CN106570390A - Equipment permission control method and device - Google Patents
Equipment permission control method and device Download PDFInfo
- Publication number
- CN106570390A CN106570390A CN201610959163.1A CN201610959163A CN106570390A CN 106570390 A CN106570390 A CN 106570390A CN 201610959163 A CN201610959163 A CN 201610959163A CN 106570390 A CN106570390 A CN 106570390A
- Authority
- CN
- China
- Prior art keywords
- authority
- application program
- equipment
- equipment authority
- service server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses an equipment permission control method and device. The method includes: receiving permission risk information from a business server; and according to the permission risk information, adjusting the equipment permission which is granted to an application program. The invention has the advantages of adjusting the granted equipment permission according to the permission risk information from the business server, performing risk identification of the granted equipment permission, effectively managing and controlling the equipment permission, thus protecting user privacy and improving user experience.
Description
Technical field
The present invention relates to information security field, more particularly to a kind of control method and device of equipment authority.
Background technology
Increasing with application program species, the equipment authority that mobile terminal is opened to application program is also increasingly
Many, use of the application program on equipment authority can to a certain extent affect privacy of user, and mobile terminal is needed to applying journey
The equipment authority that sequence is opened reasonably is controlled, to protect privacy of user.
In prior art, can give tacit consent to and authorize application program apllied armamentarium authority in set up applications,
But lack the basic management and control to equipment authority, there is the risk of privacy leakage;Equipment authority can also be divided into by degree of privacy
Low harmful grade and high-risk rank, in set up applications, by the equipment authority of the low harmful grade of application program
Application program is granted to, if the authority of application program high-risk rank, points out user to confirm to authorize by hand, although energy
It is enough to protect privacy of user to a certain extent, but it is a lack of the ability that the equipment authority to having authorized carries out risk identification.
The content of the invention
Present invention is primarily targeted at proposing a kind of control method and device of equipment authority, it is intended to solve prior art
The defect of risk identification cannot be carried out to the equipment authority that authorized.
For achieving the above object, the control method of a kind of equipment authority that the present invention is provided, including:
Receive the authority risk information from service server;
According to authority risk information, the equipment authority to being granted to application program is adjusted.
Additionally, for achieving the above object, the present invention also proposes a kind of control device of equipment authority, including:
Receiver module, for receiving the authority risk information from service server;
Adjusting module, for according to authority risk information, the equipment authority to being granted to application program to be adjusted.
The control method and device of equipment authority proposed by the present invention, believes according to the authority risk from service server
Breath, the equipment authority to having authorized is adjusted, and can carry out risk identification to the equipment authority for having authorized, and equipment authority is entered
Row effectively management and control, and then privacy of user is protected, lift Consumer's Experience.
Description of the drawings
Fig. 1 is the hardware architecture diagram of the mobile terminal for realizing each embodiment of the invention;
Fig. 2 is the wireless communication system schematic diagram of mobile terminal as shown in Figure 1;
Fig. 3 is a kind of control method flow chart of equipment authority that first embodiment of the invention is proposed;
Fig. 4 is a kind of control method flow chart of equipment authority that second embodiment of the invention is proposed;
Fig. 5 is a kind of control method flow chart of equipment authority that third embodiment of the invention is proposed;
Fig. 6 is a kind of control method flow chart of equipment authority that fourth embodiment of the invention is proposed;
Fig. 7 is a kind of control device structure chart of the equipment authority in fifth embodiment of the invention;
The realization of the object of the invention, functional characteristics and advantage will be described further referring to the drawings in conjunction with the embodiments.
Specific embodiment
It should be appreciated that specific embodiment described herein is not intended to limit the present invention only to explain the present invention.
The terminal of each embodiment of the invention is realized referring now to Description of Drawings.In follow-up description, using being used for
The suffix of such as " module ", " part " or " unit " of element is represented only for being conducive to explanation of the invention, itself is not
There is specific meaning.Therefore, " module " can be used mixedly with " part ".
Terminal can be implemented in a variety of manners.For example, the present invention described in terminal can include such as mobile phone,
Smart phone, notebook computer, digit broadcasting receiver, PDA (personal digital assistant), PAD (panel computer), PMP are (portable
Multimedia player), the mobile terminal of guider etc. and the such as fixed terminal of numeral TV, desktop computer etc..
Hereinafter it is assumed that terminal is mobile terminal.However, it will be understood by those skilled in the art that, except being used in particular for moving purpose
Outside element, construction according to the embodiment of the present invention can also apply to the terminal of fixed type.
Fig. 1 is that the hardware configuration of the mobile terminal for realizing each embodiment of the invention is illustrated.
Mobile terminal 1 00 can include wireless communication unit 110, A/V (audio/video) input block 120, user input
Unit 130, sensing unit 140, output unit 150, memory 160, interface unit 170, controller 180 and power subsystem 190
Etc..Fig. 1 shows the mobile terminal with various assemblies, it should be understood that being not required for implementing all groups for illustrating
Part.More or less of component can alternatively be implemented.Will be discussed in more detail below the element of mobile terminal.
Wireless communication unit 110 generally includes one or more assemblies, and it allows mobile terminal 1 00 and wireless communication system
Or the radio communication between network.For example, wireless communication unit can include broadcasting reception module 111, mobile communication module
112nd, at least one of wireless Internet module 113, short range communication module 114 and location information module 115.
Broadcasting reception module 111 receives broadcast singal and/or broadcast via broadcast channel from external broadcast management server
Relevant information.Broadcast channel can include satellite channel and/or terrestrial channel.Broadcast management server can be generated and sent
The broadcast singal generated before the server or reception of broadcast singal and/or broadcast related information and/or broadcast related information
And send it to the server of terminal.Broadcast singal can include TV broadcast singals, radio signals, data broadcasting
Signal etc..And, broadcast singal may further include the broadcast singal combined with TV or radio signals.Broadcast phase
Pass information can also be provided via mobile communications network, and in this case, broadcast related information can be by mobile communication mould
Block 112 is receiving.Broadcast singal can be present in a variety of manners, and for example, it can be with the electronics of DMB (DMB)
The form of program guide (EPG), the electronic service guidebooks (ESG) of digital video broadcast-handheld (DVB-H) etc. and exist.Broadcast
Receiver module 111 can receive signal broadcast by using various types of broadcast systems.Especially, broadcasting reception module 111
Can be wide by using such as multimedia broadcasting-ground (DMB-T), DMB-satellite (DMB-S), digital video
Broadcast-hand-held (DVB-H), Radio Data System, the received terrestrial digital broadcasting integrated service of forward link media (MediaFLO@)
Etc. (ISDB-T) digit broadcasting system receives digital broadcasting.Broadcasting reception module 111 may be constructed such that and be adapted to provide for extensively
Broadcast the various broadcast systems and above-mentioned digit broadcasting system of signal.Via broadcasting reception module 111 receive broadcast singal and/
Or broadcast related information can be stored in memory 160 (or other types of storage medium).
Mobile communication module 112 sends radio signals to base station (for example, access point, node B etc.), exterior terminal
And at least one of server and/or receive from it radio signal.Such radio signal can be logical including voice
Words signal, video calling signal or the various types of data for sending and/or receiving according to text and/or Multimedia Message.
Wireless Internet module 113 supports the Wi-Fi (Wireless Internet Access) of mobile terminal.The module can be internally or externally
It is couple to terminal.Wi-Fi (Wireless Internet Access) technology involved by the module can include WLAN (WLAN) (Wi-Fi), Wibro
(WiMAX), Wimax (worldwide interoperability for microwave accesses), HSDPA (high-speed downlink packet access) etc..
Short range communication module 114 is the module for supporting junction service.Some examples of short-range communication technology include indigo plant
Tooth TM, RF identification (RFID), Infrared Data Association (IrDA), ultra broadband (UWB), purple honeybee TM etc..
Location information module 115 is the module for checking or obtaining the positional information of mobile terminal.Location information module
Typical case be GPS (global positioning system).According to current technology, GPS module 115 is calculated from three or more satellites
Range information and correct time information and for calculate Information application triangulation, so as to according to longitude, latitude
Highly accurately calculate three-dimensional current location information.Currently, the method for calculating position and temporal information is defended using three
The error of star and the position that calculated by using other satellite correction and temporal information.Additionally, GPS module 115
Can be by Continuous plus current location information in real time come calculating speed information.
A/V input blocks 120 are used to receive audio or video signal.A/V input blocks 120 can include the He of camera 121
Microphone 1220, the static map that 121 pairs, camera is obtained in Video Capture pattern or image capture mode by image capture apparatus
The view data of piece or video is processed.Picture frame after process may be displayed on display unit 151.At Jing cameras 121
Picture frame after reason can be stored in memory 160 (or other storage mediums) or via wireless communication unit 110 and carry out
Send, two or more cameras 1210 can be provided according to the construction of mobile terminal.Microphone 122 can be in telephone relation mould
Sound (voice data) is received via microphone in formula, logging mode, speech recognition mode etc. operational mode, and can be by
Such acoustic processing is voice data.Audio frequency (voice) data after process can be changed in the case of telephone calling model
For the form output of mobile communication base station can be sent to via mobile communication module 112.Microphone 122 can implement all kinds
Noise eliminate (or suppress) algorithm eliminating (or suppression) in the noise for receiving and producing during sending audio signal or
Person disturbs.
User input unit 130 can generate key input data to control each of mobile terminal according to the order of user input
Plant operation.User input unit 130 allows the various types of information of user input, and can include keyboard, metal dome, touch
Plate (for example, detection is due to the sensitive component of the change of touched and caused resistance, pressure, electric capacity etc.), roller, rocking bar etc.
Deng.Especially, when touch pad is superimposed upon in the form of layer on display unit 151, touch-screen can be formed.
Sensing unit 140 detects the current state of mobile terminal 1 00, and (for example, mobile terminal 1 00 opens or closes shape
State), the presence or absence of contact (that is, touch input), the mobile terminal of the position of mobile terminal 1 00, user for mobile terminal 1 00
100 orientation, the acceleration or deceleration movement of mobile terminal 1 00 and direction etc., and generate for controlling mobile terminal 1 00
The order of operation or signal.For example, when mobile terminal 1 00 is embodied as sliding-type mobile phone, sensing unit 140 can be sensed
The sliding-type phone is opened or closed.In addition, sensing unit 140 can detect power subsystem 190 whether provide electric power or
Whether person's interface unit 170 couples with external device (ED).Sensing unit 140 can will be combined below including proximity transducer 1410
Touch-screen to this being described.
Interface unit 170 is connected the interface that can pass through with mobile terminal 1 00 as at least one external device (ED).For example,
External device (ED) can include wired or wireless head-band earphone port, external power source (or battery charger) port, wired or nothing
Line FPDP, memory card port, the port for device of the connection with identification module, audio input/output (I/O) end
Mouth, video i/o port, ear port etc..Identification module can be that storage uses each of mobile terminal 1 00 for verifying user
Kind of information and subscriber identification module (UIM), client identification module (SIM), Universal Subscriber identification module (USIM) can be included
Etc..In addition, the device (hereinafter referred to as " identifying device ") with identification module can take the form of smart card, therefore, know
Other device can be connected via port or other attachment means with mobile terminal 1 00.Interface unit 170 can be used for receive from
The input (for example, data message, electric power etc.) of external device (ED) and the input for receiving is transferred in mobile terminal 1 00
One or more elements can be used for the transmission data between mobile terminal and external device (ED).
In addition, when mobile terminal 1 00 is connected with external base, interface unit 170 can serve as allowing to pass through it by electricity
Power from base provide to mobile terminal 1 00 path or can serve as allow from base be input into various command signals pass through its
It is transferred to the path of mobile terminal.Can serve as recognizing that mobile terminal is from the various command signals or electric power of base input
The no signal being accurately fitted within base.Output unit 150 is configured to provide defeated with vision, audio frequency and/or tactile manner
Go out signal (for example, audio signal, vision signal, alarm signal, vibration signal etc.).Output unit 150 can include showing
Unit 151, dio Output Modules 152, alarm unit 153 etc..
Display unit 151 may be displayed on the information processed in mobile terminal 1 00.For example, when mobile terminal 1 00 is in electricity
During words call mode, display unit 151 can show and converse or other communicate (for example, text messaging, multimedia files
Download etc.) related user interface (UI) or graphic user interface (GUI).When mobile terminal 1 00 is in video calling pattern
Or during image capture mode, display unit 151 can show the image of capture and/or the image of reception, illustrate video or figure
UI or GUI of picture and correlation function etc..
Meanwhile, when the display unit 151 and touch pad touch-screen with formation superposed on one another in the form of layer, display unit
151 can serve as input unit and output device.Display unit 151 can include liquid crystal display (LCD), thin film transistor (TFT)
In LCD (TFT-LCD), Organic Light Emitting Diode (OLED) display, flexible display, three-dimensional (3D) display etc. at least
It is a kind of.Some in these displays may be constructed such that transparence to allow user from outside viewing, and this is properly termed as transparent
Display, typical transparent display can be, for example, TOLED (transparent organic light emitting diode) display etc..According to specific
The embodiment wanted, mobile terminal 1 00 can include two or more display units (or other display devices), for example, move
Dynamic terminal can include outernal display unit (not shown) and inner display unit (not shown).Touch-screen can be used for detection and touch
Input pressure and touch input position and touch input area.
Dio Output Modules 152 can mobile terminal in call signal reception pattern, call mode, logging mode,
It is that wireless communication unit 110 is received or in memory 160 when under the isotypes such as speech recognition mode, broadcast reception mode
The voice data transducing audio signal of middle storage and it is output as sound.And, dio Output Modules 152 can be provided and movement
The audio output (for example, call signal receives sound, message sink sound etc.) of the specific function correlation that terminal 100 is performed.
Dio Output Modules 152 can include loudspeaker, buzzer etc..
Alarm unit 153 can provide output so that event is notified to mobile terminal 1 00.Typical event can be with
Including calling reception, message sink, key signals input, touch input etc..In addition to audio or video is exported, alarm unit
153 can in a different manner provide output with the generation of notification event.For example, alarm unit 153 can be in the form of vibrating
Output is provided, when calling, message or some other entrance communication (incomingcommunication) are received, alarm list
Unit 153 can provide tactile output (that is, vibrating) to notify to user.By providing such tactile output, even if
When the mobile phone of user is in the pocket of user, user also can recognize that the generation of various events.Alarm unit 153
The output of the generation of notification event can be provided via display unit 151 or dio Output Modules 152.
Memory 160 can store software program for the process and control operation performed by controller 180 etc., Huo Zheke
With the data (for example, telephone directory, message, still image, video etc.) for temporarily storing own Jing outputs or will export.And
And, memory 160 can be storing the vibration of various modes with regard to exporting when touching and being applied to touch-screen and audio signal
Data.
Memory 160 can include the storage medium of at least one type, and the storage medium includes flash memory, hard disk, many
Media card, card-type memory (for example, SD or DX memories etc.), random access storage device (RAM), static random-access storage
Device (SRAM), read-only storage (ROM), Electrically Erasable Read Only Memory (EEPROM), programmable read only memory
(PROM), magnetic storage, disk, CD etc..And, mobile terminal 1 00 can perform memory with by network connection
The network storage device cooperation of 160 store function.
The overall operation of the generally control mobile terminal of controller 180.For example, controller 180 is performed and voice call, data
The related control of communication, video calling etc. and process.In addition, controller 180 can be included for reproducing (or playback) many matchmakers
The multi-media module 1810 of volume data, multi-media module 1810 can be constructed in controller 180, or is so structured that and control
Device processed 180 is separated.Controller 180 can be with execution pattern identifying processing, by the handwriting input for performing on the touchscreen or figure
Piece draws input and is identified as character or image.
Power subsystem 190 receives external power or internal power under the control of controller 180 and provides operation each unit
Appropriate electric power needed for part and component.
Various embodiments described herein can be with using such as computer software, hardware or its any combination of calculating
Machine computer-readable recording medium is implementing.For hardware is implemented, embodiment described herein can be by using application-specific IC
(ASIC), digital signal processor (DSP), digital signal processing device (DSPD), programmable logic device (PLD), scene can
Programming gate array (FPGA), processor, controller, microcontroller, microprocessor, it is designed to perform function described herein
Implementing, in some cases, such embodiment can be implemented at least one in electronic unit in controller 180.
For software is implemented, the embodiment of such as process or function can with allow to perform the single of at least one function or operation
Software module is implementing.Software code can be come by the software application (or program) write with any appropriate programming language
Implement, software code can be stored in memory 160 and be performed by controller 180.
So far, own Jing describes mobile terminal according to its function.Below, for the sake of brevity, will description such as folded form,
Slide type mobile terminal in various types of mobile terminals of board-type, oscillating-type, slide type mobile terminal etc. is used as showing
Example.Therefore, the present invention can be applied to any kind of mobile terminal, and be not limited to slide type mobile terminal.
As shown in Figure 1 mobile terminal 1 00 may be constructed such that using via frame or packet transmission data it is all if any
Line and wireless communication system and satellite-based communication system are operating.
The communication system that mobile terminal wherein of the invention is operable to is described referring now to Fig. 2.
Such communication system can use different air interface and/or physical layer.For example, used by communication system
Air interface includes such as frequency division multiple access (FDMA), time division multiple acess (TDMA), CDMA (CDMA) and universal mobile communications system
System (UMTS) (especially, Long Term Evolution (LTE)), global system for mobile communications (GSM) etc..As non-limiting example, under
The description in face is related to cdma communication system, but such teaching is equally applicable to other types of system.
With reference to Fig. 2, cdma wireless communication system can include multiple mobile terminal 1s 00, multiple base stations (BS) 270, base station
Controller (BSC) 275 and mobile switching centre (MSC) 280.MSC280 is configured to and Public Switched Telephony Network (PSTN)
290 form interface.MSC280 is also structured to form interface with the BSC275 that can be couple to base station 270 via back haul link.
If any one that back haul link can be in the interface that Ganji knows is constructing, the interface includes such as E1/T1, ATM, IP,
PPP, frame relay, HDSL, ADSL or xDSL.It will be appreciated that as shown in Figure 2 system can include multiple BSC2750.
Each BS270 can service one or more subregions (or region), by multidirectional antenna or the day of sensing specific direction
Each subregion that line is covered is radially away from BS270.Or, each subregion can by for diversity reception two or more
Antenna is covered.Each BS270 may be constructed such that the multiple frequency distribution of support, and each frequency distribution has specific frequency spectrum
(for example, 1.25MHz, 5MHz etc.).
What subregion and frequency were distributed intersects can be referred to as CDMA Channel.BS270 can also be referred to as base station transceiver
System (BTS) or other equivalent terms.In this case, term " base station " can be used for broadly representing single
BSC275 and at least one BS270.Base station can also be referred to as " cellular station ".Or, each subregion of specific BS270 can be claimed
For multiple cellular stations.
As shown in Figure 2, broadcast singal is sent to broadcsting transmitter (BT) 295 mobile terminal operated in system
100.As shown in Figure 1 broadcasting reception module 111 is arranged at mobile terminal 1 00 to receive the broadcast sent by BT295
Signal.In fig. 2 it is shown that several global positioning system (GPS) satellites 300.Satellite 300 helps position multiple mobile terminals
At least one of 100.
In fig. 2, multiple satellites 300 are depicted, it is understood that be, it is possible to use any number of satellite obtains useful
Location information.As shown in Figure 1 GPS module 115 is generally configured to coordinate to obtain the positioning wanted letter with satellite 300
Breath.Substitute GPS tracking techniques or outside GPS tracking techniques, it is possible to use can track the position of mobile terminal other
Technology.In addition, at least one gps satellite 300 can optionally or additionally process satellite dmb transmission.
Used as a typical operation of wireless communication system, BS270 receives the reverse link from various mobile terminal 1s 00
Signal.Mobile terminal 1 00 generally participates in call, information receiving and transmitting and other types of communication.Each of the reception of certain base station 270 is anti-
Processed in specific BS270 to link signal.The data of acquisition are forwarded to the BSC275 of correlation.BSC provides call
Resource allocation and the mobile management function of the coordination including the soft switching process between BS270.BSC275 is also by the number for receiving
According to MSC280 is routed to, it provides the extra route service for forming interface with PSTN290.Similarly, PSTN290 with
MSC280 forms interface, and MSC and BSC275 form interface, and BSC275 correspondingly controls BS270 with by forward link signals
It is sent to mobile terminal 1 00.
Based on above-mentioned mobile terminal hardware configuration and communication system, the inventive method each embodiment is proposed.
As shown in figure 3, first embodiment of the invention proposes a kind of control method of equipment authority, including:
Step 301, receives the authority risk information from service server.
Specifically, the authority risk information from service server can be received by push server.
Wherein, authority risk information can include the bag name and equipment authority name of application program.
Step 302, according to authority risk information, the equipment authority to being granted to application program is adjusted.
Specifically, the equipment authority name that can be included according to authority risk information, to closing application program to the equipment
The use of authority.
In the present embodiment, can first judge whether that application program corresponding with the bag name in authority risk information is installed,
And when application program corresponding with the bag name in authority risk information is provided with, weighed according to the equipment that authority risk information is included
Limit title, to use of the closing application program to the equipment authority.
Additionally, receiving before the authority risk information of service server, can be authorizing equipment to application program
Authority, by Authorization result service server is uploaded to.
Wherein, Authorization result includes ID, the bag name of application program and is granted to the equipment authority name of application program
Claim.
Correspondingly, according to authority risk information, after the equipment authority to being granted to application program is adjusted, can be with
The Authorization result to application program is updated, and renewal request is sent to service server.
The embodiment of the present invention is adjusted according to the authority risk information from service server, the equipment authority to having authorized
It is whole, risk identification can be carried out to the equipment authority for having authorized, effectively management and control is carried out to equipment authority, and then protect user hidden
Private, lifts Consumer's Experience.
As shown in figure 4, second embodiment of the invention proposes a kind of control method of equipment authority, including:
Step 401, in set up applications, sends to service server and authorizes historical query request.
Specifically, after the installation kit for downloading application program, installation kit can be parsed, obtains application program
Equipment permissions list, according to ID (uid) and bag name (packageName), send to service server and authorize history
Inquiry request, inquires about mandate history of the user to application program.
Wherein, equipment permissions list includes conventional equipment authority and hazardous equipment authority, authorizes historical query request to include
The bag name of ID and application program.
Step 402, receives the mandate historical information that service server is returned.
Wherein, historical information is authorized to include once being granted to the equipment authority name of application program.
Step 403, judges to authorize whether historical information is empty, if it is, execution step 404;Otherwise, execution step
405。
Step 404, according to the equipment permissions list of application program, authorizes to application program, and execution step
406。
Specifically, conventional equipment authority can be granted to application program, ejects dialogue corresponding with hazardous equipment authority
Frame, according to operation of the user to the dialog box, it is determined whether hazardous equipment authority is granted to into application program.
Step 405, according to historical information is authorized, authorizes to application program, and execution step 406.
Specifically, corresponding equipment authority can be granted to according to the equipment authority name for authorizing historical information to include
Application program.
Step 406, backs up Authorization result, and Authorization result is uploaded to into service server.
Wherein, Authorization result includes ID, the bag name of application program and is granted to the equipment authority name of application program
Claim.
Step 407, receives the authority risk information from service server.
Specifically, the authority risk information from service server can be received by push server.
Wherein, authority risk information can include the bag name and equipment authority name of application program.
Step 408, judges itself whether be provided with application program corresponding with the bag name in authority risk information, if
It is, then execution step 409;Otherwise, flow process is terminated.
Step 409, according to the equipment authority name that authority risk information is included, to closing application program to the equipment authority
Use.
Specifically, can be serviced by System Privileges distribution, to use of the closing application program to equipment authority, intercepting should
With use of the program to the equipment authority, and the user application program is pointed out to there is malicious act.
Step 410, updates the Authorization result to application program, and sends renewal request to service server.
Specifically, the equipment authority name closed can be deleted from Authorization result, and is sent more to service server
New request.
Wherein, updating request includes ID, the bag name of application program and weighs to the equipment of the closing application program
Limit title.
The embodiment of the present invention is grouped mandate of the control to application program according to authority, and by the Authorization result to application program
Service server is backuped to, according to the authority risk information from service server, the equipment authority to having authorized is adjusted,
Can more fine granularity ground risk identification and management and control are carried out to the equipment authority that authorized, and then protect privacy of user, lift user
Experience.
As shown in figure 5, third embodiment of the invention proposes a kind of control method of equipment authority, including:
Step 501, mobile terminal sends to service server and authorizes historical query request in set up applications.
Specifically, mobile terminal downloads the installation kit of application program, and installation kit is parsed, and obtains application program
Equipment permissions list, according to ID (uid) and bag name (packageName), send to service server and authorize history
Inquiry request, inquires about mandate history of the user to application program.
Wherein, equipment permissions list includes conventional equipment authority and hazardous equipment authority, authorizes historical query request to include
The bag name of ID and application program.
Step 502, service server inquiry authorization database, authorized historical information.
Specifically, service server can be according to the bag of the ID and application program authorized in historical query request
Name, inquires about authorization database, obtains equipment authority name corresponding with the bag name of ID and application program and goes through as mandate
History information, the equipment authority name is the equipment authority name for being once granted to application program.
Step 503, mobile terminal receives the mandate historical information that service server is returned.
Wherein, historical information is authorized to include once being granted to the equipment authority name of application program.
Step 504, mobile terminal judges to authorize whether historical information is empty, if it is, execution step 505;Otherwise, hold
Row step 506.
Step 505, mobile terminal is authorized according to the equipment permissions list of application program to application program, and
Execution step 507.
Specifically, conventional equipment authority can be granted to application program by mobile terminal, be ejected and hazardous equipment authority pair
The dialog box answered, according to operation of the user to the dialog box, it is determined whether hazardous equipment authority is granted to into application program.
Step 506, mobile terminal is authorized according to historical information is authorized to application program, and execution step 507.
Specifically, corresponding equipment authority can be granted to according to the equipment authority name for authorizing historical information to include
Application program.
Step 507, mobile terminal backup Authorization result, and Authorization result is uploaded to into service server.
Wherein, Authorization result includes ID, the bag name of application program and is granted to the equipment authority name of application program
Claim.
Step 508, service server updates authorization database according to the Authorization result for receiving.
The embodiment of the present invention is grouped mandate of the control to application program according to authority, and by the Authorization result to application program
Service server is backuped to, management and control more fine-grained can be carried out to equipment authority, protect privacy of user, lift Consumer's Experience.
As shown in fig. 6, fourth embodiment of the invention proposes a kind of control method of equipment authority, including:
Step 601, the equipment authority that service server scanning application program is used identifies there is answering for authority risk
The equipment authority used with program and the application program.
Specifically, service server scanning arrives application program with during the behavior for maliciously using equipment authority, and this is applied
Procedure identification is the application program that there is authority risk, is the equipment authority that there is authority risk by the equipment authority recognition.
Step 602, service server is according to the application program and equipment authority for identifying, it is determined that the equipment authority is authorized
To the mobile terminal of the application program.
Specifically, service server can be awarded according to the bag name of the application program for identifying and equipment authority name, inquiry
Power database, obtains corresponding with above-mentioned bag name and equipment authority name ID, and then by the corresponding shifting of the ID
Dynamic terminal is used as the mobile terminal that the said equipment authority is granted to above-mentioned application program.
Step 603, service server is by push server to the mobile terminal sending permission risk information determined.
Specifically, authority risk information can be sent to push server by service server, be passed through by push server
Authority risk information is pushed to real-time Communication for Power channel the mobile terminal determined.Wherein, authority risk information can include answering
With the bag name and equipment authority name of program.
Step 604, mobile terminal judges itself whether be provided with application journey corresponding with the bag name in authority risk information
Sequence, if it is, execution step 605;Otherwise, flow process is terminated.
Step 605, the equipment authority name that mobile terminal is included according to authority risk information, to closing application program to this
The use of equipment authority.
Specifically, mobile terminal can be serviced by System Privileges distribution, and equipment authority is made to closing application program
With, intercept use of the application program to the equipment authority, and point out the user application program to there is malicious act.
Step 606, Authorization result of the mobile terminal to update to application program, and send renewal request to service server.
Specifically, mobile terminal deletes the equipment authority name closed from Authorization result, and sends out to service server
Send renewal request.Wherein, updating request includes ID, the bag name of application program and the equipment to the closing application program
Authority name.
Step 607, service server updates and authorizes historical information.
Specifically, service server is according to the ID, the bag name of application program included in renewal request and to this
The equipment authority name of closing application program, the equipment authority name closed is deleted from authorization database.
The embodiment of the present invention is adjusted according to the authority risk information from service server, the equipment authority to having authorized
It is whole, can more fine granularity ground risk identification and management and control are carried out to the equipment authority that authorized, and then protect privacy of user, lifted and used
Experience at family.
The present invention further provides a kind of control device of equipment authority.
With reference to Fig. 7, Fig. 7 is a kind of control device of the equipment authority in fourth embodiment of the invention, including:
Receiver module 710, for receiving the authority risk information from service server;
Specifically, receiver module 710, specifically for receiving the authority risk from service server by push server
Information.
Wherein, authority risk information can include the bag name and equipment authority name of application program.
Adjusting module 720, for according to authority risk information, the equipment authority to being granted to application program to be adjusted.
Specifically, above-mentioned adjusting module 720, specifically for the equipment authority name included according to authority risk information, to
Use of the closing application program to the equipment authority.
In the present embodiment, above-mentioned adjusting module 720, specifically for first judge whether to be provided with authority risk information
The corresponding application program of bag name, and when application program corresponding with the bag name in authority risk information is provided with, according to authority
The equipment authority name that risk information is included, to use of the closing application program to the equipment authority.
Further, said apparatus, also include:
Authorization module, for authorizing equipment authority to application program.
Sending module, for Authorization result to be uploaded to into the service server.
Wherein, Authorization result includes ID, the bag name of application program and is granted to the equipment authority name of application program
Claim.
Correspondingly, above-mentioned authorization module, is additionally operable to according to authority risk information, and the equipment to being granted to application program is weighed
After limit is adjusted, the Authorization result to application program can be updated;
Above-mentioned sending module, is additionally operable to send to update to service server ask.
Further, above-mentioned authorization module, including:
Sending submodule, in set up applications, sending to service server and authorizing historical query request;
Specifically, above-mentioned sending submodule, specifically for after the installation kit for downloading application program, solving to installation kit
Analysis, obtains the equipment permissions list of application program, according to ID (uid) and bag name (packageName), to business
Server sends and authorizes historical query request, inquires about mandate history of the user to application program.
Receiving submodule, for receiving the mandate historical information of service server return;
Wherein, historical information is authorized to include once being granted to the equipment authority name of application program.
Submodule is authorized, for authorizing to application program according to mandate historical information.
Specifically, above-mentioned mandate submodule, specifically for according to the equipment authority name for authorizing historical information to include, by phase
The equipment authority answered is granted to application program.
Additionally, above-mentioned mandate submodule, is additionally operable to authorizing historical information to be space-time, according to the equipment of application program
Permissions list, authorizes to application program.
In the present embodiment, above-mentioned mandate submodule, specifically for conventional equipment authority is granted to into application program, eject with
The corresponding dialog box of hazardous equipment authority, according to operation of the user to the dialog box, it is determined whether hazardous equipment authority is authorized
To application program.
Adjusting module 720 in the embodiment of the present invention according to the authority risk information from service server, to authorizing
Equipment authority be adjusted, risk identification can be carried out to the equipment authority for having authorized, equipment authority is effectively managed
Control, and then privacy of user is protected, lift Consumer's Experience.
It should be noted that herein, term " including ", "comprising" or its any other variant are intended to non-row
His property is included, so that a series of process, method, article or device including key elements not only include those key elements, and
And also include other key elements being not expressly set out, or also include for this process, method, article or device institute inherently
Key element.In the absence of more restrictions, the key element for being limited by sentence "including a ...", it is not excluded that including being somebody's turn to do
Also there is other identical element in the process of key element, method, article or device.
The embodiments of the present invention are for illustration only, do not represent the quality of embodiment.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on such understanding, technical scheme is substantially done to prior art in other words
Going out the part of contribution can be embodied in the form of software product, and the computer software product is stored in a storage medium
In (such as ROM/RAM, magnetic disc, CD), including some instructions are used so that a station terminal equipment (can be mobile phone, computer takes
Business device, air-conditioner, or network equipment etc.) perform method described in each embodiment of the invention.
The preferred embodiments of the present invention are these are only, the scope of the claims of the present invention is not thereby limited, it is every using this
Equivalent structure or equivalent flow conversion that bright specification and accompanying drawing content are made, or directly or indirectly it is used in other related skills
Art field, is included within the scope of the present invention.
Claims (10)
1. a kind of control method of equipment authority, it is characterised in that include:
Receive the authority risk information from service server;
According to authority risk information, the equipment authority to being granted to application program is adjusted.
2. the method for claim 1, it is characterised in that the reception from service server authority risk information it
Before, also include:
Equipment authority is authorized to the application program, Authorization result is uploaded to into the service server.
3. method as claimed in claim 2, it is characterised in that authorize equipment authority to the application program, including:
When the application program is installed, send to the service server and authorize historical query request;
The mandate historical information that the service server is returned is received, the application program is entered according to the mandate historical information
Row is authorized.
4. method as claimed in claim 3, it is characterised in that it is described according to the mandate historical information to the application program
Authorized, including:
According to the equipment authority name that the mandate historical information is included, corresponding equipment authority is granted to into the application journey
Sequence.
5. the method for claim 1, it is characterised in that described according to authority risk information, to being granted to application program
Equipment authority be adjusted, including:
According to the equipment authority name that the authority risk information is included, to the closing application program to the equipment authority
Use.
6. a kind of control device of equipment authority, it is characterised in that include:
Receiver module, for receiving the authority risk information from service server;
Adjusting module, for according to authority risk information, the equipment authority to being granted to application program to be adjusted.
7. device as claimed in claim 6, it is characterised in that also include:
Authorization module, for authorizing equipment authority to the application program;
Sending module, for Authorization result to be uploaded to into the service server.
8. device as claimed in claim 7, it is characterised in that the authorization module, including:
Sending submodule, for when the application program is installed, sending to the service server and authorizing historical query request;
Receiving submodule, for receiving the mandate historical information that the service server is returned;
Submodule is authorized, for authorizing to the application program according to the mandate historical information.
9. device as claimed in claim 8, it is characterised in that
The mandate submodule, specifically for the equipment authority name included according to the mandate historical information, will set accordingly
Standby authority is granted to the application program.
10. device as claimed in claim 6, it is characterised in that
The adjusting module, specifically for the equipment authority name included according to the authority risk information, to the application journey
Sequence closes the use to the equipment authority.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610959163.1A CN106570390A (en) | 2016-10-27 | 2016-10-27 | Equipment permission control method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610959163.1A CN106570390A (en) | 2016-10-27 | 2016-10-27 | Equipment permission control method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106570390A true CN106570390A (en) | 2017-04-19 |
Family
ID=58535747
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610959163.1A Pending CN106570390A (en) | 2016-10-27 | 2016-10-27 | Equipment permission control method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106570390A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108537011A (en) * | 2018-03-16 | 2018-09-14 | 维沃移动通信有限公司 | A kind of application permission processing method, terminal and server |
| CN108763881A (en) * | 2018-05-18 | 2018-11-06 | 上海掌门科技有限公司 | Method and apparatus for controlling user right |
| CN109088977A (en) * | 2018-06-21 | 2018-12-25 | 上海二三四五网络科技有限公司 | A kind of control method and control device of automatic installation mobile terminal application |
| CN110287659A (en) * | 2019-06-28 | 2019-09-27 | 广州鲁邦通物联网科技有限公司 | A kind of management method, terminal and the system of APP application dynamic rights |
| CN110895607A (en) * | 2018-09-13 | 2020-03-20 | 中兴通讯股份有限公司 | Method, device and storage medium for intelligent permission prompt |
| CN113672899A (en) * | 2021-08-23 | 2021-11-19 | 读书郎教育科技有限公司 | Method and device for realizing application permission duplicate-free confirmation of Android terminal |
| CN113742703A (en) * | 2021-08-20 | 2021-12-03 | 深圳Tcl新技术有限公司 | Application program control method and device, electronic equipment and storage medium |
| CN113821778A (en) * | 2020-06-18 | 2021-12-21 | 车主邦(北京)科技有限公司 | Fingerprint authentication risk control method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070299845A1 (en) * | 2006-06-23 | 2007-12-27 | Canon Kabushiki Kaisha | License management system, license management server apparatus, information processing apparatus utilizing a license, and control method thereof |
| CN104091131A (en) * | 2014-07-09 | 2014-10-08 | 北京智谷睿拓技术服务有限公司 | Method and device for determining relation between application programs and authorities |
| CN104346559A (en) * | 2014-11-26 | 2015-02-11 | 北京奇虎科技有限公司 | Authority request response method and device thereof |
| CN104346576A (en) * | 2014-12-01 | 2015-02-11 | 北京奇虎科技有限公司 | Methods for feedback and matching of privilege escalation configuration information as well as corresponding devices |
-
2016
- 2016-10-27 CN CN201610959163.1A patent/CN106570390A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070299845A1 (en) * | 2006-06-23 | 2007-12-27 | Canon Kabushiki Kaisha | License management system, license management server apparatus, information processing apparatus utilizing a license, and control method thereof |
| CN104091131A (en) * | 2014-07-09 | 2014-10-08 | 北京智谷睿拓技术服务有限公司 | Method and device for determining relation between application programs and authorities |
| CN104346559A (en) * | 2014-11-26 | 2015-02-11 | 北京奇虎科技有限公司 | Authority request response method and device thereof |
| CN104346576A (en) * | 2014-12-01 | 2015-02-11 | 北京奇虎科技有限公司 | Methods for feedback and matching of privilege escalation configuration information as well as corresponding devices |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108537011A (en) * | 2018-03-16 | 2018-09-14 | 维沃移动通信有限公司 | A kind of application permission processing method, terminal and server |
| CN108763881A (en) * | 2018-05-18 | 2018-11-06 | 上海掌门科技有限公司 | Method and apparatus for controlling user right |
| CN109088977A (en) * | 2018-06-21 | 2018-12-25 | 上海二三四五网络科技有限公司 | A kind of control method and control device of automatic installation mobile terminal application |
| CN109088977B (en) * | 2018-06-21 | 2021-06-04 | 上海二三四五网络科技有限公司 | Control method and control device for automatically installing mobile terminal application |
| CN110895607A (en) * | 2018-09-13 | 2020-03-20 | 中兴通讯股份有限公司 | Method, device and storage medium for intelligent permission prompt |
| CN110895607B (en) * | 2018-09-13 | 2023-09-29 | 中兴通讯股份有限公司 | Method, device and storage medium for intelligent prompt of authority |
| CN110287659A (en) * | 2019-06-28 | 2019-09-27 | 广州鲁邦通物联网科技有限公司 | A kind of management method, terminal and the system of APP application dynamic rights |
| CN110287659B (en) * | 2019-06-28 | 2023-04-07 | 广州鲁邦通物联网科技股份有限公司 | Management method, terminal and system for APP application dynamic permission |
| CN113821778A (en) * | 2020-06-18 | 2021-12-21 | 车主邦(北京)科技有限公司 | Fingerprint authentication risk control method and device |
| CN113742703A (en) * | 2021-08-20 | 2021-12-03 | 深圳Tcl新技术有限公司 | Application program control method and device, electronic equipment and storage medium |
| CN113672899A (en) * | 2021-08-23 | 2021-11-19 | 读书郎教育科技有限公司 | Method and device for realizing application permission duplicate-free confirmation of Android terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106570390A (en) | Equipment permission control method and device | |
| CN105100476B (en) | A kind of mobile terminal unlocking device and method | |
| CN104915582B (en) | unlocking method and device | |
| CN106341817A (en) | Access control system, access control method, mobile terminals and access server | |
| CN106155694A (en) | A kind of application and the display packing and device applied of attending to anything else | |
| CN104820797B (en) | Using the management method and device of account | |
| CN106899958A (en) | A kind of information download apparatus and method | |
| CN104618382B (en) | A kind of method and device realizing the seamless access of information | |
| CN106778212B (en) | A kind of mobile terminal and control method | |
| CN106791149A (en) | A kind of method of mobile terminal and control screen | |
| CN106547674A (en) | A kind of fingerprint input method, device and terminal | |
| CN106485163A (en) | Control method and control device that mobile terminal data storehouse accesses | |
| CN106484534A (en) | Control method for the mobile terminal of displaying and control device | |
| CN105100217B (en) | Multisystem shared data method and apparatus | |
| CN106227454B (en) | A kind of touch trajectory detection system and method | |
| CN105357188B (en) | A kind of method that realizing WIFI connections, server and mobile terminal | |
| CN106790126A (en) | A kind of method of the account mandate of application program, device and terminal | |
| CN106792644A (en) | Mobile terminal, server and information processing method | |
| CN106650347A (en) | Synchronous unblocking method, device and terminals | |
| CN106648505A (en) | Mobile terminal control method and mobile terminal | |
| CN106131318A (en) | A kind of incoming information hidden method and device | |
| CN106921959A (en) | The brush machine method of mobile terminal, device and brush machine equipment | |
| CN106559492A (en) | Based on pressure compensated function executing method and system | |
| CN106535196A (en) | Routing equipment, terminal and method for controlling WiFi access | |
| CN106385491B (en) | A kind of system, method and mobile terminal controlling PUSH message |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170419 |
|
| RJ01 | Rejection of invention patent application after publication |