CN105404827A - Communication method, device and system between application programs under control - Google Patents

Communication method, device and system between application programs under control Download PDF

Info

Publication number
CN105404827A
CN105404827A CN201510989527.6A CN201510989527A CN105404827A CN 105404827 A CN105404827 A CN 105404827A CN 201510989527 A CN201510989527 A CN 201510989527A CN 105404827 A CN105404827 A CN 105404827A
Authority
CN
China
Prior art keywords
application
priority assignation
destination
application interface
destination application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510989527.6A
Other languages
Chinese (zh)
Other versions
CN105404827B (en
Inventor
王力
李旋
张晨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Qizhi Software Beijing Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201510989527.6A priority Critical patent/CN105404827B/en
Publication of CN105404827A publication Critical patent/CN105404827A/en
Application granted granted Critical
Publication of CN105404827B publication Critical patent/CN105404827B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/629Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The invention discloses a communication method, a device and a system between control application programs and relates to the technical field of internets. The invention solves the problem in the prior art that when application programs in the personal area of a mobile terminal can be freely accessed and stored, the application programs stored in the personal area of the mobile terminal might be illegally uploaded, shared and leaked to the outside. The method mainly comprises the steps of receiving an application interface permission setting instruction sent from a server by an enterprise management client, wherein the application interface permission setting instruction contains the application ID of a target application program for a to-be-set application interface permission and the award BIOS of the permission; and setting the access permission for the application interface of the target application program in a working area according to the application ID of the target application program contained in the application interface permission setting instruction. The invention is mainly applied to the field of bring your own devices (BYOD), wherein programs in working and personal areas are controlled to call each other.

Description

The method communicated between controlling application program, Apparatus and system
Technical field
The present invention relates to Internet technical field, particularly relate to the method, the Apparatus and system that communicate between a kind of controlling application program.
Background technology
Along with the maturation of mobile terminal is with universal, progress into enterprise field with the individual mobile terminal that mobile phone, panel computer are representative, this phenomenon is called as from carrying device office (BringYourOwnDevice, BYOD).Current employee uses individual mobile terminal to handle official business has become a kind of trend that cannot reverse.
In BYOD, on same mobile terminal, existing individual application program and data, also have enterprise application and data, and the region at individual application program and data place is called as individual district, and the region at enterprise application and data place is called as workspace.If the application program of workspace arbitrarily can be accessed, be accessed to the application program in individual district, then the risk illegally uploaded by the application program in individual district, share and leak will be there is.Therefore, in BYOD, how the application program in the workspace on same mobile terminal and individual district and data are effectively kept apart, thus the safety ensureing business data is current a great problem.
Summary of the invention
In view of this, the method, the Apparatus and system that communicate between a kind of controlling application program provided by the invention, can solve in prior art when the application program of workspace arbitrarily can be accessed, be accessed to the application program in the individual district on same mobile terminal, illegally be uploaded existing by the application program in individual district, sharing and the problem of the equivalent risk that leaks.
For achieving the above object, the invention provides following technical scheme:
First aspect, the invention provides a kind of method communicated between controlling application program, and described method is applied to business administration client-side, and described method comprises:
The application interface priority assignation instruction that reception server sends, the instruction of described application interface priority assignation comprises application identities and the priority assignation information of the destination application of application interface authority to be placed, and described priority assignation information comprises the application identities with the application program of accessing described destination application authority;
According to application identities and the described priority assignation information of the destination application in the instruction of described application interface priority assignation, for the application interface of the destination application in workspace arranges access rights, described access rights access the authority of the application interface of described destination application for limiting other application programs.
Second aspect, the invention provides a kind of method communicated between controlling application program, and described method is applied to server side, and described method comprises:
Determine the destination application of the application interface authority to be placed in workspace and the configuration information that defines the competence, described priority assignation information comprises the application identities with the application program of accessing described destination application authority;
Based on described destination application and described priority assignation information, send the instruction of application interface priority assignation to business administration client.
The third aspect, the invention provides the device communicated between a kind of controlling application program, and described application of installation is in business administration client-side, and described device comprises:
Receiving element, for the application interface priority assignation instruction that reception server sends, the instruction of described application interface priority assignation comprises application identities and the priority assignation information of the destination application of application interface authority to be placed, and described priority assignation information comprises the application identities with the application program of accessing described destination application authority;
Setting unit, for application identities and the described priority assignation information of the destination application in the described application interface priority assignation instruction that receives according to described receiving element, for the application interface of the destination application in workspace arranges access rights, described access rights access the authority of the application interface of described destination application for limiting other application programs.
Fourth aspect, the invention provides the device communicated between a kind of controlling application program, and described application of installation is in server side, and described device comprises:
Determining unit, for determining the destination application of the application interface authority to be placed in workspace and the configuration information that defines the competence, described priority assignation information comprises the application identities with the application program of accessing described destination application authority;
Transmitting element, for the described destination application determined based on described determining unit and described priority assignation information, sends the instruction of application interface priority assignation to business administration client.
5th aspect, the invention provides the system communicated between a kind of controlling application program, and described system comprises business administration client and server; Wherein, described business administration client comprises the device as described in the third aspect, and described server comprises the device as described in fourth aspect.
The method communicated between controlling application program provided by the invention, Apparatus and system, after the destination application can determining the application interface authority to be placed in workspace at server and priority assignation information, based target application program and priority assignation information, send the instruction of application interface priority assignation to business administration client, when business administration client receives this application interface priority assignation instruction, can according to the application identities of the destination application in this application interface priority assignation instruction and priority assignation information, for the application interface of the destination application in workspace arranges access rights, thus make the application program of the application interface authority only having access destination application program (comprising the application in individual district and the application program of workspace) ability access destination application program, and then avoid there is no the application program access destination application program of access rights and cause illegally uploading, share and the equivalent risk that leaks, ensure that the safety of data in the application program in workspace thus.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to technological means of the present invention can be better understood, and can be implemented according to the content of instructions, and can become apparent, below especially exemplified by the specific embodiment of the present invention to allow above and other objects of the present invention, feature and advantage.
Accompanying drawing explanation
By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit will become cheer and bright for those of ordinary skill in the art.Accompanying drawing only for illustrating the object of preferred implementation, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts by identical reference symbol.In the accompanying drawings:
Fig. 1 shows the process flow diagram of the method communicated between a kind of controlling application program that the embodiment of the present invention provides;
Fig. 2 shows the process flow diagram of the method communicated between another kind of controlling application program that the embodiment of the present invention provides;
Fig. 3 shows the composition frame chart of the device communicated between a kind of controlling application program that the embodiment of the present invention provides;
Fig. 4 shows the composition frame chart of the device communicated between another kind of controlling application program that the embodiment of the present invention provides;
Fig. 5 shows the composition frame chart of the device communicated between another kind of controlling application program that the embodiment of the present invention provides;
Fig. 6 shows the composition frame chart of the device communicated between another kind of controlling application program that the embodiment of the present invention provides;
Fig. 7 shows the system schematic communicated between a kind of controlling application program that the embodiment of the present invention provides.
Embodiment
Below with reference to accompanying drawings exemplary embodiment of the present disclosure is described in more detail.Although show exemplary embodiment of the present disclosure in accompanying drawing, however should be appreciated that can realize the disclosure in a variety of manners and not should limit by the embodiment set forth here.On the contrary, provide these embodiments to be in order to more thoroughly the disclosure can be understood, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.
Embodiments provide a kind of method communicated between controlling application program, the method is applied to business administration client-side, and as shown in Figure 1, the method mainly comprises:
101, the application interface priority assignation instruction that business administration client reception server sends.
Wherein, the instruction of application interface priority assignation comprises application identities and the priority assignation information of the destination application of application interface authority to be placed, and priority assignation information comprises the application identities of the application program with access destination application program authority; The entrance that application interface needs when being other application call application programs.
After business administration client receives the application interface priority assignation instruction of server transmission, can resolve this application interface priority assignation instruction, therefrom obtain the application identities of the destination application of application interface authority to be placed and the priority assignation information of correspondence, so that the follow-up priority assignation information according to application identities and correspondence, carries out priority assignation to the application interface of destination application.Wherein, destination application is positioned at the perform region of mobile terminal.
In addition, destination application can be one, also can be multiple.When destination application is multiple, the priority assignation information that each destination application is corresponding can be identical, also can not be identical.
In actual applications, usually need the application program in individual district and the application program of workspace is completely isolated comes, thus avoiding the application program in individual district illegally to upload by calling the application program of workspace, sharing equivalent risk operation.Therefore, the application identities of the application program in individual district is not often comprised in priority assignation information.In addition, the application program in Administration workplace is needed due to business administration client, so priority assignation information can comprise the application identities of business administration client.
102, business administration client according to the application identities of the destination application in the instruction of application interface priority assignation and priority assignation information, for the application interface of the destination application in workspace arranges access rights.
Wherein, access rights are for limiting the authority of the application interface of other application program access destination application programs.After obtain the application identities of destination application from the instruction of application interface priority assignation, can determine according to application identities the destination application that needs to arrange application interface access rights, and access rights are set according to the application interface that the content in priority assignation information is destination application.
When destination application is multiple, and priority assignation information corresponding to each destination application different time, business administration client needs first from priority assignation information, to search priority assignation information corresponding to current goal application program, then according to the priority assignation information found, priority assignation is carried out to the application interface of current goal application program.
The method communicated between the controlling application program that the embodiment of the present invention provides, can after the application interface priority assignation instruction receiving server transmission, according to application identities and the priority assignation information of the destination application in this application interface priority assignation instruction, for the application interface of the destination application in workspace arranges access rights, thus make the application program of the application interface authority only having access destination application program (comprising the application in individual district and the application program of workspace) ability access destination application program, and then avoid there is no the application program access destination application program of access rights and cause illegally uploading, share and the equivalent risk that leaks, ensure that the safety of data in the application program in workspace thus.
Further, the specific implementation of above-mentioned steps 102 can be:
(1) business administration client searches the installation kit of destination application corresponding to the application identities of destination application.
Concrete, the installation kit of each application program is stored in mobile terminal, business administration client records has the corresponding relation of the memory address of application identities and installation kit, therefore, business administration client first can determine the memory address of the installation kit that the application identities of destination application is corresponding, then finds the installation kit of destination application according to memory address.Wherein, application identities can comprise the title and version number etc. of application program.
(2) business administration client obtains inventory file from the installation kit of destination application, and wherein, inventory file is used for defining application interface.
Concrete, because the installation kit of application program often all stores with the form of compressed package, so business administration client needs first to carry out decompression processing to the installation kit of destination application, in the installation kit then after decompress(ion), search inventory file.
It should be noted that, containing an inventory file (the AndroidManifest.xml file in such as Android system) in the installation kit of each application program, for describing the activity of the assembly of application program, service, broadcasting receiver, content supplier, various application interface, and for defining the rights of using (can be defined by uses-permission in such as Android system) of other application programs access authority (can be defined by permission in such as Android system) of self application interface and the application interface of owned other application programs of access.
(3) business administration client according to priority assignation information, for the application interface of the destination application in inventory file arranges access rights.
When after acquisition inventory file, business administration client according to priority assignation information, can be modified to the code in this inventory file, to realize the function of the application interface of destination application being carried out to priority assignation.
In addition, be save the storage space of mobile terminal, business administration client according to priority assignation information, after the application interface of the destination application in inventory file arranges access rights, can be carried out packing and processes arranging the installation kit after access rights.
Further; in actual applications; if an application program (application A) needs to access the application interface by permission protection in Another application program (application program B), so application A must state the authority required for it with uses-permission in manifest.When application A needs to install on mobile terminals; whether erector inquiry user authorizes its authority stated; if user allows to authorize its authority stated; then application A could use shielded application interface; if do not allow, then application A can not use shielded application interface.Therefore, according to the application identities of the destination application in the instruction of application interface priority assignation and priority assignation information, after the application interface of the destination application in workspace arranges access rights, business administration client needs the application program of the application interface authority for having access destination application program to add corresponding rights of using, so that the application program with the application interface authority of access destination application program is based on the application interface access destination application program of rights of using by destination application.
Wherein, the method of adding access rights is similar, when business administration client needs the application program of the application interface authority for having access destination application program to add corresponding rights of using, can from have access destination application program application interface authority application program installation kit obtain inventory file, and the code in inventory file is modified, for the application interface of the destination application of record adds rights of using.
Further, because the destination application of the current installation of mobile terminal does not arrange application interface authority, so when being only provided with application interface authority to installation kit, may also cannot come into force.Therefore in order to ensure that application interface priority assignation really comes into force, can according to the application identities of the destination application in the instruction of application interface priority assignation and priority assignation information, after the application interface of the destination application in workspace arranges access rights, based on the installation kit that the destination application after priority assignation is corresponding, reinstall destination application.
It should be noted that, after business administration client is the rights of using of application program interpolation correspondence of the application interface authority with access destination application program, also need to reinstall operation to the application program of the application interface authority with access destination application program, to ensure that it can successful access destination application.
Further, in actual applications, usually need to conduct interviews priority assignation to the application interface of each application program of workspace, therefore, mobile terminal often being installed a new application program all needs to carry out priority assignation.Repeat for avoiding business administration client to carry out application interface priority assignation to certain application program, can according to the application identities of the destination application in the instruction of application interface priority assignation and priority assignation information, after the application interface of the destination application in workspace arranges access rights, upgrade the setup times of the local application interface priority assignation stored, and the setup times after upgrading is reported server, so that its local setup times corresponding with this business administration client stored of server update, and judge whether corresponding application program completes priority assignation according to the set-up time of setup times and application program, thus avoid server again to issue the instruction of application interface priority assignation for the application program completing priority assignation.
Further, according to said method embodiment, an alternative embodiment of the invention additionally provides a kind of method communicated between controlling application program, and the method is applied to server side, and as shown in Figure 2, the method mainly comprises:
201, server determines the destination application of the application interface authority to be placed in workspace and the configuration information that defines the competence.
Wherein, priority assignation information comprises the application identities of the application program with access destination application program authority.In actual applications, keeper can according to actual conditions, in real time or regularly different application interface priority assignation rules is issued, so that server determines destination application and the priority assignation information of the application interface authority to be placed in workspace according to the content in application interface priority assignation rule to server; According to the existing priority assignation in this locality, server also can determine that mechanism determines destination application and priority assignation information.
In addition, mention in the embodiment of the method for business administration client-side, need the application program in Administration workplace due to business administration client, so priority assignation information can comprise the application identities of business administration client.In actual applications, often need the application program in individual district and the application program of workspace is completely isolated comes, thus the risk avoided the application program in individual district illegally to upload by calling the application program of workspace, sharing.Therefore, the application identities of the application program in individual district is not often comprised in priority assignation information.
202, server based target application program and priority assignation information, sends the instruction of application interface priority assignation to business administration client.
When after server determination destination application and priority assignation information, the application interface priority assignation instruction of application identities and the priority assignation information of carrying destination application can be generated, and this application interface priority assignation instruction is handed down to corresponding business administration client, so that business administration client is according to this application interface priority assignation instruction, for the application interface of the destination application in workspace arranges access rights.
The method communicated between the controlling application program that the embodiment of the present invention provides, can after the destination application determining the application interface authority to be placed in workspace and priority assignation information, based target application program and priority assignation information, the instruction of application interface priority assignation is sent to business administration client, so that business administration client is according to this application interface priority assignation instruction, for the application interface of the destination application in workspace arranges access rights, thus make the application program of the application interface authority only having access destination application program (comprising the application in individual district and the application program of workspace) ability access destination application program, and then avoid there is no the application program access destination application program of access rights and cause illegally uploading, share and the equivalent risk that leaks, ensure that the safety of data in the application program in workspace thus.
Further, in actual applications, determine that the destination application of application interface authority to be placed in workspace and the specific implementation of priority assignation information can have multiple, be introduced for following two kinds of implementations below:
Mode one: server obtains application interface priority assignation rule, the rule that application interface priority assignation rule issues for enterprise management platform; According to application interface priority assignation rule, determine destination application and the priority assignation information of the application interface authority to be placed in workspace.
Wherein, application interface priority assignation rule description has the priority assignation information of application program to be placed and application programs, and application interface priority assignation rule can be the rule for a certain application program, also can be the rule for multiple application program, not limit at this.
Exemplary, application interface priority assignation rule comprises three rules, Article 1, be " for the application interface of the application program 1 of workspace adds access rights, and the content of access rights has access rights for only having business administration client ", Article 2 is " for the application interface of the application program 2 of workspace adds access rights, and the content of access rights is only have the application program in business administration client and workspace to have access rights ", Article 3 is " for the application interface of the application program 3 of workspace adds access rights, and the content of access rights is for only having business administration client, application program 3 in application program in workspace and individual district has access rights ".
Mode two: the set-up time of each application program in the workspace of server detection mobile terminal; The application program being greater than the setup times of the local application interface priority assignation stored the set-up time of application program is defined as destination application; The priority assignation information that this locality stores is defined as priority assignation information corresponding to destination application.
Concrete, often install an application program in the workspace of mobile terminal, business administration client all can by the set-up time real-time report of the application program of installation to server.When server knows that the set-up time of certain application program is greater than the setup times of the local application interface priority assignation stored, determine that this application program is the application program of new installation and this application program does not carry out application interface priority assignation, thus this application program is defined as destination application, and the priority assignation information that this locality stores is defined as priority assignation information corresponding to destination application, send corresponding application interface priority assignation instruction to business administration client.
Further, method according to Fig. 1, an alternative embodiment of the invention provides the device communicated between a kind of controlling application program, and this application of installation is in business administration client-side, as shown in Figure 3, this device mainly comprises: receiving element 31 and setting unit 32.Wherein,
Receiving element 31, for the application interface priority assignation instruction that reception server sends, the instruction of application interface priority assignation comprises application identities and the priority assignation information of the destination application of application interface authority to be placed, and priority assignation information comprises the application identities of the application program with access destination application program authority;
Setting unit 32, for application identities and the priority assignation information of the destination application in the application interface priority assignation instruction that receives according to receiving element 31, for the application interface of the destination application in workspace arranges access rights, access rights are for limiting the authority of the application interface of other application program access destination application programs.
The device communicated between the controlling application program that the embodiment of the present invention provides, can after the application interface priority assignation instruction receiving server transmission, according to application identities and the priority assignation information of the destination application in this application interface priority assignation instruction, for the application interface of the destination application in workspace arranges access rights, thus make the application program of the application interface authority only having access destination application program (comprising the application in individual district and the application program of workspace) ability access destination application program, and then avoid there is no the application program access destination application program of access rights and cause illegally uploading, share and the equivalent risk that leaks, ensure that the safety of data in the application program in workspace thus.
Further, as shown in Figure 4, setting unit 32, comprising:
Search module 321, the installation kit of the destination application that the application identities for searching destination application is corresponding;
Acquisition module 322, for obtaining inventory file from the installation kit searching the destination application that module 321 finds, inventory file is used for defining application interface;
Module 323 is set, for according to priority assignation information, for the application interface of the destination application in the inventory file that acquisition module 322 obtains arranges access rights.
Further, as shown in Figure 4, acquisition module 322, comprising:
Decompress(ion) submodule 3221, for carrying out decompression processing to the installation kit of destination application;
Search submodule 3222, for searching inventory file in the installation kit after decompress(ion) submodule decompress(ion);
Setting unit 32, also comprises:
Processing module 324, for being, after the application interface of destination application in inventory file arranges access rights, carry out packing process to arranging the installation kit after access rights arranging module 323.
Further, as shown in Figure 4, this device also comprises:
Adding device 33, for at setting unit 32 according to the application identities of the destination application in the instruction of application interface priority assignation and priority assignation information, after the application interface of the destination application in workspace arranges access rights, for the application program with the application interface authority of access destination application program adds corresponding rights of using, so that the application program with the application interface authority of access destination application program is based on the application interface access destination application program of rights of using by destination application.
Further, as shown in Figure 4, this device also comprises:
Installation unit 34, for at setting unit 32 according to the application identities of the destination application in the instruction of application interface priority assignation and priority assignation information, after the application interface of the destination application in workspace arranges access rights, based on the installation kit that the destination application after priority assignation is corresponding, reinstall destination application.
Further, as shown in Figure 4, this device also comprises:
Updating block 35, for at setting unit 32 according to the application identities of the destination application in the instruction of application interface priority assignation and priority assignation information, after the application interface of the destination application in workspace arranges access rights, upgrade the setup times of the local application interface priority assignation stored, and the setup times after upgrading is reported server.
Further, priority assignation information comprises the application identities of business administration client.
Further, the method according to Fig. 2, an alternative embodiment of the invention also provides the device communicated between a kind of controlling application program, and this application of installation is in server side, and as shown in Figure 5, this device mainly comprises: determining unit 41 and transmitting element 42.Wherein,
Determining unit 41, for determining the destination application of the application interface authority to be placed in workspace and the configuration information that defines the competence, priority assignation information comprises the application identities of the application program with access destination application program authority;
Transmitting element 42, for the destination application determined based on determining unit 41 and priority assignation information, sends the instruction of application interface priority assignation to business administration client.
The device communicated between the controlling application program that the embodiment of the present invention provides, can after the destination application determining the application interface authority to be placed in workspace and priority assignation information, based target application program and priority assignation information, the instruction of application interface priority assignation is sent to business administration client, so that business administration client is according to this application interface priority assignation instruction, for the application interface of the destination application in workspace arranges access rights, thus make the application program of the application interface authority only having access destination application program (comprising the application in individual district and the application program of workspace) ability access destination application program, and then avoid there is no the application program access destination application program of access rights and cause illegally uploading, share and the equivalent risk that leaks, ensure that the safety of data in the application program in workspace thus.
Further, as shown in Figure 6, determining unit 41, comprising:
Acquisition module 411, for obtaining application interface priority assignation rule, the rule that application interface priority assignation rule issues for enterprise management platform;
First determination module 412, for according to application interface priority assignation rule, determines destination application and the priority assignation information of the application interface authority to be placed in workspace.
Further, as shown in Figure 6, determining unit 41, comprising:
Detection module 413, for detect mobile terminal workspace in set-up time of each application program;
Second determination module 414, the application program for the setup times being greater than the local application interface priority assignation stored the set-up time of application program is defined as destination application;
Second determination module 414, the priority assignation information also for being stored this locality is defined as priority assignation information corresponding to destination application.
Further, priority assignation information comprises the application identities of business administration client.
Further, according to said method embodiment, an alternative embodiment of the invention additionally provides the system communicated between a kind of controlling application program, and as shown in Figure 7, this system comprises business administration client 51 and server 52; Wherein, business administration client 51 comprises device as shown in Figure 3 or Figure 4, and server 52 comprises device as shown in Figure 5 or Figure 6.
The system communicated between the controlling application program that the embodiment of the present invention provides, after the destination application can determining the application interface authority to be placed in workspace at server and priority assignation information, based target application program and priority assignation information, send the instruction of application interface priority assignation to business administration client, when business administration client receives this application interface priority assignation instruction, can according to the application identities of the destination application in this application interface priority assignation instruction and priority assignation information, for the application interface of the destination application in workspace arranges access rights, thus make the application program of the application interface authority only having access destination application program (comprising the application in individual district and the application program of workspace) ability access destination application program, and then avoid there is no the application program access destination application program of access rights and cause illegally uploading, share and the equivalent risk that leaks, ensure that the safety of data in the application program in workspace thus.
The embodiment of the invention discloses:
A kind of method communicated between A1, controlling application program, described method is applied to business administration client-side, and described method comprises:
The application interface priority assignation instruction that reception server sends, the instruction of described application interface priority assignation comprises application identities and the priority assignation information of the destination application of application interface authority to be placed, and described priority assignation information comprises the application identities with the application program of accessing described destination application authority;
According to application identities and the described priority assignation information of the destination application in the instruction of described application interface priority assignation, for the application interface of the destination application in workspace arranges access rights, described access rights access the authority of the application interface of described destination application for limiting other application programs.
A2, method according to A1, according to application identities and the described priority assignation information of the destination application in the instruction of described application interface priority assignation, for the application interface of the destination application in workspace arranges access rights, comprising:
Search the installation kit of destination application corresponding to the application identities of described destination application;
From the installation kit of described destination application, obtain inventory file, described inventory file is used for defining application interface;
According to described priority assignation information, for the application interface of the described destination application in described inventory file arranges access rights.
A3, method according to A2, obtain inventory file, comprising from the installation kit of described destination application:
Decompression processing is carried out to the installation kit of described destination application;
Described inventory file is searched in installation kit after decompress(ion);
After the application interface for the described destination application in described inventory file arranges access rights, described method also comprises:
Packing process is carried out to arranging the installation kit after access rights.
A4, method according to A1, according to the application identities of the destination application in the instruction of described application interface priority assignation and described priority assignation information, after the application interface of the destination application in workspace arranges access rights, described method also comprises:
For the application program with the application interface authority of accessing described destination application adds corresponding rights of using, so that the application program with the application interface authority of accessing described destination application accesses described destination application based on described rights of using by the application interface of described destination application.
A5, method according to A1, according to the application identities of the destination application in the instruction of described application interface priority assignation and described priority assignation information, after the application interface of the destination application in workspace arranges access rights, described method also comprises:
Based on the installation kit that the destination application after priority assignation is corresponding, reinstall described destination application.
A6, method according to A1, according to the application identities of the destination application in the instruction of described application interface priority assignation and described priority assignation information, after the application interface of the destination application in workspace arranges access rights, described method also comprises:
Upgrade the setup times of the local application interface priority assignation stored, and the setup times after upgrading is reported described server.
A7, method according to any one of A1 to A6, described priority assignation information comprises the application identities of described business administration client.
A kind of method communicated between B8, controlling application program, described method is applied to server side, and described method comprises:
Determine the destination application of the application interface authority to be placed in workspace and the configuration information that defines the competence, described priority assignation information comprises the application identities with the application program of accessing described destination application authority;
Based on described destination application and described priority assignation information, send the instruction of application interface priority assignation to business administration client.
B9, method according to B8, determine the destination application of the application interface authority to be placed in workspace and the configuration information that defines the competence, comprising:
Obtain application interface priority assignation rule, the rule that described application interface priority assignation rule issues for enterprise management platform;
According to described application interface priority assignation rule, determine destination application and the priority assignation information of the application interface authority to be placed in workspace.
B10, method according to B8, determine the destination application of the application interface authority to be placed in workspace and the configuration information that defines the competence, comprising:
The set-up time of each application program in the workspace of detection mobile terminal;
The application program being greater than the setup times of the local application interface priority assignation stored the set-up time of application program is defined as destination application;
The priority assignation information that this locality stores is defined as priority assignation information corresponding to described destination application.
B11, method according to any one of B8 to B10, described priority assignation information comprises the application identities of described business administration client.
The device communicated between C12, a kind of controlling application program, described application of installation is in business administration client-side, and described device comprises:
Receiving element, for the application interface priority assignation instruction that reception server sends, the instruction of described application interface priority assignation comprises application identities and the priority assignation information of the destination application of application interface authority to be placed, and described priority assignation information comprises the application identities with the application program of accessing described destination application authority;
Setting unit, for application identities and the described priority assignation information of the destination application in the described application interface priority assignation instruction that receives according to described receiving element, for the application interface of the destination application in workspace arranges access rights, described access rights access the authority of the application interface of described destination application for limiting other application programs.
C13, device according to C12, described setting unit, comprising:
Search module, the installation kit of the destination application that the application identities for searching described destination application is corresponding;
Acquisition module, for from described search module searches to described destination application installation kit in obtain inventory file, described inventory file is used for defining application interface;
Module is set, for according to described priority assignation information, for the application interface of the described destination application in the described inventory file that described acquisition module obtains arranges access rights.
C14, device according to C13, described acquisition module, comprising:
Decompress(ion) submodule, for carrying out decompression processing to the installation kit of described destination application;
Search submodule, for searching described inventory file in the installation kit after described decompress(ion) submodule decompress(ion);
Described setting unit, also comprises:
Processing module, for being, after the application interface of described destination application in described inventory file arranges access rights, carry out packing process to arranging the installation kit after access rights in the described module that arranges.
C15, device according to C12, described device also comprises:
Adding device, for at described setting unit according to the application identities of the destination application in the instruction of described application interface priority assignation and described priority assignation information, after the application interface of the destination application in workspace arranges access rights, for the application program with the application interface authority of accessing described destination application adds corresponding rights of using, so that the application program with the application interface authority of accessing described destination application accesses described destination application based on described rights of using by the application interface of described destination application.
C16, device according to C12, described device also comprises:
Installation unit, for at described setting unit according to the application identities of the destination application in the instruction of described application interface priority assignation and described priority assignation information, after the application interface of the destination application in workspace arranges access rights, based on the installation kit that the destination application after priority assignation is corresponding, reinstall described destination application.
C17, device according to C12, described device also comprises:
Updating block, for at described setting unit according to the application identities of the destination application in the instruction of described application interface priority assignation and described priority assignation information, after the application interface of the destination application in workspace arranges access rights, upgrade the setup times of the local application interface priority assignation stored, and the setup times after upgrading is reported described server.
C18, device according to any one of C12 to C17, described priority assignation information comprises the application identities of described business administration client.
The device communicated between D19, a kind of controlling application program, described application of installation is in server side, and described device comprises:
Determining unit, for determining the destination application of the application interface authority to be placed in workspace and the configuration information that defines the competence, described priority assignation information comprises the application identities with the application program of accessing described destination application authority;
Transmitting element, for the described destination application determined based on described determining unit and described priority assignation information, sends the instruction of application interface priority assignation to business administration client.
D20, device according to D19, described determining unit, comprising:
Acquisition module, for obtaining application interface priority assignation rule, the rule that described application interface priority assignation rule issues for enterprise management platform;
First determination module, for according to described application interface priority assignation rule, determines destination application and the priority assignation information of the application interface authority to be placed in workspace.
D21, device according to D19, described determining unit, comprising:
Detection module, for detect mobile terminal workspace in set-up time of each application program;
Second determination module, the application program for the setup times being greater than the local application interface priority assignation stored the set-up time of application program is defined as destination application;
Described second determination module, the priority assignation information also for being stored this locality is defined as priority assignation information corresponding to described destination application.
D22, device according to any one of D19 to D21, described priority assignation information comprises the application identities of described business administration client.
The system communicated between E23, a kind of controlling application program, described system comprises business administration client and server; Wherein, described business administration client comprises the device according to any one of C12 to C18, and described server comprises the device according to any one of D19 to D22.
In the above-described embodiments, the description of each embodiment is all emphasized particularly on different fields, in certain embodiment, there is no the part described in detail, can see the associated description of other embodiments.
Be understandable that, the correlated characteristic in said method and device can reference mutually.In addition, " first ", " second " in above-described embodiment etc. are for distinguishing each embodiment, and do not represent the quality of each embodiment.
Those skilled in the art can be well understood to, and for convenience and simplicity of description, the system of foregoing description, the specific works process of device and unit, with reference to the corresponding process in preceding method embodiment, can not repeat them here.
Intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with display at this algorithm provided.Various general-purpose system also can with use based on together with this teaching.According to description above, the structure constructed required by this type systematic is apparent.In addition, the present invention is not also for any certain programmed language.It should be understood that and various programming language can be utilized to realize content of the present invention described here, and the description done language-specific is above to disclose preferred forms of the present invention.
In instructions provided herein, describe a large amount of detail.But can understand, embodiments of the invention can be put into practice when not having these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand in each inventive aspect one or more, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim.Or rather, as claims below reflect, all features of disclosed single embodiment before inventive aspect is to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and adaptively can change the module in the equipment in embodiment and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit be mutually repel except, any combination can be adopted to combine all processes of all features disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) can by providing identical, alternative features that is equivalent or similar object replaces.
In addition, those skilled in the art can understand, although embodiments more described herein to comprise in other embodiment some included feature instead of further feature, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can use with arbitrary array mode.
All parts embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions of the some or all parts in the denomination of invention (as determined the device of website internal chaining grade) that microprocessor or digital signal processor (DSP) can be used in practice to realize according to the embodiment of the present invention.The present invention can also be embodied as part or all equipment for performing method as described herein or device program (such as, computer program and computer program).Realizing program of the present invention and can store on a computer-readable medium like this, or the form of one or more signal can be had.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.
The present invention will be described instead of limit the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment when not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and does not arrange element in the claims or step.Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element.The present invention can by means of including the hardware of some different elements and realizing by means of the computing machine of suitably programming.In the unit claim listing some devices, several in these devices can be carry out imbody by same hardware branch.Word first, second and third-class use do not represent any order.Can be title by these word explanations.

Claims (10)

1. the method communicated between controlling application program, described method is applied to business administration client-side, it is characterized in that, described method comprises:
The application interface priority assignation instruction that reception server sends, the instruction of described application interface priority assignation comprises application identities and the priority assignation information of the destination application of application interface authority to be placed, and described priority assignation information comprises the application identities with the application program of accessing described destination application authority;
According to application identities and the described priority assignation information of the destination application in the instruction of described application interface priority assignation, for the application interface of the destination application in workspace arranges access rights, described access rights access the authority of the application interface of described destination application for limiting other application programs.
2. method according to claim 1, it is characterized in that, according to application identities and the described priority assignation information of the destination application in the instruction of described application interface priority assignation, for the application interface of the destination application in workspace arranges access rights, comprising:
Search the installation kit of destination application corresponding to the application identities of described destination application;
From the installation kit of described destination application, obtain inventory file, described inventory file is used for defining application interface;
According to described priority assignation information, for the application interface of the described destination application in described inventory file arranges access rights.
3. method according to claim 2, is characterized in that, obtains inventory file, comprising from the installation kit of described destination application:
Decompression processing is carried out to the installation kit of described destination application;
Described inventory file is searched in installation kit after decompress(ion);
After the application interface for the described destination application in described inventory file arranges access rights, described method also comprises:
Packing process is carried out to arranging the installation kit after access rights.
4. method according to claim 1, it is characterized in that, according to the application identities of the destination application in the instruction of described application interface priority assignation and described priority assignation information, after the application interface of the destination application in workspace arranges access rights, described method also comprises:
For the application program with the application interface authority of accessing described destination application adds corresponding rights of using, so that the application program with the application interface authority of accessing described destination application accesses described destination application based on described rights of using by the application interface of described destination application.
5. method according to claim 1, it is characterized in that, according to the application identities of the destination application in the instruction of described application interface priority assignation and described priority assignation information, after the application interface of the destination application in workspace arranges access rights, described method also comprises:
Based on the installation kit that the destination application after priority assignation is corresponding, reinstall described destination application.
6. method according to claim 1, it is characterized in that, according to the application identities of the destination application in the instruction of described application interface priority assignation and described priority assignation information, after the application interface of the destination application in workspace arranges access rights, described method also comprises:
Upgrade the setup times of the local application interface priority assignation stored, and the setup times after upgrading is reported described server.
7. the method communicated between controlling application program, described method is applied to server side, it is characterized in that, described method comprises:
Determine the destination application of the application interface authority to be placed in workspace and the configuration information that defines the competence, described priority assignation information comprises the application identities with the application program of accessing described destination application authority;
Based on described destination application and described priority assignation information, send the instruction of application interface priority assignation to business administration client.
8. the device communicated between controlling application program, described application of installation, in business administration client-side, is characterized in that, described device comprises:
Receiving element, for the application interface priority assignation instruction that reception server sends, the instruction of described application interface priority assignation comprises application identities and the priority assignation information of the destination application of application interface authority to be placed, and described priority assignation information comprises the application identities with the application program of accessing described destination application authority;
Setting unit, for application identities and the described priority assignation information of the destination application in the described application interface priority assignation instruction that receives according to described receiving element, for the application interface of the destination application in workspace arranges access rights, described access rights access the authority of the application interface of described destination application for limiting other application programs.
9. the device communicated between controlling application program, described application of installation, in server side, is characterized in that, described device comprises:
Determining unit, for determining the destination application of the application interface authority to be placed in workspace and the configuration information that defines the competence, described priority assignation information comprises the application identities with the application program of accessing described destination application authority;
Transmitting element, for the described destination application determined based on described determining unit and described priority assignation information, sends the instruction of application interface priority assignation to business administration client.
10. the system communicated between controlling application program, is characterized in that, described system comprises business administration client and server; Wherein, described business administration client comprises device as claimed in claim 8, and described server comprises device as claimed in claim 9.
CN201510989527.6A 2015-12-24 2015-12-24 The method, apparatus and system communicated between control application program Active CN105404827B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510989527.6A CN105404827B (en) 2015-12-24 2015-12-24 The method, apparatus and system communicated between control application program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510989527.6A CN105404827B (en) 2015-12-24 2015-12-24 The method, apparatus and system communicated between control application program

Publications (2)

Publication Number Publication Date
CN105404827A true CN105404827A (en) 2016-03-16
CN105404827B CN105404827B (en) 2018-11-06

Family

ID=55470310

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510989527.6A Active CN105404827B (en) 2015-12-24 2015-12-24 The method, apparatus and system communicated between control application program

Country Status (1)

Country Link
CN (1) CN105404827B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107958009A (en) * 2016-10-18 2018-04-24 百度在线网络技术(北京)有限公司 Company information acquisition methods, device and equipment
CN110412843A (en) * 2018-04-26 2019-11-05 广州众诺电子技术有限公司 Sequence number switching method and system
CN111339543A (en) * 2020-02-27 2020-06-26 深信服科技股份有限公司 File processing method and device, equipment and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102647429A (en) * 2012-04-28 2012-08-22 杭州格畅科技有限公司 Application communication access control method, application process manager and online application platform
CN103548321A (en) * 2011-05-24 2014-01-29 日本电气株式会社 Information processing system, access rights management method, information processing device, and control method and control program therefor
CN103647784A (en) * 2013-12-20 2014-03-19 北京奇虎科技有限公司 Public and private isolation method and device
CN103870306A (en) * 2014-02-21 2014-06-18 北京奇虎科技有限公司 Method and device for installing application program on basis of intelligent terminal equipment
CN104021321A (en) * 2014-06-17 2014-09-03 北京奇虎科技有限公司 Reinforcing protection method and device for software installation package
CN104424019A (en) * 2013-08-27 2015-03-18 宇宙互联有限公司 Application service management system and method
CN104462997A (en) * 2014-12-04 2015-03-25 北京奇虎科技有限公司 Method, device and system for protecting work data in mobile terminal

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103548321A (en) * 2011-05-24 2014-01-29 日本电气株式会社 Information processing system, access rights management method, information processing device, and control method and control program therefor
CN102647429A (en) * 2012-04-28 2012-08-22 杭州格畅科技有限公司 Application communication access control method, application process manager and online application platform
CN104424019A (en) * 2013-08-27 2015-03-18 宇宙互联有限公司 Application service management system and method
CN103647784A (en) * 2013-12-20 2014-03-19 北京奇虎科技有限公司 Public and private isolation method and device
CN103870306A (en) * 2014-02-21 2014-06-18 北京奇虎科技有限公司 Method and device for installing application program on basis of intelligent terminal equipment
CN104021321A (en) * 2014-06-17 2014-09-03 北京奇虎科技有限公司 Reinforcing protection method and device for software installation package
CN104462997A (en) * 2014-12-04 2015-03-25 北京奇虎科技有限公司 Method, device and system for protecting work data in mobile terminal

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107958009A (en) * 2016-10-18 2018-04-24 百度在线网络技术(北京)有限公司 Company information acquisition methods, device and equipment
CN110412843A (en) * 2018-04-26 2019-11-05 广州众诺电子技术有限公司 Sequence number switching method and system
CN110412843B (en) * 2018-04-26 2021-12-07 广州众诺电子技术有限公司 Serial number switching method and system
CN111339543A (en) * 2020-02-27 2020-06-26 深信服科技股份有限公司 File processing method and device, equipment and storage medium
CN111339543B (en) * 2020-02-27 2023-07-14 深信服科技股份有限公司 File processing method and device, equipment and storage medium

Also Published As

Publication number Publication date
CN105404827B (en) 2018-11-06

Similar Documents

Publication Publication Date Title
CN103281591B (en) Method and device for playing flash video through browser and mobile terminal
CN102982121B (en) A kind of file scanning method, file scanning device and file detection system
CN104915285A (en) Container process monitoring method, device and system
CN103942073A (en) Method and device for realizing system hot patching
CN111683047B (en) Unauthorized vulnerability detection method, device, computer equipment and medium
CN103839000A (en) Application program installation method and device based on intelligent terminal equipment
CN103870306A (en) Method and device for installing application program on basis of intelligent terminal equipment
US20150161390A1 (en) Fast and accurate identification of message-based api calls in application binaries
CN103713904A (en) Method, related device and system for installing applications in working area of mobile terminal
CN105915546A (en) Traffic monitoring method and device of android application
CN105404827A (en) Communication method, device and system between application programs under control
CN105793826A (en) A cloud suffix proxy and methods thereof
CN107577590A (en) Method and device based on database service real-time calling virtual interface
CN103823873A (en) Reading/writing method, device and system of browser setting item
CN105528251A (en) Application notification information processing method and device and mobile terminal
CN103645943A (en) Method, device and system for configuring work task in working area of mobile terminal
CN113568680A (en) Dynamic link library protection method, device, equipment and medium for application program
CN104348838A (en) Document management system and method
CN105607944B (en) A kind of method and device of sharing application environment
CN104468769A (en) Method, device and system for acquiring network data content and client side
CN103647844A (en) Method and device for upgrading applications in inner network
CN1825277B (en) Code morphing
CN105159545A (en) Method and device for processing popup box on intelligent terminal for test
CN108664811A (en) A kind of right management method and device
WO2014159883A1 (en) Modification of compiled applications and application management using retrievable policies

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20220718

Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015

Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee before: Qizhi software (Beijing) Co.,Ltd.

TR01 Transfer of patent right