CN101330500A - Control method for accessing authority of equipment management - Google Patents
Control method for accessing authority of equipment management Download PDFInfo
- Publication number
- CN101330500A CN101330500A CNA2007101127809A CN200710112780A CN101330500A CN 101330500 A CN101330500 A CN 101330500A CN A2007101127809 A CNA2007101127809 A CN A2007101127809A CN 200710112780 A CN200710112780 A CN 200710112780A CN 101330500 A CN101330500 A CN 101330500A
- Authority
- CN
- China
- Prior art keywords
- label
- management server
- node
- terminal management
- described terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a control method for access authority in device management. The method comprises the following steps: a terminal management server label is added to a protocol head; a node creator label and a first operation authority label corresponding to the node creation label are added for each node of a managed object; a terminal management server sends the node creator label and the first operation authority label to a terminal, and the terminal obtains the terminal management server label; if the node creator label is in accordance with the terminal management server label, authority distribution is performed to the node of the corresponding managed object in the operation authority marked by the first operation authority label; the access authority is controlled under the condition that the access party has the access authority. The flexible access authority control can be performed through the control method, the purpose that the flexible access authority is supported through the terminal management can be realized reliably, securely and simply, and multiple verification can be provided.
Description
Technical field
The present invention relates to field of network communication, relate more specifically to the implementation method of access rights control in a kind of equipment control.
Background technology
Along with being surging forward of the development of modern communications technology, particularly data service, the quantity of portable terminal is more and more, and the data service of being supported also becomes increasingly complex, and needs stronger terminal management ability.Good terminal management can solve the complexity of data service and the data service problems such as dependence to terminal, better optimize user experience, higher generalization data service.
OMA (Open Mobile Alliance Open Mobile Alliance) International Standards Organization works out DM (Device Management terminal management) standard, thus provide a kind of more convenient, more effective, means are come the management maintenance portable terminal more efficiently.Its mode by OTA (Over The Air downloads in the air) is carried out relevant parameters configuration, software download renewal and fault restoration etc. to portable terminal, and important informations such as the operating position of mobile terminal service and the network coverage can also be provided simultaneously.The DM standard realizes by the SyncML agreement.
Provide the access control method of MO (Management Object management object) in the current DM standard: each Node (node) among the MO has been defined corresponding operating right, only the operational order in this scope just can be accepted by terminal, then can be refused by terminal in this extraneous operational order.Can not have these operating rights but also provide corresponding method to define concrete which DM server in the standard, all have same operating right but give tacit consent to all DM servers.Will have problems like this.For example, DM server 1 has defined the access point that a name is called " ap1 " on certain terminal.Under present mechanism, other any one DM servers all have complete operation authority to access point " ap1 " as DM server 2,3, can unrestrictedly make amendment, deletion action.In this case, DM server 1 just can't learn whether the configuration of this access point " ap1 " is normal, and other application that use this access point also may go wrong.
In addition, the operating right of each node all has cured in terminal in the management object, and existing standard does not provide the method that on-the-fly modifies the nodal operation authority.In this case,, must recall upgrading to terminal so, to the user, to operator, all can cause loss on the time and money to terminal producer if the operating right of certain node of terminal needs to revise.
Summary of the invention
Consider the problems referred to above and make the present invention, main purpose of the present invention for this reason be to provide a kind of in equipment control the control method of access rights.
To achieve these goals, according to an aspect of the present invention, the control method of access rights in equipment control is provided, this method may further comprise the steps: increase the terminal management server label in protocol header, for each node of management object all increases node founder label and the first operating right label corresponding with it; Terminal management server sends to terminal with the node founder label and the first operating right label, and obtains the terminal management server label by terminal; If node founder label is consistent with the terminal management server label, then the node to corresponding management object carries out right assignment in the operating right that the first operating right label is identified; And have the access side under the situation of access rights, access rights are controlled.
In the method, the access side comprises server and terminal.The control of the access rights of server may further comprise the steps: be each node of management object all increase nodal operation person's label and second operating right label corresponding with it, and with these two tag storage on terminal management server; And terminal management server compares terminal management server label and nodal operation person label, and according to the comparative result control of authority that conducts interviews.If the terminal management server label is consistent with nodal operation person label, then terminal management server will be issued to terminal in the operational order in the operating right that the second operating right label is identified.If terminal management server label and nodal operation person label are inconsistent, then the order of terminal management server destruction operation.
In addition, in the method, control to the access rights of server may further comprise the steps: be each node of management object all increase nodal operation person's label and second operating right label corresponding with it, and with these two tag storage on terminal management server; Terminal management server sends to terminal with the nodal operation person label and the second operating right label, and obtains the terminal management server label by terminal; And terminal compares terminal management server label and nodal operation person label, and according to the comparative result control of authority that conducts interviews.If the terminal management server label is consistent with nodal operation person label, then terminal is carried out the operation in the operating right that the second operating right label is identified.If terminal management server label and nodal operation person label are inconsistent, then terminal is refused operation command.
In addition, in the method, the terminal management server label is the domain name of terminal management server, and the value of node founder label is one, and the value of nodal operation person label is one or more.And the value of node founder label is the value or the set point of its superior node.
Therefore, by above-mentioned aspect of the present invention, can carry out flexible and changeable access rights control, can pass through management object static allocation authority, also can order the dynamic assignment authority by SyncML, can support the checking of DM server end and two kinds of mechanism of terminal checking, thereby reliably, safely, simply realize the flexible and changeable access rights of terminal management support, multiple-authentication is provided.
Other features and advantages of the present invention will be set forth in the following description, and, partly from specification, become apparent, perhaps understand by implementing the present invention.Purpose of the present invention and other advantages can realize and obtain by specifically noted structure in the specification of being write, claims and accompanying drawing.
Description of drawings
Accompanying drawing is used to provide further understanding of the present invention, and constitutes the part of specification, is used from explanation the present invention with embodiments of the invention one, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 shows the flow chart of the control method of access rights in equipment control according to the embodiment of the invention;
Fig. 2 shows the flow chart that distributes the operating right of this node according to the management object node founder of the embodiment of the invention;
Fig. 3 shows the flow chart according to the server end access rights control of the embodiment of the invention;
Fig. 4 shows the flow chart according to the terminal access control of authority of the embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing the preferred embodiments of the present invention are described, should be appreciated that preferred embodiment described herein only is used for description and interpretation the present invention, and be not used in qualification the present invention.
The control method of access rights in equipment control is provided in the present embodiment.As shown in Figure 1, show the flow chart of the control method of access rights in equipment control according to the embodiment of the invention, it may further comprise the steps: step S100, increase the terminal management server label in protocol header, for each node of management object all increases node founder label and the first operating right label corresponding with it; Step S102, terminal management server sends to terminal with the node founder label and the first operating right label, and obtains the terminal management server label by terminal; Step S104, if node founder label is consistent with the terminal management server label, then the node to corresponding management object carries out right assignment in the operating right that the first operating right label is identified; And step S106, have the access side under the situation of access rights, access rights are controlled.
In the method, the access side comprises server and terminal.The control of the access rights of server may further comprise the steps: be each node of management object all increase nodal operation person's label and second operating right label corresponding with it, and with these two tag storage on terminal management server; And terminal management server compares terminal management server label and nodal operation person label, and according to the comparative result control of authority that conducts interviews.If the terminal management server label is consistent with nodal operation person label, then terminal management server will be issued to terminal in the operational order in the operating right that the second operating right label is identified.If terminal management server label and nodal operation person label are inconsistent, then the order of terminal management server destruction operation.
In addition, in the method, control to the access rights of server may further comprise the steps: be each node of management object all increase nodal operation person's label and second operating right label corresponding with it, and with these two tag storage on terminal management server; Terminal management server sends to terminal with the nodal operation person label and the second operating right label, and obtains the terminal management server label by terminal; And terminal compares terminal management server label and nodal operation person label, and according to the comparative result control of authority that conducts interviews.If the terminal management server label is consistent with nodal operation person label, then terminal is carried out the operation in the operating right that the second operating right label is identified.If terminal management server label and nodal operation person label are inconsistent, then terminal is refused operation command.
In addition, in the method, the terminal management server label is the domain name of terminal management server, and the value of node founder label is one, and the value of nodal operation person label is one or more.And the value of node founder label is the value or the set point of its superior node.
According to still another embodiment of the invention, wherein, (a) protocol header increases label<ServerID in DM (terminal management) session〉</ServerID〉(being DM server identification label), be used for the unique identification DM server relevant with this session; (b) each node for management object increases label<Owner〉</Owner〉(being node founder label), sign is created the DM server of this node, and is corresponding<AccessType〉</AccessType〉this DM server of (being the operating right label) tag identifier is to operating right that this node had; (c) each node for management object increases label<Operator〉</Operator〉(be the nodal operation person's label), sign can be operated the DM server of this node, and is corresponding<AccessType〉</AccessType〉this DM server of (being the operating right label) tag identifier is to operating right that this node had.
In addition, the DM session can initiatively be initiated or be initiated by the DM server by terminal.Initiatively initiate time<ServerID by terminal〉</ServerID value is target DM server, when initiating by the DM server then value be self.And<ServerID〉</ServerID〉be traditionally arranged to be the domain name of DM server.In addition, the label<Owner of management object node〉</Owner can not occur, this moment, this node was inherited in its father node<Owner〉</Owner value, if in father node, still do not occur, should trace back so always.Label<the Owner of management object node〉</Owner〉if, can only occur so 1 time, represent that this node has only unique founder.Simultaneously, have only the founder of management object node can distribute the operating right of other DM servers, and can only distribute the existing authority of founder self this node.Label<the Operator of management object node〉</Operator〉can not occur, this moment, this node did not allow any founder other DM server operations in addition.But, the label<Operator of management object node〉</Operator〉can occur repeatedly, this moment, this node allowed a plurality of founders other DM server operations in addition.Management object node label<Operator〉</Operator〉can value be " Others ", sign this moment all DM servers except that the node founder.In addition, the management object nodal information is kept on DM server and the terminal simultaneously, thereby can be in the control of authority that all conducts interviews of DM server end and terminal.
By in the management object node, increasing corresponding label, can realize the static allocation authority.For example, when certain terminal was dispatched from the factory, its node PxAddr can comprise following label:
<Owner>www.dm.com</Owner>
<AccessType>
<Add/><Get/>
</AccessType>
By increasing these labels, can obtain following information: the founder of node PxAddr is DM server " www.dm.com ", and it can increase (Add) operation, inquiry (Get) operation on this node.
After static rights had assigned, management object node founder can also order the dynamic assignment operating right by SyncML.
Management object node founder batch operation authority
Precondition:
1.DM server is created node PxAddr;
2.DM server issues following content by the Add order:
<Operator>www.dm1.com</Operator>
<AccessType>Replace</AccessType>
Fig. 2 shows the flow chart that distributes the operating right of this node according to the management object node founder of the embodiment of the invention, after receiving this order, the terminal execution in step as shown in Figure 2:
Step S200 obtains from the SyncML protocol header<ServerID〉</ServerID value;
Step S202 judges whether the founder into this node.If not the founder, carry out failure so.If the founder continues to carry out subsequent step so;
Step S204, whether the authority that judgement will distribute belongs to the founder.If do not belong to the founder, return so and carry out failure.If belong to the founder, continue to carry out subsequent step so;
Step S206, fill order is redistributed the operating right of node.The operating right of PxAddr node is made following change: give DM server " www.dm1.com " and revise (Replace) authority;
Run succeeded the return command execution result.
After management object nodal operation right assignment was finished, all DM servers all needed to carry out operating right and judge when issuing operational order.
The server end access rights are controlled
Precondition:
1.DM preserve the management object nodal information of terminal on the server;
2. management object node visit authority is distributed;
Fig. 3 shows the flow chart according to the server end access rights control of the embodiment of the invention.As shown in Figure 3, it may further comprise the steps:
Step S300, the DM server issues operational order, triggers access rights control;
Step S302 according to the management node access authority information of having preserved, judges whether this DM server has the authority of carrying out this operational order;
Step S304 if this DM server does not have corresponding authority, cancels this operational order so, can not be issued to terminal; If this DM server has corresponding authority, operational order will be issued to terminal so.
After management object nodal operation right assignment was finished, all terminals all needed to carry out operating right and judge when receiving the operational order that the DM server issues.
To the terminal access control of authority
Precondition:
1. preserve the management object nodal information on the terminal;
2. management object node visit authority is distributed.
Fig. 4 shows the flow chart according to the terminal access control of authority of the embodiment of the invention.As shown in Figure 4, it may further comprise the steps:
Step S400, terminal is received the operation requests that the DM server issues;
Step S402, terminal obtain the DM server<ServerID</ServerID information, and the operational order that will carry out triggers access rights control;
Step S404 according to the management node authority information of preserving, judges whether the DM server has the authority of carrying out this operational order;
Step S406, if the DM server is not carried out the authority of this operational order, the terminal refusal is carried out this operational order so; If the DM server has the authority of carrying out this operational order, terminal is carried out this operational order so.
In sum, by means of technique scheme of the present invention, can carry out flexible and changeable access rights control, can pass through management object static allocation authority, also can order the dynamic assignment authority by SyncML, can support the checking of DM server end and two kinds of mechanism of terminal checking, thereby reliably, safely, simply realize the flexible and changeable access rights of terminal management support, multiple-authentication is provided.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. the control method of access rights in equipment control is characterized in that, may further comprise the steps:
Increase the terminal management server label in protocol header, for each node of management object all increases node founder label and the first operating right label corresponding with it;
Terminal management server sends to terminal with described node founder label and the described first operating right label, and obtains described terminal management server label by described terminal;
If described node founder label is consistent with described terminal management server label, then the node to corresponding management object carries out right assignment in the operating right that the described first operating right label is identified; And
Have the access side under the situation of access rights, described access rights are controlled.
2. control method according to claim 1 is characterized in that described access side comprises server and terminal.
3. control method according to claim 2 is characterized in that, the control of the access rights of server be may further comprise the steps:
Be each node of described management object all increase nodal operation person's label and second operating right label corresponding with it, and with these two tag storage on described terminal management server; And
Described terminal management server compares described terminal management server label and described nodal operation person label, and according to the comparative result control of authority that conducts interviews.
4. control method according to claim 3, it is characterized in that, if described terminal management server label is consistent with described nodal operation person label, then described terminal management server will be issued to described terminal in the operational order in the operating right that the described second operating right label is identified.
5. control method according to claim 3 is characterized in that, if described terminal management server label and described nodal operation person label are inconsistent, and the order of then described terminal management server destruction operation.
6. control method according to claim 2 is characterized in that, the control of the access rights of server be may further comprise the steps:
Be each node of described management object all increase nodal operation person's label and second operating right label corresponding with it, and with these two tag storage on described terminal management server;
Described terminal management server sends to described terminal with described nodal operation person label and the described second operating right label, and obtains described terminal management server label by described terminal; And
Described terminal compares described terminal management server label and described nodal operation person label, and according to the comparative result control of authority that conducts interviews.
7. control method according to claim 6 is characterized in that, if described terminal management server label is consistent with described nodal operation person label, then described terminal is carried out the operation in the operating right that the described second operating right label is identified.
8. control method according to claim 6 is characterized in that, if described terminal management server label and described nodal operation person label are inconsistent, and then described terminal refusal operation command.
9. require each described control method according to aforesaid right, it is characterized in that, described terminal management server label is the domain name of described terminal management server, and the value of described node founder label is one, and the value of described nodal operation person label is one or more.
10. control method according to claim 9 is characterized in that, the value of described node founder label is the value or the set point of its superior node.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101127809A CN101330500B (en) | 2007-06-18 | 2007-06-18 | Control method for accessing authority of equipment management |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101127809A CN101330500B (en) | 2007-06-18 | 2007-06-18 | Control method for accessing authority of equipment management |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101330500A true CN101330500A (en) | 2008-12-24 |
| CN101330500B CN101330500B (en) | 2012-05-23 |
Family
ID=40206090
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101127809A Expired - Fee Related CN101330500B (en) | 2007-06-18 | 2007-06-18 | Control method for accessing authority of equipment management |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101330500B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010043175A1 (en) * | 2008-10-14 | 2010-04-22 | 华为技术有限公司 | Method and device for terminal management based on right control |
| CN102404325A (en) * | 2011-11-23 | 2012-04-04 | 华为技术有限公司 | Message access control method and switch |
| CN102761575A (en) * | 2011-04-28 | 2012-10-31 | 南京中兴新软件有限责任公司 | Data synchronization method, data synchronization system and portable mobile acquisition device |
| CN103581187A (en) * | 2013-11-05 | 2014-02-12 | 曙光云计算技术有限公司 | Method and system for controlling access rights |
| CN104079437A (en) * | 2010-08-12 | 2014-10-01 | 华为终端有限公司 | Method and terminal for achieving authority management and control |
| CN108664795A (en) * | 2017-03-27 | 2018-10-16 | 曲立东 | Data safety optimization application system based on OTO platforms and method |
| CN111429274A (en) * | 2020-03-09 | 2020-07-17 | 中国建设银行股份有限公司 | Transaction processing method and device |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100502298C (en) * | 2003-11-12 | 2009-06-17 | 华为技术有限公司 | Method for realizing management authorization in network management system |
| CN1627759A (en) * | 2003-12-12 | 2005-06-15 | 国际商业机器公司 | Digital management system and method of managing access right in such system |
| CN100417267C (en) * | 2005-05-25 | 2008-09-03 | 华为技术有限公司 | Method for controlling terminal operation in equipment management |
-
2007
- 2007-06-18 CN CN2007101127809A patent/CN101330500B/en not_active Expired - Fee Related
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010043175A1 (en) * | 2008-10-14 | 2010-04-22 | 华为技术有限公司 | Method and device for terminal management based on right control |
| US9215148B2 (en) | 2008-10-14 | 2015-12-15 | Huawei Technologies Co., Ltd. | Method and device for terminal device management based on right control |
| CN104079437A (en) * | 2010-08-12 | 2014-10-01 | 华为终端有限公司 | Method and terminal for achieving authority management and control |
| CN104079437B (en) * | 2010-08-12 | 2017-12-22 | 华为终端有限公司 | Realize the method and terminal of rights management control |
| CN102761575A (en) * | 2011-04-28 | 2012-10-31 | 南京中兴新软件有限责任公司 | Data synchronization method, data synchronization system and portable mobile acquisition device |
| CN102404325A (en) * | 2011-11-23 | 2012-04-04 | 华为技术有限公司 | Message access control method and switch |
| CN102404325B (en) * | 2011-11-23 | 2015-03-11 | 华为技术有限公司 | Message access control method and switch |
| CN103581187A (en) * | 2013-11-05 | 2014-02-12 | 曙光云计算技术有限公司 | Method and system for controlling access rights |
| CN108664795A (en) * | 2017-03-27 | 2018-10-16 | 曲立东 | Data safety optimization application system based on OTO platforms and method |
| CN111429274A (en) * | 2020-03-09 | 2020-07-17 | 中国建设银行股份有限公司 | Transaction processing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101330500B (en) | 2012-05-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10362485B2 (en) | Delegated profile and policy management | |
| US10178242B2 (en) | Enterprise gateway to mobile operator | |
| CN101330500B (en) | Control method for accessing authority of equipment management | |
| CN101325509B (en) | Method, system and apparatus for installing software component | |
| US10440558B1 (en) | Embedded SIM profile download and management system | |
| US20170318465A1 (en) | Method for configuring profile of subscriber authenticating module embedded and installed in terminal device, and apparatus using same | |
| US10667123B2 (en) | Method for installing subscription profile, terminal, and server | |
| CN104838618A (en) | Method and apparatus for authenticating access authorization in wireless communication system | |
| US20120208597A1 (en) | Method for automatic provisioning of a sim card | |
| US10687205B1 (en) | Remote operational management of E-SIM | |
| CN102868998A (en) | Method and device for visiting businesses of internet of things | |
| CN101155368A (en) | Terminal ability information updating system and method | |
| CN110996339B (en) | eSIM resource management platform and management method | |
| CN108229213A (en) | Access control method, system and electronic equipment | |
| CN102571705B (en) | Information processing method and server | |
| CN103475512A (en) | Internet of Things remote management platform migration method, device and Internet of Things terminal | |
| CN109963275B (en) | Sending method and receiving method of subscription data and processing system of subscription data | |
| WO2019213645A1 (en) | System and method for interoperability in remote provisioning architectures for embedded universal integrated circuit cards | |
| US8326933B2 (en) | Appearance package management method, system and device | |
| CN101924645B (en) | Device management method, device and system | |
| US20090037493A1 (en) | Method and device for updating an object with copyright attribute | |
| US8594289B2 (en) | Method for provisioning subscribers, products, and services in a broadband network | |
| CN100428761C (en) | Software updating method for mobile terminal | |
| CN105744501A (en) | Data traffic sharing method and management server | |
| CN112069181B (en) | User data asset transfer method and operator network system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: RUGAO HUACAN PROPERTIES CO., LTD. Free format text: FORMER OWNER: ZTE CORPORATION Effective date: 20141121 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 518057 SHENZHEN, GUANGDONG PROVINCE TO: 226500 NANTONG, JIANGSU PROVINCE |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20141121 Address after: 11, 226500 and 18 sets of Zhenhai dam village, Rugao, Jiangsu, Nantong Patentee after: Rugao Huayi Real Estate Co., Ltd. Address before: 518057 Nanshan District science and Technology Industrial Park, Guangdong high tech Industrial Park, ZTE building Patentee before: ZTE Corporation |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120523 Termination date: 20160618 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |