CN101729403A - Access control method based on attribute and rule - Google Patents
Access control method based on attribute and rule Download PDFInfo
- Publication number
- CN101729403A CN101729403A CN200910200261A CN200910200261A CN101729403A CN 101729403 A CN101729403 A CN 101729403A CN 200910200261 A CN200910200261 A CN 200910200261A CN 200910200261 A CN200910200261 A CN 200910200261A CN 101729403 A CN101729403 A CN 101729403A
- Authority
- CN
- China
- Prior art keywords
- user
- role
- attribute
- rule
- access control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses an access control method based on attributes and rules, comprising the following steps: (1) according to an access strategy, drawing up a rule based on an attribute assignment role; (2) for a user making a request of accessing resources, obtaining a user attribute and the corresponding value thereof by the system according to the user information in the database; (3) according to the user attribute and the corresponding value thereof which are obtained in step (2), building a user attribute expression, and distributing a user role according to the rule made in step (1); (4) searching the corresponding permission for distributing user roles and building a combination permission so as to ensure that users can access and obtain the summarized information of resources. The invention can combine user attributes with rules and realizes an efficient access control mechanism capable of automatically distributing the user role.
Description
Technical field
The present invention relates to a kind of access control method of information resources, be specifically related to a kind of access control method based on attribute and rule.
Background technology
Along with developing rapidly and extensive use of computer networking technology, the network information security seems and is even more important, its basic goal is confidentiality, integrality and the availability that ensures information in the computer, and wherein, access control is a kind of important technology that ensures management information safety.Access control technology has multiple, as autonomous access control (Discretionary Access Control is called for short DAC), force access control (Mandatory AccessControl, be called for short MAC), based on role's access control (Role Based Access Control is called for short RBAC).Wherein, the RBAC model is acknowledged as the current access control model of new generation that development potentiality is arranged most, and is furtherd investigate widely and use with empowerment management efficiently.
In large enterprise, user and rights management are a complexity, challenging work.The RBAC model is by introducing this intermediary of role (Role), and the role that manual allocation user is suitable, thereby authorized user role's authority have realized the logical separation of user and authority having made things convenient for the management of authority widely.But the role of RBAC model is static often, when tissue and changes of function take place in large enterprise, need a large number of role is redistributed, simultaneously, when number of users is very huge, the artificial role assignments and the way to manage of RBAC model make the role-security management work become very huge, heavy.
The heavy management role that rule-based RBAC (Rule based RBAC is called for short RB-RBAC) brings for huge number of users provides a kind of solution.The RB-RBAC model generalization has been considered user property, lays down a regulation, and for the user distributes the role automatically, realizes automatic management user and authority, satisfies the demand for security of the huge number of users of management, has reduced the complexity of management work to a certain extent.The user property number of considering when system increases gradually, the analysis user role assignments becomes increasingly complex, Rulemaking becomes and becomes increasingly complex, and regular number is exponential increase with the growth of user property number, and these limitation make model can not satisfy service well and use the demand for security that increases.And RB-RBAC does not propose the solution of multiple access strategy.Access control (Attribute based Access Control based on attribute, abbreviation ABAC) model is not quoted " role " this intermediary, make the management work of model become comparatively complicated, have much repeated work, can not satisfy the huge demand of number of users.
In the enterprise that service much is provided, along with developing of enterprise, number of users simultaneously, has been formulated the more policy requirement of refinement diversification to the visit of resource becoming hundred continuous growths up to ten thousand.These make and labor management distributing user role become a fearful huge management role, can not satisfy the needs of system.This just needs an effective access control method to realize the safety management of complicated day by day data resource.
Along with the resource information fine granularityization, enterprise often according to multiple different resource attribute and multiple different user attribute, formulates corresponding access strategy, protects the resource information of safer refinement.The diversification access strategy of formulating at the Resource Properties of dissimilar user properties and number of different types has become a kind of needs.
Summary of the invention
Technical problem to be solved by this invention provides a kind of access control method based on attribute and rule, user property and regular combination can be realized automatic distributing user role's efficient access controlling mechanism.
In order to solve above technical problem, the invention provides a kind of access control method based on attribute and rule, comprise the steps:
(1) according to the rule of access strategy formulation based on the attribute assignment role;
(2) for proposing the access resources requesting users, system obtains user property and respective value thereof according to the user profile in the database;
(3) described user property and the respective value thereof that obtains according to step (2) set up the attribute of user expression formula, according to the rule that step (1) is formulated, distributing user role;
(4) inquiry distributing user role's corresponding authority is set up combination permission, and the user realizes the visit of the integrated information of resource is obtained.
Wherein, the rule of formulating based on the attribute assignment role according to access strategy comprises:
Corresponding relation in analysis access strategy and the access strategy between user property and Resource Properties;
Formulate the rule of distributing the role, set up role and corresponding authority information storehouse thereof.
Corresponding relation between described user property and Resource Properties comprises: the corresponding relation of man-to-man corresponding relation and one-to-many.
In above-mentioned access control method, described role of foundation and corresponding authority information storehouse thereof comprise:
Set up man-to-man role and corresponding authority information storehouse thereof;
Set up the role and the corresponding authority information storehouse thereof of one-to-many.
Described attribute of user expression formula comprises: single attribute expression formula and composite attribute expression formula.
The inventive method is to propose at the fine granularity access strategy based on diversified user property and Resource Properties formulation, can carry out the access control of resource information effectively.System is by laying down a regulation, automatic distributing user role, role's number is to be classified by the value of user property to determine, has simplified number of users and has increased the safety management problem of bringing, satisfy the access strategy of diversification, adapt at present at the more fine-grained demand of resource information visit.This method is applicable to that all according to the application scenario that user property and Resource Properties are generated strategy, also can satisfy the demand for security of security audit, as enterprises such as some banks.This method has strengthened the flexibility of system management and convenience, operability, and is practical.
Description of drawings
Below in conjunction with the drawings and specific embodiments the present invention is described in further detail.
Fig. 1 is of the present invention based on the flow chart of attribute with the access control method of rule;
Fig. 2 is a kind of access strategy schematic diagram of the present invention;
Fig. 3 a is the one-to-one relationship schematic diagram of user property and Resource Properties in Fig. 2 access strategy;
Fig. 3 b is the many-one relationship schematic diagram of user property and Resource Properties in Fig. 2 access strategy;
Fig. 4 is the user property of one embodiment of the present of invention and the corresponding relation of Resource Properties;
Fig. 5 is the combination permission schematic diagram of one embodiment of the invention.
Embodiment
The used basic concepts of this method and being defined as follows:
1. user (User) is the entity that resource is operated.
2. (User Attribute ua), represents user's the identity and the information of characteristic to user property.As user nationality (User-Country), age of user (User-Age).
3. resource (Resource).It is a kind of entity by user's operation.
4. (Resource Attribute ra), represents the relevant information of resource characteristics to Resource Properties.Different resource has different respective attributes, same resource has multiple different attribute information, as: movie resource has movie name (Movie-Title), movie contents (Movie-Content), movie Language (Movie-Language) and film issuing time attributes such as (Movie-ReleaseDate).
5. composite attribute expression formula (cae) for the access strategy of certain Resource Properties, is when being formulated by user's a few kinds of attributes, this moment the user the combination of expression formula of these several attribute correspondences, constituted user's composite attribute expression formula.As, User-Country=" China " AND User-Career=" Engineer ".
6. single attribute expression formula (sae), the expression formula that the single attribute of user is formed.For the access strategy of certain Resource Properties, be when formulating by user's a certain attribute, this moment, user's the expression formula of this attribute correspondence was the single attribute expression formula.
7. combination permission (CP) is the combination that distributes certain user's the pairing authority of several different role, is the final authority of user access resources.
In the diversified fine-grained multiple access strategy of system's appointment, relate to polytype user property and polytype Resource Properties.According to the corresponding relation of user property in the strategy and Resource Properties, assignment of allocation role's rule is set up the role of distributing user and the authority of correspondence thereof.
For proposing the access resources requesting users, according to attribute of user and property value thereof, by rule, the role that distributing user is concrete, obtain the authority of role's correspondence, thereby can obtain the combination of the user right of different resource attribute correspondence, according to this combination permission, the user realizes the final visit to resource.
Fig. 1 is system's flowchart of the inventive method.The step that the inventive method comprises has:
Step S1, formulate rule based on the attribute assignment role according to access strategy.Specifically be according to the diversified fine-grained access strategy of system or enterprise's formulation, formulate rule according to the attribute assignment role.Comprise the following steps:
(1) corresponding relation between user property and Resource Properties in analysis access strategy and the strategy.
For the resource conservation information security, enterprise often according to Resource Properties and user property, defines access strategy.In a plurality of access strategies, the corresponding relation of user property and Resource Properties is concluded, and has two kinds, and a kind of is man-to-man relation, a kind of Resource Properties information of the corresponding visit of promptly a kind of user property; Another kind is the relation of one-to-many, a kind of Resource Properties information of the corresponding visit of promptly a plurality of user properties.
For example Fig. 2 is the user property that obtains according to Fig. 1 and two kinds of corresponding relations of Resource Properties.Represent 5 access strategies, these strategies comprise 4 kinds of user property (ua
1, ua
2, ua
3, ua
4) and 4 kinds of Resource Properties (ra
1, ra
2, ra
3, ra
4).In these 5 strategies, the corresponding relation of Resource Properties and user property has: man-to-man corresponding relation is (as ra
1---ua
1Ra
2---ua
2), as Fig. 3 a; Corresponding relation (the ra of one-to-many
3---ua
2, ua
3Ra
4---ua
3, ua
4), as Fig. 3 b.
(2) formulate the rule of distributing the role, set up role and corresponding authority information storehouse thereof.Step is as follows:
I. when certain Resource Properties and user property were man-to-man corresponding relation, system formulated distributing user role's rule, set up the role RS (rs of distributing user in the rule
1, rs
2..., rs
m) and the information bank PS (ps of the corresponding authority of role
1, ps
2..., ps
m).
Ii. when certain Resource Properties and user property were the corresponding relation of one-to-many, system formulated distributing user role's rule, set up the role RC (rc of distributing user in the rule
1, rc
2..., rc
n) and the information bank PC (pc of the corresponding authority of role
1, pc
2..., pc
n).
Step S2, for proposing the access resources requesting users, system obtains user property and respective value thereof according to the user profile in the database.
Step S3, according to user's various attributes and respective value thereof, set up user's sae and cae, the rule of formulating according to (2) step of step S1, distributing user role rs and rc.
Step S4, inquiry distributing user role's corresponding authority ps and pc set up combination permission CP, and the user realizes the visit of the integrated information of resource is obtained.
As Fig. 4 and Fig. 5 is a specific embodiment of the present invention.Certain online amusement shop following 3 access control policies of formulating and implementing:
The strategy 1: for the age user of 21}, regulation can be watched the film of L1 rank all the elements (all content) content; { 13, the user of<21} can watch the L2 rank not have the film of yellow (no sex) content for the age; { user of<13} can watch the L3 rank not have the film of yellow, violence, religion (no sex, noviolence, no religion) content for the age.
Strategy 2: some country is owing to reasons such as specific national conditions culture, and the content that film is play limits to some extent.So, for belonging country be China, India, Saudi Arabia, Egypt, Singapore China, India, SaudiArabia, Egypt, the user of Singapore}, regulation can not be watched the film that yellow content is arranged;
Strategy 3: based on the access control policy of pay pairing user's qualification and new and old type film.
Be 100 yuan user for paying in every month, regulation can not be watched the film of up-to-date issue; Be 300 yuan user for paying in every month, can watch the film of up-to-date issue.
Realize may further comprise the steps according to the present invention based on the access control method of attribute and rule:
Step 1, formulate rule based on the attribute assignment role according to access strategy.Specifically comprise:
Step 1.1, according to the corresponding relation of access control policy analysis user property and Resource Properties in strategy.It as Fig. 4 the corresponding relation between user property and the Resource Properties in the access strategy of present embodiment.
Step 1.2, according to access strategy, formulate distributing user role's rule, set up the information bank of role and corresponding authority.Wherein:
(1) according to the one-to-one relationship of Resource Properties in the access strategy (Resource-ReleaseDate) with user property (User-Fee), it is as follows to lay down a regulation:
Rule 1: if 300 yuan of user charges, then user role is that great number is paid.
Rule 2: if 100 yuan of user charges, then user role is common paying.
The program code of realizing is as follows:
Rule1::IF?User-Fee=300
THEN?Assign?Role“Premium”
Rule2::IF?User-Fee=100
THEN?Assign?Role“Regular”
(2) according to Resource Properties in the access strategy: resource content (Resource-Content), with user property age of user (User-Age), user nationality's (User-Country) one-to-many corresponding relation, definition set { A, ..., Z} is the set of user nationality's (User-Country) property value.Therefore, lay down a regulation as follows:
The rule 3: if age of user less than 13, and the user nationality belong to set A ..., Z}, then user role is children.
The rule 4: if age of user more than or equal to 13 and less than 21, and the user nationality belong to set A ..., Z}, then user role is the teenager.
Rule 5: if age of user more than or equal to 21, and the user nationality belongs to set { China, India, Saudi Arabia, Egypt, Singapore }, then user role is the teenager.
Rule 6: if age of user more than or equal to 21, and the user nationality do not belong to set { China, India, Saudi Arabia, Egypt, Singapore }, then user role is adult.
The program code of realizing is as follows:
Rule3::IF?User-Age<13?AND
User-Country?IN{A,...,Z}
THEN?Assign?Role?“Child”
Rule4::IF?{User-Age>=13?AND?User-Age<21}?AND
User-Country?IN{A,...,Z}
THEN?Assign?Role?“Juvenile”
Rule5::IF?User-Age>=21?AND
User-Country?IN?{China,India,Saudi?Arabia,Egypt,Singapore}
THEN?Assign?Role?“Juvenile”
Rule6::IF?User-Age>=21?AND
User-Country?IN?{{A,...,Z}-{China,India,Saudi?Arabia,Egypt,
Singapore}}
THEN?Assign?Role?“Adult”
Set up role and corresponding authority information, see as following table one.
Table one
| The role | The authority storehouse |
| The adult | L1 rank (all the elements) |
| The teenager | L2 rank (no yellow content) |
| Children | L3 rank (not having yellow, violence, religion content) |
| Great number is paid | Can see the film of non-up-to-date issue and up-to-date issue |
| Common paying | Can see the film of non-up-to-date issue |
Program code is set up role and corresponding authority information, sees as following table two
Table two
| The role | The authority storehouse |
| ??Adult | ?L1{all?content} |
| ??Juvenile | ?L2{no?sex} |
| ??Child | ?L3{no?sex,no?violence,no?religion} |
| ??Premium | ?Can?view{new,old}release?date?movies |
| ??Regular | ?Can?view?old?release?date?movies |
When step 2, certain user capture system resource,, set up sae and cae according to attribute in the customer data base and property value thereof, and, the rule of formulating in (2) step according to step 1.2, the corresponding role of distributing user.
As, certain calling party, can obtain attribute of user and property value is age of user 10 years old by database, the user nationality is a China, customer charge be 300 yuan (User-Age=10, User-Country=" China ", User-Fee=300).
So, the composite attribute expression formula cae that sets up the user is { User-Age=10 ANDUser-Country=" China " }, and single attribute expression formula sae is { User-Fee=300}.According to the rule of formulating in (2) 1---rule 6, distributing user has two roles: great number is paid and children's (being Premium and Child).
Step 3, by the role in the step 2, according to table one (table two), the authority of inquiry role correspondence.
The user is assigned with role Child and Premium.Therefore, the access rights to Resource Properties that can learn these two kinds of role's correspondences are:
pc?Resource-Content=“L3”
ps?Resource-ReleaseDate=“New”AND“Old”
Step 4, foundation obtain combination permission CP.
By access rights pc and the ps in the step 3 to Resource Properties, can get combination permission CP=pc AND ps ((Resource-Content=" L3 ") AND (Resource-ReleaseDate=" New " AND " Old ")), therefore, the user can visit new and old date issued of the film of L3 rank content.
Claims (5)
1. the access control method based on attribute and rule is characterized in that, comprises the steps:
(1) according to the rule of access strategy formulation based on the attribute assignment role;
(2) for proposing the access resources requesting users, system obtains user property and respective value thereof according to the user profile in the database;
(3) described user property and the respective value thereof that obtains according to step (2) set up the attribute of user expression formula, according to the rule that step (1) is formulated, distributing user role;
(4) inquiry distributing user role's corresponding authority is set up combination permission, and the user realizes the visit of the integrated information of resource is obtained.
2. the access control method based on attribute and rule as claimed in claim 1 is characterized in that, the described rule of formulating based on the attribute assignment role according to access strategy of step (1) comprises:
Corresponding relation in analysis access strategy and the access strategy between user property and Resource Properties;
Formulate the rule of distributing the role, set up role and corresponding authority information storehouse thereof.
3. the access control method based on attribute and rule as claimed in claim 2 is characterized in that the corresponding relation between described user property and Resource Properties comprises: the corresponding relation of man-to-man corresponding relation and one-to-many.
4. the access control method based on attribute and rule as claimed in claim 3 is characterized in that, described role of foundation and corresponding authority information storehouse thereof comprise:
Set up man-to-man role and corresponding authority information storehouse thereof;
Set up the role and the corresponding authority information storehouse thereof of one-to-many.
5. the access control method based on attribute and rule as claimed in claim 1 is characterized in that described attribute of user expression formula comprises: single attribute expression formula and composite attribute expression formula.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910200261A CN101729403A (en) | 2009-12-10 | 2009-12-10 | Access control method based on attribute and rule |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910200261A CN101729403A (en) | 2009-12-10 | 2009-12-10 | Access control method based on attribute and rule |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101729403A true CN101729403A (en) | 2010-06-09 |
Family
ID=42449646
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910200261A Pending CN101729403A (en) | 2009-12-10 | 2009-12-10 | Access control method based on attribute and rule |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101729403A (en) |
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101866360A (en) * | 2010-06-28 | 2010-10-20 | 北京用友政务软件有限公司 | Data warehouse authentication method and system based on object multidimensional property space |
| CN102063479A (en) * | 2010-12-22 | 2011-05-18 | 北京中电普华信息技术有限公司 | Method and system for controlling data access right |
| CN102347958A (en) * | 2011-11-18 | 2012-02-08 | 上海电机学院 | Dynamic hierarchical access control method based on user trust |
| CN102402653A (en) * | 2010-09-16 | 2012-04-04 | 金蝶软件(中国)有限公司 | Method, system and terminal for controlling authority of data among different kinds of application |
| CN102413106A (en) * | 2010-09-26 | 2012-04-11 | 百度在线网络技术(北京)有限公司 | Method for processing advertising agent data safely and system thereof |
| CN102447677A (en) * | 2010-09-30 | 2012-05-09 | 北大方正集团有限公司 | Resource access control method, system and equipment |
| CN102868525A (en) * | 2011-07-04 | 2013-01-09 | 航天信息股份有限公司 | Authorization management method based on digital certificate |
| CN102968599A (en) * | 2012-10-25 | 2013-03-13 | 北京邮电大学 | User-defined access control system and method based on resource publisher |
| CN103036726A (en) * | 2012-12-17 | 2013-04-10 | 北京网康科技有限公司 | Method and device for network user management |
| CN103092841A (en) * | 2011-10-28 | 2013-05-08 | 金蝶软件(中国)有限公司 | Method and device for processing data |
| CN103299312A (en) * | 2011-02-08 | 2013-09-11 | 株式会社日立制作所 | Data storage system and its control method |
| CN103618729A (en) * | 2013-09-03 | 2014-03-05 | 南京邮电大学 | Multi-mechanism hierarchical attribute-based encryption method applied to cloud storage |
| CN104243453A (en) * | 2014-08-26 | 2014-12-24 | 中国科学院信息工程研究所 | Access control method and system based on attribute and role |
| CN104301315A (en) * | 2014-09-30 | 2015-01-21 | 腾讯科技(深圳)有限公司 | Method and device for limiting information access |
| CN105430020A (en) * | 2015-12-31 | 2016-03-23 | 南京邮电大学 | Access group-based privacy protection-supporting access authorization method |
| CN105531977A (en) * | 2013-07-31 | 2016-04-27 | 赛门铁克公司 | Mobile device connection control for synchronization and remote data access |
| CN105608366A (en) * | 2014-11-18 | 2016-05-25 | 华为软件技术有限公司 | User permission control method and device |
| CN105915535A (en) * | 2016-05-24 | 2016-08-31 | 北京朋创天地科技有限公司 | Virtual resource access control method based on user identity |
| US9916461B2 (en) | 2012-09-10 | 2018-03-13 | International Business Machines Corporation | Identity context-based access control |
| CN108268798A (en) * | 2017-06-30 | 2018-07-10 | 勤智数码科技股份有限公司 | A kind of data item authority distributing method and system |
| CN109040106A (en) * | 2018-08-28 | 2018-12-18 | 广州城市信息研究所有限公司 | A kind of transmission control method and device of service hierarchy classification |
| WO2019001322A1 (en) * | 2017-06-30 | 2019-01-03 | 成都牵牛草信息技术有限公司 | Role-based menu authorization method |
| CN109492376A (en) * | 2018-11-07 | 2019-03-19 | 浙江齐治科技股份有限公司 | Control method, device and the fort machine of equipment access authority |
| CN110096892A (en) * | 2019-04-29 | 2019-08-06 | 武汉中锐源信息技术开发有限公司 | Database Properties access control method and system |
| CN110865817A (en) * | 2019-11-01 | 2020-03-06 | 湖北省楚天云有限公司 | Cloud computing platform resource metering method and system |
| CN110941853A (en) * | 2019-11-22 | 2020-03-31 | 星环信息科技(上海)有限公司 | Database permission control method, computer equipment and storage medium |
| CN111222162A (en) * | 2019-12-31 | 2020-06-02 | 中国铁道科学研究院集团有限公司电子计算技术研究所 | Industry cloud resource access control method and device |
| CN113612802A (en) * | 2021-10-08 | 2021-11-05 | 苏州浪潮智能科技有限公司 | Access control method, device, equipment and readable storage medium |
| CN113656442A (en) * | 2021-08-04 | 2021-11-16 | 南京图菱视频科技有限公司 | Service platform resource access control method and system based on relational data model |
-
2009
- 2009-12-10 CN CN200910200261A patent/CN101729403A/en active Pending
Cited By (44)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101866360A (en) * | 2010-06-28 | 2010-10-20 | 北京用友政务软件有限公司 | Data warehouse authentication method and system based on object multidimensional property space |
| CN102402653A (en) * | 2010-09-16 | 2012-04-04 | 金蝶软件(中国)有限公司 | Method, system and terminal for controlling authority of data among different kinds of application |
| CN102413106A (en) * | 2010-09-26 | 2012-04-11 | 百度在线网络技术(北京)有限公司 | Method for processing advertising agent data safely and system thereof |
| CN102413106B (en) * | 2010-09-26 | 2016-05-11 | 百度在线网络技术(北京)有限公司 | The method and system of safe handling advertiser data |
| CN102447677B (en) * | 2010-09-30 | 2015-05-20 | 北大方正集团有限公司 | Resource access control method, system and equipment |
| CN102447677A (en) * | 2010-09-30 | 2012-05-09 | 北大方正集团有限公司 | Resource access control method, system and equipment |
| CN102063479A (en) * | 2010-12-22 | 2011-05-18 | 北京中电普华信息技术有限公司 | Method and system for controlling data access right |
| CN103299312B (en) * | 2011-02-08 | 2016-03-16 | 株式会社日立制作所 | Data-storage system and control method thereof |
| CN103299312A (en) * | 2011-02-08 | 2013-09-11 | 株式会社日立制作所 | Data storage system and its control method |
| CN102868525A (en) * | 2011-07-04 | 2013-01-09 | 航天信息股份有限公司 | Authorization management method based on digital certificate |
| CN103092841B (en) * | 2011-10-28 | 2016-08-03 | 金蝶软件(中国)有限公司 | A kind of data processing method and device |
| CN103092841A (en) * | 2011-10-28 | 2013-05-08 | 金蝶软件(中国)有限公司 | Method and device for processing data |
| CN102347958B (en) * | 2011-11-18 | 2013-12-04 | 上海电机学院 | Dynamic hierarchical access control method based on user trust |
| CN102347958A (en) * | 2011-11-18 | 2012-02-08 | 上海电机学院 | Dynamic hierarchical access control method based on user trust |
| US9916461B2 (en) | 2012-09-10 | 2018-03-13 | International Business Machines Corporation | Identity context-based access control |
| CN102968599B (en) * | 2012-10-25 | 2016-05-04 | 北京邮电大学 | Based on the self-defining access control system of resource publisher and method |
| CN102968599A (en) * | 2012-10-25 | 2013-03-13 | 北京邮电大学 | User-defined access control system and method based on resource publisher |
| CN103036726A (en) * | 2012-12-17 | 2013-04-10 | 北京网康科技有限公司 | Method and device for network user management |
| CN105531977A (en) * | 2013-07-31 | 2016-04-27 | 赛门铁克公司 | Mobile device connection control for synchronization and remote data access |
| CN105531977B (en) * | 2013-07-31 | 2018-04-10 | 赛门铁克公司 | The method and system of control is connected with the mobile device of remote data access for synchronization |
| CN103618729A (en) * | 2013-09-03 | 2014-03-05 | 南京邮电大学 | Multi-mechanism hierarchical attribute-based encryption method applied to cloud storage |
| CN104243453A (en) * | 2014-08-26 | 2014-12-24 | 中国科学院信息工程研究所 | Access control method and system based on attribute and role |
| CN104301315A (en) * | 2014-09-30 | 2015-01-21 | 腾讯科技(深圳)有限公司 | Method and device for limiting information access |
| CN105608366B (en) * | 2014-11-18 | 2019-07-12 | 华为软件技术有限公司 | User authority control method and device |
| CN105608366A (en) * | 2014-11-18 | 2016-05-25 | 华为软件技术有限公司 | User permission control method and device |
| CN105430020A (en) * | 2015-12-31 | 2016-03-23 | 南京邮电大学 | Access group-based privacy protection-supporting access authorization method |
| CN105915535A (en) * | 2016-05-24 | 2016-08-31 | 北京朋创天地科技有限公司 | Virtual resource access control method based on user identity |
| CN105915535B (en) * | 2016-05-24 | 2017-10-31 | 北京朋创天地科技有限公司 | A kind of virtual resources access control method based on user identity |
| CN108268798A (en) * | 2017-06-30 | 2018-07-10 | 勤智数码科技股份有限公司 | A kind of data item authority distributing method and system |
| CN108268798B (en) * | 2017-06-30 | 2023-09-05 | 勤智数码科技股份有限公司 | Data item authority allocation method and system |
| WO2019001322A1 (en) * | 2017-06-30 | 2019-01-03 | 成都牵牛草信息技术有限公司 | Role-based menu authorization method |
| CN109040106A (en) * | 2018-08-28 | 2018-12-18 | 广州城市信息研究所有限公司 | A kind of transmission control method and device of service hierarchy classification |
| CN109492376A (en) * | 2018-11-07 | 2019-03-19 | 浙江齐治科技股份有限公司 | Control method, device and the fort machine of equipment access authority |
| CN110096892A (en) * | 2019-04-29 | 2019-08-06 | 武汉中锐源信息技术开发有限公司 | Database Properties access control method and system |
| CN110865817A (en) * | 2019-11-01 | 2020-03-06 | 湖北省楚天云有限公司 | Cloud computing platform resource metering method and system |
| CN110865817B (en) * | 2019-11-01 | 2024-04-05 | 湖北省楚天云有限公司 | Cloud computing platform resource metering method and system |
| CN110941853A (en) * | 2019-11-22 | 2020-03-31 | 星环信息科技(上海)有限公司 | Database permission control method, computer equipment and storage medium |
| CN110941853B (en) * | 2019-11-22 | 2020-11-10 | 星环信息科技(上海)有限公司 | Database permission control method, computer equipment and storage medium |
| WO2021098873A1 (en) * | 2019-11-22 | 2021-05-27 | 星环信息科技(上海)股份有限公司 | Permission control method for database, computer device, and storage medium |
| CN111222162A (en) * | 2019-12-31 | 2020-06-02 | 中国铁道科学研究院集团有限公司电子计算技术研究所 | Industry cloud resource access control method and device |
| CN111222162B (en) * | 2019-12-31 | 2022-07-12 | 中国铁道科学研究院集团有限公司电子计算技术研究所 | Industry cloud resource access control method and device |
| CN113656442A (en) * | 2021-08-04 | 2021-11-16 | 南京图菱视频科技有限公司 | Service platform resource access control method and system based on relational data model |
| CN113612802B (en) * | 2021-10-08 | 2022-02-18 | 苏州浪潮智能科技有限公司 | Access control method, device, equipment and readable storage medium |
| CN113612802A (en) * | 2021-10-08 | 2021-11-05 | 苏州浪潮智能科技有限公司 | Access control method, device, equipment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101729403A (en) | Access control method based on attribute and rule | |
| Xu et al. | An efficient privacy‐enhanced attribute‐based access control mechanism | |
| US20200287719A1 (en) | Zero-knowledge identity verification in a distributed computing system | |
| US20200287718A1 (en) | Zero-knowledge identity verification in a distributed computing system | |
| CN110334525B (en) | Block chain based multi-layer alliance type account management system and method | |
| CN109286676B (en) | Electric power data safety information system based on block chain | |
| US6678682B1 (en) | Method, system, and software for enterprise access management control | |
| CN109167717A (en) | The method for presetting instant messaging account contact person and default address list according to the communication relations between role | |
| CN102968599A (en) | User-defined access control system and method based on resource publisher | |
| CN102724221A (en) | Enterprise information system using cloud computing and method for setting user authority thereof | |
| Al-Kahtani et al. | Rule-based RBAC with negative authorization | |
| CN106326766B (en) | A kind of HBase reading data control method | |
| CN101453475A (en) | Authentication management system and method | |
| CN110933093A (en) | Block chain data sharing platform and method based on differential privacy protection technology | |
| CN107808103A (en) | The control method and control device of a kind of data permission | |
| CN102857488B (en) | Network access control model as well as method and terminal thereof | |
| US8180894B2 (en) | System and method for policy-based registration of client devices | |
| KR20200035122A (en) | How to grant permission to display the current status of the status of all system users | |
| CN107659450A (en) | Distribution method, distributor and the storage medium of big data cluster resource | |
| CN110457629A (en) | Permission processing, authority control method and device | |
| US20210279355A1 (en) | Methods and systems for purpose-based access control | |
| CN106951773A (en) | User role distributes method of calibration and system | |
| CN103778379B (en) | Application in management equipment performs and data access | |
| Xu et al. | A Feasible Fuzzy‐Extended Attribute‐Based Access Control Technique | |
| CN106599718B (en) | The control method and device of information access rights |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20100609 |