CN112182623A - Method and device for protecting user privacy - Google Patents

Method and device for protecting user privacy Download PDF

Info

Publication number
CN112182623A
CN112182623A CN202011091915.XA CN202011091915A CN112182623A CN 112182623 A CN112182623 A CN 112182623A CN 202011091915 A CN202011091915 A CN 202011091915A CN 112182623 A CN112182623 A CN 112182623A
Authority
CN
China
Prior art keywords
applet
isolation
information
user
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011091915.XA
Other languages
Chinese (zh)
Other versions
CN112182623B (en
Inventor
赵豪
蒋理
李文杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202011091915.XA priority Critical patent/CN112182623B/en
Publication of CN112182623A publication Critical patent/CN112182623A/en
Application granted granted Critical
Publication of CN112182623B publication Critical patent/CN112182623B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the specification provides a method and a device for protecting user privacy, wherein the method for protecting user privacy is applied to a platform type application, the platform type application comprises one or more applets, and the method comprises the following steps: obtaining an isolation rule set by a user for user privacy information, wherein the isolation rule at least comprises the following steps: an applet that needs to be isolated from user privacy information and access rights of the applet; isolating the user privacy information from the applet using an isolation mechanism and providing an interface for applet access information in accordance with the isolation rules; responding to the small program to send out access through the interface, and providing corresponding information for the small program according to the access authority of the small program.

Description

Method and device for protecting user privacy
Technical Field
The embodiment of the specification relates to the technical field of computers, in particular to a method for protecting user privacy. One or more embodiments of the present specification also relate to an apparatus for protecting user privacy, a computing device, and a computer-readable storage medium.
Background
Applets are an important infrastructure of the mobile internet, and can enable users to use the capabilities of applets on platform-type applications, thereby attracting more and more users. The applet may require user privacy information of the user due to business needs. Even some applets impose a requirement that the user must authorize the user's private information in order to obtain the user's private information. This brings great trouble to the user and also infringes the user's rights and interests.
Therefore, how to protect user privacy is an important issue of the current platform type application management applet.
Disclosure of Invention
In view of this, the present specification provides a method for protecting user privacy. One or more embodiments of the present specification also relate to an apparatus for protecting user privacy, a computing device, and a computer-readable storage medium, which are used to solve the technical problems of the prior art.
According to a first aspect of embodiments of the present specification, there is provided a method for protecting user privacy, which is applied to a platform-type application including one or more applets therein, the method including: obtaining an isolation rule set by a user for user privacy information, wherein the isolation rule at least comprises the following steps: an applet that needs to be isolated from user privacy information and access rights of the applet; isolating the user privacy information from the applet using an isolation mechanism and providing an interface for applet access information in accordance with the isolation rules; responding to the small program to send out access through the interface, and providing corresponding information for the small program according to the access authority of the small program.
Optionally, the isolating the user privacy information from the applet using an isolation mechanism according to the isolation rule, and providing an interface for applet access information comprises: and according to the isolation rule, packaging an isolation layer for the operating environment of the applet, wherein the isolation layer is provided with the interface, and the interface is used for receiving the access of the applet to information and transmitting the information to the applet.
Optionally, the isolation rule includes: the number of the isolation layers, the small programs corresponding to the isolation layers, the user privacy information sources corresponding to the isolation layers and the access authority of the small programs. The encapsulating the isolation layer for the operating environment of the applet according to the isolation rule includes: and responding to the opening of the small program, and packaging a corresponding isolation layer for the operating environment of the small program according to the isolation layer corresponding to the small program and set in the isolation rule.
Optionally, the encapsulating, in response to the applet being opened, the corresponding isolation layer for the operating environment of the applet according to the isolation layer corresponding to the applet and set in the isolation rule includes: in response to the small program being opened, creating and operating an isolation layer corresponding to the small program in the isolation rule; loading the applet in the running isolation layer so as to run the applet in the isolation layer.
Optionally, the method further comprises: receiving the setting of a user on a use scene, wherein the information of the use scene at least comprises: applicable applet type and applicable isolation layer related parameters; in response to a user setting an isolation rule, information of the usage scenario is presented for the user to select information in the usage scenario to set the isolation rule.
Optionally, the isolating the user privacy information from the applet using an isolation mechanism according to the isolation rule, and providing an interface for applet access information comprises: encapsulating the user privacy information not allowed to be accessed by the applet in an isolation layer having the interface for receiving access by the applet to information and for passing information to the applet, according to the isolation rule.
Optionally, the providing, in response to the applet issuing access through the interface, corresponding information to the applet according to the access authority of the applet includes: responding to the small program to send out the access to the user privacy information through the interface, and providing the real user privacy information of the user in the platform type application to the small program according to the access authority of the small program, or providing the substitute information customized for the real user privacy information by the user.
According to a second aspect of embodiments of the present specification, there is provided an apparatus for protecting user privacy, configured in a platform-type application including one or more applets therein, the apparatus including: the rule obtaining module is configured to obtain an isolation rule set by a user for user privacy information, and the isolation rule at least comprises: an applet isolated from user privacy information and access rights for the applet are needed. An isolation enforcement module configured to isolate the user privacy information from the applet using an isolation mechanism according to the isolation rule and to provide an interface for applet access information. And the access execution module is configured to respond to the small program to send out access through the interface and provide corresponding information to the small program according to the access authority of the small program.
According to a third aspect of embodiments herein, there is provided a computing device comprising: a memory and a processor; the memory is to store computer-executable instructions, and the processor is to execute the computer-executable instructions to: obtaining an isolation rule set by a user for user privacy information, wherein the isolation rule at least comprises the following steps: an applet that needs to be isolated from user privacy information and access rights of the applet; isolating the user privacy information from the applet using an isolation mechanism and providing an interface for applet access information in accordance with the isolation rules; responding to the small program to send out access through the interface, and providing corresponding information for the small program according to the access authority of the small program.
According to a fourth aspect of embodiments herein, there is provided a computer readable storage medium storing computer instructions which, when executed by a processor, implement the steps of the method of protecting user privacy of any embodiment herein.
One embodiment of the present specification provides a method for protecting user privacy, where the method is applied to a platform-type application, and the isolation rule set for user privacy information by a user is obtained, where the isolation rule at least includes: the platform type application can isolate the user privacy information from the applet and provide an interface for the applet to access the information according to the isolation rule set by the user and the user requirement by using an isolation mechanism, and then can provide corresponding information for the applet according to the access authority set by the user when the applet sends access through the interface, so that the detailed and flexible configuration capability for obtaining the user privacy authority from the applet is provided for the user, and the user privacy interest is fully protected.
Drawings
FIG. 1 is a flow diagram of a method for protecting user privacy provided by one embodiment of the present specification;
FIG. 2 is a diagram of a spacer structure provided in one embodiment of the present description;
FIG. 3 is a schematic structural diagram of an apparatus for protecting user privacy according to an embodiment of the present disclosure;
FIG. 4 is a schematic structural diagram of an apparatus for protecting user privacy according to another embodiment of the present disclosure;
fig. 5 is a block diagram of a computing device according to an embodiment of the present disclosure.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present description. This description may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein, as those skilled in the art will be able to make and use the present disclosure without departing from the spirit and scope of the present disclosure.
The terminology used in the description of the one or more embodiments is for the purpose of describing the particular embodiments only and is not intended to be limiting of the description of the one or more embodiments. As used in one or more embodiments of the present specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used in one or more embodiments of the present specification refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It will be understood that, although the terms first, second, etc. may be used herein in one or more embodiments to describe various information, these information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, a first can also be referred to as a second and, similarly, a second can also be referred to as a first without departing from the scope of one or more embodiments of the present description. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
First, the noun terms to which one or more embodiments of the present specification relate are explained.
The isolation mechanism is a technology for limiting an application to access a system and sensitive data. For example, in an implementation environment of a platform-type application of the embodiments of the present specification, isolation of an applet runtime may be achieved through an applet framework.
In this specification, a method for protecting user privacy is provided, and the specification also relates to an apparatus for protecting user privacy, a computing device, and a computer-readable storage medium, which are described in detail in the following embodiments one by one.
Fig. 1 illustrates a flowchart of a method for protecting user privacy according to one embodiment of the present specification. The method is applied to a platform type application, wherein one or more small programs can be included in the platform type application, namely the one or more small programs run on the platform type application. The method includes steps 102 to 106.
Step 102: obtaining an isolation rule set by a user for user privacy information, wherein the isolation rule at least comprises the following steps: an applet isolated from user privacy information and access rights for the applet are needed.
Step 104: isolating the user privacy information from the applet using an isolation mechanism and providing an interface for applet access information according to the isolation rules.
Step 106: responding to the small program to send out access through the interface, and providing corresponding information for the small program according to the access authority of the small program.
Therefore, the method obtains the isolation rule set by the user for the user privacy information, and the isolation rule at least comprises the following steps: the method comprises the steps that an applet which needs to be isolated from user privacy information and access authority of the applet are needed, therefore, platform type application can use an isolation mechanism to isolate the user privacy information from the applet according to isolation rules set by a user according to the needs of the user, an interface used for accessing the information by the applet is provided, the applet cannot directly acquire the information of the user on the platform type application and can only access through the interface provided by the platform type application, when the applet accesses through the interface, corresponding information can be provided for the applet according to the access authority set by the user, detailed and flexible configuration capacity for acquiring the user privacy authority of the applet is provided for the user, and the privacy benefit of the user is fully protected.
In one or more embodiments of the present description, isolation of user privacy information from an applet is achieved through a security isolation mechanism that encapsulates the applet runtime environment. Specifically, for example, the isolating the user privacy information from the applet using an isolation mechanism according to the isolation rule, and providing an interface for applet access information includes: and according to the isolation rule, packaging an isolation layer for the operating environment of the applet, wherein the isolation layer is provided with the interface, and the interface is used for receiving the access of the applet to information and transmitting the information to the applet. Accordingly, in this embodiment, the platform-type application may pass the information that the access permission allows to return to the applet through the privacy interface in response to the applet accessing the user privacy information through the interface.
It can be seen that, according to this embodiment, in technical architecture, a separate isolation layer is encapsulated for the operating environment of the applet, and the isolation layer is established in the host application of the applet, i.e. the platform-type application. For example, each applet may be assigned a separate isolated execution environment and resource implementation. Because all interfaces of the isolated layer encapsulated small program are called, the isolation can be realized through the encapsulation of the operating environment of the small program, and the access of the small program is managed through the interfaces of the isolated layer, so that the effect of safe isolation is achieved.
In order to enable a user to more flexibly set the relevant configuration of the applet isolation from the user privacy information, in one or more embodiments of the present specification, the isolation rule may include: the number of the isolation layers, the small programs corresponding to the isolation layers, the user privacy information sources corresponding to the isolation layers and the access authority of the small programs. In this embodiment, in response to the applet being opened, the corresponding isolation layer may be encapsulated for the operating environment of the applet according to the isolation layer corresponding to the applet, which is set in the isolation rule, which is equivalent to flexibly configuring specific information of the isolation layer corresponding to the applet according to a user requirement, for example, several sets of isolation layers are set, a specific purpose of each set of isolation layer, a source of user privacy information isolated by the isolation layer, and the like. For example, for information other than the user's private information source, the access rights may be determined by default access rights of the platform-type application, such as allowed access, disallowed access, or queried by the user.
For example, as shown in the isolation architecture diagram of fig. 2, each applet may encapsulate an isolation layer. Each of the isolation layers has an interface, i.e. a private information suite as shown in fig. 2. For example, "isolation layer 1" is an isolation layer corresponding to package "applet 1", isolation layer 2 "is an isolation layer corresponding to package" applet 2 ", and isolation layer 3" is an isolation layer corresponding to package "applet 3". The "private information suite 1", "private information suite 2", and "private information suite 3" shown in fig. 2 are interfaces of the above-mentioned isolation layers, respectively, and the interfaces are the only ways in which the applet can obtain the user private information in the isolation layer. The interface is managed by the isolation layer control end realized according to the method provided by the embodiment of the specification, and the isolation layer control end provides information through the interface and transmits the information to the small program in the isolation layer. For example, the isolation layer control end implemented according to the method provided in the embodiment of the present specification may interact with a user, so as to obtain an isolation rule set by the user. For example, it may include: several sets of isolation layers are arranged, and the specific application and label of each set of isolation layer and the detailed user information in each set of isolation layer (such as directly inheriting the real information of a user in a platform type application or using the information customized by the user) are arranged.
It can be understood that, since the method provided in the embodiment of the present specification is applied to a platform application, and the isolation layer control end implemented according to the method provided in the embodiment of the present specification is a part of the platform application, in a case that the platform application can obtain the isolation rule set by the user, the isolation layer control end can obtain the isolation rule set by the user, and create an isolation layer to allocate to the corresponding applet. The user privacy information may be stored outside of the isolation layer, and when the user privacy information is allowed to be returned to the applet, the user privacy information is transferred from outside to the applet through an interface of the isolation layer.
In order to fully protect the privacy interests of users, in one or more embodiments of the present specification, an isolation layer is created and run first, and after an applet is loaded in the running isolation layer, the applet is run in the isolation layer, so that the applet is in an isolated state from the user privacy information set by the user when running, and the privacy interests of the user are fully protected. Specifically, for example, the encapsulating, in response to the applet being opened, a corresponding isolation layer for the operating environment of the applet according to the isolation layer corresponding to the applet, which is set in the isolation rule, includes: in response to the small program being opened, creating and operating an isolation layer corresponding to the small program in the isolation rule; loading the applet in the running isolation layer so as to run the applet in the isolation layer. It will be appreciated that in this embodiment, the applet is opened by the user and does not reach a run state, and only after loading the isolation layer does it begin running.
For example, in combination with the above embodiments and the isolation architecture diagram shown in fig. 2, the processing flow of the method shown from the perspective of the user provided by the embodiment of the present specification may include: first, a user uses an applet and then initializes the applet, including setting isolation rules, such as configuring isolation layers (number, usage, tag, source of user privacy information, usage rules, etc.). When a user opens the applet, the platform application creates an isolation layer configured by the user for the applet opened by the user according to an isolation rule set by the user, so that the applet is opened and run in the isolation layer configured by the user. And when the applet needs to acquire the user privacy information, providing corresponding information according to the access authority set by the user.
In one or more embodiments of the present specification, in order to facilitate the user to set the isolation rule, the method further includes: receiving the setting of a user on a use scene, wherein the information of the use scene at least comprises: applicable applet type and applicable isolation layer related parameters; in response to a user setting an isolation rule, information of the usage scenario is presented for the user to select information in the usage scenario to set the isolation rule. The applicable parameters related to the isolation layer may include default parameters of the system, or may be set by a user. In this embodiment, a user is allowed to configure a usage scenario of an isolation layer, types of applets applicable in different usage scenarios, relevant parameters of an applicable isolation layer, and the like, so that the user can autonomously set types of isolation layers applicable in different scenarios, isolation layers applicable to applets of different types, isolation layer parameters used by default, and the like. Therefore, when the user sets the isolation rule, the information of the use scene can be displayed, for example, the matching condition of the current small program to be isolated and the use scene can be displayed for the user, so that the user can select the applicable information to set the isolation rule, the repetitive labor of the user is reduced, and the convenience of the user operation is improved.
It should be noted that, in the embodiment of this specification, a specific implementation of the isolation mechanism is not limited. For example, the method may be implemented by encapsulating the running environment of the applet as shown in the above embodiment, and may also be implemented by encapsulating the user privacy information as follows:
for example, in one or more embodiments of the present specification, the isolating the user privacy information from the applet using an isolation mechanism according to the isolation rule, and providing an interface for applet access information comprises: encapsulating the user privacy information not allowed to be accessed by the applet in an isolation layer having the interface for receiving access by the applet to information and for passing information to the applet, according to the isolation rule. In this embodiment, the encapsulation of the user privacy information may be implemented by a collection of rule configurations, and the user privacy information that does not allow the applet to access is encapsulated to isolate the applet, thereby implementing the isolation mechanism described in this specification. For example, some applets cannot be allowed to access the location information of the user according to the access authority set by the user, and the applets are directly prohibited from accessing the location information of the user through an interface provided by the platform-type application, so that the isolation mechanism described in the embodiment of the present specification is implemented.
In order to enable a user to fully master the autonomy of privacy authorities, in one or more embodiments of the present specification, the providing, in response to the applet issuing an access through the interface, corresponding information to the applet according to the access authority of the applet may include: responding to the small program to send out the access to the user privacy information through the interface, and providing the real user privacy information of the user in the platform type application to the small program according to the access authority of the small program, or providing the substitute information customized for the real user privacy information by the user. In the embodiment, the user can autonomously select which user privacy information is authorized to the applet according to the requirement, or autonomously select the substitute information which is customized by the user and is authorized to the applet under the forced condition, so that the user can completely master the privacy authority of the user in the applet, and the problem that the applet forcibly requires the user to authorize the sensitive information is effectively solved.
Corresponding to the above method embodiment, this specification further provides an embodiment of an apparatus for protecting user privacy, and fig. 3 illustrates a schematic structural diagram of an apparatus for protecting user privacy provided in an embodiment of this specification. The device is configured for platform-type applications. As shown in fig. 3, the apparatus may include: a rule acquisition module 302, an isolation execution module 304, and an access execution module 306.
The rule obtaining module 302 may be configured to obtain an isolation rule set by a user for user privacy information, where the isolation rule includes at least: an applet isolated from user privacy information and access rights for the applet are needed.
The isolation enforcement module 304 may be configured to isolate the user privacy information from the applet using an isolation mechanism and provide an interface for applet access information according to the isolation rules.
The access execution module 306 may be configured to provide corresponding information to the applet according to the access rights of the applet, in response to the applet issuing an access through the interface.
It can be seen that, since the device obtains the isolation rule set by the user for the user privacy information, the isolation rule at least includes: the method comprises the steps that an applet which needs to be isolated from user privacy information and access authority of the applet are needed, therefore, platform type application can use an isolation mechanism to isolate the user privacy information from the applet according to isolation rules set by a user according to the needs of the user, an interface used for accessing the information by the applet is provided, the applet cannot directly acquire the information of the user on the platform type application and can only access through the interface provided by the platform type application, when the applet accesses through the interface, corresponding information can be provided for the applet according to the access authority set by the user, detailed and flexible configuration capacity for acquiring the user privacy authority of the applet is provided for the user, and the privacy benefit of the user is fully protected.
In one or more embodiments of the present description, isolation of user privacy information from an applet is achieved through a security isolation mechanism that encapsulates the applet runtime environment. In particular, for example, the isolation execution module 304 may be configured to encapsulate an isolation layer for the applet's operating environment according to the isolation rules, the isolation layer having the interface for receiving access to information by the applet and for passing information to the applet.
It can be seen that, according to this embodiment, in technical architecture, a separate isolation layer is encapsulated for the operating environment of the applet, and the isolation layer is established in the host application of the applet, i.e. the platform-type application. For example, each applet may be assigned a separate isolated execution environment and resource implementation. Because all interfaces of the isolated layer encapsulated small program are called, the isolation can be realized through the encapsulation of the operating environment of the small program, and the access of the small program is managed through the interfaces of the isolated layer, so that the effect of safe isolation is achieved.
In order to enable a user to more flexibly set the relevant configuration of the applet isolation from the user privacy information, in one or more embodiments of the present specification, the isolation rule may include: the number of the isolation layers, the small programs corresponding to the isolation layers, the user privacy information sources corresponding to the isolation layers and the access authority of the small programs. In this embodiment, the isolation execution module 304 may be configured to encapsulate, in response to the applet being opened, a corresponding isolation layer for the operating environment of the applet according to the isolation layer corresponding to the applet and set in the isolation rule.
Fig. 4 is a schematic structural diagram illustrating an apparatus for protecting user privacy according to another embodiment of the present disclosure. In order to sufficiently protect the privacy interests of the user, the isolation execution module 304 may include: an isolation layer creation submodule 3042 and an applet loading submodule 3044.
The isolation layer creation sub-module 3042 may be configured to create and run an isolation layer corresponding to the applet in the isolation rule in response to the applet being opened.
The applet loading submodule 3044 may be configured to load the applet in the running isolation layer so as to run the applet in the isolation layer.
In the embodiment, the applet is operated by creating and operating the isolation layer, loading the applet in the operated isolation layer and then operating the applet in the isolation layer, so that the applet is in an isolated state from the user privacy information set by the user when being operated, and the privacy rights of the user are fully protected.
In one or more embodiments of the present specification, in order to facilitate the user to set the isolation rule, as shown in fig. 4, the apparatus further includes: a scene setting module 308 and an isolation rule setting module 310 are used.
The usage scenario setting module 308 may be configured to receive a user's setting of a usage scenario, where the information of the usage scenario at least includes: the type of applet applicable and the spacer layer related parameters applicable.
The isolation rule setting module 310 may be configured to, in response to a user setting an isolation rule, present information of the usage scenario for the user to select information in the usage scenario to set the isolation rule.
In the embodiment, a user is allowed to configure the use scene of the isolation layer, the types of the applets applicable to different use scenes, the relevant parameters of the applicable isolation layer and the like, so that when the user sets the isolation rule, the information of the use scene can be displayed, the user can conveniently select the applicable information to set the isolation rule, the repetitive labor of the user is reduced, and the convenience of user operation is improved.
It should be noted that, in the embodiment of this specification, a specific implementation of the isolation mechanism is not limited. For example, the method may be implemented by encapsulating the running environment of the applet as shown in the above embodiment, and may also be implemented by encapsulating the user privacy information as follows:
for example, in one or more embodiments of the present description, the isolation enforcement module 304 may be configured to encapsulate the user privacy information that the applet is not allowed to access into an isolation layer having the interface for receiving the applet access to information and for passing information to the applet, according to the isolation rules.
In order to enable the user to fully master the autonomy of privacy authorities, in one or more embodiments of the present specification, the access execution module 306 may be configured to respond to the applet issuing access to the user privacy information through the interface by providing the applet with the user's actual user privacy information of the platform-type application or, alternatively, with substitute information customized for the actual user privacy information, according to the applet's access authority. In the embodiment, the user can autonomously select which user privacy information is authorized to the applet according to the requirement, or autonomously select the substitute information which is customized by the user and is authorized to the applet under the forced condition, so that the user can completely master the privacy authority of the user in the applet, and the problem that the applet forcibly requires the user to authorize the sensitive information is effectively solved.
The foregoing is an illustrative solution of an apparatus for protecting user privacy according to an embodiment of the present specification. It should be noted that the technical solution of the apparatus for protecting user privacy is the same as that of the above method for protecting user privacy, and details of the technical solution of the apparatus for protecting user privacy, which are not described in detail, can be referred to the description of the technical solution of the above method for protecting user privacy.
FIG. 5 illustrates a block diagram of a computing device 500 provided in accordance with one embodiment of the present description. The components of the computing device 500 include, but are not limited to, a memory 510 and a processor 520. Processor 520 is coupled to memory 510 via bus 530, and database 550 is used to store data.
Computing device 500 also includes access device 540, access device 540 enabling computing device 500 to communicate via one or more networks 560. Examples of such networks include the Public Switched Telephone Network (PSTN), a Local Area Network (LAN), a Wide Area Network (WAN), a Personal Area Network (PAN), or a combination of communication networks such as the internet. The access device 540 may include one or more of any type of network interface, e.g., a Network Interface Card (NIC), wired or wireless, such as an IEEE802.11 Wireless Local Area Network (WLAN) wireless interface, a worldwide interoperability for microwave access (Wi-MAX) interface, an ethernet interface, a Universal Serial Bus (USB) interface, a cellular network interface, a bluetooth interface, a Near Field Communication (NFC) interface, and so forth.
In one embodiment of the present description, the above-described components of computing device 500, as well as other components not shown in FIG. 5, may also be connected to each other, such as by a bus. It should be understood that the block diagram of the computing device architecture shown in FIG. 5 is for purposes of example only and is not limiting as to the scope of the present description. Those skilled in the art may add or replace other components as desired.
Computing device 500 may be any type of stationary or mobile computing device, including a mobile computer or mobile computing device (e.g., tablet, personal digital assistant, laptop, notebook, netbook, etc.), mobile phone (e.g., smartphone), wearable computing device (e.g., smartwatch, smartglasses, etc.), or other type of mobile device, or a stationary computing device such as a desktop computer or PC. Computing device 500 may also be a mobile or stationary server.
Wherein processor 520 is configured to execute the following computer-executable instructions:
obtaining an isolation rule set by a user for user privacy information, wherein the isolation rule at least comprises the following steps: an applet that needs to be isolated from user privacy information and access rights of the applet;
isolating the user privacy information from the applet using an isolation mechanism and providing an interface for applet access information in accordance with the isolation rules;
responding to the small program to send out access through the interface, and providing corresponding information for the small program according to the access authority of the small program.
The above is an illustrative scheme of a computing device of the present embodiment. It should be noted that the technical solution of the computing device and the technical solution of the above method for protecting the privacy of the user belong to the same concept, and details that are not described in detail in the technical solution of the computing device can be referred to the description of the technical solution of the above method for protecting the privacy of the user.
An embodiment of the present specification also provides a computer readable storage medium storing computer instructions that, when executed by a processor, are operable to:
obtaining an isolation rule set by a user for user privacy information, wherein the isolation rule at least comprises the following steps: an applet that needs to be isolated from user privacy information and access rights of the applet;
isolating the user privacy information from the applet using an isolation mechanism and providing an interface for applet access information in accordance with the isolation rules;
responding to the small program to send out access through the interface, and providing corresponding information for the small program according to the access authority of the small program.
The above is an illustrative scheme of a computer-readable storage medium of the present embodiment. It should be noted that the technical solution of the storage medium and the technical solution of the above method for protecting the user privacy belong to the same concept, and details that are not described in detail in the technical solution of the storage medium can be referred to the description of the technical solution of the above method for protecting the user privacy.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The computer instructions comprise computer program code which may be in the form of source code, object code, an executable file or some intermediate form, or the like. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
It should be noted that, for the sake of simplicity, the foregoing method embodiments are described as a series of acts, but those skilled in the art should understand that the present embodiment is not limited by the described acts, because some steps may be performed in other sequences or simultaneously according to the present embodiment. Further, those skilled in the art should also appreciate that the embodiments described in this specification are preferred embodiments and that acts and modules referred to are not necessarily required for an embodiment of the specification.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
The preferred embodiments of the present specification disclosed above are intended only to aid in the description of the specification. Alternative embodiments are not exhaustive and do not limit the invention to the precise embodiments described. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the embodiments and the practical application, to thereby enable others skilled in the art to best understand and utilize the embodiments. The specification is limited only by the claims and their full scope and equivalents.

Claims (10)

1. A method for protecting user privacy, applied to a platform application including one or more applets therein, the method comprising:
obtaining an isolation rule set by a user for user privacy information, wherein the isolation rule at least comprises the following steps: an applet that needs to be isolated from user privacy information and access rights of the applet;
isolating the user privacy information from the applet using an isolation mechanism and providing an interface for applet access information in accordance with the isolation rules;
responding to the small program to send out access through the interface, and providing corresponding information for the small program according to the access authority of the small program.
2. The method of claim 1, the isolating the user privacy information from the applet using an isolation mechanism according to the isolation rule, and providing an interface for applet access information comprising:
and according to the isolation rule, packaging an isolation layer for the operating environment of the applet, wherein the isolation layer is provided with the interface, and the interface is used for receiving the access of the applet to information and transmitting the information to the applet.
3. The method of claim 2, the isolation rule comprising: the number of the isolation layers, the small programs corresponding to the isolation layers, the user privacy information sources corresponding to the isolation layers and the access authority of the small programs;
the encapsulating the isolation layer for the operating environment of the applet according to the isolation rule includes:
and responding to the opening of the small program, and packaging a corresponding isolation layer for the operating environment of the small program according to the isolation layer corresponding to the small program and set in the isolation rule.
4. The method of claim 3, wherein the encapsulating the corresponding isolation layer for the operating environment of the applet according to the isolation layer corresponding to the applet and set in the isolation rule in response to the applet being opened comprises:
in response to the small program being opened, creating and operating an isolation layer corresponding to the small program in the isolation rule;
loading the applet in the running isolation layer so as to run the applet in the isolation layer.
5. The method of claim 2, further comprising:
receiving the setting of a user on a use scene, wherein the information of the use scene at least comprises: applicable applet type and applicable isolation layer related parameters;
in response to a user setting an isolation rule, information of the usage scenario is presented for the user to select information in the usage scenario to set the isolation rule.
6. The method of claim 1, the isolating the user privacy information from the applet using an isolation mechanism according to the isolation rule, and providing an interface for applet access information comprising:
encapsulating the user privacy information not allowed to be accessed by the applet in an isolation layer having the interface for receiving access by the applet to information and for passing information to the applet, according to the isolation rule.
7. The method of claim 1, the providing, in response to the applet issuing access through the interface, corresponding information to the applet according to the applet's access rights comprising:
responding to the small program to send out the access to the user privacy information through the interface, and providing the real user privacy information of the user in the platform type application to the small program according to the access authority of the small program, or providing the substitute information customized for the real user privacy information by the user.
8. An apparatus for protecting user privacy configured in a platform-based application including one or more applets therein, the apparatus comprising:
the rule obtaining module is configured to obtain an isolation rule set by a user for user privacy information, and the isolation rule at least comprises: an applet that needs to be isolated from user privacy information and access rights of the applet;
an isolation enforcement module configured to isolate the user privacy information from the applet using an isolation mechanism and to provide an interface for applet access information according to the isolation rules;
and the access execution module is configured to respond to the small program to send out access through the interface and provide corresponding information to the small program according to the access authority of the small program.
9. A computing device, comprising:
a memory and a processor;
the memory is to store computer-executable instructions, and the processor is to execute the computer-executable instructions to:
obtaining an isolation rule set by a user for user privacy information, wherein the isolation rule at least comprises the following steps: an applet that needs to be isolated from user privacy information and access rights of the applet;
isolating the user privacy information from the applet using an isolation mechanism and providing an interface for applet access information in accordance with the isolation rules;
responding to the small program to send out access through the interface, and providing corresponding information for the small program according to the access authority of the small program.
10. A computer readable storage medium storing computer instructions which, when executed by a processor, carry out the steps of the method of protecting user privacy of any one of claims 1 to 7.
CN202011091915.XA 2020-10-13 2020-10-13 Method and device for protecting user privacy Active CN112182623B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011091915.XA CN112182623B (en) 2020-10-13 2020-10-13 Method and device for protecting user privacy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011091915.XA CN112182623B (en) 2020-10-13 2020-10-13 Method and device for protecting user privacy

Publications (2)

Publication Number Publication Date
CN112182623A true CN112182623A (en) 2021-01-05
CN112182623B CN112182623B (en) 2022-05-13

Family

ID=73949549

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011091915.XA Active CN112182623B (en) 2020-10-13 2020-10-13 Method and device for protecting user privacy

Country Status (1)

Country Link
CN (1) CN112182623B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112765655A (en) * 2021-01-07 2021-05-07 支付宝(杭州)信息技术有限公司 Control method and device based on private data outgoing
CN112948835A (en) * 2021-03-26 2021-06-11 支付宝(杭州)信息技术有限公司 Applet risk detection method and device

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104657674A (en) * 2015-01-16 2015-05-27 北京邮电大学 Isolation protection system and isolation protection method of private data in mobile phone
CN104680084A (en) * 2015-03-20 2015-06-03 北京瑞星信息技术有限公司 Method and system for protecting user privacy in computer
US9596357B1 (en) * 2014-10-01 2017-03-14 Netzer Ruperto Phone activity tracking device
CN108235767A (en) * 2016-11-03 2018-06-29 华为技术有限公司 A kind of partition method, device and terminal for paying application
CN108701201A (en) * 2018-04-08 2018-10-23 深圳大学 A kind of access control method of mobile terminal, device, terminal and storage medium
CN109325364A (en) * 2018-09-28 2019-02-12 联想(北京)有限公司 A kind of authority configuring method and electronic equipment
CN109522726A (en) * 2018-10-16 2019-03-26 平安万家医疗投资管理有限责任公司 Method for authenticating, server and the computer readable storage medium of small routine
CN110083399A (en) * 2019-03-04 2019-08-02 上海连尚网络科技有限公司 Small routine operation method, computer equipment and storage medium
CN111381903A (en) * 2020-03-18 2020-07-07 支付宝(杭州)信息技术有限公司 Program running method, device, equipment and medium
CN111580820A (en) * 2020-05-25 2020-08-25 泰康保险集团股份有限公司 Applet generation method and device

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9596357B1 (en) * 2014-10-01 2017-03-14 Netzer Ruperto Phone activity tracking device
CN104657674A (en) * 2015-01-16 2015-05-27 北京邮电大学 Isolation protection system and isolation protection method of private data in mobile phone
CN104680084A (en) * 2015-03-20 2015-06-03 北京瑞星信息技术有限公司 Method and system for protecting user privacy in computer
CN108235767A (en) * 2016-11-03 2018-06-29 华为技术有限公司 A kind of partition method, device and terminal for paying application
CN108701201A (en) * 2018-04-08 2018-10-23 深圳大学 A kind of access control method of mobile terminal, device, terminal and storage medium
CN109325364A (en) * 2018-09-28 2019-02-12 联想(北京)有限公司 A kind of authority configuring method and electronic equipment
CN109522726A (en) * 2018-10-16 2019-03-26 平安万家医疗投资管理有限责任公司 Method for authenticating, server and the computer readable storage medium of small routine
CN110083399A (en) * 2019-03-04 2019-08-02 上海连尚网络科技有限公司 Small routine operation method, computer equipment and storage medium
CN111381903A (en) * 2020-03-18 2020-07-07 支付宝(杭州)信息技术有限公司 Program running method, device, equipment and medium
CN111580820A (en) * 2020-05-25 2020-08-25 泰康保险集团股份有限公司 Applet generation method and device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112765655A (en) * 2021-01-07 2021-05-07 支付宝(杭州)信息技术有限公司 Control method and device based on private data outgoing
CN112948835A (en) * 2021-03-26 2021-06-11 支付宝(杭州)信息技术有限公司 Applet risk detection method and device
CN112948835B (en) * 2021-03-26 2022-07-19 支付宝(杭州)信息技术有限公司 Applet risk detection method and device

Also Published As

Publication number Publication date
CN112182623B (en) 2022-05-13

Similar Documents

Publication Publication Date Title
US20210117578A1 (en) Apparatus, systems, and methods to protect hardware and software
EP4199450A1 (en) Digital twin framework for next generation networks
US9792459B2 (en) Flexible policy arbitration control suite
CN106133741B (en) For scanning the system and method for being packaged program in response to detection suspicious actions
CN112182623B (en) Method and device for protecting user privacy
WO2021097253A1 (en) Technologies for implementing the radio equipment directive
CN105339923A (en) Context-aware permission control of hybrid mobile applications
CN103856961A (en) Communications network, computer architecture, computer-implemented method and computer program product for development and management of femtocell-based applications
CN108604187B (en) Hosted virtual machine deployment
EP3975602A1 (en) Methods, apparatus and systems to enforce data boundaries through the use of boundary labels
US20210021594A1 (en) Biometric security for edge platform management
US20210152543A1 (en) Automatic escalation of trust credentials
EP4109860A1 (en) Information centric network unstructured data carrier
EP4156642B1 (en) Information centric network tunneling
US11943207B2 (en) One-touch inline cryptographic data processing
Vermesan Advancing IoT platforms interoperability
CN113448690A (en) Monitoring method and device
US20230319141A1 (en) Consensus-based named function execution
US20240053973A1 (en) Deployable container scheduling and execution on cloud development environment
US20230014064A1 (en) Decentralized reputation management in a named-function network
Jaramillo et al. Virtualization techniques for mobile systems
Bousquet et al. Enforcing security and assurance properties in cloud environment
CN108140095B (en) Distributed big data security architecture
WO2022271042A1 (en) Automated node configuration tuning in edge systems
US20210264107A1 (en) Understanding and mediating among diversely structured operational policies

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40043948

Country of ref document: HK

GR01 Patent grant
GR01 Patent grant