CN101655892A - Mobile terminal and access control method - Google Patents
Mobile terminal and access control method Download PDFInfo
- Publication number
- CN101655892A CN101655892A CN200910173947A CN200910173947A CN101655892A CN 101655892 A CN101655892 A CN 101655892A CN 200910173947 A CN200910173947 A CN 200910173947A CN 200910173947 A CN200910173947 A CN 200910173947A CN 101655892 A CN101655892 A CN 101655892A
- Authority
- CN
- China
- Prior art keywords
- application program
- resource
- identification
- type
- grouping sheet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a mobile terminal and an access control method, wherein the mobile terminal comprises an implementation unit, an acquired decision result and a decision unit,wherein the implementation unit is used for intercepting a resource requirement initialed by an application program and extracting an identification of the application program in the resource requirement and the identification of the required resource; the resource requirement of the application program is permitted or refused according to the decision result; and the decision unit is used for searching whether the authority type corresponding to the application program identification and the resource type corresponding to the resource identification meet the preset corresponding relationshipor not in a rule base according to the application program identification and the resource identification which are extracted by the implementation unit, and generating the decision result accordingto the searched result. The mobile terminal and the access control method achieve the access control by using the application program identification and the resource identification, and meet reasonable resource using requirements of the application program on the mobile terminal.
Description
Technical field
The present invention relates to moving communicating field, particularly relate to a kind of portable terminal and access control method.
Background technology
Visit portable terminal for the application program malice of protected from infection virus or wooden horse and cause damage, access control is set on the portable terminal resource on the application access portable terminal on the portable terminal is carried out control of authority to the user.Resource on the described portable terminal can comprise data (as address list, note record, email record etc.) and functional module (as bluetooth module, voice module etc.).
In the prior art, utilize the incidental safety certificate of application program to realize the access control of application programs, access control method relates to portable terminal and long-range service.When the user started application program on portable terminal, portable terminal found the root certificate ID (safety certificate that a class is special) of this application program earlier by the key word of this application program, and ID sends to described server with the root certificate; Server returns to the portable terminal that initiation is asked with the corresponding application resource complete list of grouping under the described certificate ID, and this portable terminal stores described application resource complete list and waits to start the corresponding relation of application program and start this application program; When this application program was initiated the request of access resources, as accessing address list, portable terminal judged in the application resource complete list of this application program correspondence whether comprise address list, if comprise and then allow visit, otherwise denied access.
Above-mentioned access control method is by preestablishing the application resource complete list that the grouping of various certificate places can be visited, and the corresponding relation of described grouping and application resource complete list is stored on the remote server; When application program launching, the application resource complete list corresponding with the root certificate ID that this application program is attached downloaded on the portable terminal, judge according to this application resource complete list whether application program can visit certain resource, thereby reach the purpose of application programs access control.
The inventor is in implementing process of the present invention, and there are the following problems at least to find prior art:
The grouping of application programs all needs certificate safe in utilization, but the affiliated meeting in group of the safety certificate of some application programs limits the legitimate request of this application program sometimes, make described application program can't normally use rational resource, as some mobile phone games by the online fight of bluetooth, owing to may not comprise bluetooth module in the application resource complete list of grouping under these recreation, cause above-mentioned recreation to be not being met by the normal request of bluetooth networking.
Summary of the invention
In view of this, the purpose of the embodiment of the invention provides a kind of portable terminal and access control method, to satisfy application program reasonably resource user demand on portable terminal.
The embodiment of the invention provides a kind of portable terminal, comprising:
Implement the unit, be used to tackle the resource request that application program is initiated, extract the sign of the application program in the described resource request and the sign of institute's requested resource; Obtain the result of decision, allow or refuse the resource request of described application program according to the described result of decision;
Decision package, be used for application program identification and resource identification according to the extraction of described enforcement unit, whether corresponding with described resource identification permission type the resource type of searching described application program identification correspondence in rule base satisfy the corresponding relation that presets, and generates the result of decision according to lookup result.
The embodiment of the invention also provides a kind of access control method, and described method comprises:
The resource request that the interception application program is initiated is extracted the sign of the application program in the described resource request and the sign of institute's requested resource;
According to the application program identification and the resource identification of described extraction, whether corresponding with described resource identification permission type the resource type of searching described application program identification correspondence in rule base satisfy the corresponding relation that presets, and generates the result of decision according to lookup result;
Allow or refuse the resource request of described application program according to the described result of decision.
The portable terminal of the embodiment of the invention and access control method use application program identification and resource identification to reach the purpose of access control, have satisfied application program reasonably resource user demand on portable terminal.
Description of drawings
Fig. 1 is the structured flowchart of the portable terminal of the embodiment of the invention;
Fig. 2 is the structured flowchart of the enforcement unit of the embodiment of the invention;
Fig. 3 is the workflow synoptic diagram of the portable terminal of the embodiment of the invention;
Fig. 4 is the schematic flow sheet of access control method first embodiment of the embodiment of the invention;
Fig. 5 is the schematic flow sheet of access control method second embodiment of the embodiment of the invention.
Embodiment
For above-mentioned purpose, the feature and advantage that make the embodiment of the invention can become apparent more, the embodiment of the invention is described in further detail below in conjunction with the drawings and specific embodiments.
The embodiment of the invention provides a kind of portable terminal, and as shown in Figure 1, described portable terminal 10 comprises: implement unit 101, decision package 102.
Carry application program identification and resource identification in the resource request of the embodiment of the invention.Described application program identification can comprise that program name or described portable terminal are the program number of described application assigned etc., described resource identification can comprise resource name or resource number etc., the resource of application requests can be call function, SMS, bluetooth equipment, GPS (Global Position System, GPS) equipment, address list, picture file, video file etc.
After the resource request of application program initiation is intercepted in enforcement unit 101, from described resource request, extract the application program identification of described application program and the resource identification of institute's request resource.
Wherein, application program identification and resource identification that decision package 102 extracts according to described enforcement unit 101, whether the resource type corresponding with described resource identification satisfies the corresponding relation that presets to search the permission type of described application program identification correspondence in the rule base.Then, decision package 102 generates the result of decision according to lookup result.If the resource type that the permission type of described application program identification correspondence is corresponding with described resource identification satisfies the corresponding relation that presets, then the result of decision is used for allowing; If the resource type that the permission type of described application program identification correspondence is corresponding with described resource identification does not satisfy the corresponding relation that presets, then the result of decision is used for refusal.
Described rule base is used for the corresponding relation that presets between the corresponding permission type of the application storing sign resource type corresponding with resource identification.Rule base can be positioned on the server of network side, also can be positioned on the portable terminal.
Conduct interviews in the prior art portable terminal-server architecture of control, the access control process is loaded down with trivial details, the response time is long, and the communication process between portable terminal and the server also can produce a part of network traffics expense, and this is that the user is undesirable.In the embodiment of the invention, preferred, described portable terminal 10 comprises described rule base.Portable terminal comprises rule base, and meeting simplified access control procedure shortens the response time, has avoided the network traffics expense between portable terminal and the server.
Store authority grouping sheet, resource grouping sheet and access rule table in the described rule base in advance; Described authority grouping sheet is the mapping table of application program identification and permission type, and described resource grouping sheet is the mapping table of resource identification and resource type, and described access rule table is the mapping table of permission type and resource type.
Permission type can comprise three types: trusted type, default type and constrained type.Can be divided into the grouping of default type for general application program; Arrive the grouping of trusted type for the procedure division of system supervisor and users to trust; Then be divided into the grouping of constrained type for the application program of security the unknown.The authority grouping sheet adopts two tuples to represent, and is as shown in table 1:
Table 1
| Application program identification | Permission type |
| Application program ID1 | The trusted type |
| Application program ID2 | Constrained type |
| Application program ID3 | Default type |
| ??...... | ??...... |
Require shielded rank that resource is divided according to various resource on the portable terminal, divide into groups to same resource type for the resource division of protected rank equivalence.Resource on the portable terminal can be divided into three types: system-level resource type, general resource type and locked resource type.Wherein, system-level resource type mainly is system file and some cell-phone functions that need pay, as conversation, note, wireless Internet access etc.; The locked resource type mainly is note, mail, picture, video and the bluetooth of address list, user storage, infrared, WIFI (Wireless Fidelity, Wireless Fidelity) network interface card etc.; General resource type is the resource of some other system without interaction safety and privacy of user.The resource grouping sheet adopts two tuples to represent, and is as shown in table 2:
Table 2
| Resource identification | Resource type |
| Resource ID 1 | System-level resource type |
| Resource ID 2 | General resource type |
| Resource ID 3 | The locked resource type |
| Resource ID 4 | The locked resource type |
| ??...... | ??...... |
The access rule table adopts two tuples to represent, and is as shown in table 3:
Table 3
| Permission type | Resource type |
| The trusted type | System-level resource type |
| The trusted type | General resource type |
| Default type | General resource type |
| Constrained type | General resource type |
| ??...... | ??...... |
When whether the resource type that the permission type of searching certain application program identification correspondence when decision package 102 in rule base is corresponding with the sign of institute request resource satisfies the corresponding relation that presets, the looked-up sequence of decision package 102 can be: search the permission type of described application program identification correspondence in the authority grouping sheet and the resource type of described resource identification correspondence in the resource grouping sheet, search the corresponding relation whether described permission type and resource identification have the visit of allowing in the access rule table; Or search described application program identification corresponding permission type and this permission type corresponding resource type in the access rule table in the authority grouping sheet, whether search described resource identification and described resource type in the resource grouping sheet corresponding; Or corresponding resource type and this resource type are at the permission type of access rule table correspondence in the resource grouping sheet to search described resource identification, and whether search described application program identification and described permission type in the authority grouping sheet corresponding.Preferably, the looked-up sequence of decision package 102 is for searching authority grouping sheet and resource grouping sheet earlier, obtain permission type corresponding and the resource type corresponding, search then whether this permission type and resource type mate in the access rule table with described resource identification with described application program identification; When adopting this sequential search, the access rule table can adopt tlv triple as shown in table 4, compares with table 3, has increased authority items, just can generate the result like this in the process of searching, and need not judge that lookup result is to have or do not have.
Table 4
| Permission type | Resource type | Authority |
| The trusted type | System-level resource type | ??Y |
| Constrained type | System-level resource type | ??N |
| Constrained type | General resource type | ??Y |
| Default type | System-level resource type | ??N |
| ??...... | ??...... | ...... |
Because the special circumstances of portable terminal, the embodiment of the invention is not distinguished access module (read, write, use), has authority and promptly has above-mentioned three kinds of access rights simultaneously.
By the data of storing in the rule base are carried out grouping management, significantly reduced the resource that rule base takies on portable terminal, dwindled data scale, improved seek rate.
Preferably, as shown in Figure 2, described enforcement unit 101 also comprises: buffer memory subelement 1011 and retrieval subelement 1012.
Described buffer memory subelement 1011 is used to deposit cache list, and described cache list is the mapping table of application program identification in the resource request of initiating recently that is not more than predetermined number, resource identification and described decision package 102 results of decision;
Whether described retrieval subelement 1012 is used for retrieving described cache list has and the described application program identification and the corresponding result of decision of resource identification.
Described cache list adopts tlv triple to represent, wherein is cached with the corresponding relation of the result of decision that application program identification, resource identification and the decision package 102 of the resource request of initiating recently on the portable terminal that is not more than predetermined number return.The buffer memory subelement 1011 at cache list place can be arranged in the internal memory of portable terminal, and the content of portable terminal power down cache list promptly can be lost.Cache list is as shown in table 5:
Table 5
| Application program identification | Resource identification | The result of decision |
| Application program ID1 | Resource ID 1 | ??Y |
| Application program ID2 | Resource ID 2 | ??Y |
| Application program ID3 | Resource ID 3 | ??N |
| Application program ID4 | Resource ID 4 | ??Y |
| Application program ID5 | Resource ID 5 | ??N |
After enforcement unit 101 receives the resource request of application program, have in the application program identification that utilization is earlier extracted from resource request and the cache list of resource identification retrieve stored and do not have the corresponding result of decision; Directly use if having then, allow or refuse the resource request of described application program, if do not have, decision package 102 goes rule base to search again.Certainly, it is oversize that cache list should not be provided with, and preferred, described predetermined number is ten.
Owing to initiate the application program of resource request in the portable terminal, in a period of time, initiate same resource request possibly once more; Therefore, in the access control process, use cache list, can make efficiency of access control higher, search with regard to not needing rule base, can directly use the result of decision of identical resource request last time for the resource request of doing decision-making; The response time of access control is shortened in the use of cache list greatly, improves user's experience when implementing access control.
Situation for utilization cache list in implementing the unit, may there be a kind of situation: after certain application program was initiated resource request to a certain resource, can keep in the result of decision of this resource request in the cache list, for example this result of decision is a "No", after this, the user has changed the permission type of this application program, the result of decision that makes decision package should draw after searching is a "Yes", but, because existing result of decision "No" in the cache list, therefore, implement the unit and just can not notify decision package to go to search in the rule base, described application program still can't be used requested resource.In this case, the user need be restarted portable terminal to empty cache list, could the normal resource of using application requests.
Preferably, described portable terminal 10 also comprises user interface section 103, be used for: when set up applications, receive the user and be this application program specified power type, and in the authority grouping sheet of described rule base, add the application program identification of this application program and the corresponding relation of permission type.
Concrete, the installation procedure of certain application program as shown in Figure 3:
S101, the installation procedure of application program starts;
S102, user interface section tackle the permission type request of described installation procedure;
S103, it is described application program specified power type that user interface section receives the user;
Because permission type comprises trusted type, default type and constrained type, so user interface section is shown to the user on portable terminal is selection to above-mentioned three kinds of permission types, for example present to the user with the form of drop-down menu, if the user does not specify permission type in this step, then the permission type of this application program of acquiescence appointment is a default type.
S104, user interface section adds the application program identification and the permission type of described application program in the authority grouping sheet to;
S105, application program installs.
Described user interface section 103 also is used for: receive the query requests of the permission type of Client-initiated application programs, permission type corresponding with the application program identification of this application program in the described authority grouping sheet is extracted and present to the user.
Described user interface section 103 also is used for: receive the permission type change directive of application program, use the permission type after changing to cover permission type corresponding with the application program identification of this application program in the described authority grouping sheet.
Described user interface section 103 also is used for: receive the instruction of unloading application program, with record deletion corresponding with the application program identification of this application program in the described authority grouping sheet.
Described user interface section 103, it is the interactive interface between user and the rule base, the user realizes self-defined editor to authority grouping sheet in the rule base by user interface section 103, removes the respective record of this application program in the authority grouping sheet etc. when change the when interpolation when promptly application program is installed, access application permission type and unloading application program.
Because user interface section is direct and rule base is got in touch, and do not contact directly with other functional modules in the portable terminal, so other functional modules in user interface section and the portable terminal except rule base are independent of each other, the user can install a new application program when using an application program.
The authority grouping sheet of in rule base, storing, resource grouping sheet and access rule table, wherein have only the authority grouping sheet to come self-defined editor by the user, preestablish and resource grouping sheet and access rule table all are devisers by the mobile terminal accessing control system, the user haves no right to check or change.Extended meeting is expanded permission type in the rule base and resource type according to the general actual needs of user behind the deviser, to satisfy the more diversified demand of user.
The user sets the permission type grouping of application program by user interface section, thereby has realized the self-defined of application programs access rights, makes the application program of installation more meet user's individual use habit.
The portable terminal of the embodiment of the invention, use application program identification and resource identification to reach the purpose of access control, satisfied application program reasonably resource user demand on portable terminal, simultaneously, make application program can obtain corresponding authority, make the application program that does not have safety certificate but trusted by the user can on portable terminal, install and normal the use according to user's needs.Further, the embodiment of the invention has reduced stored data items on the portable terminal by the permission type of the application program of storing in the rule base and the resource type of resource are carried out grouping management, and conserve storage has shortened response time of access control; By rule base is arranged on the portable terminal, has further shortened the response time of access control, and avoided between portable terminal and the server because the network traffics expense that access control produced; By using cache list, improved the speed of whole access control process greatly; Introduce user interface section and realize that the user carries out self-defined editor to the permission type of the application program of installing, thereby make application program on the portable terminal more meet user's individual use habit, improve user experience.
The embodiment of the invention also provides a kind of first embodiment of access control method, and as shown in Figure 4, described method comprises:
S201, the resource request that the interception application program is initiated is extracted the sign of the application program in the described resource request and the sign of institute's requested resource.
S202, application program identification and resource identification according to described extraction, whether corresponding with described resource identification permission type the resource type of searching described application program identification correspondence in rule base satisfy the corresponding relation that presets, and generates the result of decision according to lookup result.
S203 allows or refuses the resource request of described application program according to the described result of decision.
Wherein, described rule base is used for the corresponding relation that presets between the corresponding permission type of the application storing sign resource type corresponding with resource identification.
Store authority grouping sheet, resource grouping sheet and access rule table in the rule base in advance; Described authority grouping sheet is the mapping table of application program identification and permission type, and described resource grouping sheet is the mapping table of resource identification and resource type, and described access rule table is the mapping table of permission type and resource type.Rule base can be stored on the server of network side, also can be stored on the portable terminal.Preferably, rule base is positioned on the portable terminal.
The access control method of the embodiment of the invention uses application program identification and resource identification to reach the purpose of access control, has satisfied application program reasonably resource user demand on portable terminal.
Describe in detail below by the method for a specific embodiment to the embodiment of the invention.
As shown in Figure 5, be second embodiment of the access control method of the embodiment of the invention, described method comprises:
S301, application program is initiated resource request;
Carry the application program identification of described application program and the sign of institute's requested resource in the described resource request; Described application program identification can comprise: program name or described portable terminal are the program number of described application assigned etc., and described resource identification can comprise: resource name or resource number etc.
S302 tackles the resource request that described application program is initiated; From the resource request of intercepting, extract application program identification and resource identification;
S303, application program identification and resource identification according to described extraction, whether corresponding with described resource identification permission type the resource type of searching described application program identification correspondence in rule base satisfy the corresponding relation that presets, and generate the result of decision according to lookup result.
The described permission type of searching the application program identification correspondence whether the resource type corresponding with described resource identification satisfy the corresponding relation that presets can for: search described application program identification corresponding permission type and described resource identification corresponding resource type in the resource grouping sheet in the authority grouping sheet, in the access rule table, search described permission type and resource identification and whether have the corresponding relation that permission is visited; Or search described application program identification corresponding permission type and this permission type corresponding resource type in the access rule table in the authority grouping sheet, whether search described resource identification and described resource type in the resource grouping sheet corresponding; Or corresponding resource type and this resource type are at the permission type of access rule table correspondence in the resource grouping sheet to search described resource identification, and whether search described application program identification and described permission type in the authority grouping sheet corresponding.
S304 allows or refuses the resource request of described application program according to the described result of decision.
Preferably, after step S302, also comprise step S305: whether have and the described application program identification and the corresponding result of decision of resource identification in the cache list that retrieval is deposited; If have, then directly allow or refuse the resource request of described application program according to this result of decision, if do not have, execution in step S303 more then; Described cache list is the mapping table of application program identification in the resource request of initiating recently that is not more than predetermined number, resource identification and the result of decision, and described predetermined number is preferably ten.
Preferably, described method also comprises step: when set up applications, receiving the user is this application program specified power type, and adds the application program identification of this application program and the corresponding relation of permission type in the authority grouping sheet of described rule base.
Authority grouping sheet in the described rule base can be by the User Defined editor, and resource grouping sheet and access rule table are that the deviser by access control system preestablishes, and the user haves no right visit and change.
Described method can also comprise step: receive the query requests of Client-initiated to the permission type of certain application program, permission type corresponding with the application program identification of this application program in the described authority grouping sheet is extracted and present to the user; And/or the permission type change directive of reception application program, use the permission type after changing to cover permission type corresponding in the described authority grouping sheet with the application program identification of this application program; And/or receive the instruction that unloads application program, with record deletion corresponding in the described authority grouping sheet with the application program identification of this application program.
Because the method embodiment of embodiment of the invention part is more to the similar content of portable terminal embodiment part, that therefore describes is simpler, and relevant part sees also portable terminal embodiment part, repeats no more herein.
The access control method of the embodiment of the invention, use application program identification and resource identification to reach the purpose of access control, satisfied application program reasonably resource user demand on portable terminal, simultaneously, make application program can obtain corresponding authority, make the application program that does not have safety certificate but trusted by the user can on portable terminal, install and normal the use according to user's needs.Further, the method of the embodiment of the invention is by carrying out grouping management to the permission type of the application program of storing in the rule base and the resource type of resource, reduced stored data items on the portable terminal, conserve storage has shortened response time of access control; By rule base is arranged on the portable terminal, has further shortened the response time of access control, and avoided between portable terminal and the server because the network traffics expense that access control produced; By using cache list, improved the speed of whole access control process greatly; Support the permission type of user's application programs to carry out self-defined editor, thereby make application program on the portable terminal more meet user's individual use habit, improve user experience.
One of ordinary skill in the art will appreciate that all or part of step that realizes in the foregoing description method is to instruct relevant hardware to finish by program, described program can be stored in the computer-readable recording medium, this program is when carrying out, comprise the steps: to tackle the resource request that application program is initiated, extract the sign of the application program in the described resource request and the sign of institute's requested resource; According to the application program identification and the resource identification of described extraction, whether corresponding with described resource identification permission type the resource type of searching described application program identification correspondence in rule base satisfy the corresponding relation that presets, and generates the result of decision according to lookup result; Allow or refuse the resource request of described application program according to the described result of decision.Described storage medium, as: ROM/RAM, magnetic disc, CD etc.
Need to prove, in this article, relational terms such as first and second grades only is used for an entity or operation are made a distinction with another entity or operation, and not necessarily requires or hint and have the relation of any this reality or in proper order between these entities or the operation.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thereby make and comprise that process, method, article or the equipment of a series of key elements not only comprise those key elements, but also comprise other key elements of clearly not listing, or also be included as this process, method, article or equipment intrinsic key element.Do not having under the situation of more restrictions, the key element that limits by statement " comprising ... ", and be not precluded within process, method, article or the equipment that comprises described key element and also have other identical element.
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.All any modifications of being done within the spirit and principles in the present invention, be equal to replacement, improvement etc., all be included in protection scope of the present invention.
Claims (12)
1, a kind of portable terminal is characterized in that, described portable terminal comprises:
Implement the unit, be used to tackle the resource request that application program is initiated, extract the sign of the application program in the described resource request and the sign of institute's requested resource; Obtain the result of decision, allow or refuse the resource request of described application program according to the described result of decision;
Decision package, be used for application program identification and resource identification according to the extraction of described enforcement unit, whether corresponding with described resource identification permission type the resource type of searching described application program identification correspondence in rule base satisfy the corresponding relation that presets, and generates the result of decision according to lookup result.
2, portable terminal as claimed in claim 1 is characterized in that, stores authority grouping sheet, resource grouping sheet and access rule table in the described rule base in advance; Described authority grouping sheet is the mapping table of application program identification and permission type, and described resource grouping sheet is the mapping table of resource identification and resource type, and described access rule table is the mapping table of permission type and resource type.
3, portable terminal as claimed in claim 1 is characterized in that, described enforcement unit also comprises:
The buffer memory subelement: be used to deposit cache list, described cache list is the mapping table of application program identification in the resource request of initiating recently that is not more than predetermined number, resource identification and the described decision package result of decision;
Whether the retrieval subelement: being used for retrieving described cache list has and the described application program identification and the corresponding result of decision of resource identification.
4, portable terminal as claimed in claim 2, it is characterized in that, described portable terminal also comprises user interface section, be used for when set up applications, receiving the user and be this application program specified power type, and in the authority grouping sheet of described rule base, add the application program identification of this application program and the corresponding relation of permission type.
5, portable terminal as claimed in claim 4 is characterized in that, described user interface section also is used for:
Receive the query requests of the permission type of Client-initiated application programs, permission type corresponding with the application program identification of this application program in the described authority grouping sheet is extracted and present to the user;
Receive the permission type change directive of application program, use the permission type after changing to cover permission type corresponding in the described authority grouping sheet with the application program identification of this application program;
Receive the instruction of unloading application program, with record deletion corresponding in the described authority grouping sheet with the application program identification of this application program.
6, as each described portable terminal of claim 1-5, described portable terminal comprises described rule base.
7, a kind of access control method is characterized in that, described method comprises:
The resource request that the interception application program is initiated is extracted the sign of the application program in the described resource request and the sign of institute's requested resource;
According to the application program identification and the resource identification of described extraction, whether corresponding with described resource identification permission type the resource type of searching described application program identification correspondence in rule base satisfy the corresponding relation that presets, and generates the result of decision according to lookup result;
Allow or refuse the resource request of described application program according to the described result of decision.
8, method as claimed in claim 7 is characterized in that, stores authority grouping sheet, resource grouping sheet and access rule table in the described rule base in advance; Described authority grouping sheet is the mapping table of application program identification and permission type, and described resource grouping sheet is the mapping table of resource identification and resource type, and described access rule table is the mapping table of permission type and resource type.
9, method as claimed in claim 7 is characterized in that, described intercept the resource request of application program after, described method also comprises:
Whether have and the described application program identification and the corresponding result of decision of resource identification in the cache list that retrieval is deposited; If have, then directly allow or refuse the resource request of described application program according to this result of decision; Described cache list is the mapping table of application program identification in the resource request of initiating recently that is not more than predetermined number, resource identification and the result of decision.
10, method as claimed in claim 8 is characterized in that, described method also comprises:
When set up applications, receiving the user is this application program specified power type, and adds the application program identification of this application program and the corresponding relation of permission type in the authority grouping sheet of described rule base.
11, method as claimed in claim 10 is characterized in that, described method also comprises:
Receive the query requests of Client-initiated, permission type corresponding with the application program identification of this application program in the described authority grouping sheet is extracted and present to the user the permission type of certain application program; And/or
Receive the permission type change directive of application program, use the permission type after changing to cover permission type corresponding in the described authority grouping sheet with the application program identification of this application program; And/or
Receive the instruction of unloading application program, with record deletion corresponding in the described authority grouping sheet with the application program identification of this application program.
12, as each described method of claim 8-11, whether the resource type corresponding with described resource identification satisfies the corresponding relation that presets to the described permission type of searching the application program identification correspondence comprises:
Search the permission type of described application program identification correspondence in the authority grouping sheet and the resource type of described resource identification correspondence in the resource grouping sheet, in the access rule table, search the corresponding relation whether described permission type and resource identification have the visit of allowing; Or
Whether search described application program identification corresponding permission type and this permission type corresponding resource type in the access rule table in the authority grouping sheet, it is corresponding to search described resource identification and described resource type in the resource grouping sheet; Or
Whether search the resource type and the permission type of this resource type in access rule table correspondence of described resource identification correspondence in the resource grouping sheet, it is corresponding to search described application program identification and described permission type in the authority grouping sheet.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910173947A CN101655892A (en) | 2009-09-22 | 2009-09-22 | Mobile terminal and access control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910173947A CN101655892A (en) | 2009-09-22 | 2009-09-22 | Mobile terminal and access control method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101655892A true CN101655892A (en) | 2010-02-24 |
Family
ID=41710181
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910173947A Pending CN101655892A (en) | 2009-09-22 | 2009-09-22 | Mobile terminal and access control method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101655892A (en) |
Cited By (43)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102006297A (en) * | 2010-11-23 | 2011-04-06 | 中国科学院软件研究所 | Two-level policy decision-based access control method and system |
| CN102202308A (en) * | 2011-04-27 | 2011-09-28 | 惠州Tcl移动通信有限公司 | Network access method, system and terminal equipment thereof |
| CN102413221A (en) * | 2011-11-24 | 2012-04-11 | 中兴通讯股份有限公司 | Method for protecting privacy information and mobile terminal |
| CN102801688A (en) * | 2011-05-23 | 2012-11-28 | 联想(北京)有限公司 | Data access method, device and terminal supporting data access |
| CN103179126A (en) * | 2013-03-26 | 2013-06-26 | 山东中创软件商用中间件股份有限公司 | Access control method and device |
| CN103248613A (en) * | 2012-02-09 | 2013-08-14 | 腾讯科技(深圳)有限公司 | Method and device for controlling network access of application program |
| CN103313238A (en) * | 2013-06-20 | 2013-09-18 | 天翼电信终端有限公司 | Safety system and safety protection method for mobile terminal |
| CN103378971A (en) * | 2012-04-27 | 2013-10-30 | 厦门雅迅网络股份有限公司 | Data encryption system and method |
| WO2013182006A1 (en) * | 2012-06-07 | 2013-12-12 | 北京奇虎科技有限公司 | Method and device for use in intercepting call for service by application |
| CN103458406A (en) * | 2012-06-04 | 2013-12-18 | 北京三星通信技术研究有限公司 | Terminal data access method and device |
| WO2014005268A1 (en) * | 2012-07-02 | 2014-01-09 | 华为技术有限公司 | Resource access method and device |
| WO2014015795A1 (en) * | 2012-07-23 | 2014-01-30 | 百度在线网络技术(北京)有限公司 | Method and device for providing communication connection for multiple candidate applications in mobile device |
| CN103685341A (en) * | 2012-08-31 | 2014-03-26 | 百度在线网络技术(北京)有限公司 | Cloud storage data center and cloud storage data providing method |
| CN103858130A (en) * | 2013-08-23 | 2014-06-11 | 华为终端有限公司 | Method, apparatus and terminal for administration of permission |
| CN103986691A (en) * | 2014-04-14 | 2014-08-13 | 深信服网络科技(深圳)有限公司 | Method and device for transferring network request data of terminal |
| CN104066090A (en) * | 2013-03-21 | 2014-09-24 | 联想(北京)有限公司 | Information processing method and electronic device |
| CN104199705A (en) * | 2014-09-10 | 2014-12-10 | 北京金山安全软件有限公司 | Data pushing method and device |
| CN104200175A (en) * | 2014-08-27 | 2014-12-10 | 华为技术有限公司 | Information protection method and device |
| CN104246785A (en) * | 2012-03-21 | 2014-12-24 | 迈克菲股份有限公司 | System and method for crowdsourcing of mobile application reputations |
| CN104317620A (en) * | 2014-10-24 | 2015-01-28 | 中兴通讯股份有限公司 | Multi-screen sharing based application management method and device |
| CN104462957A (en) * | 2013-09-23 | 2015-03-25 | 联想(北京)有限公司 | Application management method and electronic equipment |
| WO2015043420A1 (en) * | 2013-09-27 | 2015-04-02 | 华为终端有限公司 | Permission control method and device |
| CN104750700A (en) * | 2013-12-26 | 2015-07-01 | 珠海金山办公软件有限公司 | Document providing method and device |
| CN104809369A (en) * | 2014-01-26 | 2015-07-29 | 四川长虹电器股份有限公司 | Method, client, server and system for grouping device access permissions |
| CN104899516A (en) * | 2015-05-15 | 2015-09-09 | 公安部第三研究所 | Access behavior control system and mobile terminal |
| CN105282117A (en) * | 2014-07-21 | 2016-01-27 | 中兴通讯股份有限公司 | Access control method and device |
| CN105574402A (en) * | 2015-12-21 | 2016-05-11 | 联想(北京)有限公司 | Control method and electronic equipment |
| CN105701393A (en) * | 2016-02-25 | 2016-06-22 | 三星半导体(中国)研究开发有限公司 | Method for managing application program authority in electronic terminal |
| CN105718461A (en) * | 2014-12-02 | 2016-06-29 | 阿里巴巴集团控股有限公司 | Call center based information query method, apparatus and system |
| CN106161396A (en) * | 2015-04-20 | 2016-11-23 | 阿里巴巴集团控股有限公司 | A kind of virtual machine network that realizes accesses the method and device controlled |
| CN106325844A (en) * | 2015-06-30 | 2017-01-11 | 联想(北京)有限公司 | Information processing method and electronic device |
| CN106339629A (en) * | 2016-08-22 | 2017-01-18 | 浪潮(苏州)金融技术服务有限公司 | Application management method and device |
| CN106529297A (en) * | 2016-11-22 | 2017-03-22 | 北京奇虎科技有限公司 | Method and apparatus for obtaining application state information |
| CN106778237A (en) * | 2016-12-13 | 2017-05-31 | 珠海市魅族科技有限公司 | A kind of method of repair function availability, terminal and external equipment |
| CN106850683A (en) * | 2017-03-22 | 2017-06-13 | 维沃移动通信有限公司 | The control method and mobile terminal of a kind of application program |
| CN107180184A (en) * | 2017-06-14 | 2017-09-19 | 努比亚技术有限公司 | Application program right management method, device and computer-readable recording medium |
| US9787685B2 (en) | 2014-06-24 | 2017-10-10 | Xiaomi Inc. | Methods, devices and systems for managing authority |
| WO2017206925A1 (en) * | 2016-06-01 | 2017-12-07 | 中兴通讯股份有限公司 | Resource id configuration method and device |
| CN107480537A (en) * | 2017-06-28 | 2017-12-15 | 北京小度信息科技有限公司 | Authority the Resources list automatic generation method and device |
| CN108417258A (en) * | 2017-02-10 | 2018-08-17 | 深圳市理邦精密仪器股份有限公司 | Right management method, device and patient monitor |
| CN108804944A (en) * | 2018-06-04 | 2018-11-13 | 北京奇虎科技有限公司 | Access authorization for resource configuration method based on tables of data and device |
| CN110334500A (en) * | 2019-06-28 | 2019-10-15 | 百度在线网络技术(北京)有限公司 | Authority control method, device, intelligent sound box and the storage medium of intelligent sound box |
| US10671449B2 (en) | 2015-06-30 | 2020-06-02 | Lenovo (Beijing) Limited | Methods and apparatuses for setting application property and message processing |
-
2009
- 2009-09-22 CN CN200910173947A patent/CN101655892A/en active Pending
Cited By (69)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102006297B (en) * | 2010-11-23 | 2013-04-10 | 中国科学院软件研究所 | Two-level policy decision-based access control method and system |
| CN102006297A (en) * | 2010-11-23 | 2011-04-06 | 中国科学院软件研究所 | Two-level policy decision-based access control method and system |
| CN102202308A (en) * | 2011-04-27 | 2011-09-28 | 惠州Tcl移动通信有限公司 | Network access method, system and terminal equipment thereof |
| CN102801688A (en) * | 2011-05-23 | 2012-11-28 | 联想(北京)有限公司 | Data access method, device and terminal supporting data access |
| CN102801688B (en) * | 2011-05-23 | 2015-11-25 | 联想(北京)有限公司 | The terminal of a kind of method of data access, device and supported data access |
| CN102413221B (en) * | 2011-11-24 | 2014-03-12 | 中兴通讯股份有限公司 | Method for protecting privacy information and mobile terminal |
| CN102413221A (en) * | 2011-11-24 | 2012-04-11 | 中兴通讯股份有限公司 | Method for protecting privacy information and mobile terminal |
| CN103248613B (en) * | 2012-02-09 | 2014-07-23 | 腾讯科技(深圳)有限公司 | Method and device for controlling network access of application program |
| CN103248613A (en) * | 2012-02-09 | 2013-08-14 | 腾讯科技(深圳)有限公司 | Method and device for controlling network access of application program |
| CN104246785A (en) * | 2012-03-21 | 2014-12-24 | 迈克菲股份有限公司 | System and method for crowdsourcing of mobile application reputations |
| CN103378971A (en) * | 2012-04-27 | 2013-10-30 | 厦门雅迅网络股份有限公司 | Data encryption system and method |
| CN103378971B (en) * | 2012-04-27 | 2017-10-13 | 厦门雅迅网络股份有限公司 | A kind of data encryption system and method |
| CN103458406A (en) * | 2012-06-04 | 2013-12-18 | 北京三星通信技术研究有限公司 | Terminal data access method and device |
| CN103458406B (en) * | 2012-06-04 | 2018-03-06 | 北京三星通信技术研究有限公司 | The method and apparatus that terminal data accesses |
| WO2013182006A1 (en) * | 2012-06-07 | 2013-12-12 | 北京奇虎科技有限公司 | Method and device for use in intercepting call for service by application |
| WO2014005268A1 (en) * | 2012-07-02 | 2014-01-09 | 华为技术有限公司 | Resource access method and device |
| CN104169930A (en) * | 2012-07-02 | 2014-11-26 | 华为技术有限公司 | Resource access method and device |
| CN104169930B (en) * | 2012-07-02 | 2017-02-22 | 华为技术有限公司 | resource access method and device |
| WO2014015795A1 (en) * | 2012-07-23 | 2014-01-30 | 百度在线网络技术(北京)有限公司 | Method and device for providing communication connection for multiple candidate applications in mobile device |
| US10506021B2 (en) | 2012-07-23 | 2019-12-10 | Baidu Online Network Technology (Beijing) Co., Ltd. | Method and device for providing communication connection for a plurality of candidate applications in a mobile device |
| CN103685341B (en) * | 2012-08-31 | 2016-12-28 | 百度在线网络技术(北京)有限公司 | The offer method of cloud storage data center and cloud storage data |
| CN103685341A (en) * | 2012-08-31 | 2014-03-26 | 百度在线网络技术(北京)有限公司 | Cloud storage data center and cloud storage data providing method |
| CN104066090A (en) * | 2013-03-21 | 2014-09-24 | 联想(北京)有限公司 | Information processing method and electronic device |
| CN103179126A (en) * | 2013-03-26 | 2013-06-26 | 山东中创软件商用中间件股份有限公司 | Access control method and device |
| CN103313238A (en) * | 2013-06-20 | 2013-09-18 | 天翼电信终端有限公司 | Safety system and safety protection method for mobile terminal |
| US9614834B2 (en) | 2013-08-23 | 2017-04-04 | Huawei Device Co., Ltd. | Permission management method, apparatus, and terminal |
| US9870463B2 (en) | 2013-08-23 | 2018-01-16 | Huawei Device (Dongguan) Co., Ltd. | Permission management method, apparatus, and terminal |
| CN103858130A (en) * | 2013-08-23 | 2014-06-11 | 华为终端有限公司 | Method, apparatus and terminal for administration of permission |
| CN104462957A (en) * | 2013-09-23 | 2015-03-25 | 联想(北京)有限公司 | Application management method and electronic equipment |
| CN104462957B (en) * | 2013-09-23 | 2018-03-27 | 联想(北京)有限公司 | Application management method and electronic equipment |
| CN104516783A (en) * | 2013-09-27 | 2015-04-15 | 华为终端有限公司 | Authority control method and device |
| WO2015043420A1 (en) * | 2013-09-27 | 2015-04-02 | 华为终端有限公司 | Permission control method and device |
| CN104516783B (en) * | 2013-09-27 | 2019-04-23 | 华为终端(东莞)有限公司 | Authority control method and device |
| CN104750700A (en) * | 2013-12-26 | 2015-07-01 | 珠海金山办公软件有限公司 | Document providing method and device |
| CN104809369A (en) * | 2014-01-26 | 2015-07-29 | 四川长虹电器股份有限公司 | Method, client, server and system for grouping device access permissions |
| CN104809369B (en) * | 2014-01-26 | 2018-01-30 | 四川长虹电器股份有限公司 | Packet sets method, client, server and the system of equipment access rights |
| CN103986691A (en) * | 2014-04-14 | 2014-08-13 | 深信服网络科技(深圳)有限公司 | Method and device for transferring network request data of terminal |
| CN103986691B (en) * | 2014-04-14 | 2017-11-21 | 深信服网络科技(深圳)有限公司 | The retransmission method and device of terminal network request data |
| US9787685B2 (en) | 2014-06-24 | 2017-10-10 | Xiaomi Inc. | Methods, devices and systems for managing authority |
| CN105282117A (en) * | 2014-07-21 | 2016-01-27 | 中兴通讯股份有限公司 | Access control method and device |
| CN104200175A (en) * | 2014-08-27 | 2014-12-10 | 华为技术有限公司 | Information protection method and device |
| CN104199705A (en) * | 2014-09-10 | 2014-12-10 | 北京金山安全软件有限公司 | Data pushing method and device |
| CN104317620B (en) * | 2014-10-24 | 2018-08-10 | 中兴通讯股份有限公司 | The application management method and device shared based on multi-screen |
| CN104317620A (en) * | 2014-10-24 | 2015-01-28 | 中兴通讯股份有限公司 | Multi-screen sharing based application management method and device |
| WO2016061924A1 (en) * | 2014-10-24 | 2016-04-28 | 中兴通讯股份有限公司 | Multi-screen sharing based application management method and device, and storage medium |
| CN105718461B (en) * | 2014-12-02 | 2019-09-24 | 阿里巴巴集团控股有限公司 | Information query method, apparatus and system based on call center |
| CN105718461A (en) * | 2014-12-02 | 2016-06-29 | 阿里巴巴集团控股有限公司 | Call center based information query method, apparatus and system |
| CN106161396B (en) * | 2015-04-20 | 2019-10-22 | 阿里巴巴集团控股有限公司 | A kind of method and device for realizing virtual machine network access control |
| CN106161396A (en) * | 2015-04-20 | 2016-11-23 | 阿里巴巴集团控股有限公司 | A kind of virtual machine network that realizes accesses the method and device controlled |
| CN104899516A (en) * | 2015-05-15 | 2015-09-09 | 公安部第三研究所 | Access behavior control system and mobile terminal |
| US10671449B2 (en) | 2015-06-30 | 2020-06-02 | Lenovo (Beijing) Limited | Methods and apparatuses for setting application property and message processing |
| CN106325844A (en) * | 2015-06-30 | 2017-01-11 | 联想(北京)有限公司 | Information processing method and electronic device |
| CN106325844B (en) * | 2015-06-30 | 2022-04-22 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| CN105574402A (en) * | 2015-12-21 | 2016-05-11 | 联想(北京)有限公司 | Control method and electronic equipment |
| CN105701393A (en) * | 2016-02-25 | 2016-06-22 | 三星半导体(中国)研究开发有限公司 | Method for managing application program authority in electronic terminal |
| CN106971103B (en) * | 2016-02-25 | 2018-12-14 | 三星半导体(中国)研究开发有限公司 | The method of application program permission is managed in electric terminal |
| CN106971103A (en) * | 2016-02-25 | 2017-07-21 | 三星半导体(中国)研究开发有限公司 | The method that application program authority is managed in electric terminal |
| WO2017206925A1 (en) * | 2016-06-01 | 2017-12-07 | 中兴通讯股份有限公司 | Resource id configuration method and device |
| CN106339629A (en) * | 2016-08-22 | 2017-01-18 | 浪潮(苏州)金融技术服务有限公司 | Application management method and device |
| CN106529297A (en) * | 2016-11-22 | 2017-03-22 | 北京奇虎科技有限公司 | Method and apparatus for obtaining application state information |
| CN106529297B (en) * | 2016-11-22 | 2019-08-06 | 北京安云世纪科技有限公司 | Obtain the method and device of application state information |
| CN106778237A (en) * | 2016-12-13 | 2017-05-31 | 珠海市魅族科技有限公司 | A kind of method of repair function availability, terminal and external equipment |
| CN108417258A (en) * | 2017-02-10 | 2018-08-17 | 深圳市理邦精密仪器股份有限公司 | Right management method, device and patient monitor |
| CN106850683A (en) * | 2017-03-22 | 2017-06-13 | 维沃移动通信有限公司 | The control method and mobile terminal of a kind of application program |
| CN107180184A (en) * | 2017-06-14 | 2017-09-19 | 努比亚技术有限公司 | Application program right management method, device and computer-readable recording medium |
| CN107480537A (en) * | 2017-06-28 | 2017-12-15 | 北京小度信息科技有限公司 | Authority the Resources list automatic generation method and device |
| CN108804944A (en) * | 2018-06-04 | 2018-11-13 | 北京奇虎科技有限公司 | Access authorization for resource configuration method based on tables of data and device |
| CN110334500A (en) * | 2019-06-28 | 2019-10-15 | 百度在线网络技术(北京)有限公司 | Authority control method, device, intelligent sound box and the storage medium of intelligent sound box |
| CN110334500B (en) * | 2019-06-28 | 2022-04-12 | 百度在线网络技术(北京)有限公司 | Authority control method and device of intelligent sound box, intelligent sound box and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101655892A (en) | Mobile terminal and access control method | |
| US11182211B2 (en) | Task allocation method and task allocation apparatus for distributed data calculation | |
| US20160232374A1 (en) | Permission control method and apparatus | |
| US20130054611A1 (en) | Apparatus and method for processing partitioned data for securing content | |
| CN104572727A (en) | Data querying method and device | |
| CN103987130A (en) | Terminal access method, device and system based on WIFI equipment | |
| CN102915382A (en) | Method and device for carrying out data query on database based on indexes | |
| CN106254571A (en) | A kind of client ip address distribution method and device | |
| CN106776013B (en) | Multi-system resource scheduling method and device | |
| CN104750872A (en) | Method and device for searching service object | |
| US20090150973A1 (en) | Access control method and system for multiple accessing entities | |
| EP2348676B1 (en) | Method for accessing magnanimity data of intelligent network service database and system and device thereof | |
| CN106549983B (en) | Database access method, terminal and server | |
| CN102780780B (en) | Method, equipment and system for data processing in cloud computing mode | |
| US11394748B2 (en) | Authentication method for anonymous account and server | |
| CN102314425A (en) | Data searching method and system | |
| CN102214214A (en) | Method and device for processing data relationship and mobile communication terminal | |
| US20190020999A1 (en) | Making subscriber data addressable as a device in a mobile data network | |
| CN102833295A (en) | Data manipulation method and device in distributed cache system | |
| CN101916339B (en) | Method and device for inquiring authority | |
| CN102566866A (en) | Dynamic desktop updating system | |
| CN101394606A (en) | Information publishing method, apparatus and system thereof | |
| CN101478652B (en) | Searching method, system and digital television receiving terminal for memory data | |
| CN101997885B (en) | User data scheduling method, server and data center | |
| CN109460293B (en) | Computing resource selection method under distributed computing environment in wireless cloud computing system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20100224 |