CN105631350A - Data operation method, data operation apparatus and terminal - Google Patents
Data operation method, data operation apparatus and terminal Download PDFInfo
- Publication number
- CN105631350A CN105631350A CN201510098384.XA CN201510098384A CN105631350A CN 105631350 A CN105631350 A CN 105631350A CN 201510098384 A CN201510098384 A CN 201510098384A CN 105631350 A CN105631350 A CN 105631350A
- Authority
- CN
- China
- Prior art keywords
- data
- target data
- operated
- operational order
- bank
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6236—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database between heterogeneous systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention proposes a data operation method, a data operation apparatus and a terminal. The method comprises the steps of when an operation instruction of any one of a plurality of systems to target data in a shared database of the systems is received, judging whether a situation that any other system is operating the target data exists or not; when a judgment result is that the situation exists, forbidding any system to operate the target data according to the operation instruction; or otherwise, allowing any system to operate the target data according to the operation instruction, wherein any other system is any one system except any one system in the systems. Through the technical scheme provided by the invention, while the storage spaces of the systems are saved and the data management of the systems is simplified, the data security of the systems can be ensured to the maximum extent.
Description
Technical field
The present invention relates to field of terminal technology, in particular to a kind of data manipulation method, a kind of data operation device and a kind of terminal.
Background technology
At present, terminal being provided with multiple system, these multiple systems have a respective data base, and be independent between the respective data base of multiple system, in the data base of corresponding multiple systems, storage has the data such as the note corresponding with system and contact person.
But, it is equipped with a data base for each system and data base is encrypted, while well ensure that the safety of data, terminal but has following two drawbacks:
1. in the data base of many systems, some data is repeated, and is likely to have same contact person and contact method thereof in the such as address list of multiple systems simultaneously, and this just wastes memory space. And identical storage data are more big, the waste degree of memory space is also more big.
2. it is difficult to the data of multiple systems are managed, for instance, when in data base data being moved to from the data base of a system another one system, the movement that data are likely to be prohibited to result in data is pretty troublesome.
Therefore, how to save the memory space of multisystem, and simplify the management of the data to multisystem, it can also be ensured that the safety of the data of multisystem, become problem demanding prompt solution.
Summary of the invention
The present invention is based on the problems referred to above, it is proposed that a kind of new technical scheme, save that the data of multisystem are managed by the memory space of multisystem and simplifying at the same time it can also be ensure that the safety of the data of multisystem to the full extent.
In view of this, an aspect of of the present present invention proposes a kind of data manipulation method, for being provided with the terminal of multiple system, during including the operational order of: the target data in the shared data bank to the plurality of system of any system in receiving the plurality of system, it may be judged whether there are other any system and described target data is operated; When judged result is for being, forbid that described target data is operated by described any system according to described operational order; Otherwise, it is allowed to described target data is operated by described any system according to described operational order, wherein, other any system described are any system in the plurality of system except described any system.
In this technical scheme, when terminal receives the operational order of the target data in the shared data bank to multiple systems of any system in multiple system, now, if target data is operated by other any system, then forbid that target data is operated by any system according to operational order, if target data is not operated by other any system, any system is then allowed according to operational order, target data to be operated, thus ensure that the operation of the target data in shared data bank is mutual exclusion by multiple system of same time, namely the same time only allows a system in multiple system that target data is operated, it thus is avoided that target data is operated by multiple system simultaneously, and cannot guarantee target data is effectively operated, even result in faulty operation, additionally, also ensure that the safety of data in shared data bank to the full extent, leaked thus avoiding multiple system data in shared data bank when the data in shared data bank are operated, wherein, this target data is the peculiar data of the common data in multiple system or any system.
In technique scheme, preferably, also include: when being simultaneously received multiple described any system to the operational order of described target data, if described judged result is no, then allow the goal systems that in multiple described any system, safe class is the highest that described target data is operated, and forbid that described target data is operated by the system outside goal systems described in multiple described any system.
In this technical scheme, when terminal is simultaneously received multiple any system to the operational order of target data, and be absent from other any system and target data be operated, then allow the goal systems that in multiple any system, safe class is the highest that target data is operated, forbid that target data is operated by system lower than the safe class of goal systems in multiple any system, not only ensure that the same time only allows a system in multiple system that target data is operated, thus the safety of the data that ensure that to the full extent in shared data bank, the System Priority that safe class is higher is also made to operate the authority of the target data in shared data bank.
In technique scheme, preferably, before any system in the receiving the plurality of system operational order to the target data in the shared data bank of the plurality of system, also include: according to the storage instruction received, the common data in the plurality of system is stored in described shared data bank.
In this technical scheme, owing to multiple systems in correlation technique are independent from, and what the respective data base of multiple system was also independent from, having resulted in the data in the respective data base of multiple system is repeat, such as, address list in multiple systems has the correlative connection mode of same contact person and this contact person, thus waste memory space, and the respective data base that manages multiple system is also pretty troublesome, such as, data are between the data base of multiple systems in the process of movement, owing to the safe class of system is different, data move and are likely to be prohibited, cause data mobile pretty troublesome between the data base of multiple systems, therefore, before any system in the receiving multiple system operational order to the target data in the shared data bank of multiple systems, always according to the storage instruction received, common data in multiple systems is stored in shared data bank, then multisystem can co-operate the common data in shared data bank, avoiding the data in multisystem is repeat, not only save the memory space of multisystem, it is also convenient for the common data in shared data bank is managed, improve the convenience of management.
In technique scheme, it is preferable that described operational order includes: read operation instruction or write operation instruction; And described data manipulation method also includes: according to the setting command received, safe class in the plurality of system is allowed higher than the appointing system of preset security grade, the security attribute of described target data to be configured, to forbid that the system lower than described preset security grade of safe class in the plurality of system is to the reading of described target data and/or write permission.
In this technical scheme, the operational order of the target data in shared data bank is included but not limited to by any system: read operation instruction or write operation instruction, additionally, can also according to the setting command received, safe class in multiple system is allowed higher than the appointing system of preset security grade, the security attribute of target data to be configured, thus forbidding that the system lower than preset security grade of safe class in multiple system is to the reading of target data and/or write permission, further increasing the safety of data in shared data bank, prevent safe class from lower than the system of preset security grade, target data arbitrarily carrying out write operation or read-write operation, additionally, the security attribute of target data can also be modified as required by safe class higher than the appointing system of preset security grade, and once after the security attribute of target data is set, be equivalent to target data be with the addition of safety label, this target data is secure data, target data just arbitrarily cannot be carried out write operation or read-write operation lower than the system of preset security grade by such safe class.
In technique scheme, it is preferable that when the security attribute of described target data is not configured by described appointing system, described target data is all had read and write authority by each system in the plurality of system.
In this technical scheme, when the security attribute of target data is not configured by appointing system, this target data is not just secure data, and this target data all can be carried out read and write operation by so all of system.
Another aspect of the present invention proposes a kind of data operation device, for being provided with the terminal of multiple system, including: judging unit, when any system in receiving the plurality of system is to the operational order of the target data in the shared data bank of the plurality of system, it may be judged whether there are other any system and described target data is operated; Processing unit, when judged result is for being, forbids that described target data is operated by described any system according to described operational order; Otherwise, it is allowed to described target data is operated by described any system according to described operational order, wherein, other any system described are any system in the plurality of system except described any system.
In this technical scheme, when terminal receives the operational order of the target data in the shared data bank to multiple systems of any system in multiple system, now, if target data is operated by other any system, then forbid that target data is operated by any system according to operational order, if target data is not operated by other any system, any system is then allowed according to operational order, target data to be operated, thus ensure that the operation of the target data in shared data bank is mutual exclusion by multiple system of same time, namely the same time only allows a system in multiple system that target data is operated, it thus is avoided that target data is operated by multiple system simultaneously, and cannot guarantee target data is effectively operated, even result in faulty operation, additionally, also ensure that the safety of data in shared data bank to the full extent, leaked thus avoiding multiple system data in shared data bank when the data in shared data bank are operated, wherein, this target data is the peculiar data of the common data in multiple system or any system.
In technique scheme, preferably, also include: described processing unit is additionally operable to: when being simultaneously received multiple described any system to the operational order of described target data, if described judged result is no, then allow the goal systems that in multiple described any system, safe class is the highest that described target data is operated, and forbid that described target data is operated by the system outside goal systems described in multiple described any system.
In this technical scheme, when terminal is simultaneously received multiple any system to the operational order of target data, and be absent from other any system and target data be operated, then allow the goal systems that in multiple any system, safe class is the highest that target data is operated, forbid that target data is operated by system lower than the safe class of goal systems in multiple any system, not only ensure that the same time only allows a system in multiple system that target data is operated, thus the safety of the data that ensure that to the full extent in shared data bank, the System Priority that safe class is higher is also made to operate the authority of the target data in shared data bank.
In technique scheme, preferably, also include: memory element, before any system in the receiving the plurality of system operational order to the target data in the shared data bank of the plurality of system, according to the storage instruction received, the common data in the plurality of system is stored in described shared data bank.
In this technical scheme, owing to multiple systems in correlation technique are independent from, and what the respective data base of multiple system was also independent from, having resulted in the data in the respective data base of multiple system is repeat, such as, address list in multiple systems has the correlative connection mode of same contact person and this contact person, thus waste memory space, and the respective data base that manages multiple system is also pretty troublesome, such as, data are between the data base of multiple systems in the process of movement, owing to the safe class of system is different, data move and are likely to be prohibited, cause data mobile pretty troublesome between the data base of multiple systems, therefore, before any system in the receiving multiple system operational order to the target data in the shared data bank of multiple systems, always according to the storage instruction received, common data in multiple systems is stored in shared data bank, then multisystem can co-operate the common data in shared data bank, avoiding the data in multisystem is repeat, not only save the memory space of multisystem, it is also convenient for the common data in shared data bank is managed, improve the convenience of management.
In technique scheme, it is preferable that described operational order includes: read operation instruction or write operation instruction; And described data operation device also includes: arrange unit, according to the setting command received, safe class in the plurality of system is allowed higher than the appointing system of preset security grade, the security attribute of described target data to be configured, to forbid that the system lower than described preset security grade of safe class in the plurality of system is to the reading of described target data and/or write permission.
In this technical scheme, the operational order of the target data in shared data bank is included but not limited to by any system: read operation instruction or write operation instruction, additionally, can also according to the setting command received, safe class in multiple system is allowed higher than the appointing system of preset security grade, the security attribute of target data to be configured, thus forbidding that the system lower than preset security grade of safe class in multiple system is to the reading of target data and/or write permission, further increasing the safety of data in shared data bank, prevent safe class from lower than the system of preset security grade, target data arbitrarily carrying out write operation or read-write operation, additionally, the security attribute of target data can also be modified as required by safe class higher than the appointing system of preset security grade, and once after the security attribute of target data is set, be equivalent to target data be with the addition of safety label, this target data is secure data, target data just arbitrarily cannot be carried out write operation or read-write operation lower than the system of preset security grade by such safe class.
In technique scheme, it is preferable that when the security attribute of described target data is not configured by described appointing system, described target data is all had read and write authority by each system in the plurality of system.
In this technical scheme, when the security attribute of target data is not configured by appointing system, this target data is not just secure data, and this target data all can be carried out read and write operation by so all of system.
Another aspect of the present invention proposes a kind of terminal, including the data operation device described in any of the above-described technical scheme.
In this technical scheme, multisystem can co-operate the common data in shared data bank, it is to avoid the data in multisystem are to repeat, and not only save the memory space of multisystem, are also convenient for the common data in shared data bank is managed. Additionally, the same time only allows a system in multiple system that target data is operated, ensure that the safety of data in shared data bank so to the full extent, being leaked thus avoiding multiple system data in shared data bank when the data in shared data bank are operated.
By technical scheme, saving the memory space of multisystem and simplifying that the data to multisystem are managed at the same time it can also be the safety of the data that ensure that to the full extent in shared data bank.
Accompanying drawing explanation
Fig. 1 illustrates the schematic flow sheet of data manipulation method according to an embodiment of the invention;
Fig. 2 illustrates the schematic flow sheet of data manipulation method according to another embodiment of the invention;
Fig. 3 illustrates the structural representation of data operation device according to an embodiment of the invention;
Fig. 4 illustrates the structural representation of terminal according to an embodiment of the invention;
Fig. 5 illustrates the theory structure schematic diagram of data operation device according to an embodiment of the invention;
Fig. 6 illustrates the theory structure schematic diagram of data operation device according to another embodiment of the invention;
Fig. 7 illustrates the schematic diagram arranging contact person in the security system according to an embodiment of the invention;
Fig. 8 illustrates the schematic diagram arranging contact person in the security system according to another embodiment of the invention;
Fig. 9 illustrates the schematic diagram arranging contact person in modular system according to still another embodiment of the invention.
Detailed description of the invention
In order to the above-mentioned purpose of the present invention, feature and advantage can be more clearly understood that, below in conjunction with the drawings and specific embodiments, the present invention is further described in detail. It should be noted that when not conflicting, embodiments herein and the feature in embodiment can be mutually combined.
Elaborate a lot of detail in the following description so that fully understanding the present invention; but; the present invention can also adopt other to be different from other modes described here to implement, and therefore, protection scope of the present invention is by the restriction of following public specific embodiment.
Fig. 1 illustrates the schematic flow sheet of data manipulation method according to an embodiment of the invention.
As shown in Figure 1, data manipulation method according to an embodiment of the invention, including: step 102, when any system in receiving the plurality of system is to the operational order of the target data in the shared data bank of the plurality of system, it may be judged whether there are other any system and described target data is operated; Step 104, when judged result is for being, forbids that described target data is operated by described any system according to described operational order; Otherwise, it is allowed to described target data is operated by described any system according to described operational order, wherein, other any system described are any system in the plurality of system except described any system.
In this technical scheme, when terminal receives the operational order of the target data in the shared data bank to multiple systems of any system in multiple system, now, if target data is operated by other any system, then forbid that target data is operated by any system according to operational order, if target data is not operated by other any system, any system is then allowed according to operational order, target data to be operated, thus ensure that the operation of the target data in shared data bank is mutual exclusion by multiple system of same time, namely the same time only allows a system in multiple system that target data is operated, it thus is avoided that target data is operated by multiple system simultaneously, and cannot guarantee target data is effectively operated, even result in faulty operation, additionally, also ensure that the safety of data in shared data bank to the full extent, leaked thus avoiding multiple system data in shared data bank when the data in shared data bank are operated, wherein, this target data is the peculiar data of the common data in multiple system or any system.
In technique scheme, preferably, also include: when being simultaneously received multiple described any system to the operational order of described target data, if described judged result is no, then allow the goal systems that in multiple described any system, safe class is the highest that described target data is operated, and forbid that described target data is operated by the system outside goal systems described in multiple described any system.
In this technical scheme, when terminal is simultaneously received multiple any system to the operational order of target data, and be absent from other any system and target data be operated, then allow the goal systems that in multiple any system, safe class is the highest that target data is operated, forbid that target data is operated by system lower than the safe class of goal systems in multiple any system, not only ensure that the same time only allows a system in multiple system that target data is operated, thus the safety of the data that ensure that to the full extent in shared data bank, the System Priority that safe class is higher is also made to operate the authority of the target data in shared data bank.
In technique scheme, it is preferable that before step 102, also include: according to the storage instruction received, the common data in the plurality of system is stored in described shared data bank.
In this technical scheme, owing to multiple systems in correlation technique are independent from, and what the respective data base of multiple system was also independent from, having resulted in the data in the respective data base of multiple system is repeat, such as, address list in multiple systems has the correlative connection mode of same contact person and this contact person, thus waste memory space, and the respective data base that manages multiple system is also pretty troublesome, such as, data are between the data base of multiple systems in the process of movement, owing to the safe class of system is different, data move and are likely to be prohibited, cause data mobile pretty troublesome between the data base of multiple systems, therefore, before any system in the receiving multiple system operational order to the target data in the shared data bank of multiple systems, always according to the storage instruction received, common data in multiple systems is stored in shared data bank, then multisystem can co-operate the common data in shared data bank, avoiding the data in multisystem is repeat, not only save the memory space of multisystem, it is also convenient for the common data in shared data bank is managed, improve the convenience of management.
In technique scheme, it is preferable that described operational order includes: read operation instruction or write operation instruction; And described data manipulation method also includes: according to the setting command received, safe class in the plurality of system is allowed higher than the appointing system of preset security grade, the security attribute of described target data to be configured, to forbid that the system lower than described preset security grade of safe class in the plurality of system is to the reading of described target data and/or write permission.
In this technical scheme, the operational order of the target data in shared data bank is included but not limited to by any system: read operation instruction or write operation instruction, additionally, can also according to the setting command received, safe class in multiple system is allowed higher than the appointing system of preset security grade, the security attribute of target data to be configured, thus forbidding that the system lower than preset security grade of safe class in multiple system is to the reading of target data and/or write permission, further increasing the safety of data in shared data bank, prevent safe class from lower than the system of preset security grade, target data arbitrarily carrying out write operation or read-write operation, additionally, the security attribute of target data can also be modified as required by safe class higher than the appointing system of preset security grade, and once after the security attribute of target data is set, be equivalent to target data be with the addition of safety label, this target data is secure data, target data just arbitrarily cannot be carried out write operation or read-write operation lower than the system of preset security grade by such safe class.
In technique scheme, it is preferable that when the security attribute of described target data is not configured by described appointing system, described target data is all had read and write authority by each system in the plurality of system.
In this technical scheme, when the security attribute of target data is not configured by appointing system, this target data is not just secure data, and this target data all can be carried out read and write operation by so all of system.
Fig. 2 illustrates the schematic flow sheet of data manipulation method according to another embodiment of the invention.
As in figure 2 it is shown, data manipulation method according to another embodiment of the invention (in this embodiment, terminal is mobile phone, and mobile phone is provided with dual system, modular system that namely safe class is relatively low and the higher security system of safe class), including:
Step 202, criterion system (or security system) is to whether target data (can be understood as shared data) carries out write operation (corresponding to write operation instruction), when judged result is for being, namely the write operation instruction of goal systems is received, enter step 204, when judged result is no, namely receive the read operation instruction to target data, target data can be carried out read operation by dual system simultaneously, enters step 206.
Step 204, judge whether security system (or modular system) carries out write operation to target data, namely the lock of target data write operation whether is got, when judged result is no, enter step 208, when judged result is for being, terminates the flow process of data manipulation method or continue waiting for until security system (or modular system) terminates the write operation to target data.
Step 206, according to the read operation instruction to target data received, reads target data in shared data bank.
Step 208, according to the write operation instruction to target data received, writes target data in shared data bank.
Step 210, it is judged that to whether the write operation of target data terminates, when judged result is for being, enters step 212, when judged result is no, continues to write target data in shared data bank, enters step 208.
Step 212, the lock of release write operation, so that the security system (or modular system) in dual system can carry out write operation in shared data bank.
Fig. 3 illustrates the structural representation of data operation device according to an embodiment of the invention.
As shown in Figure 3, data operation device 300 according to an embodiment of the invention, for being provided with the terminal of multiple system, including: judging unit 302 and processing unit 304, described judging unit 302 is used for: when any system in receiving the plurality of system is to the operational order of the target data in the shared data bank of the plurality of system, it may be judged whether there are other any system and described target data is operated; Processing unit 304 is used for: when judged result is for being, forbids that described target data is operated by described any system according to described operational order; Otherwise, it is allowed to described target data is operated by described any system according to described operational order, wherein, other any system described are any system in the plurality of system except described any system.
In this technical scheme, when terminal receives the operational order of the target data in the shared data bank to multiple systems of any system in multiple system, now, if target data is operated by other any system, then forbid that target data is operated by any system according to operational order, if target data is not operated by other any system, any system is then allowed according to operational order, target data to be operated, thus ensure that the operation of the target data in shared data bank is mutual exclusion by multiple system of same time, namely the same time only allows a system in multiple system that target data is operated, it thus is avoided that target data is operated by multiple system simultaneously, and cannot guarantee target data is effectively operated, even result in faulty operation, additionally, also ensure that the safety of data in shared data bank to the full extent, leaked thus avoiding multiple system data in shared data bank when the data in shared data bank are operated, wherein, this target data is the peculiar data of the common data in multiple system or any system.
In technique scheme, preferably, also include: described processing unit 304 is additionally operable to: when being simultaneously received multiple described any system to the operational order of described target data, if described judged result is no, then allow the goal systems that in multiple described any system, safe class is the highest that described target data is operated, and forbid that described target data is operated by the system outside goal systems described in multiple described any system.
In this technical scheme, when terminal is simultaneously received multiple any system to the operational order of target data, and be absent from other any system and target data be operated, then allow the goal systems that in multiple any system, safe class is the highest that target data is operated, forbid that target data is operated by system lower than the safe class of goal systems in multiple any system, not only ensure that the same time only allows a system in multiple system that target data is operated, thus the safety of the data that ensure that to the full extent in shared data bank, the System Priority that safe class is higher is also made to operate the authority of the target data in shared data bank.
In technique scheme, preferably, also include: memory element 306, before any system in the receiving the plurality of system operational order to the target data in the shared data bank of the plurality of system, according to the storage instruction received, the common data in the plurality of system is stored in described shared data bank.
In this technical scheme, owing to multiple systems in correlation technique are independent from, and what the respective data base of multiple system was also independent from, having resulted in the data in the respective data base of multiple system is repeat, such as, address list in multiple systems has the correlative connection mode of same contact person and this contact person, thus waste memory space, and the respective data base that manages multiple system is also pretty troublesome, such as, data are between the data base of multiple systems in the process of movement, owing to the safe class of system is different, data move and are likely to be prohibited, cause data mobile pretty troublesome between the data base of multiple systems, therefore, before any system in the receiving multiple system operational order to the target data in the shared data bank of multiple systems, always according to the storage instruction received, common data in multiple systems is stored in shared data bank, then multisystem can co-operate the common data in shared data bank, avoiding the data in multisystem is repeat, not only save the memory space of multisystem, it is also convenient for the common data in shared data bank is managed, improve the convenience of management.
In technique scheme, it is preferable that described operational order includes: read operation instruction or write operation instruction; And described data operation device 300 also includes: arrange unit 308, according to the setting command received, safe class in the plurality of system is allowed higher than the appointing system of preset security grade, the security attribute of described target data to be configured, to forbid that the system lower than described preset security grade of safe class in the plurality of system is to the reading of described target data and/or write permission.
In this technical scheme, the operational order of the target data in shared data bank is included but not limited to by any system: read operation instruction or write operation instruction, additionally, can also according to the setting command received, safe class in multiple system is allowed higher than the appointing system of preset security grade, the security attribute of target data to be configured, thus forbidding that the system lower than preset security grade of safe class in multiple system is to the reading of target data and/or write permission, further increasing the safety of data in shared data bank, prevent safe class from lower than the system of preset security grade, target data arbitrarily carrying out write operation or read-write operation, additionally, the security attribute of target data can also be modified as required by safe class higher than the appointing system of preset security grade, and once after the security attribute of target data is set, be equivalent to target data be with the addition of safety label, this target data is secure data, target data just arbitrarily cannot be carried out write operation or read-write operation lower than the system of preset security grade by such safe class.
In technique scheme, it is preferable that when the security attribute of described target data is not configured by described appointing system, described target data is all had read and write authority by each system in the plurality of system.
In this technical scheme, when the security attribute of target data is not configured by appointing system, this target data is not just secure data, and this target data all can be carried out read and write operation by so all of system.
Fig. 4 illustrates the structural representation of terminal according to an embodiment of the invention.
As shown in Figure 4, terminal 400 according to an embodiment of the invention, including the data operation device 300 described in any of the above-described technical scheme.
In this technical scheme, multisystem can co-operate the common data in shared data bank, it is to avoid the data in multisystem are to repeat, and not only save the memory space of multisystem, are also convenient for the common data in shared data bank is managed. Additionally, the same time only allows a system in multiple system that target data is operated, ensure that the safety of data in shared data bank so to the full extent, leaked thus avoiding multiple system data in shared data bank when the data in shared data bank are operated, and then improve the safety of terminal 400.
Fig. 5 illustrates the theory structure schematic diagram of data operation device according to an embodiment of the invention.
As shown in Figure 5, data operation device 300 according to an embodiment of the invention is (in this embodiment, terminal is mobile phone, mobile phone is provided with dual system, namely safe class is relatively low modular system and the higher security system of safe class), including: security system, modular system and shared data bank. Wherein, security system has self contained data base, modular system also has self contained data base, security system and modular system share shared data bank, in shared data bank, storage has the common data of security system and modular system, and the common data in shared data bank can be carried out read operation and/or write operation by security system and modular system. It is of course also possible to according to user's real-time requirement to mobile phone, all data bases can be shared by security system and modular system, it is also possible to the data base of a shared portion.
Fig. 6 illustrates the theory structure schematic diagram of data operation device according to another embodiment of the invention.
As shown in Figure 6, data operation device 300 according to another embodiment of the invention is (in this embodiment, terminal is mobile phone, mobile phone is provided with dual system, namely safe class is relatively low modular system and the higher security system of safe class), including: modular system, security system and shared data bank, the following detailed description of data operation device 300:
The data of shared data bank part can be revised by dual system, but owing to these part data fall within security system, reduce the safety of data in a sense, such as address list is put into the words inside shared data bank by us, modular system can also access and revise address list, but security system requires that its contact person can not be revised by modular system sometimes, for ensureing the safety of data.
In order to ensure the data safety of the security system in shared data bank; can by the security attribute of shared data be configured; particularly as follows: shared data are carried out labelling; such as it is labeled as " �� " in shared data; and it is marked as the data of security system; modular system haves no right to access or only have part authority to access as only having read right, thus protecting the safety of data to the full extent.
In technique scheme, it is labeled data that the data in shared data bank are divided into two class one classes, and a class is the data not being labeled. For not labeled data, it is had access limit by two systems. Labeled data are belonged to the data of security system, it is had read and write authority by security system, and it is only had read right by modular system, certainly, according to the real-time requirement to mobile phone, security system can also be made with modular system, the authority of the data in shared data bank is different.
Fig. 7 illustrates the schematic diagram arranging contact attribute in the security system according to an embodiment of the invention.
As it is shown in fig. 7, the schematic diagram arranging contact person in the security system according to an embodiment of the invention, Fig. 8 illustrates the schematic diagram arranging contact person in the security system according to another embodiment of the invention; Fig. 9 illustrates the schematic diagram arranging contact person in the security system according to still another embodiment of the invention.
Technical scheme (in this embodiment, terminal is mobile phone, and mobile phone is provided with dual system, modular system that namely safe class is relatively low and the higher security system of safe class) is described in detail below in conjunction with Fig. 7 to Fig. 9:
The public contact person of dual system is put in shared data bank, but only security system has the authority (as shown in Figure 7) revising this contact person, namely security system is only had can the security attribute of contact person to be configured, become secure relationship people, and after becoming secure relationship people, the information of this secure relationship people just has a labelling " �� ".
After secure relationship people is carried out labelling by security system, the specifying information of this contact person only can show in the security system (as shown in Figure 8), and modular system only has the simple information (such as name) of contact person, do not show the specifying information (as shown in Figure 9) of contact person and the authority that the security attribute of this associated person information can be modified by security system; Certainly, after secure relationship people is carried out labelling, namely after its security attribute being configured, the authority of modular system can also be read-only authority, purely and simply labeled secure relationship people's information is checked, simply there is no write permission, and secure relationship people's information is had read and write authority by security system.
Describe technical scheme in detail above in association with accompanying drawing, saving the memory space of multisystem and simplifying that the data to multisystem are managed at the same time it can also be the safety of the data that ensure that to the full extent in shared data bank.
In the present invention, term " first ", " second " only for descriptive purposes, and it is not intended that instruction or hint relative importance; Term " multiple " represents two or more. For the ordinary skill in the art, it is possible to understand above-mentioned term concrete meaning in the present invention as the case may be.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations. All within the spirit and principles in the present invention, any amendment of making, equivalent replacement, improvement etc., should be included within protection scope of the present invention.
Claims (11)
1. a data manipulation method, for being provided with the terminal of multiple system, it is characterised in that including:
When any system in receiving the plurality of system is to the operational order of the target data in the shared data bank of the plurality of system, it may be judged whether there are other any system and described target data is operated;
When judged result is for being, forbid that described target data is operated by described any system according to described operational order; Otherwise, it is allowed to described target data is operated by described any system according to described operational order, wherein, other any system described are any system in the plurality of system except described any system.
2. data manipulation method according to claim 1, it is characterised in that also include:
When being simultaneously received multiple described any system to the operational order of described target data, if described judged result is no, then allow the goal systems that in multiple described any system, safe class is the highest that described target data is operated, and forbid that described target data is operated by the system outside goal systems described in multiple described any system.
3. data manipulation method according to claim 1, it is characterised in that
Before any system in the receiving the plurality of system operational order to the target data in the shared data bank of the plurality of system, also include:
According to the storage instruction received, the common data in the plurality of system is stored in described shared data bank.
4. data manipulation method according to any one of claim 1 to 3, it is characterised in that
Described operational order includes: read operation instruction or write operation instruction; And
Described data manipulation method also includes:
According to the setting command received, safe class in the plurality of system is allowed higher than the appointing system of preset security grade, the security attribute of described target data to be configured, to forbid that the system lower than described preset security grade of safe class in the plurality of system is to the reading of described target data and/or write permission.
5. data manipulation method according to claim 4, it is characterised in that
When the security attribute of described target data is not configured by described appointing system, described target data is all had read and write authority by each system in the plurality of system.
6. a data operation device, for being provided with the terminal of multiple system, it is characterised in that including:
Judging unit, when any system in receiving the plurality of system is to the operational order of the target data in the shared data bank of the plurality of system, it may be judged whether there are other any system and described target data is operated;
Processing unit, when judged result is for being, forbids that described target data is operated by described any system according to described operational order; Otherwise, it is allowed to described target data is operated by described any system according to described operational order, wherein, other any system described are any system in the plurality of system except described any system.
7. data operation device according to claim 6, it is characterised in that also include:
Described processing unit is additionally operable to:
When being simultaneously received multiple described any system to the operational order of described target data, if described judged result is no, then allow the goal systems that in multiple described any system, safe class is the highest that described target data is operated, and forbid that described target data is operated by the system outside goal systems described in multiple described any system.
8. data operation device according to claim 6, it is characterised in that also include:
Memory element, before any system in the receiving the plurality of system operational order to the target data in the shared data bank of the plurality of system, according to the storage instruction received, the common data in the plurality of system is stored in described shared data bank.
9. the data operation device according to any one of claim 6 to 8, it is characterised in that
Described operational order includes: read operation instruction or write operation instruction; And
Described data operation device also includes:
Unit is set, according to the setting command received, safe class in the plurality of system is allowed higher than the appointing system of preset security grade, the security attribute of described target data to be configured, to forbid that the system lower than described preset security grade of safe class in the plurality of system is to the reading of described target data and/or write permission.
10. data operation device according to claim 9, it is characterised in that
When the security attribute of described target data is not configured by described appointing system, described target data is all had read and write authority by each system in the plurality of system.
11. a terminal, it is characterised in that including: the data operation device as according to any one of claim 6 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510098384.XA CN105631350B (en) | 2015-03-05 | 2015-03-05 | Data manipulation method, data operation device and terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510098384.XA CN105631350B (en) | 2015-03-05 | 2015-03-05 | Data manipulation method, data operation device and terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105631350A true CN105631350A (en) | 2016-06-01 |
| CN105631350B CN105631350B (en) | 2018-07-24 |
Family
ID=56046271
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510098384.XA Active CN105631350B (en) | 2015-03-05 | 2015-03-05 | Data manipulation method, data operation device and terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105631350B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106056000A (en) * | 2016-06-24 | 2016-10-26 | 北京奇虎科技有限公司 | System authority-based mobile device storage partition configuration method and apparatus |
| CN106156314A (en) * | 2016-06-30 | 2016-11-23 | 珠海市魅族科技有限公司 | A kind of data manipulation method and device, data search method and device |
| CN115394392A (en) * | 2022-08-31 | 2022-11-25 | 西安交通大学 | Medical data sharing system and method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1913412A (en) * | 2006-07-31 | 2007-02-14 | 杭州华为三康技术有限公司 | Queue access method and device |
| CN101650646A (en) * | 2009-09-22 | 2010-02-17 | 杭州华三通信技术有限公司 | Method and device for realizing shared data consistency |
| CN103345482A (en) * | 2013-06-20 | 2013-10-09 | 上海爱数软件有限公司 | Network storage system and file access conflict processing method thereof |
| CN103778208A (en) * | 2014-01-15 | 2014-05-07 | 广州普邦园林股份有限公司 | Method for cooperating working directory or document access and system thereof |
-
2015
- 2015-03-05 CN CN201510098384.XA patent/CN105631350B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1913412A (en) * | 2006-07-31 | 2007-02-14 | 杭州华为三康技术有限公司 | Queue access method and device |
| CN101650646A (en) * | 2009-09-22 | 2010-02-17 | 杭州华三通信技术有限公司 | Method and device for realizing shared data consistency |
| CN103345482A (en) * | 2013-06-20 | 2013-10-09 | 上海爱数软件有限公司 | Network storage system and file access conflict processing method thereof |
| CN103778208A (en) * | 2014-01-15 | 2014-05-07 | 广州普邦园林股份有限公司 | Method for cooperating working directory or document access and system thereof |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106056000A (en) * | 2016-06-24 | 2016-10-26 | 北京奇虎科技有限公司 | System authority-based mobile device storage partition configuration method and apparatus |
| CN106056000B (en) * | 2016-06-24 | 2019-12-24 | 北京奇虎科技有限公司 | Mobile device storage partition configuration method and device based on system permission |
| CN106156314A (en) * | 2016-06-30 | 2016-11-23 | 珠海市魅族科技有限公司 | A kind of data manipulation method and device, data search method and device |
| CN106156314B (en) * | 2016-06-30 | 2019-09-20 | 珠海市魅族科技有限公司 | A kind of data manipulation method and device, data search method and device |
| CN115394392A (en) * | 2022-08-31 | 2022-11-25 | 西安交通大学 | Medical data sharing system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105631350B (en) | 2018-07-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102024121A (en) | Platform security apparatus and method thereof | |
| CN102236764B (en) | Method and monitoring system for Android system to defend against desktop information attack | |
| US20120149331A1 (en) | Method and system for remote control of smart card | |
| CN104239140A (en) | Mobile terminal as well as method and device for controlling switching of operation systems of mobile terminal | |
| CN103164229A (en) | Method and device for clearing progresses of mobile terminal | |
| CN104463033A (en) | Storage region setting method, storage region setting device and terminal | |
| CN101520854B (en) | Smart memory card, data safety control system and method thereof | |
| CN104112089A (en) | Multi-strategy integration based mandatory access control method | |
| CN104008345A (en) | Method and device for protecting user privacy data of application program | |
| CN105122260A (en) | Context based switching to a secure operating system environment | |
| CN106462483A (en) | Firmware interface with durable memory storage | |
| CN105631350A (en) | Data operation method, data operation apparatus and terminal | |
| CN102646075A (en) | Storage card locking method and system | |
| CN102810139B (en) | Secure data operation method and communication terminal | |
| CN113268784B (en) | Self-destruction method of embedded equipment and storage equipment | |
| WO2017008415A1 (en) | Apparatus and method for launching mobile applications from a lock screen | |
| CN101123507A (en) | A protection method and storage device for data information in storage device | |
| CN104272251A (en) | Modify executable bits of system management memory page table | |
| CN102946482A (en) | Method for detecting user terminal and user terminal | |
| CN111352862A (en) | Key destroying method, system, password card and password machine | |
| CN103136487B (en) | A kind of method, Apparatus and system of managing data in hard disk hidden area | |
| CN102663313A (en) | Method for realizing information security of computer system | |
| CN112070940B (en) | Access control authorization method, access control release method, device, access control controller and medium | |
| CN106951771B (en) | Mobile terminal using method of android operating system | |
| CN105516500A (en) | Method and system for selecting device mode |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220424 Address after: 330000 room 106, building 1, science and technology production, standard workshop, industrial park, No. 4368, Jingkai Avenue, Nanchang Economic and Technological Development Zone, Nanchang City, Jiangxi Province Patentee after: Nanchang Kupai Zhongying Intelligent Technology Co.,Ltd. Address before: 710065 block a, No. 8, Tangyan South Road, high tech Zone, Xi'an, Shaanxi Province Patentee before: XI'AN KUPAI SOFTWARE TECHNOLOGY Co.,Ltd. |