Access control method and system based on attribute and role

An access control and attribute technology, applied in the field of access control of information resources, can solve problems such as RBAC insufficiency, large-scale user dynamic change access ABAC insufficiency, etc., and achieves the effect of resolving redundancy and conflict.

Inactive Publication Date: 2014-12-24
INST OF INFORMATION ENG CAS
View PDF2 Cites 21 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Aiming at the defects in the prior art, the present invention provides an access control method and system based on attributes and roles, wh

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Access control method and system based on attribute and role
  • Access control method and system based on attribute and role
  • Access control method and system based on attribute and role

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0099] Application of this method in WeChat

[0100] Divide all the visitors in the "nearby people" in WeChat into five categories: contacts in the mobile phone (saved phone numbers), WeChat friends, QQ friends, the same school or work unit in WeChat as the interviewee, unfamiliar people. This results in four roles: friends, known, colleague, unknown. The order of priority is as follows Table 2 shows the priority and authority assignment of roles in WeChat:

[0101]

[0102]

[0103] (Note: Read means viewing photo logs, etc., TimeSeen means that the time of publication is visible, PlaceSeen means that the place of publication is visible, Forwarding means forwarding comments)

[0104] Table 2

[0105] According to the policy language above, the policy is constructed as follows:

[0106] Rule1: phone-number in Phone-Contacts->friends;

[0107] Rule2: WeChat-number in WeChat-friends->known;

[0108]Rule3: QQ-number in QQ-friends->known;

[0109] Rule4: place=my plac...

Embodiment 2

[0117] Application of this method in the taxi system

[0118] At present, the taxi-hailing system is widely used, but the system is simple, and generally you can only contact the customer service to call the driver of the empty car, which is very inconvenient and inflexible. But if the taxi information can be checked online, it will bring security problems. The current design is as follows: the driver's relatives can view all driver information; the driver's friends can view the current location to contact you; the operating company can view the driver's historical itinerary for unified scheduling; Check their mobile phone number for easy contact. The following table 3 shows the priority and authority assignment of roles in the taxi-hailing system.

[0119]

[0120] (Note: Real-time-location indicates the driver's real-time location, History-track indicates the historical trace, License-plate indicates the license plate, car-owner indicates the driver's personal informati...

Embodiment 3

[0133] Application of this method in online cinema

[0134] An online movie theater is currently open to the EU, US, Japan and China (other countries are not considered because of religious issues). Since China does not allow teenagers and children to surf the Internet alone, the movie theater stipulates that the role distribution of the online movie theater is as follows: Table 4

[0135]

[0136] Table 4

[0137] According to the policy language above, the policy is constructed as follows:

[0138] Rule1: age≥3 and country in{EU, America, Japan}->Child;

[0139] Rule2: age≥11 and country in{EU, America, Japan}->Juvenile;

[0140] Rule3: age≥16 and country in{EU, America, Japan, China}->Adolescent;

[0141] Rule4: age≥18 and country in{EU, America, Japan, China}->Adult;

[0142] According to the definition in the invention scheme:

[0143] (1) Rule1 and Rule2, Rule3 and Rule4 constitute exceptional conflicts;

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an access control method and system based on an attribute and a role. The method comprises the steps that for a plurality of users who bring up access resource requests, attribute strategies are designed according to the feature information of the users, and conflicting strategies in the attribute strategies are optimized; the attribute values of the users are obtained, and according to a preset attribute expression, whether the users have the right to carry out accessing is judged; if the users have the right to carry out accessing, according to the attribute distribution roles of the users and the roles, authority corresponding to the roles is checked, and accessing and obtaining of resource information by the users are achieved. According to the method, through the feature that ABAC can meet the requirement for large-scale dynamic accessing and the flexibility of RBAC authority distribution and management, access control mixed with the two parts is designed, and on the basis, the problems of strategy redundancy and conflicting are solved.

Description

technical field [0001] The invention relates to the field of access control of information resources, in particular to an access control method and system based on attributes and roles. Background technique [0002] With the rapid development of the Internet of Things, security issues have become increasingly prominent. For example, the disclosure of taxi information in the taxi-hailing system and the disclosure of location privacy in WeChat abound. However, the commonly used access control is mainly the access control in the Internet. For example: Role Based Access Control (RBAC for short), Attribute Based Access Control (ABAC for short) and so on. Among them, RBAC introduces the concept of roles between users and access rights. Users are associated with one or more specific roles, and roles are associated with one or more access rights. Roles can be generated or canceled according to actual work needs. Moreover, users who log in to the system can dynamically activate th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/58
Inventor 孙凯文殷丽华郭云川李超
Owner INST OF INFORMATION ENG CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap