CN108769366B - Authority management method, device, mobile terminal and storage medium - Google Patents

Authority management method, device, mobile terminal and storage medium Download PDF

Info

Publication number
CN108769366B
CN108769366B CN201810351177.4A CN201810351177A CN108769366B CN 108769366 B CN108769366 B CN 108769366B CN 201810351177 A CN201810351177 A CN 201810351177A CN 108769366 B CN108769366 B CN 108769366B
Authority
CN
China
Prior art keywords
authority
user
management
preset
activated
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810351177.4A
Other languages
Chinese (zh)
Other versions
CN108769366A (en
Inventor
林志泳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority to CN201810351177.4A priority Critical patent/CN108769366B/en
Publication of CN108769366A publication Critical patent/CN108769366A/en
Application granted granted Critical
Publication of CN108769366B publication Critical patent/CN108769366B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72448User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions
    • H04M1/72463User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions to restrict the functionality of the device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72448User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment

Abstract

The embodiment of the invention discloses a method and a device for managing authority, a mobile terminal and a storage medium, wherein the method comprises the following steps: when the activation operation of a user on the management authority of the application program is obtained, the authority levels of all authorities in the management authority to be activated are obtained; judging whether the authority level of all the authorities is higher than a preset level or not; if the authority greater than the preset level exists, verifying the user information; receiving user authentication information input by a user; and judging whether the user verification information is matched with preset verification information or not, if so, activating the management authority to be activated, and if not, rejecting the activation operation. The method can avoid the user from activating the management authority of the application program by mistake, and can improve the stability of the system of the mobile terminal.

Description

Authority management method, device, mobile terminal and storage medium
Technical Field
The present invention relates to the field of mobile terminal technologies, and in particular, to a method and an apparatus for managing permissions, a mobile terminal, and a storage medium.
Background
Mobile terminals, such as mobile phones, have become one of the most common consumer electronics products in people's daily life. When a user uses a mobile phone, various third-party applications are often installed, and the third-party applications often activate the device manager function or the auxiliary function of the mobile terminal in various ways to obtain the device management authority, which is not favorable for the operation experience of the user and the safety of the mobile terminal.
Disclosure of Invention
In view of the foregoing problems, the present invention provides a method, an apparatus, a mobile terminal and a storage medium for managing permissions, so as to prevent a user from activating the management permissions of an application by mistake and improve the stability of a system of the mobile terminal.
In a first aspect, an embodiment of the present invention provides a method for rights management, where the method includes: when the activation operation of a user on the management authority of the application program is obtained, the authority levels of all authorities in the management authority to be activated are obtained; judging whether the authority level of all the authorities is higher than a preset level or not; if the authority greater than the preset level exists, verifying the user information; receiving user authentication information input by a user; and judging whether the user verification information is matched with preset verification information or not, if so, activating the management authority to be activated, and if not, rejecting the activation operation.
In a second aspect, an embodiment of the present invention provides a rights management device, where the device includes: the system comprises an authority level acquisition module, an authority level judgment module, a user verification module, a verification information receiving module, a verification information judgment module and an execution module, wherein the authority level acquisition module is used for acquiring authority levels of all authorities in management authorities to be activated when acquiring activation operation of a user on the management authorities of an application program after the function of the management authorities is activated; the permission level judging module is used for judging whether the permission with the permission level larger than a preset level exists in all the permissions; the user authentication module is used for authenticating user information if the authority greater than the preset level exists; the verification information receiving module is used for receiving user verification information input by a user; the verification information judging module is used for judging whether the user verification information is matched with preset verification information; the execution module is used for activating the management authority to be activated if the execution module is matched with the preset verification information, and refusing the activation operation if the execution module is not matched with the preset verification information.
In a third aspect, an embodiment of the present invention provides a mobile terminal, including a touch screen, a memory, and a processor, where the touch screen and the memory are coupled to the processor, and the memory stores instructions, and when the instructions are executed by the processor, the processor executes the rights management method provided in the first aspect.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium having a program code executable by a processor, where the program code causes the processor to execute the method for managing rights provided in the first aspect.
Compared with the prior art, the authority management method, the device, the mobile terminal and the storage medium provided by the invention have the advantages that when the activation operation of the management authority of the application program by the user is obtained, the authority levels of all authorities in the management authority to be activated are obtained, then whether the authority levels are larger than the preset level exists in all the authorities is judged, when the authority larger than the preset level exists, the user information is verified, the user verification information input by the user is received, finally whether the user verification information is matched with the preset verification information is judged, if the user verification information is matched with the preset verification information, the management authority to be activated is activated, and if the user verification information is not matched with the preset verification information, the activation operation is refused. Therefore, unreasonable use of the management authority caused by the fact that the user wrongly activates the management authority of the application program can be prevented, and system safety and stability of the mobile terminal are improved.
These and other aspects of the invention are apparent from and will be elucidated with reference to the embodiments described hereinafter.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 shows a flow chart of a rights management method proposed in a first embodiment of the present application;
fig. 2 is a schematic display diagram of a mobile terminal according to an embodiment of the present application;
fig. 3 is a schematic diagram illustrating another display of a mobile terminal according to an embodiment of the present application;
fig. 4 shows a flow chart of a rights management method proposed in a second embodiment of the present application;
fig. 5 is a block diagram showing the construction of a rights management apparatus according to a third embodiment of the present invention;
fig. 6 shows a block diagram of a mobile terminal according to an embodiment of the present application;
fig. 7 is a block diagram of a mobile terminal for performing a rights management method according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
At present, an intelligent system is an intelligent terminal operating system platform with the largest user group, an intelligent terminal is the most important electronic device which is most commonly used by many users at present, the users often install various third-party applications, and the third-party applications are often relatively rogue and can guide and activate the device manager function or the auxiliary function of the mobile phone in various ways, so that the intelligent system has the related management authority of the device manager or the auxiliary function. The user may not know what the device manager or auxiliary functions are, and will be directed to turn on.
When the Android device manager function is activated and opened by the application, the application can take over the application management authority of the mobile phone by using the function, and the mobile phone is subjected to a lot of important operations with high risks and authorities, such as clearing all data, changing a screen locking password, setting a password rule, monitoring the number of screen unlocking attempts, locking a screen, setting a device global proxy, setting the validity period of the screen locking password, setting storage device encryption, deactivating a camera, deactivating partial functions of screen locking and the like. When the application activates the auxiliary function of the Android and is opened, the application can use the authority of the function to perform background operations of various high-risk levels on the mobile phone, for example: the method comprises the steps of monitoring the operation of a user, monitoring which applications are used by the user, automatically simulating the operation of the user, automatically robbing a red envelope, automatically inputting an account number, capturing a screen and the like.
In view of the above problems, the inventor has studied for a long time and proposed a rights management method, an apparatus, a mobile terminal, and a storage medium provided in the embodiments of the present application, which determine a rights level of a management right to be activated for an application, verify user information when a right greater than a preset level exists, and activate the management right to be activated only when the right is matched with preset verification information, so as to avoid misuse of the management right due to activation of the management right of the application by mistake by a user, and improve system security and stability of the mobile terminal. The specific rights management method is described in detail in the following embodiments.
First embodiment
Referring to fig. 1, fig. 1 is a schematic flow chart illustrating a rights management method according to a first embodiment of the present application. The authority management method is used for verifying the user information when the user sets the management authority, and displaying the setting page of the management authority when the verification is passed, so that the system safety and stability of the mobile terminal are improved. In a specific embodiment, the rights management method is applied to the rights management device 200 shown in fig. 5 and a mobile terminal (fig. 6) configured with the rights management device 200. The following will describe a specific process of this embodiment by taking a mobile terminal as an example, and it is understood that the mobile terminal applied in this embodiment may be a smart phone, a tablet computer, a wearable electronic device, and the like, which is not limited specifically herein. As will be described in detail with respect to the flow shown in fig. 1, the rights management method may specifically include the following steps:
step S110: and when the activation operation of the management authority of the application program by the user is obtained, acquiring the authority levels of all the authorities in the management authority to be activated.
The Android SDK provides an Application Programming Interface (API) for managing the operating device, which is a device manager management class, and through the API, the Application can take over the Application authority of the mobile terminal, and perform very important, many courage, dangerous, and extremely high-authority operations on the mobile terminal, such as clearing all data, changing a lock screen password, setting a password rule, monitoring the number of screen unlocking attempts, locking a screen, setting a device global agent, setting a validity period of the lock screen password, setting storage device encryption, disabling a camera, disabling partial functions of screen locking, and the like.
In addition, an Accessibility Service (Accessibility Service) is also called barrier-free Service, and the starting point is to provide convenient services for the disabled through the interface by the application. Applications authorized to use the auxiliary function service may monitor the screen through the system interface, for example, monitor focus changes, monitor window changes, monitor input text, etc.; gestures may also be simulated through the system interface, such as simulated clicks, simulated swipes, simulated finger opens and closes, and the like. When the auxiliary function of the Android registered by the application is opened, the application can use the function to perform background operations of various high-risk levels on the mobile phone, for example: the method comprises the steps of monitoring the operation of a user, monitoring which applications are used by the user, automatically simulating the operation of the user, automatically robbing a red envelope, automatically inputting an account number, capturing a screen and the like.
Further, an application may register with the system using the DevicePolicyManager class to become the device manager of the mobile terminal, and in particular, after installation of an application using the DevicePolicyManager class, a settings-other settings-security and privacy-device manager interface of the mobile terminal may be displayed in a list indicating that the application may be activated as an application to become the device manager of the mobile terminal.
Similarly, after the application of the class capable of using the auxiliary function service is installed, an interface of the set auxiliary function service of the mobile terminal is displayed in a list, which indicates that the application can be activated as the application of the auxiliary function of the mobile terminal.
In the actual functions of managing the permissions, such as the device manager function or the auxiliary function, the user needs to make some third-party application programs have the function of managing the permissions, and the user needs to enter the setting page of the managing permissions first and then activate the managing permissions of the third-party application programs, so that the third-party application programs can have the managing permissions.
In the process that a user activates the management authority of the application program, the mobile terminal displays a setting page of the management authority under the operation of the user, wherein all the application programs capable of setting the management authority are displayed in the setting page. For example, referring to fig. 2, a setting page of the device manager displays a plurality of options corresponding to applications that can set the device manager, such as application a, application B, application C, application D, application E, application F, and the like. In addition, the activated or inactivated state of the device manager may be displayed at the option of each application.
When the user activates the application program which needs to activate the management authority, the user can click and select the option of the application program which needs to activate the management authority in the setting page. After the user clicks and selects the option of the application program in the setting page, the activation operation of the management authority of the application program can be triggered, so that the management authority of the application program is activated by subsequent execution.
In the embodiment of the invention, the management authority of the application program is not directly activated after the activation operation of the management authority of the application program by the user is obtained, but the authority levels of all the authorities to be activated are obtained.
The management authorities that different applications need to be activated are different because different applications have different functions, for example, the application a needs to activate the authorities 1, 2, and 3 when activating the management authority, and the application B needs to activate the authorities 2, 4, and 5 when activating the management authority.
After the activation operation of the management authority of the application program by the user is obtained, the to-be-activated management authority of the application program, namely the management authority to be activated, can be obtained first, and then the authority levels of all the authorities in the to-be-activated management authority are determined.
In the embodiment of the invention, the management authority comprises the authority corresponding to the device manager and the authority corresponding to the auxiliary function.
The authority corresponding to the device manager may include: clearing all data, changing a screen-locking password, setting password rules, monitoring the number of screen-unlocking attempts, locking a screen, setting a device global agent, setting the validity period of a screen-locking password, setting storage device encryption, deactivating a camera or deactivating screen locking, and the like. The authority corresponding to the auxiliary function may include: listening focus changing, monitoring window changing, monitoring input characters, simulating click, simulating sliding, simulating finger opening and closing and other authorities. Of course, the particular rights of the device manager and the auxiliary functions are not specifically limited herein.
In the embodiment of the invention, the levels of the authority in the management authority can be divided into a level 1, a level 2, a level 3 and a level 4 according to the importance degree of the authority, wherein the level 1 represents a low-level authority, the level 2 represents a medium-level authority, the level 3 represents a high-level authority, and the level 4 represents an ultrahigh-level authority. For example, all data is cleared, a screen locking password is changed and the like, corresponding to level 4, a click corresponding to level 3 is simulated, a monitoring window changes corresponding to level 2, and a camera corresponding to level 1 is called.
Further, all the permissions in the management permissions to be activated can be searched in the permissions corresponding to each level, so that permission levels of all the permissions of the management permissions to be activated are obtained.
Step S120: and judging whether the authority of which the authority level is greater than the preset level exists in all the authorities.
After obtaining the permission levels of all of the management permissions to be activated, the permission level of each permission may be compared with a preset level. The mobile terminal is preset and stores a preset grade, and the preset grade is used as a judgment basis for the authority grade of the management authority. It can be understood that, when the permission level is greater than the preset level, it indicates that there is a permission with higher importance in the management permission activated by the application program.
After comparing the permission level of each permission with the preset level, whether the permission greater than the preset level exists in all the permissions can be determined, so that the result that the permission greater than the preset level exists in all the permissions of the management permission to be activated is obtained, or the result that the permission greater than the preset level does not exist in all the permissions is obtained.
Step S130: and if the authority greater than the preset level exists, verifying the user information.
When the authority greater than the preset level exists in the management authority to be activated, it indicates that the application program needs to activate the authority with higher importance, and may cause loss to the mobile terminal of the user. Therefore, the authority with higher importance degree is not unreasonably used for avoiding the false activation of the operation activated by the user. Therefore, the user information can be verified to determine whether the operation is the operation of the user and whether the operation is normally performed by the user.
In the embodiment of the present invention, the verified user information may include a verified account number and password information, verified fingerprint information, verified face information, or verified verification code information. For example, the verification code information may be a verification code randomly generated by the system, and the user inputs the verification code for verification with reference to the generated verification code information. Of course, the specific way of verifying the user information is not limited in the embodiment of the present invention.
Further, the user information may be verified in a manner that prompts the user to enter user verification information. For example, referring to fig. 3, when the management authority of the device manager of the application is activated, such as when the device manager is activated for application a, a prompt box prompting the user to input user authentication information is displayed to allow the user to input the user authentication information.
Step S140: user authentication information input by a user is received.
It can be understood that, when the user information is verified, after the user verification information is input by the mobile terminal, the user verification information input by the user is correspondingly received by the user, so as to obtain the user verification information.
In the embodiment of the present invention, the user authentication information includes user account and password information input by a user, collected user fingerprint information, collected user face information, and authentication code information input by the user.
Step S150: and judging whether the user authentication information is matched with preset authentication information.
It can be understood that, after the user authentication information is obtained, an authentication process is performed, that is, whether the user authentication information matches the preset authentication information is determined. For example, when the user authentication information is fingerprint information, whether the obtained fingerprint information matches preset fingerprint information is judged, when the obtained fingerprint information matches the preset fingerprint information, the user authentication information is judged to match the preset authentication information, and when the obtained fingerprint information does not match the preset fingerprint information, the user authentication information is judged to not match the preset authentication information. For another example, when the user authentication information is authentication code information, it is determined whether the obtained authentication code information input by the user is consistent with an authentication code randomly generated by the system before the user inputs the authentication code, when the authentication code information input by the user is consistent with the authentication code randomly generated by the system, it is determined that the user authentication information is matched with the preset authentication information, and when the authentication code information input by the user is inconsistent with the authentication code randomly generated by the system, it is determined that the user authentication information is not matched with the preset authentication information.
Therefore, a result that the user authentication information is matched with the preset authentication information or a result that the user authentication information is not matched with the preset authentication information can be obtained.
Step S160: and if the management authority is matched with the preset verification information, activating the management authority to be activated.
When the user authentication information input by the user is judged to be not matched with the preset authentication information, the activation of the management authority of the application program at this time can be shown to be performed by the user himself or the operation normally required by the user himself, so that the management authority to be activated can be activated, and the application program can have the management authority to be activated.
Step S170: and if the verification information does not match the preset verification information, refusing the activation operation.
When the user authentication information input by the user is judged to be matched with the preset authentication information, it can be shown that the activation of the management authority of the application program may be performed by a non-user, and may also be an operation of setting the management authority by a user clicking by mistake. Therefore, the activation operation of the management authority of the application program at this time can be refused, so that the unreasonable use of the function of the management authority caused by the mistaken activation of the management authority of the application program is avoided, and the loss is brought to the user.
The authority management method provided in the first embodiment of the present invention obtains authority levels of all authorities in management authorities to be activated when obtaining an activation operation of a user on the management authority of an application program, then determines whether the authority levels are higher than a preset level in all authorities, verifies user information when the authority levels are higher than the preset level, receives user verification information input by the user, and finally determines whether the user verification information matches with the preset verification information, if so, activates the management authority to be activated, and if not, rejects the activation operation. Therefore, unreasonable use of the management authority caused by the fact that the user wrongly activates the management authority of the application program can be prevented, and system safety and stability of the mobile terminal are improved.
Second embodiment
Referring to fig. 4, fig. 4 is a flowchart illustrating a rights management method according to a second embodiment of the present application. As will be explained in detail with respect to the flow shown in fig. 4, the method may specifically include the following steps:
step S210: and when the activation operation of the management authority of the application program by the user is obtained, acquiring the corresponding relation between all the authorities in the management authority to be activated and the authority level.
In the embodiment of the present invention, after the activation operation of the management authority of the application program by the user is obtained, the to-be-activated management authority of the application program, that is, the management authority to be activated, may be obtained first, and then the corresponding relationship between all the authorities in the to-be-activated management authority and the authority level may be obtained, so as to determine the authority levels of all the authorities in the to-be-activated management authority.
In the embodiment of the invention, the corresponding relation between all the authorities for managing the authorities and the authority levels can be stored in the mobile terminal in advance. As an embodiment, the correspondence between all rights for managing rights and the rights level may be stored in the form of a correspondence table. It is understood that the correspondence table may include the rights in the management rights and the rights level corresponding to the rights, for example, the correspondence table may include: permission a-level 1.
Step S220: and acquiring the permission levels of all the permissions based on the corresponding relation.
After the corresponding relationship table is obtained, permission levels corresponding to all permissions of the management permission can be searched from the corresponding relationship table to obtain permission levels of all permissions in the management permission to be activated.
Step S230: and judging whether the authority of which the authority level is greater than the preset level exists in all the authorities.
Step S240: and if the authority greater than the preset level exists, verifying the user information.
Step S250: user authentication information input by a user is received.
Step S260: and judging whether the user authentication information is matched with preset authentication information.
Step S270: and if the management authority is matched with the preset verification information, activating the management authority to be activated.
In this embodiment of the present invention, if it is determined that the management authority to be activated is matched with the preset verification information, the activating the management authority to be activated may include:
if the application program is matched with the preset verification information, the security rating of the application program is obtained; judging whether the security rating is higher than a preset rating; and if the safety rating is higher than the preset rating, activating the management authority to be activated.
It is understood that after the user authentication information is determined to match the preset authentication information, it may be determined whether the security rating is higher than the preset rating to determine whether the application is a secure application. And activating the management authority to be activated when the safety rating is determined to be higher than the preset rating. Therefore, when the application program is an unsafe application program, the unreasonable use of the management authority can be further prevented from being caused after the management authority is activated, and the loss is brought to the user.
In an embodiment of the present invention, obtaining the security rating of the application program may include:
sending an acquisition request of the security rating of the application program to a server; and receiving the security rating of the application program returned by the server.
It is understood that the security rating of the application may be obtained from a server storing the security ratings of a plurality of applications. Since the server typically updates the security rating of the stored application, the manner in which the security rating of the application is obtained from the server may make the obtained security rating more accurate and reliable.
In addition, in the embodiment of the present invention, after the management authority of the application program is activated, the usage of the management authority by the application program may be monitored. Some very important rights, such as rights to clear data, etc., may be stored in the mobile terminal as preset rights. When the application program enables the preset authority, the application program is indicated to perform unsafe operation. Accordingly, the prompt information may be output to prompt the user, thereby reducing the loss of the user.
Of course, when the application program enables the preset authority, the management authority of the application program can be directly closed, so that the management authority of the application program is changed from the activated state to the inactivated state.
Step S280: and if the verification information does not match the preset verification information, refusing the activation operation.
In this embodiment of the present invention, when the user authentication information does not match the preset authentication information, after the activation operation is rejected, the method for managing rights may further include:
and storing the corresponding relation between the event of which the activation operation is rejected and the application program.
It is to be understood that, in order to make the system or the user know the event that the activation operation of the management authority for each application is rejected, the corresponding relationship between the event that the activation operation is rejected for each time and the application may be stored after the activation operation of the management authority is rejected for each time.
In the authority management method provided in the second embodiment of the present invention, when activation operation of a user on a management authority of an application program is obtained, a correspondence between all authorities in the management authority to be activated and authority levels is obtained to obtain authority levels of all authorities, it is then determined whether there is an authority whose authority level is greater than a preset level in all authorities, when there is an authority greater than a preset level, user information is verified, it is then determined whether received user authentication information matches with preset authentication information, when matching, it is determined again whether a security rating of the application program is matched, and when the security rating is greater than the preset rating, the management authority to be activated of the application program is activated. Therefore, the activation operation of the application program can be judged and verified for multiple times, the management authority of the application program is more effectively prevented from being activated by mistake, the situation that the management authority is unreasonably used by the application program is avoided, and the system safety and stability of the mobile terminal are further improved.
Third embodiment
Referring to fig. 5, fig. 5 is a block diagram illustrating a rights management device 200 according to a third embodiment of the present application. As will be explained below with respect to the block diagram shown in fig. 5, the rights management device 200 includes: an authority level obtaining module 210, an authority level judging module 220, a user verifying module 230, a verification information receiving module 240, a verification information judging module 250 and an executing module 260. The permission level acquisition module is used for acquiring permission levels of all permissions in the management permission to be activated when acquiring activation operation of a user on the management permission of the application program after the function of the management permission is activated; the permission level judging module is used for judging whether the permission with the permission level larger than a preset level exists in all the permissions; the user authentication module is used for authenticating user information if the authority greater than the preset level exists; the verification information receiving module is used for receiving user verification information input by a user; the verification information judging module is used for judging whether the user verification information is matched with preset verification information; the execution module is used for activating the management authority to be activated if the execution module is matched with the preset verification information, and refusing the activation operation if the execution module is not matched with the preset verification information.
In the embodiment of the present invention, the permission level obtaining module includes a corresponding relationship obtaining unit and a permission level determining unit. The corresponding relation obtaining unit is used for obtaining the corresponding relation between all the authorities in the management authority to be activated and the authority level when obtaining the activation operation of a user on the management authority of the application program; the permission level determining unit is used for acquiring permission levels of all permissions based on the corresponding relation.
In the embodiment of the invention, the execution module comprises a rating acquisition unit, a rating judgment unit and an activation execution unit. The rating acquisition unit is used for acquiring the security rating of the application program if the rating acquisition unit is matched with the preset verification information; the rating judging unit is used for judging whether the security rating is higher than a preset rating; the activation execution unit is used for activating the management authority to be activated if the safety rating is higher than the preset rating.
Further, the rating obtaining unit is specifically configured to: sending an acquisition request of the security rating of the application program to a server; and receiving the security rating of the application program returned by the server.
In an embodiment of the present invention, the rights management apparatus may further include: and a prompt output module. The prompt output module is used for outputting prompt information when monitoring that the application program enables the preset authority in the management authority to be activated.
In an embodiment of the present invention, the rights management apparatus may further include: and a relation storage module. And the relation storage module is used for storing the corresponding relation between the event of which the activation operation is rejected and the application program.
To sum up, compared with the prior art, the permission management method, the device, the mobile terminal and the storage medium provided by the invention, when the activation operation of the management permission of the application program by the user is obtained, the permission levels of all permissions in the management permission to be activated are obtained, then whether the permission levels are larger than the preset level exists in all the permissions is judged, when the permission levels are larger than the preset level, the user information is verified, the user verification information input by the user is received, finally whether the user verification information is matched with the preset verification information is judged, if the user verification information is matched with the preset verification information, the management permission to be activated is activated, and if the user verification information is not matched with the preset verification information, the activation operation is rejected. Therefore, unreasonable use of the management authority caused by the fact that the user wrongly activates the management authority of the application program can be prevented, and system safety and stability of the mobile terminal are improved.
It should be noted that, in the present specification, the embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. For the device-like embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment. For any processing manner described in the method embodiment, all the processing manners may be implemented by corresponding processing modules in the apparatus embodiment, and details in the apparatus embodiment are not described again.
Referring to fig. 6 again, based on the above rights management method and apparatus, an embodiment of the invention further provides a mobile terminal 100, which includes an electronic body 10, where the electronic body 10 includes a housing 12 and a main display 120 disposed on the housing 12. The housing 12 may be made of metal, such as steel or aluminum alloy. In this embodiment, the main display 120 generally includes a display panel 111, and may also include a circuit or the like for responding to a touch operation performed on the display panel 111. The Display panel 111 may be a Liquid Crystal Display (LCD) panel, and in some embodiments, the Display panel 111 is a touch screen 109.
Referring to fig. 7, in an actual application scenario, the mobile terminal 100 may be used as a smart phone terminal, in which case the electronic body 10 generally further includes one or more processors 102 (only one is shown in the figure), a memory 104, an RF (Radio Frequency) module 106, an audio circuit 110, a sensor 114, an input module 118, and a power module 122. It will be understood by those skilled in the art that the structure shown in fig. 7 is merely illustrative and is not intended to limit the structure of the electronic body 10. For example, the electronics body section 10 may also include more or fewer components than shown in FIG. 7, or have a different configuration than shown in FIG. 6.
Those skilled in the art will appreciate that all other components are peripheral devices with respect to the processor 102, and the processor 102 is coupled to the peripheral devices through a plurality of peripheral interfaces 124. The peripheral interface 124 may be implemented based on the following criteria: universal Asynchronous Receiver/Transmitter (UART), General Purpose Input/Output (GPIO), Serial Peripheral Interface (SPI), and Inter-Integrated Circuit (I2C), but the present invention is not limited to these standards. In some examples, the peripheral interface 124 may comprise only a bus; in other examples, the peripheral interface 124 may also include other elements, such as one or more controllers, for example, a display controller for interfacing with the display panel 111 or a memory controller for interfacing with a memory. These controllers may also be separate from the peripheral interface 124 and integrated within the processor 102 or a corresponding peripheral.
The memory 104 may be used to store software programs and modules, and the processor 102 executes various functional applications and data processing by executing the software programs and modules stored in the memory 104. The memory 104 may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory. In some examples, the memory 104 may further include memory located remotely from the processor 102, which may be connected to the electronic body portion 10 or the primary display 120 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The RF module 106 is configured to receive and transmit electromagnetic waves, and achieve interconversion between the electromagnetic waves and electrical signals, so as to communicate with a communication network or other devices. The RF module 106 may include various existing circuit elements for performing these functions, such as an antenna, a radio frequency transceiver, a digital signal processor, an encryption/decryption chip, a Subscriber Identity Module (SIM) card, memory, and so forth. The RF module 106 may communicate with various networks such as the internet, an intranet, a wireless network, or with other devices via a wireless network. The wireless network may comprise a cellular telephone network, a wireless local area network, or a metropolitan area network. The Wireless network may use various Communication standards, protocols, and technologies, including, but not limited to, Global System for Mobile Communication (GSM), Enhanced Mobile Communication (Enhanced Data GSM Environment, EDGE), wideband Code division multiple Access (W-CDMA), Code Division Multiple Access (CDMA), Time Division Multiple Access (TDMA), Wireless Fidelity (WiFi) (e.g., Institute of Electrical and Electronics Engineers (IEEE) standard IEEE 802.10A, IEEE802.11 b, IEEE802.1 g, and/or IEEE802.11 n), Voice over internet protocol (VoIP), world wide mail Access (Microwave for Wireless Communication), Wi-11 Wireless Access (wimax), and any other suitable protocol for instant messaging, and may even include those protocols that have not yet been developed.
The audio circuitry 110, earpiece 101, sound jack 103, microphone 105 collectively provide an audio interface between a user and the electronic body portion 10 or the main display 120. Specifically, the audio circuit 110 receives sound data from the processor 102, converts the sound data into an electrical signal, and transmits the electrical signal to the earpiece 101. The earpiece 101 converts the electrical signal into sound waves that can be heard by the human ear. The audio circuitry 110 also receives electrical signals from the microphone 105, converts the electrical signals to sound data, and transmits the sound data to the processor 102 for further processing. Audio data may be retrieved from the memory 104 or through the RF module 106. In addition, audio data may also be stored in the memory 104 or transmitted through the RF module 106.
The sensor 114 is disposed in the electronic body portion 10 or the main display 120, examples of the sensor 114 include, but are not limited to: light sensors, operational sensors, pressure sensors, gravitational acceleration sensors, and other sensors.
Specifically, the light sensors may include a light sensor 114F, a pressure sensor 114G. Among them, the pressure sensor 114G may detect a pressure generated by pressing on the mobile terminal 100. That is, the pressure sensor 114G detects pressure generated by contact or pressing between the user and the mobile terminal, for example, contact or pressing between the user's ear and the mobile terminal. Accordingly, the pressure sensor 114G may be used to determine whether contact or pressing has occurred between the user and the mobile terminal 100, as well as the magnitude of the pressure.
Referring to fig. 7 again, in the embodiment shown in fig. 7, the light sensor 114F and the pressure sensor 114G are disposed adjacent to the display panel 111. The light sensor 114F may turn off the display output when an object is near the main display 120, for example, when the electronic body portion 10 moves to the ear.
As one of the motion sensors, the gravity acceleration sensor can detect the magnitude of acceleration in various directions (generally three axes), detect the magnitude and direction of gravity when stationary, and can be used for applications (such as horizontal and vertical screen switching, related games, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping) and the like for recognizing the attitude of the mobile terminal 100. In addition, the electronic body 10 may also be configured with other sensors such as a gyroscope, a barometer, a hygrometer and a thermometer, which are not described herein,
in this embodiment, the input module 118 may include the touch screen 109 disposed on the main display 120, and the touch screen 109 may collect touch operations of the user (for example, operations of the user on or near the touch screen 109 using any suitable object or accessory such as a finger, a stylus, etc.) and drive the corresponding connection device according to a preset program. Optionally, the touch screen 109 may include a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch detection device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 102, and can receive and execute commands sent by the processor 102. In addition, the touch detection function of the touch screen 109 may be implemented by various types, such as resistive, capacitive, infrared, and surface acoustic wave. In addition to the touch screen 109, in other variations, the input module 118 may include other input devices, such as keys 107. The keys 107 may include, for example, character keys for inputting characters, and control keys for activating control functions. Examples of such control keys include a "back to home" key, a power on/off key, and the like.
The main display 120 is used to display information input by a user, information provided to the user, and various graphic user interfaces of the electronic body section 10, which may be composed of graphics, text, icons, numbers, video, and any combination thereof, and in one example, the touch screen 109 may be provided on the display panel 111 so as to be integrated with the display panel 111.
The power module 122 is used to provide power supply to the processor 102 and other components. Specifically, the power module 122 may include a power management system, one or more power sources (e.g., batteries or ac power), a charging circuit, a power failure detection circuit, an inverter, a power status indicator light, and any other components associated with the generation, management, and distribution of power within the electronic body portion 10 or the primary display 120.
The mobile terminal 100 further comprises a locator 119, the locator 119 being configured to determine an actual location of the mobile terminal 100. In this embodiment, the locator 119 implements the positioning of the mobile terminal 100 by using a positioning service, which is understood to be a technology or a service for obtaining the position information (e.g., longitude and latitude coordinates) of the mobile terminal 100 by using a specific positioning technology and marking the position of the positioned object on an electronic map.
It should be understood that the mobile terminal 100 described above is not limited to a smartphone terminal, but it should refer to a computer device that can be used in mobility. Specifically, the mobile terminal 100 refers to a mobile computer device equipped with an intelligent operating system, and the mobile terminal 100 includes, but is not limited to, a smart phone, a smart watch, a tablet computer, and the like.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
The logic and/or steps represented in the flowcharts or otherwise described herein, e.g., an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (mobile terminal) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments. In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc. Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art will understand that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not necessarily depart from the spirit and scope of the corresponding technical solutions.

Claims (9)

1. A method of rights management, the method comprising:
displaying a setting page of management authority;
when the activation operation of the user on the management authority of the application program in the setting page is obtained, acquiring authority levels of all authorities in the management authority to be activated, wherein the management authority comprises the authority corresponding to a device manager in the android system and the authority corresponding to the auxiliary function;
judging whether the authority level of all the authorities is higher than a preset level or not;
if the authority greater than the preset level exists, verifying the user information;
receiving user authentication information input by a user;
judging whether the user verification information is matched with preset verification information or not, if so, activating the management authority to be activated, and if not, rejecting the activation operation;
and outputting prompt information when the application program is monitored to enable the preset authority in the management authority to be activated.
2. The method according to claim 1, wherein the obtaining the permission levels of all the permissions in the management permissions to be activated when obtaining the activation operation of the user on the management permissions of the application program comprises:
when the activation operation of a user on the management authority of an application program is obtained, acquiring the corresponding relation between all authorities in the management authority to be activated and authority levels;
and acquiring the permission levels of all the permissions based on the corresponding relation.
3. The method according to claim 1, wherein if the preset authentication information is matched, activating the management authority to be activated comprises:
if the application program is matched with the preset verification information, the security rating of the application program is obtained;
judging whether the security rating is higher than a preset rating;
and if the safety rating is higher than the preset rating, activating the management authority to be activated.
4. The method of claim 3, wherein obtaining the security rating of the application comprises:
sending an acquisition request of the security rating of the application program to a server;
and receiving the security rating of the application program returned by the server.
5. The method of claim 1, wherein after denying the activation operation if the authentication information does not match the predetermined authentication information, the method further comprises:
and storing the corresponding relation between the event of which the activation operation is rejected and the application program.
6. The method according to any one of claims 1 to 5, wherein the authentication user information comprises an authentication account number and password information, authentication fingerprint information, or authentication face information.
7. A rights management apparatus, characterized in that the apparatus comprises: an authority level obtaining module, an authority level judging module, a user verifying module, a verification information receiving module, a verification information judging module, an executing module and a prompt output module, wherein,
the permission level acquisition module is used for displaying a setting page of management permission, and acquiring permission levels of all permissions in the management permission to be activated when activation operation of a user on the management permission of an application program in the setting page is acquired after a function of the management permission is activated, wherein the management permission comprises the permission corresponding to a device manager in an android system and the permission corresponding to an auxiliary function;
the permission level judging module is used for judging whether the permission with the permission level larger than a preset level exists in all the permissions;
the user authentication module is used for authenticating user information if the authority greater than the preset level exists;
the verification information receiving module is used for receiving user verification information input by a user;
the verification information judging module is used for judging whether the user verification information is matched with preset verification information;
the execution module is used for activating the management authority to be activated if the execution module is matched with the preset verification information, and refusing the activation operation if the execution module is not matched with the preset verification information;
and the prompt output module is used for outputting prompt information when monitoring that the application program enables a preset authority in the management authority to be activated.
8. A mobile terminal comprising a touch screen, a memory, and a processor, the touch screen and the memory coupled to the processor, the memory storing instructions that, when executed by the processor, the processor performs the method of any of claims 1-6.
9. A computer-readable storage medium having program code executable by a processor, the program code causing the processor to perform the method of any of claims 1-6.
CN201810351177.4A 2018-04-18 2018-04-18 Authority management method, device, mobile terminal and storage medium Active CN108769366B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810351177.4A CN108769366B (en) 2018-04-18 2018-04-18 Authority management method, device, mobile terminal and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810351177.4A CN108769366B (en) 2018-04-18 2018-04-18 Authority management method, device, mobile terminal and storage medium

Publications (2)

Publication Number Publication Date
CN108769366A CN108769366A (en) 2018-11-06
CN108769366B true CN108769366B (en) 2021-08-17

Family

ID=64011086

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810351177.4A Active CN108769366B (en) 2018-04-18 2018-04-18 Authority management method, device, mobile terminal and storage medium

Country Status (1)

Country Link
CN (1) CN108769366B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112084488A (en) * 2020-08-27 2020-12-15 广州新视展投资咨询有限公司 Application authority management method, device and system
CN113643042B (en) * 2021-08-20 2024-04-05 武汉极意网络科技有限公司 Security verification system based on online business security
CN114760448B (en) * 2022-06-15 2022-09-02 深圳市鼎山科技有限公司 Intelligent 5G video monitoring system and method based on short message remote activation

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103810419B (en) * 2014-02-13 2018-01-05 北京宝利明威软件股份有限公司 One kind applies anti-uninstall method and apparatus
CN104537314A (en) * 2014-12-25 2015-04-22 北京网秦天下科技有限公司 Processing method and device for device manager
CN105701398B (en) * 2015-12-30 2019-06-21 北京金山安全软件有限公司 Method and device for opening auxiliary function permission and electronic equipment
CN106446653A (en) * 2016-09-30 2017-02-22 北京小米移动软件有限公司 Application authority management method and device and electronic equipment
CN106778138A (en) * 2016-12-27 2017-05-31 东华互联宜家数据服务有限公司 The control method and device of software license limit
CN106951742A (en) * 2017-03-21 2017-07-14 北京明朝万达科技股份有限公司 The method and apparatus that a kind of application for preventing Android system is unloaded
CN106886692A (en) * 2017-03-23 2017-06-23 北京金山安全软件有限公司 Application program using method and device and electronic equipment
CN107391982A (en) * 2017-07-25 2017-11-24 上海传英信息技术有限公司 A kind of method for managing user right and user authority management system based on intelligent terminal
CN107894908A (en) * 2017-11-22 2018-04-10 解君 A kind of rapid-setting method of intelligent terminal

Also Published As

Publication number Publication date
CN108769366A (en) 2018-11-06

Similar Documents

Publication Publication Date Title
CN108712561B (en) Authority management method, device, mobile terminal and storage medium
CN106293751B (en) Method for displaying information on terminal equipment and terminal equipment
CN108710795B (en) Information prompting method and device, mobile terminal and storage medium
CN105306204B (en) Security verification method, device and system
CN108038393B (en) Application privacy protection method and mobile terminal
US20160226674A1 (en) Method and apparatus for controlling smart device
CN106778175B (en) Interface locking method and device and terminal equipment
CN108537011B (en) Application permission processing method, terminal and server
CN108737638B (en) Application control method and device, mobile terminal and computer readable medium
KR20150080736A (en) Method for executing a function and Electronic device using the same
KR20150027329A (en) Terminal including fingerprint reader and operating method of the terminal
CN105281906A (en) Safety authentication method and device
CN106921799A (en) A kind of mobile terminal safety means of defence and mobile terminal
US10045166B2 (en) Method and device for identifying short messages from pseudo base stations
WO2019011109A1 (en) Permission control method and related product
CN107506646B (en) Malicious application detection method and device and computer readable storage medium
CN108769366B (en) Authority management method, device, mobile terminal and storage medium
CN108475304B (en) Method and device for associating application program and biological characteristics and mobile terminal
CN109089229B (en) Method, device, storage medium and terminal for risk prompt
CN107908939B (en) Terminal alarm method and device and mobile terminal
CN110765502B (en) Information processing method and related product
CN107493378B (en) Method and device for logging in application program, computer equipment and readable storage medium
CN108763892A (en) Right management method, device, mobile terminal and storage medium
CN110557499B (en) Information processing method and device and mobile terminal
CN112667984A (en) Identity authentication method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant