CN105630811A - Update method and update system of access control rule - Google Patents
Update method and update system of access control rule Download PDFInfo
- Publication number
- CN105630811A CN105630811A CN201410604511.4A CN201410604511A CN105630811A CN 105630811 A CN105630811 A CN 105630811A CN 201410604511 A CN201410604511 A CN 201410604511A CN 105630811 A CN105630811 A CN 105630811A
- Authority
- CN
- China
- Prior art keywords
- access control
- control rule
- memory space
- updated
- rule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides an update method and an update system of an access control rule. The update system comprises a recording unit and a processing unit, wherein the recording unit is used for recording an index tag of an updated access control rule in an appointed storage space when a business service platform updates the access control rule which is stored in the appointed storage space in the terminal; and the processing unit is used for reading the updated access control rule in the appointed storage space according to the index tag, which is recorded by the recording unit, of the updated access control rule when a rule cache library which carries out access control on the appointed storage space needs to be updated. The technical scheme does not need to read all access control rules to update the rule cache library when the rule cache library needs to be updated, the consumption of system resources is effectively reduced, and the use efficiency of the system resources is improved.
Description
Technical field
The present invention relates to field of terminal technology, in particular to the renewal system of the update method of a kind of access control rule and a kind of access control rule.
Background technology
At the terminal NFC (NearFieldCommunication that correlation technique proposes, the short distance wireless communication technology) in scheme, when the application program in terminal needs to access SE (SecurityElement, be a kind of sensitive data being mainly used in storage NFC application program and user and realize the chip module of safe key computing) in resource time, first access control rule can be updated from SE, when starting to update, first the rule cache storehouse in terminal can be emptied, read from SE one by one more afterwards and be buffered in rule cache storehouse.
Owing to business platform server often pushes new access control rule in terminal SE; terminal buffers rule base can be updated frequently; according to above-mentioned update scheme; then all need the strictly all rules update all in rule cache storehouse every time; but the rule that generally real needs update is only several of minority; unchanged rule is updated strengthening the consumption of system resource, reduces the service efficiency of system resource.
Therefore, how when access control rule is updated, can reducing the consumption of system resource, the service efficiency of raising system resource becomes technical problem urgently to be resolved hurrily.
Summary of the invention
The present invention be based on above-mentioned technical problem at least one, propose the update scheme of a kind of new access control rule, make when needs update rule cache storehouse, without reading all of access control rule, rule cache storehouse is updated, effectively reduce the consumption of system resource, improve the service efficiency of system resource.
In view of this, the present invention proposes the update method of a kind of access control rule, including: when the access control rule being stored in terminal in designated memory space is updated by business service platform, record the index mark of the access control rule being updated in described designated memory space; When needing the rule cache storehouse updating control that described designated memory space is conducted interviews, index mark according to the access control rule being updated described in recording, the access control rule being updated described in reading in described designated memory space, to be updated access control rule corresponding in described rule cache storehouse.
In this technical scheme, by when the access control rule in designated memory space (such as SE) is updated by business service platform, the index mark of the access control rule that record is updated, with when rule cache storehouse is updated by needs, only read the access control rule being updated rule cache storehouse is updated, make without all access control rule reading in above-mentioned designated memory space, rule cache storehouse to be updated, effectively reduce the consumption of system resource, improve the service efficiency of system resource.
In technique scheme, it is preferable that when application program in receiving described terminal accesses the instruction of the data in described designated memory space or when described terminal is started shooting every time, it is determined that need to update described rule cache storehouse.
In this technical scheme, when the application program in terminal needs to access the data in above-mentioned designated memory space, in order to application programs authenticates exactly, access control rule in rule cache storehouse can be updated, to be authenticated by up-to-date access control rule application programs; It is of course also possible to all rule cache storehouse is updated when terminal is started shooting every time.
In technique scheme, preferably, also included before the access control rule in described designated memory space is updated by described business service platform: described business service platform is authenticated, and when authentication is passed through, it is allowed to the access control rule in described designated memory space is updated by described business service platform.
In this technical scheme, by the authenticating identity to business service platform, it is ensured that the safety of the access control rule in above-mentioned designated memory space, it is to avoid access control rule suffers distorting of unauthorized applications.
In technique scheme, it is preferable that after described rule cache storehouse is updated, also include: application program request being accessed described designated memory space by the access control rule after updating in described rule cache storehouse authenticates; When described application program authentication is passed through, it is allowed to described application program accesses described designated memory space, and when described application program failed authentication, refuse described application program and access described designated memory space.
In this technical scheme, authenticated by the access control rule application programs after updating in rule cache storehouse, enabling authenticated by up-to-date access control rule application programs, and then be able to ensure that the accuracy of authenticating result.
In technique scheme, it is preferable that described designated memory space includes: for storing NFC application program and the memory space of privacy of user data in described terminal. Specifically, above-mentioned designated memory space can be the SE module in terminal.
According to the second aspect of the invention, also proposed the renewal system of a kind of access control rule, including: record unit, for when the access control rule being stored in terminal in designated memory space is updated by business service platform, recording the index mark of the access control rule being updated in described designated memory space; Processing unit, for when needing the rule cache storehouse updating control that described designated memory space is conducted interviews, the index mark of the access control rule being updated according to described recording unit records, the access control rule being updated described in reading in described designated memory space, to be updated access control rule corresponding in described rule cache storehouse.
In this technical scheme, by when the access control rule in designated memory space (such as SE) is updated by business service platform, the index mark of the access control rule that record is updated, with when rule cache storehouse is updated by needs, only read the access control rule being updated rule cache storehouse is updated, make without all access control rule reading in above-mentioned designated memory space, rule cache storehouse to be updated, effectively reduce the consumption of system resource, improve the service efficiency of system resource.
In technique scheme, preferably, described processing unit comprises determining that unit, when accessing the instruction of data in described designated memory space for the application program in receiving described terminal or when described terminal is started shooting every time, it is determined that need to update described rule cache storehouse.
In this technical scheme, when the application program in terminal needs to access the data in above-mentioned designated memory space, in order to application programs authenticates exactly, access control rule in rule cache storehouse can be updated, to be authenticated by up-to-date access control rule application programs; It is of course also possible to all rule cache storehouse is updated when terminal is started shooting every time.
In technique scheme, it is preferable that also include: the first authenticating unit, for, before the access control rule in described designated memory space is updated by described business service platform, described business service platform being authenticated; First rights management unit, for when the authentication of described business service platform is passed through by described first authenticating unit, it is allowed to the access control rule in described designated memory space is updated by described business service platform.
In this technical scheme, by the authenticating identity to business service platform, it is ensured that the safety of the access control rule in above-mentioned designated memory space, it is to avoid access control rule suffers distorting of unauthorized applications.
In technique scheme, preferably, also including: the second authenticating unit, for after described rule cache storehouse is updated, application program request being accessed described designated memory space by the access control rule after updating in described rule cache storehouse authenticates; Second rights management unit, for when described application program authentication is passed through by described second authenticating unit, described application program is allowed to access described designated memory space, and for when described second authenticating unit is to described application program failed authentication, refusing described application program and access described designated memory space.
In this technical scheme, authenticated by the access control rule application programs after updating in rule cache storehouse, enabling authenticated by up-to-date access control rule application programs, and then be able to ensure that the accuracy of authenticating result.
In technique scheme, it is preferable that described designated memory space includes: for storing NFC application program and the memory space of privacy of user data in described terminal. Specifically, above-mentioned designated memory space can be the SE module in terminal.
According to the third aspect of the invention we, it is also proposed that a kind of terminal, including the renewal system of the access control rule as described in above-mentioned any one technical scheme.
By above technical scheme so that when needs update rule cache storehouse, it is not necessary to read all of access control rule and rule cache storehouse is updated, effectively reduce the consumption of system resource, improve the service efficiency of system resource.
Accompanying drawing explanation
Fig. 1 illustrates the schematic flow diagram of the update method of access control rule according to an embodiment of the invention;
Fig. 2 illustrates the schematic block diagram of the renewal system of access control rule according to an embodiment of the invention;
Fig. 3 illustrates the schematic block diagram of terminal according to an embodiment of the invention;
Fig. 4 illustrates the block schematic illustration of NFC terminal according to an embodiment of the invention;
Fig. 5 illustrates the schematic flow diagram of the method for the access control rule updated according to an embodiment of the invention in SE module;
Fig. 6 illustrates the schematic flow diagram of the method updating access control rule buffer memory storehouse according to an embodiment of the invention.
Detailed description of the invention
In order to be more clearly understood that the above-mentioned purpose of the present invention, feature and advantage, below in conjunction with the drawings and specific embodiments, the present invention is further described in detail. It should be noted that when not conflicting, embodiments herein and the feature in embodiment can be mutually combined.
Elaborate a lot of detail in the following description so that fully understanding the present invention; but; the present invention can also adopt other to be different from other modes described here to implement, and therefore, protection scope of the present invention is by the restriction of following public specific embodiment.
Fig. 1 illustrates the schematic flow diagram of the update method of access control rule according to an embodiment of the invention.
As shown in Figure 1, the update method of access control rule according to an embodiment of the invention, including: step 102, when the access control rule being stored in terminal in designated memory space is updated by business service platform, record the index mark of the access control rule being updated in described designated memory space; Step 104, when needing the rule cache storehouse updating control that described designated memory space is conducted interviews, index mark according to the access control rule being updated described in recording, the access control rule being updated described in reading in described designated memory space, to be updated access control rule corresponding in described rule cache storehouse.
In this technical scheme, by when the access control rule in designated memory space (such as SE) is updated by business service platform, the index mark of the access control rule that record is updated, with when rule cache storehouse is updated by needs, only read the access control rule being updated rule cache storehouse is updated, make without all access control rule reading in above-mentioned designated memory space, rule cache storehouse to be updated, effectively reduce the consumption of system resource, improve the service efficiency of system resource.
In technique scheme, it is preferable that when application program in receiving described terminal accesses the instruction of the data in described designated memory space or when described terminal is started shooting every time, it is determined that need to update described rule cache storehouse.
In this technical scheme, when the application program in terminal needs to access the data in above-mentioned designated memory space, in order to application programs authenticates exactly, access control rule in rule cache storehouse can be updated, to be authenticated by up-to-date access control rule application programs; It is of course also possible to all rule cache storehouse is updated when terminal is started shooting every time.
In technique scheme, it is preferable that also included before described step 102: step 101, described business service platform is authenticated, and authentication by time, perform step 102.
In this technical scheme, by the authenticating identity to business service platform, it is ensured that the safety of the access control rule in above-mentioned designated memory space, it is to avoid access control rule suffers distorting of unauthorized applications.
In technique scheme, it is preferable that after described step 104, also include: step 106, application program request being accessed described designated memory space by the access control rule after updating in described rule cache storehouse authenticates; Described application program authentication by time, perform step 108, it is allowed to described application program access described designated memory space; And when described application program failed authentication, perform step 110, refuse described application program and access described designated memory space.
In this technical scheme, authenticated by the access control rule application programs after updating in rule cache storehouse, enabling authenticated by up-to-date access control rule application programs, and then be able to ensure that the accuracy of authenticating result.
In technique scheme, it is preferable that described designated memory space includes: for storing NFC application program and the memory space of privacy of user data in described terminal. Specifically, above-mentioned designated memory space can be the SE module in terminal.
Fig. 2 illustrates the schematic block diagram of the renewal system of access control rule according to an embodiment of the invention.
As shown in Figure 2, the renewal system 200 of access control rule according to an embodiment of the invention, including: record unit 202, for when the access control rule being stored in terminal in designated memory space is updated by business service platform, recording the index mark of the access control rule being updated in described designated memory space; Processing unit 204, for when needing the rule cache storehouse updating control that described designated memory space is conducted interviews, the index mark of the access control rule being updated according to described record unit 202 record, the access control rule being updated described in reading in described designated memory space, to be updated access control rule corresponding in described rule cache storehouse.
In this technical scheme, by when the access control rule in designated memory space (the SE module in terminal) is updated by business service platform, the index mark of the access control rule that record is updated, with when rule cache storehouse is updated by needs, only read the access control rule being updated rule cache storehouse is updated, make without all access control rule reading in above-mentioned designated memory space, rule cache storehouse to be updated, effectively reduce the consumption of system resource, improve the service efficiency of system resource.
In technique scheme, preferably, described processing unit 204 comprises determining that unit 2042, when accessing the instruction of data in described designated memory space for the application program in receiving described terminal or when described terminal is started shooting every time, it is determined that need to update described rule cache storehouse.
In this technical scheme, when the application program in terminal needs to access the data in above-mentioned designated memory space, in order to application programs authenticates exactly, access control rule in rule cache storehouse can be updated, to be authenticated by up-to-date access control rule application programs; It is of course also possible to all rule cache storehouse is updated when terminal is started shooting every time.
In technique scheme, it is preferable that also include: the first authenticating unit 206, for, before the access control rule in described designated memory space is updated by described business service platform, described business service platform being authenticated; First rights management unit 208, for when the authentication of described business service platform is passed through by described first authenticating unit 206, it is allowed to the access control rule in described designated memory space is updated by described business service platform.
In this technical scheme, by the authenticating identity to business service platform, it is ensured that the safety of the access control rule in above-mentioned designated memory space, it is to avoid access control rule suffers distorting of unauthorized applications.
In technique scheme, preferably, also including: the second authenticating unit 210, for after described rule cache storehouse is updated, application program request being accessed described designated memory space by the access control rule after updating in described rule cache storehouse authenticates; Second rights management unit 212, for when described application program authentication is passed through by described second authenticating unit 210, described application program is allowed to access described designated memory space, and for when described second authenticating unit 210 is to described application program failed authentication, refusing described application program and access described designated memory space.
In this technical scheme, authenticated by the access control rule application programs after updating in rule cache storehouse, enabling authenticated by up-to-date access control rule application programs, and then be able to ensure that the accuracy of authenticating result.
In technique scheme, it is preferable that described designated memory space includes: for storing NFC application program and the memory space of privacy of user data in described terminal. Specifically, above-mentioned designated memory space can be the SE module in terminal.
Fig. 3 illustrates the schematic block diagram of terminal according to an embodiment of the invention.
As shown in Figure 3, terminal 300 according to an embodiment of the invention, including: record unit 302, for when the access control rule being stored in terminal in designated memory space is updated by business service platform, recording the index mark of the access control rule being updated in described designated memory space; Processing unit 304, for when needing the rule cache storehouse updating control that described designated memory space is conducted interviews, the index mark of the access control rule being updated according to described record unit 302 record, the access control rule being updated described in reading in described designated memory space, to be updated access control rule corresponding in described rule cache storehouse.
In this technical scheme, by when the access control rule in designated memory space (such as SE) is updated by business service platform, the index mark of the access control rule that record is updated, with when rule cache storehouse is updated by needs, only read the access control rule being updated rule cache storehouse is updated, make without all access control rule reading in above-mentioned designated memory space, rule cache storehouse to be updated, effectively reduce the consumption of system resource, improve the service efficiency of system resource.
In technique scheme, preferably, described processing unit 304 comprises determining that unit 3042, when accessing the instruction of data in described designated memory space for the application program in receiving described terminal or when described terminal is started shooting every time, it is determined that need to update described rule cache storehouse.
In this technical scheme, when the application program in terminal needs to access the data in above-mentioned designated memory space, in order to application programs authenticates exactly, access control rule in rule cache storehouse can be updated, to be authenticated by up-to-date access control rule application programs; It is of course also possible to all rule cache storehouse is updated when terminal is started shooting every time.
In technique scheme, it is preferable that also include: the first authenticating unit 306, for, before the access control rule in described designated memory space is updated by described business service platform, described business service platform being authenticated; First rights management unit 308, for when the authentication of described business service platform is passed through by described first authenticating unit 306, it is allowed to the access control rule in described designated memory space is updated by described business service platform.
In this technical scheme, by the authenticating identity to business service platform, it is ensured that the safety of the access control rule in above-mentioned designated memory space, it is to avoid access control rule suffers distorting of unauthorized applications.
In technique scheme, preferably, also including: the second authenticating unit 310, for after described rule cache storehouse is updated, application program request being accessed described designated memory space by the access control rule after updating in described rule cache storehouse authenticates; Second rights management unit 312, for when described application program authentication is passed through by described second authenticating unit 310, described application program is allowed to access described designated memory space, and for when described second authenticating unit 310 is to described application program failed authentication, refusing described application program and access described designated memory space.
In this technical scheme, authenticated by the access control rule application programs after updating in rule cache storehouse, enabling authenticated by up-to-date access control rule application programs, and then be able to ensure that the accuracy of authenticating result.
In technique scheme, it is preferable that described designated memory space includes: for storing NFC application program and the memory space of privacy of user data in described terminal. Specifically, above-mentioned designated memory space can be the SE module in terminal.
Technical scheme is described in detail for NFC terminal below in conjunction with Fig. 4 to Fig. 6.
Wherein, technical scheme is applicable to various NFC schemes, such as NFC-SWP, NFC-SD and full terminal scheme. On the integration mode differring primarily in that SE of various NFC schemes, specifically, SE is integrated in user smart card by NFC-SWP scheme; SE is integrated in SD storage card by NFC-SD scheme; SE is integrated in terminal chip by full terminal scheme. Above-mentioned various scheme all can set up access control rule service, for stoping the unauthorized access of resource in SE, has access control rule buffer memory storehouse, specifically as shown in Figure 4 in access control rule service.
Fig. 4 illustrates the block schematic illustration of NFC terminal according to an embodiment of the invention.
As shown in Figure 4, the framework of NFC terminal, specifically includes that according to an embodiment of the invention
Application client 402, mainly application software, such as mobile phone wallet client etc.
SE accesses access 404, for providing the interface accessing SE for application client 402, realize APDU (ApplicationProtocolDataUnit, the Application Protocol Data Unit) command interaction between application client 402 and SE module 412.
Access control rule service 406, is mainly used in SE module 412 is carried out security access management, stops the resource in SE module 412 to be subject to unauthorized access and rogue attacks, it is ensured that service security. Preferably, access control rule service 406 can control rule cache in the buffer memory storehouse of end side by read access when starting up of terminal or when having a service request from SE module 412.
Interface layer 408, SE is accessed the order accessing 404 transmissions and is linked in corresponding SE module 412 by primary responsibility, and the interface layer form of expression of different NFC implementations is different. Specifically, for NFC-SWP scheme, interface layer is radio interface layer; For NFC-SD scheme, interface layer is SD card interface layer; For full terminal scheme, interface layer is NFC service.
Driving layer 410, mainly realize the data transmission between application client 402 and SE module 412, the driving layer form of expression in different NFC implementations is different. For NFC-SWP scheme, driving layer is Base-Band Processing; For NFC-SD scheme, driving layer is that SDKernel layer drives; For full terminal scheme, driving layer is that NFC chip drives.
SE module 412, is mainly used in storing the sensitive data (such as key, remaining sum etc.) of the financial security class application such as all kinds of bank card, ID card, access card and user.
Step 414 represents the business of the access control rule updated in SE module 412, this business (has been illustrated in Fig. 4 by high in the clouds business service platform and has been carried out, by application client 402, the scheme that pushes, what it should be appreciated by those skilled in the art be high in the clouds business service platform can also be server etc.) push, when in the business service platform of high in the clouds, the rule of registration will issue the business of the access control rule updated in SE module 412 to terminal when changing, high in the clouds business service platform can by new access control rule information pushing to terminal. This business mainly controls rule toward write-access in SE module 412.
Step 416 represents the business updating end side access control rule buffer memory storehouse, so that the access control rule in rule cache storehouse is serviced the foundation that 406 application programs clients 402 carry out authenticating as access control rule. This business is mainly serviced 406 initiations by access control rule, when application client 402 initiates business (such as inquiry, renewal, download, the deleting SEApplet application) accessing resource in SE, access control rule service 406 always can first from SE module 412 read access control rule cache terminal access control service buffer memory storehouse in, to ensure the correctness of end side access control rule, it is ensured that security of system.
Wherein, the step of the method for the access control rule in renewal SE module 412 specifically can referring to shown in Fig. 5.
As it is shown in figure 5, the method for the access control rule updated according to an embodiment of the invention in SE module, including:
Step 502, SE accesses to access and receives the request of access control rule in SE module that updates.
Step 504, conduct interviews control authentication to high in the clouds business service platform (such as server, application client etc.) initiating this business.
Step 506, it is judged that whether high in the clouds business service platform is authenticated and passes through, if so, then performs step 510; Otherwise, step 508 is performed.
Step 508, when business service platform authentication in high in the clouds is not passed through, refuses this high in the clouds business service platform and updates the request of the access control rule in SE module.
Step 510, to high in the clouds business service platform authentication by time, by APDU order one by one in SE module write-access control rule, record simultaneously every be updated rule entries index.
The step of the method updating end side access control rule buffer memory storehouse specifically can referring to shown in Fig. 6.
As shown in Figure 6, the method updating access control rule buffer memory storehouse according to an embodiment of the invention, including:
Step 602, SE accesses to access and receives the request of resource in SE module that accesses.
Step 604, obtains the index of the access control rule being updated of record when updating access control rule in SE.
Step 606, by APDU order, the index according to the access control rule being updated of above-mentioned record, reads the access control rule entry of correspondence from SE module, is stored in the rule entries that the buffer memory storehouse of the access control rule service of end side is corresponding.
Step 608, uses the rule cache storehouse after updating to authenticate needing to access the client application of resource in SE module.
Step 610, it is judged that whether client application is authenticated and passes through, if so, then performs step 614; Otherwise, step 612 is performed.
Step 612, when judging client application authentication is not passed through, refuses this client application and accesses the resource in SE module.
Step 614, judge to client application authentication by time, by the SE resource that APDU command access is corresponding.
The method of the renewals NFC terminal side access control rule proposed in technique scheme mainly beyond the clouds business service platform update in SE in access control rule process and record the rule entries being updated and index, when needs update end side access control rule buffer memory storehouse, being updated rule entries index information according to previously recorded, terminal only needs to read the access control rule needing to update from SE module and updates terminal buffers storehouse. The consumption of system resource can be reduced by technique scheme, improve the service efficiency of system resource.
Technical scheme is described in detail above in association with accompanying drawing, consider the scheme that terminal buffers rule base is updated proposed in correlation technique, owing to all needing the strictly all rules update all in rule cache storehouse every time, but the rule that generally real needs update is only several of minority, unchanged rule is updated strengthening the consumption of system resource, reduces the service efficiency of system resource. Therefore the present invention proposes the update scheme of a kind of new access control rule, make when needs update rule cache storehouse, without reading all of access control rule, rule cache storehouse is updated, effectively reduces the consumption of system resource, improve the service efficiency of system resource.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations. All within the spirit and principles in the present invention, any amendment of making, equivalent replacement, improvement etc., should be included within protection scope of the present invention.
Claims (10)
1. the update method of an access control rule, it is characterised in that including:
When the access control rule being stored in terminal in designated memory space is updated by business service platform, record the index mark of the access control rule being updated in described designated memory space;
When needing the rule cache storehouse updating control that described designated memory space is conducted interviews, index mark according to the access control rule being updated described in recording, the access control rule being updated described in reading in described designated memory space, to be updated access control rule corresponding in described rule cache storehouse.
2. the update method of access control rule according to claim 1, it is characterized in that, when application program in receiving described terminal accesses the instruction of the data in described designated memory space or when described terminal is started shooting every time, it is determined that need to update described rule cache storehouse.
3. the update method of access control rule according to claim 1, it is characterised in that also included before the access control rule in described designated memory space is updated by described business service platform:
Described business service platform is authenticated, and when authentication is passed through, it is allowed to the access control rule in described designated memory space is updated by described business service platform.
4. the update method of access control rule according to claim 1, it is characterised in that after described rule cache storehouse is updated, also include:
Application program request being accessed described designated memory space by the access control rule after updating in described rule cache storehouse authenticates;
When described application program authentication is passed through, it is allowed to described application program accesses described designated memory space, and when described application program failed authentication, refuse described application program and access described designated memory space.
5. the update method of access control rule according to any one of claim 1 to 4, it is characterised in that described designated memory space includes:
For storing NFC application program and the memory space of privacy of user data in described terminal.
6. the renewal system of an access control rule, it is characterised in that including:
Record unit, for when the access control rule being stored in terminal in designated memory space is updated by business service platform, recording the index mark of the access control rule being updated in described designated memory space;
Processing unit, for when needing the rule cache storehouse updating control that described designated memory space is conducted interviews, the index mark of the access control rule being updated according to described recording unit records, the access control rule being updated described in reading in described designated memory space, to be updated access control rule corresponding in described rule cache storehouse.
7. the renewal system of access control rule according to claim 6, it is characterised in that described processing unit includes:
Determine unit, when accessing the instruction of data in described designated memory space for the application program in receiving described terminal or when described terminal is started shooting every time, it is determined that need to update described rule cache storehouse.
8. the renewal system of access control rule according to claim 6, it is characterised in that also include:
First authenticating unit, for, before the access control rule in described designated memory space is updated by described business service platform, authenticating described business service platform;
First rights management unit, for when the authentication of described business service platform is passed through by described first authenticating unit, it is allowed to the access control rule in described designated memory space is updated by described business service platform.
9. the renewal system of access control rule according to claim 6, it is characterised in that also include:
Second authenticating unit, for after described rule cache storehouse is updated, application program request being accessed described designated memory space by the access control rule after updating in described rule cache storehouse authenticates;
Second rights management unit, for when described application program authentication is passed through by described second authenticating unit, described application program is allowed to access described designated memory space, and for when described second authenticating unit is to described application program failed authentication, refusing described application program and access described designated memory space.
10. the renewal system of the access control rule according to any one of claim 6 to 9, it is characterised in that described designated memory space includes:
For storing NFC application program and the memory space of privacy of user data in described terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410604511.4A CN105630811A (en) | 2014-10-30 | 2014-10-30 | Update method and update system of access control rule |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410604511.4A CN105630811A (en) | 2014-10-30 | 2014-10-30 | Update method and update system of access control rule |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105630811A true CN105630811A (en) | 2016-06-01 |
Family
ID=56045761
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410604511.4A Pending CN105630811A (en) | 2014-10-30 | 2014-10-30 | Update method and update system of access control rule |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105630811A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109358874A (en) * | 2018-09-26 | 2019-02-19 | 中国平安人寿保险股份有限公司 | Business rule update method, device, computer equipment and storage medium |
| CN113554414A (en) * | 2021-07-05 | 2021-10-26 | 金蝶软件(中国)有限公司 | Business rule updating method and device, computer equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101288084A (en) * | 2005-10-13 | 2008-10-15 | 株式会社Ntt都科摩 | Mobile terminal, access control management device, and access control management method |
| CN101876994B (en) * | 2009-12-22 | 2012-02-15 | 中国科学院软件研究所 | Establishing method for multi-layer optimized strategy evaluation engine and implementing method thereof |
| CN103257973A (en) * | 2012-02-20 | 2013-08-21 | 腾讯科技(深圳)有限公司 | Method and system for updating browser cache |
| CN103605552A (en) * | 2013-11-29 | 2014-02-26 | Tcl通力电子(惠州)有限公司 | MCU upgrading method and device |
-
2014
- 2014-10-30 CN CN201410604511.4A patent/CN105630811A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101288084A (en) * | 2005-10-13 | 2008-10-15 | 株式会社Ntt都科摩 | Mobile terminal, access control management device, and access control management method |
| CN100583118C (en) * | 2005-10-13 | 2010-01-20 | 株式会社Ntt都科摩 | Mobile terminal, access control management device, and access control management method |
| CN101876994B (en) * | 2009-12-22 | 2012-02-15 | 中国科学院软件研究所 | Establishing method for multi-layer optimized strategy evaluation engine and implementing method thereof |
| CN103257973A (en) * | 2012-02-20 | 2013-08-21 | 腾讯科技(深圳)有限公司 | Method and system for updating browser cache |
| CN103605552A (en) * | 2013-11-29 | 2014-02-26 | Tcl通力电子(惠州)有限公司 | MCU upgrading method and device |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109358874A (en) * | 2018-09-26 | 2019-02-19 | 中国平安人寿保险股份有限公司 | Business rule update method, device, computer equipment and storage medium |
| CN109358874B (en) * | 2018-09-26 | 2023-08-04 | 中国平安人寿保险股份有限公司 | Business rule updating method, business rule updating device, computer equipment and storage medium |
| CN113554414A (en) * | 2021-07-05 | 2021-10-26 | 金蝶软件(中国)有限公司 | Business rule updating method and device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20200304485A1 (en) | Controlling Access to Resources on a Network | |
| US10691793B2 (en) | Performance of distributed system functions using a trusted execution environment | |
| US9769266B2 (en) | Controlling access to resources on a network | |
| US8768303B2 (en) | Telecommunications chip card and mobile telephone device | |
| US8635672B2 (en) | Thin client-server system, thin client terminal, data management method, and computer readable recording medium | |
| US10924479B2 (en) | System and methods to establish user profile using multiple channels | |
| EP3777082B1 (en) | Trusted platform module-based prepaid access token for commercial iot online services | |
| US20210240807A1 (en) | Authentication method for mobile terminal and mobile terminal | |
| Alattar et al. | Host-based card emulation: Development, security, and ecosystem impact analysis | |
| US20100024025A1 (en) | Authentication system and authentication server device | |
| CN104462893B (en) | Many SE module management methods and many SE module managements devices | |
| KR20080112674A (en) | Apparatus, system, method and computer program recorded medium for authenticating internet service server and user by using portable storage with security function | |
| KR100600508B1 (en) | Method and system of deleting smartcard application | |
| CN104899496A (en) | Data reading method and terminal for same | |
| CN105630811A (en) | Update method and update system of access control rule | |
| JP2007011795A (en) | User authentication system and its method | |
| KR102089957B1 (en) | User authentication apparatus and user authentication computer program | |
| US20140273970A1 (en) | Secure element apparatus with memory | |
| KR100781136B1 (en) | System and method of managing application in the universal subscriber identity module card | |
| CN104349321A (en) | Safety access authentication method, access request sending method, safety access authentication device and access request sending device | |
| CN101674581B (en) | Safe private network wireless access method and wireless terminal | |
| JP5133743B2 (en) | Authentication system, authentication method, reader / writer, and program | |
| CN113516787B (en) | Automatic ticket checking method, device, computer equipment and storage medium | |
| US11901970B1 (en) | Near-field communication functionality for partial applications accessed over a network | |
| KR100902247B1 (en) | Medthod of controlling many password codes of radio frequency identification tag on mobile radio frequency identification device platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160601 |