CN104506563B - Access control method, access control system and the terminal of process - Google Patents

Access control method, access control system and the terminal of process Download PDF

Info

Publication number
CN104506563B
CN104506563B CN201510030232.6A CN201510030232A CN104506563B CN 104506563 B CN104506563 B CN 104506563B CN 201510030232 A CN201510030232 A CN 201510030232A CN 104506563 B CN104506563 B CN 104506563B
Authority
CN
China
Prior art keywords
operating system
switching
access control
access
processes
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510030232.6A
Other languages
Chinese (zh)
Other versions
CN104506563A (en
Inventor
黄焕荣
彭日亮
陈运哲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Original Assignee
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yulong Computer Telecommunication Scientific Shenzhen Co Ltd filed Critical Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority to CN201510030232.6A priority Critical patent/CN104506563B/en
Publication of CN104506563A publication Critical patent/CN104506563A/en
Application granted granted Critical
Publication of CN104506563B publication Critical patent/CN104506563B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4812Task transfer initiation or dispatching by interrupt, e.g. masked
    • G06F9/4831Task transfer initiation or dispatching by interrupt, e.g. masked with variable priority

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present invention provides a kind of access control method of process, a kind of access control system of process and a kind of terminals, wherein the access control method of process, including:Acquisition will operate in switching command of the first process switching in first operating system to second operating system;According to the switching command by first process switching to second operating system;Other processes in second operating system and the access control process between first process are controlled according to the security level of first operating system and second operating system.Technical solution through the invention, the access rights between multiple processes can be determined according to the security level of operating system, it need not be accessed authority setting to each process and data information by user, it can guarantee the safety and system stability of the specified resource of each process, the user experience is improved.

Description

Access control method, access control system and the terminal of process
Technical field
The present invention relates to control technology field, in particular to a kind of access control method of process, a kind of process Access control system and a kind of terminal.
Background technology
In the related art, in order to enhance the experience of user, manufacturer terminal has carried out multiple system compatibles in same terminal Technology so that terminal user according to individual needs and operating habit come selection operation system, and in order to enhance safety, Cryptographic authorization functions are set in operating system handoff procedure, but after system switching, the encryption side of the data information in process Formula and security level all do not change, therefore the only simplification of mode of operation, the access process of data information do not change Become, in addition, after the switching of every subsystem, be required for accessing authority setting to each process and data information by user, The access rights of data information could be changed, therefore waste the more energy and time of user.
Therefore, the access control scheme for how improving process makes the access process of the process of multiple operating systems safer Become technical problem urgently to be resolved hurrily with convenient.
Invention content
The present invention is based at least one above-mentioned technical problem, it is proposed that a kind of access control scheme of new process and A kind of terminal can switched by the judgement of the security level to the first operating system and the second operating system for process During operating system, the relevant specified resource of the higher process of security level is protected and is isolated, in addition, user is setting After the switching standards for determining process, the effect of intelligent switching and access may be implemented in process, is carried out every time without user numerous Trivial handover operation.
In view of this, the present invention proposes a kind of access control method of process, including:Acquisition will operate in described first The first process switching in operating system to second operating system switching command;According to the switching command by institute The first process switching is stated to second operating system;According to first operating system and second operating system Security level controls other processes in second operating system and the access control process between first process.
It in the technical scheme, can be with by the judgement of the security level to the first operating system and the second operating system For process during switching operating system, to the relevant specified resource of the higher process of security level carry out protection and every From, in addition, user is after the switching standards of setting process, the effect of intelligent switching and access may be implemented in process, without Wanting user to carry out every time, cumbersome handover operation mode of operation is more easy, and the user experience is improved.
Wherein, the first operating system can be the security system of terminal, and the second operating system can be the general department of terminal System.
In the above-mentioned technical solutions, it is preferable that according to the switching command by first process switching to described It is gone back before two operating systems, including step in detail below:If the security level of first operating system is higher than described the The security level of two operating systems, then a pair specified resource associated with first process be encrypted.
In the technical scheme, the security level of the first operating system be higher than the second security system when, by pair and institute It states the associated specified resource of the first process to be encrypted, ensure that the first process switching to the second behaviour of high safety system When making to run in system, encipherment protection can be obtained with the relevant specified resource of the first process, to prevent in the second operating system Other processes steal specified resource, or cause the collapse of the first process, wherein specified resource includes the first process using number According to read-write data resources such as, code data and associated datas.
In the above-mentioned technical solutions, it is preferable that then place is encrypted in a pair specified resource associated with first process Reason, including step in detail below:Judge whether first process includes private data;Judging that first process includes institute When stating private data, it is encrypted using the private data as the specified resource.
In the technical scheme, it is encrypted by the private data to the first process, it is ensured that with the first process When switching to the other operating system of low level security, private data will not be accessed or be stolen by the other process of low level security, to ensure The data safety of first process, wherein private data include encrypted message, account information, private image information and including use The information of the keyword of family setting.
In the above-mentioned technical solutions, it is preferable that other processes in second operating system are to first process Access control process, including step in detail below:Other processes in getting second operating system are to described first When the access request of process, if first process includes the private data, allow after the confirmation instruction for obtaining user Other described processes access to first process;If first process does not include the private data, forbid institute Other processes are stated to access to first process.
In the technical scheme, other processes are controlled to first including private data by being instructed according to the confirmation of user Process accesses, and has further assured that the protection of the private data of the first process, and is set according to the use demand of user Other processes in second operating system further increase the usage experience of user to the access rights of private data.
In the above-mentioned technical solutions, it is preferable that by first process switching to second operating system it Afterwards, further include:If the security level of first operating system is higher than the security level of second operating system, institute is stored Other processes stated in the second operating system record the access of first process.
In the technical scheme, it is stored by the access of the first process to high security level record, as first The identification record that low level security system is switched to from high-level security system of process can accurately provide follow-up handover operation Or the basis for estimation of access control operation.
Specifically, when the first operating system is security system, and the second operating system is conventional system, for the first time from process Switching operating system rises, and process switches to conventional system from security system, then the access record of storage process, and in conventional system After switching to security system, the foundation that record is handover operation is accessed, if process does not include accessing record, process is initially subordinate to In conventional system, if process includes accessing to record, process is initially under the jurisdiction of security level, therefore, by switching several times After record, still it can determine whether the process belongs to security system or conventional system according to accessing to record.
In the above-mentioned technical solutions, it is preferable that further include:Obtain the second process operated in second operating system Switch to the switching command of first operating system;According to the switching command by second process switching to described First operating system, and judge whether second process is stored with the access record;Judging second process When not storing the access record, second process is forbidden to access other processes in first operating system.
In the technical scheme, by whether storing access record to the second process to control the operation of the second process pair first The access control process of other processes in system accurately controls the visit of other processes in second the first operating system of process pair Ask process.
Specifically, when the first operating system is security system, and the second operating system is conventional system, for the first time from process Switching operating system rises, and process switches to conventional system from security system, then the access record of storage process, and in conventional system After switching to security system, the foundation that record is handover operation is accessed, if process does not include accessing record, process is initially subordinate to In conventional system, if process includes accessing to record, process is initially under the jurisdiction of security level, therefore, in process by conventional system When switching to security system, if process does not include accessing record, the process is forbidden to carry out other processes in security system It accesses, to ensure the data safety of other processes in security system.
According to another aspect of the present invention, it is also proposed that a kind of access control system of process, including:Acquiring unit is used The switching of the first process switching to second operating system that operate in first operating system is referred in obtaining It enables;Switch unit, for according to the switching command by first process switching to second operating system;Control Unit, for controlling second operating system according to the security level of first operating system and second operating system In other processes and first process between access control process.
It in the technical scheme, can be with by the judgement of the security level to the first operating system and the second operating system For process during switching operating system, to the relevant specified resource of the higher process of security level carry out protection and every From, in addition, user is after the switching standards of setting process, the effect of intelligent switching and access may be implemented in process, without Wanting user to carry out every time, cumbersome handover operation mode of operation is more easy, and the user experience is improved.
Wherein, the first operating system can be the security system of terminal, and the second operating system can be the general department of terminal System.
In the above-mentioned technical solutions, it is preferable that including step in detail below:Encryption unit, if being operated for described first The security level of system is higher than the security level of second operating system, then pair specified money associated with first process Source is encrypted.
In the technical scheme, the security level of the first operating system be higher than the second security system when, by pair and institute It states the associated specified resource of the first process to be encrypted, ensure that the first process switching to the second behaviour of high safety system When making to run in system, encipherment protection can be obtained with the relevant specified resource of the first process, to prevent in the second operating system Other processes steal specified resource, or cause the collapse of the first process, wherein specified resource includes the first process using number According to read-write data resources such as, code data and associated datas.
In the above-mentioned technical solutions, it is preferable that further include:Judging unit, for judge first process whether include Private data;The encryption unit is additionally operable to, when it includes the private data to judge first process, with the secret number It is encrypted according to as the specified resource.
In the technical scheme, it is encrypted by the private data to the first process, it is ensured that with the first process When switching to the other operating system of low level security, private data will not be accessed or be stolen by the other process of low level security, to ensure The data safety of first process, wherein private data include encrypted message, account information, private image information and including use The information of the keyword of family setting.
In the above-mentioned technical solutions, it is preferable that described control unit is additionally operable to, in getting second operating system Other processes to the access request of first process when, if first process includes the private data, obtaining Other described processes are allowed to access first process after the confirmation instruction of user;And if being used for first process Do not include the private data, then other described processes is forbidden to access first process.
In the technical scheme, other processes are controlled to first including private data by being instructed according to the confirmation of user Process accesses, and has further assured that the protection of the private data of the first process, and is set according to the use demand of user Other processes in second operating system further increase the usage experience of user to the access rights of private data.
In the above-mentioned technical solutions, it is preferable that further include:Storage unit, if the safety for first operating system It is superior to the security level of second operating system, then stores other processes in second operating system to described The access of one process records.
In the technical scheme, it is stored by the access of the first process to high security level record, as first The identification record that low level security system is switched to from high-level security system of process can accurately provide follow-up handover operation Or the basis for estimation of access control operation.
Specifically, when the first operating system is security system, and the second operating system is conventional system, for the first time from process Switching operating system rises, and process switches to conventional system from security system, then the access record of storage process, and in conventional system After switching to security system, the foundation that record is handover operation is accessed, if process does not include accessing record, process is initially subordinate to In conventional system, if process includes accessing to record, process is initially under the jurisdiction of security level, therefore, by switching several times After record, still it can determine whether the process belongs to security system or conventional system according to accessing to record.
In the above-mentioned technical solutions, it is preferable that the acquiring unit is additionally operable to, and acquisition operates in second operating system On the second process switching to first operating system switching command;The judging unit is additionally operable to, according to described Second process switching to first operating system, and is judged whether second process is stored with by switching command The access record;Described control unit is additionally operable to, and when judging that second process does not store the access record, forbids institute The second process is stated to access to other processes in first operating system.
In the technical scheme, by whether storing access record to the second process to control the operation of the second process pair first The access control process of other processes in system accurately controls the visit of other processes in second the first operating system of process pair Ask process.
Specifically, when the first operating system is security system, and the second operating system is conventional system, for the first time from process Switching operating system rises, and process switches to conventional system from security system, then the access record of storage process, and in conventional system After switching to security system, the foundation that record is handover operation is accessed, if process does not include accessing record, process is initially subordinate to In conventional system, if process includes accessing to record, process is initially under the jurisdiction of security level, therefore, in process by conventional system When switching to security system, if process does not include accessing record, the process is forbidden to carry out other processes in security system It accesses, to ensure the data safety of other processes in security system.
According to the third aspect of the invention we, it is also proposed that a kind of terminal, including:As described in any of the above-described technical solution The access control system of process.
Pass through above technical scheme, it is proposed that a kind of access control scheme of new process and a kind of terminal, by The judgement of the security level of one operating system and the second operating system can be directed to process during switching operating system, right The relevant specified resource of the higher process of security level is protected and is isolated, in addition, switching standards of the user in setting process Afterwards, the effect of intelligent switching and access may be implemented in process, carries out cumbersome handover operation operation every time without user Mode is more easy, and the user experience is improved.
Description of the drawings
Fig. 1 shows the schematic flow diagram of the access control method of process according to an embodiment of the invention;
Fig. 2 shows the schematic block diagrams of the access control system of process according to an embodiment of the invention;
Fig. 3 shows the schematic flow diagram of the access control method of process according to another embodiment of the invention;
Fig. 4 shows the schematic diagram at the access control interface of process according to another embodiment of the invention;
Fig. 5 shows the schematic flow diagram of the access control method of process according to another embodiment of the invention;
Fig. 6 shows the schematic flow diagram of the access control method of process according to still a further embodiment;
Fig. 7 shows the schematic flow diagram of the access control method of process according to another embodiment of the invention;
Fig. 8 shows the schematic diagram at the access control interface of process according to another embodiment of the invention.
Specific implementation mode
To better understand the objects, features and advantages of the present invention, below in conjunction with the accompanying drawings and specific real Mode is applied the present invention is further described in detail.It should be noted that in the absence of conflict, the implementation of the application Feature in example and embodiment can be combined with each other.
Many details are elaborated in the following description to facilitate a thorough understanding of the present invention, still, the present invention may be used also To be implemented different from other modes described here using other, therefore, protection scope of the present invention is not by described below Specific embodiment limitation.
Fig. 1 shows the schematic flow diagram of the access control method of process according to an embodiment of the invention.
As shown in Figure 1, the access control method of process according to an embodiment of the invention, including:Step 102, institute The first process switching in the first operating system is stated to the switching command of second operating system;Step 104, instruction will First process switching is to second operating system;Step 106, the peace of operating system and second operating system Full rank controls other processes in second operating system and the access control process between first process.
It in the technical scheme, can be with by the judgement of the security level to the first operating system and the second operating system For process during switching operating system, to the relevant specified resource of the higher process of security level carry out protection and every From, in addition, user is after the switching standards of setting process, the effect of intelligent switching and access may be implemented in process, without Wanting user to carry out every time, cumbersome handover operation mode of operation is more easy, and the user experience is improved.
Wherein, the first operating system can be the security system of terminal, and the second operating system can be the general department of terminal System.
In the above-mentioned technical solutions, it is preferable that according to the switching command by first process switching to described It is gone back before two operating systems, including step in detail below:If the security level of first operating system is higher than described the The security level of two operating systems, then a pair specified resource associated with first process be encrypted.
In the technical scheme, the security level of the first operating system be higher than the second security system when, by pair and institute It states the associated specified resource of the first process to be encrypted, ensure that the first process switching to the second behaviour of high safety system When making to run in system, encipherment protection can be obtained with the relevant specified resource of the first process, to prevent in the second operating system Other processes steal specified resource, or cause the collapse of the first process, wherein specified resource includes the first process using number According to read-write data resources such as, code data and associated datas.
In the above-mentioned technical solutions, it is preferable that then place is encrypted in a pair specified resource associated with first process Reason, including step in detail below:Judge whether first process includes private data;Judging that first process includes institute When stating private data, it is encrypted using the private data as the specified resource.
In the technical scheme, it is encrypted by the private data to the first process, it is ensured that with the first process When switching to the other operating system of low level security, private data will not be accessed or be stolen by the other process of low level security, to ensure The data safety of first process, wherein private data include encrypted message, account information, private image information and including use The information of the keyword of family setting.
In the above-mentioned technical solutions, it is preferable that other processes in second operating system are to first process Access control process, including step in detail below:Other processes in getting second operating system are to described first When the access request of process, if first process includes the private data, allow after the confirmation instruction for obtaining user Other described processes access to first process;If first process does not include the private data, forbid institute Other processes are stated to access to first process.
In the technical scheme, other processes are controlled to first including private data by being instructed according to the confirmation of user Process accesses, and has further assured that the protection of the private data of the first process, and is set according to the use demand of user Other processes in second operating system further increase the usage experience of user to the access rights of private data.
In the above-mentioned technical solutions, it is preferable that by first process switching to second operating system it Afterwards, further include:If the security level of first operating system is higher than the security level of second operating system, institute is stored Other processes stated in the second operating system record the access of first process.
In the technical scheme, it is stored by the access of the first process to high security level record, as first The identification record that low level security system is switched to from high-level security system of process can accurately provide follow-up handover operation Or the basis for estimation of access control operation.
Specifically, when the first operating system is security system, and the second operating system is conventional system, for the first time from process Switching operating system rises, and process switches to conventional system from security system, then the access record of storage process, and in conventional system After switching to security system, the foundation that record is handover operation is accessed, if process does not include accessing record, process is initially subordinate to In conventional system, if process includes accessing to record, process is initially under the jurisdiction of security level, therefore, by switching several times After record, still it can determine whether the process belongs to security system or conventional system according to accessing to record.
In the above-mentioned technical solutions, it is preferable that further include:Obtain the second process operated in second operating system Switch to the switching command of first operating system;According to the switching command by second process switching to described First operating system, and judge whether second process is stored with the access record;Judging second process When not storing the access record, second process is forbidden to access other processes in first operating system.
In the technical scheme, by whether storing access record to the second process to control the operation of the second process pair first The access control process of other processes in system accurately controls the visit of other processes in second the first operating system of process pair Ask process.
Specifically, when the first operating system is security system, and the second operating system is conventional system, for the first time from process Switching operating system rises, and process switches to conventional system from security system, then the access record of storage process, and in conventional system After switching to security system, the foundation that record is handover operation is accessed, if process does not include accessing record, process is initially subordinate to In conventional system, if process includes accessing to record, process is initially under the jurisdiction of security level, therefore, in process by conventional system When switching to security system, if process does not include accessing record, the process is forbidden to carry out other processes in security system It accesses, to ensure the data safety of other processes in security system.
Fig. 2 shows the schematic block diagrams of the access control system of process according to an embodiment of the invention.
As shown in Fig. 2, the access control system 200 of process according to an embodiment of the invention, including:Acquiring unit 202, the first process switching in first operating system will be operated in second operating system for obtaining Switching command;Switch unit 204, for according to the switching command by first process switching to second operating system Operation;Control unit 206, for according to described in the control of the security level of first operating system and second operating system The access control process between other processes and first process in second operating system.
It in the technical scheme, can be with by the judgement of the security level to the first operating system and the second operating system For process during switching operating system, to the relevant specified resource of the higher process of security level carry out protection and every From, in addition, user is after the switching standards of setting process, the effect of intelligent switching and access may be implemented in process, without Wanting user to carry out every time, cumbersome handover operation mode of operation is more easy, and the user experience is improved.
Wherein, the first operating system can be the security system of terminal, and the second operating system can be the general department of terminal System.
In the above-mentioned technical solutions, it is preferable that including step in detail below:Encryption unit 208, if being grasped for described first The security level for making system is higher than the security level of second operating system, then pair associated with first process to specify Resource is encrypted.
In the technical scheme, the security level of the first operating system be higher than the second security system when, by pair and institute It states the associated specified resource of the first process to be encrypted, ensure that the first process switching to the second behaviour of high safety system When making to run in system, encipherment protection can be obtained with the relevant specified resource of the first process, to prevent in the second operating system Other processes steal specified resource, or cause the collapse of the first process, wherein specified resource includes the first process using number According to read-write data resources such as, code data and associated datas.
In the above-mentioned technical solutions, it is preferable that further include:Judging unit 210, for judging whether first process wraps Include private data;The encryption unit 208 is additionally operable to, when it includes the private data to judge first process, with described Private data is encrypted as the specified resource.
In the technical scheme, it is encrypted by the private data to the first process, it is ensured that with the first process When switching to the other operating system of low level security, private data will not be accessed or be stolen by the other process of low level security, to ensure The data safety of first process, wherein private data include encrypted message, account information, private image information and including use The information of the keyword of family setting.
In the above-mentioned technical solutions, it is preferable that described control unit 212 is additionally operable to, and is getting second operation system When other processes in system are to the access request of first process, if first process includes the private data, Other described processes are allowed to access first process after obtaining the confirmation instruction of user;And if being used for described first Process does not include the private data, then other described processes is forbidden to access first process.
In the technical scheme, other processes are controlled to first including private data by being instructed according to the confirmation of user Process accesses, and has further assured that the protection of the private data of the first process, and is set according to the use demand of user Other processes in second operating system further increase the usage experience of user to the access rights of private data.
In the above-mentioned technical solutions, it is preferable that further include:Storage unit 212, if the peace for first operating system It is superior to the security level of second operating system entirely, then stores other processes in second operating system to described The access of first process records.
In the technical scheme, it is stored by the access of the first process to high security level record, as first The identification record that low level security system is switched to from high-level security system of process can accurately provide follow-up handover operation Or the basis for estimation of access control operation.
Specifically, when the first operating system is security system, and the second operating system is conventional system, for the first time from process Switching operating system rises, and process switches to conventional system from security system, then the access record of storage process, and in conventional system After switching to security system, the foundation that record is handover operation is accessed, if process does not include accessing record, process is initially subordinate to In conventional system, if process includes accessing to record, process is initially under the jurisdiction of security level, therefore, by switching several times After record, still it can determine whether the process belongs to security system or conventional system according to accessing to record.
In the above-mentioned technical solutions, it is preferable that the acquiring unit 202 is additionally operable to, and acquisition operates in second operation The second process switching in system to first operating system switching command;The judging unit 210 is additionally operable to, root According to the switching command by second process switching to first operating system, and whether judge second process It is stored with the access record;Described control unit 206 is additionally operable to, and the access record is not stored in judgement second process When, forbid second process to access other processes in first operating system.
In the technical scheme, by whether storing access record to the second process to control the operation of the second process pair first The access control process of other processes in system accurately controls the visit of other processes in second the first operating system of process pair Ask process.
Specifically, when the first operating system is security system, and the second operating system is conventional system, for the first time from process Switching operating system rises, and process switches to conventional system from security system, then the access record of storage process, and in conventional system After switching to security system, the foundation that record is handover operation is accessed, if process does not include accessing record, process is initially subordinate to In conventional system, if process includes accessing to record, process is initially under the jurisdiction of security level, therefore, in process by conventional system When switching to security system, if process does not include accessing record, the process is forbidden to carry out other processes in security system It accesses, to ensure the data safety of other processes in security system.
To sum up, switching at runtime of the process between multiple operating systems can be arranged in user, specifically include following several sides Formula:
(1) when terminal power is less than default electricity (such as 20% electricity), user can be reminded high power consumption operating system All process switchings to low power consumption operating system in run.
(2) in multiple operating systems, the memory occupied in each process operational process is counted, committed memory is more It is run in process switching to the higher operating system of operational efficiency, to keep the operation of process smooth.
(3) when any operation system crash in multiple operating systems or ossified, automatically will be under this operating system it is all In process switching to another operating system, to ensure the normal and reliability of above-mentioned process, meanwhile, collapse or ossified again After operating system, above-mentioned process can be automatically switched to return.
In conjunction with Fig. 3 to Fig. 5, the process that conventional system is switched to security system illustrates.
As shown in figure 3, the flow diagram of conventional system is switched to for security system, including:Step 302, conventional system Switch to security system;Step 304, process A is transformed into A1 and is running;Step 306, process B accesses to A1;Step 308, Encryption information is determined whether, if so, 310 are thened follow the steps, if it is not, thening follow the steps 312;Step 310, user's prompt (carries Show that interface is as shown in Figure 5);Step 312, the access for accessing and recording B to A1;Step 314, it determines whether to access, if so, 312 are thened follow the steps, if it is not, then terminating.
As shown in figure 4, the sequence of security level is carried out to the data information in A processes, as A contains the sensitive letter of unencryption Breath then automatic encryption, and check the access record of A processes, it then converts to the process of conventional system.
In conjunction with Fig. 6 to Fig. 8, the process that conventional system is switched to security system illustrates.
As shown in fig. 6, the flow diagram of conventional system is switched to for security system, including:Step 602, security system Switch to conventional system;Step 604, process B is transformed into A1 and is running;Step 606, process B accesses to B1;Step 608, Access record is judged whether there is, if so, 610 are thened follow the steps, if it is not, thening follow the steps 612;Step 610, access record is checked (checking that interface is as shown in Figure 8);Step 612, the security level of B1 processes is limited;Step 414, judge whether to be related to safety, if It is to then follow the steps 612, if it is not, then terminating.
As shown in fig. 7, the information etc. of account involved in process B, password, keyword belongs to high security level, ordinary file Read-write belong to medium security level, the reading of ordinary file belongs to low security level.
Technical scheme of the present invention is described in detail above in association with attached drawing, it is contemplated that how to improve the access control side of process The technical problem that case makes the access process of data information safer and convenient.Therefore, the present invention proposes a kind of new process Access control scheme and a kind of terminal, by according to the security level of the security level of the first system, second system, it is described plus The security level of confidential information and access record information handle the cipher mode and access rights of the encryption information, And determine whether other described processes can access the data according to the cipher mode of the encryption information and access rights Information, improves the safety of the accessed data information of process, while also increasing and the sensitive information of unencryption is encrypted Function, and mode of operation is more easy, process can be determined to the data information according to the security level of switching system Access rights, therefore need not be required for accessing to each process and data information by user after the switching of every subsystem Authority setting, the user experience is improved.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, any made by repair Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.

Claims (9)

1. a kind of access control method of process, is suitable for terminal, the terminal operating has the first operating system and the second operation System, which is characterized in that the access control method includes:
Acquisition will operate in switching of the first process switching in first operating system to second operating system Instruction;
According to the switching command by first process switching to second operating system;
It is controlled in second operating system according to the security level of first operating system and second operating system Access control process between other processes and first process,
If the security level of first operating system is higher than the security level of second operating system, described second is stored Other processes in operating system record the access of first process;
The switching for obtaining the second process switching to first operating system that operate in second operating system refers to It enables;
According to the second process switching the cutting to first operating system operated in second operating system Instruction is changed, by second process switching to first operating system, and judges whether second process is stored with The access record;
When judging that second process does not store the access record, forbid second process to first operating system In other processes access.
2. the access control method of process according to claim 1, which is characterized in that according to the switching command by institute It is gone back before stating the first process switching to second operating system, including step in detail below:
If the security level of first operating system is higher than the security level of second operating system, pair with described first The associated specified resource of process is encrypted.
3. the access control method of process according to claim 2, which is characterized in that then pair related to first process The specified resource of connection is encrypted, including step in detail below:
Judge whether first process includes private data;
When it includes the private data to judge first process, added using the private data as the specified resource Close processing.
4. the access control method of process according to claim 3, which is characterized in that its in second operating system His process is to the access control process of first process, including step in detail below:
In access request of other processes in getting second operating system to first process, if described first Process includes the private data, then allow after the confirmation instruction for obtaining user other described processes to first process into Row accesses;
If first process does not include the private data, other described processes is forbidden to visit first process It asks.
5. a kind of access control system of process, is suitable for terminal, the terminal operating has the first operating system and the second operation System, which is characterized in that the access control system includes:
Acquiring unit will operate in the first process switching in first operating system to second operation system for obtaining The switching command of system operation;
Switch unit, for according to the switching command by first process switching to second operating system;
Control unit, for controlling described second according to the security level of first operating system and second operating system The access control process between other processes and first process in operating system;
Storage unit, if being higher than the security level of second operating system for the security level of first operating system, Other processes then stored in second operating system record the access of first process;
The acquiring unit is additionally operable to:Acquisition operates in the second process switching in second operating system to first behaviour Make the switching command of system operation;
Judging unit is used for:According to second process switching operated in second operating system to first operation The switching command of system operation, by second process switching to first operating system, and judge described second into Whether journey is stored with the access record;
Described control unit is additionally operable to:When judging that second process does not store accesss and records, forbid described second into Journey accesses to other processes in first operating system.
6. the access control system of process according to claim 5, which is characterized in that including step in detail below:
Encryption unit, if being higher than the security level of second operating system for the security level of first operating system, Then a pair specified resource associated with first process is encrypted.
7. the access control system of process according to claim 6, which is characterized in that further include:
The judging unit is additionally operable to judge whether first process includes private data;
The encryption unit is additionally operable to, and when it includes the private data to judge first process, is made with the private data It is encrypted for the specified resource.
8. the access control system of process according to claim 7, which is characterized in that described control unit is additionally operable to, When getting the access request of other processes in second operating system to first process, if the first process packet The private data is included, then allows other described processes to visit first process after the confirmation instruction for obtaining user It asks;And
If not including the private data for first process, other described processes is forbidden to carry out first process It accesses.
9. a kind of terminal, which is characterized in that including:The access control system of process as described in any one of claim 5 to 8 System.
CN201510030232.6A 2015-01-20 2015-01-20 Access control method, access control system and the terminal of process Active CN104506563B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510030232.6A CN104506563B (en) 2015-01-20 2015-01-20 Access control method, access control system and the terminal of process

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510030232.6A CN104506563B (en) 2015-01-20 2015-01-20 Access control method, access control system and the terminal of process

Publications (2)

Publication Number Publication Date
CN104506563A CN104506563A (en) 2015-04-08
CN104506563B true CN104506563B (en) 2018-09-07

Family

ID=52948278

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510030232.6A Active CN104506563B (en) 2015-01-20 2015-01-20 Access control method, access control system and the terminal of process

Country Status (1)

Country Link
CN (1) CN104506563B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106485098B (en) * 2015-08-26 2019-08-02 北京安云世纪科技有限公司 Application program encryption method, application program encryption device and terminal
CN105046156B (en) * 2015-08-26 2018-05-08 北京元心科技有限公司 Intelligent terminal and its equipment access right control method
CN105260664B (en) * 2015-09-24 2018-05-15 宇龙计算机通信科技(深圳)有限公司 Method for security protection and terminal are applied between a kind of multisystem
CN106774794A (en) * 2016-11-30 2017-05-31 宇龙计算机通信科技(深圳)有限公司 The processing method and processing device of terminal traffic
CN108154037B (en) * 2016-12-05 2020-08-11 中国石油天然气股份有限公司 Inter-process data transmission method and device
CN110046043A (en) * 2018-01-15 2019-07-23 比特大陆科技有限公司 System switching method, device and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1606307A (en) * 2004-11-15 2005-04-13 南京大学 Network forced access control method based on safe operating system
CN101409719A (en) * 2007-10-08 2009-04-15 联想(北京)有限公司 Method and client terminal for implementing network safety payment
CN102402820A (en) * 2010-09-13 2012-04-04 中国移动通信有限公司 Electronic transaction method and terminal equipment
CN102420911A (en) * 2011-12-31 2012-04-18 深圳市金立通信设备有限公司 Switching device and switching method for dual systems of smart phone

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4072271B2 (en) * 1999-02-19 2008-04-09 株式会社日立製作所 A computer running multiple operating systems

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1606307A (en) * 2004-11-15 2005-04-13 南京大学 Network forced access control method based on safe operating system
CN101409719A (en) * 2007-10-08 2009-04-15 联想(北京)有限公司 Method and client terminal for implementing network safety payment
CN102402820A (en) * 2010-09-13 2012-04-04 中国移动通信有限公司 Electronic transaction method and terminal equipment
CN102420911A (en) * 2011-12-31 2012-04-18 深圳市金立通信设备有限公司 Switching device and switching method for dual systems of smart phone

Also Published As

Publication number Publication date
CN104506563A (en) 2015-04-08

Similar Documents

Publication Publication Date Title
CN104506563B (en) Access control method, access control system and the terminal of process
CN111835689B (en) Identity authentication method of digital key, terminal device and medium
CN111723383B (en) Data storage and verification method and device
CN104657671B (en) The access authority management method and system of movable storage device
US10979450B2 (en) Method and system for blocking phishing or ransomware attack
CN104091135A (en) Intelligent terminal safety system and safety storage method
CN102624699A (en) Method and system for protecting data
CN102880820A (en) Method for accessing application program of mobile terminal and mobile terminal
CN102257483A (en) Managing access to an address range in a storage device
CN105631293A (en) Data access method, data access system and terminal
CN104268470B (en) Method of controlling security and safety control
JPH05334253A (en) Method for utilizing information processing workstation with password and information processing workstation utilizing the method
CN107679421A (en) A kind of movable memory apparatus monitoring means of defence and system
CN110414198A (en) A kind of privacy application guard method, device and computer readable storage medium
CN104363093B (en) The method encrypted by dynamic authorization code to file data
CN103473512B (en) A kind of mobile memory medium management method and device
CN104883341B (en) Application management device, terminal and application management method
CN101673248B (en) Storage system, controller and data protection method
CN114266071A (en) Access right control method, device, equipment and medium
CN101320355A (en) Memory device, storing card access apparatus and its read-write method
CN102298679B (en) BIOS (Basic Input/ Output System) authentication method based on USB (Universal Serial Bus) key
CN114244568A (en) Security access control method, device and equipment based on terminal access behavior
CN112070940B (en) Access control authorization method, access control release method, device, access control controller and medium
CN112312400A (en) Access control method, access controller and storage medium
CN102902633B (en) Remote encryption system and remote encryption method for solid-state disk

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant