WO2015168936A1 - Method for controlling resource aggregation result access permission and resource aggregation apparatus - Google Patents
Method for controlling resource aggregation result access permission and resource aggregation apparatus Download PDFInfo
- Publication number
- WO2015168936A1 WO2015168936A1 PCT/CN2014/077144 CN2014077144W WO2015168936A1 WO 2015168936 A1 WO2015168936 A1 WO 2015168936A1 CN 2014077144 W CN2014077144 W CN 2014077144W WO 2015168936 A1 WO2015168936 A1 WO 2015168936A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- resource
- computing
- input
- resources
- trapdoor
- Prior art date
Links
- 230000002776 aggregation Effects 0.000 title claims abstract description 208
- 238000004220 aggregation Methods 0.000 title claims abstract description 208
- 238000000034 method Methods 0.000 title claims abstract description 82
- 238000004891 communication Methods 0.000 claims description 42
- 238000004364 calculation method Methods 0.000 description 121
- 238000004458 analytical method Methods 0.000 description 56
- 238000006243 chemical reaction Methods 0.000 description 39
- 230000005611 electricity Effects 0.000 description 38
- 238000009826 distribution Methods 0.000 description 33
- 230000008569 process Effects 0.000 description 26
- 238000003860 storage Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 8
- 238000012935 Averaging Methods 0.000 description 7
- 230000000052 comparative effect Effects 0.000 description 4
- 230000006872 improvement Effects 0.000 description 4
- 230000004931 aggregating effect Effects 0.000 description 3
- 230000014509 gene expression Effects 0.000 description 3
- 230000009466 transformation Effects 0.000 description 3
- PCTMTFRHKVHKIS-BMFZQQSSSA-N (1s,3r,4e,6e,8e,10e,12e,14e,16e,18s,19r,20r,21s,25r,27r,30r,31r,33s,35r,37s,38r)-3-[(2r,3s,4s,5s,6r)-4-amino-3,5-dihydroxy-6-methyloxan-2-yl]oxy-19,25,27,30,31,33,35,37-octahydroxy-18,20,21-trimethyl-23-oxo-22,39-dioxabicyclo[33.3.1]nonatriaconta-4,6,8,10 Chemical compound C1C=C2C[C@@H](OS(O)(=O)=O)CC[C@]2(C)[C@@H]2[C@@H]1[C@@H]1CC[C@H]([C@H](C)CCCC(C)C)[C@@]1(C)CC2.O[C@H]1[C@@H](N)[C@H](O)[C@@H](C)O[C@H]1O[C@H]1/C=C/C=C/C=C/C=C/C=C/C=C/C=C/[C@H](C)[C@@H](O)[C@@H](C)[C@H](C)OC(=O)C[C@H](O)C[C@H](O)CC[C@@H](O)[C@H](O)C[C@H](O)C[C@](O)(C[C@H](O)[C@H]2C(O)=O)O[C@H]2C1 PCTMTFRHKVHKIS-BMFZQQSSSA-N 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 241001614181 Phera Species 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000007717 exclusion Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Definitions
- the present invention relates to the field of network technologies, and in particular, to a method for controlling access rights of resource aggregation results and a resource aggregation device. Background technique
- Information aggregation refers to taking one or more resources in the system as input, and after logical calculation, the calculation result provides external access as an output resource.
- the resource is a classifying various information transmitted in the network or stored in the server, so that the same content or the same type of information can be marked with the same identifier, so as to facilitate the classified storage or invocation of the information, and the information is aggregated.
- Aggregate is implemented in the form of resources.
- an M2M (Machine to Mach ine) system an M2M application aggregates one or more resources already existing in the M2M system (referred to as aggregated resources in this patent) by creating an aggregate resource. Aggregated resources can be accessed by M2M application access.
- the aggregated resource contains: the identifier of the aggregated resource (such as UR I (Uni Form Re s ource I dent if ier) of the aggregated resource.
- the aggregated resource is used to indicate that the process of the aggregate will input the computing resource.
- the aggregation mode is a separate computing resource, or a connected computing resource.
- the aggregation mode indicates that the corresponding computing process is performed on the aggregated resource, and the computing process is provided by the computing resource.
- the aggregation result can be obtained by the calculation process.
- the information indicating the aggregation result resource may be the aggregation result resource itself or the identifier of the aggregation result resource.
- the foregoing aggregation mode is composed of one or more computing resources, and the computing resources are input by the aggregated resource, and the computing resource is a calculation.
- Process which includes input resources and output resources.
- the output resource of one computing resource can be used as an input resource of another computing resource. If the output resource of one computing resource is used as an input resource of another computing resource, the two computing resource connections are called.
- the result of the final output after the transformation, integration, and operation of the aggregated resource is the aggregate result resource.
- the access permission is used to specify which applications of a resource in the M2M system can be accessed by which applications. For example, access rights can be used. Constraining a certain data can only be read by application A, and can only be written by application B.
- This role may be a classification of general users, advanced users, and administrators.
- a role may be associated with multiple app IDs.
- the advantage of role-based access control is that data creators only need to care about which roles their data can be accessed by, without having to care about which applications or who are using them under each role.
- For the aggregation result resource because the aggregation result resource is generated by the M2M system according to the process defined in the aggregate resource. Since the aggregation result resource is transformed and calculated by the aggregated resource, the aggregated resource may be obtained by performing the inverse transformation and calculation on the aggregated result resource. Therefore, visitors to the aggregated result resource may be aware of the aggregated resource. If the visitor of the aggregated result resource does not have the right to access the aggregated resource, it may invade the privacy of the aggregated resource and affect the information security of the aggregated resource. Summary of the invention
- a resource aggregation apparatus including: a receiving unit, configured to receive an aggregation resource creation request, where the aggregation resource creation request includes: An identifier of the request access authority and the computing resource of the resource, and an input resource letter of the computing resource, and output resource information of the computing resource; an obtaining unit, configured to include, according to the aggregate resource creation request received by the receiving unit The identifier of the computing resource acquires the computing resource; a computing resource determining unit, configured to determine, according to the computing resource acquired by the acquiring unit, that an input resource of the computing resource is obtainable according to an output resource of the computing resource, where the acquiring unit is further configured to: according to the receiving unit Receiving, by the information about the input resource of the computing resource included
- the computing resource determining unit is configured to determine, according to the trapdoor condition defined in the computing resource, that the computing resource does not satisfy the trapdoor condition;
- the permission determining unit is specifically configured to: determine an access right of the output resource of the computing resource as an intersection of the request access authority and the access authority of the input resource of the computing resource.
- the computing resource determining unit is specifically configured to determine that the computing resource meets a trapdoor condition defined by the computing resource, or determine that the computing resource does not include a trapping a unidirectional description of the input resource according to the output resource defined by the computing resource, and determining that the output resource of the computing resource does not have unidirectionality to the input resource;
- the privilege determining unit is specifically configured to determine The access authority of the output resource of the computing resource is an intersection of the request access right included in the aggregate resource creation request received by the receiving unit and the access authority of the input resource acquired by the acquiring unit; or
- the computing resource determining unit is specifically configured to determine that the computing resource meets the computing resource Determining the trapdoor condition of the source, or determining that the computing resource does not include a trapdoor condition; and determining, according to the unidirectional description of the input resource defined by the computing resource, that the output resource of the computing resource has a trapping threshold for the input resource
- the computing resource further includes a description of the trapdoor resource;
- a resource aggregation apparatus including: a processor, a memory, a communication interface, and a bus, wherein the processor, the memory, and the communication interface are connected to each other through the bus; Receiving an aggregate resource creation request, where the aggregate resource creation request includes: a request access right to the aggregate result resource and an identifier of the computing resource, and input resource information of the computing resource and output resource information of the computing resource; And acquiring, according to the identifier of the computing resource included in the aggregate resource creation request received by the communication interface, the computing resource, and determining, according to the computing resource, an input resource of the computing resource, according to the calculating The output resource of the resource is obtained according to the information of the input resource of the computing resource included in the aggregate resource creation request received by the communication interface; the aggregate resource received according to the communication interface Create request access rights and the input funds included in the request
- the access right of the source determines the access authority of the output resource of the computing resource; when the output resource of the computing resource is the aggregated result resource, the
- the determining, by the processor, that the input resource of the computing resource is obtainable according to the output resource of the computing resource, according to the computing resource is: The trapdoor condition defined in the computing resource determines that the computing resource does not satisfy the trapdoor condition; Determining, by the processor, the access permission of the output resource of the computing resource according to the request access right and the access authority of the input resource that are received by the communication interface according to the communication interface: Determining an access right of an output resource of the computing resource as an intersection of the request access authority and an access authority of an input resource of the computing resource.
- the determining, by the processor, that the input resource of the computing resource is obtainable according to the output resource of the computing resource, according to the computing resource is: The computing resource satisfies the trapdoor condition defined by the computing resource, or determines that the computing resource does not include a trapdoor condition; and determines the computing resource according to the unidirectional description of the input resource by the output resource defined by the computing resource The output resource is not unidirectional to the input resource; and the processor determines, according to the request access right included in the aggregate resource creation request received by the communication interface and the access authority of the input resource,
- the access authority of the output resource of the computing resource is specifically: the processor determining that the access authority of the output resource of the computing resource is the requested access right and the input included in the aggregate resource creation request received by the communication interface An intersection of access rights of resources; or, the processor determines the calculation based on the computing resources
- the input resource of the source can be obtained according to the output resource of the computing resource: the processor determines that the computing resource.
- the third aspect provides a method for controlling access rights of resource aggregation results
- the resource aggregation device receives an aggregate resource creation request, where the aggregate resource creation request includes: a request access right to the aggregate result resource and an identifier of the computing resource, and an input resource letter, a package, and an output of the computing resource of the computing resource Obtaining the computing resource according to the identifier of the computing resource, and determining, according to the computing resource, that the input resource of the computing resource can be obtained according to an output resource of the computing resource; according to the input resource of the computing resource Obtaining an access right of the input resource according to the request access right and an access right of the input resource, determining an access right of an output resource of the computing resource; and when an output resource of the computing resource is an aggregate result resource,
- the access authority of the output resource of the computing resource is used as the access permission of the aggregation result resource.
- the determining, by the computing resource, the input resource of the computing resource, according to the output resource of the computing resource is:
- the determining, by the computing resource, that the input resource of the computing resource can be obtained according to the output resource of the computing resource is: determining that the computing resource meets Determining a trapdoor condition of the resource definition, or determining that the computing resource does not include a trapdoor condition; and determining, according to the unidirectional description of the input resource by the output resource defined by the computing resource, the output resource of the computing resource The input resource is not unidirectional; the determining the access authority of the output resource of the computing resource according to the request access right and the access authority of the input resource is specifically: determining the output resource of the computing resource The request permission is an intersection of the request access right and the access authority of the input resource; or the determining, according to the computing resource, the input resource of the computing resource can be obtained according to the output resource of the computing resource: The computing resource satisfies a trapdoor condition defined by the computing resource, or determines that the computing resource does not include a trapdoor condition; and determines an output of the
- An embodiment of the present invention provides a method for controlling resource access result access rights and a resource aggregation device, which can determine access to an output resource of the computing resource according to a request access right of an aggregate result resource and an access right of an input resource of a computing resource. Permission, and the access authority of the output resource of the computing resource is used as the access permission of the aggregation result resource. Therefore, the access permission of the aggregated result resource can avoid the input resource being exposed by the reverse push, thereby improving the information security of the input resource.
- FIG. 1 is a schematic structural diagram of a resource aggregation apparatus according to an embodiment of the present invention
- FIG. 1 is a schematic structural diagram of a resource aggregation apparatus according to another embodiment of the present invention
- FIG. 3 is a schematic flowchart of a method for controlling access rights of a resource aggregation result according to an embodiment of the present invention
- 4 is a schematic flowchart of a method for controlling access rights of resource aggregation results according to another embodiment of the present invention
- FIG. 5 is a schematic diagram of a resource aggregation process according to an embodiment of the present invention
- FIG. 6 is a schematic diagram of an application scenario of a method for controlling access rights of a resource aggregation result according to an embodiment of the present invention
- FIG. 8 is a schematic diagram of a method for controlling a resource aggregation result access authority control method according to another embodiment of the present invention
- FIG. 8 is a schematic diagram of an application scenario of a resource aggregation result access authority control method according to another embodiment of the present invention
- FIG. 10 is a schematic flowchart of a method for controlling resource aggregation result access rights in the scenario shown in FIG. 8 according to an embodiment of the present invention
- FIG. 10 is a schematic flowchart of a method for controlling resource aggregation result access rights in the scenario shown in FIG. 8 according to an embodiment of the present invention
- FIG. 10 is a schematic flowchart of a method for controlling resource aggregation result access rights in the scenario shown in FIG. 8 according
- FIG. 12 is a schematic flowchart of a method for controlling a resource aggregation result access right in the scenario shown in FIG. 11 according to an embodiment of the present invention.
- An embodiment of the present invention provides a resource aggregation apparatus, which is applied to an M2M system, where the apparatus may be an Application Sercice Node (ASN) device, an intermediate node (MN, Middle Node) gateway, or an infrastructure node in an M2M system. (Infrastructure Node) platform, or a component of CSE (Common Service Entity) installed on the application service node device, intermediate node gateway or infrastructure node platform, for performing business logic flow related to information aggregation .
- ASN Application Sercice Node
- MN Middle Node gateway
- CSE Common Service Entity
- the resource aggregation apparatus includes: a receiving unit 11 , configured to receive an aggregate resource creation request, where the aggregate resource creation request includes: a request access right to an aggregate result resource and an identifier of a computing resource, and the The input resource information of the computing resource and the output resource information of the computing resource; the obtaining unit 12, configured to acquire the computing resource according to the identifier of the computing resource included in the aggregate resource creation request received by the receiving unit 11;
- the computing resource determining unit 13 is configured to determine, according to the computing resource that is obtained by the acquiring unit 12, that an input resource of the computing resource is obtained according to an output resource of the computing resource, where the acquiring unit 12 is further configured to: The information about the input resource of the computing resource included in the aggregate resource creation request received by the receiving unit 11 acquires the access authority of the input resource; the authority determining unit 14 is configured to receive according to the receiving unit 11 The request access right and the obtaining unit included in the aggregate resource creation request The obtained access authority of the input resource determines the access authority of the output resource of the computing resource
- the aggregated resource may be a set of aggregated resources stored in a server or a database of the M2M system, and a corresponding access right is created for each aggregated resource in the form of a list.
- the computing resource determining unit 13 is configured to determine, according to the trapdoor condition defined in the computing resource, that the computing resource does not satisfy the trapdoor condition;
- the authority determining unit 14 is specifically configured to determine that an access right of an output resource of the computing resource is an intersection of the request access right and an access right of an input resource of the computing resource.
- the computing resource determining unit 13 determines that the computing resource does not meet the trapping
- the threshold condition is specifically: the computing resource determining unit 13 determines that the trapdoor condition of the computing resource definition is false; or the computing resource determining unit 13 determines that the number of input resources of the computing resource is less than the The number of input resources defined as trapdoor resources defined in the trapdoor condition.
- the computing resource determining unit 13 is specifically configured to determine that the computing resource satisfies a trapdoor condition defined by the computing resource, or determine that the computing resource does not include a trapping I′ 1 condition;
- the unidirectional description of the output resource defined by the computing resource determines that the output resource of the computing resource does not have unidirectionality to the input resource;
- the privilege determining unit 14 is specifically configured to determine the computing resource.
- the access authority of the output resource is the intersection of the request access right included in the aggregate resource creation request received by the receiving unit 11 and the access authority of the input resource acquired by the obtaining unit 12;
- the computing resource determining unit 13 is specifically configured to determine that the computing resource satisfies a trapdoor condition defined by the computing resource, or determine that the computing resource does not include a trapdoor condition; and input the resource according to the computing resource definition
- the unidirectional description determines that the output resource of the computing resource has a trapdoor unidirectionality to the input resource;
- the computing resource further includes a trap a description of the resource;
- the authority determining unit 14 is further configured to determine an access right of the trapdoor resource according to the description of the trapdoor resource;
- the right determining unit 14 is specifically configured to determine an access of the output resource of the computing resource
- the rights are the sum of the request access rights included in the aggregate resource creation request received by the receiving unit 11 and the access rights of the input resources acquired by the obtaining unit 12, excluding all the trapdoors The intersection
- the computing resource determining unit 13 determines that the number of input resources of the computing resource is greater than or equal to the number of input resources defined as the trapdoor resource in the trapdoor condition.
- the trapdoor resource description includes a trapdoor resource identifier; the right determining unit 14 determines, according to the description of the trapdoor resource, the access right of the trapdoor resource, specifically: the permission determining unit 14 according to the trapdoor resource Identifying access rights to the trapdoor resource.
- the computing resource input resource includes an output resource of the aggregated resource and/or other computing resource; when the computing resource inputs the resource
- the obtaining unit 12 obtains the access authority of the input resource according to the input resource information of the computing resource included in the aggregate resource creation request received by the receiving unit 11 as follows: The unit 12 obtains the access authority of the aggregated resource as the access authority of the input resource of the computing resource according to the aggregated resource information included in the aggregated resource creation request received by the receiving unit 11.
- the computing resource input resource is When the output resource of the computing resource is calculated, the acquiring unit 12 obtains the access authority of the input resource according to the information about the input resource of the computing resource included in the aggregated resource creation request received by the receiving unit 11 as follows: The obtaining unit 12 is created according to the aggregate resource received by the receiving unit 11 The output resource information of the other computing resources included in the request acquires the access authority of the output resource of the other computing resource as the access authority of the input resource of the computing resource.
- An embodiment of the present invention provides a resource aggregation apparatus, which is capable of determining an access right of an output resource of the computing resource according to a request access right of an aggregation result resource and an access authority of an input resource of a computing resource, and the computing resource is The access rights of the output resource are the access rights of the aggregated result resource. Therefore, the access permission of the aggregated result resource can avoid the input resource being exposed by the reverse push, thereby improving the information security of the input resource. Further, when the input resource is an aggregated resource, the security of the aggregated resource is improved.
- an embodiment of the present invention provides a resource aggregation apparatus, including: a processor 21, a memory 22, a communication interface 23, and a bus 24.
- the processor 21, the memory 22, and the communication interface 23 The bus 24 is connected to each other and completes communication with each other; the bus 24 can be an I SA (Industry System) bus, PC I (Per i phera l Component) , external device interconnection) bus Or EISA (Extended Indus try Standard Architecture) bus.
- the bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 2, but it does not mean that there is only one bus or one type of bus. among them:
- the memory 22 is for storing executable program code including computer operating instructions.
- Memory 22 may include high speed RAM memory and may also include non-volatile memory, such as at least one disk memory.
- the processor 21 may be a central processing unit (CPU), or an application specific integrated circuit (ASIC), or one or more configured to implement the embodiments of the present invention. integrated circuit.
- the communication interface 23 is configured to receive an aggregate resource creation request, where the aggregate resource creation request includes: a request access right for the aggregation result resource and an identifier of the computing resource, and an input resource letter of the computing resource, and the calculating Outputting resource information of the resource; the processor 21, configured to acquire the computing resource according to the identifier of the computing resource included in the aggregate resource creation request received by the communication interface 23, and determine, according to the computing resource
- the input resource of the computing resource can be obtained according to the output resource of the computing resource; and the accessing authority of the input resource is obtained according to the information of the input resource of the computing resource included in the aggregated resource creation request received by the communication interface 23 And determining, according to the request access right included in the aggregate resource creation request received by the communication interface 23, the access authority of the input resource, the access authority of the output resource of the computing resource; when the output resource of the computing resource is an aggregate When the resource is the result, the output resource of the computing resource is Access rights Access rights to the aggregated result resource.
- the processor 21 is configured to determine, according to the computing resource, that the input resource of the computing resource is obtainable according to the output resource of the computing resource, where the processor 21 is configured according to the computing resource.
- the gate condition determines that the computing resource does not satisfy the trapdoor condition;
- the processor 21 determines, according to the request access right that is included in the aggregate resource creation request that is received by the communication interface 23, and the access authority of the input resource, that the access authority of the output resource of the computing resource is: The processor 21 determines an output of the computing resource The access rights of the resources are the intersection of the request access rights and the access rights of the input resources of the computing resources.
- the determining, by the processor 21, that the computing resource does not satisfy the trapdoor condition is: the processor 21 determines that the trapdoor condition of the computing resource definition is false; or the processor 21 determines The number of input resources of the computing resource is less than the number of input resources defined as the trapdoor resource in the trapdoor condition.
- the processor 21 determines, according to the computing resource, that the input resource of the computing resource is obtainable according to the output resource of the computing resource, where the processor 21 determines that the computing resource meets the calculation Determining a trapdoor condition of the resource, or determining that the computing resource does not include a trapdoor condition; and determining, according to the unidirectional description of the input resource by the output resource defined by the computing resource, the output resource of the computing resource to the input resource
- the processor 21 determines the output resource of the computing resource according to the request access right included in the aggregate resource creation request received by the communication interface 23 and the access authority of the input resource.
- the access authority is specifically: the processor 21 determines that the access authority of the output resource of the computing resource is the requested access right and the input resource included in the aggregate resource creation request received by the communication interface 23 An intersection of access rights; or, the processor 21 determines, according to the computing resource, an input resource of the computing resource.
- the obtaining of the output resource according to the computing resource is specifically: the processor 2 1 determines that the computing resource satisfies a trapdoor condition defined by the computing resource, or determines that the computing resource does not include a trapping I′ 1 condition;
- the unidirectional description of the input resource defined by the computing resource determines that the output resource of the computing resource has a trapdoor unidirectionality to the input resource; and the computing resource further includes a description of the trapdoor resource; And determining, according to the description of the trapdoor resource, the access authority of the trapdoor resource; and the processor 21 according to the aggregated resource creation request received by the communication interface 23
- the access authority of the input resource determines that the access authority of the output resource of the computing resource
- the determining, by the processor 21, that the computing resource meets the trapdoor condition is: the processor 21 determines that the trapdoor condition defined by the computing resource is true; or the processor 21 determines the calculating The number of input resources of the resource is greater than or equal to the number of input resources defined as the trapdoor resource in the trapdoor condition.
- the trapdoor resource description includes a trapdoor resource identifier; the processor 21 determines, according to the description of the trapdoor resource, the access permission of the trapdoor resource, that is, the processor 21 obtains according to the trapdoor resource identifier. The access rights of the trapdoor resource.
- the computing resource input resource includes an output resource of the aggregated resource and/or other computing resource; when the computing resource inputs the resource When the resource is aggregated, the processor 21 obtains the access authority of the input resource according to the information about the input resource of the computing resource included in the aggregate resource creation request received by the communication interface 23, which is specifically: The processor 21 acquires access rights of the aggregated resource as access rights of the input resource of the computing resource according to the aggregated resource information included in the aggregated resource creation request received by the communication interface 23; the computing resource When the input resource is an output resource of another computing resource, the processor 21 acquires the input resource according to the information of the input resource of the computing resource included in the aggregate resource creation request received by the communication interface 23
- the access authority is specifically: the processor 21 creates the aggregated resource according to the communication interface 23
- the output resource information of the other computing resources included in the request acquires the access authority of the output resource of the other computing resource as the access authority of the input resource of the computing resource.
- An embodiment of the present invention provides a resource aggregation apparatus, which is capable of determining an access right of an output resource of the computing resource according to a request access right of an aggregation result resource and an access authority of an input resource of a computing resource, and the computing resource is The access rights of the output resource are the access rights of the aggregated result resource. Therefore, the access permission of the aggregated result resource can avoid the input resource being exposed by the reverse push, thereby improving the information security of the input resource. Further, When the input resource is an aggregated resource, the security of the aggregated resource is improved.
- an embodiment of the present invention provides a method for controlling access rights of a resource aggregation result, which is implemented by the foregoing resource aggregation apparatus, and specifically includes the following steps:
- the resource aggregation device receives an aggregate resource creation request.
- the aggregate resource creation request includes: a request access right to the aggregate result resource, an identifier of the calculation resource, and an input resource letter, a package, and an output resource information of the computing resource.
- the identifier of the computing resource is used to obtain a corresponding computing resource in the computing resource set of the M2M system, where the aggregated resource is used as an input resource of the computing resource, and the output resource of the computing resource is used as an aggregation result resource.
- the input resource of the computing resource included in the aggregate resource creation request is specifically: an output resource of the aggregated resource and/or other computing resource
- the output resource of the computing resource may be used as an input resource or an aggregate result resource of other computing resources; the aggregate resource creation request may be from an application connected to the resource aggregation device in the M2M system.
- the resource aggregation device obtains the computing resource according to the identifier of the computing resource, and determines, according to the computing resource, that the input resource of the computing resource can be obtained according to the output resource of the computing resource.
- the resource aggregation device acquires the access authority of the input resource according to the information of the input resource of the computing resource.
- the input resource of the computing resource may be an aggregated resource, or may be an output resource of other computing resources. It is worth noting that there is no strict sequence between steps 1 02 and 03.
- the resource aggregation device determines the access authority of the output resource of the computing resource according to the request access right and the access right of the input resource.
- the resource aggregation device uses the access authority of the output resource of the computing resource as the access permission of the aggregation result resource.
- the access permission of the output resource output by the computing resource is the aggregation result resource.
- the aggregation device feeds the access rights of the aggregated result resource to the connected application in the M2M system in response to the packet, in the form of a packet, so that the application accesses the aggregated level resource under the access authority of the aggregated result resource.
- the method for controlling the access rights of the resource aggregation result provided by the embodiment of the present invention is capable of accessing the output resource of the computing resource determined according to the request access right of the aggregation result resource and the access authority of each input resource (including the aggregated resource).
- an embodiment of the present invention provides a method for controlling access rights of a resource aggregation result, including the following process:
- the resource aggregation device receives the aggregate resource creation request.
- the aggregation resource creation request includes: a request access right Q for the aggregation result resource, an identifier of the calculation resource, input resource information and output resource information of the calculation resource; wherein, at least one calculation resource and input resource information of the calculation resource
- the output resource information constitutes an aggregation mode; and the information of the input resource may be information of the aggregated resource, such as an identifier of the aggregated resource, a URL, or the like, and may also be information of an output resource of other computing resources.
- the input resource is an output resource of another computing resource
- the input resource information of the other computing resource is the input resource information of the computing resource
- the aggregate resource creation request may be considered to include only the input resource of the computing resource.
- Information An optional case is that the aggregate resource creation request further includes output resource information; the aggregate resource creation request may be from an application connected to the resource aggregation device in the M2M system.
- at least two computing resources may be included in the aggregation mode, where each computing resource includes respective input resource information and output resource information.
- the input resource of the computing resource may be an output resource of the aggregated resource and/or other computing resources; the output resource of the computing resource may be used as an input resource or an aggregated result resource of other computing resources. As shown in FIG.
- the computing resource E defines the input resources of the aggregated resources A and B as the computing resource E, and the output resource that defines the computing resource E as the input resource of the computing resource H; and the aggregated resource C as the computing resource.
- the input resource of F, and the output resource of the computing resource F is used as an input resource of the computing resource H.
- the output resource of the computing resource H is used as a computing aggregate result resource. Such as If the aggregation mode has only one computing resource, all the aggregated resources are the input resources of the computing resource, and the output resource of the computing resource is the aggregation result resource.
- the input resource information, the packet, and the output resource information of the computing resource included in the aggregate resource creation request are specifically: Input resource information, and output resource information of each computing resource.
- step 202 Determine whether a computing resource satisfies a trapdoor condition.
- a trapdoor condition is defined in the computing resource.
- the resource aggregation device determines whether the computing resource includes a trapdoor condition. If the trapdoor condition is included, go to step 2 02, otherwise, go directly to step 2 05. Specifically, in step 202, the resource aggregation device determines that the computing resource meets the trapping condition, and continues to perform step 205; otherwise, performs step 203.
- the computing resource satisfies the trapdoor condition indicating that the trapdoor condition of the computing resource definition is true, or the number of input resources of the computing resource is greater than or equal to the number of input resources defined as the trapdoor resource in the trapdoor condition.
- Calculating the resource does not satisfy the trapdoor condition indicates that the trapdoor condition of the computing resource definition is false; or, the number of input resources of the computing resource is less than the number of input resources defined as the trapdoor resource in the trapdoor condition.
- the true (t ure ) or false ( false ) of the trapdoor condition is a boolean type (boo l ) for determining whether the trapdoor condition is true, wherein the trap condition is true to indicate that the trapdoor condition is satisfied that the immediate computing resource is satisfied.
- the trapping condition if the condition is false, it means that the trapping condition is not immediately calculated.
- the resource does not satisfy the trapping condition; it can be understood that the use of other expressions of true or false should also belong to the scope of protection of this application, for example: correct or Errors, right or wrong, yes or no, etc. are no longer here - enumeration.
- the quantity of the input resource of the computing resource is greater than or equal to the input resource defined as the trapdoor resource in the trapdoor condition.
- the quantity, or the number of input resources of the computing resource is less than the number of input resources defined as the trapdoor resource in the trapdoor condition.
- the output resource of the computing resource has access rights, and the computing resource in the initial state receives the request access right received in step 201 as an access right; the initial state means that the computing resource has not been processed by the following process; all the input resources at this time Access rights can be determined, if the input resource of the computing resource is the aggregated resource itself, then the access rights It can be obtained from the system server or database; if the input resource of the computing resource is the output resource of other computing resources, this indicates that other computing resources have been processed by the following processes, so the access rights of the input resources of the computing resource can also be determined. of. For example, in the example shown in FIG.
- each computing resource includes two input resources, and the access resources of the computing resources are accessed.
- the process of determining the rights is in units of each computing resource.
- the output resource of the resource updates the unidirectionality of the input resource with specific reference to the subsequent steps.
- the resource aggregation device acquires access rights of the input resource that is the computing resource according to the input resource information of the computing resource, and then performs step 204.
- the input resource of a computing resource may be an aggregated resource or an output resource of other computing resources.
- the resource aggregation device acquires the input resource.
- the access permission is specifically: obtaining the access permission of the aggregated resource according to the identifier of the aggregated resource.
- the resource aggregation device sends a permission acquisition request to the aggregated resource according to the aggregated resource identifier (such as UR I ) to obtain a description of the aggregated resource including the access right of the aggregated resource.
- the description of the access rights may be the identity of the access rights resource.
- the resource aggregation device further acquires access rights of the aggregated resource according to the access rights resource identification.
- the accessing authority of the resource aggregation device to obtain the input resource is specifically: acquiring the output resource information according to other computing resources
- the access authority of the output resource of the other computing resource of the input resource of the computing resource refers to the obtaining method of the access rights of the output resources of the computing resources provided after the step 204 of the embodiment.
- the creation request of the aggregated resource includes an identifier of the computing resource (such as UR I ), and input resource information and output resource information of each computing resource. And describe the relationship of each computing resource in the aggregation mode by using xm l or other means, where the specific input resource of the computing resource is specifically referred to herein. Source information and output resource information.
- the resource aggregation device obtains the computing resource by calculating the resource identifier such as UR I, wherein the computing resource may be stored in a server or a database of the M2M system.
- the method for obtaining the computing resource by the resource aggregation device belongs to the prior art, and is not described in detail in the embodiment of the present invention.
- step 204 Determine an access right of the output resource of the computing resource according to the access permission of the input resource of the computing resource and the requesting access right, and then perform step 212.
- the access permission of the output resource of the computing resource is a requesting access right.
- An intersection of Q and access rights of all input resources of the computing resource; all input resources of the computing resource may all be aggregated resources, or output resources including aggregated resources and other computing resources.
- the process of determining the access authority of the input resource is different according to the type of the input resource, and details are not described herein again in step 203.
- step 203 access to all input resources of the computing resource of the step is obtained.
- Permissions for example, the access permission for the first input resource is S 1 , the access permission for the second input resource is S2, and the access permission for the third input resource is S 3 .
- step 205a And obtaining a unidirectional type by using the step 205a, wherein if the output resource of the computing resource has complete unidirectionality to the input resource, performing step 208; if the output resource of the computing resource has a trap for the input resource After the step 209 is performed, the step 209 is performed; the output resource of the computing resource is not unidirectional to the input resource, and the step 206 is performed after the step 206 is performed; wherein the computing resource includes the calculating A unidirectional description of the input resource of the resource's output resource.
- the computing resource includes an input resource description, an output resource description, a calculation process description, and a unidirectional description of the input resource of the computing resource to the input resource; the input resource description is used to describe the element as the input resource of the computing resource. Data;
- the unidirectional description of the input resource of the computing resource includes whether the output resource of the computing resource has unidirectionality to the input resource, and whether it is completely unidirectional or trapped.
- the number of elements of the input resource includes the resource type of the input resource, the data structure and/or the resource deployment, etc.; the output resource description is used to describe the metadata of the output resource; the calculation process description refers to the description of the calculation process defined in the computing resource.
- the unidirectionality of the output resource of the computing resource to the input resource includes complete unidirectionality or trapdoor unidirectionality.
- the fully unidirectional representation indicates that the input resource of the computing resource cannot be derived from the output resource of the computing resource.
- the computing resource does not include the trapdoor resource.
- the trapdoor unidirectional representation can calculate the input resource according to the output resource and other specific resources (the specific resource is the input resource of the computing resource), therefore, the resource that can be used to derive the input resource by using the output resource and other specific resources is called Trap resources. Therefore, when the computing resource has a trapdoor one-way, the computing resource also needs to define the trapped I'1 resource.
- the output resource of the computing resource does not have unidirectionality to any one of the input resources. For example: If the computing resource is an average of three input resources (such as input input resource A, input resource B, and input resource C), then the computing resource inputs any one of the three input resources (assumed to be input resource A).
- the trapdoor unidirectionality is that the input resource A can be derived based on the average of the output and the remaining two input resources (input resources B and C). The remaining two input resources (input resources B and C) become trapdoor resources.
- the trapping condition indicates the number of input resources, and only when the input resource is not less than two, The computing resource has unidirectionality for any of its input resources.
- the resource aggregation device acquires access rights of the input resource of the computing resource according to the input resource information of the computing resource, and then performs step 207.
- step 203 access rights of all input resources of the computing resource are directly acquired.
- the unidirectional judgment of the output resource of the computing resource is performed sequentially for each input resource, so in step 207, when the access authority of the output resource of the computing resource is determined according to the access authority of the first input resource, The intersection of the request access authority Q and the access authority S 1 of the first input resource is used as the access authority T; and when the access authority of the output resource of the computing resource is updated according to the access authority of the other input resource, the input resource according to the previous input resource is Access rights determine the access rights of the output resources of the computing resource T' and the access rights of the other input resources to intersect the update access rights of the output resources of the computing resource, which are considered
- the unidirectionality of the output resource to the computing resource may be different for each input resource, so the access authority of the output resource of the computing resource determined according to the access authority of the previous input resource may be step 207 or step 208 or step 210 Any method.
- step 208 If the output resource of the computing resource has complete unidirectionality to the input resource, use the request access permission as an access permission of an output resource of the computing resource, and then perform step 211. It can be understood that the unidirectional judgment of the output resource of the computing resource is performed sequentially for each input resource, so in step 208, when the access authority of the output resource of the computing resource is determined according to the access authority of the first input resource, Request access rights Q as access rights T. As an alternative, since the unidirectionality of the output resource of the computing resource may be different for each input resource, the access authority of the output resource of the computing resource determined according to the access authority of the previous input resource may be step 207 or Any of the methods of step 208 or step 210.
- step 209 Acquire an access right of the input resource according to the input resource information of the computing resource, and determine an access right of the trapdoor resource according to the description of the trapdoor resource, and then perform step 210.
- the access permission of the trapdoor resource is determined according to the description of the trapdoor resource, so the description of the resource further including the trapdoor resource is calculated; as two alternative manners, the first type: the trapdoor resource is When one or more of the input resources of the resource are calculated, according to the description of the trapdoor resource, the access permission of the input resource may be directly obtained as the access permission method of the trapdoor resource. Referring to step 202, the access mode of the input resource is obtained.
- the method further includes: the trapdoor resource description includes a trapdoor resource identifier (UR I ), and the access authority of the trapdoor resource is obtained according to the trapdoor resource identifier.
- UR I trapdoor resource identifier
- the specific method refers to the access authority acquisition method of the input resource, and is not described in detail.
- T is the access authority of the output resource of the computing resource
- X is the intersection of the access rights of all trapdoor resources
- Q is the requested access right
- S is the access authority of the input resource.
- step 21 Determine whether the computing resource has other input resources; if otherwise, execute step 212, if yes, perform step 205 on the next input resource of the computing resource; that is, determine the output resource of the computing resource to the next input. Whether the resource is unidirectional.
- the specific step 212 is to determine, according to the output resource information, an output resource of the computing resource as an aggregation result resource, and if the output resource of the computing resource is used as an input resource of another computing resource, determining that the output resource of the computing resource is not As an aggregation result resource, performing step 202 on the computing resource that uses the output resource of the computing resource as its input resource, and traversing all the computing resources; if the resource is the aggregation result, the access authority of the output resource of the computing resource is used. As access rights of the aggregation result resource, step 21 3 is performed. Referring to FIG.
- the foregoing traversal process refers to obtaining a computing resource E according to a computing resource, an access right of the aggregated computing resource, an access right of the aggregated resource B, and a requesting access right to the output resource of the computing resource E.
- the access authority of the output resource F is obtained by the access authority of the output resource, and the access authority of the output resource of the computing resource F is obtained according to the access authority of the aggregated resource C and the requested access right of the output resource of the computing resource F,
- the access authority for obtaining the output resource of the computing resource E and the access authority for obtaining the output resource of the computing resource F are not in a specific order; finally, according to the access authority of the output resource of the computing resource E and the access authority of the output resource of the computing resource F and
- the request access right of the output resource of the computing resource H acquires the access authority of the output resource of the computing resource H, and the access authority of the output resource of the computing resource H is used as the access right of the aggregation result resource J, where for each
- the last computing resource is an aggregate resource creation request
- the output resource information of the computing resource is an aggregation result resource.
- Step 2 1 2 specifically refers to looping all the computing resources to step 2 0 3 to step 2 1 1 until the aggregation resource of the aggregate resource creation request is calculated.
- the last computing resource of the computing resource set is calculated to obtain the access of the output resource of the last computing resource. Permissions are the access rights to the aggregated result resource.
- Differentiating resources when the computing resources have sequentiality on the aggregated computing of the input resources, the first, second, ... can be understood as the order in which the computing resources are aggregated for the input resources, when computing resources When there is no order for the aggregate calculation of the input resources, the first, second, ... can only be understood as the distinction of the input resources; and the calculation is performed on whether the output resources of the computing resources are used as the input resources of other computing resources.
- the resource is the standard of the last computing resource in the aggregation mode, and the computing resource in the same aggregation mode is based on the relationship between the input resource and the output resource (described in step 2 01).
- the computing resource of the input resource is first, and the computing resource that outputs the aggregated result resource is arranged in the following manner.
- this is only a description of the embodiment to explain embodiments of the present invention provides, to achieve the other object of the embodiments described embodiment alternative embodiment of the present invention should be within the scope of the present disclosure.
- An embodiment of the present invention provides a method for controlling access rights of a resource aggregation result, which is capable of accessing an access resource according to a request for an aggregated result resource and an access authority of an input resource of a computing resource. Determining an access right of the output resource of the computing resource, and using an access right of the output resource of the computing resource as an access right of the aggregation result resource. Therefore, the access permission of the aggregated result resource can avoid the input resource being exposed by the reverse push, thereby improving the information security of the input resource. When the input resource is an aggregated resource, the security of the aggregated resource is improved.
- the resource aggregation device determines, according to the computing resource, that the input resource of the computing resource can be obtained according to the output resource of the computing resource, and may include the steps in the embodiment corresponding to FIG. 202, step 205, and a description of step 205a. Specifically, the resource aggregating device determines, according to the computing resource, that the input resource of the computing resource can be obtained according to the output resource of the computing resource, in the step 202, determining that the computing resource meets the computing resource definition.
- the resource aggregation device determines, according to the computing resource, that the input resource of the computing resource can be obtained according to the output resource of the computing resource according to the computing resource: Determining that the computing resource satisfies a trapdoor condition of the computing resource definition, or determining in step 202 that the computing resource does not include a trapdoor condition; and in step 205, determining a one-way input resource according to the computing resource Determining that the output resource of the computing resource has a trapdoor unidirectionality to the input resource (as a The method further includes determining, according to the unidirectional description of the input resource defined by the computing resource, that the output resource of the computing resource has complete unidirectionality to the input resource; or the
- Example 1 The calculation of the average power consumption of the cell family is taken as an example, as shown in FIG.
- power companies, residential households, and municipalities are all M2M systems. Registered user.
- the smart meter reading service deployed by the power company, the electricity meter reading value of the residential households is stored in the M2M platform, and the community residents can only have access to the meter reading value of their own electricity.
- Xiao Liu Because of the cooperation between the municipal department staff Xiao Liu and the households B, C and D, Xiao Liu has access to the electricity meter reading values of households B, C and D to help them analyze the electricity consumption and give advice. Suggest. However, Xiao Liu did not have access to the meter reading value of household A. In this scenario, the excellent energy-saving community selection team of the municipal department needs to average the electricity consumption of each community, and evaluate the most economical cells among multiple cells.
- the municipal excellent energy-saving community selection team creates an aggregation resource M in the M2M platform through the M2M application, and calculates the average value of the electricity consumption of the community households, and specifies the access rights of the aggregation result resources as the ID of the selection team member and the municipal department staff.
- Xiao Liu's ID The access permission of the aggregation result resource specified in the request is the request access authority.
- the created aggregation resource M includes the following information: The aggregated resource: Each cell resident ID.
- Aggregation method Contains a computing resource, average is used to average.
- Aggregation result resource The average power consumption of the cell.
- Request access to the aggregated result resource ⁇ ID of the selection panel member, Xiao Liu's ID ⁇ .
- the specific example of the aggregation resource M is:
- the URI of the aggregate resource M is: hUp: ⁇ baseURI/Mashup_M.
- Aggregated resources of aggregated resources M including: MeterA, MeterB, MeterC, and MeterD.
- Aggregate resource M contains the computing resource average.
- the input resource Input of the computing resource is: MashupResources is the aggregated resource.
- the output resource output of the computing resource is: MashupResult , which is the aggregate result resource.
- the URI of the aggregate result resource is: http: ⁇ baseURI/averge_meter ⁇ /MashupResult>.
- the access URI is: http: / /baseURI/accessRightA ⁇ /ResultAccessRight>, where AccessRightA describes the municipal consulting company with read access.
- Input resource The meter reading value of the numeric type.
- the expression of the computing resource average is as follows:
- the name of the computing resource is: average
- the storage address is: http: //baseURI /compute-average
- the resource aggregation device can obtain the computing resource according to the address (URI).
- the type Input type of the computing resource input resource is: NUMERIC, which means that the input resource is required to be numeric.
- the number of input resources is: unlimited, that is, there is no limit to the number of input resources.
- the unidirectional type of the computing resource is: Trap, that is, the output resource of the computing resource is trapdoor unidirectional to the input resource.
- the trapdoor resource is: all other inputs, that is, other aggregated resources other than the protected aggregated resource.
- the trapdoor resource is the meter reading value of the resident BCD.
- the conditions are: number of input no less than 2, that is, the number of input resources is not less than 2. Because for the averaging computing resources, if there is only one input resource, which is very straightforward, the average value is the specific value of the aggregated resource. Therefore, it is meaningful to talk about unidirectionality only when the number of input resources is greater than or equal to 2.
- the type NUMERIC of the computing resource output resource is: a numeric value.
- the access permission determination process of the aggregation result resource is as follows:
- the aggregate resource creation request includes an identifier (such as a URL) of the two aggregated resources, and a request access right Q to the aggregated result resource is:
- the ID of the municipal consulting company that is, the municipal consulting company has read permission, and the identifier of the computing resource ( For example: http: //baseURI/compute-average), the input resource information and the output resource information of the computing resource.
- the input resource information is: MeterA, MeterB, MeterC and MeterD.
- the output resource information is: http: I /baseURI/averge_meter ⁇ /MashupResul t>.
- the last computing resource is a computing resource whose input resource is not defined as an input resource of another computing resource in the aggregate resource creation request.
- an aggregate resource creation request only one The output resource of the computing resource is used as the aggregate result resource. Therefore, in this embodiment, the input resource of the calculation source is the aggregated resource, and the output resource is the aggregated result resource.
- the input resource information and the output resource information of the at least one computing resource and the computing resource are included in the aggregation mode, and the computing resources included in the aggregation mode are averaged.
- step 302 Determine that the computing resource is averaged to satisfy the trapdoor condition. Before step 302, an analysis of the average value average is also included, and it is determined that the calculation resource averaging average includes a trapdoor condition. Therefore, step 302 is directly executed. Specifically, in this step, because there are four input resources, and the number of input resources is greater than two, the trapdoor condition that the average value of the computing resources is averaged is satisfied.
- the unidirectional type of the average computing resource is: Trap, that is, the output resource of the computing resource is trapdoor unidirectional to the input resource. Therefore, the average output resource has a trapping unidirectionality for the household A's meter reading value as the first input resource, and the household A's meter reading value is the first input resource (ie, the first aggregated resource); The resource is: all other input, which is the meter reading value of the household BCD.
- step 102 wherein the resource aggregation device determines, according to the computing resource, that the input resource of the computing resource can be obtained according to the output resource of the computing resource. Specifically, it is determined in step 202 that the computing resource meets the trapdoor condition defined by the computing resource; and in step 205, the output resource of the computing resource is determined according to the unidirectional description of the input resource defined by the computing resource.
- the input resource has a trapdoor unidirectionality, and the corresponding step 202 in this embodiment specifically determines that the computing resource averaging meets the trapdoor condition; corresponding step 205 in this embodiment, step 303 specifically determines the output resource of average.
- the meter reading value for the household A is unidirectional as the first input resource, and the one-way type is trapdoor unidirectional.
- XA is the intersection of the access rights of the meter reading values of the trapdoor resource households B, C, and D. Therefore, in addition to Xiao Liu, the power company that has access to the meter reading values of the trapdoor resources B, C, and D also has the authority for A. Since others other than the power company want to obtain the meter reading value of A, they need to know the aggregation method.
- the access authority of the output resource whose calculation resource is averaged is ⁇ the ID of the member of the selection panel ⁇ .
- the access rights process for the output resources includes:
- the unidirectional type of the average computing resource is: Trap, that is, the output resource of the computing resource is trapdoor unidirectional to the input resource. Therefore, the average output resource has a trapping unidirectionality as the first input resource for the meter reading value of the household B, and the meter reading value of the household B is the first input resource (ie, the first aggregated resource); The resource is: all other input, that is, the trapdoor resource is the meter reading value of the resident ACD.
- the corresponding step 205 in the embodiment is specifically determining that the output resource of the average is unidirectional as the second input resource, and the one-way type is the trapping order. Directional.
- step 304a determining access rights to the meter reading value of the household B and access rights of the meter reading value of the trapping resource household ACD.
- XB is the intersection of the access rights of the meter reading values of the trapdoor resources A, C, and D. Therefore, in addition to Xiao Liu, the power company that has access to the meter reading values of the trapdoor resources A, C, and D also has the authority to B. Since others other than the power company want to obtain the meter reading value of B, it is necessary to know the aggregation method. The calculation resource average and the meter reading values of the trapping resources A, C, and D are used.
- the computing resource average has input resources other than the meter reading values of the households A and B.
- the access authority process for updating the output resource of the computing resource average according to the third input resource user C includes:
- the unidirectional type of the average computing resource is: Trap, that is, the output resource of the computing resource is trapdoor unidirectional to the input resource. Therefore, the average output resource has a trapping unidirectionality as the first input resource for the meter reading value of the household C, and the meter reading value of the household C is the first input resource (ie, the first aggregated resource);
- the resource is: all other input, that is, the trapdoor resource is the meter reading value of the resident ABD.
- step 303b specifically determines that the output resource of the average is the unidirectionality of the meter reading value of the household C as the third input resource, and the unidirectional type is the trapping order.
- Directional. 304b determine access rights to the meter reading value of the household C and copy the household ABD of the trapping resource Access to table values.
- XC is the intersection of the access rights of the meter reading values of the trapdoor resources A, B, and D. Therefore, in addition to Xiao Liu, power companies that have access to the meter reading values of trapdoor resources A, B, and D also have authority over C, because others other than the power company want to obtain the meter reading value of C.
- the calculation resource average and the meter reading values of the trapping resources A, B, and D, so the output resource of the computing resource has a unidirectionality to C other than the power company, that is, the SingleWay type defined in the computing resource average "Trap", at this time, the access authority TC of the output resource for calculating the resource averaging is ⁇ the ID of the member of the selection panel ⁇ . Since the computing resource average also has the meter reading value of the input resource D in addition to the meter reading values of the households A, B, and C, the following steps are specifically included: The output of the computing resource average is updated according to the fourth input resource user D.
- the process of accessing resources includes: 303c: Determine the output resource of average to have the unidirectionality of the meter reading value of the household D as the third input resource.
- the unidirectional type of the average computing resource is: Trap, that is, the output resource of the computing resource is trapdoor unidirectional to the input resource. Therefore, the average output resource has a trapping unidirectionality as the first input resource for the meter reading value of the household D, and the meter reading value of the household D is the first input resource.
- the trapdoor resource is: all other input, that is, the trapdoor resource is the meter reading value of the household ABC, referring to the description of step 303, the corresponding step 205 is specifically determined in step 303c in the embodiment.
- the average output resource has a unidirectionality as the third input resource for the meter reading value of the household D, and the unidirectional type is trapdoor unidirectional.
- step 304c determine the access rights to the meter reading value of the household D and the copy of the household resource ABC Access to table values.
- XD is the intersection of the access rights of the meter reading values of the trapdoor resources A, B, and C. Therefore, in addition to Xiao Liu, the power company that can access the meter reading values of the trapdoor resources A, B, and C also has the authority to D. Since others other than the power company want to obtain the meter reading value of D, it is necessary to know the aggregation method.
- the output resource information of the computing resource average in the aggregate resource creation request is a Marshup result
- Example 2 The residential household electricity distribution analysis is taken as an example for description. The example is based on multiple computing resources and each computing resource has complete unidirectionality or no single item property of the input resource, as follows: As shown in Figure 8, the municipal consulting company needs to calculate the monthly power consumption of the residential households. Therefore, the M2M application creates aggregated resources in the M2M platform to obtain this result. In this embodiment, the meter reading data of the cell resident ABCD is saved in the M2M platform. The municipal consulting company creates the aggregation resource J in the M2M platform through the M2M application to obtain the percentage of the monthly household electricity consumption of the residential households greater than 1 billion joules, and the specified aggregation result resources can only be accessed by the municipal consulting company.
- the aggregated resource J is used to calculate the distribution of monthly power consumption.
- the created aggregated resource J includes the following information:
- Aggregation result resource The power consumption distribution of the cell.
- the URI of the aggregate resource J is: http: ⁇ baseURI/Mashup_J.
- the aggregate resource J contains the calculation resource convert , the calculation resource compare, and the calculation resource analyse. And input resources and output resources for each computing resource.
- the input resource input of the computing resource convert is: MashupResources, that is, the aggregated resource; and the output resource output is: InputOfComputCompare, that is, the input resource of the computing resource compare; the number of repetitions of the computing resource is: OneForEachMa shupResource, for each aggregated resource , another 'J to perform a conversion.
- the input resource input of the computing resource compare is: Out utOf ComputeConver t , which is the output resource of the computing resource convert; the output of the compare output resource is: InputOfComputAnalyse, which is the input resource of the computing resource Analyse; the number of repetitions of the computing resource is: OneForEachComputeConver t , that is, a comparison is performed separately for each Convert's output resource.
- the input resource input of the computing resource Analyse is: Out utOfComputeCompare, which is the output resource of the computing resource Compare.
- the output of the output of Analyse is: MashupResul t, which is the result of the aggregation; the number of repetitions of the calculation resource is: OneForAl IComputeCompare, which performs an analysis on all output resources of Compar e.
- the computing resource has only one input resource (where the input resource is an aggregated resource) and one output resource.
- Input resource The meter reading value of the kWh unit.
- Output Resources The meter reading value of the Joule unit. Unidirectional: None. This linear transformation makes it easy to convert the input from the result.
- the second computing resource is expressed as follows:
- the resource aggregation device can obtain the computing resource based on the address (URI).
- the type Input type of the computing resource input resource is: NUMERIC, which means that the input resource is required to be numeric.
- the number of input resources is: one, that is, only one input resource is converted at a time.
- the unidirectional type SingleWay type of the computing resource is: none, that is, the computing resource does not satisfy the unidirectional requirement.
- the computing resource output resource The type NUMERIC is: numeric.
- the second computing resource compare (comparison calculation): used to calculate whether the monthly power consumption is greater than 1 billion joules.
- Input resource output resource of the first computing resource convert: The meter reading value of the Joule unit.
- Output resources 0 or 1, greater than 1 billion joules of output 1, less than 1 billion joules of output 0.
- the name of the computing resource is: compare
- the storage address is: http: //baseURI /compute-compare
- the resource aggregation device can obtain the computing resource according to the address (URI).
- the type Input type of the computing resource input resource is: NUMERIC, which means that the input resource is required to be numeric.
- the number of input resources is: one, that is, only one input resource is compared at a time.
- the unidirectional type SingleWay type of the computing resource is: true, that is, the output resource of the computing resource is unidirectional to the input resource, and since compare is comparing whether the monthly power consumption is greater than 1 billion joules, and the output result is logic (B00L)
- the variable 0 or 1 therefore, according to the output resource 0 or 1, the monthly power consumption of each user cannot be directly obtained, so the output resource of the computing resource has unidirectionality to the input resource, where the unidirectional type is true.
- the type B00L of the computing resource output resource is: a logical variable.
- the trapping condition of the computing resource true, that is, the computing resource requires a trapdoor condition.
- Third Computational Resource Calculates the percentage of 1 of all input resources. Input resource (output resource of the second computing resource): 0 or 1.
- the name of the computing resource is: analyse
- the storage address is: http: //baseURI /compute-analyse
- the resource aggregation device can obtain the computing resource according to the address (URI).
- the type of input resource of the computing resource Input type is: NUMERIC, which means that the input resource is required to be numeric.
- the number of input resources number is: unlimited, that is, the number of unlimited input resources is calculated at one time.
- the type of NUMERIC for this computing resource output resource is: a numeric value.
- the aggregation resource creation request includes an identifier of at least two aggregated resources (such as an ID of each community resident), a request access right Q (such as an ID of a municipal consulting company), and an identifier of a computing resource (such as ht tp) : //baseURI/compute- convert , ht tp: / /baseURI/ compute-compare and http: ⁇ baseURI/compute- analyse ), and input resource information and output resource information for each of the computing resources.
- the input resource of the computing resource hUp: //baseURI /compute-convert includes the aggregated resource, such as the ID of each community resident.
- the aggregation method includes the computing resources, the input resource information of each computing resource, and the output resource information.
- the aggregation mode includes descriptions of three computing resources, such as conversion (ie, unit conversion), comparison, and analysis.
- conversion ie, unit conversion
- comparison ie, unit conversion
- analysis the output resource of the unit conversion is the input resource of the comparison
- the output resource of the comparison is the input resource of the analysis
- the output resource of the analysis is the aggregate result resource.
- Step 402. Determine a computing resource unit conversion convert meets a trapdoor condition.
- the resource aggregation device obtains the description of the computing resource unit conversion convert according to the identifier of the computing resource included in the aggregate resource creation request, such as ht tp: //baseURI/compute- convert .
- Step 402 is then performed according to the description of the obtained convert. Specifically, from the above analysis of the unit conversion convert, the computing resource does not include a trapdoor condition. Therefore, the computing resource convert has no trapdoor condition, that is, the trapdoor condition is satisfied. Go directly to step 403.
- the resource aggregation device confirms that the trapdoor condition is not included in the convert. Therefore, the resource aggregating device may directly execute step 403 without executing step 402.
- step 102 wherein the steps 402 and 403 are implemented according to step 102, wherein the resource aggregation device determines, according to the computing resource, that the input resource of the computing resource can be obtained according to the output resource of the computing resource. Specifically, it is determined in step 202 that the computing resource satisfies the trapdoor condition of the computing resource definition; and in step 205, determining, according to the unidirectional description of the input resource by the output resource defined by the computing resource, determining the computing resource.
- the output resource is not unidirectional to the input resource;
- step 402 of the embodiment specifically determining that the computing resource unit conversion conver t satisfies the trapping condition; in step 403, in step 403, specifically determining the output resource of the unit conversion conver t to the aggregated resource A (The value of the meter reading of the aggregated resource A, that is, the household A kWh unit, is not unidirectional.
- the input resource in this step is the aggregated resource A, so this step is to determine the access rights of the aggregated resource A.
- the access authority of the aggregated resource is obtained according to the identifier of the aggregated resource A, and the aggregated resource A is taken as an example, that is, the meter reading value of the kWh unit of the household A.
- Step 405 Determine the access right of the output resource of the unit conversion is T ⁇ Q fl SAl a. Specifically, based on the determination result of step 403, that is, the output resource of convert is not unidirectional to the input resource of convert, then convert is for the input resource.
- the access authority of the output resource of the aggregated resource A is the intersection of the request access authority Q and the access authority SA1 of the aggregated resource A.
- Q is the request access right to the aggregate result resource included in the aggregate resource creation request.
- the output resource of the unit conversion included in the aggregate resource creation request is the input resource of the comparison calculation.
- the above 403-407 is the processing of the unit conversion to the resident A. Because the unit conversion calculation corresponding to households B, C, and D has not been completed, the households B, C, and D are converted according to steps 403-407, and the households are converted to households B, C, and D.
- the access rights of the output resources of B, C, and D, and the access rights of the output resources of the unit conversion A, B, C, and D computing resources are all 0.
- the next calculation resource to be processed is returned to the comparison calculation of the household A.
- Step 408 is performed to determine the characteristics of the computing resource compare.
- the unit conversion A calculates the power consumption value of the resource output Joule unit, and the comparison calculation A compares whether the power consumption exceeds the threshold value of 1 billion joules.
- household A and household B are 800 million and 900 million, respectively, and household C and household D are 1.1 billion and 1.2 billion, respectively.
- step 408 Determine the comparison calculation compare satisfies the trap condition.
- the resource aggregation device obtains a description of the computing resource comparison calculation compare according to the identifier of the computing resource included in the aggregate resource creation request, such as ht tp: //baseURI/compute- compare.
- step 408 is performed according to the obtained comparison calculation comparison description.
- the computing resource unidirectional type SingleWay type is: true, that is, the computing resource has a unidirectional requirement.
- the method further includes: determining whether the compare includes a trapdoor condition, and if the trapdoor condition is included, performing step 408, according to the analysis of the compare, the trapdoor condition of the computing resource is: true, true, that is, the computing resource Requires trap conditions.
- the input resource is converted by unit conversion to the output resource of the input resource A as an example.
- the comparison calculation is performed.
- the output resource of c ompa re is completely unidirectional to the output resource of the unit conversion convert.
- step 102 wherein the resource aggregation device determines, according to the computing resource, that the input resource of the computing resource can be obtained according to the output resource of the computing resource. Specifically, it is determined in step 202 that the computing resource meets the trapdoor condition defined by the computing resource; and in step 205, the output resource of the computing resource is determined according to the unidirectional description of the input resource defined by the computing resource. Fully unidirectional to the input resource;
- step 408 of the embodiment specifically determining that the comparison calculation meets the trapdoor condition; corresponding step 205 in step 409 of the embodiment is specifically determining that the output resource of the comparative calculation compare has unidirectionality to the input resource, and the single The directional type is completely unidirectional.
- step 408 may be performed before step 403, and in step 409, when the resource aggregation device determines that the computing resource has complete unidirectionality to the input resource, the resource aggregation device does not need to perform steps 403-407. And step 408 is directly executed.
- step 411 is more than calculate compare ⁇ input resource, corpse, output resource with one unit conversion A (calculation type of resource output resource B00L is: Logical variable), since the comparison calculation compare has only one input resource (ie, convert to the output resource of input resource A), the next step 412 is directly executed.
- the output resource of the comparison calculation included in the aggregate resource creation request is an input resource of the distribution calculation.
- the above 408-412 is the processing procedure for the output resource of compare for input resource A (the meter reading value of the resident A kWh unit).
- the calculation of the next computing resource to be processed is calculated.
- the four input resources of the distribution calculation are the comparatively calculated output resources corresponding to the households A, B, C, and D, respectively.
- Step 413 Determine the distribution calculation analyse does not contain trapdoor conditions.
- the resource aggregation device obtains a description of the computing resource distribution calculation analyse according to the identifier of the computing resource included in the aggregate resource creation request, such as http: //baseURI/compute- analyse.
- Step 413 is then performed by calculating the description of the analyse based on the acquired distribution. From the above analysis of the distribution calculation for the distribution, the computational resource does not contain a trapdoor condition. Therefore, the distribution calculates the absence of trapdoor conditions, ie, satisfies the trapdoor condition. Go directly to step 414.
- the resource aggregation device confirms that the trapdoor condition is not included in the analyse. Therefore, the resource aggregating device may directly execute step 414 without performing step 413.
- the analyse is not unidirectional to the input resource (for example, the output resource of the resident A with the aggregated resource being compare). From the above analysis of the distribution calculation for the analysis, the computing resource does not contain a one-way property, that is, the distribution calculation has no unidirectionality for all input resources.
- step 102 wherein the resource aggregation device determines, according to the computing resource, that the input resource of the computing resource can be obtained according to the output resource of the computing resource. Specifically, it is determined in step 202 that the computing resource does not include a trapdoor condition; and in step 205, according to the computing resource definition The unidirectional description of the output resource to the input resource determines that the output resource of the computing resource is not unidirectional to the input resource;
- step 202 in step 413 of the embodiment specifically determining that the trapping condition is not included in the distribution calculation, that is, satisfying the trapping condition; corresponding step 205 in step 414 in this embodiment specifically determining the distribution to calculate the input resource (in The output resource of the resident A is a case where the aggregated resource is compare. There is no unidirectionality.
- the type of the input resource input resource Input type is: NUMERIC, that is, the input resource is required to be a numeric type.
- the number of input resources is: unlimited, that is, the number of input resources is not calculated at one time.
- the input resources of the distributed calculation also have comparatively calculated output resources for the aggregated resources B, C, and D, according to steps 413-416.
- step 417 is performed.
- the output resource of the distributed calculation is used as the aggregate result resource, that is, the distribution is calculated as the last computing resource.
- the access authority of the output resource of the distribution calculation is used as the access permission of the aggregation result resource.
- Example 3 The municipal department selects the annual energy-saving model of the family as an example. It is necessary to determine the percentage of households whose monthly electricity consumption is less than the corresponding monthly average household electricity consumption in the whole city. In this embodiment, the meter reading data of the cell resident ABCD is saved in the M2M platform.
- the municipal consulting company creates a converged resource PowerConsume in the M2M platform through the M2M application to obtain the percentage of the monthly household electricity consumption in the household within one year, which is lower than the corresponding monthly average household electricity consumption in the city.
- the created aggregate resource PowerConsume includes the following information:
- the aggregated resource includes the meter reading power ID of the household A in the current month; the average household electricity consumption ID of the city in the current month; the household electricity consumption of the household in the past 11 months and the monthly average electricity consumption of the whole city in the corresponding month.
- Aggregation method Contains two computing resources. The first comparison calculates compare, which is used to analyze the comparison calculation (that is, compare the monthly meter reading power with the average household electricity consumption in the whole city); the second statistical calculation is used to analyze the distribution of the comparison calculation results.
- the relationship between the two computing resources is as follows: The output resource of the comparison conversion is the input resource of the statistical calculation, as shown in Figure 12.
- the monthly electricity consumption of households is lower than the monthly average electricity consumption of the whole city in the corresponding month.
- the request access permission for the aggregate result resource is: ⁇ Improvement company ID ⁇ .
- Http //baseURI/historyCompareData/Meter-A-201402
- Http //baseURI/historyCompareData/Meter-A-201403, ... http: I /baseURI/hi s toryCompareDa ta /Met er-A-20141 K/MashupRe sour ces> ⁇ MashupMethod>
- Http I /bas eUR I/hi s tor yCompareDa ta /Meter -A- 201401,
- Http I /bas eUR I/hi s tor yCompareDa ta /Meter -A- 201402,
- Http I /bas eUR I/hi s tor yCompareDa ta /Meter -A- 201403, -..
- Http I /bas eUR I/hi s tor yCompareDa ta /Meter -A-20141K/input>
- Http I /baseURI/ /Meter-A-Anua lConsume ⁇ /MashupResul t>
- the URI of the aggregate resource PowerConsume is: ht tp: //baseURI/Mashup_PowerConsume.
- the aggregated resources of the aggregate resource PowerConsume including: Meter-A, averagePowerConsume, Meter-A-201401 Meter_A_201411.
- Aggregate resource PowerConsum contains calculations The resource compare, the computing resource analyze.
- the URI of the aggregate result resource is: http: //baseURI//Meter-A-AnualConsume, where the aggregate result resource is the result of statistical calculation.
- the request access permission URI for the aggregate result resource is http: //baseURI/accessRightB, that is, the request access right for the aggregate result resource is stored in the URI, wherein the AccessRightB describes the municipal consulting company having the read permission.
- the input resource input of the computing resource compare is: Ma shupResources (Meter-A, aver a gePower Consume), which are all aggregated resources; and the output resource output is: Inpu tOfCompu t Ana lyse, that is, the input resource of the statistical resource ana 1 yse
- the number of repetitions of the computing resource is: Once, that is, a comparison calculation is performed for all the aggregated resources.
- the input resource input of the statistical resource Ana lyse is: OutputOf ComputeCompare, http: //baseURI/his tor yCompareData/Meter-A-201401,
- Http //baseURI/historyCompareData/Meter-A-201402
- Http //baseURI/historyCompareData/Meter-A-201403, ... http: //baseURI/historyCompareData/Meter-A-201411 , that is, the output resource of the computing resource compare, and the household A used in the past 11 months
- the comparison between the power consumption and the average monthly household electricity consumption in the corresponding month; and the output output of Analyse is: MashupResult, that is, the aggregation result resource; the number of repetitions of the calculation resource is: once, that is, the output resource of compare and all others Enter the resource to perform an analysis.
- the specific first computing resource, the description of the comparative computing resource is as follows: Used to compare users
- the name of the computing resource is: compare
- the storage address is: http: //baseURI/compute-compare
- the resource aggregation device can obtain the computing resource according to the address (URI).
- the type of the input resource of the computing resource Input type is: NUMERIC, which means that the input resource is required to be numeric.
- SingleWay type is: true, that is, the computing resource has a unidirectional requirement for the first input resource.
- the SingleWay type is: false, that is, the computing resource has no unidirectional requirement for the second input resource.
- the trapping condition of the computing resource true, that is, the computing resource requires a trapdoor condition.
- the type of computing resource output resource is: Logical variable High, Low, Medium (that is, greater than, less than or equal to).
- Second computing resource Calculate the percentage of Low in all input resources, as follows: Input resource (output resource of the first computing resource): High, Low or Medium, and household A used electricity for the past 11 months The comparison between the amount and the monthly average electricity consumption of the city in the corresponding month.
- Output resource The percentage of Low. Trapdoor conditions: None. Unidirectional: None.
- the type of input resource of the computing resource Input type is: NUMERIC, which means that the input resource is required to be numeric.
- the number of input resources number is: unlimited, that is, the number of unlimited input resources is calculated at one time.
- the type of NUMERIC for this computing resource output resource is: a numeric value.
- the trapdoor condition is: FALSE, which is false, that is, no trapdoor condition.
- the access authority determination process of the aggregation result resource with reference to FIG. 12 is as follows:
- the aggregation resource creation request includes the identifier of the aggregated resource (eg, the meter reading power ID of the household A in the current month; the average household electricity consumption ID of the city in the current month; the household electricity consumption of the household in the past 11 months and the average monthly household price of the city in the corresponding month)
- the comparison result ID of the electricity quantity, the request access right Q of the aggregation result resource (such as the ID of the municipal consulting company), the identification of the computing resource (http: //ba seURI /compute-conver t , http: / /baseURI/ compute -compare and http: //baseURI/compute-analyse), the input resource and output resource of the computing resource.
- the input resource and the output resource of the at least one computing resource and the computing resource constitute an aggregation mode, and the aggregation mode includes two computing resources: a comparison calculation and a statistical calculation, wherein.
- the output resource of the comparison calculation is the input resource of the statistical calculation, and the output resource of the statistical calculation resource is Aggregate result resources.
- step 502. Determine that the computing resource compare satisfies the trapdoor condition.
- the resource aggregation device creates an identifier of the computing resource included in the request according to the aggregate resource, such as comparing the description of compare.
- step 402 is performed according to the description of the obtained compare.
- the computational resource trap condition: true is true.
- the first input resource of compare household A's monthly electricity consumption
- the first input resource and the second can be known by knowing the output of compare and the second input resource of compare (the average household electricity consumption in the city). The size of the input resource. Therefore, the computing resource compare satisfies the trapping condition and directly executes step 503.
- step 502 it is determined whether the compare includes a trapdoor condition, and if the trap condition is included, step 502 is performed, and according to the analysis of the compare, the trapdoor condition of the computing resource is known: true, true, that is, the computing resource Requires trap conditions.
- step 202 it is determined in step 202 that the computing resource satisfies the trapdoor condition of the computing resource definition; and in step 205, determining, according to the unidirectional description of the input resource by the output resource defined by the computing resource, determining the computing resource.
- the output resource is unidirectional to the input resource, and the unidirectional type is completely unidirectional;
- step 202 in step 502 is specifically determining that the computing resource compare satisfies the trapping condition;
- step 205 is in the implementation
- step 503 specifically determines that the output resource of the computing resource comparison compare has unidirectionality to the Meter-A aggregated resource, and the unidirectional type is completely unidirectional.
- step 506 is implemented according to step 102, wherein the resource aggregation device determines, according to the computing resource, that the input resource of the computing resource can be obtained according to the output resource of the computing resource. Determining, in step 205, the unidirectional description of the input resource according to the output resource defined by the computing resource, that the output resource of the computing resource does not have unidirectionality to the input resource;
- step 506 the output resource of the computing resource comparison compare is not unidirectional to the second input resource (the average household power consumption averagePowerConsume).
- the specific acquisition method is to send an acquisition request to the aggregated resource identifier (such as a URI), and find the accessRightld attribute from the returned aggregated resource, where the attribute is an access authority resource identifier.
- the URI stored in the accessRightld attribute is further sent to obtain the request, and the returned result is the access permission of the corresponding resource.
- the steps in 503-508 can also calculate compare ⁇ second inbound resource based on t ⁇ , calculate calculate comp ⁇ resources, ⁇ Access rights, and then calculate the access rights of the output resource of the comparison calculation compare according to the first input resource of the comparison calculation; in the step, only 503-504 and 506-508 are replaced in order, and the comparison is calculated to finally The access rights of the resulting output resources have no effect.
- step 510 Determine a computing resource comparison compare an output resource of the second input resource as an input resource of other computing resources.
- steps 503-508 are used to calculate and compare the access rights of the output resources of the compare according to the second input resource of the comparison calculation, and then calculate the access rights of the output resources of the comparison calculation compare according to the first input resource of the comparison calculation.
- step 510 specifically, it is determined whether the comparison calculation compares the output resource of the first input resource as an input resource of another computing resource.
- the compared output resource included in the aggregate resource creation request is an input resource of the statistical calculation.
- the statistical input resources are the comparatively calculated output resources and the comparison of the electricity consumption of households A in the past 11 months and the monthly average electricity consumption of the city in the corresponding month (Meter-A-201401, Meter-A- 201411).
- step 511 Determine that the computing resource statistics analyze does not satisfy the trapdoor condition. From the above analysis of the distribution statistics for the analysis, the computational resource trap condition: FALSE, is false. Therefore, the statistical calculation analyze does not satisfy the trapdoor condition, and proceeds to step 512.
- the step 511 is implemented, according to the resource aggregation device in step 102, determining, according to the computing resource, that the input resource of the computing resource can be obtained according to the output resource of the computing resource: The determining, in the step 202, that the computing resource does not meet the trapdoor condition of the computing resource definition; in step 511, the corresponding step 202 is specifically determining that the computing resource statistics analyze does not satisfy the trapdoor condition. 512.
- the input resources of the statistical calculation include: comparing the calculated output resources (the access rights have already obtained T' in step 508), the comparison results of the household electricity consumption of the households in the past 11 months and the monthly average electricity consumption of the whole city in the corresponding month,
- the address of the comparison between household A's electricity consumption in the past 11 months and the average monthly household electricity consumption in the corresponding month is http: //baseURI/his tor yCompareData/Meter-A-201401,
- Http //baseURI/historyCompareData/Meter-A-201402
- the method of authority is the same as that described in 507 and will not be described again.
- the output resource of the computing resource statistics is used as an access permission of the aggregation result resource.
- the statistical output resource is used as the aggregation result resource, so the access permission of the aggregated result resource is ⁇ the ID of the municipal consulting company ⁇ .
- various aspects or features of the present invention can be implemented as an apparatus or as an article of manufacture using standard programming and/or engineering techniques.
- the term "article of manufacture” as used in this application encompasses a computer program accessible from any computer-readable device, carrier, or media.
- a computer readable medium may include, but is not limited to, a magnetic storage device (eg, a hard disk, a floppy disk, or a magnetic tape, etc.), an optical disk (eg, a CD (Compact Disk), a DVD (Digital Versatile Disk) Etc.), smart cards and flash devices (eg, EPR0M (Erasable Programmable Read-Only Memory), cards, sticks or key drives, etc.).
- various storage media described herein can represent one or more devices and/or other machine readable media for storing information.
- the term "machine-readable medium” may include, but is not limited to, a wireless channel and various other mediums capable of storing, containing, and/or carrying instructions and/or data.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
Provided are a method for controlling a resource aggregation result access permission and a resource aggregation apparatus, which relate to the technical field of networks and can improve the information security of an aggregation resource. The method comprises: receiving an aggregation resource creation request, wherein the aggregation resource creation request comprises a request access permission of an aggregation result resource and an identifier of a computing resource and input resource information about the computing resource; acquiring the computing resource according to the identifier of the computing resource, and according to the computing resource, determining that an input resource of the computing resource can be acquired according to an output resource of the computing resource; acquiring an access permission of the input resource according to the input resource information about the computing resource; determining an access permission of the output resource of the computing resource according to the request access permission and the access permission of the input resource; and taking the access permission of the output resource of the computing resource as an access permission of the aggregation result resource. The embodiments of the present invention are used for controlling a resource aggregation result access permission.
Description
一种资源聚合结果访问权限的控制方法及资源聚合装置 Method for controlling access permission of resource aggregation result and resource aggregation device
技术领域 本发明涉及网络技术领域, 尤其涉及资源聚合结果访问权限的控制 方法及资源聚合装置。 背景技术 TECHNICAL FIELD The present invention relates to the field of network technologies, and in particular, to a method for controlling access rights of resource aggregation results and a resource aggregation device. Background technique
信息聚合指将***中的一个或多个资源作为输入, 经过逻辑计算, 计算结果作为输出资源对外提供访问。 其中, 资源是对网络中传输的或 者服务器中存储的各种信息的类化, 以使得相同内容或相同类型的信息 可以使用同一标识进行标记, 以方便信息的分类存储或调用, 信息聚合 即将信息使用资源的形式实现聚合。 在 M2M ( Mach i ne t o Mach ine , 机器 到机器) ***中, M2M应用通过创建一个聚合资源对一个或者多个在 M2M ***中已经存在的资源 (本专利中称被聚合资源) 进行聚合, 被聚合资 源可由 M2M应用访问获取。 被聚合资源包含: 被聚合资源的标识 (如被 聚合资源的 UR I ( Un i form Re s ource I dent i f i er , 通用资源标识符) 。 被聚合资源用来指示该聚合的过程将输入计算资源的资源; 聚合方式是 单独的计算资源, 或者连接的计算资源。 聚合方式表示对被聚合资源进 行相应的计算过程, 而该计算过程由计算资源提供。 通过该计算过程能 够获得聚合结果。 聚合结果表示聚合结果资源的信息, 可以是聚合结果 资源本身, 也可以是聚合结果资源的标识。 上述聚合方式由一个或者多个计算资源构成, 这些计算资源以被聚 合资源为输入, 计算资源就是一个计算过程, 它包括输入资源和输出资 源。 一个计算资源的输出资源可以作为另外一个计算资源的输入资源, 如果一个计算资源的输出资源作为另外一个计算资源的输入资源, 则称 这两个计算资源连接。 通过聚合方式对被聚合资源进行变换、 整合和运 算以后最终输出的结果即是聚合结果资源。 访问权限用来规定 M2M ***中的一个资源可以被哪些应用进行何种 形式的访问。 例如可以通过访问权限来约束某数据只能被应用 A读, 只 能被应用 B写。 在现有的 M2M ***中常见的访问权限控制方法包括自主 访问控制和基于角色的访问控制。
自主访问控制的规定由数据的创建者确定该数据可以被谁访问和 操作。 其典型的用法就是 ACL (Access Control List, 访问控制列表)。 在现有技术中, 通过将需要访问权限保护的资源和一种表示访问权限的 资源 AccessRight (访问权限)资源相关联来实现定义哪些应用可以访问 该资源。 在 AccessRight 资源中定义了不同应用 ID和 CRUD ( Create, Retrieve, Update, Delete, 增加、 查询 (重新得到数据) 、 更新、 删 除 ) 四种操作之间的对应关系。 相比 ACL 中定义哪个应用可以访问该资源而言, 基于角色的访问控 制定义了哪些角色可以访问该资源。 这个角色可能是一般用户、 高级用 户、 管理员这样的分类。 某个角色可能和多个应用 ID相关联。 基于角色 的访问控制的优势在于数据的创建者只需要关心自己的数据可以被哪些 角色访问, 而不需要关心每个角色下具体有哪些应用或者哪些人在使用 这些应用。 对于聚合结果资源, 因为该聚合结果资源是由 M2M***根据聚合资 源中定义的过程生成。 由于聚合结果资源是由被聚合资源经过变换和计 算得到, 因而通过对聚合结果资源进行相反的变换和计算, 可能会得到 被聚合资源。 因此, 聚合结果资源的访问者有可能会获知被聚合资源。 如果聚合结果资源的访问者不具有访问被聚合资源的权限, 则有可能侵 犯被聚合资源的隐私, 影响被聚合资源的信息安全。 发明内容 Information aggregation refers to taking one or more resources in the system as input, and after logical calculation, the calculation result provides external access as an output resource. The resource is a classifying various information transmitted in the network or stored in the server, so that the same content or the same type of information can be marked with the same identifier, so as to facilitate the classified storage or invocation of the information, and the information is aggregated. Aggregate is implemented in the form of resources. In an M2M (Machine to Mach ine) system, an M2M application aggregates one or more resources already existing in the M2M system (referred to as aggregated resources in this patent) by creating an aggregate resource. Aggregated resources can be accessed by M2M application access. The aggregated resource contains: the identifier of the aggregated resource (such as UR I (Uni Form Re s ource I dent if ier) of the aggregated resource. The aggregated resource is used to indicate that the process of the aggregate will input the computing resource. The aggregation mode is a separate computing resource, or a connected computing resource. The aggregation mode indicates that the corresponding computing process is performed on the aggregated resource, and the computing process is provided by the computing resource. The aggregation result can be obtained by the calculation process. The information indicating the aggregation result resource may be the aggregation result resource itself or the identifier of the aggregation result resource. The foregoing aggregation mode is composed of one or more computing resources, and the computing resources are input by the aggregated resource, and the computing resource is a calculation. Process, which includes input resources and output resources. The output resource of one computing resource can be used as an input resource of another computing resource. If the output resource of one computing resource is used as an input resource of another computing resource, the two computing resource connections are called. By aggregation The result of the final output after the transformation, integration, and operation of the aggregated resource is the aggregate result resource. The access permission is used to specify which applications of a resource in the M2M system can be accessed by which applications. For example, access rights can be used. Constraining a certain data can only be read by application A, and can only be written by application B. Common access control methods in existing M2M systems include autonomous access control and role-based access control. The rules for autonomous access control are determined by the creator of the data who can access and operate the data. Its typical usage is ACL (Access Control List). In the prior art, it is implemented to define which applications can access the resource by associating a resource that requires access protection with a resource AccessRight (access rights) resource that represents access rights. The correspondence between the different application IDs and CRUD (Create, Retrieve, Update, Delete, Add, Query (Retrieve Data), Update, Delete) is defined in the AccessRight resource. Role-based access control defines which roles can access the resource compared to which application is defined in the ACL to access the resource. This role may be a classification of general users, advanced users, and administrators. A role may be associated with multiple app IDs. The advantage of role-based access control is that data creators only need to care about which roles their data can be accessed by, without having to care about which applications or who are using them under each role. For the aggregation result resource, because the aggregation result resource is generated by the M2M system according to the process defined in the aggregate resource. Since the aggregation result resource is transformed and calculated by the aggregated resource, the aggregated resource may be obtained by performing the inverse transformation and calculation on the aggregated result resource. Therefore, visitors to the aggregated result resource may be aware of the aggregated resource. If the visitor of the aggregated result resource does not have the right to access the aggregated resource, it may invade the privacy of the aggregated resource and affect the information security of the aggregated resource. Summary of the invention
本发明的实施例提供一种资源聚合结果访问权限的控制方法及资源 聚合装置, 能够提高被聚合资源的信息安全。 为达到上述目的, 本发明的实施例采用如下技术方案: 第一方面, 提供一种资源聚合装置, 包括, 接收单元, 用于接收聚合资源创建请求, 所述聚合资源创建请求包 括: 对聚合结果资源的请求访问权限和计算资源的标识, 以及所述计算 资源的输入资源信 , 和所述计算资源的输出资源信息; 获取单元, 用于根据所述接收单元接收的所述聚合资源创建请求包 含的所述计算资源的标识获取所述计算资源;
计算资源确定单元, 用于根据所述获取单元获取的所述计算资源确 定所述计算资源的输入资源能够根据所述计算资源的输出资源获取; 所述获取单元进一步用于, 根据所述接收单元接收的所述聚合资源 创建请求中包含的所述计算资源的输入资源的信息获取所述输入资源的 访问权限; 权限确定单元, 用于根据所述接收单元接收的所述聚合资源创建请 求包含的所述请求访问权限和所述获取单元获取的所述输入资源的访问 权限确定所述计算资源的输出资源的访问权限; 所述权限确定单元还用于: 当所述计算资源的输出资源为聚合结果 资源时, 将所述计算资源的输出资源的访问权限作为所述聚合结果资源 的访问权限。 结合第一方面, 在第一种可能的实现方式中, 所述计算资源确定单 元具体用于, 根据所述计算资源中定义的陷门条件确定所述计算资源不 满足所述陷门条件; 所述权限确定单元具体用于, 确定所述计算资源的输出资源的访问 权限为所述请求访问权限和所述计算资源的输入资源的访问权限的交 集。 结合第一方面,在第二种可能的实现方式中,所述计算资源确定单元, 具体用于确定所述计算资源满足所述计算资源定义的陷门条件,或确定所 述计算资源不包括陷门条件;且根据所述计算资源定义的输出资源对输入 资源的单向性描述确定所述计算资源的输出资源对所述输入资源不具有 单向性; 所述权限确定单元,具体用于确定所述计算资源的输出资源的访问权 限为所述接收单元接收的所述聚合资源创建请求中包含的所述请求访问 权限与所述获取单元获取的所述输入资源的访问权限的交集; 或者, 所述计算资源确定单元,具体用于确定所述计算资源满足所述计算资
源定义的陷门条件, 或确定所述计算资源不包括陷门条件;且根据所述计 算资源定义的对输入资源的单向性描述确定所述计算资源的输出资源对 输入资源具有陷门单向性; 所述计算资源进一步包含陷门资源的描述;所述权限确定单元, 还用 于根据陷门资源的描述确定所述陷门资源的访问权限; 所述权限确定单元, 具体用于确定所述计算资源的输出资源的访问 权限为在所述接收单元接收的所述聚合资源创建请求中包含的所述请求 访问权限和所述获取单元获取的所述输入资源的访问权限的并集中排除 所有所述陷门资源的访问权限与所述请求访问权限的交集。 第二方面, 提供一种资源聚合装置, 包括: 处理器, 存储器, 通信 接口及总线, 所述处理器、 所述存储器及所述通信接口通过所述总线相 互连接; 所述通信接口, 用于接收聚合资源创建请求, 所述聚合资源创建请 求包括: 对聚合结果资源的请求访问权限和计算资源的标识, 以及所述 计算资源的输入资源信息和所述计算资源的输出资源信息; 所述处理器, 用于根据所述通信接口接收的所述聚合资源创建请求 包含的所述计算资源的标识获取所述计算资源, 并根据所述计算资源确 定所述计算资源的输入资源能够根据所述计算资源的输出资源获取;根 据所述通信接口接收的所述聚合资源创建请求包含的所述计算资源的输 入资源的信息获取所述输入资源的访问权限; 根据所述通信接口接收的 所述聚合资源创建请求包含的请求访问权限和所述输入资源的访问权限 确定所述计算资源的输出资源的访问权限; 当所述计算资源的输出资源 为聚合结果资源时, 将所述计算资源的输出资源的访问权限作为所述聚 合结果资源的访问权限。 结合第二方面, 在第一种可能的实现方式中, 所述处理器根据所述计 算资源确定所述计算资源的输入资源能够根据所述计算资源的输出资源 获取具体为: 所述处理器根据所述计算资源中定义的陷门条件确定所述计 算资源不满足所述陷门条件;
所述处理器根据所述通信接口接收的所述聚合资源创建请求包含的 所述请求访问权限和所述输入资源的访问权限确定所述计算资源的输出 资源的访问权限具体为: 所述处理器确定所述计算资源的输出资源的访问 权限为所述请求访问权限和所述计算资源的输入资源的访问权限的交集。 结合第二方面, 在第二种可能的实现方式中, 所述处理器根据所述计 算资源确定所述计算资源的输入资源能够根据所述计算资源的输出资源 获取具体为: 所述处理器确定所述计算资源满足所述计算资源定义的陷门 条件, 或确定所述计算资源不包括陷门条件;且根据所述计算资源定义的 输出资源对输入资源的单向性描述确定所述计算资源的输出资源对所述 输入资源不具有单向性; 且所述处理器根据所述通信接口接收的所述聚合 资源创建请求包含的所述请求访问权限和所述输入资源的访问权限确定 所述计算资源的输出资源的访问权限具体为: 所述处理器确定所述计算资 源的输出资源的访问权限为所述通信接口接收的所述聚合资源创建请求 包含的所述请求访问权限与所述输入资源的访问权限的交集; 或, 所述处理器根据所述计算资源确定所述计算资源的输入资源能够根 据所述计算资源的输出资源获取具体为: 所述处理器确定所述计算资源满 足所述计算资源定义的陷门条件, 或确定所述计算资源不包括陷门条件; 且根据所述计算资源定义的对输入资源的单向性描述确定所述计算资源 的输出资源对输入资源具有陷门单向性; 且所述计算资源进一步包含陷门资源的描述; 所述处理器还用于根 据陷门资源的描述确定所述陷门资源的访问权限; 且所述处理器根据所述通信接口接收的所述聚合资源创建请求包含 的所述请求访问权限和所述输入资源的访问权限确定所述计算资源的输 出资源的访问权限具体为: 所述处理器确定所述计算资源的输出资源的访 问权限为在所述通信接口接收的所述聚合资源创建请求包含的所述请求 访问权限和所述输入资源的访问权限的并集中排除所有所述陷门资源的 访问权限与所述请求访问权限的交集。 第三方面, 提供一种资源聚合结果访问权限的控制方法,
资源聚合装置接收聚合资源创建请求,所述聚合资源创建请求包括: 对聚合结果资源的请求访问权限和计算资源的标识, 以及所述计算资源 的输入资源信 ,包、和所述计算资源的输出资源信息; 根据所述计算资源的标识获取所述计算资源, 并根据所述计算资源 确定所述计算资源的输入资源能够根据所述计算资源的输出资源获取; 根据所述计算资源的输入资源的信息获取所述输入资源的访问权 限; 根据所述请求访问权限和所述输入资源的访问权限确定所述计算资 源的输出资源的访问权限; 当所述计算资源的输出资源为聚合结果资源时, 将所述计算资源的 输出资源的访问权限作为所述聚合结果资源的访问权限。 结合第三方面, 在第一种可能的实现方式中, 所述根据所述计算资源 确定所述计算资源的输入资源能够根据所述计算资源的输出资源获取具 体为: 根据所述计算资源中定义的陷门条件确定所述计算资源不满足所述 陷门条件; 所述根据所述请求访问权限和所述计算资源的输入资源的访问权限 确定所述计算资源的输出资源的访问权限具体为: 确定所述计算资源的输出资源的访问权限为所述请求访问权限和所 述计算资源的输入资源的访问权限的交集。 结合第三方面, 在第二种可能的实现方式中, 所述根据所述计算资源 确定所述计算资源的输入资源能够根据所述计算资源的输出资源获取具 体为: 确定所述计算资源满足所述计算资源定义的陷门条件, 或确定所述 计算资源不包括陷门条件;且根据所述计算资源定义的输出资源对输入资 源的单向性描述确定所述计算资源的输出资源对所述输入资源不具有单 向性; 所述根据所述请求访问权限和所述输入资源的访问权限确定所述计 算资源的输出资源的访问权限具体为: 确定所述计算资源的输出资源的访
问权限为所述请求访问权限与所述输入资源的访问权限的交集; 或, 所述根据所述计算资源确定所述计算资源的输入资源能够根据所述 计算资源的输出资源获取具体为: 确定所述计算资源满足所述计算资源定 义的陷门条件, 或确定所述计算资源不包括陷门条件;且根据所述计算资 源定义的对输入资源的单向性描述确定所述计算资源的输出资源对输入 资源具有陷门单向性;所述计算资源进一步包含陷门资源的描述; 所述方 法进一步包括: 根据陷门资源的描述确定所述陷门资源的访问权限; 所述根据所述请求访问权限和所述输入资源的访问权限确定所述计 算资源的输出资源的访问权限具体为: 确定所述计算资源的输出资源的访 问权限为在所述请求访问权限和所述输入资源的访问权限的并集中排除 所有所述陷 I' 1资源的访问权限与所述请求访问权限的交集。 本发明的实施例提供一种资源聚合结果访问权限的控制方法及资源 聚合装置, 能够根据对聚合结果资源的请求访问权限和计算资源的输入 资源的访问权限确定所述计算资源的输出资源的访问权限,并将所述计 算资源的输出资源的访问权限作为所述聚合结果资源的访问权限。 从而 使得聚合结果资源的访问权限能够避免通过反推暴露输入资源, 从而提 高输入资源的信息安全性。 附图说明 为了更清楚地说明本发明实施例的技术方案, 下面将对实施例或现 有技术描述中所需要使用的附图作简单地介绍, 显而易见地, 下面描述 中的附图仅仅是本发明的一些实施例, 对于本领域普通技术人员来讲, 在不付出创造性劳动的前提下, 还可以根据这些附图获得其他的附图。 图 1为本发明的实施例提供的一种资源聚合装置的结构示意图; 图 1 为本发明的另一实施例提供的一种资源聚合装置的结构示意 图; The embodiments of the present invention provide a method for controlling access rights of resource aggregation results and a resource aggregation device, which can improve information security of the aggregated resources. To achieve the above objective, the embodiment of the present invention adopts the following technical solutions: In a first aspect, a resource aggregation apparatus is provided, including: a receiving unit, configured to receive an aggregation resource creation request, where the aggregation resource creation request includes: An identifier of the request access authority and the computing resource of the resource, and an input resource letter of the computing resource, and output resource information of the computing resource; an obtaining unit, configured to include, according to the aggregate resource creation request received by the receiving unit The identifier of the computing resource acquires the computing resource; a computing resource determining unit, configured to determine, according to the computing resource acquired by the acquiring unit, that an input resource of the computing resource is obtainable according to an output resource of the computing resource, where the acquiring unit is further configured to: according to the receiving unit Receiving, by the information about the input resource of the computing resource included in the aggregate resource creation request, the access authority of the input resource; the rights determining unit, configured to be used according to the aggregate resource creation request received by the receiving unit The requesting access authority and the access authority of the input resource acquired by the acquiring unit determine an access right of the output resource of the computing resource; the right determining unit is further configured to: when the output resource of the computing resource is an aggregate When the resource is the result, the access authority of the output resource of the computing resource is used as the access permission of the aggregation result resource. With reference to the first aspect, in a first possible implementation, the computing resource determining unit is configured to determine, according to the trapdoor condition defined in the computing resource, that the computing resource does not satisfy the trapdoor condition; The permission determining unit is specifically configured to: determine an access right of the output resource of the computing resource as an intersection of the request access authority and the access authority of the input resource of the computing resource. With reference to the first aspect, in a second possible implementation, the computing resource determining unit is specifically configured to determine that the computing resource meets a trapdoor condition defined by the computing resource, or determine that the computing resource does not include a trapping a unidirectional description of the input resource according to the output resource defined by the computing resource, and determining that the output resource of the computing resource does not have unidirectionality to the input resource; the privilege determining unit is specifically configured to determine The access authority of the output resource of the computing resource is an intersection of the request access right included in the aggregate resource creation request received by the receiving unit and the access authority of the input resource acquired by the acquiring unit; or The computing resource determining unit is specifically configured to determine that the computing resource meets the computing resource Determining the trapdoor condition of the source, or determining that the computing resource does not include a trapdoor condition; and determining, according to the unidirectional description of the input resource defined by the computing resource, that the output resource of the computing resource has a trapping threshold for the input resource The computing resource further includes a description of the trapdoor resource; the authority determining unit is further configured to determine an access right of the trapdoor resource according to the description of the trapdoor resource; the authority determining unit is specifically configured to determine The access authority of the output resource of the computing resource is a combination of the request access right included in the aggregate resource creation request received by the receiving unit and the access authority of the input resource acquired by the acquiring unit An intersection of access rights of all of the trapdoor resources and the requested access rights. In a second aspect, a resource aggregation apparatus is provided, including: a processor, a memory, a communication interface, and a bus, wherein the processor, the memory, and the communication interface are connected to each other through the bus; Receiving an aggregate resource creation request, where the aggregate resource creation request includes: a request access right to the aggregate result resource and an identifier of the computing resource, and input resource information of the computing resource and output resource information of the computing resource; And acquiring, according to the identifier of the computing resource included in the aggregate resource creation request received by the communication interface, the computing resource, and determining, according to the computing resource, an input resource of the computing resource, according to the calculating The output resource of the resource is obtained according to the information of the input resource of the computing resource included in the aggregate resource creation request received by the communication interface; the aggregate resource received according to the communication interface Create request access rights and the input funds included in the request The access right of the source determines the access authority of the output resource of the computing resource; when the output resource of the computing resource is the aggregated result resource, the access authority of the output resource of the computing resource is used as the access permission of the aggregated result resource . With reference to the second aspect, in a first possible implementation, the determining, by the processor, that the input resource of the computing resource is obtainable according to the output resource of the computing resource, according to the computing resource, is: The trapdoor condition defined in the computing resource determines that the computing resource does not satisfy the trapdoor condition; Determining, by the processor, the access permission of the output resource of the computing resource according to the request access right and the access authority of the input resource that are received by the communication interface according to the communication interface: Determining an access right of an output resource of the computing resource as an intersection of the request access authority and an access authority of an input resource of the computing resource. With reference to the second aspect, in a second possible implementation, the determining, by the processor, that the input resource of the computing resource is obtainable according to the output resource of the computing resource, according to the computing resource, is: The computing resource satisfies the trapdoor condition defined by the computing resource, or determines that the computing resource does not include a trapdoor condition; and determines the computing resource according to the unidirectional description of the input resource by the output resource defined by the computing resource The output resource is not unidirectional to the input resource; and the processor determines, according to the request access right included in the aggregate resource creation request received by the communication interface and the access authority of the input resource, The access authority of the output resource of the computing resource is specifically: the processor determining that the access authority of the output resource of the computing resource is the requested access right and the input included in the aggregate resource creation request received by the communication interface An intersection of access rights of resources; or, the processor determines the calculation based on the computing resources The input resource of the source can be obtained according to the output resource of the computing resource: the processor determines that the computing resource meets a trapdoor condition defined by the computing resource, or determines that the computing resource does not include a trapdoor condition; Determining, according to the unidirectional description of the input resource, the output resource of the computing resource has a trapdoor unidirectionality to the input resource; and the computing resource further includes a description of the trapdoor resource; And determining, according to the description of the trapdoor resource, the access authority of the trapdoor resource; and the processor according to the aggregated resource creation request received by the communication interface, the requested access right and the input resource The access authority determines that the access authority of the output resource of the computing resource is: the processor determines that the access authority of the output resource of the computing resource is the request included in the aggregate resource creation request received by the communication interface The access rights and the access rights of the input resources are concentrated to exclude access to all the trapdoor resources Intersection with the access request. The third aspect provides a method for controlling access rights of resource aggregation results, The resource aggregation device receives an aggregate resource creation request, where the aggregate resource creation request includes: a request access right to the aggregate result resource and an identifier of the computing resource, and an input resource letter, a package, and an output of the computing resource of the computing resource Obtaining the computing resource according to the identifier of the computing resource, and determining, according to the computing resource, that the input resource of the computing resource can be obtained according to an output resource of the computing resource; according to the input resource of the computing resource Obtaining an access right of the input resource according to the request access right and an access right of the input resource, determining an access right of an output resource of the computing resource; and when an output resource of the computing resource is an aggregate result resource, The access authority of the output resource of the computing resource is used as the access permission of the aggregation result resource. With reference to the third aspect, in a first possible implementation, the determining, by the computing resource, the input resource of the computing resource, according to the output resource of the computing resource, is: The trapdoor condition determines that the computing resource does not satisfy the trapdoor condition; and determining, according to the request access authority and the access authority of the input resource of the computing resource, the access permission of the output resource of the computing resource is: Determining an access right of an output resource of the computing resource as an intersection of the request access authority and an access authority of an input resource of the computing resource. With reference to the third aspect, in a second possible implementation, the determining, by the computing resource, that the input resource of the computing resource can be obtained according to the output resource of the computing resource is: determining that the computing resource meets Determining a trapdoor condition of the resource definition, or determining that the computing resource does not include a trapdoor condition; and determining, according to the unidirectional description of the input resource by the output resource defined by the computing resource, the output resource of the computing resource The input resource is not unidirectional; the determining the access authority of the output resource of the computing resource according to the request access right and the access authority of the input resource is specifically: determining the output resource of the computing resource The request permission is an intersection of the request access right and the access authority of the input resource; or the determining, according to the computing resource, the input resource of the computing resource can be obtained according to the output resource of the computing resource: The computing resource satisfies a trapdoor condition defined by the computing resource, or determines that the computing resource does not include a trapdoor condition; and determines an output of the computing resource according to a unidirectional description of the input resource defined by the computing resource The resource has a trapdoor unidirectionality for the input resource; the computing resource further includes a description of the trapdoor resource; the method further includes: determining an access right of the trapdoor resource according to the description of the trapdoor resource; Determining an access right and an access right of the input resource, determining an access right of an output resource of the computing resource is specifically: determining an access right of an output resource of the computing resource as accessing the requested access right and the input resource Concentration of rights and exclusions of all the access rights of the I'1 resource and the request access rights The intersection of. An embodiment of the present invention provides a method for controlling resource access result access rights and a resource aggregation device, which can determine access to an output resource of the computing resource according to a request access right of an aggregate result resource and an access right of an input resource of a computing resource. Permission, and the access authority of the output resource of the computing resource is used as the access permission of the aggregation result resource. Therefore, the access permission of the aggregated result resource can avoid the input resource being exposed by the reverse push, thereby improving the information security of the input resource. BRIEF DESCRIPTION OF THE DRAWINGS In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the embodiments or the prior art description will be briefly described below. Obviously, the drawings in the following description are only the present drawings. Some embodiments of the invention may be obtained by those of ordinary skill in the art from the drawings without departing from the scope of the invention. 1 is a schematic structural diagram of a resource aggregation apparatus according to an embodiment of the present invention; FIG. 1 is a schematic structural diagram of a resource aggregation apparatus according to another embodiment of the present invention;
图 3为本发明的实施例提供的一种资源聚合结果访问权限的控制方 法流程示意图;
图 4为本发明的另一实施例提供的一种资源聚合结果访问权限的控 制方法流程示意图; FIG. 3 is a schematic flowchart of a method for controlling access rights of a resource aggregation result according to an embodiment of the present invention; 4 is a schematic flowchart of a method for controlling access rights of resource aggregation results according to another embodiment of the present invention;
图 5为本发明的实施例提供的一种资源聚合过程示意图; 图 6为本发明的实施例提供的一种资源聚合结果访问权限的控制方 法应用场景示意图; 图 7为本发明的实施例提供的图 6所示场景的资源聚合结果访问权 限的控制方法的流程示意图; 图 8为本发明的另一实施例提供的一种资源聚合结果访问权限的控 制方法应用场景示意图; 图 9为本发明的实施例提供的图 8所示场景的资源聚合过程示意图; 图 10为本发明的实施例提供的图 8所示场景的资源聚合结果访问权 限的控制方法的流程示意图; 图 11 为本发明的又一实施例提供的一种资源聚合结果访问权限的 控制方法应用场景示意图; 图 12为本发明的实施例提供的图 11所示场景的资源聚合结果访问 权限的控制方法的流程示意图。 具体实施方式 现在参照附图描述多个实施例, 其中用相同的附图标记指示本文中 的相同元件。 在下面的描述中, 为便于解释, 给出了大量具体细节, 以 便提供对一个或多个实施例的全面理解。 然而, 很明显, 也可以不用这 些具体细节来实现所述实施例。 在其它例子中, 以方框图形式示出公知 结构和设备, 以便于描述一个或多个实施例。 本发明的实施例提供一种资源聚合装置, 应用于 M2M ***, 该装置 可以是 M2M***中的应用服务节点 (ASN, Application Sercice Node ) 设备、 中 间节点 ( MN , Middle Node ) 网 关或者基础设施节点 ( Infrastructure Node) 平台, 或者设置于上述应用服务节点设备、 中 间节点网关或基础设施节点平台上 CSE ( Common Service Entity, 公共 能力组件) 的一个组成部分, 用于执行与信息聚合相关的业务逻辑流程。
参照图 1所示, 该资源聚合装置, 包括, 接收单元 11 , 用于接收聚合资源创建请求, 所述聚合资源创建请求 包括: 对聚合结果资源的请求访问权限和计算资源的标识, 以及所述计 算资源的输入资源信息和所述计算资源的输出资源信息; 获取单元 12 , 用于根据所述接收单元 11 接收的所述聚合资源创建 请求包含的所述计算资源的标识获取所述计算资源; 计算资源确定单元 1 3 , 用于根据所述获取单元 12 获取的所述计算 资源确定所述计算资源的输入资源能够根据所述计算资源的输出资源获 取; 所述获取单元 12进一步用于, 根据所述接收单元 11接收的所述聚 合资源创建请求中包含的所述计算资源的输入资源的信息获取所述输入 资源的访问权限; 权限确定单元 14 , 用于根据所述接收单元 11 接收的所述聚合资源 创建请求包含的所述请求访问权限和所述获取单元 12获取的所述输入资 源的访问权限确定所述计算资源的输出资源的访问权限; 所述权限确定单元 14还用于: 当所述计算资源的输出资源为聚合结 果资源时, 将所述计算资源的输出资源的访问权限作为所述聚合结果资 源的访问权限。 其中, 被聚合资源可以是存储在 M2M ***的服务器或者数据库中的 被聚合资源集合, 通过列表的形式为每个被聚合资源创建对应的访问权 限。 进一步可选的, 所述计算资源确定单元 1 3具体用于, 根据所述计算 资源中定义的陷门条件确定所述计算资源不满足所述陷门条件; FIG. 5 is a schematic diagram of a resource aggregation process according to an embodiment of the present invention; FIG. 6 is a schematic diagram of an application scenario of a method for controlling access rights of a resource aggregation result according to an embodiment of the present invention; FIG. FIG. 8 is a schematic diagram of a method for controlling a resource aggregation result access authority control method according to another embodiment of the present invention; FIG. 8 is a schematic diagram of an application scenario of a resource aggregation result access authority control method according to another embodiment of the present invention; FIG. 10 is a schematic flowchart of a method for controlling resource aggregation result access rights in the scenario shown in FIG. 8 according to an embodiment of the present invention; FIG. A schematic diagram of a method for controlling a resource aggregation result access control method provided by another embodiment is provided. FIG. 12 is a schematic flowchart of a method for controlling a resource aggregation result access right in the scenario shown in FIG. 11 according to an embodiment of the present invention. DETAILED DESCRIPTION OF THE INVENTION Various embodiments will now be described with reference to the drawings, in which like reference In the following description, numerous specific details are set forth However, it will be apparent that the embodiments may be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form in order to illustrate one or more embodiments. An embodiment of the present invention provides a resource aggregation apparatus, which is applied to an M2M system, where the apparatus may be an Application Sercice Node (ASN) device, an intermediate node (MN, Middle Node) gateway, or an infrastructure node in an M2M system. (Infrastructure Node) platform, or a component of CSE (Common Service Entity) installed on the application service node device, intermediate node gateway or infrastructure node platform, for performing business logic flow related to information aggregation . Referring to FIG. 1 , the resource aggregation apparatus includes: a receiving unit 11 , configured to receive an aggregate resource creation request, where the aggregate resource creation request includes: a request access right to an aggregate result resource and an identifier of a computing resource, and the The input resource information of the computing resource and the output resource information of the computing resource; the obtaining unit 12, configured to acquire the computing resource according to the identifier of the computing resource included in the aggregate resource creation request received by the receiving unit 11; The computing resource determining unit 13 is configured to determine, according to the computing resource that is obtained by the acquiring unit 12, that an input resource of the computing resource is obtained according to an output resource of the computing resource, where the acquiring unit 12 is further configured to: The information about the input resource of the computing resource included in the aggregate resource creation request received by the receiving unit 11 acquires the access authority of the input resource; the authority determining unit 14 is configured to receive according to the receiving unit 11 The request access right and the obtaining unit included in the aggregate resource creation request The obtained access authority of the input resource determines the access authority of the output resource of the computing resource; the right determining unit 14 is further configured to: when the output resource of the computing resource is an aggregated result resource, the calculating The access authority of the output resource of the resource is the access right of the aggregated result resource. The aggregated resource may be a set of aggregated resources stored in a server or a database of the M2M system, and a corresponding access right is created for each aggregated resource in the form of a list. Further, the computing resource determining unit 13 is configured to determine, according to the trapdoor condition defined in the computing resource, that the computing resource does not satisfy the trapdoor condition;
所述权限确定单元 14具体用于,确定所述计算资源的输出资源的访 问权限为所述请求访问权限和所述计算资源的输入资源的访问权限的交 集。 可选的, 所述计算资源确定单元 1 3确定所述计算资源不满足所述陷
门条件, 具体为: 所述计算资源确定单元 1 3确定所述计算资源定义的陷 门条件为假;或, 所述计算资源确定单元 1 3确定所述计算资源的输入资源 的数量小于所述陷门条件中定义的作为陷门资源的输入资源的数量。 进一步可选的, 所述计算资源确定单元 1 3 , 具体用于确定所述计算 资源满足所述计算资源定义的陷门条件, 或确定所述计算资源不包括陷 I' 1 条件;且根据所述计算资源定义的输出资源对输入资源的单向性描述确定 所述计算资源的输出资源对所述输入资源不具有单向性; 所述权限确定单元 14 , 具体用于确定所述计算资源的输出资源的访 问权限为所述接收单元 1 1接收的所述聚合资源创建请求中包含的所述请 求访问权限与所述获取单元 1 2获取的所述输入资源的访问权限的交集; 或者, 所述计算资源确定单元 1 3 , 具体用于确定所述计算资源满足所述计 算资源定义的陷门条件, 或确定所述计算资源不包括陷门条件;且根据所 述计算资源定义的对输入资源的单向性描述确定所述计算资源的输出资 源对输入资源具有陷门单向性; 所述计算资源进一步包含陷门资源的描述;所述权限确定单元 14 , 还 用于根据陷门资源的描述确定所述陷门资源的访问权限; 所述权限确定单元 14 , 具体用于确定所述计算资源的输出资源的访 问权限为在所述接收单元 1 1接收的所述聚合资源创建请求中包含的所述 请求访问权限和所述获取单元 1 2获取的所述输入资源的访问权限的并集 中排除所有所述陷门资源的访问权限与所述请求访问权限的交集。 可选的, 所述计算资源确定单元 1 3确定所述计算资源满足陷门条件 具体为: 所述计算资源确定单元 1 3 确定所述计算资源定义的陷门条件为真; 或 The authority determining unit 14 is specifically configured to determine that an access right of an output resource of the computing resource is an intersection of the request access right and an access right of an input resource of the computing resource. Optionally, the computing resource determining unit 13 determines that the computing resource does not meet the trapping The threshold condition is specifically: the computing resource determining unit 13 determines that the trapdoor condition of the computing resource definition is false; or the computing resource determining unit 13 determines that the number of input resources of the computing resource is less than the The number of input resources defined as trapdoor resources defined in the trapdoor condition. Further, the computing resource determining unit 13 is specifically configured to determine that the computing resource satisfies a trapdoor condition defined by the computing resource, or determine that the computing resource does not include a trapping I′ 1 condition; The unidirectional description of the output resource defined by the computing resource determines that the output resource of the computing resource does not have unidirectionality to the input resource; the privilege determining unit 14 is specifically configured to determine the computing resource. The access authority of the output resource is the intersection of the request access right included in the aggregate resource creation request received by the receiving unit 11 and the access authority of the input resource acquired by the obtaining unit 12; The computing resource determining unit 13 is specifically configured to determine that the computing resource satisfies a trapdoor condition defined by the computing resource, or determine that the computing resource does not include a trapdoor condition; and input the resource according to the computing resource definition The unidirectional description determines that the output resource of the computing resource has a trapdoor unidirectionality to the input resource; the computing resource further includes a trap a description of the resource; the authority determining unit 14 is further configured to determine an access right of the trapdoor resource according to the description of the trapdoor resource; the right determining unit 14 is specifically configured to determine an access of the output resource of the computing resource The rights are the sum of the request access rights included in the aggregate resource creation request received by the receiving unit 11 and the access rights of the input resources acquired by the obtaining unit 12, excluding all the trapdoors The intersection of the access rights of the resource and the requested access rights. Optionally, the computing resource determining unit 13 determines that the computing resource meets the trapdoor condition, where the computing resource determining unit 13 determines that the trapdoor condition defined by the computing resource is true; or
所述计算资源确定单元 1 3 确定所述计算资源的输入资源的数量大 于或等于所述陷门条件中定义的作为陷门资源的输入资源的数量。
可选的, 所述陷门资源描述包含陷门资源标识; 所述权限确定单元 14根据陷门资源的描述确定所述陷门资源的访问 权限具体为: 所述权限确定单元 14根据陷门资源标识获取所述陷门资源 的访问权限。 进一步的,当聚合资源创建请求中包含的所述计算资源的标识为至少 两个时, 所述计算资源输入资源包括被聚合资源和 /或其它计算资源的输 出资源; 当所述计算资源输入资源为被聚合资源时, 所述获取单元 12根据所 述接收单元 11接收的所述聚合资源创建请求中包含的所述计算资源的输 入资源信息获取所述输入资源的访问权限具体为: 所述获取单元 12根据 所述接收单元 1 1接收的所述聚合资源创建请求中包含的被聚合资源信息 获取被聚合资源的访问权限作为所述计算资源的输入资源的访问权限; 所述计算资源输入资源为其它计算资源的输出资源时, 所述获取单 元 12根据所述接收单元 11接收的所述聚合资源创建请求中包含的所述 计算资源的输入资源的信息获取所述输入资源的访问权限具体为: 所述 获取单元 12根据所述接收单元 11接收的所述聚合资源创建请求中包含 的其它计算资源的输出资源信息获取所述其它计算资源的输出资源的访 问权限作为所述计算资源的输入资源的访问权限。 本发明的实施例提供一种资源聚合装置, 能够根据对聚合结果资源 的请求访问权限和计算资源的输入资源的访问权限确定所述计算资源的 输出资源的访问权限,并将所述计算资源的输出资源的访问权限作为所 述聚合结果资源的访问权限。 从而使得聚合结果资源的访问权限能够避 免通过反推暴露输入资源, 从而提高输入资源的信息安全性。 进一步的, 当输入资源为被聚合资源时, 则提高了被聚合资源的安全性。 The computing resource determining unit 13 determines that the number of input resources of the computing resource is greater than or equal to the number of input resources defined as the trapdoor resource in the trapdoor condition. Optionally, the trapdoor resource description includes a trapdoor resource identifier; the right determining unit 14 determines, according to the description of the trapdoor resource, the access right of the trapdoor resource, specifically: the permission determining unit 14 according to the trapdoor resource Identifying access rights to the trapdoor resource. Further, when the identifier of the computing resource included in the aggregate resource creation request is at least two, the computing resource input resource includes an output resource of the aggregated resource and/or other computing resource; when the computing resource inputs the resource When the resource is aggregated, the obtaining unit 12 obtains the access authority of the input resource according to the input resource information of the computing resource included in the aggregate resource creation request received by the receiving unit 11 as follows: The unit 12 obtains the access authority of the aggregated resource as the access authority of the input resource of the computing resource according to the aggregated resource information included in the aggregated resource creation request received by the receiving unit 11. The computing resource input resource is When the output resource of the computing resource is calculated, the acquiring unit 12 obtains the access authority of the input resource according to the information about the input resource of the computing resource included in the aggregated resource creation request received by the receiving unit 11 as follows: The obtaining unit 12 is created according to the aggregate resource received by the receiving unit 11 The output resource information of the other computing resources included in the request acquires the access authority of the output resource of the other computing resource as the access authority of the input resource of the computing resource. An embodiment of the present invention provides a resource aggregation apparatus, which is capable of determining an access right of an output resource of the computing resource according to a request access right of an aggregation result resource and an access authority of an input resource of a computing resource, and the computing resource is The access rights of the output resource are the access rights of the aggregated result resource. Therefore, the access permission of the aggregated result resource can avoid the input resource being exposed by the reverse push, thereby improving the information security of the input resource. Further, when the input resource is an aggregated resource, the security of the aggregated resource is improved.
参照图 2所示, 本发明的实施例提供一种资源聚合装置, 包括: 处 理器 21 , 存储器 22 , 通信接口 23及总线 24 , 所述处理器 21、 所述存储 器 22及所述通信接口 23通过所述总线 24相互连接并完成相互间的通信; 该总线 24可以是 I SA ( Indus t ry S t anda rd Ar ch i t ec ture , 工业标 准体系结构) 总线、 PC I ( Per i phera l Component , 外部设备互连) 总线
或 EISA ( Extended Indus try Standard Architecture, 扩展工业标准体 系结构) 总线等。 该总线可以分为地址总线、 数据总线、 控制总线等。 为便于表示, 图 2 中仅用一条粗线表示, 但并不表示仅有一根总线或一 种类型的总线。 其中: Referring to FIG. 2, an embodiment of the present invention provides a resource aggregation apparatus, including: a processor 21, a memory 22, a communication interface 23, and a bus 24. The processor 21, the memory 22, and the communication interface 23 The bus 24 is connected to each other and completes communication with each other; the bus 24 can be an I SA (Industry System) bus, PC I (Per i phera l Component) , external device interconnection) bus Or EISA (Extended Indus try Standard Architecture) bus. The bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 2, but it does not mean that there is only one bus or one type of bus. among them:
存储器 22用于存储可执行程序代码,该程序代码包括计算机操作指 令。 存储器 22可能包含高速 RAM存储器, 也可能还包括非易失性存储器 ( non-volat i le memory ) , 例如至少一个磁盘存储器。 处理器 21 可能是一个中央处理器 (Central Processing Unit, 简 称为 CPU ) , 或者是特定集成电路 ( Application Specific Integrated Circuit, 简称为 ASIC) , 或者是被配置成实施本发明实施例的一个或多 个集成电路。 所述通信接口 23, 用于接收聚合资源创建请求, 所述聚合资源创建 请求包括: 对聚合结果资源的请求访问权限和计算资源的标识, 以及所 述计算资源的输入资源信 , 和所述计算资源的输出资源信息; 所述处理器 21, 用于根据所述通信接口 23接收的所述聚合资源创 建请求包含的所述计算资源的标识获取所述计算资源, 并根据所述计算 资源确定所述计算资源的输入资源能够根据所述计算资源的输出资源获 取;根据所述通信接口 23 接收的所述聚合资源创建请求包含的所述计算 资源的输入资源的信息获取所述输入资源的访问权限; 根据所述通信接 口 23接收的所述聚合资源创建请求包含的请求访问权限和所述输入资源 的访问权限确定所述计算资源的输出资源的访问权限; 当所述计算资源 的输出资源为聚合结果资源时, 将所述计算资源的输出资源的访问权限 作为所述聚合结果资源的访问权限。 进一步可选的, 所述处理器 21根据所述计算资源确定所述计算资源 的输入资源能够根据所述计算资源的输出资源获取具体为:所述处理器 21 根据所述计算资源中定义的陷门条件确定所述计算资源不满足所述陷门 条件; The memory 22 is for storing executable program code including computer operating instructions. Memory 22 may include high speed RAM memory and may also include non-volatile memory, such as at least one disk memory. The processor 21 may be a central processing unit (CPU), or an application specific integrated circuit (ASIC), or one or more configured to implement the embodiments of the present invention. integrated circuit. The communication interface 23 is configured to receive an aggregate resource creation request, where the aggregate resource creation request includes: a request access right for the aggregation result resource and an identifier of the computing resource, and an input resource letter of the computing resource, and the calculating Outputting resource information of the resource; the processor 21, configured to acquire the computing resource according to the identifier of the computing resource included in the aggregate resource creation request received by the communication interface 23, and determine, according to the computing resource The input resource of the computing resource can be obtained according to the output resource of the computing resource; and the accessing authority of the input resource is obtained according to the information of the input resource of the computing resource included in the aggregated resource creation request received by the communication interface 23 And determining, according to the request access right included in the aggregate resource creation request received by the communication interface 23, the access authority of the input resource, the access authority of the output resource of the computing resource; when the output resource of the computing resource is an aggregate When the resource is the result, the output resource of the computing resource is Access rights Access rights to the aggregated result resource. Further, the processor 21 is configured to determine, according to the computing resource, that the input resource of the computing resource is obtainable according to the output resource of the computing resource, where the processor 21 is configured according to the computing resource. The gate condition determines that the computing resource does not satisfy the trapdoor condition;
所述处理器 21根据所述通信接口 23接收的所述聚合资源创建请求 包含的所述请求访问权限和所述输入资源的访问权限确定所述计算资源 的输出资源的访问权限具体为: 所述处理器 21确定所述计算资源的输出
资源的访问权限为所述请求访问权限和所述计算资源的输入资源的访问 权限的交集。 可选的, 所述处理器 21确定所述计算资源不满足所述陷门条件具体 为: 所述处理器 21确定所述计算资源定义的陷门条件为假;或 所述处理器 21 确定所述计算资源的输入资源的数量小于所述陷门 条件中定义的作为陷门资源的输入资源的数量。 进一步可选的, 所述处理器 21根据所述计算资源确定所述计算资源 的输入资源能够根据所述计算资源的输出资源获取具体为:所述处理器 21 确定所述计算资源满足所述计算资源定义的陷门条件, 或确定所述计算资 源不包括陷门条件;且根据所述计算资源定义的输出资源对输入资源的单 向性描述确定所述计算资源的输出资源对所述输入资源不具有单向性; 且 所述处理器 21根据所述通信接口 2 3接收的所述聚合资源创建请求包含的 所述请求访问权限和所述输入资源的访问权限确定所述计算资源的输出 资源的访问权限具体为: 所述处理器 21 确定所述计算资源的输出资源的 访问权限为所述通信接口 2 3接收的所述聚合资源创建请求包含的所述请 求访问权限与所述输入资源的访问权限的交集; 或, 所述处理器 21根据所述计算资源确定所述计算资源的输入资源能够 根据所述计算资源的输出资源获取具体为: 所述处理器 2 1 确定所述计算 资源满足所述计算资源定义的陷门条件, 或确定所述计算资源不包括陷 I' 1 条件;且根据所述计算资源定义的对输入资源的单向性描述确定所述计算 资源的输出资源对输入资源具有陷门单向性; 且所述计算资源进一步包含陷门资源的描述; 所述处理器 21还用于 根据陷门资源的描述确定所述陷门资源的访问权限; 且所述处理器 2 1根据所述通信接口 2 3接收的所述聚合资源创建请求 包含的所述请求访问权限和所述输入资源的访问权限确定所述计算资源 的输出资源的访问权限具体为: 所述处理器 2 1 确定所述计算资源的输出 资源的访问权限为在所述通信接口 2 3接收的所述聚合资源创建请求包含
的所述请求访问权限和所述输入资源的访问权限的并集中排除所有所述 陷门资源的访问权限与所述请求访问权限的交集。 可选的, 所述处理器 2 1确定所述计算资源满足陷门条件具体为: 所述处理器 21确定所述计算资源定义的陷门条件为真;或 所述处理器 21确定所述计算资源的输入资源的数量大于或等于所述 陷门条件中定义的作为陷门资源的输入资源的数量。 可选的, 所述陷门资源描述包含陷门资源标识; 所述处理器 21根据 陷门资源的描述确定所述陷门资源的访问权限具体为: 所述处理器 21 根 据陷门资源标识获取所述陷门资源的访问权限。 进一步的,当聚合资源创建请求中包含的所述计算资源的标识为至少 两个时, 所述计算资源输入资源包括被聚合资源和 /或其它计算资源的输 出资源; 当所述计算资源输入资源为被聚合资源时, 所述处理器 2 1根据所述 通信接口 2 3接收的所述聚合资源创建请求中包含的所述计算资源的输入 资源的信息获取所述输入资源的访问权限具体为: 所述处理器 21 根据所 述通信接口 2 3接收的所述聚合资源创建请求中包含的被聚合资源信息获 取被聚合资源的访问权限作为所述计算资源的输入资源的访问权限; 所述计算资源输入资源为其它计算资源的输出资源时, 所述处理器 2 1根据所述通信接口 2 3接收的所述聚合资源创建请求中包含的所述计算 资源的输入资源的信息获取所述输入资源的访问权限具体为: 所述处理 器 21根据所述通信接口 2 3接收的所述聚合资源创建请求中包含的其它 计算资源的输出资源信息获取所述其它计算资源的输出资源的访问权限 作为所述计算资源的输入资源的访问权限。 本发明的实施例提供一种资源聚合装置, 能够根据对聚合结果资源 的请求访问权限和计算资源的输入资源的访问权限确定所述计算资源的 输出资源的访问权限,并将所述计算资源的输出资源的访问权限作为所 述聚合结果资源的访问权限。 从而使得聚合结果资源的访问权限能够避 免通过反推暴露输入资源, 从而提高输入资源的信息安全性。 进一步的,
当输入资源为被聚合资源时, 则提高了被聚合资源的安全性。 参照图 3所示, 本发明的实施例提供一种资源聚合结果访问权限的 控制方法, 通过上述的资源聚合装置实现, 具体包括以下步骤: The processor 21 determines, according to the request access right that is included in the aggregate resource creation request that is received by the communication interface 23, and the access authority of the input resource, that the access authority of the output resource of the computing resource is: The processor 21 determines an output of the computing resource The access rights of the resources are the intersection of the request access rights and the access rights of the input resources of the computing resources. Optionally, the determining, by the processor 21, that the computing resource does not satisfy the trapdoor condition is: the processor 21 determines that the trapdoor condition of the computing resource definition is false; or the processor 21 determines The number of input resources of the computing resource is less than the number of input resources defined as the trapdoor resource in the trapdoor condition. Further, the processor 21 determines, according to the computing resource, that the input resource of the computing resource is obtainable according to the output resource of the computing resource, where the processor 21 determines that the computing resource meets the calculation Determining a trapdoor condition of the resource, or determining that the computing resource does not include a trapdoor condition; and determining, according to the unidirectional description of the input resource by the output resource defined by the computing resource, the output resource of the computing resource to the input resource The processor 21 determines the output resource of the computing resource according to the request access right included in the aggregate resource creation request received by the communication interface 23 and the access authority of the input resource. The access authority is specifically: the processor 21 determines that the access authority of the output resource of the computing resource is the requested access right and the input resource included in the aggregate resource creation request received by the communication interface 23 An intersection of access rights; or, the processor 21 determines, according to the computing resource, an input resource of the computing resource The obtaining of the output resource according to the computing resource is specifically: the processor 2 1 determines that the computing resource satisfies a trapdoor condition defined by the computing resource, or determines that the computing resource does not include a trapping I′ 1 condition; The unidirectional description of the input resource defined by the computing resource determines that the output resource of the computing resource has a trapdoor unidirectionality to the input resource; and the computing resource further includes a description of the trapdoor resource; And determining, according to the description of the trapdoor resource, the access authority of the trapdoor resource; and the processor 21 according to the aggregated resource creation request received by the communication interface 23 The access authority of the input resource determines that the access authority of the output resource of the computing resource is: the processor 2 1 determines that the access authority of the output resource of the computing resource is the aggregation received at the communication interface 23 Resource creation request contains The combination of the request access right and the access authority of the input resource excludes the intersection of the access rights of all the trapdoor resources and the request access rights. Optionally, the determining, by the processor 21, that the computing resource meets the trapdoor condition is: the processor 21 determines that the trapdoor condition defined by the computing resource is true; or the processor 21 determines the calculating The number of input resources of the resource is greater than or equal to the number of input resources defined as the trapdoor resource in the trapdoor condition. Optionally, the trapdoor resource description includes a trapdoor resource identifier; the processor 21 determines, according to the description of the trapdoor resource, the access permission of the trapdoor resource, that is, the processor 21 obtains according to the trapdoor resource identifier. The access rights of the trapdoor resource. Further, when the identifier of the computing resource included in the aggregate resource creation request is at least two, the computing resource input resource includes an output resource of the aggregated resource and/or other computing resource; when the computing resource inputs the resource When the resource is aggregated, the processor 21 obtains the access authority of the input resource according to the information about the input resource of the computing resource included in the aggregate resource creation request received by the communication interface 23, which is specifically: The processor 21 acquires access rights of the aggregated resource as access rights of the input resource of the computing resource according to the aggregated resource information included in the aggregated resource creation request received by the communication interface 23; the computing resource When the input resource is an output resource of another computing resource, the processor 21 acquires the input resource according to the information of the input resource of the computing resource included in the aggregate resource creation request received by the communication interface 23 The access authority is specifically: the processor 21 creates the aggregated resource according to the communication interface 23 The output resource information of the other computing resources included in the request acquires the access authority of the output resource of the other computing resource as the access authority of the input resource of the computing resource. An embodiment of the present invention provides a resource aggregation apparatus, which is capable of determining an access right of an output resource of the computing resource according to a request access right of an aggregation result resource and an access authority of an input resource of a computing resource, and the computing resource is The access rights of the output resource are the access rights of the aggregated result resource. Therefore, the access permission of the aggregated result resource can avoid the input resource being exposed by the reverse push, thereby improving the information security of the input resource. further, When the input resource is an aggregated resource, the security of the aggregated resource is improved. Referring to FIG. 3, an embodiment of the present invention provides a method for controlling access rights of a resource aggregation result, which is implemented by the foregoing resource aggregation apparatus, and specifically includes the following steps:
1 01、 资源聚合装置接收聚合资源创建请求。 所述聚合资源创建请求包括: 对聚合结果资源的请求访问权限、 计 算资源的标识, 以及所述计算资源的输入资源信 ,包、和所述计算资源的输 出资源信息。 所述计算资源的标识用于在 M2M ***的计算资源集合中获 取相应的计算资源, 被聚合资源用作计算资源的输入资源, 所述计算资 源的输出资源可用作聚合结果资源。 当聚合资源创建请求中包含的所述计算资源的标识为至少两个时, 所述聚合资源创建请求包括的所述计算资源的输入资源具体为: 被聚合 资源和 /或其它计算资源的输出资源; 其中所述计算资源的输出资源可以 用作其他计算资源的输入资源或聚合结果资源; 该聚合资源创建请求可 以来自 M2M***中与资源聚合装置连接的应用。 1 01. The resource aggregation device receives an aggregate resource creation request. The aggregate resource creation request includes: a request access right to the aggregate result resource, an identifier of the calculation resource, and an input resource letter, a package, and an output resource information of the computing resource. The identifier of the computing resource is used to obtain a corresponding computing resource in the computing resource set of the M2M system, where the aggregated resource is used as an input resource of the computing resource, and the output resource of the computing resource is used as an aggregation result resource. When the identifier of the computing resource included in the aggregate resource creation request is at least two, the input resource of the computing resource included in the aggregate resource creation request is specifically: an output resource of the aggregated resource and/or other computing resource The output resource of the computing resource may be used as an input resource or an aggregate result resource of other computing resources; the aggregate resource creation request may be from an application connected to the resource aggregation device in the M2M system.
1 02、 资源聚合装置根据所述计算资源的标识获取所述计算资源, 并 根据所述计算资源确定所述计算资源的输入资源能够根据所述计算资源 的输出资源获取。 The resource aggregation device obtains the computing resource according to the identifier of the computing resource, and determines, according to the computing resource, that the input resource of the computing resource can be obtained according to the output resource of the computing resource.
1 0 3、资源聚合装置根据所述计算资源的输入资源的信息获取所述输 入资源的访问权限。 The resource aggregation device acquires the access authority of the input resource according to the information of the input resource of the computing resource.
具体的, 计算资源的输入资源可以是被聚合资源, 也可以是其它的 计算资源的输出资源。 值得说明的是, 步骤 1 02和 1 03之间并没有严格的先后顺序。 Specifically, the input resource of the computing resource may be an aggregated resource, or may be an output resource of other computing resources. It is worth noting that there is no strict sequence between steps 1 02 and 03.
1 04、资源聚合装置根据所述请求访问权限和所述输入资源的访问权 限确定所述计算资源的输出资源的访问权限。 The resource aggregation device determines the access authority of the output resource of the computing resource according to the request access right and the access right of the input resource.
1 05、 当所述计算资源的输出资源为聚合结果资源时, 资源聚合装置 将所述计算资源的输出资源的访问权限作为所述聚合结果资源的访问权 限。 When the output resource of the computing resource is an aggregation result resource, the resource aggregation device uses the access authority of the output resource of the computing resource as the access permission of the aggregation result resource.
其中, 若步骤 1 04 中的计算资源为聚合方式中输出聚合结果资源的 计算资源, 则该计算资源输出的输出资源的访问权限为聚合结果资源的
访问权限.聚合装置将该聚合结果资源的访问权限以响应消,包、的形式反 馈给 M2M ***中连接的应用, 以便应用在该聚合结果资源的访问权限下 对聚合级果资源进行访问。 本发明的实施例提供的资源聚合结果访问权限的控制方法, 能够根 据聚合结果资源的请求访问权限以及各输入资源 (包含了被聚合资源) 的访问权限确定的计算资源的输出资源的访问权限, 并根据计算资源的 输出资源的访问权限计算生成聚合结果资源的访问权限。 从而能够避免 通过聚合结果资源获取输入资源 (所述输入资源包含被取聚合资源) , 从而提高被聚合资源的信息安全性。 参照图 4所示, 本发明的实施例提供一种资源聚合结果访问权限的 控制方法包括以下流程: If the computing resource in step 104 is the computing resource that outputs the aggregation result resource in the aggregation mode, the access permission of the output resource output by the computing resource is the aggregation result resource. Access rights. The aggregation device feeds the access rights of the aggregated result resource to the connected application in the M2M system in response to the packet, in the form of a packet, so that the application accesses the aggregated level resource under the access authority of the aggregated result resource. The method for controlling the access rights of the resource aggregation result provided by the embodiment of the present invention is capable of accessing the output resource of the computing resource determined according to the request access right of the aggregation result resource and the access authority of each input resource (including the aggregated resource). And calculating the access permission of the aggregation result resource according to the access permission of the output resource of the computing resource. Therefore, it is possible to avoid obtaining an input resource by using the aggregation result resource (the input resource includes the taken aggregate resource), thereby improving information security of the aggregated resource. Referring to FIG. 4, an embodiment of the present invention provides a method for controlling access rights of a resource aggregation result, including the following process:
2 0 1、 资源聚合装置接收聚合资源创建请求。 所述聚合资源创建请求包括: 对聚合结果资源的请求访问权限 Q、 计算资源的标识, 所述计算资源的输入资源信息和输出资源信息; 其中, 至少一个计算资源及计算资源的输入资源信息和输出资源信息构成聚合 方式; 而输入资源的信息中可以是被聚合资源的信息, 如被聚合资源的 标识, URL等,也可以是其它计算资源的输出资源的信息。需要说明的是, 当输入资源为其他计算资源的输出资源时, 则该其他计算资源的输入资 源信息即所述计算资源的输入资源信息, 因此可以认为聚合资源创建请 求仅包含计算资源的输入资源信息; 一种可选的情况是聚合资源创建请 求还包含输出资源信息; 该聚合资源创建请求可以来自 M2M ***中与资 源聚合装置连接的应用。 可选的, 聚合方式中可以包含至少两个计算资源, 其中每个计算资 源包含各自的输入资源信息以及输出资源信息。 其中, 计算资源的输入 资源可以是被聚合资源和 /或其它计算资源的输出资源;计算资源的输出 资源可以作为其它计算资源的输入资源或聚合结果资源。 如图 5 所示, 计算资源 E定义了被聚合资源 A和 B作为计算资源 E的输入资源, 以及 定义了计算资源 E的输出资源作为计算资源 H的输入资源;以及被聚合资 源 C作为计算资源 F的输入资源, 且计算资源 F的输出资源作为计算资 源 H的输入资源。 而计算资源 H的输出资源作为计算聚合结果资源。 如
果聚合方式只有一个计算资源, 则所有的被聚合资源即是该计算资源的 输入资源, 该计算资源的输出资源即是聚合结果资源。 因此, 当聚合资源创建请求中包含的所述计算资源的标识为至少两 个时, 所述聚合资源创建请求包括的所述计算资源的输入资源信 ,包、和输 出资源信息具体为: 所述各个计算资源的输入资源信 ,、和输出资源信息。 2 0 1. The resource aggregation device receives the aggregate resource creation request. The aggregation resource creation request includes: a request access right Q for the aggregation result resource, an identifier of the calculation resource, input resource information and output resource information of the calculation resource; wherein, at least one calculation resource and input resource information of the calculation resource The output resource information constitutes an aggregation mode; and the information of the input resource may be information of the aggregated resource, such as an identifier of the aggregated resource, a URL, or the like, and may also be information of an output resource of other computing resources. It should be noted that, when the input resource is an output resource of another computing resource, the input resource information of the other computing resource is the input resource information of the computing resource, and thus the aggregate resource creation request may be considered to include only the input resource of the computing resource. Information; An optional case is that the aggregate resource creation request further includes output resource information; the aggregate resource creation request may be from an application connected to the resource aggregation device in the M2M system. Optionally, at least two computing resources may be included in the aggregation mode, where each computing resource includes respective input resource information and output resource information. The input resource of the computing resource may be an output resource of the aggregated resource and/or other computing resources; the output resource of the computing resource may be used as an input resource or an aggregated result resource of other computing resources. As shown in FIG. 5, the computing resource E defines the input resources of the aggregated resources A and B as the computing resource E, and the output resource that defines the computing resource E as the input resource of the computing resource H; and the aggregated resource C as the computing resource. The input resource of F, and the output resource of the computing resource F is used as an input resource of the computing resource H. The output resource of the computing resource H is used as a computing aggregate result resource. Such as If the aggregation mode has only one computing resource, all the aggregated resources are the input resources of the computing resource, and the output resource of the computing resource is the aggregation result resource. Therefore, when the identifier of the computing resource included in the aggregate resource creation request is at least two, the input resource information, the packet, and the output resource information of the computing resource included in the aggregate resource creation request are specifically: Input resource information, and output resource information of each computing resource.
202、 确定一个计算资源是否满足陷门条件。 具体的, 所述计算资源中定义了陷门条件。 作为一种可选方式, 在 执行步骤 202 之前, 资源聚合装置确定该计算资源是否包括陷门条件。 如果包括陷门条件, 则执行步骤 2 02 , 否则, 直接执行步骤 2 05。 具体的, 在步骤 202 中, 资源聚合装置确定该计算资源满足陷门条 件, 继续执行步骤 2 05 ;否则, 执行步骤 203。 其中计算资源满足陷门条 件表示计算资源定义的陷门条件为真, 或者计算资源的输入资源的数量 大于或等于所述陷门条件中定义的作为陷门资源的输入资源的数量。 计 算资源不满足陷门条件表示计算资源定义的陷门条件为假;或, 计算资源 的输入资源的数量小于所述陷门条件中定义的作为陷门资源的输入资源 的数量。 202. Determine whether a computing resource satisfies a trapdoor condition. Specifically, a trapdoor condition is defined in the computing resource. As an alternative, before performing step 202, the resource aggregation device determines whether the computing resource includes a trapdoor condition. If the trapdoor condition is included, go to step 2 02, otherwise, go directly to step 2 05. Specifically, in step 202, the resource aggregation device determines that the computing resource meets the trapping condition, and continues to perform step 205; otherwise, performs step 203. Wherein the computing resource satisfies the trapdoor condition indicating that the trapdoor condition of the computing resource definition is true, or the number of input resources of the computing resource is greater than or equal to the number of input resources defined as the trapdoor resource in the trapdoor condition. Calculating the resource does not satisfy the trapdoor condition indicates that the trapdoor condition of the computing resource definition is false; or, the number of input resources of the computing resource is less than the number of input resources defined as the trapdoor resource in the trapdoor condition.
其中, 上述的陷门条件的真( t ure )或假( f a l s e )为用于判断陷门 条件是否成立的布尔 (boo l ) 类型, 其中陷们条件为真表示陷门条件成 立即计算资源满足陷门条件, 陷们条件为假则表示陷门条件不成立即计 算资源不满足陷门条件; 可以理解的是将真或假采用其他的表述方式也 应该属于本申请的保护范围, 例如: 正确或错误、 对或错、 是或否等这 里不再——列举。 其中在步骤 202 中还给出了两种判断计算资源是否满 足陷门条件的具体方式即: 计算资源的输入资源的数量大于或等于所述 陷门条件中定义的作为陷门资源的输入资源的数量, 或者计算资源的输 入资源的数量小于所述陷门条件中定义的作为陷门资源的输入资源的数 量。 Wherein, the true (t ure ) or false ( false ) of the trapdoor condition is a boolean type (boo l ) for determining whether the trapdoor condition is true, wherein the trap condition is true to indicate that the trapdoor condition is satisfied that the immediate computing resource is satisfied. In the trapping condition, if the condition is false, it means that the trapping condition is not immediately calculated. The resource does not satisfy the trapping condition; it can be understood that the use of other expressions of true or false should also belong to the scope of protection of this application, for example: correct or Errors, right or wrong, yes or no, etc. are no longer here - enumeration. In the step 202, two specific manners for judging whether the computing resource satisfies the trapdoor condition are also given: the quantity of the input resource of the computing resource is greater than or equal to the input resource defined as the trapdoor resource in the trapdoor condition. The quantity, or the number of input resources of the computing resource, is less than the number of input resources defined as the trapdoor resource in the trapdoor condition.
其中, 计算资源的输出资源具有访问权限, 计算资源在初始状态以 步骤 201 中接收的请求访问权限作为访问权限; 初始状态指这个计算资 源还没有经过后面的流程的处理; 此时所有的输入资源的访问权限都已 经可以确定, 如果计算资源的输入资源是被聚合资源本身, 则访问权限
是可以从***服务器或者数据库获取的; 如果计算资源的输入资源是其 他计算资源的输出资源, 这说明其他计算资源已经经过了后面的流程处 理, 因此这个计算资源的输入资源的访问权限也是可以确定的。 例如在 图 5所示例子中, 由于计算资源 E、 F、 H 中各个计算资源的输入资源和 输出资源已经确定, 因此每个计算资源均包括两个输入资源, 而计算资 源的输出资源的访问权限的确定过程以每个计算资源为单位, 对于每一 个计算资源, 初始状态均以请求访问权限作为输出资源的访问权限 T=Q , 再根据计算资源的每一个输入资源的访问权限和该计算资源的输出资源 对输入资源的单向性进行更新具体参照后续步骤。 The output resource of the computing resource has access rights, and the computing resource in the initial state receives the request access right received in step 201 as an access right; the initial state means that the computing resource has not been processed by the following process; all the input resources at this time Access rights can be determined, if the input resource of the computing resource is the aggregated resource itself, then the access rights It can be obtained from the system server or database; if the input resource of the computing resource is the output resource of other computing resources, this indicates that other computing resources have been processed by the following processes, so the access rights of the input resources of the computing resource can also be determined. of. For example, in the example shown in FIG. 5, since the input resources and output resources of each computing resource in the computing resources E, F, and H have been determined, each computing resource includes two input resources, and the access resources of the computing resources are accessed. The process of determining the rights is in units of each computing resource. For each computing resource, the initial state uses the access permission as the access permission T=Q of the output resource, and then according to the access authority of each input resource of the computing resource and the calculation. The output resource of the resource updates the unidirectionality of the input resource with specific reference to the subsequent steps.
203、资源聚合装置根据所述计算资源的输入资源信息获取作为该计 算资源的输入资源的访问权限, 然后执行步骤 204。 203. The resource aggregation device acquires access rights of the input resource that is the computing resource according to the input resource information of the computing resource, and then performs step 204.
计算资源的输入资源可能是被聚合资源, 也可能是其他计算资源的 输出资源。 具体的, 当计算资源的输入资源为被聚合资源时 (输入资源信息为 被聚合资源信息, 以被聚合资源的标识用作输入资源信息为例) , 步骤 203中, 资源聚合装置获取输入资源的访问权限具体为: 根据所述被聚合 资源的标识获取被聚合资源的访问权限。 作为一种可选的方式, 资源聚 合装置根据被聚合资源标识 (如 UR I ) 向被聚合资源发送权限获取请求, 以获取被聚合资源中包含对该被聚合资源访问权限的描述。 所述访问权 限的描述可能是访问权限资源的标识。 资源聚合装置进一步根据访问权 限资源示识获取被聚合资源的访问权限。 当输入资源是其他计算资源的输出资源 (输入资源信息为其他计算 资源的输出资源信息) , 步骤 203 中, 资源聚合装置获取输入资源的访 问权限具体为: 根据其他计算资源的输出资源信息获取作为该计算资源 的输入资源的其它计算资源的输出资源的访问权限。 具体的该其他计算 资源的输出资源的访问权限的确定过程参照该实施例步骤 204 之后提供 的计算资源的输出资源的访问权限的获取方法。 The input resource of a computing resource may be an aggregated resource or an output resource of other computing resources. Specifically, when the input resource of the computing resource is the aggregated resource (the input resource information is the aggregated resource information, and the identifier of the aggregated resource is used as the input resource information as an example), in step 203, the resource aggregation device acquires the input resource. The access permission is specifically: obtaining the access permission of the aggregated resource according to the identifier of the aggregated resource. As an optional manner, the resource aggregation device sends a permission acquisition request to the aggregated resource according to the aggregated resource identifier (such as UR I ) to obtain a description of the aggregated resource including the access right of the aggregated resource. The description of the access rights may be the identity of the access rights resource. The resource aggregation device further acquires access rights of the aggregated resource according to the access rights resource identification. When the input resource is the output resource of the other computing resource (the input resource information is the output resource information of the other computing resource), in step 203, the accessing authority of the resource aggregation device to obtain the input resource is specifically: acquiring the output resource information according to other computing resources The access authority of the output resource of the other computing resource of the input resource of the computing resource. Specifically, the process of determining the access rights of the output resources of the other computing resources refers to the obtaining method of the access rights of the output resources of the computing resources provided after the step 204 of the embodiment.
聚合资源的创建请求中包含了计算资源的标识 (如 UR I ) , 以及各 个计算资源的输入资源信息和输出资源信息。 并通过 xm l 或者其他方式 在聚合方式中描述各个计算资源的关系, 这里具体指计算资源的输入资
源信息和输出资源信息。 资源聚合装置通过计算资源标识如 UR I 获取计 算资源, 其中, 计算资源可以存储在 M2M ***的服务器或者数据库中。 资源聚合装置获取计算资源的方法属于现有技术, 本发明实施例不作详 述。 The creation request of the aggregated resource includes an identifier of the computing resource (such as UR I ), and input resource information and output resource information of each computing resource. And describe the relationship of each computing resource in the aggregation mode by using xm l or other means, where the specific input resource of the computing resource is specifically referred to herein. Source information and output resource information. The resource aggregation device obtains the computing resource by calculating the resource identifier such as UR I, wherein the computing resource may be stored in a server or a database of the M2M system. The method for obtaining the computing resource by the resource aggregation device belongs to the prior art, and is not described in detail in the embodiment of the present invention.
204、根据该计算资源的输入资源的访问权限和请求访问权限确定所 述计算资源的输出资源的访问权限, 然后执行步骤 212 ; 具体的, 该计算资源的输出资源的访问权限为请求问访问权限 Q和 所述计算资源的所有输入资源的访问权限的交集; 该计算资源的所有输 入资源可以全部为被聚合资源, 或者包括被聚合资源和其它计算资源的 输出资源。 具体的, 确定输入资源的访问权限的过程根据输入资源的类 型不同而不同, 在步骤 203 中已将详述这里不再赘述, 在步骤 203 中已 获取了该步骤计算资源的所有输入资源的访问权限, 比如为第一个输入 资源的访问权限为 S 1 , 第二个输入资源的访问权限为 S2 , 第三个输入资 源的访问权限为 S 3……。 根据所有的输入资源更新后的该计算资源的输 出资源的访问权限为 T=Q n si n S2 n S 3……。 204. Determine an access right of the output resource of the computing resource according to the access permission of the input resource of the computing resource and the requesting access right, and then perform step 212. Specifically, the access permission of the output resource of the computing resource is a requesting access right. An intersection of Q and access rights of all input resources of the computing resource; all input resources of the computing resource may all be aggregated resources, or output resources including aggregated resources and other computing resources. Specifically, the process of determining the access authority of the input resource is different according to the type of the input resource, and details are not described herein again in step 203. In step 203, access to all input resources of the computing resource of the step is obtained. Permissions, for example, the access permission for the first input resource is S 1 , the access permission for the second input resource is S2, and the access permission for the third input resource is S 3 . The access rights of the output resources of the computing resource updated according to all the input resources are T=Q n si n S2 n S 3 .
205、根据计算资源定义的输出资源对输入资源的单向性描述判断所 述计算资源的输出资源对所述输入资源是否具有单向性, 如果计算资源 的输出资源对所述输入资源具有单向性则通过步骤 205a获取单向性的类 型, 其中, 如果该计算资源的输出资源对所述输入资源具有完全单向性, 执行步骤 208;如果该计算资源的输出资源对所述输入资源具有陷门单向 性, 执行步骤 209后再执行步骤 21 0;计算资源的输出资源对所述输入资 源不具有单向性, 执行步骤 206后再执行步骤 207 ; 其中所述计算资源中 包括所述计算资源的输出资源对输入资源的单向性描述。 以上实施例中, 计算资源包含输入资源描述、 输出资源描述、 计算 过程描述以及所述计算资源的输出资源对输入资源的单向性描述; 输入 资源描述用来描述作为计算资源的输入资源的元数据; 计算资源的输出 资源对输入资源的单向性描述包括该计算资源的输出资源对该输入资源 是否具有单向性, 以及属于完全单向性还是陷门单向性的描述。 输入资 源的元数包含输入资源的资源类型、 数据结构和 /或资源部署等; 输出资 源描述用来描述输出资源的元数据; 计算过程描述指计算资源中定义的 计算过程的描述。
其中, 计算资源的输出资源对输入资源的单向性包括完全单向性或 者陷门单向性。 完全单向性表示不能根据计算资源的输出资源推算出该 计算资源的输入资源, 当计算资源具有完全单向性时, 该计算资源不包 括陷门资源。 陷门单向性表示可以根据输出资源和其他特定资源 (该特 定资源为计算资源的输入资源) 推算出输入资源, 因此, 可以使用该输 出资源和其他特定资源推算出输入资源的资源被称为陷门资源。 因此当 计算资源具有陷门单向' f生时, 该计算资源还需要定义陷 I' 1资源。 205. Determine, according to a unidirectional description of the input resource by the output resource defined by the computing resource, whether the output resource of the computing resource has unidirectionality to the input resource, and if the output resource of the computing resource has a unidirectional to the input resource. And obtaining a unidirectional type by using the step 205a, wherein if the output resource of the computing resource has complete unidirectionality to the input resource, performing step 208; if the output resource of the computing resource has a trap for the input resource After the step 209 is performed, the step 209 is performed; the output resource of the computing resource is not unidirectional to the input resource, and the step 206 is performed after the step 206 is performed; wherein the computing resource includes the calculating A unidirectional description of the input resource of the resource's output resource. In the above embodiment, the computing resource includes an input resource description, an output resource description, a calculation process description, and a unidirectional description of the input resource of the computing resource to the input resource; the input resource description is used to describe the element as the input resource of the computing resource. Data; The unidirectional description of the input resource of the computing resource includes whether the output resource of the computing resource has unidirectionality to the input resource, and whether it is completely unidirectional or trapped. The number of elements of the input resource includes the resource type of the input resource, the data structure and/or the resource deployment, etc.; the output resource description is used to describe the metadata of the output resource; the calculation process description refers to the description of the calculation process defined in the computing resource. The unidirectionality of the output resource of the computing resource to the input resource includes complete unidirectionality or trapdoor unidirectionality. The fully unidirectional representation indicates that the input resource of the computing resource cannot be derived from the output resource of the computing resource. When the computing resource has complete unidirectionality, the computing resource does not include the trapdoor resource. The trapdoor unidirectional representation can calculate the input resource according to the output resource and other specific resources (the specific resource is the input resource of the computing resource), therefore, the resource that can be used to derive the input resource by using the output resource and other specific resources is called Trap resources. Therefore, when the computing resource has a trapdoor one-way, the computing resource also needs to define the trapped I'1 resource.
作为另一种可选方式, 计算资源在不满足陷门条件时, 计算资源的 输出资源不具有对任何一个输入资源的单向性。 例如: 计算资源为对 3 个输入资源 (如输输入资源 A , 输入资源 B和输入资源 C)求平均数, 则 计算资源对 3个输入资源中的任意一个输入资源(假设为输入资源 A)的陷 门单向性为可以根据输出的平均数及剩余的其他两个输入资源(输入资 源 B和 C)推出该输入资源 A。 而剩余的其他两个输入资源(输入资源 B和 C )则成为陷门资源。 而同样对于求平均值如果计算资源的输入资源只有 一个, 则知道输出资源的情况下输入资源已经泄露, 因此在这种情况下 陷门条件表示输入资源的数量, 只有输入资源不小于两个时, 该计算资 源才具有对任何一个它的输入资源的单向性。 As another alternative, when the computing resource does not satisfy the trapdoor condition, the output resource of the computing resource does not have unidirectionality to any one of the input resources. For example: If the computing resource is an average of three input resources (such as input input resource A, input resource B, and input resource C), then the computing resource inputs any one of the three input resources (assumed to be input resource A). The trapdoor unidirectionality is that the input resource A can be derived based on the average of the output and the remaining two input resources (input resources B and C). The remaining two input resources (input resources B and C) become trapdoor resources. Similarly, for averaging, if there is only one input resource of the computing resource, the input resource is leaked if the output resource is known, so in this case, the trapping condition indicates the number of input resources, and only when the input resource is not less than two, The computing resource has unidirectionality for any of its input resources.
206、资源聚合装置根据计算资源的输入资源信息获取所述计算资源 的输入资源的访问权限, 然后执行步骤 207。 206. The resource aggregation device acquires access rights of the input resource of the computing resource according to the input resource information of the computing resource, and then performs step 207.
具体的, 本步骤的实施与步骤 203相同, 在此不在详述, 需要说明 的是步骤 203中为直接获取计算资源的所有输入资源的访问权限。 Specifically, the implementation of this step is the same as that of step 203, and is not described in detail herein. It should be noted that in step 203, access rights of all input resources of the computing resource are directly acquired.
207、确定计算资源的输出资源的访问权限为所述请求访问权限与所 述输入资源的访问权限的交集。 207. Determine an access right of an output resource of the computing resource as an intersection of the request access authority and the access authority of the input resource.
可以理解的是, 依次进行计算资源的输出资源对每个输入资源的单 向性判断, 因此步骤 207 中在根据第一个输入资源的访问权限确定计算 资源的输出资源的访问权限时, 是将请求访问权限 Q 与第一个输入资源 的访问权限 S 1 的交集作为访问权限 T; 而在根据其他的输入资源的访问 权限更新计算资源的输出资源的访问权限时, 是对根据前一个输入资源 的访问权限确定的计算资源的输出资源的访问权限 T ' 与该其他输入资 源的访问权限求交集更新该计算资源的输出资源的访问权限 T ,其中考虑
到计算资源的输出资源对每个输入资源的单向性可能不相同, 因此根据 前一个输入资源的访问权限确定的计算资源的输出资源的访问权限可以 为步骤 207或步骤 208或步骤 210 中的任一方法。 It can be understood that the unidirectional judgment of the output resource of the computing resource is performed sequentially for each input resource, so in step 207, when the access authority of the output resource of the computing resource is determined according to the access authority of the first input resource, The intersection of the request access authority Q and the access authority S 1 of the first input resource is used as the access authority T; and when the access authority of the output resource of the computing resource is updated according to the access authority of the other input resource, the input resource according to the previous input resource is Access rights determine the access rights of the output resources of the computing resource T' and the access rights of the other input resources to intersect the update access rights of the output resources of the computing resource, which are considered The unidirectionality of the output resource to the computing resource may be different for each input resource, so the access authority of the output resource of the computing resource determined according to the access authority of the previous input resource may be step 207 or step 208 or step 210 Any method.
208、 如果该计算资源的输出资源对所述输入资源具有完全单向性, 将所述请求访问权限作为计算资源的输出资源的访问权限, 然后执行步 骤 211。 可以理解的是, 依次进行计算资源的输出资源对每个输入资源的单 向性判断, 因此步骤 208 中在根据第一个输入资源的访问权限确定计算 资源的输出资源的访问权限时, 是将请求访问权限 Q作为访问权限 T。 作为一种可选方式, 由于计算资源的输出资源对每个输入资源的单 向性可能不相同, 因此根据前一个输入资源的访问权限确定的计算资源 的输出资源的访问权限可以为步骤 207或步骤 208或步骤 210 中的任一 方法。 208. If the output resource of the computing resource has complete unidirectionality to the input resource, use the request access permission as an access permission of an output resource of the computing resource, and then perform step 211. It can be understood that the unidirectional judgment of the output resource of the computing resource is performed sequentially for each input resource, so in step 208, when the access authority of the output resource of the computing resource is determined according to the access authority of the first input resource, Request access rights Q as access rights T. As an alternative, since the unidirectionality of the output resource of the computing resource may be different for each input resource, the access authority of the output resource of the computing resource determined according to the access authority of the previous input resource may be step 207 or Any of the methods of step 208 or step 210.
209、根据所述计算资源的输入资源信息获取所述输入资源的访问权 限, 并根据陷门资源的描述确定所述陷门资源的访问权限, 然后执行步 骤 210。 可选的, 步骤 209 中需要根据陷门资源的描述确定所述陷门资源的 访问权限因此计算资源进一步的包含陷门资源的描述; 作为两种可选方 式, 第一种: 陷门资源为计算资源的输入资源中的一种或多种时, 根据 陷门资源的描述可以直接获取输入资源的访问权限作为陷门资源的访问 权限方法参照步骤 202 对输入资源的访问权限的获取方式; 第二种: 陷 门资源为 M2M ***外部的数据库或服务器获取时, 该方法还包括陷门资 源描述包含陷门资源标识 (UR I ) , 根据陷门资源标识获取所述陷门资源 的访问权限, 具体方法参照输入资源的访问权限获取方法, 不在赘述。 209. Acquire an access right of the input resource according to the input resource information of the computing resource, and determine an access right of the trapdoor resource according to the description of the trapdoor resource, and then perform step 210. Optionally, in step 209, the access permission of the trapdoor resource is determined according to the description of the trapdoor resource, so the description of the resource further including the trapdoor resource is calculated; as two alternative manners, the first type: the trapdoor resource is When one or more of the input resources of the resource are calculated, according to the description of the trapdoor resource, the access permission of the input resource may be directly obtained as the access permission method of the trapdoor resource. Referring to step 202, the access mode of the input resource is obtained. Two types: When the trapdoor resource is acquired by a database or a server external to the M2M system, the method further includes: the trapdoor resource description includes a trapdoor resource identifier (UR I ), and the access authority of the trapdoor resource is obtained according to the trapdoor resource identifier. The specific method refers to the access authority acquisition method of the input resource, and is not described in detail.
21 0、确定所述计算资源的输出资源的访问权限为在请求访问权限和 所述输入资源的访问权限的并集中排除所有所述陷门资源的访问权限与 所述请求访问权限的交集, 然后执行步骤 211。 其中步骤 205 中判定计算资源的输出资源对所述输入资源具有陷门 单向性时, 执行步骤 209 , 因此步骤 209中该计算资源对所述输入资源具 有陷门单向性。 需要考虑如下因素, 1 ) 可以访问输入资源的应用也可以
访问输出资源, 2 ) 可以访问陷门资源的应用不可以访问输出资源, 3 ) 不可以访问陷门资源的应用可以访问输出资源,所以确定 T=Q-( Q Π X-S )。 其中 T为计算资源的输出资源的访问权限, X为所有陷门资源的访问权限 的交集, Q为所述请求访问权限, S为所述输入资源的访问权限。 类似步骤 207 和 208 , 由于计算资源对每个输入资源依次进行单向 性判断, 因此步骤 21 0 中在根据第一个输入资源的访问权限确定计算资 源的输出资源的访问权限时, 是将 T=Q_ ( Q H X-S ) 作为计算资源的输出 资源的访问权限; 而在根据其他的输入资源的访问权限更新计算资源的 输出资源的访问权限时, 是将根据前一个输入资源的访问权限确定的计 算资源的输出资源的访问权限 T ' 更新该计算资源的输出资源的访问权 限 τ=τ ' _ ( τ ' n x-s ) , 其中考虑到计算资源的输出资源对每个输入资 源的单向性可能不相同, 因此根据前一个输入资源的访问权限确定的计 算资源的输出资源的访问权限可以为步骤 207或步骤 208或步骤 210 中 的任一方法。 The determining, by the access authority of the computing resource, the access rights of the computing resource, and the access rights of the input resource, the intersection of the access rights of the trapdoor resources and the requested access rights, and then Go to step 211. When it is determined in step 205 that the output resource of the computing resource has trapdoor unidirectionality to the input resource, step 209 is performed, so in step 209, the computing resource has trapdoor unidirectionality to the input resource. Need to consider the following factors, 1) applications that can access input resources can also Accessing output resources, 2) Applications that can access trapdoor resources cannot access output resources, 3) Applications that cannot access trapdoor resources can access output resources, so determine T=Q-( Q Π XS ). Where T is the access authority of the output resource of the computing resource, X is the intersection of the access rights of all trapdoor resources, Q is the requested access right, and S is the access authority of the input resource. Similar to steps 207 and 208, since the computing resource sequentially performs a unidirectional determination on each input resource, in step 21 0, when the access authority of the output resource of the computing resource is determined according to the access authority of the first input resource, T is =Q_ ( QH XS ) is the access authority of the output resource of the computing resource; and when the access authority of the output resource of the computing resource is updated according to the access rights of other input resources, the calculation is determined according to the access authority of the previous input resource The access authority of the output resource of the resource T 'updates the access authority τ=τ ' _ ( τ ' n xs ) of the output resource of the computing resource, wherein the unidirectionality of the output resource of the computing resource may not be considered for each input resource The access rights of the output resources of the computing resources determined according to the access rights of the previous input resource may be any of the methods in step 207 or step 208 or step 210.
21 1、 判断所述计算资源是否还有其他输入资源; 若否则执行步骤 212 , 若是则对所述计算资源的下一个输入资源执行步骤 205 ; 即确定所 述计算资源的输出资源对下一个输入资源是否具有单向性。 21: Determine whether the computing resource has other input resources; if otherwise, execute step 212, if yes, perform step 205 on the next input resource of the computing resource; that is, determine the output resource of the computing resource to the next input. Whether the resource is unidirectional.
212、 根据计算资源输出资源信息, 确定计算资源的输出资源是是做 为聚合结果资源。 212. Determine, according to the computing resource output resource information, that the output resource of the computing resource is used as an aggregation result resource.
具体的步骤 212为根据所述输出资源信息确定所述计算资源的输出 资源作为聚合结果资源, 若所述计算资源的输出资源作为其它计算资源 的输入资源, 则确定所述计算资源的输出资源不是作为聚合结果资源, 对将所述计算资源的输出资源作为其输入资源的计算资源执行执行步骤 202 , 并遍历所有的计算资源; 若作为聚合结果资源, 则将该计算资源的 输出资源的访问权限作为聚合结果资源的访问权限, 即执行步骤 21 3。 参照图 5 所示, 上述的遍历过程指对计算资源 Ε , 依据被聚合计算 资源 Α的访问权限和被聚合资源 B的访问权限及对计算资源 E的输出资 源的请求访问权限获取计算资源 E 的输出资源的访问权限 (具体方式不 再赘述) ; 对计算资源 F , 依据被聚合资源 C的访问权限和对计算资源 F 的输出资源的请求访问权限获取计算资源 F 的输出资源的访问权限, 其
中获取计算资源 E的输出资源的访问权限与获取计算资源 F的输出资源 的访问权限没有特定的先后顺序; 最后依据计算资源 E 的输出资源的访 问权限与计算资源 F的输出资源的访问权限及对计算资源 H的输出资源 的请求访问权限获取计算资源 H的输出资源的访问权限,并将计算资源 H 的输出资源的访问权限作为聚合结果资源 J 的访问权限, 其中对于上述 每个计算资源, 依据输入资源的访问权限和计算资源的请求访问权限获 取计算资源的输出资源的访问权限的具体过程参照步骤 2 02 - 2 1 0 ,不在赘 述。 具体的, 所述最后一个计算资源为聚合资源创建请求中, 该计算资 源的输出资源信息为聚合结果资源。 而一个聚合资源创建请求, 只有一 个计算资源的输出资源会作为聚合结果资源。 步骤 2 1 2具体指对所有计算资源循环执行步骤 2 0 3至步骤 2 1 1直至 聚合资源创建请求的聚合方式中计算资源集合的最后一个计算资源计算 完毕获取最后一个计算资源的输出资源的访问权限作为所述聚合结果资 源的访问权限。 此外以上实施例中有类似于计算资源的第一个输入资源、 第二个输入资源……的描述,这里第一个和第二个并不应当看做是一种 限制, 而是一种输入资源的区分, 根据现有技术可以理解的是当计算资 源对输入资源的聚合计算具有顺序性时, 该第一、 第二……可以理解为 计算资源对输入资源聚合计算的顺序, 当计算资源对输入资源的聚合计 算没有顺序性时, 该第一、 第二……可以仅仅理解为对输入资源的区分; 此外对于计算资源以计算资源的输出资源是否作为其他计算资源的输入 资源最为该计算资源是否为所述聚合方式中的最后一个计算资源的标 准, 则在同一个聚合方式中的计算资源根据输入资源和输出资源的关系 (步骤 2 01 中已经详述) 可以按照以被聚合资源作为输入资源的计算资 源在先, 以输出聚合结果资源的计算资源在后的方式进行排序, 当然这 只是为了解释清楚本发明的实施例提供的一种描述方式, 其他能够达到 本发明实施例目的变通的描述方式也应该在本申请的保护范围内。 The specific step 212 is to determine, according to the output resource information, an output resource of the computing resource as an aggregation result resource, and if the output resource of the computing resource is used as an input resource of another computing resource, determining that the output resource of the computing resource is not As an aggregation result resource, performing step 202 on the computing resource that uses the output resource of the computing resource as its input resource, and traversing all the computing resources; if the resource is the aggregation result, the access authority of the output resource of the computing resource is used. As access rights of the aggregation result resource, step 21 3 is performed. Referring to FIG. 5, the foregoing traversal process refers to obtaining a computing resource E according to a computing resource, an access right of the aggregated computing resource, an access right of the aggregated resource B, and a requesting access right to the output resource of the computing resource E. The access authority of the output resource F is obtained by the access authority of the output resource, and the access authority of the output resource of the computing resource F is obtained according to the access authority of the aggregated resource C and the requested access right of the output resource of the computing resource F, The access authority for obtaining the output resource of the computing resource E and the access authority for obtaining the output resource of the computing resource F are not in a specific order; finally, according to the access authority of the output resource of the computing resource E and the access authority of the output resource of the computing resource F and The request access right of the output resource of the computing resource H acquires the access authority of the output resource of the computing resource H, and the access authority of the output resource of the computing resource H is used as the access right of the aggregation result resource J, where for each of the above computing resources, The specific process of obtaining the access authority of the output resource of the computing resource according to the access authority of the input resource and the request access right of the computing resource is referred to step 2 02 - 2 1 0 , and is not described herein. Specifically, the last computing resource is an aggregate resource creation request, and the output resource information of the computing resource is an aggregation result resource. In the case of an aggregate resource creation request, only one output resource of the computing resource is used as the aggregate result resource. Step 2 1 2 specifically refers to looping all the computing resources to step 2 0 3 to step 2 1 1 until the aggregation resource of the aggregate resource creation request is calculated. The last computing resource of the computing resource set is calculated to obtain the access of the output resource of the last computing resource. Permissions are the access rights to the aggregated result resource. In addition, in the above embodiment, there is a description similar to the first input resource, the second input resource, ... of the computing resource, where the first and second should not be regarded as a limitation, but an input. Differentiating resources, according to the prior art, it can be understood that when the computing resources have sequentiality on the aggregated computing of the input resources, the first, second, ... can be understood as the order in which the computing resources are aggregated for the input resources, when computing resources When there is no order for the aggregate calculation of the input resources, the first, second, ... can only be understood as the distinction of the input resources; and the calculation is performed on whether the output resources of the computing resources are used as the input resources of other computing resources. Whether the resource is the standard of the last computing resource in the aggregation mode, and the computing resource in the same aggregation mode is based on the relationship between the input resource and the output resource (described in step 2 01). The computing resource of the input resource is first, and the computing resource that outputs the aggregated result resource is arranged in the following manner. Of course this is only a description of the embodiment to explain embodiments of the present invention provides, to achieve the other object of the embodiments described embodiment alternative embodiment of the present invention should be within the scope of the present disclosure.
2 1 3、 当所述计算资源的输出资源为聚合结果资源时, 将计算资源的 输出资源的访问权限作为聚合结果资源的访问权限。 本发明的实施例提供一种资源聚合结果访问权限的控制方法, 能够 根据对聚合结果资源的请求访问权限和计算资源的输入资源的访问权限
确定所述计算资源的输出资源的访问权限,并将所述计算资源的输出资 源的访问权限作为所述聚合结果资源的访问权限。 从而使得聚合结果资 源的访问权限能够避免通过反推暴露输入资源, 从而提高输入资源的信 息安全性。 而当输入资源为被聚合资源时, 则提高了被聚合资源的安全 性。 2 1 3. When the output resource of the computing resource is an aggregation result resource, the access permission of the output resource of the computing resource is used as the access permission of the aggregation result resource. An embodiment of the present invention provides a method for controlling access rights of a resource aggregation result, which is capable of accessing an access resource according to a request for an aggregated result resource and an access authority of an input resource of a computing resource. Determining an access right of the output resource of the computing resource, and using an access right of the output resource of the computing resource as an access right of the aggregation result resource. Therefore, the access permission of the aggregated result resource can avoid the input resource being exposed by the reverse push, thereby improving the information security of the input resource. When the input resource is an aggregated resource, the security of the aggregated resource is improved.
进一步的, 结合图 3的实施例, 步骤 1 02 中资源聚合装置根据所述 计算资源确定所述计算资源的输入资源能够根据所述计算资源的输出资 源获取可以包括图 4对应的实施例中步骤 202 , 步骤 205 , 以及步骤 205a 的描述。 具体的, 步骤 102 中资源聚合装置根据所述计算资源确定所述计算 资源的输入资源能够根据所述计算资源的输出资源获取可以为: 在步骤 202 中确定所述计算资源满足所述计算资源定义的陷门条件, 或在步骤 202 中确定所述计算资源不包括陷门条件;且在步骤 205 中根据所述计算 资源定义的输出资源对输入资源的单向性描述确定所述计算资源的输出 资源对所述输入资源不具有单向性;或 步骤 102 中资源聚合装置根据所述计算资源确定所述计算资源的输 入资源能够根据所述计算资源的输出资源获取具体可以为: 在步骤 202 中确定所述计算资源满足所述计算资源定义的陷门条件, 或在步骤 202 中确定所述计算资源不包括陷门条件;且在步骤 205中根据所述计算资源 定义的对输入资源的单向性描述确定所述计算资源的输出资源对输入资 源具有陷门单向性 (作为一种可选的方式还包括根据所述计算资源定义 的对输入资源的单向性描述确定所述计算资源的输出资源对输入资源具 有完全单向性) ;或 步骤 102 中资源聚合装置根据所述计算资源确定所述计算资源的输 入资源能够根据所述计算资源的输出资源获取具体可以为: 在步骤 202 中确定所述计算资源不满足所述计算资源定义的陷门条件。 下面结合本发明的实施例提供的方法, 给出了三个采用 M2M ***获 取聚合结果资源权限的具体应用实例: 实例一: 以计算小区家庭平均耗电量为例进行说明, 如图 6所示场景中, 电力公司、 小区住户和市政部门都是 M2M***
的注册用户。 电力公司部署的智能抄表业务, 小区住户的电量抄表数值 保存在 M2M平台中, 小区住户只能对自家的电量抄表数值具有访问权限。 因为市政部门工作人员小刘和住户 B、 C和 D之间的合作关系, 小刘具有 对住户 B、 C和 D的电量抄表数值的访问权限, 以帮助其分析用电量, 给 出咨询建议。 但是小刘没有对住户 A 的电量抄表数值的访问权限。 在该 场景中, 市政部门的优秀节电小区评选小组需要对每个小区家庭的用电 量求平均值, 在多个小区之间评比出用电最省的小区。 因此市政优秀节电小区评选小组通过 M2M应用在 M2M平台中创建聚 合资源 M, 用来计算小区住户消耗电量的平均值, 并且指定聚合结果资源 的访问权限为评选小组成员的 ID和市政部门工作人员小刘的 ID。所述在 请求中指定的聚合结果资源的访问权限即为请求访问权限。 所述创建的 聚合资源 M包括以下信息: 被聚合资源: 各个小区住户 ID。 Further, in conjunction with the embodiment of FIG. 3, the resource aggregation device determines, according to the computing resource, that the input resource of the computing resource can be obtained according to the output resource of the computing resource, and may include the steps in the embodiment corresponding to FIG. 202, step 205, and a description of step 205a. Specifically, the resource aggregating device determines, according to the computing resource, that the input resource of the computing resource can be obtained according to the output resource of the computing resource, in the step 202, determining that the computing resource meets the computing resource definition. a trapdoor condition, or determining in step 202 that the computing resource does not include a trapdoor condition; and determining, in step 205, the output of the computing resource based on a unidirectional description of the input resource defined by the output resource of the computing resource The resource is not unidirectional to the input resource; or the resource aggregation device determines, according to the computing resource, that the input resource of the computing resource can be obtained according to the output resource of the computing resource according to the computing resource: Determining that the computing resource satisfies a trapdoor condition of the computing resource definition, or determining in step 202 that the computing resource does not include a trapdoor condition; and in step 205, determining a one-way input resource according to the computing resource Determining that the output resource of the computing resource has a trapdoor unidirectionality to the input resource (as a The method further includes determining, according to the unidirectional description of the input resource defined by the computing resource, that the output resource of the computing resource has complete unidirectionality to the input resource; or the resource aggregation device in step 102 calculates according to the The determining that the input resource of the computing resource can be obtained according to the output resource of the computing resource may be: determining, in step 202, that the computing resource does not satisfy the trapdoor condition defined by the computing resource. In the following, with reference to the method provided by the embodiment of the present invention, three specific application examples for obtaining the resource of the aggregation result resource by using the M2M system are given: Example 1: The calculation of the average power consumption of the cell family is taken as an example, as shown in FIG. In the scenario, power companies, residential households, and municipalities are all M2M systems. Registered user. The smart meter reading service deployed by the power company, the electricity meter reading value of the residential households is stored in the M2M platform, and the community residents can only have access to the meter reading value of their own electricity. Because of the cooperation between the municipal department staff Xiao Liu and the households B, C and D, Xiao Liu has access to the electricity meter reading values of households B, C and D to help them analyze the electricity consumption and give advice. Suggest. However, Xiao Liu did not have access to the meter reading value of household A. In this scenario, the excellent energy-saving community selection team of the municipal department needs to average the electricity consumption of each community, and evaluate the most economical cells among multiple cells. Therefore, the municipal excellent energy-saving community selection team creates an aggregation resource M in the M2M platform through the M2M application, and calculates the average value of the electricity consumption of the community households, and specifies the access rights of the aggregation result resources as the ID of the selection team member and the municipal department staff. Xiao Liu's ID. The access permission of the aggregation result resource specified in the request is the request access authority. The created aggregation resource M includes the following information: The aggregated resource: Each cell resident ID.
聚合方式: 包含一个计算资源, average用于求平均值。 聚合结果资源: 小区的平均耗电量。 聚合结果资源的请求访问权限: {评选小组成员的 ID, 小刘的 ID}。 该聚合资源 M具体示例为: Aggregation method: Contains a computing resource, average is used to average. Aggregation result resource: The average power consumption of the cell. Request access to the aggregated result resource: {ID of the selection panel member, Xiao Liu's ID}. The specific example of the aggregation resource M is:
<Mashup name=,, M,, URI =,, http: //baseURI/Mashup-M" ><Mashup name=,, M,, URI =,, http: //baseURI/Mashup-M" >
<MashupResources>ht tp: / /baseURI/MeterA, http: / /baseURI/MeterB, http: / /baseURI/MeterC, http: //baseURI/MeterD</MashupResources> <MashupResources>ht tp: / /baseURI/MeterA, http: / /baseURI/MeterB, http: / /baseURI/MeterC, http: //baseURI/MeterD</MashupResources>
<MashupMethod> <MashupMethod>
<Compute ur i=ht tp: / /ba seURI / compute-aver a ge> <Compute ur i=ht tp: / /ba seURI / compute-aver a ge>
< input number=,, multi" >MashupResources</ input> < input number=,, multi" >MashupResources</ input>
<out ut>MashupResul t</ output> </Compute> <out ut>MashupResul t</ output> </Compute>
</MashupMethod> </MashupMethod>
<MashupResul t>ht tp: / /baseURI/averge-meter</MashupResul t>
<Resul tAccessRight>ht tp: / /baseURI/acces sRight A</Resul t Acc es sRight> <MashupResul t>ht tp: / /baseURI/averge-meter</MashupResul t> <Resul tAccessRight>ht tp: / /baseURI/acces sRight A</Resul t Acc es sRight>
</Mashup> 具体的, 聚合资源 M的 URI为: hUp:〃 baseURI/Mashup_M。 聚合资 源 M的被聚合资源, 包括: MeterA, MeterB, MeterC和 MeterD。 聚合 资源 M 包含计算资源 average。 其中计算资源的输入资源 Input 为: MashupResources 即被聚合资源。 计算资源的输出资源 output 为: MashupResult , 即聚合结果资源 。 聚合结果资源 的 URI 为 : http:〃baseURI/averge_meter</MashupResult>。 聚合结果资源的请求 访问权限 URI为: http: / /baseURI/accessRightA</ResultAccessRight>, 其中 AccessRightA中描述市政咨询公司具有读权限。 </Mashup> Specifically, the URI of the aggregate resource M is: hUp: 〃 baseURI/Mashup_M. Aggregated resources of aggregated resources M, including: MeterA, MeterB, MeterC, and MeterD. Aggregate resource M contains the computing resource average. The input resource Input of the computing resource is: MashupResources is the aggregated resource. The output resource output of the computing resource is: MashupResult , which is the aggregate result resource. The URI of the aggregate result resource is: http:〃baseURI/averge_meter</MashupResult>. The request for the aggregate result resource The access URI is: http: / /baseURI/accessRightA</ResultAccessRight>, where AccessRightA describes the municipal consulting company with read access.
具体的, 对于计算资源 average: 输入资源: 数值类型的抄表值。 Specifically, for the computing resource average: Input resource: The meter reading value of the numeric type.
输出资源: 数值。 Output resource: Value.
单向性: 陷门单向性。 Unidirectional: The trapdoor is unidirectional.
具体的, 对于计算资源 average的表达如下: Specifically, the expression of the computing resource average is as follows:
<Compute name=,, average " URI =,, http: / /baseURI/ compute-average" > <Compute name=,, average " URI =,, http: / /baseURI/ compute-average" >
<Input type=" NUMERIC" 謹 ber =,, unlimited" > <Input type=" NUMERIC" ber =,, unlimited" >
<SingleWay type=" Trap" > <SingleWay type=" Trap" >
<TrapResource>a 11 other input s </Tr a Re sour ce> <TrapResource>a 11 other input s </Tr a Re sour ce>
</SingleWay> </Input> </SingleWay> </Input>
<Tra Condi t ion>number of input no less than 2</TrapCond i t ion> <Tra Condi t ion>number of input no less than 2</TrapCond i t ion>
<OutputType>NUMERIC</OutputType>
</ Compute> 其中上述程序中, 计算资源的名称为: average, 存储地址为: http: //baseURI /compute-average, 即资源聚合装置可以根据该地址 ( URI ) 获取该计算资源。 该计算资源输入资源的类型 Input type 为: NUMERIC, 即要求输入资源为数值型。 输入资源的数量 number 为: unlimited, 即对输入资源的数量无限制。 该计算资源的单向性类型为: Trap, 即该计算资源的输出资源对输入资源为陷门单向性。 陷门资源为: all other inputs, 即除了被保护的被聚合资源之外的其他被聚合资源, 例如对住户 A作为被聚合资源来讲, 其陷门资源即是住户 BCD的抄表数 值。 陷们条件为: number of input no less than 2, 即输入资源个数 不小于 2。 因为对于求平均值的计算资源, 如果输入资源只有一个, 很直 接的, 平均值就是被聚合资源的具体值。 因此只有当输入资源的个数大 于等于 2 的时候, 谈论单向性才会有意义。 该计算资源输出资源的类型 NUMERIC为: 数值。 在确定聚合结果资源的访问权限的开始, 评选小组通过 M2M应用创 建聚合资源 M到 M2M平台, 聚合资源的结构以及其中包含的计算资源的 结构如上所述。 <OutputType>NUMERIC</OutputType> </ Compute> In the above program, the name of the computing resource is: average, and the storage address is: http: //baseURI /compute-average, that is, the resource aggregation device can obtain the computing resource according to the address (URI). The type Input type of the computing resource input resource is: NUMERIC, which means that the input resource is required to be numeric. The number of input resources is: unlimited, that is, there is no limit to the number of input resources. The unidirectional type of the computing resource is: Trap, that is, the output resource of the computing resource is trapdoor unidirectional to the input resource. The trapdoor resource is: all other inputs, that is, other aggregated resources other than the protected aggregated resource. For example, for the household A as the aggregated resource, the trapdoor resource is the meter reading value of the resident BCD. The conditions are: number of input no less than 2, that is, the number of input resources is not less than 2. Because for the averaging computing resources, if there is only one input resource, which is very straightforward, the average value is the specific value of the aggregated resource. Therefore, it is meaningful to talk about unidirectionality only when the number of input resources is greater than or equal to 2. The type NUMERIC of the computing resource output resource is: a numeric value. At the beginning of determining the access rights of the aggregated result resources, the selection team creates the aggregated resource M to the M2M platform through the M2M application, and the structure of the aggregated resource and the structure of the computing resources contained therein are as described above.
结合图 4所示对应的实施例, 参照图 7聚合结果资源的访问权限确 定过程如下所示: Referring to the corresponding embodiment shown in FIG. 4, the access permission determination process of the aggregation result resource with reference to FIG. 7 is as follows:
301、 接收聚合资源创建请求。 所述聚合资源创建请求包含到少两个被聚合资源的标识 (如 URL) 、 对聚合结果资源的请求访问权限 Q为: 市政咨询公司的 ID即市政咨询公 司 具 有 读 权 限 , 计 算 资 源 的 标 识 ( 如 : http: //baseURI/compute-average ) , 所述计算资源的输入资源信息和 输出资源信息。 其中, 输入资源信息为: MeterA, MeterB、 MeterC 和 MeterD 。 而 输 出 资 源 信 息 为 : http: I /baseURI/averge_meter</MashupResul t>。 本实施例中只有一个计算资源, 根据上述图 4对应的实施例由于最 后一个计算资源为聚合资源创建请求中没有定义其输出资源作为其它的 计算资源的输入资源的计算资源。 而一个聚合资源创建请求, 只有一个
计算资源的输出资源会作为聚合结果资源。 因此本实施例中, 计算源的 输入资源就是被聚合资源, 输出资源就是聚合结果资源。 至少一个计算 资源及计算资源的输入资源信息和输出资源信息包含在聚合方式中, 此 处聚合方式中包含的计算资源即取平均值。 301. Receive an aggregate resource creation request. The aggregate resource creation request includes an identifier (such as a URL) of the two aggregated resources, and a request access right Q to the aggregated result resource is: The ID of the municipal consulting company, that is, the municipal consulting company has read permission, and the identifier of the computing resource ( For example: http: //baseURI/compute-average), the input resource information and the output resource information of the computing resource. Among them, the input resource information is: MeterA, MeterB, MeterC and MeterD. The output resource information is: http: I /baseURI/averge_meter</MashupResul t>. In this embodiment, there is only one computing resource. According to the embodiment corresponding to FIG. 4 above, the last computing resource is a computing resource whose input resource is not defined as an input resource of another computing resource in the aggregate resource creation request. And an aggregate resource creation request, only one The output resource of the computing resource is used as the aggregate result resource. Therefore, in this embodiment, the input resource of the calculation source is the aggregated resource, and the output resource is the aggregated result resource. The input resource information and the output resource information of the at least one computing resource and the computing resource are included in the aggregation mode, and the computing resources included in the aggregation mode are averaged.
302: 确定计算资源取平均值满足陷门条件。 在步骤 302之前还包括对于取平均值 average的分析, 确定计算资 源取平均值 average包含陷门条件。 因而直接执行步骤 302。 具体的, 本步骤中, 因为输入资源有四个, 输入资源的数量大于二, 满足计算资源取平均值 average的陷门条件。 302: Determine that the computing resource is averaged to satisfy the trapdoor condition. Before step 302, an analysis of the average value average is also included, and it is determined that the calculation resource averaging average includes a trapdoor condition. Therefore, step 302 is directly executed. Specifically, in this step, because there are four input resources, and the number of input resources is greater than two, the trapdoor condition that the average value of the computing resources is averaged is satisfied.
303:确定 average的输出资源对住户 A的抄表值作为第一个输入资 源具有单向性。 303: Determine that the average output resource has a unidirectionality for the meter reading value of the household A as the first input resource.
根据步骤 303 中的详述及对于取平均值 average 的分析可知, average计算资源的单向性类型为: Trap, 即该计算资源的输出资源对输 入资源为陷门单向性。 因此, average的输出资源对住户 A的抄表值作为 第一个输入资源具有陷门单向性, 住户 A 的抄表值作为第一个输入资源 (即第一个被聚合资源) ; 陷门资源为: all other input, 即住户 BCD 的抄表值。 According to the detailed description in step 303 and the analysis of the average value average, the unidirectional type of the average computing resource is: Trap, that is, the output resource of the computing resource is trapdoor unidirectional to the input resource. Therefore, the average output resource has a trapping unidirectionality for the household A's meter reading value as the first input resource, and the household A's meter reading value is the first input resource (ie, the first aggregated resource); The resource is: all other input, which is the meter reading value of the household BCD.
结合图 3、 图 4, 其中步骤其中 302和 303的实现为依据步骤 102, 其中步骤 201 中资源聚合装置根据所述计算资源确定所述计算资源的输 入资源能够根据所述计算资源的输出资源获取具体为在步骤 202 中确定 所述计算资源满足所述计算资源定义的陷门条件; 且在步骤 205 中根据 所述计算资源定义的对输入资源的单向性描述确定所述计算资源的输出 资源对输入资源具有陷门单向性,对应步骤 202在该实施例中步骤 302具 体为确定计算资源取平均值满足陷门条件; 对应步骤 205 在该实施例中 步骤 303具体为确定 average的输出资源对住户 A的抄表值作为第一个 输入资源具有单向性, 并且单向性种类为陷门单向性。 With reference to FIG. 3 and FIG. 4, wherein the steps 302 and 303 are implemented according to step 102, wherein the resource aggregation device determines, according to the computing resource, that the input resource of the computing resource can be obtained according to the output resource of the computing resource. Specifically, it is determined in step 202 that the computing resource meets the trapdoor condition defined by the computing resource; and in step 205, the output resource of the computing resource is determined according to the unidirectional description of the input resource defined by the computing resource. The input resource has a trapdoor unidirectionality, and the corresponding step 202 in this embodiment specifically determines that the computing resource averaging meets the trapdoor condition; corresponding step 205 in this embodiment, step 303 specifically determines the output resource of average. The meter reading value for the household A is unidirectional as the first input resource, and the one-way type is trapdoor unidirectional.
304、确定对住户 A的抄表值的访问权限和陷门资源住户 BCD的抄表 值的访问权限。 304. Determine access rights to the meter reading value of the household A and access rights of the meter reading value of the household BCD.
步骤 304 中实际是获取计算资源 average所有被聚合资源的访问权 限, 其中, 住户 A的抄表值的访问权限是 SA={住户 A的 ID, 电力公司的
ID}; 住户 B、 C, D的抄表值访问权限分别为 SB={住户 B的 ID, 电力公 司的 ID, 小刘的 ID} , SC={住户 C的 ID, 电力公司的 ID, 小刘的 ID} , SD={住户 D的 ID, 电力公司的 ID, 小刘的 ID}。 In step 304, the access rights of all the aggregated resources of the computing resource average are obtained, wherein the access authority of the meter reading value of the household A is SA={the ID of the household A, the power company's ID}; The access values of the meter reading values of households B, C, and D are SB={ID of household B, ID of power company, ID of Xiao Liu}, SC={ID of household C, ID of power company, small Liu's ID}, SD={ID of the resident D, ID of the power company, ID of Xiao Liu}.
305: 确定所述计算资源的输出资源的访问权限为 TA=Q-(Q fl XA-SA) = { 评选小组成员的 ID }。 305: Determine that the access authority of the output resource of the computing resource is TA=Q-(Q fl XA-SA) = {the ID of the selection panel member }.
XA为陷门资源住户 B、 C和 D的抄表值的访问权限的交集。 因此除 了小刘以外, 能够访问陷门资源 B、 C, D的抄表值的电力公司也具有对 A 的权限, 由于除电力公司以外的其他人想要获取 A 的抄表值需要知道聚 合方式采用的计算资源 average及陷门资源 B、 C, D的抄表值, 因此计 算资源对 A对除电力公司以外的其他人具有单向性,即计算资源 average 中定义的 SingleWay type=" Trap" , 此时计算资源取平均值的输出资源 的访问权限 ΤΑ为 {评选小组成员的 ID }。 由于计算资源 average还有除住户 A的抄表值以外的输入资源 B、C、 D三个住户的抄表值, 因此具体还包括以下步骤: 对于根据第二个输入资源用户 B更新计算资源 average的输出资源 的访问权限过程包括: XA is the intersection of the access rights of the meter reading values of the trapdoor resource households B, C, and D. Therefore, in addition to Xiao Liu, the power company that has access to the meter reading values of the trapdoor resources B, C, and D also has the authority for A. Since others other than the power company want to obtain the meter reading value of A, they need to know the aggregation method. The calculation resource average and the meter reading value of the trapping resource B, C, D, so the computing resource is unidirectional to A other than the power company, that is, the SingleWay type="Trap" defined in the computing resource average At this time, the access authority of the output resource whose calculation resource is averaged is {the ID of the member of the selection panel}. Since the computing resource average also has the meter reading values of the three households of the input resources B, C, and D other than the meter reading value of the household A, the following steps are specifically included: For the user resource B according to the second input resource, the computing resource is updated. The access rights process for the output resources includes:
303a: 确定 average的输出资源对住户 B的抄表值作为第二个输入 资源具有单向性。 303a: Determine that the average output resource has a unidirectionality on the meter reading value of the household B as the second input resource.
根据步骤 303a 中的详述及对于取平均值 average 的分析可知, average计算资源的单向性类型为: Trap, 即该计算资源的输出资源对输 入资源为陷门单向性。 因此, average的输出资源对住户 B的抄表值作为 第一个输入资源具有陷门单向性, 住户 B 的抄表值作为第一个输入资源 (即第一个被聚合资源) ; 陷门资源为: all other input, 即陷门资源 为住户 ACD的抄表值。 参照步骤 303的描述,对应步骤 205在该实施例中步骤 303a具体为 确定 average的输出资源对住户 B的抄表值作为第二个输入资源具有单 向性, 并且单向性种类为陷门单向性。 According to the detailed description in step 303a and the analysis of the average value average, the unidirectional type of the average computing resource is: Trap, that is, the output resource of the computing resource is trapdoor unidirectional to the input resource. Therefore, the average output resource has a trapping unidirectionality as the first input resource for the meter reading value of the household B, and the meter reading value of the household B is the first input resource (ie, the first aggregated resource); The resource is: all other input, that is, the trapdoor resource is the meter reading value of the resident ACD. Referring to the description of step 303, the corresponding step 205 in the embodiment is specifically determining that the output resource of the average is unidirectional as the second input resource, and the one-way type is the trapping order. Directional.
304a, 确定对住户 B的抄表值的访问权限和陷门资源住户 ACD的抄 表值的访问权限。
步骤 304a中实际是获取计算资源 average所有被聚合资源的访问权 限, 其中, 住户 A的抄表值的访问权限是 SA={住户 A的 ID, 电力公司的 ID}; 住户 B、 C, D的抄表值访问权限分别为 SB={住户 B的 ID, 电力公 司的 ID, 小刘的 ID} , SC={住户 C的 ID, 电力公司的 ID, 小刘的 ID} , SD={住户 D的 ID, 电力公司的 ID, 小刘的 ID}。 304a, determining access rights to the meter reading value of the household B and access rights of the meter reading value of the trapping resource household ACD. In step 304a, the access rights of all the aggregated resources of the computing resource average are obtained, wherein the access authority of the meter reading value of the household A is SA={ID of the household A, the ID of the power company}; the households B, C, D The access value of the meter reading value is SB={ID of household B, ID of power company, ID of Xiao Liu}, SC={ID of household C, ID of power company, ID of Xiao Liu}, SD={household D ID, ID of the power company, Xiao Liu's ID}.
305a: 确定所述计算资源的输出资源的访问权限为 ΤΒ=ΤΑ-(ΤΑ Π XB-SB) = {评选小组成员的 ID }。 XB为陷门资源住 A、 C和 D的抄表值 的访问权限的交集。 因此除了小刘以外, 能够访问陷门资源 A、 C, D 的 抄表值的电力公司也具有对 B 的权限, 由于除电力公司以外的其他人想 要获取 B的抄表值需要知道聚合方式采用的计算资源 average及陷门资 源 A、 C, D的抄表值, 因此计算资源的输出资源对 B对除电力公司以外 的其他人具有单向性, 即计算资源 average 中定义的 SingleWay type=" Trap" , 此时计算资源取平均值的输出资源的访问权限 ΤΒ为 {评 选小组成员的 ID }。 305a: Determine that the access authority of the output resource of the computing resource is ΤΒ=ΤΑ-(ΤΑ Π XB-SB) = {ID of the selection panel member }. XB is the intersection of the access rights of the meter reading values of the trapdoor resources A, C, and D. Therefore, in addition to Xiao Liu, the power company that has access to the meter reading values of the trapdoor resources A, C, and D also has the authority to B. Since others other than the power company want to obtain the meter reading value of B, it is necessary to know the aggregation method. The calculation resource average and the meter reading values of the trapping resources A, C, and D are used. Therefore, the output resource of the computing resource has a unidirectionality to the other person except the power company, that is, the SingleWay type= defined in the computing resource average. "Trap", at this time, the access authority of the output resource for calculating the resource averaging is {the ID of the member of the selection panel}.
由于计算资源 average还有除住户 A、B的抄表值以外的输入资源 C、 Since the computing resource average has input resources other than the meter reading values of the households A and B.
D两个住户的抄表值, 因此具体还包括以下步骤: 对于根据第三个输入资源用户 C更新计算资源 average的输出资源 的访问权限过程包括: D The meter reading value of the two households, so specifically includes the following steps: The access authority process for updating the output resource of the computing resource average according to the third input resource user C includes:
303b: 确定 average的输出资源对住户 C的抄表值作为第三个输入 资源具有单向性。 303b: Determine the average output resource for the household C's meter reading value as a third input resource is unidirectional.
根据步骤 303b 中的详述及对于取平均值 average 的分析可知, average计算资源的单向性类型为: Trap, 即该计算资源的输出资源对输 入资源为陷门单向性。 因此, average的输出资源对住户 C的抄表值作为 第一个输入资源具有陷门单向性, 住户 C 的抄表值作为第一个输入资源 (即第一个被聚合资源) ; 陷门资源为: all other input, 即陷门资源 为住户 ABD的抄表值。 参照步骤 303的描述,对应步骤 205在该实施例中步骤 303b具体为 确定 average的输出资源对住户 C的抄表值作为第三个输入资源具有单 向性, 并且单向性种类为陷门单向性。 304b, 确定对住户 C的抄表值的访问权限和陷门资源住户 ABD的抄
表值的访问权限。 步骤 304b中实际是获取计算资源 average所有被聚合资源的访问权 限, 其中, 住户 A的抄表值的访问权限是 SA={住户 A的 ID, 电力公司的 ID}; 住户 B、 C, D的抄表值访问权限分别为 SB={住户 B的 ID, 电力公 司的 ID, 小刘的 ID} , SC={住户 C的 ID, 电力公司的 ID, 小刘的 ID} , SD={住户 D的 ID, 电力公司的 ID, 小刘的 ID}。 According to the detailed description in step 303b and the analysis of the average value, the unidirectional type of the average computing resource is: Trap, that is, the output resource of the computing resource is trapdoor unidirectional to the input resource. Therefore, the average output resource has a trapping unidirectionality as the first input resource for the meter reading value of the household C, and the meter reading value of the household C is the first input resource (ie, the first aggregated resource); The resource is: all other input, that is, the trapdoor resource is the meter reading value of the resident ABD. Referring to the description of step 303, the corresponding step 205 in step 303b specifically determines that the output resource of the average is the unidirectionality of the meter reading value of the household C as the third input resource, and the unidirectional type is the trapping order. Directional. 304b, determine access rights to the meter reading value of the household C and copy the household ABD of the trapping resource Access to table values. In step 304b, the access rights of all the aggregated resources of the computing resource average are obtained, wherein the access authority of the meter reading value of the household A is SA={ID of the household A, the ID of the power company}; the households B, C, D The access value of the meter reading value is SB={ID of household B, ID of power company, ID of Xiao Liu}, SC={ID of household C, ID of power company, ID of Xiao Liu}, SD={household D ID, ID of the power company, Xiao Liu's ID}.
305b: 确定所述计算资源的输出资源的访问权限为 TC=TB-(TB fl XC-SC) = {评选小组成员的 ID }。 XC为陷门资源住 A、 B和 D的抄表值 的访问权限的交集。 因此除了小刘以外, 能够访问陷门资源 A、 B、 D 的 抄表值的电力公司也具有对 C 的权限, 由于除电力公司以外的其他人想 要获取 C的抄表值需要知道聚合方式采用的计算资源 average及陷门资 源 A、 B、 D的抄表值, 因此计算资源的输出资源对 C对除电力公司以外 的其他人具有单向性, 即计算资源 average 中定义的 SingleWay type=" Trap" , 此时计算资源取平均值的输出资源的访问权限 TC为 {评 选小组成员的 ID }。 由于计算资源 average还有除住户 A、 B、 C的抄表值以外的输入资 源住户 D的抄表值, 因此具体还包括以下步骤: 对于根据第四个输入资源用户 D更新计算资源 average的输出资源 的访问权限过程包括: 303c: 确定 average的输出资源对住户 D的抄表值作为第三个输入 资源具有单向性。 305b: Determine that the access authority of the output resource of the computing resource is TC=TB-(TB fl XC-SC)={the ID of the selection panel member}. XC is the intersection of the access rights of the meter reading values of the trapdoor resources A, B, and D. Therefore, in addition to Xiao Liu, power companies that have access to the meter reading values of trapdoor resources A, B, and D also have authority over C, because others other than the power company want to obtain the meter reading value of C. The calculation resource average and the meter reading values of the trapping resources A, B, and D, so the output resource of the computing resource has a unidirectionality to C other than the power company, that is, the SingleWay type= defined in the computing resource average "Trap", at this time, the access authority TC of the output resource for calculating the resource averaging is {the ID of the member of the selection panel}. Since the computing resource average also has the meter reading value of the input resource D in addition to the meter reading values of the households A, B, and C, the following steps are specifically included: The output of the computing resource average is updated according to the fourth input resource user D. The process of accessing resources includes: 303c: Determine the output resource of average to have the unidirectionality of the meter reading value of the household D as the third input resource.
根据步骤 303c 中的详述及对于取平均值 average 的分析可知, average计算资源的单向性类型为: Trap, 即该计算资源的输出资源对输 入资源为陷门单向性。 因此, average的输出资源对住户 D的抄表值作为 第一个输入资源具有陷门单向性, 住户 D 的抄表值作为第一个输入资源 According to the detailed description in step 303c and the analysis of the average value average, the unidirectional type of the average computing resource is: Trap, that is, the output resource of the computing resource is trapdoor unidirectional to the input resource. Therefore, the average output resource has a trapping unidirectionality as the first input resource for the meter reading value of the household D, and the meter reading value of the household D is the first input resource.
(即第一个被聚合资源) ; 陷门资源为: all other input, 即陷门资源 为住户 ABC的抄表值, 参照步骤 303的描述, 对应步骤 205在该实施例 中步骤 303c具体为确定 average的输出资源对住户 D的抄表值作为第三 个输入资源具有单向性, 并且单向性种类为陷门单向性。 (ie, the first aggregated resource); the trapdoor resource is: all other input, that is, the trapdoor resource is the meter reading value of the household ABC, referring to the description of step 303, the corresponding step 205 is specifically determined in step 303c in the embodiment. The average output resource has a unidirectionality as the third input resource for the meter reading value of the household D, and the unidirectional type is trapdoor unidirectional.
304c, 确定对住户 D的抄表值的访问权限和陷门资源住户 ABC的抄
表值的访问权限。 步骤 304c中实际是获取计算资源 average所有被聚合资源的访问权 限, 其中, 住户 A的抄表值的访问权限是 SA={住户 A的 ID, 电力公司的 ID}; 住户 B、 C, D的抄表值访问权限分别为 SB={住户 B的 ID, 电力公 司的 ID, 小刘的 ID}, SC={住户 C的 ID, 电力公司的 ID, 小刘的 ID}, SD={住户 D的 ID, 电力公司的 ID, 小刘的 ID}。 304c, determine the access rights to the meter reading value of the household D and the copy of the household resource ABC Access to table values. In step 304c, the access rights of all the aggregated resources of the computing resource average are obtained, wherein the access authority of the meter reading value of the household A is SA={ID of the household A, the ID of the power company}; the households B, C, D The access value of the meter reading value is SB={ID of household B, ID of power company, ID of Xiao Liu}, SC={ID of household C, ID of power company, ID of Xiao Liu}, SD={household D ID, ID of the power company, Xiao Liu's ID}.
305c: 确定所述计算资源的输出资源的访问权限为 TD=TC-(TCfl XD-SD) = {评选小组成员的 ID }。 XD为陷门资源住 A、 B和 C的抄表值 的访问权限的交集。 因此除了小刘以外, 能够访问陷门资源 A、 B、 C 的 抄表值的电力公司也具有对 D 的权限, 由于除电力公司以外的其他人想 要获取 D的抄表值需要知道聚合方式采用的计算资源 average及陷门资 源 A、 B、 C的抄表值, 因此计算资源的输出资源对 D对除电力公司以外 的其他人具有单向性, 即计算资源 average 中定义的 SingleWay type=" Trap" , 此时计算资源取平均值的输出资源的访问权限 TD为 {评 选小组成员的 ID }。 由于住户 D的抄表值是计算资源 average最后一个输入资源, 并且 聚合方式 M 中仅包含一个计算资源 average, 因此确定 TD={评选小组成 员的 ID }作为计算资源 average的输出资源的访问权限, 即聚合结果资 源访问权限。 305c: Determine that the access authority of the output resource of the computing resource is TD=TC-(TCfl XD-SD)={ID of the selection panel member}. XD is the intersection of the access rights of the meter reading values of the trapdoor resources A, B, and C. Therefore, in addition to Xiao Liu, the power company that can access the meter reading values of the trapdoor resources A, B, and C also has the authority to D. Since others other than the power company want to obtain the meter reading value of D, it is necessary to know the aggregation method. The calculation resource average and the meter reading values of the trapping resources A, B, and C, so the output resource of the computing resource has a unidirectionality to the person other than the power company, that is, the SingleWay type= defined in the computing resource average "Trap", at this time, the access authority TD of the output resource for calculating the resource averaging is {the ID of the member of the selection panel}. Since the meter reading value of the resident D is the last input resource of the computing resource average, and the aggregation mode M contains only one computing resource average, it is determined that the TD={the selection panel member ID} is the access authority of the output resource of the computing resource average. That is, the aggregation result resource access rights.
306、聚合资源创建请求中计算资源 average的输出资信息为聚合结 果资源 (Marshup result), 将计算资源的输出 资源的访问权限 TD=TC- (TCP XD-SD) = { 评选小组成员的 ID }作为聚合结果资源的访问权 限。 可以看出, 在这个例子中, 市政优秀节电小区评选小组通过 M2M应 用在 M2M 平台创建聚合资源, 并指定的聚合结果资源的访问权限因为存 在泄漏 A 的隐私给小刘的可能性, 在***推导过程中, 自动把小刘对聚 合结果资源的访问权限排除, 从而保证了***用户的隐私不被泄漏。 实例二: 以小区住户用电分布分析为例进行说明, 其中该实例是以 多个计算资源并且其中每个计算资源对输入资源的完全单向性或无单项 性为例进行说明, 具体如下:
如图 8所示, 市政咨询公司需要统计小区住户月消耗电量的情况, 因此通过 M2M应用在 M2M平台中创建聚合资源用来得到这一结果。 在本 实施例中, 小区住户 ABCD的抄表数据保存在 M2M平台中。 市政咨询公司通过 M2M应用在 M2M平台中创建聚合资源 J用来得到 小区住户月耗电量大于 10亿焦耳占总户数的百分比, 并且指定聚合结果 资源只能被市政咨询公司访问,对聚合结果资源的请求访问权限 Q= {市政 咨询公司的 ID}。 聚合资源 J用来计算月耗电量的分布情况, 所述创建的 聚合资源 J包括以下信息: 被聚合资源: 各个小区住户的 ID。 聚合方式: 包含三种计算资源。 第一个转换 convert,用于执行单位 转换, 第二个比较 compare,用于进行比较计算, 第三个分析 analyse, 用于分析分布计算。 其中, 三个计算资源的关系如下: 单位转换的输出 资源是比较计算的输入资源, 比较计算的输出资源是分布计算的输入资 源, 如图 11所示。 聚合结果资源: 小区的耗电量分布。 聚合结果资源的请求访问权限: {市政咨询公司的 ID } 306. The output resource information of the computing resource average in the aggregate resource creation request is a Marshup result, and the access authority of the output resource of the computing resource is TD=TC-(TCP XD-SD) = {ID of the selection panel member } Access rights as a result of the aggregation. It can be seen that in this example, the municipal excellent energy-saving community selection team creates aggregated resources on the M2M platform through the M2M application, and specifies the access rights of the aggregated result resources because of the possibility of leaking A's privacy to Xiao Liu, in the system. During the derivation process, Xiao Liu automatically excludes the access rights of the aggregated result resources, thus ensuring that the privacy of the system users is not leaked. Example 2: The residential household electricity distribution analysis is taken as an example for description. The example is based on multiple computing resources and each computing resource has complete unidirectionality or no single item property of the input resource, as follows: As shown in Figure 8, the municipal consulting company needs to calculate the monthly power consumption of the residential households. Therefore, the M2M application creates aggregated resources in the M2M platform to obtain this result. In this embodiment, the meter reading data of the cell resident ABCD is saved in the M2M platform. The municipal consulting company creates the aggregation resource J in the M2M platform through the M2M application to obtain the percentage of the monthly household electricity consumption of the residential households greater than 1 billion joules, and the specified aggregation result resources can only be accessed by the municipal consulting company. Request access to the resource Q= {Improvement company ID}. The aggregated resource J is used to calculate the distribution of monthly power consumption. The created aggregated resource J includes the following information: The aggregated resource: The ID of each residential household. Aggregation method: Contains three kinds of computing resources. The first conversion convert is used to perform unit conversion, the second comparison compare is used for comparison calculation, and the third analysis is used to analyze distribution calculation. The relationship between the three computing resources is as follows: The output resource of the unit conversion is the input resource of the comparative calculation, and the output resource of the comparison calculation is the input resource of the distributed calculation, as shown in FIG. Aggregation result resource: The power consumption distribution of the cell. Request access to the aggregated result resource: {Improvement company ID}
<Mashup name=,, J" URI = " ht tp: //baseURI/Mashup-J " > <Mashup name=,, J" URI = " ht tp: //baseURI/Mashup-J " >
<MashupResources>ht tp: / /baseURI/MeterA, ht tp: / /baseURI/MeterB, ht tp: //baseURI/MeterC, ht tp: //baseURI/MeterD</MashupResources> <MashupMethod> <MashupResources>ht tp: / /baseURI/MeterA, ht tp: / /baseURI/MeterB, ht tp: //baseURI/MeterC, ht tp: //baseURI/MeterD</MashupResources> <MashupMethod>
<Compute ur i=ht tp: / /baseURI/ compute-convert dupl icate=" OneForEachMashupRe source " > <Compute ur i=ht tp: / /baseURI/ compute-convert dupl icate=" OneForEachMashupRe source " >
<input>MashupResources</ input> <input>MashupResources</ input>
<out ut>InputOf ComputCompare</ output > </Compute> <out ut>InputOf ComputCompare</ output > </Compute>
<Compute ur i=ht tp: / /baseURI/ compute-compare dupl icate=" OneForEachComputeConver t " >
< input>0ut ut Of ComputeConver t</ input > <Compute ur i=ht tp: / /baseURI/ compute-compare dupl icate=" OneForEachComputeConver t "> <input>0ut ut Of ComputeConver t</ input >
<out ut>InputOf Comput Ana lyse</ output > <out ut>InputOf Comput Ana lyse</ output >
</ Compute> </ Compute>
<Compute ur i=ht tp: I /baseURI/ compute-ana lyse dupl icate=" OneForAl IComputeCompare" >
<out ut>MashupResul t</ output> </ Compute> </MashupMethod> <Compute ur i=ht tp: I /baseURI/ compute-ana lyse dupl icate=" OneForAl IComputeCompare"> <out ut>MashupResul t</ output></Compute></MashupMethod>
<MashupResul t>ht tp: / /bas eUR I/ana lyse-met er</Ma shupResul t> <Resul tAccessRight>ht tp: / /baseURI/acces sRightB</Resul t Acc es sRight>
<MashupResul t>ht tp: / /bas eUR I/ana lyse-met er</Ma shupResul t><ResultAccessRight>ht tp: / /baseURI/acces sRightB</Resul t Acc es sRight>
具体的, 聚合资源 J的 URI为: http:〃 baseURI/Mashup_J。 聚合资 源 J的被聚合资源, 包括: MeterA, MeterB, MeterC和 MeterD。 聚合 资源 J包含计算资源 convert , 计算资源 compare,计算资源 analyse。 以 及各个计算资源的输入资源和输出资源。 Specifically, the URI of the aggregate resource J is: http:〃 baseURI/Mashup_J. Aggregate resources J's aggregated resources, including: MeterA, MeterB, MeterC, and MeterD. The aggregate resource J contains the calculation resource convert , the calculation resource compare, and the calculation resource analyse. And input resources and output resources for each computing resource.
其中计算资源 convert的输入资源 input为: MashupResources , 即 被聚合资源;而输出资源 output 为: InputOfComputCompare, 即计算资 源 compare 的输入资源; 计算资源的重复次数 duplicate 为: OneForEachMa shupResource , 针对每一个被聚合资源、分另' J执行一次转 换。 计算资源 compare的输入资源 input为: Out utOf ComputeConver t , 即计算资源 convert 的输出资源;而 compare 的输出资源 output 为: InputOfComputAnalyse, 即计算资源 Analyse 的输入资源; 计算资源的 重复次数 duplicate 为: OneForEachComputeConver t , 即针对每一个 Convert 的输出资源分别执行一次比较。 计算资源 Analyse 的输入资源 input为: Out utOfComputeCompare, 即计算资源 Compare的输出资源,
而 Analyse的输出资源 output为: MashupResul t , 即聚合结果资源; 计 算资源的重复次数 duplicate 为: OneForAl IComputeCompare , 即对 Compar e的所有输出资源执行一次分析。 具体的第一计算资源, Converet用于 (单位转换) : 因为用户的抄 表数据是用度我为单位保存因为用户的抄表数据是用度作为单位保存, 即千瓦时。 但是市政咨询公司创建的聚合资源只会对焦耳作比较, 因此 添加单位转换计算资源用来对抄表值做一步单位转换。 换算关系为: 1千 瓦时 = 3600000 焦耳。 该计算资源只有一个输入资源 (其中输入资源为一 个被聚合资源) , 一个输出资源。 输入资源: 千瓦时单位的抄表值。 输出资源: 焦耳单位的抄表值。 单向性: 无。 这种线性的变换很容易从结果换算出输入。 The input resource input of the computing resource convert is: MashupResources, that is, the aggregated resource; and the output resource output is: InputOfComputCompare, that is, the input resource of the computing resource compare; the number of repetitions of the computing resource is: OneForEachMa shupResource, for each aggregated resource , another 'J to perform a conversion. The input resource input of the computing resource compare is: Out utOf ComputeConver t , which is the output resource of the computing resource convert; the output of the compare output resource is: InputOfComputAnalyse, which is the input resource of the computing resource Analyse; the number of repetitions of the computing resource is: OneForEachComputeConver t , that is, a comparison is performed separately for each Convert's output resource. The input resource input of the computing resource Analyse is: Out utOfComputeCompare, which is the output resource of the computing resource Compare. The output of the output of Analyse is: MashupResul t, which is the result of the aggregation; the number of repetitions of the calculation resource is: OneForAl IComputeCompare, which performs an analysis on all output resources of Compar e. The specific first computing resource, Converet is used (unit conversion): Because the user's meter reading data is saved in units of cost, because the user's meter reading data is saved in units of degrees, that is, kilowatt hours. However, the aggregated resources created by the municipal consulting company will only focus on the ear comparison, so the unit conversion calculation resource is added to perform one-step unit conversion on the meter reading value. The conversion relationship is: 1 kWh = 3600000 joules. The computing resource has only one input resource (where the input resource is an aggregated resource) and one output resource. Input resource: The meter reading value of the kWh unit. Output Resources: The meter reading value of the Joule unit. Unidirectional: None. This linear transformation makes it easy to convert the input from the result.
具体的, 第二计算资源的表达如下: Specifically, the second computing resource is expressed as follows:
<Compute name=,, convert" URI =,, htt : / /baseURI/ compute-convert " > <Compute name=,, convert" URI =,, htt : / /baseURI/ compute-convert " >
<Input type=" NUMERIC" 謹 ber =,, one" > <Input type=" NUMERIC" ber =,, one" >
<S ing leWay type=" none " > <S ing leWay type=" none " >
</SingleWay> </Input> <0utputType>NUMERIC</0utputType> </ Compute> 其中, 在上述程序中, 计算资源的名称为: convert, 存储地址为: http: //baseURI /compute-convert, 即资源聚合装置可以根据该地址 ( URI ) 获取该计算资源。 该计算资源输入资源的类型 Input type 为: NUMERIC, 即要求输入资源为数值型。 输入资源的数量 number为: one, 即一次只对一个输入资源进行转换。该计算资源的单向性类型 SingleWay type为: none, 即该计算资源不满足单向性要求。 该计算资源输出资源
的类型 NUMERIC为: 数值。 </SingleWay></Input><0utputType>NUMERIC</0utputType></Compute> where, in the above program, the name of the computing resource is: convert, the storage address is: http: //baseURI /compute-convert, ie The resource aggregation device can obtain the computing resource based on the address (URI). The type Input type of the computing resource input resource is: NUMERIC, which means that the input resource is required to be numeric. The number of input resources is: one, that is, only one input resource is converted at a time. The unidirectional type SingleWay type of the computing resource is: none, that is, the computing resource does not satisfy the unidirectional requirement. The computing resource output resource The type NUMERIC is: numeric.
第二计算资源 compare (比较计算) : 用来计算比较月耗电量是否 大于 10亿焦耳。 输入资源 (第一计算资源 convert的输出资源 ) : 焦耳单位的抄表 值。 The second computing resource compare (comparison calculation): used to calculate whether the monthly power consumption is greater than 1 billion joules. Input resource (output resource of the first computing resource convert): The meter reading value of the Joule unit.
输出资源: 0或者 1, 大于 10亿焦耳输出 1, 小于 10亿焦耳输出 0。 陷门条件: 满足。 Output resources: 0 or 1, greater than 1 billion joules of output 1, less than 1 billion joules of output 0. Trapdoor conditions: Satisfied.
单向性: 完全单向, 无法从 0或者 1推算出具体的焦耳数。 Unidirectional: It is completely unidirectional, and it is impossible to calculate the specific number of joules from 0 or 1.
具体的, 第二计算资源的表达如下: <Compute name=,, compare " URI =,, http: / /baseURI/ compute-compare" > Specifically, the second computing resource is expressed as follows: <Compute name=,, compare " URI =,, http: / /baseURI/ compute-compare" >
<Input type=" NUMERIC" 謹 ber =,, one" >/ <Input type=" NUMERIC" ber =,, one" >/
<SingleWay type=" true" > <SingleWay type=" true" >
</SingleWay> </Input> </SingleWay> </Input>
<TrapCondi t ion> t rue</Tra Condi t ion> <0utputType>B00L</0utputType> </ Compute> 其中, 在上述程序中, 计算资源的名称为: compare, 存储地址为: http: //baseURI/compute-compare, 即资源聚合装置可以根据该地址 ( URI ) 获取该计算资源。 该计算资源输入资源的类型 Input type 为: NUMERIC, 即要求输入资源为数值型。 输入资源的数量 number为: one, 即一次只对一个输入资源进行比较。该计算资源的单向性类型 SingleWay type为: true, 即该计算资源的输出资源对输入资源具有单向性, 由于 compare是比较月耗电量是否大于 10亿焦耳, 而输出结果为逻辑( B00L ) 变量 0或 1,因此根据输出资源 0或 1并不能直接得到每个用户月耗电量, 因此计算资源的输出资源对输入资源具有单向性, 这里单向性类型的真
( ture) 或无 (none) 为用于确定计算资源的输出资源对输入资源是否 具有单向性的布尔 (bool ) 类型, 其中 SingleWay type为: true, 表示 计算资源的输出资源对输入资源具有单向性, S i ng 1 eWay t y pe为: none , 表示计算资源的输出资源对输入资源不具有单向性。 可以理解的是将真 或无采用其他的表述方式也应该属于本申请的保护范围, 这里不再—— 列举。 该计算资源输出资源的类型 B00L为: 逻辑变量。 该计算资源的陷 门条件: true, 即该计算资源要求陷门条件。 第三计算资源 (分布计算) : 计算所有的输入资源中, 1 占的百分 比。 输入资源 (第二计算资源的输出资源) : 0或者 1。 <TrapCondi t ion> t rue</Tra Condi t>><0utputType>B00L</0utputType></Compute> where, in the above program, the name of the computing resource is: compare, the storage address is: http: //baseURI /compute-compare, that is, the resource aggregation device can obtain the computing resource according to the address (URI). The type Input type of the computing resource input resource is: NUMERIC, which means that the input resource is required to be numeric. The number of input resources is: one, that is, only one input resource is compared at a time. The unidirectional type SingleWay type of the computing resource is: true, that is, the output resource of the computing resource is unidirectional to the input resource, and since compare is comparing whether the monthly power consumption is greater than 1 billion joules, and the output result is logic (B00L) The variable 0 or 1, therefore, according to the output resource 0 or 1, the monthly power consumption of each user cannot be directly obtained, so the output resource of the computing resource has unidirectionality to the input resource, where the unidirectional type is true. (ture) or none is a bool type that determines whether the output resource of the computing resource is unidirectional to the input resource, where SingleWay type is: true, indicating that the output resource of the computing resource has a single input resource The directionality, S i ng 1 eWay ty pe is: none , indicating that the output resource of the computing resource is not unidirectional to the input resource. It can be understood that the use of other expressions, whether true or not, should also fall within the scope of protection of the present application, and is no longer listed here. The type B00L of the computing resource output resource is: a logical variable. The trapping condition of the computing resource: true, that is, the computing resource requires a trapdoor condition. Third Computational Resource (Distribution Calculation): Calculates the percentage of 1 of all input resources. Input resource (output resource of the second computing resource): 0 or 1.
输出资源: 1 占的百分比。 陷门条件: 无。 单向性: 无。 Output resources: 1 Percentage. Trapdoor conditions: None. Unidirectional: None.
<Compute name=,, analyse" URI =,, ht tp: / /baseURI/ compute-ana lyse" > <Compute name=,, analyse" URI =,, ht tp: / /baseURI/ compute-ana lyse" >
<Input type=" NUMERIC" 謹 ber =,, unlimited" > </Input> <Input type=" NUMERIC" ber =,, unlimited" > </Input>
<OutputType>NUMERIC</OutputType> <OutputType>NUMERIC</OutputType>
</ Compute> 其中, 在上述程序中, 计算资源的名称为: analyse, 存储地址为: http: //baseURI /compute-analyse, 即资源聚合装置可以根据该地址 ( URI ) 获取该计算资源。 该计算资源输入资源的类型 Input type 为: NUMERIC, 即要求输入资源为数值型。 输入资源的数量 number 为: unlimited, 即一次计算不限输入资源的数量。 该计算资源输出资源的类 型 NUMERIC为: 数值。 在市政咨询公司通过 M2M应用创建该聚合资源 J到 M2M平台以后, 结合图 4所示对应的实施例, 参照图 9聚合结果资源的访问权限确定过 程如下所示: </ Compute> wherein, in the above program, the name of the computing resource is: analyse, and the storage address is: http: //baseURI /compute-analyse, that is, the resource aggregation device can obtain the computing resource according to the address (URI). The type of input resource of the computing resource Input type is: NUMERIC, which means that the input resource is required to be numeric. The number of input resources number is: unlimited, that is, the number of unlimited input resources is calculated at one time. The type of NUMERIC for this computing resource output resource is: a numeric value. After the municipal consulting company creates the aggregation resource J to the M2M platform through the M2M application, combined with the corresponding embodiment shown in FIG. 4, the process of determining the access authority of the aggregation result resource with reference to FIG. 9 is as follows:
401、 接收聚合资源创建请求。
所述聚合资源创建请求包含至少两个被聚合资源的标识 (如各小区 住户的 ID)、对聚合结果资源的请求访问权限 Q (如市政咨询公司的 ID)、 计 算 资 源 的 标 识 ( 如 ht tp: //baseURI/compute- convert , ht tp: / /baseURI/ compute-compare 和 http:〃 baseURI/compute- analyse ) , 以及各所述计算资源的输入资源 信息和输出资源信息。其中,计算资源 hUp: //baseURI /compute-convert 的输入资源包含了被聚合资源, 如各小区住户的 ID。 此外, 聚合方式中 包含了所述各计算资源, 各计算资源的输入资源信 , 和输出资源信息。 401. Receive an aggregate resource creation request. The aggregation resource creation request includes an identifier of at least two aggregated resources (such as an ID of each community resident), a request access right Q (such as an ID of a municipal consulting company), and an identifier of a computing resource (such as ht tp) : //baseURI/compute- convert , ht tp: / /baseURI/ compute-compare and http:〃 baseURI/compute- analyse ), and input resource information and output resource information for each of the computing resources. The input resource of the computing resource hUp: //baseURI /compute-convert includes the aggregated resource, such as the ID of each community resident. In addition, the aggregation method includes the computing resources, the input resource information of each computing resource, and the output resource information.
在本实施例中, 参照图 10所示, 所述聚合方式中包含三个计算资源 的描述, 如转换 (即单位转换) 、 比较和分析, 其中。 单位转换的输出 资源是比较的输入资源, 比较的输出资源是分析的输入资源, 而分析的 输出资源是聚合结果资源。 In this embodiment, referring to FIG. 10, the aggregation mode includes descriptions of three computing resources, such as conversion (ie, unit conversion), comparison, and analysis. The output of the unit conversion is the input resource of the comparison, the output resource of the comparison is the input resource of the analysis, and the output resource of the analysis is the aggregate result resource.
402、 确定计算资源单位转换 convert满足陷门条件。 在执行本步骤之前, 资源聚合装置根据聚合资源创建请求中包含的 计算资源的标识, 如 ht tp: //baseURI/compute- convert , 获取计算资源 单位转换 convert 的描述。 然后再根据获取的 convert的描述执行步骤 402。 具体的, 由上述对于单位转换 convert 的分析, 该计算资源不包含 陷门条件。 因此, 该计算资源 convert 无陷门条件, 即满足陷门条件。 而直接执行步骤 403。 作为一种可选方式, 资源聚合装置在获取到计算资源 convet的描述 后, 确认 convert 中不包含陷门条件。 从而, 资源聚合装置还可以不执 行步骤 402, 而直接执行步骤 403。 402. Determine a computing resource unit conversion convert meets a trapdoor condition. Before performing this step, the resource aggregation device obtains the description of the computing resource unit conversion convert according to the identifier of the computing resource included in the aggregate resource creation request, such as ht tp: //baseURI/compute- convert . Step 402 is then performed according to the description of the obtained convert. Specifically, from the above analysis of the unit conversion convert, the computing resource does not include a trapdoor condition. Therefore, the computing resource convert has no trapdoor condition, that is, the trapdoor condition is satisfied. Go directly to step 403. As an alternative, after obtaining the description of the computing resource convet, the resource aggregation device confirms that the trapdoor condition is not included in the convert. Therefore, the resource aggregating device may directly execute step 403 without executing step 402.
403、 确定单位转换 convert的输出资源对被聚合资源 A (以被聚合 资源 A即住户 A千瓦时单位的抄表值为例) 不具有单向性。 根据上述对于单位转换 convert 的描述, 其输入资源为任一个被聚 合资源。 因此, 此处将被聚合资源 A作为 convert的输入资源作为例子。 由上面的描述可知, convert对于单向性的定义为 none, 即 convert的输 出资源对于 convert 的输入资源不具有单向性。 也就是说, 可以通过 convert的输出资源获取其输入资源的值。
结合图 3、 图 4 , 其中步骤其中 402和 403的实现为依据步骤 102 , 其中步骤 201 中资源聚合装置根据所述计算资源确定所述计算资源的输 入资源能够根据所述计算资源的输出资源获取具体为在步骤 202 中确定 所述计算资源满足所述计算资源定义的陷门条件; 且在步骤 205 中根据 所述计算资源定义的输出资源对输入资源的单向性描述确定所述计算资 源的输出资源对所述输入资源不具有单向性; 403. Determine an output resource of the unit conversion convert to the aggregated resource A (the sampled value of the aggregated resource A, that is, the household A kWh unit) is not unidirectional. According to the above description of the unit conversion convert, its input resource is any aggregated resource. Therefore, here, the aggregated resource A is taken as an input resource of convert as an example. As can be seen from the above description, convert is defined as non-unidirectional, that is, the output resource of convert is not unidirectional to the input resource of convert. In other words, you can get the value of its input resource through the output resource of convert. With reference to FIG. 3 and FIG. 4, wherein the steps 402 and 403 are implemented according to step 102, wherein the resource aggregation device determines, according to the computing resource, that the input resource of the computing resource can be obtained according to the output resource of the computing resource. Specifically, it is determined in step 202 that the computing resource satisfies the trapdoor condition of the computing resource definition; and in step 205, determining, according to the unidirectional description of the input resource by the output resource defined by the computing resource, determining the computing resource. The output resource is not unidirectional to the input resource;
对应步骤 202在该实施例中步骤 402具体为确定计算资源单位转换 conver t满足陷门条件;对应步骤 205在该实施例中步骤 403具体为确定 单位转换 conver t的输出资源对被聚合资源 A (以被聚合资源 A即住户 A 千瓦时单位的抄表值为例) 不具有单向性。 Corresponding to step 202, in step 402 of the embodiment, specifically determining that the computing resource unit conversion conver t satisfies the trapping condition; in step 403, in step 403, specifically determining the output resource of the unit conversion conver t to the aggregated resource A ( The value of the meter reading of the aggregated resource A, that is, the household A kWh unit, is not unidirectional.
404、 获取单位转换输入资源的访问权限。 本步骤中的输入资源为被聚合资源 A , 因此本步骤为确定被聚合资 源 A的访问权限。 具体的, 依据被聚合资源 A的标识获取被聚合资源的 访问权限, 此处于被聚合资源 A为例, 即住户 A的千瓦时单位的抄表值。 被聚合资源 A的访问权限为 SA1= {住户 A的 ID , 电力公司的 ID} 。 404. Acquire access rights of the unit conversion input resource. The input resource in this step is the aggregated resource A, so this step is to determine the access rights of the aggregated resource A. Specifically, the access authority of the aggregated resource is obtained according to the identifier of the aggregated resource A, and the aggregated resource A is taken as an example, that is, the meter reading value of the kWh unit of the household A. The access rights of the aggregated resource A are SA1= {ID of the household A, ID of the power company}.
405: 确定单位转换的输出资源的访问权限为 T^Q fl SAl a 具体的, 基于步骤 403 的确定结果, 即 convert 的输出资源对于 convert的输入资源不具有单向性, 则 convert对于输入资源为被聚合资 源 A的输出资源的访问权限为请求访问权限 Q与被聚合资源 A的访问权 限 SA1的交集。 其中, Q为聚合资源创建请求中包含的对聚合结果资源的 请求访问权限。 405: Determine the access right of the output resource of the unit conversion is T^Q fl SAl a. Specifically, based on the determination result of step 403, that is, the output resource of convert is not unidirectional to the input resource of convert, then convert is for the input resource. The access authority of the output resource of the aggregated resource A is the intersection of the request access authority Q and the access authority SA1 of the aggregated resource A. Q is the request access right to the aggregate result resource included in the aggregate resource creation request.
单位转换对于输入资源 A的输出资源的访问权限 L =Q = {市政咨询 公司的 ID } ,与输入资源 A的访问权限 SA1的交集 0,其中 0表示空集。 Unit conversion access rights to the output resource of input resource A L = Q = {municipal consulting company ID}, and the access rights of input resource A, the intersection of SA1 0, where 0 represents an empty set.
406、 确定单位转换 conver t没有其他输入资源。 根据上述对于单位转换 conver t 的描述, Inpu t type= " NUMER IC " number = " one " 即步骤 406 中单位转换 conver t 的输入资源只有一个即 住户 A 千瓦时单位的抄表值, 由于单位转换只有一个输入资源, 因此直 接执行下一步 407。 406. Determine unit conversion conver t has no other input resources. According to the above description of the unit conversion conver t, Inpu t type= "NUMER IC " number = "one", that is, the input resource of the unit conversion conver t in step 406 has only one meter reading value of the household A kWh unit, due to unit conversion There is only one input resource, so go directly to the next step 407.
407、确定单位转换 conver t对于输入资源 A的输出资源作为其他计
算资源的输入资源。 407. Determine a unit conversion conver t for the output resource of the input resource A as another meter. Calculate the input resources of the resource.
基于步骤 401, 聚合资源创建请求中包含的单位转换的输出资源是 比较计算的输入资源。 如图 9 所示, 在确定下一个需要处理的计算资源时, 上述 403-407 为对住户 A的单位转换的处理过程。 因为住户 B,C,D对应的单位转换计 算还未完成, 因此对住户 B,C, D, 按照步骤 403-407单位转换 A对住户 A 的处理, 分别对住户 B、 C, D确定单位转换 B、 C, D的输出资源的访问 权限, 得到单位转换 A、 B、 C, D计算资源的输出资源的访问权限都为 0。 住户 D的单位转换计算处理完成以后, 下一个需要处理的计算资源 回到住户 A的比较计算。 因此, 此时确定即输入资源 A进行 convert后的输出资源作为计算 资源 compare的输入资源。 执行步骤 408, 对计算资源 compare的特性进 行确定。 在如图 9所示的聚合方式中, 单位转换 A计算资源输出焦耳单 位的耗电量值, 比较计算 A比较该耗电量是否超过阔值 10亿焦耳。 在本 实施例中, 住户 A和住户 B分别为 8亿和 9亿, 住户 C和住户 D分别为 11亿和 12亿。 Based on step 401, the output resource of the unit conversion included in the aggregate resource creation request is the input resource of the comparison calculation. As shown in Figure 9, when determining the next computing resource to be processed, the above 403-407 is the processing of the unit conversion to the resident A. Because the unit conversion calculation corresponding to households B, C, and D has not been completed, the households B, C, and D are converted according to steps 403-407, and the households are converted to households B, C, and D. The access rights of the output resources of B, C, and D, and the access rights of the output resources of the unit conversion A, B, C, and D computing resources are all 0. After the unit conversion calculation process of the household D is completed, the next calculation resource to be processed is returned to the comparison calculation of the household A. Therefore, at this time, it is determined that the output resource after the input resource A is converted is used as an input resource for calculating the resource compare. Step 408 is performed to determine the characteristics of the computing resource compare. In the aggregation mode shown in Fig. 9, the unit conversion A calculates the power consumption value of the resource output Joule unit, and the comparison calculation A compares whether the power consumption exceeds the threshold value of 1 billion joules. In this embodiment, household A and household B are 800 million and 900 million, respectively, and household C and household D are 1.1 billion and 1.2 billion, respectively.
408: 确定比较计算 compare满足陷门条件。 在执行本步骤之前, 资源聚合装置根据聚合资源创建请求中包含的 计算资源的标识, 如 ht tp: //baseURI/compute- compare, 获取计算资源 比较计算 compare的描述。然后再根据获取的比较计算 compare的描述执 行步骤 408。 具体的, 由上述对于 compare 的分析, 该计算资源单向性类型 SingleWay type为: true, 即该计算资源具有单向性要求。 可选的, 在 步骤 408之前还包括: 确定 compare是否包含陷门条件, 如果包含陷门 条件则执行步骤 408, 根据 compare 的分析可知计算资源的陷门条件: true, 为真, 即该计算资源要求陷门条件。 408: Determine the comparison calculation compare satisfies the trap condition. Before performing this step, the resource aggregation device obtains a description of the computing resource comparison calculation compare according to the identifier of the computing resource included in the aggregate resource creation request, such as ht tp: //baseURI/compute- compare. Then, step 408 is performed according to the obtained comparison calculation comparison description. Specifically, by the above analysis for compare, the computing resource unidirectional type SingleWay type is: true, that is, the computing resource has a unidirectional requirement. Optionally, before step 408, the method further includes: determining whether the compare includes a trapdoor condition, and if the trapdoor condition is included, performing step 408, according to the analysis of the compare, the trapdoor condition of the computing resource is: true, true, that is, the computing resource Requires trap conditions.
409、 确定比较计算 compare 的输出资源对输入资源具有完全单向 性。 409. Determine that the output resource of the comparison calculation compare is completely unidirectional to the input resource.
这里输入资源以单位转换 convert对于输入资源 A的输出资源为例,
根据对于单位转换 compare 的分析, 由于该计算资源单向性类型 SingleWay type 为: true, 即该计算资源具有单向性要求, 此外对于 c ompa r e的分析中并未设置陷门资源,则比较计算 c ompa r e的输出资源对 单位转换 convert的输出资源具有完全单向性。 Here, the input resource is converted by unit conversion to the output resource of the input resource A as an example. According to the analysis of the unit conversion compare, since the computing resource unidirectional type SingleWay type is: true, that is, the computing resource has a unidirectional requirement, and the trapdoor resource is not set in the analysis of the compa re, the comparison calculation is performed. The output resource of c ompa re is completely unidirectional to the output resource of the unit conversion convert.
结合图 3、 图 4, 其中步骤其中 408和 409的实现为依据步骤 102, 其中步骤 201 中资源聚合装置根据所述计算资源确定所述计算资源的输 入资源能够根据所述计算资源的输出资源获取具体为在步骤 202 中确定 所述计算资源满足所述计算资源定义的陷门条件; 且在步骤 205 中根据 所述计算资源定义的对输入资源的单向性描述确定所述计算资源的输出 资源对输入资源具有完全单向性; With reference to FIG. 3 and FIG. 4, wherein the steps 408 and 409 are implemented according to step 102, wherein the resource aggregation device determines, according to the computing resource, that the input resource of the computing resource can be obtained according to the output resource of the computing resource. Specifically, it is determined in step 202 that the computing resource meets the trapdoor condition defined by the computing resource; and in step 205, the output resource of the computing resource is determined according to the unidirectional description of the input resource defined by the computing resource. Fully unidirectional to the input resource;
对应步骤 202在该实施例中步骤 408具体为确定比较计算 compare 满足陷门条件; 对应步骤 205在该实施例中步骤 409具体为确定比较计 算 compare 的输出资源对输入资源具有单向性, 且单向性类型为完全单 向性。 Corresponding to step 202, in step 408 of the embodiment, specifically determining that the comparison calculation meets the trapdoor condition; corresponding step 205 in step 409 of the embodiment is specifically determining that the output resource of the comparative calculation compare has unidirectionality to the input resource, and the single The directional type is completely unidirectional.
410: 确定比较计算 compare的输出资源的访问权限为 T2=Q。 比较计算 compare的输出资源的访问权限 T2为请求访问权限 Q ={市 政咨询公司的 ID } , 比较计算 compare的输入资源访问权限 SA2为单位 转换 compare的输出资源的访问权限 SA2=T1 = 0;根据上述的分析可知比 较计算 compare对单位转换 convert 的输出资源具有完全单向性, 确定 比较计算 compare的访问权限为 T2= Q。 作为一种可选方式, 在步骤 408, 409可以在步骤 403之前执行, 且 在步骤 409 中, 资源聚合装置确定计算资源对输入资源具有完全单向性 时, 资源聚合装置不用执行步骤 403-407, 而直接执行步骤 408。 410: Determine the access authority of the comparison calculation output resource is T2=Q. Comparing the access authority T2 of the output resource of the compare calculation to the request access authority Q = {the ID of the municipal consulting company}, and comparing the access authority of the input resource of the comparative calculation SA2 to the access authority of the output resource of the unit conversion compare SA2=T1 = 0; The above analysis shows that the comparison calculation has completely unidirectionality to the output resource of the unit conversion convert, and determines that the access authority of the comparison calculation compare is T2=Q. As an optional manner, in step 408, 409 may be performed before step 403, and in step 409, when the resource aggregation device determines that the computing resource has complete unidirectionality to the input resource, the resource aggregation device does not need to perform steps 403-407. And step 408 is directly executed.
411、 确定比较计算 compare没有其他输入资源。 411. Determine the comparison calculation compare has no other input resources.
根据上述对于比较计算 compare的描述, Input type=" NUMERIC" number:" one" 步裝 411 中 t匕较计算 compare 々输入资源、尸、有一个 单位转换 A的输出资源(计算资源输出资源的类型 B00L为: 逻辑变量), 由于比较计算 compare只有一个输入资源 (即 convert 对于输入资源 A 的输出资源) , 因此直接执行下一步 412。 According to the above description of compare calculation, Input type=" NUMERIC" number:" one" step 411 is more than calculate compare 々 input resource, corpse, output resource with one unit conversion A (calculation type of resource output resource B00L is: Logical variable), since the comparison calculation compare has only one input resource (ie, convert to the output resource of input resource A), the next step 412 is directly executed.
412、确定比较计算 compare对于输入资源的输出资源作为其他计算
资源的输入资源。 412. Determine a comparison calculation compare output resource of the input resource as another calculation The input resource of the resource.
基于步骤 401, 聚合资源创建请求中包含的比较计算的输出资源是 分布计算的输入资源。 如图 9, 在确定下一个需要处理的计算资源时, 上述 408-412 为对 compare对于输入资源 A (住户 A千瓦时单位的抄表值) 的输出资源的处 理过程。 按照步骤 408-412比较计算 A对住户 A的处理, 分别对住户 B、 C、 D确定比较计算 B、 C、 D的访问权限, 得到比较计算 A、 B、 C、 D计算 资源的输出资源的访问权限都为 T2=Q。 Based on step 401, the output resource of the comparison calculation included in the aggregate resource creation request is an input resource of the distribution calculation. As shown in Figure 9, when determining the next computing resource to be processed, the above 408-412 is the processing procedure for the output resource of compare for input resource A (the meter reading value of the resident A kWh unit). According to steps 408-412, the calculation of the processing of the household A by the comparison A is performed, and the access rights of the comparison calculation B, C, and D are determined for the households B, C, and D, respectively, and the output resources of the computing resources of the A, B, C, and D calculation resources are obtained. Access rights are all T2=Q.
如图 9所示, 处理完住户 A,B,C,D对应的比较计算以后, 下一个需 要处理的计算资源分布计算。 分布计算的四个输入资源分别为住户 A, B, C, D对应的比较计算的输出资源。 As shown in Figure 9, after the comparison calculations for households A, B, C, and D are processed, the calculation of the next computing resource to be processed is calculated. The four input resources of the distribution calculation are the comparatively calculated output resources corresponding to the households A, B, C, and D, respectively.
413: 确定分布计算 analyse不包含陷门条件。 在执行本步骤之前, 资源聚合装置根据聚合资源创建请求中包含的 计算资源的标识, 如 http: //baseURI/compute- analyse, 获取计算资源 分布计算 analyse的描述。然后再根据获取的分布计算 analyse的描述执 行步骤 413。 由上述对于分布计算 analyse的分析,该计算资源不包含陷门条件。 因此, 该分布计算 analyse 无陷门条件, 即满足陷门条件。 而直接执行 步骤 414。 作为一种可选方式, 资源聚合装置在获取到分布计算 analyse 的描述后, 确认由于 analyse 中不包含陷门条件。 从而, 资源聚合装置 还可以不执行步骤 413, 而直接执行步骤 414。 413: Determine the distribution calculation analyse does not contain trapdoor conditions. Before performing this step, the resource aggregation device obtains a description of the computing resource distribution calculation analyse according to the identifier of the computing resource included in the aggregate resource creation request, such as http: //baseURI/compute- analyse. Step 413 is then performed by calculating the description of the analyse based on the acquired distribution. From the above analysis of the distribution calculation for the distribution, the computational resource does not contain a trapdoor condition. Therefore, the distribution calculates the absence of trapdoor conditions, ie, satisfies the trapdoor condition. Go directly to step 414. As an alternative, after obtaining the description of the distribution calculation analyse, the resource aggregation device confirms that the trapdoor condition is not included in the analyse. Therefore, the resource aggregating device may directly execute step 414 without performing step 413.
414、 确定分布计算 analyse对输入资源 (以被聚合资源为 compare 的对住户 A的输出资源为例) 不具有单向性。 由上述对于分布计算 analyse的分析, 该计算资源不包含单向性属 性, 即分布计算对所有的输入资源都没有单向性。 414. Determining the distribution calculation The analyse is not unidirectional to the input resource (for example, the output resource of the resident A with the aggregated resource being compare). From the above analysis of the distribution calculation for the analysis, the computing resource does not contain a one-way property, that is, the distribution calculation has no unidirectionality for all input resources.
结合图 3、 图 4, 其中步骤其中 413和 414的实现为依据步骤 102, 其中步骤 201 中资源聚合装置根据所述计算资源确定所述计算资源的输 入资源能够根据所述计算资源的输出资源获取具体为在步骤 202 中确定 所述计算资源不包括陷门条件; 且在步骤 205 中根据所述计算资源定义
的输出资源对输入资源的单向性描述确定所述计算资源的输出资源对所 述输入资源不具有单向性; With reference to FIG. 3 and FIG. 4, wherein the steps 413 and 414 are implemented according to step 102, wherein the resource aggregation device determines, according to the computing resource, that the input resource of the computing resource can be obtained according to the output resource of the computing resource. Specifically, it is determined in step 202 that the computing resource does not include a trapdoor condition; and in step 205, according to the computing resource definition The unidirectional description of the output resource to the input resource determines that the output resource of the computing resource is not unidirectional to the input resource;
对应步骤 202在该实施例中步骤 413具体为确定分布计算 analyse 中不包含陷门条件, 即满足陷门条件; 对应步骤 205 在该实施例中步骤 414具体为确定分布计算 analyse对输入资源 (以被聚合资源为 compare 的对住户 A的输出资源为例) 不具有单向性。 Corresponding to step 202 in step 413 of the embodiment, specifically determining that the trapping condition is not included in the distribution calculation, that is, satisfying the trapping condition; corresponding step 205 in step 414 in this embodiment specifically determining the distribution to calculate the input resource (in The output resource of the resident A is a case where the aggregated resource is compare. There is no unidirectionality.
415: 确定分布计算 analyse的输出资源的访问权限为 Τ3=Τ2 Π Q。 步骤 414 中确定, 分布计算对所有的输入资源都没有单向性。 因此 分布计算的访问权限 T3为输入资源的访问权限 T2(即 compare的对住户 A的输出资源的访问权限) 与请求访问权限 Q的交集, 因此 T3=Q={市政 咨询公司的 ID }。 415: Determine the access authority of the distribution calculation analyse's output resource is Τ3=Τ2 Π Q. It is determined in step 414 that the distribution calculation is not unidirectional for all input resources. Therefore, the access authority T3 of the distribution calculation is the intersection of the access authority T2 of the input resource (i.e., the access right of compare to the output resource of the resident A) and the request access authority Q, so T3 = Q = {the name of the municipal consulting company}.
416、 确定分布计算 analyse还有其他输入资源, 分别对住户 B、 C、 D执行步骤 414 - 416确定对住户 B、 C、 D分布计算的输出资源的访问权限。 根据上述 analyse的分析,计算资源输入资源的类型 Input type为: NUMERIC, 即要求输入资源为数值型。 输入资源的数量 number 为: unlimited, 即一次计算不限输入资源的数量, 参照图 11,分布计算的输 入资源还有比较计算对被聚合资源 B、C、D的输出资源,按照步骤 413-416 分布计算对住户 A的处理, 分别对住户 B、 C, D确定分布计算的输出资 源的访问权限, 比较计算 、 B、 C, D的输出资源的访问权限 T3、 Τ3Β=Τ3 (1 Q、 T3C= T3B(1 Q、 T3D= T3C Π Q均为 Q; 所以分布计算的访问权限为 T3D =Q。 这里是依次按照住户 A、 B、 C, D的顺序进行说明, 当然其他顺 序也是可行的, 本发明并不限制。 以上对分布计算 analyse 的所有输入 资源计算完毕后执行步骤 417。 416. Determine the distribution calculation. There are other input resources, and perform steps 414 - 416 for the households B, C, and D respectively to determine the access rights to the output resources calculated by the household B, C, and D distribution. According to the analysis of the above analyse, the type of the input resource input resource Input type is: NUMERIC, that is, the input resource is required to be a numeric type. The number of input resources is: unlimited, that is, the number of input resources is not calculated at one time. Referring to FIG. 11, the input resources of the distributed calculation also have comparatively calculated output resources for the aggregated resources B, C, and D, according to steps 413-416. The distribution calculation calculates the access rights of the households B, C, D to determine the output resources of the distributed calculation, and compares the access rights of the output resources of the calculation, B, C, and D, Τ3Β=Τ3 (1 Q, T3C) = T3B (1 Q, T3D = T3C Π Q are all Q; therefore the access authority for the distribution calculation is T3D = Q. Here is the order of the households A, B, C, D in turn, of course, other sequences are also feasible, The present invention is not limited. After all the input resources of the distribution calculation analysis are calculated, step 417 is performed.
417、 根据分布计算 analyse的输出资源信息确定分布计算 analyse 的输出资源作为聚合结果资源。 417. Determine an output resource of the distribution calculation analyse as an aggregation result resource according to the output resource information of the distribution calculation analyse.
基于步骤 401, 这里分布计算的输出资源作为聚合结果资源, 即分 布计算为最后一个计算资源。 Based on step 401, the output resource of the distributed calculation is used as the aggregate result resource, that is, the distribution is calculated as the last computing resource.
418、将分布计算 analyse的输出资源的访问权限作为聚合结果资源 的访问权限。
实例三: 以市政部门按月评选年度节电标兵家庭为例进行说明, 需 要确定住户一年内家庭每月用电量低于相应的每月全市家庭平均用电量 的月数占的百分比。在本实施例中,小区住户 ABCD的抄表数据保存在 M2M 平台中。 418. The access authority of the output resource of the distribution calculation is used as the access permission of the aggregation result resource. Example 3: The municipal department selects the annual energy-saving model of the family as an example. It is necessary to determine the percentage of households whose monthly electricity consumption is less than the corresponding monthly average household electricity consumption in the whole city. In this embodiment, the meter reading data of the cell resident ABCD is saved in the M2M platform.
如图 11所示,市政咨询公司通过 M2M应用在 M2M平台中创建聚合资 源 PowerConsume来得到住户一年内家庭每月用电量低于相应的每月全市 家庭平均用电量的月数占的百分比, 并且指定聚合结果资源只能被市政 咨询公司访问 ,对聚合结果资源的请求访问权限 Q= {市政咨询公司的 I D}。 创建的聚合资源 PowerConsume包括以下信息: 被聚合资源: 包括住户 A当月的抄表电量 ID; 全市当月家庭平均用 电量 ID;住户 A过去 11个月用电量和相应月份全市家庭月平均用电量的 比较结果 ID。 聚合方式: 包含两个计算资源。 第一个比较计算 compare, 用于分 析比较计算 (即将各月抄表电量与全市家庭平均用电量比较) ; 第二个 统计计算 analyse, 用于分析比较计算结果的分布情况。 其中, 两个计算 资源的关系如下: 比较转换的输出资源是统计计算的输入资源, 如图 12 所示。 As shown in Figure 11, the municipal consulting company creates a converged resource PowerConsume in the M2M platform through the M2M application to obtain the percentage of the monthly household electricity consumption in the household within one year, which is lower than the corresponding monthly average household electricity consumption in the city. And the specified aggregation result resource can only be accessed by the municipal consulting company, and the access permission for the aggregated result resource is Q= {the name of the municipal consulting company}. The created aggregate resource PowerConsume includes the following information: The aggregated resource: includes the meter reading power ID of the household A in the current month; the average household electricity consumption ID of the city in the current month; the household electricity consumption of the household in the past 11 months and the monthly average electricity consumption of the whole city in the corresponding month. The comparison result ID of the quantity. Aggregation method: Contains two computing resources. The first comparison calculates compare, which is used to analyze the comparison calculation (that is, compare the monthly meter reading power with the average household electricity consumption in the whole city); the second statistical calculation is used to analyze the distribution of the comparison calculation results. The relationship between the two computing resources is as follows: The output resource of the comparison conversion is the input resource of the statistical calculation, as shown in Figure 12.
聚合结果资源: 住户 A月用电量低于相应月份全市家庭月平均用电 量的分布。 Aggregation result resources: The monthly electricity consumption of households is lower than the monthly average electricity consumption of the whole city in the corresponding month.
聚合结果资源的请求访问权限为: {市政咨询公司的 ID }。 The request access permission for the aggregate result resource is: {Improvement company ID}.
<Mashup name= " PowerConsume " URI= " ht tp: / / ba seUR I /Ma shup-Power Consume " > <Mashup name= " PowerConsume " URI= " ht tp: / / ba seUR I /Ma shup-Power Consume " >
<MashupResources>ht tp: / /baseURI/Meter-A, ht tp: I / ba seUR I /aver a gePower Consume, <MashupResources>ht tp: / /baseURI/Meter-A, ht tp: I / ba seUR I /aver a gePower Consume,
ht tp: / /baseUR I/hi s tor yCompareData /Me ter-A-201401, Ht tp: / /baseUR I/hi s tor yCompareData /Me ter-A-201401,
http: //baseURI/historyCompareData/Meter-A-201402, Http: //baseURI/historyCompareData/Meter-A-201402,
http: //baseURI/historyCompareData/Meter-A-201403, ... ... http: I /baseURI/hi s toryCompareDa ta /Met er-A-20141 K/MashupRe sour ces>
<MashupMethod> Http: //baseURI/historyCompareData/Meter-A-201403, ... http: I /baseURI/hi s toryCompareDa ta /Met er-A-20141 K/MashupRe sour ces> <MashupMethod>
<Compute uri=http: / /baseURI/ compute-compare dupl icate=<Compute uri=http: / /baseURI/ compute-compare dupl icate=
Once" > Once" >
<input> http: //baseURI/Meter-A, ht tp: //base<input> http: //baseURI/Meter-A, ht tp: //base
UR I /aver a gePower Consume </ input > UR I /aver a gePower Consume </ input >
<out ut > Input Of Comput Ana lyse</ out put > <out ut > Input Of Comput Ana lyse</ out put >
</ Compute> </ Compute>
<Compute uri=http: / /baseURI/ compute-ana lyse dupl icate= " once" > <Compute uri=http: / /baseURI/ compute-ana lyse dupl icate= " once" >
<input>0ut ut0f Comput eCompa re <input>0ut ut0f Comput eCompa re
http: I /bas eUR I/hi s tor yCompareDa ta /Meter -A- 201401, Http: I /bas eUR I/hi s tor yCompareDa ta /Meter -A- 201401,
http: I /bas eUR I/hi s tor yCompareDa ta /Meter -A- 201402, Http: I /bas eUR I/hi s tor yCompareDa ta /Meter -A- 201402,
http: I /bas eUR I/hi s tor yCompareDa ta /Meter -A- 201403, -.. Http: I /bas eUR I/hi s tor yCompareDa ta /Meter -A- 201403, -..
http: I /bas eUR I/hi s tor yCompareDa ta /Meter -A-20141K/input> Http: I /bas eUR I/hi s tor yCompareDa ta /Meter -A-20141K/input>
<out ut>MashupResul t</ output> <out ut>MashupResul t</ output>
</ Compute> </ Compute>
</MashupMethod> </MashupMethod>
<MashupResul t> <MashupResul t>
http: I /baseURI/ /Meter-A-Anua lConsume</MashupResul t> Http: I /baseURI/ /Meter-A-Anua lConsume</MashupResul t>
<ResultAccessRight>htt : / /ba seUR I /acces sRightB</Resul t Acces s Right> <ResultAccessRight>htt : / /ba seUR I /acces sRightB</Resul t Acces s Right>
具 体 的 , 聚 合 资 源 PowerConsume 的 URI 为 : ht tp: //baseURI/Mashup_PowerConsume。 聚合资源 PowerConsume的被聚 合 资 源 , 包 括 : Meter-A 、 averagePowerConsume 、 Meter-A-201401 Meter_A_201411。 聚合资源 PowerConsum 包含计算
资源 compare , 计算资源 analyse。 聚合结果资源的 URI 为: http: //baseURI//Meter-A-AnualConsume, 其中聚合结果资源为统计计 算 的 结 果 。 对 聚 合 结 果 资 源 的 请 求 访 问 权 限 URI 为 http: //baseURI/accessRightB, 即在该 URI存储对聚合结果资源的请求 访问权限, 其中 AccessRightB中描述市政咨询公司具有读权限。 以及各 个计算资源的输入资源和输出资源。 其中计算资源 compare 的输入资源 input 为: Ma shupResources ( Meter- A、 aver a gePower Consume ),均为被聚合资源;而输出资源 output 为: Inpu tOfCompu t Ana lyse, 即统计资源 ana 1 y s e的输入资源;计算资源 的重复次数 duplicate 为: Once, 即针对所有被聚合资源执行一次比较 计算。统计资源 Ana lyse的输入资源 input为: OutputOf ComputeCompare, http: //baseURI/his tor yCompareData/Meter-A-201401, Specifically, the URI of the aggregate resource PowerConsume is: ht tp: //baseURI/Mashup_PowerConsume. The aggregated resources of the aggregate resource PowerConsume, including: Meter-A, averagePowerConsume, Meter-A-201401 Meter_A_201411. Aggregate resource PowerConsum contains calculations The resource compare, the computing resource analyze. The URI of the aggregate result resource is: http: //baseURI//Meter-A-AnualConsume, where the aggregate result resource is the result of statistical calculation. The request access permission URI for the aggregate result resource is http: //baseURI/accessRightB, that is, the request access right for the aggregate result resource is stored in the URI, wherein the AccessRightB describes the municipal consulting company having the read permission. And input resources and output resources of various computing resources. The input resource input of the computing resource compare is: Ma shupResources (Meter-A, aver a gePower Consume), which are all aggregated resources; and the output resource output is: Inpu tOfCompu t Ana lyse, that is, the input resource of the statistical resource ana 1 yse The number of repetitions of the computing resource is: Once, that is, a comparison calculation is performed for all the aggregated resources. The input resource input of the statistical resource Ana lyse is: OutputOf ComputeCompare, http: //baseURI/his tor yCompareData/Meter-A-201401,
http: //baseURI/historyCompareData/Meter-A-201402, Http: //baseURI/historyCompareData/Meter-A-201402,
http: //baseURI/historyCompareData/Meter-A-201403, ... ... http: //baseURI/historyCompareData/Meter-A-201411 , 即计算资源 compare的输出资源, 以及住户 A过去 11个月用电量和相应月份全市家 庭月平均用电量的比较结果;而 Analyse 的输出资源 output 为: MashupResult, 即聚合结果资源; 计算资源的重复次数 duplicate 为: once, 即对 compare的输出资源及所有其他输入资源执行一次分析。 具体的第一个计算资源, 比较计算资源的描述如下: 用来比较用户Http: //baseURI/historyCompareData/Meter-A-201403, ... http: //baseURI/historyCompareData/Meter-A-201411 , that is, the output resource of the computing resource compare, and the household A used in the past 11 months The comparison between the power consumption and the average monthly household electricity consumption in the corresponding month; and the output output of Analyse is: MashupResult, that is, the aggregation result resource; the number of repetitions of the calculation resource is: once, that is, the output resource of compare and all others Enter the resource to perform an analysis. The specific first computing resource, the description of the comparative computing resource is as follows: Used to compare users
A当月 (以 12月为例) 用电量和全市家庭当月 ( 12月 ) 平均用电量。 A current month (in December), electricity consumption and the average electricity consumption of the city's household (December).
<Compute name= " compare " URI= " http: / /baseURI/ compute-compare" > <Compute name= " compare " URI= " http: / /baseURI/ compute-compare" >
<Input type=" NUMERIC" number=" variable" order=l > <S ing leWay type=" t rue" > <Input type=" NUMERIC" number=" variable" order=l > <S ing leWay type=" t rue" >
</SingleWay> </SingleWay>
</Input> </Input>
<Input type=" NUMERIC" number=" base" order=2>
<S ing leWay type=" false" > </SingleWay> </Input> <Input type="NUMERIC"number="base"order=2> <S ing leWay type="false"></SingleWay></Input>
<TrapCondi t ion> t rue</Tra Condi t ion> <OutputType> <TrapCondi t ion> t rue</Tra Condi t>>OutputType>
<enum>High, Low, Medium</ enum> </0ut putType> </ Compute> 其中, 在上述程序中, 计算资源的名称为: compare, 存储地址为: http: //baseURI/compute-compare, 即资源聚合装置可以根据该地址 ( URI ) 获取该计算资源。 该计算资源输入资源的类型 Input type 为: NUMERIC,即要求输入资源为数值型。输入资源的数量 number为: variable (变量) , order=l, 即定义住户 A的当月用电量为第一个输入资源, 并 用作被比较的数值。 对于第一输入资源单向性类型 SingleWay type为: true, 即该计算资源对第一输入资源具有单向性要求。 输入资源的数量 number为: base (基数) , order=2, 即定义 12月份全市家庭平均用电 量为第二个输入资源, 并用作比较基数。 对于第二输入资源单向性类型 SingleWay type为: false, 即该计算资源对第二输入资源无单向性要求。 该计算资源的陷门条件: true, 即该计算资源要求陷门条件。 该计算资 源输出资源的类型为: 逻辑变量 High, Low, Medium (即大于、 小于或等 于) 。 <enum>High, Low, Medium</enum> </0ut putType> </ Compute> where, in the above program, the name of the computing resource is: compare, the storage address is: http: //baseURI/compute-compare, That is, the resource aggregation device can obtain the computing resource according to the address (URI). The type of the input resource of the computing resource Input type is: NUMERIC, which means that the input resource is required to be numeric. The number of input resources is: variable (variable), order=l, which means that the monthly electricity consumption of household A is the first input resource and is used as the value to be compared. For the first input resource unidirectional type, SingleWay type is: true, that is, the computing resource has a unidirectional requirement for the first input resource. The number of input resources number is: base (base), order=2, that is, the average household electricity consumption in December is the second input resource and used as the comparison base. For the second input resource unidirectional type, the SingleWay type is: false, that is, the computing resource has no unidirectional requirement for the second input resource. The trapping condition of the computing resource: true, that is, the computing resource requires a trapdoor condition. The type of computing resource output resource is: Logical variable High, Low, Medium (that is, greater than, less than or equal to).
第二计算资源 (统计计算) : 计算所有输入资源中, Low 占的百分 比, 描述如下: 输入资源 (第一计算资源的输出资源) : High, Low或 Medium, 及 住户 A 过去 11 个月用电量和相应月份全市家庭月平均用电量的比较结 果。 Second computing resource (statistical calculation): Calculate the percentage of Low in all input resources, as follows: Input resource (output resource of the first computing resource): High, Low or Medium, and household A used electricity for the past 11 months The comparison between the amount and the monthly average electricity consumption of the city in the corresponding month.
输出资源: Low占的百分比。 陷门条件: 无。
单向性: 无。 Output resource: The percentage of Low. Trapdoor conditions: None. Unidirectional: None.
<Compute name= " analyse " URI= " http: / /baseURI/ compute-ana lyse" > <Compute name= " analyse " URI= " http: / /baseURI/ compute-ana lyse" >
<Input type=" NUMERIC" number=" unlimited" > </Input> <Input type=" NUMERIC" number=" unlimited" > </Input>
<OutputType>NUMERIC</OutputType> <OutputType>NUMERIC</OutputType>
<TrapCondi t ion>FALSE</Tra Cond i t ion> <TrapCondi t ion>FALSE</Tra Cond i t ion>
</ Compute> 其中, 在上述程序中, 计算资源的名称为: analyse, 存储地址为: http: //baseURI/compute-analyse, 即资源聚合装置可以根据该地址 ( URI ) 获取该计算资源。 该计算资源输入资源的类型 Input type 为: NUMERIC, 即要求输入资源为数值型。 输入资源的数量 number 为: unlimited, 即一次计算不限输入资源的数量。 该计算资源输出资源的类 型 NUMERIC为: 数值。 陷门条件为: FALSE, 为假, 即无陷门条件。 在市政咨 i句公司通过 M2M应用 J建该聚合资源、 PowerConsume M2M 平台以后, 结合图 4所示对应的实施例, 参照图 12聚合结果资源的访问 权限确定过程如下所示: </ Compute> wherein, in the above program, the name of the computing resource is: analyse, and the storage address is: http: //baseURI/compute-analyse, that is, the resource aggregation device can obtain the computing resource according to the address (URI). The type of input resource of the computing resource Input type is: NUMERIC, which means that the input resource is required to be numeric. The number of input resources number is: unlimited, that is, the number of unlimited input resources is calculated at one time. The type of NUMERIC for this computing resource output resource is: a numeric value. The trapdoor condition is: FALSE, which is false, that is, no trapdoor condition. After the municipal consulting company builds the aggregation resource and the PowerConsume M2M platform through the M2M application J, in conjunction with the corresponding embodiment shown in FIG. 4, the access authority determination process of the aggregation result resource with reference to FIG. 12 is as follows:
501、 接收聚合资源创建请求。 所述聚合资源创建请求包含被聚合资源的标识 (如包括住户 A 当月 的抄表电量 ID; 全市当月家庭平均用电量 ID; 住户 A过去 11个月用电 量和相应月份全市家庭月平均用电量的比较结果 ID) 、 对聚合结果资源 的请求访问权限 Q (如市政咨询公司 的 ID) 、 计算资源的标识 ( http: //ba seURI /compute-conver t , http: / /baseURI/ compute-compare 和 http: //baseURI/compute-analyse ) , 所述计算资源的输入资源和输出 资源。 至少一个计算资源及计算资源的输入资源和输出资源构成聚合方 式, 聚合方式中包含两个计算资源: 比较计算和统计计算, 其中。 比较 计算的输出资源是统计计算的输入资源, 而统计计算资源的输出资源是
聚合结果资源。 501. Receive an aggregate resource creation request. The aggregation resource creation request includes the identifier of the aggregated resource (eg, the meter reading power ID of the household A in the current month; the average household electricity consumption ID of the city in the current month; the household electricity consumption of the household in the past 11 months and the average monthly household price of the city in the corresponding month) The comparison result ID of the electricity quantity, the request access right Q of the aggregation result resource (such as the ID of the municipal consulting company), the identification of the computing resource (http: //ba seURI /compute-conver t , http: / /baseURI/ compute -compare and http: //baseURI/compute-analyse), the input resource and output resource of the computing resource. The input resource and the output resource of the at least one computing resource and the computing resource constitute an aggregation mode, and the aggregation mode includes two computing resources: a comparison calculation and a statistical calculation, wherein. The output resource of the comparison calculation is the input resource of the statistical calculation, and the output resource of the statistical calculation resource is Aggregate result resources.
502、 确定计算资源 compare满足陷门条件。 在执行本步骤之前, 资源聚合装置根据聚合资源创建请求中包含的 计算资源的标识, 如比较 compare 的描述。 然后再根据获取的 compare 的描述执行步骤 402。 由上述对于 compare的分析, 该计算资源陷门条件: true, 为真。 对于 compare 的第一个输入资源 (住户 A 当月用电量) 在得知 compare 的输出结果和 compare 的第二个输入资源 (全市家庭平均用电量) 可以 得知第一个输入资源与第二个输入资源的大小。 因此, 该计算资源 compare满足陷门条件, 直接执行步骤 503。 可选的方案是, 在步骤 502之前确定 compare是否包含陷门条件, 如果包含陷们条件, 则执行步骤 502, 根据 compare的分析可知计算资源 的陷门条件: true, 为真, 即该计算资源要求陷门条件。 502. Determine that the computing resource compare satisfies the trapdoor condition. Before performing this step, the resource aggregation device creates an identifier of the computing resource included in the request according to the aggregate resource, such as comparing the description of compare. Then, step 402 is performed according to the description of the obtained compare. From the above analysis for compare, the computational resource trap condition: true, is true. For the first input resource of compare (household A's monthly electricity consumption), the first input resource and the second can be known by knowing the output of compare and the second input resource of compare (the average household electricity consumption in the city). The size of the input resource. Therefore, the computing resource compare satisfies the trapping condition and directly executes step 503. Optionally, before step 502, it is determined whether the compare includes a trapdoor condition, and if the trap condition is included, step 502 is performed, and according to the analysis of the compare, the trapdoor condition of the computing resource is known: true, true, that is, the computing resource Requires trap conditions.
503、确定计算资源比较 compare的输出资源对 Meter-A被聚合资源 具有单向性。 由上述对于 compare 々分析 , SingleWay type=" t rue" ^pt匕较计 算 compare的输出资源对 Meter-A被聚合资源具备完全单向性。 结合图 3、 图 4, 其中步骤其中 502和 503的实现为依据步骤 102, 其中步骤 201 中资源聚合装置根据所述计算资源确定所述计算资源的输 入资源能够根据所述计算资源的输出资源获取具体为在步骤 202 中确定 所述计算资源满足所述计算资源定义的陷门条件; 且在步骤 205 中根据 所述计算资源定义的输出资源对输入资源的单向性描述确定所述计算资 源的输出资源对所述输入资源具有单向性, 且单向性种类为完全单向性; 对应步骤 202在该实施例中步骤 502具体为确定计算资源 compare 满足陷门条件; 对应步骤 205在该实施例中步骤 503具体为确定计算资 源比较 compare的输出资源对 Meter-A被聚合资源具有单向性, 且单向 性种类为完全单向性。 503. Determine that the output resource of the comparison of the computing resources is unidirectional to the Meter-A aggregated resource. From the above comparison for compare 々 analysis, SingleWay type=" t rue" ^pt匕 compares the output resource of compare to the meter-A aggregated resource with complete unidirectionality. With reference to FIG. 3 and FIG. 4, wherein the steps 502 and 503 are implemented according to step 102, wherein the resource aggregation device determines, according to the computing resource, that the input resource of the computing resource can be obtained according to the output resource of the computing resource. Specifically, it is determined in step 202 that the computing resource satisfies the trapdoor condition of the computing resource definition; and in step 205, determining, according to the unidirectional description of the input resource by the output resource defined by the computing resource, determining the computing resource. The output resource is unidirectional to the input resource, and the unidirectional type is completely unidirectional; corresponding step 202 in step 502 is specifically determining that the computing resource compare satisfies the trapping condition; corresponding step 205 is in the implementation In the example, step 503 specifically determines that the output resource of the computing resource comparison compare has unidirectionality to the Meter-A aggregated resource, and the unidirectional type is completely unidirectional.
504、 确定计算资源比较 compare的输出资源的访问权限为 T tbft=Q, 其中 Q为请求访问权限。
505、 确定计算资源比较 compare还有其他输入资源。 根据 compare 的分析, compare还有第二输入资源 (全市家庭平均 用电量) , 对第二输入资源执行步骤 506。 504. Determine that the access authority of the output resource of the computing resource comparison compare is T tbft =Q, where Q is the requested access right. 505. Determine the computing resource comparison compare and other input resources. According to the analysis of compare, compare also has a second input resource (average household electricity consumption), and step 506 is performed on the second input resource.
506、 确定计算资源比较 compare的输出资源对第二输入资源(全市 家庭平均用电量 averagePowerConsume ) 不具有单向性。 由上述对于 compare 々分析, SingleWay type=" fasle" ^pt匕较计 算 compare的输出资源对 averagePowerConsume不具有单向性。 506. Determine the computing resource comparison The output resource of the comparison is not unidirectional to the second input resource (the average household electricity consumption averagePowerConsume). From the above analysis for compare ,, SingleWay type=" fasle" ^pt匕 is not unidirectional to the averagePowerConsume output resource.
结合图 3、 图 4, 其中步骤其中 506的实现为依据步骤 102, 其中步 骤 201 中资源聚合装置根据所述计算资源确定所述计算资源的输入资源 能够根据所述计算资源的输出资源获取具体为在在步骤 205 中根据所述 计算资源定义的输出资源对输入资源的单向性描述确定所述计算资源的 输出资源对所述输入资源不具有单向性; With reference to FIG. 3 and FIG. 4, wherein the step 506 is implemented according to step 102, wherein the resource aggregation device determines, according to the computing resource, that the input resource of the computing resource can be obtained according to the output resource of the computing resource. Determining, in step 205, the unidirectional description of the input resource according to the output resource defined by the computing resource, that the output resource of the computing resource does not have unidirectionality to the input resource;
对应步骤 205 在该实施例中步骤 506 具体为确定计算资源比较 compare 的输出 资源对第二输入资源 ( 全市家庭平均用 电量 averagePowerConsume ) 不具有单向性。 Corresponding to step 205, in step 506, the output resource of the computing resource comparison compare is not unidirectional to the second input resource (the average household power consumption averagePowerConsume).
507、 获取比较的输入资源 ( averagePowerConsume ) 的访问权限。 因为该输入资源 averagePowerConsume为被聚合资源。 具体的获取 方式为发送获取请求到被聚合资源标识(如 URI ) , 从返回的被聚合资源 中找到 accessRightld 属性, 该属性为访问权限资源标识。 进一步发送 获取请求到 accessRightld属性中保存的 URI,返回的结果即是相应资源 的访问权限。 该 averagePowerConsume的访问权限为 Saver={电力公司 ID、 市政咨询公司的 ID }。 507. Obtain access rights of the compared input resource (averivePowerConsume). Because the input resource averagePowerConsume is the aggregated resource. The specific acquisition method is to send an acquisition request to the aggregated resource identifier (such as a URI), and find the accessRightld attribute from the returned aggregated resource, where the attribute is an access authority resource identifier. The URI stored in the accessRightld attribute is further sent to obtain the request, and the returned result is the access permission of the corresponding resource. The access permission of the averagePowerConsume is S aver = {power company ID, ID of the municipal consulting company}.
508、确定计算资源比较 compare的输出资源的访问权限为 T' 比较=丁 比较 Π Saver={市政咨询公司的 ID }。 其中在步骤 503-508 中是先先根据比较计算 compare的第一输入资 源计算比较计算 compare 的输出资源的访问权限, 然后根据比较计算 compare的第二输入资源计算更新比较计算 compare的输出资源的访问权 限; 以上只是一种示例, 可以理解的是步骤 503-508 中对也可以先根据 t匕支计算 compare ό々第二 Γ入资源、计算 t匕支计算 compare 々 Γ出资源、ό
访问权限, 然后再根据比较计算 compare 的第一输入资源计算更新比较 计算 compare 的输出资源的访问权限; 在步骤上只是将 503-504 与 506-508进行了次序上的替换,对比较计算 compare最终得到的输出资源 的访问权限没有影响。 508. Determine that the access authority of the output resource of the computing resource comparison compare is T' comparison = Ding comparison Π S aver = {city consulting company ID}. In the steps 503-508, the access authority of the output resource of the comparison calculation is calculated according to the first input resource of the comparison calculation first, and then the access of the output resource of the comparison calculation compare is calculated according to the second input resource of the comparison calculation. Permissions; The above is just an example. It can be understood that the steps in 503-508 can also calculate compare ό々 second inbound resource based on t 匕, calculate calculate comp 资源 resources, ό Access rights, and then calculate the access rights of the output resource of the comparison calculation compare according to the first input resource of the comparison calculation; in the step, only 503-504 and 506-508 are replaced in order, and the comparison is calculated to finally The access rights of the resulting output resources have no effect.
509、 确定计算资源比较 compare没有其他输入资源。 根据对于 compare的分析, 比较计算 compare只有两个输入资源, 因此执行下一步 510。 509. Determine the computing resource comparison compare has no other input resources. According to the analysis for compare, the comparison compare has only two input resources, so the next step 510 is performed.
510、确定计算资源比较 compare对于第二输入资源的输出资源作为 其他计算资源的输入资源。 当步骤 503-508 中采用先根据比较计算 compare的第二输入资源计 算比较计算 compare 的输出资源的访问权限, 然后再根据比较计算 compare的第一输入资源计算更新比较计算 compare的输出资源的访问权 限的方式时, 步骤 510具体为确定比较计算 compare对于第一输入资源 的输出资源是否作为其他计算资源的输入资源。 510. Determine a computing resource comparison compare an output resource of the second input resource as an input resource of other computing resources. When the steps 503-508 are used to calculate and compare the access rights of the output resources of the compare according to the second input resource of the comparison calculation, and then calculate the access rights of the output resources of the comparison calculation compare according to the first input resource of the comparison calculation In the manner of step 510, specifically, it is determined whether the comparison calculation compares the output resource of the first input resource as an input resource of another computing resource.
基于步骤 501, 聚合资源创建请求中包含的比较的输出资源是统计 计算的输入资源。 如图 10所示,比较计算以后,下一个需要处理的计算资源统计计算。 统计计算的输入资源分别为比较计算的输出资源以及被聚合资源住户 A 过去 11 个月用电量和相应月份全市家庭月平均用电量的比较结果 ( Meter- A- 201401、 、 Meter- A- 201411 ) 。 Based on step 501, the compared output resource included in the aggregate resource creation request is an input resource of the statistical calculation. As shown in Figure 10, after the comparison is calculated, the next calculation of the computing resources that need to be processed is calculated. The statistical input resources are the comparatively calculated output resources and the comparison of the electricity consumption of households A in the past 11 months and the monthly average electricity consumption of the city in the corresponding month (Meter-A-201401, Meter-A- 201411).
511、 确定计算资源统计 analyse不满足陷门条件。 由上述对于分布统计计算 analyse的分析, 该计算资源陷门条件: FALSE, 为假。 因此, 该统计计算 analyse不满足陷门条件, 继续执行步 骤 512。 结合图 3、 图 4, 其中步骤其中 511的实现为依据步骤 102中资源聚 合装置根据所述计算资源确定所述计算资源的输入资源能够根据所述计 算资源的输出资源获取具体可以为: 在步骤 202 中确定所述计算资源不 满足所述计算资源定义的陷门条件;对应步骤 202在该实施例中步骤 511 具体为确定计算资源统计 analyse不满足陷门条件。
512、 确定计算资源统计 analyse的输入资源的访问权限。 统计计算的输入资源包括: 比较计算的输出资源 (其访问权限在步 骤 508中已经得出 T' ) , 住户 A过去 11个月用电量和相应月份全市家 庭月平均用电量的比较结果, 其中住户 A过去 11个月用电量和相应月份 全 市 家 庭 月 平 均 用 电 量 的 比 较 结 果 的 地 址 分 别 为 http: //baseURI/his tor yCompareData/Meter-A-201401, 511. Determine that the computing resource statistics analyze does not satisfy the trapdoor condition. From the above analysis of the distribution statistics for the analysis, the computational resource trap condition: FALSE, is false. Therefore, the statistical calculation analyze does not satisfy the trapdoor condition, and proceeds to step 512. With reference to FIG. 3 and FIG. 4, wherein the step 511 is implemented, according to the resource aggregation device in step 102, determining, according to the computing resource, that the input resource of the computing resource can be obtained according to the output resource of the computing resource: The determining, in the step 202, that the computing resource does not meet the trapdoor condition of the computing resource definition; in step 511, the corresponding step 202 is specifically determining that the computing resource statistics analyze does not satisfy the trapdoor condition. 512. Determine access rights of the input resource of the computing resource statistics analyze. The input resources of the statistical calculation include: comparing the calculated output resources (the access rights have already obtained T' in step 508), the comparison results of the household electricity consumption of the households in the past 11 months and the monthly average electricity consumption of the whole city in the corresponding month, The address of the comparison between household A's electricity consumption in the past 11 months and the average monthly household electricity consumption in the corresponding month is http: //baseURI/his tor yCompareData/Meter-A-201401,
http: //baseURI/historyCompareData/Meter-A-201402, Http: //baseURI/historyCompareData/Meter-A-201402,
http: //baseURI/historyCompareData/Meter-A-201403等, 访问权限依 次分别为是 Shl={市政咨询公司的 ID } ...... Shll={市政咨询公司的 ID } , 确定访问权限的方法与 507所述方法相同不再赘述。 Http: //baseURI/historyCompareData/Meter-A-201403, etc., access rights are respectively S hl = {municipal consulting company ID } ...... S hll = {municipal consulting company ID }, determine access The method of authority is the same as that described in 507 and will not be described again.
513、确定计算资源统计 analyse的输出资源的访问权限为请求访问 权限与所有输入资源的访问权限的交集 τ' 统计 =QfiT, 比较 nshln ... n513. Determine an access right of the output resource of the computing resource statistics analyze is an intersection of the request access authority and the access authority of all the input resources τ'statistic=QfiT, compare ns hl n ... n
Shll={市政咨询公司的 ID }。 S hll = { Improvement of the municipal consulting company}.
514、 确定计算资源统计 analyse的输出资源作为聚合结果资源。 根据聚合资源的创建请求中包含的计算资源的输入资源信息和输出 资源信息, 确定统计的输出资源作为聚合结果资源。 514. Determine an output resource of the computing resource statistics analyse as an aggregation result resource. The output resource of the statistic is determined as the aggregate result resource according to the input resource information and the output resource information of the computing resource included in the creation request of the aggregate resource.
515、 将计算资源统计的输出资源作为聚合结果资源的访问权限。 根据步骤 514 的结果, 统计的输出资源作为了聚合结果资源, 因此 得到聚合结果资源的访问权限即为 {市政咨询公司的 ID }。 此外,本发明的各个方面或特征可以实现成装置或使用标准编程和 / 或工程技术的制品。 本申请中使用的术语 "制品 "涵盖可从任何计算机可 读器件、 载体或介质访问的计算机程序。 例如, 计算机可读介质可以包 括, 但不限于:磁存储器件(例如, 硬盘、 软盘或磁带等) , 光盘(例如, CD ( Compact Disk, 压缩盘) 、 DVD ( Digital Versatile Disk, 数字通 用盘)等) , 智能卡和闪存器件 (例如, EPR0M ( Erasable Programmable Read-Only Memory, 可擦写可编程只读存储器) 、 卡、 棒或钥匙驱动器 等) 。 另外, 本文描述的各种存储介质可代表用于存储信息的一个或多 个设备和 /或其它机器可读介质。 术语"机器可读介质 "可包括但不限于, 无线信道和能够存储、 包含和 /或承载指令和 /或数据的各种其它介质。
以上所述, 仅为本发明的具体实施方式, 但本发明的保护范围并不 局限于此, 任何熟悉本技术领域的技术人员在本发明揭露的技术范围内, 可轻易想到变化或替换, 都应涵盖在本发明的保护范围之内。 因此, 本 发明的保护范围应所述以权利要求的保护范围为准。
515. The output resource of the computing resource statistics is used as an access permission of the aggregation result resource. According to the result of step 514, the statistical output resource is used as the aggregation result resource, so the access permission of the aggregated result resource is {the ID of the municipal consulting company}. Moreover, various aspects or features of the present invention can be implemented as an apparatus or as an article of manufacture using standard programming and/or engineering techniques. The term "article of manufacture" as used in this application encompasses a computer program accessible from any computer-readable device, carrier, or media. For example, a computer readable medium may include, but is not limited to, a magnetic storage device (eg, a hard disk, a floppy disk, or a magnetic tape, etc.), an optical disk (eg, a CD (Compact Disk), a DVD (Digital Versatile Disk) Etc.), smart cards and flash devices (eg, EPR0M (Erasable Programmable Read-Only Memory), cards, sticks or key drives, etc.). Additionally, various storage media described herein can represent one or more devices and/or other machine readable media for storing information. The term "machine-readable medium" may include, but is not limited to, a wireless channel and various other mediums capable of storing, containing, and/or carrying instructions and/or data. The above is only the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It should be covered by the scope of the present invention. Therefore, the scope of the invention should be determined by the scope of the claims.
Claims
1、 一种资源聚合装置, 其特征在于, 包括: 接收单元, 用于接收聚合资源创建请求, 所述聚合资源创建请求包 括: 对聚合结果资源的请求访问权限和计算资源的标识, 以及所述计算 资源的输入资源信 , 和所述计算资源的输出资源信息; 获取单元, 用于根据所述接收单元接收的所述聚合资源创建请求包 含的所述计算资源的标识获取所述计算资源; 计算资源确定单元, 用于根据所述获取单元获取的所述计算资源确 定所述计算资源的输入资源能够根据所述计算资源的输出资源获取; 所述获取单元进一步用于, 根据所述接收单元接收的所述聚合资源 创建请求中包含的所述计算资源的输入资源的信息获取所述输入资源的 访问权限; 权限确定单元, 用于根据所述接收单元接收的所述聚合资源创建请 求包含的所述请求访问权限和所述获取单元获取的所述输入资源的访问 权限确定所述计算资源的输出资源的访问权限; 所述权限确定单元还用于: 当所述计算资源的输出资源为聚合结果 资源时, 将所述计算资源的输出资源的访问权限作为所述聚合结果资源 的访问权限。 1. A resource aggregation device, characterized in that it includes: a receiving unit, configured to receive an aggregation resource creation request, where the aggregation resource creation request includes: a request for access rights to the aggregation result resource and an identification of the computing resource, and the Input resource information of computing resources, and output resource information of the computing resources; Acquisition unit, configured to obtain the computing resources according to the identification of the computing resources included in the aggregate resource creation request received by the receiving unit; Compute a resource determination unit, configured to determine, according to the computing resources obtained by the acquisition unit, that the input resources of the computing resources can be obtained according to the output resources of the computing resources; the acquisition unit is further configured to: receive according to the receiving unit Obtain the access rights of the input resources from the information on the input resources of the computing resources contained in the aggregate resource creation request; a rights determination unit, configured to obtain the access rights of the input resources according to all the information contained in the aggregate resource creation request received by the receiving unit. The requested access permission and the access permission of the input resource obtained by the acquisition unit determine the access permission of the output resource of the computing resource; the permission determination unit is also used to: when the output resource of the computing resource is an aggregation result resource, the access permission of the output resource of the computing resource is used as the access permission of the aggregation result resource.
2、 根据权利要求 1所述的资源聚合装置, 其特征在于, 所述计算资源确定单元具体用于, 根据所述计算资源中定义的陷 I' 1 条件确定所述计算资源不满足所述陷门条件; 所述权限确定单元具体用于, 确定所述计算资源的输出资源的访问 权限为所述请求访问权限和所述计算资源的输入资源的访问权限的交 集。 2. The resource aggregation device according to claim 1, wherein the computing resource determination unit is specifically configured to determine that the computing resource does not satisfy the trap condition defined in the computing resource. Gate condition; The permission determination unit is specifically configured to determine that the access permission of the output resource of the computing resource is the intersection of the requested access permission and the access permission of the input resource of the computing resource.
3、 根据权利要求 2所述的资源聚合装置, 其特征在于,
所述计算资源确定单元确定所述计算资源不满足所述陷门条件具体 为: 所述计算资源确定单元确定所述计算资源定义的陷门条件为假;或 所述计算资源确定单元确定所述计算资源的输入资源的数量小于所 述陷门条件中定义的作为陷门资源的输入资源的数量。 3. The resource aggregation device according to claim 2, characterized in that, The computing resource determining unit determines that the computing resource does not satisfy the trapdoor condition specifically: the computing resource determining unit determines that the trapdoor condition defined by the computing resource is false; or the computing resource determining unit determines that the trapdoor condition is false; The number of input resources for computing resources is less than the number of input resources defined as trapdoor resources in the trapdoor condition.
4、 根据权利要求 1所述的资源聚合装置, 其特征在于, 所述计算资源确定单元,具体用于确定所述计算资源满足所述计算资 源定义的陷门条件, 或确定所述计算资源不包括陷门条件;且根据所述计 算资源定义的输出资源对输入资源的单向性描述确定所述计算资源的输 出资源对所述输入资源不具有单向性; 所述权限确定单元,具体用于确定所述计算资源的输出资源的访问权 限为所述接收单元接收的所述聚合资源创建请求中包含的所述请求访问 权限与所述获取单元获取的所述输入资源的访问权限的交集; 或者, 所述计算资源确定单元,具体用于确定所述计算资源满足所述计算资 源定义的陷门条件, 或确定所述计算资源不包括陷门条件;且根据所述计 算资源定义的对输入资源的单向性描述确定所述计算资源的输出资源对 输入资源具有陷门单向性; 所述计算资源进一步包含陷门资源的描述;所述权限确定单元, 还用 于根据陷门资源的描述确定所述陷门资源的访问权限; 所述权限确定单元,具体用于确定所述计算资源的输出资源的访问权 限为在所述接收单元接收的所述聚合资源创建请求中包含的所述请求访 问权限和所述获取单元获取的所述输入资源的访问权限的并集中排除所 有所述陷门资源的访问权限与所述请求访问权限的交集。 4. The resource aggregation device according to claim 1, characterized in that: the computing resource determining unit is specifically configured to determine that the computing resource satisfies the trapdoor condition defined by the computing resource, or determines that the computing resource does not including a trapdoor condition; and based on the unidirectional description of the output resource defined by the computing resource to the input resource, it is determined that the output resource of the computing resource does not have unidirectionality to the input resource; the authority determination unit is specifically used Determining that the access permission of the output resource of the computing resource is the intersection of the requested access permission included in the aggregate resource creation request received by the receiving unit and the access permission of the input resource obtained by the acquisition unit; Or, the computing resource determining unit is specifically configured to determine that the computing resource satisfies the trapdoor condition defined by the computing resource, or determines that the computing resource does not include a trapdoor condition; and based on the pair input defined by the computing resource The unidirectional description of the resource determines that the output resource of the computing resource has trapdoor unidirectionality to the input resource; the computing resource further includes a description of the trapdoor resource; the authority determination unit is also configured to determine the trapdoor resource according to the trapdoor resource. Describes determining the access permission of the trapdoor resource; the permission determination unit is specifically configured to determine that the access permission of the output resource of the computing resource is the access permission included in the aggregate resource creation request received by the receiving unit. The union of the requested access rights and the access rights of the input resources acquired by the acquisition unit collectively excludes the intersection of all the access rights of the trapdoor resources and the requested access rights.
5、 根据权利要求 4所述的资源聚合装置, 其特征在于, 所述计算资 源确定单元确定所述计算资源满足陷门条件具体为: 所述计算资源确定单元确定所述计算资源定义的陷门条件为真;或
所述计算资源确定单元确定所述计算资源的输入资源的数量大于或 等于所述陷门条件中定义的作为陷门资源的输入资源的数量。 5. The resource aggregation device according to claim 4, wherein the computing resource determining unit determines that the computing resource satisfies the trapdoor condition by: the computing resource determining unit determines the trapdoor defined by the computing resource. condition is true; or The computing resource determining unit determines that the number of input resources of the computing resource is greater than or equal to the number of input resources defined in the trapdoor condition as a trapdoor resource.
6、 根据权利要求 4所述的资源聚合装置, 其特征在于, 所述陷门资 源描述包含陷门资源标识; 所述权限确定单元根据陷门资源的描述确定所述陷门资源的访问权 限具体为: 所述权限确定单元根据陷门资源标识获取所述陷门资源的访问 权限。 6. The resource aggregation device according to claim 4, wherein the trapdoor resource description includes a trapdoor resource identifier; and the permission determination unit determines the specific access permission of the trapdoor resource according to the description of the trapdoor resource. It is: The permission determination unit obtains the access permission of the trapdoor resource according to the trapdoor resource identification.
7、 根据权利要求 1-6任一项所述的资源聚合装置, 其特征在于, 当聚合资源创建请求中包含的所述计算资源的标识为至少两个时,所 述计算资源输入资源包括被聚合资源和 /或其它计算资源的输出资源; 当所述计算资源输入资源为被聚合资源时,所述获取单元根据所述接 收单元接收的所述聚合资源创建请求中包含的所述计算资源的输入资源 信息获取所述输入资源的访问权限具体为: 所述获取单元根据所述接收单 元接收的所述聚合资源创建请求中包含的被聚合资源信息获取被聚合资 源的访问权限作为所述计算资源的输入资源的访问权限; 所述计算资源输入资源为其它计算资源的输出资源时,所述获取单元 根据所述接收单元接收的所述聚合资源创建请求中包含的所述计算资源 的输入资源的信息获取所述输入资源的访问权限具体为: 所述获取单元根 据所述接收单元接收的所述聚合资源创建请求中包含的其它计算资源的 输出资源信息获取所述其它计算资源的输出资源的访问权限作为所述计 算资源的输入资源的访问权限。 7. The resource aggregation device according to any one of claims 1 to 6, characterized in that when the identifiers of the computing resources included in the aggregate resource creation request are at least two, the computing resource input resources include: Aggregate resources and/or output resources of other computing resources; When the computing resource input resource is an aggregated resource, the acquisition unit determines the computing resource contained in the aggregate resource creation request received by the receiving unit. The input resource information to obtain the access rights of the input resources is specifically: the acquisition unit obtains the access rights of the aggregated resources as the computing resources according to the aggregated resource information contained in the aggregated resource creation request received by the receiving unit. The access rights of the input resources; When the computing resource input resource is the output resource of other computing resources, the acquisition unit determines the input resource of the computing resource included in the aggregate resource creation request received by the receiving unit. The information to obtain the access rights of the input resources is specifically: the obtaining unit obtains access to the output resources of the other computing resources according to the output resource information of other computing resources included in the aggregate resource creation request received by the receiving unit. Permissions serve as access rights to the input resources of the computing resource.
8、 一种资源聚合装置, 其特征在于, 包括: 处理器, 存储器, 通 信接口及总线, 所述处理器、 所述存储器及所述通信接口通过所述 总线相互连接; 所述通信接口, 用于接收聚合资源创建请求, 所述聚合资源创建请 求包括: 对聚合结果资源的请求访问权限和计算资源的标识, 以及所述 计算资源的输入资源信 , 和所述计算资源的输出资源信息;
所述处理器, 用于根据所述通信接口接收的所述聚合资源创建请求 包含的所述计算资源的标识获取所述计算资源, 并根据所述计算资源确 定所述计算资源的输入资源能够根据所述计算资源的输出资源获取;根 据所述通信接口接收的所述聚合资源创建请求包含的所述计算资源的输 入资源的信息获取所述输入资源的访问权限; 根据所述通信接口接收的 所述聚合资源创建请求包含的请求访问权限和所述输入资源的访问权限 确定所述计算资源的输出资源的访问权限; 当所述计算资源的输出资源 为聚合结果资源时, 将所述计算资源的输出资源的访问权限作为所述聚 合结果资源的访问权限。 8. A resource aggregation device, characterized in that it includes: a processor, a memory, a communication interface and a bus, the processor, the memory and the communication interface are connected to each other through the bus; the communication interface is used In order to receive an aggregate resource creation request, the aggregate resource creation request includes: a request for access rights to the aggregation result resource and an identification of the computing resource, as well as input resource information of the computing resource, and output resource information of the computing resource; The processor is configured to obtain the computing resource according to the identification of the computing resource included in the aggregate resource creation request received by the communication interface, and determine according to the computing resource that the input resource of the computing resource can be based on Obtain the output resource of the computing resource; obtain the access rights of the input resource according to the information of the input resource of the computing resource contained in the aggregate resource creation request received by the communication interface; The requested access rights included in the aggregate resource creation request and the access rights of the input resources determine the access rights of the output resources of the computing resources; when the output resources of the computing resources are aggregate result resources, the access rights of the computing resources are The access rights of the output resources are used as the access rights of the aggregation result resources.
9、 根据权利要求 8所述的资源聚合装置, 其特征在于, 所述处理器 根据所述计算资源确定所述计算资源的输入资源能够根据所述计算资源 的输出资源获取具体为: 所述处理器根据所述计算资源中定义的陷门条件 确定所述计算资源不满足所述陷门条件; 所述处理器根据所述通信接口接收的所述聚合资源创建请求包含的 所述请求访问权限和所述输入资源的访问权限确定所述计算资源的输出 资源的访问权限具体为: 所述处理器根据所述计算资源的输入资源的访问 权限和所述通信接口接收的所述聚合资源创建请求包含的所述请求访问 权限确定所述计算资源的输出资源的访问权限为所述请求访问权限和所 述计算资源的输入资源的访问权限的交集。 9. The resource aggregation device according to claim 8, wherein the processor determines according to the computing resources that the input resources of the computing resources can be obtained based on the output resources of the computing resources. Specifically, the processing is: The processor determines that the computing resource does not satisfy the trapdoor condition based on the trapdoor condition defined in the computing resource; the processor determines based on the requested access permission and the aggregate resource creation request contained in the aggregate resource creation request received by the communication interface. The access permission of the input resource to the input resource determines the access permission of the output resource of the computing resource specifically as follows: The processor determines the access permission of the input resource of the computing resource and the aggregate resource creation request received by the communication interface includes The requested access permission determines the access permission of the output resource of the computing resource as the intersection of the requested access permission and the access permission of the input resource of the computing resource.
1 0、 根据权利要求 9所述的资源聚合装置, 其特征在于, 所述处理器 确定所述计算资源不满足所述陷门条件具体为: 所述处理器确定所述计算 资源定义的陷门条件为假;或 所述处理器确定所述计算资源的输入资源的数量小于所述陷门条件 中定义的作为陷门资源的输入资源的数量。 10. The resource aggregation device according to claim 9, wherein the processor determines that the computing resource does not satisfy the trapdoor condition specifically by: the processor determines the trapdoor defined by the computing resource. The condition is false; or the processor determines that the number of input resources of the computing resource is less than the number of input resources defined in the trapdoor condition as trapdoor resources.
1 1、 根据权利要求 8所述的资源聚合装置, 其特征在于, 所述处理器 根据所述计算资源确定所述计算资源的输入资源能够根据所述计算资源 的输出资源获取具体为: 所述处理器确定所述计算资源满足所述计算资源 定义的陷门条件, 或确定所述计算资源不包括陷门条件;且根据所述计算 资源定义的输出资源对输入资源的单向性描述确定所述计算资源的输出
资源对所述输入资源不具有单向性; 且所述处理器根据所述通信接口接收 的所述聚合资源创建请求包含的所述请求访问权限和所述输入资源的访 问权限确定所述计算资源的输出资源的访问权限具体为: 所述处理器确定 所述计算资源的输出资源的访问权限为所述通信接口接收的所述聚合资 源创建请求包含的所述请求访问权限与所述输入资源的访问权限的交集; 或, 所述处理器根据所述计算资源确定所述计算资源的输入资源能够根 据所述计算资源的输出资源获取具体为: 所述处理器确定所述计算资源满 足所述计算资源定义的陷门条件, 或确定所述计算资源不包括陷门条件; 且根据所述计算资源定义的对输入资源的单向性描述确定所述计算资源 的输出资源对输入资源具有陷门单向性; 且所述计算资源进一步包含陷门资源的描述; 所述处理器还用于根 据陷门资源的描述确定所述陷门资源的访问权限; 且所述处理器根据所述通信接口接收的所述聚合资源创建请求包含 的所述请求访问权限和所述输入资源的访问权限确定所述计算资源的输 出资源的访问权限具体为: 所述处理器确定所述计算资源的输出资源的访 问权限为在所述通信接口接收的所述聚合资源创建请求包含的所述请求 访问权限和所述输入资源的访问权限的并集中排除所有所述陷门资源的 访问权限与所述请求访问权限的交集。 1 1. The resource aggregation device according to claim 8, wherein the processor determines according to the computing resources that the input resources of the computing resources can be obtained based on the output resources of the computing resources: The processor determines that the computing resource satisfies the trapdoor condition defined by the computing resource, or determines that the computing resource does not include a trapdoor condition; and determines the computing resource based on the unidirectional description of the input resource by the output resource defined by the computing resource. The output of the computing resource The resource does not have unidirectionality to the input resource; and the processor determines the computing resource based on the requested access permission included in the aggregate resource creation request received by the communication interface and the access permission of the input resource. The access permission of the output resource is specifically: The processor determines that the access permission of the output resource of the computing resource is the requested access permission included in the aggregate resource creation request received by the communication interface and the access permission of the input resource. The intersection of access rights; or, the processor determines according to the computing resource that the input resource of the computing resource can be obtained according to the output resource of the computing resource. Specifically: the processor determines that the computing resource satisfies the computing requirement. trapdoor condition defined by the resource, or determine that the computing resource does not include a trapdoor condition; and determine that the output resource of the computing resource has a trapdoor condition for the input resource based on the one-way description of the input resource defined by the computing resource. oriented; and the computing resource further includes a description of the trapdoor resource; the processor is further configured to determine the access rights of the trapdoor resource according to the description of the trapdoor resource; and the processor receives according to the communication interface Determining the access permission of the output resource of the computing resource based on the requested access permission and the access permission of the input resource included in the aggregate resource creation request is specifically: the processor determines the access permission of the output resource of the computing resource. The permissions are the union of the requested access permissions and the access permissions of the input resources included in the aggregate resource creation request received at the communication interface, excluding all access permissions of the trapdoor resources and the requested access permissions. intersection.
12、 根据权利要求 11所述的资源聚合装置, 其特征在于, 所述处理 器确定所述计算资源满足陷门条件具体为: 所述处理器确定所述计算资源定义的陷门条件为真;或 所述处理器确定所述计算资源的输入资源的数量大于或等于所述陷 门条件中定义的作为陷门资源的输入资源的数量。 12. The resource aggregation device according to claim 11, wherein the processor determines that the computing resource satisfies the trapdoor condition specifically by: the processor determines that the trapdoor condition defined by the computing resource is true; Or the processor determines that the number of input resources of the computing resources is greater than or equal to the number of input resources defined in the trapdoor condition as trapdoor resources.
13、 根据权利要求 11所述的资源聚合装置, 其特征在于, 所述陷门 资源描述包含陷门资源标识; 所述处理器根据陷 I' 1资源的描述确定所述陷 门资源的访问权限具体为: 所述处理器根据陷门资源标识获取所述陷门资
源的访问权限。 13. The resource aggregation device according to claim 11, wherein the trapdoor resource description includes a trapdoor resource identifier; the processor determines the access permission of the trapdoor resource according to the trapdoor resource description. Specifically: the processor obtains the trapdoor resource according to the trapdoor resource identifier. Source access rights.
14、 根据权利要求 8-1 3任一项所述的资源聚合装置, 其特征在于, 当聚合资源创建请求中包含的所述计算资源的标识为至少两个时,所 述计算资源输入资源包括被聚合资源和 /或其它计算资源的输出资源; 当所述计算资源输入资源为被聚合资源时,所述处理器根据所述通信 接口接收的所述聚合资源创建请求中包含的所述计算资源的输入资源的 信息获取所述输入资源的访问权限具体为: 所述处理器根据所述通信接口 接收的所述聚合资源创建请求中包含的被聚合资源信息获取被聚合资源 的访问权限作为所述计算资源的输入资源的访问权限; 所述计算资源输入资源为其它计算资源的输出资源时,所述处理器根 据所述通信接口接收的所述聚合资源创建请求中包含的所述计算资源的 输入资源的信息获取所述输入资源的访问权限具体为: 所述处理器根据所 述通信接口接收的所述聚合资源创建请求中包含的其它计算资源的输出 资源信息获取所述其它计算资源的输出资源的访问权限作为所述计算资 源的输入资源的访问权限。 14. The resource aggregation device according to any one of claims 8-13, characterized in that when the identifiers of the computing resources included in the aggregate resource creation request are at least two, the computing resource input resources include Output resources of aggregated resources and/or other computing resources; when the computing resource input resource is an aggregated resource, the processor creates the computing resource included in the aggregated resource creation request received by the communication interface. Obtaining the access rights of the input resources from the information of the input resources is specifically: the processor obtains the access rights of the aggregated resources according to the aggregated resource information contained in the aggregated resource creation request received by the communication interface as the Access rights to input resources of computing resources; When the input resources of computing resources are output resources of other computing resources, the processor determines the input of the computing resources included in the aggregate resource creation request received by the communication interface. Obtaining the access rights of the input resources from the resource information specifically includes: the processor obtains the output resources of the other computing resources according to the output resource information of other computing resources included in the aggregate resource creation request received by the communication interface. The access rights are used as the access rights of the input resources to the computing resources.
1 5、 一种资源聚合结果访问权限的控制方法, 其特征在于, 资源聚合装置接收聚合资源创建请求, 所述聚合资源创建请求包括: 对聚合结果资源的请求访问权限和计算资源的标识, 以及所述计算资源 的输入资源信 ,包、和所述计算资源的输出资源信息; 根据所述计算资源的标识获取所述计算资源, 并根据所述计算资源 确定所述计算资源的输入资源能够根据所述计算资源的输出资源获取; 根据所述计算资源的输入资源的信息获取所述输入资源的访问权 限; 根据所述请求访问权限和所述输入资源的访问权限确定所述计算资 源的输出资源的访问权限; 当所述计算资源的输出资源为聚合结果资源时, 将所述计算资源的
输出资源的访问权限作为所述聚合结果资源的访问权限。 15. A method for controlling access rights to resource aggregation results, characterized in that the resource aggregation device receives an aggregation resource creation request, and the aggregation resource creation request includes: a request for access rights to the aggregation result resource and an identification of the computing resource, and The input resource information package of the computing resource and the output resource information of the computing resource; Obtain the computing resource according to the identification of the computing resource, and determine according to the computing resource that the input resource of the computing resource can be based on Obtain the output resource of the computing resource; Obtain the access permission of the input resource according to the information of the input resource of the computing resource; Determine the output resource of the computing resource according to the requested access permission and the access permission of the input resource. access rights; when the output resource of the computing resource is an aggregation result resource, the The access rights of the output resources are used as the access rights of the aggregation result resources.
1 6、 根据权利要求 1 5所述的方法, 其特征在于, 所述根据所述计算 资源确定所述计算资源的输入资源能够根据所述计算资源的输出资源获 取具体为: 根据所述计算资源中定义的陷门条件确定所述计算资源不满足 所述陷门条件; 所述根据所述请求访问权限和所述计算资源的输入资源的访问权限 确定所述计算资源的输出资源的访问权限具体为: 确定所述计算资源的输出资源的访问权限为所述请求访问权限和所 述计算资源的输入资源的访问权限的交集。 16. The method according to claim 15, wherein the step of determining, according to the computing resources, that the input resources of the computing resources can be obtained based on the output resources of the computing resources is: based on the computing resources. The trapdoor condition defined in determines that the computing resource does not satisfy the trapdoor condition; the access permission of the output resource of the computing resource is determined based on the requested access permission and the access permission of the input resource of the computing resource. is: determining the access permission of the output resource of the computing resource to be the intersection of the requested access permission and the access permission of the input resource of the computing resource.
1 7、 根据权利要求 1 6所述的方法, 其特征在于, 所述确定所述计算 资源不满足限门条件具体为: 确定所述计算资源定义的陷门条件为假;或 确定所述计算资源的输入资源的数量小于所述陷门条件中定义的作 为陷门资源的输入资源的数量。 17. The method according to claim 16, wherein determining that the computing resource does not satisfy the threshold condition specifically includes: determining that the trapdoor condition defined by the computing resource is false; or determining that the computing resource does not satisfy the threshold condition. The number of input resources of the resource is less than the number of input resources defined as trapdoor resources in the trapdoor condition.
1 8、 根据权利要求 1 5所述的方法, 其特征在于, 所述根据所述计算资源确定所述计算资源的输入资源能够根据所述 计算资源的输出资源获取具体为: 确定所述计算资源满足所述计算资源定 义的陷门条件, 或确定所述计算资源不包括陷门条件;且根据所述计算资 源定义的输出资源对输入资源的单向性描述确定所述计算资源的输出资 源对所述输入资源不具有单向性; 所述根据所述请求访问权限和所述输入资源的访问权限确定所述计 算资源的输出资源的访问权限具体为: 确定所述计算资源的输出资源的访 问权限为所述请求访问权限与所述输入资源的访问权限的交集; 或, 所述根据所述计算资源确定所述计算资源的输入资源能够根据所述 计算资源的输出资源获取具体为: 确定所述计算资源满足所述计算资源定
义的陷门条件, 或确定所述计算资源不包括陷门条件;且根据所述计算资 源定义的对输入资源的单向性描述确定所述计算资源的输出资源对输入 资源具有陷门单向性; 所述计算资源进一步包含陷门资源的描述; 所述方法进一步包括: 根 据陷门资源的描述确定所述陷门资源的访问权限; 所述根据所述请求访问权限和所述输入资源的访问权限确定所述计 算资源的输出资源的访问权限具体为: 确定所述计算资源的输出资源的访 问权限为在所述请求访问权限和所述输入资源的访问权限的并集中排除 所有所述陷 I' 1资源的访问权限与所述请求访问权限的交集。 18. The method according to claim 15, characterized in that, determining that the input resource of the computing resource according to the computing resource can be obtained according to the output resource of the computing resource is specifically: determining the computing resource. Satisfy the trapdoor condition defined by the computing resource, or determine that the computing resource does not include a trapdoor condition; and determine the output resource pair of the computing resource according to the unidirectional description of the output resource defined by the computing resource to the input resource. The input resource does not have one-way property; Determining the access permission of the output resource of the computing resource based on the requested access permission and the access permission of the input resource is specifically: Determining the access permission of the output resource of the computing resource The authority is the intersection of the requested access authority and the access authority of the input resource; or, the determination of the input resource of the computing resource based on the computing resource that can be obtained based on the output resource of the computing resource is specifically: determining the The computing resources meet the computing resource requirements. defined trapdoor condition, or determine that the computing resource does not include a trapdoor condition; and determine that the output resource of the computing resource has a trapdoor unidirectionality for the input resource according to the unidirectional description of the input resource defined by the computing resource. property; the computing resource further includes a description of the trapdoor resource; the method further includes: determining the access permission of the trapdoor resource according to the description of the trapdoor resource; and determining the access permission of the trapdoor resource based on the requested access permission and the input resource. Determining the access permission of the output resource of the computing resource specifically includes: determining the access permission of the output resource of the computing resource by excluding all traps from the union of the requested access permission and the access permission of the input resource. The intersection of I'1 resource's access rights and the requested access rights.
1 9、 根据权利要求 1 8所述的方法, 其特征在于: 所述确定所述计算 资源满足陷门条件具体为: 确定所述计算资源定义的陷门条件为真;或 确定所述计算资源的输入资源的数量大于或等于所述陷门条件中定 义的作为陷 I' 1资源的输入资源的数量。 19. The method according to claim 18, characterized in that: determining that the computing resource satisfies the trapdoor condition specifically includes: determining that the trapdoor condition defined by the computing resource is true; or determining that the computing resource satisfies the trapdoor condition. The number of input resources is greater than or equal to the number of input resources defined as trapdoor resources in the trapdoor condition.
2 0、 根据权利要求 1 8所述的方法, 其特征在于: 所述陷门资源描述包含陷门资源标识;所述根据陷门资源的描述确定 所述陷门资源的访问权限包括: 根据陷门资源标识获取所述陷门资源的访 问权限。 20. The method according to claim 18, characterized in that: the trapdoor resource description includes a trapdoor resource identifier; and determining the access permission of the trapdoor resource according to the trapdoor resource description includes: according to the trapdoor resource description. The door resource identifier obtains the access permission of the trapdoor resource.
2 1、 根据权利要求 1 5-2 0任一所述的方法, 其特征在于: 当聚合资源 创建请求中包含的所述计算资源的标识为至少两个时, 所述计算资源输入 资源包括被聚合资源和 /或其它计算资源的输出资源; 当所述计算资源输入资源为被聚合资源时,所述根据所述计算资源的 输入资源的信息获取所述输入资源的访问权限具体为: 根据聚合资源信息 获取被聚合资源的访问权限作为所述计算资源的输入资源的访问权限; 所述计算资源输入资源为其它计算资源的输出资源时,所述根据所述 计算资源的输入资源的信息获取所述输入资源的访问权限具体为: 根据其
它计算资源的输出资源信息获取所述其它计算资源的输出资源的访问权 限作为所述计算资源的输入资源的访问权限。
21. The method according to any one of claims 15-20, characterized in that: when the identifiers of the computing resources included in the aggregate resource creation request are at least two, the computing resource input resources include: Aggregate resources and/or output resources of other computing resources; When the computing resource input resource is an aggregated resource, obtaining the access permission of the input resource based on the information of the input resource of the computing resource is specifically: based on aggregation The resource information obtains the access rights of the aggregated resources as the access rights of the input resources of the computing resources; when the input resources of the computing resources are output resources of other computing resources, the information obtained based on the input resources of the computing resources is The specific access permissions for the above input resources are: According to their The output resource information of its computing resource obtains the access rights of the output resources of the other computing resources as the access rights of the input resources of the computing resource.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2014/077144 WO2015168936A1 (en) | 2014-05-09 | 2014-05-09 | Method for controlling resource aggregation result access permission and resource aggregation apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2014/077144 WO2015168936A1 (en) | 2014-05-09 | 2014-05-09 | Method for controlling resource aggregation result access permission and resource aggregation apparatus |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2015168936A1 true WO2015168936A1 (en) | 2015-11-12 |
Family
ID=54392017
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/CN2014/077144 WO2015168936A1 (en) | 2014-05-09 | 2014-05-09 | Method for controlling resource aggregation result access permission and resource aggregation apparatus |
Country Status (1)
| Country | Link |
|---|---|
| WO (1) | WO2015168936A1 (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103400067A (en) * | 2013-03-29 | 2013-11-20 | 青岛海信电器股份有限公司 | Access control method, system and server |
| CN103716326A (en) * | 2013-12-31 | 2014-04-09 | 华为技术有限公司 | Resource access method and URG |
-
2014
- 2014-05-09 WO PCT/CN2014/077144 patent/WO2015168936A1/en active Application Filing
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103400067A (en) * | 2013-03-29 | 2013-11-20 | 青岛海信电器股份有限公司 | Access control method, system and server |
| CN103716326A (en) * | 2013-12-31 | 2014-04-09 | 华为技术有限公司 | Resource access method and URG |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108092979B (en) | Firewall policy processing method and device | |
| Liao et al. | Intuitionistic fuzzy hybrid weighted aggregation operators | |
| US8925056B2 (en) | Universal management of user profiles | |
| US20160267144A1 (en) | Collecting and generating geo-tagged social media data through a network router interface | |
| US9471665B2 (en) | Unified system for real-time coordination of content-object action items across devices | |
| CN104301301B (en) | A kind of Data Migration encryption method based between cloud storage system | |
| US10282461B2 (en) | Structure-based entity analysis | |
| WO2020040801A1 (en) | Address management system | |
| US20160149854A1 (en) | Framework for Application to Application Interworking in the M2M World | |
| AU2020202605A1 (en) | User data sharing method and device | |
| US20180081894A1 (en) | Method and apparatus for clearing data in cloud storage system | |
| CN106470150A (en) | Relation chain storage method and device | |
| US10387407B2 (en) | Preventing abuse in content sharing system | |
| CN110602215B (en) | Resource processing method based on alliance block chain and alliance block chain system | |
| Lu et al. | On Kalman smoothing for wireless sensor networks systems with multiplicative noises | |
| EP2736002A1 (en) | Method, system and computer program product for enforcing access to event attributes of event streams in a complex event processing system | |
| Myneni et al. | Intelligent Hybrid Cloud Data Hosting Services with Effective Cost and High Availability. | |
| Rong‐na et al. | Provenance‐based data flow control mechanism for Internet of things | |
| US20170024187A1 (en) | Automated approval | |
| Kaushik et al. | Multi-level trust agreement in cloud environment | |
| Zhang | Cloud Trust‐Driven Hierarchical Sharing Method of Internet of Things Information Resources | |
| US20190050438A1 (en) | System and method for updating information | |
| US10572486B2 (en) | Data communication in a distributed data grid | |
| Wang et al. | Research of P2P network trust model | |
| WO2015168936A1 (en) | Method for controlling resource aggregation result access permission and resource aggregation apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14891301 Country of ref document: EP Kind code of ref document: A1 |
|
| NENP | Non-entry into the national phase |
Ref country code: DE |
|
| 122 | Ep: pct application non-entry in european phase |
Ref document number: 14891301 Country of ref document: EP Kind code of ref document: A1 |