The method of controlling security and device of mobile terminal
Technical field
The present invention relates to the communications field, method of controlling security in particular to a kind of mobile terminal and be device.
Background technology
As the mobile terminals such as the development of mechanics of communication, mobile phone come into the intelligent epoch, in intelligent hand freely, open
On machine platform, because application developer is more, quality is also uneven, makes its security be difficult to be guaranteed.Such as should
Software can be changed by exploitation, or using source code with program developer, it is hidden containing maliciously deducting fees, stealing user with implantation
Personal letter ceases and the malicious code for the behavior of grade that leaked by peripheral hardware connection, so as to be caused to the safety of the mobile terminals such as the mobile phone of user
Serious threat.
At present, the security control ability of mobile terminal system is relatively weak, its can only ensure to download stability,
Data integrity is detected, and can not effectively verify the source of application software of mobile terminal, and shortage is comprehensively tested and had
The authentication mechanism of effect, security threat behavior can not be also there may be to application program after installation and effectively manage and control,
Therefore, it is impossible to the security of mobile terminal is effectively ensured.
Specifically, by taking smart mobile phone as an example, the security control ability of current intelligent mobile phone system is primarily present with lower section
The shortcomings that face:1) effective support and checking means are lacked to the trusted grade of mobile phone application software, and applies reliability rating
Attribute is exactly the basis that effective control authority uses, and this also results in system can not carry out effectively classification pipe to application permission very well
Reason and control;2) mechanism of authorization control of acquiescence is relatively fixed, can not carry out dynamic flexible according to the actual demand of user
Adjustment;3) due to being open development platform, thus it is more relaxed using controlling to the authority of mobile phone application, it is most
Authority application developer only needs statement to obtain, the sensitive permission especially on cell phone apparatus, such as:It is related to user charges
The authority (including send message, call, surf the Net) of class, user privacy information class authority (including Message Record, contact person
Record, message registration etc.), the management and control of cell phone apparatus locality connection class authority (including WIFI connections, bluetooth connection etc.).
Relatively weak for the security control ability of the mobile terminals such as mobile phone in correlation technique, shortage is comprehensively tested and had
The authentication mechanism of effect, security threat behavior progress can not be there may be to application program after installation, and effectively management and control are asked
Topic, not yet proposes effective solution at present.
The content of the invention
For being carried out effectively due to security threat behavior can not be there may be to application program after installation in the prior art
The technical problem of mobile terminal safety operation can not be ensured caused by management and control, the invention provides a kind of mobile terminal
Method of controlling security and device.
According to an aspect of the invention, there is provided a kind of method of controlling security of mobile terminal, including:When monitor should
During with using System Privileges, the reliability rating belonging to the application and the control authority list under the reliability rating are obtained,
Wherein, the authority of required control under the reliability rating is have recorded in the control authority list;Judging the System Privileges is
No is the authority in control authority list;If the System Privileges are not the authority in the control authority list, allow institute
State using the System Privileges.
Preferably, after judging whether the System Privileges are authority in the control authority list, in addition to:If
The System Privileges are the authority in the control authority list, then judge whether the application control for the System Privileges
System strategy;If the application control strategy for the System Privileges be present, judged whether according to the application control strategy
Allow described using the System Privileges.
Preferably, after judging whether for the application control strategy of the System Privileges, in addition to:If do not deposit
In the application control strategy for the System Privileges, then the application control strategy that user inputs is received;It is defeated according to the user
The application control strategy entered is described using the System Privileges to determine whether.
Preferably, obtain the reliability rating belonging to the application and the control authority list under the reliability rating it
Before, in addition to:Preset control strategy configuration file is loaded in system specified catalogue;The control strategy configuration file is entered
Row parsing obtains the control authority list under each reliability rating;Including the control authority list records under each reliability rating
In deposit data.
Preferably, obtain the reliability rating belonging to the application and the control authority list under the reliability rating it
Before, in addition to:When system carries out application scanning or installs the application, the signing messages of the application is obtained;Use system
Preset digital certificate of uniting is authenticated to the signing messages;If certification is by the way that the reliability rating of the application is set
For reliability rating corresponding with the digital certificate;If authentification failure, the reliability rating of the application is arranged to insincere
Appoint grade.
Preferably, the authority includes at least one of:Class of paying authority, individual privacy information class authority, equipment connect
Connect class authority.
According to another aspect of the present invention, there is provided a kind of safety control of mobile terminal, including:First obtains list
Member, for when monitoring using System Privileges, obtaining the reliability rating belonging to the application and the reliability rating
Under control authority list, wherein, the authority of required control under the reliability rating is have recorded in the control authority list;Sentence
Disconnected unit, for judging whether the System Privileges are authority in control authority list;Processing unit, in the system
When authority is not the authority in the control authority list, it is allowed to described using the System Privileges.
Preferably, processing unit includes:Judge module, used in being the control authority list in the System Privileges
During authority, the application control strategy for the System Privileges is judged whether;Processing module, for existing for described
During the application control strategy of System Privileges, determined whether according to the application control strategy described in using the system
System authority.
Preferably, the safety control of the mobile terminal also includes:Loading unit, in system specified catalogue
Load preset control strategy configuration file;Resolution unit, for being parsed to obtain respectively to the control strategy configuration file
Control authority list under reliability rating;Recording unit, for the control authority list records under each reliability rating to be existed
In internal storage data.
Preferably, the safety control of the mobile terminal also includes:Second acquisition unit, for carrying out using sweeping
When retouching or the application being installed, the signing messages of the application is obtained;Authentication unit, for the numeral card using system intialization
Book is authenticated to the signing messages;Setting unit, for certification by when, the reliability rating of the application is arranged to
Reliability rating corresponding with the digital certificate;In authentification failure, the reliability rating of the application is arranged to trustless
Grade.
In the present invention, when monitoring using authority in the system of mobile terminal, by carrying out letter to application
Appoint the division and control authority list of grade, realize the management used authority and control function, solve prior art
In can not ensure the technical problem of mobile terminal safety operation, reach the skill of the security control ability for enhancing mobile terminal system
Art effect.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, forms the part of the application, this hair
Bright schematic description and description is used to explain the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is a kind of preferred flow charts of the method for controlling security of mobile terminal according to embodiments of the present invention;
Fig. 2 is a kind of preferred structure figure of the safety control of mobile terminal according to embodiments of the present invention;
Fig. 3 is another preferred structure figure of the safety control of mobile terminal according to embodiments of the present invention;
Fig. 4 is a kind of preferred principle schematic of the method for controlling security of mobile terminal according to embodiments of the present invention;
Fig. 5 is to apply a kind of excellent of reliability rating certification in the method for controlling security of mobile terminal according to embodiments of the present invention
Select flow chart;
Fig. 6 be mobile terminal according to embodiments of the present invention method of controlling security in control strategy a kind of preferred flow
Figure;
Fig. 7 be mobile terminal according to embodiments of the present invention method of controlling security in application control strategy the preferred stream of one kind
Cheng Tu;
Fig. 8 be mobile terminal according to embodiments of the present invention method of controlling security in application permission using control management one
Kind preferred process flow chart;
Fig. 9 is the control strategy that payment class authority is generated in the method for controlling security of mobile terminal according to embodiments of the present invention
A kind of preferred flow charts;
Figure 10 be mobile terminal according to embodiments of the present invention method of controlling security in pay class authority use control pipe
A kind of preferred process flow chart of reason;
Figure 11 is to generate individual privacy information class authority in the method for controlling security of mobile terminal according to embodiments of the present invention
Control strategy a kind of preferred process flow chart;
Figure 12 be mobile terminal according to embodiments of the present invention method of controlling security in individual privacy information class authority make
With a kind of preferred process flow chart of control management;
Figure 13 is the control that locality connection class authority is generated in the method for controlling security of mobile terminal according to embodiments of the present invention
Make a kind of preferred process flow chart of strategy;
Figure 14 be mobile terminal according to embodiments of the present invention method of controlling security in locality connection class authority use control
A kind of preferred process flow chart of tubulation reason.
Embodiment
Describe the present invention in detail below with reference to accompanying drawing and in conjunction with the embodiments.It should be noted that do not conflicting
In the case of, the feature in embodiment and embodiment in the application can be mutually combined.
Embodiment 1
The invention provides a kind of method of controlling security of preferable mobile terminal, as shown in figure 1, the peace of the mobile terminal
Full control method includes:
S102, when monitoring using System Privileges, obtain the reliability rating belonging to the application and the letter
Appoint the control authority list under grade, wherein, required control under the reliability rating is have recorded in the control authority list
Authority.
S104, judge whether the System Privileges are authority in control authority list.
S106, if the System Privileges are not the authority in the control authority list, allow described using institute
State System Privileges.
In the above-described embodiments, when monitoring using System Privileges, drawn by carrying out reliability rating to application
Point and control authority list, it is possible to achieve the authority that is controlled according to the reliability rating of application and corresponding needs judges
Whether allow the application to use said system authority, mobile device can be obtained by simply statement this avoid application
On sensitive permission, solve can not ensure in the prior art mobile terminal safety operation technical problem, reach and enhance shifting
The technique effect of the security control ability of dynamic terminal system.
In a preferred embodiment of the invention, when system boot initializes, add in system specified catalogue
Preset control strategy configuration file is carried, by being parsed to obtain the control under each reliability rating to control strategy configuration file
Permissions list, and by the control authority list records under each reliability rating in internal storage data.Certainly, it is above-mentioned at the beginning of system boot
Beginningization performs a kind of example that above-mentioned loading operation is the present invention, and the present invention is not limited only to this, can also be at other moment
To perform above-mentioned loading operation, for example, performing above-mentioned loading operation when being scanned to each application.Above-mentioned preferred
In embodiment, the control authority list under each reliability rating is stored in internal storage data, internal storage data read-write can be utilized fast
Fast ground advantage realizes to control authority list fast reading and writing, so as to improve the safety control for the mobile terminal that the present invention is protected
The execution speed of method processed.
In another preferred embodiment of the present invention, there is provided a kind of splitting scheme of reliability rating.Specifically,
On the basis of above-mentioned each preferred embodiment, the method for controlling security of mobile terminal also includes:Obtaining belonging to the application
Reliability rating and the reliability rating under control authority list before, when system carry out application scanning or installation application
When, obtain the signing messages of application;The signing messages is authenticated using the digital certificate of system intialization, if certification is led to
Cross, then the reliability rating of the application is arranged to reliability rating corresponding with the digital certificate;If authentification failure, by institute
The reliability rating for stating application is arranged to trustless grade.Preferably, reliability rating corresponding with the digital certificate can wrap
Include but be not limited to:" manufacturer's reliability rating ", " operator's reliability rating ", " third party's cooperation manufacturer reliability rating " etc..Above-mentioned
In embodiment, the reliability rating belonging to application is divided by the signing messages to application and the digital certificate of system intialization, this
Sample, it can match using affiliated reliability rating with the digital certificate of system, so as to realize the letter to application exactly
Appoint the division of grade, efficiently control the security of system.
In another preferred embodiment of the present invention, the power in judging whether System Privileges are control authority list
In limited time, if System Privileges are the authority in control authority list, need to further determine whether answering for System Privileges be present
Use control strategy.If the application control strategy for System Privileges be present, determined whether according to application control strategy
Using System Privileges.If in the absence of the application control strategy for System Privileges, the application control of user's input is received
Strategy, the application control strategy inputted according to the user come described in determining whether using the System Privileges.
In above-mentioned preferred embodiment, when the application control strategy for System Privileges be present, existing application control strategy is used
To determine whether using System Privileges, new application control plan is obtained without extraly being interacted with user
Slightly, operating process is saved, improves the efficiency of method of controlling security execution;In addition, in the absence of answering for System Privileges
During with control strategy, current application control strategy is selected by user, adds the flexibility of security control.
Preferably, the authority selection that the user is carried out includes but is not limited to:Allow, refusal.In above-described embodiment
On the basis of, after the application control strategy of user's input is received, the result that the user selects for the authority is converted into
For the application control strategy of the System Privileges, and application control strategy is preserved in system record.
In another preferred embodiment of the present invention, the authority includes at least one of:Pay class authority, individual
People's privacy information class authority, equipment connection class authority.In the preferred embodiment, by the restriction to authority, this can be caused
The protected method of controlling security of invention goes for different scenes.
The implementation of above-mentioned each optimal technical scheme, effectively the application on mobile terminal can be carried out based on trust etc.
The classification of level, and according to classification the using and managing come control authority of reliability rating, realize and the authority on mobile terminal is entered
The customizable and being dynamically adapted of row control, have to the application security threat behavior that may be present on mobile terminal
Effect management control, ensure the security of mobile terminal.
Embodiment 2
The invention provides a kind of safety control of preferable mobile terminal, as shown in Fig. 2 the peace of the mobile terminal
Full control device includes:First acquisition unit 202, for when monitoring using System Privileges, obtain and described apply institute
Control authority list under the reliability rating of category and the reliability rating, wherein, it have recorded institute in the control authority list
State the authority of required control under reliability rating;Judging unit 204, for judging whether the System Privileges are control authority list
In authority;Processing unit 206, for when the System Privileges are not the authority in the control authority list, it is allowed to institute
State using the System Privileges.
In above-described embodiment, when monitoring using System Privileges, by the division that reliability rating is carried out to application
And control authority list, it is possible to achieve the authority that is controlled according to the reliability rating of application and corresponding needs judges to be
It is no to allow the application to use said system authority, it can be obtained this avoid application by simply statement on mobile device
Sensitive permission, solve can not ensure in the prior art mobile terminal safety operation technical problem, reach and enhance movement
The technique effect of the security control ability of terminal system.
In a preferred embodiment of the invention, specifically, as shown in figure 3, the security control of the mobile terminal
Device also includes:Loading unit 308, resolution unit 310 and recording unit 312.When system boot initializes, loading unit
308 load preset control strategy configuration file in system specified catalogue, and resolution unit 310 configures text to the control strategy
Part is parsed to obtain the control authority list under each reliability rating, and recording unit 312 is by the control under each reliability rating
Permissions list is recorded in internal storage data.Certainly, above-mentioned loading unit 308 performs above-mentioned loading behaviour in system boot initialization
Making to be a kind of example of the invention, the present invention is not limited only to this, and above-mentioned loading operation can also be performed at other moment,
For example, above-mentioned loading operation is performed when being scanned to each application.In above-mentioned preferred embodiment, by each reliability rating
Under control authority list be stored in internal storage data, can utilize internal storage data read-write rapidly advantage realize to control authority
List ground fast reading and writing, so as to improve the execution speed of the method for controlling security for the mobile terminal that the present invention is protected.
In another preferred embodiment of the present invention, there is provided a kind of splitting scheme of reliability rating.Such as Fig. 3 institutes
Show, specifically, on the basis of above-mentioned each preferred embodiment, the safety control of mobile terminal also includes:Second
Acquiring unit 314, for obtaining the reliability rating belonging to the application and the control authority list under the reliability rating
Before, when carrying out application scanning or installing the application, the signing messages of the application is obtained;Authentication unit 316, is used for
The signing messages is authenticated using the digital certificate of system intialization;Setting unit 318, for certification by when, will
The reliability rating of the application is arranged to reliability rating corresponding with the digital certificate, in authentification failure, by the application
Reliability rating be arranged to trustless grade.Preferably, reliability rating corresponding with the digital certificate can be included but not
It is limited to:" manufacturer's reliability rating ", " operator's reliability rating ", " third party's cooperation manufacturer reliability rating " etc..In above-described embodiment
In, the reliability rating belonging to application is divided by the signing messages to application and the digital certificate of system intialization, so, application
Affiliated reliability rating can match with the digital certificate of system, so as to realize exactly to the reliability rating of application
Division, has efficiently controlled the security of system.
In another preferred embodiment of the present invention, specifically, as shown in figure 3, processing unit 206 includes:Judge
Module 3062, for when the System Privileges are the authority in the control authority list, judging whether for described
The application control strategy of System Privileges;Processing module 3064, for the application control strategy for the System Privileges be present
When, determined whether according to the application control strategy described in using the System Privileges.Above-mentioned preferable real
Applying in example, when the application control strategy for System Privileges be present, judging whether to permit using existing application control strategy
Perhaps using System Privileges, new application control strategy is obtained without extraly being interacted with user, saves behaviour
Make flow, improve the efficiency of method of controlling security execution;In addition, in the absence of the application control strategy for System Privileges
When, current application control strategy is selected by user, adds the flexibility of security control.
Preferably, the authority selection that the user is carried out includes but is not limited to:Allow, refusal.In above-described embodiment
On the basis of, after the application control strategy of user's input is received, the result that the user selects for the authority is converted into
For the application control strategy of the System Privileges, and application control strategy is preserved in system record.
In another preferred embodiment of the present invention, the authority includes at least one of:Pay class authority, individual
People's privacy information class authority, equipment connection class authority.In the preferred embodiment, by the restriction to authority, this can be caused
The protected method of controlling security of invention goes for different scenes.
The implementation of above-mentioned each optimal technical scheme, effectively the application on mobile terminal can be carried out based on trust etc.
The classification of level, and according to classification the using and managing come control authority of reliability rating, realize and the authority on mobile terminal is entered
The customizable and being dynamically adapted of row control, have to the application security threat behavior that may be present on mobile terminal
Effect management control, ensure the security of mobile terminal.
Embodiment 3
In order to better illustrate technical scheme, it is further right that the present invention comes by taking mobile phone safe control system as an example
The present invention explains, it will be appreciated that mobile phone is intended only as a kind of preferred embodiment of mobile terminal, this is preferred
Embodiment is intended merely to the preferably description present invention, does not form and the present invention is improperly limited, e.g., can also be PDA
Mobile terminals such as (Persoal Digital Assistant, palm PCs).
Fig. 4 is a kind of preferred principle schematic of the method for controlling security of mobile terminal of the embodiment of the present invention, and system is initial
Preset control strategy configuration file can be loaded and parsed first during change, and control authority plan is then generated according to the result of parsing
Slightly.In the preset application of system boot scanning and the download installation of progress third-party application, reliability rating authentication module (example
Such as, the authentication unit 316 in Fig. 3) it can complete to the authentication processing using reliability rating, and the affiliated letter being thus applied
Appoint level attributed.When monitoring using mobile phone sensitive permission, meeting access entitlements use the handling process of management module, institute
Authority is stated using management module by being cooperated with reliability rating authentication module and authority using policy module, is finally completed pair
The management and control function that authority uses.
In the present embodiment, the job step of mobile phone safe control system is as shown in figure 4, specifically include:
S402:Reliability rating authentication module carries out applying reliability rating certification, and the reliability rating category being thus applied
Property.
Preferably, when scanning of being started shooting in first time is applied or installs application, reliability rating authentication module carries out letter to application
Appoint level authentication, and the reliability rating attribute being thus applied.
S404:Whether authority is detected using mobile phone sensitive permission using management module to application.
Preferably, when authority is detected using mobile phone sensitive permission using management module, it is such as described using
It is related to the authority (including send message, call, surf the Net) of user charges class, user privacy information class authority (including disappears
Cease record, contact person record, message registration etc.), cell phone apparatus locality connection class authority (including WIFI connections, bluetooth connection etc.)
When, enter authority and be managed using management module.
S406:Authority obtains the reliability rating attribute of the application using management module by reliability rating authentication module.
S408:Authority, according to the reliability rating attribute of the application, is obtained using management module from authority using policy module
To the specific strategy of application permission control, rights management is carried out.
S410:According to obtained specific control strategy, the behavior to application access right responds.
Preferably, the behavior of described pair of application access right is responded including but not limited to following one of any:1) it is straight
Receive;2) directly refuse;3) user is prompted.
In the case where response forms is promptings, can be used according to the authority of user should corresponding to selection dynamical save renewal
With control.
Embodiment 4
In order to better illustrate technical scheme, it is further right that the present invention comes by taking mobile phone safe control system as an example
The present invention explains, it will be appreciated that mobile phone is intended only as a kind of preferred embodiment of mobile terminal, this is preferred
Embodiment is intended merely to the preferably description present invention, does not form and the present invention is improperly limited.
Preset control strategy configuration file can be loaded and parsed first during system initialization, then according to the result of parsing
Generate control authority strategy.In the preset application of system boot scanning and the download installation of progress third-party application, can complete
Authentication processing to applying reliability rating, and the affiliated reliability rating attribute being thus applied.When monitor using
During mobile phone sensitive permission, can access entitlements use management module handling process, the authority using management module by with letter
Appoint level authentication module and authority to be cooperated using policy module, be finally completed the management used authority and control function.
Preferably, Fig. 5 is preferred embodiment of the present invention application reliability rating identifying procedure figure, is specifically comprised the following steps:
Step S502, when start carries out the application scanning either installation of progress new opplication, to being decompressed using bag
Operation, and complete the dissection process to application package informatin.
Step S504, the result handled according to step S502 application Packet analyzing, extracts the signing messages data of application,
And record.
Step S506, the application signature information that step S504 is obtained and the public key file of the preset digital certificate of mobile phone are carried out
Authentication processing, if certification is by performing step S508, otherwise performing step S510.
Step S508, assign the reliability rating corresponding to the digital certificate that certification passes through, it is preferred that the reliability rating bag
Include " manufacturer's reliability rating ", " operator's reliability rating ", " third party's cooperation manufacturer reliability rating " etc.;Then, step is performed
S512。
Step S510, if application signature and the preset equal authentification failure of all digital certificates of mobile phone, assign the application " no
Trusted grade ".
Step S512, it be recorded what certification obtained using reliability rating in attribute configuration file corresponding to application, as
One normalcy properties of application are treated.
By above step S502 to S512, the support and checking to the reliability rating of mobile phone application software are completed, is made not
There are different reliability rating attributes with application, reach the effect that effective Classification Management and control are carried out to application permission.
Preferably, Fig. 6 is the flow chart that control strategy is generated in the method for controlling security of mobile terminal of the present invention, including:
Step S602, when initializing during system boot, the control plan that presets can be loaded in system specified catalogue first
Slightly configuration file, it is preferred that the control strategy configuration file can be system default control strategy configuration file.
Step S604, the dissection process of policy configuration file is controlled, carrying out classification parsing by reliability rating obtains respectively
The permissions list of control needed for reliability rating.
Step S606, the permissions list that is controlled needed for obtained each reliability rating will be parsed and recorded memory data structure
In, form control strategy.
Preferably, Fig. 7 is application control strategic process figure in mobile phone safe control method of the present invention, is comprised the following steps:
Step S702, when monitoring using to system sensitive authority, into step S704.
Step S704, gets the reliability rating attribute of application, and judges whether the authority belongs to the control strategy institute
The authority (for example, system default control authority) that need to be controlled;If being not belonging to, step S706 is performed, if belonging to, performs step
S708。
Step S706, the authority for ignoring control needed for non-controlling strategy use.
Step S708, judge whether the application control strategy that the authority uses be present, if present perform step
S710, if the execution step S712 in the absence of if.
Step S710, in the presence of the application control strategy of the authority, do not process.
Step S712, prompt user to select the authority corresponding application control strategy, and wait and receive user's selection
Application control strategy.
Step S714, application control strategy of the record/renewal user for the application permission.
Preferably, Fig. 8 be mobile terminal of the present invention method of controlling security in application permission control management handling process
Figure, comprises the following steps:
Step S802, when monitoring using to system sensitive authority, into step S804.
Step S804, judges whether the authority belongs to the authority controlled needed for control strategy (for example, it may be judged whether belonging to
System default control authority);If being not belonging to, step S806 is performed, if belonging to, performs step S808.
Step S806, due to the authority that authority controls needed for non-controlling strategy, therefore the use to the authority is directly put
OK, i.e. allow using above-mentioned authority.
Step S808, judge whether the application control strategy that the authority uses be present, if present perform step
S810, if the execution step S812 in the absence of if.
Step S810, the application control strategy record of the authority is obtained, and the control pipe of authority is carried out according to control strategy
Reason.
Step S812, because current entitlement is also without corresponding application control strategy record, therefore, ejection prompting frame is reminded
User's current system sensitive permission is currently being used, while hangs up current work disposal flow, and is waited and received user for this
The further selection that authority uses.
Step S814, user is received for the authority using strategy, performs step S816 and step S818.
Step S816, by user for the authority use selection (allow this/refusing this ,/always allowing/always refuses
The application control strategy that authority uses is converted into absolutely), preserves the application control strategy record value with more new system record.
Step S818, the control management used according to the selection progress authority of user.
The implementation of above-mentioned optimal technical scheme, effectively mobile phone terminal applies can based on reliability rating divided
Class, and classified according to application reliability rating to carry out the Classification Management that crucial authority uses, manufacturer can be directed to by being mainly reflected in
And/or the different demands for control of user, come the customizable and being dynamically adapted to terminal key control of authority.User is at this
The management to mobile phone terminal key sensitive permission group and control purpose can be easily realized under the support of technical scheme, can
Control effectively is managed to the security threat behavior that may be present of mobile phone terminal applies, the effective safety for ensureing mobile phone terminal
Property.
Embodiment 5
Herein below is the concrete application embodiment based on mobile phone safe control method of the present invention.Here realize to intelligent hand
Most easily by malicious intrusions and the management control function for the sensitive permission group for needing most focused protection, specific implementation control in machine terminal
Permission group include:Class of paying permission group (including sending message, calling, network traffics access control right), individual privacy letter
Cease class permission group (including accessing contact person record, Message Record, cell phone apparatus information, geographical location information), locality connection class
Permission group (including wifi connections, bluetooth connection).
It should be strongly noted that following examples use control with the authority of " untrusted application reliability rating " application
Exemplified by illustrate, the control principle and handling process that application permission uses under other reliability ratings be it is consistent, here
Repeat no more.
The present embodiment is based on following scene:Class of paying permission group is managed using control.
1) set control strategy, will send message, calling, network traffics access be added to " untrusted application reliability rating "
Need in control authority.
2) control strategy of generation payment class authority, as shown in figure 9, comprising the following steps:
Step S902, when initializing during system boot, the control plan that presets can be loaded in system specified catalogue first
Slightly configuration file.
Step S904, is controlled the dissection process of policy configuration file, and parsing obtains institute under " insincere reliability rating "
The payment class permissions list that need to be controlled.
Step S906, parsing is obtained into the required payment class permissions list controlled and recorded in internal storage data, forms control
Tactful (for example, system default control strategy).
3) the use control management for class authority of paying, as shown in Figure 10, specific handling process is as follows:
Step S1002, when monitoring using to payment class authority, perform step S1004.
Step S1004, reliability rating belonging to application is obtained, compared with control authority list under the reliability rating.
Step S1006, judges whether the authority belongs to the authority of required control defined in payment class control of authority strategy, if
Step S1008 is performed if being not belonging to, if performing step S1010 if belonging to.
Step S1008, due to the authority that authority controls needed for non-controlling strategy, therefore the use to the authority is directly put
OK.
Step S1010, judge whether the application control strategy that the payment authority uses be present, if present perform
Step S1012, if the execution step S1014 in the absence of if.
Step S1012, the application control strategy record of the payment authority is obtained, and the control of authority is carried out according to control strategy
Tubulation is managed.
Step S1014, because current entitlement is also without corresponding application control strategy record, therefore, system can be ejected and carried
Show that frame reminds user, while hang up current work disposal flow, and wait reception user to enter one for what the payment authority used
Step selection.
Step S1016, user is received for the payment authority using strategy, performs step 1018 and step S1020.
Step S1018, by user for the payment authority use selection (allow this/refusing this/always allow/
Always refuse) the application control strategy that authority uses is converted into, preserve the application control strategy record value with more new system record.
Step S1020, the payment authority use is responded according to the selection of user.
The implementation of above-mentioned payment safety management technology scheme, user can be very good the reliability rating attribute according to application,
Classification control and managing mobile phone terminal applies to payment class authority (send message, call, network traffics access etc.) make
With, can according to the actual use demand and scene of user come be adjusted flexibly using to payment class authority use control strategy.
Under the support of the technical program, user can easily realize the mesh to the class permission group management of mobile phone terminal payment and control
, the security threat behavior maliciously encroached on mobile phone terminal payment class authority can be effectively prevented, so as to be effectively guaranteed
The security of mobile phone terminal payment class authority.
Embodiment 6
The present embodiment is based on following scene:Individual privacy information class permission group is managed using control.
1) control strategy is set, Message Record, contact person record, message registration, personal geographical location information etc. will be accessed
Authority, which is added to " untrusted application reliability rating ", to be needed in control authority.
2) control strategy of individual privacy information class authority is generated, as shown in figure 11, idiographic flow is as follows:
Step S1102, when initializing during system boot, the control plan that presets can be loaded in system specified catalogue first
Slightly configuration file.
Step S1104, is controlled the dissection process of policy configuration file, and parsing obtains required under " trustless grade "
The individual privacy information class permissions list of control.
Step S1106, the individual privacy information list of access rights that parsing obtains recorded in memory data structure, shape
Into control strategy.
3) the use control management of individual privacy information class authority, as shown in figure 12, specific handling process is as follows:
Step S1202, when monitoring using to individual privacy information authority, perform step S1204.
Step S1204, reliability rating belonging to application is obtained, compared with control authority list under the reliability rating.
Step S1206, judges whether the authority belongs to required control defined in individual privacy information class control of authority strategy
Authority, if performing step S1208 if being not belonging to, if performing step S1210 if belonging to.
Step S1208, due to the authority that authority controls needed for non-controlling strategy, therefore the use to the authority is directly put
OK, i.e. allow using above-mentioned authority.
Step S1210, judge whether the application control strategy that the individual privacy information authority uses be present, if in the presence of
If perform step S1212, if performing step S1214 in the absence of if.
Step S1212, obtains the application control strategy record of the individual privacy information authority, and is carried out according to control strategy
The control management of authority.
Step S1214, because current entitlement is also without corresponding application control strategy record, therefore, system can be ejected and carried
Show that frame reminds user, while hang up current work disposal flow, and wait reception user to make for the individual privacy information authority
Further selection.
Step S1216, user is received for the payment authority using strategy, performs step S1218 and step
S1220。
Step S1218, by user for the individual privacy information authority use selection (allow this/refuse this/it is total
It is to allow/always refuse) the application control strategy that authority uses is converted into, preserve the application control strategy with more new system record
Record value.
Step S1220, the control management used according to the selection progress individual privacy information authority of user.
The implementation of above-mentioned individual privacy information safety management technology scheme, user can be very good according to trust of application etc.
Level, classification control and managing mobile phone terminal applies (access Message Record, contact person record, led to individual privacy information class authority
Words record etc.) use, can be adjusted flexibly according to the actual use demand and scene of user using to individual privacy information
Class authority uses control strategy.Under the support of the technical program, user can easily realize personal to mobile phone terminal
The rights management of privacy information class and the purpose of control, can effectively be prevented to mobile phone terminal individual privacy information class authority by malice
The security threat behavior of infringement, so as to be effectively guaranteed the security of mobile phone terminal individual privacy information authority.
Embodiment 7
The present embodiment is based on following scene:Equipment connection class permission group is managed using control.
1) control strategy is set, the authorities such as bluetooth connection, wifi connections will be used to be added to " untrusted application trust etc.
Level " is needed in control authority
2) control strategy of locality connection class authority is generated, as shown in figure 13, idiographic flow is as follows:
Step S1302, when initializing during system boot, the control plan that presets can be loaded in system specified catalogue first
Slightly configuration file.
Step S1304, is controlled the dissection process of policy configuration file, and parsing obtains required under " trustless grade "
The locality connection class permissions list of control.
Step S1306, the locality connection permissions list that parsing obtains recorded in memory data structure, form control plan
Slightly.
3) the use control management of locality connection class authority, as shown in figure 14, specific handling process is as follows:
Step S1402, when monitoring using to locality connection authority, perform step S1404.
Step S1404, reliability rating belonging to application is obtained, compared with control authority list under the reliability rating.
Step S1406, judges whether the authority belongs to the power of required control defined in locality connection class control of authority strategy
Limit, if performing step S1408 if being not belonging to, if performing step S1410 if belonging to.
Step S1408, due to the authority that authority controls needed for non-controlling strategy, therefore the use to the authority is directly put
OK, i.e. allow using above-mentioned authority.
Step S1410, judge whether the application control strategy that this locality connection authority uses be present, if existing
Words perform step S1412, if the execution step S1414 in the absence of if.
Step S1412, obtains the application control strategy record of this locality connection authority, and is weighed according to control strategy
The control management of limit.
Step S1414, because current entitlement is also without corresponding application control strategy record, therefore, ejection prompting frame carries
User's current system sensitive permission of waking up is currently being used, while hangs up current work disposal flow, and wait receive user for
The further selection that the locality connection authority uses.
Step S1416, user is received for the locality connection authority using strategy, performs step S1418 and step
S1420。
Step S1418, by use selection of the user for the locality connection authority, (allowing this ,/refusing this/always permits
Perhaps/always refuse) the application control strategy that authority uses is converted into, preserve and the application control strategy of more new system record records
Value.
Step S1420, the control management used according to the selection progress locality connection authority of user.
The implementation of above-mentioned dispensing apparatus connection safety management technology scheme, user can be very good according to trust of application etc.
Level, classification control and managing mobile phone terminal applies connect the use of class authority (wifi connections, bluetooth connection etc.) to equipment, can be with
The use control strategy that application connects class authority to equipment is adjusted flexibly according to the actual use demand of user with scene.At this
Under the support of technical scheme, user can easily realize the mesh that the management of class permission group and control are connected to mobile phone terminal device
, the security threat behavior maliciously encroached on mobile phone terminal device connection class authority can be effectively prevented, so as to effectively protect
The security of mobile phone terminal equipment connection class authority is demonstrate,proved.
Obviously, those skilled in the art should be understood that above-mentioned each module of the invention or each step can be with general
Computing device realize that they can be concentrated on single computing device, or be distributed in multiple computing devices and formed
Network on, alternatively, they can be realized with the program code that computing device can perform, it is thus possible to they are stored
Performed in the storage device by computing device, and in some cases, can be with different from shown in order execution herein
The step of going out or describing, they are either fabricated to each integrated circuit modules respectively or by multiple modules in them or
Step is fabricated to single integrated circuit module to realize.So, the present invention is not restricted to any specific hardware and software combination.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area
For art personnel, the present invention can have various modifications and variations.Within the spirit and principles of the invention, that is made any repaiies
Change, equivalent substitution, improvement etc., should be included in the scope of the protection.