CN110059476B

CN110059476B - Application access method, device and equipment

Info

Publication number: CN110059476B
Application number: CN201811487768.0A
Authority: CN
Inventors: 张鹏
Original assignee: Advanced New Technologies Co Ltd
Current assignee: Advanced New Technologies Co Ltd; Advantageous New Technologies Co Ltd
Priority date: 2018-12-06
Filing date: 2018-12-06
Publication date: 2023-07-21
Anticipated expiration: 2038-12-06
Also published as: CN110059476A

Abstract

The embodiment of the specification discloses an access method, a device and equipment of an application, wherein the method comprises the following steps: acquiring an access request triggering a second application in a first application, wherein the first application is an external application program of the second application; acquiring an access rule of the second application, and performing jump recognition on the access request according to the access rule to obtain a recognition result; and determining whether to allow access to the second application according to the identification result.

Description

Application access method, device and equipment

Technical Field

The present disclosure relates to the field of computer technologies, and in particular, to an application access method, apparatus, and device.

Background

Applications all have URL (Uniform Resource Locator ) Schemes that open internal applications or functions, based on which one can use a specific URL to locate an application, even one or some functions in the application. If the program code of an application program includes URL Schemes related code, the application program has a mechanism for calling other applications.

In general, URL schemas can enable interworking between different applications. However, the external application program may evoke other application programs by means of URL Schemes tampering, so as to steal information of a user of the application program or induce the user to perform certain involuntary actions, thereby causing information leakage and even resource loss of the user.

Disclosure of Invention

The embodiment of the specification aims to provide an application access method, device and equipment, so as to provide a control scheme for application access with lower risk of user information leakage and lower cost.

In order to achieve the above technical solution, the embodiments of the present specification are implemented as follows:

the embodiment of the specification provides an access method of an application, which comprises the following steps:

acquiring an access request triggering a second application in a first application, wherein the first application is an external application program of the second application;

acquiring an access rule of the second application, and performing jump recognition on the access request according to the access rule to obtain a recognition result;

And determining whether to allow access to the second application according to the identification result.

Optionally, the acquiring triggers an access request to the second application in the first application, including:

and acquiring an access request to the second application triggered by the target link in the first application based on a URL schema mechanism.

Optionally, the access request includes one or more of an identifier of the first application, an identifier of a terminal device where the first application is located, a link triggering an access request to a second application, and content information in the second application to be accessed.

Optionally, the acquiring the access rule of the second application includes:

sending a request for acquiring the access rule of the second application to a server;

and receiving the access rule of the second application sent by the server.

Optionally, the method further comprises:

if the fact that the second application is not allowed to be accessed is determined, acquiring target information related to the access request, wherein the target information comprises one or more of an identifier of the first application, an identifier of terminal equipment where the first application is located, a link triggering the access request of the second application and content information in the second application to be accessed;

And sending the target information to a server so that the server updates the access rule of the second application according to the target information.

Optionally, the performing jump recognition on the access request according to the access rule to obtain a recognition result includes:

verifying the access rule according to the verification rule corresponding to the second application to obtain a verification result;

and if the verification result is that the verification is successful, performing skip identification on the access request according to the access rule to obtain an identification result.

receiving a request for acquiring an access rule of a second application sent by a terminal device, wherein the request is a request sent when the terminal device acquires an access request of the second application triggered in a first application, and the first application is an external application program of the second application;

acquiring an access rule of the second application;

and sending the access rule of the second application to the terminal equipment so that the terminal equipment carries out jump recognition on the access request according to the access rule to obtain a recognition result, and determining whether to allow access to the second application according to the recognition result.

Optionally, the method further comprises:

receiving target information related to the access request, which is sent by the terminal equipment, wherein the target information comprises one or more of an identifier of the first application, an identifier of the terminal equipment, a link triggering an access request for a second application and content information in the second application to be accessed;

and updating the access rule of the second application according to the target information.

An access device for an application provided in an embodiment of the present disclosure includes:

the request acquisition module is used for acquiring an access request for triggering a second application in a first application, wherein the first application is an external application program of the second application;

the jump identification module is used for acquiring the access rule of the second application, and carrying out jump identification on the access request according to the access rule to obtain an identification result;

and the access determining module is used for determining whether to allow the second application to be accessed according to the identification result.

Optionally, the request obtaining module is configured to obtain an access request to the second application triggered by the target link in the first application based on a URL Schemes mechanism.

Optionally, the jump identification module includes:

a sending unit, configured to send a request for obtaining an access rule of the second application to a server;

and the receiving unit is used for receiving the access rule of the second application sent by the server.

Optionally, the apparatus further comprises:

the information acquisition module is used for acquiring target information related to the access request if the second application is not allowed to be accessed, wherein the target information comprises one or more of an identifier of the first application, an identifier of terminal equipment where the first application is located, a link triggering the access request of the second application and content information in the second application to be accessed;

and the information sending module is used for sending the target information to a server so that the server updates the access rule of the second application according to the target information.

Optionally, the jump identification module includes:

the verification unit is used for verifying the access rule according to the verification rule corresponding to the second application to obtain a verification result;

and the jump identification unit is used for carrying out jump identification on the access request according to the access rule to obtain an identification result if the verification result is that the verification is successful.

a request receiving module, configured to receive a request sent by a terminal device to obtain an access rule of a second application, where the request is a request sent by the terminal device when the terminal device triggers an access request of the second application in a first application, and the first application is an external application program of the second application;

the access rule acquisition module is used for acquiring the access rule of the second application;

and the rule sending module is used for sending the access rule of the second application to the terminal equipment so that the terminal equipment carries out jump recognition on the access request according to the access rule to obtain a recognition result, and determining whether to allow the second application to be accessed according to the recognition result.

Optionally, the apparatus further comprises:

the information receiving module is used for receiving target information which is sent by the terminal equipment and is related to the access request, wherein the target information comprises one or more of an identifier of the first application, an identifier of the terminal equipment, a link triggering the access request of a second application and content information in the second application to be accessed;

and the rule updating module is used for updating the access rule of the second application according to the target information.

An access device for an application provided in an embodiment of the present specification includes:

a processor; and

a memory arranged to store computer executable instructions that, when executed, cause the processor to:

a processor; and

acquiring an access rule of the second application;

As can be seen from the technical solutions provided in the embodiments of the present disclosure, an access request for a second application is triggered in a first application, where the first application is an external application program of the second application, obtains an access rule of the second application, performs skip identification on the access request according to the access rule, obtains an identification result, and determines whether to allow access to the second application according to the obtained identification result, so when the external application program of the second application triggers access to the second application, the access can be identified based on the access rule of the second application, so as to determine whether to allow access to the second application, thereby effectively avoiding calling other application programs in a manner of tampering links or the like, so as to achieve the purpose of stealing information of a user of the application program or inducing the user to perform some involuntary actions, reducing the probability of information leakage, and reducing resource loss of the user.

Drawings

In order to more clearly illustrate the embodiments of the present description or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some of the embodiments described in the present description, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is an embodiment of an access method for an application of the present disclosure;

FIG. 2 is a schematic diagram of an access system for an application of the present disclosure;

FIG. 3 is an embodiment of an access method for another application of the present disclosure;

FIG. 4 is an embodiment of an access method for yet another application of the present disclosure;

FIG. 5 is an embodiment of an access method for yet another application of the present disclosure;

FIG. 6 is an embodiment of an access device for one application of the present description;

FIG. 7 is an embodiment of an access device for another application of the present disclosure;

FIG. 8 is an embodiment of an access device for an application of the present disclosure

Fig. 9 is an access device embodiment of another application of the present description.

Detailed Description

The embodiment of the specification provides an access method, device and equipment of an application.

In order to make the technical solutions in the present specification better understood by those skilled in the art, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only some embodiments of the present specification, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are intended to be within the scope of the present disclosure.

Example 1

As shown in fig. 1, an embodiment of the present disclosure provides an access method for an application, where an execution body of the method may be a terminal device or a server, where the terminal device may be a mobile terminal device such as a mobile phone or a tablet computer, or may be a device such as a personal computer. The method can be used for judging whether to allow access to the application program after jumping or not in the process that a user jumps from one application program to another application program. The method specifically comprises the following steps:

in step S102, an access request to a second application triggered in a first application, which is an external application program of the second application, is acquired.

The first application may be any application program, such as an instant messaging application, a shopping application, or a browser. The second application may be any application program different from the first application, and the second application is not an internal application or an application program corresponding to a function of the first application, specifically, the first application may be an instant messaging application, the second application may be a payment application, or the like. The application or application program may refer to a Web application program, that is, a program that is composed of various Web components that perform a specific task or service, and exposes related services to the outside through the Web.

In practice, generally, the application programs have URL Schemes for opening internal applications or functions, where the URL in the URL Schemes may refer to links or websites, such as https:// www.taobao.com, where the Schemes represent the most initial position in a URL, i.e., the character before ":/" in the URL, for example, if the URL is https:// www.taobao.com based on the above example, the Schemes of the URL may be https. Based on the use of URL Schemes described above, one can locate an application, or even some function or functions in the application, with a particular URL, as one locates a web page. Typically, each web page has a corresponding web address, but not necessarily all applications have corresponding URL Schemes, nor do each function of each application have a corresponding URL scheme. Whether an application program supports URL Schemes or not, whether a developer of the application program needs to add URL scheme related codes into the URL Schemes or not, and if the program code of the application program comprises URLSchemes related codes, the application program has the calling mechanism. One web site corresponds to only one web page, but not every URL schema corresponds to only one application.

In general, a sandbox is set for an installed application program in an operating system, so that each application program becomes an information island, and cannot communicate with each other, but the application program in the operating system can register a corresponding URL Scheme, and the URL Scheme can implement mutual calling between different application programs. However, the external application program may evoke other application programs (such as financial application programs) through URL Schemes tampering, further steal information of the user of the application program or induce the user to perform certain involuntary actions, for example, if a wallet application performs a marketing activity with new promotion, that is, a sharee clicks a shared link to obtain a coupon (such as a red package or a coupon) through an online link sharing mode, and after the sharee verifies the coupon, the sharee can also obtain a certain coupon (such as a red package or a coupon). In this way, the shared link may be attacked by the black product, the black product may create an external malicious link (such as adding new event description information on the original link) in some way, and trigger the user's terminal device to jump to the user's wallet application, and under the condition that the user is unaware, arouse the wallet application and get the corresponding preference, thereby achieving the purpose of obtaining benefits of the black product, resulting in information leakage and even resource loss of the user.

During the process of using a certain application program (namely, the first application), a corresponding function or internal application program can be started through a function entry or internal application program entry provided in the first application, wherein the function entry or internal application program entry can be a link or hyperlink and the like. The first application may register a corresponding URL Scheme by which the purpose of invoking other applications may be achieved. The triggering operation of the URLScheme mechanism may be implemented by clicking a link or a hyperlink, for which, the link or the hyperlink may be set in a certain page provided by the first application, if the current first application needs to jump to another application program, or if the user needs a service corresponding to the link or the hyperlink, the link or the hyperlink may be clicked, at this time, the URL Scheme mechanism registered in the first application is started, and at the same time, the terminal device may acquire an identifier of the first application, information (such as a device identifier, an IP address, or an MAC (Media Access Control, media access control) address, etc.) of the terminal device used by the current user, the link or the hyperlink, etc., and may generate an access request for accessing an application program (i.e., a second application) corresponding to the link or the hyperlink based on the information, so that the terminal device may acquire an access request for triggering the second application in the first application.

It should be noted that, in practical applications, the jump from the first application to the second application is not limited to the jump from the first application to the second application based on the URL schema, but may be triggered by other jump mechanisms, which is not limited in the embodiments of the present disclosure.

In step S104, an access rule of the second application is obtained, and the access request is identified in a skip manner according to the access rule, so as to obtain an identification result.

The access rule may be a rule for determining whether to allow the jump from the first application to the second application and allowing the second application to run or access the second application, and the specific content of the access rule may be set according to the actual situation, for example, the access rule may be a rule for refusing to jump from the first application to the second application, or a rule for allowing the jump from the first application to the second application, but a jump link or hyperlink used in the process of jumping from the first application to the second application is a specified link, or the like.

In implementation, the access rule of an application may be stored in the terminal device in which the application is installed, or may be stored in a designated server or storage device. For the case that the access rule of an application program is stored in the terminal device, a developer of the application program can set an application program white list or a blacklist allowing to jump to the application program for the application program in the process of developing the application program, can further set other related rules, and can package the application program after the setting is completed so as to be downloaded and installed by a user. After the user installs the application, the terminal device may store the access rule of the application locally.

The above access request may include an identifier of an application program (i.e., a second application) that is skipped or needs to be accessed, and when the terminal device obtains the access request for triggering the second application in the first application, the identifier of the application program included in the access request may be extracted from the access request, and by using the identifier, it may be determined whether the second application is installed in the terminal device, and if the second application is installed, the access rule of the second application may be obtained from locally stored access rules. In addition, the access request may further include various relevant information, for example, the identifier of the first application, the identifier of the terminal device, the link or the hyperlink, and the like, and then the relevant information corresponding to the access request may be matched with the access rule of the second application, so as to perform jump recognition on the access request, if it is determined that the relevant information corresponding to the access request does not meet the rule for allowing access to the second application according to the relevant information corresponding to the access request and the access rule of the second application, the recognition result for refusing access to the second application may be obtained, and if it is determined that the relevant information corresponding to the access request meets the rule for allowing access to the second application, the recognition result for allowing access to the second application may be obtained.

For example, the access rule of the second application is a rule that allows the second application to jump from the first application, but the jump link or hyperlink used in the process of jumping from the first application to the second application is link a, it may be determined whether the access request includes the identifier of the first application, if so, it may be determined whether the jump link or hyperlink in the access request is link a, if so, it may be determined that the relevant information corresponding to the access request satisfies the rule that allows the second application to access, and at this time, an identification result that allows the second application to access may be obtained. Otherwise, obtaining the identification result of refusing to access the second application.

For the case where the access rule of a certain application program is stored in a designated server or storage device, as shown in fig. 2, the terminal device may acquire an identifier of the second application and send the identifier to the server, and the server may acquire the access rule of the second application through the identifier and may send the access rule of the second application to the terminal device. Then, the terminal device may perform jump recognition on the access request according to the access rule to obtain a recognition result, which may specifically refer to the related content and will not be described herein.

In step S106, it is determined whether access to the second application is allowed or not, based on the above-described identification result.

In implementation, if it is determined that the access to the second application is allowed, the terminal device may start the second application through a URLScheme mechanism, and may send a request for acquiring data in the second application to a corresponding server, where after receiving the request for acquiring the data, the corresponding server may acquire the corresponding data and may send the corresponding data to the terminal device, so that a user may view relevant information acquired based on the second application. If the terminal equipment determines that the access to the second application is not allowed, the terminal equipment can reject the operation of the second application and can output corresponding prompt information, such as 'the second application rejects the access' or 'abnormal access to the second application is detected', at the moment, after the user checks the prompt information, the user can know the operation condition of the first application in time, whether the access to the second application is triggered by the user or not, and the like, so that the information of the user is prevented from being leaked, and the resource loss of the user is reduced.

In the case where the access rule of the second application is stored in a designated server, as shown in fig. 3, an embodiment of the present disclosure provides an access method of the application, where an execution subject of the method may be a terminal device or a server, where the terminal device may be a device such as a personal computer. The server may be an independent server or a server cluster formed by a plurality of servers, and the server may be a background server of a certain service (such as a financial service, etc.), a background server of a certain website (such as an online shopping website or a payment application, etc.), etc. The method can be used for judging whether to allow access to the application program after jumping or not in the process that a user jumps from one application program to another application program. In order to improve the processing efficiency of application access, in this embodiment, the execution body is taken as a server for illustration, and for the case of the terminal device, the processing may be performed according to the following related content, which is not described herein again. The method specifically comprises the following steps:

In step S302, a request sent by the terminal device to acquire an access rule of the second application is received, where the request is a request sent by the terminal device when the terminal device acquires an access request to the second application triggered in the first application, and the first application is an external application program of the second application.

In implementation, during the process of using the first application by the user, the corresponding function or application program can be started through a function entry or an internal application program entry provided in the first application. The first application may register a corresponding URL Scheme by which the purpose of invoking other applications may be achieved. The link or hyperlink may be set in a certain page provided by the first application, if the current first application needs to jump to another application program, the link or hyperlink may be clicked, at this time, a URL Scheme mechanism registered in the first application is started, and meanwhile, the terminal device may acquire corresponding information, and may generate an access request for accessing the second application based on the information, so that the terminal device may acquire an access request triggering the second application in the first application.

As shown in fig. 2, the terminal device may acquire an identifier of the second application, and may generate a request for acquiring an access rule of the second application based on the identifier, and may transmit the request to the server, so that the server may receive the request for acquiring the access rule of the second application transmitted by the terminal device.

In step S304, an access rule of the second application is acquired.

In an implementation, after receiving a request sent by the terminal device to obtain an access rule of the second application, the server may extract an identifier (may be, for example, a name or an encoding of the second application) of the second application from the request, and may obtain the access rule of the second application through the identifier.

In step S306, the access rule of the second application is sent to the terminal device, so that the terminal device performs jump recognition on the access request according to the access rule, obtains a recognition result, and determines whether to allow access to the second application according to the recognition result.

The embodiment of the specification provides an access method of an application, which is implemented by acquiring an access request for triggering a second application in a first application, wherein the first application is an external application program of the second application, acquiring an access rule of the second application, performing jump recognition on the access request according to the access rule to obtain a recognition result, and determining whether to allow access to the second application according to the obtained recognition result.

Example two

As shown in fig. 4, an embodiment of the present disclosure provides an access method for an application, where an execution subject of the method may be a terminal device and a server, where the terminal device may be a device such as a personal computer. The server may be an independent server or a server cluster formed by a plurality of servers, and the server may be a background server of a certain service (such as a financial service, etc.), a background server of a certain website (such as an online shopping website or a payment application, etc.), etc. The method can be used for judging whether to allow access to the application program after jumping or not in the process that a user jumps from one application program to another application program. The method specifically comprises the following steps:

in step S402, the terminal device obtains an access request to the second application triggered by the target link in the first application based on the URL Schemes mechanism.

The access request comprises one or more of an identification of the first application, an identification of a terminal device where the first application is located, a link triggering the access request to the second application and content information in the second application to be accessed. The identification of the first application may be the name or code of the first application, etc. The identifier of the terminal device may be a name or code of the terminal device, or may be an IP address, a MAC address, an IMEI (International Mobile Equipment Identity, international mobile equipment identifier) code, or the like of the terminal device. The target link may be a link in the first application that triggers access to the second application, the target link may be a commonly used network address link or hyperlink, etc. The URL Schemes mechanism may be a mechanism for opening an internal application or function in an application, where URLs in the URL Schemes may refer to links or websites, where Schemes represent the most initial locations in a URL. Based on the URLSchemes mechanism, a specific URL may be used to locate an application, even one or some function in the application. But not all applications have corresponding URL Schemes nor are each functions of each application have corresponding URL Schemes. Whether an application supports URLSchemes or not, whether a developer who needs to pass the application has URL Schemes related code added thereto. One web site corresponds to only one web page, but not every URL schema corresponds to only one application.

In an implementation, a buried point may be preset in the terminal device, through which an identifier of the first application, an identifier of the terminal device where the first application is located, a link triggering an access request to the second application, content information in the second application to be accessed, and so on may be obtained, specifically in an actual application, the buried point data may include appName, deviceId, content, schemes protocol, detail, and riskValue, where appName may represent an identifier such as a name of an external application calling the second application, deviceId may represent an ID (Identity) identifying a user device (i.e., a terminal device) in URL Schemes, content may represent Content in URL Schemes in which an identifier points to a jump, a Schemes protocol may represent, for example, an application:////, a log:// and so on, details may represent complete Schemes, riskValue may represent an identification result of an access rule or a hit result (specifically may, if hit returns 1, if miss returns 0, etc.). Then, an access request to the second application may be generated through the information acquired by the buried point.

The specific processing procedure of the step S402 may be referred to the related content of the step S102 in the first embodiment, which is not described herein.

In step S404, the terminal device transmits a request to acquire an access rule of the second application to the server.

The specific processing procedure of the step S404 may be referred to the relevant content of the step S104 and the step S302 in the first embodiment, and will not be described herein.

In step S406, the server acquires an access rule of the second application.

The content of step S406 is the same as that of step S304 in the first embodiment, and the specific processing procedure of step S406 may refer to the related content of step S304 in the first embodiment, which is not described herein.

In step S408, the server transmits the access rule of the second application to the terminal device.

Malicious jump link observation and interception can be performed through access rules of an application program, and terminal equipment can acquire and match through complete URL (uniform resource locator) Schemes contents in the process of being evoked by the URL Schemes mechanism by pulling corresponding configuration information (including observation configuration information and interception configuration information) from a server. The observation configuration information may be used to indicate whether the access rule of the verification application program has no false alarm, accuracy, hit rate, etc., and the interception configuration information may be used to indicate that the access request actually hits the access rule is intercepted, etc. See specifically the processing of step S410 and step S412 described below.

In step S410, the terminal device verifies the access rule according to the verification rule corresponding to the second application, to obtain a verification result.

The verification rule may correspond to the above-mentioned observation configuration information, and may be used to verify whether the access rule of the application program is not misreported, the accuracy (may be whether the accuracy reaches a predetermined accuracy threshold, etc.), the hit rate (may be whether the hit rate reaches a predetermined hit rate threshold, etc.), and so on.

In implementation, the verification rule (may also include the above observation configuration information) corresponding to the second application may be stored by the server and issued to the terminal device, specifically, the terminal device may send a request for obtaining the access rule of the second application to the server, and at the same time, may send a request for obtaining the verification rule corresponding to the second application to the server, and the server may obtain the verification rule corresponding to the second application and send the verification rule to the terminal device. After receiving the access rule of the second application sent by the server, the terminal device can verify the access rule according to whether the access rule in the verification rule has no false alarm, accuracy, hit rate and other judging conditions, if the access rule has no false alarm, and both the accuracy and the hit rate meet the preset conditions (if the accuracy reaches a preset accuracy threshold, the hit rate reaches a preset hit rate threshold and the like), the verification of the access rule can be determined to pass or succeed, otherwise, the verification of the access rule can be determined to fail or fail.

In step S412, if the verification result is that the verification is successful, the terminal device performs skip identification on the access request according to the access rule, so as to obtain an identification result.

The specific processing procedure of the step S412 may be referred to the related content of the step S104 in the first embodiment, which is not described herein.

In practical applications, the access rule may include a plurality of types, and may include a plurality of types, for example, based on accumulation of historical data, a device capable of causing a resource is determined, and then, the identification of the terminal device may be matched with a device indicated in the access rule, so as to perform skip identification on the access request, so as to obtain an identification result. In addition, a link (or a black link or a malicious link) capable of causing the resource can be determined based on accumulation of the historical data, and then the skip recognition can be performed on the access request by matching the link clicked by the user with the black link or the malicious link in the access rule, so that a recognition result is obtained. In addition, the jump content information capable of causing the resource may be determined based on accumulation of the history data, and then the jump content information acquired by the buried point may be matched with the jump content information capable of causing the resource in the access rule, so as to perform jump recognition on the access request, obtain a recognition result, and so on.

In step S414, the terminal device determines whether to allow access to the second application according to the above identification result.

The content of step S414 is the same as that of step S106 in the first embodiment, and the specific processing procedure of step S414 may refer to the relevant content of step S106 in the first embodiment, which is not described herein.

In addition, the access rule of the second application may be updated, and specifically, see the following processing of step S416 to step S420.

In step S416, if it is determined that the access to the second application is not allowed, the terminal device obtains the target information related to the access request, where the target information includes one or more of an identifier of the first application, an identifier of the terminal device where the first application is located, a link triggering the access request to the second application, and content information in the second application to be accessed.

In step S418, the terminal device transmits the target information to the server.

In step S420, the server updates the access rule of the second application according to the target information.

In implementation, the server adjusts the access rule according to the target information to improve accuracy, hit rate and the like of the access rule, and then the adjusted access rule can be used for replacing the current access rule of the second application, so that when the terminal device requests the access rule of the second application to the server again, the server can send the updated access rule to the terminal device, and the terminal device can skip and identify the access request of the second application through the updated access rule.

Example III

As shown in fig. 5, an embodiment of the present disclosure provides an access method for an application, where an execution subject of the method may be a terminal device, and the terminal device may be a device such as a personal computer. The method can be used for judging whether to allow access to the application program after jumping or not in the process that a user jumps from one application program to another application program. The embodiment may be a detailed description of a case where an access rule for a certain application is stored in a terminal device, and the method may specifically include the steps of:

In step S502, the terminal device obtains an access request to the second application triggered by the target link in the first application based on the URL Schemes mechanism.

In step S504, the terminal device acquires an access rule of the second application.

In step S506, the terminal device verifies the access rule according to the verification rule corresponding to the second application, to obtain a verification result.

In step S508, if the verification result is that the verification is successful, the terminal device performs skip identification on the access request according to the access rule, so as to obtain an identification result.

In step S510, the terminal device determines whether to allow access to the second application according to the above-described identification result.

In step S512, if it is determined that the access to the second application is not allowed, the terminal device obtains the target information related to the access request, where the target information includes one or more of an identifier of the first application, an identifier of the terminal device where the first application is located, a link triggering the access request to the second application, and content information in the second application to be accessed.

In step S514, the terminal device updates the access rule of the second application according to the target information.

Example IV

The above method for accessing an application provided in the embodiment of the present disclosure further provides an apparatus for accessing an application based on the same concept, as shown in fig. 6.

The access device of the application comprises: a request acquisition module 601, a jump identification module 602 and an access determination module 603, wherein:

A request acquisition module 601, configured to acquire an access request that triggers a second application in a first application, where the first application is an external application program of the second application;

the skip identification module 602 is configured to obtain an access rule of the second application, and perform skip identification on the access request according to the access rule, so as to obtain an identification result;

and the access determining module 603 is configured to determine whether to allow access to the second application according to the identification result.

In this embodiment of the present disclosure, the request obtaining module 601 is configured to obtain, based on a URL Schemes mechanism, an access request to the second application triggered by a target link in the first application.

In this embodiment of the present disclosure, the access request includes one or more of an identifier of the first application, an identifier of a terminal device where the first application is located, a link triggering an access request to a second application, and content information in the second application to be accessed.

In the embodiment of the present disclosure, the jump identification module 602 includes:

In an embodiment of the present disclosure, the apparatus further includes:

The embodiment of the specification provides an access device for an application, which triggers an access request for a second application in a first application, wherein the first application is an external application program of the second application, acquires an access rule of the second application, performs jump recognition on the access request according to the access rule to obtain a recognition result, and determines whether to allow the access to the second application according to the obtained recognition result.

Example five

The above method for accessing an application provided in the embodiment of the present disclosure further provides an apparatus for accessing an application based on the same concept, as shown in fig. 7.

The access device of the application comprises: a request receiving module 701, an access rule acquiring module 702 and a rule transmitting module 703, wherein:

a request receiving module 701, configured to receive a request sent by a terminal device to obtain an access rule of a second application, where the request is a request sent when the terminal device obtains an access request of the second application triggered in a first application, and the first application is an external application program of the second application;

an access rule obtaining module 702, configured to obtain an access rule of the second application;

the rule sending module 703 is configured to send an access rule of the second application to the terminal device, so that the terminal device performs skip identification on the access request according to the access rule, obtains an identification result, and determines whether to allow access to the second application according to the identification result.

In an embodiment of the present disclosure, the apparatus further includes:

Example six

The above device for accessing an application provided in the embodiment of the present disclosure further provides an access device for an application based on the same concept, as shown in fig. 8.

The access device of the application may be a terminal device provided in the above embodiment.

The access devices of the applications may vary widely in configuration or performance, and may include one or more processors 801 and memory 802, where the memory 802 may store one or more stored applications or data. Wherein the memory 802 may be transient storage or persistent storage. The application programs stored in memory 802 may include one or more modules (not shown in the figures), each of which may include a series of computer-executable instructions in an access device to the application. Still further, the processor 801 may be configured to communicate with the memory 802 and execute a series of computer executable instructions in the memory 802 on an access device of an application. The access device for the application may also include one or more power supplies 803, one or more wired or wireless network interfaces 804, one or more input/output interfaces 805, one or more keyboards 806.

In particular, in this embodiment, the access device of the application includes a memory, and one or more programs, where the one or more programs are stored in the memory, and the one or more programs may include one or more modules, and each module may include a series of computer executable instructions in the access device of the application, and configured to be executed by the one or more processors, the one or more programs including computer executable instructions for:

In this embodiment of the present disclosure, the acquiring, in the first application, the access request to the second application includes:

In this embodiment of the present disclosure, the obtaining the access rule of the second application includes:

and receiving the access rule of the second application sent by the server.

In this embodiment of the present specification, further includes:

In this embodiment of the present disclosure, performing jump recognition on the access request according to the access rule to obtain a recognition result includes:

The embodiment of the specification provides an access device of an application, which triggers an access request to a second application in a first application, wherein the first application is an external application program of the second application, acquires an access rule of the second application, performs jump recognition on the access request according to the access rule to obtain a recognition result, and determines whether to allow the access to the second application according to the obtained recognition result.

Example seven

Based on the same thought, the embodiment of the present specification further provides an access device for an application, as shown in fig. 9.

The access device of the application may be a server provided in the above embodiment.

The access devices of the applications may vary widely due to configuration or performance, and may include one or more processors 901 and a memory 902, where the memory 902 may store one or more stored applications or data. Wherein the memory 902 may be transient storage or persistent storage. The application programs stored in memory 902 may include one or more modules (not shown in the figures), each of which may include a series of computer-executable instructions in an access device to the application. Still further, the processor 901 may be arranged to communicate with the memory 902 to execute a series of computer executable instructions in the memory 902 on an access device of an application. The access device for the application may also include one or more power supplies 903, one or more wired or wireless network interfaces 904, one or more input output interfaces 905, and one or more keyboards 906.

acquiring an access rule of the second application;

In this embodiment of the present specification, further includes:

The foregoing describes specific embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.

In the 90 s of the 20 th century, improvements to one technology could clearly be distinguished as improvements in hardware (e.g., improvements to circuit structures such as diodes, transistors, switches, etc.) or software (improvements to the process flow). However, with the development of technology, many improvements of the current method flows can be regarded as direct improvements of hardware circuit structures. Designers almost always obtain corresponding hardware circuit structures by programming improved method flows into hardware circuits. Therefore, an improvement of a method flow cannot be said to be realized by a hardware entity module. For example, a programmable logic device (ProgrammableLogic Device, PLD) (e.g., field programmable gate array (Field Programmable Gate Array, FPGA)) is an integrated circuit whose logic function is determined by the programming of the device by a user. A designer programs to "integrate" a digital system onto a PLD without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Moreover, nowadays, instead of manually manufacturing integrated circuit chips, such programming is mostly implemented by using "logic compiler" software, which is similar to the software compiler used in program development and writing, and the original code before the compiling is also written in a specific programming language, which is called hardware description language (Hardware Description Language, HDL), but not just one of the hdds, but a plurality of kinds, such as ABEL (Advanced Boolean Expression Language), AHDL (Altera Hardware Description Language), confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), lava, lola, myHDL, PALASM, RHDL (Ruby Hardware Description Language), etc., VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog are currently most commonly used. It will also be apparent to those skilled in the art that a hardware circuit implementing the logic method flow can be readily obtained by merely slightly programming the method flow into an integrated circuit using several of the hardware description languages described above.

The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer readable medium storing computer readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, application specific integrated circuits (Application Specific Integrated Circuit, ASIC), programmable logic controllers, and embedded microcontrollers, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic of the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller in a pure computer readable program code, it is well possible to implement the same functionality by logically programming the method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers, etc. Such a controller may thus be regarded as a kind of hardware component, and means for performing various functions included therein may also be regarded as structures within the hardware component. Or even means for achieving the various functions may be regarded as either software modules implementing the methods or structures within hardware components.

The system, apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. One typical implementation is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.

For convenience of description, the above devices are described as being functionally divided into various units, respectively. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing one or more embodiments of the present description.

It will be appreciated by those skilled in the art that embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Moreover, one or more embodiments of the present description can take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

Embodiments of the present description are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the specification. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.

Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.

One or more embodiments of the present specification may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the present description may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.

In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments.

The foregoing is merely exemplary of the present disclosure and is not intended to limit the disclosure. Various modifications and alterations to this specification will become apparent to those skilled in the art. Any modifications, equivalent substitutions, improvements, or the like, which are within the spirit and principles of the present description, are intended to be included within the scope of the claims of the present description.

Claims

1. An access method for an application, the method comprising:

determining whether to allow access to the second application according to the identification result;

the step of performing jump recognition on the access request according to the access rule to obtain a recognition result comprises the following steps:

2. The method of claim 1, the obtaining triggering an access request to a second application in a first application, comprising:

3. The method of claim 2, wherein the access request includes one or more of an identification of the first application, an identification of a terminal device in which the first application is located, a link triggering an access request to a second application, and content information in the second application to be accessed.

4. A method according to any of claims 1-3, the obtaining the access rule of the second application comprising:

and receiving the access rule of the second application sent by the server.

5. The method of claim 4, the method further comprising:

6. An access method for an application, the method comprising:

Acquiring an access rule of the second application;

and sending the access rule of the second application to the terminal equipment so that the terminal equipment verifies the access rule according to the verification rule corresponding to the second application to obtain a verification result, if the verification result is successful, performing skip identification on the access request according to the access rule to obtain an identification result, and determining whether to allow access to the second application according to the identification result.

7. The method of claim 6, the method further comprising:

8. An access device for an application, the device comprising:

the access determining module is used for determining whether to allow access to the second application according to the identification result;

the jump identification module comprises:

9. The apparatus of claim 8, the request acquisition module to acquire an access request to the second application triggered by a target link in the first application based on a URL Schemes mechanism.

10. The apparatus of claim 9, the access request comprising one or more of an identification of the first application, an identification of a terminal device in which the first application is located, a link triggering an access request to a second application, and content information in the second application to be accessed.

11. The apparatus of any of claims 8-10, the jump identification module comprising:

12. The apparatus of claim 11, the apparatus further comprising:

13. An access device for an application, the device comprising:

and the rule sending module is used for sending the access rule of the second application to the terminal equipment so that the terminal equipment verifies the access rule according to the verification rule corresponding to the second application to obtain a verification result, if the verification result is successful, the access request is subjected to jump recognition according to the access rule to obtain a recognition result, and whether the second application is allowed to be accessed is determined according to the recognition result.

14. The apparatus of claim 13, the apparatus further comprising:

15. An access device for an application, the access device for an application comprising:

A processor; and

16. An access device for an application, the access device for an application comprising:

a processor; and

Acquiring an access rule of the second application;