CN111371803B

CN111371803B - Smart home permission control method and device, smart home system and server

Info

Publication number: CN111371803B
Application number: CN202010179712.XA
Authority: CN
Inventors: 陈力
Original assignee: Suzhou Homycloud Intelligent Technology Co ltd
Current assignee: SUZHOU HOMYCLOUD INTELLIGENT TECHNOLOGY Co.,Ltd.
Priority date: 2020-03-16
Filing date: 2020-03-16
Publication date: 2021-04-09
Anticipated expiration: 2040-03-16
Also published as: CN112286102A; CN112162491A; CN111371803A

Abstract

The embodiment of the application provides an intelligent home permission control method and device, an intelligent home system and a server, and before permission control is requested for intelligent home equipment, permission control requests sent by a plurality of intelligent home equipment are virtualized to be subjected to virtual testing under a relevant virtual control scene, so that permission control behaviors of different relevant application programs are effectively determined, high-risk application program interaction combinations possibly having abnormal permission control are effectively screened out, the condition that a part of private data is shared and used by different intelligent home equipment is further improved, and the safety of the private data is improved.

Description

Smart home permission control method and device, smart home system and server

Technical Field

The application relates to the technical field of intelligent home, in particular to an intelligent home permission control method and device, an intelligent home system and a server.

Background

With the rapid development of the internet of things technology, in the process of accessing the smart home devices to the home, the smart home devices access data more and more frequently. However, if all the various authority control processes between the application programs in the smart home devices are completely opened, a part of the private data may be shared by different smart home devices, which causes inconvenience to the user. Based on this, how to effectively determine the authority control behaviors of different related application programs before requesting authority control for the smart home device, and effectively screen out the high-risk application program interaction combination which may have abnormal authority control is a technical problem to be solved urgently by those skilled in the art.

Disclosure of Invention

In view of this, an object of the present application is to provide an intelligent home permission control method, an apparatus, an intelligent home system, and a server, where permission control requests sent by multiple pieces of intelligent home equipment are virtualized to perform virtual tests in a related virtual control scenario before permission control is requested by the intelligent home equipment, so that permission control behaviors of different related applications are effectively determined, high-risk application interaction combinations that may have abnormal permission control are effectively screened out, a portion of private data is further improved when shared by different pieces of intelligent home equipment, and security of the private data is improved.

In a first aspect, the present application provides an intelligent home permission control method, which is applied to a server, where the server is in communication connection with a plurality of intelligent home devices, and the plurality of intelligent home devices are in the same home scene, where the method includes:

virtualizing authority control requests sent by the multiple intelligent home devices in a virtual control scene of the server, running each related application program of the related intelligent home device corresponding to the requested control authority according to the application program control information corresponding to the requested control authority in the virtual control scene to acquire the authority control information of each related application program in an authority calling channel in the virtual control process, and respectively extracting authority control results of the corresponding related application programs in each authority category item from the authority control information corresponding to each related application program;

respectively removing non-privacy authority control results of corresponding related application programs under the authority category items from authority control results of the related application programs under the authority category items to obtain privacy authority control results of the related application programs under the authority category items, and respectively dividing the privacy authority control results of the related application programs under the authority category items into privacy authority control results of the corresponding related application programs under a first authority category item and privacy authority control results under a second authority category item, wherein the first authority category item is used for representing authority inflow control relations, and the second authority category item is used for representing authority outflow control relations and authority access relations;

according to the privacy authority control result of each related application program under the first type of authority category item, acquiring a virtual item of the corresponding related application program under each authority category item contained in the first type of authority category item, generating a corresponding virtual test model by taking each related application program as a first statistical parameter and taking the virtual item of the corresponding related application program under each authority category item contained in the first type of authority category item as a second statistical parameter, and identifying the virtual test model to acquire a virtual test result corresponding to each related application program;

regarding each related application program belonging to the same virtual test result, taking every two related application programs as a virtual test pair, and respectively judging whether the two related application programs contained in the corresponding virtual test pair are high-risk program pairs or not according to the privacy authority control results of the two related application programs contained in each virtual test pair under the second type of authority category items;

and if the two related application programs contained in the corresponding virtual test pair are high-risk program pairs, disabling the authority control channel between the related application programs in the two pieces of intelligent household equipment in the high-risk program pairs.

In a possible design of the first aspect, the step of running, in the virtual control scenario, each related application program of the related smart home device corresponding to the requested control permission according to the application program control information corresponding to the permission control request for the requested control permission to obtain the permission control information of the permission call channel of each related application program in the virtual control process includes:

establishing service associated authority information of the authority control request according to service content request information of the authority control service of the authority control request by the plurality of intelligent home devices, wherein the service associated authority information is used for reflecting authority expression information when authority control is carried out in the authority control request;

monitoring the authority of the service associated authority information of the authority control service of the authority control request according to an authority monitoring model corresponding to the requested control authority to obtain the application program control information of the authority control request corresponding to the requested control authority;

determining authority calling channel information of the authority control request according to application program control information of the authority control request;

and operating each related application program according to the authority calling channel information to acquire the authority control information of the authority calling channel of each related application program in the virtual control process.

In a possible design of the first aspect, the step of establishing, according to service content request information of an authorization control service of the authorization control request by the plurality of smart home devices, service-related authorization information of the authorization control request includes:

acquiring a first service content characteristic of each service content in the service content request information, wherein the first service content characteristic is used for representing content identification authority information of the service content;

performing feature identification on the first service content feature to obtain first service access feature information and access authorization feature information corresponding to the first service access feature information;

acquiring first service request script information and service interaction information of the service content, and extracting service request control information of the first service request script information, wherein the service request control information of the first service request script information comprises a specified service control instruction;

acquiring appointed service control instructions of preset historical service content, and adjusting the appointed service control instructions of the first service request script information according to the appointed service control instructions to enable a virtual control strategy between the appointed service control instructions in the first service request script information to be matched with a virtual control strategy between the appointed service control instructions in the preset historical service content;

obtaining service request control information of second service request script information according to each adjusted designated service control instruction in the first service request script information, and generating second service request script information according to the service request control information of the second service request script information;

according to the service request control information of the service interaction information and the second service request script information, searching and obtaining access authorization feature information matched with the service interaction information and first service access feature information corresponding to the access authorization feature information, and according to the service request control information of the second service request script information, adjusting the first service access feature information corresponding to the access authorization feature information to obtain second service access feature information;

and mapping and associating the second service access characteristic information and the second service request script information to establish service association authority information of the authority control request.

In a possible design of the first aspect, the step of running each relevant application program according to the information of the permission call channel to obtain the permission control information of the permission call channel of each relevant application program in the virtual control process includes:

calling the authority calling channel according to the authority calling channel information to access the corresponding virtual control process, and running each related application program through the virtual control process;

determining an authority control entity parameter corresponding to the authority control attribute label of each related application program according to the authority control attribute labels of different authority control types called for each related application program, wherein the authority control attribute labels of different authority control types respectively correspond to different authority control entity parameters;

determining label node data of different authority control attribute labels of each related application program, and acquiring a first entity set of at least two identical authority control entities in a plurality of corresponding authority control entities and at least one second entity set of which the calling times are greater than preset times in the remaining authority control entities according to the label node data;

generating an authority control thread used for determining authority control information of the authority calling channel according to an entity set which is selected from the first entity set and has the calling times larger than a set time and serves as a target entity set and the at least one second entity set, wherein the authority control thread comprises the target entity set and the at least one second entity set;

and respectively determining the authority control information of the authority calling channel of each related application program in the virtual control process according to the authority control thread.

In a possible design of the first aspect, the step of determining, according to the permission control thread, permission control information of a permission call channel of each relevant application program in a virtual control process includes:

determining a target entity set and an authority control attribute label corresponding to each target authority control entity in the at least one second entity set according to the authority control thread;

and determining the authority control information of the authority calling channel of each related application program in the virtual control process according to the authority control attribute label corresponding to each target authority control entity.

In a possible design of the first aspect, the step of respectively determining whether two related applications included in each virtual test pair are high-risk program pairs according to the privacy authority control result of the two related applications included in each virtual test pair under the second type of authority category item includes:

calculating the privacy security degree between the authority outflow control relations respectively corresponding to the two related application programs contained in each virtual test pair aiming at the two related application programs contained in each virtual test pair;

and judging whether the privacy security degree is greater than or equal to a preset privacy security degree, if the privacy security degree is greater than or equal to the preset privacy security degree, and under the condition that the permission access relations corresponding to the two contained related application programs in the virtual test are respectively matched, judging that the two contained related application programs in the virtual test are a high-risk program pair, otherwise, judging that the two contained related application programs in the virtual test are not the high-risk program pair.

In a possible design of the first aspect, the determining that the two related applications included in the virtual test pair are high-risk pairs when it is determined that the respective corresponding access relationships of the two related applications included in the virtual test pair match each other includes:

if the two related application programs contained in the virtual test pair have authority access relations and the two authority access relations are the same, judging that the two related application programs contained in the virtual test pair are a high-risk program pair;

if one related application program in the two related application programs contained in the virtual test pair has an access authority, judging that the two related application programs contained in the virtual test pair are a high-risk program pair;

if the two related application programs contained in the virtual test pair do not have the authority access relation, judging that the two related application programs contained in the virtual test pair are not a high-risk program pair;

and if the two related application programs contained in the virtual test pair have authority access relations and the two authority access relations are different, judging that the two related application programs contained in the virtual test pair are suspected high-risk program pairs.

In a second aspect, an embodiment of the present application further provides an intelligent home permission control apparatus, which is applied to a server, where the server is in communication connection with a plurality of intelligent home devices, and the plurality of intelligent home devices are located in the same home scene, and the apparatus includes:

the virtualization module is used for virtualizing the authority control requests sent by the multiple intelligent home devices in a virtual control scene of the server, running each related application program of the related intelligent home device corresponding to the requested control authority in the virtual control scene according to the application program control information corresponding to the requested control authority of the authority control requests to acquire the authority control information of the authority calling channel of each related application program in the virtual control process, and respectively extracting the authority control results of the corresponding related application programs under the authority category items from the authority control information corresponding to each related application program;

the acquisition and division module is used for acquiring the authority control result of each related application program under each authority category item, respectively eliminating the non-privacy authority control results of the corresponding related application programs under each authority category item, to obtain the privacy authority control result of each related application program under each authority category item, and the privacy authority control result of each related application program under each authority category item is divided into the privacy authority control result of the corresponding related application program under the first authority category item and the privacy authority control result under the second authority category item, the first type of authority category item is used for representing an authority inflow control relation, and the second type of authority category item is used for representing an authority outflow control relation and an authority access relation;

the generation identification module is used for acquiring virtual items of corresponding related application programs under the authority category items contained in the first type of authority category items according to the privacy authority control result of each related application program under the first type of authority category items, generating corresponding virtual test models by taking each related application program as a first statistical parameter and taking the virtual item of the corresponding related application program under the authority category items contained in the first type of authority category items as a second statistical parameter, and identifying the virtual test models to acquire the virtual test result corresponding to each related application program;

the judging module is used for respectively judging whether the two related application programs contained in the corresponding virtual test pair are high-risk program pairs or not according to the privacy authority control results of the two related application programs contained in each virtual test pair under the second type of authority category items by taking every two related application programs as a virtual test pair aiming at the related application programs belonging to the same virtual test result;

and the forbidding module is used for forbidding an authority control channel between the related application programs in the two pieces of intelligent household equipment in the high-risk program pair if the two related application programs contained in the corresponding virtual test pair are the high-risk program pair.

In a third aspect, an embodiment of the present application further provides an intelligent home system, where the intelligent home system includes a server and multiple intelligent home devices in communication connection with the server, and the multiple intelligent home devices are in a same home scene;

the plurality of intelligent household devices are used for sending authority control requests to the server after being started;

the server is used for virtualizing the authority control requests sent by the multiple intelligent home devices in a virtual control scene of the server, running each related application program of the related intelligent home device corresponding to the requested control authority in the virtual control scene according to the application program control information corresponding to the requested control authority of the authority control requests to acquire the authority control information of the authority calling channel of each related application program in the virtual control process, and respectively extracting the authority control results of the corresponding related application programs in each authority category item from the authority control information corresponding to each related application program;

the server is used for respectively removing the non-privacy authority control results of the corresponding related application programs under the authority category items from the authority control results of the related application programs under the authority category items so as to obtain the privacy authority control results of the related application programs under the authority category items, and respectively dividing the privacy authority control results of the related application programs under the authority category items into the privacy authority control results of the related application programs under the first authority category items and the privacy authority control results under the second authority category items, wherein the first authority category items are used for representing authority inflow control relations, and the second authority category items are used for representing authority outflow control relations and authority access relations;

the server is used for acquiring virtual items of corresponding related application programs under the authority category items contained in the first type of authority category items according to the privacy authority control result of each related application program under the first type of authority category items, generating corresponding virtual test models by taking each related application program as a first statistical parameter and taking the virtual item of the corresponding related application program under the authority category items contained in the first type of authority category items as a second statistical parameter, and identifying the virtual test models to acquire the virtual test result corresponding to each related application program;

the server is used for regarding each related application program belonging to the same virtual test result, taking every two related application programs as a virtual test pair, and respectively judging whether the two related application programs contained in the corresponding virtual test pair are high-risk program pairs or not according to the privacy authority control result of the two related application programs contained in each virtual test pair under the second type of authority category items;

and if the two related application programs contained in the corresponding virtual test pair are high-risk program pairs, the server is used for forbidding an authority control channel between the related application programs in the two pieces of intelligent household equipment in the high-risk program pairs.

In a fourth aspect, an embodiment of the present application further provides a server, where the server includes a processor, a machine-readable storage medium, and a network interface, where the machine-readable storage medium, the network interface, and the processor are connected through a bus system, the network interface is used for being in communication connection with at least one smart home device, the machine-readable storage medium is used for storing a program, an instruction, or a code, and the processor is used for executing the program, the instruction, or the code in the machine-readable storage medium to perform the smart home permission control method in the first aspect or any one of possible designs in the first aspect.

In a fifth aspect, an embodiment of the present application provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed, the computer is caused to execute the smart home permission control method in the first aspect or any one of the possible designs of the first aspect.

According to any one of the aspects, the permission control requests sent by the intelligent home devices are virtualized to be subjected to virtual testing under the relevant virtual control scene before permission control is requested by the intelligent home devices, so that permission control behaviors of different relevant application programs are effectively determined, high-risk application program interaction combinations possibly having abnormal permission control are effectively screened out, the condition that part of private data is shared and used by the different intelligent home devices is further improved, and the safety of the private data is improved.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.

Fig. 1 is a schematic view of an application scenario of an intelligent home system provided in an embodiment of the present application;

fig. 2 is a schematic flow chart of a smart home permission control method provided in an embodiment of the present application;

fig. 3 is a schematic functional module diagram of an intelligent home permission control device according to an embodiment of the present application;

fig. 4 is a block diagram schematically illustrating a structure of a server for implementing the smart home permission control method according to the embodiment of the present application.

Detailed Description

The present application will now be described in detail with reference to the drawings, and the specific operations in the method embodiments may also be applied to the apparatus embodiments or the system embodiments.

Fig. 1 is an interaction diagram of an intelligent home system 10 according to an embodiment of the present application. The smart home system 10 may include a server 100 and smart home devices 200 connected to the server 100 through network communication, the smart home system 10 shown in fig. 1 is only one possible example, and in other possible embodiments, the smart home system 10 may also include only a part of the components shown in fig. 1 or may also include other components.

In this embodiment, the smart home device 200 may connect various devices (such as an audio/video device, a lighting system, a curtain control, an air conditioner control, a security system, a digital cinema system, an audio/video server, a film cabinet system, a network home appliance, etc.) in a home together through an internet of things technology, and provide multiple functions and means such as a home appliance control, a lighting control, a telephone remote control, an indoor and outdoor remote control, an anti-theft alarm, an environment monitoring, a heating and ventilation control, an infrared forwarding, a programmable timing control, etc. For example, the smart home device 200 may include a network refrigerator, a network air conditioner, a network washing machine, a network water heater, a network microwave oven, a network cooker, and the like, which are not particularly limited herein.

In order to solve the technical problem in the foregoing background art, fig. 2 is a schematic flow chart of an intelligent home permission control method provided in an embodiment of the present application, where the intelligent home permission control method provided in this embodiment may be executed by the server 100 shown in fig. 1, and the intelligent home permission control method is described in detail below.

Step S110, virtualizing the permission control requests sent by the multiple smart home devices 200 in a virtual control scene of the server 100, running each relevant application program of the relevant smart home device 200 corresponding to the requested control permission in the virtual control scene according to the application program control information corresponding to the permission control request to obtain the permission control information of the permission call channel of each relevant application program in the virtual control process, and extracting the permission control results of the corresponding relevant application program in each permission category item from the permission control information corresponding to each relevant application program.

In this embodiment, the smart home devices 200 may send, to the server 100, an authority control request for performing authority control with other smart home devices 200 in the scene when configuration is completed for the first time or a system software program is updated (for example, an operating system version is updated, etc.), so that the server 100 may virtualize the authority control requests sent by the plurality of smart home devices 200 in the virtual control scene of the server 100. The virtual control scenario may refer to a home scenario in which the server 100 builds an intelligent home in advance, and simulates permission control information of permission call channels of related application programs of the plurality of intelligent home devices 200 in a virtual control process in the home scenario, and permission control results of the corresponding related application programs under each permission category item are respectively extracted from the permission control information corresponding to each related application program.

Step S120, respectively eliminating the non-privacy authority control results of the corresponding related application programs under the authority category items from the authority control results of the related application programs under the authority category items to obtain the privacy authority control results of the related application programs under the authority category items, and respectively dividing the privacy authority control results of the related application programs under the authority category items into the privacy authority control results of the related application programs under the first authority category items and the privacy authority control results under the second authority category items.

In this embodiment, the first type of permission category item may be used to characterize a permission inflow control relationship (i.e., a control relationship when permission flows into and is open to another application), and the second type of permission category item is used to characterize a permission outflow control relationship (i.e., a control relationship when permission flows out to another application) and a permission access relationship (i.e., a configuration relationship when an access interface is called).

Step S130, according to the privacy authority control result of each related application program under the first type authority category item, obtaining the virtual item of the corresponding related application program under each authority category item contained in the first type authority category item, taking each related application program as a first statistical parameter, taking the virtual item of the corresponding related application program under each authority category item contained in the first type authority category item as a second statistical parameter, generating a corresponding virtual test model, and identifying the virtual test model to obtain the virtual test result corresponding to each related application program.

For example, the first statistical parameter may be used as a statistical unit row, the second statistical parameter may be used as specific data in the corresponding statistical unit row, and a corresponding virtual test model used for representing the mapping relationship between the first statistical parameter and the corresponding second statistical parameter is generated according to the mapping relationship between the specific data in the statistical unit row and the specific data in the statistical unit row, so as to identify the virtual test model to obtain a virtual test result corresponding to each related application, where the virtual test result may represent a mapping characteristic of the mapping relationship between the specific data in each statistical unit row and the specific data in the statistical unit row.

Step S140, regarding each related application program belonging to the same virtual test result, taking every two related application programs as a virtual test pair, and respectively determining whether two related application programs included in the corresponding virtual test pair are high-risk program pairs according to the privacy permission control results of the two related application programs included in each virtual test pair under the second type permission category items.

Step S150, if the two related applications included in the corresponding virtual test pair are high-risk pairs, disabling the right control channel between the related applications in the two smart home devices 200 in the high-risk pairs.

Based on the above design, in this embodiment, the permission control requests sent by the multiple smart home devices 200 are virtualized to perform virtual tests in the relevant virtual control scenarios before requesting permission control for the smart home devices 200, so that permission control behaviors of different relevant application programs are effectively determined, high-risk application program interaction combinations possibly having abnormal permission control are effectively screened out, the situation that a part of private data is shared and used by different smart home devices 200 is further improved, and the security of the private data is improved.

In a possible design, for step S110, the present embodiment may establish service-associated permission information of the permission control request according to the service content request information of the permission control service of the permission control request by the multiple smart home devices 200.

It should be noted that the service-related permission information may be used to reflect permission expression information in the permission control request during permission control, for example, an on state or an off state during permission expression or an intelligent identification state (for example, the on or off state is determined through intelligent identification).

On the basis, the service associated authority information of the authority control service of the authority control request can be monitored according to the authority monitoring model corresponding to the requested control authority, the application program control information of the authority control request corresponding to the requested control authority is obtained, then the authority calling channel information of the authority control request is determined according to the application program control information of the authority control request, and each related application program is operated according to the authority calling channel information to obtain the authority control information of the authority calling channel of each related application program in the virtual control process.

For example, in the process of establishing service associated authority information of an authority control request according to service content request information of an authority control service of the authority control request by a plurality of smart home devices 200, a first service content feature of each service content in the service content request information may be obtained, where the first service content feature is used to represent content identification authority information of the service content. Then, the first service content characteristic is subjected to characteristic identification, first service access characteristic information and access authorization characteristic information corresponding to the first service access characteristic information are obtained, first service request script information and service interaction information of the service content are obtained at the same time, service request control information of the first service request script information is extracted, and the service request control information of the first service request script information comprises a designated service control instruction. And then, acquiring the appointed service control instruction of the preset historical service content, and adjusting the appointed service control instruction of the first service request script information according to the appointed service control instruction so that a virtual control strategy between the appointed service control instructions in the first service request script information is matched with a virtual control strategy between the appointed service control instructions in the preset historical service content.

Next, the service request control information of the second service request script information may be obtained according to each adjusted specified service control instruction in the first service request script information, and the second service request script information may be generated according to the service request control information of the second service request script information.

Then, according to the service request control information of the service interaction information and the second service request script information, the access authorization characteristic information matched with the service interaction information and the first service access characteristic information corresponding to the access authorization characteristic information can be searched and obtained, according to the service request control information of the second service request script information, the first service access characteristic information corresponding to the access authorization characteristic information is adjusted, the second service access characteristic information is obtained, and therefore the second service access characteristic information and the second service request script information are subjected to mapping association processing to establish service association authority information of the authority control request.

In a possible design, in the process of determining the permission call channel information of the permission control request according to the application program control information of the permission control request, the server 100 may further pre-configure a permission rule tree of the requested control permission, and a virtual control service interval and a virtual control extension interval corresponding to a plurality of permission rule nodes in the permission rule tree, respectively.

In this embodiment, in a virtual control service interval corresponding to at least part of authority rule nodes designated in a plurality of authority rule nodes, a virtual control level and a virtual control duration corresponding to authority rule operation information at a current virtual control rule operation information position in the designated authority rule nodes may be calculated.

Then, according to the virtual control level and the virtual control duration corresponding to the authority rule operation information at the current virtual control rule operation information position, respectively determining a virtual control level model and a virtual control duration model corresponding to the specified authority rule node, then determining a virtual control level peak of the virtual control level model and a virtual control duration peak of the virtual control duration model, calculating a virtual control proportion at a sample point in the virtual control level model before the virtual control level peak, and calculating a time proportion at the sample point in the virtual control duration model before the virtual control duration peak. And the virtual control proportion or the time proportion respectively corresponds to the sampling points one by one.

Then, the permission calling channel of the sampling point corresponding to the ratio with the maximum slope in the multiple virtual control ratios and the multiple time ratios can be used as the permission calling channel of the specified permission rule node, and the virtual control type corresponding to the specified permission calling channel is determined based on the virtual control extension intervals respectively corresponding to the multiple permission rule nodes.

When the virtual control type corresponding to the appointed authority calling channel is in the range of the preset virtual control type, the appointed authority calling channel is added into the first authority calling channel set, and then the virtual control extension intervals respectively corresponding to the plurality of first authority calling channels in the first authority calling channel set are obtained from the virtual control extension intervals respectively corresponding to the plurality of authority rule nodes. The authority rule nodes, the authority calling channels, the virtual control extension intervals and the virtual control types correspond to one another.

For another example, when the absolute value of the difference between the parameter values of the virtual control types corresponding to the first authority invoking channels of the two associated authority invoking channels in the first authority invoking channel set is smaller than the preset speed threshold, the channel positions corresponding to the first authority invoking channels of the two associated authority invoking channels respectively are used as the same channel position, the set formed by the first authority invoking channels belonging to the same channel position is used as a first authority invoking channel subset, and a plurality of first authority invoking channel subsets in the first authority invoking channel set are obtained.

Then, fitting processing can be performed on the virtual control extension intervals and the virtual control types corresponding to the first permission calling channels of the plurality of first permission calling channel subsets respectively to obtain a plurality of virtual control fitting parameters, and common parameters between two associated virtual control fitting parameters in the plurality of virtual control fitting parameters are determined respectively.

For example, when the absolute value of the difference between the virtual control type corresponding to the common parameter and the parameter value of the virtual control type corresponding to the designated associated common parameter is smaller than the preset threshold, the permission calling channel corresponding to the common parameter is used as a new first permission calling channel to obtain a new first permission calling channel set, and a plurality of new virtual control fitting parameters corresponding to the new first permission calling channel set are generated. And the virtual control type corresponding to the specified associated common parameter represents the virtual control type corresponding to the first authority calling channel of the authority calling channel associated with the authority calling channel corresponding to the common parameter.

On the basis, target virtual control sections corresponding to the plurality of authority rule nodes are determined according to the plurality of new virtual control fitting parameters (for example, the target virtual control sections corresponding to the plurality of authority rule nodes are determined according to the overlapping sections of the sections in the plurality of new virtual control fitting parameters), and for the authority rule nodes appointed in the plurality of authority rule nodes, first appointed authority rule operation information in the target virtual control sections corresponding to the appointed authority rule nodes in the appointed authority rule nodes is obtained.

Then, feature vectors of the first virtual control rule operation information corresponding to the plurality of sampling points in the first specified authority rule operation information respectively can be further calculated, and an authority calling channel of the sampling point corresponding to the feature vector of the first virtual control rule operation information with the largest value in the feature vectors of the plurality of first virtual control rule operation information is used as a second authority calling channel of the specified authority rule node.

And then, determining a second authority calling channel set based on a second authority calling channel of the appointed authority rule node, when the absolute value of the overlapping range between the authority calling channels of the associated authority rule nodes in the second authority calling channel set is larger than or equal to a preset threshold, generating a new target virtual control interval and a new second authority calling channel set corresponding to the plurality of authority rule nodes until the absolute value of the overlapping range between the authority calling channels of the associated authority rule nodes in the new second authority calling channel set is smaller than the preset threshold or the iteration number is equal to the preset iteration number, and taking the new second authority calling channel set as the second authority calling channel set of the authority rule tree again.

Then, final virtual control intervals corresponding to the plurality of authority rule nodes respectively can be determined based on the second authority calling channel set, and a target authority calling channel set of the plurality of authority rule nodes is determined based on the final virtual control intervals, so that authority calling channel information of the authority control request is determined.

In one possible design, in the process of operating each related application program according to the authority calling channel information to obtain the authority control information of the authority calling channel of each related application program in the virtual control process, the authority calling channel can be called according to the authority calling channel information to access the corresponding virtual control process, each related application program is operated through the virtual control process, and then the authority control entity parameter corresponding to the authority control attribute label of each related application program is determined according to the authority control attribute labels of different authority control types called for each related application program, wherein the authority control attribute labels of different authority control types respectively correspond to different authority control entity parameters.

On this basis, label node data of different authority control attribute labels of each related application program can be determined, and according to the label node data, a first entity set of at least two identical authority control entities in the corresponding plurality of authority control entities and at least one second entity set with calling times larger than preset times in the remaining authority control entities are obtained. Therefore, the authority control thread for determining the authority control information of the authority calling channel can be generated according to the entity set which is selected from the first entity set and has the calling times larger than the set times and serves as the target entity set and at least one second entity set. The authority control thread may include a target entity set and at least one second entity set.

And then, respectively determining the authority control information of the authority calling channel of each related application program in the virtual control process according to the authority control thread. For example, the authority control attribute tag corresponding to each target authority control entity in the target entity set and the at least one second entity set may be determined according to the authority control thread, and the authority control information of the authority calling channel of each related application program in the virtual control process may be determined according to the authority control attribute tag corresponding to each target authority control entity, that is, the authority control information of the authority calling channel of each related application program in the virtual control process may include the authority control attribute tag corresponding to each target authority control entity.

In a possible design, for step S140, the present embodiment may calculate, for two related applications included in each virtual test pair, a privacy security degree between permission outflow control relationships respectively corresponding to the two related applications included in the virtual test pair, then determine whether the privacy security degree is greater than or equal to a preset privacy security degree, determine that the virtual test pair includes two related applications is a high-risk program pair if the privacy security degree is greater than or equal to the preset privacy security degree and it is determined that the permission access relationships respectively corresponding to the two related applications included in the virtual test pair match, and otherwise determine that the virtual test pair includes two related applications not is a high-risk program pair.

For example, in detail, if the two related applications included in the virtual test have an access relationship of authority, and the two access relationships of authority are the same, it is determined that the two related applications included in the virtual test are a high-risk program pair.

For another example, if the virtual test has an authorized access relationship with respect to one of the two related applications, it is determined that the virtual test is a high-risk program pair with respect to the two related applications.

For another example, if the virtual test does not have an access right relationship with respect to the two related applications included in the virtual test pair, it is determined that the two related applications included in the virtual test pair are not a high-risk program pair.

For another example, if the two related applications included in the virtual test have an access right relationship and the two access rights relationships are different, it is determined that the two related applications included in the virtual test are a suspected high-risk program pair.

Therefore, if two related application programs included in the corresponding virtual test pair are high-risk program pairs, the permission control channels between the related application programs in the two pieces of intelligent home equipment 200 in the high-risk program pairs can be disabled, and the permission control requests sent by the multiple pieces of intelligent home equipment 200 are virtualized to be subjected to virtual tests in related virtual control scenes before the intelligent home equipment 200 requests permission control, so that permission control behaviors of different related application programs are effectively determined, interactive combinations of the high-risk application programs which are possibly subjected to abnormal permission control are effectively screened out, the condition that a part of private data is shared and used by different pieces of intelligent home equipment 200 is further improved, and the safety of the private data is improved.

Fig. 3 is a schematic functional module diagram of an intelligent home permission control device 300 according to an embodiment of the present application, where the embodiment may divide the functional modules of the intelligent home permission control device 300 according to the foregoing method embodiment. For example, the functional blocks may be divided for the respective functions, or two or more functions may be integrated into one processing block. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. It should be noted that, the division of the modules in the present application is schematic, and is only a logical function division, and there may be another division manner in actual implementation. For example, in the case of dividing each function module according to each function, the smart home permission control device 300 shown in fig. 3 is only a schematic device diagram. The smart home permission control apparatus 300 may include a virtualization module 310, an obtaining and dividing module 320, a generation and identification module 330, a determination module 340, and a disabling module 350, where functions of each functional module of the smart home permission control apparatus 300 are described in detail below.

The virtualization module 310 is configured to virtualize the permission control requests sent by the multiple smart home devices 200 in a virtual control scene of the server 100, run each relevant application program of the relevant smart home devices 200 corresponding to the requested control permission in the virtual control scene according to the application program control information corresponding to the requested control permission of the permission control request, so as to obtain permission control information of a permission call channel of each relevant application program in the virtual control process, and extract permission control results of the corresponding relevant application program in each permission category item from the permission control information corresponding to each relevant application program.

The obtaining and dividing module 320 is configured to respectively remove the non-privacy permission control results of the corresponding related application under each permission category item from the permission control results of each related application under each permission category item, to obtain the privacy permission control results of each related application under each permission category item, and respectively divide the privacy permission control results of each related application under each permission category item into the privacy permission control results of the corresponding related application under the first permission category item and the privacy permission control results under the second permission category items, where the first permission category item is used to represent a permission inflow control relationship, and the second permission category item is used to represent a permission outflow control relationship and a permission access relationship.

The generation identification module 330 is configured to obtain, according to the privacy permission control result of each related application under the first type permission category item, a virtual item of the corresponding related application under each permission category item included in the first type permission category item, generate a corresponding virtual test model with each related application as a first statistical parameter and a virtual item of the corresponding related application under each permission category item included in the first type permission category item as a second statistical parameter, and identify the virtual test model to obtain a virtual test result corresponding to each related application.

The determining module 340 is configured to, for each related application program belonging to the same virtual test result, regard every two related application programs as a virtual test pair, and respectively determine whether two related application programs included in the corresponding virtual test pair are a high-risk program pair according to the privacy permission control result of the two related application programs included in each virtual test pair under the second type permission category item.

And a disabling module 350, configured to disable the right control channel between the relevant applications in the two smart home devices 200 in the subsequent high-risk program pair if the two relevant applications included in the corresponding virtual test pair are the high-risk program pair.

Further, fig. 4 is a schematic structural diagram of a server 100 for executing the smart home permission control method according to the embodiment of the present application. As shown in FIG. 4, the server 100 may include a network interface 110, a machine-readable storage medium 120, a processor 130, and a bus 140. The processor 130 may be one or more, and one processor 130 is illustrated in fig. 4 as an example. The network interface 110, the machine-readable storage medium 120, and the processor 130 may be connected by a bus 140 or otherwise, as exemplified by the connection by the bus 140 in fig. 4.

The machine-readable storage medium 120 is used as a computer-readable storage medium, and can be used to store software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the smart home permission control method in the embodiment of the present application (for example, the virtualization module 310, the obtaining and dividing module 320, the generation and identification module 330, the judgment module 340, and the disabling module 350 of the smart home permission control apparatus 300 shown in fig. 3). The processor 130 executes various functional applications and data processing of the terminal device by detecting software programs, instructions and modules stored in the machine-readable storage medium 120, that is, the above-mentioned smart home permission control method is implemented, and details are not described herein.

The machine-readable storage medium 120 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the machine-readable storage medium 120 may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The non-volatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash Memory. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of example, but not limitation, many forms of RAM are available, such as Static random access memory (Static RAM, SRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic random access memory (Synchronous DRAM, SDRAM), Double Data rate Synchronous Dynamic random access memory (DDR SDRAM), Enhanced Synchronous SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), and direct memory bus RAM (DR RAM). It should be noted that the memories of the systems and methods described herein are intended to comprise, without being limited to, these and any other suitable memory of a publishing node. In some examples, the machine-readable storage medium 120 may further include memory located remotely from the processor 130, which may be connected to the server 100 over a network. Examples of such networks include, but are not limited to, the internet, a content intranet, a local area network, a mobile communications network, and pairs thereof.

The processor 130 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method embodiments may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 130. The processor 130 may be a general-purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, or discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly embodied as the execution of the hardware decoding processor, or may be implemented by using hardware and software modules in the decoding processor.

The server 100 may perform information interaction with other devices (e.g., the smart home device 200) through the network interface 110. Network interface 110 may be a circuit, bus, transceiver, or any other device that may be used to exchange information. Processor 130 may send and receive information using network interface 110.

In the above embodiments, the implementation may be wholly or partially implemented by software, hardware, firmware, or any pair thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.

Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

It will be apparent to those skilled in the art that various changes and modifications may be made in the embodiments of the present application without departing from the spirit and scope of the application. Thus, to the extent that such expressions and modifications of the embodiments of the application fall within the scope of the claims and their equivalents, the application is intended to embrace such alterations and modifications.

Claims

1. The intelligent home permission control method is applied to a server, the server is in communication connection with a plurality of intelligent home devices, the intelligent home devices are located in the same home scene, and the method comprises the following steps:

2. The smart home permission control method according to claim 1, wherein the step of operating, in the virtual control scenario, the relevant application program of each relevant smart home device corresponding to the requested control permission according to the application program control information corresponding to the permission control request for the requested control permission to obtain the permission control information of the permission call channel of each relevant application program in the virtual control process includes:

3. The smart home permission control method according to claim 2, wherein the step of establishing service-associated permission information of the permission control request according to service content request information of the permission control service of the permission control request by the plurality of smart home devices comprises:

4. The smart home permission control method according to claim 2, wherein the step of running each relevant application program according to the permission call channel information to obtain permission control information of a permission call channel of each relevant application program in a virtual control process includes:

5. The smart home permission control method according to claim 4, wherein the step of determining permission control information of a permission call channel of each relevant application program in a virtual control process according to the permission control thread comprises:

6. The smart home permission control method according to any one of claims 1 to 5, wherein the step of respectively judging whether two related applications included in each virtual test pair are high-risk program pairs according to the privacy permission control results of the two related applications included in each virtual test pair under the second-class permission category items comprises:

7. The smart home permission control method according to claim 6, wherein the step of determining that the two related applications included in the virtual test pair are high-risk pairs when it is determined that the permission access relationships respectively corresponding to the two related applications included in the virtual test pair match each other includes:

8. The utility model provides an intelligent home permission control device, its characterized in that is applied to the server, server and a plurality of intelligent home equipment communication connection, a plurality of intelligent home equipment are in same family's scene, the device includes:

9. The intelligent home system is characterized by comprising a server and a plurality of intelligent home devices in communication connection with the server, wherein the intelligent home devices are in the same home scene;

10. A server, characterized in that the server comprises a processor, a machine-readable storage medium and a network interface, the machine-readable storage medium, the network interface and the processor are connected through a bus system, the network interface is used for being in communication connection with at least one smart home device, the machine-readable storage medium is used for storing programs, instructions or codes, and the processor is used for executing the programs, instructions or codes in the machine-readable storage medium to execute the smart home permission control method according to any one of claims 1 to 7.