CN107480554B - Authority management method, authority management device and intelligent terminal - Google Patents
Authority management method, authority management device and intelligent terminal Download PDFInfo
- Publication number
- CN107480554B CN107480554B CN201710631659.0A CN201710631659A CN107480554B CN 107480554 B CN107480554 B CN 107480554B CN 201710631659 A CN201710631659 A CN 201710631659A CN 107480554 B CN107480554 B CN 107480554B
- Authority
- CN
- China
- Prior art keywords
- virtual
- real
- data
- terminal data
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/629—Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
Abstract
The invention discloses a permission management method, a permission management device and an intelligent terminal, wherein the permission management method comprises the following steps: receiving an authority request instruction sent by an application program; determining a virtual access right corresponding to the real access right based on the real access right requested by the right request instruction, wherein the real access right is associated with terminal data in a real system, the virtual access right is associated with terminal data in a virtual system, and the terminal data in the virtual system is different from the terminal data in the real system; and granting the virtual access right to the application program. The scheme can not only open the required access authority for the application program, but also ensure the personal information safety of the user.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a rights management method, a rights management apparatus, an intelligent terminal, and a computer-readable storage medium.
Background
Many application programs often apply a large amount of unnecessary permission or even permission which is not related to the application program to the intelligent terminal when the application program is installed, for example, some application programs apply permission to the intelligent terminal to read information such as a secure digital card (SD card), system log information, address book information, call information, short message information, the geographic position of the intelligent terminal and the like. If the user grants the rights they require to these applications, it may cause the personal data stored on the intelligent terminal to be revealed; if the user does not open their required rights to these applications, this can result in the application becoming unusable and even in the application automatically exiting.
Disclosure of Invention
In view of this, the present invention provides a rights management method, a rights management apparatus, an intelligent terminal, and a computer-readable storage medium, which aim to open access rights required for an application program on the premise of ensuring personal information security of a user.
A first aspect of an embodiment of the present invention provides a rights management method, where the rights management method includes:
receiving an authority request instruction sent by an application program;
determining a virtual access right corresponding to the real access right based on the real access right requested by the right request instruction, wherein the real access right is associated with terminal data in a real system, the virtual access right is associated with terminal data in a virtual system, and the terminal data in the virtual system is different from the terminal data in the real system;
and granting the virtual access right to the application program.
A second aspect of an embodiment of the present invention provides a rights management apparatus, including:
the request receiving unit is used for receiving an authority request instruction sent by an application program;
a permission determining unit, configured to determine, based on a real access permission requested by a permission request instruction received by the request receiving unit, a virtual access permission corresponding to the real access permission, where the real access permission is associated with terminal data in a real system, the virtual access permission is associated with terminal data in a virtual system, and the terminal data in the virtual system is different from the terminal data in the real system;
and the permission granting unit is used for granting the virtual access permission determined by the permission determining unit to the application program.
A third aspect of the embodiments of the present invention provides an intelligent terminal, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the method when executing the computer program.
A fourth aspect of embodiments of the present invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method as described above.
As can be seen from the above, according to the scheme of the present invention, firstly, an authority request instruction sent by an application program is received, then, based on a real access authority requested by the authority request instruction, a virtual access authority corresponding to the real access authority is determined, wherein the real access authority is associated with terminal data in a real system, the virtual access authority is associated with terminal data in a virtual system, the terminal data in the virtual system is different from the terminal data in the real system, and finally, the virtual access authority is granted to the application program. According to the scheme of the invention, when the application program requests the access right, the corresponding virtual access right of the real access right requested by the application program is granted, so that on one hand, the situation that the application program automatically exits due to unauthorized can be avoided, and on the other hand, because the virtual access right is associated with the terminal data in the virtual system, the terminal data allowed to be accessed by the application program obtaining the virtual access right is the terminal data in the virtual system, so that the application program can be prevented from obtaining the actual terminal data in the real system, and the personal information safety of a user is ensured to a certain extent.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic diagram of an implementation flow of a rights management method provided in an embodiment of the present invention;
fig. 2 is a schematic diagram of a specific implementation flow for initializing a virtual access right in the right management method according to the embodiment of the present invention;
FIG. 3 is a schematic diagram of an implementation flow of another rights management method provided in the embodiment of the present invention;
FIG. 4 is a diagram of a rights management device according to an embodiment of the invention;
fig. 5 is a schematic diagram of an intelligent terminal according to an embodiment of the present invention.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present invention with unnecessary detail.
In order to explain the technical means of the present invention, the following description will be given by way of specific examples.
Example one
Fig. 1 shows an implementation process of a rights management method provided in an embodiment of the present invention, which is detailed as follows:
in step S101, an authority request instruction sent by an application program is received;
in the embodiment of the invention, in the running process of the application program, the permission request instruction sent by the application program is received. Specifically, when the application program is installed, an authority request instruction sent by the application program is received; alternatively, in step S101, the permission request command sent by the application program may be received when the application program is used, which is not limited herein.
In step S102, determining a virtual access right corresponding to the real access right based on the real access right requested by the right request instruction;
in the embodiment of the present invention, the real access right is associated with terminal data in a real system, the virtual access right is associated with terminal data in a virtual system, and the terminal data in the virtual system is different from the terminal data in the real system. The terminal data in the real system is data actually stored in the intelligent terminal by the user; the real access right is associated with terminal data in a real system, and means that the terminal data in the real system can be accessed through the real access right, namely, data actually stored in the intelligent terminal by a user can be acquired through the real access right; the virtual access right is associated with terminal data in a virtual system, which means that the terminal data in the virtual system can be accessed through the virtual access right, and since the terminal data in the virtual system is different from the terminal data in the real system, the data actually stored in the intelligent terminal by the user cannot be acquired through the virtual access right. It should be noted that each real access right has a corresponding virtual access right in the virtual system, so that after receiving the right request command sent by the application program in step S101, the virtual access right corresponding to the real access right can be determined based on the real access right requested by the right request command.
In step S103, the virtual access right is granted to the application program.
In the embodiment of the present invention, the virtual access right determined in step S102 is granted to the application program, so that the application program continues to run. If the application program is an authority request instruction sent out in the installation process, the application program can be continuously installed after the virtual access authority of the application program is granted; if the application program is an authority request instruction sent out in the using process, after the virtual access authority of the application program is granted, the user can continue to use the function of the application program.
In order to make the process of the embodiment of the present invention clearer, the following is described as an example: assuming that a user is on a business trip with an intelligent terminal, when an application program A is used, the application program A sends an authority request instruction to request to acquire geographic position information for accessing the intelligent terminal; assume again that the functionality of application a is not dependent on geographical location, in which case the user does not want to inform application a of his real geographical location; at this time, by the embodiment of the present invention, a virtual access right is granted to the intelligent terminal, and since the terminal data in the virtual system is different from the terminal data in the real system, the application a can only obtain the virtual geographic location information b pre-stored in the virtual system, and the real geographic location a of the intelligent terminal of the user will not be notified to the application a. However, for the application a, the application a does access the information of the geographic location of the intelligent terminal and obtains the information of the geographic location b, and the application a does not know that the data obtained by the application a is virtual data, that is, the application a considers that the data obtained by the application a is real data of the intelligent terminal, and continues to operate on the basis of the virtual data, and executes the subsequent operation of the application a.
Optionally, the rights management method further includes:
and initializing the virtual access authority when the virtual system is started for the first time.
The virtual system may be created in a real system through a sandbox, and of course, may also be created in other manners, which is not limited herein. Since the virtual system is actually a virtual mirror image of a real system of the intelligent terminal, when the virtual system is started for the first time, data stored in the virtual system is empty, and thus the virtual access right needs to be initialized. As shown in fig. 2, in the embodiment of the present invention, the initializing the virtual access right specifically includes:
s201, acquiring terminal data in the real system associated with the real access authority;
s202, copying the terminal data in the real system associated with the real access authority to the virtual system;
when the virtual access right is initialized, the terminal data in the real system associated with the real access right is firstly acquired, and the acquired terminal data in the real system is copied to the virtual system, so that the virtual system can know the type of the terminal data possibly requested by the application program for the intelligent terminal and the storage format of various types of terminal data on the intelligent terminal, and invalid terminal data is prevented from being generated when the virtual access right is initialized.
S203, modifying the terminal data in the real system related to the real access authority, which is obtained by copying in the virtual system in a preset mode, and taking the modified terminal data in the real system as the terminal data in the virtual system;
in order to make the terminal data in the virtual system different from the terminal data in the real system, after copying the terminal data in the real system to the virtual system, the copied terminal data can be changed in a preset manner, for example, a blank operation can be performed on data which can be blank, such as address book data, short message data, picture library data, and the like; for data which cannot be empty, such as the geographic position data of the intelligent terminal, the data can be changed to preset default data, for example, the geographic position data of the intelligent terminal is changed to beijing. Of course, even for data that may be empty, the default data may be changed to the default data, and the change manner is not limited here. It should be noted that, when the copied terminal data is changed to preset default data, in order to avoid the situation that the default data is consistent with the copied terminal data, first default data and second default data may be preset in the virtual system, where the first default data and the second default data are different: firstly, detecting whether first default data is consistent with terminal data obtained by copying, and if not, changing the terminal data obtained by copying into the first default data; and if the terminal data are consistent with the second default data, the terminal data obtained by copying are changed into the second default data.
In step S204, the virtual access right is associated with the terminal data in the virtual system, and the initialization of the virtual access right is completed.
After the initialization of the terminal data in the virtual system is completed, the virtual access authority is continuously associated with the terminal data in the virtual system, and the initialization of the virtual access authority is completed, so that the application program can access and obtain the terminal data in the virtual system after being granted with the virtual access authority.
As can be seen from the above, according to the embodiments of the present invention, when an application program initiates an authority request instruction, a corresponding virtual access authority is determined according to a real access authority requested by the application program, and the virtual access authority is granted to the application program, on one hand, an automatic exit of the application program due to unauthorized access can be avoided, and on the other hand, since the virtual access authority is associated with terminal data in a virtual system, the terminal data allowed to be accessed by the application program obtaining the virtual access authority is terminal data in the virtual system, so that the application program can be prevented from obtaining actual terminal data in the real system, and personal information security of a user can be guaranteed to a certain extent.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
Example two
On the basis of the first embodiment, fig. 2 shows an implementation flow of another rights management method provided by the second embodiment of the present invention, which is detailed as follows:
in step S301, an authority request instruction sent by an application program is received;
in step S302, determining a virtual access right corresponding to the real access right based on the real access right requested by the right request instruction;
in step S303, the virtual access right is granted to the application program;
in the embodiment of the present invention, the implementation manners of the steps S301 to S303 are the same as or similar to the implementation manners of the steps S101 and S103, respectively, and are not repeated herein.
In step S304, an input permission change instruction is received;
in the embodiment of the present invention, if some functions of the application program do require to access the terminal data of the real system, in the process that the application program continues to operate based on the granted virtual access right in step S303, the operation state of the application program may also be detected: if the application program cannot normally run, outputting a reminding message to prompt the permission change of the application program and wait for receiving a permission change instruction input by a user; after receiving the permission change instruction to be input by the user, the steps S305 and S306 are continuously executed.
In step S305, determining a virtual access right to be changed of the application program based on the right change instruction;
in the embodiment of the present invention, since the application program may have requested a plurality of access rights, when the change is made, only one or a few of the access rights generally need to be changed. The permission changing instruction indicates the access permission which the user wants to change the application program, so that the virtual access permission to be changed of the application program can be determined based on the permission changing instruction.
In step S306, terminal data in the virtual system associated with the virtual access right to be changed is changed.
In the embodiment of the present invention, after the virtual access right to be changed of the application program is determined in step S305, the terminal data in the virtual system associated with the virtual access right to be changed is changed. Specifically, the changing operation may be: and changing the terminal data in the virtual system associated with the virtual access authority to be changed into the corresponding terminal data in the real system. It should be noted that only the terminal data in the virtual system is modified, and the application program accesses the terminal data in the virtual system, that is, the application program still cannot directly access the terminal data in the real system.
As can be seen from the above, according to the embodiments of the present invention, when an application program initiates an authority request instruction, a corresponding virtual access authority is determined according to a real access authority requested by the application program, and the virtual access authority is granted to the application program, on one hand, an automatic exit of the application program due to unauthorized access can be avoided, and on the other hand, since the virtual access authority is associated with terminal data in a virtual system, the terminal data allowed to be accessed by the application program obtaining the virtual access authority is terminal data in the virtual system, so that the application program can be prevented from obtaining actual terminal data in the real system, and personal information security of a user can be guaranteed to a certain extent. Further, when the user wants to make the application access the terminal data of the real system, the terminal data in the virtual system associated with the virtual access authority can be changed, and the corresponding terminal data in the real system is given to the virtual system, so that the normal operation of the application is ensured.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
EXAMPLE III
Fig. 4 shows a block diagram of a rights management device according to an embodiment of the present invention, and for convenience of description, only the portions related to the embodiment of the present invention are shown. The right management apparatus 4 includes: a request receiving unit 41, a right determining unit 42, a right granting unit 43.
The request receiving unit 41 is configured to receive an authority request instruction sent by an application program;
a permission determining unit 42 configured to determine a virtual access permission corresponding to a real access permission based on the real access permission requested by the permission request instruction received by the request receiving unit 41, wherein the real access permission is associated with terminal data in a real system, the virtual access permission is associated with terminal data in a virtual system, and the terminal data in the virtual system is different from the terminal data in the real system;
a right granting unit 43, configured to grant the virtual access right determined by the right determining unit 42 to the application program.
Optionally, the rights management device 4 further comprises:
and the authority initialization unit is used for initializing the virtual access authority when the virtual system is started for the first time.
Optionally, the authority initialization unit includes:
a data obtaining subunit, configured to obtain terminal data in the real system associated with the real access right;
a data replication subunit, configured to replicate, to the virtual system, the terminal data in the real system that is associated with the real access right and is acquired by the data acquisition subunit;
a data modification subunit, configured to modify, in a preset manner, terminal data in the real system, which is obtained by copying by the data replication subunit and is associated with the real access right, and use the modified terminal data in the real system as the terminal data in the virtual system;
and the data association subunit is used for associating the virtual access authority with the terminal data in the virtual system determined by the data change subunit to complete the initialization of the virtual access authority.
Optionally, the rights management device 4 further comprises:
and the virtual system creating unit is used for creating the virtual system in the real system through a sandbox.
Optionally, the rights management device 4 further comprises:
the change receiving unit is used for receiving an input permission change instruction;
a to-be-changed permission determining unit, configured to determine, based on the permission change instruction, a to-be-changed virtual access permission of the application program;
and the permission changing unit is used for changing the terminal data in the virtual system associated with the virtual access permission to be changed.
As can be seen from the above, according to the embodiments of the present invention, when an application program initiates a permission request instruction, a permission management device determines a corresponding virtual access permission according to a real access permission requested by the application program, and grants the virtual access permission to the application program, on one hand, a situation that the application program automatically exits due to unauthorized access can be avoided, and on the other hand, since the virtual access permission is associated with terminal data in a virtual system, the terminal data allowed to be accessed by the application program obtaining the virtual access permission is terminal data in the virtual system, so that the application program can be prevented from obtaining actual terminal data in the real system, and personal information security of a user can be guaranteed to a certain extent. Further, when the user wants to make the application access the terminal data of the real system, the authority management device may change the terminal data in the virtual system associated with the virtual access authority, and endow the corresponding terminal data in the real system to the virtual system, so as to ensure the normal operation of the application.
EXAMPLE five
Fig. 5 is a schematic diagram of an intelligent terminal according to an embodiment of the present invention. As shown in fig. 5, the intelligent terminal 5 of this embodiment includes: a processor 50, a memory 51, and a computer program 52, such as a rights management program, stored in the memory 51 and operable on the processor 50. The processor 50 implements the steps of the various method embodiments described above, such as steps S101 to S103 shown in fig. 1, when executing the computer program 52. Alternatively, the processor 50 implements the functions of the units in the device embodiments, such as the units 41 to 43 shown in fig. 4, when executing the computer program 52.
Illustratively, the computer program 52 may be divided into one or more units, which are stored in the memory 51 and executed by the processor 50 to implement the present invention. The one or more units may be a series of computer program instruction segments capable of performing specific functions, and the instruction segments are used for describing the execution process of the computer program 52 in the intelligent terminal 5. For example, the computer program 52 may be divided into a request receiving unit, an authority determining unit, and an authority granting unit, and the specific functions of each unit are as follows:
the request receiving unit is used for receiving an authority request instruction sent by an application program;
a permission determining unit, configured to determine a virtual access permission corresponding to a real access permission based on a real access permission requested by a permission request instruction received by the request receiving unit, where the real access permission is associated with terminal data in a real system, the virtual access permission is associated with terminal data in a virtual system, and the terminal data in the virtual system is different from the terminal data in the real system;
and the authority granting unit is used for granting the virtual access authority determined by the authority determining unit to the application program.
The intelligent terminal 5 may be a desktop computer, a notebook, a palm computer, a smart phone, a smart watch, or other computing devices. The intelligent terminal may include, but is not limited to, a processor 50 and a memory 51. It will be understood by those skilled in the art that fig. 5 is only an example of the intelligent terminal 5, and does not constitute a limitation to the intelligent terminal 5, and may include more or less components than those shown, or combine some components, or different components, for example, the intelligent terminal 5 may further include an input-output device, a network access device, a bus, etc.
The Processor 50 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The storage 51 may be an internal storage unit of the intelligent terminal 5, such as a hard disk or a memory of the intelligent terminal 5. The memory 51 may be an external storage device of the Smart terminal 5, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) and the like provided on the Smart terminal 5. Further, the memory 51 may include both an internal storage unit and an external storage device of the smart terminal 5. The memory 51 is used for storing the computer program and other programs and data required by the intelligent terminal 5. The above-mentioned memory 51 may also be used to temporarily store data that has been output or is to be output.
As can be seen from the above, according to the embodiment of the present invention, when an application program initiates an authority request instruction, an intelligent terminal determines a corresponding virtual access authority according to a real access authority requested by the application program, and grants the virtual access authority to the application program, on one hand, the situation that the application program automatically exits due to unauthorized access can be avoided, and on the other hand, since the virtual access authority is associated with terminal data in a virtual system, the terminal data allowed to be accessed by the application program obtaining the virtual access authority is terminal data in the virtual system, so that the application program can be prevented from obtaining actual terminal data in the real system, and personal information security of a user can be ensured to a certain extent.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned functions may be distributed as different functional units and modules according to needs, that is, the internal structure of the apparatus may be divided into different functional units or modules to implement all or part of the above-mentioned functions. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the system may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus/intelligent terminal and method can be implemented in other ways. For example, the above-described device/intelligent terminal embodiments are merely illustrative, and for example, the division of the above modules or units is only one logical function division, and there may be other division manners in actual implementation, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated modules/units described above, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium and can implement the steps of the embodiments of the method when the computer program is executed by a processor. . The computer program includes computer program code, and the computer program code may be in a source code form, an object code form, an executable file or some intermediate form. The computer readable medium may include: any entity or device capable of carrying the above-mentioned computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signal, telecommunication signal, software distribution medium, etc. It should be noted that the computer readable medium described above may be suitably increased or decreased as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media excludes electrical carrier signals and telecommunications signals in accordance with legislation and patent practice.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.
Claims (4)
1. A rights management method, comprising:
receiving an authority request instruction sent by an application program;
determining a virtual access right corresponding to the real access right based on the real access right requested by the right request instruction, wherein the real access right is associated with terminal data in a real system, the virtual access right is associated with terminal data in a virtual system, and the terminal data in the virtual system is different from the terminal data in the real system; creating the virtual system in a real system through a sandbox; each real access authority has a corresponding virtual access authority in the virtual system;
granting the virtual access rights to the application;
receiving an input permission change instruction;
determining virtual access authority to be changed of the application program based on the authority changing instruction;
changing the terminal data in the virtual system associated with the virtual access authority to be changed into the corresponding terminal data in the real system;
the rights management method further includes:
initializing the virtual access authority when the virtual system is started for the first time;
the initializing the virtual access right includes:
acquiring terminal data in the real system associated with the real access right;
copying terminal data in the real system associated with the real access right to the virtual system;
changing the terminal data in the real system which is obtained by copying and is associated with the real access authority in the virtual system in a preset mode, and taking the changed terminal data in the real system as the terminal data in the virtual system;
associating the virtual access authority with terminal data in the virtual system to complete initialization of the virtual access authority;
presetting first default data and second default data in the virtual system, wherein the first default data and the second default data are different: firstly, detecting whether first default data is consistent with terminal data obtained by copying, and if not, changing the terminal data obtained by copying into the first default data; and if the terminal data are consistent with the second default data, the terminal data obtained by copying are changed into the second default data.
2. A rights management apparatus characterized by comprising:
the request receiving unit is used for receiving an authority request instruction sent by an application program;
a permission determining unit, configured to determine, based on a real access permission requested by a permission request instruction received by the request receiving unit, a virtual access permission corresponding to the real access permission, where the real access permission is associated with terminal data in a real system, the virtual access permission is associated with terminal data in a virtual system, and the terminal data in the virtual system is different from the terminal data in the real system; each real access authority has a corresponding virtual access authority in the virtual system;
the authority granting unit is used for granting the virtual access authority determined by the authority determining unit to the application program;
a virtual system creating unit configured to create the virtual system in the real system through a sandbox;
the change receiving unit is used for receiving an input permission change instruction;
a to-be-changed permission determining unit, configured to determine, based on the permission change instruction, a to-be-changed virtual access permission of the application program;
the permission changing unit is used for changing the terminal data in the virtual system associated with the virtual access permission to be changed into the corresponding terminal data in the real system;
the authority initialization unit is used for initializing the virtual access authority when the virtual system is started for the first time;
the right initialization unit includes:
the data acquisition subunit is used for acquiring terminal data in the real system associated with the real access authority;
the data replication sub-unit is used for replicating the terminal data in the real system, which is acquired by the data acquisition sub-unit and is associated with the real access authority, to the virtual system;
the data modification subunit is configured to modify, in a preset manner, terminal data in the real system, which is obtained by copying by the data replication subunit and is associated with the real access right, and use the modified terminal data in the real system as the terminal data in the virtual system;
the data association subunit is used for associating the virtual access authority with the terminal data in the virtual system determined by the data change subunit to complete the initialization of the virtual access authority;
presetting first default data and second default data in the virtual system, wherein the first default data and the second default data are different: firstly, detecting whether first default data is consistent with terminal data obtained by copying, and if not, changing the terminal data obtained by copying into the first default data; and if the terminal data are consistent with the second default data, the terminal data obtained by copying are changed into the second default data.
3. An intelligent terminal comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the steps of the method of claim 1 are implemented when the computer program is executed by the processor.
4. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method as set forth in claim 1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710631659.0A CN107480554B (en) | 2017-07-28 | 2017-07-28 | Authority management method, authority management device and intelligent terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710631659.0A CN107480554B (en) | 2017-07-28 | 2017-07-28 | Authority management method, authority management device and intelligent terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107480554A CN107480554A (en) | 2017-12-15 |
| CN107480554B true CN107480554B (en) | 2020-08-14 |
Family
ID=60596833
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710631659.0A Active CN107480554B (en) | 2017-07-28 | 2017-07-28 | Authority management method, authority management device and intelligent terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107480554B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109462576B (en) * | 2018-10-16 | 2020-04-21 | 腾讯科技(深圳)有限公司 | Permission policy configuration method and device and computer readable storage medium |
| CN110619221B (en) * | 2019-08-09 | 2023-10-31 | 深圳市轱辘车联数据技术有限公司 | Virtual authorization method, device, terminal equipment and storage medium |
| CN110532764B (en) * | 2019-08-19 | 2022-03-11 | 维沃移动通信有限公司 | Authority processing method, mobile terminal and readable storage medium |
| CN110765426A (en) * | 2019-10-22 | 2020-02-07 | 深圳市康冠智能科技有限公司 | Equipment permission setting method, device, equipment and computer storage medium |
| CN112597484A (en) * | 2020-07-16 | 2021-04-02 | 同方股份有限公司 | Privacy protection method and device, intelligent terminal and storage medium |
| CN112597482A (en) * | 2020-07-16 | 2021-04-02 | 同方股份有限公司 | Privacy protection method and device, intelligent terminal and storage medium |
| CN112597483A (en) * | 2020-07-16 | 2021-04-02 | 同方股份有限公司 | Privacy protection method and device, intelligent terminal and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102801688A (en) * | 2011-05-23 | 2012-11-28 | 联想(北京)有限公司 | Data access method, device and terminal supporting data access |
| CN104636647A (en) * | 2015-03-17 | 2015-05-20 | 南开大学 | Sensitive information protection method based on virtualization technology |
| CN105574402A (en) * | 2015-12-21 | 2016-05-11 | 联想(北京)有限公司 | Control method and electronic equipment |
| CN105991584A (en) * | 2015-02-12 | 2016-10-05 | 广东欧珀移动通信有限公司 | Information authority obtaining method and terminal |
| CN106485163A (en) * | 2016-09-22 | 2017-03-08 | 努比亚技术有限公司 | Control method and control device that mobile terminal data storehouse accesses |
-
2017
- 2017-07-28 CN CN201710631659.0A patent/CN107480554B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102801688A (en) * | 2011-05-23 | 2012-11-28 | 联想(北京)有限公司 | Data access method, device and terminal supporting data access |
| CN105991584A (en) * | 2015-02-12 | 2016-10-05 | 广东欧珀移动通信有限公司 | Information authority obtaining method and terminal |
| CN104636647A (en) * | 2015-03-17 | 2015-05-20 | 南开大学 | Sensitive information protection method based on virtualization technology |
| CN105574402A (en) * | 2015-12-21 | 2016-05-11 | 联想(北京)有限公司 | Control method and electronic equipment |
| CN106485163A (en) * | 2016-09-22 | 2017-03-08 | 努比亚技术有限公司 | Control method and control device that mobile terminal data storehouse accesses |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107480554A (en) | 2017-12-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107480554B (en) | Authority management method, authority management device and intelligent terminal | |
| US7434264B2 (en) | Data processing system with peripheral access protection and method therefor | |
| US20160048688A1 (en) | Restricting System Calls using Protected Storage | |
| US9239934B2 (en) | Mobile computing system for providing high-security execution environment | |
| CN107506637B (en) | Information display method and device, terminal and readable storage medium | |
| US9460272B2 (en) | Method and apparatus for group licensing of device features | |
| CN110096314B (en) | Interface initialization method, device, equipment and computer readable storage medium | |
| CN110138767B (en) | Transaction request processing method, device, equipment and storage medium | |
| US11209951B2 (en) | Method and apparatus for displaying application program, terminal device, and storage medium | |
| CN112000382A (en) | Linux system starting method and device and readable storage medium | |
| CN109756527B (en) | Data sharing method, device and system | |
| CN111753268B (en) | Single sign-on method, single sign-on device, storage medium and mobile terminal | |
| CN111447178B (en) | Access control method, system and computing device | |
| CN102799818A (en) | Method and device for managing digital resources | |
| US10592644B2 (en) | Information protection method and device based on a plurality of sub-areas for MCU chip | |
| CN108391281B (en) | Bridging method of wireless network, terminal equipment and storage medium | |
| CN107368738B (en) | Root prevention method and Root prevention device for intelligent equipment | |
| CN109981873B (en) | Address book permission opening method and device and electronic equipment | |
| CN112417402B (en) | Authority control method, authority control device, authority control equipment and storage medium | |
| CN110245016B (en) | Data processing method, system, device and terminal equipment | |
| CN110765426A (en) | Equipment permission setting method, device, equipment and computer storage medium | |
| JP7099308B2 (en) | Information processing systems, equipment, methods, and programs | |
| CN114124524A (en) | Cloud platform permission setting method and device, terminal equipment and storage medium | |
| CN111310166A (en) | Authority management method, device, equipment and storage medium | |
| CN114078007A (en) | Transaction method and device based on block chain and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |