Supercharge Your Innovation With Domain-Expert AI Agents!

Resource access control method and device

A technology for access control and resource access, which is applied in the field of communication and can solve problems such as no implementation plan given

Active Publication Date: 2020-01-14
CHINA ACAD OF TELECOMM TECH
View PDF7 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] At present, the security specification (oneM2M TS-0003: "Security Solutions") in the oneM2M series of specifications gives a high-level description of the oneM2M authorization architecture, specifically giving the main components and basic processes of the authorization architecture, but how to describe the access control strategy The relevant rules have not yet given a specific implementation plan

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Resource access control method and device
  • Resource access control method and device
  • Resource access control method and device

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0104] The access control rule description: the initiator (AE2, AE3, AE4, AE5) can \ Created under resources resource. The rule primitives in this access control rule include:

[0105] Rule effect="permit"

[0106] Rule primitive merge rule: "and"

[0107] Rule primitive 1: request.get("to")=="CSEBase\AE1" / /

[0108] Rule primitive 2: request.get("from") in "AE2, AE3, AE4, AE5"

[0109] Rule primitive 3: request.get("operation")=={"create","retrieve","update"}

[0110] Rule primitive 4: request.get("resource type")=="container"

[0111] Rule primitive 5: request.get("content")in{"maxNrOfInstances", "maxByteSize", "maxInstanceAge"}

[0112] illustrate:

[0113] The rule primitive Rule primitive 1 describes the target resource as CSEBase\AE1. This rule primitive can also be placed in a target resource rule.

[0114] Rule primitive 2 describes the initiator (AE2, AE3, AE4, AE5) as the initiator of the applicable resource access request. This rule...

example 2

[0119] The access control rule description: the initiator (CSE2, CSE3, CSE4) can obtain \ The property value of the resource property (resourceType) of the resource.

[0120] Rule effect="permit"

[0121] Rule primitive merge rule: "and"

[0122] Rule primitive 1: request.get("to")=="CSEBase\AE1"

[0123] Rule primitive 2: request.get("from") in "CSE2, CSE3, CSE4"

[0124] Rule primitive 3: request.get("operation")==”retrieve”

[0125] Rule primitive 4: request. get("content") in {"resourceType"}

[0126] illustrate:

[0127] The rule primitive Rule primitive 1 describes the target resource as CSEBase\AE1. This rule primitive can also be placed in a target resource rule.

[0128] Rule primitive 2 describes the initiator (CSE2, CSE3, CSE4) as the initiator of the applicable resource access request. This rule primitive can also be placed in an initiator rule.

[0129] Rule primitive Rule primitive 3 describes the allowed resource operations as: re...

example 3

[0132] The access control rule describes: role-based access control (Role-Based Access Control, RBAC). The role "Admin" is available in Created under resources resource.

[0133] Rule effect="permit"

[0134] Rule primitive merge rule: "and"

[0135] Rule effect="Permit"

[0136] Rule primitive 1: request.getParents("to")=="CSEBase"

[0137] Rule primitive 2: request. get("from") in "AE1, AE2, AE3"

[0138] Rule primitive 3: request. get("role ids") in "admin"

[0139] Rule primitive 4: request.get("operation") == "create"

[0140] Rule primitive 5: request.get("resource type")=="AE"

[0141] illustrate:

[0142] Rule primitive 1 describes that the target resource is a sub-resource under CSEBase. This rule primitive can also be placed in a target resource rule.

[0143] Rule primitive 2 describes the initiator (AE1, AE2, AE3) as the initiator of the applicable resource access request. This rule primitive can also be placed in an initiator ru...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a resource access control method and device. The method comprises the following steps: after an access control decision request for requesting to carry out access control strategy judgment on a resource access request initiated by an initiator is received, carrying out access control strategy judgment on the resource access request according to an access control strategy, and returning an access control decision response, wherein the access control strategy comprises one or more access control rules, the one or more access control rules are used for describing rules which should be satisfied under the condition that a target resource rule and an initiator rule are satisfied, each access control rule is described by using at least one access control rule primitive set, the access control rule primitive set comprises one or more rule primitives, and one rule primitive in the access control rule primitive set is used for describing one judgment condition in the access control rule.

Description

technical field [0001] The present invention relates to the field of communication technology, in particular to a resource access control method and device. Background technique [0002] The Internet of Things standardization organization oneM2M is committed to developing a series of technical specifications for constructing a common Machine-To-Machine communication (Machine-To-Machine, M2M) service layer. The core of oneM2M is data sharing, which is specifically realized through the sharing of data items on the resource tree defined in the oneM2M public service entity (Common Services Entity, CSE). [0003] oneM2M realizes the sharing and interaction of service layer resources by operating the standardized resource tree, and the oneM2M resource tree exists in the CSE defined by the oneM2M system. According to the definition in the oneM2M Functional Architecture Specification (oneM2M TS-0001: "Functional Architecture"), the form of the oneM2M resource tree is as follows fi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/205H04L63/10H04L9/40
Inventor 周巍
Owner CHINA ACAD OF TELECOMM TECH
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com