Unlock instant, AI-driven research and patent intelligence for your innovation.

Dynamic authorization method and system based on user context and strategy

A dynamic authorization and context technology, applied in transmission systems, electrical components, etc., can solve the problems that users cannot be changed, the RBAC model is difficult to apply, and affects all objects, etc., so as to improve work efficiency and user experience, and reduce authority query calculations Effect

Active Publication Date: 2020-04-24
STATE GRID HEBEI ELECTRIC POWER CO LTD +2
View PDF8 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] 4.MAC: (Mandatory Access Control) mandatory access control, all access control policies are formulated by the system administrator, and users cannot change them
This deficiency makes the RBAC model difficult to apply to entity systems that require a strict order of operations
[0010] 2) DAC: The biggest defect is that the authority control is relatively scattered, which is not easy to manage. For example, it is impossible to simply set a unified authority for a group of files and open it to a designated group of users
At the same time, this model has a large security risk. When a security crack occurs in a program, it will affect all objects that the user can access
This makes the DAC particularly vulnerable to Trojan horses
[0011] 3) ABAC: The ABAC permission control model requires complex calculations on resource attributes, and is not widely used because of its complexity. If the rules are a little more complicated or the design is chaotic, it will cause trouble for managers to maintain and trace. At the same time, if Permission judgment needs to be executed in real time, too many rules will lead to performance problems
[0012] 4) MAC: MAC was born to make up for the problem of over-dispersion of DAC authority control. MAC is very suitable for confidential institutions or other industries with a strong sense of hierarchy, but for similar commercial service systems, it cannot be applied because it is not flexible enough

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Dynamic authorization method and system based on user context and strategy
  • Dynamic authorization method and system based on user context and strategy
  • Dynamic authorization method and system based on user context and strategy

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0041] A dynamic authorization method based on user context and policies. When a user initiates a request to the client, the client collects user context information and verifies whether it has been authorized. If the user is not authorized, the client uploads the context information to the server; The above server verifies whether the user has the permission to access resources. If the user does not have permission, the user permission is dynamically calculated according to the context information. If the calculation result meets the set access authorization requirements, the resource access permission is granted to the user in real time.

[0042] The present invention is different from the traditional method of using static authority configuration to realize user and resource authorization, and the present invention is mainly oriented to a more convenient, safe and efficient authorization management method used in and device scenarios. Different from the traditional method of...

Embodiment 2

[0044] A dynamic authorization method based on user context and policies, such as figure 1 As shown, it mainly includes the following steps:

[0045] (1) When a user initiates a request, the client will automatically collect the user's instant context information, including login status, user device information, network location information, etc.;

[0046] (2) At the same time, the client first obtains the encrypted and stored pre-authorization information locally, and verifies whether the user has been authorized; if the user has been authorized, he can enter the next step of business behavior;

[0047] (3) The user has no local authorized information, and the request will be submitted to the server for permission verification. At the same time, the user's context information is also uploaded to the server synchronously. First, the permission dynamic group module of the server quickly retrieves whether the user has access to the resource authority; if the user has been autho...

Embodiment 3

[0056] A dynamic authorization method based on user context and policies, such as figure 1 As shown, it mainly includes the following steps:

[0057] (1) When a user initiates a request, the dynamic permission pre-module on the mobile terminal will automatically collect the user's immediate context information, including login status, user device information, network location information, etc.;

[0058] (2) The user will communicate and establish a connection with the smart lock that needs to be accessed. At this time, it will check whether the user has access rights to the smart lock; the method is that the dynamic permission pre-module first obtains the encrypted and stored pre-privilege information from the local, Verify whether the user has been authorized; if the user has been authorized, he can enter the next step of business behavior, such as unlocking; when performing the next step of operation, he can combine authentication methods that meet security requirements, suc...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a dynamic authorization method and system based on user context and strategy. The system comprises a dynamic authorization front-end module, a dynamic authorization engine module, a dynamic permission group module and a dynamic permission strategy configuration module. When a user initiates a request to the client, the client collects the context information of the user andverifies whether the user is authorized or not: if the user is not authorized, the client uploads the context information to the server, and the server verifies whether the user has the authority ofaccessing the resources; if the user has no authority, the user authority is dynamically calculated according to the context information, and if the calculation result meets the set access authorization requirement, the access authority of the resources is granted to the user in real time. Different from the traditional method for realizing user and resource authorization by adopting static permission configuration, the method provided by the invention is used for more convenient, safer and more efficient authorization management in an equipment scene.

Description

technical field [0001] The invention belongs to the technical field of dynamic authorization, and in particular relates to a dynamic authorization method and system based on user context and strategy. Background technique [0002] With the rapid development and wide application of Internet technology, the continuous expansion of enterprise scale, and the increasingly diverse data of enterprise information resources, how to safely and efficiently manage data resources in enterprise information systems and do a good job in the authority control of various resources is a key issue for various enterprises. A major challenge faced by information management systems. Therefore, the authority access control of information resources occupies an important position in the design and development of information systems. [0003] Authority management appears in almost any IT system, and user authorization is an indispensable part of IT system management. The traditional method is mainly...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/10H04L63/104H04L63/08H04L63/083H04L63/0861
Inventor 高丽芳杨会峰辛锐陈连栋王静张晓韬李江鑫李启蒙王智慧刘玮杨楠周文芳郭少勇王少影肖治华胡美慧
Owner STATE GRID HEBEI ELECTRIC POWER CO LTD