WO2021046782A1 - Access control method, device, and storage medium - Google Patents

Access control method, device, and storage medium Download PDF

Info

Publication number
WO2021046782A1
WO2021046782A1 PCT/CN2019/105474 CN2019105474W WO2021046782A1 WO 2021046782 A1 WO2021046782 A1 WO 2021046782A1 CN 2019105474 W CN2019105474 W CN 2019105474W WO 2021046782 A1 WO2021046782 A1 WO 2021046782A1
Authority
WO
WIPO (PCT)
Prior art keywords
role
access
terminal device
access control
security
Prior art date
Application number
PCT/CN2019/105474
Other languages
French (fr)
Chinese (zh)
Inventor
杨宁
Original Assignee
Oppo广东移动通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Oppo广东移动通信有限公司 filed Critical Oppo广东移动通信有限公司
Priority to CN201980095766.3A priority Critical patent/CN113728600B/en
Priority to PCT/CN2019/105474 priority patent/WO2021046782A1/en
Publication of WO2021046782A1 publication Critical patent/WO2021046782A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present invention relates to the Internet of Things technology, and in particular to an access control method, equipment and storage medium.
  • the equipment involved in the present invention includes at least one of the following: terminal equipment, access equipment and activation equipment.
  • the terminal device can only be configured by one activation tool (Onboarding Tool, OBT), that is, there can only be one device owner, and the security resources such as device configuration resources and certificates in the terminal device can only have one resource.
  • OBT Onboarding Tool
  • the resource owner Since only the resource owner has the authority to configure the corresponding security resources, after a terminal device is configured in a security domain, when it enters another security domain again, it needs to reconfigure the terminal device to communicate with devices in other security domains. In other security domains. In this way, when the terminal device moves in different security domains, it needs to be reconfigured each time.
  • the embodiments of the present invention provide an access control method, equipment, and storage medium, which can avoid repetition of the tedious resource owner's security resource configuration process, and break the access isolation of terminal equipment in different security domains.
  • an embodiment of the present invention provides an access control method, including:
  • the terminal device determines the role of the access device in the security domain in which it is located;
  • the terminal device allows the access device to configure the security resources in the terminal device, and
  • the access control role is a role that is allowed to configure the security resource.
  • an embodiment of the present invention provides an access control method, including:
  • the access device sends the role of the access device to the terminal device in the security domain; when the role of the access device is included in at least one access control role in the access control list of the terminal device, the terminal The device allows the access device to configure the security resource in the terminal device, and the access control role is a role that is allowed to configure the security resource.
  • an embodiment of the present invention provides an access control method, including:
  • the activation device configures an access control list for the terminal device, where the access control list is used in at least one access control role of the access control list including the role of the access device, and the terminal device allows the access device to access the terminal device.
  • the security resource is configured, and the access control role is a role that is allowed to configure the security resource.
  • an embodiment of the present invention provides a terminal device, including:
  • the role determination module is configured to determine the role of the access device in the security domain
  • An authority management module configured to allow the access device to configure the security resources in the terminal device when at least one access control role in the access control list of the terminal device includes the role of the access device,
  • the access control role is a role that is allowed to configure the security resource.
  • an embodiment of the present invention provides an access device, including:
  • the sending module is configured to send the role of the access device to the terminal device in the security domain; when the role of the access device is included in at least one access control role in the access control list of the terminal device,
  • the terminal device allows the access device to configure the security resource in the terminal device, and the access control role is a role that is allowed to configure the security resource.
  • an embodiment of the present invention provides an activation device, and the method includes:
  • the list configuration module is configured to configure an access control list to a terminal device, where the access control list is used in at least one access control role of the access control list including the role of the access device, and the terminal device allows the access device to The security resource in the terminal device is configured, and the access control role is a role that is allowed to configure the security resource.
  • an embodiment of the present invention provides a terminal device, including a processor and a memory for storing a computer program that can run on the processor, wherein the processor is used to execute the above-mentioned terminal when the computer program is running. Steps of the access control method executed by the device.
  • an embodiment of the present invention provides an access device, including a processor and a memory for storing a computer program that can run on the processor, wherein the processor is configured to execute the above-mentioned access when the computer program is running. Steps of the access control method executed by the device.
  • an embodiment of the present invention provides an activation device, including a processor and a memory for storing a computer program that can run on the processor, wherein the processor is used to execute the above activation when the computer program is running. Steps of the access control method executed by the device.
  • an embodiment of the present invention provides a storage medium that stores an executable program, and when the executable program is executed by a processor, the above-mentioned access control method executed by the terminal device is implemented.
  • an embodiment of the present invention provides a storage medium that stores an executable program, and when the executable program is executed by a processor, the access control method executed by the above-mentioned access device is implemented.
  • an embodiment of the present invention provides a storage medium that stores an executable program, and when the executable program is executed by a processor, the above-mentioned access control method executed by the activation device is implemented.
  • the access control method provided by the embodiment of the present invention includes: the terminal device determines the role of the access device in the security domain where it is located; the situation where the role of the access device is included in at least one access control role in the access control list of the terminal device Next, the terminal device allows the access device to configure the secure resources in the terminal device. Since the access control list is set in the terminal device, when the role of the access device is included in at least one role in the access control list that is allowed to configure security resources, it can be considered that the access device has configuration authority to the security resources in the terminal device.
  • the access device is allowed to configure the security resources in the terminal device, so that access devices in different security domains can configure the security resources in the terminal device based on the access control list, which can avoid repeating the tedious configuration process of the resource owner and break the terminal device Access isolation of different security domains.
  • FIG. 1 is a schematic diagram of an optional process for providing role declaration according to an embodiment of the present invention
  • FIG. 2 is a schematic diagram of an optional flow chart of device configuration provided by an embodiment of the present invention.
  • FIG. 3 is an optional structural diagram of the Internet of Things system provided by an embodiment of the present invention.
  • FIG. 4 is an optional structural diagram of the Internet of Things system provided by an embodiment of the present invention.
  • FIG. 5 is an optional flowchart of an access control method provided by an embodiment of the present invention.
  • FIG. 6 is an optional flowchart of an access control method provided by an embodiment of the present invention.
  • FIG. 7 is an optional flowchart of an access control method provided by an embodiment of the present invention.
  • FIG. 8 is an optional flowchart of an access control method provided by an embodiment of the present invention.
  • FIG. 9 is an optional flowchart of an access control method provided by an embodiment of the present invention.
  • FIG. 10 is an optional flowchart of an access control method provided by an embodiment of the present invention.
  • FIG. 11 is a schematic diagram of an optional structure of a terminal device provided by an embodiment of the present invention.
  • FIG. 12 is a schematic diagram of an optional structure of an access device provided by an embodiment of the present invention.
  • FIG. 13 is a schematic diagram of an optional structure of an activation device provided by an embodiment of the present invention.
  • FIG. 14 is a schematic diagram of an optional structure of an electronic device provided by an embodiment of the present invention.
  • resources can be used to express the physical devices of the Internet of Things, as well as information such as the functional services provided by the physical devices of the Internet of Things and the status of the devices.
  • the device that provides the resource is the server, and the device that accesses the resource is the client.
  • the client and server are logical functional entities, and each IoT device can be a client, a server, or both a client and a server.
  • a device such as a light bulb
  • a certain basic function can only be used as a server, and it can be provided to the client for query and control. It does not have the need to control or query other devices.
  • the client uses the certificate to authenticate the server, it can declare one or more roles by using the role certificate to update the server role resource.
  • the role credential must be a certificate credential and should include the certificate chain. The server will verify each certificate chain.
  • the public key used for end-entity authentication must be the same as the public key in all role certificates.
  • the end entity authentication and the distinguished name of the subject in the role certificate must match.
  • the declared role is encoded in the subjectAltName extension of the role certificate.
  • the subjectAltName field can have multiple values, allowing a single role certificate to encode multiple roles applicable to the client. Among them, different roles can be distinguished by different role identifiers, such as: owner, family, guest, etc. Different roles can have different access rights, such as: owner can access terminal equipment With complete control, family members can fully control some of the resources in the terminal, and guests can only access some of the resources in the terminal.
  • Figure 1 shows the interaction process of the client-side role declaration to the server-side, including:
  • step S101 the client sends an update (UPDATE) request to the server.
  • UPDATE update
  • the UPDATE request is sent from the client to the server to partially or completely update the role resources on the server.
  • the Uniform Resource Identifier (URI) is used to identify the name of the resource.
  • the URI can be indicated by the Uniform Resource Location (URL).
  • the URI of the role resource is oic
  • the URL is / oic/sec/roles.
  • the client uses an UPDATE request to write the role information related to the role certificate into the role resource of the device.
  • the resource representation is a snapshot of the attribute.
  • the interaction with resources is realized by exchanging requests and responses that contain resource expressions. For example, a read request is made to a resource, the resource expression can be obtained by responding, and the resource can be updated by updating the resource expression.
  • step S102 the server updates the role resources.
  • the server After the server receives the UPDATE request, the server verifies whether the client sending the request has the authority to update the role resource. Yes, the client will update the role resource information according to the parameters in the UPDATE request.
  • Step S103 the server returns an UPDATE response to the client.
  • the terminal device needs to be activated before it can interact with other terminal devices in the security domain.
  • the first step in activating a terminal device is to configure the ownership of the terminal device.
  • Legitimate users use an Owner Transfer Method (OTM) through OBT to establish ownership of terminal equipment. After the ownership is established, use OBT to configure the terminal device, and finally enable the terminal device to operate normally and interact with other terminal devices.
  • OTM Owner Transfer Method
  • Figure 2 is a schematic diagram of the interactive process of terminal device configuration, as shown in Figure 2, including:
  • Step S201 The OBT discovers terminal devices that need to be configured in the security domain.
  • the discovered device is a new terminal device that needs to be configured without an owner.
  • Step S202 The terminal device returns the owner transfer method it supports to the OBT.
  • step S201 and step S202 are for OBT to discover new equipment and find a suitable owner transfer method.
  • Step S203 The OBT establishes a secure connection with the terminal device according to the owner transfer method supported by the terminal device.
  • step S203 is used to execute the owner's transfer method.
  • Step S204 The OBT configures its own ID in the owner resource of the terminal device.
  • the URL of the owner resource may be /oic/sec/doxm
  • the ID of the OBT may be configured to the device owner identifier (device owneruuid) attribute of the owner resource of the terminal device.
  • Step S204 is used to establish the owner identity of the terminal equipment
  • Step S205 The OBT requests the owner credential type supported by the terminal device.
  • the type of owner's certificate supported by the terminal device may include: symmetric key, asymmetric key, certificate, etc.
  • Step S206 OBT selects a suitable owner certificate.
  • OBT selects a suitable security certificate according to the type of owner certificate supported by the terminal device
  • Step S207 OBT configures the owner's credential.
  • OBT configures the selected owner's credential to the credential resource of the terminal device.
  • the URL of the credential resource of the terminal device can be /oic/sec/cred.
  • Steps S205 to S207 are used to determine whether the terminal device uses symmetric and/or asymmetric credentials used by the device owner.
  • Step S208 OBT allocates the terminal device to the credential management server.
  • CMS Credential Management Service
  • Step S208 is used to add new terminal device information for device management related services.
  • Step S209 OBT configures its own ID to the owner resource of the terminal device.
  • OBT configures OBT as the owner of the owner's resources.
  • OBT can configure its own ID to the owner identification (rowneruuid) attribute of /oic/sec/doxm of the terminal device.
  • Step S2010 The OBT configures the ID of the CMS to the credential resource of the terminal device.
  • OBT sets CMS as the owner of the credential resource. OBT configures the ID of the CMS to the rowneruuid attribute of /oic/sec/cred.
  • step S2011 the OBT configures the CMS credential used to establish a secure connection with the CMS to the credential resource of the terminal device.
  • Steps S209 to S2011 are used to define terminal devices and representative management services, such as CMS credentials and device owners.
  • Step S2012 OBT/CMS changes the state of the terminal device to the service configuration state.
  • Step S2013OBT/CMS configures the credential used to establish a secure LAN connection with other devices to the credential resource of the terminal device.
  • step S2012 and step S2013 the new device is configured using the peer-to-peer credential and the access control policy.
  • Step S2014 OBT/CMS changes the state of the terminal device to a normal working state.
  • Step S2014 enables the terminal device to work normally.
  • the owner credential configured in step S207 is the credential for the interconnection of OBT and the terminal device
  • the CMS credential configured in step S2011 is the credential for the interconnection of the CMS and the terminal device
  • the credential configured in step S2013 is end-to-end (P2P)
  • the credential is the credential for the terminal device to interconnect with other terminal devices in the security domain in the security domain.
  • the structure of the owner's resources can be:
  • the structure of the credential resource can be:
  • OBT means that the activation device is the master of the security domain, and the client and server in the security domain can be configured to communicate with each other.
  • the owners of different security domains are different OBTs.
  • the OBT is the owner of the configured terminal device.
  • the two devices can be interconnected, and it is considered that these devices form a security domain.
  • all devices are configured by the male owner’s mobile phone APP (as OBT), so that the client and server in the home can form a secure domain for establishing a secure communication connection; the neighbor’s network
  • the device in China Interconnection is configured by the neighbor's mobile phone APP (another OBT), which forms another security domain that is different from the security domain of the family.
  • the configuration information of different security domains is independent of each other, and the configuration information of one security domain cannot be used in other security domains. Therefore, access between devices in different security domains is isolated from each other. For example, after the terminal device is configured to the security domain A, the configuration information in the terminal device is the configuration information of the security domain A; when the terminal device enters the security domain B, it passes the configuration information in the security domain A and the device in the security domain B. There is no interconnection and intercommunication between the two; if the terminal device wants to interconnect and interwork with the device in the security domain B, it needs to be re-configured to configure the terminal device in the security domain B.
  • Figure 3 is the establishment of a security domain in a home environment:
  • a client APP is installed in the activation device 301, and the activation device 301 creates terminal devices in a secure domain (such as a home network) and various roles such as the administrator (admin), family member (family), and guest (guest) of each terminal device . That is, the activation device 301 is the OBT of the home network.
  • the activation device 301 discovers and configures light bulb 1, and can control light bulb 1.
  • a client APP is installed in the terminal device 302, and the client APP of the activated device 301 discovers the client APP of the terminal device 302, configures the APP of the terminal device 302, and grants the APP family permission of the terminal device 302, then
  • the terminal device 302 can also control the bulb 1.
  • the activation device 301 can also give the terminal device 302 administrator (admin) authority, and the terminal device 302 can also configure and manage the bulb 1.
  • IoT device such as light bulb 2
  • light bulb 2 For an IoT device, such as light bulb 2, it is configured in the same way as light bulb 1.
  • the terminal device can only be configured by one OBT, that is, there can only be one device owner, and only one resource owner can be used for security resources such as owner resources and credential resources. Since only the resource owner has the authority to configure the corresponding security resources, when a terminal device enters a security domain other than the security domain corresponding to the current device owner, the owner of the other security domain cannot configure the security resources of the terminal device, resulting in the current device It cannot communicate with devices in other security domains.
  • the client APP of the terminal device 302 in Figure 3 is configured by the activated device 301
  • the terminal device 302 enters the office since the owner of the security domain in the office network is the Client APP (OBT) of the activated device Boss, the device is activated
  • the Boss cannot configure the Client APP of the terminal device 302 to enable the terminal device 302 to communicate with the terminal devices in the security domain of the office.
  • the activated device Boss can configure the client APP of the terminal device 302 to realize the terminal device 302 and the devices in the office network If the terminal device 302 enters the home security domain again, it cannot control the devices in the home security domain again and needs to be reconfigured by the activation device 301. In this way, when the terminal device moves in different security domains, it needs to be reconfigured each time, and the user experience is not good.
  • the present invention provides an access control method.
  • the access control entry method of the embodiment of the present invention can be applied to the Internet of Things system 400 shown in FIG. 4, including: activation device 401, credential management server 402, and terminal device 403- 1.
  • the activation device 401 and the credential management server 402 belong to the same security domain: security domain 1, and the activation device 404 and the credential management server 405 belong to the same security domain: security domain 2.
  • the activation device 401 is the OBT of the security domain 1, that is, the owner, and the credential management server 402 manages and configures the credential of the device in the security domain 1.
  • the activation device 404 is the OBT of the network 2, that is, the owner, and the credential management server 405 manages and configures the credential of each device in the secure domain 2.
  • the activation device 401 configures the terminal device 403-1 or the terminal device 403-2 so that the terminal device 403-1 or the terminal device 403-2 Enter security zone 1.
  • the terminal device 403-2 and the terminal device 403-1 can communicate with each other.
  • the activation device 401, terminal device 403-1, and terminal device 403-2 may refer to access terminals, user equipment (UE), user units, user stations, mobile stations, mobile stations, remote stations, remote terminals, and mobile devices. , User terminal, terminal, wireless communication equipment, user agent or user device.
  • the access terminal can be a cellular phone, a cordless phone, a Session Initiation Protocol (SIP) phone, a wireless local loop (Wireless Local Loop, WLL) station, a personal digital processing (Personal Digital Assistant, PDA), with wireless communication Functional handheld devices, computing devices or other processing devices connected to wireless modems, in-vehicle devices, wearable devices, terminal devices in 5G networks, or devices in the future evolution of PLMN, etc.
  • SIP Session Initiation Protocol
  • WLL Wireless Local Loop
  • PDA Personal Digital Assistant
  • Figure 4 exemplarily shows two security domains and two terminal devices.
  • the Internet of Things system 300 may include more than two security domains and more than two terminal devices. There is no restriction, and there is no restriction on the number of terminal devices in a security domain.
  • the security domain 1 and the security domain 2 may belong to the same network, or may belong to different networks.
  • the Internet of Things shown in Figure 4 may also include Internet of Things devices such as sensors, laser scanning systems, and smart home appliances.
  • An optional processing flow of the access control method provided by the embodiment of the present invention, as shown in FIG. 5, includes the following steps:
  • Step S501 The terminal device determines the role of the access device in the security domain where it is located.
  • the security domain where the terminal device is located is an already entered security domain.
  • the security domain in which the terminal device is located is a security domain that has not entered but is to be entered.
  • the active device corresponding to the current security domain has configured the terminal device, and the terminal device can communicate with other terminal devices in the current security domain.
  • the security domain in which the terminal device is located is the security domain to be entered as an example
  • the active device corresponding to the current security domain has not configured the terminal device, and the terminal device cannot communicate with other terminal devices in the current security domain.
  • the access device is a device in the security domain where the terminal device is located that requests to configure the security resources in the terminal device, and may be at least one of the following devices in the security domain where the terminal device is located: activation device, CMS, and other terminal devices.
  • step S500 is included.
  • the access device sends the role of the access device to the terminal device.
  • the terminal device receives the role of the access device sent by the access device.
  • the roles of access devices in different security domains are the same.
  • the roles of access devices in different security domains are different.
  • the access device sends a role certificate to the terminal device in the security domain where it is located, and the public field of the role certificate includes the role of the access device.
  • step S501 that the terminal device determines the role of the access device in the security domain includes: the terminal device determines the role of the access device from the public field in the role certificate sent by the access device in the security domain.
  • the role of the access device can be characterized by a role identifier.
  • the roles of different access devices are the same.
  • the roles of access device 1 and access device 2 are both owner.
  • different access devices have different roles.
  • the role of access device 1 is owner1, and the role of access device 2 is owner2.
  • Step S502 In the case that the access control role of the access control list of the terminal device includes the role of the access device, the terminal device allows the access device to configure the security resources in the terminal device.
  • the terminal device After determining the role of the access device, the terminal device queries whether the role of the access device is included in at least one access control role of the access control list (ACL) in the terminal device. If it is included, the access device is allowed to configure the secure resource in the terminal device. If it is not included, the access device is not allowed to configure the secure resource in the terminal device.
  • the access control role is a role that is allowed to configure the security resource
  • the roles in different role certificates may be the same, and the public field of the role certificate indicates the role of the role certificate.
  • the terminal device includes at least one access control list, and one access control list includes one or more access control roles.
  • an access control list may include one or more access control items, one access control item corresponds to one access control role, and different access control items correspond to different or the same access control role.
  • the terminal device includes three access control lists: List 1, List 2, and List 3.
  • the access control role in List 1 is role 1
  • the access control role in List 2 is role 2 and role 3.
  • List The access control role in 3 is role 4.
  • the access device is allowed to configure the security resources in the terminal device.
  • the role of the access device is role 5
  • the security resources in the device are configured.
  • the security resources in the terminal equipment include: owner resources (/oic/sec/doxm), credential resources (/oic/sec/cred), status resources (/oic/sec/pstat) and other terminal equipment
  • owner resources /oic/sec/doxm
  • credential resources /oic/sec/cred
  • status resources /oic/sec/pstat
  • other terminal equipment One or more resources among the resources related to the initial configuration.
  • the owner resource is the resource related to the equipment owner
  • the credential resource is the resource related to the security credential
  • the state resource is the resource related to the configuration state.
  • the access device configures the secure resource to perform operations such as adding, modifying, and deleting information in the secure resource.
  • the credential resource of the terminal device includes: credential 1 for establishing a connection between the terminal device and a refrigerator, and credential 2 for establishing a connection between the terminal device and a TV.
  • the credential management server adds the credential 3 for establishing the connection between the terminal device and the lamp to the credential resource in the terminal device, so that the terminal device can communicate with the refrigerator and washing machine. On the basis of being able to interoperate, it can establish interoperability with the desk lamp.
  • the access list further includes: security resources that are allowed to be accessed corresponding to the access control role; in step S502, the terminal device allows the access device to configure the security resources in the terminal device,
  • the method includes: the terminal device allows the access device to configure a target security resource in the terminal device, and the target security resource is a security resource that is allowed to be accessed corresponding to the role of the access device.
  • the security resources that are allowed to be accessed in the access control list are indicated by the URL.
  • the access control role in the access control list is role 1
  • the security resource that is allowed to access corresponding to role 1 is: URL1.
  • the terminal device allows the access device to access the security indicated by URL1 Resources.
  • the security resources that are allowed to be accessed in the access control list include one or more security resources, and different security resources are indicated by different URLs.
  • the security resources corresponding to the access control roles in each access control item can be different.
  • the access control list further includes: operation authority corresponding to the access control role; correspondingly, in step S502, the terminal device allows the access device to configure the security resources in the terminal device, including: The terminal device allows the access device to perform configuration corresponding to a target operation authority on the secure resources in the terminal device, and the target operation authority is an operation authority corresponding to the role of the access device.
  • Operation permissions include: Create (Create), Retrieve (Retrieve), Update (Update), Delete (Delete), and Notification (Notify), etc., wherein the operation permissions corresponding to the access control role may include one of the above-mentioned operation permissions or Multiple.
  • the terminal device allows the access device to update the secure resources in the terminal device.
  • the access control list includes the following content:
  • the content of an access control list is as follows:
  • the subject corresponding to the access control item includes the access control role of the access control item.
  • the above access control list indicates that the access device with the role of oic.owner.office is allowed to fully control the security resources in the terminal device: /oic/sec/doxm, /oic/sec/cred, and /oic/sec/pstat".
  • the access control lists are the same access control list, and the roles of the different access devices are the same; or for different access devices, the access control lists are different Access control list, and the roles of the different access devices are different.
  • the access control list is the same access control list, and the roles of the access devices in the different security domains are the same, and the access device is a credential management server as an example, the credential management server of security domain 1
  • the roles of credential management server 2 in security domain 1 and security domain 2 are both owner, and the terminal device includes an access control list whose access control role is owner, and then credential management server 1 and credential management server 2 are allowed to perform access to secure resources in the terminal device. Configuration.
  • the access control lists are different access control lists, and the roles of the access devices in different security domains are different, and the access devices are credential management servers as an example, security domain 1 credential management server 1
  • the role of the credential management server 2 in the security domain is owner1, and the role of the credential management server 2 in the security domain 2 is owner2, and the terminal device includes the access control list 1 with the access control role of owner1.
  • the credential management server 1 is allowed to secure the terminal Resources are controlled.
  • the terminal device includes an access control list 2 with an access control role of owner2. Based on the access control list 2, the credential management server 2 is allowed to control the secure resources in the terminal device.
  • some of the access control roles are common roles of multiple different access devices, and some of the access control roles correspond to different access devices.
  • the access control list is preset in the terminal device.
  • the access control list in the terminal device can be preset in the terminal device before leaving the factory. When the terminal device is initialized, the access control list preset in the terminal device will not be cleared.
  • the access control list is configured by the activation device.
  • the activation device includes: an activation device in a security domain where the terminal device is located; or an activation device in a security domain other than the security domain where the terminal device is located.
  • the terminal device When the activation device is an activation device in a security domain other than the security domain in which the terminal device is located, when the terminal device is configured by an activation device in a security domain other than the security domain in which the terminal device is located, the terminal device Configure the access control list.
  • a role is included in the access control role of the access control list in the terminal device, and the activated devices of other security domains no longer configure the access control list of this role in the terminal device configuration access control role, thereby Multiple security domains with the same role can share the same access control list to avoid repeated configuration of the access control list.
  • step S501 the access control list is configured by the active device of the current security domain
  • step S501 the active device configures the access control list to the terminal device.
  • the access control list is used for the at least one access control role of the access control list including the role of the access device, and the terminal device allows the access device to configure the security resources in the terminal device.
  • the access control list further includes at least one of the following: security resources and operation permissions that are allowed to be accessed by the corresponding access control role.
  • step S701 the terminal device authenticates the role certificate of the access device according to the root of trust to confirm the role of the access device.
  • the root of trust includes keys such as the public key for authenticating the role certificate of the access device, and the signature of the role certificate of the access device is verified by the key to verify the legitimacy of the role certificate and confirm the role of the access device .
  • the signature verification of the role certificate of the access device is passed, it means that the certificate authority (Certificate Authority, CA) of the access device and the CA of the terminal device are the same CA or mutually trusted CA, and the role certificate of the access device is legal.
  • CA Certificate Authority
  • the root of trust may also include information used to determine the CA issuing the role certificate, such as a certificate chain.
  • the terminal device verifies the role certificate of the access device according to the root of trust, the CA of the access device is determined.
  • the root of trust is the same root of trust.
  • the roots of trust are different roots of trust.
  • the role certificates of access devices in different security domains are different, and the roles in different role certificates can be the same or different.
  • the access devices in different security domains have the same CA, and the access devices in these different security domains are authenticated through the same root of trust.
  • the access devices in different security domains have different CAs, and the access devices in these different security domains are authenticated through different roots of trust. Access the device for authentication.
  • the root of trust is preset in the terminal device.
  • the root of trust in the terminal device can be preset in the terminal device before leaving the factory. When the terminal device is initialized, the root of trust preset in the terminal device will not be cleared.
  • the root of trust is configured by the activation device.
  • the activation device includes: an activation device in a security domain where the terminal device is located; or an activation device in a security domain other than the security domain where the terminal device is located.
  • the terminal device When the activation device is an activation device in a security domain other than the security domain in which the terminal device is located, when the terminal device is configured by an activation device in a security domain other than the security domain in which the terminal device is located, the terminal device Configure the root of trust.
  • the root of trust for authenticating the access device role certificates of multiple security domains is the same root of trust
  • the activated devices of other security domains no longer report to the terminal device.
  • the same root of trust can be shared, avoiding repeated configuration of the root of trust.
  • step S501 in which the activation device configures the root of trust on the terminal device.
  • the root of trust is used by the terminal device to authenticate the role certificate of the access device to confirm the role of the access device.
  • the method before the terminal device enters the security domain, the method further includes:
  • the terminal device retains the configuration information corresponding to the secure resource; or the terminal device initializes the configuration information corresponding to the secure resource.
  • the configuration information of the security resource is the configuration of the security resource by the access device in the security domain before the terminal device.
  • the terminal device retains the configuration information corresponding to the security resource
  • the terminal device retains the configuration information in the previous security domain, so that when moving from the current security domain to the previous security domain, it can be directly based on the reserved security domain.
  • the configuration information is interconnected with the devices in the previous security domain.
  • the terminal device When the terminal device initializes the configuration information corresponding to the security resource, the terminal device clears the configuration information in the previous security domain and restores the factory settings.
  • the configuration information is mainly the initialization information of security resources such as owner resources, credential resources, and status resources configured in the previous security domain. If the terminal equipment is sold or transferred to others, the information previously configured by the user should be cleared so that the terminal equipment can be restored to an unowned state. The terminal device is not sold or transferred, but only enters a new security domain, and various initialization information configured in the previous security domain can be retained.
  • the reservation condition for the terminal device to reserve the configuration information corresponding to the secure resource includes at least one of the following: receiving a reservation instruction instructing to reserve the configuration information; and not receiving an initialization instructing to initialize the configuration information instruction.
  • the initialization condition for the terminal device to initialize the configuration information corresponding to the secure resource includes at least one of the following: receiving an initialization instruction instructing to initialize the configuration information; and not receiving a reservation instructing to retain the configuration information instruction.
  • the terminal device retains the configuration information by default, and the terminal device may output a prompt whether the configuration information is initialized before entering the security domain.
  • the terminal device In the case of receiving an initialization instruction instructing to initialize the configuration information from a user, initialize the configuration information corresponding to the secure resource; in a case in which an initialization instruction instructing to initialize the configuration information from a user is not received, the The configuration information corresponding to the security resource.
  • the terminal device initializes the configuration information by default, and the terminal device may output a prompt whether the configuration information is retained before entering the security domain.
  • the configuration information corresponding to the secure resource is reserved; in the case of not receiving the reservation instruction of the user instructing to reserve the configuration information, the initialization of the The configuration information corresponding to the security resource.
  • the access control method provided by the embodiment of the present invention includes: the terminal device determines the role of the access device in the security domain where it is located; the situation where the role of the access device is included in at least one access control role in the access control list of the terminal device Next, the terminal device allows the access device to configure the secure resources in the terminal device. Since the access control list is set in the terminal device, when the role of the access device is included in the access control role of the access control list, it can be considered that the access device has the configuration authority to the security resources in the terminal device, and the access device is allowed to control the security resources in the terminal device.
  • the security resources are configured, so that access devices in different security domains configure the security resources in the terminal device based on the access control list, which can avoid repeating the tedious configuration process of the resource owner and break the access isolation of the terminal device in different security domains.
  • the ACL can be preset or configured by the activation device.
  • the access control method provided by the embodiment of the present invention includes The following scenarios:
  • ACL is configured by OBT
  • Scenario 3 TA is configured by OBT, ACL is configured by OBT;
  • TA is configured by OBT and ACL is preset.
  • the role of ACL is to enable it to have corresponding permissions based on the role of the peer device.
  • the ACL sets the required role oic.owner to access credential resources, and the role of CMS must be authenticated as oic.owner to configure credential resources.
  • the role of TA is to authenticate the identity of the role certificate of the CMS.
  • the terminal device uses the TA to verify the legality of the role certificate. If the verification is legal, the device considers the CMS to have the role identity in the role certificate, such as oic.owner.
  • the role authority set by the ACL is oic.owner1
  • the certificate that can be authenticated by the TA is the certificate of the role of oic.owner2.
  • the role identity of oic.owner1 cannot be verified because there is no suitable TA;
  • the CMS holding the role certificate of oic.owner2 is connected, the role identity can be verified, but the ACL does not match , There will be no corresponding configuration permissions. Therefore, ACL and TA have an association relationship (for example, both are associated with oic.owner) to play a role, thereby ensuring the legitimacy of the peer device.
  • the terminal device is a mobile device and the access device is a CMS as an example, and the provided access control method is described through different application scenarios.
  • the access control method provided by the embodiment of the present invention is explained by taking the access device as CMS as an example.
  • the access device is OBT
  • the interaction between OBT and mobile device can refer to CMS. Interaction with mobile devices.
  • the mobile device is preset with an access control list for the role of the owner (oic.owner).
  • the connected peer device that is, the access device
  • the access control list can be configured in the form of ACL resources.
  • the content of ACL security resources includes the following:
  • the above ACL indicates that the peer device whose role is authenticated as oic.owner is allowed to fully control the security resources of the mobile device: "/oic/sec/doxm", “/oic/sec/cred” and "/oic/sec/pstat".
  • Role certificates are preset in OBT and CMS.
  • the public and private key of the role certificate adopts the public and private key of the corresponding device, and the public field of the certificate indicates the role ID of the certificate, such as "oic.owner".
  • the role certificates preset by OBT and CMS in each network adopt the same oic.owner role.
  • the mobile device When the mobile device purchased by the user Dad enters the home network and the office network respectively, the mobile device can be configured to work on the two networks separately. In addition, mobile devices can seamlessly switch after moving from one network to another.
  • Step S801 The mobile device enters the home network.
  • the user Dad makes the mobile device enter the home network, namely network 1.
  • the owner of the home network is Mom's mobile phone APP (OBT)
  • the credential management server in the home network is Home CMS, which is responsible for managing and configuring the credentials of the devices in the home network.
  • step S801 it further includes: step S800: preset ACL.
  • Step S802 The mobile device enters the configuration state.
  • Step S803 The mobile device confirms whether to retain the previous configuration information.
  • the mobile device asks the user Dad through the man-machine interface whether to retain the previous configuration information, and if the user responds with no, all the configuration information needs to be cleared.
  • Step S804 The mobile device clears all configuration information.
  • the user Dad determines not to retain the previous configuration information, and the mobile device clears all configuration information and restores the factory settings.
  • step S805 the OBT of Mom establishes an OTM connection with the mobile device.
  • Step S806 Mom’s OBT configures TA1 to the mobile device.
  • TA1 is used to verify the legality of the role certificate of Home CMS.
  • TA1 is the public key signature certificate of the certification authority CA, from which the CA public key can be extracted to verify the signature of the role certificate.
  • Step S807 The Home CMS establishes a role-based secure connection with the mobile device.
  • the mobile device uses TA1 to authenticate the role certificate of the Home CMS and confirm the identity of the oic.owner role of the Home CMS, thereby establishing a role-based connection with the mobile device.
  • the establishment of a role-based security connection is a connection established using a role certificate, including: the role of the peer device confirmed by the role certificate.
  • a role certificate including: the role of the peer device confirmed by the role certificate.
  • Step S808 The Home CMS configures the security credential Cred1 to the /oic/sec/cred resource of the mobile device.
  • Step S809 The mobile device allows the Home CMS to configure the /oic/sec/cred resource according to the preset ACL and the oic.owner role of the Home CMS.
  • Step S8010 Home CMS configures the mobile device to enter a normal working state.
  • Step S8011 the mobile device enters the office network.
  • the Office CMS manages and configures the credentials of the devices in the office network.
  • Step S8012 the mobile device enters the configuration state.
  • Step S8013 The mobile device confirms whether to retain the previous configuration information.
  • the mobile device asks the user Dad through the man-machine interface whether to retain the previous configuration information, and the user responds yes, and all the configuration information needs to be retained.
  • Step S8014 The mobile device retains the existing configuration information.
  • the mobile device does not clear the configuration information, and allows the establishment of a new OTM connection.
  • Step S8015 the OBT of the Boss establishes an OTM connection with the mobile device.
  • Step S8016 The OBT of the Boss configures TA2 to the mobile device.
  • the OBT of Boss configures the mobile device and writes the role certificate Trust Anchor (TA2) of Office CMS.
  • TA2 is used to verify the legitimacy of the role certificate of Office CMS.
  • the OBT of the Boss completes the OTM configuration, and the mobile device starts to configure the P2P credential with the Office CMS.
  • Step S8017 The Office CMS establishes a role-based secure connection with the mobile device.
  • the Office CMS establishes a role-based connection with the mobile device, and the mobile device uses TA2 to authenticate the role certificate of the Office CMS to confirm the role identity of the oic.owner of the Office CMS.
  • Step S8018 Office CMS configures the security credential Cred2 to the /oic/sec/cred resource of the mobile device.
  • Step S8019 The mobile device allows the configuration of /oic/sec/cred resources according to the preset ACL and the oic.owner role of Office CMS.
  • Step S8020 Office CMS configures the mobile device to enter a normal working state.
  • the mobile device of the user Dad can be interconnected with other smart devices in the security domain of the office network to realize various intelligent scenarios.
  • the mobile device is connected to the home network and can be interconnected with other smart devices in the security domain of the home to realize various intelligent scenarios.
  • the mobile device does not preset the ACL access control list for the owner role (oic.owner).
  • OBT and CMS have pre-built role certificates.
  • the public and private key of the role certificate adopts the public and private key of the corresponding device, and the public field of the certificate indicates the role ID of the certificate, such as "oic.owner".
  • the role certificate preset by Mom’s OBT and Home CMS corresponds to the role of oic.owner.home, that is, the role ID of the certificate is indicated as oic.owner.home in the certificate public field.
  • the role certificate preset by Boss OBT and Boss CMS corresponds to the role of oic.owner.office, that is, the role ID of the certificate is indicated as oic.owner.office in the certificate public field.
  • the mobile device When the mobile device purchased by the user Dad enters the home network and the office network respectively, the mobile device can be configured to work on the two networks separately. In addition, mobile devices can seamlessly switch after moving from one network to another.
  • Step S901 The mobile device enters the home network.
  • the user Dad makes the mobile device enter the home network, namely network 1.
  • the owner of the home network is Mom’s mobile phone APP (OBT)
  • the credential management server in the home network is Home CMS, which is responsible for managing and configuring the credentials of the devices in the home network.
  • Step S902 The mobile device enters a configuration state.
  • Step S903 The mobile device confirms whether to retain the previous configuration information.
  • the mobile device asks the user Dad through the man-machine interface whether to retain the previous configuration information, and if the user responds with no, all the configuration information needs to be cleared.
  • Step S904 The mobile device clears all configuration information.
  • the user Dad determines not to retain the previous configuration information, and the mobile device clears all configuration information and restores the factory settings.
  • Step S905 Mom's OBT establishes an OTM connection with the mobile device.
  • Step S906 Mom’s OBT configures TA1 and ACL1 to the mobile device.
  • TA1 is used to verify the legality of the role certificate of Home CMS.
  • TA1 is the public key signature certificate of the certification authority CA, from which the CA public key can be extracted to verify the signature of the role certificate.
  • ACL1 is the peer device that authenticates the role of oic.owner and is allowed to fully control the local "/oic/sec/doxm", “/oic/sec/cred” and "/oic/sec/pstat" resources.
  • ACL1 is:
  • Step S907 The Home CMS establishes a role-based secure connection with the mobile device.
  • the Home CMS establishes a role-based connection with the mobile device.
  • the mobile device uses TA1 to authenticate the role certificate of the Home CMS to confirm the role identity of the oic.owner.home of the Home CMS.
  • Step S908 The Home CMS configures the security credential Cred1 to the /oic/sec/cred resource of the mobile device.
  • Step S909 The mobile device allows the Home CMS to configure the /oic/sec/cred resource according to the configured ACL and the oic.owner.home role of the Home CMS.
  • Step S9010 Home CMS configures the mobile device to enter a normal working state.
  • Step S9011 the mobile device enters the office network.
  • the Office CMS manages and configures the credentials of the devices in the office network.
  • Step S9012 the mobile device enters the configuration state.
  • Step S9013 The mobile device confirms whether to retain the previous configuration information.
  • the mobile device asks the user Dad through the man-machine interface whether to retain the previous configuration information, and the user responds yes, and all the configuration information needs to be retained.
  • Step S9014 The mobile device retains the existing configuration information.
  • the user Dad confirms to keep the previous configuration information, and the mobile device does not clear the configuration information, allowing the establishment of a new OTM connection.
  • Step S9015 the OBT of the Boss establishes an OTM connection with the mobile device.
  • Step S9016 The OBT of the Boss configures TA2 and ACL2 to the mobile device.
  • the OBT of Boss configures the mobile device and writes the Trust Anchor (TA2) and ACL2 of the role certificate of Office CMS.
  • the TA2 is used to verify the legality of the role certificate of Home CMS.
  • TA2 is the public key signature certificate of the certification authority CA, from which the CA public key can be extracted to verify the signature of the role certificate.
  • ACL2 authenticates the peer device with the role of oic.owner and is allowed to fully control the "/oic/sec/doxm", "/oic/sec/cred” and "/oic/sec/pstat" resources of the machine.
  • ACL2 is:
  • the OBT of the Boss completes the OTM configuration, and the mobile device starts to configure the P2P credential with the Office CMS.
  • Step S9017 The Office CMS establishes a role-based secure connection with the mobile device.
  • the Office CMS establishes a role-based connection with the mobile device.
  • the mobile device uses TA2 to authenticate the role certificate of the Office CMS to confirm the identity of the oic.owner.office role of the Office CMS.
  • Step S9018 Office CMS configures the security credential Cred2 to the /oic/sec/cred resource of the mobile device.
  • Office CMS configures the security credential Cred2 to the /oic/sec/cred resource of the mobile device.
  • Step S9019 The mobile device allows the Office CMS to configure the /oic/sec/cred resource according to the configured ACL and the oic.owner.office role of the Office CMS.
  • Step S9020 Office CMS makes the mobile device enter a normal working state.
  • the mobile device of the user Dad can be interconnected with other smart devices in the security domain in the office network to realize various intelligent scenarios.
  • the mobile device is connected to the home network and can be interconnected with other smart devices in the security zone of the home to realize various intelligent scenarios.
  • the universal TA and ACL are preset in the mobile device.
  • the device presets the TA for the role certificate corresponding to the private key of the role certificate by the CA, and the TA can be used to verify the signature of the role certificate to verify the legality of the role certificate.
  • the device is preset with ACL for the owner role (oic.owner).
  • owner role oic.owner
  • the device allows the peer device to access its secure resources.
  • the terminal equipment is preset with the following ACLs:
  • the above ACL resource indicates that the peer device authenticated as the oic.owner role is allowed to fully control the local "/oic/sec/doxm", “/oic/sec/cred” and “/oic/sec/pstat" resources.
  • Role certificates are preset in OBT and CMS.
  • the public and private key of the role certificate adopts the public and private key of the corresponding device, and the public field of the certificate indicates the role ID of the certificate, such as "oic.owner".
  • the role certificates preset by OBT and CMS in each network adopt the same oic.owner role.
  • the mobile device purchased by the user Dad enters the home network and the office network respectively, it is configured so that the mobile device can work in the security domains of the two networks.
  • mobile devices can seamlessly switch after moving from one network to another.
  • Step S1001 the mobile device enters the home network.
  • the user Dad allows the mobile device to enter the home network.
  • the owner of the home network is Mom's mobile phone APP (OBT)
  • the credential management server in the home network is Home CMS, which is responsible for managing and configuring the credentials of the devices in the home network.
  • step S1001 it further includes: step S1000: preset ACL and TA.
  • Step S1002 the mobile device enters a configuration state.
  • Step S1003 Mom's OBT establishes an OTM connection with the mobile device, and performs owner configuration.
  • Step S1004 The OBT of Mom completes the OTM configuration and instructs Home CMS to start configuring the mobile device P2P credential.
  • Step S1005 The Home CMS establishes a role-based secure connection with the mobile device.
  • the Home CMS establishes a role-based connection with the mobile device.
  • the mobile device uses TA1 to authenticate the role certificate of the Home CMS to confirm the role identity of the oic.owner.home of the Home CMS.
  • Step S1006 Home CMS configures the security credential Cred1 to the /oic/sec/cred resource of the mobile device.
  • Step S1007 The mobile device allows the Home CMS to configure the /oic/sec/cred resource according to the preset ACL and the oic.owner role of the Home CMS.
  • Step S1008 Home CMS makes the mobile device enter a normal working state.
  • Step S1009 The mobile device enters the office network.
  • the Office CMS manages and configures the credentials of the devices in the office network. After the mobile device enters the office network, find the OBT of the office network, that is, the OBT of Boss.
  • Step S10010 The mobile device enters a configuration state.
  • the user Dad sets the mobile device into the P2P credential configuration state.
  • a unified TA is used and there is no need to configure the TA. Therefore, the OBT step between the mobile device and the OBT of the Boss can be skipped.
  • Step S10011 The OBT of the Boss instructs Office CMS to start configuring the P2P credential of the mobile device.
  • Step S10012 The Office CMS establishes a role-based secure connection with the mobile device.
  • the Office CMS establishes a role-based connection with the mobile device.
  • the mobile device uses the pre-configured TA (each CMS role certificate can be authenticated by TA) to authenticate the Office CMS role certificate to confirm the Office CMS's oic.owner role identity .
  • Step S10013 The CMS configures the security credential Cred2 to the /oic/sec/cred resource of the mobile device.
  • step S10014 the preparation allows the Office CMS to configure the /oic/sec/cred resource according to the preset ACL and the oic.owner role of the Office CMS.
  • Step S10015 Office CMS makes the mobile device enter a normal working state.
  • Dad's mobile devices can be interconnected with other smart devices in the security domain of the office network to realize various intelligent scenarios.
  • the mobile device When Dad brings the mobile device home, the mobile device is connected to the home network, and can be interconnected with other smart devices in the security zone of the home to realize various intelligent scenarios.
  • an embodiment of the present invention also provides a terminal device 1101, as shown in FIG. 11, including:
  • the role determination module 1101 is configured to determine the role of the access device in the security domain
  • the authority management module 1102 is configured to include the role of the access device in at least one access control role in the access control list of the terminal device, and allow the access device to configure the security resources in the terminal device, and the access The control role is a role that is allowed to configure the security resource.
  • the role management module 1101 is further configured to be further configured to determine the role of the access device by the public field in the role certificate of the access device.
  • the access list includes: security resources that are allowed to be accessed corresponding to the access control role;
  • the authority management module 1102 is further configured to allow the access device to configure a target security resource in the terminal device, where the target security resource is a security resource that is allowed to be accessed corresponding to the role of the access device.
  • the access control list further includes: operation authority corresponding to the access control role;
  • the authority management module 1102 is further configured to allow the access device to perform configuration corresponding to a target operation authority on the secure resources in the terminal device, and the target operation authority is an operation authority corresponding to the role of the access device.
  • the access control list is the same access control list, and the roles of the access devices in the different security domains are the same;
  • the access control lists are different access control lists, and the roles of the access devices in different security domains are different.
  • the access control list is preset in the terminal device
  • the access control list is configured by the activation device.
  • the terminal device 1100 further includes:
  • the role authentication module is configured to authenticate the role certificate of the access device according to the root of trust to confirm the role of the access device.
  • the root of trust is the same root of trust, or
  • the trust roots are different trust roots.
  • the root of trust is preset in the terminal device.
  • the root of trust is configured by the activation device.
  • the activation device includes:
  • the activation device of the security domain where the terminal device is located or
  • An activation device in a security domain other than the security domain where the terminal device is located is located.
  • the terminal device 1100 further includes: a configuration update module configured to: before the terminal device enters the security domain, retain the configuration information corresponding to the secure resource, or initialize the configuration information corresponding to the secure resource .
  • the reservation condition for the terminal device to reserve the configuration information corresponding to the secure resource includes at least one of the following:
  • An initialization instruction indicating to initialize the configuration information is not received.
  • the initialization condition for the terminal device to initialize the configuration information corresponding to the secure resource includes at least one of the following:
  • the reservation instruction indicating that the configuration information is reserved is not received.
  • An embodiment of the present invention also provides a terminal device, including a processor and a memory for storing a computer program that can run on the processor, where the processor is used to execute the above-mentioned terminal device when the computer program is running. Steps of the access control method.
  • an embodiment of the present invention also provides an access device 1200, including:
  • the sending module 1201 is configured to send the role of the access device to the terminal device in the security domain where it is located; when the role of the access device is included in at least one access control role in the access control list of the terminal device.
  • the terminal device allows the access device to configure the security resource in the terminal device, and the access control role is a role that is allowed to configure the security resource.
  • the sending module 1201 is further configured to send a role certificate to the terminal device, and the public field of the role certificate includes the role of the access device.
  • the roles of access devices in different security domains are the same; or the roles of access devices in different security domains are different.
  • An embodiment of the present invention also provides an access device, including a processor and a memory for storing a computer program that can run on the processor, where the processor is used to execute the computer program executed by the access device when the computer program is running. Steps of the access control method.
  • An embodiment of the present invention further provides an activation device 1300, including:
  • the list configuration module 1301 is configured to configure an access control list for a terminal device, where the access control list is used for the access control role of the access control list including the role of the access device, and the terminal device allows the access device to The security resource in the terminal device is configured, and the access control role is a role that is allowed to configure the security resource.
  • the access control list further includes at least one of the following:
  • the activation device 1301 further includes:
  • the root configuration module is configured to configure a root of trust for the terminal device, and the root of trust is used by the terminal device to authenticate the role certificate of the access device to confirm the role of the access device.
  • An embodiment of the present invention also provides an activation device, including a processor and a memory for storing a computer program that can run on the processor, where the processor is used to execute the above-mentioned activation device when the computer program is running. Steps of the access control method.
  • the electronic device 1400 includes: at least one processor 1401, memory 1402, and at least one network interface 1404.
  • the various components in the electronic device 1400 are coupled together through the bus system 1405. It can be understood that the bus system 1405 is used to implement connection and communication between these components.
  • the bus system 1405 also includes a power bus, a control bus, and a status signal bus. However, for the sake of clear description, various buses are marked as the bus system 1405 in FIG. 14.
  • the memory 1402 may be a volatile memory or a non-volatile memory, and may also include both volatile and non-volatile memory.
  • the non-volatile memory can be ROM, Programmable Read-Only Memory (PROM), Erasable Programmable Read-Only Memory (EPROM), and electrically erasable Programmable read-only memory (EEPROM, Electrically Erasable Programmable Read-Only Memory), magnetic random access memory (FRAM, ferromagnetic random access memory), flash memory (Flash Memory), magnetic surface memory, optical disk, or CD-ROM -ROM, Compact Disc Read-Only Memory); Magnetic surface memory can be disk storage or tape storage.
  • the volatile memory may be a random access memory (RAM, Random Access Memory), which is used as an external cache.
  • RAM random access memory
  • SRAM static random access memory
  • SSRAM synchronous static random access memory
  • Synchronous Static Random Access Memory Synchronous Static Random Access Memory
  • DRAM Dynamic Random Access Memory
  • SDRAM Synchronous Dynamic Random Access Memory
  • DDRSDRAM Double Data Rate Synchronous Dynamic Random Access Memory
  • ESDRAM Enhanced Synchronous Dynamic Random Access Memory
  • SLDRAM synchronous connection dynamic random access memory
  • DRRAM Direct Rambus Random Access Memory
  • the memory 1402 described in the embodiment of the present invention is intended to include, but is not limited to, these and any other suitable types of memory.
  • the memory 1402 in the embodiment of the present invention is used to store various types of data to support the operation of the electronic device 1400. Examples of such data include: any computer program used to operate on the electronic device 1400, such as an application program 14022.
  • the program for implementing the method of the embodiment of the present invention may be included in the application program 14022.
  • the method disclosed in the foregoing embodiment of the present invention may be applied to the processor 1401 or implemented by the processor 1401.
  • the processor 1401 may be an integrated circuit chip with signal processing capabilities. In the implementation process, the steps of the foregoing method can be completed by an integrated logic circuit of hardware in the processor 1401 or instructions in the form of software.
  • the aforementioned processor 1401 may be a general-purpose processor, a digital signal processor (DSP, Digital Signal Processor), or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components, and the like.
  • the processor 1401 may implement or execute various methods, steps, and logical block diagrams disclosed in the embodiments of the present invention.
  • the general-purpose processor may be a microprocessor or any conventional processor or the like.
  • the steps of the method disclosed in the embodiments of the present invention may be directly embodied as being executed and completed by a hardware decoding processor, or executed and completed by a combination of hardware and software modules in the decoding processor.
  • the software module may be located in a storage medium, and the storage medium is located in the memory 1402.
  • the processor 1401 reads the information in the memory 1402, and completes the steps of the foregoing method in combination with its hardware.
  • the electronic device 1400 may be used by one or more Application Specific Integrated Circuits (ASIC, Application Specific Integrated Circuit), DSP, Programmable Logic Device (PLD, Programmable Logic Device), and Complex Programmable Logic Device (CPLD). , Complex Programmable Logic Device), FPGA, general-purpose processor, controller, MCU, MPU, or other electronic components to implement the foregoing method.
  • ASIC Application Specific Integrated Circuit
  • DSP Digital Signal processor
  • PLD Programmable Logic Device
  • CPLD Complex Programmable Logic Device
  • FPGA Complex Programmable Logic Device
  • controller MCU
  • MPU MPU
  • the embodiment of the present invention also provides a storage medium for storing computer programs.
  • the storage medium can be applied to the terminal device in the embodiment of the present invention, and the computer program causes the computer to execute the corresponding process in each method of the embodiment of the present invention.
  • the computer program causes the computer to execute the corresponding process in each method of the embodiment of the present invention.
  • the storage medium can be applied to the access device in the embodiment of the present invention, and the computer program causes the computer to execute the corresponding process in each method of the embodiment of the present invention.
  • the computer program causes the computer to execute the corresponding process in each method of the embodiment of the present invention.
  • the storage medium can be applied to the activation device in the embodiment of the present invention, and the computer program causes the computer to execute the corresponding process in each method of the embodiment of the present invention.
  • the computer program causes the computer to execute the corresponding process in each method of the embodiment of the present invention.
  • These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device.
  • the device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment.
  • the instructions provide steps for implementing the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

An access control method, comprising: a terminal device (1100) determining the role of an access device (1200) of a secure domain in which the terminal device (1100) is located; and when at least one access control role in an access control list of the terminal device (1100) comprises the role of the access device (1200), the terminal device (1100) allowing the access device (1200) to configure a secure resource in the terminal device (1100), the access control role being a role that is allowed to configure the secure resource. Further provided are another access control method, an electronic device (1400), and a storage medium.

Description

访问控制方法、设备及存储介质Access control method, equipment and storage medium 技术领域Technical field
本发明涉及物联网技术,尤其涉及一种访问控制方法、设备及存储介质,其中,本发明涉及的设备包括以下至少之一:终端设备、访问设备和激活设备。The present invention relates to the Internet of Things technology, and in particular to an access control method, equipment and storage medium. The equipment involved in the present invention includes at least one of the following: terminal equipment, access equipment and activation equipment.
背景技术Background technique
相关技术中,终端设备只能由一个激活工具(Onboarding Tool,OBT)配置,即只能有一个设备业主(device owner),终端设备中的设备配置资源、证书等安全资源也只能有一个资源主人(resource owner)。由于只有resource owner具有配置相应安全资源的权限,因此,在终端设备被配置到一个安全域中后,再次进入其他安全域时,与其他安全域中的设备互联互通,需要将终端设备重新配置到其他安全域中。这样,终端设备在不同安全域中移动时,每次都需要重新配置。In related technologies, the terminal device can only be configured by one activation tool (Onboarding Tool, OBT), that is, there can only be one device owner, and the security resources such as device configuration resources and certificates in the terminal device can only have one resource. The resource owner. Since only the resource owner has the authority to configure the corresponding security resources, after a terminal device is configured in a security domain, when it enters another security domain again, it needs to reconfigure the terminal device to communicate with devices in other security domains. In other security domains. In this way, when the terminal device moves in different security domains, it needs to be reconfigured each time.
发明内容Summary of the invention
本发明实施例提供一种访问控制方法、设备及存储介质,能够避免重复繁琐的资源主人的安全资源的配置过程,打破终端设备在不同安全域的访问隔离。The embodiments of the present invention provide an access control method, equipment, and storage medium, which can avoid repetition of the tedious resource owner's security resource configuration process, and break the access isolation of terminal equipment in different security domains.
本发明实施例的技术方案是这样实现的:The technical solution of the embodiment of the present invention is realized as follows:
第一方面,本发明实施例提供一种访问控制方法,包括:In the first aspect, an embodiment of the present invention provides an access control method, including:
终端设备确定所在的安全域的访问设备的角色;The terminal device determines the role of the access device in the security domain in which it is located;
在所述终端设备的访问控制列表的至少一个访问控制角色中包括所述访问设备的角色的情况下,所述终端设备允许所述访问设备对所述终端设备中的安全资源进行配置,所述访问控制角色为被允许进行所述安全资源的配置的角色。In the case that at least one access control role of the access control list of the terminal device includes the role of the access device, the terminal device allows the access device to configure the security resources in the terminal device, and The access control role is a role that is allowed to configure the security resource.
第二方面,本发明实施例提供一种访问控制方法,包括:In the second aspect, an embodiment of the present invention provides an access control method, including:
访问设备向所在的安全域的终端设备发送所述访问设备的角色;在所述访问设备的角色包括在所述终端设备的访问控制列表中的至少一个访问控制角色中的情况下,所述终端设备允许所述访问设备对所述终端设备中的安全资源进行配置,所述访问控制角色为被允许进行所述安全资源的配置的角色。The access device sends the role of the access device to the terminal device in the security domain; when the role of the access device is included in at least one access control role in the access control list of the terminal device, the terminal The device allows the access device to configure the security resource in the terminal device, and the access control role is a role that is allowed to configure the security resource.
第三方面,本发明实施例提供一种访问控制方法,包括:In a third aspect, an embodiment of the present invention provides an access control method, including:
激活设备向终端设备配置访问控制列表,所述访问控制列表用于所述访问控制列表的至少一个访问控制角色中包括访问设备的角色,所述终端设备允许所述访问设备对所述终端设备中的安全资源进行配置,所述访问控制角色为被允许进行所述安全资源的配置的角色。The activation device configures an access control list for the terminal device, where the access control list is used in at least one access control role of the access control list including the role of the access device, and the terminal device allows the access device to access the terminal device. The security resource is configured, and the access control role is a role that is allowed to configure the security resource.
第四方面,本发明实施例提供一种终端设备,包括:In a fourth aspect, an embodiment of the present invention provides a terminal device, including:
角色确定模块,配置为确定所在的安全域的访问设备的角色;The role determination module is configured to determine the role of the access device in the security domain;
权限管理模块,配置为在所述终端设备的访问控制列表的至少一个访问控制角色包括所述访问设备的角色的情况下,允许具有所述访问设备对所述终端设备中的安全资源进行配置,所述访问控制角色为被允许进行所述安全资源的配置的角色。An authority management module configured to allow the access device to configure the security resources in the terminal device when at least one access control role in the access control list of the terminal device includes the role of the access device, The access control role is a role that is allowed to configure the security resource.
第五方面,本发明实施例提供一种访问设备,包括:In a fifth aspect, an embodiment of the present invention provides an access device, including:
发送模块,配置为向所在的安全域的终端设备发送所述访问设备的角色;在所述访问设备的角色包括在所述终端设备的访问控制列表中的至少一个访问控制角色中的情况下,所述终端设备允许所述访问设备对所述终端设备中的安全资源进行配置,所述访问控制角色为被允许进行所述安全资源的配置的角色。The sending module is configured to send the role of the access device to the terminal device in the security domain; when the role of the access device is included in at least one access control role in the access control list of the terminal device, The terminal device allows the access device to configure the security resource in the terminal device, and the access control role is a role that is allowed to configure the security resource.
第六方面,本发明实施例提供一种激活设备,所述方法包括:In a sixth aspect, an embodiment of the present invention provides an activation device, and the method includes:
列表配置模块,配置为向终端设备配置访问控制列表,所述访问控制列表用于所述访问控制列表的至少一个访问控制角色中包括访问设备的角色,所述终端设备允许所述访问设备对所述终端设备中的安全资源进行配置,所述访问控制角色为被允许进行所述安全资源的配置的角色。The list configuration module is configured to configure an access control list to a terminal device, where the access control list is used in at least one access control role of the access control list including the role of the access device, and the terminal device allows the access device to The security resource in the terminal device is configured, and the access control role is a role that is allowed to configure the security resource.
第七方面,本发明实施例提供一种终端设备,包括处理器和用于存储能够在处理器上运行的计算机程序的存储器,其中,所述处理器用于运行所述计算机程序时,执行上述终端设备执行的访问控制方法的步骤。In a seventh aspect, an embodiment of the present invention provides a terminal device, including a processor and a memory for storing a computer program that can run on the processor, wherein the processor is used to execute the above-mentioned terminal when the computer program is running. Steps of the access control method executed by the device.
第八方面,本发明实施例提供一种访问设备,包括处理器和用于存储能够在处理器上运行的计算机程序的存储器,其中,所述处理器用于运行所述计算机程序时,执行上述访问设备执行的访问控制方法的步骤。In an eighth aspect, an embodiment of the present invention provides an access device, including a processor and a memory for storing a computer program that can run on the processor, wherein the processor is configured to execute the above-mentioned access when the computer program is running. Steps of the access control method executed by the device.
第九方面,本发明实施例提供一种激活设备,包括处理器和用于存储能够在处理器上运行的计算机程序的存储器,其中,所述处理器用于运行所述计算机程序时,执行上述激活设备执行的访问控制方法的步骤。In a ninth aspect, an embodiment of the present invention provides an activation device, including a processor and a memory for storing a computer program that can run on the processor, wherein the processor is used to execute the above activation when the computer program is running. Steps of the access control method executed by the device.
第十方面,本发明实施例提供一种存储介质,存储有可执行程序,所述可执行程序被处理器执行时,实现上述终端设备执行的访问控制方法。In a tenth aspect, an embodiment of the present invention provides a storage medium that stores an executable program, and when the executable program is executed by a processor, the above-mentioned access control method executed by the terminal device is implemented.
第十一方面,本发明实施例提供一种存储介质,存储有可执行程序,所述可执行程序被处理器执行时,实现上述访问设备执行的访问控制方法。In an eleventh aspect, an embodiment of the present invention provides a storage medium that stores an executable program, and when the executable program is executed by a processor, the access control method executed by the above-mentioned access device is implemented.
第十二方面,本发明实施例提供一种存储介质,存储有可执行程序,所述可执行程序被处理器执行时,实现上述激活设备执行的访问控制方法。In a twelfth aspect, an embodiment of the present invention provides a storage medium that stores an executable program, and when the executable program is executed by a processor, the above-mentioned access control method executed by the activation device is implemented.
本发明实施例提供的访问控制方法,包括:终端设备确定所在的安全域的访问设备的角色;在所述终端设备的访问控制列表的至少一个访问控制角色中包括所述访问设备的角色的情况下,所述终端设备允许所述访问设备对所述终端设备中的安全资源进行配置。由于在终端设备中设置访问控制列表,当访问设备的角色包括在访问控制列表的至少一个被允许进行安全资源的配置的角色中,则可认为访问设备对终端设备中的安全资源具有配置权限,允许访问设备对终端设备中的安全资源进行配置,从而基于访问控制列表实现不同安全域的访问设备对终端设备中的安全资源的配置,能够避免重复繁琐的资源主人的配置过程,打破终端设备在不同安全域的访问隔离。The access control method provided by the embodiment of the present invention includes: the terminal device determines the role of the access device in the security domain where it is located; the situation where the role of the access device is included in at least one access control role in the access control list of the terminal device Next, the terminal device allows the access device to configure the secure resources in the terminal device. Since the access control list is set in the terminal device, when the role of the access device is included in at least one role in the access control list that is allowed to configure security resources, it can be considered that the access device has configuration authority to the security resources in the terminal device. The access device is allowed to configure the security resources in the terminal device, so that access devices in different security domains can configure the security resources in the terminal device based on the access control list, which can avoid repeating the tedious configuration process of the resource owner and break the terminal device Access isolation of different security domains.
附图说明Description of the drawings
图1是本发明实施例提供角色声明的一个可选的流程示意图;FIG. 1 is a schematic diagram of an optional process for providing role declaration according to an embodiment of the present invention;
图2是本发明实施例提供的设备配置的一个可选的流程示意图;2 is a schematic diagram of an optional flow chart of device configuration provided by an embodiment of the present invention;
图3是本发明实施例提供的物联网系统的一个可选的结构示意图;FIG. 3 is an optional structural diagram of the Internet of Things system provided by an embodiment of the present invention;
图4是本发明实施例提供的物联网系统的一个可选的结构示意图;FIG. 4 is an optional structural diagram of the Internet of Things system provided by an embodiment of the present invention;
图5是本发明实施例提供的访问控制方法的一个可选的流程示意图;FIG. 5 is an optional flowchart of an access control method provided by an embodiment of the present invention;
图6是本发明实施例提供的访问控制方法的一个可选的流程示意图;FIG. 6 is an optional flowchart of an access control method provided by an embodiment of the present invention;
图7是本发明实施例提供的访问控制方法的一个可选的流程示意图;FIG. 7 is an optional flowchart of an access control method provided by an embodiment of the present invention;
图8是本发明实施例提供的访问控制方法的一个可选的流程示意图;FIG. 8 is an optional flowchart of an access control method provided by an embodiment of the present invention;
图9是本发明实施例提供的访问控制方法的一个可选的流程示意图;FIG. 9 is an optional flowchart of an access control method provided by an embodiment of the present invention;
图10是本发明实施例提供的访问控制方法的一个可选的流程示意图;FIG. 10 is an optional flowchart of an access control method provided by an embodiment of the present invention;
图11是本发明实施例提供的终端设备的一个可选的结构示意图;FIG. 11 is a schematic diagram of an optional structure of a terminal device provided by an embodiment of the present invention;
图12是本发明实施例提供的访问设备的一个可选的结构示意图;FIG. 12 is a schematic diagram of an optional structure of an access device provided by an embodiment of the present invention;
图13是本发明实施例提供的激活设备的一个可选的结构示意图;FIG. 13 is a schematic diagram of an optional structure of an activation device provided by an embodiment of the present invention;
图14是本发明实施例提供的电子设备的一个可选的结构示意图。FIG. 14 is a schematic diagram of an optional structure of an electronic device provided by an embodiment of the present invention.
具体实施方式detailed description
为了使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本发明作进一步地详细描述,所描述的实施例不应视为对本发明的限制,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings. The described embodiments should not be regarded as limiting the present invention. Those of ordinary skill in the art have not made All other embodiments obtained under the premise of creative work belong to the protection scope of the present invention.
在对本发明实施例提供的访问控制方法进行详细说明之前,先对物联网系统的资源、角色声明和终端设备配置进行简要说明。Before describing in detail the access control method provided by the embodiments of the present invention, a brief description of the resources, role declarations, and terminal device configuration of the Internet of Things system will be given first.
在物联网中,可通过资源来表述物联网实体设备,以及物联网实体设备提供的功能服务和设备的状态等信息。提供资源的设备是服务端,访问资源的设备是客户端。客户端和服务端为逻辑功能实体,每个物联网设备可以是客户端、服务端或既是客户端又是服务端。例如,实现某项最基本功能的设备(例如灯泡)可以只做服务端,提供给客户端进行查询和控制,本身无控制或者查询其他设备的需求。In the Internet of Things, resources can be used to express the physical devices of the Internet of Things, as well as information such as the functional services provided by the physical devices of the Internet of Things and the status of the devices. The device that provides the resource is the server, and the device that accesses the resource is the client. The client and server are logical functional entities, and each IoT device can be a client, a server, or both a client and a server. For example, a device (such as a light bulb) that implements a certain basic function can only be used as a server, and it can be provided to the client for query and control. It does not have the need to control or query other devices.
客户端在使用证书对服务端进行身份验证后,可通过使用角色证书更新服务端角色资源来声明一个或多个角色。角色凭证必须是证书凭证,并应包括证书链。服务端将验证每个证书链。另外,用于终端实体身份验证的公钥必须与所有角色证书中的公钥相同。此外,终端实体身份验证和角色证书中的主体可分辨名称必须匹配。被声明的角色编码在角色证书的subjectAltName扩展中。subjectAltName字段可以有多个值,允许单个角色证书对适用于客户端的多个角色进行编码。其中,不同角色可不同角色标识来区分,比如:主人(owner)、家庭成员(family)、访客(guest)等,不同的角色可具有不同的访问权限,比如:主人(owner)可对终端设备进行完全控制,家庭成员可对终端中的部分资源进行完全控制,访客(guest)仅对终端中的部分资源进行访问。After the client uses the certificate to authenticate the server, it can declare one or more roles by using the role certificate to update the server role resource. The role credential must be a certificate credential and should include the certificate chain. The server will verify each certificate chain. In addition, the public key used for end-entity authentication must be the same as the public key in all role certificates. In addition, the end entity authentication and the distinguished name of the subject in the role certificate must match. The declared role is encoded in the subjectAltName extension of the role certificate. The subjectAltName field can have multiple values, allowing a single role certificate to encode multiple roles applicable to the client. Among them, different roles can be distinguished by different role identifiers, such as: owner, family, guest, etc. Different roles can have different access rights, such as: owner can access terminal equipment With complete control, family members can fully control some of the resources in the terminal, and guests can only access some of the resources in the terminal.
图1为客户端向服务端角色声明的交互流程,包括:Figure 1 shows the interaction process of the client-side role declaration to the server-side, including:
步骤S101,客户端向服务端发送用更新(UPDATE)请求。In step S101, the client sends an update (UPDATE) request to the server.
UPDATE请求由客户端发送到服务端,以部分或全部更新服务端上的角色资源。这里,统一资源标识符(Uniform Resource Identifier,URI)用于标识资源的名称,URI可通过统一资源定位符(Uniform Resource Location,URL)来指示,比如:角色资源的URI为oic,其URL为/oic/sec/roles。每个资源包含属性,属性用于描述资源的状态信息,属性以“<key>=<value>”键值对的形式出现。The UPDATE request is sent from the client to the server to partially or completely update the role resources on the server. Here, the Uniform Resource Identifier (URI) is used to identify the name of the resource. The URI can be indicated by the Uniform Resource Location (URL). For example, the URI of the role resource is oic, and the URL is / oic/sec/roles. Each resource contains attributes, which are used to describe the status information of the resource, and the attributes appear in the form of "<key>=<value>" key-value pairs.
客户端使用UPDATE请求将角色证书相关的角色信息写入设备的角色资源。The client uses an UPDATE request to write the role information related to the role certificate into the role resource of the device.
例如,UPDATE请求的资源表述的实例为:For example, an example of the resource expression requested by UPDATE is:
/oic/sec/roles/oic/sec/roles
[{"credid":"...","sub":"...","credtype":8,[{"credid":"...","sub":"...","credtype":8,
"pbdata":"DER-encoded role and CA certificate chain in base64","pbdata":"DER-encoded role and CA certificate chain in base64",
"roleid":{"authority":"Optional Authority Identifier","role":"16-byte octet string"},"roleid":{"authority":"OptionalAuthorityIdentifier","role":"16-byte octet string"},
"ownrs":"...""ownrs":"..."
}]}]
这里,在上述资源表述中声明客户端的角色。Here, the role of the client is declared in the above resource expression.
资源表述即属性的快照。与资源的交互即通过交换包含资源表述的请求和响应实现。例如向资源进行读取请求,通过响应可以获得资源的表述,通过更新资源表述,对资源进行更新。The resource representation is a snapshot of the attribute. The interaction with resources is realized by exchanging requests and responses that contain resource expressions. For example, a read request is made to a resource, the resource expression can be obtained by responding, and the resource can be updated by updating the resource expression.
步骤S102,服务端进行角色资源的更新。In step S102, the server updates the role resources.
服务端在收到UPDATE请求之后,服务端会验证发送请求的客户端是否具有更新角色资源的权限。有,客户端就会根据UPDATE请求中参数来更新角色资源的信息。After the server receives the UPDATE request, the server verifies whether the client sending the request has the authority to update the role resource. Yes, the client will update the role resource information according to the parameters in the UPDATE request.
步骤S103,服务端向客户端返回UPDATE响应。Step S103, the server returns an UPDATE response to the client.
终端设备需要激活后才能在安全域中与安全域中其他终端设备进行交互。激活终端设备的第一步是配置终端设备的所有权。合法用户通过OBT使用一种业主转移方法(OTM)建立终端设备的所有权。所有权建立后,再使用OBT配置终端设备,最终使终端设备能够正常操作并与其他终端设备交互。The terminal device needs to be activated before it can interact with other terminal devices in the security domain. The first step in activating a terminal device is to configure the ownership of the terminal device. Legitimate users use an Owner Transfer Method (OTM) through OBT to establish ownership of terminal equipment. After the ownership is established, use OBT to configure the terminal device, and finally enable the terminal device to operate normally and interact with other terminal devices.
图2为终端设备配置的交互流程示意图,如图2所示,包括:Figure 2 is a schematic diagram of the interactive process of terminal device configuration, as shown in Figure 2, including:
步骤S201、OBT发现安全域中需要配置的终端设备。Step S201: The OBT discovers terminal devices that need to be configured in the security domain.
这里,发现的设备为无主的需要配置的新的终端设备。Here, the discovered device is a new terminal device that needs to be configured without an owner.
步骤S202、终端设备向OBT返回其支持的业主转让方法。Step S202: The terminal device returns the owner transfer method it supports to the OBT.
其中,步骤S201和步骤S202为OBT发现新设备并找到合适的业主转让方法。Among them, step S201 and step S202 are for OBT to discover new equipment and find a suitable owner transfer method.
步骤S203、OBT根据终端设备支持的业主转让方法与终端设备建立安全连接。Step S203: The OBT establishes a secure connection with the terminal device according to the owner transfer method supported by the terminal device.
其中,步骤S203用于执行业主转让方法。Among them, step S203 is used to execute the owner's transfer method.
步骤S204、OBT将自身的ID配置到终端设备的业主资源中。Step S204: The OBT configures its own ID in the owner resource of the terminal device.
这里,业主资源的URL可为/oic/sec/doxm,可将OBT的ID配置到终端设备的业主资源的设备业主标识(deviceowneruuid)属性。Here, the URL of the owner resource may be /oic/sec/doxm, and the ID of the OBT may be configured to the device owner identifier (device owneruuid) attribute of the owner resource of the terminal device.
步骤S204用于建立终端设备的业主身份Step S204 is used to establish the owner identity of the terminal equipment
步骤S205、OBT请求终端设备支持的业主凭证类型。Step S205: The OBT requests the owner credential type supported by the terminal device.
终端设备支持的业主凭证类型可包括:对称密钥、非对称密钥、证书等。The type of owner's certificate supported by the terminal device may include: symmetric key, asymmetric key, certificate, etc.
步骤S206、OBT选择合适的业主凭证。Step S206, OBT selects a suitable owner certificate.
OBT根据终端设备支持的业主凭证类型选择一个合适的安全凭证OBT selects a suitable security certificate according to the type of owner certificate supported by the terminal device
步骤S207、OBT配置业主凭证。Step S207: OBT configures the owner's credential.
OBT将所选的业主凭证配置到终端设备的凭证资源,终端设备的凭证资源的URL可为/oic/sec/cred。OBT configures the selected owner's credential to the credential resource of the terminal device. The URL of the credential resource of the terminal device can be /oic/sec/cred.
步骤S205至步骤S207用于确定终端设备是否使用设备主人所用的对称和/或非对称凭证。Steps S205 to S207 are used to determine whether the terminal device uses symmetric and/or asymmetric credentials used by the device owner.
步骤S208、OBT将终端设备分配给凭证管理服务器。Step S208: OBT allocates the terminal device to the credential management server.
凭证管理服务器(Credential Management Service,CMS)通常可作为OBT的一部分,考虑扩展性和模块化设计,CMS也可作为服务单独部署。Credential Management Service (CMS) can usually be used as a part of OBT. Considering scalability and modular design, CMS can also be deployed separately as a service.
步骤S208用于为设备管理相关服务添加新的终端设备的信息。Step S208 is used to add new terminal device information for device management related services.
步骤S209、OBT将自身的ID配置到终端设备的业主资源。Step S209: OBT configures its own ID to the owner resource of the terminal device.
OBT配置OBT为业主资源的主人。这里,OBT可将自身的ID配置到终端设备的/oic/sec/doxm的主人标识(rowneruuid)属性。OBT configures OBT as the owner of the owner's resources. Here, OBT can configure its own ID to the owner identification (rowneruuid) attribute of /oic/sec/doxm of the terminal device.
步骤S2010、OBT将CMS的ID配置到终端设备的凭证资源。Step S2010: The OBT configures the ID of the CMS to the credential resource of the terminal device.
OBT设定CMS为凭证资源的主人。OBT将CMS的ID配置到/oic/sec/cred的主人标识(rowneruuid)属性。OBT sets CMS as the owner of the credential resource. OBT configures the ID of the CMS to the rowneruuid attribute of /oic/sec/cred.
步骤S2011、OBT将用于与CMS建立安全连接的CMS凭证配置到终端设备的凭证资源。In step S2011, the OBT configures the CMS credential used to establish a secure connection with the CMS to the credential resource of the terminal device.
步骤S209至步骤S2011用于定义终端设备和代表管理服务,例如CMS凭证和设备主人。Steps S209 to S2011 are used to define terminal devices and representative management services, such as CMS credentials and device owners.
步骤S2012、OBT/CMS改变终端设备的状态为业务配置状态。Step S2012, OBT/CMS changes the state of the terminal device to the service configuration state.
步骤S2013OBT/CMS将用于与其他设备建立局域网安全连接的凭证配置到终端设 备的凭证资源。Step S2013OBT/CMS configures the credential used to establish a secure LAN connection with other devices to the credential resource of the terminal device.
其中,步骤S2012和步骤S2013中,使用对等凭证和访问控制策略配置新设备。Among them, in step S2012 and step S2013, the new device is configured using the peer-to-peer credential and the access control policy.
步骤S2014、OBT/CMS改变终端设备的状态为正常工作状态。Step S2014, OBT/CMS changes the state of the terminal device to a normal working state.
通过步骤S2014使终端设备正常工作。Step S2014 enables the terminal device to work normally.
在上述流程中,步骤S207中配置的业主凭证为OBT与终端设备互联的凭证,步骤S2011中配置的CMS凭证为CMS与终端设备互联的凭证,步骤S2013中配置的凭证即端到端(P2P)凭证为终端设备在该安全域中与安全域中的其他终端设备互联的凭证。In the above process, the owner credential configured in step S207 is the credential for the interconnection of OBT and the terminal device, the CMS credential configured in step S2011 is the credential for the interconnection of the CMS and the terminal device, and the credential configured in step S2013 is end-to-end (P2P) The credential is the credential for the terminal device to interconnect with other terminal devices in the security domain in the security domain.
在一示例中,业主资源的结构可为:In an example, the structure of the owner's resources can be:
Figure PCTCN2019105474-appb-000001
Figure PCTCN2019105474-appb-000001
在一示例中,凭证资源的结构可为:In an example, the structure of the credential resource can be:
Figure PCTCN2019105474-appb-000002
Figure PCTCN2019105474-appb-000002
Figure PCTCN2019105474-appb-000003
Figure PCTCN2019105474-appb-000003
这里,OBT即激活设备是安全域的主人,可以配置安全域中的客户端和服务端互联互通。不同的安全域的主人为不同的OBT。安全域中的客户端或服务端配置后,该OBT为被配置终端设备的主人。其中,一个网络中由同一个OBT配置的多个设备中,两两之间能够互联互通,认为这些设备形成了一个安全域。其中,,例如,一个家庭网络环境中,全部设备都由男主人的手机APP(作为OBT)配置,使得家庭中的客户端和服务端能够形成一个建立安全通信连接的安全域;邻居家的网络中互联的设备是由邻居的手机APP(另一OBT)配置的,则形成与家庭的安全域不同的另一安全域。Here, OBT means that the activation device is the master of the security domain, and the client and server in the security domain can be configured to communicate with each other. The owners of different security domains are different OBTs. After the client or server in the security domain is configured, the OBT is the owner of the configured terminal device. Among them, among multiple devices configured by the same OBT in a network, the two devices can be interconnected, and it is considered that these devices form a security domain. Among them, for example, in a home network environment, all devices are configured by the male owner’s mobile phone APP (as OBT), so that the client and server in the home can form a secure domain for establishing a secure communication connection; the neighbor’s network The device in China Interconnection is configured by the neighbor's mobile phone APP (another OBT), which forms another security domain that is different from the security domain of the family.
不同安全域的配置信息是相互独立,一个安全域的配置信息无法用于其他安全域,因此,不同安全域的设备之间的访问是相互隔离的。例如,在终端设备被配置到安全域A后,终端设备中的配置信息为安全域A的配置信息;终端设备进入安全域B时,通过安全域A中的配置信息与安全域B中设备之间无法进行互联互通;如果终端设备要与安全域B中的设备互联互通,需要重新进行配置,以将终端设备配置到安全域B中。The configuration information of different security domains is independent of each other, and the configuration information of one security domain cannot be used in other security domains. Therefore, access between devices in different security domains is isolated from each other. For example, after the terminal device is configured to the security domain A, the configuration information in the terminal device is the configuration information of the security domain A; when the terminal device enters the security domain B, it passes the configuration information in the security domain A and the device in the security domain B. There is no interconnection and intercommunication between the two; if the terminal device wants to interconnect and interwork with the device in the security domain B, it needs to be re-configured to configure the terminal device in the security domain B.
例如,图3是一个家庭环境中的安全域的建立:For example, Figure 3 is the establishment of a security domain in a home environment:
激活设备301中安装有客户端APP,激活设备301创建安全域(如家庭网络)中的终端设备以及各终端设备的管理员(admin)、家庭成员(family)、访客(guest)等各种角色。即激活设备301为家庭网络的OBT。激活设备301发现并配置灯泡1,可以控制灯泡1。A client APP is installed in the activation device 301, and the activation device 301 creates terminal devices in a secure domain (such as a home network) and various roles such as the administrator (admin), family member (family), and guest (guest) of each terminal device . That is, the activation device 301 is the OBT of the home network. The activation device 301 discovers and configures light bulb 1, and can control light bulb 1.
终端设备302中安装有客户端APP,激活设备301的客户端APP发现终端设备302的客户端APP,并对终端设备302的APP进行配置,赋予终端设备302的APP家庭成员(family)权限,则终端设备302也可以控制灯泡1。激活设备301也可以赋予终端设备302管理员(admin)权限,则终端设备302也可以配置和管理灯泡1。A client APP is installed in the terminal device 302, and the client APP of the activated device 301 discovers the client APP of the terminal device 302, configures the APP of the terminal device 302, and grants the APP family permission of the terminal device 302, then The terminal device 302 can also control the bulb 1. The activation device 301 can also give the terminal device 302 administrator (admin) authority, and the terminal device 302 can also configure and manage the bulb 1.
对于一个物联网设备,如灯泡2,采取与灯泡1相同的方式进行配置。For an IoT device, such as light bulb 2, it is configured in the same way as light bulb 1.
对于一个新的具有客户端APP的终端设备,采取与终端设备302相同的方式配置其角色和权限。For a new terminal device with a client APP, its roles and permissions are configured in the same way as the terminal device 302.
上述方案中,终端设备只能由一个OBT配置,即只能有一个设备业主,其业主资源、凭证资源等安全资源也只能有一个资源主人。由于只有资源业主具有配置相应安全资源的权限,一个终端设备进入当前设备主人对应的安全域之外的其他安全域时,其他安全域的主人无法对该终端设备的安全资源进行配置,导致当前设备无法与其他安全域中的设备进行互联互通。例如:图3中的终端设备302的客户端APP被激活设备301配置后,当终端设备302进入办公室,由于办公室网络中的安全域的主人是激活设备Boss的Client APP(OBT),则激活设备Boss无法配置终端设备302的Client APP使终端设备302与办公室的安全域中的终端设备互联互通。In the above solution, the terminal device can only be configured by one OBT, that is, there can only be one device owner, and only one resource owner can be used for security resources such as owner resources and credential resources. Since only the resource owner has the authority to configure the corresponding security resources, when a terminal device enters a security domain other than the security domain corresponding to the current device owner, the owner of the other security domain cannot configure the security resources of the terminal device, resulting in the current device It cannot communicate with devices in other security domains. For example: after the client APP of the terminal device 302 in Figure 3 is configured by the activated device 301, when the terminal device 302 enters the office, since the owner of the security domain in the office network is the Client APP (OBT) of the activated device Boss, the device is activated The Boss cannot configure the Client APP of the terminal device 302 to enable the terminal device 302 to communicate with the terminal devices in the security domain of the office.
即使对终端设备中的配置信息进行重置,使得终端设备能够与其他安全域中的终端设备互联互通,但当终端设备再次进入当前安全域时,终端设备无法对当前安全域中的设备进行控制。Even if the configuration information in the terminal device is reset so that the terminal device can interconnect with terminal devices in other security domains, when the terminal device enters the current security domain again, the terminal device cannot control the devices in the current security domain .
以图3所示的终端设备302为例,既使重置终端设备302的客户端APP,使激活设备Boss能够对终端设备302的客户端APP进行配置,实现终端设备302与办公室网络中的设备的互联互通,则当终端设备302再次进入家庭安全域后无法再次控制家庭安全域的设备,需要由激活设备301重新配置。这样,终端设备在不同安全域中移动时,每次都需要重新配置,用户体验不好。Take the terminal device 302 shown in FIG. 3 as an example, even if the client APP of the terminal device 302 is reset, the activated device Boss can configure the client APP of the terminal device 302 to realize the terminal device 302 and the devices in the office network If the terminal device 302 enters the home security domain again, it cannot control the devices in the home security domain again and needs to be reconfigured by the activation device 301. In this way, when the terminal device moves in different security domains, it needs to be reconfigured each time, and the user experience is not good.
基于上述问题,本发明提供一种访问控制方法,本发明实施例的访问控制入方法可以应用于图4所示的物联网系统400,包括:激活设备401、凭证管理服务器402、终端 设备403-1、激活设备404、凭证管理服务器405和终端设备403-2。Based on the above-mentioned problems, the present invention provides an access control method. The access control entry method of the embodiment of the present invention can be applied to the Internet of Things system 400 shown in FIG. 4, including: activation device 401, credential management server 402, and terminal device 403- 1. Activation device 404, credential management server 405, and terminal device 403-2.
其中,激活设备401和凭证管理服务器402属于同一安全域:安全域1,激活设备404和凭证管理服务器405属于同一安全域:安全域2。激活设备401为安全域1的OBT即主人,凭证管理服务器402管理和配置安全域1中设备的凭证。激活设备404为网络2的OBT即主人,凭证管理服务器405管理和配置安全域2中各设备的凭证。The activation device 401 and the credential management server 402 belong to the same security domain: security domain 1, and the activation device 404 and the credential management server 405 belong to the same security domain: security domain 2. The activation device 401 is the OBT of the security domain 1, that is, the owner, and the credential management server 402 manages and configures the credential of the device in the security domain 1. The activation device 404 is the OBT of the network 2, that is, the owner, and the credential management server 405 manages and configures the credential of each device in the secure domain 2.
当终端设备403-1或终端设备403-2进入安全域1所在的网络,激活设备401对终端设备403-1或终端设备403-2进行配置,使得终端设备403-1或终端设备403-2进入安全域1。如图4所示,当终端设备403-2与终端设备403-1同时进入安全域1,终端设备403-2与终端设备403-1可进行互联互通。When the terminal device 403-1 or the terminal device 403-2 enters the network where the security domain 1 is located, the activation device 401 configures the terminal device 403-1 or the terminal device 403-2 so that the terminal device 403-1 or the terminal device 403-2 Enter security zone 1. As shown in FIG. 4, when the terminal device 403-2 and the terminal device 403-1 enter the security domain 1 at the same time, the terminal device 403-2 and the terminal device 403-1 can communicate with each other.
激活设备401、终端设备403-1和终端设备403-2可以指接入终端、用户设备(User Equipment,UE)、用户单元、用户站、移动站、移动台、远方站、远程终端、移动设备、用户终端、终端、无线通信设备、用户代理或用户装置。接入终端可以是蜂窝电话、无绳电话、会话启动协议(Session Initiation Protocol,SIP)电话、无线本地环路(Wireless Local Loop,WLL)站、个人数字处理(Personal Digital Assistant,PDA)、具有无线通信功能的手持设备、计算设备或连接到无线调制解调器的其它处理设备、车载设备、可穿戴设备、5G网络中的终端设备或者未来演进的PLMN中的设备等。The activation device 401, terminal device 403-1, and terminal device 403-2 may refer to access terminals, user equipment (UE), user units, user stations, mobile stations, mobile stations, remote stations, remote terminals, and mobile devices. , User terminal, terminal, wireless communication equipment, user agent or user device. The access terminal can be a cellular phone, a cordless phone, a Session Initiation Protocol (SIP) phone, a wireless local loop (Wireless Local Loop, WLL) station, a personal digital processing (Personal Digital Assistant, PDA), with wireless communication Functional handheld devices, computing devices or other processing devices connected to wireless modems, in-vehicle devices, wearable devices, terminal devices in 5G networks, or devices in the future evolution of PLMN, etc.
图4示例性地示出了两个安全域和两个终端设备,可选地,该物联网系统300可以包括两个以上的安全域以及与两个以上的终端设备,本发明实施例对此不做限定,且一个安全域下的终端设备的数量不进行任何的限制。Figure 4 exemplarily shows two security domains and two terminal devices. Optionally, the Internet of Things system 300 may include more than two security domains and more than two terminal devices. There is no restriction, and there is no restriction on the number of terminal devices in a security domain.
这里,安全域1和安全域2可属于同一网络,也可属于不同的网络。Here, the security domain 1 and the security domain 2 may belong to the same network, or may belong to different networks.
图4所示的物联网还可包括:传感器、激光扫描系统和智能家电等物联网设备。The Internet of Things shown in Figure 4 may also include Internet of Things devices such as sensors, laser scanning systems, and smart home appliances.
本发明实施例提供的访问控制方法的一种可选的处理流程,如图5所示,包括以下步骤:An optional processing flow of the access control method provided by the embodiment of the present invention, as shown in FIG. 5, includes the following steps:
步骤S501,终端设备确定所在的安全域的访问设备的角色。Step S501: The terminal device determines the role of the access device in the security domain where it is located.
可选地,终端设备所在的安全域为已经进入的安全域。可选地,终端设备所在的安全域为未进入而待进入的安全域。Optionally, the security domain where the terminal device is located is an already entered security domain. Optionally, the security domain in which the terminal device is located is a security domain that has not entered but is to be entered.
以终端设备所在的安全域为已经进入的安全域为例,当前安全域对应的激活设备对终端设备进行过配置,终端设备可与当前安全域中的其他终端设备进行互联互通。Taking the security domain where the terminal device is located is an already entered security domain as an example, the active device corresponding to the current security domain has configured the terminal device, and the terminal device can communicate with other terminal devices in the current security domain.
以终端设备所在的安全域为待进入的安全域为例,当前安全域对应的激活设备未对终端设备进行过配置,终端设备与当前安全域中的其他终端设备无法进行互联互通。Taking the security domain in which the terminal device is located is the security domain to be entered as an example, the active device corresponding to the current security domain has not configured the terminal device, and the terminal device cannot communicate with other terminal devices in the current security domain.
访问设备为终端设备所在的安全域中请求对终端设备中的安全资源进行配置的设备,可为终端设备所在的安全域中的以下设备至少之一:激活设备、CMS、以及其他终端设备。The access device is a device in the security domain where the terminal device is located that requests to configure the security resources in the terminal device, and may be at least one of the following devices in the security domain where the terminal device is located: activation device, CMS, and other terminal devices.
在本发明实施例中,在步骤S501之前,如图5所示,包括步骤S500,访问设备向终端设备发送所述访问设备的角色。此时,终端设备接收到访问设备发送的访问设备的角色。In the embodiment of the present invention, before step S501, as shown in FIG. 5, step S500 is included. The access device sends the role of the access device to the terminal device. At this time, the terminal device receives the role of the access device sent by the access device.
可选地,不同安全域的访问设备的角色相同。可选地,不同安全域的访问设备的角色不同。Optionally, the roles of access devices in different security domains are the same. Optionally, the roles of access devices in different security domains are different.
可选地,所述访问设备向所在的安全域的所述终端设备发送角色证书,所述角色证书的公开字段中包括所述访问设备的角色。此时,步骤S501终端设备确定所在的安全域的访问设备的角色,包括:所述终端设备从所在的安全域的访问设备发送的角色证书中的公开字段确定所述访问设备的角色。Optionally, the access device sends a role certificate to the terminal device in the security domain where it is located, and the public field of the role certificate includes the role of the access device. At this time, step S501 that the terminal device determines the role of the access device in the security domain includes: the terminal device determines the role of the access device from the public field in the role certificate sent by the access device in the security domain.
在本发明实施例中,访问设备的角色可通过角色标识来表征。可选地,不同访问设备的角色相同,比如:访问设备1和访问设备2的角色都是owner。可选地,不同访问设备的角色不同,比如:访问设备1的角色为owner1,访问设备2的角色为owner2。In the embodiment of the present invention, the role of the access device can be characterized by a role identifier. Optionally, the roles of different access devices are the same. For example, the roles of access device 1 and access device 2 are both owner. Optionally, different access devices have different roles. For example, the role of access device 1 is owner1, and the role of access device 2 is owner2.
步骤S502,在所述终端设备的访问控制列表的访问控制角色包括所述访问设备的角色的情况下,所述终端设备允许具有所述访问设备对所述终端设备中的安全资源进行配置。Step S502: In the case that the access control role of the access control list of the terminal device includes the role of the access device, the terminal device allows the access device to configure the security resources in the terminal device.
终端设备确定访问设备的角色后,查询终端设备中的访问控制列表(Access Control List,ACL)的至少一个访问控制角色中是否包括访问设备的角色。在包括的情况下,则允许访问设备对所述终端设备中的安全资源进行配置,在不包括的情况下,则不允许访问设备对所述终端设备中的安全资源进行配置。其中,访问控制角色为被允许进行所述安全资源的配置的角色After determining the role of the access device, the terminal device queries whether the role of the access device is included in at least one access control role of the access control list (ACL) in the terminal device. If it is included, the access device is allowed to configure the secure resource in the terminal device. If it is not included, the access device is not allowed to configure the secure resource in the terminal device. Wherein, the access control role is a role that is allowed to configure the security resource
在本发明实施例中,不同的角色证书中的角色可相同,角色证书的公开字段中标明该角色证书的角色。In the embodiment of the present invention, the roles in different role certificates may be the same, and the public field of the role certificate indicates the role of the role certificate.
在本发明实施例中,终端设备中包括至少一个访问控制列表,一个访问控制列表包括一个或多个访问控制角色。其中,一个访问控制列表可包括一个或多个访问控制项,一个访问控制项对应一个访问控制角色,不同的访问控制项对应不同或相同的访问控制角色。In the embodiment of the present invention, the terminal device includes at least one access control list, and one access control list includes one or more access control roles. Wherein, an access control list may include one or more access control items, one access control item corresponds to one access control role, and different access control items correspond to different or the same access control role.
在一示例中,终端设备中包括3个访问控制列表:列表1、列表2和列表3,其中,列表1中访问控制角色为角色1,列表2中访问控制角色为角色2和角色3,列表3中访问控制角色为角色4,当访问设备的角色为角色2时,则允许访问设备对终端设备中的安全资源进行配置,当访问设备的角色为角色5时,则不允许访问设备对终端设备中的安全资源进行配置。In an example, the terminal device includes three access control lists: List 1, List 2, and List 3. The access control role in List 1 is role 1, and the access control role in List 2 is role 2 and role 3. List The access control role in 3 is role 4. When the role of the access device is role 2, the access device is allowed to configure the security resources in the terminal device. When the role of the access device is role 5, the access device to the terminal is not allowed The security resources in the device are configured.
可选地,所述终端设备中的安全资源包括:业主资源(/oic/sec/doxm)、凭证资源(/oic/sec/cred)、状态资源(/oic/sec/pstat)等终端设备中与初始化配置相关的资源中的一个资源或多个资源。其中,业主资源是设备业主相关的资源,凭证资源是安全凭证相关的资源,状态资源是配置状态相关的资源。Optionally, the security resources in the terminal equipment include: owner resources (/oic/sec/doxm), credential resources (/oic/sec/cred), status resources (/oic/sec/pstat) and other terminal equipment One or more resources among the resources related to the initial configuration. Among them, the owner resource is the resource related to the equipment owner, the credential resource is the resource related to the security credential, and the state resource is the resource related to the configuration state.
可选地,访问设备对安全资源进行配置为对安全资源中的信息进行增加、修改、删除等操作。Optionally, the access device configures the secure resource to perform operations such as adding, modifying, and deleting information in the secure resource.
以访问设备为凭证管理服务器且凭证管理服务器对凭证资源进行增加操作为例,终端设备的凭证资源中包括:终端设备与冰箱建立连接的凭证1,终端设备与电视机建立连接的凭证2。终端设备允许凭证管理服务器对终端设备中的凭证资源进行配置时,凭证管理服务器向终端设备中的凭证资源中增加终端设备与台灯的建立连接的凭证3,使得终端设备能够与在与冰箱、洗衣机能够互联互通的基础上,能够与台灯建立互联互通。Taking the access device as the credential management server and the credential management server adding the credential resource as an example, the credential resource of the terminal device includes: credential 1 for establishing a connection between the terminal device and a refrigerator, and credential 2 for establishing a connection between the terminal device and a TV. When the terminal device allows the credential management server to configure the credential resource in the terminal device, the credential management server adds the credential 3 for establishing the connection between the terminal device and the lamp to the credential resource in the terminal device, so that the terminal device can communicate with the refrigerator and washing machine. On the basis of being able to interoperate, it can establish interoperability with the desk lamp.
可选地,所述访问列表中还包括:对应所述访问控制角色的被允许访问的安全资源;步骤S502中所述终端设备允许所述访问设备对所述终端设备中的安全资源进行配置,包括:所述终端设备允许所述访问设备对所述终端设备中的目标安全资源进行配置,所述目标安全资源为对应所述访问设备的角色的被允许访问的安全资源。Optionally, the access list further includes: security resources that are allowed to be accessed corresponding to the access control role; in step S502, the terminal device allows the access device to configure the security resources in the terminal device, The method includes: the terminal device allows the access device to configure a target security resource in the terminal device, and the target security resource is a security resource that is allowed to be accessed corresponding to the role of the access device.
访问控制列表中被允许访问的安全资源通过URL指示。The security resources that are allowed to be accessed in the access control list are indicated by the URL.
比如:访问控制列表中访问控制角色为角色1,对应角色1的被允许访问的安全资源为:URL1,则在访问设备的角色为角色1的情况下,终端设备允许访问设备访问URL1指示的安全资源。For example: the access control role in the access control list is role 1, and the security resource that is allowed to access corresponding to role 1 is: URL1. When the role of the access device is role 1, the terminal device allows the access device to access the security indicated by URL1 Resources.
在本发明实施例中,访问控制列表中被允许访问的安全资源包括一个或多个安全 资源,不同的安全资源通过不同的URL指示。当多个访问控制项对应同一个访问控制角色,各访问控制项中访问控制角色对应的安全资源可不同。In the embodiment of the present invention, the security resources that are allowed to be accessed in the access control list include one or more security resources, and different security resources are indicated by different URLs. When multiple access control items correspond to the same access control role, the security resources corresponding to the access control roles in each access control item can be different.
可选地,所述访问控制列表还包括:对应所述访问控制角色的操作权限;对应的,步骤S502中终端设备允许所述访问设备对所述终端设备中的安全资源进行配置,包括:所述终端设备允许所述访问设备对所述终端设备中的安全资源进行目标操作权限对应的配置,所述目标操作权限为对应所述访问设备的角色的操作权限。Optionally, the access control list further includes: operation authority corresponding to the access control role; correspondingly, in step S502, the terminal device allows the access device to configure the security resources in the terminal device, including: The terminal device allows the access device to perform configuration corresponding to a target operation authority on the secure resources in the terminal device, and the target operation authority is an operation authority corresponding to the role of the access device.
操作权限包括:创建(Create)、检索(Retrieve)、更新(Update)、删除(Delete)和通知(Notify)等,其中,对应所述访问控制角色的操作权限可包括上述操作权限中的一个或多个。以操作权限为更新为例,终端设备允许访问设备对终端设备中的安全资源进行更新。Operation permissions include: Create (Create), Retrieve (Retrieve), Update (Update), Delete (Delete), and Notification (Notify), etc., wherein the operation permissions corresponding to the access control role may include one of the above-mentioned operation permissions or Multiple. Taking the update of the operating authority as an example, the terminal device allows the access device to update the secure resources in the terminal device.
以访问控制列表中包括:访问控制角色、对应访问控制角色的被允许访问的安全资源以及对应访问控制角色的操作权限为例,访问控制列表包括以下内容:Taking the access control list including: the access control role, the security resources that are allowed to access to the corresponding access control role, and the operation authority of the corresponding access control role as an example, the access control list includes the following content:
Figure PCTCN2019105474-appb-000004
Figure PCTCN2019105474-appb-000004
在又一示例中,一个访问控制列表的内容如下:In another example, the content of an access control list is as follows:
Figure PCTCN2019105474-appb-000005
Figure PCTCN2019105474-appb-000005
Figure PCTCN2019105474-appb-000006
Figure PCTCN2019105474-appb-000006
这里,访问控制项对应的主体中包括该访问控制项的访问控制角色。Here, the subject corresponding to the access control item includes the access control role of the access control item.
上述访问控制列表表示角色为oic.owner.office的访问设备被允许完全控制终端设备中的安全资源:/oic/sec/doxm、/oic/sec/cred和/oic/sec/pstat"。The above access control list indicates that the access device with the role of oic.owner.office is allowed to fully control the security resources in the terminal device: /oic/sec/doxm, /oic/sec/cred, and /oic/sec/pstat".
在本发明实施例中,对于不同的访问设备,所述访问控制列表为同一个访问控制列表,且所述不同的访问设备的角色相同;或对于不同的访问设备,所述访问控制列表为不同的访问控制列表,且所述不同的访问设备的角色不同。In the embodiment of the present invention, for different access devices, the access control lists are the same access control list, and the roles of the different access devices are the same; or for different access devices, the access control lists are different Access control list, and the roles of the different access devices are different.
以对于不同安全域的访问设备,所述访问控制列表为同一个访问控制列表,且所述不同安全域的访问设备的角色相同,访问设备为凭证管理服务器为例,安全域1的凭证管理服务器1和安全域2的凭证管理服务器2的角色都是owner,则终端设备中包括访问控制角色为owner的访问控制列表,则允许凭证管理服务器1和凭证管理服务器2对终端设备中的安全资源进行配置。Taking the access devices in different security domains, the access control list is the same access control list, and the roles of the access devices in the different security domains are the same, and the access device is a credential management server as an example, the credential management server of security domain 1 The roles of credential management server 2 in security domain 1 and security domain 2 are both owner, and the terminal device includes an access control list whose access control role is owner, and then credential management server 1 and credential management server 2 are allowed to perform access to secure resources in the terminal device. Configuration.
以对于不同安全域的访问设备,所述访问控制列表为不同的访问控制列表,且所述不同安全域的访问设备的角色不同,访问设备为凭证管理服务器为例,安全域1凭证管理服务器1的角色为owner1,安全域2凭证管理服务器2的角色为owner2,则终端设备中包括访问控制角色为owner1的访问控制列表1,则基于访问控制列表1允许凭证管理服务器1对终端设备中的安全资源进行控制,终端设备中包括访问控制角色为owner2的访问控制列表2,则基于访问控制列表2允许凭证管理服务器2对终端设备中的安全资源进行控制。For access devices in different security domains, the access control lists are different access control lists, and the roles of the access devices in different security domains are different, and the access devices are credential management servers as an example, security domain 1 credential management server 1 The role of the credential management server 2 in the security domain is owner1, and the role of the credential management server 2 in the security domain 2 is owner2, and the terminal device includes the access control list 1 with the access control role of owner1. Based on the access control list 1, the credential management server 1 is allowed to secure the terminal Resources are controlled. The terminal device includes an access control list 2 with an access control role of owner2. Based on the access control list 2, the credential management server 2 is allowed to control the secure resources in the terminal device.
在实际应用中,终端设备的访问控制列表包括的访问控制角色中,部分访问控制角色为多个不同访问设备的共同的角色,部分访问控制角色分别对应不同的访问设备。In practical applications, among the access control roles included in the access control list of the terminal device, some of the access control roles are common roles of multiple different access devices, and some of the access control roles correspond to different access devices.
可选地,所述访问控制列表预置于所述终端设备中。终端设备中的访问控制列表可在出厂前预置在终端设备中,在对终端设备进行初始化操作时,终端设备中预置的访问控制列表不会被清除。Optionally, the access control list is preset in the terminal device. The access control list in the terminal device can be preset in the terminal device before leaving the factory. When the terminal device is initialized, the access control list preset in the terminal device will not be cleared.
可选地,所述访问控制列表由激活设备配置。Optionally, the access control list is configured by the activation device.
以所述访问控制列表由激活设备配置为例,所述激活设备包括:所述终端设备所在的安全域的激活设备;或所述终端设备所在的安全域以外的其他安全域的激活设备。Taking the access control list configured by an activation device as an example, the activation device includes: an activation device in a security domain where the terminal device is located; or an activation device in a security domain other than the security domain where the terminal device is located.
在激活设备为终端设备所在的安全域以外的其他安全域的激活设备的情况下,由该终端设备所在的安全域以外的其他安全域的激活设备对该终端设备进行配置时,向该终端设备配置访问控制列表。When the activation device is an activation device in a security domain other than the security domain in which the terminal device is located, when the terminal device is configured by an activation device in a security domain other than the security domain in which the terminal device is located, the terminal device Configure the access control list.
本发明实施例中,在一角色包括在终端设备中的访问控制列表的访问控制角色中,其他安全域的激活设备不再向终端设备配置访问控制角色中配置该角色的访问控制列表,从而在具有相同的角色的多个安全域中可共用同一个访问控制列表,避免进行访问控制列表的重复配置。In the embodiment of the present invention, a role is included in the access control role of the access control list in the terminal device, and the activated devices of other security domains no longer configure the access control list of this role in the terminal device configuration access control role, thereby Multiple security domains with the same role can share the same access control list to avoid repeated configuration of the access control list.
在访问控制列表由当前安全域的激活设备配置的情况下,在步骤S501之前,如图6所示,包括:步骤S600,激活设备向终端设备配置访问控制列表。In the case that the access control list is configured by the active device of the current security domain, before step S501, as shown in FIG. 6, it includes: step S600: the active device configures the access control list to the terminal device.
所述访问控制列表用于所述访问控制列表至少一个访问控制角色中包括访问设备的角色,所述终端设备允许所述访问设备对所述终端设备中的安全资源进行配置。The access control list is used for the at least one access control role of the access control list including the role of the access device, and the terminal device allows the access device to configure the security resources in the terminal device.
可选地,所述访问控制列表还包括以下至少之一:对应所述访问控制角色被允许访问的安全资源和操作权限。Optionally, the access control list further includes at least one of the following: security resources and operation permissions that are allowed to be accessed by the corresponding access control role.
在本发明实施例中,在步骤S502之前,如图7所示,包括步骤S701:所述终端设备根据信任根对所述访问设备的角色证书进行认证,以确认所述访问设备的角色。In the embodiment of the present invention, before step S502, as shown in FIG. 7, step S701 is included: the terminal device authenticates the role certificate of the access device according to the root of trust to confirm the role of the access device.
这里,信任根中包括对访问设备的角色证书进行认证的公钥等密钥,通过密钥对访问设备的角色证书的签名进行验证,以验证角色证书的合法性,对访问设备的角色进行确认。这里,访问设备的角色证书的签名验证通过,则表征访问设备的证书颁发机构(Certificate Authority,CA)和终端设备的CA为同一CA或者为互相可信的CA,访问设备的角色证书合法。Here, the root of trust includes keys such as the public key for authenticating the role certificate of the access device, and the signature of the role certificate of the access device is verified by the key to verify the legitimacy of the role certificate and confirm the role of the access device . Here, if the signature verification of the role certificate of the access device is passed, it means that the certificate authority (Certificate Authority, CA) of the access device and the CA of the terminal device are the same CA or mutually trusted CA, and the role certificate of the access device is legal.
在实际应用中,信任根中还可包括证书链等用于确定颁发角色证书的CA的信息,这里,当终端设备根据信任根对访问设备的角色证书进行验证,确定访问设备的CA。In practical applications, the root of trust may also include information used to determine the CA issuing the role certificate, such as a certificate chain. Here, when the terminal device verifies the role certificate of the access device according to the root of trust, the CA of the access device is determined.
可选地,对于不同安全域的访问设备,所述信任根为同一信任根。可选地,对于不同安全域的访问设备,所述信任根为不同的信任根。Optionally, for access devices in different security domains, the root of trust is the same root of trust. Optionally, for access devices in different security domains, the roots of trust are different roots of trust.
不同安全域的访问设备的角色证书不同,不同的角色证书中的角色可相同也可不同。不同安全域的访问设备具有相同的CA,则通过同一信任根对这些不同安全域的访问设备进行认证,不同安全域的访问设备具有不同的CA,则通过不同的信任根对这些不同安全域的访问设备进行认证。The role certificates of access devices in different security domains are different, and the roles in different role certificates can be the same or different. The access devices in different security domains have the same CA, and the access devices in these different security domains are authenticated through the same root of trust. The access devices in different security domains have different CAs, and the access devices in these different security domains are authenticated through different roots of trust. Access the device for authentication.
可选地,所述信任根预置于所述终端设备中。终端设备中的信任根可在出厂前预置在终端设备中,在对终端设备进行初始化操作时,终端设备中预置的信任根不会被清除。Optionally, the root of trust is preset in the terminal device. The root of trust in the terminal device can be preset in the terminal device before leaving the factory. When the terminal device is initialized, the root of trust preset in the terminal device will not be cleared.
可选地,所述信任根由激活设备配置。Optionally, the root of trust is configured by the activation device.
以所述信任根由激活设备配置为例,所述激活设备包括:所述终端设备所在的安全域的激活设备;或所述终端设备所在的安全域以外的其他安全域的激活设备。Taking the root of trust configured by an activation device as an example, the activation device includes: an activation device in a security domain where the terminal device is located; or an activation device in a security domain other than the security domain where the terminal device is located.
在激活设备为终端设备所在的安全域以外的其他安全域的激活设备的情况下,由该终端设备所在的安全域以外的其他安全域的激活设备对该终端设备进行配置时,向该终端设备配置信任根。When the activation device is an activation device in a security domain other than the security domain in which the terminal device is located, when the terminal device is configured by an activation device in a security domain other than the security domain in which the terminal device is located, the terminal device Configure the root of trust.
本发明实施例中,对多个安全域的访问设备角色证书进行认证的信任根为同一信任根的情况下,在终端设备中具有该信任根后,其他安全域的激活设备不再向终端设备中配置信任根,从而在多个安全域中可共用同一个信任根,避免进行信任根的重复配置。In the embodiment of the present invention, in the case that the root of trust for authenticating the access device role certificates of multiple security domains is the same root of trust, after the terminal device has the root of trust, the activated devices of other security domains no longer report to the terminal device. To configure the root of trust in multiple security domains, the same root of trust can be shared, avoiding repeated configuration of the root of trust.
本发明实施例中,当访问控制列表和信任根都预置的情况下,由于已配置了这些安全域对应的访问控制列表,因此不需要每次配置时再重复进行OTM的操作,避免了过多繁琐的资源主人配置。In the embodiment of the present invention, when the access control list and the root of trust are both preset, since the access control lists corresponding to these security domains have been configured, there is no need to repeat the OTM operation each time the configuration is performed, thereby avoiding the Many tedious resource master configuration.
在信任根由当前安全域的激活设备配置的情况下,在步骤S501之前,如图7所示,包括:步骤S700,所述激活设备向终端设备配置信任根。In the case that the root of trust is configured by the activation device of the current security domain, before step S501, as shown in FIG. 7, the method includes: step S700, in which the activation device configures the root of trust on the terminal device.
所述信任根用于所述终端设备对所述访问设备的角色证书进行认证,以确认所述访问设备的角色。The root of trust is used by the terminal device to authenticate the role certificate of the access device to confirm the role of the access device.
在本发明实施例中,在所述终端设备进入所述安全域之前,所述方法还包括:In the embodiment of the present invention, before the terminal device enters the security domain, the method further includes:
所述终端设备保留所述安全资源对应的配置信息;或所述终端设备初始化所述安全资源对应的配置信息。The terminal device retains the configuration information corresponding to the secure resource; or the terminal device initializes the configuration information corresponding to the secure resource.
这里,所述安全资源的配置信息为终端设备之前的安全域中的访问设备对安全资源进行的配置。Here, the configuration information of the security resource is the configuration of the security resource by the access device in the security domain before the terminal device.
在所述终端设备保留所述安全资源对应的配置信息的情况下,终端设备中保留之 前的安全域中的配置信息,从而由当前的安全域移动到之前的安全域时,能够直接基于保留的配置信息与之前的安全域中的设备进行互联互通。In the case that the terminal device retains the configuration information corresponding to the security resource, the terminal device retains the configuration information in the previous security domain, so that when moving from the current security domain to the previous security domain, it can be directly based on the reserved security domain. The configuration information is interconnected with the devices in the previous security domain.
在所述终端设备初始化所述安全资源对应的配置信息的情况下,终端设备中清除之前的安全域中的配置信息,恢复出厂设置。When the terminal device initializes the configuration information corresponding to the security resource, the terminal device clears the configuration information in the previous security domain and restores the factory settings.
这里,配置信息主要是在前一个安全域中配置的业主资源、凭证资源、状态资源等安全资源的初始化信息。终端设备出售或转让给别人,则用户之前配置的信息应该清空,以使终端设备恢复无主状态。终端设备未出售或转让,只是进入一个新的安全域,则之前的安全域所配置的各种初始化信息可保留。Here, the configuration information is mainly the initialization information of security resources such as owner resources, credential resources, and status resources configured in the previous security domain. If the terminal equipment is sold or transferred to others, the information previously configured by the user should be cleared so that the terminal equipment can be restored to an unowned state. The terminal device is not sold or transferred, but only enters a new security domain, and various initialization information configured in the previous security domain can be retained.
可选地,所述终端设备保留所述安全资源对应的配置信息的保留条件包括以下至少之一:接收到指示保留所述配置信息的保留指令;以及未接收到指示初始化所述配置信息的初始化指令。Optionally, the reservation condition for the terminal device to reserve the configuration information corresponding to the secure resource includes at least one of the following: receiving a reservation instruction instructing to reserve the configuration information; and not receiving an initialization instructing to initialize the configuration information instruction.
可选地,所述终端设备初始化所述安全资源对应的配置信息的初始化条件包括以下至少之一:接收到指示初始化所述配置信息的初始化指令;以及未接收到指示保留所述配置信息的保留指令。Optionally, the initialization condition for the terminal device to initialize the configuration information corresponding to the secure resource includes at least one of the following: receiving an initialization instruction instructing to initialize the configuration information; and not receiving a reservation instructing to retain the configuration information instruction.
可选地,终端设备默认保留配置信息,终端设备在进入安全域之前,可输出配置信息是否初始化的提示。在接收到用户的指示初始化所述配置信息的初始化指令的情况下,初始化所述安全资源对应的配置信息;在未接收到用户的指示初始化所述配置信息的初始化指令的情况下,保留所述安全资源对应的配置信息。Optionally, the terminal device retains the configuration information by default, and the terminal device may output a prompt whether the configuration information is initialized before entering the security domain. In the case of receiving an initialization instruction instructing to initialize the configuration information from a user, initialize the configuration information corresponding to the secure resource; in a case in which an initialization instruction instructing to initialize the configuration information from a user is not received, the The configuration information corresponding to the security resource.
可选地,终端设备默认初始化配置信息,终端设备在进入安全域之前,可输出配置信息是否保留的提示。在接收到用户的指示保留所述配置信息的保留指令的情况下,保留所述安全资源对应的配置信息;在未接收到用户的指示保留所述配置信息的保留指令的情况下,初始化所述安全资源对应的配置信息。Optionally, the terminal device initializes the configuration information by default, and the terminal device may output a prompt whether the configuration information is retained before entering the security domain. In the case of receiving the reservation instruction of the user instructing to reserve the configuration information, the configuration information corresponding to the secure resource is reserved; in the case of not receiving the reservation instruction of the user instructing to reserve the configuration information, the initialization of the The configuration information corresponding to the security resource.
本发明实施例提供的访问控制方法,包括:终端设备确定所在的安全域的访问设备的角色;在所述终端设备的访问控制列表的至少一个访问控制角色中包括所述访问设备的角色的情况下,所述终端设备允许所述访问设备对所述终端设备中的安全资源进行配置。由于在终端设备中设置访问控制列表,当访问设备的角色包括在访问控制列表的访问控制角色中,则可认为访问设备对终端设备中的安全资源具有配置权限,允许访问设备对终端设备中的安全资源进行配置,从而基于访问控制列表实现不同安全域的访问设备对终端设备中的安全资源的配置,能够避免重复繁琐的资源主人的配置过程,打破终端设备在不同安全域的访问隔离。The access control method provided by the embodiment of the present invention includes: the terminal device determines the role of the access device in the security domain where it is located; the situation where the role of the access device is included in at least one access control role in the access control list of the terminal device Next, the terminal device allows the access device to configure the secure resources in the terminal device. Since the access control list is set in the terminal device, when the role of the access device is included in the access control role of the access control list, it can be considered that the access device has the configuration authority to the security resources in the terminal device, and the access device is allowed to control the security resources in the terminal device. The security resources are configured, so that access devices in different security domains configure the security resources in the terminal device based on the access control list, which can avoid repeating the tedious configuration process of the resource owner and break the access isolation of the terminal device in different security domains.
本发明实施例提供的访问控制方法中,基于信任根(Trust Anchor,TA)可预置也可由激活设备配置时,ACL可预置也可由激活设备配置,本发明实施例提供的访问控制方法包括以下场景:In the access control method provided by the embodiment of the present invention, when the root of trust (Trust Anchor, TA) can be preset or configured by the activation device, the ACL can be preset or configured by the activation device. The access control method provided by the embodiment of the present invention includes The following scenarios:
场景1、TA预置,ACL预置;Scenario 1. TA preset and ACL preset;
场景2、TA预置,ACL由OBT配置;Scenario 2. TA presets, ACL is configured by OBT;
场景3、TA由OBT配置,ACL由OBT配置;Scenario 3: TA is configured by OBT, ACL is configured by OBT;
场景4、TA由OBT配置,ACL预置。Scenario 4. TA is configured by OBT and ACL is preset.
其中,ACL的作用是根据对端设备的角色使其具有相应的权限,ACL设置了必须角色oic.owner才能访问凭证资源,则CMS的角色必须认证为oic.owner才能配置凭证资源。Among them, the role of ACL is to enable it to have corresponding permissions based on the role of the peer device. The ACL sets the required role oic.owner to access credential resources, and the role of CMS must be authenticated as oic.owner to configure credential resources.
TA的作用是认证CMS的角色证书的身份,当终端设备收到CMS声明的角色证书后,使用TA验证该角色证书是否合法,若验证合法,则设备认为CMS具有角色证书中的角色身份,如oic.owner。The role of TA is to authenticate the identity of the role certificate of the CMS. When the terminal device receives the role certificate declared by the CMS, it uses the TA to verify the legality of the role certificate. If the verification is legal, the device considers the CMS to have the role identity in the role certificate, such as oic.owner.
在本发明中,ACL设置的角色权限是oic.owner1,而TA可认证的证书是oic.owner2角色的证书。持有oic.owner1的角色证书的CMS连接时,由于没有合适的TA而无法验证oic.owner1角色身份;当持有oic.owner2角色证书的CMS连接时,能够验证角色身份,但由于ACL不匹配,则也不会有相应的配置权限。因此,ACL和TA具有关联关系(如都关联到oic.owner)才能发挥作用,从而保证对端设备的合法性。In the present invention, the role authority set by the ACL is oic.owner1, and the certificate that can be authenticated by the TA is the certificate of the role of oic.owner2. When the CMS holding the role certificate of oic.owner1 is connected, the role identity of oic.owner1 cannot be verified because there is no suitable TA; when the CMS holding the role certificate of oic.owner2 is connected, the role identity can be verified, but the ACL does not match , There will be no corresponding configuration permissions. Therefore, ACL and TA have an association relationship (for example, both are associated with oic.owner) to play a role, thereby ensuring the legitimacy of the peer device.
下面,本发明实施例以终端设备为移动设备、访问设备为CMS为例,通过不同的应用场景对提供的访问控制方法进行说明。需要说明的是,实例一至实例三中以访问设备为CMS为例对本发明实施例提供的访问控制方法进行说明,在实际应用中,当访问设备为OBT时,OBT与移动设备的交互可参考CMS与移动设备的交互。Hereinafter, in the embodiment of the present invention, the terminal device is a mobile device and the access device is a CMS as an example, and the provided access control method is described through different application scenarios. It should be noted that, in Examples 1 to 3, the access control method provided by the embodiment of the present invention is explained by taking the access device as CMS as an example. In practical applications, when the access device is OBT, the interaction between OBT and mobile device can refer to CMS. Interaction with mobile devices.
实例一Example one
移动设备预置面向业主角色(oic.owner)的访问控制列表。当接入的对端设备即访问设备认证为oic.owner时,移动设备允许对端设备访问其安全资源。访问控制列表可以ACL资源的形式进行配置。The mobile device is preset with an access control list for the role of the owner (oic.owner). When the connected peer device, that is, the access device, is authenticated as oic.owner, the mobile device allows the peer device to access its secure resources. The access control list can be configured in the form of ACL resources.
在一示例中,ACL安全资源的内容包括如下:In an example, the content of ACL security resources includes the following:
Figure PCTCN2019105474-appb-000007
Figure PCTCN2019105474-appb-000007
上述ACL表示角色认证为oic.owner的对端设备被允许完全控制移动设备的安全资源:“/oic/sec/doxm”、“/oic/sec/cred”和“/oic/sec/pstat”。The above ACL indicates that the peer device whose role is authenticated as oic.owner is allowed to fully control the security resources of the mobile device: "/oic/sec/doxm", "/oic/sec/cred" and "/oic/sec/pstat".
OBT和CMS中预置了角色证书。角色证书公私钥采用相应设备的公私钥,证书公开字段中标明该证书的角色ID,如“oic.owner”。每个网络中的OBT和CMS所预置的角色证书都采用相同的oic.owner角色。Role certificates are preset in OBT and CMS. The public and private key of the role certificate adopts the public and private key of the corresponding device, and the public field of the certificate indicates the role ID of the certificate, such as "oic.owner". The role certificates preset by OBT and CMS in each network adopt the same oic.owner role.
在用户Dad购买的移动设备分别进入家庭网络和办公网络时,经过配置使移动设备可以分别在两个网络中工作。并且,移动设备在由一个网络移动到另一个网络后,能够无缝切换。When the mobile device purchased by the user Dad enters the home network and the office network respectively, the mobile device can be configured to work on the two networks separately. In addition, mobile devices can seamlessly switch after moving from one network to another.
移动设备在两个网络中的配置的流程如图8所示,包括:The configuration process of mobile devices in the two networks is shown in Figure 8, including:
步骤S801、移动设备进入家庭网络。Step S801: The mobile device enters the home network.
用户Dad令移动设备进入家庭网络即网络1,该家庭网络的owner为Mom的手机APP(OBT),家庭网络中的凭证管理服务器为Home CMS,负责管理和配置家庭网络中设备的凭证。The user Dad makes the mobile device enter the home network, namely network 1. The owner of the home network is Mom's mobile phone APP (OBT), and the credential management server in the home network is Home CMS, which is responsible for managing and configuring the credentials of the devices in the home network.
这里,在步骤S801之前,还包括:步骤S800:预置ACL。Here, before step S801, it further includes: step S800: preset ACL.
步骤S802、移动设备进入配置状态。Step S802: The mobile device enters the configuration state.
Dad设置移动设备进入配置状态。Dad sets the mobile device into the configuration state.
步骤S803、移动设备确认是否保留之前的配置信息。Step S803: The mobile device confirms whether to retain the previous configuration information.
移动设备通过人机接口询问用户Dad是否保留之前的配置信息,用户响应为否,则需要清除所有的配置信息。The mobile device asks the user Dad through the man-machine interface whether to retain the previous configuration information, and if the user responds with no, all the configuration information needs to be cleared.
步骤S804、移动设备清除所有配置信息。Step S804: The mobile device clears all configuration information.
用户Dad确定不保留之前的配置信息,移动设备清除所有配置信息,恢复出厂设置。The user Dad determines not to retain the previous configuration information, and the mobile device clears all configuration information and restores the factory settings.
步骤S805、Mom的OBT与移动设备建立OTM连接。In step S805, the OBT of Mom establishes an OTM connection with the mobile device.
步骤S806、Mom的OBT向移动设备配置TA1。Step S806: Mom’s OBT configures TA1 to the mobile device.
Mom的OBT配置移动设备,写入针对Home CMS的角色证书即role证书的信任根Trust Anchor(TA1)。TA1用于认证Home CMS的角色证书的合法性。例如,TA1为证书颁发机构CA的公钥签名证书,可从中提取CA公钥对role证书的签名进行验证。Mom’s OBT configures the mobile device and writes the role certificate for Home CMS, that is, the Trust Anchor (TA1) of the role certificate. TA1 is used to verify the legality of the role certificate of Home CMS. For example, TA1 is the public key signature certificate of the certification authority CA, from which the CA public key can be extracted to verify the signature of the role certificate.
此时,Mom的OBT完成OTM配置,移动设备开始与Home CMS进行P2P凭证配置。At this time, Mom's OBT completes the OTM configuration, and the mobile device starts to configure the P2P credential with Home CMS.
步骤S807、Home CMS与移动设备建立基于角色的安全连接。Step S807: The Home CMS establishes a role-based secure connection with the mobile device.
移动设备使用TA1对Home CMS的role证书进行认证,确认Home CMS的oic.owner角色身份,从而建立与移动设备建立基于角色的连接。The mobile device uses TA1 to authenticate the role certificate of the Home CMS and confirm the identity of the oic.owner role of the Home CMS, thereby establishing a role-based connection with the mobile device.
这里,建立基于角色的安全连接为使用角色证书建立的连接,包括:使用角色证书确认的对端设备的角色。这里,认证为不同的角色,则具有不同的访问控制权限。Here, the establishment of a role-based security connection is a connection established using a role certificate, including: the role of the peer device confirmed by the role certificate. Here, if you are authenticated as different roles, you have different access control permissions.
步骤S808、Home CMS配置安全凭证Cred1到移动设备的/oic/sec/cred资源。Step S808: The Home CMS configures the security credential Cred1 to the /oic/sec/cred resource of the mobile device.
例如,通过以下更新请求配置安全凭证Cred1。For example, configure the security credential Cred1 through the following update request.
Figure PCTCN2019105474-appb-000008
Figure PCTCN2019105474-appb-000008
步骤S809、移动设备根据预置的ACL以及Home CMS的oic.owner角色允许Home CMS对/oic/sec/cred资源的配置。Step S809: The mobile device allows the Home CMS to configure the /oic/sec/cred resource according to the preset ACL and the oic.owner role of the Home CMS.
步骤S8010、Home CMS配置移动设备进入正常工作状态。Step S8010, Home CMS configures the mobile device to enter a normal working state.
步骤S8011、移动设备进入办公网络。Step S8011, the mobile device enters the office network.
Dad携带移动设备进入办公网络即网络2,办公网络owner为Boss的OBT,由Office CMS管理和配置办公网络中设备的凭证。Dad enters the office network (Network 2) with his mobile device. The owner of the office network is the OBT of Boss. The Office CMS manages and configures the credentials of the devices in the office network.
步骤S8012、移动设备进入配置状态。Step S8012, the mobile device enters the configuration state.
Dad设置移动设备进入配置状态。Dad sets the mobile device into the configuration state.
步骤S8013、移动设备确认是否保留之前的配置信息。Step S8013: The mobile device confirms whether to retain the previous configuration information.
移动设备通过人机接口询问用户Dad是否保留之前的配置信息,用户响应为是,则需要保留所有的配置信息。The mobile device asks the user Dad through the man-machine interface whether to retain the previous configuration information, and the user responds yes, and all the configuration information needs to be retained.
步骤S8014、移动设备保留已有的配置信息。Step S8014: The mobile device retains the existing configuration information.
Dad确定保留之前的配置信息,移动设备不清除配置信息,允许建立新的OTM连 接。Dad confirms to keep the previous configuration information, the mobile device does not clear the configuration information, and allows the establishment of a new OTM connection.
步骤S8015、Boss的OBT与移动设备建立OTM连接。Step S8015, the OBT of the Boss establishes an OTM connection with the mobile device.
步骤S8016、Boss的OBT向移动设备配置TA2。Step S8016: The OBT of the Boss configures TA2 to the mobile device.
Boss的OBT配置移动设备,写入Office CMS的role证书Trust Anchor(TA2)。该TA2用于认证Office CMS的role证书的合法性。The OBT of Boss configures the mobile device and writes the role certificate Trust Anchor (TA2) of Office CMS. The TA2 is used to verify the legitimacy of the role certificate of Office CMS.
此时,Boss的OBT完成OTM配置,移动设备开始与Office CMS进行P2P凭证配置。At this point, the OBT of the Boss completes the OTM configuration, and the mobile device starts to configure the P2P credential with the Office CMS.
步骤S8017、Office CMS与移动设备建立基于角色的安全连接。Step S8017: The Office CMS establishes a role-based secure connection with the mobile device.
Office CMS与移动设备建立基于role的连接,移动设备使用TA2对Office CMS的role证书进行认证,确认Office CMS的oic.owner角色身份。The Office CMS establishes a role-based connection with the mobile device, and the mobile device uses TA2 to authenticate the role certificate of the Office CMS to confirm the role identity of the oic.owner of the Office CMS.
步骤S8018、Office CMS配置安全凭证Cred2到移动设备的/oic/sec/cred资源。Step S8018, Office CMS configures the security credential Cred2 to the /oic/sec/cred resource of the mobile device.
例如:E.g:
Figure PCTCN2019105474-appb-000009
Figure PCTCN2019105474-appb-000009
步骤S8019、移动设备根据预置的ACL以及Office CMS的oic.owner角色允许对/oic/sec/cred资源的配置。Step S8019: The mobile device allows the configuration of /oic/sec/cred resources according to the preset ACL and the oic.owner role of Office CMS.
步骤S8020、Office CMS配置移动设备进入正常工作状态。Step S8020, Office CMS configures the mobile device to enter a normal working state.
此时,用户Dad的移动设备能够与办公网络中安全域的其他智能设备互联互通,实现各种智能化场景。当用户Dad携带该移动设备回家后,该移动设备连接家庭网络,能够与家中安全域的其他智能设备互联互通,实现各种智能化场景。At this point, the mobile device of the user Dad can be interconnected with other smart devices in the security domain of the office network to realize various intelligent scenarios. When the user Dad brings the mobile device home, the mobile device is connected to the home network and can be interconnected with other smart devices in the security domain of the home to realize various intelligent scenarios.
实例二Example two
移动设备不预置面向业主角色(oic.owner)的ACL访问控制列表。The mobile device does not preset the ACL access control list for the owner role (oic.owner).
OBT和CMS则预置了角色证书。角色证书公私钥采用相应设备的公私钥,证书公开字段中标明该证书的角色ID,如“oic.owner”。Mom的OBT和Home CMS所预置的角色证书对应oic.owner.home角色,即证书公开字段中标明该证书的角色ID为oic.owner.home。Boss的OBT和Boss CMS所预置的角色证书对应oic.owner.office角色,即证书公开字段中标明该证书的角色ID为oic.owner.office。OBT and CMS have pre-built role certificates. The public and private key of the role certificate adopts the public and private key of the corresponding device, and the public field of the certificate indicates the role ID of the certificate, such as "oic.owner". The role certificate preset by Mom’s OBT and Home CMS corresponds to the role of oic.owner.home, that is, the role ID of the certificate is indicated as oic.owner.home in the certificate public field. The role certificate preset by Boss OBT and Boss CMS corresponds to the role of oic.owner.office, that is, the role ID of the certificate is indicated as oic.owner.office in the certificate public field.
在用户Dad购买的移动设备分别进入家庭网络和办公网络时,经过配置使移动设备可以分别在两个网络中工作。并且,移动设备在由一个网络移动到另一个网络后,能够无缝切换。When the mobile device purchased by the user Dad enters the home network and the office network respectively, the mobile device can be configured to work on the two networks separately. In addition, mobile devices can seamlessly switch after moving from one network to another.
移动设备在两个网络中的配置的流程如图9所示,包括:The configuration process of mobile devices in the two networks is shown in Figure 9, including:
步骤S901、移动设备进入家庭网络。Step S901: The mobile device enters the home network.
用户Dad令移动设备进入家庭网络即网路1,该家庭网络的owner为Mom的手机 APP(OBT),家庭网络中的凭证管理服务器为Home CMS,负责管理和配置家庭网络中设备的凭证。The user Dad makes the mobile device enter the home network, namely network 1. The owner of the home network is Mom’s mobile phone APP (OBT), and the credential management server in the home network is Home CMS, which is responsible for managing and configuring the credentials of the devices in the home network.
步骤S902、移动设备进入配置状态。Step S902: The mobile device enters a configuration state.
Dad设置移动设备进入配置状态。Dad sets the mobile device into the configuration state.
步骤S903、移动设备确认是否保留之前的配置信息。Step S903: The mobile device confirms whether to retain the previous configuration information.
移动设备通过人机接口询问用户Dad是否保留之前的配置信息,用户响应为否,则需要清除所有的配置信息。The mobile device asks the user Dad through the man-machine interface whether to retain the previous configuration information, and if the user responds with no, all the configuration information needs to be cleared.
步骤S904、移动设备清除所有配置信息。Step S904: The mobile device clears all configuration information.
用户Dad确定不保留之前的配置信息,移动设备清除所有配置信息,恢复出厂设置。The user Dad determines not to retain the previous configuration information, and the mobile device clears all configuration information and restores the factory settings.
步骤S905、Mom的OBT与移动设备建立OTM连接。Step S905, Mom's OBT establishes an OTM connection with the mobile device.
步骤S906、Mom的OBT向移动设备配置TA1和ACL1。Step S906, Mom’s OBT configures TA1 and ACL1 to the mobile device.
Mom的OBT配置移动设备,写入Home CMS的角色证书的信任根Trust Anchor(TA1)和ACL1。其中,TA1用于认证Home CMS的角色证书的合法性。例如,TA1为证书颁发机构CA的公钥签名证书,可从中提取CA公钥对role证书的签名进行验证。ACL1为认证oic.owner角色的对端设备被允许完全控制本机的"/oic/sec/doxm"、"/oic/sec/cred"和"/oic/sec/pstat"资源。Mom’s OBT configures the mobile device and writes the Trust Anchor (TA1) and ACL1 of the role certificate of the Home CMS. Among them, TA1 is used to verify the legality of the role certificate of Home CMS. For example, TA1 is the public key signature certificate of the certification authority CA, from which the CA public key can be extracted to verify the signature of the role certificate. ACL1 is the peer device that authenticates the role of oic.owner and is allowed to fully control the local "/oic/sec/doxm", "/oic/sec/cred" and "/oic/sec/pstat" resources.
在一示例中,ACL1为:In an example, ACL1 is:
Figure PCTCN2019105474-appb-000010
Figure PCTCN2019105474-appb-000010
此时,Mom的OBT完成OTM配置,移动设备开始与Home CMS进行P2P凭证配置。At this time, Mom's OBT completes the OTM configuration, and the mobile device starts to configure the P2P credential with Home CMS.
步骤S907、Home CMS与移动设备建立基于角色的安全连接。Step S907: The Home CMS establishes a role-based secure connection with the mobile device.
Home CMS与移动设备建立基于role的连接,移动设备使用TA1对Home CMS的role证书进行认证,确认Home CMS的oic.owner.home角色身份。The Home CMS establishes a role-based connection with the mobile device. The mobile device uses TA1 to authenticate the role certificate of the Home CMS to confirm the role identity of the oic.owner.home of the Home CMS.
步骤S908、Home CMS配置安全凭证Cred1到移动设备的/oic/sec/cred资源。Step S908: The Home CMS configures the security credential Cred1 to the /oic/sec/cred resource of the mobile device.
例如,通过以下更新请求配置安全凭证Cred1。For example, configure the security credential Cred1 through the following update request.
Figure PCTCN2019105474-appb-000011
Figure PCTCN2019105474-appb-000011
Figure PCTCN2019105474-appb-000012
Figure PCTCN2019105474-appb-000012
步骤S909、移动设备根据配置的ACL以及Home CMS的oic.owner.home角色允许Home CMS对/oic/sec/cred资源的配置。Step S909: The mobile device allows the Home CMS to configure the /oic/sec/cred resource according to the configured ACL and the oic.owner.home role of the Home CMS.
步骤S9010、Home CMS配置移动设备进入正常工作状态。Step S9010, Home CMS configures the mobile device to enter a normal working state.
步骤S9011、移动设备进入办公网络。Step S9011, the mobile device enters the office network.
Dad携带移动设备进入办公网络即网络2,办公网络owner为Boss的OBT,由Office CMS管理和配置办公网络中设备的凭证。Dad enters the office network (Network 2) with his mobile device. The owner of the office network is the OBT of Boss. The Office CMS manages and configures the credentials of the devices in the office network.
步骤S9012、移动设备进入配置状态。Step S9012, the mobile device enters the configuration state.
Dad设置移动设备进入配置状态。Dad sets the mobile device into the configuration state.
步骤S9013、移动设备确认是否保留之前的配置信息。Step S9013: The mobile device confirms whether to retain the previous configuration information.
移动设备通过人机接口询问用户Dad是否保留之前的配置信息,用户响应为是,则需要保留所有的配置信息。The mobile device asks the user Dad through the man-machine interface whether to retain the previous configuration information, and the user responds yes, and all the configuration information needs to be retained.
步骤S9014、移动设备保留已有的配置信息。Step S9014: The mobile device retains the existing configuration information.
用户Dad确定保留之前的配置信息,移动设备不清除配置信息,允许建立新的OTM连接。The user Dad confirms to keep the previous configuration information, and the mobile device does not clear the configuration information, allowing the establishment of a new OTM connection.
步骤S9015、Boss的OBT与移动设备建立OTM连接。Step S9015, the OBT of the Boss establishes an OTM connection with the mobile device.
步骤S9016、Boss的OBT向移动设备配置TA2和ACL2。Step S9016: The OBT of the Boss configures TA2 and ACL2 to the mobile device.
Boss的OBT配置移动设备,写入Office CMS的role证书Trust Anchor(TA2)和ACL2。该TA2用于认证Home CMS的role证书的合法性。例如,TA2为证书颁发机构CA的公钥签名证书,可从中提取CA公钥对role证书的签名进行验证。ACL2为认证oic.owner角色的对端设备被允许完全控制本机的"/oic/sec/doxm"、"/oic/sec/cred"和"/oic/sec/pstat"资源。The OBT of Boss configures the mobile device and writes the Trust Anchor (TA2) and ACL2 of the role certificate of Office CMS. The TA2 is used to verify the legality of the role certificate of Home CMS. For example, TA2 is the public key signature certificate of the certification authority CA, from which the CA public key can be extracted to verify the signature of the role certificate. ACL2 authenticates the peer device with the role of oic.owner and is allowed to fully control the "/oic/sec/doxm", "/oic/sec/cred" and "/oic/sec/pstat" resources of the machine.
在一示例中,ACL2为:In an example, ACL2 is:
Figure PCTCN2019105474-appb-000013
Figure PCTCN2019105474-appb-000013
此时,Boss的OBT完成OTM配置,移动设备开始与Office CMS进行P2P凭证配置。At this point, the OBT of the Boss completes the OTM configuration, and the mobile device starts to configure the P2P credential with the Office CMS.
步骤S9017、Office CMS与移动设备建立基于角色的安全连接。Step S9017: The Office CMS establishes a role-based secure connection with the mobile device.
Office CMS与移动设备建立基于role的连接,移动设备使用TA2对Office CMS的role证书进行认证,确认Office CMS的oic.owner.office角色身份。The Office CMS establishes a role-based connection with the mobile device. The mobile device uses TA2 to authenticate the role certificate of the Office CMS to confirm the identity of the oic.owner.office role of the Office CMS.
步骤S9018.、Office CMS配置安全凭证Cred2到移动设备的/oic/sec/cred资源。例如:Step S9018. Office CMS configures the security credential Cred2 to the /oic/sec/cred resource of the mobile device. E.g:
Figure PCTCN2019105474-appb-000014
Figure PCTCN2019105474-appb-000014
步骤S9019、移动设备根据配置的ACL以及Office CMS的oic.owner.office角色允许Office CMS对/oic/sec/cred资源的配置。Step S9019: The mobile device allows the Office CMS to configure the /oic/sec/cred resource according to the configured ACL and the oic.owner.office role of the Office CMS.
步骤S9020、Office CMS使移动设备进入正常工作状态。Step S9020, Office CMS makes the mobile device enter a normal working state.
此时,用户Dad的移动设备能够与办公网络中的安全域其他智能设备互联互通,实现各种智能化场景。当用户Dad携带该移动设备回家后,该移动设备连接家庭网络,能够与家中安全域其他智能设备互联互通,实现各种智能化场景。At this time, the mobile device of the user Dad can be interconnected with other smart devices in the security domain in the office network to realize various intelligent scenarios. When the user Dad brings the mobile device home, the mobile device is connected to the home network and can be interconnected with other smart devices in the security zone of the home to realize various intelligent scenarios.
实例三、Example three
移动设备中预置通用的TA和ACL。The universal TA and ACL are preset in the mobile device.
假设全部OBT和CMS的role证书都由同一个证书颁发机构CA签发。设备预先设置该CA用于签发role证书的私钥所对应的role证书的TA,该TA可用于对role证书的签名进行验证,以认证role证书的合法性。Assume that all OBT and CMS role certificates are issued by the same certificate authority CA. The device presets the TA for the role certificate corresponding to the private key of the role certificate by the CA, and the TA can be used to verify the signature of the role certificate to verify the legality of the role certificate.
设备预置面向业主角色(oic.owner)的ACL。当接入的对端设备认证为oic.owner时,设备允许对端设备访问其安全资源。The device is preset with ACL for the owner role (oic.owner). When the connected peer device is authenticated as oic.owner, the device allows the peer device to access its secure resources.
例如,终端设备预置了如下ACL:For example, the terminal equipment is preset with the following ACLs:
Figure PCTCN2019105474-appb-000015
Figure PCTCN2019105474-appb-000015
上述ACL资源表示认证为oic.owner角色的对端设备被允许完全控制本机的"/oic/sec/doxm"、"/oic/sec/cred"和"/oic/sec/pstat"资源。The above ACL resource indicates that the peer device authenticated as the oic.owner role is allowed to fully control the local "/oic/sec/doxm", "/oic/sec/cred" and "/oic/sec/pstat" resources.
OBT和CMS预置了角色证书。角色证书公私钥采用相应设备的公私钥,证书公开字段中标明该证书的角色ID,如“oic.owner”。每个网络中的OBT和CMS所预置的角色证书都采用相同的oic.owner角色。Role certificates are preset in OBT and CMS. The public and private key of the role certificate adopts the public and private key of the corresponding device, and the public field of the certificate indicates the role ID of the certificate, such as "oic.owner". The role certificates preset by OBT and CMS in each network adopt the same oic.owner role.
在用户Dad购买的移动设备分别进入家庭网络和办公网络时,经过配置使移动设备可以分别在两个网络中的安全域工作。并且,移动设备在由一个网络移动到另一个网络后,能够无缝切换。When the mobile device purchased by the user Dad enters the home network and the office network respectively, it is configured so that the mobile device can work in the security domains of the two networks. In addition, mobile devices can seamlessly switch after moving from one network to another.
移动设备在两个网络中的配置的流程如图10所示,包括:The configuration process of mobile devices in the two networks is shown in Figure 10, including:
步骤S1001、移动设备进入家庭网络。Step S1001, the mobile device enters the home network.
用户Dad令移动设备进入家庭网络,该家庭网络的owner为Mom的手机APP(OBT),家庭网络中的凭证管理服务器为Home CMS,负责管理和配置家庭网络中设备的凭证。The user Dad allows the mobile device to enter the home network. The owner of the home network is Mom's mobile phone APP (OBT), and the credential management server in the home network is Home CMS, which is responsible for managing and configuring the credentials of the devices in the home network.
这里,在步骤S1001之前,还包括:步骤S1000:预置ACL和TA。Here, before step S1001, it further includes: step S1000: preset ACL and TA.
步骤S1002、移动设备进入配置状态。Step S1002, the mobile device enters a configuration state.
Dad设置移动设备进入配置状态。Dad sets the mobile device into the configuration state.
步骤S1003、Mom的OBT与移动设备建立OTM连接,进行业主配置。Step S1003, Mom's OBT establishes an OTM connection with the mobile device, and performs owner configuration.
步骤S1004.Mom的OBT完成OTM配置,指示Home CMS开始配置移动设备P2P凭证。Step S1004. The OBT of Mom completes the OTM configuration and instructs Home CMS to start configuring the mobile device P2P credential.
步骤S1005、Home CMS与移动设备建立基于角色的安全连接。Step S1005: The Home CMS establishes a role-based secure connection with the mobile device.
Home CMS与移动设备建立基于role的连接,移动设备使用TA1对Home CMS的role证书进行认证,确认Home CMS的oic.owner.home角色身份。The Home CMS establishes a role-based connection with the mobile device. The mobile device uses TA1 to authenticate the role certificate of the Home CMS to confirm the role identity of the oic.owner.home of the Home CMS.
步骤S1006.Home CMS配置安全凭证Cred1到移动设备的/oic/sec/cred资源。Step S1006. Home CMS configures the security credential Cred1 to the /oic/sec/cred resource of the mobile device.
例如,通过以下更新请求配置安全凭证Cred1:For example, configure the security credential Cred1 with the following update request:
Figure PCTCN2019105474-appb-000016
Figure PCTCN2019105474-appb-000016
步骤S1007、移动设备根据预置的ACL以及Home CMS的oic.owner角色允许Home CMS对/oic/sec/cred资源的配置。Step S1007: The mobile device allows the Home CMS to configure the /oic/sec/cred resource according to the preset ACL and the oic.owner role of the Home CMS.
步骤S1008、Home CMS使移动设备进入正常工作状态。Step S1008, Home CMS makes the mobile device enter a normal working state.
步骤S1009、移动设备进入办公网络。Step S1009: The mobile device enters the office network.
Dad携带移动设备进入办公网络即网络2,办公网络owner为Boss的OBT,由Office CMS管理和配置办公网络中设备的凭证。移动设备进入办公网络后,找到办公网路的OBT即Boss的OBT。Dad enters the office network (Network 2) with his mobile device. The owner of the office network is the OBT of Boss. The Office CMS manages and configures the credentials of the devices in the office network. After the mobile device enters the office network, find the OBT of the office network, that is, the OBT of Boss.
步骤S10010、移动设备进入配置状态。Step S10010: The mobile device enters a configuration state.
用户Dad设置移动设备进入P2P凭证配置状态。The user Dad sets the mobile device into the P2P credential configuration state.
这里,采用统一的TA,不需要配置TA,因此,可跳过移动设备与Boss的OBT之 间的OBT步骤。Here, a unified TA is used and there is no need to configure the TA. Therefore, the OBT step between the mobile device and the OBT of the Boss can be skipped.
步骤S10011、Boss的OBT指示Office CMS开始配置移动设备P2P凭证。Step S10011: The OBT of the Boss instructs Office CMS to start configuring the P2P credential of the mobile device.
步骤S10012、Office CMS与移动设备建立基于角色的安全连接。Step S10012: The Office CMS establishes a role-based secure connection with the mobile device.
Office CMS与移动设备建立基于role的连接,移动设备使用预先配置的TA(每个CMS的角色证书都可以采用TA进行认证)对Office CMS的role证书进行认证,确认Office CMS的oic.owner角色身份。The Office CMS establishes a role-based connection with the mobile device. The mobile device uses the pre-configured TA (each CMS role certificate can be authenticated by TA) to authenticate the Office CMS role certificate to confirm the Office CMS's oic.owner role identity .
步骤S10013、ffice CMS配置安全凭证Cred2到移动设备的/oic/sec/cred资源。Step S10013: The CMS configures the security credential Cred2 to the /oic/sec/cred resource of the mobile device.
例如,通过以下更新请求配置安全凭证Cred2。For example, configure the security credential Cred2 through the following update request.
Figure PCTCN2019105474-appb-000017
Figure PCTCN2019105474-appb-000017
步骤S10014、备根据预置的ACL以及Office CMS的oic.owner角色允许Office CMS对/oic/sec/cred资源的配置。In step S10014, the preparation allows the Office CMS to configure the /oic/sec/cred resource according to the preset ACL and the oic.owner role of the Office CMS.
步骤S10015、Office CMS使移动设备进入正常工作状态。Step S10015, Office CMS makes the mobile device enter a normal working state.
此时,Dad的移动设备能够与办公网络中安全域的其他智能设备互联互通,实现各种智能化场景。当Dad携带该移动设备回家后,该移动设备连接家庭网络,能够与家中安全域的其他智能设备互联互通,实现各种智能化场景。At this time, Dad's mobile devices can be interconnected with other smart devices in the security domain of the office network to realize various intelligent scenarios. When Dad brings the mobile device home, the mobile device is connected to the home network, and can be interconnected with other smart devices in the security zone of the home to realize various intelligent scenarios.
为实现上述访问控制方法,本发明实施例还提供一种终端设备1101,如图11所示,包括:To implement the above access control method, an embodiment of the present invention also provides a terminal device 1101, as shown in FIG. 11, including:
角色确定模块1101,配置为确定所在的安全域的访问设备的角色;The role determination module 1101 is configured to determine the role of the access device in the security domain;
权限管理模块1102,配置为所述终端设备的访问控制列表中至少一个访问控制角色中包括所述访问设备的角色,允许所述访问设备对所述终端设备中的安全资源进行配置,所述访问控制角色为被允许进行所述安全资源的配置的角色。The authority management module 1102 is configured to include the role of the access device in at least one access control role in the access control list of the terminal device, and allow the access device to configure the security resources in the terminal device, and the access The control role is a role that is allowed to configure the security resource.
本发明实施例中,角色管理模块1101,还配置为还配置为所述访问设备的角色证书中的公开字段确定所述访问设备的角色。In the embodiment of the present invention, the role management module 1101 is further configured to be further configured to determine the role of the access device by the public field in the role certificate of the access device.
本发明实施例中,所述访问列表中包括:对应所述访问控制角色的被允许访问的安全资源;In the embodiment of the present invention, the access list includes: security resources that are allowed to be accessed corresponding to the access control role;
权限管理模块1102,还配置为允许所述访问设备对所述终端设备中的目标安全资源进行配置,所述目标安全资源为对应所述访问设备的角色的被允许访问的安全资源。The authority management module 1102 is further configured to allow the access device to configure a target security resource in the terminal device, where the target security resource is a security resource that is allowed to be accessed corresponding to the role of the access device.
本发明实施例中,所述访问控制列表还包括:对应所述访问控制角色的操作权限;In the embodiment of the present invention, the access control list further includes: operation authority corresponding to the access control role;
权限管理模块1102,还配置为允许所述访问设备对所述终端设备中的安全资源进行目标操作权限对应的配置,所述目标操作权限为对应所述访问设备的角色的操作权限。The authority management module 1102 is further configured to allow the access device to perform configuration corresponding to a target operation authority on the secure resources in the terminal device, and the target operation authority is an operation authority corresponding to the role of the access device.
本发明实施例中,对于不同安全域的访问设备,所述访问控制列表为同一个访问控制列表,且所述不同安全域的访问设备的角色相同;或In the embodiment of the present invention, for access devices in different security domains, the access control list is the same access control list, and the roles of the access devices in the different security domains are the same; or
对于不同安全域的访问设备,所述访问控制列表为不同的访问控制列表,且所述不 同安全域的访问设备的角色不同。For access devices in different security domains, the access control lists are different access control lists, and the roles of the access devices in different security domains are different.
本发明实施例中,所述访问控制列表预置于所述终端设备中;In the embodiment of the present invention, the access control list is preset in the terminal device;
或所述访问控制列表由激活设备配置。Or the access control list is configured by the activation device.
本发明实施例中,终端设备1100还包括:In the embodiment of the present invention, the terminal device 1100 further includes:
角色认证模块,配置为根据信任根对所述访问设备的角色证书进行认证,以确认所述访问设备的角色。The role authentication module is configured to authenticate the role certificate of the access device according to the root of trust to confirm the role of the access device.
本发明实施例中,对于不同安全域的访问设备,所述信任根为同一信任根,或In the embodiment of the present invention, for access devices in different security domains, the root of trust is the same root of trust, or
对于不同安全域的访问设备,所述信任根为不同的信任根。For access devices in different security domains, the trust roots are different trust roots.
本发明实施例中,In the embodiment of the present invention,
所述信任根预置于所述终端设备;或The root of trust is preset in the terminal device; or
所述信任根由激活设备配置。The root of trust is configured by the activation device.
本发明实施例中,所述激活设备包括:In the embodiment of the present invention, the activation device includes:
所述终端设备所在的安全域的激活设备;或The activation device of the security domain where the terminal device is located; or
所述终端设备所在的安全域以外的其他安全域的激活设备。An activation device in a security domain other than the security domain where the terminal device is located.
本发明实施例中,终端设备1100还包括:配置更新模块,配置为:在述终端设备进入所述安全域之前,保留所述安全资源对应的配置信息,或初始化所述安全资源对应的配置信息。In the embodiment of the present invention, the terminal device 1100 further includes: a configuration update module configured to: before the terminal device enters the security domain, retain the configuration information corresponding to the secure resource, or initialize the configuration information corresponding to the secure resource .
本发明实施例中,所述终端设备保留所述安全资源对应的配置信息的保留条件包括以下至少之一:In the embodiment of the present invention, the reservation condition for the terminal device to reserve the configuration information corresponding to the secure resource includes at least one of the following:
接收到指示保留所述配置信息的保留指令;以及Receiving a reservation instruction instructing to keep the configuration information; and
未接收到指示初始化所述配置信息的初始化指令。An initialization instruction indicating to initialize the configuration information is not received.
本发明实施例中,所述终端设备初始化所述安全资源对应的配置信息的初始化条件包括以下至少之一:In the embodiment of the present invention, the initialization condition for the terminal device to initialize the configuration information corresponding to the secure resource includes at least one of the following:
接收到指示初始化所述配置信息的初始化指令;以及Receiving an initialization instruction instructing to initialize the configuration information; and
未接收到指示保留所述配置信息的保留指令。The reservation instruction indicating that the configuration information is reserved is not received.
本发明实施例还提供一种终端设备,包括处理器和用于存储能够在处理器上运行的计算机程序的存储器,其中,所述处理器用于运行所述计算机程序时,执行上述终端设备执行的访问控制方法的步骤。An embodiment of the present invention also provides a terminal device, including a processor and a memory for storing a computer program that can run on the processor, where the processor is used to execute the above-mentioned terminal device when the computer program is running. Steps of the access control method.
为实现上述访问控制方法,本发明实施例还提供一种访问设备1200,包括:To implement the above access control method, an embodiment of the present invention also provides an access device 1200, including:
发送模块1201,配置为向所在的安全域的终端设备发送所述访问设备的角色;在所述访问设备的角色包括在所述终端设备的访问控制列表中的至少一个访问控制角色中的情况下,所述终端设备允许所述访问设备对所述终端设备中的安全资源进行配置,所述访问控制角色为被允许进行所述安全资源的配置的角色。The sending module 1201 is configured to send the role of the access device to the terminal device in the security domain where it is located; when the role of the access device is included in at least one access control role in the access control list of the terminal device The terminal device allows the access device to configure the security resource in the terminal device, and the access control role is a role that is allowed to configure the security resource.
本发明实施例中,发送模块1201,还配置为向所述终端设备发送角色证书,所述角色证书的公开字段中包括所述访问设备的角色。In the embodiment of the present invention, the sending module 1201 is further configured to send a role certificate to the terminal device, and the public field of the role certificate includes the role of the access device.
本发明实施例中,不同安全域的访问设备的角色相同;或不同安全域的访问设备的角色不同。In the embodiment of the present invention, the roles of access devices in different security domains are the same; or the roles of access devices in different security domains are different.
本发明实施例还提供一种访问设备,包括处理器和用于存储能够在处理器上运行的计算机程序的存储器,其中,所述处理器用于运行所述计算机程序时,执行上述访问设备执行的访问控制方法的步骤。An embodiment of the present invention also provides an access device, including a processor and a memory for storing a computer program that can run on the processor, where the processor is used to execute the computer program executed by the access device when the computer program is running. Steps of the access control method.
本发明实施例还提供一种激活设备1300,包括:An embodiment of the present invention further provides an activation device 1300, including:
列表配置模块1301,配置为向终端设备配置访问控制列表,所述访问控制列表用于所述访问控制列表的访问控制角色中包括访问设备的角色,所述终端设备允许所述访问设备对所述终端设备中的安全资源进行配置,所述访问控制角色为被允许进行所述安全 资源的配置的角色。The list configuration module 1301 is configured to configure an access control list for a terminal device, where the access control list is used for the access control role of the access control list including the role of the access device, and the terminal device allows the access device to The security resource in the terminal device is configured, and the access control role is a role that is allowed to configure the security resource.
本发明实施例中,所述访问控制列表还包括以下至少之一:In the embodiment of the present invention, the access control list further includes at least one of the following:
对应所述访问控制角色的被允许访问的安全资源和操作权限。The security resources and operation permissions that are allowed to be accessed corresponding to the access control role.
本发明实施例中,激活设备1301还包括:In the embodiment of the present invention, the activation device 1301 further includes:
根配置模块,配置为向所述终端设备配置信任根,所述信任根用于所述终端设备对所述访问设备的角色证书进行认证,以确认所述访问设备的角色。The root configuration module is configured to configure a root of trust for the terminal device, and the root of trust is used by the terminal device to authenticate the role certificate of the access device to confirm the role of the access device.
本发明实施例还提供一种激活设备,包括处理器和用于存储能够在处理器上运行的计算机程序的存储器,其中,所述处理器用于运行所述计算机程序时,执行上述激活设备执行的访问控制方法的步骤。An embodiment of the present invention also provides an activation device, including a processor and a memory for storing a computer program that can run on the processor, where the processor is used to execute the above-mentioned activation device when the computer program is running. Steps of the access control method.
图14是本发明实施例的电子设备(终端设备、访问设备或激活设备)的硬件组成结构示意图,电子设备1400包括:至少一个处理器1401、存储器1402和至少一个网络接口1404。电子设备1400中的各个组件通过总线系统1405耦合在一起。可理解,总线系统1405用于实现这些组件之间的连接通信。总线系统1405除包括数据总线之外,还包括电源总线、控制总线和状态信号总线。但是为了清楚说明起见,在图14中将各种总线都标为总线系统1405。14 is a schematic diagram of the hardware composition structure of an electronic device (terminal device, access device, or activation device) according to an embodiment of the present invention. The electronic device 1400 includes: at least one processor 1401, memory 1402, and at least one network interface 1404. The various components in the electronic device 1400 are coupled together through the bus system 1405. It can be understood that the bus system 1405 is used to implement connection and communication between these components. In addition to the data bus, the bus system 1405 also includes a power bus, a control bus, and a status signal bus. However, for the sake of clear description, various buses are marked as the bus system 1405 in FIG. 14.
可以理解,存储器1402可以是易失性存储器或非易失性存储器,也可包括易失性和非易失性存储器两者。其中,非易失性存储器可以是ROM、可编程只读存储器(PROM,Programmable Read-Only Memory)、可擦除可编程只读存储器(EPROM,Erasable Programmable Read-Only Memory)、电可擦除可编程只读存储器(EEPROM,Electrically Erasable Programmable Read-Only Memory)、磁性随机存取存储器(FRAM,ferromagnetic random access memory)、快闪存储器(Flash Memory)、磁表面存储器、光盘、或只读光盘(CD-ROM,Compact Disc Read-Only Memory);磁表面存储器可以是磁盘存储器或磁带存储器。易失性存储器可以是随机存取存储器(RAM,Random Access Memory),其用作外部高速缓存。通过示例性但不是限制性说明,许多形式的RAM可用,例如静态随机存取存储器(SRAM,Static Random Access Memory)、同步静态随机存取存储器(SSRAM,Synchronous Static Random Access Memory)、动态随机存取存储器(DRAM,Dynamic Random Access Memory)、同步动态随机存取存储器(SDRAM,Synchronous Dynamic Random Access Memory)、双倍数据速率同步动态随机存取存储器(DDRSDRAM,Double Data Rate Synchronous Dynamic Random Access Memory)、增强型同步动态随机存取存储器(ESDRAM,Enhanced Synchronous Dynamic Random Access Memory)、同步连接动态随机存取存储器(SLDRAM,SyncLink Dynamic Random Access Memory)、直接内存总线随机存取存储器(DRRAM,Direct Rambus Random Access Memory)。本发明实施例描述的存储器1402旨在包括但不限于这些和任意其它适合类型的存储器。It can be understood that the memory 1402 may be a volatile memory or a non-volatile memory, and may also include both volatile and non-volatile memory. Among them, the non-volatile memory can be ROM, Programmable Read-Only Memory (PROM), Erasable Programmable Read-Only Memory (EPROM), and electrically erasable Programmable read-only memory (EEPROM, Electrically Erasable Programmable Read-Only Memory), magnetic random access memory (FRAM, ferromagnetic random access memory), flash memory (Flash Memory), magnetic surface memory, optical disk, or CD-ROM -ROM, Compact Disc Read-Only Memory); Magnetic surface memory can be disk storage or tape storage. The volatile memory may be a random access memory (RAM, Random Access Memory), which is used as an external cache. By way of exemplary but not restrictive description, many forms of RAM are available, such as static random access memory (SRAM, Static Random Access Memory), synchronous static random access memory (SSRAM, Synchronous Static Random Access Memory), and dynamic random access memory. Memory (DRAM, Dynamic Random Access Memory), Synchronous Dynamic Random Access Memory (SDRAM, Synchronous Dynamic Random Access Memory), Double Data Rate Synchronous Dynamic Random Access Memory (DDRSDRAM, Double Data Rate Synchronous Dynamic Random Access Memory), enhanced Type synchronous dynamic random access memory (ESDRAM, Enhanced Synchronous Dynamic Random Access Memory), synchronous connection dynamic random access memory (SLDRAM, SyncLink Dynamic Random Access Memory), direct memory bus random access memory (DRRAM, Direct Rambus Random Access Memory) ). The memory 1402 described in the embodiment of the present invention is intended to include, but is not limited to, these and any other suitable types of memory.
本发明实施例中的存储器1402用于存储各种类型的数据以支持电子设备1400的操作。这些数据的示例包括:用于在电子设备1400上操作的任何计算机程序,如应用程序14022。实现本发明实施例方法的程序可以包含在应用程序14022中。The memory 1402 in the embodiment of the present invention is used to store various types of data to support the operation of the electronic device 1400. Examples of such data include: any computer program used to operate on the electronic device 1400, such as an application program 14022. The program for implementing the method of the embodiment of the present invention may be included in the application program 14022.
上述本发明实施例揭示的方法可以应用于处理器1401中,或者由处理器1401实现。处理器1401可能是一种集成电路芯片,具有信号的处理能力。在实现过程中,上述方法的各步骤可以通过处理器1401中的硬件的集成逻辑电路或者软件形式的指令完成。上述的处理器1401可以是通用处理器、数字信号处理器(DSP,Digital Signal Processor),或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。处理器1401可以实现或者执行本发明实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者任何常规的处理器等。结合本发明实施例所公开的方法的步骤,可以直 接体现为硬件译码处理器执行完成,或者用译码处理器中的硬件及软件模块组合执行完成。软件模块可以位于存储介质中,该存储介质位于存储器1402,处理器1401读取存储器1402中的信息,结合其硬件完成前述方法的步骤。The method disclosed in the foregoing embodiment of the present invention may be applied to the processor 1401 or implemented by the processor 1401. The processor 1401 may be an integrated circuit chip with signal processing capabilities. In the implementation process, the steps of the foregoing method can be completed by an integrated logic circuit of hardware in the processor 1401 or instructions in the form of software. The aforementioned processor 1401 may be a general-purpose processor, a digital signal processor (DSP, Digital Signal Processor), or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components, and the like. The processor 1401 may implement or execute various methods, steps, and logical block diagrams disclosed in the embodiments of the present invention. The general-purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in the embodiments of the present invention may be directly embodied as being executed and completed by a hardware decoding processor, or executed and completed by a combination of hardware and software modules in the decoding processor. The software module may be located in a storage medium, and the storage medium is located in the memory 1402. The processor 1401 reads the information in the memory 1402, and completes the steps of the foregoing method in combination with its hardware.
在示例性实施例中,电子设备1400可以被一个或多个应用专用集成电路(ASIC,Application Specific Integrated Circuit)、DSP、可编程逻辑器件(PLD,Programmable Logic Device)、复杂可编程逻辑器件(CPLD,Complex Programmable Logic Device)、FPGA、通用处理器、控制器、MCU、MPU、或其他电子元件实现,用于执行前述方法。In an exemplary embodiment, the electronic device 1400 may be used by one or more Application Specific Integrated Circuits (ASIC, Application Specific Integrated Circuit), DSP, Programmable Logic Device (PLD, Programmable Logic Device), and Complex Programmable Logic Device (CPLD). , Complex Programmable Logic Device), FPGA, general-purpose processor, controller, MCU, MPU, or other electronic components to implement the foregoing method.
本发明实施例还提供了一种存储介质,用于存储计算机程序。The embodiment of the present invention also provides a storage medium for storing computer programs.
可选的,该存储介质可应用于本发明实施例中的终端设备,并且该计算机程序使得计算机执行本发明实施例的各个方法中的相应流程,为了简洁,在此不再赘述。Optionally, the storage medium can be applied to the terminal device in the embodiment of the present invention, and the computer program causes the computer to execute the corresponding process in each method of the embodiment of the present invention. For brevity, details are not described herein again.
可选的,该存储介质可应用于本发明实施例中的访问设备,并且该计算机程序使得计算机执行本发明实施例的各个方法中的相应流程,为了简洁,在此不再赘述。Optionally, the storage medium can be applied to the access device in the embodiment of the present invention, and the computer program causes the computer to execute the corresponding process in each method of the embodiment of the present invention. For brevity, details are not described herein again.
可选的,该存储介质可应用于本发明实施例中的激活设备,并且该计算机程序使得计算机执行本发明实施例的各个方法中的相应流程,为了简洁,在此不再赘述。Optionally, the storage medium can be applied to the activation device in the embodiment of the present invention, and the computer program causes the computer to execute the corresponding process in each method of the embodiment of the present invention. For brevity, details are not described herein again.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowcharts and/or block diagrams of methods, devices (systems), and computer program products according to embodiments of the present invention. It should be understood that each process and/or block in the flowchart and/or block diagram, and the combination of processes and/or blocks in the flowchart and/or block diagram can be implemented by computer program instructions. These computer program instructions can be provided to the processor of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing equipment to generate a machine, so that the instructions executed by the processor of the computer or other programmable data processing equipment are generated It is a device that realizes the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device. The device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment. The instructions provide steps for implementing the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
以上所述,仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围,凡在本发明的精神和原则之内所作的任何修改、等同替换和改进等,均应包含在本发明的保护范围之内。The above are only the preferred embodiments of the present invention and are not used to limit the protection scope of the present invention. Any modification, equivalent replacement and improvement made within the spirit and principle of the present invention shall be included in Within the protection scope of the present invention.

Claims (44)

  1. 一种访问控制方法,包括:An access control method, including:
    终端设备确定所在的安全域的访问设备的角色;The terminal device determines the role of the access device in the security domain in which it is located;
    在所述终端设备的访问控制列表的至少一个访问控制角色中包括所述访问设备的角色的情况下,所述终端设备允许所述访问设备对所述终端设备中的安全资源进行配置,所述访问控制角色为被允许进行所述安全资源的配置的角色。In the case that at least one access control role of the access control list of the terminal device includes the role of the access device, the terminal device allows the access device to configure the security resources in the terminal device, and The access control role is a role that is allowed to configure the security resource.
  2. 根据权利要求1所述的方法,其中,The method of claim 1, wherein:
    所述访问控制列表预置于所述终端设备中;The access control list is preset in the terminal device;
    或所述访问控制列表由激活设备配置。Or the access control list is configured by the activation device.
  3. 根据权利要求1或2所述的方法,其中,The method of claim 1 or 2, wherein:
    对于不同安全域的访问设备,所述访问控制列表为同一个访问控制列表,且所述不同安全域的访问设备的角色相同;或For access devices in different security domains, the access control list is the same access control list, and the roles of the access devices in the different security domains are the same; or
    对于不同安全域的访问设备,所述访问控制列表为不同的访问控制列表,且所述不同安全域的访问设备的角色不同。For access devices in different security domains, the access control lists are different access control lists, and the roles of the access devices in different security domains are different.
  4. 根据权利要求1至3任一项所述的方法,其中,所述访问列表中还包括:对应所述访问控制角色的被允许访问的安全资源;The method according to any one of claims 1 to 3, wherein the access list further includes: security resources that are allowed to be accessed corresponding to the access control role;
    所述终端设备允许所述访问设备对所述终端设备中的安全资源进行配置,包括:The terminal device allowing the access device to configure the security resources in the terminal device includes:
    所述终端设备允许所述访问设备对所述终端设备中的目标安全资源进行配置,所述目标安全资源为对应所述访问设备的角色的被允许访问的安全资源。The terminal device allows the access device to configure a target security resource in the terminal device, and the target security resource is a security resource that is allowed to be accessed corresponding to the role of the access device.
  5. 根据权利要求1至4任一项所述的方法,其中,所述访问控制列表还包括:对应所述访问控制角色的操作权限;The method according to any one of claims 1 to 4, wherein the access control list further comprises: operation authority corresponding to the access control role;
    所述终端设备允许所述访问设备对所述终端设备中的安全资源进行配置,包括:The terminal device allowing the access device to configure the security resources in the terminal device includes:
    所述终端设备允许所述访问设备对所述终端设备中的安全资源进行目标操作权限对应的配置,所述目标操作权限为对应所述访问设备的角色的操作权限。The terminal device allows the access device to perform configuration corresponding to a target operation authority on the secure resources in the terminal device, and the target operation authority is an operation authority corresponding to the role of the access device.
  6. 根据权利要求1至5任一项所述的方法,其中,所述方法还包括:The method according to any one of claims 1 to 5, wherein the method further comprises:
    所述终端设备根据信任根对所述访问设备的角色证书进行认证,以确认所述访问设备的角色。The terminal device authenticates the role certificate of the access device according to the root of trust to confirm the role of the access device.
  7. 根据权利要求6所述的方法,其中,The method according to claim 6, wherein:
    对于不同安全域的访问设备,所述信任根为同一信任根,或For access devices in different security domains, the root of trust is the same root of trust, or
    对于不同安全域的访问设备,所述信任根为不同的信任根。For access devices in different security domains, the trust roots are different trust roots.
  8. 根据权利要求6所述的方法,其中,The method according to claim 6, wherein:
    所述信任根预置于所述终端设备;或The root of trust is preset in the terminal device; or
    所述信任根由与激活设备配置。The root of trust is configured by the activation device.
  9. 根据权利要求2或8所述的方法,其中,所述激活设备包括:The method according to claim 2 or 8, wherein the activation device comprises:
    所述终端设备所在的安全域的激活设备;或The activation device of the security domain where the terminal device is located; or
    所述终端设备所在的安全域以外的其他安全域的激活设备。An activation device in a security domain other than the security domain where the terminal device is located.
  10. 根据权利要求1至9任一项所述的方法,其中,在所述终端设备进入所述安全域之前,所述方法还包括:The method according to any one of claims 1 to 9, wherein, before the terminal device enters the security domain, the method further comprises:
    所述终端设备保留所述安全资源对应的配置信息;或所述终端设备初始化所述安全资源对应的配置信息。The terminal device retains the configuration information corresponding to the secure resource; or the terminal device initializes the configuration information corresponding to the secure resource.
  11. 根据权利要求10所述的方法,其中,所述终端设备保留所述安全资源对应的配置信息的保留条件包括以下至少之一:The method according to claim 10, wherein the reservation condition for the terminal device to reserve the configuration information corresponding to the secure resource comprises at least one of the following:
    接收到指示保留所述配置信息的保留指令;以及Receiving a reservation instruction instructing to keep the configuration information; and
    未接收到指示初始化所述配置信息的初始化指令。An initialization instruction indicating to initialize the configuration information is not received.
  12. 根据权利要求10所述的方法,其中,所述终端设备初始化所述安全资源对应的配置信息的初始化条件包括以下至少之一:The method according to claim 10, wherein the initialization condition for the terminal device to initialize the configuration information corresponding to the secure resource includes at least one of the following:
    接收到指示初始化所述配置信息的初始化指令;以及Receiving an initialization instruction instructing to initialize the configuration information; and
    未接收到指示保留所述配置信息的保留指令。The reservation instruction indicating that the configuration information is reserved is not received.
  13. 根据权利要求1至12任一项所述的方法,其中,所述终端设备确定所在的安全域的访问设备的角色,包括:The method according to any one of claims 1 to 12, wherein determining the role of the access device in the security domain where the terminal device is located includes:
    所述终端设备从所述访问设备发送的角色证书中的公开字段确定所述访问设备的角色。The terminal device determines the role of the access device from the public field in the role certificate sent by the access device.
  14. 一种访问控制方法,包括:An access control method, including:
    访问设备向所在的安全域的终端设备发送所述访问设备的角色;在所述访问设备的角色包括在所述终端设备的访问控制列表中的至少一个访问控制角色中的情况下,所述终端设备允许所述访问设备对所述终端设备中的安全资源进行配置,所述访问控制角色为被允许进行所述安全资源的配置的角色。The access device sends the role of the access device to the terminal device in the security domain; when the role of the access device is included in at least one access control role in the access control list of the terminal device, the terminal The device allows the access device to configure the security resource in the terminal device, and the access control role is a role that is allowed to configure the security resource.
  15. 根据权利要求14所述的方法,其中,所述访问设备向所在的安全域的终端设备发送所述访问设备的角色,包括:The method according to claim 14, wherein the sending of the role of the access device to the terminal device of the security domain where the access device is located comprises:
    所述访问设备向所在的安全域的终端设备发送角色证书,所述角色证书的公开字段中包括所述访问设备的角色。The access device sends a role certificate to the terminal device in the security domain where it is located, and the public field of the role certificate includes the role of the access device.
  16. 根据权利要求14或15所述的方法,其中,The method according to claim 14 or 15, wherein:
    不同安全域的访问设备的角色相同;或The roles of access devices in different security domains are the same; or
    不同安全域的访问设备的角色不同。The roles of access devices in different security domains are different.
  17. 一种访问控制方法,所述方法包括:An access control method, the method includes:
    激活设备向终端设备配置访问控制列表,所述访问控制列表用于所述访问控制列表的至少一个访问控制角色中包括访问设备的角色,所述终端设备允许所述访问设备对所述终端设备中的安全资源进行配置,所述访问控制角色为被允许进行所述安全资源的配置的角色。The activation device configures an access control list for the terminal device, where the access control list is used in at least one access control role of the access control list including the role of the access device, and the terminal device allows the access device to access the terminal device. The security resource is configured, and the access control role is a role that is allowed to configure the security resource.
  18. 根据权利要求17所述的方法,其中,所述访问控制列表还包括以下至少之一:The method according to claim 17, wherein the access control list further comprises at least one of the following:
    对应所述访问控制角色的被允许访问的安全资源和操作权限。The security resources and operation permissions that are allowed to be accessed corresponding to the access control role.
  19. 根据权利要求17或18所述的方法,其中,所述方法还包括:The method according to claim 17 or 18, wherein the method further comprises:
    所述激活设备向所述终端设备配置信任根,所述信任根用于所述终端设备对所述访问设备的角色证书进行认证,以确认所述访问设备的角色。The activation device configures a root of trust for the terminal device, and the root of trust is used by the terminal device to authenticate the role certificate of the access device to confirm the role of the access device.
  20. 一种终端设备,包括:A terminal device, including:
    角色确定模块,配置为确定所在的安全域的访问设备的角色;The role determination module is configured to determine the role of the access device in the security domain;
    权限管理模块,配置为在所述终端设备的访问控制列表的至少一个访问控制角色中包括所述访问设备的角色的情况下,允许所述访问设备对所述终端设备中的安全资源进行配置,所述访问控制角色为被允许进行所述安全资源的配置的角色。An authority management module configured to allow the access device to configure the security resources in the terminal device when the role of the access device is included in at least one access control role in the access control list of the terminal device, The access control role is a role that is allowed to configure the security resource.
  21. 根据权利要求20所述的终端设备,其中,The terminal device according to claim 20, wherein:
    所述访问控制列表预置于所述终端设备中;The access control list is preset in the terminal device;
    或所述访问控制列表由激活设备配置。Or the access control list is configured by the activation device.
  22. 根据权利要求20或21所述的终端设备,其中,The terminal device according to claim 20 or 21, wherein:
    对于不同安全域的访问设备,所述访问控制列表为同一个访问控制列表,且所述不同安全域的访问设备的角色相同;或For access devices in different security domains, the access control list is the same access control list, and the roles of the access devices in the different security domains are the same; or
    对于不同安全域的访问设备,所述访问控制列表为不同的访问控制列表,且所述不同安全域的访问设备的角色不同。For access devices in different security domains, the access control lists are different access control lists, and the roles of the access devices in different security domains are different.
  23. 根据权利要求20至22任一项所述的终端设备,其中,所述访问列表中包括:对应所述访问控制角色的被允许访问的安全资源;The terminal device according to any one of claims 20 to 22, wherein the access list includes: security resources that are allowed to be accessed corresponding to the access control role;
    所述权限管理模块,还配置为允许所述访问设备对所述终端设备中的目标安全资源进行配置,所述目标安全资源为对应所述访问设备的角色的被允许访问的安全资源。The authority management module is further configured to allow the access device to configure a target security resource in the terminal device, and the target security resource is a security resource that is allowed to be accessed corresponding to the role of the access device.
  24. 根据权利要求20至23任一项所述的终端设备,其中,所述访问控制列表还包括:对应所述访问控制角色的操作权限;The terminal device according to any one of claims 20 to 23, wherein the access control list further comprises: operation authority corresponding to the access control role;
    所述权限管理模块,还配置为允许所述访问设备对所述终端设备中的安全资源进行目标操作权限对应的配置,所述目标操作权限为对应所述访问设备的角色的操作权限。The authority management module is further configured to allow the access device to perform configuration corresponding to a target operation authority on the secure resources in the terminal device, and the target operation authority is an operation authority corresponding to the role of the access device.
  25. 根据权利要求20至24任一项所述的终端设备,其中,所述终端设备还包括:The terminal device according to any one of claims 20 to 24, wherein the terminal device further comprises:
    角色认证模块,配置为根据信任根对所述访问设备的角色证书进行认证,以确认所述访问设备的角色。The role authentication module is configured to authenticate the role certificate of the access device according to the root of trust to confirm the role of the access device.
  26. 根据权利要求25所述的终端设备,其中,The terminal device according to claim 25, wherein:
    对于不同安全域的访问设备,所述信任根为同一信任根,或For access devices in different security domains, the root of trust is the same root of trust, or
    对于不同安全域的访问设备,所述信任根为不同的信任根。For access devices in different security domains, the trust roots are different trust roots.
  27. 根据权利要求25所述的终端设备,其中,The terminal device according to claim 25, wherein:
    所述信任根预置于所述终端设备;或The root of trust is preset in the terminal device; or
    所述信任根由激活设备配置。The root of trust is configured by the activation device.
  28. 根据权利要求21或27所述的终端设备,其中,所述激活设备包括:The terminal device according to claim 21 or 27, wherein the activation device comprises:
    所述终端设备所在的安全域的激活设备;或The activation device of the security domain where the terminal device is located; or
    所述终端设备所在的安全域以外的其他安全域的激活设备。An activation device in a security domain other than the security domain where the terminal device is located.
  29. 根据权利要求20至28任一项所述的终端设备,其中,所述终端设备还包括:The terminal device according to any one of claims 20 to 28, wherein the terminal device further comprises:
    配置更新模块,配置为:在述终端设备进入所述安全域之前,保留所述安全资源对应的配置信息,或初始化所述安全资源对应的配置信息。The configuration update module is configured to: before the terminal device enters the secure domain, retain the configuration information corresponding to the secure resource, or initialize the configuration information corresponding to the secure resource.
  30. 根据权利要求29所述的终端设备,其中,所述终端设备保留所述安全资源对应的配置信息的保留条件包括以下至少之一:The terminal device according to claim 29, wherein the reservation condition for the terminal device to reserve the configuration information corresponding to the secure resource comprises at least one of the following:
    接收到指示保留所述配置信息的保留指令;以及Receiving a reservation instruction instructing to keep the configuration information; and
    未接收到指示初始化所述配置信息的初始化指令。An initialization instruction indicating to initialize the configuration information is not received.
  31. 根据权利要求29所述的终端设备,其中,所述终端设备初始化所述安全资源对应的配置信息的初始化条件包括以下至少之一:The terminal device according to claim 29, wherein the initialization condition for the terminal device to initialize the configuration information corresponding to the secure resource comprises at least one of the following:
    接收到指示初始化所述配置信息的初始化指令;以及Receiving an initialization instruction instructing to initialize the configuration information; and
    未接收到指示保留所述配置信息的保留指令。The reservation instruction indicating that the configuration information is reserved is not received.
  32. 根据权利要求20至31任一项所述的终端设备,其中,所述角色管理模块,还配置为从所述访问设备发送的角色证书中的公开字段确定所述访问设备的角色。The terminal device according to any one of claims 20 to 31, wherein the role management module is further configured to determine the role of the access device from a public field in the role certificate sent by the access device.
  33. 一种访问设备,包括:An access device including:
    发送模块,配置为向所在的安全域的终端设备发送所述访问设备的角色;在所述访问设备的角色包括在所述终端设备的访问控制列表中的至少一个访问控制角色中的情况下,所述终端设备允许所述访问设备对所述终端设备中的安全资源进行配置,所述访问控制角色为被允许进行所述安全资源的配置的角色。The sending module is configured to send the role of the access device to the terminal device in the security domain; when the role of the access device is included in at least one access control role in the access control list of the terminal device, The terminal device allows the access device to configure the security resource in the terminal device, and the access control role is a role that is allowed to configure the security resource.
  34. 根据权利要求33所述的访问设备,其中,所述发送模块,还配置为向所述终端设备发送角色证书,所述角色证书的公开字段中包括所述访问设备的角色。The access device according to claim 33, wherein the sending module is further configured to send a role certificate to the terminal device, and the public field of the role certificate includes the role of the access device.
  35. 根据权利要求33或34所述的访问设备,其中,The access device according to claim 33 or 34, wherein:
    不同安全域的访问设备的角色相同;或The roles of access devices in different security domains are the same; or
    不同安全域的访问设备的角色不同。The roles of access devices in different security domains are different.
  36. 一种激活设备,包括:An activation device, including:
    列表配置模块,配置为向终端设备配置访问控制列表,所述访问控制列表用于所述访问控制列表的至少一个访问控制角色中包括访问设备的角色,所述终端设备允许所述访问设备对所述终端设备中的安全资源进行配置,所述访问控制角色为被允许进行所述安全资源的配置的角色。The list configuration module is configured to configure an access control list to a terminal device, where the access control list is used in at least one access control role of the access control list including the role of the access device, and the terminal device allows the access device to The security resource in the terminal device is configured, and the access control role is a role that is allowed to configure the security resource.
  37. 根据权利要求36所述的激活设备,其中,所述访问控制列表还包括以下至少之一:The activation device according to claim 36, wherein the access control list further comprises at least one of the following:
    对应所述访问控制角色被允许访问的安全资源和操作权限。Corresponding to the security resources and operation permissions that the access control role is allowed to access.
  38. 根据权利要求36或37所述的激活设备,其中,所述激活设备还包括:The activation device according to claim 36 or 37, wherein the activation device further comprises:
    根配置模块,配置为向所述终端设备配置信任根,所述信任根用于所述终端设备对所述访问设备的角色证书进行认证,以确认所述访问设备的角色。The root configuration module is configured to configure a root of trust for the terminal device, and the root of trust is used by the terminal device to authenticate the role certificate of the access device to confirm the role of the access device.
  39. 一种终端设备,包括处理器和用于存储能够在处理器上运行的计算机程序的存储器,其中,A terminal device includes a processor and a memory for storing a computer program that can run on the processor, wherein:
    所述处理器用于运行所述计算机程序时,执行权利要求1至13任一项所述的访问控制方法的步骤。When the processor is used to run the computer program, it executes the steps of the access control method according to any one of claims 1 to 13.
  40. 一种访问设备,包括处理器和用于存储能够在处理器上运行的计算机程序的存储器,其中,An access device, including a processor and a memory for storing a computer program that can run on the processor, wherein:
    所述处理器用于运行所述计算机程序时,执行权利要求14至16任一项所述的访问控制方法的步骤。When the processor is used to run the computer program, it executes the steps of the access control method according to any one of claims 14 to 16.
  41. 一种激活设备,包括处理器和用于存储能够在处理器上运行的计算机程序的存储器,其中,An activation device includes a processor and a memory for storing a computer program that can run on the processor, wherein:
    所述处理器用于运行所述计算机程序时,执行权利要求17至19任一项所述的访问控制方法的步骤。When the processor is used to run the computer program, it executes the steps of the access control method according to any one of claims 17 to 19.
  42. 一种存储介质,存储有可执行程序,所述可执行程序被处理器执行时,实现权利要求1至13任一项所述的访问控制方法。A storage medium storing an executable program, and when the executable program is executed by a processor, the access control method according to any one of claims 1 to 13 is implemented.
  43. 一种存储介质,存储有可执行程序,所述可执行程序被处理器执行时,实现权利要求14至16任一项所述的访问控制方法。A storage medium storing an executable program, and when the executable program is executed by a processor, the access control method according to any one of claims 14 to 16 is implemented.
  44. 一种存储介质,存储有可执行程序,所述可执行程序被处理器执行时,实现权利要求17至19任一项所述的访问控制方法。A storage medium storing an executable program, and when the executable program is executed by a processor, the access control method according to any one of claims 17 to 19 is implemented.
PCT/CN2019/105474 2019-09-11 2019-09-11 Access control method, device, and storage medium WO2021046782A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201980095766.3A CN113728600B (en) 2019-09-11 2019-09-11 Access control method, equipment and storage medium
PCT/CN2019/105474 WO2021046782A1 (en) 2019-09-11 2019-09-11 Access control method, device, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/105474 WO2021046782A1 (en) 2019-09-11 2019-09-11 Access control method, device, and storage medium

Publications (1)

Publication Number Publication Date
WO2021046782A1 true WO2021046782A1 (en) 2021-03-18

Family

ID=74866867

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/105474 WO2021046782A1 (en) 2019-09-11 2019-09-11 Access control method, device, and storage medium

Country Status (2)

Country Link
CN (1) CN113728600B (en)
WO (1) WO2021046782A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005027464A1 (en) * 2003-09-10 2005-03-24 Cisco Technology, Inc. Method and apparatus for providing network security using role­-based access control
CN101262474A (en) * 2008-04-22 2008-09-10 武汉理工大学 A cross-domain access control system for realizing role and group mapping based on cross-domain authorization
CN101379507A (en) * 2006-01-31 2009-03-04 皇家飞利浦电子股份有限公司 Role-based access control
CN101635701A (en) * 2008-07-21 2010-01-27 山石网科通信技术(北京)有限公司 Method for controlling safe access
CN106899561A (en) * 2015-12-24 2017-06-27 北京奇虎科技有限公司 A kind of TNC authority control methods and system based on ACL

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100512171C (en) * 2004-03-26 2009-07-08 华为技术有限公司 Realizing method for controlling switch-in
US9769177B2 (en) * 2007-06-12 2017-09-19 Syracuse University Role-based access control to computing resources in an inter-organizational community
CN102263679B (en) * 2010-05-24 2013-11-06 杭州华三通信技术有限公司 Source role information processing method and forwarding chip
JP5811171B2 (en) * 2011-02-21 2015-11-11 日本電気株式会社 COMMUNICATION SYSTEM, DATABASE, CONTROL DEVICE, COMMUNICATION METHOD, AND PROGRAM
CN105224834A (en) * 2015-08-21 2016-01-06 镇江乐游网络科技有限公司 The system and method for access control based roles in mobile network
CN107015996A (en) * 2016-01-28 2017-08-04 阿里巴巴集团控股有限公司 A kind of resource access method, apparatus and system
CN105827663A (en) * 2016-06-02 2016-08-03 中国联合网络通信集团有限公司 Access control method and system
CN108540427B (en) * 2017-03-02 2021-09-07 株式会社理光 Conflict detection method and detection device, access control method and access control device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005027464A1 (en) * 2003-09-10 2005-03-24 Cisco Technology, Inc. Method and apparatus for providing network security using role­-based access control
CN101379507A (en) * 2006-01-31 2009-03-04 皇家飞利浦电子股份有限公司 Role-based access control
CN101262474A (en) * 2008-04-22 2008-09-10 武汉理工大学 A cross-domain access control system for realizing role and group mapping based on cross-domain authorization
CN101635701A (en) * 2008-07-21 2010-01-27 山石网科通信技术(北京)有限公司 Method for controlling safe access
CN106899561A (en) * 2015-12-24 2017-06-27 北京奇虎科技有限公司 A kind of TNC authority control methods and system based on ACL

Also Published As

Publication number Publication date
CN113728600B (en) 2023-10-24
CN113728600A (en) 2021-11-30

Similar Documents

Publication Publication Date Title
US11153081B2 (en) System for user-friendly access control setup using a protected setup
US8874769B2 (en) Facilitating group access control to data objects in peer-to-peer overlay networks
US8489701B2 (en) Private virtual LAN spanning a public network for connection of arbitrary hosts
US20090288138A1 (en) Methods, systems, and apparatus for peer-to peer authentication
WO2017120746A1 (en) Method for managing network access rights and related device
WO2017024791A1 (en) Authorization processing method and device
US20180316562A1 (en) Network policy configuration
US20120304313A1 (en) Facilitating data access control in peer-to-peer overlay networks
US10027491B2 (en) Certificate distribution using derived credentials
WO2021073147A1 (en) Credibility authentication method for sdn nodes
Kalofonos et al. Mynet: A platform for secure p2p personal and social networking services
WO2020248284A1 (en) Method and apparatus for access control, and storage medium
EP2153599B1 (en) Methods and arrangements for security support for universal plug and play system
Gawande et al. Decentralized and secure multimedia sharing application over named data networking
Ford UIA: A global connectivity architecture for mobile personal devices
JP3908982B2 (en) CUG (Closed User Group) management method, CUG providing system, CUG providing program, and storage medium storing CUG providing program
CN104994158B (en) Method for safely controlling household appliances through centralized gateway
EP2741465A1 (en) Method and device for managing secure communications in dynamic network environments
Bruneo et al. IoT-cloud authorization and delegation mechanisms for ubiquitous sensing and actuation
WO2021046782A1 (en) Access control method, device, and storage medium
US20230107045A1 (en) Method and system for self-onboarding of iot devices
WO2022134063A1 (en) Access token usage method and device
Baltatu et al. Security policy system: status and perspective
TWI393406B (en) Integrating mobile content sharing and delivery system and its method in integrated network environment
KR20140019275A (en) Method for authorizing access to resource in m2m communications

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19945201

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19945201

Country of ref document: EP

Kind code of ref document: A1