CN107480554A - A kind of right management method, rights management device and intelligent terminal - Google Patents
A kind of right management method, rights management device and intelligent terminal Download PDFInfo
- Publication number
- CN107480554A CN107480554A CN201710631659.0A CN201710631659A CN107480554A CN 107480554 A CN107480554 A CN 107480554A CN 201710631659 A CN201710631659 A CN 201710631659A CN 107480554 A CN107480554 A CN 107480554A
- Authority
- CN
- China
- Prior art keywords
- virtual
- authority
- terminal data
- data
- mentioned
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/629—Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of right management method, rights management device and intelligent terminal, wherein, the right management method includes:Receive the authority request instruction that application program is sent;The true access rights asked based on authority request instruction, it is determined that virtual access authority corresponding with the truly access rights, wherein, the true access rights are associated with the terminal data in real system, the virtual access authority is associated with the terminal data in virtual system, and the terminal data in the virtual system is different from the terminal data in the real system;Authorize the virtual access authority to the application program.This programme can either be that application program opens required access rights, and and can enough ensures the personal information security of user.
Description
Technical field
The present invention relates to field of information security technology, more particularly to a kind of right management method, rights management device, intelligence
Terminal and computer-readable recording medium.
Background technology
Many application programs often when mounted to intelligent terminal application it is a large amount of it is unnecessary, even with this application journey
The unrelated authority of sequence, for example, some application programs can read safe digital card (SD card) to intelligent terminal application, system journal is believed
The authority of the information such as breath, address book information, call-information, short message, intelligent terminal geographical position.If user should to these
Authority required by being granted by them with program, then the personal data that are stored on intelligent terminal may be caused compromised;If
User do not open them to these application programs required by authority, then application program can be caused can not to use, result even in
Application program automatically exits from.
The content of the invention
In view of this, can the invention provides a kind of right management method, rights management device, intelligent terminal and computer
Read storage medium, it is intended to open required access rights for application program on the premise of the personal information security of user is ensured.
The first aspect of the embodiment of the present invention provides a kind of right management method, and the right management method includes:
Receive the authority request instruction that application program is sent;
The true access rights asked based on authority request instruction, it is determined that corresponding with the true access rights
Virtual access authority, wherein, the true access rights are associated with the terminal data in real system, the virtual access power
Limit is associated with the terminal data in virtual system, and the terminal data in the virtual system is different from the real system
Terminal data;
Authorize the virtual access authority to the application program.
The second aspect of the embodiment of the present invention provides a kind of rights management device, and the rights management device includes:
Request reception unit, for receiving the authority request instruction of application program transmission;
Authority determining unit, the authority request instruction for being received based on the request reception unit are asked true
Access rights, it is determined that virtual access authority corresponding with the true access rights, wherein, the true access rights with it is true
Terminal data in system is associated, and the virtual access authority is associated with the terminal data in virtual system, described virtual
Terminal data in system is different from the terminal data in the real system;
Right grant unit, the virtual access authority for the authority determining unit to be determined, which is authorized, described applies journey
Sequence.
The third aspect of the embodiment of the present invention provides a kind of intelligent terminal, including memory, processor and is stored in
In the memory and the computer program that can run on the processor, described in the computing device during computer program
The step of realizing method as described above.
The fourth aspect of the embodiment of the present invention provides a kind of computer-readable recording medium, the computer-readable storage
Media storage has the step of computer program, the computer program realizes method as described above when being executed by processor.
Therefore by the present invention program, the authority request instruction that application program is sent is received first, is then based on institute
The true access rights that authority request instruction is asked are stated, it is determined that virtual access authority corresponding with the truly access rights,
Wherein, the true access rights are associated with the terminal data in real system, the virtual access authority and virtual system
In terminal data be associated, the terminal data in the virtual system be different from the real system in terminal data, most
Authorize the virtual access authority to the application program afterwards.The present invention program authorizes in application requests access rights
The corresponding virtual access authority for the true access rights that application program is asked, it on the one hand can avoid causing because not authorizing
Application program situation about automatically exiting from occur, on the other hand, due to the number of terminals in the virtual access authority and virtual system
According to being associated, therefore, the terminal data that obtaining the application program of the virtual access authority allows to access is in virtual system
Terminal data, so as to avoid the application program from getting terminal data actual in real system, ensure to a certain extent
The personal information security of user.
Brief description of the drawings
Technical scheme in order to illustrate the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art
In the required accompanying drawing used be briefly described, it should be apparent that, drawings in the following description be only the present invention some
Embodiment, for those of ordinary skill in the art, without having to pay creative labor, can also be according to these
Accompanying drawing obtains other accompanying drawings.
Fig. 1 is the implementation process schematic diagram of right management method provided in an embodiment of the present invention;
Fig. 2 is in right management method provided in an embodiment of the present invention, virtual access authority is initialized specific
Implementation process schematic diagram;
Fig. 3 is the implementation process schematic diagram of another right management method provided in an embodiment of the present invention;
Fig. 4 is the schematic diagram of rights management device provided in an embodiment of the present invention;
Fig. 5 is the schematic diagram of intelligent terminal provided in an embodiment of the present invention.
Embodiment
In describing below, in order to illustrate rather than in order to limit, it is proposed that such as tool of particular system structure, technology etc
Body details, thoroughly to understand the embodiment of the present invention.However, it will be clear to one skilled in the art that there is no these specific
The present invention can also be realized in the other embodiments of details.In other situations, omit to well-known system, device, electricity
Road and the detailed description of method, in case unnecessary details hinders description of the invention.
In order to illustrate technical solutions according to the invention, illustrated below by specific embodiment.
Embodiment one
Fig. 1 shows the implementation process for the right management method that the embodiment of the present invention one provides, and details are as follows:
In step S101, the authority request instruction that application program is sent is received;
In embodiments of the present invention, in the running of application program, receive the authority request that application program is sent and refer to
Order.Specifically, it can be when application program is mounted, receive the authority request instruction that application program is sent;Or in step
In S101, it can also be in application program by use, the authority request instruction that reception application program is sent, is not limited herein
It is fixed.
In step s 102, based on the true access rights asked of above-mentioned authority request instruction, it is determined that with it is above-mentioned true
Virtual access authority corresponding to access rights;
In embodiments of the present invention, above-mentioned true access rights are associated with the terminal data in real system, above-mentioned void
Plan access rights are associated with the terminal data in virtual system, and the terminal data in above-mentioned virtual system is different from above-mentioned true
Terminal data in system.Wherein, the terminal data in above-mentioned real system is the number of user's actual storage in intelligent terminal
According to;Above-mentioned true access rights are associated with the terminal data in real system, refer to by above-mentioned true access rights energy
The terminal data enough having access in real system, i.e., user can be got in intelligent terminal by above-mentioned true access right authority
The data of middle actual storage;Above-mentioned virtual access authority is associated with the terminal data in virtual system, refers to by above-mentioned
Virtual access authority is able to access that the terminal data in virtual system, and because the terminal data in above-mentioned virtual system is different
With the terminal data in above-mentioned real system, therefore, user can not be got in intelligence by above-mentioned virtual access authority
The data of actual storage in terminal.It should be noted that each true access rights have corresponding thereto in virtual system
Virtual access authority, thus when received in step S101 application program transmission authority request instruction after, can be based on upper
The true access rights that authority request instruction is asked are stated, it is determined that virtual access authority corresponding with above-mentioned truly access rights.
In step s 103, above-mentioned virtual access authority is authorized to above-mentioned application program.
In embodiments of the present invention, the virtual access authority for determining to obtain in step S102 is authorized to above-mentioned application program,
To cause above-mentioned application program to continue to run with.If above-mentioned application program is the authority request instruction sent in installation process,
Then after above-mentioned application program virtual access authority is granted by, above-mentioned application program is enabled to be able to continue to install;On if
It is the authority request instruction sent in use to state application program, then is being granted by above-mentioned application program virtual access authority
Afterwards, user is enabled to be able to be continuing with the function of above-mentioned application program.
In order that the process of the embodiment of the present invention is clearer, illustrated below with example:It is assumed that user just carries intelligence
Energy terminal is gone on business in a, and when using application program A, application program A have sent authority request instruction, and acquisition request accesses
The geographical location information of intelligent terminal;Again assume that application program A function is not rely on geographical position, in this case,
User is not intended to the true geographical position of oneself informing application program A;Now, by the embodiment of the present invention, authorized for it
Virtual access authority, because the terminal data in virtual system is different from the terminal data in real system, thus application program A
The virtual geographical location information b being pre-stored within virtual system can only be got, and the intelligent terminal of user is real
Geographical position a will not be apprised of application program A.But in fact, for application program A, application program A is accessed really
The geographical location information of intelligent terminal, and this information of geographical position b has been acquired, application program A do not know that oneself
The data of acquisition are virtual data, and in other words, application program A thinks that the data that oneself is obtained are that intelligent terminal really counts
According to, and continue to run with based on this, perform application program A subsequent operation.
Alternatively, above-mentioned right management method also includes:
In the above-mentioned virtual system of initial start-up, above-mentioned virtual access authority is initialized.
Wherein it is possible to above-mentioned virtual system is created by sandbox in real system, it is of course also possible to otherwise
Above-mentioned virtual system is created, is not construed as limiting herein.Because virtual system is actually the virtual mirror of the real system of intelligent terminal
Picture, in the above-mentioned virtual system of initial start-up, the data stored in the virtual system are sky, it is then desired to above-mentioned virtual visit
Ask that authority is initialized.As shown in Fig. 2 in embodiments of the present invention, it is above-mentioned that above-mentioned virtual access authority is initialized,
Specially:
S201, obtain the terminal data in the above-mentioned real system associated with above-mentioned true access rights;
S202, it will be copied to the terminal data in the above-mentioned real system that access rights associate above-mentioned truly above-mentioned virtual
System;
Wherein it is possible in initialization of virtual access rights, acquisition first associates above-mentioned with above-mentioned true access rights
Terminal data in real system, and the terminal data in the real system of acquisition is copied to virtual system so that virtual system
System can know the type for the terminal data that application program can request that and various types of terminals for this intelligent terminal
Storage format of the data on this intelligent terminal, avoid, in initialization of virtual access rights, generating invalid number of terminals with this
According to.
S203, to being associated with above-mentioned true access rights of in above-mentioned virtual system, replicating to obtain in a manner of default
Terminal data in above-mentioned real system is modified, using the terminal data in the above-mentioned real system after change as above-mentioned void
Terminal data in plan system;
Wherein, in order that the terminal data obtained in virtual system is different from the terminal data in real system, by truly
After terminal data in system is copied to virtual system, the terminal data that can be obtained to duplication is carried out more in a manner of default
Change, for example, for can be empty data, such as address list data, note data, picture library data etc., it can be empty
Operation;Data for that can not think sky, such as intelligent terminal geographic position data etc., can be changed to default acquiescence
Data, such as intelligent terminal geographic position data is changed to Beijing.Certainly, even for that can be empty data, also may be used
To be changed to default default data, the mode of change is not defined herein.It should be noted that it will replicate what is obtained
It is consistent with replicating obtained terminal data in order to avoid default data occurs when terminal data is changed to default default data
Situation, can pre-set the first default data and the second default data in virtual system, above-mentioned first default data and the
Two default datas are different:It is whether consistent with replicating obtained terminal data that the first default data is detected first, will if inconsistent
Replicate obtained terminal data and be changed to the first default data;If consistent, the terminal data that duplication obtains is changed to second
Default data.
In step S204, above-mentioned virtual access authority is associated with the terminal data in above-mentioned virtual system, completion pair
The initialization of virtual access authority.
Wherein, after the initialization to the terminal data in virtual system is completed, continue by virtual access authority with it is upper
The terminal data stated in virtual system is associated, and completes the initialization to virtual access authority so that application program is being awarded
After giving virtual access authority, it is able to access that to obtain the terminal data in virtual system.
Therefore by the embodiment of the present invention, will be according to application program when application program initiates authority request instruction
The true access rights asked determine corresponding virtual access authority, and authorize the virtual access authority to this and apply journey
Sequence, the situation that application program automatically exits from caused by not authorizing on the one hand can be avoided to occur, on the other hand, due to the void
Plan access rights are associated with the terminal data in virtual system, and therefore, the application program for obtaining the virtual access authority permits
Perhaps the terminal data accessed is the terminal data in virtual system, real in real system so as to avoid the application program from getting
The terminal data on border, the personal information security of user is ensured to a certain extent.
It should be understood that the size of the sequence number of each step is not meant to the priority of execution sequence, each process in above-described embodiment
Execution sequence should determine that the implementation process without tackling the embodiment of the present invention forms any limit with its function and internal logic
It is fixed.
Embodiment two
On the basis of embodiment one, Fig. 2 shows the reality for another right management method that the embodiment of the present invention two provides
Existing flow, details are as follows:
In step S301, the authority request instruction that application program is sent is received;
In step s 302, based on the true access rights asked of above-mentioned authority request instruction, it is determined that with it is above-mentioned true
Virtual access authority corresponding to access rights;
In step S303, above-mentioned virtual access authority is authorized to above-mentioned application program;
In embodiments of the present invention, above-mentioned steps S301 to above-mentioned steps S303 respectively with above-mentioned steps S101 and above-mentioned step
Rapid S103 implementation is same or similar, does not repeat herein.
In step s 304, the authority change directive of input is received;
In embodiments of the present invention, if some functions of application program need to access the number of terminals of real system really
According to, during application program is continued to run with based on the virtual access authority being awarded in step S303, can also to application
The running status of program is detected:If application program can not normal operation, export reminder message, with prompting be used for application
The authority of program is modified, and waits the authority change directive of user's input to be received;Receive want user input authority
After change directive, step S305 and step S306 is continued executing with.
In step S305, based on above-mentioned authority change directive, the virtual access to be changed of above-mentioned application program is determined
Authority;
In embodiments of the present invention, because above-mentioned application program may have requested that multiple access rights, and entering
During row change, it is usually only necessary to be modified one of those or several access rights.Above-mentioned authority change directive indicates
User wants the access rights being modified to above-mentioned application program, thus can be based on above-mentioned authority change directive, it is determined that on
State the virtual access authority to be changed of application program.
In step S306, the terminal data in pair virtual system associated with above-mentioned virtual access authority to be changed
It is modified.
In embodiments of the present invention, the virtual access authority to be changed of above-mentioned application program is determined in step S305
Afterwards, the terminal data in the virtual system being associated to above-mentioned virtual access authority to be changed is modified.Specifically, it is above-mentioned
Changing operation can be:Terminal data in the virtual system associated with above-mentioned virtual access authority to be changed is changed to
Terminal data in corresponding real system.It should be noted that it is only that the terminal data in virtual system end is entered herein
Change is gone, the terminal data in above-mentioned application program accesses or virtual system, in other words, above-mentioned application program is still
The terminal data in real system can not directly be accessed.
Therefore by the embodiment of the present invention, will be according to application program when application program initiates authority request instruction
The true access rights asked determine corresponding virtual access authority, and authorize the virtual access authority to this and apply journey
Sequence, the situation that application program automatically exits from caused by not authorizing on the one hand can be avoided to occur, on the other hand, due to the void
Plan access rights are associated with the terminal data in virtual system, and therefore, the application program for obtaining the virtual access authority permits
Perhaps the terminal data accessed is the terminal data in virtual system, real in real system so as to avoid the application program from getting
The terminal data on border, the personal information security of user is ensured to a certain extent.Further, when user wants to allow application program
Access real system terminal data when, can pair with the virtual system associated by virtual access authority terminal data progress
Change, the terminal data in corresponding real system is assigned to virtual system, to ensure the normal operation of application program.
It should be understood that the size of the sequence number of each step is not meant to the priority of execution sequence, each process in above-described embodiment
Execution sequence should determine that the implementation process without tackling the embodiment of the present invention forms any limit with its function and internal logic
It is fixed.
Embodiment three
Fig. 4 shows the structured flowchart of rights management device provided in an embodiment of the present invention, for convenience of description, only shows
The part related to the embodiment of the present invention.The rights management device 4 includes:Request reception unit 41, authority determining unit 42,
Right grant unit 43.
Wherein, request reception unit 41, for receiving the authority request instruction of application program transmission;
Authority determining unit 42, what the authority request instruction for being received based on above-mentioned request reception unit 41 was asked
True access rights, it is determined that virtual access authority corresponding with above-mentioned true access rights, wherein, above-mentioned true access rights with
Terminal data in real system is associated, and above-mentioned virtual access authority is associated with the terminal data in virtual system, above-mentioned
Terminal data in virtual system is different from the terminal data in above-mentioned real system;
Right grant unit 43, the virtual access authority for above-mentioned authority determining unit 42 to be determined authorize above-mentioned application
Program.
Alternatively, above-mentioned rights management device 4 also includes:
Authority initialization unit, in the above-mentioned virtual system of initial start-up, being carried out just to above-mentioned virtual access authority
Beginningization.
Alternatively, above-mentioned authority initialization unit includes:
Data acquisition subelement, for obtaining the number of terminals in the above-mentioned real system associated with above-mentioned true access rights
According to;
Data duplication subelement, associated for above-mentioned data acquisition subelement to be got with above-mentioned true access rights
Above-mentioned real system in terminal data be copied to above-mentioned virtual system;
Data change subelement, in a manner of default in above-mentioned virtual system, above-mentioned data duplication subelement is answered
Terminal data in the above-mentioned real system associated with above-mentioned true access rights being made is modified, will be upper after change
The terminal data in real system is stated as the terminal data in above-mentioned virtual system;
Data correlation subelement, for the virtual system for determining above-mentioned virtual access authority and above-mentioned data change subelement
Terminal data association in system, completes the initialization to virtual access authority.
Alternatively, above-mentioned rights management device 4 also includes:
Virtual system creating unit, for creating above-mentioned virtual system by sandbox in above-mentioned real system.
Alternatively, above-mentioned rights management device 4 also includes:
Receiving unit is changed, for receiving the authority change directive of input;
Authority determining unit to be changed, for based on above-mentioned authority change directive, determining the to be changed of above-mentioned application program
Virtual access authority;
Authority changing unit, for the terminal in pair virtual system associated with above-mentioned virtual access authority to be changed
Data are modified.
Therefore by the embodiment of the present invention, when application program initiates authority request instruction, rights management device will
The true access rights asked according to application program determine corresponding virtual access authority, and the virtual access authority is awarded
The application program is given, the situation that application program automatically exits from caused by not authorizing on the one hand can be avoided to occur, the opposing party
Face, because the virtual access authority is associated with the terminal data in virtual system, therefore, obtain answering for the virtual access authority
The terminal data for allowing to access with program is the terminal data in virtual system, so as to avoid the application program from getting very
Actual terminal data in real system, the personal information security of user is ensured to a certain extent.Further, when user wants
When allowing the application program to access the terminal data of real system, void that rights management device can be pair associated by with virtual access authority
Terminal data in plan system is modified, and assigns the terminal data in corresponding real system to virtual system, to ensure to answer
With the normal operation of program.
Embodiment five
Fig. 5 is the schematic diagram of intelligent terminal provided in an embodiment of the present invention.As shown in figure 5, the intelligent terminal 5 of the embodiment
Including:Processor 50, memory 51 and it is stored in the calculating that can be run in above-mentioned memory 51 and on above-mentioned processor 50
Machine program 52, such as rights management program.Above-mentioned processor 50 realizes above-mentioned each method when performing above computer program 52
Step in embodiment, such as the step S101 to S103 shown in Fig. 1.Or above-mentioned processor 50 performs above computer journey
The function of each unit in above-mentioned each device embodiment, such as the function of unit 41 to 43 shown in Fig. 4 are realized during sequence 52.
Exemplary, above computer program 52 can be divided into one or more units, said one or multiple
Unit is stored in above-mentioned memory 51, and is performed by above-mentioned processor 50, to complete the present invention.Said one or multiple lists
Member can complete the series of computation machine programmed instruction section of specific function, and the instruction segment is used to describe above computer journey
Implementation procedure of the sequence 52 in above-mentioned intelligent terminal 5.For example, above computer program 52, which can be divided into request, receives list
Member, authority determining unit, right grant unit, each unit concrete function are as follows:
Request reception unit, for receiving the authority request instruction of application program transmission;
Authority determining unit, the authority request instruction for being received based on above-mentioned request reception unit are asked true
Access rights, it is determined that virtual access authority corresponding with above-mentioned true access rights, wherein, above-mentioned true access rights with it is true
Terminal data in system is associated, and above-mentioned virtual access authority is associated with the terminal data in virtual system, above-mentioned virtual
Terminal data in system is different from the terminal data in above-mentioned real system;
Right grant unit, the virtual access authority for above-mentioned authority determining unit to be determined, which is authorized, above-mentioned applies journey
Sequence.
Above-mentioned intelligent terminal 5 can be desktop PC, notebook, palm PC, smart mobile phone and intelligent watch etc.
Computing device.Above-mentioned intelligent terminal may include, but be not limited only to, processor 50, memory 51.Those skilled in the art can manage
Solution, Fig. 5 is only the example of intelligent terminal 5, does not form the restriction to intelligent terminal 5, can be included more more or more than illustrating
Few part, some parts or different parts are either combined, such as above-mentioned intelligent terminal 5 can also include input and output
Equipment, network access equipment, bus etc..
Alleged processor 50 can be CPU (Central Processing Unit, CPU), can also be
Other general processors, digital signal processor (Digital Signal Processor, DSP), application specific integrated circuit
(Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-
Programmable Gate Array, FPGA) either other PLDs, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor can also be any conventional processor
Deng.
Above-mentioned memory 51 can be the internal storage unit of above-mentioned intelligent terminal 5, such as the hard disk of intelligent terminal 5 or interior
Deposit.Above-mentioned memory 51 can also be the External memory equipment of above-mentioned intelligent terminal 5, such as be equipped with above-mentioned intelligent terminal 5
Plug-in type hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, dodge
Deposit card (Flash Card) etc..Further, above-mentioned memory 51 can also both include the storage inside list of above-mentioned intelligent terminal 5
Member also includes External memory equipment.Above-mentioned memory 51 is used to store needed for above computer program and above-mentioned intelligent terminal 5
Other programs and data.Above-mentioned memory 51 can be also used for temporarily storing the data that has exported or will export.
Therefore by the embodiment of the present invention, when application program initiates authority request instruction, intelligent terminal is by basis
The true access rights that application program is asked determine corresponding virtual access authority, and authorize the virtual access authority to this
Application program, the situation that application program automatically exits from caused by not authorizing on the one hand can be avoided to occur, on the other hand, by
It is associated with the terminal data in virtual system in the virtual access authority, therefore, obtain the application journey of the virtual access authority
The terminal data that sequence allows to access is the terminal data in virtual system, so as to avoid the application program from getting true system
Actual terminal data in system, the personal information security of user is ensured to a certain extent.
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each work(
Can unit, module division progress for example, in practical application, can be as needed and by above-mentioned function distribution by different
Functional unit, module are completed, i.e., the internal structure of said apparatus are divided into different functional units or module, more than completion
The all or part of function of description.Each functional unit, module in embodiment can be integrated in a processing unit, also may be used
To be that unit is individually physically present, can also two or more units it is integrated in a unit, it is above-mentioned integrated
Unit can both be realized in the form of hardware, can also be realized in the form of SFU software functional unit.In addition, each function list
Member, the specific name of module are not limited to the protection domain of the application also only to facilitate mutually distinguish.Said system
The specific work process of middle unit, module, the corresponding process in preceding method embodiment is may be referred to, will not be repeated here.
In the above-described embodiments, the description to each embodiment all emphasizes particularly on different fields, and is not described in detail or remembers in some embodiment
The part of load, it may refer to the associated description of other embodiments.
Those of ordinary skill in the art are it is to be appreciated that the list of each example described with reference to the embodiments described herein
Member and algorithm steps, it can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
Performed with hardware or software mode, application-specific and design constraint depending on technical scheme.Professional and technical personnel
Described function can be realized using distinct methods to each specific application, but this realization is it is not considered that exceed
The scope of the present invention.
In embodiment provided by the present invention, it should be understood that disclosed device/intelligent terminal and method, can be with
Realize by another way.For example, device described above/intelligent terminal embodiment is only schematical, for example, on
The division of module or unit is stated, only a kind of division of logic function, there can be other dividing mode when actually realizing, such as
Multiple units or component can combine or be desirably integrated into another system, or some features can be ignored, or not perform.Separately
A bit, shown or discussed mutual coupling or direct-coupling or communication connection can be by some interfaces, device
Or INDIRECT COUPLING or the communication connection of unit, can be electrical, mechanical or other forms.
The above-mentioned unit illustrated as separating component can be or may not be physically separate, show as unit
The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On NE.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs
's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also
That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list
Member can both be realized in the form of hardware, can also be realized in the form of SFU software functional unit.
If above-mentioned integrated module/unit realized in the form of SFU software functional unit and as independent production marketing or
In use, it can be stored in a computer read/write memory medium.Based on such understanding, the present invention realizes above-mentioned implementation
All or part of flow in example method, by computer program the hardware of correlation can also be instructed to complete, above-mentioned meter
Calculation machine program can be stored in a computer-readable recording medium, and the computer program can be achieved when being executed by processor
The step of stating each embodiment of the method..Wherein, above computer program includes computer program code, above computer program
Code can be source code form, object identification code form, executable file or some intermediate forms etc..Readable Jie of above computer
Matter can include:Can carry any entity or device of above computer program code, recording medium, USB flash disk, mobile hard disk,
Magnetic disc, CD, computer storage, read-only storage (ROM, Read-Only Memory), random access memory (RAM,
Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It is it should be noted that above-mentioned
The content that computer-readable medium includes can carry out appropriate increasing according to legislation in jurisdiction and the requirement of patent practice
Subtract, such as in some jurisdictions, according to legislation and patent practice, computer-readable medium do not include be electric carrier signal and
Telecommunication signal.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although with reference to foregoing reality
Example is applied the present invention is described in detail, it will be understood by those within the art that:It still can be to foregoing each
Technical scheme described in embodiment is modified, or carries out equivalent substitution to which part technical characteristic;And these are changed
Or replace, the essence of appropriate technical solution is departed from the spirit and scope of various embodiments of the present invention technical scheme, all should
Within protection scope of the present invention.
Claims (10)
1. a kind of right management method, it is characterised in that the right management method includes:
Receive the authority request instruction that application program is sent;
The true access rights asked based on authority request instruction, it is determined that corresponding virtual with the true access rights
Access rights, wherein, the true access rights are associated with the terminal data in real system, the virtual access authority and
Terminal data in virtual system is associated, and the terminal data in the virtual system is different from the terminal in the real system
Data;
Authorize the virtual access authority to the application program.
2. right management method as claimed in claim 1, it is characterised in that the right management method also includes:
In virtual system described in initial start-up, the virtual access authority is initialized.
3. right management method as claimed in claim 2, it is characterised in that described to be carried out initially to the virtual access authority
Change, including:
Obtain the terminal data in the real system associated with the true access rights;
Terminal data in the real system that will be associated with the true access rights is copied to the virtual system;
To in the virtual system, replicating the obtained true system associated with the true access rights in a manner of default
Terminal data in system is modified, using the terminal data in the real system after change as in the virtual system
Terminal data;
The virtual access authority is associated with the terminal data in the virtual system, completed to the initial of virtual access authority
Change.
4. right management method as claimed in claim 2, it is characterised in that before virtual system described in initial start-up, institute
Stating right management method also includes:
The virtual system is created by sandbox in the real system.
5. the right management method as described in any one of Claims 1-4, it is characterised in that described to weigh the virtual access
Limit authorizes the application program, also includes afterwards:
Receive the authority change directive of input;
Based on the authority change directive, the virtual access authority to be changed of the application program is determined;
Terminal data in pair virtual system associated with the virtual access authority to be changed is modified.
6. a kind of rights management device, it is characterised in that the rights management device includes:
Request reception unit, for receiving the authority request instruction of application program transmission;
Authority determining unit, the true access that the authority request instruction for being received based on the request reception unit is asked
Authority, it is determined that virtual access authority corresponding with the truly access rights, wherein, the true access rights and real system
In terminal data be associated, the virtual access authority is associated with the terminal data in virtual system, the virtual system
In terminal data be different from the real system in terminal data;
Right grant unit, the virtual access authority for the authority determining unit to be determined authorize the application program.
7. rights management device as claimed in claim 6, it is characterised in that the rights management device also includes:
Authority initialization unit, in virtual system described in initial start-up, being initialized to the virtual access authority.
8. rights management device as claimed in claim 7, it is characterised in that the authority initialization unit includes:
Data acquisition subelement, for obtaining the terminal data in the real system associated with the true access rights;
Data duplication subelement, for the institute associated with the true access rights for getting the data acquisition subelement
State the terminal data in real system and be copied to the virtual system;
Data change subelement, in a manner of default in the virtual system, the data duplication subelement replicates
To real system associate with the true access rights in terminal data be modified, will be after change it is described very
Terminal data in real system is as the terminal data in the virtual system;
Data correlation subelement, for by the virtual access authority and the virtual system of data change subelement determination
Terminal data association, complete the initialization to virtual access authority.
9. a kind of intelligent terminal, including memory, processor and it is stored in the memory and can be on the processor
The computer program of operation, it is characterised in that realize such as claim 1 to 5 described in the computing device during computer program
The step of any one methods described.
10. a kind of computer-readable recording medium, the computer-readable recording medium storage has computer program, and its feature exists
In when the computer program is executed by processor the step of realization such as any one of claim 1 to 5 methods described.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710631659.0A CN107480554B (en) | 2017-07-28 | 2017-07-28 | Authority management method, authority management device and intelligent terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710631659.0A CN107480554B (en) | 2017-07-28 | 2017-07-28 | Authority management method, authority management device and intelligent terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107480554A true CN107480554A (en) | 2017-12-15 |
| CN107480554B CN107480554B (en) | 2020-08-14 |
Family
ID=60596833
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710631659.0A Active CN107480554B (en) | 2017-07-28 | 2017-07-28 | Authority management method, authority management device and intelligent terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107480554B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109462576A (en) * | 2018-10-16 | 2019-03-12 | 腾讯科技(深圳)有限公司 | Authorization policy configuration method, device and computer readable storage medium |
| CN110532764A (en) * | 2019-08-19 | 2019-12-03 | 维沃移动通信有限公司 | A kind of method, mobile terminal and the readable storage medium storing program for executing of permission processing |
| CN110619221A (en) * | 2019-08-09 | 2019-12-27 | 深圳市轱辘汽车维修技术有限公司 | Virtual authorization method, device, terminal equipment and storage medium |
| CN110765426A (en) * | 2019-10-22 | 2020-02-07 | 深圳市康冠智能科技有限公司 | Equipment permission setting method, device, equipment and computer storage medium |
| CN112597483A (en) * | 2020-07-16 | 2021-04-02 | 同方股份有限公司 | Privacy protection method and device, intelligent terminal and storage medium |
| CN112597484A (en) * | 2020-07-16 | 2021-04-02 | 同方股份有限公司 | Privacy protection method and device, intelligent terminal and storage medium |
| CN112597482A (en) * | 2020-07-16 | 2021-04-02 | 同方股份有限公司 | Privacy protection method and device, intelligent terminal and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102801688A (en) * | 2011-05-23 | 2012-11-28 | 联想(北京)有限公司 | Data access method, device and terminal supporting data access |
| CN104636647A (en) * | 2015-03-17 | 2015-05-20 | 南开大学 | Sensitive information protection method based on virtualization technology |
| CN105574402A (en) * | 2015-12-21 | 2016-05-11 | 联想(北京)有限公司 | Control method and electronic equipment |
| CN105991584A (en) * | 2015-02-12 | 2016-10-05 | 广东欧珀移动通信有限公司 | Information authority obtaining method and terminal |
| CN106485163A (en) * | 2016-09-22 | 2017-03-08 | 努比亚技术有限公司 | Control method and control device that mobile terminal data storehouse accesses |
-
2017
- 2017-07-28 CN CN201710631659.0A patent/CN107480554B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102801688A (en) * | 2011-05-23 | 2012-11-28 | 联想(北京)有限公司 | Data access method, device and terminal supporting data access |
| CN105991584A (en) * | 2015-02-12 | 2016-10-05 | 广东欧珀移动通信有限公司 | Information authority obtaining method and terminal |
| CN104636647A (en) * | 2015-03-17 | 2015-05-20 | 南开大学 | Sensitive information protection method based on virtualization technology |
| CN105574402A (en) * | 2015-12-21 | 2016-05-11 | 联想(北京)有限公司 | Control method and electronic equipment |
| CN106485163A (en) * | 2016-09-22 | 2017-03-08 | 努比亚技术有限公司 | Control method and control device that mobile terminal data storehouse accesses |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109462576A (en) * | 2018-10-16 | 2019-03-12 | 腾讯科技(深圳)有限公司 | Authorization policy configuration method, device and computer readable storage medium |
| CN110619221A (en) * | 2019-08-09 | 2019-12-27 | 深圳市轱辘汽车维修技术有限公司 | Virtual authorization method, device, terminal equipment and storage medium |
| CN110619221B (en) * | 2019-08-09 | 2023-10-31 | 深圳市轱辘车联数据技术有限公司 | Virtual authorization method, device, terminal equipment and storage medium |
| CN110532764A (en) * | 2019-08-19 | 2019-12-03 | 维沃移动通信有限公司 | A kind of method, mobile terminal and the readable storage medium storing program for executing of permission processing |
| CN110532764B (en) * | 2019-08-19 | 2022-03-11 | 维沃移动通信有限公司 | Authority processing method, mobile terminal and readable storage medium |
| CN110765426A (en) * | 2019-10-22 | 2020-02-07 | 深圳市康冠智能科技有限公司 | Equipment permission setting method, device, equipment and computer storage medium |
| CN112597483A (en) * | 2020-07-16 | 2021-04-02 | 同方股份有限公司 | Privacy protection method and device, intelligent terminal and storage medium |
| CN112597484A (en) * | 2020-07-16 | 2021-04-02 | 同方股份有限公司 | Privacy protection method and device, intelligent terminal and storage medium |
| CN112597482A (en) * | 2020-07-16 | 2021-04-02 | 同方股份有限公司 | Privacy protection method and device, intelligent terminal and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107480554B (en) | 2020-08-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107480554A (en) | A kind of right management method, rights management device and intelligent terminal | |
| CN112765268B (en) | Data privacy protection method, device and equipment based on block chain | |
| CN109981619A (en) | Data capture method, device, medium and electronic equipment | |
| CN104081713B (en) | The long-range trust identification of server and client computer in cloud computing environment and geographical location | |
| CN108305072A (en) | Dispose method, equipment and the computer storage media of block chain network | |
| CN103366135B (en) | The security system driven by tenant in storage cloud and method | |
| CN107925660A (en) | Data access and ownership management | |
| CN109409885A (en) | Across chain method of commerce, device and storage medium on block chain | |
| US11741254B2 (en) | Privacy centric data security in a cloud environment | |
| CN112036125A (en) | Document management method and device and computer equipment | |
| CN111324615A (en) | Data processing method, device, medium and electronic equipment | |
| US11477187B2 (en) | API key access authorization | |
| CN109145530A (en) | Online document automatic authorization method, apparatus and electronic equipment | |
| CN111552945A (en) | Resource processing method, device and equipment | |
| CN107391003A (en) | Navigation data processing method | |
| JP7445685B2 (en) | Open interface management methods, electronic devices, and storage media | |
| CN109756527B (en) | Data sharing method, device and system | |
| CN109087089A (en) | A kind of method of payment, payment mechanism and terminal device | |
| CN112163949A (en) | Intelligent contract generation method and device based on contract component imaging | |
| CN107566499A (en) | The methods, devices and systems of data syn-chronization | |
| CN114936365B (en) | System, method and device for protecting secret data | |
| CN109324843A (en) | A kind of finger prints processing system, method and fingerprint equipment | |
| CN110008186A (en) | For file management method, device, terminal and the medium of more ftp data sources | |
| CN112799744B (en) | Industrial APP calling method and device, computer readable medium and electronic equipment | |
| CN115033853A (en) | Function access authority control method and device based on intelligent contract |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |