Fine-grained access control method and system based on strategy grammar
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
An access control, fine-grained technology, applied in the direction of instruments, electrical digital data processing, digital data protection, etc., to achieve the effect of wide coverage of requirements, flexible management, and reduce the risk of misoperation
Inactive Publication Date: 2019-10-08
SHANDONG LANGCHAO YUNTOU INFORMATION TECH CO LTD
View PDF6 Cites 6 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0006] The technical task of the present invention is to provide a fine-grained access control method and system based on policy syntax to solve t
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0065] as attached figure 1 As shown, the fine-grained access control method based on policy syntax of the present invention, the steps of the method are as follows:
[0066] S1. Production strategy: Inspur cloud account strategy is preset for access control in public scenarios; for example, the main account needs to have access rights to the resources under its own account, and the sub-accounts have access rights to the resources it belongs to. Users can customize and create the required policies according to their needs; the specific steps are as follows:
[0067] S101. The created strategy includes resource (referring to resources in cloud services, including information such as services, regions, accounts, etc., which can be specific to resource instance granularity), action (specific operations on resources or resource instances) or condition (custom data filtering Conditions, more precise authorization); among them, resource represents one or a kind of resource, and sup...
Embodiment 2
[0092] The policy syntax-based fine-grained access control system of the present invention includes:
[0093] Inspur cloud account is used to create users and user groups, specify policies according to conditions, and then authorize the policies to sub-users and user groups, so that all users under the user tools and user groups have the functional permissions specified by the policies;
[0094] The strategy production module is used for users to customize and create the required strategies according to their needs;
[0095] The authorization module is used to bind the created policy to the entity. The entity is a user or user group, which abandons the concept of role and makes the process of access control more direct and efficient;
[0096] The authentication module is configured to assemble authentication request information according to the user request after receiving the user request. The authentication module adopts the authentication component ladon.
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
PUM
Login to view more
Abstract
The invention discloses a fine-grained access control method and system based on strategy grammar. The invention discloses an access control method based on a wave cloud account strategy, belongs to the field of strategy access control, and aims to solve the technical problem of how to effectively protect system resources from being stolen and damaged and realize access control service with finerstrength, and the method comprises the following steps: S1, production strategy: presetting the wave cloud account strategy for access control of a public scene; the user creates a required strategy in a user-defined manner according to requirements; S2, authorization: binding the created strategy with an entity, wherein the entity is a user or a user group; and S3, authentication: after receivinga user request, assembling authentication request information according to the user request. The system comprises a wave cloud account, a strategy production module and an authentication module; andthe wave cloud account is used for creating a user and a user group, specifying a strategy according to conditions, and authorizing the strategy to the sub-users and the user group, so that the userhas the function permission specified by the strategy and all the users in the user group.
Description
technical field [0001] The invention relates to the field of access control based on policy syntax, in particular to a fine-grained access control method and system based on policy syntax. Background technique [0002] The implementation of access control technology is mainly based on the expression, analysis and implementation of access control policies. Among them, the access control policy defines the goal of system security protection, the access control model abstracts and describes the application and implementation of the access control policy, and the access control framework describes the specific implementation, composition architecture and interaction process between components of the access control system . [0003] Inspur Cloud provides many services for users, and provides basic access control services to restrict operations such as user menu permissions, but this kind of coarse-grained control can no longer meet more refined and deeper security requirements. ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to view more
IPC IPC(8): G06F21/60
CPCG06F21/604
Inventor 刘可新高传集蔡卫卫唐晓东黄启庆
Owner SHANDONG LANGCHAO YUNTOU INFORMATION TECH CO LTD
Login to view more 
Login to view more