CN104506563B - Access control method, access control system and the terminal of process - Google Patents
Access control method, access control system and the terminal of process Download PDFInfo
- Publication number
- CN104506563B CN104506563B CN201510030232.6A CN201510030232A CN104506563B CN 104506563 B CN104506563 B CN 104506563B CN 201510030232 A CN201510030232 A CN 201510030232A CN 104506563 B CN104506563 B CN 104506563B
- Authority
- CN
- China
- Prior art keywords
- operating system
- switching
- access control
- access
- processes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/48—Program initiating; Program switching, e.g. by interrupt
- G06F9/4806—Task transfer initiation or dispatching
- G06F9/4812—Task transfer initiation or dispatching by interrupt, e.g. masked
- G06F9/4831—Task transfer initiation or dispatching by interrupt, e.g. masked with variable priority
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The present invention provides a kind of access control method of process, a kind of access control system of process and a kind of terminals, wherein the access control method of process, including:Acquisition will operate in switching command of the first process switching in first operating system to second operating system;According to the switching command by first process switching to second operating system;Other processes in second operating system and the access control process between first process are controlled according to the security level of first operating system and second operating system.Technical solution through the invention, the access rights between multiple processes can be determined according to the security level of operating system, it need not be accessed authority setting to each process and data information by user, it can guarantee the safety and system stability of the specified resource of each process, the user experience is improved.
Description
Technical field
The present invention relates to control technology field, in particular to a kind of access control method of process, a kind of process
Access control system and a kind of terminal.
Background technology
In the related art, in order to enhance the experience of user, manufacturer terminal has carried out multiple system compatibles in same terminal
Technology so that terminal user according to individual needs and operating habit come selection operation system, and in order to enhance safety,
Cryptographic authorization functions are set in operating system handoff procedure, but after system switching, the encryption side of the data information in process
Formula and security level all do not change, therefore the only simplification of mode of operation, the access process of data information do not change
Become, in addition, after the switching of every subsystem, be required for accessing authority setting to each process and data information by user,
The access rights of data information could be changed, therefore waste the more energy and time of user.
Therefore, the access control scheme for how improving process makes the access process of the process of multiple operating systems safer
Become technical problem urgently to be resolved hurrily with convenient.
Invention content
The present invention is based at least one above-mentioned technical problem, it is proposed that a kind of access control scheme of new process and
A kind of terminal can switched by the judgement of the security level to the first operating system and the second operating system for process
During operating system, the relevant specified resource of the higher process of security level is protected and is isolated, in addition, user is setting
After the switching standards for determining process, the effect of intelligent switching and access may be implemented in process, is carried out every time without user numerous
Trivial handover operation.
In view of this, the present invention proposes a kind of access control method of process, including:Acquisition will operate in described first
The first process switching in operating system to second operating system switching command;According to the switching command by institute
The first process switching is stated to second operating system;According to first operating system and second operating system
Security level controls other processes in second operating system and the access control process between first process.
It in the technical scheme, can be with by the judgement of the security level to the first operating system and the second operating system
For process during switching operating system, to the relevant specified resource of the higher process of security level carry out protection and every
From, in addition, user is after the switching standards of setting process, the effect of intelligent switching and access may be implemented in process, without
Wanting user to carry out every time, cumbersome handover operation mode of operation is more easy, and the user experience is improved.
Wherein, the first operating system can be the security system of terminal, and the second operating system can be the general department of terminal
System.
In the above-mentioned technical solutions, it is preferable that according to the switching command by first process switching to described
It is gone back before two operating systems, including step in detail below:If the security level of first operating system is higher than described the
The security level of two operating systems, then a pair specified resource associated with first process be encrypted.
In the technical scheme, the security level of the first operating system be higher than the second security system when, by pair and institute
It states the associated specified resource of the first process to be encrypted, ensure that the first process switching to the second behaviour of high safety system
When making to run in system, encipherment protection can be obtained with the relevant specified resource of the first process, to prevent in the second operating system
Other processes steal specified resource, or cause the collapse of the first process, wherein specified resource includes the first process using number
According to read-write data resources such as, code data and associated datas.
In the above-mentioned technical solutions, it is preferable that then place is encrypted in a pair specified resource associated with first process
Reason, including step in detail below:Judge whether first process includes private data;Judging that first process includes institute
When stating private data, it is encrypted using the private data as the specified resource.
In the technical scheme, it is encrypted by the private data to the first process, it is ensured that with the first process
When switching to the other operating system of low level security, private data will not be accessed or be stolen by the other process of low level security, to ensure
The data safety of first process, wherein private data include encrypted message, account information, private image information and including use
The information of the keyword of family setting.
In the above-mentioned technical solutions, it is preferable that other processes in second operating system are to first process
Access control process, including step in detail below:Other processes in getting second operating system are to described first
When the access request of process, if first process includes the private data, allow after the confirmation instruction for obtaining user
Other described processes access to first process;If first process does not include the private data, forbid institute
Other processes are stated to access to first process.
In the technical scheme, other processes are controlled to first including private data by being instructed according to the confirmation of user
Process accesses, and has further assured that the protection of the private data of the first process, and is set according to the use demand of user
Other processes in second operating system further increase the usage experience of user to the access rights of private data.
In the above-mentioned technical solutions, it is preferable that by first process switching to second operating system it
Afterwards, further include:If the security level of first operating system is higher than the security level of second operating system, institute is stored
Other processes stated in the second operating system record the access of first process.
In the technical scheme, it is stored by the access of the first process to high security level record, as first
The identification record that low level security system is switched to from high-level security system of process can accurately provide follow-up handover operation
Or the basis for estimation of access control operation.
Specifically, when the first operating system is security system, and the second operating system is conventional system, for the first time from process
Switching operating system rises, and process switches to conventional system from security system, then the access record of storage process, and in conventional system
After switching to security system, the foundation that record is handover operation is accessed, if process does not include accessing record, process is initially subordinate to
In conventional system, if process includes accessing to record, process is initially under the jurisdiction of security level, therefore, by switching several times
After record, still it can determine whether the process belongs to security system or conventional system according to accessing to record.
In the above-mentioned technical solutions, it is preferable that further include:Obtain the second process operated in second operating system
Switch to the switching command of first operating system;According to the switching command by second process switching to described
First operating system, and judge whether second process is stored with the access record;Judging second process
When not storing the access record, second process is forbidden to access other processes in first operating system.
In the technical scheme, by whether storing access record to the second process to control the operation of the second process pair first
The access control process of other processes in system accurately controls the visit of other processes in second the first operating system of process pair
Ask process.
Specifically, when the first operating system is security system, and the second operating system is conventional system, for the first time from process
Switching operating system rises, and process switches to conventional system from security system, then the access record of storage process, and in conventional system
After switching to security system, the foundation that record is handover operation is accessed, if process does not include accessing record, process is initially subordinate to
In conventional system, if process includes accessing to record, process is initially under the jurisdiction of security level, therefore, in process by conventional system
When switching to security system, if process does not include accessing record, the process is forbidden to carry out other processes in security system
It accesses, to ensure the data safety of other processes in security system.
According to another aspect of the present invention, it is also proposed that a kind of access control system of process, including:Acquiring unit is used
The switching of the first process switching to second operating system that operate in first operating system is referred in obtaining
It enables;Switch unit, for according to the switching command by first process switching to second operating system;Control
Unit, for controlling second operating system according to the security level of first operating system and second operating system
In other processes and first process between access control process.
It in the technical scheme, can be with by the judgement of the security level to the first operating system and the second operating system
For process during switching operating system, to the relevant specified resource of the higher process of security level carry out protection and every
From, in addition, user is after the switching standards of setting process, the effect of intelligent switching and access may be implemented in process, without
Wanting user to carry out every time, cumbersome handover operation mode of operation is more easy, and the user experience is improved.
Wherein, the first operating system can be the security system of terminal, and the second operating system can be the general department of terminal
System.
In the above-mentioned technical solutions, it is preferable that including step in detail below:Encryption unit, if being operated for described first
The security level of system is higher than the security level of second operating system, then pair specified money associated with first process
Source is encrypted.
In the technical scheme, the security level of the first operating system be higher than the second security system when, by pair and institute
It states the associated specified resource of the first process to be encrypted, ensure that the first process switching to the second behaviour of high safety system
When making to run in system, encipherment protection can be obtained with the relevant specified resource of the first process, to prevent in the second operating system
Other processes steal specified resource, or cause the collapse of the first process, wherein specified resource includes the first process using number
According to read-write data resources such as, code data and associated datas.
In the above-mentioned technical solutions, it is preferable that further include:Judging unit, for judge first process whether include
Private data;The encryption unit is additionally operable to, when it includes the private data to judge first process, with the secret number
It is encrypted according to as the specified resource.
In the technical scheme, it is encrypted by the private data to the first process, it is ensured that with the first process
When switching to the other operating system of low level security, private data will not be accessed or be stolen by the other process of low level security, to ensure
The data safety of first process, wherein private data include encrypted message, account information, private image information and including use
The information of the keyword of family setting.
In the above-mentioned technical solutions, it is preferable that described control unit is additionally operable to, in getting second operating system
Other processes to the access request of first process when, if first process includes the private data, obtaining
Other described processes are allowed to access first process after the confirmation instruction of user;And if being used for first process
Do not include the private data, then other described processes is forbidden to access first process.
In the technical scheme, other processes are controlled to first including private data by being instructed according to the confirmation of user
Process accesses, and has further assured that the protection of the private data of the first process, and is set according to the use demand of user
Other processes in second operating system further increase the usage experience of user to the access rights of private data.
In the above-mentioned technical solutions, it is preferable that further include:Storage unit, if the safety for first operating system
It is superior to the security level of second operating system, then stores other processes in second operating system to described
The access of one process records.
In the technical scheme, it is stored by the access of the first process to high security level record, as first
The identification record that low level security system is switched to from high-level security system of process can accurately provide follow-up handover operation
Or the basis for estimation of access control operation.
Specifically, when the first operating system is security system, and the second operating system is conventional system, for the first time from process
Switching operating system rises, and process switches to conventional system from security system, then the access record of storage process, and in conventional system
After switching to security system, the foundation that record is handover operation is accessed, if process does not include accessing record, process is initially subordinate to
In conventional system, if process includes accessing to record, process is initially under the jurisdiction of security level, therefore, by switching several times
After record, still it can determine whether the process belongs to security system or conventional system according to accessing to record.
In the above-mentioned technical solutions, it is preferable that the acquiring unit is additionally operable to, and acquisition operates in second operating system
On the second process switching to first operating system switching command;The judging unit is additionally operable to, according to described
Second process switching to first operating system, and is judged whether second process is stored with by switching command
The access record;Described control unit is additionally operable to, and when judging that second process does not store the access record, forbids institute
The second process is stated to access to other processes in first operating system.
In the technical scheme, by whether storing access record to the second process to control the operation of the second process pair first
The access control process of other processes in system accurately controls the visit of other processes in second the first operating system of process pair
Ask process.
Specifically, when the first operating system is security system, and the second operating system is conventional system, for the first time from process
Switching operating system rises, and process switches to conventional system from security system, then the access record of storage process, and in conventional system
After switching to security system, the foundation that record is handover operation is accessed, if process does not include accessing record, process is initially subordinate to
In conventional system, if process includes accessing to record, process is initially under the jurisdiction of security level, therefore, in process by conventional system
When switching to security system, if process does not include accessing record, the process is forbidden to carry out other processes in security system
It accesses, to ensure the data safety of other processes in security system.
According to the third aspect of the invention we, it is also proposed that a kind of terminal, including:As described in any of the above-described technical solution
The access control system of process.
Pass through above technical scheme, it is proposed that a kind of access control scheme of new process and a kind of terminal, by
The judgement of the security level of one operating system and the second operating system can be directed to process during switching operating system, right
The relevant specified resource of the higher process of security level is protected and is isolated, in addition, switching standards of the user in setting process
Afterwards, the effect of intelligent switching and access may be implemented in process, carries out cumbersome handover operation operation every time without user
Mode is more easy, and the user experience is improved.
Description of the drawings
Fig. 1 shows the schematic flow diagram of the access control method of process according to an embodiment of the invention;
Fig. 2 shows the schematic block diagrams of the access control system of process according to an embodiment of the invention;
Fig. 3 shows the schematic flow diagram of the access control method of process according to another embodiment of the invention;
Fig. 4 shows the schematic diagram at the access control interface of process according to another embodiment of the invention;
Fig. 5 shows the schematic flow diagram of the access control method of process according to another embodiment of the invention;
Fig. 6 shows the schematic flow diagram of the access control method of process according to still a further embodiment;
Fig. 7 shows the schematic flow diagram of the access control method of process according to another embodiment of the invention;
Fig. 8 shows the schematic diagram at the access control interface of process according to another embodiment of the invention.
Specific implementation mode
To better understand the objects, features and advantages of the present invention, below in conjunction with the accompanying drawings and specific real
Mode is applied the present invention is further described in detail.It should be noted that in the absence of conflict, the implementation of the application
Feature in example and embodiment can be combined with each other.
Many details are elaborated in the following description to facilitate a thorough understanding of the present invention, still, the present invention may be used also
To be implemented different from other modes described here using other, therefore, protection scope of the present invention is not by described below
Specific embodiment limitation.
Fig. 1 shows the schematic flow diagram of the access control method of process according to an embodiment of the invention.
As shown in Figure 1, the access control method of process according to an embodiment of the invention, including:Step 102, institute
The first process switching in the first operating system is stated to the switching command of second operating system;Step 104, instruction will
First process switching is to second operating system;Step 106, the peace of operating system and second operating system
Full rank controls other processes in second operating system and the access control process between first process.
It in the technical scheme, can be with by the judgement of the security level to the first operating system and the second operating system
For process during switching operating system, to the relevant specified resource of the higher process of security level carry out protection and every
From, in addition, user is after the switching standards of setting process, the effect of intelligent switching and access may be implemented in process, without
Wanting user to carry out every time, cumbersome handover operation mode of operation is more easy, and the user experience is improved.
Wherein, the first operating system can be the security system of terminal, and the second operating system can be the general department of terminal
System.
In the above-mentioned technical solutions, it is preferable that according to the switching command by first process switching to described
It is gone back before two operating systems, including step in detail below:If the security level of first operating system is higher than described the
The security level of two operating systems, then a pair specified resource associated with first process be encrypted.
In the technical scheme, the security level of the first operating system be higher than the second security system when, by pair and institute
It states the associated specified resource of the first process to be encrypted, ensure that the first process switching to the second behaviour of high safety system
When making to run in system, encipherment protection can be obtained with the relevant specified resource of the first process, to prevent in the second operating system
Other processes steal specified resource, or cause the collapse of the first process, wherein specified resource includes the first process using number
According to read-write data resources such as, code data and associated datas.
In the above-mentioned technical solutions, it is preferable that then place is encrypted in a pair specified resource associated with first process
Reason, including step in detail below:Judge whether first process includes private data;Judging that first process includes institute
When stating private data, it is encrypted using the private data as the specified resource.
In the technical scheme, it is encrypted by the private data to the first process, it is ensured that with the first process
When switching to the other operating system of low level security, private data will not be accessed or be stolen by the other process of low level security, to ensure
The data safety of first process, wherein private data include encrypted message, account information, private image information and including use
The information of the keyword of family setting.
In the above-mentioned technical solutions, it is preferable that other processes in second operating system are to first process
Access control process, including step in detail below:Other processes in getting second operating system are to described first
When the access request of process, if first process includes the private data, allow after the confirmation instruction for obtaining user
Other described processes access to first process;If first process does not include the private data, forbid institute
Other processes are stated to access to first process.
In the technical scheme, other processes are controlled to first including private data by being instructed according to the confirmation of user
Process accesses, and has further assured that the protection of the private data of the first process, and is set according to the use demand of user
Other processes in second operating system further increase the usage experience of user to the access rights of private data.
In the above-mentioned technical solutions, it is preferable that by first process switching to second operating system it
Afterwards, further include:If the security level of first operating system is higher than the security level of second operating system, institute is stored
Other processes stated in the second operating system record the access of first process.
In the technical scheme, it is stored by the access of the first process to high security level record, as first
The identification record that low level security system is switched to from high-level security system of process can accurately provide follow-up handover operation
Or the basis for estimation of access control operation.
Specifically, when the first operating system is security system, and the second operating system is conventional system, for the first time from process
Switching operating system rises, and process switches to conventional system from security system, then the access record of storage process, and in conventional system
After switching to security system, the foundation that record is handover operation is accessed, if process does not include accessing record, process is initially subordinate to
In conventional system, if process includes accessing to record, process is initially under the jurisdiction of security level, therefore, by switching several times
After record, still it can determine whether the process belongs to security system or conventional system according to accessing to record.
In the above-mentioned technical solutions, it is preferable that further include:Obtain the second process operated in second operating system
Switch to the switching command of first operating system;According to the switching command by second process switching to described
First operating system, and judge whether second process is stored with the access record;Judging second process
When not storing the access record, second process is forbidden to access other processes in first operating system.
In the technical scheme, by whether storing access record to the second process to control the operation of the second process pair first
The access control process of other processes in system accurately controls the visit of other processes in second the first operating system of process pair
Ask process.
Specifically, when the first operating system is security system, and the second operating system is conventional system, for the first time from process
Switching operating system rises, and process switches to conventional system from security system, then the access record of storage process, and in conventional system
After switching to security system, the foundation that record is handover operation is accessed, if process does not include accessing record, process is initially subordinate to
In conventional system, if process includes accessing to record, process is initially under the jurisdiction of security level, therefore, in process by conventional system
When switching to security system, if process does not include accessing record, the process is forbidden to carry out other processes in security system
It accesses, to ensure the data safety of other processes in security system.
Fig. 2 shows the schematic block diagrams of the access control system of process according to an embodiment of the invention.
As shown in Fig. 2, the access control system 200 of process according to an embodiment of the invention, including:Acquiring unit
202, the first process switching in first operating system will be operated in second operating system for obtaining
Switching command;Switch unit 204, for according to the switching command by first process switching to second operating system
Operation;Control unit 206, for according to described in the control of the security level of first operating system and second operating system
The access control process between other processes and first process in second operating system.
It in the technical scheme, can be with by the judgement of the security level to the first operating system and the second operating system
For process during switching operating system, to the relevant specified resource of the higher process of security level carry out protection and every
From, in addition, user is after the switching standards of setting process, the effect of intelligent switching and access may be implemented in process, without
Wanting user to carry out every time, cumbersome handover operation mode of operation is more easy, and the user experience is improved.
Wherein, the first operating system can be the security system of terminal, and the second operating system can be the general department of terminal
System.
In the above-mentioned technical solutions, it is preferable that including step in detail below:Encryption unit 208, if being grasped for described first
The security level for making system is higher than the security level of second operating system, then pair associated with first process to specify
Resource is encrypted.
In the technical scheme, the security level of the first operating system be higher than the second security system when, by pair and institute
It states the associated specified resource of the first process to be encrypted, ensure that the first process switching to the second behaviour of high safety system
When making to run in system, encipherment protection can be obtained with the relevant specified resource of the first process, to prevent in the second operating system
Other processes steal specified resource, or cause the collapse of the first process, wherein specified resource includes the first process using number
According to read-write data resources such as, code data and associated datas.
In the above-mentioned technical solutions, it is preferable that further include:Judging unit 210, for judging whether first process wraps
Include private data;The encryption unit 208 is additionally operable to, when it includes the private data to judge first process, with described
Private data is encrypted as the specified resource.
In the technical scheme, it is encrypted by the private data to the first process, it is ensured that with the first process
When switching to the other operating system of low level security, private data will not be accessed or be stolen by the other process of low level security, to ensure
The data safety of first process, wherein private data include encrypted message, account information, private image information and including use
The information of the keyword of family setting.
In the above-mentioned technical solutions, it is preferable that described control unit 212 is additionally operable to, and is getting second operation system
When other processes in system are to the access request of first process, if first process includes the private data,
Other described processes are allowed to access first process after obtaining the confirmation instruction of user;And if being used for described first
Process does not include the private data, then other described processes is forbidden to access first process.
In the technical scheme, other processes are controlled to first including private data by being instructed according to the confirmation of user
Process accesses, and has further assured that the protection of the private data of the first process, and is set according to the use demand of user
Other processes in second operating system further increase the usage experience of user to the access rights of private data.
In the above-mentioned technical solutions, it is preferable that further include:Storage unit 212, if the peace for first operating system
It is superior to the security level of second operating system entirely, then stores other processes in second operating system to described
The access of first process records.
In the technical scheme, it is stored by the access of the first process to high security level record, as first
The identification record that low level security system is switched to from high-level security system of process can accurately provide follow-up handover operation
Or the basis for estimation of access control operation.
Specifically, when the first operating system is security system, and the second operating system is conventional system, for the first time from process
Switching operating system rises, and process switches to conventional system from security system, then the access record of storage process, and in conventional system
After switching to security system, the foundation that record is handover operation is accessed, if process does not include accessing record, process is initially subordinate to
In conventional system, if process includes accessing to record, process is initially under the jurisdiction of security level, therefore, by switching several times
After record, still it can determine whether the process belongs to security system or conventional system according to accessing to record.
In the above-mentioned technical solutions, it is preferable that the acquiring unit 202 is additionally operable to, and acquisition operates in second operation
The second process switching in system to first operating system switching command;The judging unit 210 is additionally operable to, root
According to the switching command by second process switching to first operating system, and whether judge second process
It is stored with the access record;Described control unit 206 is additionally operable to, and the access record is not stored in judgement second process
When, forbid second process to access other processes in first operating system.
In the technical scheme, by whether storing access record to the second process to control the operation of the second process pair first
The access control process of other processes in system accurately controls the visit of other processes in second the first operating system of process pair
Ask process.
Specifically, when the first operating system is security system, and the second operating system is conventional system, for the first time from process
Switching operating system rises, and process switches to conventional system from security system, then the access record of storage process, and in conventional system
After switching to security system, the foundation that record is handover operation is accessed, if process does not include accessing record, process is initially subordinate to
In conventional system, if process includes accessing to record, process is initially under the jurisdiction of security level, therefore, in process by conventional system
When switching to security system, if process does not include accessing record, the process is forbidden to carry out other processes in security system
It accesses, to ensure the data safety of other processes in security system.
To sum up, switching at runtime of the process between multiple operating systems can be arranged in user, specifically include following several sides
Formula:
(1) when terminal power is less than default electricity (such as 20% electricity), user can be reminded high power consumption operating system
All process switchings to low power consumption operating system in run.
(2) in multiple operating systems, the memory occupied in each process operational process is counted, committed memory is more
It is run in process switching to the higher operating system of operational efficiency, to keep the operation of process smooth.
(3) when any operation system crash in multiple operating systems or ossified, automatically will be under this operating system it is all
In process switching to another operating system, to ensure the normal and reliability of above-mentioned process, meanwhile, collapse or ossified again
After operating system, above-mentioned process can be automatically switched to return.
In conjunction with Fig. 3 to Fig. 5, the process that conventional system is switched to security system illustrates.
As shown in figure 3, the flow diagram of conventional system is switched to for security system, including:Step 302, conventional system
Switch to security system;Step 304, process A is transformed into A1 and is running;Step 306, process B accesses to A1;Step 308,
Encryption information is determined whether, if so, 310 are thened follow the steps, if it is not, thening follow the steps 312;Step 310, user's prompt (carries
Show that interface is as shown in Figure 5);Step 312, the access for accessing and recording B to A1;Step 314, it determines whether to access, if so,
312 are thened follow the steps, if it is not, then terminating.
As shown in figure 4, the sequence of security level is carried out to the data information in A processes, as A contains the sensitive letter of unencryption
Breath then automatic encryption, and check the access record of A processes, it then converts to the process of conventional system.
In conjunction with Fig. 6 to Fig. 8, the process that conventional system is switched to security system illustrates.
As shown in fig. 6, the flow diagram of conventional system is switched to for security system, including:Step 602, security system
Switch to conventional system;Step 604, process B is transformed into A1 and is running;Step 606, process B accesses to B1;Step 608,
Access record is judged whether there is, if so, 610 are thened follow the steps, if it is not, thening follow the steps 612;Step 610, access record is checked
(checking that interface is as shown in Figure 8);Step 612, the security level of B1 processes is limited;Step 414, judge whether to be related to safety, if
It is to then follow the steps 612, if it is not, then terminating.
As shown in fig. 7, the information etc. of account involved in process B, password, keyword belongs to high security level, ordinary file
Read-write belong to medium security level, the reading of ordinary file belongs to low security level.
Technical scheme of the present invention is described in detail above in association with attached drawing, it is contemplated that how to improve the access control side of process
The technical problem that case makes the access process of data information safer and convenient.Therefore, the present invention proposes a kind of new process
Access control scheme and a kind of terminal, by according to the security level of the security level of the first system, second system, it is described plus
The security level of confidential information and access record information handle the cipher mode and access rights of the encryption information,
And determine whether other described processes can access the data according to the cipher mode of the encryption information and access rights
Information, improves the safety of the accessed data information of process, while also increasing and the sensitive information of unencryption is encrypted
Function, and mode of operation is more easy, process can be determined to the data information according to the security level of switching system
Access rights, therefore need not be required for accessing to each process and data information by user after the switching of every subsystem
Authority setting, the user experience is improved.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field
For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, any made by repair
Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.
Claims (9)
1. a kind of access control method of process, is suitable for terminal, the terminal operating has the first operating system and the second operation
System, which is characterized in that the access control method includes:
Acquisition will operate in switching of the first process switching in first operating system to second operating system
Instruction;
According to the switching command by first process switching to second operating system;
It is controlled in second operating system according to the security level of first operating system and second operating system
Access control process between other processes and first process,
If the security level of first operating system is higher than the security level of second operating system, described second is stored
Other processes in operating system record the access of first process;
The switching for obtaining the second process switching to first operating system that operate in second operating system refers to
It enables;
According to the second process switching the cutting to first operating system operated in second operating system
Instruction is changed, by second process switching to first operating system, and judges whether second process is stored with
The access record;
When judging that second process does not store the access record, forbid second process to first operating system
In other processes access.
2. the access control method of process according to claim 1, which is characterized in that according to the switching command by institute
It is gone back before stating the first process switching to second operating system, including step in detail below:
If the security level of first operating system is higher than the security level of second operating system, pair with described first
The associated specified resource of process is encrypted.
3. the access control method of process according to claim 2, which is characterized in that then pair related to first process
The specified resource of connection is encrypted, including step in detail below:
Judge whether first process includes private data;
When it includes the private data to judge first process, added using the private data as the specified resource
Close processing.
4. the access control method of process according to claim 3, which is characterized in that its in second operating system
His process is to the access control process of first process, including step in detail below:
In access request of other processes in getting second operating system to first process, if described first
Process includes the private data, then allow after the confirmation instruction for obtaining user other described processes to first process into
Row accesses;
If first process does not include the private data, other described processes is forbidden to visit first process
It asks.
5. a kind of access control system of process, is suitable for terminal, the terminal operating has the first operating system and the second operation
System, which is characterized in that the access control system includes:
Acquiring unit will operate in the first process switching in first operating system to second operation system for obtaining
The switching command of system operation;
Switch unit, for according to the switching command by first process switching to second operating system;
Control unit, for controlling described second according to the security level of first operating system and second operating system
The access control process between other processes and first process in operating system;
Storage unit, if being higher than the security level of second operating system for the security level of first operating system,
Other processes then stored in second operating system record the access of first process;
The acquiring unit is additionally operable to:Acquisition operates in the second process switching in second operating system to first behaviour
Make the switching command of system operation;
Judging unit is used for:According to second process switching operated in second operating system to first operation
The switching command of system operation, by second process switching to first operating system, and judge described second into
Whether journey is stored with the access record;
Described control unit is additionally operable to:When judging that second process does not store accesss and records, forbid described second into
Journey accesses to other processes in first operating system.
6. the access control system of process according to claim 5, which is characterized in that including step in detail below:
Encryption unit, if being higher than the security level of second operating system for the security level of first operating system,
Then a pair specified resource associated with first process is encrypted.
7. the access control system of process according to claim 6, which is characterized in that further include:
The judging unit is additionally operable to judge whether first process includes private data;
The encryption unit is additionally operable to, and when it includes the private data to judge first process, is made with the private data
It is encrypted for the specified resource.
8. the access control system of process according to claim 7, which is characterized in that described control unit is additionally operable to,
When getting the access request of other processes in second operating system to first process, if the first process packet
The private data is included, then allows other described processes to visit first process after the confirmation instruction for obtaining user
It asks;And
If not including the private data for first process, other described processes is forbidden to carry out first process
It accesses.
9. a kind of terminal, which is characterized in that including:The access control system of process as described in any one of claim 5 to 8
System.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510030232.6A CN104506563B (en) | 2015-01-20 | 2015-01-20 | Access control method, access control system and the terminal of process |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510030232.6A CN104506563B (en) | 2015-01-20 | 2015-01-20 | Access control method, access control system and the terminal of process |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104506563A CN104506563A (en) | 2015-04-08 |
CN104506563B true CN104506563B (en) | 2018-09-07 |
Family
ID=52948278
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510030232.6A Active CN104506563B (en) | 2015-01-20 | 2015-01-20 | Access control method, access control system and the terminal of process |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104506563B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106485098B (en) * | 2015-08-26 | 2019-08-02 | 北京安云世纪科技有限公司 | Application program encryption method, application program encryption device and terminal |
CN105046156B (en) * | 2015-08-26 | 2018-05-08 | 北京元心科技有限公司 | Intelligent terminal and its equipment access right control method |
CN105260664B (en) * | 2015-09-24 | 2018-05-15 | 宇龙计算机通信科技(深圳)有限公司 | Method for security protection and terminal are applied between a kind of multisystem |
CN106774794A (en) * | 2016-11-30 | 2017-05-31 | 宇龙计算机通信科技(深圳)有限公司 | The processing method and processing device of terminal traffic |
CN108154037B (en) * | 2016-12-05 | 2020-08-11 | 中国石油天然气股份有限公司 | Inter-process data transmission method and device |
CN110046043A (en) * | 2018-01-15 | 2019-07-23 | 比特大陆科技有限公司 | System switching method, device and electronic equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1606307A (en) * | 2004-11-15 | 2005-04-13 | 南京大学 | Network forced access control method based on safe operating system |
CN101409719A (en) * | 2007-10-08 | 2009-04-15 | 联想(北京)有限公司 | Method and client terminal for implementing network safety payment |
CN102402820A (en) * | 2010-09-13 | 2012-04-04 | 中国移动通信有限公司 | Electronic transaction method and terminal equipment |
CN102420911A (en) * | 2011-12-31 | 2012-04-18 | 深圳市金立通信设备有限公司 | Switching device and switching method for dual systems of smart phone |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4072271B2 (en) * | 1999-02-19 | 2008-04-09 | 株式会社日立製作所 | A computer running multiple operating systems |
-
2015
- 2015-01-20 CN CN201510030232.6A patent/CN104506563B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1606307A (en) * | 2004-11-15 | 2005-04-13 | 南京大学 | Network forced access control method based on safe operating system |
CN101409719A (en) * | 2007-10-08 | 2009-04-15 | 联想(北京)有限公司 | Method and client terminal for implementing network safety payment |
CN102402820A (en) * | 2010-09-13 | 2012-04-04 | 中国移动通信有限公司 | Electronic transaction method and terminal equipment |
CN102420911A (en) * | 2011-12-31 | 2012-04-18 | 深圳市金立通信设备有限公司 | Switching device and switching method for dual systems of smart phone |
Also Published As
Publication number | Publication date |
---|---|
CN104506563A (en) | 2015-04-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104506563B (en) | Access control method, access control system and the terminal of process | |
CN111835689B (en) | Identity authentication method of digital key, terminal device and medium | |
CN111723383B (en) | Data storage and verification method and device | |
CN104657671B (en) | The access authority management method and system of movable storage device | |
US10979450B2 (en) | Method and system for blocking phishing or ransomware attack | |
CN104091135A (en) | Intelligent terminal safety system and safety storage method | |
CN102624699A (en) | Method and system for protecting data | |
CN102880820A (en) | Method for accessing application program of mobile terminal and mobile terminal | |
CN102257483A (en) | Managing access to an address range in a storage device | |
CN105631293A (en) | Data access method, data access system and terminal | |
CN104268470B (en) | Method of controlling security and safety control | |
JPH05334253A (en) | Method for utilizing information processing workstation with password and information processing workstation utilizing the method | |
CN107679421A (en) | A kind of movable memory apparatus monitoring means of defence and system | |
CN110414198A (en) | A kind of privacy application guard method, device and computer readable storage medium | |
CN104363093B (en) | The method encrypted by dynamic authorization code to file data | |
CN103473512B (en) | A kind of mobile memory medium management method and device | |
CN104883341B (en) | Application management device, terminal and application management method | |
CN101673248B (en) | Storage system, controller and data protection method | |
CN114266071A (en) | Access right control method, device, equipment and medium | |
CN101320355A (en) | Memory device, storing card access apparatus and its read-write method | |
CN102298679B (en) | BIOS (Basic Input/ Output System) authentication method based on USB (Universal Serial Bus) key | |
CN114244568A (en) | Security access control method, device and equipment based on terminal access behavior | |
CN112070940B (en) | Access control authorization method, access control release method, device, access control controller and medium | |
CN112312400A (en) | Access control method, access controller and storage medium | |
CN102902633B (en) | Remote encryption system and remote encryption method for solid-state disk |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |