CN101859352A - Method, system, application software and platform software for controlling authority - Google Patents
Method, system, application software and platform software for controlling authority Download PDFInfo
- Publication number
- CN101859352A CN101859352A CN200910081959A CN200910081959A CN101859352A CN 101859352 A CN101859352 A CN 101859352A CN 200910081959 A CN200910081959 A CN 200910081959A CN 200910081959 A CN200910081959 A CN 200910081959A CN 101859352 A CN101859352 A CN 101859352A
- Authority
- CN
- China
- Prior art keywords
- authority
- data
- software
- application software
- platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 238000002360 preparation method Methods 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 6
- 238000007726 management method Methods 0.000 description 6
- 230000003993 interaction Effects 0.000 description 4
- 238000012423 maintenance Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000000295 complement effect Effects 0.000 description 3
- 238000000605 extraction Methods 0.000 description 3
- 238000013500 data storage Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000007596 consolidation process Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a method, system, application software and platform software for controlling authority so as to realize the control and management of the platform software on the authority depending on involvement of the application software. The authority controlling method provided by the embodiment of the invention is applied for a system, wherein the system comprises the application software and the platform software; and the application software accesses data stored in the platform software side through the platform software. The authority controlling method comprises the following steps: the authority data for recording the application software authority are stored in the platform software side, wherein the application software permission is a permission of operating the data stored in the platform software side; when an operation related to the application software authority to the data is carried out, the application software requests information of the authority data to the platform software; and the application software participates in the control of the operation according to the information of the authority data provided by the platform software.
Description
Technical Field
The invention relates to a security access control technology, in particular to a permission control method, a system, application software and platform software.
Technical Field
At present, platform software can only manage and control the authority of which the implementation depends on the participation of the platform software without depending on the participation of application software. In the invention, the authority of the platform software which depends on the participation of the platform software is simply called platform software authority. In this case, when the application software logs in with the role, the platform software controls the operation of the application software according to the authority data of the role. Here, the authority data of the role records the platform software authority that the role has. Typically, the platform software may be a document library system.
The implementation of the authority here means that the role is allowed to execute the operation corresponding to the authority when the role has the authority, and the role is refused to execute the operation corresponding to the authority when the role does not have the authority. When the implementation of a certain authority requires the participation of application software, the authority is called the authority depending on the participation of the application software, and is simply referred to as the application software authority in the invention. Such as read or write rights, which are implemented under the control of platform software, that is, when a role has read or write rights, the platform software allows the application software logged in the role to perform read or write operations, and when the role does not have read or write rights, the platform software refuses the application software logged in the role to perform read or write operations. However, for example, the extraction authority is based on the reading authority provided by the platform software, and may further control whether the application software can extract the document data after reading the document data. Because the platform software already provides readable document data for the application software, the platform software cannot control how the application software reads specifically, and the application software needs to participate. That is, the application software needs to determine whether the currently logged-in role has the extraction authority, and control the operation of the application software according to the corresponding authority. Therefore, the excerpt right belongs to the application software right.
Such as print privileges, its implementation is controlled by platform software. However, for a more detailed printing authority, which is based on the printing authority provided by the platform software, how the application software prints can be further controlled, such as controlling the maximum number of pages that the application software prints at one time, controlling the number of times the application software prints continuously, and the like. Since the platform software already provides the application software with the maximum printing authority, the platform software also has no power as to how the application software performs printing specifically, that is, the control of the more detailed printing authority needs the participation of the application software. Therefore, such a more refined printing authority also belongs to the application software authority.
As can be seen, platform software cannot effectively control the authority of certain application software at present.
Disclosure of Invention
In view of this, embodiments of the present invention provide an authority control method, system, application software, and platform software, so as to implement control and management of the platform software on the authority of the application software.
In order to achieve the above object, an authority control method provided in an embodiment of the present invention is applied to a system, where the system includes application software and platform software, where the application software accesses data stored in the platform software through the platform software; the method comprises the following steps:
storing authority data for recording application software authority in a platform software side, wherein the application software authority is the authority for operating the data stored in the platform software side;
when the data is to be subjected to operation related to the authority of the application software, the application software requests the information of the authority data from the platform software;
and according to the information of the authority data provided by the platform software, the application software participates in the control of the operation.
In order to achieve the above object, an authority control system provided in an embodiment of the present invention includes:
the application software is used for accessing the data stored at the platform software side through the platform software;
the platform software is used for providing data of the platform software side for the application software according to the instruction of the application software;
wherein,
the application software is further used for storing authority data for recording the authority of the application software in a platform software side, wherein the authority of the application software is the authority for operating the data stored in the platform software side; and further used for requesting the information of the authority data to the platform software when the data is to be operated related to the authority of the application software; and participate in the control of the operation according to the information of the authority data provided by the platform software;
the platform software is further used for storing authority data for recording the authority of the application software according to the instruction of the application software; and further used for providing the information of the authority data to the application software according to the instruction of the application software.
In order to achieve the above object, an application software provided in an embodiment of the present invention includes:
the system comprises a first module, a second module and a third module, wherein the first module is used for requesting the platform software to record the authority information of the authority of the application software when the platform software side data is to be subjected to the operation related to the authority of the application software, and the platform software side stores the authority data of the authority of the application software to be recorded;
and the second module is used for participating in the control of the operation of the platform software side data according to the authority data requested by the first module to the platform software.
In order to achieve the above object, an embodiment of the present invention provides a platform software, including:
the first module is used for storing authority data for recording the authority of the application software according to the instruction of the application software;
and the second module is used for providing the information of the authority data for the application software according to the instruction of the application software.
According to the authority control method, the authority control system, the application software and the platform software provided by the embodiment of the invention, the application software stores the authority data recorded with the authority of the application software in the platform software side, when the application software carries out the operation related to the authority of the application software on the data, the application software firstly comes to the platform software to inquire whether the platform software has the corresponding authority of the application software, and after the platform software provides the corresponding authority information to the application software, the application software can participate in the control of the operation according to the information of the authority data. In this way, the control and management of the platform software to the application software authority are realized.
In addition, the authority data recorded with the application software authority is stored in the platform software side, and the data and the authority information related to the data are stored together, so that the safety of data authority control can be greatly improved.
Moreover, because the security of the platform software is far higher than that of the application software side under normal conditions, the authority data recorded with the authority of the application software is integrated under the management of the platform software, so that the security of the authority data is higher.
Drawings
Fig. 1 is a schematic structural diagram of a rights control system in an embodiment of the present invention.
Fig. 2 is a flowchart of a method for controlling a right in an embodiment of the present invention.
Fig. 3 is a schematic structural diagram of application software for controlling permissions in the embodiment of the present invention.
Fig. 4 is a schematic structural diagram of platform software for controlling authority in the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the accompanying drawings.
In the authority control method provided by the embodiment of the invention, authority data for recording the authority of application software is stored in a platform software side, wherein the authority of the application software is the authority for operating the data stored in the platform software side; when the application software wants to perform the operation related to the authority of the application software on the data stored at the platform software side, the platform software provides the information of the authority data to the application software, and the application software participates in the control of the data operation according to the information of the authority data provided by the platform software.
Fig. 1 is a schematic structural diagram of a rights control system in an embodiment of the present invention. As shown in fig. 1, the authority control system includes application software 101 and platform software 102, wherein data to be operated 103 is located on the platform software side. The application software 101 accesses the data 103 to be operated stored in the platform software 102 side through the platform software 102, and the platform software 102 provides the data 103 to be operated for the application software 101 according to the instruction of the application software 101. Once the application software 101 accesses the data 103 to be operated on through the platform software 102, the operation of the application software 101 on the data 103 does not need to pass through the platform software 102. Such as the extraction of data 103 by application software 101, need not pass through platform software 102.
The application software 101 is used for storing authority data for recording application software authority in the platform software 102 side, wherein the application software authority is the authority for operating the data to be operated 103 stored in the platform software 102 side; when an operation related to the authority of the application software is to be performed on the data 103, information of the authority data is first acquired from the platform software 102, and then the control of the operation on the data 103 is participated in according to the information of the authority data acquired from the platform software 102.
The platform software 102 is used for storing authority data for recording the authority of the application software according to the instruction of the application software 101; the information of the authority data is provided to the application software 101 according to the instruction of the application software 101.
Specifically, the authority data of the application software authority includes application software authority that at least one role has, when the application software 101 intends to perform an operation corresponding to the application software authority on the data 103, the application software 101 requests the platform software 102 for the information of the authority data, the platform software 102 provides the information of the authority data for the application software 101, the application software 101 determines whether the currently logged-in role has application software authority to execute the operation according to the information of the authority data provided by the platform software 102, and if the currently logged-in role does not have the corresponding application software authority, the application software 101 cannot execute the corresponding operation on the data 103.
Those skilled in the art can understand that the application software storing the authority data recording the authority of the application software in the platform software side and the application software requesting the authority data information from the platform software and controlling the data operation according to the authority data provided by the platform software may be different application software, even different application software under normal conditions.
For example, the application software a stores the authority data recording the authority of the application software in the platform software side, and if the authority data records the authority information of the application software that the role A, B, C has, when the application software B logs in the platform software with the role a and wants to perform a operation on the data on the platform software side, the application software B first requests the authority data from the platform software, and the application software B can determine whether the role B has the application software authority corresponding to the operation a from the authority data provided by the platform software, if the role B has the corresponding application software authority, the application software B can perform the operation a on the data on the platform software side, otherwise, the application software B cannot perform the operation a on the data on the platform software side.
Further, the application software 101 or the platform software 102 may also maintain the authority data.
When the platform software 102 does not understand the specific meaning of the rights data, the maintenance of the rights data is done by the application software 101. Specifically, after the platform software 102 provides the authority data for the application software 101, the application software 101 may modify and maintain the authority data, such as deleting or adding roles, merging, deleting or adding application software authorities, modifying application authorities owned by roles, and the like, and then store the modified authority data in the platform software 102 side to update the original authority data.
When the platform software 102 understands the specific meaning of the rights data, the platform software 102 can actively perform maintenance according to the content of the rights data, such as merging and deleting of application software rights. The content of the authority data can also be maintained according to the instruction of the application software 101, such as deleting or adding roles, deleting or adding application software authority, modifying application authority possessed by roles, and the like.
The merging and deleting of the application software permissions will be described in detail later, and will not be described in detail here.
When the platform software is a document library system, the data on the platform software side can be unstructured data such as document data, and when the platform software is an audio/video system, the data on the platform software side can be video/audio data.
Fig. 2 is a flowchart of a rights management method in an embodiment of the invention. As shown in fig. 2, the rights management method provided in the embodiment of the present invention is applied to the rights management system shown in fig. 1, and specifically includes:
step 201: and storing the authority data for recording the authority of the application software in the platform software side. The authority data for recording the application software authority comprises application software authority which at least one role has, and the application software authority is authority for operating data stored on the platform software side.
Specifically, the application software authority of at least one role can be set according to the requirement of the user. Rights data recording the rights of the application software may be stored in the document data.
In the embodiment of the invention, the authority data for recording the application software authority and the authority data for recording the platform software authority can be stored together or separately.
Step 202: when the platform software side data is to be operated related to the authority of the application software, the application software requests the information of the authority data from the platform software and participates in the control of the platform software side data operation according to the information of the authority data provided by the platform software.
When the application software logs in the platform software in a role to operate the data on the platform software side, the platform software provides the information of the authority data to the application software, the application software judges whether the current login role has the application software authority corresponding to the operation or not according to the information of the authority data provided by the platform software, if the current login role has the application software authority corresponding to the operation, the application software can operate the data on the platform software side, otherwise, the application software cannot operate the data on the platform software side.
In the embodiment of the invention, the storage form of the authority data can be a role and application software authority comparison table. That is, the contents in the look-up table can be used to represent whether different roles have corresponding application software rights.
In the embodiment of the present invention, the content in the lookup table may be a flag bit, such as a numerical value or a character string. For example, the flag bit can be a number 1 or 0, and the number 1 is used to indicate that the role has the corresponding application software authority; the number 0 is used to indicate that the role does not have a corresponding application software privilege.
In another embodiment of the present invention, the content in the lookup table may also be information required for executing the operation of the application software authority, such as a key (which may be a private key or a public key in an asymmetric key, or a symmetric key, or a password), and encrypted ciphertext data. The information required for executing the application software permission operation may also be other types of information, which may be different according to specific situations and is not described herein. Therefore, when the application software logs in the data of the platform software instance in a role and the authority operation of the application software is to be executed, the application software is allowed to execute the corresponding operation only if the application software needs to correctly provide the information required by the authority operation of the application software.
For example, if the content in a certain cell in the comparison table is key information, it indicates that the role corresponding to the cell has the corresponding application software permission. If the content in a certain cell on the comparison table does not contain information required for executing the application software permission operation, such as NULL, NULL or other values (any information except the information required for executing the application software permission operation), it indicates that the corresponding role of the cell does not have the corresponding application software permission.
In the embodiment of using the flag bit to indicate whether the role has the application software authority, the security of the system can only depend on the code security of the application software. But in embodiments where the information needed to perform application software permission operations is used to indicate whether a role has application software permissions, a simple code attack can no longer breach the security of the permission control. This is because the application software is allowed to perform the corresponding operation only by acquiring the information required for performing the application software permission operation corresponding to the current login role, and thus it is difficult for such permission control to bypass the platform software. The security of the platform software is much higher than that of the application software, so that the method for storing the information required for executing the authority operation of the application software in the authority data has higher security. In this case, even if the code of the application software is a development code, the security of the authority control is not affected.
For example, for the more detailed printing authority, when the flag bit is used to indicate whether the role has the application software authority, the application software queries the authority data provided by the platform software, determines whether the currently registered role has the printing authority, and controls the printer to print when the currently registered role has the printing authority. However, an attacker can modify the application software to enable the application software to directly skip the step of verifying whether the current login role has the printing authority or not, and the printer prints the login role directly, and in such a case, the system cannot effectively control the operation of the application software. However, in the case where the information required to execute the authority operation of the application software indicates whether or not the character has the authority of the application software, the printer can execute printing only if the application software acquires the information required to execute the printing operation of the currently registered character from the authority data provided by the platform software. Therefore, the printing operation cannot be performed by bypassing the platform software without knowing the information required to perform the printing operation. It is clear that in this way a higher security can be obtained.
The process that the application software judges whether the current login role has the application software permission corresponding to the operation according to the permission data information provided by the platform software may be: and the application software traverses the authority data one by one, finds out a cell corresponding to the current login role and the operation authority, and judges whether the current login role has the operation authority or not according to the content in the cell. As long as one role in the current login roles has the operation authority, the operation is allowed to be executed; otherwise, execution of the operation is denied.
Table 1 is a comparison table storage form of authority data. As shown in Table 1, the table has m rows and n columns, where the columns represent roles and the n columns represent a total of n roles; the rows represent application permissions, and the m rows represent a total of m application permissions. The cell content in the ith row and the jth column indicates whether the role j has the application software authority i. It is assumed that 1 is used to indicate that the role has the application rights and 0 is used to indicate that the role does not have the application rights. Assuming that the application software is registered in role 1 and role 2, it can be seen from table 1 that the application software can perform operations corresponding to authority 1, authority 2, and authority m.
TABLE 1
The process that the application software judges whether the current login role has the application software permission corresponding to the operation according to the permission data information provided by the platform software can also be as follows: the application software obtains the current login role and the sub-comparison table of all application software authorities according to the authority data provided by the platform software, traverses each cell corresponding to the operation authority, and judges whether the current login role has the operation authority according to the content in each cell. As long as one of the current login roles has the operation authority, the application software is allowed to execute the operation. For example, if the application software logs in with role 1, role 2, and role k, then table 2 is a sub-comparison table of the current login role and all permissions obtained from table 1; if the operation authority to be queried at present is the authority 3, only the content in the cell corresponding to the authority 3 needs to be searched.
TABLE 2
Of course, the process of the application software judging whether the current login role has the application software permission corresponding to the operation according to the permission data information provided by the platform software may also be: the application software obtains all the characters and the sub comparison table of the operation authority according to the authority data provided by the platform software, each cell corresponding to the current login role is traversed one by one in the sub comparison table, and whether the current login role has the operation authority is judged according to the content in each cell.
The process that the application software judges whether the current login role has the application software permission corresponding to the operation according to the permission data information provided by the platform software can also be as follows: the application software obtains the current login role and the sub comparison table of the operation authority according to the authority data provided by the platform software, traverses each cell in the comparison table, and judges whether the current login role has the operation authority according to the content in each cell.
Although the four lookup methods are described by taking the cell contents in the comparison table as the flag bit, those skilled in the art will readily understand that the four lookup methods are also applicable to the case where the contents in the comparison table are the information required for executing the application software permission operation.
All the above descriptions assume that the application software permissions in the system are independent and independent, and in practice, some application software permissions have overlapping or inclusion relationship, and then the permission data can be further optimized through application software permission combination and deletion. The following illustrates a method for application software rights consolidation.
If there is a containment relationship between two rights a, b, i.e. if there is a right a, then there must be a right b, then the right a can be considered as being merged from the right b and another implicit right c, where the right c is the complement of the right b in the right a. In the authority data, the authority c is used to replace the authority a, and the role which originally possesses the authority a now possesses the authority b and the authority c at the same time.
If the original application software permission comprises a read-write permission, a write permission is added, the permission data needs to be modified at the moment, the read permission is used for replacing the read-write permission, and a role originally having the read-write permission now has the write permission and the read permission at the same time.
If a partial overlapping relationship exists between two authorities a and b, that is, if the authority a exists, the authority b is partially owned, the authority a can be considered to be composed of an authority ab and an authority c, and the authority b is composed of an authority ab and an authority d, wherein the authority ab is an intersection of the authority a and the authority b, the authority c is a complement of the authority ab in the authority a, and the authority d is a complement of the authority ab in the authority b. In the authority data, the replacement authority a and the replacement authority b are authority ab, authority c and authority d, and specifically, the replacement authority a and the replacement authority b may be the addition authority ab, the substitution authority c for the authority a, and the substitution authority d for the authority b. And simultaneously, the role which originally has the authority a simultaneously has the authority ab and the authority c, and the role which originally has the authority b simultaneously has the authority ab and the authority d.
For example, if the original application software permission includes a read-write permission, and a write/print permission is added, the permission data needs to be modified, the read-write permission and the write/print permission are replaced by the read permission, the write permission and the print permission, and a role originally having the read-write permission now has the write permission and the read permission, and a role originally having the write/print permission now has the write permission and the print permission.
The splitting technique described above can be used multiple times if there are containment and overlapping relationships between more than two rights.
Fig. 3 is a schematic structural diagram of application software for controlling permissions in the embodiment of the present invention. As shown in fig. 3, the application software provided in the embodiment of the present invention includes a rights data obtaining module 301 and an operation module 302.
The permission data obtaining module 301 is configured to, when an operation related to an application software permission is to be performed on platform software side data, request the platform software for permission information for recording the application software permission, where the platform software side stores permission data for recording the application software permission.
The operation module 302 is configured to participate in control of operation on platform software-side data according to the authority data requested by the authority data acquisition module 301 to the platform software.
The application software can further comprise a permission data interaction module which is used for storing the permission data for recording the permission of the application software in the platform software side.
The application software may further include a permission data maintenance module, configured to maintain the permission data obtained by the permission data obtaining module 301, and store the maintained permission data to the platform software side through the permission data interaction module, so as to update the permission data on the platform software side.
Those skilled in the art will appreciate that in some cases, some application software may have only the functions of the rights data interaction module.
Fig. 4 is a schematic structural diagram of platform software for controlling authority in the embodiment of the present invention. As shown in fig. 4, the platform software includes:
the authority data storage module 401 is used for storing authority data for recording the authority of the application software according to the instruction of the application software;
and the permission data interaction module 402 is used for providing the information of the permission data to the application software according to the instruction of the application software.
The platform software may further include a permission data maintenance module for maintaining the permission data stored in the permission data storage module 401 when the platform software understands the specific meaning of the permission data.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and the like that are within the spirit and principle of the present invention are included in the present invention.
Claims (19)
1. An authority control method is applied to a system, wherein the system comprises application software and platform software, and the application software accesses data stored on the platform software side through the platform software; characterized in that the method comprises:
storing authority data for recording application software authority in a platform software side, wherein the application software authority is the authority for operating the data stored in the platform software side;
when the data is to be subjected to operation related to the authority of the application software, the application software requests the information of the authority data from the platform software;
and according to the information of the authority data provided by the platform software, the application software participates in the control of the operation.
2. The method of claim 1, wherein the permission data for recording application permissions includes application permissions that at least one role has;
the participation of the information according to the authority data provided by the platform software in controlling the operation comprises the following steps:
judging whether the current login role has the application software permission corresponding to the operation or not according to the permission data;
and if the current login role has the application software permission corresponding to the operation, the data can be operated, otherwise, the data cannot be operated.
3. The method of claim 1, further comprising: and maintaining the authority data.
4. The method of claim 3, wherein the maintaining of the rights data is done by application software when the platform software does not understand the specific meaning of the rights data.
5. The method of claim 3, wherein the platform software maintains the content of the rights data actively or according to instructions of application software when the platform software understands specific meaning of the rights data.
6. The method of claim 2, wherein the indicator indicates whether a role has an application software privilege.
7. The method of claim 2, wherein an application privilege a role has is indicated by information needed to perform an application privilege corresponding operation.
8. The method according to claim 7, wherein information required for executing the operation corresponding to the current login role is acquired from the authority data provided by the platform software, the data is operated according to the acquired information required for executing the operation, and if the information required for executing the operation corresponding to the current login role does not exist in the authority data provided by the platform software, the data cannot be operated.
9. The method according to claim 7 or 8, wherein the information required for executing the operation corresponding to the application software permission comprises: a key or other data encrypted with a key.
10. The method according to any one of claims 1 to 8, wherein the permission data is stored in the form of a look-up table of roles and application software permissions.
11. The method according to any one of claims 1 to 8, wherein the application software that stores the authority data for recording the authority of the application software in the platform software side and the application software that requests the authority data information from the platform software and controls the operation according to the authority data information provided by the platform software are different application software.
12. The method according to any one of claims 1 to 8, wherein the platform software is a document library system, and the data stored on the platform software side is document data.
13. An entitlement control system comprising:
the application software is used for accessing the data stored at the platform software side through the platform software;
the platform software is used for providing data of the platform software side for the application software according to the instruction of the application software;
it is characterized in that the preparation method is characterized in that,
the application software is further used for storing authority data for recording the authority of the application software in a platform software side, wherein the authority of the application software is the authority for operating the data stored in the platform software side; and further used for requesting the information of the authority data to the platform software when the data is to be operated related to the authority of the application software; and participate in the control of the operation according to the information of the authority data provided by the platform software;
the platform software is further used for storing authority data for recording the authority of the application software according to the instruction of the application software; and further used for providing the information of the authority data to the application software according to the instruction of the application software.
14. The system of claim 13, wherein the application software or the platform software is further configured to maintain the rights data.
15. An application software, comprising:
the system comprises a first module, a second module and a third module, wherein the first module is used for requesting the platform software to record the authority information of the authority of the application software when the platform software side data is to be subjected to the operation related to the authority of the application software, and the platform software side stores the authority data of the authority of the application software to be recorded;
and the second module is used for participating in the control of the operation of the platform software side data according to the authority data requested by the first module to the platform software.
16. The application software of claim 15, further comprising:
and the third module is used for storing the authority data for recording the application software authority in the platform software side.
17. The application software of claim 16, further comprising:
and the fourth module is used for maintaining the authority data obtained by the first module and storing the maintained authority data to the platform software side through the third module so as to update the authority data of the platform software side.
18. A platform software, comprising:
the first module is used for storing authority data for recording the authority of the application software according to the instruction of the application software;
and the second module is used for providing the information of the authority data for the application software according to the instruction of the application software.
19. The platform software of claim 18, further comprising:
and the third module is used for maintaining the authority data stored in the first module when the platform software understands the specific meaning of the authority data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910081959A CN101859352A (en) | 2009-04-09 | 2009-04-09 | Method, system, application software and platform software for controlling authority |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910081959A CN101859352A (en) | 2009-04-09 | 2009-04-09 | Method, system, application software and platform software for controlling authority |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101859352A true CN101859352A (en) | 2010-10-13 |
Family
ID=42945257
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910081959A Pending CN101859352A (en) | 2009-04-09 | 2009-04-09 | Method, system, application software and platform software for controlling authority |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101859352A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102096785A (en) * | 2011-02-24 | 2011-06-15 | 北京书生国际信息技术有限公司 | Authority control method and device |
| CN102467642A (en) * | 2010-11-17 | 2012-05-23 | 北大方正集团有限公司 | Permission control method and device for application software |
| WO2013075419A1 (en) * | 2011-11-24 | 2013-05-30 | 中兴通讯股份有限公司 | Method for managing right to use of function, and mobile terminal |
| CN104516783A (en) * | 2013-09-27 | 2015-04-15 | 华为终端有限公司 | Authority control method and device |
| CN108280361A (en) * | 2017-01-05 | 2018-07-13 | 珠海金山办公软件有限公司 | A kind of authority classification management method and device |
-
2009
- 2009-04-09 CN CN200910081959A patent/CN101859352A/en active Pending
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102467642A (en) * | 2010-11-17 | 2012-05-23 | 北大方正集团有限公司 | Permission control method and device for application software |
| CN102467642B (en) * | 2010-11-17 | 2015-02-25 | 北大方正集团有限公司 | Permission control method and device for application software |
| CN102096785A (en) * | 2011-02-24 | 2011-06-15 | 北京书生国际信息技术有限公司 | Authority control method and device |
| WO2013075419A1 (en) * | 2011-11-24 | 2013-05-30 | 中兴通讯股份有限公司 | Method for managing right to use of function, and mobile terminal |
| CN104516783A (en) * | 2013-09-27 | 2015-04-15 | 华为终端有限公司 | Authority control method and device |
| CN108280361A (en) * | 2017-01-05 | 2018-07-13 | 珠海金山办公软件有限公司 | A kind of authority classification management method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| DE60301177T2 (en) | Program, procedure and device for data protection | |
| US8528099B2 (en) | Policy based management of content rights in enterprise/cross enterprise collaboration | |
| US8161527B2 (en) | Security Enhanced Data Platform | |
| US7827403B2 (en) | Method and apparatus for encrypting and decrypting data in a database table | |
| US8352735B2 (en) | Method and system for encrypted file access | |
| US7290279B2 (en) | Access control method using token having security attributes in computer system | |
| CA2623141A1 (en) | Content cryptographic firewall system | |
| CN201682524U (en) | Document transfer authority control system based on document filtering driver | |
| US8335985B2 (en) | Document use managing system, document processing apparatus, manipulation authority managing apparatus, document managing apparatus and computer readable medium | |
| JP2007156959A (en) | Access control program, information processor, and access control method | |
| JP2009519511A5 (en) | ||
| CN101859352A (en) | Method, system, application software and platform software for controlling authority | |
| JP2006099779A (en) | Right management | |
| US8611544B1 (en) | Systems and methods for controlling electronic document use | |
| CN107609408B (en) | Method for controlling file operation behavior based on filter driver | |
| CN110046205B (en) | Relational database row security access control method and system | |
| CN1633085A (en) | An access control method based on non-grade inter-role mapping | |
| US20180083954A1 (en) | Method, system, login device, and application software unit for logging into docbase management system | |
| CN104462947A (en) | Right control method and system, application software and platform software | |
| KR20070097655A (en) | Digital information storage system, digital information security system, method for storing digital information and method for service digital information | |
| DE102021129179B4 (en) | SECURE INTELLIGENT CONTAINERS TO CONTROL ACCESS TO DATA | |
| JP2008243198A (en) | Access authority control system | |
| JP2008015615A (en) | Information filter device, information filter control method, control program for information filter and recording medium | |
| JP4974246B2 (en) | File export monitoring system | |
| EP3864560A1 (en) | Methods for securing and accessing a digital document |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: BEIJING SURSEN ELECTRONIC TECHNOLOGY CO., LTD. BEI |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100089 5/F, NORTHERN REAL ESTATE BUILDING, NO.81, ZIZHUYUAN ROAD, HAIDIAN DISTRICT, BEIJING TO: 100191 ROOM 408, TAIXING BUILDING, NO.11, HUAYUAN EAST ROAD, HAIDIAN DISTRICT, BEIJING |
|
| TA01 | Transfer of patent application right |
Effective date of registration: 20101027 Address after: 100191, Room 408, Taixing building, 11 Garden East Road, Beijing, Haidian District Applicant after: Beijing Suresense International Information Technology Co., Ltd. Co-applicant after: Beijing Sursen Electronic Technology Co., Ltd. Co-applicant after: Beijing Sursen Network Technology Co., Ltd. Co-applicant after: Beijing Sursen Digital Library Software Technology Co., Ltd. Address before: North real estate building 81 No. 100089 Beijing Haidian District Zizhuyuan Road 5 layer Applicant before: Beijing Suresense International Information Technology Co., Ltd. |
|
| ASS | Succession or assignment of patent right |
Owner name: TIANJIN SHUSHENG INVESTMENT CO., LTD. Free format text: FORMER OWNER: BEIJING SURESENSE INTERNATIONAL INFORMATION TECHNOLOGY CO., LTD. Effective date: 20120509 Free format text: FORMER OWNER: BEIJING SURSEN ELECTRONIC CO., LTD. BEIJING SURSEN NETWORK TECHNOLOGY CO., LTD. BEIJING SURSEN DIGITAL LIBRARY SOFTWARE TECHNOLOGY CO., LTD. Effective date: 20120509 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100191 HAIDIAN, BEIJING TO: 300308 HEBEI, TIANJIN |
|
| TA01 | Transfer of patent application right |
Effective date of registration: 20120509 Address after: 300308, two floor, building 9, airport business park, 80 Ring Road North, Tianjin Airport Economic Zone Applicant after: Tianjin Shusheng Investment Co., Ltd. Address before: 100191, Room 408, Taixing building, 11 Garden East Road, Beijing, Haidian District Applicant before: Beijing Suresense International Information Technology Co., Ltd. Co-applicant before: Beijing Sursen Electronic Technology Co., Ltd. Co-applicant before: Beijing Sursen Network Technology Co., Ltd. Co-applicant before: Beijing Sursen Digital Library Software Technology Co., Ltd. |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20101013 |