Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the examples of this specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the embodiments of the specification, as detailed in the appended claims.
The terminology used in the embodiments of the present specification is for the purpose of describing particular embodiments only and is not intended to be limiting of the embodiments of the present specification. As used in the specification examples and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in the embodiments of the present specification to describe various information, the information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the embodiments herein. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
Referring to fig. 1, fig. 1 is a flowchart illustrating a method for controlling authority according to an exemplary embodiment of the present application, where the embodiment can be applied to various devices requiring control authority, and may include the following steps S101 to S103:
step S101, context information of the equipment is obtained, and the context information carries environment information of the equipment.
Step S102, obtaining access control strategies corresponding to the obtained environment information, wherein at least one access control strategy is generated based on the preset environment information.
Step S103, determining the target object allowed to be accessed based on the acquired access control strategy.
The devices to which embodiments of the present description apply may be personal computers, laptop computers, tablet computers, cellular phones, camera phones, smart phones, personal digital assistants, media players, navigation devices, email messaging devices, game consoles, wearable devices, and the like that require control privileges, and the context information of these devices refers to factors that may affect the privileges of the device or content on the device, which may include environmental information of the device given that the context information needs to meet the privacy requirements of the device owner after different occasions.
The environment information may refer to geographical location information of an environment where the device is located, and may also refer to information that may be in contact with the environment where the device is located, such as at least one of information of magnetic field fingerprint, WIFI fingerprint, environmental audio, and the like, and the information may distinguish different environments.
Aiming at different environment information and meeting the requirement of an equipment owner for protecting privacy, the designer of the scheme can provide the preset environment information and generate the corresponding access control strategy function aiming at the different preset environment information, the equipment owner can generate the access control strategy corresponding to different preset environment information according to the privacy protection requirement of the equipment owner through the function, the authority described by different access control strategies can be different, and the corresponding security levels can also be different. The access control policy mentioned herein may describe, for example, rights (such as access, change, and the like) of a device user (user, refer to a device owner or other personnel) to the device, may describe rights of the device user to some applications in the device, and may also describe rights of the device user to some function modules in the applications, which is not limited in this embodiment of the specification.
The following describes how the device owner generates the access control policy for different predefined context information:
firstly, the method comprises the following steps: the predetermined environment information is geographical location information, and the geographical location information may refer to a longitude and latitude place of a place where the electronic device is located, a place name, or a location identifier customized by a device owner to distinguish different places. For example, a device owner defines his place of residence as "home," his office as "company," his place of dining as "restaurant," his place of workout as "gym," and so on. However, the location name may correspond to the latitude and longitude identifier of the location, and the corresponding location name or the self-positioning location identifier may be determined by detecting the latitude and longitude.
In practical applications, generating the access control policy needs to consider various conditions, such as: the device owner is different, the location of the device is different, the personnel in the location are different, or the requirements of the location on the device owner are different, etc., in order to meet the privacy protection requirements of the device owner under different conditions, the device owner may also be different according to the privacy protection requirements of the device owner, the preset geographic position information, the access control policy and the corresponding relationship between the geographic position information and the access control policy, and the following conditions are listed:
in the condition 1, most of the equipment owners contacting the living places are family members, and privacy does not need to be hidden from the family members; most of the contacts in the office are leaders or colleagues, and the device owner may not want to lead to know the contents in daily life, such as games played frequently, items purchased on the internet, chat contents with family or friends, and the like; people who are in contact at dining or fitness exercise places are complex, and may have both friends who are familiar to each other and strangers, and the device owner may not want strangers to know what they are in their daily lives, nor what they are working at.
For the above privacy protection requirement of the device owner, the device owner may generate an access control policy, such as a manager policy and an access prohibition policy, describing the authority of the device user to the device based on the geographic location information of the place where the device owner lives, where the geographic location information corresponding to the manager policy is a place name of "home" or a longitude and latitude of "home", and the policy may allow the device user to access all contents in the device and change all settings of the device; the access prohibition policy is a policy that prohibits the device user from accessing the device, and corresponds to geographical location information, which is not the location name of "home" or the longitude and latitude of "home".
Furthermore, the owner of the device may also generate an access control policy describing the authority of the device user to the device content, such as an administrator policy and a temporary access policy or an initial content access policy, based on the geographic location information of the residence, where the device content may refer to system software or application software in the device, the system software may be an operating system, a database management system, and the like, the application software may be instant messaging software, e-commerce software, and the like, and may also refer to function modules in the application software, such as transaction records in the e-commerce software, historical communication records in the instant messaging software, and the like.
The geographic position information corresponding to the administrator strategy is the place name of 'home' or the longitude and latitude of 'home', and the strategy can allow the equipment user to access all contents in the equipment and change all settings of the equipment; the temporary access strategy or the initial content access strategy corresponds to the geographical location information, and is not the place name of 'home' or the longitude and latitude of 'home', the temporary access strategy can allow a device user to access the content irrelevant to the privacy content, the privacy content is predetermined by a device owner in advance, and the privacy content can be an album in a diagram base, a transaction record in electronic commerce software, a historical communication record in instant communication software and the like; an initial content policy that allows a device user to access an initial state in which the device does not load any content. In other examples, different access control policies may also describe content that is not allowed to be accessed by the device user, and this is not limited in this embodiment of the present specification.
In addition, the device owner can also generate different access control policies, such as a manager access policy, an office access policy and a public access policy, based on the geographic location information of different places, and when the access control policies are different, the content of the device allowed to be accessed by the device can be different.
The geographic location information corresponding to the administrator policy is the place name of "home" or the longitude and latitude of "home", and the policy may allow the device user to access all the contents in the device and change all the settings of the device.
The geographic location information corresponding to the office access policy is the name of the place of the company or the longitude and latitude of the company, and the like, and the policy can allow the equipment user to access the content related to work in the equipment.
The geographic location information corresponding to the public access policy is the names of places of "restaurant" and "sports place", or the latitude and longitude of "restaurant" and "sports place", and the like, and the policy can allow the device user to access content irrelevant to private life and work.
Case 2, which is different from case 1, is that: when a company requires employees to keep the work content secret and generates an access control strategy, if the geographic position information is the place name of 'home' or the longitude and latitude of 'home', the strategy corresponding to the geographic position information can be a private access strategy, and the strategy can allow equipment users to access the content in the equipment, which is irrelevant to the work, and change the setting, which is irrelevant to the work content.
In other embodiments, for different conditions, the device owner may further preset geographic location information, an access control policy, and a corresponding relationship between the geographic location information and the access control policy, which are different from the above conditions, and this is not limited in this embodiment of the specification.
II, secondly: the predetermined environment information is a WIFI fingerprint, which may refer to a signal strength of a wireless local area network of an environment where the device is located, for example: WIFI in the living place is W1, WIFI in the office place is W2, WIFI in the dining place is W3, and WIFI in the fitness and exercise place is W4. When the equipment owner is in a living place, WIFI is W1, the signal strength is Q1, and the signal strengths of W2, W3 and W4 are all 0; when the owner of the equipment is in an office, WIFI is W2, the signal strength is Q2, and the signal strengths of W1, W3 and W4 are all 0; when the equipment owner is at the dining place, the WIFI is W3, the signal strength is Q3, and the signal strengths of W1, W2 and W4 are all 0; when the owner of the equipment is in the fitness and exercise place, the WIFI is W4, the signal strength is Q4, and the signal strengths of W1, W2 and W3 are all 0.
In practical applications, generating the access control policy needs to consider various conditions, such as: the device owner is different, the WIFI fingerprints of the location where the device is located are different, the personnel in the location are different, or the requirements of the location on the device owner are different, and the like, in order to meet the privacy protection requirements of the device owner under different conditions, the device owner may also be different according to the privacy protection requirements of the device owner, the preset WIFI fingerprints, the access control policy and the corresponding relationship between the WIFI fingerprints and the access control policy, which may be specifically referred to the above condition 1 and condition 2, and the difference is that the geographical location information of each location is replaced by the WIFI fingerprints of each location.
In addition to the above conditions 1 and 2, in other embodiments of the present specification, the device owner may also predetermine a WIFI fingerprint, an access control policy, and a corresponding relationship between the WIFI fingerprint and the access control policy, which are different from the above conditions, for different conditions, and this is not limited by the embodiments of the present specification.
Thirdly, the method comprises the following steps: the predetermined environment information is a magnetic field fingerprint, which may refer to magnetic field data of a part of location points in the environment where the device is located, and represents information such as the magnetic field strength of the part of location points, similar to the RSSI fingerprint. The results can be collected by a magnetometer built into the device.
For example: the magnetic field of the living place is C1, the magnetic field of the office place is C2, the magnetic field of the dining place is C3, and the magnetic field of the body-building and exercise place is C4. When the owner of the equipment is in a living place, the magnetic field is C1, the signal intensity is T1, and the signal intensities of C2, C3 and C4 are all 0; when the owner of the equipment is in an office, the magnetic field is C2, the signal intensity is T2, and the signal intensities of C1, C3 and C4 are all 0; when the equipment owner is at the dining place, the magnetic field is C3, the signal intensity is T3, and the signal intensities of C1, C2 and C4 are all 0; when the owner of the apparatus is in the field of fitness exercise, the magnetic field is C4, the signal intensity is Q4, and the signal intensities of W1, W2 and W3 are all 0.
In practical applications, generating the access control policy needs to consider various conditions, such as: the device owner may be different in that the device owner is different, the magnetic field fingerprint of the location where the device is located is different, the personnel in the location are different, or the requirement of the location on the device owner is different, and the correspondence between the predetermined magnetic field fingerprint, the access control policy, and the magnetic field fingerprint and the access control policy may also be different according to the privacy protection requirement of the device owner under different conditions, which may be specifically referred to above conditions 1 and 2.
In addition to the above condition 1 and condition 2, in other embodiments of the present specification, the device owner may also predetermine a magnetic field fingerprint, an access control policy, and a correspondence relationship between the magnetic field fingerprint and the access control policy, which are different from the above condition, for different conditions, and the embodiments of the present specification are not limited thereto.
Fourthly, the method comprises the following steps: the predetermined environmental information is environmental audio, which may be audio (high or low) of sound that often occurs in the environment, where the sound may refer to speaking voice, singing voice, musical instrument voice, or noise emitted from machine equipment.
For example, the voice of a person speaking often occurs in a living place, the voice frequency is Y1, the voice of a person knocking a computer device often occurs in an office place, the voice frequency is Y2, the voice of a tableware collision often occurs in a dining place, the voice frequency is Y3, the noise often occurs in a fitness and exercise place, and the voice frequency is Y4.
In practical applications, generating the access control policy needs to consider various conditions, such as: the device owner may be different in that, in order to meet the requirement of the device owner for privacy protection under different conditions, the device owner may also be different according to the requirement of the device owner for privacy protection, the predefined environmental audio, the access control policy, and the corresponding relationship between the environmental audio and the access control policy, specifically referring to the above-mentioned condition 1 and condition 2, where the difference is that the environmental audio of each location is used to replace the geographic location information of each location.
In addition to the above condition 1 and condition 2, in other embodiments of the present specification, the device owner may also predetermine the environmental audio, the access control policy, and the corresponding relationship between the environmental audio and the access control policy, which are different from the above condition, for different conditions, and the embodiments of the present specification do not limit this.
In some cases, in order to further enhance the protection of privacy, the device owner may further add other factors for controlling the permission, such as an unlocking password, to the context information, and may be used to unlock the device, unlock system software or software applications in the device, and unlock function modules in the software applications, which is not limited in this embodiment of the specification.
In practical applications, to further enhance privacy protection for the device owner, the device owner may generate the corresponding access control policy based on the predetermined passwords, in addition to the corresponding access control policy based on the different predetermined environment information, where there may be more than two predetermined passwords, and the access control policies generated based on the different predetermined passwords may be different, and the predetermined passwords mentioned herein may be used to match the unlocking instruction.
The access control policy generated based on the predetermined password alone can be contained in the access policy generated based on some predetermined environment information, and is a further subdivision of the access control policy generated based on some predetermined environment information; or may be a completely different policy from the access control policy generated by the predetermined context information.
In addition, the device owner may also generate an access control policy based on both the predetermined password and the predetermined context information. However, whether the access control policy is generated based on the predetermined environment information or the predetermined password alone or based on both the predetermined environment information and the predetermined password, if the acquired context information carries the environment information, it is necessary to acquire the access control policy corresponding to the acquired environment information and determine the target object allowed to be accessed based on the acquired access control policy. The target object herein may refer to the device itself, or may refer to software or a functional module in the software in the device.
In practical application, when the context information is different, the mode for acquiring the context information can be different, and when the context information is geographical location information, the context information can be acquired through GPS positioning; when the context information is the unlocking password, the unlocking password can be obtained through the user instruction, and the user instruction can be different when the specific form of the unlocking password is different, such as: when the unlocking password is a character or a gesture, the unlocking password can be obtained through a touch instruction, and when the unlocking password is a user fingerprint, the unlocking password can be obtained through a contact type fingerprint instruction; when the unlocking password is audio, the unlocking password may be obtained through an audio instruction, in other examples, the unlocking password may also be a password implemented by other people such as a human face, and the embodiment of the present specification does not limit this.
When the corresponding access control policy is obtained, if the context information only carries the environment information, the obtained environment information is directly matched with the preset environment information, if the matching is successful (if the context information and the preset environment information are the same or approximately the same), the corresponding environment information is the access control policy generated based on the matched preset environment information, and if the matching is unsuccessful, the corresponding environment information is a default access control policy or other access control policies except the access control policy generated based on the preset environment information.
If the context information carries the environment information and the unlocking password, the predetermined information (the predetermined environment information or the predetermined password) corresponding to the corresponding context information (the environment information or the unlocking password) can be sequentially acquired according to the acquisition sequence of the environment information and the unlocking password, and the corresponding access control strategy and the target object allowed to be accessed are sequentially determined. In a certain example, the environment information is acquired first, then the unlocking password is acquired, the predetermined environment information matched with the environment information is acquired first, the corresponding access control policy and the target object allowed to be accessed are determined in sequence, then the predetermined password matched with the unlocking password is acquired, and the corresponding access control policy and the target object allowed to be accessed are searched in sequence. The access control policy searched later may belong to a previously determined access control policy, which is further refinement of the previously determined access control policy, or may be completely different from the previously determined access policy, and the specific relationship between the two is related to the process of generating the access control policy.
In other examples, if the environmental information and the unlocking password are acquired simultaneously, the predetermined environmental information matching the environmental information may be acquired preferentially, the corresponding access control policy and the target object allowed to be accessed are determined in sequence, then the predetermined password matching the unlocking password is acquired, and the corresponding access control policy and the target object allowed to be accessed are searched in sequence.
After the target objects allowed to be accessed are determined, the embodiments of the present specification may display entry identifiers of all the target objects on an interface of the device, and when an access request issued by a user (device user) through the displayed entry identifiers is received and the target object requested to be accessed is a target object not allowed to be accessed, reject the access request. And if the target object requested to be accessed is the target object which is allowed to be accessed by the access control policy, executing the operation of accessing the target object.
In order to prevent the device user from knowing that the device has the content that the device is not allowed to access, in the embodiment of the present specification, after the target object that the device is allowed to access is determined, the entry identifier of the target object that the device is not allowed to access may be hidden on the interface of the device, so that the device user cannot see the privacy content that the device owner needs to protect, and the security degree of privacy may be further improved.
In some scenarios, the environment where the device is located is an office, and the access control policy generated in advance based on the office is an office access policy that does not allow the device user to access content related to daily life in the device. However, the device owner needs to provide his/her life picture to the activity organization personnel of the company, and needs to access the content related to daily life in the device, and for this situation, the present scheme may initiate forced access to the content related to daily life, and the specific implementation process may refer to fig. 2, where fig. 2 is a flowchart of a method for controlling permissions shown in another exemplary embodiment of this specification, and this embodiment may include the following steps S201 to S204:
step S201, context information of the equipment is obtained, and the context information carries environment information of the equipment.
Step S202, obtaining access control strategies corresponding to the obtained environment information, wherein at least one access control strategy is generated based on the preset environment information.
Step S203, determining a target object permitted to access based on the acquired access control policy.
Step S204, when receiving the mandatory access request of the user to the target object which is not allowed to be accessed, determining whether to allow the target object to be accessed based on the authentication information carried in the mandatory access request.
Steps S201 to S203 in this embodiment correspond to steps S101 to S103 in the embodiment related to fig. 1, and are not described again here.
For step S204, the mandatory access request may be issued through an access interface of a target object that is displayed on an interface of the device and is not allowed to be accessed by the user, or may be issued through a predefined mandatory access interface in the device by the user, where the issued mandatory access request may carry authentication information used for determining whether to allow access to the target object, such as a mandatory unlock password, a prompt question answer, and the like, where the mandatory unlock password may be a character string such as a gesture, a number, a letter, and the like, and may also be a fingerprint, a human face, and the prompt question answer may be identity authentication information such as a predefined picture, a name, a phone number, and the like, and may also be other information used for determining whether to allow mandatory access to the target object, which is not limited in this embodiment of the.
In conclusion, in the process of actually using the device, the access control policy of the device can be determined by acquiring the environmental information of the device, and then the target object allowed to be accessed is determined based on the acquired access control policy, so that the control on the authority is realized, the content presented to the device user by the device can meet the requirement of protecting privacy of the device owner on different occasions, and the borrowing or viewing of the device by others is not influenced.
In addition, after the environment where the device is located changes, for example, changes from a residential site to an office site, the present solution can also automatically switch the access control policy according to the change of the environment, specifically, see fig. 3, where fig. 3 is a flowchart of an automatic right switching method shown in an exemplary embodiment of this specification, and the embodiment may include the following steps S301 to S303:
step S301, context information of the device is obtained, and the context information carries environment information of the device.
Step S302, after detecting that the environment information is updated, obtaining an access control strategy corresponding to the updated environment information, wherein at least one access control strategy is generated based on the preset environment information.
In step S303, a target object permitted to be accessed is determined based on the acquired access control policy.
The technical features related to the embodiment of the present application correspond to the technical features related to fig. 1, and are not described herein again, but the difference is that after the context information of the device is obtained, it is necessary to compare whether the currently obtained environment information matches (is the same as or approximately the same as) the previously obtained environment information, if so, it is determined that the update of the environment information is not detected, and if not, it is determined that the match of the environment information is detected.
For example, if the currently acquired environmental information is the longitude and latitude of an office place and the previously acquired environmental information is the longitude and latitude of a living place, the two are not matched, and it is determined that the environmental information is updated, and the access control policy corresponding to the updated environmental information is acquired based on the updated environmental information (the currently acquired longitude and latitude of the office place).
In some examples, the environmental information includes at least one of:
geographical location information, magnetic field fingerprint, WIFI fingerprint, environmental audio.
In other examples, if the obtained context information carries an unlocking password, the method for automatically switching permissions according to the embodiment of the present specification may further include the following steps:
searching an access control strategy corresponding to the unlocking password, wherein the unlocking password is used for unlocking equipment or unlocking application;
a target object to allow access is determined based on the looked-up access control policy.
As an example, the access control policy further comprises:
an access control policy generated based on a predetermined password, the predetermined password being used to match an unlocking instruction;
and/or the presence of a gas in the gas,
and an access control policy generated based on the predetermined password and the predetermined environment information.
As an example, when more than one predetermined password is used, the access control policy generated based on the different predetermined passwords is different.
As an example, the unlocking password is obtained by any one of the following user instructions:
touch instruction, contact fingerprint instruction, audio instruction.
In other examples, the method for automatically switching permissions according to this embodiment of the present specification may further include the following steps:
hiding an entrance identifier of a target object which is not allowed to be accessed on an interface of the equipment; or
Displaying the entrance identifications of all target objects on an interface of the equipment;
and when an access request sent by a user through the displayed entrance identifier is received, if the target object requesting access is a target object which is not allowed to be accessed, rejecting the access request.
In some scenarios, the environment where the device is located is switched to an office, and an access control policy generated in advance based on the office is an office access policy which does not allow a device user to access content related to daily life in the device. However, the device owner needs to provide his/her life picture to the activity organization personnel of the company, and needs to access the content related to daily life in the device, and for this situation, the present solution may initiate a forced access to the content related to daily life, and a specific implementation process may refer to fig. 4, where fig. 4 is a flowchart of an automatic right switching method according to another exemplary embodiment of this specification, and this embodiment may include the following steps S401 to S404:
step S401, context information of the equipment is obtained, and the context information carries environment information of the equipment.
Step S402, obtaining access control strategies corresponding to the obtained environment information, wherein at least one access control strategy is generated based on the preset environment information.
Step S403, when it is detected that the environment information is updated, obtaining an access control policy corresponding to the updated environment information, where at least one access control policy is generated based on predetermined environment information.
Step S404, when receiving a mandatory access request of a user to a target object which is not allowed to be accessed, determining whether to allow the target object to be accessed based on authentication information carried in the mandatory access request.
Steps S401 to S404 in this embodiment correspond to steps S201 to S203 in the embodiment related to fig. 2, and are not described again here. The difference is that after the context information of the device is obtained, it needs to be compared whether the currently obtained environment information matches (is the same or approximately the same) with the previously obtained environment information, if so, it is determined that the update of the environment information is not detected, and if not, it is determined that the environment information is detected.
As an example, the authentication information includes any one of:
and forcibly unlocking the password and prompting the answer of the question.
Corresponding to the embodiments of the method described above, the present application also provides embodiments of an apparatus.
Referring to fig. 5, fig. 5 is a block diagram of a control apparatus for controlling authority according to an exemplary embodiment of the present application, which may include: a context acquisition module 510, a control policy acquisition module 520, and a target object determination module 530.
The context obtaining module 510 is configured to obtain context information of a device, where the context information carries environment information of the device.
A control policy obtaining module 520, configured to obtain an access control policy corresponding to the obtained environment information, where at least one access control policy is generated based on predetermined environment information.
A target object determination module 530, configured to determine a target object allowed to be accessed based on the obtained access control policy.
In some examples, the environmental information includes at least one of:
geographical location information, magnetic field fingerprint, WIFI fingerprint, environmental audio.
In other examples, the apparatus for controlling authority according to an embodiment of the present disclosure may further include:
and the control policy searching module is used for searching the access control policy corresponding to the unlocking password when the obtained context information also carries the unlocking password, and the unlocking password is used for unlocking equipment or unlocking application.
And the access object determination module is used for determining a target object allowed to be accessed based on the searched access control strategy.
As an example, the access control policy further comprises:
and the access control policy is generated based on a predetermined password, and the predetermined password is used for matching the unlocking instruction.
And/or the presence of a gas in the gas,
and an access control policy generated based on the predetermined password and the predetermined environment information.
As an example, when more than one predetermined password is used, the access control policy generated based on the different predetermined passwords is different.
As an example, the unlocking password is obtained by any one of the following user instructions:
touch instruction, contact fingerprint instruction, audio instruction.
In other examples, the apparatus for controlling authority according to an embodiment of the present disclosure may further include:
and the object hiding module is used for hiding the entrance identification of the target object which is not allowed to be accessed on the interface of the equipment. Or the like, or, alternatively,
and the object display module is used for displaying the entrance identifications of all the target objects on the interface of the equipment.
And the access refusing module is used for refusing the access request when receiving that the user sends the access request through the displayed entrance identifier and the target object which is requested to access is a target object which is not allowed to access.
In other examples, the apparatus for controlling authority according to an embodiment of the present disclosure may further include:
and the mandatory access module is used for determining whether to allow the target object to be accessed based on the authentication information carried in the mandatory access request when the mandatory access request of the target object which is not allowed to be accessed by the user is received.
As an example, the authentication information includes any one of:
and forcibly unlocking the password and prompting the answer of the question.
Referring to fig. 6, fig. 6 is a block diagram illustrating an apparatus for automatically switching permissions according to an exemplary embodiment of the present application, which may include: a context obtaining module 610, a control policy switching module 620 and a target object determining module 630.
The context obtaining module 610 is configured to obtain context information of a device, where the context information carries environment information of the device.
A control policy switching module 620, configured to, after detecting that the environment information is updated, acquire an access control policy corresponding to the updated environment information, where at least one access control policy is generated based on predetermined environment information.
A target object determination module 630, configured to determine a target object allowed to be accessed based on the obtained access control policy.
In some examples, the environmental information includes at least one of:
geographical location information, magnetic field fingerprint, WIFI fingerprint, environmental audio.
In other examples, the apparatus for automatically switching permissions according to an embodiment of the present specification may further include:
and the control policy searching module is used for searching the access control policy corresponding to the unlocking password when the obtained context information also carries the unlocking password, and the unlocking password is used for unlocking equipment or unlocking application.
And the access object determination module is used for determining a target object allowed to be accessed based on the searched access control strategy.
As an example, the access control policy further comprises:
and the access control policy is generated based on a predetermined password, and the predetermined password is used for matching the unlocking instruction.
And/or the presence of a gas in the gas,
and an access control policy generated based on the predetermined password and the predetermined environment information.
As an example, when more than one predetermined password is used, the access control policy generated based on the different predetermined passwords is different.
As an example, the unlocking password is obtained by any one of the following user instructions:
touch instruction, contact fingerprint instruction, audio instruction.
In other examples, the apparatus for automatically switching permissions according to an embodiment of the present specification may further include:
and the object hiding module is used for hiding the entrance identification of the target object which is not allowed to be accessed on the interface of the equipment. Or the like, or, alternatively,
and the object display module is used for displaying the entrance identifications of all the target objects on the interface of the equipment.
And the access refusing module is used for refusing the access request when receiving that the user sends the access request through the displayed entrance identifier and the target object which is requested to access is a target object which is not allowed to access.
In other examples, the apparatus for automatically switching permissions according to an embodiment of the present specification may further include:
and the mandatory access module is used for determining whether to allow the target object to be accessed based on the authentication information carried in the mandatory access request when the mandatory access request of the target object which is not allowed to be accessed by the user is received.
As an example, the authentication information includes any one of:
and forcibly unlocking the password and prompting the answer of the question.
The implementation process of the functions and actions of each unit (or module) in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the installed embodiment, since it basically corresponds to the method embodiment, reference may be made to the partial description of the method embodiment for relevant points. The above-described embodiments of the mail client are merely illustrative, wherein the units or modules described as separate parts may or may not be physically separate, and the parts displayed as units or modules may or may not be physical units or modules, may be located in one place, or may be distributed on a plurality of network units or modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution of the embodiments of the present specification. One of ordinary skill in the art can understand and implement it without inventive effort.
The control device/automatic switching device of the authority of the embodiment of the present specification can be applied to electronic equipment. In particular, it may be implemented by a computer chip or entity, or by an article of manufacture having some functionality. In a typical implementation, the electronic device is a computer, which may be embodied in the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, internet television, smart car, unmanned vehicle, smart refrigerator, other smart home device, or a combination of any of these devices.
The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. Taking a software implementation as an example, as a logical client, the client is formed by reading, by a processor of the electronic device, corresponding computer program instructions in a readable medium such as a non-volatile memory into an internal memory for operation. In terms of hardware, as shown in fig. 7, the hardware structure diagram of the electronic device where the control or automatic switching apparatus for controlling or automatically switching permissions in the embodiments of this specification is shown, except for the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 7, in the embodiments, the electronic device may further include other hardware according to the actual function of the electronic device, which is not described again.
In some examples, a memory of the electronic device may store processor-executable program instructions; the processor may be coupled to the memory for reading program instructions stored in the memory and, in response, performing the following: acquiring context information of equipment, wherein the context information carries environment information of the equipment; acquiring access control policies corresponding to the acquired environment information, wherein at least one access control policy is generated based on predetermined environment information; determining a target object allowed to be accessed based on the acquired access control policy.
In other examples, a memory of the electronic device may store processor-executable program instructions; the processor may be coupled to the memory for reading program instructions stored in the memory and, in response, performing the following: acquiring context information of equipment, wherein the context information carries environment information of the equipment; when the environment information is detected to be updated, acquiring access control strategies corresponding to the updated environment information, wherein at least one access control strategy is generated based on preset environment information; determining a target object allowed to be accessed based on the acquired access control policy.
In other embodiments, the operations performed by the processor may refer to the description related to the above method embodiments, which is not repeated herein.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The above description is only a preferred embodiment of the present disclosure, and should not be taken as limiting the present disclosure, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present disclosure should be included in the scope of the present disclosure.