CN107979684A - Right management method, device and terminal - Google Patents
Right management method, device and terminal Download PDFInfo
- Publication number
- CN107979684A CN107979684A CN201610921884.3A CN201610921884A CN107979684A CN 107979684 A CN107979684 A CN 107979684A CN 201610921884 A CN201610921884 A CN 201610921884A CN 107979684 A CN107979684 A CN 107979684A
- Authority
- CN
- China
- Prior art keywords
- application
- authority
- specified
- specified authority
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000007726 management method Methods 0.000 title claims abstract description 50
- 238000000034 method Methods 0.000 claims abstract description 40
- 230000000977 initiatory effect Effects 0.000 claims description 8
- 238000000638 solvent extraction Methods 0.000 claims description 3
- 230000008569 process Effects 0.000 description 16
- 230000015654 memory Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000006872 improvement Effects 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 208000003443 Unconsciousness Diseases 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000004744 fabric Substances 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/72—Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
- H04M1/724—User interfaces specially adapted for cordless or mobile telephones
- H04M1/72448—User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions
- H04M1/72463—User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions to restrict the functionality of the device
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/72—Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
- H04M1/724—User interfaces specially adapted for cordless or mobile telephones
- H04M1/72403—User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
- H04M1/72406—User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by software upgrading or downloading
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/72—Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
- H04M1/724—User interfaces specially adapted for cordless or mobile telephones
- H04M1/72403—User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
- H04M1/7243—User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality with interactive means for internal management of messages
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/72—Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
- H04M1/725—Cordless telephones
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Human Computer Interaction (AREA)
- Health & Medical Sciences (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Automation & Control Theory (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of right management method, device and terminal, wherein, this method includes:Receive application and obtain the application for specifying authority, wherein, the specified authority includes the authority for allowing the application to obtain end message;In the case where not authorizing the specified authority to the application, the application is notified to obtain the specified authority.By the present invention, solve the problems, such as to apply in correlation technique and be not normally functioning when not obtaining authority.
Description
Technical field
The present invention relates to the communications field, in particular to a kind of right management method, device and terminal.
Background technology
The opening of operating platform is very important, single in terms of software developer's angle, beneficial to popularization, can not only be sent out
Cloth product, can also issue using shop, be even embedded in the small of oneself product and apply shop;Said from user perspective, software
It is easy for installation, it is no longer limited to apply shop, webpage, storage card, including various applications, game can install software, download,
It is also extremely easy to recommend mutually.
Application in correlation technique all uses primary mode mostly, i.e., by the respective required power of third-party application application
Limit, user are confirmed whether to need to open corresponding authority to application, if opened, application obtains the authority, then is directed to
Third-party application, will existence information leakage risk;If turned off then notice application can not obtain the authority, and third party should
After it can not obtain the authority needed for oneself, even if the authority is not that operation is necessary, the operation of oneself can be generally also interrupted.
If the authority that some applications of user's refusal need, even if these authorities are not to be that this is weighed using necessity needed for normal operation
Limit, can also prompt user's application not run, it is necessary to open authority.In the unconscious license of user or unauthorized situation
Under, third-party application often reads the sensitive data of user on backstage, can be uploaded on the server using oneself after reading, uses
In various commercial uses, the privacy of user is invaded;Or backstage carries out the relevant various businesses of data, the data flow of user is expended
Amount, draws the expense of user.
For the above problem present in correlation technique, at present it is not yet found that the solution of effect.
The content of the invention
An embodiment of the present invention provides a kind of right management method, device and terminal, at least to solve to answer in correlation technique
The problem of can not installing or run during used in unsuitable acquisition end message.
According to one embodiment of present invention, there is provided a kind of right management method, including:Receive application and obtain specified power
The application of limit, wherein, the specified authority includes the authority for allowing the application to obtain end message;Do not awarded to the application
In the case of giving the specified authority, the application is notified to obtain the specified authority.
Alternatively, after described the step of notifying the application to obtain the specified authority, the method further includes:
When receiving the application application and initiating to obtain end message corresponding with the specified authority, return and preset to the application
Information performs do-nothing operation.
Alternatively, the presupposed information includes at least one of:End message corresponding from the specified authority is different
Virtual information, empty data.
Alternatively, before notifying the application to obtain the specified authority, the method further includes:Described in judgement
Using whether in the list of default white list;When being judged as NO, determine to notify the application to obtain the specified power
Limit.
Alternatively, the default white list includes being stored in system partitioning expanding mark language XML formal file.
Alternatively, the specified authority includes at least one of:Read contact person, turn-on data switch, reading position
Information, short message reading information, read client identification module SIM card information.
Alternatively, the application includes to install or running third-party application on the terminal device.
According to another embodiment of the invention, there is provided a kind of rights management device, including:Receiving module, for connecing
Receive application and obtain the application for specifying authority, wherein, the specified authority includes the authority for allowing the application to obtain end message;
Notification module, in the case where not authorizing the specified authority to the application, having notified the application
Obtain the specified authority.
Alternatively, described device further includes:Return module, in the notification module according to the Request Notices
After the specified authority has been obtained, receiving, the application application initiation acquisition is corresponding with the specified authority
During end message, return to presupposed information to the application or perform do-nothing operation.
Alternatively, the presupposed information includes at least one of:End message corresponding from the specified authority is different
Virtual information, empty data.
Alternatively, described device further includes:Judgment module, for notifying the application to obtain in the notification module
Before the specified authority, judge the application whether in the list of default white list;Determining module, for being judged as NO
When, determine to notify the application to obtain the specified authority.
According to still another embodiment of the invention, there is provided a kind of rights management terminal, including processor, the processing
Device, the application of specified authority is obtained for receiving application, in the case where not authorizing the specified authority to the application, according to
Applied described in the Request Notices and obtained the specified authority.
Alternatively, the processor be additionally operable to according to the Request Notices using having obtained the specified authority
Afterwards, when receiving the application application and initiating to obtain end message corresponding with the specified authority, returned to the application
Return presupposed information or perform do-nothing operation.
Alternatively, the presupposed information includes at least one of:End message corresponding from the specified authority is different
Virtual information, empty data.
According to still another embodiment of the invention, a kind of storage medium is additionally provided.The storage medium is arranged to storage and uses
In the program code for performing following steps:
Receive application and obtain the application for specifying authority, wherein, the specified authority includes allowing the application to obtain terminal
The authority of information;
In the case where not authorizing the specified authority to the application, the application is notified to obtain the specified power
Limit.
By the present invention can in terminal installation or when operation application do not have to obtain end message, particularly terminal is quick
Feel information, such as:The information such as contact person, short message, position, SIM card.By not authorizing the specified authority to the application
In the case of, notify the application to obtain the specified authority also according to the application of application, so that the application is thought
Specified authority is obtained, so as to ensure normal mounting or operation, solves that applied in correlation technique cannot when not obtaining authority
The problem of normal operation, improve the security using application, and the sensitive information leakage and expense that effectively prevent user are lost in.
Brief description of the drawings
Attached drawing described herein is used for providing a further understanding of the present invention, forms the part of the application, this hair
Bright schematic description and description is used to explain the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is a kind of hardware block diagram of the mobile terminal of right management method of the embodiment of the present invention;
Fig. 2 is the flow chart of right management method according to embodiments of the present invention;
Fig. 3 is the structure diagram of rights management device according to embodiments of the present invention;
Fig. 4 is the structure diagram of rights management terminal according to embodiments of the present invention;
Fig. 5 is general frame flow chart according to embodiments of the present invention;
Fig. 6 is the process flow of dynamic rights application according to embodiments of the present invention;
The process flow that Fig. 7 is virtual rights management according to embodiments of the present invention and information returns.
Embodiment
Come that the present invention will be described in detail below with reference to attached drawing and in conjunction with the embodiments.It should be noted that do not conflicting
In the case of, the feature in embodiment and embodiment in the application can be mutually combined.
It should be noted that term " first " in description and claims of this specification and above-mentioned attached drawing, "
Two " etc. be for distinguishing similar object, without for describing specific order or precedence.
Embodiment 1
The embodiment of the method that the embodiment of the present application one is provided can be in mobile terminal, terminal or similar fortune
Calculate and performed in device.Exemplified by running on mobile terminals, Fig. 1 is a kind of movement of right management method of the embodiment of the present invention
The hardware block diagram of terminal.Handled as shown in Figure 1, mobile terminal 10 can include one or more (one is only shown in figure)
Device 102 (processor 102 can include but is not limited to the processing unit of Micro-processor MCV or programmable logic device FPGA etc.),
For storing the memory 104 of data and transmitting device 106 for communication function.Those of ordinary skill in the art can be with
Understand, the structure shown in Fig. 1 is only to illustrate, it does not cause to limit to the structure of above-mentioned electronic device.For example, mobile terminal 10
It may also include more either less components than shown in Fig. 1 or there is the configuration different from shown in Fig. 1.
Memory 104 can be used for the software program and module of storage application, such as the rights management in the embodiment of the present invention
Corresponding programmed instruction/the module of method, processor 102 are stored in software program and module in memory 104 by operation,
So as to perform various functions application and data processing, that is, realize above-mentioned method.Memory 104 may include high speed random storage
Device, may also include nonvolatile memory, such as one or more magnetic storage device, flash memory or other are non-volatile solid
State memory.In some instances, memory 104 can further comprise relative to the remotely located memory of processor 102, this
A little remote memories can pass through network connection to mobile terminal 10.The example of above-mentioned network includes but not limited to internet, enterprise
Industry in-house network, LAN, mobile radio communication and combinations thereof.
Transmitting device 106 is used to data are received or sent via a network.Above-mentioned network instantiation may include
The wireless network that the communication providers of mobile terminal 10 provide.In an example, transmitting device 106 includes a Network adaptation
Device (Network Interface Controller, NIC), its can be connected by base station with other network equipments so as to it is mutual
Networking is communicated.In an example, transmitting device 106 can be radio frequency (Radio Frequency, RF) module, it is used
In wirelessly being communicated with internet.
A kind of right management method for running on above-mentioned mobile terminal is provided in the present embodiment, and Fig. 2 is according to this hair
The flow chart of the right management method of bright embodiment, as shown in Fig. 2, the flow includes the following steps:
Step S202, receives the application that authority is specified in application acquisition, wherein, specify authority to include allowing using acquisition terminal
The authority of information;
Step S204, in the case where not authorizing specified authority to application, notice application has obtained specified authority.
By above-mentioned steps, the application that authority is specified in application acquisition is received, wherein, specify authority to include allowing using acquisition
The authority of end message;In the case where not authorizing specified authority to application, notice application has obtained specified authority.By
In the case of not authorizing specified authority to application, specified authority has been obtained to notify to apply also according to the application of application, so that
The application can solve the problems, such as to apply in correlation technique and be not normally functioning when not obtaining authority with normal operation, improve
Using the security of application, the sensitive information leakage and expense that effectively prevent user are lost in.
Alternatively, the executive agent of above-mentioned steps can be the intelligent terminal that can install software, such as mobile phone, tablet, computer
Deng, but not limited to this.Application in the present embodiment can be, but not limited to be applied to Android, IOS and Windows operating system, should
With can be:Application software, hardware, system etc..
Optionally, the specified authority in the present embodiment can be authority in the system such as Android, IOS, windows, can be with
But it is not limited to:Read contact person, turn-on data switch, reading position information, short message reading information, reading client identification module
(Subscriber Identification Module, referred to as SIM) card information, read account and key information, tube used for bottom pouring
Reason person's authority etc..
Optionally, in the present embodiment, using the third-party application in addition to including carrying software except system, or can install or
Operation third-party application on the terminal device, such as Alipay, wechat, footpath between fields footpath between fields, financing are logical, it is of course also possible to be system from
Band software, the system include the system that native system and depth customize, such as MIUI.
In the optional embodiment according to the present embodiment, after notice is using the step of having obtained specified authority, also
Including:Receive using application initiate obtain end message corresponding with specified authority when, to application return presupposed information or
Perform do-nothing operation.Specifically, presupposed information can be, but not limited to for:End message corresponding from specified authority is different virtually to be believed
Breath, empty data, miscue, redirect instruction etc..
According to the present embodiment, sensitive information or sensitive behaviour are actually obtained specifying authority using this in third-party application
When making, corresponding presupposed information can be returned or perform do-nothing operation, such as:Contact person/short message information is read, is returned countless
According to, reading position information, feedback virtual location etc., scheme through this embodiment, it is ensured that corresponding application can be normal
Operation, while the sensitive information of user will not be revealed.
In the optional embodiment according to the present embodiment, can also preset default white list in systems, this is default white
List saves the application of system trust, when the software of trust also applies for specifying authority, can select to let pass to it, establish dynamic
Rights management table, is stored in the system subregions of equipment, support is externally provided in the form of read-only.Answered according to Request Notices
With before having obtained specified authority, further include:
Whether S11, judge using in the list of default white list;
S12, when being judged as NO, determines to have obtained specified authority according to Request Notices application.
Optionally, presetting white list, (eXtensible Markup Language, are referred to as can expand markup language
XML) formal file is stored in system partitioning.
Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation
The method of example can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but very much
In the case of the former be more preferably embodiment.Based on such understanding, technical scheme is substantially in other words to existing
The part that technology contributes can be embodied in the form of software product, which is stored in a storage
In medium (such as ROM/RAM, magnetic disc, CD), including some instructions are used so that a station terminal equipment (can be mobile phone, calculate
Machine, server, or network equipment etc.) perform method described in each embodiment of the present invention.
Embodiment 2
A kind of rights management device, terminal are additionally provided in the present embodiment, are used for realization above-described embodiment and preferred reality
Mode is applied, had carried out repeating no more for explanation.As used below, term " module " can realize the soft of predetermined function
The combination of part and/or hardware.Although following embodiments described devices is preferably realized with software, hardware, or
The realization of the combination of software and hardware is also what may and be contemplated.
Fig. 3 is the structure diagram of rights management device according to embodiments of the present invention, as shown in figure 3, the device includes:
Receiving module 30, for receiving using the application for obtaining specified authority, wherein, specify authority to include allowing to apply obtaining
Take the authority of end message;
Notification module 32, in the case where not authorizing specified authority to application, notice application to have obtained specified power
Limit.
Optionally, the specified authority in the present embodiment can be authority in the system such as Android, IOS, windows, can be with
But it is not limited to:Read contact person, turn-on data switch, reading position information, short message reading information, reading SIM card information, reading
Take account and key information, open manager's authority etc..
Optionally, in the present embodiment, using the third-party application in addition to including carrying software except system, or can install or
Operation third-party application on the terminal device, such as Alipay, wechat, footpath between fields footpath between fields, financing are logical, it is of course also possible to be system from
Band software, the system include the system that native system and depth customize, such as MIUI.
Optionally, device further includes:Module is returned to, for specified using having obtained according to Request Notices in notification module
After authority, when receiving using applying for initiating to obtain end message corresponding with specified authority, returned to application and preset letter
Breath performs do-nothing operation.Specifically, presupposed information includes at least one of:End message corresponding from specified authority is different
Virtual information, empty data.
Optionally, device further includes:Judgment module, for specified using having obtained according to Request Notices in notification module
Before authority, judge using whether in the list of default white list;Determining module, for when being judged as NO, determining basis
Request Notices application has obtained specified authority.
Fig. 4 is the structure diagram of rights management terminal according to embodiments of the present invention, as shown in figure 4, including processor 40,
The application of specified authority is obtained for receiving application, should according to Request Notices in the case where not authorizing specified authority to application
With having obtained specified authority.The processor can be central processor CPU, microprocessor, assist process device etc..
Optionally, processor is additionally operable to after specified authority has been obtained according to Request Notices application, should receiving
When initiating to obtain end message corresponding with specified authority with application, return to presupposed information to application or perform do-nothing operation.
Optionally, presupposed information includes at least one of:End message corresponding from specified authority is different virtually to be believed
Breath, empty data.
It should be noted that above-mentioned modules can be realized by software or hardware, for the latter, Ke Yitong
In the following manner realization is crossed, but not limited to this:Above-mentioned module is respectively positioned in same processor;Alternatively, above-mentioned modules are with any
The form of combination is located in different processors respectively.
Embodiment 3
The present embodiment is that according to an alternative embodiment of the invention, the application is carried out for combining specific scene and example
Describe in detail:
The present embodiment proposes a kind of concept of dynamic user-privilege management, can be directed to third-party application (application software), add
A dynamic user-privilege management list, every authority in managing listings, while the third-party application is added not to exist and dynamic
In management and control white list, then once third party carries out the application of management and control authority, then no matter whether user allows, and can all notify the 3rd
Fang Yingyong has obtained this authority, but when third-party application is actually obtaining sensitive information or sensitive operation, can return
Corresponding virtual information or do-nothing operation are returned, such as:Contact person/short message information is read, returns to no data, reading position letter
Breath, feedback virtual location etc.;So as to ensure that corresponding application can be with normal operation, while the sensitive letter of user will not be revealed
Breath.
The mode and terminal using dynamic user-privilege management of the present embodiment, comprises the following steps:
1. establishing dynamic user-privilege management table, this permissions list can be preserved with the XML form file of standard, be stored in
In the system subregions of equipment, support is externally provided in the form of read-only.
2. when authority application, it is first determined whether being third-party application, three step process is if it is jumped to.
3. judge whether third-party application is in white list, it is if white list, then no without dynamic rights management and control
Then, if no matter whether user allows the management and control authority, it can all adjust back notice and apply the licensed authority.
4. when application actually uses the specific information reading of authority progress or operation, according to the type of operation
Feed back corresponding virtual information or empty information.Such as:The contact data of application query terminal, then we can return sky letter
List (Cursor) is ceased, i.e., the application of application can be made to think terminal No Contact's information, or the position of application query terminal
Information, we can build the information of a virtual longitude and latitude or place mobile cell, and the application of application can be obtained normally
Information, but be non-accurate information again, effectively prevent leakage of private information.
Compared with correlation technique, the scheme of the present embodiment at least has the following advantages:Ensure that even if user does not authorize application
Specific authority, using can also normally run, the sensitive information leakage and expense of the user effectively prevented are lost in.
The present embodiment also provides a kind of improved mode and terminal using dynamic user-privilege management, including:
Dynamic user-privilege management module:The management table of dynamic rights is established, and with the XML form storage of standard and equipment
System subregions.
Authority application management module:For handling the authority application of user, whether resolution is third-party application, is judged at the same time
Whether the third-party application is in management and control white list, and if necessary to management and control, authority license is returned for third-party application.
Virtual authority management module:It is responsible for the module feedback virtual information to carrying out dynamic rights license, this module
Comparision is complicated, first has to judge user is specifically that what operation carried out, for example be to read contact person, short message or position
Information etc., the then operation further according to user return to corresponding virtual information result.
Fig. 5 is general frame flow chart according to embodiments of the present invention, as shown in figure 5, including:
Step 501:The required authority of third-party application application, it is generally the case that application can be by the authority needed for oneself
All disposable application comes out.
Step 502:For handling the authority application of user, whether resolution is third-party application, while judges the third party
Whether using being in management and control white list, while whether the authority for distinguishing application belongs to the category of dynamic user-privilege management.
Step 503:If necessary to management and control, authority license is returned for third-party application.
Step 504:It is responsible for returning to virtual information to the module for carrying out dynamic rights license.
Fig. 6 is the process flow of dynamic rights application according to embodiments of the present invention, as shown in fig. 6, including:
Step 601:Receive the authority application of application.
Step 602:Judge whether the application is third-party application, if third-party application, then jumps to step 603,
Otherwise step 608 is jumped to.
Step 603:Continue to judge that the application whether there is in dynamic user-privilege management white list, if it is, jumping to
Step 608, step 604 is otherwise jumped to.
Step 604:The all permissions of application application are filtered, such as:Read contact person, open data, reading position letter
Breath etc..
Step 605:Judge whether the authority of application application belongs to the authority of dynamic management and control.
Step 606:If belonging to the authority of dynamic management and control, return to dynamic and permit.
Step 607:If being not belonging to the authority of dynamic management and control, open result according to the authority of user's selection and returned
Return.
Step 608:Acquiescence allows this to apply apllied all permissions.
Step 609:The rights objects of the call notification application application.
The process flow that Fig. 7 is virtual rights management according to embodiments of the present invention and information returns, as shown in fig. 7, bag
Include:
Step 701:Apply in the case where authority dynamic is permitted, start to initiate read of sensitive information.
Step 702:What filtering user specifically read is any information or switchs what authority, such as associated person information,
The information such as short message, positional information, or open the operation such as mobile data.
Step 703:In corresponding operate interface, feedback air information or structure virtual information, if sensitive permission
Operation, then directly return, without corresponding operation.Such as:Return to empty associated person information list, build virtual position letter
Breath, or when opening mobile data switch, data call etc. are not initiated really.
The foregoing is merely a kind of better embodiment of the present invention, it is not intended to limit the invention, it is all the present invention's
Within spirit and principle, any modification, equivalent substitution and improvement for being made etc., should all be included in protection scope of the present invention
It is interior.
The process flow embodiment of dynamic license:
Version in Android M versions and its afterwards, all third-party applications will not authorize any power again when mounted
Limit, but need application operationally dynamically to apply for authority, below by exemplified by paying the first time start-up course of application, come
Illustrate the process flow of dynamic license:
Alipay applies the authority that can apply for obtaining customer position information when first runs.
Since Alipay belongs to third-party application, so can prompt the user whether to allow, in currently available technology, if with
The authority is refused at family, and Alipay application can be caused not run, and in the present embodiment, no matter whether user have rejected the authority,
In the returning the result of system framework, all Alipay authority can be notified to be licensed, thereby may be ensured that Alipay application can be just
Often start, if checked in the application management that user is set by system, the authority of this application is fully according to user in fact
The result process of selection is presented, if user is refusal before, then and this authority shows as refusing on interface, conversely,
Then show as allowing on interface, simply we with the addition of the third state in addition to refusal and permission in system framework, this
Kind state is simultaneously not presented to user.
Above procedure is exactly the process flow of the dynamic license of the present embodiment.
The process flow of virtual authority structure:
After the sensitive permission of third-party application application is identified as dynamic license, really uses this authority in application and obtain
Win the confidence breath when, we just need build virtual information.
Below equally by taking Alipay as an example, illustrate three kinds of embodiments for building virtual information:
The short multimedia message of Alipay application application is read authority and is identified as after dynamic permits, really needs to read in the application
When, in platform framework, we judge that the application is by dynamic user-privilege management by the process ID or UID of application first
, then in the application process short message reading database, by rebuild distribution one empty Cursor return to this into
Journey substitutes normal data query process, and process reads the information in Cursor, hair after this return value Cursor is taken
Existing content is sky, then it just will be considered that and any short message do not received on current mobile phone, will continue to flow below, so that
Read real note data storehouse information.
The empty Cursor information architectures mentioned in above flow are very convenient, it is only necessary to Cursor objects new new mono-,
Content in object is sky.
After the position authority of Alipay application application is identified as dynamic license, mobile phone is reported to the application in platform framework
Positional information when, substituted by the Location information for rebuilding one random longitude and latitude of distribution comprising real longitude and latitude
Positional information, wherein Location objects be platform provide a data class, we when build Location information,
The object of mono- Location of new is needed, the information solicitations such as the longitude and latitude variable in Location are fed back to this for random value
Using.
After the data switch authority of Alipay application application is identified as dynamic license, when application will actively open mobile number
According to when, we equally in platform interface by the process ID or UID (User ID) of application judge the application whether be
By dynamic user-privilege management, if it is, in the interface that platform opens mobile data, directly return and operate successfully, but not
Data session (data_call) can really be initiated.
Embodiment 4
The embodiment of the present invention additionally provides a kind of storage medium.Alternatively, in the present embodiment, above-mentioned storage medium can
The program code for performing following steps to be arranged to storage to be used for:
S1, receives the application that authority is specified in application acquisition, wherein, specify authority to include allowing using acquisition end message
Authority;
S2, in the case where not authorizing specified authority to application, notice application has obtained specified authority.
Alternatively, in the present embodiment, above-mentioned storage medium can include but is not limited to:USB flash disk, read-only storage (ROM,
Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, magnetic disc or
CD etc. is various can be with the medium of store program codes.
Alternatively, in the present embodiment, processor performs according to stored program code in storage medium and receives application
The application for specifying authority is obtained, wherein, specify authority to include allowing the authority using end message is obtained;
Alternatively, in the present embodiment, processor is performed not to should according to stored program code in storage medium
In the case of specified authority is authorized, notice application has obtained specified authority.
Alternatively, the specific example in the present embodiment may be referred to described in above-described embodiment and optional embodiment
Example, details are not described herein for the present embodiment.
Obviously, those skilled in the art should be understood that above-mentioned each module of the invention or each step can be with general
Computing device realize that they can be concentrated on single computing device, or be distributed in multiple computing devices and formed
Network on, alternatively, they can be realized with the program code that computing device can perform, it is thus possible to which they are stored
Performed in the storage device by computing device, and in some cases, can be with different from shown in order execution herein
The step of going out or describing, they are either fabricated to each integrated circuit modules respectively or by multiple modules in them or
Step is fabricated to single integrated circuit module to realize.Combined in this way, the present invention is not restricted to any specific hardware and software.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the invention, for the skill of this area
For art personnel, the invention may be variously modified and varied.Within the spirit and principles of the invention, that is made any repaiies
Change, equivalent substitution, improvement etc., should all be included in the protection scope of the present invention.
Claims (14)
- A kind of 1. right management method, it is characterised in that including:Receive application and obtain the application for specifying authority, wherein, the specified authority includes allowing the application to obtain end message Authority;In the case where not authorizing the specified authority to the application, the application is notified to obtain the specified authority.
- 2. according to the method described in claim 1, it is characterized in that, described notify the application to obtain the specified authority The step of after, the method further includes:When receiving the application application and initiating to obtain end message corresponding with the specified authority, to application return Presupposed information performs do-nothing operation.
- 3. according to the method described in claim 2, it is characterized in that, the presupposed information includes at least one of:With it is described Specify the different virtual information of the corresponding end message of authority, empty data.
- 4. according to the method described in claim 1, it is characterized in that, notify it is described application obtained the specified authority it Before, the method further includes:Judge the application whether in the list of default white list;When being judged as NO, determine to notify the application to obtain the specified authority.
- 5. according to the method described in claim 4, it is characterized in that, the default white list includes being stored in system partitioning Mark language XML formal file can be expanded.
- 6. method according to any one of claims 1 to 5, it is characterised in that the specified authority include it is following at least it One:Read contact person, turn-on data switch, reading position information, short message reading information, reading client identification module SIM card letter Breath.
- 7. method according to any one of claims 1 to 5, it is characterised in that the application includes to install or operating in Third-party application on terminal device.
- A kind of 8. rights management device, it is characterised in that including:Receiving module, the application of specified authority is obtained for receiving application, wherein, the specified authority includes allowing the application Obtain the authority of end message;Notification module, in the case where not authorizing the specified authority to the application, notifying the application to obtain The specified authority.
- 9. device according to claim 8, it is characterised in that described device further includes:Return module, for the notification module according to the Request Notices using obtained the specified authority it Afterwards, when receiving the application application and initiating to obtain end message corresponding with the specified authority, to application return Presupposed information performs do-nothing operation.
- 10. device according to claim 9, it is characterised in that the presupposed information includes at least one of:With it is described Specify the different virtual information of the corresponding end message of authority, empty data.
- 11. device according to claim 8, it is characterised in that described device further includes:Judgment module, for the notification module notify it is described application obtained the specified authority before, described in judgement Using whether in the list of default white list;Determining module, for when being judged as NO, determining to notify the application to obtain the specified authority.
- 12. a kind of rights management terminal, including processor, it is characterised in thatThe processor, the application of specified authority is obtained for receiving application, is not authorizing the specified authority to the application In the case of, applied according to the Request Notices and obtained the specified authority.
- 13. terminal according to claim 12, it is characterised in thatThe processor is additionally operable to, using after having obtained the specified authority, receiving according to the Request Notices When initiating to obtain end message corresponding with the specified authority to the application application, to application return presupposed information or Perform do-nothing operation.
- 14. terminal according to claim 13, it is characterised in that the presupposed information includes at least one of:With institute State the different virtual information of the corresponding end message of specified authority, empty data.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610921884.3A CN107979684A (en) | 2016-10-21 | 2016-10-21 | Right management method, device and terminal |
PCT/CN2017/084917 WO2018072436A1 (en) | 2016-10-21 | 2017-05-18 | Privilege management method, device and terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610921884.3A CN107979684A (en) | 2016-10-21 | 2016-10-21 | Right management method, device and terminal |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107979684A true CN107979684A (en) | 2018-05-01 |
Family
ID=62003915
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610921884.3A Withdrawn CN107979684A (en) | 2016-10-21 | 2016-10-21 | Right management method, device and terminal |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN107979684A (en) |
WO (1) | WO2018072436A1 (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109361807A (en) * | 2018-10-25 | 2019-02-19 | 努比亚技术有限公司 | Information access control method, mobile terminal and computer readable storage medium |
CN110084047A (en) * | 2019-03-20 | 2019-08-02 | 努比亚技术有限公司 | A kind of access right control method, terminal and computer readable storage medium |
CN110765426A (en) * | 2019-10-22 | 2020-02-07 | 深圳市康冠智能科技有限公司 | Equipment permission setting method, device, equipment and computer storage medium |
CN111460428A (en) * | 2020-03-20 | 2020-07-28 | 山东浪潮通软信息科技有限公司 | Authority management method and device of android system and readable medium |
CN112558556A (en) * | 2019-09-10 | 2021-03-26 | 东芝泰格有限公司 | Production line management system and management method of production line management system |
CN113268185A (en) * | 2021-05-31 | 2021-08-17 | 维沃移动通信(杭州)有限公司 | Information providing method and device and electronic equipment |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109583178B (en) * | 2018-10-09 | 2023-03-10 | 创新先进技术有限公司 | Conference collaborative participation method and system |
CN109740343A (en) * | 2018-12-29 | 2019-05-10 | 百度在线网络技术(北京)有限公司 | The authority control method and device of application |
CN110210206B (en) * | 2019-05-28 | 2021-04-06 | 维沃移动通信有限公司 | Authority management method and terminal |
CN111209559B (en) * | 2019-12-23 | 2022-02-15 | 东软集团股份有限公司 | Permission processing method and device of application program, storage medium and electronic equipment |
CN112651040A (en) * | 2020-12-15 | 2021-04-13 | 中国银联股份有限公司 | Permission application method, component, device and computer readable storage medium |
CN113127367B (en) * | 2021-04-29 | 2024-01-12 | 东北大学 | Defect detection method for Android dynamic permission application |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102693394A (en) * | 2012-06-07 | 2012-09-26 | 奇智软件(北京)有限公司 | Method and device for intercepting calling for service of application program |
CN102693395A (en) * | 2012-06-07 | 2012-09-26 | 奇智软件(北京)有限公司 | Method and device for intercepting calling of application program for service |
CN103729599A (en) * | 2013-10-31 | 2014-04-16 | 深圳酷派技术有限公司 | Data invoking processing method and device |
CN104102358A (en) * | 2014-07-18 | 2014-10-15 | 北京奇虎科技有限公司 | Privacy information protecting method and privacy information protecting device |
CN105095788A (en) * | 2015-06-30 | 2015-11-25 | 北京奇虎科技有限公司 | Method, device and system for private data protection |
CN105930726A (en) * | 2016-04-20 | 2016-09-07 | 广东欧珀移动通信有限公司 | Processing method for malicious operation behavior and user terminal |
-
2016
- 2016-10-21 CN CN201610921884.3A patent/CN107979684A/en not_active Withdrawn
-
2017
- 2017-05-18 WO PCT/CN2017/084917 patent/WO2018072436A1/en active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102693394A (en) * | 2012-06-07 | 2012-09-26 | 奇智软件(北京)有限公司 | Method and device for intercepting calling for service of application program |
CN102693395A (en) * | 2012-06-07 | 2012-09-26 | 奇智软件(北京)有限公司 | Method and device for intercepting calling of application program for service |
CN103729599A (en) * | 2013-10-31 | 2014-04-16 | 深圳酷派技术有限公司 | Data invoking processing method and device |
CN104102358A (en) * | 2014-07-18 | 2014-10-15 | 北京奇虎科技有限公司 | Privacy information protecting method and privacy information protecting device |
CN105095788A (en) * | 2015-06-30 | 2015-11-25 | 北京奇虎科技有限公司 | Method, device and system for private data protection |
CN105930726A (en) * | 2016-04-20 | 2016-09-07 | 广东欧珀移动通信有限公司 | Processing method for malicious operation behavior and user terminal |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109361807A (en) * | 2018-10-25 | 2019-02-19 | 努比亚技术有限公司 | Information access control method, mobile terminal and computer readable storage medium |
CN110084047A (en) * | 2019-03-20 | 2019-08-02 | 努比亚技术有限公司 | A kind of access right control method, terminal and computer readable storage medium |
CN112558556A (en) * | 2019-09-10 | 2021-03-26 | 东芝泰格有限公司 | Production line management system and management method of production line management system |
CN110765426A (en) * | 2019-10-22 | 2020-02-07 | 深圳市康冠智能科技有限公司 | Equipment permission setting method, device, equipment and computer storage medium |
CN111460428A (en) * | 2020-03-20 | 2020-07-28 | 山东浪潮通软信息科技有限公司 | Authority management method and device of android system and readable medium |
CN113268185A (en) * | 2021-05-31 | 2021-08-17 | 维沃移动通信(杭州)有限公司 | Information providing method and device and electronic equipment |
Also Published As
Publication number | Publication date |
---|---|
WO2018072436A1 (en) | 2018-04-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107979684A (en) | Right management method, device and terminal | |
US9226145B1 (en) | Verification of mobile device integrity during activation | |
EP3337219B1 (en) | Carrier configuration processing method, device and system, and computer storage medium | |
EP2708069B1 (en) | Sim lock for multi-sim environment | |
GB2457221A (en) | Smart Card Web Server (SCWS) administration within a plurality of security domains | |
CN109905237B (en) | Method for communicating with cellular network by mobile station | |
CN106330958A (en) | Secure accessing method and device | |
US10136323B2 (en) | Method and device for operating a mobile terminal in a mobile communication network | |
CN107871062A (en) | A kind of application permission control method, device and terminal | |
CN104185179A (en) | Control apparatus and method for subscriber identity module, and subscriber identity module | |
US9980128B2 (en) | Method for modifying rights to security domain for smartcard, and server, smartcard, and terminal for same | |
JP2009130856A (en) | Mobile terminal, application execution method, computer program, and system | |
CN106717042A (en) | Method and devices for providing a subscription profile on a mobile terminal | |
CN106850545A (en) | A kind of fine-grained access control method of Android mixing application | |
CN105723760A (en) | Profile change management | |
CN112543169A (en) | Authentication method, device, terminal and computer readable storage medium | |
CN114024717A (en) | Application program flow control method, device, equipment and storage medium | |
CN112035807A (en) | Object authentication method and apparatus, storage medium, and electronic apparatus | |
CN109992298B (en) | Examination and approval platform expansion method and device, examination and approval platform and readable storage medium | |
CN108600242B (en) | Account registration method, device and equipment of application software and readable storage medium | |
US11698994B2 (en) | Method for a first start-up operation of a secure element which is not fully customized | |
US20070174348A1 (en) | Databases synchronization | |
CN106376096B (en) | Wireless network connection method and equipment thereof | |
CN111050323B (en) | Terminal switching method, device and system | |
KR102310321B1 (en) | Method and apparatus for providing web page using captive portal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20180501 |