CN107480554A - A kind of right management method, rights management device and intelligent terminal - Google Patents

A kind of right management method, rights management device and intelligent terminal Download PDF

Info

Publication number
CN107480554A
CN107480554A CN201710631659.0A CN201710631659A CN107480554A CN 107480554 A CN107480554 A CN 107480554A CN 201710631659 A CN201710631659 A CN 201710631659A CN 107480554 A CN107480554 A CN 107480554A
Authority
CN
China
Prior art keywords
virtual
authority
terminal data
data
mentioned
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710631659.0A
Other languages
Chinese (zh)
Other versions
CN107480554B (en
Inventor
肖立锋
龙德武
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Branch Of Software Technology (shenzhen) Co Ltd
Original Assignee
Branch Of Software Technology (shenzhen) Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Branch Of Software Technology (shenzhen) Co Ltd filed Critical Branch Of Software Technology (shenzhen) Co Ltd
Priority to CN201710631659.0A priority Critical patent/CN107480554B/en
Publication of CN107480554A publication Critical patent/CN107480554A/en
Application granted granted Critical
Publication of CN107480554B publication Critical patent/CN107480554B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/629Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application

Abstract

The invention discloses a kind of right management method, rights management device and intelligent terminal, wherein, the right management method includes:Receive the authority request instruction that application program is sent;The true access rights asked based on authority request instruction, it is determined that virtual access authority corresponding with the truly access rights, wherein, the true access rights are associated with the terminal data in real system, the virtual access authority is associated with the terminal data in virtual system, and the terminal data in the virtual system is different from the terminal data in the real system;Authorize the virtual access authority to the application program.This programme can either be that application program opens required access rights, and and can enough ensures the personal information security of user.

Description

A kind of right management method, rights management device and intelligent terminal
Technical field
The present invention relates to field of information security technology, more particularly to a kind of right management method, rights management device, intelligence Terminal and computer-readable recording medium.
Background technology
Many application programs often when mounted to intelligent terminal application it is a large amount of it is unnecessary, even with this application journey The unrelated authority of sequence, for example, some application programs can read safe digital card (SD card) to intelligent terminal application, system journal is believed The authority of the information such as breath, address book information, call-information, short message, intelligent terminal geographical position.If user should to these Authority required by being granted by them with program, then the personal data that are stored on intelligent terminal may be caused compromised;If User do not open them to these application programs required by authority, then application program can be caused can not to use, result even in Application program automatically exits from.
The content of the invention
In view of this, can the invention provides a kind of right management method, rights management device, intelligent terminal and computer Read storage medium, it is intended to open required access rights for application program on the premise of the personal information security of user is ensured.
The first aspect of the embodiment of the present invention provides a kind of right management method, and the right management method includes:
Receive the authority request instruction that application program is sent;
The true access rights asked based on authority request instruction, it is determined that corresponding with the true access rights Virtual access authority, wherein, the true access rights are associated with the terminal data in real system, the virtual access power Limit is associated with the terminal data in virtual system, and the terminal data in the virtual system is different from the real system Terminal data;
Authorize the virtual access authority to the application program.
The second aspect of the embodiment of the present invention provides a kind of rights management device, and the rights management device includes:
Request reception unit, for receiving the authority request instruction of application program transmission;
Authority determining unit, the authority request instruction for being received based on the request reception unit are asked true Access rights, it is determined that virtual access authority corresponding with the true access rights, wherein, the true access rights with it is true Terminal data in system is associated, and the virtual access authority is associated with the terminal data in virtual system, described virtual Terminal data in system is different from the terminal data in the real system;
Right grant unit, the virtual access authority for the authority determining unit to be determined, which is authorized, described applies journey Sequence.
The third aspect of the embodiment of the present invention provides a kind of intelligent terminal, including memory, processor and is stored in In the memory and the computer program that can run on the processor, described in the computing device during computer program The step of realizing method as described above.
The fourth aspect of the embodiment of the present invention provides a kind of computer-readable recording medium, the computer-readable storage Media storage has the step of computer program, the computer program realizes method as described above when being executed by processor.
Therefore by the present invention program, the authority request instruction that application program is sent is received first, is then based on institute The true access rights that authority request instruction is asked are stated, it is determined that virtual access authority corresponding with the truly access rights, Wherein, the true access rights are associated with the terminal data in real system, the virtual access authority and virtual system In terminal data be associated, the terminal data in the virtual system be different from the real system in terminal data, most Authorize the virtual access authority to the application program afterwards.The present invention program authorizes in application requests access rights The corresponding virtual access authority for the true access rights that application program is asked, it on the one hand can avoid causing because not authorizing Application program situation about automatically exiting from occur, on the other hand, due to the number of terminals in the virtual access authority and virtual system According to being associated, therefore, the terminal data that obtaining the application program of the virtual access authority allows to access is in virtual system Terminal data, so as to avoid the application program from getting terminal data actual in real system, ensure to a certain extent The personal information security of user.
Brief description of the drawings
Technical scheme in order to illustrate the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art In the required accompanying drawing used be briefly described, it should be apparent that, drawings in the following description be only the present invention some Embodiment, for those of ordinary skill in the art, without having to pay creative labor, can also be according to these Accompanying drawing obtains other accompanying drawings.
Fig. 1 is the implementation process schematic diagram of right management method provided in an embodiment of the present invention;
Fig. 2 is in right management method provided in an embodiment of the present invention, virtual access authority is initialized specific Implementation process schematic diagram;
Fig. 3 is the implementation process schematic diagram of another right management method provided in an embodiment of the present invention;
Fig. 4 is the schematic diagram of rights management device provided in an embodiment of the present invention;
Fig. 5 is the schematic diagram of intelligent terminal provided in an embodiment of the present invention.
Embodiment
In describing below, in order to illustrate rather than in order to limit, it is proposed that such as tool of particular system structure, technology etc Body details, thoroughly to understand the embodiment of the present invention.However, it will be clear to one skilled in the art that there is no these specific The present invention can also be realized in the other embodiments of details.In other situations, omit to well-known system, device, electricity Road and the detailed description of method, in case unnecessary details hinders description of the invention.
In order to illustrate technical solutions according to the invention, illustrated below by specific embodiment.
Embodiment one
Fig. 1 shows the implementation process for the right management method that the embodiment of the present invention one provides, and details are as follows:
In step S101, the authority request instruction that application program is sent is received;
In embodiments of the present invention, in the running of application program, receive the authority request that application program is sent and refer to Order.Specifically, it can be when application program is mounted, receive the authority request instruction that application program is sent;Or in step In S101, it can also be in application program by use, the authority request instruction that reception application program is sent, is not limited herein It is fixed.
In step s 102, based on the true access rights asked of above-mentioned authority request instruction, it is determined that with it is above-mentioned true Virtual access authority corresponding to access rights;
In embodiments of the present invention, above-mentioned true access rights are associated with the terminal data in real system, above-mentioned void Plan access rights are associated with the terminal data in virtual system, and the terminal data in above-mentioned virtual system is different from above-mentioned true Terminal data in system.Wherein, the terminal data in above-mentioned real system is the number of user's actual storage in intelligent terminal According to;Above-mentioned true access rights are associated with the terminal data in real system, refer to by above-mentioned true access rights energy The terminal data enough having access in real system, i.e., user can be got in intelligent terminal by above-mentioned true access right authority The data of middle actual storage;Above-mentioned virtual access authority is associated with the terminal data in virtual system, refers to by above-mentioned Virtual access authority is able to access that the terminal data in virtual system, and because the terminal data in above-mentioned virtual system is different With the terminal data in above-mentioned real system, therefore, user can not be got in intelligence by above-mentioned virtual access authority The data of actual storage in terminal.It should be noted that each true access rights have corresponding thereto in virtual system Virtual access authority, thus when received in step S101 application program transmission authority request instruction after, can be based on upper The true access rights that authority request instruction is asked are stated, it is determined that virtual access authority corresponding with above-mentioned truly access rights.
In step s 103, above-mentioned virtual access authority is authorized to above-mentioned application program.
In embodiments of the present invention, the virtual access authority for determining to obtain in step S102 is authorized to above-mentioned application program, To cause above-mentioned application program to continue to run with.If above-mentioned application program is the authority request instruction sent in installation process, Then after above-mentioned application program virtual access authority is granted by, above-mentioned application program is enabled to be able to continue to install;On if It is the authority request instruction sent in use to state application program, then is being granted by above-mentioned application program virtual access authority Afterwards, user is enabled to be able to be continuing with the function of above-mentioned application program.
In order that the process of the embodiment of the present invention is clearer, illustrated below with example:It is assumed that user just carries intelligence Energy terminal is gone on business in a, and when using application program A, application program A have sent authority request instruction, and acquisition request accesses The geographical location information of intelligent terminal;Again assume that application program A function is not rely on geographical position, in this case, User is not intended to the true geographical position of oneself informing application program A;Now, by the embodiment of the present invention, authorized for it Virtual access authority, because the terminal data in virtual system is different from the terminal data in real system, thus application program A The virtual geographical location information b being pre-stored within virtual system can only be got, and the intelligent terminal of user is real Geographical position a will not be apprised of application program A.But in fact, for application program A, application program A is accessed really The geographical location information of intelligent terminal, and this information of geographical position b has been acquired, application program A do not know that oneself The data of acquisition are virtual data, and in other words, application program A thinks that the data that oneself is obtained are that intelligent terminal really counts According to, and continue to run with based on this, perform application program A subsequent operation.
Alternatively, above-mentioned right management method also includes:
In the above-mentioned virtual system of initial start-up, above-mentioned virtual access authority is initialized.
Wherein it is possible to above-mentioned virtual system is created by sandbox in real system, it is of course also possible to otherwise Above-mentioned virtual system is created, is not construed as limiting herein.Because virtual system is actually the virtual mirror of the real system of intelligent terminal Picture, in the above-mentioned virtual system of initial start-up, the data stored in the virtual system are sky, it is then desired to above-mentioned virtual visit Ask that authority is initialized.As shown in Fig. 2 in embodiments of the present invention, it is above-mentioned that above-mentioned virtual access authority is initialized, Specially:
S201, obtain the terminal data in the above-mentioned real system associated with above-mentioned true access rights;
S202, it will be copied to the terminal data in the above-mentioned real system that access rights associate above-mentioned truly above-mentioned virtual System;
Wherein it is possible in initialization of virtual access rights, acquisition first associates above-mentioned with above-mentioned true access rights Terminal data in real system, and the terminal data in the real system of acquisition is copied to virtual system so that virtual system System can know the type for the terminal data that application program can request that and various types of terminals for this intelligent terminal Storage format of the data on this intelligent terminal, avoid, in initialization of virtual access rights, generating invalid number of terminals with this According to.
S203, to being associated with above-mentioned true access rights of in above-mentioned virtual system, replicating to obtain in a manner of default Terminal data in above-mentioned real system is modified, using the terminal data in the above-mentioned real system after change as above-mentioned void Terminal data in plan system;
Wherein, in order that the terminal data obtained in virtual system is different from the terminal data in real system, by truly After terminal data in system is copied to virtual system, the terminal data that can be obtained to duplication is carried out more in a manner of default Change, for example, for can be empty data, such as address list data, note data, picture library data etc., it can be empty Operation;Data for that can not think sky, such as intelligent terminal geographic position data etc., can be changed to default acquiescence Data, such as intelligent terminal geographic position data is changed to Beijing.Certainly, even for that can be empty data, also may be used To be changed to default default data, the mode of change is not defined herein.It should be noted that it will replicate what is obtained It is consistent with replicating obtained terminal data in order to avoid default data occurs when terminal data is changed to default default data Situation, can pre-set the first default data and the second default data in virtual system, above-mentioned first default data and the Two default datas are different:It is whether consistent with replicating obtained terminal data that the first default data is detected first, will if inconsistent Replicate obtained terminal data and be changed to the first default data;If consistent, the terminal data that duplication obtains is changed to second Default data.
In step S204, above-mentioned virtual access authority is associated with the terminal data in above-mentioned virtual system, completion pair The initialization of virtual access authority.
Wherein, after the initialization to the terminal data in virtual system is completed, continue by virtual access authority with it is upper The terminal data stated in virtual system is associated, and completes the initialization to virtual access authority so that application program is being awarded After giving virtual access authority, it is able to access that to obtain the terminal data in virtual system.
Therefore by the embodiment of the present invention, will be according to application program when application program initiates authority request instruction The true access rights asked determine corresponding virtual access authority, and authorize the virtual access authority to this and apply journey Sequence, the situation that application program automatically exits from caused by not authorizing on the one hand can be avoided to occur, on the other hand, due to the void Plan access rights are associated with the terminal data in virtual system, and therefore, the application program for obtaining the virtual access authority permits Perhaps the terminal data accessed is the terminal data in virtual system, real in real system so as to avoid the application program from getting The terminal data on border, the personal information security of user is ensured to a certain extent.
It should be understood that the size of the sequence number of each step is not meant to the priority of execution sequence, each process in above-described embodiment Execution sequence should determine that the implementation process without tackling the embodiment of the present invention forms any limit with its function and internal logic It is fixed.
Embodiment two
On the basis of embodiment one, Fig. 2 shows the reality for another right management method that the embodiment of the present invention two provides Existing flow, details are as follows:
In step S301, the authority request instruction that application program is sent is received;
In step s 302, based on the true access rights asked of above-mentioned authority request instruction, it is determined that with it is above-mentioned true Virtual access authority corresponding to access rights;
In step S303, above-mentioned virtual access authority is authorized to above-mentioned application program;
In embodiments of the present invention, above-mentioned steps S301 to above-mentioned steps S303 respectively with above-mentioned steps S101 and above-mentioned step Rapid S103 implementation is same or similar, does not repeat herein.
In step s 304, the authority change directive of input is received;
In embodiments of the present invention, if some functions of application program need to access the number of terminals of real system really According to, during application program is continued to run with based on the virtual access authority being awarded in step S303, can also to application The running status of program is detected:If application program can not normal operation, export reminder message, with prompting be used for application The authority of program is modified, and waits the authority change directive of user's input to be received;Receive want user input authority After change directive, step S305 and step S306 is continued executing with.
In step S305, based on above-mentioned authority change directive, the virtual access to be changed of above-mentioned application program is determined Authority;
In embodiments of the present invention, because above-mentioned application program may have requested that multiple access rights, and entering During row change, it is usually only necessary to be modified one of those or several access rights.Above-mentioned authority change directive indicates User wants the access rights being modified to above-mentioned application program, thus can be based on above-mentioned authority change directive, it is determined that on State the virtual access authority to be changed of application program.
In step S306, the terminal data in pair virtual system associated with above-mentioned virtual access authority to be changed It is modified.
In embodiments of the present invention, the virtual access authority to be changed of above-mentioned application program is determined in step S305 Afterwards, the terminal data in the virtual system being associated to above-mentioned virtual access authority to be changed is modified.Specifically, it is above-mentioned Changing operation can be:Terminal data in the virtual system associated with above-mentioned virtual access authority to be changed is changed to Terminal data in corresponding real system.It should be noted that it is only that the terminal data in virtual system end is entered herein Change is gone, the terminal data in above-mentioned application program accesses or virtual system, in other words, above-mentioned application program is still The terminal data in real system can not directly be accessed.
Therefore by the embodiment of the present invention, will be according to application program when application program initiates authority request instruction The true access rights asked determine corresponding virtual access authority, and authorize the virtual access authority to this and apply journey Sequence, the situation that application program automatically exits from caused by not authorizing on the one hand can be avoided to occur, on the other hand, due to the void Plan access rights are associated with the terminal data in virtual system, and therefore, the application program for obtaining the virtual access authority permits Perhaps the terminal data accessed is the terminal data in virtual system, real in real system so as to avoid the application program from getting The terminal data on border, the personal information security of user is ensured to a certain extent.Further, when user wants to allow application program Access real system terminal data when, can pair with the virtual system associated by virtual access authority terminal data progress Change, the terminal data in corresponding real system is assigned to virtual system, to ensure the normal operation of application program.
It should be understood that the size of the sequence number of each step is not meant to the priority of execution sequence, each process in above-described embodiment Execution sequence should determine that the implementation process without tackling the embodiment of the present invention forms any limit with its function and internal logic It is fixed.
Embodiment three
Fig. 4 shows the structured flowchart of rights management device provided in an embodiment of the present invention, for convenience of description, only shows The part related to the embodiment of the present invention.The rights management device 4 includes:Request reception unit 41, authority determining unit 42, Right grant unit 43.
Wherein, request reception unit 41, for receiving the authority request instruction of application program transmission;
Authority determining unit 42, what the authority request instruction for being received based on above-mentioned request reception unit 41 was asked True access rights, it is determined that virtual access authority corresponding with above-mentioned true access rights, wherein, above-mentioned true access rights with Terminal data in real system is associated, and above-mentioned virtual access authority is associated with the terminal data in virtual system, above-mentioned Terminal data in virtual system is different from the terminal data in above-mentioned real system;
Right grant unit 43, the virtual access authority for above-mentioned authority determining unit 42 to be determined authorize above-mentioned application Program.
Alternatively, above-mentioned rights management device 4 also includes:
Authority initialization unit, in the above-mentioned virtual system of initial start-up, being carried out just to above-mentioned virtual access authority Beginningization.
Alternatively, above-mentioned authority initialization unit includes:
Data acquisition subelement, for obtaining the number of terminals in the above-mentioned real system associated with above-mentioned true access rights According to;
Data duplication subelement, associated for above-mentioned data acquisition subelement to be got with above-mentioned true access rights Above-mentioned real system in terminal data be copied to above-mentioned virtual system;
Data change subelement, in a manner of default in above-mentioned virtual system, above-mentioned data duplication subelement is answered Terminal data in the above-mentioned real system associated with above-mentioned true access rights being made is modified, will be upper after change The terminal data in real system is stated as the terminal data in above-mentioned virtual system;
Data correlation subelement, for the virtual system for determining above-mentioned virtual access authority and above-mentioned data change subelement Terminal data association in system, completes the initialization to virtual access authority.
Alternatively, above-mentioned rights management device 4 also includes:
Virtual system creating unit, for creating above-mentioned virtual system by sandbox in above-mentioned real system.
Alternatively, above-mentioned rights management device 4 also includes:
Receiving unit is changed, for receiving the authority change directive of input;
Authority determining unit to be changed, for based on above-mentioned authority change directive, determining the to be changed of above-mentioned application program Virtual access authority;
Authority changing unit, for the terminal in pair virtual system associated with above-mentioned virtual access authority to be changed Data are modified.
Therefore by the embodiment of the present invention, when application program initiates authority request instruction, rights management device will The true access rights asked according to application program determine corresponding virtual access authority, and the virtual access authority is awarded The application program is given, the situation that application program automatically exits from caused by not authorizing on the one hand can be avoided to occur, the opposing party Face, because the virtual access authority is associated with the terminal data in virtual system, therefore, obtain answering for the virtual access authority The terminal data for allowing to access with program is the terminal data in virtual system, so as to avoid the application program from getting very Actual terminal data in real system, the personal information security of user is ensured to a certain extent.Further, when user wants When allowing the application program to access the terminal data of real system, void that rights management device can be pair associated by with virtual access authority Terminal data in plan system is modified, and assigns the terminal data in corresponding real system to virtual system, to ensure to answer With the normal operation of program.
Embodiment five
Fig. 5 is the schematic diagram of intelligent terminal provided in an embodiment of the present invention.As shown in figure 5, the intelligent terminal 5 of the embodiment Including:Processor 50, memory 51 and it is stored in the calculating that can be run in above-mentioned memory 51 and on above-mentioned processor 50 Machine program 52, such as rights management program.Above-mentioned processor 50 realizes above-mentioned each method when performing above computer program 52 Step in embodiment, such as the step S101 to S103 shown in Fig. 1.Or above-mentioned processor 50 performs above computer journey The function of each unit in above-mentioned each device embodiment, such as the function of unit 41 to 43 shown in Fig. 4 are realized during sequence 52.
Exemplary, above computer program 52 can be divided into one or more units, said one or multiple Unit is stored in above-mentioned memory 51, and is performed by above-mentioned processor 50, to complete the present invention.Said one or multiple lists Member can complete the series of computation machine programmed instruction section of specific function, and the instruction segment is used to describe above computer journey Implementation procedure of the sequence 52 in above-mentioned intelligent terminal 5.For example, above computer program 52, which can be divided into request, receives list Member, authority determining unit, right grant unit, each unit concrete function are as follows:
Request reception unit, for receiving the authority request instruction of application program transmission;
Authority determining unit, the authority request instruction for being received based on above-mentioned request reception unit are asked true Access rights, it is determined that virtual access authority corresponding with above-mentioned true access rights, wherein, above-mentioned true access rights with it is true Terminal data in system is associated, and above-mentioned virtual access authority is associated with the terminal data in virtual system, above-mentioned virtual Terminal data in system is different from the terminal data in above-mentioned real system;
Right grant unit, the virtual access authority for above-mentioned authority determining unit to be determined, which is authorized, above-mentioned applies journey Sequence.
Above-mentioned intelligent terminal 5 can be desktop PC, notebook, palm PC, smart mobile phone and intelligent watch etc. Computing device.Above-mentioned intelligent terminal may include, but be not limited only to, processor 50, memory 51.Those skilled in the art can manage Solution, Fig. 5 is only the example of intelligent terminal 5, does not form the restriction to intelligent terminal 5, can be included more more or more than illustrating Few part, some parts or different parts are either combined, such as above-mentioned intelligent terminal 5 can also include input and output Equipment, network access equipment, bus etc..
Alleged processor 50 can be CPU (Central Processing Unit, CPU), can also be Other general processors, digital signal processor (Digital Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field- Programmable Gate Array, FPGA) either other PLDs, discrete gate or transistor logic, Discrete hardware components etc..General processor can be microprocessor or the processor can also be any conventional processor Deng.
Above-mentioned memory 51 can be the internal storage unit of above-mentioned intelligent terminal 5, such as the hard disk of intelligent terminal 5 or interior Deposit.Above-mentioned memory 51 can also be the External memory equipment of above-mentioned intelligent terminal 5, such as be equipped with above-mentioned intelligent terminal 5 Plug-in type hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, dodge Deposit card (Flash Card) etc..Further, above-mentioned memory 51 can also both include the storage inside list of above-mentioned intelligent terminal 5 Member also includes External memory equipment.Above-mentioned memory 51 is used to store needed for above computer program and above-mentioned intelligent terminal 5 Other programs and data.Above-mentioned memory 51 can be also used for temporarily storing the data that has exported or will export.
Therefore by the embodiment of the present invention, when application program initiates authority request instruction, intelligent terminal is by basis The true access rights that application program is asked determine corresponding virtual access authority, and authorize the virtual access authority to this Application program, the situation that application program automatically exits from caused by not authorizing on the one hand can be avoided to occur, on the other hand, by It is associated with the terminal data in virtual system in the virtual access authority, therefore, obtain the application journey of the virtual access authority The terminal data that sequence allows to access is the terminal data in virtual system, so as to avoid the application program from getting true system Actual terminal data in system, the personal information security of user is ensured to a certain extent.
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each work( Can unit, module division progress for example, in practical application, can be as needed and by above-mentioned function distribution by different Functional unit, module are completed, i.e., the internal structure of said apparatus are divided into different functional units or module, more than completion The all or part of function of description.Each functional unit, module in embodiment can be integrated in a processing unit, also may be used To be that unit is individually physically present, can also two or more units it is integrated in a unit, it is above-mentioned integrated Unit can both be realized in the form of hardware, can also be realized in the form of SFU software functional unit.In addition, each function list Member, the specific name of module are not limited to the protection domain of the application also only to facilitate mutually distinguish.Said system The specific work process of middle unit, module, the corresponding process in preceding method embodiment is may be referred to, will not be repeated here.
In the above-described embodiments, the description to each embodiment all emphasizes particularly on different fields, and is not described in detail or remembers in some embodiment The part of load, it may refer to the associated description of other embodiments.
Those of ordinary skill in the art are it is to be appreciated that the list of each example described with reference to the embodiments described herein Member and algorithm steps, it can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually Performed with hardware or software mode, application-specific and design constraint depending on technical scheme.Professional and technical personnel Described function can be realized using distinct methods to each specific application, but this realization is it is not considered that exceed The scope of the present invention.
In embodiment provided by the present invention, it should be understood that disclosed device/intelligent terminal and method, can be with Realize by another way.For example, device described above/intelligent terminal embodiment is only schematical, for example, on The division of module or unit is stated, only a kind of division of logic function, there can be other dividing mode when actually realizing, such as Multiple units or component can combine or be desirably integrated into another system, or some features can be ignored, or not perform.Separately A bit, shown or discussed mutual coupling or direct-coupling or communication connection can be by some interfaces, device Or INDIRECT COUPLING or the communication connection of unit, can be electrical, mechanical or other forms.
The above-mentioned unit illustrated as separating component can be or may not be physically separate, show as unit The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On NE.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs 's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list Member can both be realized in the form of hardware, can also be realized in the form of SFU software functional unit.
If above-mentioned integrated module/unit realized in the form of SFU software functional unit and as independent production marketing or In use, it can be stored in a computer read/write memory medium.Based on such understanding, the present invention realizes above-mentioned implementation All or part of flow in example method, by computer program the hardware of correlation can also be instructed to complete, above-mentioned meter Calculation machine program can be stored in a computer-readable recording medium, and the computer program can be achieved when being executed by processor The step of stating each embodiment of the method..Wherein, above computer program includes computer program code, above computer program Code can be source code form, object identification code form, executable file or some intermediate forms etc..Readable Jie of above computer Matter can include:Can carry any entity or device of above computer program code, recording medium, USB flash disk, mobile hard disk, Magnetic disc, CD, computer storage, read-only storage (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It is it should be noted that above-mentioned The content that computer-readable medium includes can carry out appropriate increasing according to legislation in jurisdiction and the requirement of patent practice Subtract, such as in some jurisdictions, according to legislation and patent practice, computer-readable medium do not include be electric carrier signal and Telecommunication signal.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although with reference to foregoing reality Example is applied the present invention is described in detail, it will be understood by those within the art that:It still can be to foregoing each Technical scheme described in embodiment is modified, or carries out equivalent substitution to which part technical characteristic;And these are changed Or replace, the essence of appropriate technical solution is departed from the spirit and scope of various embodiments of the present invention technical scheme, all should Within protection scope of the present invention.

Claims (10)

1. a kind of right management method, it is characterised in that the right management method includes:
Receive the authority request instruction that application program is sent;
The true access rights asked based on authority request instruction, it is determined that corresponding virtual with the true access rights Access rights, wherein, the true access rights are associated with the terminal data in real system, the virtual access authority and Terminal data in virtual system is associated, and the terminal data in the virtual system is different from the terminal in the real system Data;
Authorize the virtual access authority to the application program.
2. right management method as claimed in claim 1, it is characterised in that the right management method also includes:
In virtual system described in initial start-up, the virtual access authority is initialized.
3. right management method as claimed in claim 2, it is characterised in that described to be carried out initially to the virtual access authority Change, including:
Obtain the terminal data in the real system associated with the true access rights;
Terminal data in the real system that will be associated with the true access rights is copied to the virtual system;
To in the virtual system, replicating the obtained true system associated with the true access rights in a manner of default Terminal data in system is modified, using the terminal data in the real system after change as in the virtual system Terminal data;
The virtual access authority is associated with the terminal data in the virtual system, completed to the initial of virtual access authority Change.
4. right management method as claimed in claim 2, it is characterised in that before virtual system described in initial start-up, institute Stating right management method also includes:
The virtual system is created by sandbox in the real system.
5. the right management method as described in any one of Claims 1-4, it is characterised in that described to weigh the virtual access Limit authorizes the application program, also includes afterwards:
Receive the authority change directive of input;
Based on the authority change directive, the virtual access authority to be changed of the application program is determined;
Terminal data in pair virtual system associated with the virtual access authority to be changed is modified.
6. a kind of rights management device, it is characterised in that the rights management device includes:
Request reception unit, for receiving the authority request instruction of application program transmission;
Authority determining unit, the true access that the authority request instruction for being received based on the request reception unit is asked Authority, it is determined that virtual access authority corresponding with the truly access rights, wherein, the true access rights and real system In terminal data be associated, the virtual access authority is associated with the terminal data in virtual system, the virtual system In terminal data be different from the real system in terminal data;
Right grant unit, the virtual access authority for the authority determining unit to be determined authorize the application program.
7. rights management device as claimed in claim 6, it is characterised in that the rights management device also includes:
Authority initialization unit, in virtual system described in initial start-up, being initialized to the virtual access authority.
8. rights management device as claimed in claim 7, it is characterised in that the authority initialization unit includes:
Data acquisition subelement, for obtaining the terminal data in the real system associated with the true access rights;
Data duplication subelement, for the institute associated with the true access rights for getting the data acquisition subelement State the terminal data in real system and be copied to the virtual system;
Data change subelement, in a manner of default in the virtual system, the data duplication subelement replicates To real system associate with the true access rights in terminal data be modified, will be after change it is described very Terminal data in real system is as the terminal data in the virtual system;
Data correlation subelement, for by the virtual access authority and the virtual system of data change subelement determination Terminal data association, complete the initialization to virtual access authority.
9. a kind of intelligent terminal, including memory, processor and it is stored in the memory and can be on the processor The computer program of operation, it is characterised in that realize such as claim 1 to 5 described in the computing device during computer program The step of any one methods described.
10. a kind of computer-readable recording medium, the computer-readable recording medium storage has computer program, and its feature exists In when the computer program is executed by processor the step of realization such as any one of claim 1 to 5 methods described.
CN201710631659.0A 2017-07-28 2017-07-28 Authority management method, authority management device and intelligent terminal Active CN107480554B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710631659.0A CN107480554B (en) 2017-07-28 2017-07-28 Authority management method, authority management device and intelligent terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710631659.0A CN107480554B (en) 2017-07-28 2017-07-28 Authority management method, authority management device and intelligent terminal

Publications (2)

Publication Number Publication Date
CN107480554A true CN107480554A (en) 2017-12-15
CN107480554B CN107480554B (en) 2020-08-14

Family

ID=60596833

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710631659.0A Active CN107480554B (en) 2017-07-28 2017-07-28 Authority management method, authority management device and intelligent terminal

Country Status (1)

Country Link
CN (1) CN107480554B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109462576A (en) * 2018-10-16 2019-03-12 腾讯科技(深圳)有限公司 Authorization policy configuration method, device and computer readable storage medium
CN110532764A (en) * 2019-08-19 2019-12-03 维沃移动通信有限公司 A kind of method, mobile terminal and the readable storage medium storing program for executing of permission processing
CN110765426A (en) * 2019-10-22 2020-02-07 深圳市康冠智能科技有限公司 Equipment permission setting method, device, equipment and computer storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102801688A (en) * 2011-05-23 2012-11-28 联想(北京)有限公司 Data access method, device and terminal supporting data access
CN104636647A (en) * 2015-03-17 2015-05-20 南开大学 Sensitive information protection method based on virtualization technology
CN105574402A (en) * 2015-12-21 2016-05-11 联想(北京)有限公司 Control method and electronic equipment
CN105991584A (en) * 2015-02-12 2016-10-05 广东欧珀移动通信有限公司 Information authority obtaining method and terminal
CN106485163A (en) * 2016-09-22 2017-03-08 努比亚技术有限公司 Control method and control device that mobile terminal data storehouse accesses

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102801688A (en) * 2011-05-23 2012-11-28 联想(北京)有限公司 Data access method, device and terminal supporting data access
CN105991584A (en) * 2015-02-12 2016-10-05 广东欧珀移动通信有限公司 Information authority obtaining method and terminal
CN104636647A (en) * 2015-03-17 2015-05-20 南开大学 Sensitive information protection method based on virtualization technology
CN105574402A (en) * 2015-12-21 2016-05-11 联想(北京)有限公司 Control method and electronic equipment
CN106485163A (en) * 2016-09-22 2017-03-08 努比亚技术有限公司 Control method and control device that mobile terminal data storehouse accesses

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109462576A (en) * 2018-10-16 2019-03-12 腾讯科技(深圳)有限公司 Authorization policy configuration method, device and computer readable storage medium
CN110532764A (en) * 2019-08-19 2019-12-03 维沃移动通信有限公司 A kind of method, mobile terminal and the readable storage medium storing program for executing of permission processing
CN110532764B (en) * 2019-08-19 2022-03-11 维沃移动通信有限公司 Authority processing method, mobile terminal and readable storage medium
CN110765426A (en) * 2019-10-22 2020-02-07 深圳市康冠智能科技有限公司 Equipment permission setting method, device, equipment and computer storage medium

Also Published As

Publication number Publication date
CN107480554B (en) 2020-08-14

Similar Documents

Publication Publication Date Title
CN109981619A (en) Data capture method, device, medium and electronic equipment
CN108305072A (en) Dispose method, equipment and the computer storage media of block chain network
CN104081713B (en) The long-range trust identification of server and client computer in cloud computing environment and geographical location
CN103366135B (en) The security system driven by tenant in storage cloud and method
CN107925660A (en) Data access and ownership management
CN112765268B (en) Data privacy protection method, device and equipment based on block chain
CN107807991A (en) For handling the method and device of block chain data
CN109409885A (en) Across chain method of commerce, device and storage medium on block chain
CN107480554A (en) A kind of right management method, rights management device and intelligent terminal
CN106778303A (en) Delegated strategy optimization method and delegated strategy optimization device
CN108196458A (en) Intelligent home equipment control method, device and terminal device
CN108108633A (en) A kind of data file and its access method, device and equipment
CN107391003A (en) Navigation data processing method
CN109756527B (en) Data sharing method, device and system
US11741254B2 (en) Privacy centric data security in a cloud environment
CN111552945A (en) Resource processing method, device and equipment
CN107193656B (en) Resource management method of multi-core system, terminal device and computer readable storage medium
CN111324615A (en) Data processing method, device, medium and electronic equipment
CN114329565A (en) Data sharing method, device and storage medium
CN107612983A (en) A kind of radio communication function opens determination methods, system and the terminal device in region
US11477187B2 (en) API key access authorization
CN112036125B (en) Document management method and device and computer equipment
CN107566499A (en) The methods, devices and systems of data syn-chronization
CN113392350A (en) Page routing processing method, device, equipment, storage medium and program product
CN109583907A (en) A kind of checking method of electronic invoice, device, medium and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant