CN107729764A - Guard method, device, storage medium and the electronic equipment of sensitive information - Google Patents

Guard method, device, storage medium and the electronic equipment of sensitive information Download PDF

Info

Publication number
CN107729764A
CN107729764A CN201710916064.XA CN201710916064A CN107729764A CN 107729764 A CN107729764 A CN 107729764A CN 201710916064 A CN201710916064 A CN 201710916064A CN 107729764 A CN107729764 A CN 107729764A
Authority
CN
China
Prior art keywords
authority
application program
sensitive information
operation requests
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710916064.XA
Other languages
Chinese (zh)
Inventor
杜冰
张俊
林志泳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority to CN201710916064.XA priority Critical patent/CN107729764A/en
Publication of CN107729764A publication Critical patent/CN107729764A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/629Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The embodiment of the present application discloses a kind of guard method of sensitive information, device, storage medium and electronic equipment.This method includes obtaining operation requests of the application program for the sensitive information in the protected disk space of setting;Judge whether the application program has the authority for performing operation corresponding to the operation requests, wherein, the operation includes data increase operation, data deletion action, data modification operation or data query operation;When the application program has the authority, perform and operated corresponding to the operation requests.Using such scheme the application program can be avoided to perform the operation outside authority, reduce protected photograph album by the risk of illegal application operating, improve the security of sensitive information.

Description

Guard method, device, storage medium and the electronic equipment of sensitive information
Technical field
The invention relates to information security technology, more particularly to a kind of guard method of sensitive information, device, storage Medium and electronic equipment.
Background technology
Because electronic equipment has the advantages that data storage is convenient, fast, can read at any time, increasing user will be shone The multimedia files such as piece, video store on an electronic device.But this storage mode provided for user's storage file it is convenient While, exist easily by rogue program attack cause leaking data or be deleted etc. potential safety hazard.
Exemplified by carrying the smart mobile phone of Android (Android) system, some illegal application markets or the application that disguises oneself as Rogue program be once installed on smart mobile phone, can to obtain the storage authority of data in smart mobile phone, it is thus possible to The secret or significant data being stored in user on smart mobile phone carry out the operation such as being deleted or modified.It follows that correlation technique In to storing the management existing defects of secret on an electronic device or significant data.
The content of the invention
The embodiment of the present application provides a kind of guard method of sensitive information, device, storage medium and electronic equipment, can be with excellent Change the protection scheme for the sensitive information being stored in electronic equipment.
In a first aspect, the embodiment of the present application provides a kind of guard method of sensitive information, including:
Obtain operation requests of the application program for the sensitive information in the protected disk space of setting;
Judge whether the application program has the authority for performing operation corresponding to the operation requests, wherein, the behaviour Work includes data increase operation, data deletion action, data modification operation or data query operation;
When the application program has the authority, perform and operated corresponding to the operation requests.
Second aspect, the embodiment of the present application additionally provide a kind of protection device of sensitive information, and the device includes:
Acquisition request module, for obtaining behaviour of the application program for the sensitive information in the protected disk space of setting Ask;
Authority judge module, perform what is operated corresponding to the operation requests for judging whether the application program has Authority, wherein, the operation includes data increase operation, data deletion action, data modification operation or data query operation;
Operation executing module, for when the application program has the authority, performing corresponding to the operation requests Operation.
The third aspect, the embodiment of the present application additionally provide a kind of computer-readable recording medium, are stored thereon with computer Program, the guard method of the sensitive information as described in the embodiment of the present application is realized when the program is executed by processor.
Fourth aspect, the embodiment of the present application additionally provide a kind of electronic equipment, including memory, processor and are stored in On reservoir and the computer program that can run on a processor, such as this Shen is realized described in the computing device during computer program The guard method of sensitive information that please be described in embodiment.
The embodiment of the present application provides a kind of protection scheme of sensitive information, by obtaining application program being protected for setting The operation requests of the sensitive information protected in disk space;Judge whether the application program has the execution operation requests corresponding Operation authority;When the application program has the authority, perform and operated corresponding to the operation requests, avoid this should The operation outside default access is performed with program, protected photograph album is reduced by the risk of illegal operation, improves sensitive information Security.
Brief description of the drawings
Fig. 1 is a kind of flow chart of the guard method for sensitive information that the embodiment of the present application provides;
Fig. 2 is the flow chart of the guard method for another sensitive information that the embodiment of the present application provides;
Fig. 3 is a kind of deletion process schematic for sensitive information that the embodiment of the present application provides;
Fig. 4 is the flow chart of the guard method for another sensitive information that the embodiment of the present application provides;
Fig. 5 is a kind of structural representation of the protection device for sensitive information that the embodiment of the present application provides;
Fig. 6 is the structural representation for a kind of electronic equipment that the embodiment of the present application provides.
Embodiment
The application is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched The specific embodiment stated is used only for explaining the application, rather than the restriction to the application.It also should be noted that in order to just The part related to the application rather than entire infrastructure are illustrate only in description, accompanying drawing.
It should be mentioned that some exemplary embodiments are described as before exemplary embodiment is discussed in greater detail The processing described as flow chart or method.Although each step is described as the processing of order, many of which by flow chart Step can be implemented concurrently, concomitantly or simultaneously.In addition, the order of each step can be rearranged.When its operation The processing can be terminated during completion, it is also possible to the additional step being not included in accompanying drawing.The processing can be with Corresponding to method, function, code, subroutine, subprogram etc..
In correlation technique, because management and control of the android system to storing authority is very loose, some illegal application operatings are given The secret of user, vital document provide opportunity.For example, if the third party application in android system possesses pin Storage authority to photograph album, the then file data that can be stored on an electronic device to user are deleted, are inquired about, changed or increased Operation, the secret of serious threat to user, the security of vital document such as add.Some illegal application markets or the application that disguises oneself as Rogue program once being mounted, serious potential safety hazard may be produced to the secret of user, vital document.For example, some evils Meaning program temporarily can delete or encrypt the sensitive informations such as photo in user's photograph album, video, extort user with this, and then give user Cause any property loss.The protection scheme for the sensitive information that the embodiment of the present application provides can be very good solve above-mentioned electronic equipment The problem of sensitive information security of middle storage.
Fig. 1 is a kind of flow chart of the guard method for sensitive information that the embodiment of the present application provides, and this method can be by quick The protection device for feeling information performs, wherein, the device can be realized by software and/or hardware, can typically be integrated in electronic equipment In.As shown in figure 1, this method includes:
Step 110, obtain operation requests of the application program for the sensitive information in the protected disk space of setting.
Wherein, application program includes the sensitive information tool such as private data or significant data being directed in protected disk space There is the application program of storage authority.To the application program with storage authority, further limit it and operate the authority of sensitive information. Wherein, authority includes increase authority, deletes at least one of authority, modification authority, search access right.
Protected disk space includes shielded file etc..For example, for photograph album application, can pre-set one by Photo or video are stored in the protected photograph album, can avoided without storage authority by the file of protection as protected photograph album The sensitive information in protected photograph album is inquired about or obtained to application program, protects the security of sensitive information.Exemplarily, with authority Mode delete third party application the behavior of photo or video file in protected photograph album and carry out management and control, can be should With program this act of deleting is performed using media library (MeidaProvider).MeidaProvider should as system level Run with program in system, the information related for handling mobile phone inner multimedia file (video or photo etc.). MeidaProvider is after electronic equipment starting up, the change request of meeting file on " monitoring " disk of backstage, particular case Under, the information of media file can be automatically updated.For example, whether add multimedia file on disk, if be deleted more matchmakers Whether body file, some multimedia file titles are changed etc..Operation requests include data increase operation requests, data are deleted Operation requests, data modification operation request or data query operation request.Application program can be provided by the unified of destination object Source identifier (Uniform resource identifier, abbreviation Uri) address, obtain pending carrying sensitive information Destination object, repaiied in order to carry out data increase operation, data deletion action, data query operation or data to the destination object Change operation.
When detecting operation requests, whether the object for judging the operation requests is protected disk space set in advance Interior sensitive information.For example, when application program sends the Uri addresses of destination object to media library, whether the Uri addresses are judged It is the address for the file that protected disk space set in advance includes, if, it is determined that operation requests corresponding to Uri addresses are Operation requests of the application program for the sensitive information in the protected disk space of setting.
Step 120, judge whether the application program has the authority for performing operation corresponding to the operation requests, if It is then to perform step 130.
Wherein, verify whether application program has the authority for performing operation requests respective operations.For example, application program A has There is the storage authority for the destination object that sensitive information is carried in protected photograph album, and sensitive information in protected photograph album is looked into Ask authority.If detect that application program A sends removal request, the target pair is judged according to the Uri addresses of the destination object As if no belong to protected photograph album.Deleted if so, then verifying whether application program A has for sensitive information in protected photograph album Except authority.Due in advance for application program A configuration pins to the deletion authority of sensitive information in this protected disk space, then may be used To determine application program without the deletion authority for deleting sensitive information in protected photograph album.
It is understood that increase to have the application program configuration of storage authority to perform data for protected disk space Add, data are deleted, the mode of the authority of data modification or data query has many kinds, the embodiment of the present application does not limit specifically It is fixed.For example, the use habit of target group can be counted, it is defined as a certain application program with storage authority and configures identical power The quantity of limit exceedes the permission type of setting amount threshold, by the bag name or other unique marks of the permission type and application program The information of application program is bound, and is configured before electronic equipment dispatches from the factory in electronic equipment.And for example, authority is provided the user Configuration feature, when user opens authority configuration function, displaying has storage for the sensitive information in protected disk space The application program of authority, and user is prompted as application program configuration setting authority.User can be selected as whole application programs Authority is set, certain applications program is may also be only and authority is set.
Step 130, perform operation corresponding to the operation requests.
If application program has the authority for performing operation corresponding to the operation requests, it is corresponding to perform the operation requests Operation.Exemplary, if removal request of the application program to the sensitive photo in shielded photograph album is detected, and the application Program has the deletion authority that deletion action is performed for the sensitive photo in the protected photograph album, then performs removal request, by Sensitive photo corresponding to the removal request is deleted in the protected photograph album.For example, application program B is under the operation instruction of user The photo M in protected photograph album is deleted in request, if application program B has the deletion authority for photo in protected photograph album, Application program B removal request is performed, by deleting photo M in protected photograph album.
The technical scheme of the present embodiment, by obtaining application program for the sensitive letter in the protected disk space of setting The operation requests of breath;Judge whether the application program has the authority for performing operation corresponding to the operation requests;Described When application program has the authority, perform and operated corresponding to the operation requests, avoid the application program from performing outside authority Operation, reduce protected photograph album by the risk of illegal operation, improve the security of sensitive information.
Fig. 2 is the flow chart of the guard method for another sensitive information that the embodiment of the present application provides.As shown in Fig. 2 should Method includes:
Step 201, obtain operation requests of the application program for the sensitive information in the protected disk space of setting.
Step 202, judge whether the operation requests are triggered by non-user operation instruction, if so, step 203 is then performed, Otherwise step 208 is performed.
Exemplarily, detect application program for the sensitive information in protected disk space operation requests when, Judge whether the operation requests are triggered by non-user operation instruction.It is understood that determine the mode of non-user operation instruction There are many kinds, the present embodiment is not especially limited.For example, the determination mode of non-user operation instruction can judge the operation Whether request is by acting on the triggering of the touch event on touch-screen, if so, then judging that the operation requests are touched by user's operation instruction Hair;Otherwise, it determines the operation requests are triggered by non-user operation instruction.Optionally, in the operation requests not by touch event During triggering, judge the operation requests whether by user input speech trigger, if so, then judging that the operation requests are grasped by user Make instruction triggering;Otherwise, it determines the operation requests are triggered by non-user operation instruction.Optionally, the operation requests not by When touch event and speech trigger, judge whether the operation requests are clicked on physical button by user and triggered, if so, then judging to be somebody's turn to do Operation requests are triggered by user's operation instruction;Otherwise, it determines the operation requests are triggered by non-user operation instruction.
Step 203, determine the application program without the authority for performing operation corresponding to the operation requests.
When the operation requests are triggered by non-user operation instruction, determine the application program without the execution behaviour The authority of operation corresponding to asking.
Step 204, when the application program does not have the authority, output prompt the user to choose whether to allow it is described should The prompt message operated corresponding to program performs the operation requests.
When the application program does not have the authority, the display reminding information in the form of pop-up dialogue box, with prompting User chooses whether that allowing the application program to perform corresponding to the operation requests operates.Can not be that the application program is matched somebody with somebody In the case of putting a certain authority, the operation as corresponding to whether artificial judgment allows the application program to perform this operation requests.Can Choosing, prompt the user whether to increase the authority for the application program according to user's selection, if detecting the positive reply of user, Update white list.
Exemplary, application program A has the storage authority of protected photograph album, and to sensitive information in protected photograph album Search access right.If detect that application program A sends for sensitive information removal request when, due to being not in advance application Authority is deleted in program A configurations, then application program can be determined without the deletion authority for deleting sensitive information in protected photograph album. Display dialog box prompts the user to choose whether to allow application program A to perform this deletion action, if user selects "Yes", to answer The deletion authority of this deletion action is assigned with program A.Optionally, can also further ask the user whether as application program A Set and delete authority, user inputs positive reply if detecting, updates white list, application program A is had for protected The deletion authority of sensitive information, search access right and the storage authority to protected disk space in disk space.
Step 205, the response message for the prompt message for obtaining user's input.
Step 206, judge whether the response message is to allow to indicate, if so, then performing step 209, otherwise, perform step Rapid 207.
Step 207, abandon performing operation corresponding to the operation requests.
When the response message is forbids instruction, abandon performing corresponding to the operation requests operating.
Step 208, inquiry setting white list, determine authority corresponding to the application program.
Wherein, white list includes application program with operating the incidence relation of the authority of sensitive information in protected disk space List.Optionally, before inquiry sets white list, in addition to:Obtain for sensitive letter in the protected disk space Application program of the breath with storage authority;It is the authority that the application program is set to obtain user;According to the application program and Corresponding permission build white list.
Exemplary, when detecting third-party application installation, asking the user whether that assigning the third-party application is directed to After the storage authority of protected disk space, also prompt user that the application program with storage authority is set to protected disk The operating right of sensitive information in space, white list is generated according to result is set.For example, obtain for sensitive in protected photograph album Information has at least one application program of storage authority, and shows on the touchscreen, prompts user to set each application program To the operating right of sensitive information in protected photograph album.Wherein, touch-screen is the display screen with touch controllable function.User is obtained to set The operating right for the application program put.According to the application program and corresponding operating right generation white list.Example Such as, application program A and application program B is respectively provided with the storage authority for sensitive information in protected photograph album.Obtain setting for user Result is put to learn:Application program A has the search access right for sensitive information in protected photograph album, and application program B, which has, to be directed to The deletion authority of sensitive information, modification authority, increase authority and search access right in protected photograph album.According to above-mentioned setting result, The data of the unique mark application program such as application program A bag name or process name are associated with its operating right (i.e. search access right) It is stored in white list;And by application program B bag name or process name etc. and its operating right (delete authority, modification authority, Increasing authority and search access right) associated storage is in white list.
Detecting operation requests of the application program for the sensitive information in protected disk space, and the operation requests When being triggered for user's operation instruction, above-mentioned white list is inquired about, determining whether the application program has according to Query Result performs The authority of operation corresponding to the operation requests.For example, detecting application program B deleting for the photo in protected photograph album During except request, above-mentioned white list is inquired about, determines that application program B has and deletes authority, it is determined that application program B, which has, performs deletion The authority of deletion action corresponding to request.
Step 209, the Uniform Resource Identifier address for the sensitive information being directed to according to the operation requests are sent out to media library Inquiry request is sent, obtains the sensitive information.
Step 210, operation corresponding to the operation requests is performed to the sensitive information.
Exemplary, so that sensitive information is sensitive photo as an example, if detecting application program in shielded photograph album The removal request of sensitive photo, and the application program has the deletion authority for the sensitive photo in the protected photograph album, then Perform removal request, the sensitive photo as corresponding to deleting the removal request in the protected photograph album.For example, application program B exists The photo M in protected photograph album is deleted in request under the operation instruction of user, if application program B has for being shone in protected photograph album The deletion authority of piece, then application program B removal request is performed, by deleting photo M in protected photograph album.
Optionally, before operation corresponding to the operation requests is performed, can also include:Prompt the user to choose whether to permit Perhaps the operation is performed.Wherein it is possible to by the way of pop-up is shown on the touchscreen, prompt the user to choose whether to allow to perform The operation.Optionally, it can also be by way of voice message, and obtain the audio response message of user's input.Can be with Understand, prompting mode there can be many kinds, and the embodiment of the present application is simultaneously not especially limited.Obtain the response letter of user's input Breath.When the response message correspondingly allows instruction, perform and operated corresponding to the operation requests.Correspondingly forbid referring in the response message When showing, abandon performing corresponding to the operation requests operating.Fig. 3 shows a kind of deleting for sensitive information that the embodiment of the present application provides Except process schematic.As shown in figure 3, user performs the gesture (figure by interface upward-sliding bottoms in application program B interface Middle dotted arrow represents glide direction, and triggers and show that the mode of photo icon is not limited to this gesture), at application program B bottom Portion shows photo, shooting and location function module, if user clicks on photo functional module, can access photograph album.Application program B exists The photo M in protected photograph album is deleted in request under the operation instruction of user, if application program B has for being shone in protected photograph album The deletion authority of piece, then show pop-up, to prompt the user whether photo M to be deleted.Obtain the response message of user's input;Due to Response message for " it is determined that ", perform for photo M deletion action.
The technical scheme of the present embodiment, by obtaining application program for the sensitive letter in the protected disk space of setting During the operation requests of breath, detect whether the operation requests are triggered by non-user operation instruction, so as to avoid rogue program automatic The sensitive information in protected disk space is operated, improves Information Security.In addition, verify that the application is by white list It is no that there is the authority, improve authentication efficiency;Meanwhile when it is determined that the application program does not have the authority, inquire user Whether allow the application program to perform corresponding to the operation requests to operate, can not be that the application program configures a certain power In the case of limit, the operation as corresponding to whether artificial judgment allows the application program to perform this operation requests.
Fig. 4 is the flow chart of the guard method for another sensitive information that the embodiment of the present application provides.As shown in figure 4, should Method includes:
Step 410, detect that application call media library carries out deletion action to destination object.
Wherein, destination object includes the object that removal request includes.For example, if application program A will delete a photo, The photo is destination object.Uri address lookups media library in the removal request according to corresponding to deletion action can determine target Object.
Step 420, judge whether destination object is photo or video in protected photograph album catalogue, if so, then performing step Rapid 430, otherwise, perform step 460.
Exemplary, it can judge whether the destination object belongs to protected photograph album according to the Uri addresses of the destination object Catalogue.Wherein, photo and video are stored in protected photograph album catalogue, can be with according to the filename of destination object or file size etc. Determine that it is video or photo.
Step 430, judge whether the application program has deletion authority, if so, then performing step 460, otherwise perform step Rapid 440.
Exemplary, it can judge whether application program has by way of inquiring about white list and delete authority.
Step 440, display dialog box, prompt the user to choose whether to allow the application program to perform deletion action.
When application program is without authority is deleted, dialog box is shown, is prompted the user to choose whether by the dialog box The application program is allowed to perform deletion action corresponding to this removal request.
Step 450, judge whether the response message that user inputs is permission, if so, then performing step 460, otherwise, perform Step 470.
Step 460, recover media library normal flow, it is allowed to delete.
Step 470, determine to fail for the deletion action of destination object.
The technical scheme of the present embodiment avoids the application program from performing the operation outside authority, reduces protected photograph album quilt The risk of illegal application operating, improve the security of sensitive information.Meanwhile it is determined that the application program does not have the power In limited time, ask the user whether that allowing the application program to perform corresponding to the operation requests operates, can not be the application In the case that program configures a certain authority, the application program whether is allowed to perform with the behaviour in the case of authority by artificial judgment Make.
Fig. 5 is a kind of structural representation of the protection device for sensitive information that the embodiment of the present application provides.The device can be by Software and/or hardware are realized, are typically integrated in electronic equipment.As shown in figure 5, the device includes:
Acquisition request module 510, for obtaining application program for the sensitive information in the protected disk space of setting Operation requests;
Authority judge module 520, behaviour corresponding to the operation requests is performed for judging whether the application program has The authority of work, wherein, the operation includes data increase operation, data deletion action, data modification operation or data query behaviour Make;
Operation executing module 530, it is corresponding for when the application program has the authority, performing the operation requests Operation.
The technical scheme of the present embodiment provides a kind of protection device of sensitive information, effectively application program can be avoided to hold Operation outside row authority, the sensitive information in protected disk space is reduced by the risk of illegal operation, improves sensitivity The security of information.
Optionally, in addition to nformation alert module, it is used for:
When the application program does not have the authority, output prompts the user to choose whether to allow the application program to hold The prompt message of operation corresponding to the row operation requests;
Obtain the response message for the prompt message of user's input;
When the response message is allows instruction, perform and operated corresponding to the operation requests;
When the response message is forbids instruction, abandon performing corresponding to the operation requests operating.
Optionally, authority judge module 520 is specifically used for:
Judge whether the operation requests are triggered by non-user operation instruction;
If, it is determined that the application program is without the authority for performing operation corresponding to the operation requests;
Otherwise, inquiry setting white list, determine whether the application program has according to Query Result and perform the operation The authority of operation corresponding to request, wherein, the authority includes increase authority, deleted in authority, modification authority, search access right It is at least one.
Optionally, in addition to white list generation module, it is used for:
Obtained before inquiry sets white list has storage authority for sensitive information in the protected disk space Application program;
It is the authority that the application program is set to obtain user;
According to the application program and corresponding permission build white list.
Optionally, operation executing module 530 is specifically used for:
The Uniform Resource Identifier address for the sensitive information being directed to according to the operation requests sends inquiry to media library please Ask, obtain the sensitive information;
Operation corresponding to the operation requests is performed to the sensitive information.
The embodiment of the present invention also provides a kind of storage medium for including computer executable instructions, and the computer can perform When being performed by computer processor for performing a kind of guard method of sensitive information, this method includes for instruction:
Obtain operation requests of the application program for the sensitive information in the protected disk space of setting;
Judge whether the application program has the authority for performing operation corresponding to the operation requests, wherein, the behaviour Work includes data increase operation, data deletion action, data modification operation or data query operation;
When the application program has the authority, perform and operated corresponding to the operation requests.
Storage medium --- any various types of memory devices or storage device.Term " storage medium " is intended to wrap Include:Install medium, such as CD-ROM, floppy disk or magnetic tape equipment;Computer system memory or random access memory, such as DRAM, DDR RAM, SRAM, EDO RAM, blue Bath (Rambus) RAM etc.;Nonvolatile memory, such as flash memory, magnetizing mediums (such as hard disk or optical storage);Memory component of register or other similar types etc..Storage medium can also include other The memory of type or its combination.In addition, storage medium can be located at program in the first computer system being wherein performed, Or can be located in different second computer systems, second computer system is connected to the by network (such as internet) One computer system.Second computer system can provide programmed instruction and be used to perform to the first computer." storage is situated between term Matter " can include may reside within diverse location two of (such as in different computer systems by network connection) or More storage mediums.Storage medium can store the programmed instruction that can be performed by one or more processors and (such as implement For computer program).
Certainly, a kind of storage medium for including computer executable instructions that the embodiment of the present invention is provided, its computer The operation for the protection sensitive information that executable instruction is not limited to the described above, can also carry out any embodiment of the present invention and is provided Sensitive information guard method in associative operation.
The embodiment of the present application provides a kind of electronic equipment, and the quick of the embodiment of the present application offer can be integrated in the electronic equipment Feel the protection device of information.Wherein, electronic equipment includes smart mobile phone, tablet personal computer, notebook computer, DPF and intelligence Wrist-watch etc..Fig. 6 is the structural representation for a kind of electronic equipment that the embodiment of the present application provides.As shown in fig. 6, the electronic equipment can With including:Memory 601 and central processing unit (Central Processing Unit, CPU) 602 (are also known as processor, below Abbreviation CPU).The memory 601, for storing computer program;The CPU602 reads and performed in the memory 601 The computer program of storage.The CPU602 realizes following steps when performing the computer program:
Obtain operation requests of the application program for the sensitive information in the protected disk space of setting;
Judge whether the application program has the authority for performing operation corresponding to the operation requests, wherein, the behaviour Work includes data increase operation, data deletion action, data modification operation or data query operation;
When the application program has the authority, perform and operated corresponding to the operation requests.
The electronic equipment also includes:Peripheral Interface 603, RF (Radio Frequency, radio frequency) circuit 605, audio-frequency electric Road 606, loudspeaker 611, power management chip 608, input/output (I/O) subsystem 609, other input/control devicess 610 And outside port 604, these parts are communicated by one or more communication bus or signal wire 607.
It should be understood that diagram electronic equipment is only an example, and electronic equipment can have than institute in figure The more or less parts shown, two or more parts can be combined, or there can be different parts to match somebody with somebody Put.Various parts shown in figure can be hard including one or more signal transactings and/or application specific integrated circuit Realized in the combination of part, software or hardware and software.
The electronic equipment of the protection device for being integrated with sensitive information provided below with regard to the present embodiment is described in detail, The electronic equipment is by taking mobile phone as an example.
Memory 601, the memory 601 can be accessed by CPU602, Peripheral Interface 603 etc., and the memory 601 can Including high-speed random access memory, can also include nonvolatile memory, such as one or more disk memories, Flush memory device or other volatile solid-state parts.
The input of equipment and output peripheral hardware can be connected to CPU602 and deposited by Peripheral Interface 603, the Peripheral Interface 603 Reservoir 601.
I/O subsystems 609, the I/O subsystems 609 can be by the input/output peripherals in equipment, such as touch-screen 612 With other input/control devicess 610, Peripheral Interface 603 is connected to.I/O subsystems 609 can include the He of display controller 6091 For controlling one or more input controllers 6092 of other input/control devicess 610.Wherein, one or more input controls Device 6092 processed receives electric signal from other input/control devicess 610 or sends electric signal to other input/control devicess 610, Other input/control devicess 610 can include physical button (pressing button, rocker buttons etc.), dial, slide switch, behaviour Vertical pole, click on roller.What deserves to be explained is input controller 6092 can with it is following any one be connected:Keyboard, infrared port, The instruction equipment of USB interface and such as mouse.
Touch-screen 612, the touch-screen 612 are the input interface and output interface between user terminal and user, can It can include figure, text, icon, video etc. to user, visual output depending on output display.
Display controller 6091 in I/O subsystems 609 receives electric signal from touch-screen 612 or sent out to touch-screen 612 Electric signals.Touch-screen 612 detects the contact on touch-screen, and the contact detected is converted to and shown by display controller 6091 The interaction of user interface object on touch-screen 612, that is, realize man-machine interaction, the user interface being shown on touch-screen 612 Icon that object can be the icon of running game, be networked to corresponding network etc..What deserves to be explained is equipment can also include light Mouse, light mouse is not show the touch sensitive surface visually exported, or the extension of the touch sensitive surface formed by touch-screen.
RF circuits 605, it is mainly used in establishing the communication of mobile phone and wireless network (i.e. network side), realizes mobile phone and wireless network The data receiver of network and transmission.Such as transmitting-receiving short message, Email etc..Specifically, RF circuits 605 receive and send RF letters Number, RF signals are also referred to as electromagnetic signal, and RF circuits 605 convert electrical signals to electromagnetic signal or electromagnetic signal is converted into telecommunications Number, and communicated by the electromagnetic signal with communication network and other equipment.RF circuits 605 can include being used to perform The known circuit of these functions, it includes but is not limited to antenna system, RF transceivers, one or more amplifiers, tuner, one Individual or multiple oscillators, digital signal processor, CODEC (COder-DECoder, coder) chipset, user identify mould Block (Subscriber Identity Module, SIM) etc..
Voicefrequency circuit 606, it is mainly used in receiving voice data from Peripheral Interface 603, the voice data is converted into telecommunications Number, and the electric signal is sent to loudspeaker 611.
Loudspeaker 611, for the voice signal for receiving mobile phone from wireless network by RF circuits 605, it is reduced to sound And play the sound to user.
Power management chip 608, the hardware for being connected by CPU602, I/O subsystem and Peripheral Interface are powered And power management.
The electronic equipment that the embodiment of the present application provides, application program can be effectively avoided to perform the operation outside authority, Sensitive information is reduced in protected disk space by the risk of illegal operation, improves the security of sensitive information.
Protection device, storage medium and the electronic equipment of the sensitive information provided in above-described embodiment can perform the application and appoint The guard method for the sensitive information that meaning embodiment is provided, possess and perform the corresponding functional module of this method and beneficial effect.Not The ins and outs of detailed description in the above-described embodiments, reference can be made to the protection for the sensitive information that the application any embodiment is provided Method.
Pay attention to, above are only preferred embodiment and the institute's application technology principle of the application.It will be appreciated by those skilled in the art that The application is not limited to specific embodiment described here, can carry out for a person skilled in the art various obvious changes, The protection domain readjusted and substituted without departing from the application.Therefore, although being carried out by above example to the application It is described in further detail, but the application is not limited only to above example, in the case where not departing from the application design, also Other more equivalent embodiments can be included, and scope of the present application is determined by scope of the appended claims.

Claims (12)

  1. A kind of 1. guard method of sensitive information, it is characterised in that including:
    Obtain operation requests of the application program for the sensitive information in the protected disk space of setting;
    Judge whether the application program has the authority for performing operation corresponding to the operation requests, wherein, the operation bag Include data increase operation, data deletion action, data modification operation or data query operation;
    When the application program has the authority, perform and operated corresponding to the operation requests.
  2. 2. according to the method for claim 1, it is characterised in that also include:
    When the application program does not have the authority, output prompts the user to choose whether to allow the application program to perform institute State the prompt message of operation corresponding to operation requests;
    Obtain the response message for the prompt message of user's input;
    When the response message is allows instruction, perform and operated corresponding to the operation requests;
    When the response message is forbids instruction, abandon performing corresponding to the operation requests operating.
  3. 3. according to the method for claim 1, it is characterised in that judge whether the application program has and perform the operation The authority of operation corresponding to request, including:
    Judge whether the operation requests are triggered by non-user operation instruction;
    If, it is determined that the application program is without the authority for performing operation corresponding to the operation requests;
    Otherwise, inquiry setting white list, determine whether the application program has according to Query Result and perform the operation requests The authority of corresponding operation, wherein, the authority includes increase authority, deleted in authority, modification authority, search access right at least It is a kind of.
  4. 4. according to the method for claim 3, it is characterised in that before inquiry sets white list, in addition to:
    Obtain the application program that there is storage authority for sensitive information in the protected disk space;
    It is the authority that the application program is set to obtain user;
    According to the application program and corresponding permission build white list.
  5. 5. method according to any one of claim 1 to 4, it is characterised in that perform and grasped corresponding to the operation requests Make, including:
    The Uniform Resource Identifier address for the sensitive information being directed to according to the operation requests sends inquiry request to media library, obtains Obtain the sensitive information;
    Operation corresponding to the operation requests is performed to the sensitive information.
  6. A kind of 6. protection device of sensitive information, it is characterised in that including:
    Acquisition request module, please for the operation of the sensitive information in the protected disk space of setting for obtaining application program Ask;
    Authority judge module, the power operated corresponding to the operation requests is performed for judging whether the application program has Limit, wherein, the operation includes data increase operation, data deletion action, data modification operation or data query operation;
    Operation executing module, operated for when the application program has the authority, performing corresponding to the operation requests.
  7. 7. device according to claim 6, it is characterised in that also including nformation alert module, be used for:
    When the application program does not have the authority, output prompts the user to choose whether to allow the application program to perform institute State the prompt message of operation corresponding to operation requests;
    Obtain the response message for the prompt message of user's input;
    When the response message is allows instruction, perform and operated corresponding to the operation requests;
    When the response message is forbids instruction, abandon performing corresponding to the operation requests operating.
  8. 8. device according to claim 6, it is characterised in that authority judge module is specifically used for:
    Judge whether the operation requests are triggered by non-user operation instruction;
    If, it is determined that the application program is without the authority for performing operation corresponding to the operation requests;
    Otherwise, inquiry setting white list, determine whether the application program has according to Query Result and perform the operation requests The authority of corresponding operation, wherein, the authority includes increase authority, deleted in authority, modification authority, search access right at least It is a kind of.
  9. 9. device according to claim 8, it is characterised in that also including white list generation module, be used for:
    Obtained before inquiry setting white list has answering for storage authority for sensitive information in the protected disk space Use program;
    It is the authority that the application program is set to obtain user;
    According to the application program and corresponding permission build white list.
  10. 10. the device according to any one of claim 6 to 9, it is characterised in that operation executing module is specifically used for:
    The Uniform Resource Identifier address for the sensitive information being directed to according to the operation requests sends inquiry request to media library, obtains Obtain the sensitive information;
    Operation corresponding to the operation requests is performed to the sensitive information.
  11. 11. a kind of computer-readable recording medium, is stored thereon with computer program, it is characterised in that the program is by processor The guard method of the sensitive information as described in any in claim 1 to 5 is realized during execution.
  12. 12. a kind of electronic equipment, including memory, processor and storage are on a memory and the calculating that can run on a processor Machine program, it is characterised in that realized described in the computing device during computer program as described in any in claim 1 to 5 Sensitive information guard method.
CN201710916064.XA 2017-09-30 2017-09-30 Guard method, device, storage medium and the electronic equipment of sensitive information Pending CN107729764A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710916064.XA CN107729764A (en) 2017-09-30 2017-09-30 Guard method, device, storage medium and the electronic equipment of sensitive information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710916064.XA CN107729764A (en) 2017-09-30 2017-09-30 Guard method, device, storage medium and the electronic equipment of sensitive information

Publications (1)

Publication Number Publication Date
CN107729764A true CN107729764A (en) 2018-02-23

Family

ID=61208412

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710916064.XA Pending CN107729764A (en) 2017-09-30 2017-09-30 Guard method, device, storage medium and the electronic equipment of sensitive information

Country Status (1)

Country Link
CN (1) CN107729764A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108595945A (en) * 2018-04-18 2018-09-28 Oppo广东移动通信有限公司 Permission reminding method, device, mobile terminal, server and storage medium
CN108737655A (en) * 2018-05-16 2018-11-02 Oppo广东移动通信有限公司 Image processing method and relevant apparatus
CN109062726A (en) * 2018-06-04 2018-12-21 Oppo广东移动通信有限公司 data display method and device
CN109726586A (en) * 2018-12-17 2019-05-07 杭州安恒信息技术股份有限公司 Data fine granularity authorization sharing method, system and electronic equipment
CN110460716A (en) * 2019-06-28 2019-11-15 华为技术有限公司 A kind of method and electronic equipment of respond request
CN110955869A (en) * 2018-09-26 2020-04-03 南昌欧菲生物识别技术有限公司 Terminal software authority management method and device, terminal and storage medium
CN111209575A (en) * 2018-11-22 2020-05-29 阿里巴巴集团控股有限公司 Data protection method, generation method, transmission method, device and storage medium
WO2021022433A1 (en) * 2019-08-05 2021-02-11 宇龙计算机通信科技(深圳)有限公司 Application monitoring method and apparatus, and storage medium and electronic device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105095745A (en) * 2014-05-12 2015-11-25 宇龙计算机通信科技(深圳)有限公司 Authority control method and device
CN105205413A (en) * 2015-10-26 2015-12-30 青岛海信移动通信技术股份有限公司 Data protecting method and device
CN106709034A (en) * 2016-12-29 2017-05-24 广东欧珀移动通信有限公司 File protection method and apparatus, and terminal
CN107172102A (en) * 2017-07-13 2017-09-15 上海联影医疗科技有限公司 Data access method, system and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105095745A (en) * 2014-05-12 2015-11-25 宇龙计算机通信科技(深圳)有限公司 Authority control method and device
CN105205413A (en) * 2015-10-26 2015-12-30 青岛海信移动通信技术股份有限公司 Data protecting method and device
CN106709034A (en) * 2016-12-29 2017-05-24 广东欧珀移动通信有限公司 File protection method and apparatus, and terminal
CN107172102A (en) * 2017-07-13 2017-09-15 上海联影医疗科技有限公司 Data access method, system and storage medium

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108595945A (en) * 2018-04-18 2018-09-28 Oppo广东移动通信有限公司 Permission reminding method, device, mobile terminal, server and storage medium
CN108595945B (en) * 2018-04-18 2021-01-05 Oppo广东移动通信有限公司 Permission prompting method and device, mobile terminal, server and storage medium
CN108737655A (en) * 2018-05-16 2018-11-02 Oppo广东移动通信有限公司 Image processing method and relevant apparatus
CN108737655B (en) * 2018-05-16 2020-10-09 Oppo广东移动通信有限公司 Picture processing method and related device
CN109062726A (en) * 2018-06-04 2018-12-21 Oppo广东移动通信有限公司 data display method and device
CN110955869A (en) * 2018-09-26 2020-04-03 南昌欧菲生物识别技术有限公司 Terminal software authority management method and device, terminal and storage medium
CN111209575A (en) * 2018-11-22 2020-05-29 阿里巴巴集团控股有限公司 Data protection method, generation method, transmission method, device and storage medium
CN111209575B (en) * 2018-11-22 2023-05-26 阿里巴巴集团控股有限公司 Data protection method, generation method, transmission method, device and storage medium
CN109726586A (en) * 2018-12-17 2019-05-07 杭州安恒信息技术股份有限公司 Data fine granularity authorization sharing method, system and electronic equipment
CN110460716A (en) * 2019-06-28 2019-11-15 华为技术有限公司 A kind of method and electronic equipment of respond request
WO2021022433A1 (en) * 2019-08-05 2021-02-11 宇龙计算机通信科技(深圳)有限公司 Application monitoring method and apparatus, and storage medium and electronic device

Similar Documents

Publication Publication Date Title
CN107729764A (en) Guard method, device, storage medium and the electronic equipment of sensitive information
CN104992091B (en) Access the method, apparatus and storage medium of terminal
CN107622203B (en) Sensitive information protection method and device, storage medium and electronic equipment
CN107291962B (en) Searching method, searching device, storage medium and electronic equipment
CN106709034A (en) File protection method and apparatus, and terminal
CN107704759A (en) Control method, device, storage medium and the electronic equipment of sensitive operation
CN106445647B (en) Open the data manipulation method, device and mobile terminal of application more
CN106484547A (en) A kind of management method, device and terminal for opening application more
WO2018098941A1 (en) Processing method for communication identifier binding and terminal
CN109408465B (en) File attribution information recording method, device, storage medium and terminal
CN107450839A (en) Control method, device, storage medium and mobile terminal based on blank screen gesture
CN107844342A (en) Management-control method, device and the storage medium and mobile terminal of application program keep-alive
CN107729765B (en) Multimedia data management method and device, storage medium and electronic equipment
CN106484262A (en) A kind of generation method of application of attending to anything else, device and terminal
WO2023151677A1 (en) Method and apparatus for determining file integrity in file system, and electronic device
CN106445671B (en) A kind of management method of application program, device and terminal
CN107026933A (en) A kind of information management method, device and intelligent terminal for opening application more
CN106485136A (en) The authority configuring method of application program, device and mobile terminal
CN106484479A (en) A kind of management method, device and intelligent terminal for opening application more
CN109271211A (en) Method, apparatus of attending to anything else, equipment and the medium of application program
CN106487789A (en) A kind of method of the password of modification application account, device and mobile terminal
CN106650324A (en) Application program authority management method and device and mobile terminal
CN106445706B (en) Open the data transmission method, device and mobile terminal of application more
CN110263515B (en) Opening method of encrypted application and terminal equipment
CN106445670B (en) A kind of data managing method, device and mobile terminal for opening application more

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 523860 No. 18, Wu Sha Beach Road, Changan Town, Dongguan, Guangdong

Applicant after: GUANGDONG OPPO MOBILE TELECOMMUNICATIONS Corp.,Ltd.

Address before: 523860 No. 18, Wu Sha Beach Road, Changan Town, Dongguan, Guangdong

Applicant before: GUANGDONG OPPO MOBILE TELECOMMUNICATIONS Corp.,Ltd.

RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180223