CN107979684A - Right management method, device and terminal - Google Patents

Right management method, device and terminal Download PDF

Info

Publication number
CN107979684A
CN107979684A CN201610921884.3A CN201610921884A CN107979684A CN 107979684 A CN107979684 A CN 107979684A CN 201610921884 A CN201610921884 A CN 201610921884A CN 107979684 A CN107979684 A CN 107979684A
Authority
CN
China
Prior art keywords
application
authority
specified
specified authority
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201610921884.3A
Other languages
Chinese (zh)
Inventor
王鹏人
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201610921884.3A priority Critical patent/CN107979684A/en
Priority to PCT/CN2017/084917 priority patent/WO2018072436A1/en
Publication of CN107979684A publication Critical patent/CN107979684A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72448User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions
    • H04M1/72463User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions to restrict the functionality of the device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • H04M1/72406User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by software upgrading or downloading
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • H04M1/7243User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality with interactive means for internal management of messages
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/725Cordless telephones
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Health & Medical Sciences (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Automation & Control Theory (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of right management method, device and terminal, wherein, this method includes:Receive application and obtain the application for specifying authority, wherein, the specified authority includes the authority for allowing the application to obtain end message;In the case where not authorizing the specified authority to the application, the application is notified to obtain the specified authority.By the present invention, solve the problems, such as to apply in correlation technique and be not normally functioning when not obtaining authority.

Description

Right management method, device and terminal
Technical field
The present invention relates to the communications field, in particular to a kind of right management method, device and terminal.
Background technology
The opening of operating platform is very important, single in terms of software developer's angle, beneficial to popularization, can not only be sent out Cloth product, can also issue using shop, be even embedded in the small of oneself product and apply shop;Said from user perspective, software It is easy for installation, it is no longer limited to apply shop, webpage, storage card, including various applications, game can install software, download, It is also extremely easy to recommend mutually.
Application in correlation technique all uses primary mode mostly, i.e., by the respective required power of third-party application application Limit, user are confirmed whether to need to open corresponding authority to application, if opened, application obtains the authority, then is directed to Third-party application, will existence information leakage risk;If turned off then notice application can not obtain the authority, and third party should After it can not obtain the authority needed for oneself, even if the authority is not that operation is necessary, the operation of oneself can be generally also interrupted. If the authority that some applications of user's refusal need, even if these authorities are not to be that this is weighed using necessity needed for normal operation Limit, can also prompt user's application not run, it is necessary to open authority.In the unconscious license of user or unauthorized situation Under, third-party application often reads the sensitive data of user on backstage, can be uploaded on the server using oneself after reading, uses In various commercial uses, the privacy of user is invaded;Or backstage carries out the relevant various businesses of data, the data flow of user is expended Amount, draws the expense of user.
For the above problem present in correlation technique, at present it is not yet found that the solution of effect.
The content of the invention
An embodiment of the present invention provides a kind of right management method, device and terminal, at least to solve to answer in correlation technique The problem of can not installing or run during used in unsuitable acquisition end message.
According to one embodiment of present invention, there is provided a kind of right management method, including:Receive application and obtain specified power The application of limit, wherein, the specified authority includes the authority for allowing the application to obtain end message;Do not awarded to the application In the case of giving the specified authority, the application is notified to obtain the specified authority.
Alternatively, after described the step of notifying the application to obtain the specified authority, the method further includes: When receiving the application application and initiating to obtain end message corresponding with the specified authority, return and preset to the application Information performs do-nothing operation.
Alternatively, the presupposed information includes at least one of:End message corresponding from the specified authority is different Virtual information, empty data.
Alternatively, before notifying the application to obtain the specified authority, the method further includes:Described in judgement Using whether in the list of default white list;When being judged as NO, determine to notify the application to obtain the specified power Limit.
Alternatively, the default white list includes being stored in system partitioning expanding mark language XML formal file.
Alternatively, the specified authority includes at least one of:Read contact person, turn-on data switch, reading position Information, short message reading information, read client identification module SIM card information.
Alternatively, the application includes to install or running third-party application on the terminal device.
According to another embodiment of the invention, there is provided a kind of rights management device, including:Receiving module, for connecing Receive application and obtain the application for specifying authority, wherein, the specified authority includes the authority for allowing the application to obtain end message;
Notification module, in the case where not authorizing the specified authority to the application, having notified the application Obtain the specified authority.
Alternatively, described device further includes:Return module, in the notification module according to the Request Notices After the specified authority has been obtained, receiving, the application application initiation acquisition is corresponding with the specified authority During end message, return to presupposed information to the application or perform do-nothing operation.
Alternatively, the presupposed information includes at least one of:End message corresponding from the specified authority is different Virtual information, empty data.
Alternatively, described device further includes:Judgment module, for notifying the application to obtain in the notification module Before the specified authority, judge the application whether in the list of default white list;Determining module, for being judged as NO When, determine to notify the application to obtain the specified authority.
According to still another embodiment of the invention, there is provided a kind of rights management terminal, including processor, the processing Device, the application of specified authority is obtained for receiving application, in the case where not authorizing the specified authority to the application, according to Applied described in the Request Notices and obtained the specified authority.
Alternatively, the processor be additionally operable to according to the Request Notices using having obtained the specified authority Afterwards, when receiving the application application and initiating to obtain end message corresponding with the specified authority, returned to the application Return presupposed information or perform do-nothing operation.
Alternatively, the presupposed information includes at least one of:End message corresponding from the specified authority is different Virtual information, empty data.
According to still another embodiment of the invention, a kind of storage medium is additionally provided.The storage medium is arranged to storage and uses In the program code for performing following steps:
Receive application and obtain the application for specifying authority, wherein, the specified authority includes allowing the application to obtain terminal The authority of information;
In the case where not authorizing the specified authority to the application, the application is notified to obtain the specified power Limit.
By the present invention can in terminal installation or when operation application do not have to obtain end message, particularly terminal is quick Feel information, such as:The information such as contact person, short message, position, SIM card.By not authorizing the specified authority to the application In the case of, notify the application to obtain the specified authority also according to the application of application, so that the application is thought Specified authority is obtained, so as to ensure normal mounting or operation, solves that applied in correlation technique cannot when not obtaining authority The problem of normal operation, improve the security using application, and the sensitive information leakage and expense that effectively prevent user are lost in.
Brief description of the drawings
Attached drawing described herein is used for providing a further understanding of the present invention, forms the part of the application, this hair Bright schematic description and description is used to explain the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is a kind of hardware block diagram of the mobile terminal of right management method of the embodiment of the present invention;
Fig. 2 is the flow chart of right management method according to embodiments of the present invention;
Fig. 3 is the structure diagram of rights management device according to embodiments of the present invention;
Fig. 4 is the structure diagram of rights management terminal according to embodiments of the present invention;
Fig. 5 is general frame flow chart according to embodiments of the present invention;
Fig. 6 is the process flow of dynamic rights application according to embodiments of the present invention;
The process flow that Fig. 7 is virtual rights management according to embodiments of the present invention and information returns.
Embodiment
Come that the present invention will be described in detail below with reference to attached drawing and in conjunction with the embodiments.It should be noted that do not conflicting In the case of, the feature in embodiment and embodiment in the application can be mutually combined.
It should be noted that term " first " in description and claims of this specification and above-mentioned attached drawing, " Two " etc. be for distinguishing similar object, without for describing specific order or precedence.
Embodiment 1
The embodiment of the method that the embodiment of the present application one is provided can be in mobile terminal, terminal or similar fortune Calculate and performed in device.Exemplified by running on mobile terminals, Fig. 1 is a kind of movement of right management method of the embodiment of the present invention The hardware block diagram of terminal.Handled as shown in Figure 1, mobile terminal 10 can include one or more (one is only shown in figure) Device 102 (processor 102 can include but is not limited to the processing unit of Micro-processor MCV or programmable logic device FPGA etc.), For storing the memory 104 of data and transmitting device 106 for communication function.Those of ordinary skill in the art can be with Understand, the structure shown in Fig. 1 is only to illustrate, it does not cause to limit to the structure of above-mentioned electronic device.For example, mobile terminal 10 It may also include more either less components than shown in Fig. 1 or there is the configuration different from shown in Fig. 1.
Memory 104 can be used for the software program and module of storage application, such as the rights management in the embodiment of the present invention Corresponding programmed instruction/the module of method, processor 102 are stored in software program and module in memory 104 by operation, So as to perform various functions application and data processing, that is, realize above-mentioned method.Memory 104 may include high speed random storage Device, may also include nonvolatile memory, such as one or more magnetic storage device, flash memory or other are non-volatile solid State memory.In some instances, memory 104 can further comprise relative to the remotely located memory of processor 102, this A little remote memories can pass through network connection to mobile terminal 10.The example of above-mentioned network includes but not limited to internet, enterprise Industry in-house network, LAN, mobile radio communication and combinations thereof.
Transmitting device 106 is used to data are received or sent via a network.Above-mentioned network instantiation may include The wireless network that the communication providers of mobile terminal 10 provide.In an example, transmitting device 106 includes a Network adaptation Device (Network Interface Controller, NIC), its can be connected by base station with other network equipments so as to it is mutual Networking is communicated.In an example, transmitting device 106 can be radio frequency (Radio Frequency, RF) module, it is used In wirelessly being communicated with internet.
A kind of right management method for running on above-mentioned mobile terminal is provided in the present embodiment, and Fig. 2 is according to this hair The flow chart of the right management method of bright embodiment, as shown in Fig. 2, the flow includes the following steps:
Step S202, receives the application that authority is specified in application acquisition, wherein, specify authority to include allowing using acquisition terminal The authority of information;
Step S204, in the case where not authorizing specified authority to application, notice application has obtained specified authority.
By above-mentioned steps, the application that authority is specified in application acquisition is received, wherein, specify authority to include allowing using acquisition The authority of end message;In the case where not authorizing specified authority to application, notice application has obtained specified authority.By In the case of not authorizing specified authority to application, specified authority has been obtained to notify to apply also according to the application of application, so that The application can solve the problems, such as to apply in correlation technique and be not normally functioning when not obtaining authority with normal operation, improve Using the security of application, the sensitive information leakage and expense that effectively prevent user are lost in.
Alternatively, the executive agent of above-mentioned steps can be the intelligent terminal that can install software, such as mobile phone, tablet, computer Deng, but not limited to this.Application in the present embodiment can be, but not limited to be applied to Android, IOS and Windows operating system, should With can be:Application software, hardware, system etc..
Optionally, the specified authority in the present embodiment can be authority in the system such as Android, IOS, windows, can be with But it is not limited to:Read contact person, turn-on data switch, reading position information, short message reading information, reading client identification module (Subscriber Identification Module, referred to as SIM) card information, read account and key information, tube used for bottom pouring Reason person's authority etc..
Optionally, in the present embodiment, using the third-party application in addition to including carrying software except system, or can install or Operation third-party application on the terminal device, such as Alipay, wechat, footpath between fields footpath between fields, financing are logical, it is of course also possible to be system from Band software, the system include the system that native system and depth customize, such as MIUI.
In the optional embodiment according to the present embodiment, after notice is using the step of having obtained specified authority, also Including:Receive using application initiate obtain end message corresponding with specified authority when, to application return presupposed information or Perform do-nothing operation.Specifically, presupposed information can be, but not limited to for:End message corresponding from specified authority is different virtually to be believed Breath, empty data, miscue, redirect instruction etc..
According to the present embodiment, sensitive information or sensitive behaviour are actually obtained specifying authority using this in third-party application When making, corresponding presupposed information can be returned or perform do-nothing operation, such as:Contact person/short message information is read, is returned countless According to, reading position information, feedback virtual location etc., scheme through this embodiment, it is ensured that corresponding application can be normal Operation, while the sensitive information of user will not be revealed.
In the optional embodiment according to the present embodiment, can also preset default white list in systems, this is default white List saves the application of system trust, when the software of trust also applies for specifying authority, can select to let pass to it, establish dynamic Rights management table, is stored in the system subregions of equipment, support is externally provided in the form of read-only.Answered according to Request Notices With before having obtained specified authority, further include:
Whether S11, judge using in the list of default white list;
S12, when being judged as NO, determines to have obtained specified authority according to Request Notices application.
Optionally, presetting white list, (eXtensible Markup Language, are referred to as can expand markup language XML) formal file is stored in system partitioning.
Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation The method of example can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but very much In the case of the former be more preferably embodiment.Based on such understanding, technical scheme is substantially in other words to existing The part that technology contributes can be embodied in the form of software product, which is stored in a storage In medium (such as ROM/RAM, magnetic disc, CD), including some instructions are used so that a station terminal equipment (can be mobile phone, calculate Machine, server, or network equipment etc.) perform method described in each embodiment of the present invention.
Embodiment 2
A kind of rights management device, terminal are additionally provided in the present embodiment, are used for realization above-described embodiment and preferred reality Mode is applied, had carried out repeating no more for explanation.As used below, term " module " can realize the soft of predetermined function The combination of part and/or hardware.Although following embodiments described devices is preferably realized with software, hardware, or The realization of the combination of software and hardware is also what may and be contemplated.
Fig. 3 is the structure diagram of rights management device according to embodiments of the present invention, as shown in figure 3, the device includes:
Receiving module 30, for receiving using the application for obtaining specified authority, wherein, specify authority to include allowing to apply obtaining Take the authority of end message;
Notification module 32, in the case where not authorizing specified authority to application, notice application to have obtained specified power Limit.
Optionally, the specified authority in the present embodiment can be authority in the system such as Android, IOS, windows, can be with But it is not limited to:Read contact person, turn-on data switch, reading position information, short message reading information, reading SIM card information, reading Take account and key information, open manager's authority etc..
Optionally, in the present embodiment, using the third-party application in addition to including carrying software except system, or can install or Operation third-party application on the terminal device, such as Alipay, wechat, footpath between fields footpath between fields, financing are logical, it is of course also possible to be system from Band software, the system include the system that native system and depth customize, such as MIUI.
Optionally, device further includes:Module is returned to, for specified using having obtained according to Request Notices in notification module After authority, when receiving using applying for initiating to obtain end message corresponding with specified authority, returned to application and preset letter Breath performs do-nothing operation.Specifically, presupposed information includes at least one of:End message corresponding from specified authority is different Virtual information, empty data.
Optionally, device further includes:Judgment module, for specified using having obtained according to Request Notices in notification module Before authority, judge using whether in the list of default white list;Determining module, for when being judged as NO, determining basis Request Notices application has obtained specified authority.
Fig. 4 is the structure diagram of rights management terminal according to embodiments of the present invention, as shown in figure 4, including processor 40, The application of specified authority is obtained for receiving application, should according to Request Notices in the case where not authorizing specified authority to application With having obtained specified authority.The processor can be central processor CPU, microprocessor, assist process device etc..
Optionally, processor is additionally operable to after specified authority has been obtained according to Request Notices application, should receiving When initiating to obtain end message corresponding with specified authority with application, return to presupposed information to application or perform do-nothing operation.
Optionally, presupposed information includes at least one of:End message corresponding from specified authority is different virtually to be believed Breath, empty data.
It should be noted that above-mentioned modules can be realized by software or hardware, for the latter, Ke Yitong In the following manner realization is crossed, but not limited to this:Above-mentioned module is respectively positioned in same processor;Alternatively, above-mentioned modules are with any The form of combination is located in different processors respectively.
Embodiment 3
The present embodiment is that according to an alternative embodiment of the invention, the application is carried out for combining specific scene and example Describe in detail:
The present embodiment proposes a kind of concept of dynamic user-privilege management, can be directed to third-party application (application software), add A dynamic user-privilege management list, every authority in managing listings, while the third-party application is added not to exist and dynamic In management and control white list, then once third party carries out the application of management and control authority, then no matter whether user allows, and can all notify the 3rd Fang Yingyong has obtained this authority, but when third-party application is actually obtaining sensitive information or sensitive operation, can return Corresponding virtual information or do-nothing operation are returned, such as:Contact person/short message information is read, returns to no data, reading position letter Breath, feedback virtual location etc.;So as to ensure that corresponding application can be with normal operation, while the sensitive letter of user will not be revealed Breath.
The mode and terminal using dynamic user-privilege management of the present embodiment, comprises the following steps:
1. establishing dynamic user-privilege management table, this permissions list can be preserved with the XML form file of standard, be stored in In the system subregions of equipment, support is externally provided in the form of read-only.
2. when authority application, it is first determined whether being third-party application, three step process is if it is jumped to.
3. judge whether third-party application is in white list, it is if white list, then no without dynamic rights management and control Then, if no matter whether user allows the management and control authority, it can all adjust back notice and apply the licensed authority.
4. when application actually uses the specific information reading of authority progress or operation, according to the type of operation Feed back corresponding virtual information or empty information.Such as:The contact data of application query terminal, then we can return sky letter List (Cursor) is ceased, i.e., the application of application can be made to think terminal No Contact's information, or the position of application query terminal Information, we can build the information of a virtual longitude and latitude or place mobile cell, and the application of application can be obtained normally Information, but be non-accurate information again, effectively prevent leakage of private information.
Compared with correlation technique, the scheme of the present embodiment at least has the following advantages:Ensure that even if user does not authorize application Specific authority, using can also normally run, the sensitive information leakage and expense of the user effectively prevented are lost in.
The present embodiment also provides a kind of improved mode and terminal using dynamic user-privilege management, including:
Dynamic user-privilege management module:The management table of dynamic rights is established, and with the XML form storage of standard and equipment System subregions.
Authority application management module:For handling the authority application of user, whether resolution is third-party application, is judged at the same time Whether the third-party application is in management and control white list, and if necessary to management and control, authority license is returned for third-party application.
Virtual authority management module:It is responsible for the module feedback virtual information to carrying out dynamic rights license, this module Comparision is complicated, first has to judge user is specifically that what operation carried out, for example be to read contact person, short message or position Information etc., the then operation further according to user return to corresponding virtual information result.
Fig. 5 is general frame flow chart according to embodiments of the present invention, as shown in figure 5, including:
Step 501:The required authority of third-party application application, it is generally the case that application can be by the authority needed for oneself All disposable application comes out.
Step 502:For handling the authority application of user, whether resolution is third-party application, while judges the third party Whether using being in management and control white list, while whether the authority for distinguishing application belongs to the category of dynamic user-privilege management.
Step 503:If necessary to management and control, authority license is returned for third-party application.
Step 504:It is responsible for returning to virtual information to the module for carrying out dynamic rights license.
Fig. 6 is the process flow of dynamic rights application according to embodiments of the present invention, as shown in fig. 6, including:
Step 601:Receive the authority application of application.
Step 602:Judge whether the application is third-party application, if third-party application, then jumps to step 603, Otherwise step 608 is jumped to.
Step 603:Continue to judge that the application whether there is in dynamic user-privilege management white list, if it is, jumping to Step 608, step 604 is otherwise jumped to.
Step 604:The all permissions of application application are filtered, such as:Read contact person, open data, reading position letter Breath etc..
Step 605:Judge whether the authority of application application belongs to the authority of dynamic management and control.
Step 606:If belonging to the authority of dynamic management and control, return to dynamic and permit.
Step 607:If being not belonging to the authority of dynamic management and control, open result according to the authority of user's selection and returned Return.
Step 608:Acquiescence allows this to apply apllied all permissions.
Step 609:The rights objects of the call notification application application.
The process flow that Fig. 7 is virtual rights management according to embodiments of the present invention and information returns, as shown in fig. 7, bag Include:
Step 701:Apply in the case where authority dynamic is permitted, start to initiate read of sensitive information.
Step 702:What filtering user specifically read is any information or switchs what authority, such as associated person information, The information such as short message, positional information, or open the operation such as mobile data.
Step 703:In corresponding operate interface, feedback air information or structure virtual information, if sensitive permission Operation, then directly return, without corresponding operation.Such as:Return to empty associated person information list, build virtual position letter Breath, or when opening mobile data switch, data call etc. are not initiated really.
The foregoing is merely a kind of better embodiment of the present invention, it is not intended to limit the invention, it is all the present invention's Within spirit and principle, any modification, equivalent substitution and improvement for being made etc., should all be included in protection scope of the present invention It is interior.
The process flow embodiment of dynamic license:
Version in Android M versions and its afterwards, all third-party applications will not authorize any power again when mounted Limit, but need application operationally dynamically to apply for authority, below by exemplified by paying the first time start-up course of application, come Illustrate the process flow of dynamic license:
Alipay applies the authority that can apply for obtaining customer position information when first runs.
Since Alipay belongs to third-party application, so can prompt the user whether to allow, in currently available technology, if with The authority is refused at family, and Alipay application can be caused not run, and in the present embodiment, no matter whether user have rejected the authority, In the returning the result of system framework, all Alipay authority can be notified to be licensed, thereby may be ensured that Alipay application can be just Often start, if checked in the application management that user is set by system, the authority of this application is fully according to user in fact The result process of selection is presented, if user is refusal before, then and this authority shows as refusing on interface, conversely, Then show as allowing on interface, simply we with the addition of the third state in addition to refusal and permission in system framework, this Kind state is simultaneously not presented to user.
Above procedure is exactly the process flow of the dynamic license of the present embodiment.
The process flow of virtual authority structure:
After the sensitive permission of third-party application application is identified as dynamic license, really uses this authority in application and obtain Win the confidence breath when, we just need build virtual information.
Below equally by taking Alipay as an example, illustrate three kinds of embodiments for building virtual information:
The short multimedia message of Alipay application application is read authority and is identified as after dynamic permits, really needs to read in the application When, in platform framework, we judge that the application is by dynamic user-privilege management by the process ID or UID of application first , then in the application process short message reading database, by rebuild distribution one empty Cursor return to this into Journey substitutes normal data query process, and process reads the information in Cursor, hair after this return value Cursor is taken Existing content is sky, then it just will be considered that and any short message do not received on current mobile phone, will continue to flow below, so that Read real note data storehouse information.
The empty Cursor information architectures mentioned in above flow are very convenient, it is only necessary to Cursor objects new new mono-, Content in object is sky.
After the position authority of Alipay application application is identified as dynamic license, mobile phone is reported to the application in platform framework Positional information when, substituted by the Location information for rebuilding one random longitude and latitude of distribution comprising real longitude and latitude Positional information, wherein Location objects be platform provide a data class, we when build Location information, The object of mono- Location of new is needed, the information solicitations such as the longitude and latitude variable in Location are fed back to this for random value Using.
After the data switch authority of Alipay application application is identified as dynamic license, when application will actively open mobile number According to when, we equally in platform interface by the process ID or UID (User ID) of application judge the application whether be By dynamic user-privilege management, if it is, in the interface that platform opens mobile data, directly return and operate successfully, but not Data session (data_call) can really be initiated.
Embodiment 4
The embodiment of the present invention additionally provides a kind of storage medium.Alternatively, in the present embodiment, above-mentioned storage medium can The program code for performing following steps to be arranged to storage to be used for:
S1, receives the application that authority is specified in application acquisition, wherein, specify authority to include allowing using acquisition end message Authority;
S2, in the case where not authorizing specified authority to application, notice application has obtained specified authority.
Alternatively, in the present embodiment, above-mentioned storage medium can include but is not limited to:USB flash disk, read-only storage (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, magnetic disc or CD etc. is various can be with the medium of store program codes.
Alternatively, in the present embodiment, processor performs according to stored program code in storage medium and receives application The application for specifying authority is obtained, wherein, specify authority to include allowing the authority using end message is obtained;
Alternatively, in the present embodiment, processor is performed not to should according to stored program code in storage medium In the case of specified authority is authorized, notice application has obtained specified authority.
Alternatively, the specific example in the present embodiment may be referred to described in above-described embodiment and optional embodiment Example, details are not described herein for the present embodiment.
Obviously, those skilled in the art should be understood that above-mentioned each module of the invention or each step can be with general Computing device realize that they can be concentrated on single computing device, or be distributed in multiple computing devices and formed Network on, alternatively, they can be realized with the program code that computing device can perform, it is thus possible to which they are stored Performed in the storage device by computing device, and in some cases, can be with different from shown in order execution herein The step of going out or describing, they are either fabricated to each integrated circuit modules respectively or by multiple modules in them or Step is fabricated to single integrated circuit module to realize.Combined in this way, the present invention is not restricted to any specific hardware and software.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the invention, for the skill of this area For art personnel, the invention may be variously modified and varied.Within the spirit and principles of the invention, that is made any repaiies Change, equivalent substitution, improvement etc., should all be included in the protection scope of the present invention.

Claims (14)

  1. A kind of 1. right management method, it is characterised in that including:
    Receive application and obtain the application for specifying authority, wherein, the specified authority includes allowing the application to obtain end message Authority;
    In the case where not authorizing the specified authority to the application, the application is notified to obtain the specified authority.
  2. 2. according to the method described in claim 1, it is characterized in that, described notify the application to obtain the specified authority The step of after, the method further includes:
    When receiving the application application and initiating to obtain end message corresponding with the specified authority, to application return Presupposed information performs do-nothing operation.
  3. 3. according to the method described in claim 2, it is characterized in that, the presupposed information includes at least one of:With it is described Specify the different virtual information of the corresponding end message of authority, empty data.
  4. 4. according to the method described in claim 1, it is characterized in that, notify it is described application obtained the specified authority it Before, the method further includes:
    Judge the application whether in the list of default white list;
    When being judged as NO, determine to notify the application to obtain the specified authority.
  5. 5. according to the method described in claim 4, it is characterized in that, the default white list includes being stored in system partitioning Mark language XML formal file can be expanded.
  6. 6. method according to any one of claims 1 to 5, it is characterised in that the specified authority include it is following at least it One:Read contact person, turn-on data switch, reading position information, short message reading information, reading client identification module SIM card letter Breath.
  7. 7. method according to any one of claims 1 to 5, it is characterised in that the application includes to install or operating in Third-party application on terminal device.
  8. A kind of 8. rights management device, it is characterised in that including:
    Receiving module, the application of specified authority is obtained for receiving application, wherein, the specified authority includes allowing the application Obtain the authority of end message;
    Notification module, in the case where not authorizing the specified authority to the application, notifying the application to obtain The specified authority.
  9. 9. device according to claim 8, it is characterised in that described device further includes:
    Return module, for the notification module according to the Request Notices using obtained the specified authority it Afterwards, when receiving the application application and initiating to obtain end message corresponding with the specified authority, to application return Presupposed information performs do-nothing operation.
  10. 10. device according to claim 9, it is characterised in that the presupposed information includes at least one of:With it is described Specify the different virtual information of the corresponding end message of authority, empty data.
  11. 11. device according to claim 8, it is characterised in that described device further includes:
    Judgment module, for the notification module notify it is described application obtained the specified authority before, described in judgement Using whether in the list of default white list;
    Determining module, for when being judged as NO, determining to notify the application to obtain the specified authority.
  12. 12. a kind of rights management terminal, including processor, it is characterised in that
    The processor, the application of specified authority is obtained for receiving application, is not authorizing the specified authority to the application In the case of, applied according to the Request Notices and obtained the specified authority.
  13. 13. terminal according to claim 12, it is characterised in that
    The processor is additionally operable to, using after having obtained the specified authority, receiving according to the Request Notices When initiating to obtain end message corresponding with the specified authority to the application application, to application return presupposed information or Perform do-nothing operation.
  14. 14. terminal according to claim 13, it is characterised in that the presupposed information includes at least one of:With institute State the different virtual information of the corresponding end message of specified authority, empty data.
CN201610921884.3A 2016-10-21 2016-10-21 Right management method, device and terminal Withdrawn CN107979684A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201610921884.3A CN107979684A (en) 2016-10-21 2016-10-21 Right management method, device and terminal
PCT/CN2017/084917 WO2018072436A1 (en) 2016-10-21 2017-05-18 Privilege management method, device and terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610921884.3A CN107979684A (en) 2016-10-21 2016-10-21 Right management method, device and terminal

Publications (1)

Publication Number Publication Date
CN107979684A true CN107979684A (en) 2018-05-01

Family

ID=62003915

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610921884.3A Withdrawn CN107979684A (en) 2016-10-21 2016-10-21 Right management method, device and terminal

Country Status (2)

Country Link
CN (1) CN107979684A (en)
WO (1) WO2018072436A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109361807A (en) * 2018-10-25 2019-02-19 努比亚技术有限公司 Information access control method, mobile terminal and computer readable storage medium
CN110084047A (en) * 2019-03-20 2019-08-02 努比亚技术有限公司 A kind of access right control method, terminal and computer readable storage medium
CN110765426A (en) * 2019-10-22 2020-02-07 深圳市康冠智能科技有限公司 Equipment permission setting method, device, equipment and computer storage medium
CN111460428A (en) * 2020-03-20 2020-07-28 山东浪潮通软信息科技有限公司 Authority management method and device of android system and readable medium
CN112558556A (en) * 2019-09-10 2021-03-26 东芝泰格有限公司 Production line management system and management method of production line management system
CN113268185A (en) * 2021-05-31 2021-08-17 维沃移动通信(杭州)有限公司 Information providing method and device and electronic equipment

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109583178B (en) * 2018-10-09 2023-03-10 创新先进技术有限公司 Conference collaborative participation method and system
CN109740343A (en) * 2018-12-29 2019-05-10 百度在线网络技术(北京)有限公司 The authority control method and device of application
CN110210206B (en) * 2019-05-28 2021-04-06 维沃移动通信有限公司 Authority management method and terminal
CN111209559B (en) * 2019-12-23 2022-02-15 东软集团股份有限公司 Permission processing method and device of application program, storage medium and electronic equipment
CN112651040A (en) * 2020-12-15 2021-04-13 中国银联股份有限公司 Permission application method, component, device and computer readable storage medium
CN113127367B (en) * 2021-04-29 2024-01-12 东北大学 Defect detection method for Android dynamic permission application

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102693394A (en) * 2012-06-07 2012-09-26 奇智软件(北京)有限公司 Method and device for intercepting calling for service of application program
CN102693395A (en) * 2012-06-07 2012-09-26 奇智软件(北京)有限公司 Method and device for intercepting calling of application program for service
CN103729599A (en) * 2013-10-31 2014-04-16 深圳酷派技术有限公司 Data invoking processing method and device
CN104102358A (en) * 2014-07-18 2014-10-15 北京奇虎科技有限公司 Privacy information protecting method and privacy information protecting device
CN105095788A (en) * 2015-06-30 2015-11-25 北京奇虎科技有限公司 Method, device and system for private data protection
CN105930726A (en) * 2016-04-20 2016-09-07 广东欧珀移动通信有限公司 Processing method for malicious operation behavior and user terminal

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102693394A (en) * 2012-06-07 2012-09-26 奇智软件(北京)有限公司 Method and device for intercepting calling for service of application program
CN102693395A (en) * 2012-06-07 2012-09-26 奇智软件(北京)有限公司 Method and device for intercepting calling of application program for service
CN103729599A (en) * 2013-10-31 2014-04-16 深圳酷派技术有限公司 Data invoking processing method and device
CN104102358A (en) * 2014-07-18 2014-10-15 北京奇虎科技有限公司 Privacy information protecting method and privacy information protecting device
CN105095788A (en) * 2015-06-30 2015-11-25 北京奇虎科技有限公司 Method, device and system for private data protection
CN105930726A (en) * 2016-04-20 2016-09-07 广东欧珀移动通信有限公司 Processing method for malicious operation behavior and user terminal

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109361807A (en) * 2018-10-25 2019-02-19 努比亚技术有限公司 Information access control method, mobile terminal and computer readable storage medium
CN110084047A (en) * 2019-03-20 2019-08-02 努比亚技术有限公司 A kind of access right control method, terminal and computer readable storage medium
CN112558556A (en) * 2019-09-10 2021-03-26 东芝泰格有限公司 Production line management system and management method of production line management system
CN110765426A (en) * 2019-10-22 2020-02-07 深圳市康冠智能科技有限公司 Equipment permission setting method, device, equipment and computer storage medium
CN111460428A (en) * 2020-03-20 2020-07-28 山东浪潮通软信息科技有限公司 Authority management method and device of android system and readable medium
CN113268185A (en) * 2021-05-31 2021-08-17 维沃移动通信(杭州)有限公司 Information providing method and device and electronic equipment

Also Published As

Publication number Publication date
WO2018072436A1 (en) 2018-04-26

Similar Documents

Publication Publication Date Title
CN107979684A (en) Right management method, device and terminal
US9226145B1 (en) Verification of mobile device integrity during activation
EP3337219B1 (en) Carrier configuration processing method, device and system, and computer storage medium
EP2708069B1 (en) Sim lock for multi-sim environment
GB2457221A (en) Smart Card Web Server (SCWS) administration within a plurality of security domains
CN109905237B (en) Method for communicating with cellular network by mobile station
CN106330958A (en) Secure accessing method and device
US10136323B2 (en) Method and device for operating a mobile terminal in a mobile communication network
CN107871062A (en) A kind of application permission control method, device and terminal
CN104185179A (en) Control apparatus and method for subscriber identity module, and subscriber identity module
US9980128B2 (en) Method for modifying rights to security domain for smartcard, and server, smartcard, and terminal for same
JP2009130856A (en) Mobile terminal, application execution method, computer program, and system
CN106717042A (en) Method and devices for providing a subscription profile on a mobile terminal
CN106850545A (en) A kind of fine-grained access control method of Android mixing application
CN105723760A (en) Profile change management
CN112543169A (en) Authentication method, device, terminal and computer readable storage medium
CN114024717A (en) Application program flow control method, device, equipment and storage medium
CN112035807A (en) Object authentication method and apparatus, storage medium, and electronic apparatus
CN109992298B (en) Examination and approval platform expansion method and device, examination and approval platform and readable storage medium
CN108600242B (en) Account registration method, device and equipment of application software and readable storage medium
US11698994B2 (en) Method for a first start-up operation of a secure element which is not fully customized
US20070174348A1 (en) Databases synchronization
CN106376096B (en) Wireless network connection method and equipment thereof
CN111050323B (en) Terminal switching method, device and system
KR102310321B1 (en) Method and apparatus for providing web page using captive portal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20180501