标虚拟资源对应的数据;并控制接口向终端返回确定出的目标虚拟资源对应的数据。Optionally, the processor 502 is further configured to: determine data corresponding to the target virtual resource according to the received data of the member resource; and control the interface to return the data corresponding to the determined target virtual resource to the terminal.
本实施例中的设备500与图3对应的方法是基于同一发明构思下的两个方面,在前面已经对方法的实施过程作了详细的描述,所以本领域技术人员可根据前述描述清楚地了解本实施例中的设备500的结构及实施过程,为了说明书的简洁,在此就不再赘述了。The method of the device 500 in this embodiment and the method corresponding to FIG. 3 are based on two aspects under the same inventive concept. The implementation process of the method has been described in detail above, so that those skilled in the art can clearly understand according to the foregoing description. The structure and implementation process of the device 500 in this embodiment are not described herein for the sake of brevity of the description.
基于相同的技术构思,本发明实施例还提供了一种响应成员资源请求的设备600,参照图10,设备600包括:总线601、以及连接到总线的处理器602、存储单元603、接口604。Based on the same technical concept, the embodiment of the present invention further provides a device 600 for responding to a member resource request. Referring to FIG. 10, the device 600 includes a bus 601, and a processor 602, a storage unit 603, and an interface 604 connected to the bus.
其中,接口604用于接收虚拟资源提供方发送的成员资源请求;存储单元603用于存储指令。The interface 604 is configured to receive a member resource request sent by the virtual resource provider, and the storage unit 603 is configured to store the instruction.
处理器602用于执行存储单元603存储的指令,从成员资源请求中获取作为资源原始请求者的应用程序的标识信息,并根据应用程序的标识信息确定应用程序有访问成员资源的权限;从成员资源请求中获取目标虚拟资源的标识信息,并根据目标虚拟资源的标识信息确定向虚拟资源提供方返回数据的路径,并控制接口604根据确定出的路径返回成员资源的数据。The processor 602 is configured to execute the instruction stored by the storage unit 603, obtain the identification information of the application as the resource original requester from the member resource request, and determine, according to the identification information of the application, the application has the right to access the member resource; The resource request obtains the identification information of the target virtual resource, and determines a path for returning data to the virtual resource provider according to the identification information of the target virtual resource, and the control interface 604 returns the data of the member resource according to the determined path.
可选的,处理器602用于:从成员资源请求中获取作为资源原始请求者的应用程序的标识信息,具体为:获取成员资源请求中的发起者参数的值,将发起者参数的值作为应用程序的标识信息;Optionally, the processor 602 is configured to: obtain the identifier information of the application that is the resource original requester from the member resource request, specifically: obtain the value of the initiator parameter in the member resource request, and use the value of the initiator parameter as Identification information of the application;
处理器602用于:从成员资源请求中获取目标虚拟资源的标识信息,具体为:获取成员资源请求中的虚拟参数的值,将虚拟参数的值作为目标虚拟资源的标识信息。The processor 602 is configured to: obtain the identifier information of the target virtual resource from the member resource request, specifically: obtain the value of the virtual parameter in the member resource request, and use the value of the virtual parameter as the identifier information of the target virtual resource.
可选的,处理器602用于:从成员资源请求中获取作为资源原始请求者的应用程序的标识信息,具体为:获取成员资源请求中的原始请求者参数的 值,将原始请求者参数的值作为应用程序的标识信息;Optionally, the processor 602 is configured to: obtain, from the member resource request, the identifier information of the application that is the original requester of the resource, specifically: acquiring the original requester parameter in the member resource request. Value, the value of the original requester parameter is used as the identification information of the application;
处理器602用于:从成员资源请求中获取目标虚拟资源的标识信息,具体为:获取成员资源请求中的发起者参数的值,将发起者参数的值作为目标虚拟资源的标识信息。The processor 602 is configured to: obtain the identifier information of the target virtual resource from the member resource request, specifically: obtain the value of the initiator parameter in the member resource request, and use the value of the initiator parameter as the identifier information of the target virtual resource.
可选的,处理器602用于:控制接口604根据确定出的路径返回成员资源的数据之前,还用于:根据目标虚拟资源的标识信息确定目标虚拟资源是否有访问成员资源的权限,并在确定目标虚拟资源有访问成员资源的权限时,从成员资源请求中获取目标虚拟资源的标识信息,并根据目标虚拟资源的标识信息确定向虚拟资源提供方返回数据的路径,并控制接口根据确定出的路径返回成员资源的数据。Optionally, the processor 602 is configured to: before the control interface 604 returns the data of the member resource according to the determined path, the method is further configured to: determine, according to the identifier information of the target virtual resource, whether the target virtual resource has the right to access the member resource, and When the target virtual resource has the right to access the member resource, the identifier information of the target virtual resource is obtained from the member resource request, and the path of returning data to the virtual resource provider is determined according to the identifier information of the target virtual resource, and the control interface determines according to the The path returns the data of the member resource.
本实施例中的设备600与图4对应的方法是基于同一发明构思下的两个方面,在前面已经对方法的实施过程作了详细的描述,所以本领域技术人员可根据前述描述清楚地了解本实施例中的设备600的结构及实施过程,为了说明书的简洁,在此就不再赘述了。The method of the device 600 in this embodiment and the method corresponding to FIG. 4 are based on two aspects under the same inventive concept. The implementation process of the method has been described in detail above, so that those skilled in the art can clearly understand according to the foregoing description. The structure and implementation process of the device 600 in this embodiment are not described herein for the sake of brevity of the description.
本发明实施例中提供的一个或多个技术方案,至少具有如下技术效果或优点:One or more technical solutions provided in the embodiments of the present invention have at least the following technical effects or advantages:
本发明实施例提供的技术方案中,虚拟资源提供方向成员资源提供方发送的成员资源请求中同时包含虚拟资源提供方中需要收集成员资源数据的目标虚拟资源的标识信息,以及终端中请求该目标虚拟资源的应用程序的标识信息,使得成员资源提供方既能够根据应用程序的标识信息验证该应用程序是否有访问成员资源的权限,保证数据安全,又能够根据目标虚拟资源的标识信息确定向虚拟资源提供方返回数据的路径,避免直接将数据返回给终端,实现了成员资源数据的安全、有效的收集。In the technical solution provided by the embodiment of the present invention, the member resource request sent by the virtual resource providing direction member resource provider includes the identifier information of the target virtual resource that needs to collect the member resource data in the virtual resource provider, and the target information is requested in the terminal. The identification information of the application of the virtual resource enables the member resource provider to verify whether the application has the right to access the member resource according to the identification information of the application, ensure the data security, and determine the virtual information according to the identification information of the target virtual resource. The resource provider returns the path of the data, avoiding directly returning the data to the terminal, and realizing the safe and effective collection of the member resource data.
本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘 存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware. Moreover, the present invention may employ computer-usable storage media (including but not limited to disks) in one or more of the computer-usable program code embodied therein. The form of a computer program product implemented on a memory, CD-ROM, optical memory, or the like.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (system), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine for the execution of instructions for execution by a processor of a computer or other programmable data processing device. Means for implementing the functions specified in one or more of the flow or in a block or blocks of the flow chart.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
尽管已描述了本发明的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。While the preferred embodiment of the invention has been described, it will be understood that Therefore, the appended claims are intended to be interpreted as including the preferred embodiments and the modifications and
显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。 It is apparent that those skilled in the art can make various modifications and variations to the invention without departing from the spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and modifications of the invention

Claims (18)

  1. 一种获取成员资源数据的方法,其特征在于,包括:A method for obtaining member resource data, comprising:
    虚拟资源提供方接收终端发送的虚拟资源请求,所述虚拟资源请求包含终端中发起所述虚拟资源请求的应用程序的标识信息,以及所述应用程序所请求的目标虚拟资源的标识信息;The virtual resource provider receives the virtual resource request sent by the terminal, where the virtual resource request includes the identifier information of the application that initiates the virtual resource request in the terminal, and the identifier information of the target virtual resource requested by the application;
    虚拟资源提供方根据所述目标虚拟资源的标识信息定位所述目标虚拟资源,并根据所述目标虚拟资源的属性信息确定提供所述目标虚拟资源的成员资源的成员资源提供方;The virtual resource provider locates the target virtual resource according to the identifier information of the target virtual resource, and determines a member resource provider that provides the member resource of the target virtual resource according to the attribute information of the target virtual resource;
    虚拟资源提供方向所述成员资源提供方发送成员资源请求;The virtual resource providing direction sends the member resource request to the member resource provider;
    虚拟资源提供方接收所述成员资源提供方根据所述成员资源请求包含的所述目标虚拟资源的标识信息以及所述应用程序的标识信息,返回的所述成员资源的数据。The virtual resource provider receives the data of the member resource returned by the member resource provider according to the identifier information of the target virtual resource included in the member resource request and the identifier information of the application.
  2. 如权利要求1所述的方法,其特征在于,接收所述成员资源提供方返回的所述成员资源的数据之后,还包括:The method of claim 1, after receiving the data of the member resource returned by the member resource provider, further comprising:
    根据接收的所述成员资源的数据确定出所述目标虚拟资源对应的数据;Determining data corresponding to the target virtual resource according to the received data of the member resource;
    向所述终端返回确定出的所述目标虚拟资源对应的数据。Returning, to the terminal, the determined data corresponding to the target virtual resource.
  3. 一种响应成员资源请求的方法,其特征在于,包括:A method for responding to a member resource request, comprising:
    成员资源提供方接收虚拟资源提供方发送的成员资源请求;The member resource provider receives the member resource request sent by the virtual resource provider;
    从所述成员资源请求中获取作为资源原始请求者的应用程序的标识信息,并根据所述应用程序的标识信息确定所述应用程序有访问成员资源的权限;Obtaining, from the member resource request, identifier information of an application as a resource original requester, and determining, according to the identifier information of the application, that the application has permission to access a member resource;
    从所述成员资源请求中获取目标虚拟资源的标识信息,并根据所述目标虚拟资源的标识信息确定向所述虚拟资源提供方返回数据的路径,并根据确定出的所述路径返回所述成员资源的数据。And obtaining, by the member resource request, identifier information of the target virtual resource, and determining, according to the identifier information of the target virtual resource, a path for returning data to the virtual resource provider, and returning the member according to the determined path. Resource data.
  4. 如权利要求3所述的方法,其特征在于,从所述成员资源请求中获取作为资源原始请求者的应用程序的标识信息,包括: The method of claim 3, wherein the obtaining the identification information of the application as the resource original requester from the member resource request comprises:
    获取所述成员资源请求中的发起者参数的值,将所述发起者参数的值作为所述应用程序的标识信息;Obtaining a value of an initiator parameter in the member resource request, and using a value of the initiator parameter as identifier information of the application;
    所述从所述成员资源请求中获取目标虚拟资源的标识信息,包括:And obtaining the identifier information of the target virtual resource from the member resource request, including:
    获取所述成员资源请求中的虚拟参数的值,将所述虚拟参数的值作为所述目标虚拟资源的标识信息。Obtaining a value of the virtual parameter in the member resource request, and using a value of the virtual parameter as the identifier information of the target virtual resource.
  5. 如权利要求3所述的方法,其特征在于,从所述成员资源请求中获取作为资源原始请求者的应用程序的标识信息,包括:The method of claim 3, wherein the obtaining the identification information of the application as the resource original requester from the member resource request comprises:
    获取所述成员资源请求中的原始请求者参数的值,将所述原始请求者参数的值作为所述应用程序的标识信息;Obtaining a value of the original requester parameter in the member resource request, and using the value of the original requester parameter as the identification information of the application;
    所述从所述成员资源请求中获取目标虚拟资源的标识信息,包括:And obtaining the identifier information of the target virtual resource from the member resource request, including:
    获取所述成员资源请求中的发起者参数的值,将所述发起者参数的值作为所述目标虚拟资源的标识信息。Obtaining a value of an initiator parameter in the member resource request, and using a value of the initiator parameter as identifier information of the target virtual resource.
  6. 如权利要求3-5中任一权利要求所述的方法,其特征在于,在根据确定出的所述路径返回所述成员资源的数据之前,还包括:The method according to any one of claims 3-5, further comprising: before returning the data of the member resource according to the determined path;
    根据所述目标虚拟资源的标识信息确定所述目标虚拟资源是否有访问所述成员资源的权限,并在确定所述目标虚拟资源有访问所述成员资源的权限时,执行所述从所述成员资源请求中获取目标虚拟资源的标识信息,并根据所述目标虚拟资源的标识信息确定向所述虚拟资源提供方返回数据的路径,并根据确定出的所述路径返回所述成员资源的数据的步骤。Determining, according to the identifier information of the target virtual resource, whether the target virtual resource has the right to access the member resource, and executing the slave member when determining that the target virtual resource has the right to access the member resource And obtaining, by the resource request, the identifier information of the target virtual resource, and determining, according to the identifier information of the target virtual resource, a path for returning data to the virtual resource provider, and returning data of the member resource according to the determined path. step.
  7. 一种获取成员资源数据的装置,其特征在于,包括:An apparatus for acquiring member resource data, comprising:
    第一接收模块,用于接收终端发送的虚拟资源请求,所述虚拟资源请求包含终端中发起所述虚拟资源请求的应用程序的标识信息,以及所述应用程序所请求的目标虚拟资源的标识信息;a first receiving module, configured to receive a virtual resource request sent by the terminal, where the virtual resource request includes identifier information of an application that initiates the virtual resource request in the terminal, and identifier information of the target virtual resource requested by the application ;
    确定模块,用于根据所述目标虚拟资源的标识信息定位所述目标虚拟资源,并根据所述目标虚拟资源的属性信息确定提供所述目标虚拟资源的成员资源的成员资源提供方;a determining module, configured to locate the target virtual resource according to the identifier information of the target virtual resource, and determine, according to the attribute information of the target virtual resource, a member resource provider that provides a member resource of the target virtual resource;
    发送模块,用于向所述成员资源提供方发送成员资源请求; a sending module, configured to send a member resource request to the member resource provider;
    第二接收模块,用于接收所述成员资源提供方根据所述成员资源请求包含的所述目标虚拟资源的标识信息以及所述应用程序的标识信息,返回的所述成员资源的数据。And a second receiving module, configured to receive, by the member resource provider, data of the member resource returned according to the identifier information of the target virtual resource included in the member resource request and the identifier information of the application.
  8. 如权利要求7所述的装置,其特征在于,还包括:The device of claim 7 further comprising:
    第二确定模块,用于根据接收的所述成员资源的数据确定出所述目标虚拟资源对应的数据;a second determining module, configured to determine, according to the received data of the member resource, data corresponding to the target virtual resource;
    第二发送模块,用于向所述终端返回确定出的所述目标虚拟资源对应的数据。And a second sending module, configured to return, to the terminal, the determined data corresponding to the target virtual resource.
  9. 一种响应成员资源请求的装置,其特征在于,包括:An apparatus for responding to a member resource request, comprising:
    接收模块,用于接收虚拟资源提供方发送的成员资源请求;a receiving module, configured to receive a member resource request sent by the virtual resource provider;
    鉴权模块,用于从所述成员资源请求中获取作为资源原始请求者的应用程序的标识信息,并根据所述应用程序的标识信息确定所述应用程序有访问成员资源的权限;An authentication module, configured to obtain, from the member resource request, identifier information of an application that is a resource original requester, and determine, according to the identifier information of the application, that the application has permission to access a member resource;
    发送模块,用于从所述成员资源请求中获取目标虚拟资源的标识信息,并根据所述目标虚拟资源的标识信息确定向所述虚拟资源提供方返回数据的路径,并根据确定出的所述路径返回所述成员资源的数据。a sending module, configured to obtain, from the member resource request, identifier information of the target virtual resource, and determine, according to the identifier information of the target virtual resource, a path for returning data to the virtual resource provider, according to the determined The path returns data for the member resource.
  10. 如权利要求9所述的装置,其特征在于,所述鉴权模块具体用于:获取所述成员资源请求中的发起者参数的值,将所述发起者参数的值作为所述应用程序的标识信息;The device according to claim 9, wherein the authentication module is specifically configured to: acquire a value of an initiator parameter in the member resource request, and use a value of the initiator parameter as the application Identification information;
    所述发送模块具体用于:获取所述成员资源请求中的虚拟参数的值,将所述虚拟参数的值作为所述目标虚拟资源的标识信息。The sending module is specifically configured to: obtain a value of the virtual parameter in the member resource request, and use the value of the virtual parameter as the identifier information of the target virtual resource.
  11. 如权利要求9所述的装置,其特征在于,所述鉴权模块具体用于:获取所述成员资源请求中的原始请求者参数的值,将所述原始请求者参数的值作为所述应用程序的标识信息;The device according to claim 9, wherein the authentication module is specifically configured to: acquire a value of an original requester parameter in the member resource request, and use a value of the original requester parameter as the application Identification information of the program;
    所述发送模块具体用于:获取所述成员资源请求中的发起者参数的值,将所述发起者参数的值作为所述目标虚拟资源的标识信息。The sending module is specifically configured to: obtain a value of an initiator parameter in the member resource request, and use a value of the initiator parameter as identifier information of the target virtual resource.
  12. 如权利要求9-11中任一权利要求所述的装置,其特征在于,所述鉴 权模块还用于:根据所述目标虚拟资源的标识信息确定所述目标虚拟资源是否有访问所述成员资源的权限。Apparatus according to any of claims 9-11, wherein said The weight module is further configured to: determine, according to the identifier information of the target virtual resource, whether the target virtual resource has the right to access the member resource.
  13. 一种获取成员资源数据的设备,其特征在于,包括:A device for acquiring member resource data, comprising:
    接口,用于接收终端发送的虚拟资源请求,所述虚拟资源请求包含终端中发起所述虚拟资源请求的应用程序的标识信息,以及所述应用程序所请求的目标虚拟资源的标识信息;An interface, configured to receive a virtual resource request sent by the terminal, where the virtual resource request includes identifier information of an application that initiates the virtual resource request in the terminal, and identifier information of the target virtual resource requested by the application;
    存储单元,用于存储指令;a storage unit for storing instructions;
    处理器,分别与所述接口、所述存储单元连接,用于执行所述指令,根据所述目标虚拟资源的标识信息定位所述目标虚拟资源,并根据所述目标虚拟资源的属性信息确定提供所述目标虚拟资源的成员资源的成员资源提供方;控制所述接口向所述成员资源提供方发送成员资源请求;以及控制所述接口接收所述成员资源提供方根据所述成员资源请求包含的所述目标虚拟资源的标识信息以及所述应用程序的标识信息,返回的所述成员资源的数据。And the processor is configured to be configured to execute the instruction, locate the target virtual resource according to the identifier information of the target virtual resource, and determine to provide according to the attribute information of the target virtual resource. a member resource provider of the member resource of the target virtual resource; controlling the interface to send a member resource request to the member resource provider; and controlling the interface to receive the member resource provider according to the member resource request The identification information of the target virtual resource and the identification information of the application, and the returned data of the member resource.
  14. 如权利要求13所述的设备,其特征在于,所述处理器还用于:根据接收的所述成员资源的数据确定出所述目标虚拟资源对应的数据;并控制所述接口向所述终端返回确定出的所述目标虚拟资源对应的数据。The device according to claim 13, wherein the processor is further configured to: determine data corresponding to the target virtual resource according to the received data of the member resource; and control the interface to the terminal Returning the determined data corresponding to the target virtual resource.
  15. 一种响应成员资源请求的设备,其特征在于,包括:A device for responding to a member resource request, comprising:
    接口,用于接收虚拟资源提供方发送的成员资源请求;An interface, configured to receive a member resource request sent by a virtual resource provider;
    存储单元,用于存储指令;a storage unit for storing instructions;
    处理器,分别与所述接口、所述存储单元相连,用于执行所述指令,从所述成员资源请求中获取作为资源原始请求者的应用程序的标识信息,并根据所述应用程序的标识信息确定所述应用程序有访问成员资源的权限;从所述成员资源请求中获取目标虚拟资源的标识信息,并根据所述目标虚拟资源的标识信息确定向所述虚拟资源提供方返回数据的路径,并控制所述接口根据确定出的所述路径返回所述成员资源的数据。The processor is connected to the interface and the storage unit, respectively, for executing the instruction, acquiring identifier information of an application as a resource original requester from the member resource request, and according to the identifier of the application Determining, by the information, that the application has the right to access the member resource, obtaining the identifier information of the target virtual resource from the member resource request, and determining, according to the identifier information of the target virtual resource, a path for returning data to the virtual resource provider. And controlling the interface to return data of the member resource according to the determined path.
  16. 如权利要求15所述的设备,其特征在于,所述处理器用于:从所述成员资源请求中获取作为资源原始请求者的应用程序的标识信息,具体为: 获取所述成员资源请求中的发起者参数的值,将所述发起者参数的值作为所述应用程序的标识信息;The device according to claim 15, wherein the processor is configured to: obtain, from the member resource request, identification information of an application that is a resource original requester, specifically: Obtaining a value of an initiator parameter in the member resource request, and using a value of the initiator parameter as identifier information of the application;
    所述处理器用于:从所述成员资源请求中获取目标虚拟资源的标识信息,具体为:获取所述成员资源请求中的虚拟参数的值,将所述虚拟参数的值作为所述目标虚拟资源的标识信息。The processor is configured to: obtain the identifier information of the target virtual resource from the member resource request, specifically: obtain a value of the virtual parameter in the member resource request, and use the value of the virtual parameter as the target virtual resource Identification information.
  17. 如权利要求15所述的设备,其特征在于,所述处理器用于:从所述成员资源请求中获取作为资源原始请求者的应用程序的标识信息,具体为:获取所述成员资源请求中的原始请求者参数的值,将所述原始请求者参数的值作为所述应用程序的标识信息;The device according to claim 15, wherein the processor is configured to: obtain, from the member resource request, identification information of an application as a resource original requester, specifically: acquiring the member resource request a value of the original requester parameter, the value of the original requester parameter is used as identification information of the application;
    所述处理器用于:从所述成员资源请求中获取目标虚拟资源的标识信息,具体为:获取所述成员资源请求中的发起者参数的值,将所述发起者参数的值作为所述目标虚拟资源的标识信息。The processor is configured to: obtain the identifier information of the target virtual resource from the member resource request, specifically: obtain the value of the initiator parameter in the member resource request, and use the value of the initiator parameter as the target Identification information of the virtual resource.
  18. 如权利要求15-17中任一权利要求所述的设备,其特征在于,所述处理器用于:控制所述接口根据确定出的所述路径返回所述成员资源的数据之前,还用于:根据所述目标虚拟资源的标识信息确定所述目标虚拟资源是否有访问所述成员资源的权限,并在确定所述目标虚拟资源有访问所述成员资源的权限时,从所述成员资源请求中获取目标虚拟资源的标识信息,并根据所述目标虚拟资源的标识信息确定向所述虚拟资源提供方返回数据的路径,并控制所述接口根据确定出的所述路径返回所述成员资源的数据。 The device according to any one of claims 15-17, wherein the processor is configured to: before the controlling the interface returns the data of the member resource according to the determined path, further: Determining, according to the identifier information of the target virtual resource, whether the target virtual resource has the right to access the member resource, and determining that the target virtual resource has the right to access the member resource, from the member resource request Obtaining identification information of the target virtual resource, and determining a path for returning data to the virtual resource provider according to the identifier information of the target virtual resource, and controlling the interface to return data of the member resource according to the determined path. .
PCT/CN2015/073663 2015-03-04 2015-03-04 Method for obtaining member resource data, and corresponding device and apparatus WO2016138652A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2015/073663 WO2016138652A1 (en) 2015-03-04 2015-03-04 Method for obtaining member resource data, and corresponding device and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2015/073663 WO2016138652A1 (en) 2015-03-04 2015-03-04 Method for obtaining member resource data, and corresponding device and apparatus

Publications (1)

Publication Number Publication Date
WO2016138652A1 true WO2016138652A1 (en) 2016-09-09

Family

ID=56849122

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/073663 WO2016138652A1 (en) 2015-03-04 2015-03-04 Method for obtaining member resource data, and corresponding device and apparatus

Country Status (1)

Country Link
WO (1) WO2016138652A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111080429A (en) * 2018-10-18 2020-04-28 腾讯科技(深圳)有限公司 Virtual resource acquisition method, device and storage medium
CN115474068A (en) * 2022-08-05 2022-12-13 北京达佳互联信息技术有限公司 Virtual resource processing method and device, electronic equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102137105A (en) * 2011-03-11 2011-07-27 华为技术有限公司 Machine-to-machine communication privacy protection method and system, machine-to-machine communication (M2M) service management entity and related equipment
WO2013180356A1 (en) * 2012-05-30 2013-12-05 모다정보통신 주식회사 Method for establishing resource access authorization in m2m communication
CN103548321A (en) * 2011-05-24 2014-01-29 日本电气株式会社 Information processing system, access rights management method, information processing device, and control method and control program therefor

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102137105A (en) * 2011-03-11 2011-07-27 华为技术有限公司 Machine-to-machine communication privacy protection method and system, machine-to-machine communication (M2M) service management entity and related equipment
CN103548321A (en) * 2011-05-24 2014-01-29 日本电气株式会社 Information processing system, access rights management method, information processing device, and control method and control program therefor
WO2013180356A1 (en) * 2012-05-30 2013-12-05 모다정보통신 주식회사 Method for establishing resource access authorization in m2m communication

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111080429A (en) * 2018-10-18 2020-04-28 腾讯科技(深圳)有限公司 Virtual resource acquisition method, device and storage medium
CN115474068A (en) * 2022-08-05 2022-12-13 北京达佳互联信息技术有限公司 Virtual resource processing method and device, electronic equipment and storage medium
CN115474068B (en) * 2022-08-05 2023-12-12 北京达佳互联信息技术有限公司 Virtual resource processing method, device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
US11522865B2 (en) Automated IoT device configuration using user profile
US11063978B2 (en) Protecting personally identifiable information from electronic user devices
JP7474302B2 (en) Automatic service registration in a communications network - Patents.com
KR101741967B1 (en) Method for assigning an agent device from a first device registry to a second device registry
US20180270314A1 (en) Enhanced restful operations
JP2016507823A (en) Method and apparatus for proximity control in a wireless communication system
WO2014069898A1 (en) Method and apparatus for authenticating access authority for specific resource in wireless communication system
WO2019040709A1 (en) Resource link binding management
US20170337088A1 (en) Managing application relationships in machine-to-machine systems
EP3682619B1 (en) Service layer message templates in a communications network
KR102561083B1 (en) Profile-based content and services
CN111131144B (en) IoT (Internet of things) equipment management method, device, server and storage medium
US20210243271A1 (en) Service layer-based methods to enable efficient analytics of iot data
US20230421663A1 (en) Efficient resource representation exchange between service layers
CN115412269A (en) Service processing method, device, server and storage medium
CN105207974A (en) Method for realizing user resource differentiated openness, platform, application and system
JP2021507577A (en) Context-aware authentication for IoT / M2M service layer data or services
JP2015525384A (en) Method and apparatus for media information access control and digital home multimedia system
US20150213138A1 (en) Thing device based on thing searching browser, and mashup method between things
WO2016138652A1 (en) Method for obtaining member resource data, and corresponding device and apparatus
EP3701734B1 (en) Methods to enable data continuity service
CN107018140B (en) Authority control method and system
KR20140121571A (en) System for intergrated authentication, method and apparatus for intergraged authentication thereof
WO2021155529A1 (en) Resource deletion method, apparatus, and device, and storage medium
WO2017181775A1 (en) Distributed authorization management method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15883709

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15883709

Country of ref document: EP

Kind code of ref document: A1