CN105205388B - A kind of right management method and system of application program - Google Patents
A kind of right management method and system of application program Download PDFInfo
- Publication number
- CN105205388B CN105205388B CN201410247803.7A CN201410247803A CN105205388B CN 105205388 B CN105205388 B CN 105205388B CN 201410247803 A CN201410247803 A CN 201410247803A CN 105205388 B CN105205388 B CN 105205388B
- Authority
- CN
- China
- Prior art keywords
- permission
- application program
- user
- risk
- sensitive
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
A kind of right management method of application program, it include: when installing the application, obtain the mount message of the application program, the mount message includes every permission of the application program, the mount message of the application program is reported into server, to determine permission type belonging to every permission of the application program as server, server is obtained to the judgement of the permission type as a result, and being managed according to the judgement result and user's operation to every permission of the application program.In addition, the present invention also provides a kind of rights management devices of application program.The safety of privacy of user can be improved in the right management method and device of above-mentioned application program, and improves data-handling efficiency.
Description
Technical field
The specific embodiment of the invention is related to field of information security technology, in particular to a kind of rights management side of application program
Method and system.
Background technique
With the development of computer technology, more and more third party applications are developed and are installed to all kinds of mobile whole
End, such as in smart phone, tablet computer, so that people's lives be made to become more to enrich and fast.However, these apply journey
Be implanted in sequence malice steal privacy of user function malicious application it is also more and more.These malicious applications it is hidden
Running background obtains the privacy information of user, such as short message, contact person, call note in the case where user is not noticeable automatically
The data such as record, and these privacy informations are sent to criminal, seriously threaten the personal secrets of user.
Currently, user would generally be controlled in mobile terminal using some safety management tools with rights management function
Application program accesses the permission of privacy information, including forbids or allow the permission, to protect privacy of user.However, these are pacified
Full management tool is that the behavior for the application program access privacy information that will be detected notifies user, then judges whether to prohibit by user
Only or allow the behavior, and whether these safety management tools should not be prohibited to the behavior or any local is made in behavior
Or the judgement on backstage, to can not also give any prompt of user.Since understanding of the user to the function of these application programs may
There are shortcoming, causes misjudgment and operate, safety is reduced in rights management process.
Summary of the invention
In view of this, it is necessary to provide a kind of right management method of application program and system, it can be effectively to using journey
The permission of sequence is managed, and improves the personal secrets of user.
A kind of right management method of application program, comprising the following steps: when installing the application, obtain this using journey
The mount message of sequence, the mount message include every permission of the application program;The mount message of the application program is reported to
Server, to determine permission type belonging to every permission of the application program as server;Server is obtained to the power
The judgement of type is limited as a result, and being managed according to the judgement result and user's operation to every permission of the application program.
A kind of Rights Management System of application program, comprising: client and server;The client includes: to obtain list
Member, for when installing the application, obtaining the mount message of the application program, which includes each of the application program
Item permission;Reporting unit, for the mount message of the application program to be reported to the server, to be sentenced by the server
Permission type belonging to every permission of the fixed application program;The acquiring unit is also used to obtain server to the permission
The judgement result of type;Administrative unit, for according to the judgement result and user's operation to every permission of the application program into
Row management.
Compared to the prior art, the right management method and system of application program of the present invention, when the application is installed, first
Permission type belonging to every permission of the application program is determined as server, improves the safety of privacy of user, and is filtered out
The permission of the application program of user's operation is not needed, mobile terminal is reduced and calculates content, improve data-handling efficiency, and can root
It is managed according to every permission of the user's operation to the application program, improves oneself of every permission of the user management application program
Main property.
For above and other objects, features and advantages of the invention can be clearer and more comprehensible, preferred embodiment is cited below particularly,
And cooperate institute's accompanying drawings, it is described in detail below.
Detailed description of the invention
Fig. 1 is the running environment schematic diagram of the authority method of application program provided in an embodiment of the present invention.
Fig. 2 is a kind of structural block diagram of mobile terminal.
Fig. 3 is a kind of structural block diagram of server.
Fig. 4 is the right management method flow chart for the application program that first embodiment provides.
Fig. 5 is part steps details flow chart in the right management method for the application program that second embodiment provides.
Fig. 6 is the right management method flow chart for the application program that 3rd embodiment provides.
Fig. 7 is the right management method flow chart for the application program that fourth embodiment provides.
Fig. 8 is the bullet rectangle style schematic diagram for prompting user to be managed application program in a manner of playing frame.
Fig. 9 is part steps details flow chart in the right management method for the application program that the 5th embodiment provides.
Figure 10 is the right management method flow chart for the application program that sixth embodiment provides.
Figure 11 is a schematic diagram of the permission prompt of the display management application program in the rights management page.
Figure 12 is another schematic diagram of the permission prompt of the display management application program in the rights management page.
Figure 13 is the right management method flow chart for the application program that the 7th embodiment provides.
Figure 14 is the terminal structure schematic diagram in the Rights Management System for the application program that the 8th embodiment provides.
Figure 15 is the server architecture schematic diagram in the Rights Management System for the application program that the 8th embodiment provides.
Figure 16 is the terminal structure schematic diagram in the Rights Management System for the application program that the 9th embodiment provides.
Figure 17 is the server architecture schematic diagram in the Rights Management System for the application program that the 9th embodiment provides.
Specific embodiment
Further to illustrate that the present invention is the technical means and efficacy realizing predetermined goal of the invention and being taken, below in conjunction with
Attached drawing and preferred embodiment, to specific embodiment, structure, feature and its effect according to the present invention, detailed description is as follows.
Referring to Fig. 1, Fig. 1 is the right management method Run-time scenario figure for the application program that first embodiment provides.It is mobile whole
End 100 and server 200 are connected by network.
The mobile terminal 100Root success before installing application program, and application program permission is carried out in mobile terminal 100
The application program of management successfully obtains Root authorization.When installing the application, mobile terminal 100 obtains the peace of the application program
Information is filled, which includes every permission of the application program.The mount message of the application program is reported into server
200, to determine permission type belonging to every permission of the application program as server 200.The permission type refer to according to
The classification that the size degree of the risk caused by privacy of user safety carries out when the application program is run.Permission type can include:
Security permission, sensitive permission and risk permission.Wherein, sensitive permission can reveal privacy of user after referring to application program operation
Permission, including send short message, obtain short message content, read contact person and obtain mobile terminal locations.Risk permission refers to that this is answered
The permission used is not needed at runtime with program, such as certain map software needs to read contact person or sends short message.Peace
Full powers limit refers to the permission not threatened after application program operation privacy of user, removes except sensitive permission and risk permission
Permission type be regarded as security permission.
Further, mobile terminal 100 obtains server 200 to the judgement of the permission type as a result, and according to the judgement
As a result it is managed with every permission of the user's operation to the application program.Specifically, if in every permission of the application program
Including risk permission or sensitive permission, then prompt user to the risk permission or sensitive power in the installation process of the application program
Limit is managed, and specifically can be and user is prompted to weigh the risk in a manner of notification bar in the installation process of the application program
Limit is managed, and prompts user to be managed the sensitive permission in a manner of playing frame in the installation process of the application program.
Further, the risk permission or sensitive permission are managed according to user's operation access entitlements administration page, the management packet
It includes and forbids or allow the risk permission or sensitive permission to execute.Mobile terminal 100 applies journey in the rights management page for this
The each single item permission of sequence shows corresponding management prompt information, can be after access entitlements administration page, by specified permission to this
The single permission of application program shows corresponding management prompt information, can also be with access entitlements administration page after, by application program
Corresponding management prompt information is integrally shown to whole permissions of an application-specific.
Further, if user is not managed the risk permission or sensitive permission in the rights management page,
When the application program is run, temporarily forbids the risk permission of the application program or sensitive permission to execute, prompt user to the risk
Permission or sensitive permission are managed, and are managed according to user's operation to the risk permission or sensitive permission.Temporarily forbid
The risk permission or sensitive permission of the application program execute specifically, if the risk permission or sensitive permission of the application program are hair
Short message is sent, then obtains the short message content and recipient's number, and shows the short message content and recipient's number.
In one example, the above process is illustrated so that the permission of the application program is to send short message as an example.The application
The transmission short message permission of program is determined as risk permission or sensitive permission by server 200, and user is not in the rights management page
Be managed in face of the risk permission or sensitive permission, when the application program at runtime, temporarily forbid the wind of the application program
Dangerous permission or sensitive permission execute, for example, a length of 20 seconds when carrying out temporarily forbid, and during temporarily forbidding prompt is used
The operation that family is allowed or forbidden to the risk permission or sensitive permission.Meanwhile obtaining the short message content and recipient's number
And the short message content and recipient's number are shown in the prompted dialog frame of pop-up.If user's selection is forbidden sending short message, should
The transmission short message permission of application program will be by permanent ban, i.e., the application program cannot send short message.If user is temporary at this
Any operation is not carried out in the duration forbidden, non-selected to allow also to forbid for selection, then the dialog box popped up will disappear, and block simultaneously
It cuts this and sends short message behavior.If the application program sends short message in operation next time again, dialog box confession will be popped up again
User selects.
The each single item permission for this application of server 200 judges that this permission whether there is in presetting database
In, it include predefined permission relevant to the function of the application program in the presetting database, if server 200 judges at this
If this permission is not present in presetting database, then it represents that this permission is unrelated with the function of the application program, so clothes
Business device 200 determines that this permission belongs to risk permission.If this permission is present in the presetting database, server 200 into
One step judges whether this permission is related to privacy of user, if so, server 200 determines that this permission belongs to sensitive permission, if
No, then server 200 determines that this permission belongs to security permission, also, server 200 is each single item permission of the application program
Configuration management prompt information, and the management prompt information is sent to mobile terminal 100 or is pulled by mobile terminal 100, the pipe
Reason prompt information includes permission, suggestion is noticed and suggestion is forbidden, permission type belonging to the management prompt information and this permission
It is corresponding, be the management prompt information of security permission configuration it is permission specifically, is that the management prompt information that sensitive permission configures is
It is the management prompt information of risk authority configuration is that suggestion is forbidden it is recommended that notice.
According to the Rights Management System of the application program in the present embodiment, when the application is installed, first sentenced by server
Permission type belonging to every permission of the fixed application program, improves the safety of privacy of user, and filter out and do not need user
The permission of the application program of operation reduces mobile terminal and calculates content, improves data-handling efficiency, and can be according to user's operation
Every permission of the application program is managed, the independence of every permission of the user management application program is improved.
Fig. 2 shows a kind of structural block diagrams of mobile terminal.Mobile terminal includes smart phone, palm PC, plate electricity
Brain etc. all have the mobile terminal of touch screen.As shown in Fig. 2, mobile terminal 200 includes memory 102, storage control
104, one or more (one is only shown in figure) processors 106, Peripheral Interface 108, radio-frequency module 110 and Touch Screen
112.These components are mutually communicated by one or more communication bus/signal wire 122.
It is appreciated that structure shown in Fig. 2 is only to illustrate, the structure of terminal 100 is not caused to limit.For example, eventually
End 100 may also include than shown in Fig. 2 more perhaps less component or with the configuration different from shown in Fig. 2.Shown in Fig. 2
Each component can using hardware, software, or its combination realize.
Memory 102 can be used for storing software program and module, such as the word in terminal device in the embodiment of the present invention
Accord with input method and the corresponding program instruction/module of device, the software that processor 102 is stored in memory 104 by operation
Program and module realize the rights management of above-mentioned application program thereby executing various function application and data processing
Method.
Memory 102 may include high speed random access memory, may also include nonvolatile memory, such as one or more magnetic
Property storage device, flash memory or other non-volatile solid state memories.In some instances, memory 102 can further comprise
The memory remotely located relative to processor 106, these remote memories can pass through network connection to terminal device 100.
The example of above-mentioned network includes but is not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.Processor
106 and other possible components the access of memory 102 can be carried out under the control of storage control 104.
Various input/output devices are couple CPU and memory 102 by Peripheral Interface 108.The operation of processor 106 is deposited
Various softwares, instruction in reservoir 102 are to execute the various functions of terminal device 100 and carry out data processing.
In some embodiments, Peripheral Interface 108, processor 106 and storage control 104 can be in one single chips
It realizes.In some other example, they can be realized by independent chip respectively.
Radio-frequency module 110 is used to receive and transmit electromagnetic wave, realizes the mutual conversion of electromagnetic wave and electric signal, thus with
Communication network or other equipment are communicated.Radio-frequency module 110 may include various existing for executing the electricity of these functions
Circuit component, for example, antenna, RF transceiver, digital signal processor, encryption/deciphering chip, subscriber identity module (SIM) card,
Memory etc..Radio-frequency module 110 can be communicated or be led to various networks such as internet, intranet, wireless network
Wireless network is crossed to be communicated with other equipment.Above-mentioned wireless network may include cellular telephone networks, WLAN or
Metropolitan Area Network (MAN).Various communication standards, agreement and technology can be used in above-mentioned wireless network, and including but not limited to the whole world is mobile logical
Letter system (Global System for Mobile Communication, GSM), enhanced mobile communication technology
(Enhanced Data GSM Environment, EDGE), Wideband CDMA Technology (wideband code division
Multiple access, W-CDMA), Code Division Multiple Access (Code division access, CDMA), time division multiple access technology
(time division multiple access, TDMA), bluetooth, adopting wireless fidelity technology (Wireless, Fidelity,
WiFi) (such as American Institute of Electrical and Electronics Engineers's standard IEEE 802.11a, IEEE 802.11b, IEEE802.11g and/
Or IEEE 802.11n), the networking telephone (Voice over internet protocal, VoIP), worldwide interoperability for microwave accesses
(Worldwide Interoperability for Microwave Access, Wi-Max), other be used for mail, Instant Messenger
The agreement and any other suitable communications protocol of news and short message, or even may include that those are not developed currently yet
Agreement.
Touch Screen 118 provides an output and input interface simultaneously between terminal device 100 and user.Specifically,
Touch Screen 118 shows video output to user, and the content of these videos output may include text, figure, video and its any
Combination.Some outputs are the result is that correspond to some user interface objects.Touch Screen 118 also receives the input of user, such as with
The gesture operations such as click, the sliding at family, so that user interface object responds the input of these users.Detect user's input
Technology can be based on resistance-type, condenser type or any other possible touch control detection technology.Touch Screen 118 shows list
The specific example of member includes but is not limited to liquid crystal display or light emitting polymer displays.
Fig. 3 shows a kind of structural block diagram of server.The server 200 can be generated because of configuration or performance difference to be compared
Big difference may include one or more central processing unit (central processing units, CPU) 222 (examples
Such as, one or more processors) and memory 232, one or more storage application programs 242 or data 244
Storage medium 230 (such as one or more mass memory units).Wherein, memory 232 and storage medium 230 can be
Of short duration storage or persistent storage.The program for being stored in storage medium 230 may include that one or more modules (do not show by diagram
Out), each module may include to the series of instructions operation in server.Further, central processing unit 222 can be set
It is set to and is communicated with storage medium 230, execute the series of instructions operation in storage medium 230 on server 200.Server
200 can also include one or more power supplys 226, one or more wired or wireless network interfaces 250, one or
More than one input/output interface 258, and/or, one or more operating systems 241, such as Windows ServerTM,
Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM etc..It is held described in above-mentioned embodiment illustrated in fig. 1 by server
Capable step can be based on the server architecture shown in Fig. 2.
Refering to Fig. 4, the right management method for the application program that first embodiment provides can be applied to shown in Fig. 2 mobile whole
In end 100, comprising:
Step 401, when installing the application, obtains the mount message of the application program, which answers including this
With every permission of program;
The mobile terminal 100Root success before installing application program, and application program permission is carried out in mobile terminal 100
The application program of management successfully obtains Root authorization.
When installing the application, mobile terminal 100 obtains the mount message of the application program, which includes should
Every permission of application program.
The mount message of the application program is reported to server by step 402, to determine the application program by server
Every permission belonging to permission type;
The mount message of the application program is reported to server 200 by mobile terminal 100, to be determined by server 200
Permission type belonging to every permission of the application program.The permission type refers to hidden to user when running according to the application program
The classification that the size degree of risk caused by private safety carries out.Permission type can include: security permission, sensitive permission and risk power
Limit.Wherein, sensitive permission can reveal the permission of privacy of user after referring to application program operation, including send short message, obtain it is short
Believe content, read contact person and obtains mobile terminal locations.Risk permission refers to that the application program does not need to use at runtime
Permission, such as certain map software need to read contact person or send short message.Security permission refers to that the application program is run
The permission not threatened privacy of user afterwards removes the permission type except sensitive permission and risk permission and is regarded as safety
Permission.
Step 403 obtains server to the judgement result of the permission type;
Step 404 is managed every permission of the application program according to the judgement result and user's operation.
After server 200 is obtained to the judgement result of the permission type, it can be issued the user with according to affiliated permission type
Prompt operation, prompts user to handle every permission of the application program, and according to user's operation to the application program
Every permission is managed.
According to the right management method of the application program in the present embodiment, when the application is installed, first sentenced by server
Permission type belonging to every permission of the fixed application program, improves the safety of privacy of user, and filter out and do not need user
The permission of the application program of operation reduces mobile terminal and calculates content, improves data-handling efficiency, and can be according to user's operation
Every permission of the application program is managed, the independence of every permission of the user management application program is improved.
The right management method for the application program that second embodiment provides can be applied in server 200 shown in Fig. 3, with
Embodiment illustrated in fig. 4 the difference is that, the server in step 402 determines power belonging to every permission of the application program
Limit type can be specifically described further, and refering to Fig. 5, Fig. 5 is every power that server determines the application program in the present embodiment
The execution flow chart of steps of affiliated permission type is limited, other steps are not shown in FIG. 5 in the present embodiment, particular content details
It can be found in step 401 in earlier figures 4, content shown in 403.
In the present embodiment, the server in step 402 determine permission type belonging to every permission of the application program into
One step includes:
Step 501, each single item permission for this application judge that this permission whether there is in presetting database
In;
Server 200 judge the application program each single item permission whether there is in presetting database, the preset data
It include predefined permission relevant to the function of the application program in library, that is, if including that this applies journey in the presetting database
The a certain permission of sequence, then it represents that this permission is related to the function of the application program.
If step 502, this permission are not present in the presetting database, server determines that this permission belongs to risk
Permission;
If if server 200 judges in the presetting database there is no this permission, then it represents that this permission is and this
The function of application program is unrelated, so server 200 determines that this permission belongs to risk permission, that is, thinks that this permission is this
Application program does not need the permission used at runtime.
If step 503, this permission are present in the presetting database, whether server further judges this permission
It is related to privacy of user, if so, server determines that this permission belongs to sensitive permission, if it is not, then server determines this permission
Belong to security permission.
If this permission is present in the presetting database, indicate this permission may be sensitive permission be also likely to be safety
Permission, server 200 further judge whether this permission is related to privacy of user, if so, determining that this permission belongs to sensitivity
Permission, if it is not, then determining that this permission belongs to security permission.
According to the right management method of the application program in the present embodiment, when the application is installed, first sentenced by server
Permission type belonging to every permission of the fixed application program, improves the safety of privacy of user, and filter out and do not need user
The permission of the application program of operation reduces mobile terminal and calculates content, improves data-handling efficiency, and can be according to user's operation
Every permission of the application program is managed, the independence of every permission of the user management application program is improved.
Refering to Fig. 6, the right management method for the application program that 3rd embodiment provides can be applied to shown in Fig. 2 mobile whole
End 100 in, it is similar to embodiment illustrated in fig. 4, the difference is that, in step 404 according to the judgement result and user's operation
Every permission of the application program is managed and includes:
If including risk permission or sensitive permission in every permission of step 604, the application program, in the application program
Installation process in prompt user the risk permission or sensitive permission are managed;
Step 605 is managed the risk permission or sensitive permission according to user's operation access entitlements administration page.
User is managed the risk permission or sensitive permission according to prompt, and mobile terminal 100 is according to the management of user
Operation, access entitlements administration page are managed the risk permission or sensitive permission, which includes forbidding or allowing the wind
Dangerous permission or sensitive permission execute.
According to the right management method of the application program in the present embodiment, when the application is installed, first sentenced by server
Permission type belonging to every permission of the fixed application program, improves the safety of privacy of user, and filter out and do not need user
The permission of the application program of operation reduces mobile terminal and calculates content, improves data-handling efficiency, and can be according to user's operation
Every permission of the application program is managed, the independence of every permission of the user management application program is improved.
Refering to Fig. 7, the right management method for the application program that fourth embodiment provides can be applied to shown in Fig. 2 mobile whole
It is similar to embodiment illustrated in fig. 6 in end 100, the difference is that, it is mentioned in the installation process of the application program in step 604
Show that user is managed to the risk permission or sensitive permission and includes:
Step 704, prompted in a manner of notification bar in the installation process of the application program user to the risk permission into
Row management, prompts user to be managed the sensitive permission in the installation process of the application program in a manner of playing frame.
When including risk permission in the permission of the application program, then with notification bar in the installation process of the application program
Mode prompts user to be managed the risk permission, which includes rolling notification bar or resident notification bar.
When including sensitive permission in the permission of the application program, then the side of frame is played in the installation process of the application program
Formula prompt user is managed the sensitive permission.The prompt pattern for playing frame is as shown in Figure 8.It is popped up in mobile terminal display interface
For dialog box for user's operation, suggestion content includes application name, such as " the application program A " in Fig. 8, the power of the application program
Limit, such as the transmission short message in Fig. 8 to number B, content is confirmation subscribing service C, and charge is the contents such as N member/moon, and
It provides " permission " and " forbidding " button to operate for user, " forbidding " button can show manipulable remaining time, such as Fig. 8
In " forbid " " (7) " expression on button " to forbid " button is remaining can operate within 7 seconds, if user is to carry out within the remaining time
Operation, then system default user allows the application program to execute the permission.
According to the right management method of the application program in the present embodiment, when the application is installed, first sentenced by server
Permission type belonging to every permission of the fixed application program, improves the safety of privacy of user, and filter out and do not need user
The permission of the application program of operation reduces mobile terminal and calculates content, improves data-handling efficiency, and can be according to user's operation
Every permission of the application program is managed, the independence of every permission of the user management application program is improved.
The right management method for the application program that 5th embodiment provides can be applied in server 200 shown in Fig. 3, with
Fig. 4, embodiment illustrated in fig. 5 are similar, the difference is that the server in step 402 determines every permission institute of the application program
The permission type of category can further describe, and refering to Fig. 9, Fig. 9 is the items that server determines the application program in the present embodiment
The execution flow chart of steps of permission type belonging to permission, other steps are not shown in FIG. 9 in the present embodiment, in step 402
Server determine permission type belonging to every permission of the application program further include:
Step 904 manages prompt information for each single item authority configuration of the application program.
Server 200 is that each single item authority configuration of the application program manages prompt information, and mobile terminal 100 pulls this
It manages prompt information or server 200 and the management prompt information is sent to mobile terminal 100, which is protected
It deposits in the database.The management prompt information includes permission, suggestion is noticed and suggestion is forbidden, the management prompt information and the Xiang Quan
Permission type belonging to limit is corresponding, be the management prompt information of security permission configuration is permission specifically, is sensitive permission configuration
Management prompt information be to suggest noticing, be the management prompt information of risk authority configuration be that suggestion is forbidden.
Further, server 200 can also describe for each single item authority configuration function of the application program, which retouches
State the text of the effect for this of a segment description permission in the application program.
According to the right management method of the application program in the present embodiment, when the application is installed, first sentenced by server
Permission type belonging to every permission of the fixed application program, improves the safety of privacy of user, and filter out and do not need user
The permission of the application program of operation reduces mobile terminal and calculates content, improves data-handling efficiency, and can be according to user's operation
Every permission of the application program is managed, the independence of every permission of the user management application program is improved.
Refering to fig. 10, the right management method for the application program that sixth embodiment provides can be applied to movement shown in Fig. 2
It is similar to embodiment illustrated in fig. 6 in terminal 100, the difference is that, in step 604 in the installation process of the application program
Prompt user is managed the risk permission or sensitive permission further include:
Step 1004, each single item permission in the rights management page for the application program show corresponding management prompt
Information.
It can specifically include following two display mode:
One is after access entitlements administration page, corresponding pipe is shown by single permission of the specified permission to the application program
Manage prompt information.
As shown in figure 11, after access entitlements administration page, user's selection is managed according to permission, then shows all applications
The all permissions of program, user select to send short message permission, then show the transmission short message permission of all application programs, and for every
One application program is prompted, and user can be by selecting push-botton operation the management to the application program.
It is whole by whole permissions of the application program to an application-specific after another kind is access entitlements administration page
Show corresponding management prompt information.
As shown in figure 12, after access entitlements administration page, user's selection is managed according to application program, then display is all
Application program, user select application program A, show the details of application program A, all permissions including showing application program A, and
It is prompted for each single item permission, user can be by selecting push-botton operation the management to the permission.
According to the right management method of the application program in the present embodiment, when the application is installed, first sentenced by server
Permission type belonging to every permission of the fixed application program, improves the safety of privacy of user, and filter out and do not need user
The permission of the application program of operation reduces mobile terminal and calculates content, improves data-handling efficiency, and can be according to user's operation
Every permission of the application program is managed, the independence of every permission of the user management application program is improved.
Refering to fig. 13, the right management method for the application program that the 7th embodiment provides can be applied to movement shown in Fig. 2
It is similar to embodiment illustrated in fig. 6 in terminal 100, the difference is that, being grasped according to the judgement result and user in step 404
The every permission for the application program of opposing is managed further include:
If 1306, user is not managed the risk permission or sensitive permission in the rights management page, answer at this
When being run with program, temporarily forbids the risk permission of the application program or sensitive permission to execute, prompt user to the risk permission
Or sensitive permission is managed, and is managed according to user's operation to the risk permission or sensitive permission.
It should be noted that the risk permission of the application program or sensitive permission is temporarily forbidden to execute specifically, if the application
The risk permission or sensitive permission of program are to send short message, then obtain the short message content and recipient's number, and show the short message
Content and recipient's number.
In one example, the above process is illustrated so that the permission of the application program is to send short message as an example.The application
The transmission short message permission of program is determined as risk permission or sensitive permission by server 200, and user is not in the rights management page
Be managed in face of the risk permission or sensitive permission, when the application program at runtime, temporarily forbid the wind of the application program
Dangerous permission or sensitive permission execute, for example, a length of 20 seconds when carrying out temporarily forbid, and during temporarily forbidding prompt is used
The operation that family is allowed or forbidden to the risk permission or sensitive permission.Meanwhile obtaining the short message content and recipient's number
And the short message content and recipient's number are shown in the prompted dialog frame of pop-up.For details, reference can be made to Fig. 8 for the dialog box of pop-up.
Further, if user's selection is forbidden sending short message, the transmission short message permission of the application program will permanently be prohibited
Only, i.e., the application program cannot send short message.If user does not carry out any operation in the duration temporarily forbidden, non-selected
Allow also to forbid for selection, then the dialog box popped up will disappear, while intercept this and sending short message behavior.If the application program exists
Short message is sent again when operation next time, then will pop up again dialog box and select for user.
According to the right management method of the application program in the present embodiment, when the application is installed, first sentenced by server
Permission type belonging to every permission of the fixed application program, improves the safety of privacy of user, and filter out and do not need user
The permission of the application program of operation reduces mobile terminal and calculates content, improves data-handling efficiency, and can be according to user's operation
Every permission of the application program is managed, the independence of every permission of the user management application program is improved.
The Rights Management System for the application program that 8th embodiment provides may include shown in Fig. 1 in mobile terminal 100 and
Server 200.Refering to fig. 14, mobile terminal 100 includes: acquiring unit 11, reporting unit 12 and administrative unit 13.
Acquiring unit 11 is for when installing the application, obtaining the mount message of the application program, the mount message packet
Include every permission of the application program;
Reporting unit 12 is used to the mount message of the application program reporting to server 200, to be sentenced by server 200
Permission type belonging to every permission of the fixed application program;
Acquiring unit 11 is also used to obtain server 200 to the judgement result of the permission type;
Administrative unit 13 is for being managed every permission of the application program according to the judgement result and user's operation.
Wherein, which includes security permission, sensitive permission and risk permission.
The other details of system about the present embodiment also see Fig. 3 and related description.
According to the Rights Management System of the application program in the present embodiment, when the application is installed, first sentenced by server
Permission type belonging to every permission of the fixed application program, improves the safety of privacy of user, and filter out and do not need user
The permission of the application program of operation reduces mobile terminal and calculates content, improves data-handling efficiency, and can be according to user's operation
Every permission of the application program is managed, the independence of every permission of the user management application program is improved.
Refering to fig. 15, server 200 includes: judging unit 21 and judging unit 22.
Judging unit 21 is used for each single item permission for this application, judges that this permission whether there is in present count
It include predefined permission relevant to the function of the application program in the presetting database according in library;
If judging unit 22 is not present in the presetting database for this permission, determine that this permission belongs to risk
Permission;
It is present in the presetting database if judging unit 21 is also used to this permission, further judges that this permission is
It is no to be related to privacy of user;
If judging unit 22, which is also used to judging unit 21, judges that this permission is related to privacy of user, this permission category is determined
In sensitive permission, if judging, this permission is not related to privacy of user, and server determines that this permission belongs to security permission.
The other details of system about the present embodiment also see Fig. 4 and related description.
According to the Rights Management System of the application program in the present embodiment, when the application is installed, first sentenced by server
Permission type belonging to every permission of the fixed application program, improves the safety of privacy of user, and filter out and do not need user
The permission of the application program of operation reduces mobile terminal and calculates content, improves data-handling efficiency, and can be according to user's operation
Every permission of the application program is managed, the independence of every permission of the user management application program is improved.
9th embodiment provides a kind of Rights Management System of application program, and refering to fig. 16, what the 9th embodiment provided
Mobile terminal 100 in the Rights Management System of application program further include: prompt unit 14, obtains content list at display unit 15
Member 16 and display unit 17.
If prompt unit 14 is answered for including risk permission or sensitive permission in every permission of the application program at this
User is prompted to be managed the risk permission or sensitive permission in the installation process of program.
Specifically, prompt unit 14 is also used to prompt user in a manner of notification bar in the installation process of the application program
The risk permission is managed, and for prompting user to this in a manner of playing frame in the installation process of the application program
Sensitive permission is managed.
Administrative unit 13 be also used to according to user's operation access entitlements administration page to the risk permission or sensitive permission into
Row management, the management include forbidding or allowing the risk permission or sensitive permission to execute.
Each single item permission of the display unit 15 in the rights management page for the application program shows corresponding pipe
Manage prompt information.
Further, if administrative unit 13 is also used to user not in the rights management page to the risk permission or sensitive power
Limit is managed, then when the application program is run, temporarily forbids the risk permission of the application program or sensitive permission to execute, mention
Show that user is managed the risk permission or sensitive permission, and the risk permission or sensitive permission are carried out according to user's operation
Management.
It should be noted that administrative unit 13 can further include: obtaining content element 16 and display unit 17.
If obtaining content element 16 for the risk permission or sensitive permission of the application program is to send short message, obtaining should
Short message content and recipient's number;
Display unit 17 is for showing the short message content and recipient's number.
The other details of system about the present embodiment also see Fig. 4,6,7,10,13 and related description.
According to the Rights Management System of the application program in the present embodiment, when the application is installed, first sentenced by server
Permission type belonging to every permission of the fixed application program, improves the safety of privacy of user, and filter out and do not need user
The permission of the application program of operation reduces mobile terminal and calculates content, improves data-handling efficiency, and can be according to user's operation
Every permission of the application program is managed, the independence of every permission of the user management application program is improved.
Further, refering to fig. 17, the Rights Management System server 200 for the application program that the 9th embodiment provides also wraps
It includes: configuration unit 23.
Configuration unit 23 is used to manage prompt information, the management prompt information for each single item authority configuration of the application program
It is corresponding with permission type belonging to this permission.The management prompt information includes permission, suggestion is noticed and suggestion is forbidden, wherein
For security permission configuration management prompt information be permission, be sensitive permission configure management prompt information be that suggestion is noticed, be
The management prompt information of risk authority configuration is to suggest forbidding.
The other details of system about the present embodiment also see Fig. 5,9 and related description.
According to the Rights Management System of the application program in the present embodiment, when the application is installed, first sentenced by server
Permission type belonging to every permission of the fixed application program, improves the safety of privacy of user, and filter out and do not need user
The permission of the application program of operation reduces mobile terminal and calculates content, improves data-handling efficiency, and can be according to user's operation
Every permission of the application program is managed, the independence of every permission of the user management application program is improved.
It should be noted that, in this document, relational terms such as first and second and the like are used merely to a reality
Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation
In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to
Non-exclusive inclusion, so that process, method, article or device including a series of elements are not only wanted including those
Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or device
Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that
There is also other identical elements in process, method, article or device including the element.
Those of ordinary skill in the art will appreciate that realizing that all or part of the steps of above-described embodiment can pass through hardware
It completes, relevant hardware can also be instructed to complete by program, the program can store in a kind of computer-readable
In storage medium, storage medium mentioned above can be read-only memory, disk or CD etc..
The above described is only a preferred embodiment of the present invention, be not intended to limit the present invention in any form, though
So the present invention has been disclosed as a preferred embodiment, and however, it is not intended to limit the invention, any technology people for being familiar with this profession
Member, without departing from the scope of the present invention, when the technology contents using the disclosure above are modified or are modified
It is right according to the technical essence of the invention for the equivalent embodiment of equivalent variations, but without departing from the technical solutions of the present invention
Any simple modification, equivalent change and modification made by above embodiments, all of which are still within the scope of the technical scheme of the invention.
Claims (20)
1. a kind of right management method of application program, which is characterized in that method includes the following steps:
When installing the application, the mount message of the application program is obtained, which includes the items of the application program
Permission;
The mount message of the application program is reported into server, to determine every permission institute of the application program by server
The permission type of category, the permission type are the degree of the risk caused by privacy of user safety when running according to the application program
Carry out classification formation;
Server is obtained to the judgement of the permission type as a result, and according to the judgement result and user's operation to the application program
Every permission be managed, it is described management include allow or forbid.
2. the right management method of application program as described in claim 1, which is characterized in that the permission type includes safety
Permission, sensitive permission and risk permission.
3. the right management method of application program as claimed in claim 2, which is characterized in that the server determines the application
The step of permission type belonging to every permission of program includes:
Each single item permission for this application, server judge that this permission whether there is in presetting database, this is pre-
If in database including predefined permission relevant to the function of the application program;
If this permission is not present in the presetting database, server determines that this permission belongs to risk permission;
If this permission is present in the presetting database, it is hidden that server further judges whether this permission is related to user
Private, if so, server determines that this permission belongs to sensitive permission, if it is not, then server determines that this permission belongs to safety right
Limit.
4. the right management method of application program as claimed in claim 3, which is characterized in that it is described according to the judgement result and
The step of user's operation is managed every permission of the application program include:
If including risk permission or sensitive permission in every permission of the application program, in the installation process of the application program
Prompt user is managed the risk permission or sensitive permission;
The risk permission or sensitive permission are managed according to user's operation access entitlements administration page, which includes forbidding
Or the risk permission or sensitive permission is allowed to execute.
5. the right management method of application program as claimed in claim 4, which is characterized in that the peace in the application program
Filling the step of prompt user is managed the risk permission or sensitive permission in the process includes:
User is prompted to be managed the risk permission in a manner of notification bar in the installation process of the application program;
User is prompted to be managed the sensitive permission in a manner of playing frame in the installation process of the application program.
6. the right management method of application program as claimed in claim 4, which is characterized in that the server determines the application
The step of permission type belonging to every permission of program further include:
Prompt information, power belonging to the management prompt information and this permission are managed for each single item authority configuration of the application program
It is corresponding to limit type.
7. the right management method of application program as claimed in claim 6, which is characterized in that the management prompt information includes
Allow, suggestion is noticed and suggestion is forbidden, wherein the management prompt information for being security permission configuration is permission, is matched for sensitive permission
The management prompt information set is to suggest noticing, and be the management prompt information of risk authority configuration is that suggestion is forbidden.
8. the right management method of application program as claimed in claims 6 or 7, which is characterized in that described according to user's operation
The step of access entitlements administration page is managed the risk permission or sensitive permission further include:
Corresponding management prompt information is shown in the rights management page for each single item permission of the application program.
9. the right management method of application program as claimed in claim 4, which is characterized in that it is described according to the judgement result and
The step of user's operation is managed every permission of the application program further include:
If user is not managed the risk permission or sensitive permission in the rights management page, transported in the application program
When row, the risk permission of the application program or sensitive permission is temporarily forbidden to execute, prompts user to the risk permission or sensitive power
Limit is managed, and is managed according to user's operation to the risk permission or sensitive permission.
10. the right management method of application program as claimed in claim 9, which is characterized in that described temporarily to forbid the application
The step of risk permission or sensitive permission of program execute include:
If the risk permission or sensitive permission of the application program are to send short message, the short message content and recipient's number are obtained,
And show the short message content and recipient's number.
11. a kind of Rights Management System of application program, which is characterized in that the system includes:
Mobile terminal and server;
The mobile terminal includes:
Acquiring unit, for when installing the application, obtaining the mount message of the application program, which answers including this
With every permission of program;
Reporting unit, for the mount message of the application program to be reported to the server, to be determined by the server
Permission type belonging to every permission of the application program, the permission type are hidden to user when running according to the application program
The degree of risk caused by private safety carries out classification formation;
The acquiring unit is also used to obtain server to the judgement result of the permission type;
Administrative unit, it is described for being managed according to the judgement result and user's operation to every permission of the application program
Management includes allowing or forbidding.
12. system as claimed in claim 11, which is characterized in that the permission type include security permission, sensitive permission and
Risk permission.
13. system as claimed in claim 12, which is characterized in that the server includes:
Judging unit is used for each single item permission for this application, judges that this permission whether there is in presetting database
In, it include predefined permission relevant to the function of the application program in the presetting database;
Judging unit determines that this permission belongs to risk permission if being not present in the presetting database for this permission;
The judging unit is present in the presetting database if being also used to this permission, further judges that this permission is
It is no to be related to privacy of user;
The judging unit determines this permission if being also used to the judging unit judges that this permission is related to privacy of user
Belong to sensitive permission, this permission is not related to privacy of user if judging, server determines that this permission belongs to security permission.
14. system as claimed in claim 13, which is characterized in that the mobile terminal further include:
Prompt unit, if in every permission of the application program include risk permission or sensitive permission, this apply journey
User is prompted to be managed the risk permission or sensitive permission in the installation process of sequence;
The administrative unit is also used to carry out the risk permission or sensitive permission according to user's operation access entitlements administration page
Management, the management include forbidding or allowing the risk permission or sensitive permission to execute.
15. system as claimed in claim 14, which is characterized in that
The prompt unit is also used to prompt user to the risk in a manner of notification bar in the installation process of the application program
Permission is managed;
The prompt unit is also used to prompt user to the sensitive power in a manner of playing frame in the installation process of the application program
Limit is managed.
16. system as claimed in claim 15, which is characterized in that the server further include:
Configuration unit, for for the application program each single item authority configuration manage prompt information, the management prompt information with should
Permission type belonging to item permission is corresponding.
17. system as claimed in claim 16, which is characterized in that the management prompt information include allow, suggest notice and
It is recommended that forbidding, wherein the management prompt information for being security permission configuration is permission, for the management prompt information of sensitive permission configuration
It is the management prompt information of risk authority configuration is that suggestion is forbidden to suggest noticing.
18. system as claimed in claim 17, which is characterized in that the mobile terminal further include:
Display unit, for being that each single item permission of the application program shows corresponding management prompt in the rights management page
Information.
19. system as claimed in claim 18, which is characterized in that
The administrative unit, if being also used to user does not carry out pipe to the risk permission or sensitive permission in the rights management page
Reason temporarily forbids the risk permission of the application program or sensitive permission to execute, prompts user couple then when the application program is run
The risk permission or sensitive permission are managed, and are managed according to user's operation to the risk permission or sensitive permission.
20. system as claimed in claim 19, which is characterized in that the administrative unit includes:
Content element is obtained, if the risk permission or sensitive permission for the application program are to send short message, obtains the short message
Content and recipient's number;
Display unit, for showing the short message content and recipient's number.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410247803.7A CN105205388B (en) | 2014-06-05 | 2014-06-05 | A kind of right management method and system of application program |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410247803.7A CN105205388B (en) | 2014-06-05 | 2014-06-05 | A kind of right management method and system of application program |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105205388A CN105205388A (en) | 2015-12-30 |
| CN105205388B true CN105205388B (en) | 2019-03-15 |
Family
ID=54953062
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410247803.7A Active CN105205388B (en) | 2014-06-05 | 2014-06-05 | A kind of right management method and system of application program |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105205388B (en) |
Families Citing this family (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106055973A (en) * | 2016-05-30 | 2016-10-26 | 深圳市永兴元科技有限公司 | Application permission management method and application apparatus |
| CN106503493B (en) * | 2016-11-03 | 2020-10-16 | Tcl科技集团股份有限公司 | Application authority management method and system |
| CN106656756B (en) * | 2016-12-15 | 2019-09-13 | 北京容联光辉科技有限公司 | The operation method and device of instant message applications |
| CN106991319A (en) * | 2017-03-17 | 2017-07-28 | 维沃移动通信有限公司 | The right management method and mobile terminal of a kind of application program |
| CN107423617A (en) * | 2017-03-29 | 2017-12-01 | 珠海市魅族科技有限公司 | Application rights management method and device |
| EP4284049A3 (en) | 2017-09-29 | 2024-02-28 | Huawei Technologies Co., Ltd. | Method and device for accessing device identifiers |
| CN108595945B (en) * | 2018-04-18 | 2021-01-05 | Oppo广东移动通信有限公司 | Permission prompting method and device, mobile terminal, server and storage medium |
| CN109325363A (en) * | 2018-09-26 | 2019-02-12 | 平安普惠企业管理有限公司 | Management method, device, computer equipment and the storage medium of authority information |
| US11868463B2 (en) | 2019-01-23 | 2024-01-09 | Huawei Technologies Co., Ltd. | Method for managing application permission and electronic device |
| CN111125680A (en) * | 2019-11-29 | 2020-05-08 | 维沃移动通信有限公司 | Permission setting method and terminal equipment |
| CN111125696B (en) * | 2019-12-31 | 2021-08-06 | 维沃移动通信有限公司 | Information prompting method and electronic equipment |
| CN114610402B (en) * | 2021-01-06 | 2023-05-23 | 奇安信网神信息技术(北京)股份有限公司 | Operation authority control method and operation authority configuration method |
| CN113672974A (en) * | 2021-07-29 | 2021-11-19 | 北京奇艺世纪科技有限公司 | Authority management method, device, equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103049692A (en) * | 2012-11-19 | 2013-04-17 | 北京小米科技有限责任公司 | Application installation method, device and facility |
| CN103514397A (en) * | 2013-09-29 | 2014-01-15 | 西安酷派软件科技有限公司 | Server, terminal and authority management and permission method |
| CN103546489A (en) * | 2013-11-05 | 2014-01-29 | 腾讯科技(武汉)有限公司 | Method, server and system for authority control |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103188227A (en) * | 2011-12-29 | 2013-07-03 | 北京网秦天下科技有限公司 | Method and system for conducting parental control over mobile equipment |
-
2014
- 2014-06-05 CN CN201410247803.7A patent/CN105205388B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103049692A (en) * | 2012-11-19 | 2013-04-17 | 北京小米科技有限责任公司 | Application installation method, device and facility |
| CN103514397A (en) * | 2013-09-29 | 2014-01-15 | 西安酷派软件科技有限公司 | Server, terminal and authority management and permission method |
| CN103546489A (en) * | 2013-11-05 | 2014-01-29 | 腾讯科技(武汉)有限公司 | Method, server and system for authority control |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105205388A (en) | 2015-12-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105205388B (en) | A kind of right management method and system of application program | |
| CN105144188B (en) | Apparatus and method for notifying security information in electronic device and computer-readable recording medium thereof | |
| US8646032B2 (en) | Method and apparatus providing privacy setting and monitoring user interface | |
| Bai et al. | Context-aware usage control for android | |
| Rieback et al. | A platform for RFID security and privacy administration | |
| KR102265123B1 (en) | System for context-based data protection | |
| Li et al. | Behaviour profiling on mobile devices | |
| US20080194296A1 (en) | System and method for securely managing data stored on mobile devices, such as enterprise mobility data | |
| CN105281906A (en) | Safety authentication method and device | |
| US8266712B2 (en) | Privacy through artificial contextual data generation | |
| CN103891242A (en) | System and method for profile based filtering of outgoing information in a mobile environment | |
| CN104346560A (en) | Security authentication method and security authentication device | |
| CN108235767B (en) | Payment application isolation method and device and terminal | |
| CN104348956A (en) | Antitheft method and apparatus for mobile terminal | |
| Kuppusamy et al. | A model for remote access and protection of smartphones using short message service | |
| EP3166294B1 (en) | Systems and methods for monitoring and managing use of mobile electronic devices | |
| Zefferer et al. | Opportunities and forthcoming challenges of smartphone-based mgovernment services | |
| Perakovic et al. | Research of security threats in the use of modern terminal devices | |
| WO2015076790A1 (en) | Context-aware proactive threat management system | |
| CN104426685A (en) | Information management method and apparatus | |
| CN105100005A (en) | Identity verification method and device | |
| US20180035285A1 (en) | Semantic Privacy Enforcement | |
| CN113360863A (en) | Operation execution method and device, electronic equipment and medium | |
| CN114884685A (en) | Security management method of electronic device, electronic device and readable medium thereof | |
| CN107153790A (en) | Mobile terminal safety means of defence, device and mobile terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |