WO2022170589A1 - Acl control method and apparatus, and device and storage medium - Google Patents

Acl control method and apparatus, and device and storage medium Download PDF

Info

Publication number
WO2022170589A1
WO2022170589A1 PCT/CN2021/076588 CN2021076588W WO2022170589A1 WO 2022170589 A1 WO2022170589 A1 WO 2022170589A1 CN 2021076588 W CN2021076588 W CN 2021076588W WO 2022170589 A1 WO2022170589 A1 WO 2022170589A1
Authority
WO
WIPO (PCT)
Prior art keywords
management device
acl
acle
switch state
modification
Prior art date
Application number
PCT/CN2021/076588
Other languages
French (fr)
Chinese (zh)
Inventor
茹昭
罗朝明
Original Assignee
Oppo广东移动通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Oppo广东移动通信有限公司 filed Critical Oppo广东移动通信有限公司
Priority to PCT/CN2021/076588 priority Critical patent/WO2022170589A1/en
Priority to CN202180074804.4A priority patent/CN116458122A/en
Publication of WO2022170589A1 publication Critical patent/WO2022170589A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/71Hardware identity

Definitions

  • the present application relates to the technical field of the Internet of Things, and in particular, to an ACL control method, apparatus, device, and storage medium.
  • the management device can manage the connected IoT device.
  • the multiple management devices can not only manage the IoT devices, but also store the ACL (Access Control List) of each management device in the IoT devices. , the IoT device will judge whether the control command sent by the management device to the physical network device is a command that it can identify according to the ACL stored by itself, and then determine whether to respond to the received control command.
  • ACL Access Control List
  • each management device can modify each ACL stored in the IoT device, the authority for managing the device is too large and the security is poor.
  • the embodiments of the present application provide an ACL control method, apparatus, device, and storage medium, which can change the on or off state of the ACLE of the management device without having the authority to modify the ACL of other management devices, which limits the management device permissions, which in turn improves security.
  • the technical solution is as follows:
  • an ACL control method which is applied to an Internet of Things device, and the method includes:
  • an ACL control method which is applied to a first management device, and the method includes:
  • the modification instruction is used to modify the switch state of the target ACLE of the second management device, where the target ACLE is any ACLE included in the access control list ACL of the second management device, and the The switch state is used to indicate whether the target ACLE is valid;
  • the Internet of Things device is configured to receive a modification instruction sent by the first management device, and in the case of determining that the first management device has the authority to modify the switch state of the ACLE, modify the second management device according to the modification instruction.
  • the switch state of the target ACLE is modified.
  • an ACL control method which is applied to an Internet of Things device, and the method includes:
  • an ACL control method which is applied to a first management device, and the method includes:
  • the Internet of Things device is configured to receive a modification instruction sent by the first management device, and in the case that it is determined that the first management device has the authority to modify the switch state of the ACL, modify the modification instruction of the second management device according to the modification instruction.
  • the switch state of the target ACLE is modified.
  • an ACL control apparatus which is applied to IoT devices, and the apparatus includes:
  • a receiving module configured to receive a modification instruction sent by the first management device, where the modification instruction is used to modify the switch state of the target access control list entry ACLE of the second management device, where the target ACLE is the access of the second management device Any ACLE included in the control list ACL, the switch state is used to indicate whether the target ACLE is valid;
  • a modification module configured to modify the switch state of the target ACLE of the second management device according to the modification instruction when it is determined that the first management device has the right to modify the switch state of the ACLE.
  • an ACL control apparatus which is applied to a first management device, and the apparatus includes:
  • the sending module is configured to send a modification instruction to the Internet of Things device, where the modification instruction is used to modify the switch state of the target ACLE of the second management device, where the target ACLE is any item included in the access control list ACL of the second management device.
  • the switch state is used to indicate whether the target ACLE is valid;
  • the Internet of Things device is configured to receive a modification instruction sent by the first management device, and in the case of determining that the first management device has the authority to modify the switch state of the ACLE, modify the second management device according to the modification instruction.
  • the switch state of the target ACLE is modified.
  • an ACL control apparatus which is applied to IoT devices, and the apparatus includes:
  • a receiving module configured to receive a modification instruction sent by the first management device, where the modification instruction is used to modify the switch state of the ACL of the second management device, and the switch state is used to indicate whether the ACL is valid;
  • a modification module configured to modify the switch state of the ACL of the second management device according to the modification instruction when it is determined that the first management device has the right to modify the switch state of the ACL.
  • an ACL control apparatus which is applied to a first management device, and the apparatus includes:
  • a sending module configured to send a modification instruction to the IoT device, where the modification instruction is used to modify the switch state of the ACL of the second management device, and the switch state is used to indicate whether the target ACLE is valid;
  • the Internet of Things device is configured to receive a modification instruction sent by the first management device, and in the case that it is determined that the first management device has the authority to modify the switch state of the ACL, modify the modification instruction of the second management device according to the modification instruction.
  • the switch state of the target ACLE is modified.
  • an IoT device comprising: a processor; a transceiver connected to the processor; a memory for storing executable program codes of the processor; Wherein, the processor is configured to load and execute the executable program code to implement the ACL control method described in the above aspects.
  • a first management device comprising: a processor; a transceiver connected to the processor; a memory for storing executable instructions of the processor ; wherein the processor is configured to load and execute the executable instructions to implement the ACL control method described in the above aspects.
  • a computer-readable storage medium is provided, and executable program code is stored in the readable storage medium, and the executable program code is loaded and executed by the processor to implement the above-mentioned aspect The described ACL control method.
  • a chip includes a programmable logic circuit and/or program instructions, when the chip runs on an Internet of Things device or a first management device, for implementing the above aspect The described ACL control method.
  • an embodiment of the present application provides a computer program product, where the computer program product includes computer instructions, and the computer instructions are stored in a computer-readable storage medium;
  • the processor of the Internet of Things device reads the computer instructions from the computer-readable storage medium, and executes the computer instructions, so that the Internet of Things device executes the ACL control method described in the above aspect;
  • the processor of the first management device reads the computer instructions from the computer-readable storage medium, and executes the computer instructions, so that the first management device executes the ACL control method described in the above aspects.
  • an embodiment of the present application provides a computer program, which is used to implement the ACL control method described in the above aspect when the computer program is executed by a processor of an IoT device or a first management device .
  • the Internet of Things device can modify other management devices based on the modification instruction sent by the first management device. Modify the switch state of the ACLE to enable or disable the ACLE of other management devices.
  • the ACLE of the management device can be changed without the authority to modify the ACL of other management devices, which limits the management device's ACLE. permissions, which in turn improves security.
  • FIG. 1 shows a flowchart of configuring a second device as a management device by a first management device according to an exemplary embodiment of the present application.
  • FIG. 2 shows a flowchart of configuring a third device as a control device by a second device according to an exemplary embodiment of the present application.
  • FIG. 3 shows a block diagram of a communication system provided by an exemplary embodiment of the present application.
  • FIG. 4 shows a flowchart of an ACL control method provided by an exemplary embodiment of the present application.
  • FIG. 5 shows a flowchart of an ACL control method provided by an exemplary embodiment of the present application.
  • FIG. 6 shows a flowchart of an ACL control method provided by an exemplary embodiment of the present application.
  • FIG. 7 shows a flowchart of an ACL control method provided by an exemplary embodiment of the present application.
  • FIG. 8 shows a flowchart of an ACL control method provided by an exemplary embodiment of the present application.
  • FIG. 9 shows a block diagram of an ACL control apparatus provided by an exemplary embodiment of the present application.
  • FIG. 10 shows a block diagram of an ACL control apparatus provided by another exemplary embodiment of the present application.
  • FIG. 11 shows a block diagram of an ACL control apparatus provided by an exemplary embodiment of the present application.
  • FIG. 12 shows a block diagram of an ACL control apparatus provided by another exemplary embodiment of the present application.
  • FIG. 13 shows a block diagram of an ACL control apparatus provided by an exemplary embodiment of the present application.
  • FIG. 14 shows a block diagram of an ACL control apparatus provided by another exemplary embodiment of the present application.
  • FIG. 15 shows a block diagram of an ACL control apparatus provided by an exemplary embodiment of the present application.
  • FIG. 16 shows a block diagram of an ACL control apparatus provided by another exemplary embodiment of the present application.
  • FIG. 17 shows a schematic structural diagram of a communication device provided by an exemplary embodiment of the present application.
  • IoT CHIP Connected Home over IP, IP-based home interconnection
  • the first management device When the first management device is connected to the IoT device, the first management device can set the second device as the management device of the IoT device. For example, as shown in FIG. 1 , a method for setting the second device as the management device of the IoT device through the first management device is shown:
  • the configuration mode is used to instruct the IoT device to enter a mode of adding other devices at this time, and the first management device can set other devices as the management device of the IoT device.
  • the first management device generates a configuration token.
  • the configuration token includes an authenticator identification and a random setting code.
  • the first management device sends an instruction to enable configuration to the IoT device.
  • the instruction includes a configuration token.
  • the IoT device returns a response message to the first management device based on the received instruction.
  • the IoT device enters the configuration discovery mode.
  • the IoT device can be detected by other devices.
  • the first management device sends a configuration token to the second device.
  • the first management device sends the configuration token to the second device via email, voice transmission, or the like.
  • the second device turns on the discovery mode.
  • the second device narrows the scanning scope based on the authenticator identifier in the received configuration token.
  • the second device searches for IoT devices.
  • the second device establishes a connection with the IoT device based on the configuration token.
  • the second device authenticates the IoT device.
  • the second device creates a structure identification.
  • the IoT device uses the existing operation key.
  • the IoT device sends a device certificate request to the second device.
  • the second device sends the device certificate request and the structure identifier to the CA of the second device.
  • the second device configures the device certificate and access control authority for the IoT device.
  • the device certificate and access control authority configured by the second device are included in the ACL of the second device.
  • the second device deletes the configuration token.
  • the second device When the second device is connected to the IoT device, the second device can add the third device as the control device of the IoT device.
  • the third device As shown in FIG. 2 , it shows that the third device is set as the The method of controlling the device of the IoT device:
  • the third device enters the configuration discovery mode.
  • the second device acquires configuration information of the third device.
  • the third device displays a graphic code
  • the second device obtains the configuration information by scanning the graphic code of the third device.
  • the second device enables the discovery mode.
  • the second device discovers the third device.
  • the second device establishes a secure connection with the third device.
  • the second device and the third device are authenticated.
  • the second device uses the set structure identifier of the second device.
  • the third device generates an operation key and a CSR (Certificate Signing Request, certificate request file).
  • the third device sends the CSR to the second device.
  • the second device sends the CSR to the CA of the second device to request a device certificate.
  • the second device configures the device certificate, the certificate chain and the access control authority to the third device.
  • FIG. 3 shows a block diagram of a communication system provided by an exemplary embodiment of the present application.
  • the communication system may include: a first management device 31 , a second management device 32 and an Internet of Things device 33 .
  • the first management device 31 and the second management device 32 are respectively connected to the IoT device 33, and the IoT device 33 stores the ACL of the first management device 31 and the ACL of the second management device 32, and each ACL includes at least one ACLE (Access Control List Entry, Access Control List Entry), if the IoT device 33 receives a control command sent by any management device, it first determines the ACLE of the management device that matches the control command, and then determines to send a control command according to the ACLE Whether the management device has the permission to access the IoT device, if it has the permission to access the IoT device, it will respond to the control command, and if it is determined that it does not have the permission to access the IoT device, it will not respond to the control command. Alternatively, if the IoT device 33 cannot determine the ACLE matching the control instruction, it does not respond to the control instruction.
  • the first management device 31 or the second management device 32 is a terminal such as a mobile phone, a computer, or a tablet computer, or the first management device 31 or the second management device 32 interacts through installed applications.
  • the application program installed by the first management device 31 or the second management device 32 is a program matched with the Internet of Things device.
  • the IoT device 33 is a refrigerator, a TV, an electric lamp, and other devices, which are not limited in the embodiment of the present application.
  • the ACL is generated by the management device and configured by the management device to the IoT device 33, and the IoT device 33 will store the ACL configured by each management device.
  • the ACL includes at least one ACLE, and each ACLE includes multiple attributes.
  • each ACLE includes the following attributes:
  • the management device in the process of generating the ACL, the management device also sets a switch state for each ACLE included in the ACL, and uses the switch state to indicate whether the ACLE corresponding to the switch state is valid.
  • the switch state of the ACLE set by the management device is enabled by default.
  • switch states in the embodiments of the present application actually correspond to the on state and the off state of the enable attribute (enable), and the switch states involved in the embodiments of the present application can be represented by true and false of enable.
  • the switch states in the embodiments of the present application can also correspond to other attributes, which are not limited in the embodiments of the present application.
  • each management device sets ACLs on the IoT devices.
  • this application provides the implementation shown in FIG. 4 .
  • the authority of the management device is restricted, and the validity of the ACL of other management devices can also be adjusted, as shown in Figure 4, the method includes:
  • the first management device sends a modification instruction to the IoT device.
  • the modification instruction is used to modify the switch state of the target ACLE of the second management device, the target ACLE is any ACLE included in the ACL of the second management device, and the switch state is used to indicate whether the target ACLE is valid.
  • the user can control the first management device to send a modification instruction to the IoT device, and the subsequent IoT device
  • the device may modify the switch state of the target ACLE of the second management device based on the received modification instruction, so that the target ACLE is in an invalid state, and the authority of the ACLE is disabled.
  • whether the ACLE is valid can be set by triggering the switch state of the ACLE, where the switch state of the ACLE includes the following three situations Either of:
  • switch state when the switch state is the first state, it is used to indicate that the target ACLE is in an open state, and when the switch state is the second state, it is used to indicate that the target ACLE is in an off state.
  • the ACLE is represented as shown in Table 1:
  • the ACLE of the second management device includes a switch state, and in this case, the access rights of the switch state are different from the access rights of the other 8 entries in the ACLE. If the permission set by the second management device to other management devices is a read-only permission, the first management device can control whether the ACLE is valid by modifying the switch state in the ACLE of the second management device. If the second management device and the first management device are in different ecosystems, the first management device can control whether the ACLE is valid by modifying the switch state in the ACLE of the second management device.
  • the ACL of the second management device includes a switch state corresponding to each ACLE.
  • the ACL of the second management device includes at least one ACLE. And the ACL of the second management device further includes a switch state corresponding to each ACLE.
  • the ACL of the second management device is shown in Table 2:
  • the switch state corresponding to each ACLE in the ACL it is possible to control whether the ACLE is valid through the switch state of the ACLE. If the permission set by the second management device to other management devices is a read-only permission, the first management device can control whether the ACLE is valid by modifying the switch state corresponding to the ACLE in the ACL of the second management device. If the second management device and the first management device are in different ecosystems, the first management device can control whether the ACLE is valid by modifying the switch state in the ACLE in the ACL of the second management device.
  • the IoT device further stores a switch state corresponding to each ACLE included in the ACL of the second management device.
  • the physical network device not only stores the ACL, but also stores the switch state corresponding to the ACLE of each ACL. If the first management device needs to close the ACLE of the second management device, the switch state of the ACLE can be modified.
  • the IoT device stores the switch state corresponding to the ACLE of each ACL in an object other than the ACL.
  • the access authority of the object is different from the access authority of the ACL.
  • the management device can modify the switch state corresponding to the ACLE in the object, but cannot modify the ACL.
  • the IoT device receives the modification instruction sent by the first management device.
  • the IoT device modifies the switch state of the target ACLE of the second management device according to the modification instruction under the condition that it is determined that the first management device has the authority to modify the switch state of the ACLE.
  • the IoT device after the IoT device receives the modification instruction sent by the first management device, it needs to first determine whether the first management device that sends the modification instruction has the authority to modify the switch state of the ACLE.
  • the device can modify the switch state of the ACLE of other management devices stored by the IoT device, and the IoT device modifies the switch state of the target ACLE of the second management device according to the modification instruction.
  • the switch state of the target ACLE of the second management device is set to the second state.
  • the modification instruction includes the device identifier of the first management device, and the IoT device determines that the first management device has the authority to modify the switch state of the ACLE in any of the following ways:
  • the IoT device stores an administrator identifier with the authority to modify ACLE. If the IoT device receives the modification instruction, the device identification of the first management device included in the modification instruction is stored with the stored management ID. If the IoT device determines that the device ID of the first management device is located in the stored administrator ID, it means that the first management device has the management authority to the IoT device, and it can also be determined that the first management device has the ability to modify Permissions for the switch state of ACLE.
  • multiple administrator identifiers are stored in the IoT device, but the multiple administrator identifiers include a primary administrator identifier and a secondary administrator identifier, and the primary administrator identifier has the ACLE of other management devices.
  • the first management device can modify the switch states of the ACLEs of other management devices.
  • any management device can also add any management device to the IoT device. ACLE of the device.
  • any management device connected to the IoT device can send an ACLE addition instruction to the IoT device, and the IoT device will add an ACLE addition instruction based on the ACLE addition instruction according to the received ACLE addition instruction in the ACL of any management device. Included ACLE.
  • the management device can send an ACLE addition instruction to the IoT device.
  • the embodiment of the present application is only described by taking the first management device directly sending the modification instruction to the physical network device as an example.
  • the Internet of Things device after the Internet of Things device needs to be controlled to enter the modification mode, the Internet of Things device will respond to the modification instruction sent by the first management device, then before step 401, the method further includes 4011:
  • the IoT device receives the modification mode start instruction, and enters the modification mode according to the modification mode start instruction.
  • the IoT device in the modification mode, has the function of responding to the modification instruction. If the IoT device is in the modification mode, the IoT device modifies the switch state of the ACLE according to the modification instruction. If the IoT device is not in the modification mode, it will not respond to the modification instruction, nor will it switch the ACLE according to the modification instruction. status is modified.
  • the first management device needs to modify the switch states of the ACLEs of other management devices that have been stored by the IoT device, it needs to control the IoT device to enter the modification mode first, so as to prevent the IoT device from triggering during operation. Modify the operation, resulting in an error in the operation of the IoT device.
  • a configuration button is set on the IoT device. If the first management device needs to modify the switch state of the target ACLE of the second management device stored in the IoT device, the configuration button needs to be triggered first, and the IoT device receives The modification module is activated by the configuration button, and the modification mode is entered, and then step 401 is executed.
  • the first management device is connected to the Internet of Things device and has the management authority to the Internet of Things device.
  • the modification mode activation instruction is sent to the IoT device, and the IoT device enters the modification mode according to the modification mode activation instruction.
  • step 403 the method further includes 4031:
  • the IoT device receives the modification mode closing instruction, and exits the modification mode according to the modification mode closing instruction.
  • the IoT device will exit the modification mode according to the received modification mode shutdown instruction.
  • a configuration button is set on the Internet of Things device, if the first management device completes the modification of the switch state of the target ACLE of the second management device stored in the Internet of Things device, and then triggers the configuration button, the Internet of Things Receive the modification module shutdown command triggered by the configuration button, and exit the modification mode.
  • the first management device is connected to the IoT device and has the management authority to the IoT device. If the first management device completes the switch state of the target ACLE of the second management device stored in the IoT device After the modification, when the first management device detects the modification mode shutdown operation in the application program corresponding to the IoT device, it sends the modification mode shutdown instruction to the IoT device according to the modification mode shutdown operation, and the IoT device closes the modification mode according to the modification mode instruction. Exit modification mode.
  • the IoT device is controlled to perform the modification mode, so as to prevent the IoT device from modifying the switch state of the ACLE during the running process.
  • the stability of the switch state of the ACLE of the management device in modifying the IoT device is improved, and the operation effect of the IoT device is improved.
  • FIG. 5 shows a flowchart of an ACL control method provided by the embodiment of the present application. Referring to FIG. 5 , the method includes:
  • the first management device sends an ACL acquisition request to the IoT device.
  • the IoT device receives an ACL acquisition request sent by the first management device.
  • the first management device needs to modify the switch state of the ACLE of the second management device, it needs to first obtain the ACLs of all management devices that have been stored by the IoT device.
  • the ACL in the IoT device includes the switch state of the ACLE to be modified.
  • the IoT device sends, based on the ACL acquisition request, the ACL of each management device in the IoT device to the first management device.
  • the first management device receives the ACL of each management device sent by the physical network device.
  • the Internet of Things device After the first management device sends an ACL acquisition request to the Internet of Things device, the Internet of Things device determines according to the received ACL acquisition request that the first management device needs to acquire the ACL of the stored management device, and the Internet of Things device based on the received ACL acquisition request, sends the request to the Internet of Things device.
  • the first management device sends the stored ACL of each management device.
  • the method includes:
  • the first management device has the management authority to the IoT device, and the first management device sets the second management device and the third management device as management devices of the IoT device.
  • the second management device adds the control device as the control device of the IoT device.
  • the ACLE 10 corresponding to the second management device is the ACLE of the control device.
  • the control device requests to access the IoT device, and the IoT device finds the matching access authority according to ACLE10, allows the access, and returns a result.
  • the first management device controls the IoT device to enter a modification mode.
  • the first management device acquires the ACL of each management device stored by the IoT device.
  • the first management device selects the ACLE10, and sets the switch state of the ACLE10 to the second state.
  • the IoT device confirms that the first management device has the right to modify the switch state of the ACLE, and accepts the modification.
  • the first management device controls the IoT device to exit the modification mode.
  • the control device requests to access the Internet of Things device, and the Internet of Things device determines that no matching access authority is found, and rejects the access request of the control device.
  • the third management device controls the IoT device to enter a modification mode.
  • the third management device acquires the ACL of each management device stored by the IoT device.
  • the third management device selects the ACLE10, and sets the switch state of the ACLE10 to the first state.
  • the IoT device confirms that the third management device has the right to modify the switch state of the ACLE, and accepts the modification.
  • the third management device controls the IoT device to exit the modification mode.
  • the control device requests to access the IoT device, and the IoT device finds the matching access authority according to ACLE10, allows the access and returns a result.
  • the method of the present application will be described by taking the first management device, the second management device, the third management device, the IoT device and the controller as examples. Referring to FIG. 7 , the method includes:
  • the first management device has primary management authority over the IoT device, and the first management device sets the second management device and the third management device as management devices of the IoT device.
  • the second management device adds the control device as a control device of the IoT device.
  • the ACLE 10 corresponding to the second management device is the ACLE of the control device.
  • the control device requests to access the IoT device, and the IoT device finds a matching access authority according to ACL10, allows the access, and returns a result.
  • the first management device controls the IoT device to enter a modification mode.
  • the first management device acquires the ACL of each management device stored by the IoT device.
  • the first management device selects the ACL10, and sets the switch state of the ACL10 to the second state.
  • the IoT device confirms that the device identifier of the first management device is the set master administrator identifier, has the right to modify the switch state of the ACL, and accepts the modification.
  • the first management device controls the IoT device to exit the modification mode.
  • the control device requests to access the Internet of Things device, and the Internet of Things device determines that no matching access authority is found, and rejects the access request of the control device.
  • the third management device controls the IoT device to enter a modification mode.
  • the third management device acquires the ACL of each management device stored by the IoT device.
  • the third management device selects the ACL10, and sets the switch state of the ACL10 to the first state.
  • the IoT device confirms that the device identifier of the third management device is not the set master administrator identifier, does not have the right to modify the switch state of the ACLE, and refuses to modify.
  • the third management device controls the IoT device to exit the modification mode.
  • the control device requests to access the Internet of Things device, and the Internet of Things device does not find a matching access permission according to ACL10 and refuses access.
  • the IoT device when the IoT device determines that the first management device has the authority to modify the switch state of the ACLE, the IoT device performs the switch state of the ACLE of other management devices based on the modification instruction sent by the first management device. Modification, so that the ACLE of other management devices can be turned on or off, and the ACLE of the management device can be changed without the authority to modify the ACL of other management devices, which limits the authority of the management device and improves the safety.
  • FIGS. 4 to 6 illustrate how the first management device modifies the switch states of the ACLEs of other management devices.
  • the switch state corresponds to the ACL of the management device. If the switch state of any ACL is set to the off state, all the ACLEs included in the ACL are in the off state.
  • the above method is described below using the embodiment of FIG. 8 . , see Figure 8, the method includes:
  • the first management device sends a modification instruction to the IoT device.
  • the IoT device receives the modification instruction sent by the first management device.
  • the modification instruction is used to modify the switch state of the ACL of the second management device, and the switch state is used to indicate whether the ACL is valid.
  • the IoT device stores a switch state corresponding to the ACL of the second management device, when the switch state is the first state, it is used to indicate that the corresponding ACL is in the open state, and when the switch state is the second state, it is used for Indicates that the corresponding ACL is disabled.
  • the Internet of Things device modifies the switch state of the target ACL of the second management device according to the modification instruction under the condition that it is determined that the first management device has the right to modify the switch state of the ACL.
  • the stored administrator identification includes the device identification of the first management device, it is determined that the first management device has the right to modify the switch state of the ACL.
  • the device identification of the first management device is the set master administrator identification
  • the embodiment of the present application is only described by taking the first management device directly sending the modification instruction to the physical network device as an example for description.
  • the Internet of Things device after the Internet of Things device needs to be controlled to enter the modification mode, the Internet of Things device will respond to the modification instruction sent by the first management device, then before step 801, the method further includes 8011:
  • the IoT device receives the modification mode start instruction, and enters the modification mode according to the modification mode start instruction.
  • the IoT device in the modification mode, has the function of responding to the modification instruction.
  • step 803 the method further includes 8031:
  • the IoT device receives the modification mode shutdown instruction, and exits the modification mode according to the modification mode shutdown instruction.
  • the first management device needs to first obtain the ACL of the management device stored in the IoT device, and the method includes steps 811-814:
  • the first management device sends an ACL acquisition request to the IoT device.
  • the IoT device receives an ACL acquisition request sent by the first management device.
  • the IoT device Based on the ACL acquisition request, the IoT device sends the ACL of each management device in the IoT device to the first management device.
  • the first management device receives the ACL of each management device sent by the physical network device.
  • steps 801 to 803 in the embodiment of the present application are similar.
  • the modification instruction in the embodiment of FIG. 8 is to modify the switch state of the ACL of other management devices. If the switch state of the ACL of other management devices changes, the The switch states of all ACLEs included in the ACL change in the same way as the switch states of the ACL. In the embodiments shown in FIGS. 4 to 6 , the switch state of one ACLE is modified independently, and other processes are similar, which will not be repeated here.
  • the IoT device modifies the switch state of the ACL of other management devices based on the modification instruction sent by the first management device, In order to enable or disable the ACL of other management devices, the on or off status of the ACL of the management device can be changed without the permission to modify the ACL of other management devices, which limits the permissions of the management device and improves the security. .
  • the opening and closing of the ACL the opening and closing of all ACLEs included in the ACL can be modified, which improves the operation efficiency.
  • FIG. 9 shows a block diagram of an ACL control apparatus provided by an exemplary embodiment of the present application, which is applied to an IoT device, and the apparatus includes:
  • a receiving module 901 configured to receive a modification instruction sent by the first management device, where the modification instruction is used to modify the switch state of the target access control list entry ACLE of the second management device, where the target ACLE is included in the access control list ACL of the second management device Any ACLE, the switch state is used to indicate whether the target ACLE is valid;
  • the modification module 902 is configured to modify the switch state of the target ACLE of the second management device according to the modification instruction when it is determined that the first management device has the right to modify the switch state of the ACLE.
  • the target ACLE includes a switch state, when the switch state is the first state, it is used to indicate that the target ACLE is in an open state, and when the switch state is the second state, it is used to indicate that the target ACLE is in a closed state.
  • the ACL of the second management device includes a switch state corresponding to each ACLE.
  • the IoT device further stores a switch state corresponding to each ACLE included in the ACL of the second management device.
  • the modification instruction includes the device identifier of the first management device, and the apparatus further includes:
  • a determining module 903 configured to determine that the first management device has the authority to modify the switch state of the ACLE when it is determined that the stored administrator identification includes the device identification of the first management device; or,
  • the determining module 903 is further configured to determine that the first management device has the right to modify the switch state of the ACLE when the device identifier of the first management device is determined to be the set master administrator identifier.
  • the apparatus further includes:
  • the exit module 905 is configured to close the instruction according to the modification mode, and exit the modification mode.
  • the apparatus further includes:
  • a receiving module 901 configured to receive an ACL acquisition request sent by a first management device
  • the sending module 906 is configured to send the ACL of each management device in the IoT devices to the first management device based on the ACL acquisition request.
  • the apparatus further includes:
  • a receiving module 901, configured to receive an ACLE adding instruction sent by any management device
  • the adding module 907 is configured to add the ACLE included in the ACLE adding instruction to the ACL of any management device based on the ACLE adding instruction.
  • FIG. 11 shows a block diagram of an ACL control apparatus provided by an exemplary embodiment of the present application, which is applied to a first management device, and the apparatus includes:
  • the sending module 1101 is configured to send a modification instruction to the IoT device, where the modification instruction is used to modify the switch state of the target ACLE of the second management device, where the target ACLE is any ACLE included in the access control list ACL of the second management device, and the switch state Used to indicate whether the target ACLE is valid;
  • the IoT device is configured to receive the modification instruction sent by the first management device, and modify the switch state of the target ACLE of the second management device according to the modification instruction when it is determined that the first management device has the authority to modify the switch state of the ACLE.
  • the target ACLE includes a switch state, when the switch state is the first state, it is used to indicate that the target ACLE is in an open state, and when the switch state is the second state, it is used to indicate that the target ACLE is in a closed state.
  • the ACL of the second management device includes a switch state corresponding to each ACLE.
  • the IoT device further stores a switch state corresponding to each ACLE included in the ACL of the second management device.
  • the modification instruction includes the device identification of the first management device,
  • the IoT device determines that the stored administrator identifier includes the device identifier of the first management device, and determines that the first management device has the authority to modify the switch state of the ACLE; or,
  • the IoT device determines that the device identification of the first management device is the set master administrator identification, and determines that the first management device has the authority to modify the switch state of the ACLE.
  • the apparatus further includes:
  • a receiving module 1102 configured to receive the ACL of each management device in the IoT device sent by the IoT device;
  • the IoT device is configured to send the ACL of each management device in the IoT device to the first management device based on the ACL acquisition request.
  • Fig. 13 shows a block diagram of an ACL control apparatus provided by an exemplary embodiment of the present application, applied to an IoT device, the apparatus includes:
  • the receiving module 1301 is configured to receive a modification instruction sent by the first management device, where the modification instruction is used to modify the switch state of the ACL of the second management device, and the switch state is used to indicate whether the ACL is valid;
  • the modification module 1302 is configured to modify the switch state of the ACL of the second management device according to the modification instruction when it is determined that the first management device has the right to modify the switch state of the ACL.
  • the IoT device stores a switch state corresponding to the ACL of the second management device, when the switch state is the first state, it is used to indicate that the corresponding ACL is in the open state, and when the switch state is the second state, it is used for Indicates that the corresponding ACL is disabled.
  • the modification instruction includes the device identifier of the first management device, and the apparatus further includes:
  • the determining module 1303 is configured to determine that the first management device has the right to modify the switch state of the ACL when it is determined that the stored administrator identification includes the device identification of the first management device; or,
  • the determining module 1303 is further configured to determine that the first management device has the right to modify the switch state of the ACL if the device identifier of the first management device is the set master administrator identifier.
  • the apparatus further includes:
  • a receiving module 1301, configured to receive a modification mode opening instruction
  • the device further includes:
  • Exit module 1305, configured to close the instruction according to the modification mode, and exit the modification mode.
  • the apparatus further includes:
  • a receiving module 1301, configured to receive an ACL acquisition request sent by the first management device
  • the sending module 1306 is configured to send the ACL of each management device in the IoT devices to the first management device based on the ACL acquisition request.
  • the apparatus further includes:
  • a receiving module 1301, configured to receive an ACLE addition instruction sent by any management device
  • the adding module 1307 is configured to add the ACLE included in the ACLE adding instruction to the ACL of any management device based on the ACLE adding instruction.
  • FIG. 15 shows a block diagram of an ACL control apparatus provided by an exemplary embodiment of the present application, which is applied to a first management device, and the apparatus includes:
  • the sending module 1501 is used to send a modification instruction to the IoT device, where the modification instruction is used to modify the switch state of the ACL of the second management device, and the switch state is used to indicate whether the target ACLE is valid;
  • the IoT device is configured to receive the modification instruction sent by the first management device, and modify the switch state of the target ACLE of the second management device according to the modification instruction when it is determined that the first management device has the right to modify the switch state of the ACL.
  • the IoT device stores the switch state corresponding to the ACL of the second management device
  • the second object includes the correspondence between the ACLE and the switch state, and when the switch state is the first state, it is used to indicate that the corresponding ACLE is on state, when the switch state is the second state, it is used to indicate that the corresponding ACLE is in the off state.
  • the modification instruction includes the device identification of the first management device,
  • the IoT device determines that the first management device has the right to modify the switch state of the ACL when it is determined that the stored administrator identifier includes the device identifier of the first management device; or,
  • the Internet of Things device determines that the first management device has the right to modify the switch state of the ACL when it is determined that the device identifier of the first management device is the set master administrator identifier.
  • the apparatus further includes:
  • a sending module 1501 configured to send an ACL acquisition request to the IoT device
  • a receiving module 1502 configured to receive the ACL of each management device in the IoT device sent by the IoT device;
  • the IoT device is configured to send the ACL of each management device in the IoT device to the first management device based on the ACL acquisition request.
  • FIG. 17 shows a schematic structural diagram of a communication device provided by an exemplary embodiment of the present application.
  • the communication device includes: a processor 1701 , a receiver 1702 , a transmitter 1703 , a memory 1704 and a bus 1705 .
  • the processor 1701 includes one or more processing cores, and the processor 1701 executes various functional applications and information processing by running software programs and modules.
  • the receiver 1702 and the transmitter 1703 may be implemented as a communication component, which may be a communication chip.
  • the memory 1704 is connected to the processor 1701 through the bus 1705.
  • the memory 1704 may be configured to store at least one instruction, and the processor 1701 may be configured to execute the at least one instruction to implement the various steps in the above method embodiments.
  • the communication device is an IoT device or a first management device.
  • the memory 1704 may be implemented by any type or combination of volatile or non-volatile storage devices including, but not limited to, magnetic or optical disks, electrically erasable programmable Read Only Memory (EEPROM), Erasable Programmable Read Only Memory (EPROM), Static Anytime Access Memory (SRAM), Read Only Memory (ROM), Magnetic Memory, Flash Memory, Programmable Read Only Memory (PROM) .
  • EEPROM electrically erasable programmable Read Only Memory
  • EPROM Erasable Programmable Read Only Memory
  • SRAM Static Anytime Access Memory
  • ROM Read Only Memory
  • Magnetic Memory Magnetic Memory
  • Flash Memory Programmable Read Only Memory
  • a computer-readable storage medium is also provided, and executable program codes are stored in the readable storage medium, and the executable program codes are loaded and executed by a processor to implement the above-mentioned various methods.
  • the example provides an ACL control method performed by a communication device.
  • a chip is also provided, the chip includes a programmable logic circuit and/or program instructions, when the chip runs on the Internet of Things device or the first management device, for implementing the The above ACL control method.
  • a computer program product comprising computer instructions stored in a computer-readable storage medium
  • the processor of the Internet of Things device reads the computer instructions from the computer-readable storage medium, and executes the computer instructions, so that the Internet of Things device executes the ACL control method described in the above aspect;
  • the processor of the first management device reads the computer instructions from the computer-readable storage medium, and executes the computer instructions, so that the first management device executes the ACL control method described in the above aspects.
  • a computer program for implementing the above-mentioned ACL control method when the computer program is executed by the processor of the Internet of Things device or the first management device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Selective Calling Equipment (AREA)

Abstract

The present application relates to the technical field of the Internet of Things. Disclosed are an ACL control method and apparatus, and a device and a storage medium. The method comprises: receiving a modification instruction sent by a first management device, a target ACLE being any ACLE comprised in an ACL of a second management device, and an on/off state being used for indicating whether the target ACLE is valid; and when it is determined that the first management device has the right to modify the on/off state of the ACLE, modifying the on/off state of the target ACLE of the second management device according to the modification instruction. The on or off state of an ACL of another management device can be modified without the need to have the right to modify the ACL of the management device, thereby restricting the right of the management device, and thus improving the security. In addition, the turning-on and turning-off of all ACLEs comprised in the ACL can be modified by modifying the turning-on and turning-off of the ACL, thereby improving the operation efficiency.

Description

ACL控制方法、装置、设备及存储介质ACL control method, device, device and storage medium 技术领域technical field
本申请涉及物联网技术领域,特别涉及一种ACL控制方法、装置、设备及存储介质。The present application relates to the technical field of the Internet of Things, and in particular, to an ACL control method, apparatus, device, and storage medium.
背景技术Background technique
随着物联网技术的快速发展以及物联网设备的广泛应用,管理设备与物联网设备连接后,管理设备能够对连接的物联网设备进行管理。With the rapid development of IoT technology and the wide application of IoT devices, after the management device is connected to the IoT device, the management device can manage the connected IoT device.
在多个管理设备与物联网设备连接的情况下,这多个管理设备不仅可以对物联网设备进行管理,且物联网设备中存储有每个管理设备的ACL(Access Control List,访问控制列表),物联网设备会根据自身存储的ACL判断管理设备发送给物理网设备的控制指令是否为自身能够识别的指令,进而确定是否响应接收的控制指令。When multiple management devices are connected to the IoT devices, the multiple management devices can not only manage the IoT devices, but also store the ACL (Access Control List) of each management device in the IoT devices. , the IoT device will judge whether the control command sent by the management device to the physical network device is a command that it can identify according to the ACL stored by itself, and then determine whether to respond to the received control command.
但是,由于每个管理设备均可以对物联网设备中存储的每个ACL进行修改,导致管理设备的权限过大,安全性差。However, since each management device can modify each ACL stored in the IoT device, the authority for managing the device is too large and the security is poor.
发明内容SUMMARY OF THE INVENTION
本申请实施例提供了一种ACL控制方法、装置、设备及存储介质,无需具有对其他管理设备的ACL进行修改的权限就能够对管理设备的ACLE的开启或关闭状态进行更改,限制了管理设备的权限,进而提高了安全性。所述技术方案如下:The embodiments of the present application provide an ACL control method, apparatus, device, and storage medium, which can change the on or off state of the ACLE of the management device without having the authority to modify the ACL of other management devices, which limits the management device permissions, which in turn improves security. The technical solution is as follows:
根据本申请的一个方面,提供了一种ACL控制方法,应用于物联网设备,所述方法包括:According to an aspect of the present application, an ACL control method is provided, which is applied to an Internet of Things device, and the method includes:
接收第一管理设备发送的修改指令,所述修改指令用于修改第二管理设备的目标访问控制列表条目ACLE的开关状态,所述目标ACLE为所述第二管理设备的访问控制列表ACL包括的任一个ACLE,所述开关状态用于指示所述目标ACLE是否有效;Receive a modification instruction sent by the first management device, where the modification instruction is used to modify the switch state of the target access control list entry ACLE of the second management device, where the target ACLE is included in the access control list ACL of the second management device Any ACLE, the switch state is used to indicate whether the target ACLE is valid;
在确定所述第一管理设备具有修改ACLE的开关状态的权限的情况下,根据所述修改指令对所述第二管理设备的目标ACLE的开关状态进行修改。If it is determined that the first management device has the right to modify the switch state of the ACLE, modify the switch state of the target ACLE of the second management device according to the modification instruction.
根据本申请的一个方面,提供了一种ACL控制方法,应用于第一管理设备,所述方法包括:According to an aspect of the present application, an ACL control method is provided, which is applied to a first management device, and the method includes:
向物联网设备发送修改指令,所述修改指令用于修改第二管理设备的目标ACLE的开关状态,所述目标ACLE为所述第二管理设备的访问控制列表ACL包括的任一个ACLE,所述开关状态用于指示所述目标ACLE是否有效;Send a modification instruction to the Internet of Things device, where the modification instruction is used to modify the switch state of the target ACLE of the second management device, where the target ACLE is any ACLE included in the access control list ACL of the second management device, and the The switch state is used to indicate whether the target ACLE is valid;
所述物联网设备用于接收第一管理设备发送的修改指令,在确定所述第一管理设备具有修改ACLE的开关状态的权限的情况下,根据所述修改指令对所述第二管理设备的目标ACLE的开关状态进行修改。The Internet of Things device is configured to receive a modification instruction sent by the first management device, and in the case of determining that the first management device has the authority to modify the switch state of the ACLE, modify the second management device according to the modification instruction. The switch state of the target ACLE is modified.
根据本申请的一个方面,提供了一种ACL控制方法,应用于物联网设备,所述方法包括:According to an aspect of the present application, an ACL control method is provided, which is applied to an Internet of Things device, and the method includes:
接收第一管理设备发送的修改指令,所述修改指令用于修改第二管理设备的ACL的开关状态,所述开关状态用于指示所述ACL是否有效;receiving a modification instruction sent by the first management device, where the modification instruction is used to modify the switch state of the ACL of the second management device, and the switch state is used to indicate whether the ACL is valid;
在确定所述第一管理设备具有修改ACL的开关状态的权限的情况下,根据所述修改指令对所述第二管理设备的ACL的开关状态进行修改。If it is determined that the first management device has the right to modify the switch state of the ACL, modify the switch state of the ACL of the second management device according to the modification instruction.
根据本申请的一个方面,提供了一种ACL控制方法,应用于第一管理设备,所述方法包括:According to an aspect of the present application, an ACL control method is provided, which is applied to a first management device, and the method includes:
向物联网设备发送修改指令,所述修改指令用于修改第二管理设备的ACL的开关状态,所述开关状态用于指示所述目标ACLE是否有效;Send a modification instruction to the IoT device, where the modification instruction is used to modify the switch state of the ACL of the second management device, and the switch state is used to indicate whether the target ACLE is valid;
所述物联网设备用于接收第一管理设备发送的修改指令,在确定所述第一管理设备具有修改ACL的开关状态的权限的情况下,根据所述修改指令对所述第二管理设备的目标ACLE的开关状态进行修改。The Internet of Things device is configured to receive a modification instruction sent by the first management device, and in the case that it is determined that the first management device has the authority to modify the switch state of the ACL, modify the modification instruction of the second management device according to the modification instruction. The switch state of the target ACLE is modified.
根据本申请的一个方面,提供了一种ACL控制装置,应用于物联网设备,所述装置包括:According to an aspect of the present application, an ACL control apparatus is provided, which is applied to IoT devices, and the apparatus includes:
接收模块,用于接收第一管理设备发送的修改指令,所述修改指令用于修改第二管理设备的目标访问控制列表条目ACLE的开关状态,所述目标ACLE为所述第二管理设备的访问控制列表ACL包括的任一个ACLE,所述开关状态用于指示所述目标ACLE是否有效;a receiving module, configured to receive a modification instruction sent by the first management device, where the modification instruction is used to modify the switch state of the target access control list entry ACLE of the second management device, where the target ACLE is the access of the second management device Any ACLE included in the control list ACL, the switch state is used to indicate whether the target ACLE is valid;
修改模块,用于在确定所述第一管理设备具有修改ACLE的开关状态的权限的情况下,根据所述修改指令对所述第二管理设备的目标ACLE的开关状态进行修改。A modification module, configured to modify the switch state of the target ACLE of the second management device according to the modification instruction when it is determined that the first management device has the right to modify the switch state of the ACLE.
根据本申请的一个方面,提供了一种ACL控制装置,应用于第一管理设备,所述装置包括:According to an aspect of the present application, an ACL control apparatus is provided, which is applied to a first management device, and the apparatus includes:
发送模块,用于向物联网设备发送修改指令,所述修改指令用于修改第二管理设备的目标ACLE的开关状态,所述目标ACLE为所述第二管理设备的访问控制列表ACL包括的任一个ACLE,所述开关状态用于指示所述目标ACLE是否有效;The sending module is configured to send a modification instruction to the Internet of Things device, where the modification instruction is used to modify the switch state of the target ACLE of the second management device, where the target ACLE is any item included in the access control list ACL of the second management device. an ACLE, the switch state is used to indicate whether the target ACLE is valid;
所述物联网设备用于接收第一管理设备发送的修改指令,在确定所述第一管理设备具有修改ACLE的开关状态的权限的情况下,根据所述修改指令对所述第二管理设备的目标ACLE的开关状态进行修改。The Internet of Things device is configured to receive a modification instruction sent by the first management device, and in the case of determining that the first management device has the authority to modify the switch state of the ACLE, modify the second management device according to the modification instruction. The switch state of the target ACLE is modified.
根据本申请的一个方面,提供了一种ACL控制装置,应用于物联网设备,所述装置包括:According to an aspect of the present application, an ACL control apparatus is provided, which is applied to IoT devices, and the apparatus includes:
接收模块,用于接收第一管理设备发送的修改指令,所述修改指令用于修改第二管理设备的ACL的开关状态,所述开关状态用于指示所述ACL是否有效;a receiving module, configured to receive a modification instruction sent by the first management device, where the modification instruction is used to modify the switch state of the ACL of the second management device, and the switch state is used to indicate whether the ACL is valid;
修改模块,用于在确定所述第一管理设备具有修改ACL的开关状态的权限的情况下,根据所述修改指令对所述第二管理设备的ACL的开关状态进行修改。A modification module, configured to modify the switch state of the ACL of the second management device according to the modification instruction when it is determined that the first management device has the right to modify the switch state of the ACL.
根据本申请的一个方面,提供了一种ACL控制装置,应用于第一管理设备,所述装置包括:According to an aspect of the present application, an ACL control apparatus is provided, which is applied to a first management device, and the apparatus includes:
发送模块,用于向物联网设备发送修改指令,所述修改指令用于修改第二管理设备的ACL的开关状态,所述开关状态用于指示所述目标ACLE是否有效;a sending module, configured to send a modification instruction to the IoT device, where the modification instruction is used to modify the switch state of the ACL of the second management device, and the switch state is used to indicate whether the target ACLE is valid;
所述物联网设备用于接收第一管理设备发送的修改指令,在确定所述第一管理设备具有修改ACL的开关状态的权限的情况下,根据所述修改指令对所述第二管理设备的目标ACLE的开关状态进行修改。The Internet of Things device is configured to receive a modification instruction sent by the first management device, and in the case that it is determined that the first management device has the authority to modify the switch state of the ACL, modify the modification instruction of the second management device according to the modification instruction. The switch state of the target ACLE is modified.
根据本申请的一个方面,提供了一种物联网设备,所述物联网设备包括:处理器;与所述处理器相连的收发器;用于存储所述处理器的可执行程序代码的存储器;其中,所述处理器被配置为加载并执行所述可执行程序代码以实现如上述方面所述的ACL控制方法。According to an aspect of the present application, an IoT device is provided, the IoT device comprising: a processor; a transceiver connected to the processor; a memory for storing executable program codes of the processor; Wherein, the processor is configured to load and execute the executable program code to implement the ACL control method described in the above aspects.
根据本申请的一个方面,提供了一种第一管理设备,所述第一管理设备包括:处理器;与所述处理器相连的收发器;用于存储所述处理器的可执行指令的存储器;其中,所述处理器被配置为加载并执行所述可执行指令以实现如上述方面所述的ACL控制方法。According to an aspect of the present application, a first management device is provided, the first management device comprising: a processor; a transceiver connected to the processor; a memory for storing executable instructions of the processor ; wherein the processor is configured to load and execute the executable instructions to implement the ACL control method described in the above aspects.
根据本申请的一个方面,提供了一种计算机可读存储介质,所述可读存储介质中存储有可执行程序代码,所述可执行程序代码由所述处理器加载并执行以实现如上述方面所述的ACL控制方法。According to an aspect of the present application, a computer-readable storage medium is provided, and executable program code is stored in the readable storage medium, and the executable program code is loaded and executed by the processor to implement the above-mentioned aspect The described ACL control method.
根据本申请的一个方面,提供了一种芯片,所述芯片包括可编程逻辑电路和/或程序指令,当所述芯片在物联网设备或第一管理设备上运行时,用于实现如上述方面所述的ACL控制方法。According to an aspect of the present application, a chip is provided, the chip includes a programmable logic circuit and/or program instructions, when the chip runs on an Internet of Things device or a first management device, for implementing the above aspect The described ACL control method.
根据本申请的一个方面,本申请实施例提供了一种计算机程序产品,所述计算机程序产品包括计算机指令,所述计算机指令存储在计算机可读存储介质中;According to an aspect of the present application, an embodiment of the present application provides a computer program product, where the computer program product includes computer instructions, and the computer instructions are stored in a computer-readable storage medium;
物联网设备的处理器从所述计算机可读存储介质读取所述计算机指令,并执行所述计算机指令,使得所述物联网设备执行如上述方面所述的ACL控制方法;The processor of the Internet of Things device reads the computer instructions from the computer-readable storage medium, and executes the computer instructions, so that the Internet of Things device executes the ACL control method described in the above aspect;
第一管理设备的处理器从所述计算机可读存储介质读取所述计算机指令,并执行所述计算机指令,使得所述第一管理设备执行如上述方面所述的ACL控制方法。The processor of the first management device reads the computer instructions from the computer-readable storage medium, and executes the computer instructions, so that the first management device executes the ACL control method described in the above aspects.
根据本申请的一个方面,本申请实施例提供了一种计算机程序,当所述计算机程序被物联网设备或第一管理设备的处理器执行时,其用于实现上述方面所述的ACL控制方法。According to an aspect of the present application, an embodiment of the present application provides a computer program, which is used to implement the ACL control method described in the above aspect when the computer program is executed by a processor of an IoT device or a first management device .
本申请实施例提供的技术方案至少包括如下有益效果:The technical solutions provided by the embodiments of the present application include at least the following beneficial effects:
本申请实施例提供的方法、装置、设备及存储介质,物联网设备在确定第一管理设备具有修改ACLE的开关状态的权限的情况下,基于第一管理设备发送的修改指令对其他管理设备的ACLE的开关状态进行修改,以使其他管理设备的ACLE开启或关闭,无需具有对其他管理设备的ACL进行修改的权限就能够对管理设备的ACLE的开启或关闭状态进行更改,限制了管理设备的权限,进而提高了安全性。In the method, apparatus, device, and storage medium provided by the embodiments of the present application, in the case that the IoT device determines that the first management device has the authority to modify the switch state of the ACLE, the Internet of Things device can modify other management devices based on the modification instruction sent by the first management device. Modify the switch state of the ACLE to enable or disable the ACLE of other management devices. The ACLE of the management device can be changed without the authority to modify the ACL of other management devices, which limits the management device's ACLE. permissions, which in turn improves security.
附图说明Description of drawings
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the technical solutions in the embodiments of the present application more clearly, the following briefly introduces the drawings that are used in the description of the embodiments. Obviously, the drawings in the following description are only some embodiments of the present application. For those of ordinary skill in the art, other drawings can also be obtained from these drawings without creative effort.
图1示出了本申请一个示例性实施例提供的第一管理设备将第二设备配置为管理设备的流程图。FIG. 1 shows a flowchart of configuring a second device as a management device by a first management device according to an exemplary embodiment of the present application.
图2示出了本申请一个示例性实施例提供的第二设备将第三设备配置为控制设备的流程图。FIG. 2 shows a flowchart of configuring a third device as a control device by a second device according to an exemplary embodiment of the present application.
图3示出了本申请一个示例性实施例提供的通信系统的框图。FIG. 3 shows a block diagram of a communication system provided by an exemplary embodiment of the present application.
图4示出了本申请一个示例性实施例提供的ACL控制方法的流程图。FIG. 4 shows a flowchart of an ACL control method provided by an exemplary embodiment of the present application.
图5示出了本申请一个示例性实施例提供的ACL控制方法的流程图。FIG. 5 shows a flowchart of an ACL control method provided by an exemplary embodiment of the present application.
图6示出了本申请一个示例性实施例提供的ACL控制方法的流程图。FIG. 6 shows a flowchart of an ACL control method provided by an exemplary embodiment of the present application.
图7示出了本申请一个示例性实施例提供的ACL控制方法的流程图。FIG. 7 shows a flowchart of an ACL control method provided by an exemplary embodiment of the present application.
图8示出了本申请一个示例性实施例提供的ACL控制方法的流程图。FIG. 8 shows a flowchart of an ACL control method provided by an exemplary embodiment of the present application.
图9示出了本申请一个示例性实施例提供的ACL控制装置的框图。FIG. 9 shows a block diagram of an ACL control apparatus provided by an exemplary embodiment of the present application.
图10示出了本申请另一个示例性实施例提供的ACL控制装置的框图。FIG. 10 shows a block diagram of an ACL control apparatus provided by another exemplary embodiment of the present application.
图11示出了本申请一个示例性实施例提供的ACL控制装置的框图。FIG. 11 shows a block diagram of an ACL control apparatus provided by an exemplary embodiment of the present application.
图12示出了本申请另一个示例性实施例提供的ACL控制装置的框图。FIG. 12 shows a block diagram of an ACL control apparatus provided by another exemplary embodiment of the present application.
图13示出了本申请一个示例性实施例提供的ACL控制装置的框图。FIG. 13 shows a block diagram of an ACL control apparatus provided by an exemplary embodiment of the present application.
图14示出了本申请另一个示例性实施例提供的ACL控制装置的框图。FIG. 14 shows a block diagram of an ACL control apparatus provided by another exemplary embodiment of the present application.
图15示出了本申请一个示例性实施例提供的ACL控制装置的框图。FIG. 15 shows a block diagram of an ACL control apparatus provided by an exemplary embodiment of the present application.
图16示出了本申请另一个示例性实施例提供的ACL控制装置的框图。FIG. 16 shows a block diagram of an ACL control apparatus provided by another exemplary embodiment of the present application.
图17示出了本申请一个示例性实施例提供的通信设备的结构示意图。FIG. 17 shows a schematic structural diagram of a communication device provided by an exemplary embodiment of the present application.
具体实施方式Detailed ways
为使本申请的目的、技术方案和优点更加清楚,下面将结合附图对本申请实施方式作进一步地详细描述。In order to make the objectives, technical solutions and advantages of the present application clearer, the embodiments of the present application will be further described in detail below with reference to the accompanying drawings.
首先,对本申请实施例所涉及的名词进行解释:First, the terms involved in the embodiments of the present application are explained:
物联网CHIP(Connected Home over IP,基于IP的家庭互联)技术:IoT CHIP (Connected Home over IP, IP-based home interconnection) technology:
第一管理设备与物联网设备连接的情况下,第一管理设备能够将第二设备设置为该物联网设备的管理设备。例如,如图1所示,示出了通过第一管理设备将第二设备设置为物联网设备的管理设备的方法:When the first management device is connected to the IoT device, the first management device can set the second device as the management device of the IoT device. For example, as shown in FIG. 1 , a method for setting the second device as the management device of the IoT device through the first management device is shown:
1、通过第一管理设备触发开启物联网设备的配置模式。1. Trigger to open the configuration mode of the IoT device through the first management device.
其中,该配置模式用于指示物联网设备此时进入添加其他设备的模式,第一管理设备可以将其他设备设置为该物联网设备的管理设备。The configuration mode is used to instruct the IoT device to enter a mode of adding other devices at this time, and the first management device can set other devices as the management device of the IoT device.
2、第一管理设备生成配置令牌。2. The first management device generates a configuration token.
其中,该配置令牌中包括鉴权器标识和随机设置代码。Wherein, the configuration token includes an authenticator identification and a random setting code.
3、第一管理设备向物联网设备发送开启配置的指令。3. The first management device sends an instruction to enable configuration to the IoT device.
其中,该指令中包括配置令牌。Among them, the instruction includes a configuration token.
4、物联网设备基于接收的指令向第一管理设备返回响应消息。4. The IoT device returns a response message to the first management device based on the received instruction.
5、物联网设备进入到配置发现模式。5. The IoT device enters the configuration discovery mode.
其中,若物联网设备处于配置发现模式下,可以由其他设备检测到该物联网设备。Wherein, if the IoT device is in the configuration discovery mode, the IoT device can be detected by other devices.
6、第一管理设备向第二设备发送配置令牌。6. The first management device sends a configuration token to the second device.
在一些实施例中,第一管理设备通过电子邮件、语音传输等方式向第二设备发送配置令牌。In some embodiments, the first management device sends the configuration token to the second device via email, voice transmission, or the like.
7、第二设备开启发现模式。7. The second device turns on the discovery mode.
其中,第二设备基于接收到的配置令牌中的鉴权器标识缩小扫描范围。Wherein, the second device narrows the scanning scope based on the authenticator identifier in the received configuration token.
8、第二设备搜索到物联网设备。8. The second device searches for IoT devices.
9、第二设备基于配置令牌与物联网设备建立连接。9. The second device establishes a connection with the IoT device based on the configuration token.
10、第二设备对物联网设备进行认证。10. The second device authenticates the IoT device.
11、第二设备创建结构标识。11. The second device creates a structure identification.
12、物联网设备使用已有的操作秘钥。12. The IoT device uses the existing operation key.
13、物联网设备向第二设备发送设备证书请求。13. The IoT device sends a device certificate request to the second device.
14、第二设备将设备证书请求和结构标识发送给第二设备的CA。14. The second device sends the device certificate request and the structure identifier to the CA of the second device.
15、第二设备的CA认证完成后,生成设备证书,向第二设备发送设备证书。15. After the CA authentication of the second device is completed, a device certificate is generated, and the device certificate is sent to the second device.
16、第二设备为物联网设备配置设备证书和访问控制权限。16. The second device configures the device certificate and access control authority for the IoT device.
其中,第二设备配置的设备证书和访问控制权限包括在第二设备的ACL中。The device certificate and access control authority configured by the second device are included in the ACL of the second device.
17、第二设备删除配置令牌。17. The second device deletes the configuration token.
第二设备在与物联网设备连接的情况下,第二设备能够将第三设备添加为物联网设备的控制设备,例如,如图2所示,示出了通过第二设备将第三设置为物联网设备的控制设备的方法:When the second device is connected to the IoT device, the second device can add the third device as the control device of the IoT device. For example, as shown in FIG. 2 , it shows that the third device is set as the The method of controlling the device of the IoT device:
1、第三设备进入配置发现模式。1. The third device enters the configuration discovery mode.
2、第二设备获取第三设备的配置信息。2. The second device acquires configuration information of the third device.
在一些实施例中,第三设备显示图形码,第二设备通过扫描第三设备的图形码获取配置信息。In some embodiments, the third device displays a graphic code, and the second device obtains the configuration information by scanning the graphic code of the third device.
3、第二设备开启发现模式。3. The second device enables the discovery mode.
4、第二设备发现第三设备。4. The second device discovers the third device.
5、第二设备与第三设备建立安全连接。5. The second device establishes a secure connection with the third device.
6、第二设备与第三设备进行认证。6. The second device and the third device are authenticated.
7、第二设备使用已设置的第二设备的结构标识。7. The second device uses the set structure identifier of the second device.
8、第三设备生成操作密钥和CSR(Certificate Signing Request,证书请求文件)。8. The third device generates an operation key and a CSR (Certificate Signing Request, certificate request file).
9、第三设备向第二设备发送CSR。9. The third device sends the CSR to the second device.
10、第二设备将CSR发送给第二设备的CA请求设备证书。10. The second device sends the CSR to the CA of the second device to request a device certificate.
11、第二设备的CA认证完成后,生成设备证书及证书链,发送给第二设备。11. After the CA certification of the second device is completed, a device certificate and a certificate chain are generated and sent to the second device.
12、第二设备将设备证书及证书链和访问控制权限配置到第三设备。12. The second device configures the device certificate, the certificate chain and the access control authority to the third device.
图3示出了本申请一个示例性实施例提供的通信系统的框图,该通信系统可以包括:第一管理设备31、第二管理设备32和物联网设备33。FIG. 3 shows a block diagram of a communication system provided by an exemplary embodiment of the present application. The communication system may include: a first management device 31 , a second management device 32 and an Internet of Things device 33 .
第一管理设备31和第二管理设备32分别与物联网设备33连接,该物联网设备33中存储有第一管理设备31的ACL和第二管理设备32的ACL,且每个ACL包括至少一个ACLE(Access Control List Entry,访问控制列表条目),若物联网设备33接收到任一管理设备发送的控制指令,先确定与该控制指令匹配的管理设备的ACLE,再根据该ACLE确定发送控制指令的管理设备是否具有访问物联网设备的权限,若具有访问物联网设备的权限,则响应该控制指令,若确定不具有访问物联网设备的权限,则不响应该控制指令。又或者,若物联网设备33无法确定与该控制指令匹配的ACLE,则不响应该控制指令。The first management device 31 and the second management device 32 are respectively connected to the IoT device 33, and the IoT device 33 stores the ACL of the first management device 31 and the ACL of the second management device 32, and each ACL includes at least one ACLE (Access Control List Entry, Access Control List Entry), if the IoT device 33 receives a control command sent by any management device, it first determines the ACLE of the management device that matches the control command, and then determines to send a control command according to the ACLE Whether the management device has the permission to access the IoT device, if it has the permission to access the IoT device, it will respond to the control command, and if it is determined that it does not have the permission to access the IoT device, it will not respond to the control command. Alternatively, if the IoT device 33 cannot determine the ACLE matching the control instruction, it does not respond to the control instruction.
其中,该第一管理设备31或第二管理设备32为手机、计算机、平板电脑等终端,或者,第一管理设备31或第二管理设备32通过已安装的应用程序进行交互。其中,该第一管理设备31或第二管理设备32安装的应用程序为与物联网设备匹配的程序。物联网设备33为冰箱、电视、电灯等设备,本申请实施例并不做限定。The first management device 31 or the second management device 32 is a terminal such as a mobile phone, a computer, or a tablet computer, or the first management device 31 or the second management device 32 interacts through installed applications. Wherein, the application program installed by the first management device 31 or the second management device 32 is a program matched with the Internet of Things device. The IoT device 33 is a refrigerator, a TV, an electric lamp, and other devices, which are not limited in the embodiment of the present application.
其中,该ACL由管理设备生成,并由管理设备配置给物联网设备33,物联网设备33会存储每个管理设备配置的ACL。另外,该ACL中包括至少一个ACLE,每个ACLE中包括多个属性。The ACL is generated by the management device and configured by the management device to the IoT device 33, and the IoT device 33 will store the ACL configured by each management device. In addition, the ACL includes at least one ACLE, and each ACLE includes multiple attributes.
其中,每个ACLE中包括以下属性:Among them, each ACLE includes the following attributes:
(1)(必选的)<<Privilege Enum,Enum>>Privilege——//访问权限。(1) (required) <<Privilege Enum, Enum>>Privilege——//Access rights.
(2)(必选的)AuthMode AuthMode——//接入认证模式。(2) (Required) AuthMode AuthMode——//Access authentication mode.
(3)(必选的)List[SubjectId]Subjects——//获得权限的主体。(3) (required) List[SubjectId]Subjects——//Subjects who have obtained permissions.
(4)(必选的)List[EndpointId]Endpoints——/权限对应的终端。(4) (Required) List[EndpointId]Endpoints——/The terminal corresponding to the permission.
(5)(可选的)EpochTimestamp NotBefore——//适用起始时间。(5) (Optional) EpochTimestamp NotBefore——//Applicable start time.
(6)(可选的)EpochTimestamp NotAfter——//适用终止时间。(6) (Optional) EpochTimestamp NotAfter——//Applicable termination time.
(7)(可选的)WeeklySchedule Schedule——//适用周期。(7) (Optional) WeeklySchedule Schedule -- // Applicable period.
(8)(可选的)OctetString Extension——//可用的扩展。(8) (Optional) OctetString Extension - // Available extensions.
另外,管理设备在生成ACL的过程中,还会为ACL包括的每个ACLE设置开关状态,采用该开关状态指示该开关状态对应的ACLE是否有效。In addition, in the process of generating the ACL, the management device also sets a switch state for each ACLE included in the ACL, and uses the switch state to indicate whether the ACLE corresponding to the switch state is valid.
其中,管理设备设置的ACLE的开关状态默认为开启状态。The switch state of the ACLE set by the management device is enabled by default.
需要说明的是,本申请实施例中的开关状态实际上是对应于使能属性(enable)的开启状态和关闭状态,本申请实施例所涉及开关状态均能够采用enable的true和false表示。或者,本申请实施例中的开关状态还能够对应于其他属性,本申请实施例并不做限定。It should be noted that the switch states in the embodiments of the present application actually correspond to the on state and the off state of the enable attribute (enable), and the switch states involved in the embodiments of the present application can be represented by true and false of enable. Alternatively, the switch states in the embodiments of the present application can also correspond to other attributes, which are not limited in the embodiments of the present application.
对于对物联网设备具有管理权限的管理设备来说,每个管理设备均在物联网设备上设置ACL,为了防止管理设备的管理权限过大或过小,本申请提供了图4所示的实施例对管理设备的权限进行限制,并且还能够调整其他管理设备的ACL的有效性,参见图4,该方法包括:For management devices that have management rights to IoT devices, each management device sets ACLs on the IoT devices. In order to prevent the management rights of the management devices from being too large or too small, this application provides the implementation shown in FIG. 4 . For example, the authority of the management device is restricted, and the validity of the ACL of other management devices can also be adjusted, as shown in Figure 4, the method includes:
401、第一管理设备向物联网设备发送修改指令。401. The first management device sends a modification instruction to the IoT device.
其中,修改指令用于修改第二管理设备的目标ACLE的开关状态,目标ACLE为第二管理设备的ACL中包括的任一个ACLE,开关状态用于指示目标ACLE是否有效。The modification instruction is used to modify the switch state of the target ACLE of the second management device, the target ACLE is any ACLE included in the ACL of the second management device, and the switch state is used to indicate whether the target ACLE is valid.
在本申请实施例中,若用户确定与物联网设备连接的第二管理设备无需再执行对物理网设备的管理操作,则用户可以控制第一管理设备向物联网设备发送修改指令,后续物联网设备可以基于接收的修改指令对第二管理设备的目标ACLE的开关状态进行修改,以使目标ACLE处于失效状态,该ACLE的权限被关闭。In this embodiment of the present application, if the user determines that the second management device connected to the IoT device does not need to perform management operations on the physical network device, the user can control the first management device to send a modification instruction to the IoT device, and the subsequent IoT device The device may modify the switch state of the target ACLE of the second management device based on the received modification instruction, so that the target ACLE is in an invalid state, and the authority of the ACLE is disabled.
在一些实施例中,为了实现第一管理设备能够对第二管理设备的ACLE的有效性进行管理,可以通过触发ACLE的开关状态以设置该ACLE是否有效,其中ACLE的开关状态包括以下三种情况中的任一种:In some embodiments, in order to enable the first management device to manage the validity of the ACLE of the second management device, whether the ACLE is valid can be set by triggering the switch state of the ACLE, where the switch state of the ACLE includes the following three situations Either of:
(1)目标ACLE中包括开关状态。(1) The switch state is included in the target ACLE.
其中,开关状态为第一状态时,用于指示目标ACLE为开启状态,开关状态为第二状态时,用于指示目标ACLE为关闭状态。Wherein, when the switch state is the first state, it is used to indicate that the target ACLE is in an open state, and when the switch state is the second state, it is used to indicate that the target ACLE is in an off state.
例如,该开关状态由True表示ACLE处于第一状态,由False标识ACLE处于第二状态。该ACLE中包括的开关状态由Enble表示。For example, in the switch state, True indicates that the ACLE is in the first state, and False indicates that the ACLE is in the second state. The switch states included in this ACLE are represented by Enble.
在一些实施例中,该ACLE表示为表1所示:In some embodiments, the ACLE is represented as shown in Table 1:
表1Table 1
Figure PCTCN2021076588-appb-000001
Figure PCTCN2021076588-appb-000001
Figure PCTCN2021076588-appb-000002
Figure PCTCN2021076588-appb-000002
第二管理设备的ACLE中包括开关状态,则在此种情况下,该开关状态的访问权限与该ACLE中其他8个条目的访问权限不同。若第二管理设备对其他管理设备设置的权限为只读权限,则第一管理设备可以通过修改第二管理设备的ACLE中的开关状态来控制该ACLE是否有效。若第二管理设备与第一管理设备处于不同的生态系统的情况下,则第一管理设备可以通过修改第二管理设备的ACLE中的开关状态来控制该ACLE是否有效。The ACLE of the second management device includes a switch state, and in this case, the access rights of the switch state are different from the access rights of the other 8 entries in the ACLE. If the permission set by the second management device to other management devices is a read-only permission, the first management device can control whether the ACLE is valid by modifying the switch state in the ACLE of the second management device. If the second management device and the first management device are in different ecosystems, the first management device can control whether the ACLE is valid by modifying the switch state in the ACLE of the second management device.
(2)第二管理设备的ACL包括每个ACLE对应的开关状态。(2) The ACL of the second management device includes a switch state corresponding to each ACLE.
其中,第二管理设备的ACL包括至少一个ACLE。并且该第二管理设备的ACL还包括每个ACLE对应的开关状态。Wherein, the ACL of the second management device includes at least one ACLE. And the ACL of the second management device further includes a switch state corresponding to each ACLE.
例如,第二管理设备的ACL如表2所示:For example, the ACL of the second management device is shown in Table 2:
表2Table 2
编号Numbering 开关状态switch status
ACLE1ACLE1 TrueTrue
ACLE2ACLE2 TrueTrue
ACLE3ACLE3 TrueTrue
ACLE4ACLE4 TrueTrue
ACLE5ACLE5 TrueTrue
ACLE6ACLE6 TrueTrue
ACLE7ACLE7 TrueTrue
ACLE8ACLE8 TrueTrue
ACLE9ACLE9 TrueTrue
在本申请实施例中,通过在ACL中设置每个ACLE对应的开关状态,能够通过ACLE的开关状态来控制ACLE是否有效。若第二管理设备对其他管理设备设置的权限为只读权限,则第一管理设备可以通过修改第二管理设备的ACL中的ACLE对应的开关状态来控制该ACLE是否有效。若第二管理设备与第一管理设备处于不同的生态系统的情况下,则第一管理设备可以通过修改第二管理设备的ACL中的ACLE中的开关状态来控制该ACLE是否有效。In the embodiment of the present application, by setting the switch state corresponding to each ACLE in the ACL, it is possible to control whether the ACLE is valid through the switch state of the ACLE. If the permission set by the second management device to other management devices is a read-only permission, the first management device can control whether the ACLE is valid by modifying the switch state corresponding to the ACLE in the ACL of the second management device. If the second management device and the first management device are in different ecosystems, the first management device can control whether the ACLE is valid by modifying the switch state in the ACLE in the ACL of the second management device.
(3)物联网设备还存储有第二管理设备的ACL包括的每个ACLE对应的开关状态。(3) The IoT device further stores a switch state corresponding to each ACLE included in the ACL of the second management device.
在此情况下,物理网设备不仅会存储ACL,还会存储每个ACL的ACLE对应的开关状态,若第一管理设备需要关闭第二管理设备的ACLE,通过修改ACLE的开关状态即可。In this case, the physical network device not only stores the ACL, but also stores the switch state corresponding to the ACLE of each ACL. If the first management device needs to close the ACLE of the second management device, the switch state of the ACLE can be modified.
在一些实施例中,物联网设备在除ACL以外的对象中存储每个ACL的ACLE对应的开关状态。该对象的访问权限与ACL的访问权限不同,管理设备可以对该对象中的ACLE对应的开关状态进行修改,而无法对ACL进行修改。In some embodiments, the IoT device stores the switch state corresponding to the ACLE of each ACL in an object other than the ACL. The access authority of the object is different from the access authority of the ACL. The management device can modify the switch state corresponding to the ACLE in the object, but cannot modify the ACL.
需要说明的是,情况(3)中每个ACLE对应的开关状态与情况(2)中的对应关系类似,在此不再赘述。It should be noted that the switch state corresponding to each ACLE in case (3) is similar to the corresponding relationship in case (2), and details are not repeated here.
402、物联网设备接收第一管理设备发送的修改指令。402. The IoT device receives the modification instruction sent by the first management device.
403、物联网设备在确定第一管理设备具有修改ACLE的开关状态的权限的情况下,根据修改指令对第二管理设备的目标ACLE的开关状态进行修改。403. The IoT device modifies the switch state of the target ACLE of the second management device according to the modification instruction under the condition that it is determined that the first management device has the authority to modify the switch state of the ACLE.
在本申请实施例中,物联网设备接收到第一管理设备发送的修改指令后,需要先确定发送该修改指令的第一管理设备是否具有修改ACLE的开关状态的权限,若确定该第一管理设备可以对物联网设备存储的其他管理设备的ACLE的开关状态进行修改,物联网设备根据该修改指令,对第二管理设备的目标ACLE的开关状态进行修改。In the embodiment of the present application, after the IoT device receives the modification instruction sent by the first management device, it needs to first determine whether the first management device that sends the modification instruction has the authority to modify the switch state of the ACLE. The device can modify the switch state of the ACLE of other management devices stored by the IoT device, and the IoT device modifies the switch state of the target ACLE of the second management device according to the modification instruction.
例如,若第二管理设备的目标ACLE当前的开关状态为第一状态,且物联网设备接收到第一管理设备的修改指令,在确定第一管理设备具有对ACLE的开关状态的修改权限的情况下,将第二管理设备的目标ACLE的开关状态设置为第二状态。For example, if the current switch state of the target ACLE of the second management device is the first state, and the IoT device receives a modification instruction from the first management device, if it is determined that the first management device has the right to modify the switch state of the ACLE Next, the switch state of the target ACLE of the second management device is set to the second state.
在一些实施例中,修改指令中包括第一管理设备的设备标识,物联网设备确定第一管理设备具有修改ACLE的开关状态的权限包括以下任一种方式:In some embodiments, the modification instruction includes the device identifier of the first management device, and the IoT device determines that the first management device has the authority to modify the switch state of the ACLE in any of the following ways:
(1)在确定已存储的管理员标识中包括第一管理设备的设备标识的情况下,确定第一管理设备具有修改ACLE的开关状态的权限。(1) When it is determined that the stored administrator identifier includes the device identifier of the first management device, determine that the first management device has the authority to modify the switch state of the ACLE.
在本申请实施例中,物联网设备存储有具有修改ACLE权限的管理员标识,若物联网设备接收到修改指令后,将该修改指令中包括的第一管理设备的设备标识与已存储的管理员标识进行对比,若物联网设备确定第一管理设备的设备标识位于已存储的管理员标识中,说明第一管理设备具有对物联网设备的管理权限,进而也能确定第一管理设备具有修改ACLE的开关状态的权限。In the embodiment of the present application, the IoT device stores an administrator identifier with the authority to modify ACLE. If the IoT device receives the modification instruction, the device identification of the first management device included in the modification instruction is stored with the stored management ID. If the IoT device determines that the device ID of the first management device is located in the stored administrator ID, it means that the first management device has the management authority to the IoT device, and it can also be determined that the first management device has the ability to modify Permissions for the switch state of ACLE.
(2)在确定第一管理设备的设备标识为已设置的主管理员标识的情况下,确定第一管理设备具有修改ACLE的开关状态的权限。(2) When it is determined that the device identification of the first management device is the set master administrator identification, it is determined that the first management device has the authority to modify the switch state of the ACLE.
在本申请实施例中,物联网设备中存储有多个管理员标识,但是这多个管理员标识中包括主管理员标识和辅管理员标识,主管理员标识具有对其他管理设备的ACLE的开关状态进行修改的权限,而辅管理员标识不具有对其他管理员设备的ACLE的开关状态进行修改的权限,因此若物联网设备确定第一管理设备的设备标识为已设置的主管理员标识的情况下,说明该第一管理设备具有对其他管理设备进行管理的权限,进而也能确定第一管理设备具有修改ACLE的开关状态的权限。In the embodiment of the present application, multiple administrator identifiers are stored in the IoT device, but the multiple administrator identifiers include a primary administrator identifier and a secondary administrator identifier, and the primary administrator identifier has the ACLE of other management devices. The right to modify the switch state, while the secondary administrator ID does not have the right to modify the switch status of the ACLE of other administrator devices. Therefore, if the IoT device determines that the device ID of the first management device is the set primary administrator ID In the case of , it means that the first management device has the right to manage other management devices, and it can also be determined that the first management device has the right to modify the switch state of the ACLE.
需要说明的是,上述实施例说明了第一管理设备可以对其他管理设备的ACLE的开关状态进行修改,在另一实施例中,任一管理设备还能够在物联网设备中添加该任一管理设备的ACLE。It should be noted that the above embodiment illustrates that the first management device can modify the switch states of the ACLEs of other management devices. In another embodiment, any management device can also add any management device to the IoT device. ACLE of the device.
其中,与物联网设备连接的任一个管理设备可以向物联网设备发送ACLE添加指令,物联网设备则会根据接收的ACLE添加指令,基于ACLE添加指令,在任一管理设备的ACL中添加ACLE添加指令包括的ACLE。Among them, any management device connected to the IoT device can send an ACLE addition instruction to the IoT device, and the IoT device will add an ACLE addition instruction based on the ACLE addition instruction according to the received ACLE addition instruction in the ACL of any management device. Included ACLE.
例如,若任一管理设备需要将其他设备设置为控制设备,该管理设备可以向物联网设备发送ACLE添加指令。For example, if any management device needs to set other devices as control devices, the management device can send an ACLE addition instruction to the IoT device.
需要说明的是,本申请实施例仅是以第一管理设备直接向物理网设备发送修改指令为例进行说明。在另一实施例中,需要先控制物联网设备进入修改模式后,物联网设备会响应第一管理设备发送的修改指令,则在步骤401之前,该方法还包括4011:It should be noted that, the embodiment of the present application is only described by taking the first management device directly sending the modification instruction to the physical network device as an example. In another embodiment, after the Internet of Things device needs to be controlled to enter the modification mode, the Internet of Things device will respond to the modification instruction sent by the first management device, then before step 401, the method further includes 4011:
4011、物联网设备接收修改模式开启指令,根据修改模式开启指令,进入修改模式。4011. The IoT device receives the modification mode start instruction, and enters the modification mode according to the modification mode start instruction.
其中,在修改模式下物联网设备具有响应修改指令的功能。若物联网设备在修改模式下,物联网设备根据该修改指令对ACLE的开关状态进行修改,而若物联网未在修改模式下,不会响应修改指令,也不会根据修改指令对ACLE的开关状态进行修改。Among them, in the modification mode, the IoT device has the function of responding to the modification instruction. If the IoT device is in the modification mode, the IoT device modifies the switch state of the ACLE according to the modification instruction. If the IoT device is not in the modification mode, it will not respond to the modification instruction, nor will it switch the ACLE according to the modification instruction. status is modified.
在本申请实施例中,若第一管理设备需要对物联网设备已存储的其他管理设备的ACLE的开关状态进行修改,需要先控制物联网设备进入修改模式,防止物联网设备在运行过程中触发修改操作,导致物联网设备运行出现错误。In this embodiment of the present application, if the first management device needs to modify the switch states of the ACLEs of other management devices that have been stored by the IoT device, it needs to control the IoT device to enter the modification mode first, so as to prevent the IoT device from triggering during operation. Modify the operation, resulting in an error in the operation of the IoT device.
在一些实施例中,物联网设备上设置有配置按键,若第一管理设备需要对物联网设备中存储的第二管理设备的目标ACLE的开关状态进行修改,需要先触发配置按键,物联网接收由配置按键触发的修改模块开启指令,进入修改模式,再执行步骤401。In some embodiments, a configuration button is set on the IoT device. If the first management device needs to modify the switch state of the target ACLE of the second management device stored in the IoT device, the configuration button needs to be triggered first, and the IoT device receives The modification module is activated by the configuration button, and the modification mode is entered, and then step 401 is executed.
在另一些实施例中,第一管理设备与物联网设备连接,具有对物联网设备的管理权限,若第一管理设备在物联网设备对应的应用程序中检测到修改模式开启操作时,根据该修改模式开启操作,向物联网设备发送修改模式开启指令,物联网设备根据修改模式开启指令,进入修改模式。In other embodiments, the first management device is connected to the Internet of Things device and has the management authority to the Internet of Things device. In the modification mode open operation, the modification mode activation instruction is sent to the IoT device, and the IoT device enters the modification mode according to the modification mode activation instruction.
在步骤403之后,该方法还包括4031:After step 403, the method further includes 4031:
4031、物联网设备接收修改模式关闭指令,根据修改模式关闭指令,退出修改模式。4031. The IoT device receives the modification mode closing instruction, and exits the modification mode according to the modification mode closing instruction.
若第一管理设备完成对物联网设备已存储的其他管理设备的ACLE的开关状态的修改后,物联网设备会根据接收的修改模式关闭指令,退出修改模式。If the first management device completes the modification of the switch states of the ACLEs of other management devices stored by the IoT device, the IoT device will exit the modification mode according to the received modification mode shutdown instruction.
在一些实施例中,若物联网设备上设置有配置按键,若第一管理设备完成对物联网设备中存储的第二管理设备的目标ACLE的开关状态的修改后,再触发配置按键,物联网接收由配置按键触发的修改模块关闭指令,退出修改模式。In some embodiments, if a configuration button is set on the Internet of Things device, if the first management device completes the modification of the switch state of the target ACLE of the second management device stored in the Internet of Things device, and then triggers the configuration button, the Internet of Things Receive the modification module shutdown command triggered by the configuration button, and exit the modification mode.
在另一些实施例中,第一管理设备与物联网设备连接,具有对物联网设备的管理权限,若第一管理设备完成对物联网设备中存储的第二管理设备的目标ACLE的开关状态的修改后,第一管理设备在物联网设备对应的应用程序中检测到修改模式关闭操作时,根据该修改模式关闭操作,向物联网设备发送修改模式关闭指令,物联网设备根据修改模式关闭指令,退出修改模式。In other embodiments, the first management device is connected to the IoT device and has the management authority to the IoT device. If the first management device completes the switch state of the target ACLE of the second management device stored in the IoT device After the modification, when the first management device detects the modification mode shutdown operation in the application program corresponding to the IoT device, it sends the modification mode shutdown instruction to the IoT device according to the modification mode shutdown operation, and the IoT device closes the modification mode according to the modification mode instruction. Exit modification mode.
本申请实施例通过设置修改模式,在需要对管理设备的ACLE的开关状态进行修改时,控制物联网设备进行修改模式,防止物联网设备在运行过程中就对ACLE的开关状态进行修改的情况,提高了在修改物联网设备中的管理设备的ACLE的开关状态的稳定性,提高物联网设备的运行效果。By setting the modification mode in the embodiment of the present application, when the switch state of the ACLE of the management device needs to be modified, the IoT device is controlled to perform the modification mode, so as to prevent the IoT device from modifying the switch state of the ACLE during the running process. The stability of the switch state of the ACLE of the management device in modifying the IoT device is improved, and the operation effect of the IoT device is improved.
在一些实施例中,在图4实施例的基础上,图5示出为本申请实施例提供的一种ACL控制方法的流程图,参见图5,该方法包括:In some embodiments, based on the embodiment of FIG. 4 , FIG. 5 shows a flowchart of an ACL control method provided by the embodiment of the present application. Referring to FIG. 5 , the method includes:
501、第一管理设备向物联网设备发送ACL获取请求。501. The first management device sends an ACL acquisition request to the IoT device.
502、物联网设备接收第一管理设备发送的ACL获取请求。502. The IoT device receives an ACL acquisition request sent by the first management device.
在本申请实施例中,若第一管理设备需要对第二管理设备的ACLE的开关状态进行修改,需要先获取物联网设备已存储的所有管理设备的ACL,后续第一管理设备根据已获取的物联网设备中的ACL包括的ACLE的开关状态进行修改。In this embodiment of the present application, if the first management device needs to modify the switch state of the ACLE of the second management device, it needs to first obtain the ACLs of all management devices that have been stored by the IoT device. The ACL in the IoT device includes the switch state of the ACLE to be modified.
503、物联网设备基于ACL获取请求,向第一管理设备发送物联网设备中每个管理设备的ACL。503. The IoT device sends, based on the ACL acquisition request, the ACL of each management device in the IoT device to the first management device.
504、第一管理设备接收物理网设备发送的每个管理设备的ACL。504. The first management device receives the ACL of each management device sent by the physical network device.
第一管理设备向物联网设备发送ACL获取请求后,物联网设备根据接收的ACL获取请求确定第一管理设备需要获取已存储的管理设备的ACL,则物联网设备基于接收的ACL获取请求,向第一管理设备发送已存储的每个管理设备的ACL。After the first management device sends an ACL acquisition request to the Internet of Things device, the Internet of Things device determines according to the received ACL acquisition request that the first management device needs to acquire the ACL of the stored management device, and the Internet of Things device based on the received ACL acquisition request, sends the request to the Internet of Things device. The first management device sends the stored ACL of each management device.
下面,以第一管理设备、第二管理设备、第三管理设备、物联网设备和控制器为例对本申请的方法进行说明,参见图6,该方法包括:Below, the method of the present application will be described by taking the first management device, the second management device, the third management device, the IoT device and the controller as examples. Referring to FIG. 6 , the method includes:
601、第一管理设备具有对物联网设备的管理权限,第一管理设备将第二管理设备和第三管理设备设置为物联网设备的管理设备。601. The first management device has the management authority to the IoT device, and the first management device sets the second management device and the third management device as management devices of the IoT device.
602、第二管理设备将控制设备添加为物联网设备的控制设备。602. The second management device adds the control device as the control device of the IoT device.
其中,第二管理设备对应的ACLE10为控制设备的ACLE。The ACLE 10 corresponding to the second management device is the ACLE of the control device.
603、控制设备请求访问物联网设备,物联网设备根据ACLE10找到匹配的访问权限,允许访问并返回结果。603. The control device requests to access the IoT device, and the IoT device finds the matching access authority according to ACLE10, allows the access, and returns a result.
604、第一管理设备控制物联网设备进入修改模式。604. The first management device controls the IoT device to enter a modification mode.
605、第一管理设备获取物联网设备存储的每个管理设备的ACL。605. The first management device acquires the ACL of each management device stored by the IoT device.
606、第一管理设备选择ACLE10,将该ACLE10的开关状态设置为第二状态。606. The first management device selects the ACLE10, and sets the switch state of the ACLE10 to the second state.
607、物联网设备确认第一管理设备具有对ACLE的开关状态的修改权限,接受修改。607. The IoT device confirms that the first management device has the right to modify the switch state of the ACLE, and accepts the modification.
608、第一管理设备控制物联网设备退出修改模式。608. The first management device controls the IoT device to exit the modification mode.
609、控制设备请求访问物联网设备,物联网设备确定未找到匹配的访问权限,拒绝控制设备的访问请求。609. The control device requests to access the Internet of Things device, and the Internet of Things device determines that no matching access authority is found, and rejects the access request of the control device.
610、第三管理设备控制物联网设备进入修改模式。610. The third management device controls the IoT device to enter a modification mode.
611、第三管理设备获取物联网设备存储的每个管理设备的ACL。611. The third management device acquires the ACL of each management device stored by the IoT device.
612、第三管理设备选择ACLE10,将该ACLE10的开关状态设置为第一状态。612. The third management device selects the ACLE10, and sets the switch state of the ACLE10 to the first state.
613、物联网设备确认第三管理设备具有对ACLE的开关状态的修改权限,接受修改。613. The IoT device confirms that the third management device has the right to modify the switch state of the ACLE, and accepts the modification.
614、第三管理设备控制物联网设备退出修改模式。614. The third management device controls the IoT device to exit the modification mode.
615、控制设备请求访问物联网设备,物联网设备根据ACLE10找到匹配的访问权限,允许访问并返回结果。615. The control device requests to access the IoT device, and the IoT device finds the matching access authority according to ACLE10, allows the access and returns a result.
下面,以第一管理设备、第二管理设备、第三管理设备、物联网设备和控制器为例对本申请的方法进行说明,参见图7,该方法包括:Hereinafter, the method of the present application will be described by taking the first management device, the second management device, the third management device, the IoT device and the controller as examples. Referring to FIG. 7 , the method includes:
701、第一管理设备具有对物联网设备的主管理权限,第一管理设备将第二管理设备和第三管理设备设置为物联网设备的管理设备。701. The first management device has primary management authority over the IoT device, and the first management device sets the second management device and the third management device as management devices of the IoT device.
702、第二管理设备将控制设备添加为物联网设备的控制设备。702. The second management device adds the control device as a control device of the IoT device.
其中,第二管理设备对应的ACLE10为控制设备的ACLE。The ACLE 10 corresponding to the second management device is the ACLE of the control device.
703、控制设备请求访问物联网设备,物联网设备根据ACL10找到匹配的访问权限,允许访问并返回结果。703. The control device requests to access the IoT device, and the IoT device finds a matching access authority according to ACL10, allows the access, and returns a result.
704、第一管理设备控制物联网设备进入修改模式。704. The first management device controls the IoT device to enter a modification mode.
705、第一管理设备获取物联网设备存储的每个管理设备的ACL。705. The first management device acquires the ACL of each management device stored by the IoT device.
706、第一管理设备选择ACL10,将该ACL10的开关状态设置为第二状态。706. The first management device selects the ACL10, and sets the switch state of the ACL10 to the second state.
707、物联网设备确认第一管理设备的设备标识为已设置的主管理员标识,具有对ACL的开关状态的修改权限,接受修改。707. The IoT device confirms that the device identifier of the first management device is the set master administrator identifier, has the right to modify the switch state of the ACL, and accepts the modification.
708、第一管理设备控制物联网设备退出修改模式。708. The first management device controls the IoT device to exit the modification mode.
709、控制设备请求访问物联网设备,物联网设备确定未找到匹配的访问权限,拒绝控制设备的访问请求。709. The control device requests to access the Internet of Things device, and the Internet of Things device determines that no matching access authority is found, and rejects the access request of the control device.
710、第三管理设备控制物联网设备进入修改模式。710. The third management device controls the IoT device to enter a modification mode.
711、第三管理设备获取物联网设备存储的每个管理设备的ACL。711. The third management device acquires the ACL of each management device stored by the IoT device.
712、第三管理设备选择ACL10,将该ACL10的开关状态设置为第一状态。712. The third management device selects the ACL10, and sets the switch state of the ACL10 to the first state.
713、物联网设备确认第三管理设备的设备标识不是已设置的主管理员标识,不具有对ACLE的开关状态的修改权限,拒绝修改。713. The IoT device confirms that the device identifier of the third management device is not the set master administrator identifier, does not have the right to modify the switch state of the ACLE, and refuses to modify.
714、第三管理设备控制物联网设备退出修改模式。714. The third management device controls the IoT device to exit the modification mode.
715、控制设备请求访问物联网设备,物联网设备根据ACL10未找到匹配的访问权限,拒绝访问。715. The control device requests to access the Internet of Things device, and the Internet of Things device does not find a matching access permission according to ACL10 and refuses access.
本申请实施例提供的ACL控制方法,物联网设备在确定第一管理设备具有修改ACLE的开关状态的权限的情况下,基于第一管理设备发送的修改指令对其他管理设备的ACLE的开关状态进行修改,以使其他管理设备的ACLE开启或关闭,无需具有对其他管理设备的ACL进行修改的权限就能够对管理设备的ACLE的开启或关闭状态进行更改,限制了管理设备的权限,进而提高了安全性。In the ACL control method provided by the embodiment of the present application, when the IoT device determines that the first management device has the authority to modify the switch state of the ACLE, the IoT device performs the switch state of the ACLE of other management devices based on the modification instruction sent by the first management device. Modification, so that the ACLE of other management devices can be turned on or off, and the ACLE of the management device can be changed without the authority to modify the ACL of other management devices, which limits the authority of the management device and improves the safety.
图4至图6实施例是对第一管理设备如何对其他管理设备的ACLE的开关状态进行修改进行说明。在其他实施例中,开关状态对应管理设备的ACL,若将任意ACL的开关状态设置为关闭状态,则该ACL包括的所有ACLE均为关闭状态,下面,采用图8实施例对上述方法进行说明,参见图8,该方法包括:The embodiments of FIGS. 4 to 6 illustrate how the first management device modifies the switch states of the ACLEs of other management devices. In other embodiments, the switch state corresponds to the ACL of the management device. If the switch state of any ACL is set to the off state, all the ACLEs included in the ACL are in the off state. The above method is described below using the embodiment of FIG. 8 . , see Figure 8, the method includes:
801、第一管理设备向物联网设备发送修改指令。801. The first management device sends a modification instruction to the IoT device.
802、物联网设备接收第一管理设备发送的修改指令。802. The IoT device receives the modification instruction sent by the first management device.
其中,修改指令用于修改第二管理设备的ACL的开关状态,开关状态用于指示ACL是否有效。The modification instruction is used to modify the switch state of the ACL of the second management device, and the switch state is used to indicate whether the ACL is valid.
在一些实施例中,物联网设备存储有第二管理设备的ACL对应的开关状态,开关状态为第一状态时,用于指示对应的ACL为开启状态,开关状态为第二状态时,用于指示对应的ACL为关闭状态。In some embodiments, the IoT device stores a switch state corresponding to the ACL of the second management device, when the switch state is the first state, it is used to indicate that the corresponding ACL is in the open state, and when the switch state is the second state, it is used for Indicates that the corresponding ACL is disabled.
803、物联网设备在确定第一管理设备具有修改ACL的开关状态的权限的情况下,根据修改指令对第二管理设备的目标ACL的开关状态进行修改。803. The Internet of Things device modifies the switch state of the target ACL of the second management device according to the modification instruction under the condition that it is determined that the first management device has the right to modify the switch state of the ACL.
在一些实施例中,在确定已存储的管理员标识中包括所述第一管理设备的设备标识的情况下,确定所述第一管理设备具有修改ACL的开关状态的权限。In some embodiments, when it is determined that the stored administrator identification includes the device identification of the first management device, it is determined that the first management device has the right to modify the switch state of the ACL.
在另一些实施例中,确定所述第一管理设备的设备标识为已设置的主管理员标识的情况下,确定所述第一管理设备具有修改ACL的开关状态的权限。In other embodiments, when it is determined that the device identification of the first management device is the set master administrator identification, it is determined that the first management device has the right to modify the switch state of the ACL.
需要说明的是,本申请实施例仅是以第一管理设备直接向物理网设备发送修改指令为例进行说明。在另一实施例中,需要先控制物联网设备进入修改模式后,物联网设备会响应第一管理设备发送的修改指令,则在步骤801之前,该方法还包括8011:It should be noted that, the embodiment of the present application is only described by taking the first management device directly sending the modification instruction to the physical network device as an example for description. In another embodiment, after the Internet of Things device needs to be controlled to enter the modification mode, the Internet of Things device will respond to the modification instruction sent by the first management device, then before step 801, the method further includes 8011:
8011、物联网设备接收修改模式开启指令,根据修改模式开启指令,进入修改模式。8011. The IoT device receives the modification mode start instruction, and enters the modification mode according to the modification mode start instruction.
其中,在修改模式下物联网设备具有响应修改指令的功能。Among them, in the modification mode, the IoT device has the function of responding to the modification instruction.
在步骤803之后,该方法还包括8031:After step 803, the method further includes 8031:
8031、物联网设备接收修改模式关闭指令,根据修改模式关闭指令,退出修改模式。8031. The IoT device receives the modification mode shutdown instruction, and exits the modification mode according to the modification mode shutdown instruction.
在一些实施例中,在图8实施例的基础上,第一管理设备需要先获取物联网设备存储的管理设备的ACL,该方法包括步骤811-814:In some embodiments, on the basis of the embodiment of FIG. 8 , the first management device needs to first obtain the ACL of the management device stored in the IoT device, and the method includes steps 811-814:
811、第一管理设备向物联网设备发送ACL获取请求。811. The first management device sends an ACL acquisition request to the IoT device.
812、物联网设备接收第一管理设备发送的ACL获取请求。812. The IoT device receives an ACL acquisition request sent by the first management device.
813、物联网设备基于ACL获取请求,向第一管理设备发送物联网设备中每个管理设备的ACL。813. Based on the ACL acquisition request, the IoT device sends the ACL of each management device in the IoT device to the first management device.
814、第一管理设备接收物理网设备发送的每个管理设备的ACL。814. The first management device receives the ACL of each management device sent by the physical network device.
需要说明的是,本申请实施例中的步骤801-803类似,图8实施例中的修改指令是对其他管理设备的ACL的开关状态进行修改,若其他管理设备的ACL的开关状态改变,该ACL包括的所有ACLE的开关状态均会与ACL的开光状态相同改变,而图4至图6实施例中是对一个ACLE的开关状态单独进行修改, 其他过程均类似,在此不再赘述。It should be noted that steps 801 to 803 in the embodiment of the present application are similar. The modification instruction in the embodiment of FIG. 8 is to modify the switch state of the ACL of other management devices. If the switch state of the ACL of other management devices changes, the The switch states of all ACLEs included in the ACL change in the same way as the switch states of the ACL. In the embodiments shown in FIGS. 4 to 6 , the switch state of one ACLE is modified independently, and other processes are similar, which will not be repeated here.
本申请实施例提供的方法,物联网设备在确定第一管理设备具有修改ACL的开关状态的权限的情况下,基于第一管理设备发送的修改指令对其他管理设备的ACL的开关状态进行修改,以使其他管理设备的ACL开启或关闭,无需具有对其他管理设备的ACL进行修改的权限就能够对管理设备的ACL的开启或关闭状态进行更改,限制了管理设备的权限,进而提高了安全性。并且,通过修改ACL的开启和关闭就能够修改ACL包括的所有ACLE的开启和关闭,提高了操作效率。In the method provided by the embodiment of the present application, in the case of determining that the first management device has the right to modify the switch state of the ACL, the IoT device modifies the switch state of the ACL of other management devices based on the modification instruction sent by the first management device, In order to enable or disable the ACL of other management devices, the on or off status of the ACL of the management device can be changed without the permission to modify the ACL of other management devices, which limits the permissions of the management device and improves the security. . In addition, by modifying the opening and closing of the ACL, the opening and closing of all ACLEs included in the ACL can be modified, which improves the operation efficiency.
图9示出了本申请一个示例性实施例提供的ACL控制装置的框图,应用于物联网设备中,装置包括:FIG. 9 shows a block diagram of an ACL control apparatus provided by an exemplary embodiment of the present application, which is applied to an IoT device, and the apparatus includes:
接收模块901,用于接收第一管理设备发送的修改指令,修改指令用于修改第二管理设备的目标访问控制列表条目ACLE的开关状态,目标ACLE为第二管理设备的访问控制列表ACL包括的任一个ACLE,开关状态用于指示目标ACLE是否有效;A receiving module 901, configured to receive a modification instruction sent by the first management device, where the modification instruction is used to modify the switch state of the target access control list entry ACLE of the second management device, where the target ACLE is included in the access control list ACL of the second management device Any ACLE, the switch state is used to indicate whether the target ACLE is valid;
修改模块902,用于在确定第一管理设备具有修改ACLE的开关状态的权限的情况下,根据修改指令对第二管理设备的目标ACLE的开关状态进行修改。The modification module 902 is configured to modify the switch state of the target ACLE of the second management device according to the modification instruction when it is determined that the first management device has the right to modify the switch state of the ACLE.
在一些实施例中,目标ACLE中包括开关状态,开关状态为第一状态时,用于指示目标ACLE为开启状态,开关状态为第二状态时,用于指示目标ACLE为关闭状态。In some embodiments, the target ACLE includes a switch state, when the switch state is the first state, it is used to indicate that the target ACLE is in an open state, and when the switch state is the second state, it is used to indicate that the target ACLE is in a closed state.
在一些实施例中,第二管理设备的ACL中包括每个ACLE对应的开关状态。In some embodiments, the ACL of the second management device includes a switch state corresponding to each ACLE.
在一些实施例中,物联网设备还存储有第二管理设备的ACL包括的每个ACLE对应的开关状态。In some embodiments, the IoT device further stores a switch state corresponding to each ACLE included in the ACL of the second management device.
在一些实施例中,修改指令中包括第一管理设备的设备标识,装置还包括:In some embodiments, the modification instruction includes the device identifier of the first management device, and the apparatus further includes:
确定模块903,用于在确定已存储的管理员标识中包括第一管理设备的设备标识的情况下,确定第一管理设备具有修改ACLE的开关状态的权限;或者,A determining module 903, configured to determine that the first management device has the authority to modify the switch state of the ACLE when it is determined that the stored administrator identification includes the device identification of the first management device; or,
确定模块903,还用于在确定第一管理设备的设备标识为已设置的主管理员标识的情况下,确定第一管理设备具有修改ACLE的开关状态的权限。The determining module 903 is further configured to determine that the first management device has the right to modify the switch state of the ACLE when the device identifier of the first management device is determined to be the set master administrator identifier.
在一些实施例中,参见图10,装置还包括:In some embodiments, referring to FIG. 10, the apparatus further includes:
接收模块901,用于接收修改模式开启指令;A receiving module 901, configured to receive a modification mode opening instruction;
进入模块904,用于根据修改模式开启指令,进入修改模式,在修改模式下物联网设备具有响应修改指令的功能;Entering the module 904, for starting the instruction according to the modification mode, and entering the modification mode, in which the IoT device has the function of responding to the modification instruction;
接收模块901,用于接收修改模式关闭指令;A receiving module 901, configured to receive a modification mode closing instruction;
退出模块905,用于根据修改模式关闭指令,退出修改模式。The exit module 905 is configured to close the instruction according to the modification mode, and exit the modification mode.
在一些实施例中,参见图10,装置还包括:In some embodiments, referring to FIG. 10, the apparatus further includes:
接收模块901,用于接收第一管理设备发送的ACL获取请求;A receiving module 901, configured to receive an ACL acquisition request sent by a first management device;
发送模块906,用于基于ACL获取请求,向第一管理设备发送物联网设备中每个管理设备的ACL。The sending module 906 is configured to send the ACL of each management device in the IoT devices to the first management device based on the ACL acquisition request.
在一些实施例中,参见图10,装置还包括:In some embodiments, referring to FIG. 10, the apparatus further includes:
接收模块901,用于接收任一管理设备发送的ACLE添加指令;A receiving module 901, configured to receive an ACLE adding instruction sent by any management device;
添加模块907,用于基于ACLE添加指令,在任一管理设备的ACL中添加ACLE添加指令包括的ACLE。The adding module 907 is configured to add the ACLE included in the ACLE adding instruction to the ACL of any management device based on the ACLE adding instruction.
图11示出了本申请一个示例性实施例提供的ACL控制装置的框图,应用于第一管理设备,装置包括:FIG. 11 shows a block diagram of an ACL control apparatus provided by an exemplary embodiment of the present application, which is applied to a first management device, and the apparatus includes:
发送模块1101,用于向物联网设备发送修改指令,修改指令用于修改第二管理设备的目标ACLE的开关状态,目标ACLE为第二管理设备的访问控制列表ACL包括的任一个ACLE,开关状态用于指示目标ACLE是否有效;The sending module 1101 is configured to send a modification instruction to the IoT device, where the modification instruction is used to modify the switch state of the target ACLE of the second management device, where the target ACLE is any ACLE included in the access control list ACL of the second management device, and the switch state Used to indicate whether the target ACLE is valid;
物联网设备用于接收第一管理设备发送的修改指令,在确定第一管理设备具有修改ACLE的开关状态的权限的情况下,根据修改指令对第二管理设备的目标ACLE的开关状态进行修改。The IoT device is configured to receive the modification instruction sent by the first management device, and modify the switch state of the target ACLE of the second management device according to the modification instruction when it is determined that the first management device has the authority to modify the switch state of the ACLE.
在一些实施例中,目标ACLE中包括开关状态,开关状态为第一状态时,用于指示目标ACLE为开启状态,开关状态为第二状态时,用于指示目标ACLE为关闭状态。In some embodiments, the target ACLE includes a switch state, when the switch state is the first state, it is used to indicate that the target ACLE is in an open state, and when the switch state is the second state, it is used to indicate that the target ACLE is in a closed state.
在一些实施例中,第二管理设备的ACL包括每个ACLE对应的开关状态。In some embodiments, the ACL of the second management device includes a switch state corresponding to each ACLE.
在一些实施例中,物联网设备还存储有第二管理设备的ACL包括的每个ACLE对应的开关状态。In some embodiments, the IoT device further stores a switch state corresponding to each ACLE included in the ACL of the second management device.
在一些实施例中,修改指令中包括第一管理设备的设备标识,In some embodiments, the modification instruction includes the device identification of the first management device,
物联网设备在确定已存储的管理员标识中包括第一管理设备的设备标识,确定第一管理设备具有修改ACLE的开关状态的权限;或者,The IoT device determines that the stored administrator identifier includes the device identifier of the first management device, and determines that the first management device has the authority to modify the switch state of the ACLE; or,
物联网设备在确定第一管理设备的设备标识为已设置的主管理员标识,确定第一管理设备具有修改ACLE的开关状态的权限。The IoT device determines that the device identification of the first management device is the set master administrator identification, and determines that the first management device has the authority to modify the switch state of the ACLE.
在一些实施例中,参见图12,装置还包括:In some embodiments, referring to FIG. 12 , the apparatus further includes:
发送模块1101,用于向物联网设备发送ACL获取请求;A sending module 1101, configured to send an ACL acquisition request to the IoT device;
接收模块1102,用于接收物联网设备发送的物联网设备中每个管理设备的ACL;a receiving module 1102, configured to receive the ACL of each management device in the IoT device sent by the IoT device;
物联网设备用于基于ACL获取请求,向第一管理设备发送物联网设备中每个管理设备的ACL。The IoT device is configured to send the ACL of each management device in the IoT device to the first management device based on the ACL acquisition request.
图13示出了本申请一个示例性实施例提供的ACL控制装置的框图,应用于物联网设备,装置包括:Fig. 13 shows a block diagram of an ACL control apparatus provided by an exemplary embodiment of the present application, applied to an IoT device, the apparatus includes:
接收模块1301,用于接收第一管理设备发送的修改指令,修改指令用于修改第二管理设备的ACL的开关状态,开关状态用于指示ACL是否有效;The receiving module 1301 is configured to receive a modification instruction sent by the first management device, where the modification instruction is used to modify the switch state of the ACL of the second management device, and the switch state is used to indicate whether the ACL is valid;
修改模块1302,用于在确定第一管理设备具有修改ACL的开关状态的权限的情况下,根据修改指令对第二管理设备的ACL的开关状态进行修改。The modification module 1302 is configured to modify the switch state of the ACL of the second management device according to the modification instruction when it is determined that the first management device has the right to modify the switch state of the ACL.
在一些实施例中,物联网设备存储有第二管理设备的ACL对应的开关状态,开关状态为第一状态时,用于指示对应的ACL为开启状态,开关状态为第二状态时,用于指示对应的ACL为关闭状态。In some embodiments, the IoT device stores a switch state corresponding to the ACL of the second management device, when the switch state is the first state, it is used to indicate that the corresponding ACL is in the open state, and when the switch state is the second state, it is used for Indicates that the corresponding ACL is disabled.
在一些实施例中,修改指令中包括第一管理设备的设备标识,装置还包括:In some embodiments, the modification instruction includes the device identifier of the first management device, and the apparatus further includes:
确定模块1303,用于在确定已存储的管理员标识中包括第一管理设备的设备标识的情况下,确定第一管理设备具有修改ACL的开关状态的权限;或者,The determining module 1303 is configured to determine that the first management device has the right to modify the switch state of the ACL when it is determined that the stored administrator identification includes the device identification of the first management device; or,
确定模块1303,还用于确定第一管理设备的设备标识为已设置的主管理员标识的情况下,确定第一管理设备具有修改ACL的开关状态的权限。The determining module 1303 is further configured to determine that the first management device has the right to modify the switch state of the ACL if the device identifier of the first management device is the set master administrator identifier.
在一些实施例中,参见图14,装置还包括:In some embodiments, referring to Figure 14, the apparatus further includes:
接收模块1301,用于接收修改模式开启指令;a receiving module 1301, configured to receive a modification mode opening instruction;
进入模块1304,用于根据修改模式开启指令,进入修改模式,在修改模式下物联网设备具有响应修改指令的功能;Entering module 1304, used to open the instruction according to the modification mode, and enter the modification mode, in which the IoT device has the function of responding to the modification instruction;
参见图14,装置还包括:Referring to Figure 14, the device further includes:
接收模块1301,用于接收修改模式关闭指令;A receiving module 1301, configured to receive an instruction to close the modification mode;
退出模块1305,用于根据修改模式关闭指令,退出修改模式。 Exit module 1305, configured to close the instruction according to the modification mode, and exit the modification mode.
在一些实施例中,参见图14,装置还包括:In some embodiments, referring to Figure 14, the apparatus further includes:
接收模块1301,用于接收第一管理设备发送的ACL获取请求;A receiving module 1301, configured to receive an ACL acquisition request sent by the first management device;
发送模块1306,用于基于ACL获取请求,向第一管理设备发送物联网设备中每个管理设备的ACL。The sending module 1306 is configured to send the ACL of each management device in the IoT devices to the first management device based on the ACL acquisition request.
在一些实施例中,参见图14,装置还包括:In some embodiments, referring to Figure 14, the apparatus further includes:
接收模块1301,用于接收任一管理设备发送的ACLE添加指令;A receiving module 1301, configured to receive an ACLE addition instruction sent by any management device;
添加模块1307,用于基于ACLE添加指令,在任一管理设备的ACL中添加ACLE添加指令包括的ACLE。The adding module 1307 is configured to add the ACLE included in the ACLE adding instruction to the ACL of any management device based on the ACLE adding instruction.
图15示出了本申请一个示例性实施例提供的ACL控制装置的框图,应用于第一管理设备,装置包括:FIG. 15 shows a block diagram of an ACL control apparatus provided by an exemplary embodiment of the present application, which is applied to a first management device, and the apparatus includes:
发送模块1501,用于向物联网设备发送修改指令,修改指令用于修改第二管理设备的ACL的开关状态,开关状态用于指示目标ACLE是否有效;The sending module 1501 is used to send a modification instruction to the IoT device, where the modification instruction is used to modify the switch state of the ACL of the second management device, and the switch state is used to indicate whether the target ACLE is valid;
物联网设备用于接收第一管理设备发送的修改指令,在确定第一管理设备具有修改ACL的开关状态的权限的情况下,根据修改指令对第二管理设备的目标ACLE的开关状态进行修改。The IoT device is configured to receive the modification instruction sent by the first management device, and modify the switch state of the target ACLE of the second management device according to the modification instruction when it is determined that the first management device has the right to modify the switch state of the ACL.
在一些实施例中,物联网设备存储有第二管理设备的ACL对应的开关状态,第二对象包括ACLE与开关状态的对应关系,开关状态为第一状态时,用于指示对应的ACLE为开启状态,开关状态为第二状态时,用于指示对应的ACLE为关闭状态。In some embodiments, the IoT device stores the switch state corresponding to the ACL of the second management device, the second object includes the correspondence between the ACLE and the switch state, and when the switch state is the first state, it is used to indicate that the corresponding ACLE is on state, when the switch state is the second state, it is used to indicate that the corresponding ACLE is in the off state.
在一些实施例中,修改指令中包括第一管理设备的设备标识,In some embodiments, the modification instruction includes the device identification of the first management device,
物联网设备在确定已存储的管理员标识中包括第一管理设备的设备标识的情况下,确定第一管理设备具有修改ACL的开关状态的权限;或者,The IoT device determines that the first management device has the right to modify the switch state of the ACL when it is determined that the stored administrator identifier includes the device identifier of the first management device; or,
物联网设备在确定第一管理设备的设备标识为已设置的主管理员标识的情况下,确定第一管理设备具有修改ACL的开关状态的权限。The Internet of Things device determines that the first management device has the right to modify the switch state of the ACL when it is determined that the device identifier of the first management device is the set master administrator identifier.
在一些实施例中,参见图16,装置还包括:In some embodiments, referring to Figure 16, the apparatus further includes:
发送模块1501,用于向物联网设备发送ACL获取请求;A sending module 1501, configured to send an ACL acquisition request to the IoT device;
接收模块1502,用于接收物联网设备发送的物联网设备中每个管理设备的ACL;a receiving module 1502, configured to receive the ACL of each management device in the IoT device sent by the IoT device;
物联网设备用于基于ACL获取请求,向第一管理设备发送物联网设备中每个管理设备的ACL。The IoT device is configured to send the ACL of each management device in the IoT device to the first management device based on the ACL acquisition request.
图17示出了本申请一个示例性实施例提供的通信设备的结构示意图,该通信设备包括:处理器1701、接收器1702、发射器1703、存储器1704和总线1705。FIG. 17 shows a schematic structural diagram of a communication device provided by an exemplary embodiment of the present application. The communication device includes: a processor 1701 , a receiver 1702 , a transmitter 1703 , a memory 1704 and a bus 1705 .
处理器1701包括一个或者一个以上处理核心,处理器1701通过运行软件程序以及模块,从而执行各种功能应用以及信息处理。The processor 1701 includes one or more processing cores, and the processor 1701 executes various functional applications and information processing by running software programs and modules.
接收器1702和发射器1703可以实现为一个通信组件,该通信组件可以是一块通信芯片。The receiver 1702 and the transmitter 1703 may be implemented as a communication component, which may be a communication chip.
存储器1704通过总线1705与处理器1701相连。The memory 1704 is connected to the processor 1701 through the bus 1705.
存储器1704可用于存储至少一个指令,处理器1701用于执行该至少一个指令,以实现上述方法实施例中的各个步骤。The memory 1704 may be configured to store at least one instruction, and the processor 1701 may be configured to execute the at least one instruction to implement the various steps in the above method embodiments.
其中,该通信设备为物联网设备或第一管理设备的。Wherein, the communication device is an IoT device or a first management device.
此外,存储器1704可以由任何类型的易失性或非易失性存储设备或者它们的组合实现,易失性或非易失性存储设备包括但不限于:磁盘或光盘,电可擦除可编程只读存储器(EEPROM),可擦除可编程只读存储器(EPROM),静态随时存取存储器(SRAM),只读存储器(ROM),磁存储器,快闪存储器,可编程只读存储器(PROM)。Additionally, the memory 1704 may be implemented by any type or combination of volatile or non-volatile storage devices including, but not limited to, magnetic or optical disks, electrically erasable programmable Read Only Memory (EEPROM), Erasable Programmable Read Only Memory (EPROM), Static Anytime Access Memory (SRAM), Read Only Memory (ROM), Magnetic Memory, Flash Memory, Programmable Read Only Memory (PROM) .
在示例性实施例中,还提供了一种计算机可读存储介质,所述可读存储介质中存储有可执行程序代码,所述可执行程序代码由处理器加载并执行以实现上述各个方法实施例提供的由通信设备执行的ACL控制方法。In an exemplary embodiment, a computer-readable storage medium is also provided, and executable program codes are stored in the readable storage medium, and the executable program codes are loaded and executed by a processor to implement the above-mentioned various methods. The example provides an ACL control method performed by a communication device.
在示例性实施例中,还提供了一种芯片,所述芯片包括可编程逻辑电路和/或程序指令,当所述芯片在物联网设备或第一管理设备的上运行时,用于实现如上述ACL控制方法。In an exemplary embodiment, a chip is also provided, the chip includes a programmable logic circuit and/or program instructions, when the chip runs on the Internet of Things device or the first management device, for implementing the The above ACL control method.
在示例性实施例中,还提供了一种计算机程序产品,所述计算机程序产品包括计算机指令,所述计算机指令存储在计算机可读存储介质中;In an exemplary embodiment, there is also provided a computer program product comprising computer instructions stored in a computer-readable storage medium;
物联网设备的处理器从所述计算机可读存储介质读取所述计算机指令,并执行所述计算机指令,使得所述物联网设备执行如上述方面所述的ACL控制方法;The processor of the Internet of Things device reads the computer instructions from the computer-readable storage medium, and executes the computer instructions, so that the Internet of Things device executes the ACL control method described in the above aspect;
第一管理设备的处理器从所述计算机可读存储介质读取所述计算机指令,并执行所述计算机指令,使得所述第一管理设备执行如上述方面所述的ACL控制方法。The processor of the first management device reads the computer instructions from the computer-readable storage medium, and executes the computer instructions, so that the first management device executes the ACL control method described in the above aspects.
在示例性实施例中,还提供了一种计算机程序,当所述计算机程序被物联网设备或第一管理设备的处理器执行时,其用于实现上述ACL控制方法。In an exemplary embodiment, there is also provided a computer program for implementing the above-mentioned ACL control method when the computer program is executed by the processor of the Internet of Things device or the first management device.
本领域普通技术人员可以理解实现上述实施例的全部或部分步骤可以通过硬件来完成,也可以通过程序来指令相关的硬件完成,所述的程序可以存储于一种计算机可读存储介质中,上述提到的存储介质可以是只读存储器,磁盘或光盘等。Those of ordinary skill in the art can understand that all or part of the steps of implementing the above embodiments can be completed by hardware, or can be completed by instructing relevant hardware through a program, and the program can be stored in a computer-readable storage medium. The storage medium mentioned may be a read-only memory, a magnetic disk or an optical disk, etc.
以上所述仅为本申请的可选实施例,并不用以限制本申请,凡在本申请的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本申请的保护范围之内。The above descriptions are only optional embodiments of the present application, and are not intended to limit the present application. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present application shall be included in the protection of the present application. within the range.

Claims (54)

  1. 一种ACL控制方法,其特征在于,应用于物联网设备,所述方法包括:An ACL control method, characterized in that it is applied to an Internet of Things device, the method comprising:
    接收第一管理设备发送的修改指令,所述修改指令用于修改第二管理设备的目标访问控制列表条目ACLE的开关状态,所述目标ACLE为所述第二管理设备的访问控制列表ACL中包括的任一个ACLE,所述开关状态用于指示所述目标ACLE是否有效;Receive a modification instruction sent by the first management device, where the modification instruction is used to modify the switch state of the target access control list entry ACLE of the second management device, where the target ACLE is that the access control list ACL of the second management device includes Any one of the ACLE, the switch state is used to indicate whether the target ACLE is valid;
    在确定所述第一管理设备具有修改ACLE的开关状态的权限的情况下,根据所述修改指令对所述第二管理设备的目标ACLE的开关状态进行修改。If it is determined that the first management device has the right to modify the switch state of the ACLE, modify the switch state of the target ACLE of the second management device according to the modification instruction.
  2. 根据权利要求1所述的方法,其特征在于,所述目标ACLE中包括开关状态,所述开关状态为第一状态时,用于指示所述目标ACLE为开启状态,所述开关状态为第二状态时,用于指示所述目标ACLE为关闭状态。The method according to claim 1, wherein the target ACLE includes a switch state, when the switch state is a first state, it is used to indicate that the target ACLE is in an open state, and the switch state is a second state In the state, it is used to indicate that the target ACLE is in the closed state.
  3. 根据权利要求1所述的方法,其特征在于,所述第二管理设备的ACL包括每个ACLE对应的开关状态。The method according to claim 1, wherein the ACL of the second management device includes a switch state corresponding to each ACLE.
  4. 根据权利要求1所述的方法,其特征在于,所述物联网设备还存储有所述第二管理设备的ACL包括的每个ACLE对应的开关状态。The method according to claim 1, wherein the IoT device further stores a switch state corresponding to each ACLE included in the ACL of the second management device.
  5. 根据权利要求1-4任一项权利要求所述的方法,其特征在于,所述修改指令中包括所述第一管理设备的设备标识,所述方法还包括:The method according to any one of claims 1-4, wherein the modification instruction includes a device identifier of the first management device, and the method further comprises:
    在确定已存储的管理员标识中包括所述第一管理设备的设备标识的情况下,确定所述第一管理设备具有修改ACLE的开关状态的权限;或者,In the case where it is determined that the stored administrator identifier includes the device identifier of the first management device, determine that the first management device has the right to modify the switch state of the ACLE; or,
    在确定所述第一管理设备的设备标识为已设置的主管理员标识的情况下,确定所述第一管理设备具有修改ACLE的开关状态的权限。When it is determined that the device identification of the first management device is the set master administrator identification, it is determined that the first management device has the right to modify the switch state of the ACLE.
  6. 根据权利要求1-4任一项权利要求所述的方法,其特征在于,所述接收第一管理设备发送的修改指令之前,所述方法还包括:The method according to any one of claims 1-4, wherein before the receiving the modification instruction sent by the first management device, the method further comprises:
    接收修改模式开启指令,根据所述修改模式开启指令,进入修改模式,在所述修改模式下所述物联网设备具有响应修改指令的功能;Receive a modification mode open instruction, enter a modification mode according to the modification mode open instruction, and in the modification mode, the Internet of Things device has a function of responding to the modification instruction;
    所述在确定所述第一管理设备具有修改权限的情况下,基于所述修改指令对所述第二管理设备的目标ACLE的开关状态进行修改之后,所述方法还包括:After modifying the switch state of the target ACLE of the second management device based on the modification instruction under the condition that it is determined that the first management device has the modification authority, the method further includes:
    接收修改模式关闭指令,根据所述修改模式关闭指令,退出所述修改模式。A modification mode closing instruction is received, and the modification mode is exited according to the modification mode closing instruction.
  7. 根据权利要求1-4任一项权利要求所述的方法,其特征在于,所述接收第一管理设备发送的修改指令之前,所述方法还包括:The method according to any one of claims 1-4, wherein before the receiving the modification instruction sent by the first management device, the method further comprises:
    接收所述第一管理设备发送的ACL获取请求;receiving an ACL acquisition request sent by the first management device;
    基于所述ACL获取请求,向所述第一管理设备发送所述物联网设备中每个管理设备的ACL。Based on the ACL acquisition request, the ACL of each management device in the IoT devices is sent to the first management device.
  8. 根据权利要求1-7任一项权利要求所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1-7, wherein the method further comprises:
    接收任一管理设备发送的ACLE添加指令;Receive the ACLE addition instruction sent by any management device;
    基于所述ACLE添加指令,在所述任一管理设备的ACL中添加所述ACLE添加指令包括的ACLE。Based on the ACLE adding instruction, the ACLE included in the ACLE adding instruction is added to the ACL of any management device.
  9. 一种ACL控制方法,其特征在于,应用于第一管理设备,所述方法包括:An ACL control method, characterized in that being applied to a first management device, the method comprising:
    向物联网设备发送修改指令,所述修改指令用于修改第二管理设备的目标ACLE的开关状态,所述目标ACLE为所述第二管理设备的访问控制列表ACL包括的任一个ACLE,所述开关状态用于指示所述目标ACLE是否有效;Send a modification instruction to the Internet of Things device, where the modification instruction is used to modify the switch state of the target ACLE of the second management device, where the target ACLE is any ACLE included in the access control list ACL of the second management device, and the The switch state is used to indicate whether the target ACLE is valid;
    所述物联网设备用于接收第一管理设备发送的修改指令,在确定所述第一管理设备具有修改ACLE的开关状态的权限的情况下,根据所述修改指令对所述第二管理设备的目标ACLE的开关状态进行修改。The Internet of Things device is configured to receive a modification instruction sent by the first management device, and in the case of determining that the first management device has the authority to modify the switch state of the ACLE, modify the second management device according to the modification instruction. The switch state of the target ACLE is modified.
  10. 根据权利要求9所述的方法,其特征在于,目标ACLE中包括开关状态,所述开关状态为第一状态时,用于指示所述目标ACLE为开启状态,所述开关状态为第二状态时,用于指示所述目标ACLE为关闭状态。The method according to claim 9, wherein the target ACLE includes a switch state, and when the switch state is a first state, it is used to indicate that the target ACLE is in an open state, and when the switch state is a second state , which is used to indicate that the target ACLE is in a closed state.
  11. 根据权利要求9所述的方法,其特征在于,所述第二管理设备的ACL包括每个ACLE对应的开关状态。The method according to claim 9, wherein the ACL of the second management device includes a switch state corresponding to each ACLE.
  12. 根据权利要求9所述的方法,其特征在于,所述物联网设备还存储有所述第二管理设备的ACL包括的每个ACLE对应的开关状态。The method according to claim 9, wherein the IoT device further stores a switch state corresponding to each ACLE included in the ACL of the second management device.
  13. 根据权利要求9-12任一项权利要求所述的方法,其特征在于,所述修改指令中包括所述第一管理设备的设备标识;The method according to any one of claims 9-12, wherein the modification instruction includes a device identifier of the first management device;
    所述物联网设备在确定已存储的管理员标识中包括所述第一管理设备的设备标识,确定所述第一管理设备具有修改ACLE的开关状态的权限;或者,The Internet of Things device determines that the stored administrator identifier includes the device identifier of the first management device, and determines that the first management device has the authority to modify the switch state of the ACLE; or,
    所述物联网设备在确定所述第一管理设备的设备标识为已设置的主管理员标识,确定所述第一管理设备具有修改ACLE的开关状态的权限。The IoT device determines that the device identification of the first management device is the set master administrator identification, and determines that the first management device has the authority to modify the switch state of the ACLE.
  14. 根据权利要求9-12任一项权利要求所述的方法,其特征在于,所述接收向物联网设备发送修改指令之前,所述方法还包括:The method according to any one of claims 9-12, wherein before the receiving and sending the modification instruction to the Internet of Things device, the method further comprises:
    向所述物联网设备发送ACL获取请求;sending an ACL acquisition request to the IoT device;
    接收所述物联网设备发送的所述物联网设备中每个管理设备的ACL;receiving the ACL of each management device in the IoT device sent by the IoT device;
    所述物联网设备用于基于所述ACL获取请求,向所述第一管理设备发送所述物联网设备中每个管理设备的ACL。The IoT device is configured to send the ACL of each management device in the IoT device to the first management device based on the ACL acquisition request.
  15. 一种ACL控制方法,其特征在于,应用于物联网设备,所述方法包括:An ACL control method, characterized in that it is applied to an Internet of Things device, the method comprising:
    接收第一管理设备发送的修改指令,所述修改指令用于修改第二管理设备的ACL的开关状态,所述开关状态用于指示所述ACL是否有效;receiving a modification instruction sent by the first management device, where the modification instruction is used to modify the switch state of the ACL of the second management device, and the switch state is used to indicate whether the ACL is valid;
    在确定所述第一管理设备具有修改ACL的开关状态的权限的情况下,根据所述修改指令对所述第二管理设备的ACL的开关状态进行修改。If it is determined that the first management device has the right to modify the switch state of the ACL, modify the switch state of the ACL of the second management device according to the modification instruction.
  16. 根据权利要求15所述的方法,其特征在于,所述物联网设备存储有所述第二管理设备的ACL对应的开关状态,所述开关状态为第一状态时,用于指示对应的ACL为开启状态,所述开关状态为第二状态时,用于指示对应的ACL为关闭状态。The method according to claim 15, wherein the IoT device stores a switch state corresponding to the ACL of the second management device, and when the switch state is the first state, it is used to indicate that the corresponding ACL is On state, when the switch state is the second state, it is used to indicate that the corresponding ACL is in the off state.
  17. 根据权利要求15-16任一项权利要求所述的方法,其特征在于,所述修改指令中包括所述第一管理设备的设备标识,所述方法还包括:The method according to any one of claims 15-16, wherein the modification instruction includes a device identifier of the first management device, and the method further comprises:
    在确定已存储的管理员标识中包括所述第一管理设备的设备标识的情况下,确定所述第一管理设备具有修改ACL的开关状态的权限;或者,In the case where it is determined that the stored administrator identifier includes the device identifier of the first management device, determine that the first management device has the right to modify the switch state of the ACL; or,
    确定所述第一管理设备的设备标识为已设置的主管理员标识的情况下,确定所述第一管理设备具有修改ACL的开关状态的权限。When it is determined that the device identifier of the first management device is the set primary administrator identifier, it is determined that the first management device has the right to modify the switch state of the ACL.
  18. 根据权利要求15-16任一项权利要求所述的方法,其特征在于,所述接收第一管理设备发送的修改指令之前,所述方法还包括:The method according to any one of claims 15-16, wherein before the receiving the modification instruction sent by the first management device, the method further comprises:
    接收修改模式开启指令,根据所述修改模式开启指令,进入修改模式,在所述修改模式下所述物联网设备具有响应修改指令的功能;Receive a modification mode open instruction, enter a modification mode according to the modification mode open instruction, and in the modification mode, the Internet of Things device has a function of responding to the modification instruction;
    所述在确定所述第一管理设备具有修改权限的情况下,基于所述修改指令对所述第二管理设备的ACL的开关状态进行修改之后,所述方法还包括:After modifying the switch state of the ACL of the second management device based on the modification instruction under the condition that it is determined that the first management device has the modification authority, the method further includes:
    接收修改模式关闭指令,根据所述修改模式关闭指令,退出所述修改模式。A modification mode closing instruction is received, and the modification mode is exited according to the modification mode closing instruction.
  19. 根据权利要求15-16任一项权利要求所述的方法,其特征在于,所述接收第一管理设备发送的修改指令之前,所述方法还包括:The method according to any one of claims 15-16, wherein before the receiving the modification instruction sent by the first management device, the method further comprises:
    接收所述第一管理设备发送的ACL获取请求;receiving an ACL acquisition request sent by the first management device;
    基于所述ACL获取请求,向所述第一管理设备发送所述物联网设备中每个管理设备的ACL。Based on the ACL acquisition request, the ACL of each management device in the IoT devices is sent to the first management device.
  20. 根据权利要求15-19任一项权利要求所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 15-19, wherein the method further comprises:
    接收任一管理设备发送的ACLE添加指令;Receive the ACLE addition instruction sent by any management device;
    基于所述ACLE添加指令,在所述任一管理设备的ACL中添加所述ACLE添加指令包括的ACLE。Based on the ACLE adding instruction, the ACLE included in the ACLE adding instruction is added to the ACL of any management device.
  21. 一种ACL控制方法,其特征在于,应用于第一管理设备,所述方法包括:An ACL control method, characterized in that being applied to a first management device, the method comprising:
    向物联网设备发送修改指令,所述修改指令用于修改第二管理设备的ACL的开关状态,所述开关状态用于指示所述目标ACLE是否有效;Send a modification instruction to the IoT device, where the modification instruction is used to modify the switch state of the ACL of the second management device, and the switch state is used to indicate whether the target ACLE is valid;
    所述物联网设备用于接收第一管理设备发送的修改指令,在确定所述第一管理设备具有修改ACL的开关状态的权限的情况下,根据所述修改指令对所述第二管理设备的目标ACLE的开关状态进行修改。The Internet of Things device is configured to receive a modification instruction sent by the first management device, and in the case that it is determined that the first management device has the authority to modify the switch state of the ACL, modify the modification instruction of the second management device according to the modification instruction. The switch state of the target ACLE is modified.
  22. 根据权利要求21所述的方法,其特征在于,所述物联网设备存储有所述第二管理设备的ACL对应的开关状态,所述第二对象包括ACLE与开关状态的对应关系,所述开关状态为第一状态时,用于指示对应的ACLE为开启状态,所述开关状态为第二状态时,用于指示对应的ACLE为关闭状态。The method according to claim 21, wherein the IoT device stores a switch state corresponding to an ACL of the second management device, the second object includes a correspondence between an ACLE and a switch state, and the switch When the state is the first state, it is used to indicate that the corresponding ACLE is in the open state, and when the switch state is the second state, it is used to indicate that the corresponding ACLE is in the closed state.
  23. 根据权利要求21-22任一项权利要求所述的方法,其特征在于,所述修改指令中包括所述第一管理设备的设备标识;The method according to any one of claims 21-22, wherein the modification instruction includes a device identifier of the first management device;
    所述物联网设备在确定已存储的管理员标识中包括所述第一管理设备的设备标识的情况下,确定所述第一管理设备具有修改ACL的开关状态的权限;或者,The Internet of Things device determines that the first management device has the right to modify the switch state of the ACL when it is determined that the stored administrator identification includes the device identification of the first management device; or,
    所述物联网设备在确定所述第一管理设备的设备标识为已设置的主管理员标识的情况下,确定所述第一管理设备具有修改ACL的开关状态的权限。The Internet of Things device determines that the first management device has the right to modify the switch state of the ACL when it is determined that the device identifier of the first management device is the set master administrator identifier.
  24. 根据权利要求21-22任一项权利要求所述的方法,其特征在于,所述接收向物联网设备发送修改指令之前,所述方法还包括:The method according to any one of claims 21-22, wherein before the receiving and sending the modification instruction to the Internet of Things device, the method further comprises:
    向所述物联网设备发送ACL获取请求;sending an ACL acquisition request to the IoT device;
    接收所述物联网设备发送的所述物联网设备中每个管理设备的ACL;receiving the ACL of each management device in the IoT device sent by the IoT device;
    所述物联网设备用于基于所述ACL获取请求,向所述第一管理设备发送所述物联网设备中每个管理设备的ACL。The IoT device is configured to send the ACL of each management device in the IoT device to the first management device based on the ACL acquisition request.
  25. 一种ACL控制装置,其特征在于,应用于物联网设备,所述装置包括:An ACL control device, characterized in that it is applied to an Internet of Things device, the device comprising:
    接收模块,用于接收第一管理设备发送的修改指令,所述修改指令用于修改第二管理设备的目标访问控制列表条目ACLE的开关状态,所述目标ACLE为所述第二管理设备的访问控制列表ACL包括的任一个ACLE,所述开关状态用于指示所述目标ACLE是否有效;a receiving module, configured to receive a modification instruction sent by the first management device, where the modification instruction is used to modify the switch state of the target access control list entry ACLE of the second management device, where the target ACLE is the access of the second management device Any ACLE included in the control list ACL, the switch state is used to indicate whether the target ACLE is valid;
    修改模块,用于在确定所述第一管理设备具有修改ACLE的开关状态的权限的情况下,根据所述修改指令对所述第二管理设备的目标ACLE的开关状态进行修改。A modification module, configured to modify the switch state of the target ACLE of the second management device according to the modification instruction when it is determined that the first management device has the right to modify the switch state of the ACLE.
  26. 根据权利要求25所述的装置,其特征在于,所述目标ACLE中包括开关状态,所述开关状态为第一状态时,用于指示所述目标ACLE为开启状态,所述开关状态为第二状态时,用于指示所述目标ACLE为关闭状态。The device according to claim 25, wherein the target ACLE includes a switch state, when the switch state is a first state, it is used to indicate that the target ACLE is in an open state, and the switch state is a second state In the state, it is used to indicate that the target ACLE is in the closed state.
  27. 根据权利要求25所述的装置,其特征在于,所述第二管理设备的ACL包括每个ACLE对应的开关状态。The apparatus according to claim 25, wherein the ACL of the second management device includes a switch state corresponding to each ACLE.
  28. 根据权利要求25所述的装置,其特征在于,所述物联网设备还存储有所述第二管理设备的ACL包括的每个ACLE对应的开关状态。The apparatus according to claim 25, wherein the IoT device further stores a switch state corresponding to each ACLE included in the ACL of the second management device.
  29. 根据权利要求25-28任一项权利要求所述的装置,其特征在于,所述修改指令中包括所述第一管理设备的设备标识,所述装置还包括:The apparatus according to any one of claims 25-28, wherein the modification instruction includes a device identifier of the first management device, and the apparatus further includes:
    确定模块,用于在确定已存储的管理员标识中包括所述第一管理设备的设备标识的情况下,确定所述第一管理设备具有修改ACLE的开关状态的权限;或者,a determining module, configured to determine that the first management device has the authority to modify the switch state of the ACLE when it is determined that the stored administrator identification includes the device identification of the first management device; or,
    所述确定模块,还用于在确定所述第一管理设备的设备标识为已设置的主管理员标识的情况下,确定所述第一管理设备具有修改ACLE的开关状态的权限。The determining module is further configured to determine that the first management device has the right to modify the switch state of the ACLE when the device identifier of the first management device is determined to be the set master administrator identifier.
  30. 根据权利要求25-28任一项权利要求所述的装置,其特征在于,所述装置还包括:The device according to any one of claims 25-28, wherein the device further comprises:
    所述接收模块,用于接收修改模式开启指令;The receiving module is used for receiving a modification mode opening instruction;
    进入模块,用于根据所述修改模式开启指令,进入修改模式,在所述修改模式下所述物联网设备具有 响应修改指令的功能;Entering the module, for starting the instruction according to the modification mode, entering the modification mode, and the Internet of Things device has the function of responding to the modification instruction under the modification mode;
    接收模块,用于接收修改模式关闭指令;The receiving module is used to receive the modification mode closing command;
    退出模块,用于根据所述修改模式关闭指令,退出所述修改模式。The exit module is configured to close the instruction according to the modification mode and exit the modification mode.
  31. 根据权利要求25-28任一项权利要求所述的装置,其特征在于,所述装置还包括:The device according to any one of claims 25-28, wherein the device further comprises:
    接收模块,用于接收所述第一管理设备发送的ACL获取请求;a receiving module, configured to receive an ACL acquisition request sent by the first management device;
    所述发送模块,用于基于所述ACL获取请求,向所述第一管理设备发送所述物联网设备中每个管理设备的ACL。The sending module is configured to send the ACL of each management device in the Internet of Things device to the first management device based on the ACL acquisition request.
  32. 根据权利要求25-31任一项权利要求所述的装置,其特征在于,所述装置还包括:The device according to any one of claims 25-31, wherein the device further comprises:
    接收模块,用于接收任一管理设备发送的ACLE添加指令;The receiving module is used to receive the ACLE adding instruction sent by any management device;
    添加模块,用于基于所述ACLE添加指令,在所述任一管理设备的ACL中添加所述ACLE添加指令包括的ACLE。The adding module is configured to add the ACLE included in the ACLE adding instruction to the ACL of any management device based on the ACLE adding instruction.
  33. 一种ACL控制装置,其特征在于,应用于第一管理设备,所述装置包括:An ACL control device, characterized in that it is applied to a first management device, the device comprising:
    发送模块,用于向物联网设备发送修改指令,所述修改指令用于修改第二管理设备的目标ACLE的开关状态,所述目标ACLE为所述第二管理设备的访问控制列表ACL包括的任一个ACLE,所述开关状态用于指示所述目标ACLE是否有效;The sending module is configured to send a modification instruction to the Internet of Things device, where the modification instruction is used to modify the switch state of the target ACLE of the second management device, where the target ACLE is any item included in the access control list ACL of the second management device. an ACLE, the switch state is used to indicate whether the target ACLE is valid;
    所述物联网设备用于接收第一管理设备发送的修改指令,在确定所述第一管理设备具有修改ACLE的开关状态的权限的情况下,根据所述修改指令对所述第二管理设备的目标ACLE的开关状态进行修改。The Internet of Things device is configured to receive a modification instruction sent by the first management device, and in the case of determining that the first management device has the authority to modify the switch state of the ACLE, modify the second management device according to the modification instruction. The switch state of the target ACLE is modified.
  34. 根据权利要求33所述的装置,其特征在于,目标ACLE中包括开关状态,所述开关状态为第一状态时,用于指示所述目标ACLE为开启状态,所述开关状态为第二状态时,用于指示所述目标ACLE为关闭状态。The device according to claim 33, wherein the target ACLE includes a switch state, and when the switch state is a first state, it is used to indicate that the target ACLE is in an open state, and when the switch state is a second state , which is used to indicate that the target ACLE is in a closed state.
  35. 根据权利要求33所述的装置,其特征在于,所述第二管理设备的ACL包括每个ACLE对应的开关状态。The apparatus according to claim 33, wherein the ACL of the second management device includes a switch state corresponding to each ACLE.
  36. 根据权利要求33所述的装置,其特征在于,所述物联网设备还存储有所述第二管理设备的ACL包括的每个ACLE对应的开关状态。The apparatus according to claim 33, wherein the IoT device further stores a switch state corresponding to each ACLE included in the ACL of the second management device.
  37. 根据权利要求33-36任一项权利要求所述的装置,其特征在于,所述修改指令中包括所述第一管理设备的设备标识;The apparatus according to any one of claims 33-36, wherein the modification instruction includes a device identifier of the first management device;
    所述物联网设备在确定已存储的管理员标识中包括所述第一管理设备的设备标识,确定所述第一管理设备具有修改ACLE的开关状态的权限;或者,The Internet of Things device determines that the stored administrator identifier includes the device identifier of the first management device, and determines that the first management device has the authority to modify the switch state of the ACLE; or,
    所述物联网设备在确定所述第一管理设备的设备标识为已设置的主管理员标识,确定所述第一管理设备具有修改ACLE的开关状态的权限。The IoT device determines that the device identification of the first management device is the set master administrator identification, and determines that the first management device has the authority to modify the switch state of the ACLE.
  38. 根据权利要求33-36任一项权利要求所述的装置,其特征在于,所述装置还包括:The device according to any one of claims 33-36, wherein the device further comprises:
    所述发送模块,用于向所述物联网设备发送ACL获取请求;The sending module is configured to send an ACL acquisition request to the IoT device;
    接收模块,用于接收所述物联网设备发送的所述物联网设备中每个管理设备的ACL;a receiving module, configured to receive the ACL of each management device in the IoT device sent by the IoT device;
    所述物联网设备用于基于所述ACL获取请求,向所述第一管理设备发送所述物联网设备中每个管理设备的ACL。The IoT device is configured to send the ACL of each management device in the IoT device to the first management device based on the ACL acquisition request.
  39. 一种ACL控制装置,其特征在于,应用于物联网设备,所述装置包括:An ACL control device, characterized in that it is applied to an Internet of Things device, the device comprising:
    接收模块,用于接收第一管理设备发送的修改指令,所述修改指令用于修改第二管理设备的ACL的开关状态,所述开关状态用于指示所述ACL是否有效;a receiving module, configured to receive a modification instruction sent by the first management device, where the modification instruction is used to modify the switch state of the ACL of the second management device, and the switch state is used to indicate whether the ACL is valid;
    修改模块,用于在确定所述第一管理设备具有修改ACL的开关状态的权限的情况下,根据所述修改指令对所述第二管理设备的ACL的开关状态进行修改。A modification module, configured to modify the switch state of the ACL of the second management device according to the modification instruction when it is determined that the first management device has the right to modify the switch state of the ACL.
  40. 根据权利要求39所述的装置,其特征在于,所述物联网设备存储有所述第二管理设备的ACL对应的开关状态,所述开关状态为第一状态时,用于指示对应的ACL为开启状态,所述开关状态为第二状态时,用于指示对应的ACL为关闭状态。The apparatus according to claim 39, wherein the IoT device stores a switch state corresponding to the ACL of the second management device, and when the switch state is the first state, it is used to indicate that the corresponding ACL is On state, when the switch state is the second state, it is used to indicate that the corresponding ACL is in the off state.
  41. 根据权利要求39-40任一项权利要求所述的装置,其特征在于,所述修改指令中包括所述第一管理设备的设备标识,所述装置还包括:The apparatus according to any one of claims 39-40, wherein the modification instruction includes a device identifier of the first management device, and the apparatus further includes:
    确定模块,用于在确定已存储的管理员标识中包括所述第一管理设备的设备标识的情况下,确定所述第一管理设备具有修改ACL的开关状态的权限;或者,a determining module, configured to determine that the first management device has the right to modify the switch state of the ACL when it is determined that the stored administrator identification includes the device identification of the first management device; or,
    所述确定模块,还用于确定所述第一管理设备的设备标识为已设置的主管理员标识的情况下,确定所述第一管理设备具有修改ACL的开关状态的权限。The determining module is further configured to determine that the first management device has the right to modify the switch state of the ACL under the condition that the device identification of the first management device is the set master administrator identification.
  42. 根据权利要求39-40任一项权利要求所述的装置,其特征在于,所述装置还包括:The device according to any one of claims 39-40, wherein the device further comprises:
    所述接收模块,用于接收修改模式开启指令;The receiving module is used for receiving a modification mode opening instruction;
    进入模块,用于根据所述修改模式开启指令,进入修改模式,在所述修改模式下所述物联网设备具有响应修改指令的功能;an entry module, configured to open an instruction according to the modification mode, and enter a modification mode, in which the Internet of Things device has the function of responding to the modification instruction;
    所述装置还包括:The device also includes:
    所述接收模块,用于接收修改模式关闭指令,The receiving module is used for receiving the modification mode closing instruction,
    退出模块,用于根据所述修改模式关闭指令,退出所述修改模式。The exit module is configured to close the instruction according to the modification mode and exit the modification mode.
  43. 根据权利要求39-40任一项权利要求所述的装置,其特征在于,所述装置还包括:The device according to any one of claims 39-40, wherein the device further comprises:
    所述接收模块,用于接收所述第一管理设备发送的ACL获取请求;the receiving module, configured to receive the ACL acquisition request sent by the first management device;
    发送模块,用于基于所述ACL获取请求,向所述第一管理设备发送所述物联网设备中每个管理设备的ACL。A sending module, configured to send the ACL of each management device in the IoT devices to the first management device based on the ACL acquisition request.
  44. 根据权利要求39-43任一项权利要求所述的装置,其特征在于,所述装置还包括:The device according to any one of claims 39-43, wherein the device further comprises:
    所述接收模块,用于接收任一管理设备发送的ACLE添加指令;The receiving module is configured to receive an ACLE addition instruction sent by any management device;
    添加模块,用于基于所述ACLE添加指令,在所述任一管理设备的ACL中添加所述ACLE添加指令包括的ACLE。The adding module is configured to add the ACLE included in the ACLE adding instruction to the ACL of any management device based on the ACLE adding instruction.
  45. 一种ACL控制装置,其特征在于,应用于第一管理设备,所述装置包括:An ACL control device, characterized in that it is applied to a first management device, the device comprising:
    发送模块,用于向物联网设备发送修改指令,所述修改指令用于修改第二管理设备的ACL的开关状态,所述开关状态用于指示所述目标ACLE是否有效;a sending module, configured to send a modification instruction to the IoT device, where the modification instruction is used to modify the switch state of the ACL of the second management device, and the switch state is used to indicate whether the target ACLE is valid;
    所述物联网设备用于接收第一管理设备发送的修改指令,在确定所述第一管理设备具有修改ACL的开关状态的权限的情况下,根据所述修改指令对所述第二管理设备的目标ACLE的开关状态进行修改。The Internet of Things device is configured to receive a modification instruction sent by the first management device, and in the case that it is determined that the first management device has the authority to modify the switch state of the ACL, modify the modification instruction of the second management device according to the modification instruction. The switch state of the target ACLE is modified.
  46. 根据权利要求45所述的装置,其特征在于,所述物联网设备存储有所述第二管理设备的ACL对应的开关状态,所述第二对象包括ACLE与开关状态的对应关系,所述开关状态为第一状态时,用于指示对应的ACLE为开启状态,所述开关状态为第二状态时,用于指示对应的ACLE为关闭状态。The apparatus according to claim 45, wherein the IoT device stores a switch state corresponding to an ACL of the second management device, the second object includes a correspondence between an ACLE and a switch state, and the switch When the state is the first state, it is used to indicate that the corresponding ACLE is in the open state, and when the switch state is the second state, it is used to indicate that the corresponding ACLE is in the closed state.
  47. 根据权利要求45-46任一项权利要求所述的装置,其特征在于,所述修改指令中包括所述第一管理设备的设备标识;The apparatus according to any one of claims 45-46, wherein the modification instruction includes a device identifier of the first management device;
    所述物联网设备在确定已存储的管理员标识中包括所述第一管理设备的设备标识的情况下,确定所述第一管理设备具有修改ACL的开关状态的权限;或者,The Internet of Things device determines that the first management device has the right to modify the switch state of the ACL when it is determined that the stored administrator identification includes the device identification of the first management device; or,
    所述物联网设备在确定所述第一管理设备的设备标识为已设置的主管理员标识的情况下,确定所述第一管理设备具有修改ACL的开关状态的权限。The Internet of Things device determines that the first management device has the right to modify the switch state of the ACL when it is determined that the device identifier of the first management device is the set master administrator identifier.
  48. 根据权利要求45-46任一项权利要求所述的装置,其特征在于,所述装置还包括:The device according to any one of claims 45-46, wherein the device further comprises:
    所述发送模块,用于向所述物联网设备发送ACL获取请求;The sending module is configured to send an ACL acquisition request to the IoT device;
    接收模块,用于接收所述物联网设备发送的所述物联网设备中每个管理设备的ACL;a receiving module, configured to receive the ACL of each management device in the IoT device sent by the IoT device;
    所述物联网设备用于基于所述ACL获取请求,向所述第一管理设备发送所述物联网设备中每个管理设备的ACL。The IoT device is configured to send the ACL of each management device in the IoT device to the first management device based on the ACL acquisition request.
  49. 一种物联网设备,其特征在于,所述物联网设备包括:An Internet of Things device, characterized in that the Internet of Things device includes:
    处理器;processor;
    与所述处理器相连的收发器;a transceiver connected to the processor;
    用于存储所述处理器的可执行程序代码的存储器;memory for storing executable program code for the processor;
    其中,所述处理器被配置为加载并执行所述可执行程序代码以实现如权利要求1-8或15-20任一所述的ACL控制方法。Wherein, the processor is configured to load and execute the executable program code to implement the ACL control method according to any one of claims 1-8 or 15-20.
  50. 一种第一管理设备,其特征在于,所述第一管理设备包括:A first management device, characterized in that the first management device includes:
    处理器;processor;
    与所述处理器相连的收发器;a transceiver connected to the processor;
    用于存储所述处理器的可执行程序代码的存储器;memory for storing executable program code for the processor;
    其中,所述处理器被配置为加载并执行所述可执行程序代码以实现如权利要求9-14或20-24任一所述的ACL控制方法。Wherein, the processor is configured to load and execute the executable program code to implement the ACL control method according to any one of claims 9-14 or 20-24.
  51. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中存储有可执行程序代码,所述可执行程序代码由处理器加载并执行以实现如权利要求1至24任一所述的ACL控制方法。A computer-readable storage medium, characterized in that the computer-readable storage medium stores executable program codes, and the executable program codes are loaded and executed by a processor to implement any one of claims 1 to 24. The ACL control method described above.
  52. 一种芯片,其特征在于,所述芯片包括可编程逻辑电路和/或程序指令,当所述芯片在物联网设备或第一管理设备上运行时,用于实现如权利要求1至24任一所述的ACL控制方法。A chip, characterized in that, the chip includes programmable logic circuits and/or program instructions, and when the chip runs on an Internet of Things device or a first management device, it is used to implement any one of claims 1 to 24. The described ACL control method.
  53. 一种计算机程序产品,其特征在于,所述计算机程序产品包括计算机指令,所述计算机指令存储在计算机可读存储介质中;A computer program product, characterized in that the computer program product includes computer instructions, and the computer instructions are stored in a computer-readable storage medium;
    物联网设备的处理器从所述计算机可读存储介质读取所述计算机指令,并执行所述计算机指令,使得所述物联网设备执行如权利要求1-8或15-20任一所述的ACL控制方法;The processor of the Internet of Things device reads the computer instructions from the computer-readable storage medium, and executes the computer instructions, so that the Internet of Things device performs any one of claims 1-8 or 15-20. ACL control method;
    第一管理设备的处理器从所述计算机可读存储介质读取所述计算机指令,并执行所述计算机指令,使得所述第一管理设备执行如权利要求9-14或20-24任一所述的ACL控制方法。The processor of the first management device reads the computer instructions from the computer-readable storage medium, and executes the computer instructions, so that the first management device performs any one of claims 9-14 or 20-24. The ACL control method described above.
  54. 一种计算机程序,其特征在于,当所述计算机程序由物联网设备或第一管理设备的处理器执行时,其用于实现如权利要求1至24任一所述的ACL控制方法。A computer program, characterized in that, when the computer program is executed by a processor of an IoT device or a first management device, it is used to implement the ACL control method according to any one of claims 1 to 24.
PCT/CN2021/076588 2021-02-10 2021-02-10 Acl control method and apparatus, and device and storage medium WO2022170589A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2021/076588 WO2022170589A1 (en) 2021-02-10 2021-02-10 Acl control method and apparatus, and device and storage medium
CN202180074804.4A CN116458122A (en) 2021-02-10 2021-02-10 ACL control method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/076588 WO2022170589A1 (en) 2021-02-10 2021-02-10 Acl control method and apparatus, and device and storage medium

Publications (1)

Publication Number Publication Date
WO2022170589A1 true WO2022170589A1 (en) 2022-08-18

Family

ID=82838130

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/076588 WO2022170589A1 (en) 2021-02-10 2021-02-10 Acl control method and apparatus, and device and storage medium

Country Status (2)

Country Link
CN (1) CN116458122A (en)
WO (1) WO2022170589A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130031608A1 (en) * 2010-04-01 2013-01-31 Research In Motion Limited Methods and apparatus to transfer management control of a client between servers
CN103309307A (en) * 2013-05-15 2013-09-18 重庆邮电大学 Smart household appliance control method based on object access control
CN104079437A (en) * 2010-08-12 2014-10-01 华为终端有限公司 Method and terminal for achieving authority management and control
CN106789859A (en) * 2016-01-29 2017-05-31 新华三技术有限公司 message matching method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130031608A1 (en) * 2010-04-01 2013-01-31 Research In Motion Limited Methods and apparatus to transfer management control of a client between servers
CN104079437A (en) * 2010-08-12 2014-10-01 华为终端有限公司 Method and terminal for achieving authority management and control
CN103309307A (en) * 2013-05-15 2013-09-18 重庆邮电大学 Smart household appliance control method based on object access control
CN106789859A (en) * 2016-01-29 2017-05-31 新华三技术有限公司 message matching method and device

Also Published As

Publication number Publication date
CN116458122A (en) 2023-07-18

Similar Documents

Publication Publication Date Title
US9763094B2 (en) Methods, devices and systems for dynamic network access administration
CN107223326B (en) Network access authority management method and related equipment
JP5777808B2 (en) Method and device for data access control in a peer-to-peer overlay network
US20160072843A1 (en) Policy-Based Control Layer in a Communication Fabric
US11765164B2 (en) Server-based setup for connecting a device to a local area network
CN105933245B (en) Safe and trusted access method in software defined network
US8108904B1 (en) Selective persistent storage of controller information
CN107247899B (en) Role authority control method and device based on security engine and security chip
US11683312B2 (en) Client device authentication to a secure network
CN112910882B (en) Network management method, device, system and computer readable storage medium
CN110139274A (en) A kind of method for authenticating of bluetooth equipment, electronic equipment and can storage medium
CN110138714A (en) Method, apparatus, electronic equipment and the storage medium of access process
US20160285843A1 (en) System and method for scoping a user identity assertion to collaborative devices
JP2007208759A (en) Authentication security system obtained by combining mac address with user authentication
WO2022170589A1 (en) Acl control method and apparatus, and device and storage medium
JP5110082B2 (en) Communication control system, communication control method, and communication terminal
JP2009509435A (en) Method and apparatus for deferring access to a service
CN116743472A (en) Resource access method, device, equipment and medium
CN115314895B (en) WAPI user authentication method, WAPI user authentication system and access site AS
CN108259420B (en) Message processing method and device
CN108306875B (en) Method and device for controlling access of wired terminal
US20100325718A1 (en) Automatic Firewall Configuration
WO2021039676A1 (en) Wireless communication system, wireless communication method, and non-transitory computer-readable medium having stored wireless communication program therein
CN107547336B (en) Method and device for adding authorized VLAN into authentication port
CN102123147B (en) Method and system for differential authorization of network device

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 202180074804.4

Country of ref document: CN

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21925251

Country of ref document: EP

Kind code of ref document: A1