CN108052803A - A kind of access control method, device and electronic equipment - Google Patents
A kind of access control method, device and electronic equipment Download PDFInfo
- Publication number
- CN108052803A CN108052803A CN201810001582.3A CN201810001582A CN108052803A CN 108052803 A CN108052803 A CN 108052803A CN 201810001582 A CN201810001582 A CN 201810001582A CN 108052803 A CN108052803 A CN 108052803A
- Authority
- CN
- China
- Prior art keywords
- accessed
- access
- verification
- verification result
- accesses
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 238000012795 verification Methods 0.000 claims abstract description 166
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 claims abstract description 17
- 230000006870 function Effects 0.000 claims description 22
- 235000013399 edible fruits Nutrition 0.000 claims description 6
- 238000012360 testing method Methods 0.000 claims description 2
- 238000012512 characterization method Methods 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000000605 extraction Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 238000002347 injection Methods 0.000 description 3
- 239000007924 injection Substances 0.000 description 3
- 241000406668 Loxodonta cyclotis Species 0.000 description 2
- 230000005611 electricity Effects 0.000 description 2
- 239000000243 solution Substances 0.000 description 2
- 238000010200 validation analysis Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
This application discloses a kind of access control method, device and electronic equipment, the described method includes:Obtain the access request that object is accessed in electronic equipment to being accessed object;The first verification is carried out to characterizing the first flag for accessing object, obtains the first verification result, wherein, first verification result shows whether the access object meets the first condition that can access the accessed object;Based on first verification result, allow or forbid being accessed object described in the access object accesses.The access object of the first condition of accessed object can be accessed satisfaction in the application can just allow to access accessed object, and for being unsatisfactory for the access object of condition it be forbidden to access accessed object, realize the security control of object accesses, protect software security.
Description
Technical field
This application involves technical field of data processing, more particularly to a kind of access control method, device and electronic equipment.
Background technology
With the development of technology, it can realize that the application of the software of various functions is also more and more extensive.But it is also faced with
Various malice are distorted and attacked, for example, caller is accessed by forged identity and calls some software object, object is broken
Bad property is changed so that software object is unable to operate normally, and corresponding function can not be provided for other users.
Therefore, there is an urgent need for a kind of implementations being had secure access to software object at present.
The content of the invention
In view of this, the purpose of the application is to provide a kind of access control method, device and electronic equipment, existing to solve
There is the technical issues of needing to carry out safe access control to software object in technology.
This application provides a kind of access control method, including:
Obtain the access request that object is accessed in electronic equipment to being accessed object;
The first verification is carried out to characterizing the first flag for accessing object, obtains the first verification result, wherein, described the
One verification result shows whether the access object meets the first condition that can access the accessed object;
Based on first verification result, allow or forbid being accessed object described in the access object accesses.
The above method, it is preferred that the object and the accessed object of accessing is executable component, can described in operation
Executive module can realize corresponding function.
The above method, it is preferred that the work(for accessing object and being realized with the accessed object on its each self-operating
It can be associated.
The above method, it is preferable that further include:
Second verification is carried out to the second identifier for characterizing the accessed object, obtains the second verification result, wherein, it is described
Second verification result show the accessed object whether meet can by it is described access object accesses second condition;
Wherein, based on first verification result, allow or forbid being accessed object, bag described in the access object accesses
It includes:
Based on first verification result and second verification result, allow or forbid described in the access object accesses
Accessed object.
The above method, preferably:
The accessed object carries out the first verification to characterizing the first flag for accessing object, obtains the first verification knot
Fruit;
The object that accesses carries out the second verification to the second identifier for characterizing the accessed object, obtains the second verification knot
Fruit.
The above method, it is preferable that before carrying out the second verification to the second identifier for characterizing the accessed object, the side
Method further includes:
The accessed object is obtained so that carry out the accessed object of the second verification and obtain the second verification knot
Accessed object after fruit is consistent.
The above method, it is preferable that based on first verification result and second verification result, allow or forbid described
It accesses and object is accessed described in object accesses, including:
If first verification result shows that the access object is the accessed default Lawful access pair of object
As and second verification result show object that the contents of object of the accessed object accesses with the access object needs
Title matches, and allows to be accessed object described in the access object accesses, otherwise, forbids quilt described in the access object accesses
Access object.
Present invention also provides a kind of access control apparatus, including:
Obtaining unit is asked, for obtaining the access request that object is accessed in electronic equipment to being accessed object;
First authentication unit for carrying out the first verification to characterizing the first flag for accessing object, obtains first and tests
For card as a result, wherein, first verification result, which shows whether the access object meets, can access the of the accessed object
One condition;
Access control unit for being based on first verification result, allows or forbids the access object accesses institute
State accessed object.
Above device, it is preferred that further include:
Second authentication unit for carrying out the second verification to the second identifier for characterizing the accessed object, obtains second
Verification result, wherein, second verification result shows whether the accessed object meets can be by the access object accesses
Second condition;
Wherein, the access control unit is specifically used for:Based on first verification result and second verification result,
Allow or forbid being accessed object described in the access object accesses.
Above device, it is preferred that second authentication unit is additionally operable to:In the second mark to characterizing the accessed object
Before knowledge is verified, the accessed object is obtained so that carry out the accessed object of the second verification and obtain the
Accessed object after two verification results is consistent.
Present invention also provides a kind of electronic equipment, including:
Memory, for storing data caused by application program and application program operation;
Processor, for performing the application program, to realize following functions:It obtains and object is accessed in electronic equipment to quilt
The access request of object is accessed, the first verification is carried out to characterizing the first flag for accessing object, obtains the first verification result,
Wherein, first verification result shows whether the access object meets the first condition that can access the accessed object,
Based on first verification result, allow or forbid being accessed object described in the access object accesses.
From said program, in a kind of access control method, device and electronic equipment that the application provides, in response to obtaining
The access request obtained is verified by the mark for accessing characterization object, to obtain showing accessing whether object can access quilt
The verification result of the first condition of object is accessed, so as to allow based on verification result control access object or forbid accessing interviewed
Ask object, the access object of the first condition of accessed object can be accessed satisfaction in the application as a result, can just allow to access quilt
Object is accessed, and for being unsatisfactory for the access object of condition it is forbidden to access accessed object, realizes the safety control of object accesses
System protects software security.
Description of the drawings
In order to illustrate more clearly of the technical solution in the embodiment of the present application, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, the accompanying drawings in the following description is only some embodiments of the present application, for
For those of ordinary skill in the art, without having to pay creative labor, it can also be obtained according to these attached drawings
His attached drawing.
Fig. 1~Fig. 3 is respectively a kind of flow chart for access control method that the embodiment of the present application one provides;
Fig. 4~Fig. 5 is respectively a kind of structure diagram for access control apparatus that the embodiment of the present application two provides;
Fig. 6 is the structure diagram for a kind of electronic equipment that the embodiment of the present application three provides;
Fig. 7 and Fig. 8 is respectively the application exemplary plot of the embodiment of the present application.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, the technical solution in the embodiment of the present application is carried out clear, complete
Site preparation describes, it is clear that described embodiments are only a part of embodiments of the present application, instead of all the embodiments.It is based on
Embodiment in the application, those of ordinary skill in the art are obtained every other without making creative work
Embodiment shall fall in the protection scope of this application.
With reference to figure 1, for a kind of realization flow chart for access control method that the embodiment of the present application one provides, this method can be with
Suitable for electronic equipment, which can be the terminal that mobile phone, pad, server etc. are capable of runs software object.
In the present embodiment, this method may comprise steps of:
Step 101:Obtain the access request that object is accessed in electronic equipment to being accessed object.
Wherein, access object access to accessed object including:Access object modification be accessed object it is interior perhaps
Person's rights parameters etc. can also include accessing the accessed object of object reference operation.
The access request can automatically generate according to operating status needs in electronic equipment or have user in operation electricity
Triggering generation during application in sub- equipment.
Step 102:The first flag for accessing characterization object carries out the first verification, obtains the first verification result.
Wherein, the first flag that can access characterization object in the present embodiment by being accessed object carries out the first verification,
Can specifically the verifications such as Message Digest 5 MD5 (Message Digest Algorithm) or Digital Signature Algorithm be utilized to calculate
Method carries out first flag the first verification, obtains the first verification result.
First verification result shows whether access object meets the first condition for being able to access that accessed object, for example,
Whether the access object is by the pre-set Lawful access object of accessed object, if it is not accessed object to access object
Lawful access object, then be exactly the first condition for being unsatisfactory for accessed object, if it is accessed object to access object
Lawful access object, then be exactly the first condition for meeting accessed object.
And the first flag for characterizing access object can be secret key or password etc., which can be from access request
Middle extraction can also obtain from accessing in object, the first flag of the access object can also be obtained from electronic equipment.
Step 103:Based on the first verification result, allow or access object accesses is forbidden to be accessed object.
Wherein, when the first verification result shows that the first condition of accessed object can be accessed by accessing object satisfaction, allow
It accesses object accesses and is accessed object, and if the first verification result shows that accessing object is unsatisfactory for that accessed object can be accessed
First condition, that is forbidden access object accesses to be accessed object, realizes the safe access control to being accessed object.
From said program, in a kind of access control method that the embodiment of the present application one provides, in response to the visit of acquisition
It asks request, is verified by the mark for accessing characterization object, to obtain showing accessing whether object can access accessed pair
The verification result of the first condition of elephant, so as to access object permission based on verification result control or forbid accessing accessed pair
As can access satisfaction the access object of the first condition of accessed object in the present embodiment as a result, can just allow to access to be interviewed
It asks object, and for being unsatisfactory for the access object of condition it is forbidden to access accessed object, realize the security control of object accesses,
Protect software security.
It should be noted that it can be software project such as executable group in executable application in electronic equipment to access object
Part, such as executable program .exe or dynamic link library file .dll.Accessed object can also can perform component, by more than
Object accesses are accessed, so as to realize corresponding function.
And access can be associated on the function that its each self-operating is realized between object and accessed object.For example,
Image transmitting can be realized by accessing object operation, and accessing object needs to call image in accessed object implementatio8 image transmitting to beat
Bag and decoded function, it is final to realize the transmission such as image transmission or acquisition;Alternatively, access object belongs to same with accessed object
One executable application in the executable application, is accessed object to access the subprocess function of object, accesses object and pass through tune
With the corresponding function of accessed object implementatio8.
In one implementation, the present embodiment carries out protected object except carrying out the first verification to accessing object
Outside safeguard protection, can also to access object carry out safeguard protection, be maliciously tampered to avoid accessed object, replace or
Illegal program is injected, is impacted to the normal operation for accessing object.
Specifically, as shown in Figure 2, in the present embodiment before step 103, it can also comprise the following steps:
Step 104:Second verification is carried out to the second identifier for characterizing accessed object, obtains the second verification result.
Wherein, the second verification can be carried out to the second identifier for characterizing accessed object by access object in the present embodiment,
Specifically the second verification can be carried out to second identifier using verification algorithms such as MD5 or Digital Signature Algorithms, obtain the second verification
As a result.
Second verification result show accessed object whether meet can by the second condition of current access object accesses,
For example, the contents of object of the accessed object whether with the object oriented phase of the object accessed required for current access object
Match somebody with somebody, if mismatched, then illustrate that being accessed object may be maliciously tampered or by injection forbidden code, exactly be unsatisfactory for visiting
The second condition of object is asked, if contents of object matches with object oriented, then be exactly to meet the second condition for accessing object.
And the second identifier for characterizing accessed object can be secret key or password etc., which can ask from accessing
Middle extraction is asked, can also be obtained from accessed object, the second mark of the accessed object can also be obtained from electronic equipment
Know.
It should be noted that step 102 can also perform after step 104, can also perform simultaneously, two steps
Execution sequence is not limited to shown in attached drawing, and the implementation of other execution sequences is in the protection domain of the application.
Correspondingly, step 103 can be accomplished by the following way:
Based on the first verification result and the second verification result, allow or access object accesses is forbidden to be accessed object.
Specifically, if the first verification result shows that accessing object satisfaction can access the first condition for being accessed object and the
Two verification results show that accessed object satisfaction can be by the second condition of current access object accesses, then allow to access object
Accessed object is accessed, access object accesses is otherwise just forbidden to be accessed object.
For example, show that it is the accessed default Lawful access object of object and second to access object in the first verification result
Verification result shows that the object oriented for the object that the contents of object of accessed object is accessed with accessing object needs matches, then
Access object accesses is allowed to be accessed object, otherwise, access object accesses are forbidden to be accessed object.
In addition, after in order to avoid meeting second condition in the accessed object of verification, exist distort accessed object or
The situation of forbidden code is injected, accessed object can be obtained in the present embodiment before being verified, as shown in Figure 3,
Before step 104, the method can also comprise the following steps:
Step 105:Accessed object is obtained so that the accessed object for carrying out the second verification is tested with obtaining second
The accessed object demonstrate,proved after result is consistent.
That is, accessed object is obtained before the second verification is carried out to accessed object in the present embodiment
It takes, and will not be by other object modifications after verification before guarantee verification, then legitimate verification is carried out, so as to ensure to verify by second
Accessed object afterwards is the accessed object for participating in verification, and centre is not distorted by other objects, so as to ensure the visit of object
Ask control safety.
With reference to figure 4, for a kind of structure diagram for access control apparatus that the embodiment of the present application two provides, which can be with
In the electronic device, which can be the terminal that mobile phone, pad, server etc. are capable of runs software object for deployment.
In the present embodiment, which can include with lower structure:
Obtaining unit 401 is asked, for obtaining the access request that object is accessed in electronic equipment to being accessed object.
Wherein, access object access to accessed object including:Access object modification be accessed object it is interior perhaps
Person's rights parameters etc. can also include accessing the accessed object of object reference operation.
The access request can automatically generate according to operating status needs in electronic equipment or have user in operation electricity
Triggering generation during application in sub- equipment.
First authentication unit 402 for carrying out the first verification to characterizing the first flag for accessing object, obtains first
Verification result.
Wherein, in the present embodiment, the first authentication unit 402 can by be accessed object in Implement of Function Module, also
It is to say, in the present embodiment, the first flag that object can be accessed characterization by being accessed object carries out the first verification, specifically can be with
Using verification algorithms such as Message Digest 5 MD5 (Message Digest Algorithm) or Digital Signature Algorithms to first
Mark carries out the first verification, obtains the first verification result.
First verification result shows whether access object meets the first condition for being able to access that accessed object, for example,
Whether the access object is by the pre-set Lawful access object of accessed object, if it is not accessed object to access object
Lawful access object, then be exactly the first condition for being unsatisfactory for accessed object, if it is accessed object to access object
Lawful access object, then be exactly the first condition for meeting accessed object.
And the first flag for characterizing access object can be secret key or password etc., which can be from access request
Middle extraction can also obtain from accessing in object, the first flag of the access object can also be obtained from electronic equipment.
Access control unit 403 for being based on first verification result, allows or forbids the access object accesses
The accessed object.
Wherein, when the first verification result shows that the first condition of accessed object can be accessed by accessing object satisfaction, access
Control unit 403 allows access object accesses to be accessed object, and if the first verification result shows that accessing object is unsatisfactory for energy
The first condition of accessed object is accessed, that access control unit 403 is forbidden access object accesses to be accessed object, realized to quilt
Access the safe access control of object.
From said program, in a kind of access control apparatus that the embodiment of the present application two provides, in response to the visit of acquisition
It asks request, is verified by the mark for accessing characterization object, to obtain showing accessing whether object can access accessed pair
The verification result of the first condition of elephant, so as to access object permission based on verification result control or forbid accessing accessed pair
As can access satisfaction the access object of the first condition of accessed object in the present embodiment as a result, can just allow to access to be interviewed
It asks object, and for being unsatisfactory for the access object of condition it is forbidden to access accessed object, realize the security control of object accesses,
Protect software security.
It should be noted that it can be software project such as executable group in executable application in electronic equipment to access object
Part, such as executable program .exe or dynamic link library file .dll.Accessed object can also can perform component, by more than
Object accesses are accessed, so as to realize corresponding function.
And access can be associated on the function that its each self-operating is realized between object and accessed object.For example,
Image transmitting can be realized by accessing object operation, and accessing object needs to call image in accessed object implementatio8 image transmitting to beat
Bag and decoded function, it is final to realize the transmission such as image transmission or acquisition;Alternatively, access object belongs to same with accessed object
One executable application in the executable application, is accessed object to access the subprocess function of object, accesses object and pass through tune
With the corresponding function of accessed object implementatio8.
In one implementation, the present embodiment to accessing object by accessed object except carrying out the first verification, to quilt
It accesses object to carry out outside safeguard protection, safeguard protection can also be carried out to accessing object, to avoid accessed object by malice
Illegal program is distorted, replaced or injected, is impacted to the normal operation for accessing object.
Specifically, as shown in Figure 5, it can also include in the present embodiment with lower structure:
Second authentication unit 404 for carrying out the second verification to the second identifier for characterizing the accessed object, obtains the
Two verification results.
Wherein, the second authentication unit 404 can be by the Implement of Function Module in access object, that is to say, that the present embodiment
In, the second verification can be carried out to the second identifier for characterizing accessed object by access object, can specifically utilize MD5 or number
The verification algorithms such as word signature algorithm carry out second identifier the second verification, obtain the second verification result.
Second verification result show accessed object whether meet can by the second condition of current access object accesses,
For example, the contents of object of the accessed object whether with the object oriented phase of the object accessed required for current access object
Match somebody with somebody, if mismatched, then illustrate that being accessed object may be maliciously tampered or by injection forbidden code, exactly be unsatisfactory for visiting
The second condition of object is asked, if contents of object and object oriented photograph, then be exactly to meet the second condition for accessing object.
And the second identifier for characterizing accessed object can be secret key or password etc., which can ask from accessing
Middle extraction is asked, can also be obtained from accessed object, the second mark of the accessed object can also be obtained from electronic equipment
Know.
Correspondingly, access control unit 403 is specifically used for:Based on first verification result and the second verification knot
Fruit allows or forbids being accessed object described in the access object accesses.
Specifically, if the first verification result shows that accessing object satisfaction can access the first condition for being accessed object and the
Two verification results show that accessed object satisfaction can be by the second condition of current access object accesses, then access control unit
403 allow to access object accesses and are accessed object, and otherwise access control unit 403, which is just forbidden accessing object accesses, is accessed pair
As.
For example, show that it is the accessed default Lawful access object of object and second to access object in the first verification result
Verification result shows that the object oriented for the object that the contents of object of accessed object is accessed with accessing object needs matches, then
Access object accesses is allowed to be accessed object, otherwise, access object accesses are forbidden to be accessed object.
In addition, after in order to avoid meeting second condition in the accessed object of verification, exist distort accessed object or
The situation of forbidden code is injected, accessed object can be obtained in the present embodiment before being verified, that is to say, that this implementation
The second authentication unit 404 is additionally operable in example:Before the second identifier to characterizing the accessed object is verified, to described
Accessed object is obtained so that is carried out the accessed object of the second verification and is obtained accessed pair after the second verification result
As consistent.
That is, in the present embodiment before the second verification is carried out to accessed object, the second authentication unit 404 will be by
Object is accessed to be obtained, and will not be by other object modifications after verification before guarantee verification, then legitimate verification is carried out, so as to protect
Card is to participate in the accessed object verified by the accessed object after the second verification, and centre is not distorted by other objects, from
And ensure the access control safety of object.
With reference to figure 6, for the structure diagram for a kind of electronic equipment that the embodiment of the present application three provides, which can be with
It is capable of the terminal of runs software object for mobile phone, pad, server etc..
Specifically, the electronic equipment can include:
Memory 601, for storing data caused by application program and application program operation.
Wherein, memory 601 may include the volatile memory in computer-readable medium, random access memory
(RAM) and/or the forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM), memory is included extremely
A few storage chip.
Processor 602, for performing the application program, to realize following functions:It obtains and object is accessed in electronic equipment
To being accessed the access request of object, the first verification is carried out to characterizing the first flag for accessing object, obtains the first verification
As a result, wherein, first verification result, which shows whether the access object meets, can access the first of the accessed object
Condition based on first verification result, allows or forbids being accessed object described in the access object accesses.
Wherein, the access object and the accessed object are executable component, run the executable component energy
Corresponding function is enough realized, for example, executable component is executable program or .dll dynamic link library files of .exe etc..And
The access object is associated on the function that its each self-operating is realized with the accessed object, such as the parent process in applying
Access incidence relation between subprocess.
In addition, in order to protect access object, processor 602 can also be to characterizing the accessed object in the present embodiment
Second identifier carry out the second verification, obtain the second verification result, wherein, second verification result shows described accessed pair
As if no satisfaction can be by the second condition of the access object accesses.As a result, processor 602 be based on first verification result and
Second verification result allows or forbids being accessed object described in the access object accesses.
If for example, first verification result shows that the access object is the accessed default legal visit of object
It asks object and second verification result shows that the contents of object of the accessed object and the access object need what is accessed
Object oriented matches, and processor 602 allows to be accessed object described in the access object accesses, and otherwise, processor 602 is forbidden
Object is accessed described in the access object accesses,
And in order to avoid after verifying that accessed object meets second condition, existing and distorting accessed object or injection
The situation of forbidden code, processor 602 can obtain accessed object before being verified so that carry out the quilt of the second verification
It is consistent with obtaining the accessed object after the second verification result to access object.
From said program, a kind of electronic equipment that the embodiment of the present application three provides in response to acquisition access request,
It is verified by the mark for accessing characterization object, to obtain showing accessing whether object can access the first of accessed object
The verification result of condition, so as to access object permission based on verification result control or forbid accessing accessed object, as a result, originally
The access object of the first condition of accessed object can be accessed satisfaction in embodiment can just allow to access accessed object, and right
In the access object for the condition that is unsatisfactory for it is forbidden to access accessed object, realize the security control of object accesses, protection software peace
Entirely.
Based on implementation above scheme, object and accessed object are accessed in order to protect in the present embodiment, proposes both sides to visiting
The scheme that the other side asked is each verified, as:Occurring access of the access object to being accessed object in the electronic device please
After asking, it is accessed object and carries out the first verification to accessing object, for example, whether the digital signature of authentication-access object is legal,
Meanwhile access object and the second verification is carried out to accessed object, such as whether the accessed object of verification is to distort, and is only accessed
Object is verified legal and accessed banknote validation and does not distort, and accessing object could allow accessed object to be accessed and be interviewed
It asks that object could allow access object accesses could be allowed to be accessed object, achievees the purpose that protect both sides;
Alternatively, after occurring accessing object in the electronic device to being accessed the access request of object, in electronic equipment
Functional control module such as control assembly etc. carries out the first verification to accessing object, for example, the digital signature of authentication-access object is
It is no legal, meanwhile, access control apparatus carries out accessed object the second verification, such as whether the accessed object of verification is to distort
Deng only accessing object is verified legal and accessed banknote validation and does not distort, and could allow to access object to accessed pair
As accessing, achieve the purpose that protect both sides.
Below to being illustrated in the present embodiment, as shown in Figure 7:
Comprising multiple process objects in computer, such as cmd.exe command objects and PcManagerService.exe orders pair
As etc., it, can be by running cmd.exe orders, to adjust when needing to stop PcManagerService.exe services in mobile phone
With PcManagerService.exe orders, service stopping is realized:
First, in order to protect PcManagerService.exe command objects, in the present embodiment
PcManagerService.exe can carry out signature verification to cmd.exe command objects, verify the digital signature of the cmd.exe
Whether it is legal signature, if it is then PcManagerService.exe allows for cmd.exe to call
PcManagerService.exe simultaneously performs stop orders therein, stops service;
Further, the PcManagerService.exe lives called in order to which cmd.exe orders is protected to avoid to being tampered
Whether order, cmd.exe orders verification PcManagerService.exe are tampered, and only the digital signature of cmd.exe is legal
Signature and PcManagerService.exe be not tampered with, can just cmd.exe be allowed to call
PcManagerService.exe simultaneously performs stop orders therein, stops service.
Alternatively, as shown in Figure 8:
Comprising multiple process objects in computer, as control assembly, cmd.exe command objects and
PcManagerService.exe command objects etc. when needing to stop PcManagerService.exe services, can pass through
Cmd.exe orders are run, to call PcManagerService.exe orders, realize service stopping:
First, in order to protect PcManagerService.exe command objects, control assembly is to cmd.exe in the present embodiment
Command object carries out signature verification, and whether the digital signature for verifying the cmd.exe is legal signature, if it is then control
Component allows for cmd.exe to call PcManagerService.exe and performs stop orders therein, stops service;
Further, the PcManagerService.exe lives called in order to which cmd.exe orders is protected to avoid to being tampered
Whether order, control assembly verification PcManagerService.exe are tampered, and only the digital signature of cmd.exe is legal label
Name and PcManagerService.exe be not tampered with, control assembly can just allow cmd.exe to call
PcManagerService.exe simultaneously performs stop orders therein, stops service.
It should be noted that each embodiment in this specification is described by the way of progressive, each embodiment weight
Point explanation is all difference from other examples, and just to refer each other for identical similar part between each embodiment.
Finally, it is to be noted that, herein, relational terms such as first and second and the like be used merely to by
One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation
Between there are any actual relationship or orders.Moreover, term " comprising ", "comprising" or its any other variant meaning
Covering non-exclusive inclusion, so that process, method, article or equipment including a series of elements not only include that
A little elements, but also including other elements that are not explicitly listed or further include for this process, method, article or
The intrinsic element of equipment.In the absence of more restrictions, the element limited by sentence "including a ...", is not arranged
Except also there are other identical elements in the process, method, article or apparatus that includes the element.
A kind of access control method, device and electronic equipment provided herein are described in detail above, this
Specific case is applied in text, and the principle and implementation of this application are described, the explanation of above example is only intended to
Help understands the present processes and its core concept;Meanwhile for those of ordinary skill in the art, the think of according to the application
Think, in specific embodiments and applications there will be changes, in conclusion this specification content should not be construed as pair
The limitation of the application.
Claims (10)
1. a kind of access control method, including:
Obtain the access request that object is accessed in electronic equipment to being accessed object;
The first verification is carried out to characterizing the first flag for accessing object, obtains the first verification result, wherein, described first tests
Card is the result shows that whether the access object meets the first condition that can access the accessed object;
Based on first verification result, allow or forbid being accessed object described in the access object accesses.
2. according to the method described in claim 1, it is characterized in that, the access object and the accessed object are that can hold
Row component, corresponding function can be realized by running the executable component.
3. method according to claim 1 or 2, which is characterized in that access object and the accessed object on
The function that its each self-operating is realized is associated.
4. method according to claim 1 or 2, which is characterized in that further include:
Second verification is carried out to the second identifier for characterizing the accessed object, obtains the second verification result, wherein, described second
Verification result show the accessed object whether meet can by it is described access object accesses second condition;
Wherein, based on first verification result, allow or forbid being accessed object described in the access object accesses, including:
Based on first verification result and second verification result, allow or forbid being interviewed described in the access object accesses
Ask object.
5. according to the method described in claim 4, it is characterized in that:
The accessed object carries out the first verification to characterizing the first flag for accessing object, obtains the first verification result;
The object that accesses carries out the second verification to the second identifier for characterizing the accessed object, obtains the second verification result.
6. according to the method described in claim 4, it is characterized in that, the is carried out to the second identifier for characterizing the accessed object
Before two verifications, the method further includes:
The accessed object is obtained so that after carrying out the accessed object of the second verification and obtaining the second verification result
Accessed object it is consistent.
7. according to the method described in claim 4, it is characterized in that, based on first verification result and the second verification knot
Fruit allows or forbids being accessed object described in the access object accesses, including:
If first verification result show the access object as the default Lawful access object of the accessed object and
Second verification result shows the object oriented that the contents of object of the accessed object is accessed with the access object needs
Match, allow to be accessed object described in the access object accesses, otherwise, forbid being accessed described in the access object accesses
Object.
8. a kind of access control apparatus, including:
Obtaining unit is asked, for obtaining the access request that object is accessed in electronic equipment to being accessed object;
First authentication unit for carrying out the first verification to characterizing the first flag for accessing object, obtains the first verification knot
Fruit, wherein, first verification result, which shows whether the access object meets, can access first of the accessed object
Part;
Access control unit for being based on first verification result, allows or forbids quilt described in the access object accesses
Access object.
9. device according to claim 8, which is characterized in that further include:
Second authentication unit for carrying out the second verification to the second identifier for characterizing the accessed object, obtains the second verification
As a result, wherein, second verification result shows whether the accessed object meets can be by the of the access object accesses
Two conditions;
Wherein, the access control unit is specifically used for:Based on first verification result and second verification result, allow
Or forbid being accessed object described in the access object accesses.
10. a kind of electronic equipment, including:
Memory, for storing data caused by application program and application program operation;
Processor, for performing the application program, to realize following functions:It obtains and object is accessed in electronic equipment to accessed
The access request of object carries out the first verification to characterizing the first flag for accessing object, obtains the first verification result,
In, first verification result shows whether the access object meets the first condition that can access the accessed object, base
In first verification result, allow or forbid being accessed object described in the access object accesses.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810001582.3A CN108052803B (en) | 2018-01-02 | 2018-01-02 | Access control method and device and electronic equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810001582.3A CN108052803B (en) | 2018-01-02 | 2018-01-02 | Access control method and device and electronic equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108052803A true CN108052803A (en) | 2018-05-18 |
CN108052803B CN108052803B (en) | 2021-11-16 |
Family
ID=62126213
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810001582.3A Active CN108052803B (en) | 2018-01-02 | 2018-01-02 | Access control method and device and electronic equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108052803B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111506661A (en) * | 2020-04-22 | 2020-08-07 | 腾讯科技(深圳)有限公司 | Content access management method, device and storage medium |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1942845A (en) * | 2004-04-15 | 2007-04-04 | 松下电器产业株式会社 | Access control device and electronic device |
US20120159156A1 (en) * | 2010-12-20 | 2012-06-21 | Microsoft Corporation | Tamper proof location services |
US20130191882A1 (en) * | 2012-01-19 | 2013-07-25 | Sap Ag | Access control of remote communication interfaces based on system-specific keys |
CN103823679A (en) * | 2014-02-24 | 2014-05-28 | 联想(北京)有限公司 | Information processing method and device |
US8904195B1 (en) * | 2013-08-21 | 2014-12-02 | Citibank, N.A. | Methods and systems for secure communications between client applications and secure elements in mobile devices |
CN105307137A (en) * | 2015-09-18 | 2016-02-03 | 小米科技有限责任公司 | Short message reading method and device |
CN105786551A (en) * | 2014-12-26 | 2016-07-20 | 北京元心科技有限公司 | Application program operation access control method and system |
WO2016154783A1 (en) * | 2015-03-27 | 2016-10-06 | 华为技术有限公司 | Control method and terminal for short message reading |
CN106330958A (en) * | 2016-09-29 | 2017-01-11 | 上海创功通讯技术有限公司 | Secure accessing method and device |
CN106506511A (en) * | 2016-11-17 | 2017-03-15 | 京东方科技集团股份有限公司 | A kind of address list information processing method, device |
CN106599622A (en) * | 2016-12-06 | 2017-04-26 | 福建中金在线信息科技有限公司 | Method and device for filtering application software interface program |
CN107154932A (en) * | 2017-04-07 | 2017-09-12 | 北京深思数盾科技股份有限公司 | The access control method and device of a kind of application |
-
2018
- 2018-01-02 CN CN201810001582.3A patent/CN108052803B/en active Active
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1942845A (en) * | 2004-04-15 | 2007-04-04 | 松下电器产业株式会社 | Access control device and electronic device |
US20120159156A1 (en) * | 2010-12-20 | 2012-06-21 | Microsoft Corporation | Tamper proof location services |
US20130191882A1 (en) * | 2012-01-19 | 2013-07-25 | Sap Ag | Access control of remote communication interfaces based on system-specific keys |
US8904195B1 (en) * | 2013-08-21 | 2014-12-02 | Citibank, N.A. | Methods and systems for secure communications between client applications and secure elements in mobile devices |
CN103823679A (en) * | 2014-02-24 | 2014-05-28 | 联想(北京)有限公司 | Information processing method and device |
CN105786551A (en) * | 2014-12-26 | 2016-07-20 | 北京元心科技有限公司 | Application program operation access control method and system |
WO2016154783A1 (en) * | 2015-03-27 | 2016-10-06 | 华为技术有限公司 | Control method and terminal for short message reading |
CN105307137A (en) * | 2015-09-18 | 2016-02-03 | 小米科技有限责任公司 | Short message reading method and device |
CN106330958A (en) * | 2016-09-29 | 2017-01-11 | 上海创功通讯技术有限公司 | Secure accessing method and device |
CN106506511A (en) * | 2016-11-17 | 2017-03-15 | 京东方科技集团股份有限公司 | A kind of address list information processing method, device |
CN106599622A (en) * | 2016-12-06 | 2017-04-26 | 福建中金在线信息科技有限公司 | Method and device for filtering application software interface program |
CN107154932A (en) * | 2017-04-07 | 2017-09-12 | 北京深思数盾科技股份有限公司 | The access control method and device of a kind of application |
Non-Patent Citations (2)
Title |
---|
MUHAMMAD FIQRI MUTHOHAR ET AL: "Mobile application access design for user-defined network infrastructure", 《IEEE》 * |
房梁 等: "基于谱聚类的访问控制异常权限配置挖掘机制", 《通信学报》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111506661A (en) * | 2020-04-22 | 2020-08-07 | 腾讯科技(深圳)有限公司 | Content access management method, device and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN108052803B (en) | 2021-11-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101216306B1 (en) | Updating configuration parameters in a mobile terminal | |
EP2149103B1 (en) | Method and apparatus for protecting simlock information in an electronic device | |
KR100932807B1 (en) | Run test enabled applications | |
US7693835B2 (en) | Client apparatus, device verification apparatus, and verification method | |
WO2015124018A1 (en) | Method and apparatus for application access based on intelligent terminal device | |
EP1680719B1 (en) | Method and device for controlling installation of applications using operator root certificates | |
CN108399329A (en) | A method of improving trusted application safety | |
CN106156635A (en) | Method for starting terminal and device | |
CN110149328A (en) | Interface method for authenticating, device, equipment and computer readable storage medium | |
CN104537302B (en) | A kind of safe starting method of terminal, device and terminal | |
JP2014509808A (en) | Mobile terminal encryption method, hardware encryption device, and mobile terminal | |
KR101250661B1 (en) | Security apparatus and method for mobile platform | |
CN103970540B (en) | Key Functions secure calling method and device | |
US20170201528A1 (en) | Method for providing trusted service based on secure area and apparatus using the same | |
CN109977039A (en) | HD encryption method for storing cipher key, device, equipment and readable storage medium storing program for executing | |
US11574046B2 (en) | Protecting a software program against tampering | |
JP5490114B2 (en) | Integrated circuit, method and electronic apparatus | |
CN101854357B (en) | Method and system for monitoring network authentication | |
CN108052803A (en) | A kind of access control method, device and electronic equipment | |
CN109145543A (en) | A kind of identity identifying method | |
CN102542698B (en) | Safety protective method of electric power mobile payment terminal | |
CN109359450A (en) | Safety access method, device, equipment and the storage medium of linux system | |
CN110008761A (en) | A kind of privacy information camouflage method | |
CN113868628A (en) | Signature verification method and device, computer equipment and storage medium | |
CN108449753B (en) | Method for reading data in trusted computing environment by mobile phone device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |