CN109871690A - The management method and device of equipment permission, storage medium, electronic device - Google Patents
The management method and device of equipment permission, storage medium, electronic device Download PDFInfo
- Publication number
- CN109871690A CN109871690A CN201811640220.5A CN201811640220A CN109871690A CN 109871690 A CN109871690 A CN 109871690A CN 201811640220 A CN201811640220 A CN 201811640220A CN 109871690 A CN109871690 A CN 109871690A
- Authority
- CN
- China
- Prior art keywords
- target device
- attribute information
- information
- access
- characteristic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Abstract
The present invention provides a kind of management method of equipment permission and device, storage medium, electronic devices, wherein this method comprises: obtaining the attribute information of target device, wherein the attribute information is used to characterize the use crowd of the target device;It is that access authority is arranged in the target device, and is stored in server local according to the attribute information;The access authority is issued to the target device.Through the invention, solve causes to be easy the technical issues of being attacked since the priority assignation of equipment is unreasonable in the related technology.
Description
Technical field
The present invention relates to computer fields, and the management method and device, storage in particular to a kind of equipment permission are situated between
Matter, electronic device.
Background technique
Equipment permission is threshold when equipment executes access operation, and permission is bigger, and the operation that can be executed is also more, once
Controlled by viral malice, caused by influence and loss may also be bigger.
In the related technology, the permission of equipment is all default setting, and default includes all permissions of hardware supported, either
It personnel setting, department cannot can not be distinguished according to equipment and current department answers specific to the program inside equipment
When being arranged which permission, such as the setting inside Finance Department, for financial software access network or access it is local other
The setting of equipment permission or the privately owned computer of the chief of finance need to access outer net permission, and the unreasonable permission of equipment is easy to lead
Equipment is caused to become attack loophole.
For the above problem present in the relevant technologies, at present it is not yet found that the solution of effect.
Summary of the invention
The embodiment of the invention provides a kind of management method of equipment permission and device, storage medium, electronic devices.
According to one embodiment of present invention, a kind of management method of equipment permission is provided, comprising: obtain target device
Attribute information, wherein the attribute information be used for characterize the target device use crowd;It is according to the attribute information
Access authority is arranged in the target device, and is stored in server local;The access authority is issued to the target device.
Optionally, the attribute information for obtaining target device includes: the network flow for obtaining the target device and generating;It extracts
The characteristic information of the network flow, wherein the characteristic information includes at least one of: MAC Address, IP address, identification
Code;It matches to obtain the attribute information of the target device based on the characteristic information.
Optionally, the attribute information for matching to obtain the target device based on the characteristic information includes: by the feature
Information is matched with the presupposed information of multiple functional departments;In the default letter of the characteristic information and a specified functional department
When breath matching, determine that the target device belongs to the specified functional department, in the characteristic information and multiple functional departments
Presupposed information matching when, determine that the target device belongs to the multiple functional department.
It optionally, is that target device setting access authority comprises determining that and the attribute according to the attribute information
The corresponding functional department of information and/or employee's rank;For target device setting and the functional department and/or the employee
The corresponding access authority of rank.
It optionally, is being after access authority is arranged in the target device according to the attribute information, the method is also wrapped
It includes: detecting the behavioural characteristic of the access operation of the target device, wherein the behavioural characteristic and the triggering access operation
Personnel are corresponding;When the behavioural characteristic is more than the access authority, the access operation is intercepted, is not surpassed in the behavioural characteristic
When crossing the access authority, the access operation of letting pass.
Optionally, the behavioural characteristic for detecting the access operation of the target device includes following one: being set in the target
It is standby to be accessed when operating to other equipment, detect the behavioural characteristic of the access operation;Application in the target device
When program initiates access operation, the behavioural characteristic of the access operation is detected.
According to another embodiment of the invention, a kind of managing device of equipment permission is provided, comprising: module is obtained,
For obtaining the attribute information of target device, wherein the attribute information is used to characterize the use crowd of the target device;If
Module is set, for being that access authority is arranged in the target device, and is stored in server local according to the attribute information;It issues
Module, for the access authority to be issued to the target device.
Optionally, the acquisition module includes: acquiring unit, the network flow generated for obtaining the target device;
Extract the characteristic information of the network flow, wherein the characteristic information includes at least one of: MAC Address, IP address,
Identification code;Matching unit obtains the attribute information of the target device for matching based on the characteristic information.
Optionally, the matching unit includes: coupling subelement, for by the characteristic information and multiple functional departments
Presupposed information is matched;Subelement is determined, for the presupposed information in the characteristic information and a specified functional department
Timing determines that the target device belongs to the specified functional department, in the pre- of the characteristic information and multiple functional departments
If when information matches, determining that the target device belongs to the multiple functional department.
Optionally, the setup module comprises determining that unit, for determining functional department corresponding with the attribute information
And/or employee's rank;Setting unit, for being arranged and the functional department and/or employee's rank for the target device
Corresponding access authority.
Optionally, the method also includes: the setup module according to the attribute information be the target device set
After setting access authority, detection module, the behavioural characteristic of the access operation for detecting the target device, wherein the row
It is characterized corresponding with the personnel for triggering the access operation;Control module, for being more than the access right in the behavioural characteristic
In limited time, the access operation is intercepted, when the behavioural characteristic is less than the access authority, the access operation of letting pass.
Optionally, the detection module includes following one: first detection unit, is used in the target device to other
Equipment accesses when operating, and detects the behavioural characteristic of the access operation;Second detection unit, in the target device
When interior application program initiates access operation, the behavioural characteristic of the access operation is detected.
According to still another embodiment of the invention, a kind of storage medium is additionally provided, meter is stored in the storage medium
Calculation machine program, wherein the computer program is arranged to execute the step in any of the above-described embodiment of the method when operation.
According to still another embodiment of the invention, a kind of electronic device, including memory and processor are additionally provided, it is described
Computer program is stored in memory, the processor is arranged to run the computer program to execute any of the above-described
Step in embodiment of the method.
Through the invention, the attribute information of target device is obtained, wherein the attribute information is set for characterizing the target
Standby uses crowd, and then is that access authority is arranged in the target device according to the attribute information, is set by being arranged with target
Standby uses the corresponding access claim of crowd, realizes the precise controlling to distinct device, can prevent or reduce target device
When maliciously being controlled as access claim it is excessive caused by loss, solve in the related technology since the priority assignation of equipment does not conform to
It manages and causes to be easy the technical issues of being attacked.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes part of this application, this hair
Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is a kind of hardware block diagram of the management server of equipment permission of the embodiment of the present invention;
Fig. 2 is a kind of flow chart of the management method of equipment permission according to an embodiment of the present invention;
Fig. 3 is the application scenario diagram of the embodiment of the present invention;
Fig. 4 is the structural block diagram of the managing device of equipment permission according to an embodiment of the present invention.
Specific embodiment
In order to make those skilled in the art more fully understand application scheme, below in conjunction in the embodiment of the present application
Attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is only
The embodiment of the application a part, instead of all the embodiments.Based on the embodiment in the application, ordinary skill people
Member's every other embodiment obtained without making creative work, all should belong to the model of the application protection
It encloses.It should be noted that in the absence of conflict, the features in the embodiments and the embodiments of the present application can be mutual group
It closes.
It should be noted that the description and claims of this application and term " first " in above-mentioned attached drawing, "
Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way
Data be interchangeable under appropriate circumstances, so as to embodiments herein described herein can in addition to illustrating herein or
Sequence other than those of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that cover
Cover it is non-exclusive include, for example, the process, method, system, product or equipment for containing a series of steps or units are not necessarily limited to
Step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, product
Or other step or units that equipment is intrinsic.
Embodiment 1
Embodiment of the method provided by the embodiment of the present application one can mobile terminal, terminal, server or
It is executed in similar arithmetic unit.For running on the server, Fig. 1 is a kind of pipe of equipment permission of the embodiment of the present invention
Manage the hardware block diagram of server.As shown in Figure 1, server 10 may include one or more (only showing one in Fig. 1)
(processor 102 can include but is not limited to the processing dress of Micro-processor MCV or programmable logic device FPGA etc. to processor 102
Set) and memory 104 for storing data, optionally, above-mentioned server can also include setting for the transmission of communication function
Standby 106 and input-output equipment 108.It will appreciated by the skilled person that structure shown in FIG. 1 is only to illustrate,
The structure of above-mentioned server is not caused to limit.For example, server 10 may also include it is more or less than shown in Fig. 1
Component, or with the configuration different from shown in Fig. 1.
Memory 104 can be used for storing computer program, for example, the software program and module of application software, such as this hair
The corresponding computer program of management method of one of bright embodiment equipment permission, processor 102 are stored in by operation
Computer program in reservoir 104 realizes above-mentioned method thereby executing various function application and data processing.Storage
Device 104 may include high speed random access memory, may also include nonvolatile memory, as one or more magnetic storage device,
Flash memory or other non-volatile solid state memories.In some instances, memory 104 can further comprise relative to processing
The remotely located memory of device 102, these remote memories can pass through network connection to server 10.The example of above-mentioned network
Including but not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.
Transmitting device 106 is used to that data to be received or sent via a network.Above-mentioned network specific example may include
The wireless network that the communication providers of server 10 provide.In an example, transmitting device 106 includes a network adapter
(Network Interface Controller, referred to as NIC), can be connected by base station with other network equipments so as to
It is communicated with internet.In an example, transmitting device 106 can be radio frequency (Radio Frequency, referred to as RF)
Module is used to wirelessly be communicated with internet.
A kind of management method of equipment permission is provided in the present embodiment, and Fig. 2 is one kind according to an embodiment of the present invention
The flow chart of the management method of equipment permission, as shown in Fig. 2, the process includes the following steps:
Step S202 obtains the attribute information of target device, wherein attribute information is used to characterize the user of target device
Group;
The target device of the present embodiment can be computer, notebook, printer, camera, USB flash disk etc. can access network or
Person is the electronic equipment that can be controlled, and multiple and different target devices can form a local area network, or be directly accessed
Public network.
Step S204 is that access authority is arranged in target device, and is stored in server local according to attribute information;
The access authority is issued to the target device by step S206.
Through the above steps, the attribute information of target device is obtained, wherein the attribute information is for characterizing the target
Equipment uses crowd, and then is that access authority is arranged in the target device according to the attribute information, passes through setting and target
Equipment uses the corresponding access claim of crowd, realizes the precise controlling to distinct device, can prevent or reduce target and set
It is standby when maliciously being controlled as access claim it is excessive caused by loss, solve in the related technology due to the priority assignation of equipment not
Rationally cause to be easy the technical issues of being attacked.
Can be distinguished according to responsibility and function using crowd in the present embodiment, the functional department as where use into
Row is distinguished, or according to using employee's rank of crowd to distinguish, and then is set using the respective equipment of crowd according to this (i.e.
Target device), it is to use the responsibility of crowd and function corresponding with it by its access authority equipment, target device is corresponding to use crowd
Responsibility and function it is different, the assigned access authority of the target device is also different.In the office equipment that target device is company
When, different role is exercised in unit by each functional department, and (such as Finance Department carries out the relevant operation of finance, business using equipment
Department carries out the relevant operation of business using equipment, and IT department carries out relevant operation of IT etc. using equipment), department further below
When including affiliated institutions, when such as department further including group or team, area further can be carried out according to the affiliated institutions at place
Not.Rank can be divided into management level, base, the access authority of management level can be set bigger (e.g., the equipment of line manager is also
Private folder or desktop including accessing department subordinate).
Preferably, the executing subject of the present embodiment is server, the security policy information (such as access authority) of server side
The mode that configuration file can be used is issued, and includes key-value (Key-Value), business administration client in configuration file
Side has pre-saved the value of the Key and Value of various Different Strategies, after receiving configuration file, parse in the configuration file Key and
The value of Value is the concrete meaning that can be appreciated that the security strategy of service down distributing, on the one hand such mode can reduce enterprise's pipe
On the other hand the efficiency of data transmission and reliable can be improved in the flow for managing the consuming when interaction between client and server
Property.Above-mentioned this mode is described in detail below.
Each application in enterprise client has two attribute, is publicly-owned attribute one is privately owned attribute, another kind,
All there is security class information in privately owned attribute and publicly-owned attribute.
For example, the security class information in privately owned attribute can indicate black, white, grey with number 70,10,40 respectively, that is,
70 to represent file most dangerous, and 10 to represent file most safe, 40 be not determined as whether safety.Since same file is in difference
Enterprise in application, its security class may be different, accordingly, it is considered to which the present invention is real to the difference between this enterprise
The concept for having used privately owned attribute in example is applied, sets the security classes of file according to actual needs by the administrator of enterprises
Not.After setting the privately owned attribute of file, the mapping between a file and privately owned attribute can be saved in server side
Table, in the mapping table, the mark of file can be indicated with File name, but in order to avoid for different filenames,
The file of same file content carries out duplicate setting and record, can also be with content authentications information such as the md5 values of file come table
Show.In this way, when receiving the request of security attribute information of business administration client query file destination, so that it may pass through
The mapping table is inquired, the privately owned attribute of current goal file is got.
It should be noted that in practical applications, the privately owned attribute of file destination can be receive for the first time inquiry certain
When the security attribute information of file destination, configured by administrator, it after configuring, then can be by the mark of the file destination
The corresponding relationship known between information and privately owned attribute is added in mapping table, for other clients of the same file destination of subsequent query
End uses.In this way, can carry out following below scheme for the request for obtaining privately owned attribute every time: inquired in the mapping table first,
If there is matched information, then corresponding privately owned attribute is directly returned into business administration client;If it does not exist, then can
To require business administration client that the file destination is uploaded to server side, then analyzed by the administrator of server side
Privately owned attribute is configured for it later, returns to business administration client, meanwhile, by the identification information of the file destination and privately owned category
Corresponding relationship between property is added in mapping table, and so on.
Publicly-owned attribute refers to true according to the feature database of the safety management of enterprise application (such as certain safety management softwares)
The security class information for the file made.The safety management application of enterprise is towards all enterprise customers, and there is no differences
Difference between enterprise, for the privately owned attribute of the administrator setting of each enterprises, according to this feature
The file security information that library is got becomes publicly-owned attribute.Publicly-owned attribute equally can with number 70,10,40 indicate it is black, white,
Ash.When server side receives the request for inquiring the security class information of certain file destination, so that it may according to from file destination
In the feature that extracts, inquire this feature library, the publicly-owned attribute of file destination determined according to matched result.For example, feature
What is saved in library is a white list and a blacklist, then if it find that the feature of file destination appears in white list,
The publicly-owned attribute for then proving the file destination is " white ", can be indicated by " 10 ";If it find that the feature of file destination occurs
In blacklist, then proves that the publicly-owned attribute of the file destination is " black ", can be indicated by " 70 ";If it find that file destination
Feature both do not appeared in white list, do not appear in blacklist yet, then prove that the publicly-owned attribute of the file destination is
" ash " can be indicated by " 40 ".In short, the publicly-owned attribute of file destination can be obtained by inquiring preset feature database.
Wherein, this feature library can be stored in the local of server, and by the safety management of long-range enterprise application
Server carries out regular or irregular update to it;When receiving the request for inquiring the publicly-owned attribute of certain file destination, clothes
Business device side is directly inquired according to the feature database locally saved.Alternatively, in order to avoid occupying the memory space of server, the spy
Sign library can also be stored directly in the server of safety management application, when server side receives the public affairs of certain file destination of inquiry
When having the request of attribute, inquiry request can be transmitted to the server of safety management application, according to the safety management application
Server end the publicly-owned attribute returned the result to determine file destination.
That is, security policy information may include following information: if certain client is in the nucleus of enterprise, allowing
The security class information of the file run on their terminal includes 1010,1040,1070, the text for not allowing to run on their terminal
The security class information of part includes 4010,4040,4070,7010,7040,7070;If certain client is in the office of enterprise
Region, then the security class information for the file for allowing to run on their terminal include 1010,1040,1070,4010, are not allowed
The security class information of the file run in its terminal includes 4040,4070,7010,7040,7070, and so on.It is above-mentioned each
In group security class information, the security class information in the privately owned attribute of the first two digital representation in each security class information,
Final two digits indicate the security class information in publicly-owned attribute.
In the present embodiment, the attribute information for obtaining target device includes:
S11 obtains the network flow that target device generates;Extract the characteristic information of network flow, wherein characteristic information packet
Include at least one of: MAC Address, IP address, identification code;
In the present embodiment, network flow is data volume of the target device in transmission over networks, and network flow usually encapsulates
In the packet, for carrying and transmitting different business datums, MAC Address and IP address are the network address of target device,
It is the unique identification information of network, identification code can be service label, worker (affiliated function, affiliated rank etc.) label,
The either information such as business keyword, department's label.
S12 matches to obtain the attribute information of target device based on characteristic information.
In an optional embodiment of the present embodiment, match to obtain the attribute information of target device based on characteristic information
It include: to match characteristic information with the presupposed information of multiple functional departments;In characteristic information and a specified functional department
Presupposed information matching when, determine that target device belongs to specified functional department, in the pre- of characteristic information and multiple functional departments
If when information matches, determining that target device belongs to multiple functional departments.
In the present embodiment, presupposed information can be MAC Address list or be IP address section or list, by pre-
It first distributes and stores, if the MAC Address list of the target device of Finance Department includes { abc, abd, abe }, if getting mesh
The MAC Address of marking device is " abc ", then can determine that the target device belongs to Finance Department, be pertaining only to one in the target device
It when a functional department, determines that the target device is the personal use device of particular department, and belongs to multiple duties simultaneously in the target device
When energy department, it can be assumed that the target device is shared device.
It is that access authority packet is arranged in target device according to attribute information in an optional embodiment of the present embodiment
It includes:
S21 determines functional department corresponding with attribute information and/or employee's rank;
Such as according to attribute information, determining functional department is Finance Department, and employee's rank is common employee.Wherein, functional
Department and employee's rank can be used alone, or be used in combination, and consider functional department only such as the power of target device is arranged
Limit.
Access authority corresponding with functional department and/or employee's rank is arranged for target device in S22.
In the prior art, the permission of the equipment of different functional departments is usually identical (default is maximum), but anti-from safety
From the perspective of shield, setting is unreasonable in fact in this way, and the equipment for belonging to particular functional area should distribute and function portion
The corresponding permission of door, as the computer of Finance Department should not have the permission (as remotely controlled other computers) and industry of IT departmental staff
The permission (file of access business department) of business departmental staff, likewise, wealth should not be also arranged in the equipment of non-financial department
The access authority of business personnel (such as access financial data).On the other hand, different employee's rank, such as general manager, line manager,
Different permissions should be also arranged in equipment used in department employee.
After corresponding access authority is arranged for target device, target device in use, can be according to access right
The rank of limit carries out security protection, prevents from maliciously being controlled.After access authority is set for target device according to attribute information,
Further comprise: detecting the behavioural characteristic of the access operation of target device;When behavioural characteristic is more than access authority, intercepts and visit
Ask operation, when behavioural characteristic is less than access authority, clearance access operation.The equipment for detecting Finance Department is accessed to business
The file of department has been more than access authority, has intercepted to it, optionally, can also be reminded or be warned in User Page
It accuses, be the maloperation of user with determination or controlled by the malice of virus, determination is that malice (such as detects and repeatedly goes beyond when controlling
The operation of access authority), notify related personnel, or take corresponding relief measure.
The access authority of the present embodiment can be equipment permission, if equipment accesses other defences, be also possible to application program
Permission, if application program accesses data file or equipment, detect the access operation of target device behavioural characteristic can with but not
It is limited to are as follows: when target device accesses to other equipment and operates, the behavioural characteristic of test access operation;It is set in the target
When standby interior application program initiates access operation, the behavioural characteristic of test access operation.Access operation can be a control behaviour
Make, is also possible to the operation of an acquisition information or other machines can be performed or any operation of response.
Optionally, the executing subject of above-mentioned steps can be the server etc. of the one or more clients of connection, client
Can be mobile terminal, PC etc., server can be SOCKS server, security server etc., but not limited to this.It is applying
When server end, server arrives multiple target devices by network connection, carries out priority assignation and security protection to it, Fig. 3 is
The application scenario diagram of the embodiment of the present invention, server connect multiple target devices.
Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation
The method of example can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but it is very much
In the case of the former be more preferably embodiment.Based on this understanding, technical solution of the present invention is substantially in other words to existing
The part that technology contributes can be embodied in the form of software products, which is stored in a storage
In medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, calculate
Machine, server or network equipment etc.) execute method described in each embodiment of the present invention.
Embodiment 2
A kind of managing device of equipment permission is additionally provided in the present embodiment, can be terminal or server, the device
For realizing above-described embodiment and preferred embodiment, the descriptions that have already been made will not be repeated.As used below, term
The combination of the software and/or hardware of predetermined function may be implemented in " module ".Although device is preferably described in following embodiment
It is realized with software, but the realization of the combination of hardware or software and hardware is also that may and be contemplated.
Fig. 4 is the structural block diagram of the managing device of equipment permission according to an embodiment of the present invention, can be applied in client
Or in server, as shown in figure 4, the device includes: to obtain module 40, setup module 42, wherein
Module 40 is obtained, for obtaining the attribute information of target device, wherein the attribute information is for characterizing the mesh
Marking device uses crowd;
Setup module 42, for being that access authority is arranged in the target device, and is stored in clothes according to the attribute information
Business device is local;
Module 44 is issued, for the access authority to be issued to the target device.
Optionally, the acquisition module includes: acquiring unit, the network flow generated for obtaining the target device;
Extract the characteristic information of the network flow, wherein the characteristic information includes at least one of: MAC Address, IP address,
Identification code;Matching unit obtains the attribute information of the target device for matching based on the characteristic information.
Optionally, the matching unit includes: coupling subelement, for by the characteristic information and multiple functional departments
Presupposed information is matched;Subelement is determined, for the presupposed information in the characteristic information and a specified functional department
Timing determines that the target device belongs to the specified functional department, in the pre- of the characteristic information and multiple functional departments
If when information matches, determining that the target device belongs to the multiple functional department.
Optionally, the setup module comprises determining that unit, for determining functional department corresponding with the attribute information
And/or employee's rank;Setting unit, for being arranged and the functional department and/or employee's rank for the target device
Corresponding access authority.
Optionally, the method also includes: the setup module according to the attribute information be the target device set
After setting access authority, detection module, the behavioural characteristic of the access operation for detecting the target device, wherein the row
It is characterized corresponding with the personnel for triggering the access operation;Control module, for being more than the access right in the behavioural characteristic
In limited time, the access operation is intercepted, when the behavioural characteristic is less than the access authority, the access operation of letting pass.
Optionally, the detection module includes following one: first detection unit, is used in the target device to other
Equipment accesses when operating, and detects the behavioural characteristic of the access operation;Second detection unit, in the target device
Interior application program accesses to other applications when operating, and detects the behavioural characteristic of the access operation.
It should be noted that terminal and server is only difference of the scheme in executing subject, in above-mentioned identification terminal
Each example and optinal plan equally adapt in the server, and generate identical technical effect.
It should be noted that above-mentioned modules can be realized by software or hardware, for the latter, Ke Yitong
Following manner realization is crossed, but not limited to this: above-mentioned module is respectively positioned in same processor;Alternatively, above-mentioned modules are with any
Combined form is located in different processors.
Embodiment 3
The embodiments of the present invention also provide a kind of storage medium, computer program is stored in the storage medium, wherein
The computer program is arranged to execute the step in any of the above-described embodiment of the method when operation.
Optionally, in the present embodiment, above-mentioned storage medium can be set to store by executing based on following steps
Calculation machine program:
S1 obtains the attribute information of target device, wherein the attribute information is used to characterize the use of the target device
Crowd;
S2 is that access authority is arranged in the target device, and is stored in server local according to the attribute information;
The access authority is issued to the target device by S3.
Optionally, in the present embodiment, above-mentioned storage medium can include but is not limited to: USB flash disk, read-only memory (Read-
Only Memory, referred to as ROM), it is random access memory (Random Access Memory, referred to as RAM), mobile hard
The various media that can store computer program such as disk, magnetic or disk.
The embodiments of the present invention also provide a kind of electronic device, including memory and processor, stored in the memory
There is computer program, which is arranged to run computer program to execute the step in any of the above-described embodiment of the method
Suddenly.
Optionally, above-mentioned electronic device can also include transmission device and input-output equipment, wherein the transmission device
It is connected with above-mentioned processor, which connects with above-mentioned processor.
Optionally, in the present embodiment, above-mentioned processor can be set to execute following steps by computer program:
S1 obtains the attribute information of target device, wherein the attribute information is used to characterize the use of the target device
Crowd;
S2 is that access authority is arranged in the target device, and is stored in server local according to the attribute information;
The access authority is issued to the target device by S3.
Optionally, the specific example in the present embodiment can be with reference to described in above-described embodiment and optional embodiment
Example, details are not described herein for the present embodiment.
Above-mentioned the embodiment of the present application serial number is for illustration only, does not represent the advantages or disadvantages of the embodiments.
In above-described embodiment of the application, all emphasizes particularly on different fields to the description of each embodiment, do not have in some embodiment
The part of detailed description, reference can be made to the related descriptions of other embodiments.
In several embodiments provided herein, it should be understood that disclosed technology contents can pass through others
Mode is realized.Wherein, the apparatus embodiments described above are merely exemplary, such as the division of the unit, only
A kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or components can combine or
Person is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual
Between coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or communication link of unit or module
It connects, can be electrical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product
When, it can store in a computer readable storage medium.Based on this understanding, the technical solution of the application is substantially
The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words
It embodies, which is stored in a storage medium, including some instructions are used so that a computer
Equipment (can for personal computer, server or network equipment etc.) execute each embodiment the method for the application whole or
Part steps.And storage medium above-mentioned includes: that USB flash disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic or disk etc. be various to can store program code
Medium.
The above is only the preferred embodiment of the application, it is noted that for the ordinary skill people of the art
For member, under the premise of not departing from the application principle, several improvements and modifications can also be made, these improvements and modifications are also answered
It is considered as the protection scope of the application.
Claims (10)
1. a kind of management method of equipment permission characterized by comprising
Obtain the attribute information of target device, wherein the attribute information is used to characterize the use crowd of the target device;
It is that access authority is arranged in the target device, and is stored in server local according to the attribute information;
The access authority is issued to the target device.
2. the method according to claim 1, wherein the attribute information for obtaining target device includes:
Obtain the network flow that the target device generates;
Extract the characteristic information of the network flow, wherein the characteristic information includes at least one of: MAC Address, IP
Location, identification code;
It matches to obtain the attribute information of the target device based on the characteristic information.
3. the method stated according to claim 2, which is characterized in that match to obtain the target device based on the characteristic information
Attribute information includes:
The characteristic information is matched with the presupposed information of multiple functional departments;
When the characteristic information is matched with the presupposed information of a specified functional department, determine that the target device belongs to institute
Specified functional department is stated, when the characteristic information is matched with the presupposed information of multiple functional departments, determines the target device
Belong to the multiple functional department.
4. the method stated according to claim 1, which is characterized in that accessed according to the attribute information for target device setting
Permission includes:
Determine functional department corresponding with the attribute information and/or employee's rank;
For the target device, access authority corresponding with the functional department and/or employee's rank is set.
5. the method stated according to claim 1, which is characterized in that be that target device setting is visited according to the attribute information
After asking permission, the method also includes:
Detect the behavioural characteristic of the access operation of the target device, wherein the behavioural characteristic and the triggering access operation
Personnel it is corresponding;
When the behavioural characteristic is more than the access authority, the access operation is intercepted, is less than institute in the behavioural characteristic
When stating access authority, the access operation of letting pass.
6. the method stated according to claim 5, which is characterized in that detect the behavioural characteristic packet of the access operation of the target device
Include following one:
When the target device accesses to other equipment and operates, the behavioural characteristic of the access operation is detected;
When application program in the target device initiates access operation, the behavioural characteristic of the access operation is detected.
7. a kind of managing device of equipment permission characterized by comprising
Module is obtained, for obtaining the attribute information of target device, wherein the attribute information is for characterizing the target device
Use crowd;
Setup module, for being that access authority is arranged in the target device, and is stored in server sheet according to the attribute information
Ground;
Module is issued, for the access authority to be issued to the target device.
8. the device stated according to claim 7, which is characterized in that the setup module includes:
Determination unit, for determining functional department corresponding with the attribute information and/or employee's rank;
Setting unit, for access corresponding with the functional department and/or employee's rank to be arranged for the target device
Permission.
9. a kind of storage medium, which is characterized in that be stored with computer program in the storage medium, wherein the computer
Program is arranged to perform claim when operation and requires method described in 1 to 6 any one.
10. a kind of electronic device, including memory and processor, which is characterized in that be stored with computer journey in the memory
Sequence, the processor are arranged to run the computer program in method described in perform claim 1 to 6 any one of requirement.
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810420369.6A CN108683652A (en) | 2018-05-04 | 2018-05-04 | A kind of method and device of the processing attack of Behavior-based control permission |
| CN2018104203696 | 2018-05-04 | ||
| CN201810668277.XA CN108846287A (en) | 2018-06-26 | 2018-06-26 | A kind of method and device of detection loophole attack |
| CN201810668277X | 2018-06-26 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109871690A true CN109871690A (en) | 2019-06-11 |
Family
ID=66259682
Family Applications (11)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811645563.0A Active CN109711171B (en) | 2018-05-04 | 2018-12-29 | Method, device and system for positioning software bugs, storage medium and electronic device |
| CN201811640220.5A Pending CN109871690A (en) | 2018-05-04 | 2018-12-29 | The management method and device of equipment permission, storage medium, electronic device |
| CN201811641292.1A Active CN110443041B (en) | 2018-05-04 | 2018-12-29 | Method, device and system for managing equipment authority, storage medium and electronic device |
| CN201811640165.XA Active CN109766696B (en) | 2018-05-04 | 2018-12-29 | Method and device for setting software permission, storage medium and electronic device |
| CN201811645720.8A Pending CN109766700A (en) | 2018-05-04 | 2018-12-29 | Access control method and device, the storage medium, electronic device of file |
| CN201811645506.2A Pending CN109711170A (en) | 2018-05-04 | 2018-12-29 | Protect the method and device of the abnormal operation behavior of PDF |
| CN201811640656.4A Active CN109829308B (en) | 2018-05-04 | 2018-12-29 | Control policy management method and device, storage medium and electronic device |
| CN201811645250.5A Pending CN109711169A (en) | 2018-05-04 | 2018-12-29 | Means of defence and device, system, storage medium, the electronic device of system file |
| CN201811640174.9A Pending CN109871689A (en) | 2018-05-04 | 2018-12-29 | Hold-up interception method and device, storage medium, the electronic device of operation behavior |
| CN201811641170.2A Active CN109829310B (en) | 2018-05-04 | 2018-12-29 | Similar attack defense method, device, system, storage medium and electronic device |
| CN201811645703.4A Active CN109766699B (en) | 2018-05-04 | 2018-12-29 | Operation behavior intercepting method and device, storage medium and electronic device |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811645563.0A Active CN109711171B (en) | 2018-05-04 | 2018-12-29 | Method, device and system for positioning software bugs, storage medium and electronic device |
Family Applications After (9)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811641292.1A Active CN110443041B (en) | 2018-05-04 | 2018-12-29 | Method, device and system for managing equipment authority, storage medium and electronic device |
| CN201811640165.XA Active CN109766696B (en) | 2018-05-04 | 2018-12-29 | Method and device for setting software permission, storage medium and electronic device |
| CN201811645720.8A Pending CN109766700A (en) | 2018-05-04 | 2018-12-29 | Access control method and device, the storage medium, electronic device of file |
| CN201811645506.2A Pending CN109711170A (en) | 2018-05-04 | 2018-12-29 | Protect the method and device of the abnormal operation behavior of PDF |
| CN201811640656.4A Active CN109829308B (en) | 2018-05-04 | 2018-12-29 | Control policy management method and device, storage medium and electronic device |
| CN201811645250.5A Pending CN109711169A (en) | 2018-05-04 | 2018-12-29 | Means of defence and device, system, storage medium, the electronic device of system file |
| CN201811640174.9A Pending CN109871689A (en) | 2018-05-04 | 2018-12-29 | Hold-up interception method and device, storage medium, the electronic device of operation behavior |
| CN201811641170.2A Active CN109829310B (en) | 2018-05-04 | 2018-12-29 | Similar attack defense method, device, system, storage medium and electronic device |
| CN201811645703.4A Active CN109766699B (en) | 2018-05-04 | 2018-12-29 | Operation behavior intercepting method and device, storage medium and electronic device |
Country Status (1)
| Country | Link |
|---|---|
| CN (11) | CN109711171B (en) |
Families Citing this family (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110347655A (en) * | 2019-06-12 | 2019-10-18 | 江苏富山软件科技有限公司 | A kind of distributed file system access frame |
| CN112395537A (en) * | 2019-08-15 | 2021-02-23 | 奇安信安全技术(珠海)有限公司 | Website tamper-proofing method and device, storage medium and electronic device |
| CN110532764B (en) * | 2019-08-19 | 2022-03-11 | 维沃移动通信有限公司 | Authority processing method, mobile terminal and readable storage medium |
| CN110968872A (en) * | 2019-11-20 | 2020-04-07 | 北京国舜科技股份有限公司 | File vulnerability detection processing method and device, electronic equipment and storage medium |
| CN110908822B (en) * | 2019-11-26 | 2022-02-22 | 珠海格力电器股份有限公司 | Intelligent hardware anti-false-collision method and device, storage medium and electronic equipment |
| CN111049855B (en) * | 2019-12-25 | 2022-02-01 | 北京天融信网络安全技术有限公司 | Label-based policy configuration method and device |
| CN111143225A (en) * | 2019-12-26 | 2020-05-12 | 深圳市元征科技股份有限公司 | Vulnerability processing method of automobile diagnosis software and related product |
| CN113515389B (en) * | 2020-04-09 | 2024-03-01 | 奇安信安全技术(珠海)有限公司 | Method and device for calling intermediate interface, system, storage medium and electronic device |
| CN111881467B (en) * | 2020-06-12 | 2022-10-28 | 海光信息技术股份有限公司 | Method and device for protecting file by using security processor, CPU and computer equipment |
| WO2022032950A1 (en) * | 2020-08-10 | 2022-02-17 | 华为技术有限公司 | Defense method, defense apparatus and defense system for malicious software |
| CN112311851B (en) * | 2020-09-25 | 2022-04-01 | 新华三大数据技术有限公司 | Network policy configuration method and device |
| CN112769806B (en) * | 2020-12-31 | 2023-06-23 | 北京明朝万达科技股份有限公司 | Method and device for controlling operation behaviors on terminal equipment and electronic equipment |
| CN112765663A (en) * | 2021-01-25 | 2021-05-07 | 北京北信源信息安全技术有限公司 | File access control method, device, equipment, server and storage medium |
| CN113032830A (en) * | 2021-03-26 | 2021-06-25 | 北京有竹居网络技术有限公司 | Electronic equipment control method and device and electronic equipment |
| CN113051550A (en) * | 2021-03-30 | 2021-06-29 | 深信服科技股份有限公司 | Terminal equipment, protection method and device thereof and readable storage medium |
| CN113395288B (en) * | 2021-06-24 | 2022-06-24 | 浙江德迅网络安全技术有限公司 | Active defense DDOS system based on SDWAN |
| CN113625968B (en) * | 2021-08-12 | 2024-03-01 | 网易(杭州)网络有限公司 | File authority management method and device, computer equipment and storage medium |
| CN114338139B (en) * | 2021-12-27 | 2023-03-24 | 北京安博通科技股份有限公司 | Method for internet behavior management supporting terminal type control |
| CN115062588A (en) * | 2022-05-11 | 2022-09-16 | 华为技术有限公司 | Method and electronic equipment for converting file format |
| CN115967548B (en) * | 2022-12-04 | 2024-04-09 | 深圳市众志天成科技有限公司 | Safety protection index optimization method based on big data information safety and artificial intelligence system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101697212A (en) * | 2009-10-15 | 2010-04-21 | 金蝶软件(中国)有限公司 | ERP system and method and device for controlling user permissions thereof |
| CN102567675A (en) * | 2012-02-15 | 2012-07-11 | 合一网络技术(北京)有限公司 | User authority management method and system in business system |
| CN106529230A (en) * | 2015-09-11 | 2017-03-22 | 上海中和软件有限公司 | Role-based permission control mechanism |
| CN107451159A (en) * | 2016-05-31 | 2017-12-08 | 中国移动通信集团广东有限公司 | A kind of data bank access method and device |
| CN107657169A (en) * | 2017-10-10 | 2018-02-02 | 泰康保险集团股份有限公司 | Right management method, device, medium and electronic equipment |
| CN107896210A (en) * | 2017-11-14 | 2018-04-10 | 北京知道创宇信息技术有限公司 | Safety protecting method, device, server and storage medium |
Family Cites Families (72)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100489728C (en) * | 2004-12-02 | 2009-05-20 | 联想(北京)有限公司 | Method for establishing trustable operational environment in a computer |
| US9307397B2 (en) * | 2005-04-29 | 2016-04-05 | Jasper Technologies, Inc. | Method for enabling a wireless device with customer-specific services |
| CN100465983C (en) * | 2006-09-15 | 2009-03-04 | 毛德操 | Method for controlling file access in operation system according to user's action history |
| US7954158B2 (en) * | 2006-12-19 | 2011-05-31 | International Business Machines Corporation | Characterizing computer attackers |
| CN101217396B (en) * | 2007-12-29 | 2010-08-11 | 华中科技大学 | An Ad hoc network invasion detecting method and system based on trust model |
| US20100005514A1 (en) * | 2008-07-01 | 2010-01-07 | Chengdu Huawei Symantec Technologies Co., Ltd. | Method, system and server for file rights control |
| CN101667230B (en) * | 2008-09-02 | 2013-10-23 | 北京瑞星信息技术有限公司 | Method and device for monitoring script execution |
| CN101827096B (en) * | 2010-04-09 | 2012-09-05 | 潘燕辉 | Cloud computing-based multi-user collaborative safety protection system and method |
| CN101834875B (en) * | 2010-05-27 | 2012-08-22 | 华为技术有限公司 | Method, device and system for defending DDoS (Distributed Denial of Service) attacks |
| US20120297461A1 (en) * | 2010-12-02 | 2012-11-22 | Stephen Pineau | System and method for reducing cyber crime in industrial control systems |
| US20120159567A1 (en) * | 2010-12-21 | 2012-06-21 | Enterproid Hk Ltd | Contextual role awareness |
| CN102622536B (en) * | 2011-01-26 | 2014-09-03 | 中国科学院软件研究所 | Method for catching malicious codes |
| US9275345B1 (en) * | 2011-02-11 | 2016-03-01 | Allure Security Technology, Inc. | System level user behavior biometrics using feature extraction and modeling |
| US9143529B2 (en) * | 2011-10-11 | 2015-09-22 | Citrix Systems, Inc. | Modifying pre-existing mobile applications to implement enterprise security policies |
| US20140032733A1 (en) * | 2011-10-11 | 2014-01-30 | Citrix Systems, Inc. | Policy-Based Application Management |
| CN103313343B (en) * | 2012-03-13 | 2018-12-18 | 百度在线网络技术(北京)有限公司 | A kind of method and apparatus for realizing user access control |
| US20140109072A1 (en) * | 2012-10-16 | 2014-04-17 | Citrix Systems, Inc. | Application wrapping for application management framework |
| CN103020529B (en) * | 2012-10-31 | 2015-12-09 | 中国航天科工集团第二研究院七○六所 | A kind of software vulnerability analytical approach based on model of place |
| CN103839003B (en) * | 2012-11-22 | 2018-01-30 | 腾讯科技(深圳)有限公司 | Malicious file detection method and device |
| CN103020512B (en) * | 2012-11-26 | 2015-03-04 | 清华大学 | Realization method and control system for safe control flow of system |
| CN103294950B (en) * | 2012-11-29 | 2016-07-06 | 北京安天电子设备有限公司 | A kind of high-power secret information stealing malicious code detecting method based on backward tracing and system |
| CN102945356B (en) * | 2012-12-12 | 2015-11-18 | 上海交通大学 | The access control method of search engine under cloud environment and system |
| US9245128B2 (en) * | 2013-03-06 | 2016-01-26 | Microsoft Technology Licensing, Llc | Limiting enterprise applications and settings on devices |
| CN103198253B (en) * | 2013-03-29 | 2016-03-30 | 北京奇虎科技有限公司 | The method and system of operating file |
| CN103440460A (en) * | 2013-09-09 | 2013-12-11 | 中国农业银行股份有限公司 | Application system change validation method and system |
| CN103440140A (en) * | 2013-09-11 | 2013-12-11 | 昆山富泰科电脑有限公司 | System for classifying applications of intelligent device and setting use permission |
| CN103559446B (en) * | 2013-11-13 | 2017-02-08 | 厦门市美亚柏科信息股份有限公司 | Dynamic virus detection method and device for equipment based on Android system |
| CN103617379B (en) * | 2013-11-29 | 2016-08-17 | 乐视云计算有限公司 | A kind of method for broadcasting multimedia file and player |
| IL229907A (en) * | 2013-12-10 | 2015-02-26 | David Almer | Mobile device with improved security |
| CN103646215A (en) * | 2013-12-23 | 2014-03-19 | 北京奇虎科技有限公司 | Application installation control method, related system and related device |
| WO2015100545A1 (en) * | 2013-12-30 | 2015-07-09 | 华为终端有限公司 | Method and device for rights management |
| US9519758B2 (en) * | 2014-02-04 | 2016-12-13 | Pegasus Media Security, Llc | System and process for monitoring malicious access of protected content |
| CN105224868B (en) * | 2014-06-03 | 2019-07-23 | 腾讯科技(深圳)有限公司 | The detection method and device of system vulnerability attack |
| CN104239801B (en) * | 2014-09-28 | 2017-10-24 | 北京奇虎科技有限公司 | The recognition methods of 0day leaks and device |
| CN104239764B (en) * | 2014-10-15 | 2017-07-07 | 北京奇虎科技有限公司 | The management-control method and device of terminal device and its systemic-function |
| CN104318160B (en) * | 2014-10-29 | 2017-12-26 | 北京奇虎科技有限公司 | The method and apparatus of killing rogue program |
| CN104361285B (en) * | 2014-11-20 | 2017-12-12 | 工业和信息化部电信研究院 | The safety detection method and device of mobile device application program |
| CN104462985A (en) * | 2014-11-28 | 2015-03-25 | 北京奇虎科技有限公司 | Detecting method and device of bat loopholes |
| CN104468563A (en) * | 2014-12-03 | 2015-03-25 | 北京奇虎科技有限公司 | Website bug protection method, device and system |
| CN104573515A (en) * | 2014-12-19 | 2015-04-29 | 百度在线网络技术(北京)有限公司 | Virus processing method, device and system |
| CN104506630B (en) * | 2014-12-25 | 2019-04-16 | 深圳市华宝电子科技有限公司 | Permissions data generation method, server and system based on user role |
| CN104468632A (en) * | 2014-12-31 | 2015-03-25 | 北京奇虎科技有限公司 | Loophole attack prevention method, device and system |
| CN104680084B (en) * | 2015-03-20 | 2017-12-12 | 北京瑞星信息技术股份有限公司 | The method and system of privacy of user is protected in computer |
| CN106295344A (en) * | 2015-05-15 | 2017-01-04 | 中兴通讯股份有限公司 | A kind of method and apparatus ensureing terminal security |
| CN106295328B (en) * | 2015-05-20 | 2019-06-18 | 阿里巴巴集团控股有限公司 | File test method, apparatus and system |
| CN104899511B (en) * | 2015-05-21 | 2018-01-19 | 成都中科慧创科技有限公司 | A kind of active defense method based on program behavior algorithm |
| US9740877B2 (en) * | 2015-09-22 | 2017-08-22 | Google Inc. | Systems and methods for data loss prevention while preserving privacy |
| CN106650438A (en) * | 2015-11-04 | 2017-05-10 | 阿里巴巴集团控股有限公司 | Method and device for detecting baleful programs |
| CN105323384A (en) * | 2015-11-25 | 2016-02-10 | 上海斐讯数据通信技术有限公司 | Method for switching multi-scenario mode and mobile terminal |
| US10958435B2 (en) * | 2015-12-21 | 2021-03-23 | Electro Industries/ Gauge Tech | Providing security in an intelligent electronic device |
| CN107103245B (en) * | 2016-02-23 | 2022-08-02 | 中兴通讯股份有限公司 | File authority management method and device |
| CN107229860A (en) * | 2016-03-24 | 2017-10-03 | 中国电子科技集团公司电子科学研究院 | The method and system of safety management desktop application in environment is concentrated |
| CN106055986A (en) * | 2016-05-06 | 2016-10-26 | 北京优炫软件股份有限公司 | Method and device for permission control |
| CN107508783A (en) * | 2016-06-14 | 2017-12-22 | 阿里巴巴集团控股有限公司 | A kind for the treatment of method and apparatus of data |
| CN106169047A (en) * | 2016-07-11 | 2016-11-30 | 北京金山安全软件有限公司 | Method and device for opening monitoring camera and electronic equipment |
| CN106228067A (en) * | 2016-07-15 | 2016-12-14 | 江苏博智软件科技有限公司 | Malicious code dynamic testing method and device |
| CN107872433A (en) * | 2016-09-27 | 2018-04-03 | 腾讯科技(深圳)有限公司 | A kind of auth method and its equipment |
| CN106384051A (en) * | 2016-09-29 | 2017-02-08 | 汉兴德创(武汉)科技有限公司 | Cloud computing-based multi-user cooperative security protection system |
| CN106529290B (en) * | 2016-10-11 | 2020-02-18 | 北京金山安全软件有限公司 | Malicious software protection method and device and electronic equipment |
| CN106548048A (en) * | 2016-10-28 | 2017-03-29 | 北京优炫软件股份有限公司 | A kind of method for Process flowchart, device and system |
| CN108062479A (en) * | 2016-11-08 | 2018-05-22 | 杭州施强教育科技有限公司 | A kind of enterprise management system user right collocation method |
| CN106874761A (en) * | 2016-12-30 | 2017-06-20 | 北京邮电大学 | A kind of Android system malicious application detection method and system |
| CN107016283B (en) * | 2017-02-15 | 2019-09-10 | 中国科学院信息工程研究所 | Android privilege-escalation attack safety defense method and device based on integrity verification |
| CN106775903B (en) * | 2017-02-24 | 2021-02-09 | 北京小米移动软件有限公司 | Security policy file updating method and device |
| CN107066889A (en) * | 2017-04-25 | 2017-08-18 | 北京洋浦伟业科技发展有限公司 | A kind of data access control method and system based on geographical location information |
| CN107169359A (en) * | 2017-06-06 | 2017-09-15 | 北京奇虎科技有限公司 | Utilize the document means of defence and device, electronic equipment for triggering file realization |
| CN107391977B (en) * | 2017-07-04 | 2020-11-24 | 创新先进技术有限公司 | Permission control and automatic switching method, device and equipment |
| CN107480551B (en) * | 2017-07-06 | 2020-11-20 | 网易(杭州)网络有限公司 | File management method and device |
| CN107392016A (en) * | 2017-07-07 | 2017-11-24 | 四川大学 | A kind of web data storehouse attack detecting system based on agency |
| CN107508801B (en) * | 2017-08-04 | 2020-09-08 | 安徽智圣通信技术股份有限公司 | Method and device for preventing file from being tampered |
| CN107832590A (en) * | 2017-11-06 | 2018-03-23 | 珠海市魅族科技有限公司 | Terminal control method and device, terminal and computer-readable recording medium |
| CN109063436A (en) * | 2018-07-30 | 2018-12-21 | 中国石油化工股份有限公司 | Support the enterprise-level authority managing and controlling and methods for using them more applied |
-
2018
- 2018-12-29 CN CN201811645563.0A patent/CN109711171B/en active Active
- 2018-12-29 CN CN201811640220.5A patent/CN109871690A/en active Pending
- 2018-12-29 CN CN201811641292.1A patent/CN110443041B/en active Active
- 2018-12-29 CN CN201811640165.XA patent/CN109766696B/en active Active
- 2018-12-29 CN CN201811645720.8A patent/CN109766700A/en active Pending
- 2018-12-29 CN CN201811645506.2A patent/CN109711170A/en active Pending
- 2018-12-29 CN CN201811640656.4A patent/CN109829308B/en active Active
- 2018-12-29 CN CN201811645250.5A patent/CN109711169A/en active Pending
- 2018-12-29 CN CN201811640174.9A patent/CN109871689A/en active Pending
- 2018-12-29 CN CN201811641170.2A patent/CN109829310B/en active Active
- 2018-12-29 CN CN201811645703.4A patent/CN109766699B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101697212A (en) * | 2009-10-15 | 2010-04-21 | 金蝶软件(中国)有限公司 | ERP system and method and device for controlling user permissions thereof |
| CN102567675A (en) * | 2012-02-15 | 2012-07-11 | 合一网络技术(北京)有限公司 | User authority management method and system in business system |
| CN106529230A (en) * | 2015-09-11 | 2017-03-22 | 上海中和软件有限公司 | Role-based permission control mechanism |
| CN107451159A (en) * | 2016-05-31 | 2017-12-08 | 中国移动通信集团广东有限公司 | A kind of data bank access method and device |
| CN107657169A (en) * | 2017-10-10 | 2018-02-02 | 泰康保险集团股份有限公司 | Right management method, device, medium and electronic equipment |
| CN107896210A (en) * | 2017-11-14 | 2018-04-10 | 北京知道创宇信息技术有限公司 | Safety protecting method, device, server and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109711170A (en) | 2019-05-03 |
| CN109829310A (en) | 2019-05-31 |
| CN109871689A (en) | 2019-06-11 |
| CN109711171A (en) | 2019-05-03 |
| CN109766699B (en) | 2022-02-15 |
| CN109711169A (en) | 2019-05-03 |
| CN109766700A (en) | 2019-05-17 |
| CN109766699A (en) | 2019-05-17 |
| CN109766696B (en) | 2021-01-15 |
| CN110443041B (en) | 2022-09-30 |
| CN110443041A (en) | 2019-11-12 |
| CN109711171B (en) | 2021-07-20 |
| CN109829310B (en) | 2021-04-27 |
| CN109829308B (en) | 2022-02-15 |
| CN109829308A (en) | 2019-05-31 |
| CN109766696A (en) | 2019-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109871690A (en) | The management method and device of equipment permission, storage medium, electronic device | |
| CN112615849B (en) | Micro-service access method, device, equipment and storage medium | |
| US10958690B1 (en) | Security appliance to monitor networked computing environment | |
| CN111600856B (en) | Safety system of operation and maintenance of data center | |
| CN107404494B (en) | Abnormal event information processing method and device | |
| EP2987090B1 (en) | Distributed event correlation system | |
| CN103493061B (en) | For the method and apparatus tackling Malware | |
| CA2683600C (en) | A system and method for creating a list of shared information on a peer-to-peer network | |
| CN107835149A (en) | Network based on DNS flow analyses is stolen secret information behavioral value method and device | |
| CN109688105A (en) | A kind of threat warning message generation method and system | |
| US20060101518A1 (en) | Method to generate a quantitative measurement of computer security vulnerabilities | |
| CN103413083B (en) | Unit security protection system | |
| CN104509034A (en) | Pattern consolidation to identify malicious activity | |
| CN102045337A (en) | Apparatus and methods for managing network resources | |
| CN104205773A (en) | System asset repository management | |
| CN103283202A (en) | System and method for network level protection against malicious software | |
| WO2015183698A1 (en) | Method and system for implementing data security policies using database classification | |
| CN105765901B (en) | Intelligent firewall access rule | |
| CN114679292B (en) | Honeypot identification method, device, equipment and medium based on network space mapping | |
| CN112039868A (en) | Firewall policy verification method, device, equipment and storage medium | |
| US20210200595A1 (en) | Autonomous Determination of Characteristic(s) and/or Configuration(s) of a Remote Computing Resource to Inform Operation of an Autonomous System Used to Evaluate Preparedness of an Organization to Attacks or Reconnaissance Effort by Antagonistic Third Parties | |
| CN111510463B (en) | Abnormal behavior recognition system | |
| JP2017117354A (en) | Information leakage prevention system and method | |
| CN116346473B (en) | Calling link identification method, equipment, storage medium and computer program product | |
| Kywe et al. | Evaluation of different electronic product code discovery service models |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190611 |