CN107545170A - System right management method, apparatus and intelligent terminal - Google Patents
System right management method, apparatus and intelligent terminal Download PDFInfo
- Publication number
- CN107545170A CN107545170A CN201610488792.0A CN201610488792A CN107545170A CN 107545170 A CN107545170 A CN 107545170A CN 201610488792 A CN201610488792 A CN 201610488792A CN 107545170 A CN107545170 A CN 107545170A
- Authority
- CN
- China
- Prior art keywords
- application
- signing messages
- intelligent terminal
- legitimate
- legitimate signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the present invention provides a kind of System right management method, apparatus and intelligent terminal, first presets legitimate signature list, in default legitimate signature list in addition to the system signature information comprising intelligent terminal system, in addition at least one operator's signing messages.After application to be installed is got in intelligent terminal, directly the signing messages of the application is matched with the legitimate signature information in default legitimate signature list, it is such as successful with any one legitimate signature information matches in legitimate signature list, allow this to apply to install on intelligent terminal, and set the application that there are System Privileges.Intelligent terminal in the present invention can support more than two system signatures, operator need not will allow its help to set signature using terminal producer is issued, terminal producer issues operator also without by the signing messages of oneself, can the fairly simple support and management easily realized to operator's application system claim, and can lifting security.
Description
Technical field
The present invention relates to intelligent terminal field, more particularly to a kind of System right management method, apparatus and intelligent terminal.
Background technology
The application in various intelligent terminals (such as mobile phone, set top box, IPAD etc.) on the market will obtain terminal system at present
System authority, is required for by system signature certification, and current various intelligent terminals all only support a kind of system signature, the system
Sign the acquiescence signing messages set for terminal producer, therefore the built-in application for being substantially terminal in intelligent terminal at present has
System Privileges, and the signature for the third-party application that each operator provides is typically all the signing messages of operator oneself, this just leads
The application for causing operator to provide can not normally obtain terminal system authority.Such as:If user is accurate in Android intelligent terminal
For the apk of nonsystematic signature is installed, now apk can not get System Privileges.It is from foregoing description as can be seen that current
Smart machine be a kind of support single signature equipment, if during the user installation apk inconsistent with system signature, this
Apk use will be restricted, and actually limited generally support of the smart machine to various applications, also just reduced and set
Standby compatibility, this also inherently has a strong impact on the experience of user, especially to there is the client of operator of specific demand.At present,
In order to solve the above problems, each operator wants to make its apk possess System Privileges, typically there is two kinds of methods:
Method one:
1. add android in the manifest nodes in the AndroidManifest.xml of application program:
SharedUserId=" android.uid.system " this attribute.
2. changing Android.mk files, LOCAL_CERTIFICATE is added:This line of=platform.
3. compiled using mm orders
Method two:
1. being same as above, android is added:SharedUserId=" android.uid.system " this attribute.
2. apk files are compiled out using eclipse, but this apk file is obsolete.
3. opening apk files with compressed software, two texts of CERT.SF and CERT.RSA under META-INF catalogues are deleted
Part.
4. come again to apk file signatures using the platform keys of goal systems.This step is cumbersome.
A, key file is found first, the position in my Android source code catalogues
" build/target/product/security/ ", following platform.pk8 and
Two files of platform.x509.pem.
B, and then with the Signapk instruments of Android offers sign, signapk source code is in " build/
Under tools/signapk ", usage is " signapk platform.x509.pem platform.pk8input.apk
The apk that output.apk " is so generated is operated in system process, and is provided with system authorities.
It is all more complicated that both the above method, which uses, and is difficult to operate, and method one needs operator to issue apk
Terminal producer is signed, but operator is many using the apk in store and is frequently necessary to upgrade, and operation difficulty is big.Method two
Producer is needed to provide signature file to operator, so operation can cause the leakage of producer's signing messages to a certain extent, right
Larger hidden danger be present in the information of producer, technical security.It can be seen that existing method is all to try every possible means the signature of application being arranged to
Unique System signing messages specified by intelligent terminal producer understands that this mode is deposited to obtain System Privileges, according to above-mentioned analysis
Operation difficulty it is big, the problem of potential safety hazard be present.
The content of the invention
System right management method, apparatus provided in an embodiment of the present invention and intelligent terminal, main technical problems to be solved
It is:Solve the existing Unique System signing messages that the signature of application is arranged to the setting of intelligent terminal producer as far as possible is to obtain
Unite authority, there is that operation difficulty is big, has the problem of potential safety hazard.
In order to solve the above technical problems, the embodiment of the present invention provides a kind of System right management method, including:
After application to be installed is got in intelligent terminal, the signing messages of the application is obtained;
The signing messages is matched with the legitimate signature information in default legitimate signature list, it is described default legal
Signature list includes the system signature information of the intelligent terminal system and at least one operator's signing messages;
Any one in the signing messages and the legitimate signature information is when the match is successful, it is allowed to described to apply
Installed on the intelligent terminal, and set the application that there are System Privileges.
The embodiment of the present invention also provides a kind of System right management device, including;
Signing messages acquisition module, after getting application to be installed in intelligent terminal, obtain the signature of the application
Information;
An authentication module, for the legitimate signature information in the signing messages and default legitimate signature list to be carried out
Match somebody with somebody, the default legitimate signature list includes the system signature information and at least one operator signature of the intelligent terminal system
Information;
Authority management module, for any one in the signing messages and the legitimate signature information, the match is successful
When, it is allowed to described apply is installed on the intelligent terminal, and sets the application to have System Privileges.
The embodiment of the present invention also provides a kind of intelligent terminal, including System right management device as described above.
The embodiment of the present invention also provides a kind of computer-readable storage medium, and computer is stored with the computer-readable storage medium
Executable instruction, the computer executable instructions are used to perform foregoing System right management method.
The beneficial effects of the invention are as follows:
System right management method, apparatus, intelligent terminal and the storage medium provided according to embodiments of the present invention, Ke Yixian
Default legitimate signature list, in default legitimate signature list in addition to the system signature information comprising intelligent terminal system, also
It may include at least one operator's signing messages, also the signing messages of respective operator can be added into intelligent terminal in advance
In legitimate signature list., can be directly by the signing messages of the application so after application to be installed is got in intelligent terminal
Matched with the legitimate signature information in default legitimate signature list, such as with any one legal label in legitimate signature list
During name information matches success, it is allowed to which this is applied installs on intelligent terminal, and sets the application to have System Privileges.By above-mentioned
Mode, intelligent terminal then no longer only support a system signature, and it can support more than two system signatures;Operator is not required to
It will allow its help that signature is set using terminal producer is issued, terminal producer issues operation also without by the signing messages of oneself
Business, can the fairly simple support and management easily realized to operator's application system claim, and can lifting security.
Brief description of the drawings
Fig. 1 is that the System right management method flow schematic diagram in installation process is applied in the embodiment of the present invention one;
Fig. 2 is the System right management method flow schematic diagram during application upgrade in the embodiment of the present invention one;
Fig. 3 is that the System right management method flow schematic diagram in running is applied in the embodiment of the present invention one;
Fig. 4 is intelligent terminal structural representation in the embodiment of the present invention two;
Fig. 5 is System right management apparatus structure schematic diagram one in the embodiment of the present invention two;
Fig. 6 is System right management apparatus structure schematic diagram two in the embodiment of the present invention two;
Fig. 7 is System right management apparatus structure schematic diagram three in the embodiment of the present invention two.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is part of the embodiment in the present invention, rather than whole embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art are obtained every other under the premise of creative work is not made
Embodiment, belong to the scope of protection of the invention.
Embodiment one:
The System right management method that the present embodiment provides is applied to all kinds intelligent terminal of various systems, such as suitable
For the system such as Android, iOS, windows phone, Symbian, BlackBerry OS, windows mobile, also fit
For the intelligent terminal of the mobile types such as mobile phone, IPAD, various readers, the intelligent terminal of non-moving type is also applied for.
For the management of intelligent terminal system authority in the present embodiment, a legitimate signature list, the conjunction can be first set
Each legitimate signature information allowed using System Privileges is prestored in method signature list, is including intelligent terminal system naturally
System signing messages, namely the signing messages that intelligent terminal producer is given tacit consent in advance.In addition, the legitimate signature letter in the present embodiment
Breath also includes at least one operator's signing messages.Specifically, each operator can consult with corresponding intelligent terminal manufacturer,
Terminal manufacturer is allowed to be stored in operator's signing messages of operator in legitimate signature list as legal information.Therefore, originally
The number and specifically the signing messages comprising which operator can basis that operator's signing messages in embodiment includes
Practical application scene is flexibly set.By arrangement above, intelligent terminal by signature authentication when carrying out System right management, just
No longer it is managed according only to the system signature information of terminal, always according to the legitimate signature information in signature legitimate list to respectively should
With being managed, when application signing messages with wherein any one operator's signing messages matches when, also can be under the application
Send out System Privileges.Do not need so operator frequently to apply to issue terminal producer and be signed, save human and material resources and into
This;Operator issues operator also without by the signing messages of itself simultaneously, avoids potential safety hazard.
In addition, it can be seen from foregoing description, the legitimate signature information in legitimate signature list in the present embodiment can be supported
Real-time update, such as when the signing messages for having new operator's addition or the operator added before changes, then may be used
With directly or from terminal manufacturer to intelligent terminal send corresponding to fresh information, according to the new information to legal signature list
In legitimate signature information carry out corresponding renewal.
Shown in Figure 1 based on above-mentioned setting, the System right management method in the present embodiment includes:
S101:Intelligent terminal gets application to be installed.
The step intelligent terminal can get the peace of application to be installed from operator using store or by other sources
Dress bag.
S102:Obtain the signing messages of the application.
Signing messages can be specifically got from the installation kit of application, signing messages now is generally the label of operator
Name information, it is also possible to being the system signature information of terminal system, such as terminal system is just got before operator
System signature information when, it is possible to be system signature information.
S103:The signing messages of acquisition is matched with the legitimate signature information in default legitimate signature list.
S104:Judge whether matching succeeds, in this way, go to S105;Otherwise, S106 is gone to.
In the judgment step, as long as the signing messages obtained and any one legitimate signature information in legitimate signature list
When the match is successful, decide that the match is successful.
S105:Allow above-mentioned to be installed applying to be installed on intelligent terminal, and set the application that there are System Privileges,
It can apply to System Privileges after application installation.
S106:Allow above-mentioned to be installed applying to be installed on intelligent terminal, and set the application not have System Privileges,
Namely it can not apply to System Privileges after application installation.It can so realize that intelligent terminal supports multi-signature, and can maximum
The guarantee system operation safety of limit.
In the present embodiment, in the application of terminal, and not all application is required for application system authority.Therefore, for
The application of application system authority is needed, the identification information of application system authority is generally provided with its installation kit.Therefore, this implementation
In example, for application to be installed, before obtaining its signing messages and being matched, the installation kit of the application can also be first judged
In whether there is application system authority identification information, such as exist, then go to above-mentioned S102 obtain its signing messages and carry out after
Continuous judgement;Otherwise, directly go to above-mentioned S106 the application is installed, but it is unable to application system authority after installation.
Illustrated below using android system using apk as example.
For the apk software installation bags of android system, can specifically be checked in its AndroidManifest.xml
Whether there is above-mentioned identification information, as not having application system authority without if, this kind of apk is without signature verification information can
Directly smoothly it is installed in intelligent terminal.
In above-mentioned S103, by the legitimate signature information progress in the signing messages of acquisition and default legitimate signature list
Timing, following matched rule can be followed and matched:
First the signing messages of acquisition is matched with the system signature information in legitimate signature list, such as the match is successful,
Then signature authentication success, otherwise, then the signing messages matched with remaining operator's signing messages.Legitimate signature list
When operator's signing messages includes multiple, sequentially can now match one by one;Each operator's A.L.S. can also be pre-set
The priority of breath, such as issue are higher using more operator's priority, are then matched according to the priority of setting;Or
Direct random fit of person etc..
In the present embodiment, when application to be upgraded in intelligent terminal be present (such as some or multiple applications need to rise
Level, and can complete to upgrade from by way of upgrading), it is necessary to first judge whether the signing messages before and after the application upgrade consistent,
Such as inconsistent, the then possibility that the presence is maliciously tampered.Existing for such case is to forbid upgrading.But there can be fortune
Battalion business is starting to issue the signing messages 1 used during the application, but subsequently to being changed to use signing messages 2 during the application upgrade
Situation, now also forbid upgrading that normal upgrading can be caused also to fail to the application.In this case, the present embodiment can be with
First signing messages 2 is added in legitimate signature list by above-mentioned more new technological process and is used as legitimate signature information;Then by above-mentioned
When judging signing messages 2 and inconsistent signing messages 1, signing messages 2 and the legitimate signature information in legitimate signature list are entered
Row matching, and can be matched during matching according to above-mentioned matched rule, such as the match is successful, then allows the application liter to be upgraded
Level, and set it that there are System Privileges;Such as it fails to match, now just judges to be maliciously tampered, does not allow band upgrading should
With upgrading.Detailed process is shown in Figure 2, including:
S201:A certain application to be upgraded on intelligent terminal needs to upgrade.
Now can only terminal can get corresponding AKU through various channels.
S202:Current signing messages 1 before obtaining the signing messages 2 after application upgrade to be upgraded and upgrading.
The signing messages 2. after upgrading can be specifically obtained from AKU
S203:Judge whether two signing messages are consistent, in this way, go to S204;Otherwise, S205 is gone to;
S204:Allow application upgrade to be upgraded.
S205:Signing messages 2 is matched with the legitimate signature information in default legitimate signature list.Specific matching
Rule can also use the matched rule of above-mentioned example.
S206:Judge whether matching succeeds, in this way, go to S207;Otherwise, S208 is gone to.
S207:Allow the application upgrade to be upgraded, and set it that there are System Privileges.
S208:The application upgrade to be upgraded is not allowed.
By above-mentioned further deterministic process, can avoid because the signing messages of operator change when, the operation
The problem of application before business can not normally complete upgrading.Can further lifting system rights management reasonability and accuracy.
It is mounted on intelligent terminal respectively to apply during operation in the present embodiment, especially possess application system
Authority is applied during operation, and its some actions, which are actually needed, (such as is downloaded using System Privileges and install or unload other
Using) when, the present embodiment can also do further authentication to these applications and assert to further lift the security of management.
The System Privileges application request that the application of intelligent terminal is sent in the process of running can be now received, then obtains initiation system
The signing messages of the application of authority application request, and matched with the legitimate signature information in legitimate signature list, match into
Work(allows to apply execution system authority, namely allows it to continue executing with above-mentioned action;Otherwise, forbid applying execution system authority,
Namely forbid it to continue executing with above-mentioned action, and a corresponding miscue can be ejected.Detailed process is shown in Figure 3, bag
Include:
S301:Application in a certain running on intelligent terminal sends System Privileges application request.
S302:Obtain the signing messages for the application for initiating System Privileges application request.
S303:The signing messages of acquisition is matched with the legitimate signature information in default legitimate signature list.Tool
Body matched rule can also use the matched rule of above-mentioned example.
S304:Judge whether matching succeeds, in this way, go to S305;Otherwise, S306 is gone to.
S305:The application for initiating System Privileges application request is allowed to continue executing with above-mentioned action.
S306:The application for initiating System Privileges application request is not allowed to perform above-mentioned action.
The present embodiment by the signing messages of operator by being arranged to legitimate signature information to enter in advance in intelligent terminal
Row subsequent signature certification, intelligent terminal can be caused to support multi-signature certification, relatively existing intelligence on the premise of minimum is changed
Terminal only supports a kind of scheme of signature authentication, and cost is lower, and control is more flexible, and security is more preferable.
Embodiment two:
A kind of intelligent terminal is present embodiments provided, the system of the intelligent terminal can be Android, iOS, windows
Any one in the system such as phone, Symbian, BlackBerry OS, windows mobile, and the terminal can be hand
The intelligent terminal of the intelligent terminals of mobile type such as machine, IPAD, various readers or non-moving type.Referring to Fig. 4 institutes
Show, the intelligent terminal includes System right management device 10.Wherein, shown in Figure 5, System right management device 10 includes row
Table maintenance module 11, signing messages acquisition module 12, authentication module 13 and authority management module 14.
List maintenance module 11 is used to safeguard the legitimate signature list pre-set on intelligent terminal, legitimate signature row
Each legitimate signature information allowed using System Privileges is prestored in table, the system signature for including intelligent terminal system naturally is believed
Breath, namely the signing messages that intelligent terminal producer is given tacit consent in advance.In addition, the legitimate signature information in the present embodiment also includes
At least one operator's signing messages.Specifically, each operator can consult with corresponding intelligent terminal manufacturer, terminal system is allowed
Business is made to be stored in operator's signing messages of operator in legitimate signature list as legal information.Therefore, in the present embodiment
The number that includes of operator's signing messages and specifically the signing messages comprising which operator can be according to practical application
Scene is flexibly set.By arrangement above, intelligent terminal by signature authentication when carrying out System right management, just no longer only root
It is managed according to the system signature information of terminal, pipe is carried out to each application always according to the legitimate signature information in signature legitimate list
Reason, when application signing messages with wherein any one operator's signing messages matches when, also can to this using sending system power
Limit.Do not need so operator frequently to be signed using terminal producer is issued, save human and material resources and cost;Simultaneously
Operator issues operator also without by the signing messages of itself, avoids potential safety hazard.
In addition, the legitimate signature information in legitimate signature list in the present embodiment can support real-time update, such as when having
When new operator's addition or the signing messages of the operator added before change, then it can be manufactured directly or by terminal
Fresh information corresponding to business to intelligent terminal transmission, list maintenance module 11 can be according to the new information in legal signature list
Legitimate signature information carry out corresponding renewal.
Signing messages acquisition module 12, after getting application to be installed in intelligent terminal, obtain the label of the application
Name information;Signing messages specifically can be got from the installation kit of application.
Authentication module 13, for signing messages and the conjunction in legitimate signature list for obtaining signing messages acquisition module 12
Method signing messages is matched.Authentication module 13 can be matched using following matched rule:
First the signing messages of acquisition is matched with the system signature information in legitimate signature list, such as the match is successful,
Then signature authentication success, otherwise, then the signing messages matched with remaining operator's signing messages.Legitimate signature list
When operator's signing messages includes multiple, sequentially can now match one by one;Each operator's A.L.S. can also be pre-set
The priority of breath, such as issue are higher using more operator's priority, are then matched according to the priority of setting;Or
Direct random fit of person etc..
Authority management module 14, for any one in signing messages and the legitimate signature information, the match is successful
When, it is allowed to apply and installed on the intelligent terminal, and set the application that there are System Privileges;Otherwise, it is perhaps above-mentioned to be installed
Apply and installed on intelligent terminal, and set the application to apply arriving after not having System Privileges, namely application installation
System Privileges.It can so realize that intelligent terminal supports multi-signature, and can ensures system operation safety to greatest extent.
In the present embodiment, in the application of terminal, and not all application is required for application system authority.Therefore, for
The application of application system authority is needed, the identification information of application system authority is generally provided with its installation kit.Therefore, referring to figure
Shown in 6, in the present embodiment, System right management device 10 also includes application type judge module 15, for judging to be installed answer
It whether there is the identification information of application system authority in installation kit, such as exist, reinform signing messages acquisition module 12 and obtain
Take its signing messages and carry out follow-up judgement.
Shown in Figure 7, the System right management device in the present embodiment also includes upgrading processing module 16, is answered a certain
With in escalation process:
Signing messages acquisition module 12 is additionally operable to, when intelligent terminal has application to be upgraded, obtain application upgrade to be upgraded
Current signing messages before rear signing messages and application upgrade to be upgraded;
Upgrading processing module 16 be used to judging before the signing messages after application upgrade to be upgraded and application upgrade to be upgraded when
Whether preceding signing messages is consistent;
Authentication module 13 is additionally operable to when the judged result of upgrading processing module 16 is inconsistent, by the A.L.S. after upgrading
Breath is matched with the legitimate signature information in legitimate signature list;
Authority management module 14 is additionally operable to when the match is successful for authentication module 13, it is allowed to application upgrade to be upgraded, and set
Application to be upgraded has System Privileges;Otherwise, do not allow the application upgrade to be upgraded, prevent from being maliciously tampered.It can so keep away
Exempt from because the signing messages of operator change when, the problem of application before the operator can not normally complete upgrading, and can
Malice is avoided to distort.Can further lifting system rights management reasonability and accuracy.
It is mounted on intelligent terminal respectively to apply during operation in the present embodiment, especially possess application system
Authority is applied during operation, and its some actions, which are actually needed, (such as is downloaded using System Privileges and install or unload other
Using) when, the present embodiment can also do further authentication to these applications and assert to further lift the security of management.
Now, the System Privileges application that signing messages acquisition module 12 is additionally operable to send in the process of running in the application of intelligent terminal is asked
When asking, the signing messages for the application for initiating System Privileges application request is obtained;
Authentication module 13 is additionally operable to be matched above-mentioned signing messages with the legitimate signature information in legitimate signature list;
Matched rule can also use above-mentioned matched rule, can also use other rules different from above-mentioned rule.
Authority management module 14 is additionally operable to when the match is successful for authentication module, it is allowed to using execution system authority, Ye Jiyun
Perhaps it continues executing with above-mentioned action;Otherwise, forbid applying execution system authority, namely forbid it to continue executing with above-mentioned action, and
A corresponding miscue can be ejected.
After the signing messages of operator is arranged to legitimate signature information to carry out by the intelligent terminal in the present embodiment in advance
Continuous signature authentication, can cause intelligent terminal to support multi-signature certification, relatively existing intelligent terminal on the premise of minimum is changed
A kind of scheme of signature authentication is only supported, cost is lower, and control is more flexible, and security is more preferable.
Above content is to combine the further description that specific embodiment is made to the embodiment of the present invention, it is impossible to is recognized
The specific implementation of the fixed present invention is confined to these explanations.For general technical staff of the technical field of the invention,
Without departing from the inventive concept of the premise, some simple deduction or replace can also be made, should all be considered as belonging to the present invention
Protection domain.
Claims (10)
1. a kind of System right management method, including:
After application to be installed is got in intelligent terminal, the signing messages of the application is obtained;
The signing messages is matched with the legitimate signature information in default legitimate signature list, the legitimate signature row
Table include the intelligent terminal system system signature information and with operator's signing messages;
Any one in the signing messages and the legitimate signature information is when the match is successful, it is allowed to described to apply described
Installed on intelligent terminal, and set the application that there are System Privileges.
2. the system as claimed in claim 1 right management method, it is characterised in that also include:
When the intelligent terminal has application to be upgraded, before judging signing messages and upgrading after the application upgrade to be upgraded
Whether current signing messages consistent, such as it is no, by the signing messages after the upgrading with it is legal in the legitimate signature list
Signing messages is matched, and the match is successful allows the application upgrade to be upgraded, and sets the application to be upgraded to have system
Authority.
3. the system as claimed in claim 1 right management method, it is characterised in that also include:
When receiving the System Privileges application request that the application of the intelligent terminal is sent in the process of running, initiation system is obtained
The signing messages of the application of authority application request, and matched with the legitimate signature information in the legitimate signature list,
With successfully allow it is described application execution system authority;Otherwise, the application execution system authority is forbidden.
4. the System right management method as described in claim any one of 1-3, it is characterised in that obtaining the label of the application
Before name information, in addition to:
Judge whether there is the identification information of application system authority in the installation kit of the application, such as exist, then obtain the label
Name information;Otherwise, it is allowed to which described apply is installed on the intelligent terminal, sets the application not have System Privileges.
5. the System right management method as described in claim any one of 1-3, it is characterised in that by the signing messages and institute
Stating legitimate signature information and carrying out matching includes:First the signing messages is matched with the system signature information, matching is lost
Lose and matched again with operator's signing messages.
6. the System right management method as described in claim any one of 1-3, it is characterised in that also include:
The signature fresh information that operator sends is received, according to the signature fresh information to the conjunction in the legitimate signature list
Method signing messages carries out corresponding renewal.
7. a kind of System right management device, including;
Signing messages acquisition module, after getting application to be installed in intelligent terminal, obtain the signing messages of the application;
Authentication module, for the signing messages to be matched with the legitimate signature information in legitimate signature list, the conjunction
Method signature list includes the system signature information of the intelligent terminal system and at least one operator's signing messages;
Authority management module, when for any one in the signing messages and the legitimate signature information, the match is successful,
Allow described apply to be installed on the intelligent terminal, and set the application that there are System Privileges.
8. System right management device as claimed in claim 7, it is characterised in that including upgrading processing module;
The signing messages acquisition module is additionally operable to when the intelligent terminal has application to be upgraded, obtain it is described it is to be upgraded should
With signing messages current before the signing messages after upgrading and the application upgrade to be upgraded;
The upgrading processing module is for the signing messages after judging the application upgrade to be upgraded and the application liter to be upgraded
Whether current signing messages is consistent before level;
The authentication module is additionally operable to when the judged result of the upgrading processing module is inconsistent, by the label after the upgrading
Name information is matched with the legitimate signature information in the legitimate signature list;
The authority management module is additionally operable to when the match is successful for the authentication module, it is allowed to the application upgrade to be upgraded, and
Set the application to be upgraded that there are System Privileges.
9. System right management device as claimed in claim 7 or 8, it is characterised in that the signing messages acquisition module is also
When System Privileges application for being sent in the process of running in the application of the intelligent terminal is asked, obtain and initiate System Privileges
Apply for the signing messages of the application of request;
The authentication module is additionally operable to the legitimate signature information progress in the signing messages and the legitimate signature list
Match somebody with somebody;
The authority management module is additionally operable to when the match is successful for the authentication module, it is allowed to is initiated System Privileges application and is asked it
Using execution system authority;Otherwise, that forbids initiation System Privileges application request applies execution system authority.
10. a kind of intelligent terminal, it is characterised in that including the System right management device as described in claim any one of 7-9.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610488792.0A CN107545170A (en) | 2016-06-24 | 2016-06-24 | System right management method, apparatus and intelligent terminal |
| PCT/CN2017/089743 WO2017220014A1 (en) | 2016-06-24 | 2017-06-23 | System permission management method and apparatus, and intelligent terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610488792.0A CN107545170A (en) | 2016-06-24 | 2016-06-24 | System right management method, apparatus and intelligent terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107545170A true CN107545170A (en) | 2018-01-05 |
Family
ID=60784272
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610488792.0A Pending CN107545170A (en) | 2016-06-24 | 2016-06-24 | System right management method, apparatus and intelligent terminal |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN107545170A (en) |
| WO (1) | WO2017220014A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112764832A (en) * | 2021-01-21 | 2021-05-07 | 青岛海信移动通信技术股份有限公司 | Application program installing and uninstalling method and communication terminal |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113541966A (en) * | 2021-07-23 | 2021-10-22 | 湖北亿咖通科技有限公司 | Authority management method, device, electronic equipment and storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103065098B (en) * | 2011-10-24 | 2018-01-19 | 联想(北京)有限公司 | Access method and electronic equipment |
| CN103686722B (en) * | 2012-09-13 | 2018-06-12 | 中兴通讯股份有限公司 | Access control method and device |
| CN103858130A (en) * | 2013-08-23 | 2014-06-11 | 华为终端有限公司 | Method, apparatus and terminal for administration of permission |
| CN103530534B (en) * | 2013-09-23 | 2016-06-29 | 北京理工大学 | A kind of Android program ROOT authorization method based on signature verification |
-
2016
- 2016-06-24 CN CN201610488792.0A patent/CN107545170A/en active Pending
-
2017
- 2017-06-23 WO PCT/CN2017/089743 patent/WO2017220014A1/en active Application Filing
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112764832A (en) * | 2021-01-21 | 2021-05-07 | 青岛海信移动通信技术股份有限公司 | Application program installing and uninstalling method and communication terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2017220014A1 (en) | 2017-12-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110113167B (en) | Information protection method and system of intelligent terminal and readable storage medium | |
| CN101300583B (en) | Simple scalable and configurable secure boot for trusted mobile phones | |
| CN204990315U (en) | Circuit and smart phone | |
| CN102981881B (en) | A kind of method and system for preventing updating mobile terminal to illegal firmware version | |
| US11205512B2 (en) | Usage control method and system for medical detection device, and medical detection device | |
| CN105531710A (en) | Method of authorizing an operation to be performed on a targeted computing device | |
| US10726130B2 (en) | Method and device for verifying upgrade of diagnosis connector of diagnostic equipment, and diagnosis connector | |
| CN103744686A (en) | Control method and system for installing application in intelligent terminal | |
| CN103530534A (en) | Android program ROOT authorization method based on signature verification | |
| CN106452786A (en) | Encryption and decryption processing method, apparatus and device | |
| CN109086578A (en) | A kind of method that soft ware authorization uses, equipment and storage medium | |
| CN105046138A (en) | FT-processor based trust management system and method | |
| CN111177709A (en) | Execution method and device of terminal trusted component and computer equipment | |
| CN103793644A (en) | Method for information safety device to achieve multiple applications, and information safety device and system | |
| CN107545170A (en) | System right management method, apparatus and intelligent terminal | |
| US20150326558A1 (en) | Architecture for platform security using a dedicated security device for user interaction | |
| CN105095694B (en) | The method and system of webpage calling plug-in unit | |
| CN111400771A (en) | Target partition checking method and device, storage medium and computer equipment | |
| CN106326723A (en) | Method and device for certifying APK (Android Package) signature | |
| KR102053493B1 (en) | Safe patch system and method of white list | |
| CN113791802B (en) | Vehicle upgrading method, device, equipment and storage medium | |
| CN105335673A (en) | Information safety processing method and device | |
| CN105279425B (en) | The processing method and relevant apparatus of a kind of application program | |
| CN110362983B (en) | Method and device for ensuring consistency of dual-domain system and electronic equipment | |
| CN106778297B (en) | Application program running method and device and mobile terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180105 |
|
| WD01 | Invention patent application deemed withdrawn after publication |