CN111625811A - Data authorization method and device - Google Patents

Data authorization method and device Download PDF

Info

Publication number
CN111625811A
CN111625811A CN202010482656.7A CN202010482656A CN111625811A CN 111625811 A CN111625811 A CN 111625811A CN 202010482656 A CN202010482656 A CN 202010482656A CN 111625811 A CN111625811 A CN 111625811A
Authority
CN
China
Prior art keywords
data
identifier
target application
acquisition request
application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010482656.7A
Other languages
Chinese (zh)
Inventor
张欢韵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Digital Finance Ltd
Original Assignee
Digital Finance Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Digital Finance Ltd filed Critical Digital Finance Ltd
Priority to CN202010482656.7A priority Critical patent/CN111625811A/en
Publication of CN111625811A publication Critical patent/CN111625811A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the invention discloses a data authorization method and a device, wherein the data authorization method comprises the following steps: the method comprises the steps that a system security component acquires a data acquisition request of a target application, wherein the data acquisition request comprises an application identifier of the target application; acquiring the application process state of the target application according to the application identifier; determining a data identifier matched with the data acquisition request according to the application process state, wherein the data identifier comprises a real data identifier or a false data identifier; and returning real data or false data corresponding to the data identification to the target application through the operating system. By adopting the method, the sensitive privacy information of the user can be effectively protected when the data authorization is carried out on the application.

Description

Data authorization method and device
Technical Field
The present invention relates to the field of computer applications, and in particular, to a data authorization method, an apparatus, a terminal device, and a readable storage medium.
Background
The authority is an access control mechanism built in an operating system, and the operating system can control access and use of application programs (hereinafter referred to as applications) in the operating system to system resources and user information through the authority. Generally, an application requests various permissions to support the application operation when running or installing, and if a user rejects the authorization of the permission, the application may not be normally used, but if the user confirms the authorization of the permission, privacy of the user may be leaked, for example, an address book, a short message, a call record, a photo and the like are illegally acquired by others, and the like, so that the legitimate rights and interests of the user are seriously damaged.
Therefore, how to protect the sensitive privacy information of the user when authorizing the application is a problem to be solved urgently.
Disclosure of Invention
The embodiment of the invention provides a data authorization method, a data authorization device, terminal equipment and a readable storage medium.
In a first aspect, an embodiment of the present invention provides a data authorization method, where the method is applied to a system security component running in an operating system of a terminal device, and the method includes:
acquiring a data acquisition request of a target application, wherein the data acquisition request comprises an application identifier of the target application;
acquiring an application process state of the target application according to the application identifier;
determining a data identifier matched with the data acquisition request according to the application process state, wherein the data identifier comprises a real data identifier or a false data identifier;
and returning real data or false data corresponding to the data identification to the target application through the operating system.
In a second aspect, an embodiment of the present invention provides a data authorization method, where the method is applied to an operating system of a terminal device, where a system security component runs in the operating system, and the method includes:
receiving a data acquisition request sent by a target application;
sending a broadcast message to the system security component, wherein the broadcast message comprises a data acquisition request of a target application to instruct the system security component to respond to the data acquisition request and determine a data identifier matched with the data acquisition request according to an application process state of the target application, wherein the data identifier comprises a real data identifier or a false data identifier;
receiving a data identifier sent by the system security component;
and returning real data or false data corresponding to the data identification to the target application.
In a third aspect, an embodiment of the present invention provides a data authorization apparatus, where the apparatus is deployed in a system security component running in an operating system of a terminal device, and the apparatus includes:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring a data acquisition request of a target application, and the data acquisition request comprises an application identifier of the target application;
the obtaining module is further configured to obtain an application process state of the target application according to the application identifier;
the processing module is used for determining a data identifier matched with the data acquisition request according to the application process state, wherein the data identifier comprises a real data identifier or a false data identifier;
and the output module is used for returning real data or false data corresponding to the data identification to the target application through the operating system.
In a fourth aspect, an embodiment of the present invention provides a data authorization apparatus, where the apparatus is deployed in an operating system of a terminal device, where a system security component runs in the operating system, and the apparatus includes:
the acquisition module is used for receiving a data acquisition request sent by a target application;
an output module, configured to send a broadcast message to the system security component, where the broadcast message includes a data acquisition request of a target application, so as to instruct the system security component to determine, in response to the data acquisition request, a data identifier matching the data acquisition request according to an application process state of the target application, where the data identifier includes a real data identifier or a false data identifier;
the acquisition module is further used for receiving the data identifier sent by the system security component;
the output module is further configured to return real data or false data corresponding to the data identifier to the target application.
In a fifth aspect, an embodiment of the present invention provides a terminal device, where the terminal device includes an input device and an output device, and the terminal device further includes a processor, and is adapted to implement one or more instructions, where the one or more instructions are adapted to be loaded by the processor and execute the data authorization method according to the first aspect or the second aspect.
In a sixth aspect, an embodiment of the present invention provides a computer-readable storage medium, which stores instructions that, when executed on a computer, cause the computer to perform the data authorization method according to the first aspect or the second aspect.
In an embodiment of the application, a system security component obtains a data obtaining request of a target application, where the data obtaining request includes an application identifier of the target application, and further, the system security component may obtain an application process state of the target application according to the application identifier, and determine a data identifier matched with the data obtaining request according to the application process state, where the data identifier includes a real data identifier or a false data identifier, and then the system security component may return real data or false data corresponding to the data identifier to the target application through the operating system. Under the condition that a user rejects a data acquisition request of a target application or causes the target application to be incapable of normally operating, the system security component can ensure the normal operation of the target application in a mode of returning false data (or simulation data) to the target application, and meanwhile, the privacy of the user is prevented from being revealed or illegally acquired.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flow chart of a data authorization method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a prompt message according to an embodiment of the present invention;
FIG. 3 is a flow chart of another data authorization method provided by the embodiment of the invention;
FIG. 4 is a flow chart illustrating a further data authorization method according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a data authorization apparatus according to an embodiment of the present invention;
FIG. 6 is a schematic structural diagram of another data authorization apparatus provided in the embodiment of the present invention;
fig. 7 is a schematic structural diagram of a terminal device according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of another terminal device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The application may not normally operate due to refusal of the operation permission acquisition request of the application by the user, and privacy disclosure of the user may be caused by confirmation of authorization of the operation permission acquisition request of the application, for example, an address book, a short message, a call record, a photo and the like are illegally acquired by others, and the legitimate rights and interests of the user are seriously damaged by such cases. In the application, when monitoring that the target application initiates a data acquisition request, the system security component can ensure the normal operation of the target application by returning false data (or analog data) to the target application, and meanwhile, the user privacy is prevented from being revealed or illegally acquired.
The system security component mentioned in the technical solution of the present application may be applied to a terminal device, where the terminal device includes, but is not limited to, a mobile phone, a tablet computer, a notebook computer, a desktop computer, and other terminals.
Referring to fig. 1, a flow chart of a data authorization method according to an embodiment of the present invention is shown, where the method is applied to a system security component running in an operating system of a terminal device, and the data authorization method includes the following steps:
s101: and acquiring a data acquisition request of the target application, wherein the data acquisition request comprises an application identifier of the target application.
The data acquisition request refers to one or more of address list information, photo information, a calling equipment camera, a calling equipment microphone, position information, short message information and the like of the terminal equipment. The application identifier may be a character string such as an application name or an application identifier that can identify the unique application.
The system security component monitors each application of the terminal equipment, determines the application as a target application when monitoring a data acquisition request sent by the application, and acquires the data acquisition request to obtain an application identifier of the target application.
In one embodiment, the system security component may receive a broadcast message sent by an operating system of the terminal device after receiving a data acquisition request of a target application, wherein the broadcast message includes the data acquisition request of the target application, and the data acquisition request includes an application identification of the target application.
Illustratively, the operating system runs a target application and a system security component, and after receiving a data acquisition request of the target application, the operating system generates broadcast information including the data acquisition request and sends the broadcast information to the system security component. The system security component receives the broadcast information, and can obtain a data acquisition request of a target application from the broadcast information.
S102: and acquiring the application process state of the target application according to the application identifier.
The application process state refers to that the application is in foreground running or background running in the operating system.
When the system security component monitors the data acquisition request, the application identifier of the current foreground running application of the system can be acquired, the application identifier of the foreground running application is matched with the application identifier of the target application, and if the matching is successful, the application process state of the target application is foreground running; and if the matching is unsuccessful, the application process state of the target application is background operation.
Or when the system security component monitors the data acquisition request, acquiring a background running application process list of the current system, wherein the background running application process list comprises application identifications of all background running applications. And traversing the background running application process list by the system security component, matching the application identification of each background running application with the application identification of the target application, wherein if the matching is successful, the application process state of the target application is the background running, and otherwise, the application process state of the target application is the foreground running.
S103: and determining a data identifier matched with the data acquisition request according to the application process state, wherein the data identifier comprises a real data identifier or a false data identifier.
And the system security component determines a data identifier matched with the data type requested in the data acquisition request according to the application process state. The data identification matched with the data acquisition request refers to a data identification matched with the data type requested in the data acquisition request, wherein the data type is one or more of address book information, position information, album information, short message information and the like. For example, the type of the data requested to be acquired in the data acquisition request is address book information, and in this case, the data identifier matched with the data acquisition request is an address book real information identifier or an address book false information identifier.
In one embodiment, before the system security component determines the data identifier matching the data acquisition request according to the application process state, the system security component may further obtain operation authority information of the target application according to the application identifier, and determine whether the target application has the data acquisition authority according to the operation authority information. And if not, determining the data identifier matched with the data acquisition request according to the application process state.
If so, the system security component may determine that the data identifier matching the data acquisition request is a real data identifier. In this way, when the target application has the operation authority information corresponding to the data acquisition request, the data identifier matched with the data acquisition request is determined to be the real data identifier, so that the computational complexity of the system security component is reduced.
For example, after acquiring a data acquisition request of a target application a for address book information, the system security component acquires operation authority information of the target application a according to an application identifier of the target application a included in the data acquisition request, and further, the system security component may determine whether the target application a has an operation authority to acquire address book information of a terminal device according to the operation authority information. If so, determining the real data identifier of the address book as a data identifier matched with the data acquisition request; if not, the system security component determines a data identifier matched with the data acquisition request according to the application process state of the target application A.
Optionally, the operation permission information includes an authorized effective duration, the system security component detects whether the authorized effective duration is reached after acquiring the permission operation information of the target application, and if so, determines a data identifier matched with the data acquisition request according to the application process state. If not, the system security component may determine that the data identifier matching the data acquisition request is a real data identifier.
In one embodiment, the application process state is foreground operation or background operation, and the system security component determines that the data identifier matched with the data acquisition request is a false data identifier when the application process state of the target application is background operation; and under the condition that the application process state is foreground operation, the system security component outputs a prompt message aiming at the data acquisition request. And if receiving a confirmation operation input by the user aiming at the prompt message, determining that the data identifier matched with the data acquisition request is a real data identifier.
Optionally, if the system security component does not receive a confirmation operation of the user for the prompt information input within the preset time length, or receives a rejection operation of the user for the prompt information input, it is determined that the data identifier matched with the data acquisition request is a false data identifier. The preset duration is measured and calculated by developers according to experimental data, and can be correspondingly adjusted according to a specific application scene, which is not specifically limited herein.
Illustratively, the preset time duration is 1 minute, the target application a and the target application B both send data acquisition requests for acquiring address book information, and the system security component acquires the application process states of the target application a and the target application B according to the application identifiers of the target application a and the target application B, respectively. If the application process state of the target application a acquired by the system security component is background operation, the system security component may determine that the address book false information identifier is a data identifier matched with the data acquisition request of the target application a. If the application process state of the target application B acquired by the system security component is foreground operation, the system security component outputs a prompt message for the data acquisition request of the target application B as shown in fig. 2 to prompt the user that the target application B requests to acquire address book information, and if the user inputs a confirmation operation for the prompt message, the system security component may determine that the address book real information identifier is a data identifier matched with the data acquisition request of the target application B. If the user inputs a confirmation operation or a denial operation for the prompt within 1 minute of the prompt output by the system security component, the system security component may determine that the address book false information identifier is a data identifier matching the data acquisition request of the target application B.
S104: and returning real data or false data corresponding to the data identification to the target application through the operating system.
And the system security component determines real data or false data corresponding to the data identification in the operating system according to the determined data identification matched with the data acquisition request, and returns the real data or the false data corresponding to the data identification to the target application through the operating system.
In one embodiment, the system security component may send the aforementioned data identification to the operating system, so that the operating system obtains real data or false data corresponding to the data identification and returns the real data or false data to the target application.
For example, if the data identifier determined by the system security component and matching the data acquisition request is the address book real data identifier, the system security component sends a notification message containing the address book real data identifier to the operating system, so that after receiving the notification message, the operating system acquires the address book real data corresponding to the address book real data identifier from the database and returns the address book real data to the target application.
In one embodiment, before the system security component returns the data identification corresponding to the real data or the false data to the target application through the operating system, the system security component may further generate false data of at least one data type and send the false data to the operating system, so that the operating system performs a storage operation on the false data. The data type is one or more of address book information, position information, album information, short message information and the like.
Illustratively, when the data types are address book information, position information and album information, the system security component generates false data according to the data format of each data type, wherein the data format of the address book information is 11 digits, the data format of the position information is a combination of provincial names, city names and district names, and the data format of the album information is a postfix picture file with jpg. And after generating false data comprising false address book information, false position information and false album information, the system security component sends the false data to the operating system so that the operating system performs storage operation on the false data.
In an embodiment of the application, a system security component obtains a data obtaining request of a target application, where the data obtaining request includes an application identifier of the target application, and further, the system security component may obtain an application process state of the target application according to the application identifier, and determine a data identifier matched with the data obtaining request according to the application process state, where the data identifier includes a real data identifier or a false data identifier, and then the system security component may return real data or false data corresponding to the data identifier to the target application through the operating system. Under the condition that a user rejects a data acquisition request of a target application or causes the target application to be incapable of normally operating, the system security component can ensure the normal operation of the target application in a mode of returning false data (or simulation data) to the target application, and meanwhile, the privacy of the user is prevented from being revealed or illegally acquired.
Fig. 3 is a schematic flow chart of another data authorization method according to an embodiment of the present invention, where the method is applied to an operating system of a terminal device, and a system security component is run in the operating system, and the data authorization method includes the following steps:
s301: and receiving a data acquisition request sent by the target application.
When the operating system monitors a data acquisition request sent by an application running in the operating system, the application is determined as a target application, and the data acquisition request is received.
The data acquisition request is one or more of address list information, photo information, a calling equipment camera, a calling equipment microphone, position information, short message information and the like of the terminal equipment.
S302: and sending broadcast information to the system security component, wherein the broadcast information comprises a data acquisition request of the target application to instruct the system security component to respond to the data acquisition request and determine a data identifier matched with the data acquisition request according to the application process state of the target application, wherein the data identifier comprises a real data identifier or a false data identifier.
The operating system may generate broadcast information according to the application identifier of the target application included in the data acquisition request and the data type requested to be acquired, and send the broadcast information to the system security component. And after receiving the broadcast information sent by the operating system, the system security component acquires the application process state of the target application according to the application identifier of the target application, and determines the data identifier matched with the data type requested to be acquired in the data acquisition request according to the application process state.
S303: and receiving the data identification sent by the system security component.
And the operating system receives the data identifier sent by the system security component and acquires data information corresponding to the data identifier from a database (or a storage hard disk) according to the data identifier. For example, when the data identifier sent by the system security component is the address book false data identifier, the operating system obtains the address book false data from the database (or the storage hard disk).
S304: and returning the corresponding real data or false data of the data identification to the target application.
The operating system acquires data information (real data or false data) corresponding to the data identifier from a database (or a storage hard disk) according to the data identifier, and returns the real data or the false data to the target application according to the application identifier of the target application contained in the data acquisition request.
In the embodiment of the application, the operating system receives a data acquisition request sent by a target application, and sends a broadcast message to the system security component, wherein the broadcast message includes the data acquisition request of the target application to instruct the system security component to determine a data identifier (a real data identifier or a false data identifier) matching the data acquisition request according to an application process state of the target application in response to the data acquisition request. Further, the operating system can receive the data identification sent by the system security component and return real data or false data corresponding to the data identification to the target application. By the data authorization method, the data is stored by the operating system and is directly returned to the target application by the operating system, the situation that other applications forward the acquired data is avoided, and the security of the data in the data authorization process is improved.
Please refer to fig. 4, which is a flowchart illustrating a data authorization method according to another embodiment of the present invention, where the method is applied to a terminal device, and the data authorization method includes the following steps:
s401: and the operating system receives a data acquisition request sent by the target application.
S402: the operating system sends a broadcast message to the system security component, wherein the broadcast message includes a data acquisition request of the target application.
The specific implementation of steps S401 to S402 can refer to the specific implementation of steps S301 to S302 in the foregoing embodiments, and redundant description is omitted here.
S403: the system security component obtains a data obtaining request of a target application, wherein the data obtaining request comprises an application identification of the target application.
S404: and the system security component acquires the application process state of the target application according to the application identifier.
S405: and the system security component determines a data identifier matched with the data acquisition request according to the application process state, wherein the data identifier comprises a real data identifier or a false data identifier.
The specific implementation of steps S403 to S405 may refer to the specific implementation of steps S101 to S103 in the foregoing embodiments, and redundant description is omitted here.
S406: the operating system receives the data identification sent by the system security component.
S407: the operating system returns the real data or the false data corresponding to the data identification to the target application.
The specific implementation of steps S406 to S407 can refer to the specific implementation of steps S303 to S304 in the foregoing embodiments, and redundant description is omitted here.
In the embodiment of the application, the operating system receives a data acquisition request sent by a target application and sends a broadcast message to the system security component, wherein the broadcast message includes the data acquisition request of the target application. The system security component acquires a data acquisition request of a target application, wherein the data acquisition request comprises an application identifier of the target application, and further, the system security component can acquire an application process state of the target application according to the application identifier and determine a data identifier matched with the data acquisition request according to the application process state, wherein the data identifier comprises a real data identifier or a false data identifier. And the operating system receives the data identification sent by the system security component and returns real data or false data corresponding to the data identification to the target application. By the data authorization method, under the condition that a user rejects a data acquisition request of the target application or causes the target application to be incapable of normally operating, the system security component can ensure the normal operation of the target application in a mode that the operating system returns false data (or simulation data) to the target application, and meanwhile, the privacy of the user is prevented from being revealed or illegally acquired. Moreover, in the data authorization process, the system security component can only determine that the target application returns real data or false data through the operating system, and the security of the user privacy information is further improved.
Based on the description of the above method embodiment, the embodiment of the present invention further provides a data authorization apparatus, which is deployed in a system security component running in an operating system of a terminal device. Referring to fig. 5, the data authorization apparatus includes the following modules:
an obtaining module 50, configured to obtain a data obtaining request of a target application, where the data obtaining request includes an application identifier of the target application;
the obtaining module 50 is further configured to obtain an application process state of the target application according to the application identifier;
the processing module 51 is configured to determine, according to the application process state, a data identifier matched with the data acquisition request, where the data identifier includes a real data identifier or a false data identifier;
and an output module 52, configured to return, to the target application through the operating system, real data or dummy data corresponding to the data identifier.
In an embodiment, before determining the data identifier matching the data obtaining request according to the application process state, the obtaining module 50 is further configured to obtain the operation permission information of the target application according to the application identifier; the processing module 51 is further configured to determine whether the target application has a data acquisition permission according to the operation permission information; and if not, determining the data identifier matched with the data acquisition request according to the application process state.
In one embodiment, the application process state is foreground running or background running; the processing module 51 is further specifically configured to determine that the data identifier matching the data acquisition request is a false data identifier when the application process state is a background operation; the output module is specifically further configured to output a prompt message of the data acquisition request when the application process state is foreground operation; the processing module 51 is further specifically configured to determine that the data identifier matching the data acquisition request is a real data identifier if a confirmation operation input by the user for the prompt message is received.
In an embodiment, the processing module 51 is further specifically configured to determine that the data identifier matching the data acquisition request is a false data identifier if a confirmation operation of the user for the input of the prompt message is not received within a preset time period, or a rejection operation of the user for the input of the prompt message is received.
In an embodiment, the obtaining module 50 is specifically configured to receive a broadcast message sent by an operating system of the terminal device after receiving a data obtaining request of a target application, where the broadcast message includes the data obtaining request of the target application, and the data obtaining request includes an application identifier of the target application.
In an embodiment, the output module 52 is specifically configured to send the data identifier to the operating system, so that the operating system acquires real data or dummy data corresponding to the data identifier and returns the real data or dummy data to the target application.
In an embodiment, before returning, by the operating system, real data or dummy data corresponding to the data identifier to the target application, the processing module 51 is further configured to generate dummy data of at least one data type; the output module 52 is further specifically configured to send the dummy data to the operating system, so that the operating system performs a storage operation on the dummy data.
It should be noted that the functions of each module of the data authorization apparatus described in the embodiment of the present invention may be specifically implemented according to the method in the method embodiment described in fig. 1 or fig. 4, and the specific implementation process may refer to the related description of the method embodiment in fig. 1 or fig. 4, which is not described herein again.
Based on the description of the above method embodiment, the embodiment of the present invention further provides another data authorization apparatus, where the apparatus is deployed in an operating system of a terminal device, and a system security component is run in the operating system. Referring to fig. 6, the data authorization apparatus includes the following modules:
an obtaining module 60, configured to receive a data obtaining request sent by a target application;
an output module 61, configured to send a broadcast message to the system security component, where the broadcast message includes a data acquisition request of a target application, so as to instruct the system security component to determine, in response to the data acquisition request, a data identifier matching the data acquisition request according to an application process state of the target application, where the data identifier includes a real data identifier or a false data identifier;
the obtaining module 60 is further configured to receive a data identifier sent by the system security component;
the output module 61 is further configured to return real data or dummy data corresponding to the data identifier to the target application.
It should be noted that the functions of each module of the data authorization apparatus described in the embodiment of the present invention may be specifically implemented according to the method in the method embodiment described in fig. 3 or fig. 4, and the specific implementation process may refer to the relevant description of the method embodiment in fig. 3 or fig. 4, which is not described herein again.
Based on the description of the method embodiment and the apparatus item embodiment, the embodiment of the present invention further provides a terminal device. Referring to fig. 7, the terminal device may include at least a processor 701, an input device 702, an output device 703 and a memory 704; the processor 701, the input device 702, the output device 703, and the memory 704 may be connected by a bus or other connection. The memory 704 is used for storing a computer program comprising program instructions, and the processor 701 is used for executing the program instructions stored by the memory 704. The processor 701 (or CPU) is a computing core and a control core of the terminal device, and is adapted to implement one or more instructions, and specifically, adapted to load and execute the one or more instructions so as to implement the corresponding method flow or the corresponding function in the foregoing data authorization method embodiment. Wherein the processor 701 is configured to call the program instruction to perform: acquiring a data acquisition request of a target application, wherein the data acquisition request comprises an application identifier of the target application; acquiring an application process state of the target application according to the application identifier; determining a data identifier matched with the data acquisition request according to the application process state, wherein the data identifier comprises a real data identifier or a false data identifier; and returning real data or false data corresponding to the data identification to the target application through the operating system.
In an embodiment, before determining the data identifier matching the data obtaining request according to the application process state, the processor 701 is further specifically configured to: acquiring operation authority information of the target application according to the application identifier; determining whether the target application has data acquisition permission or not according to the operation permission information; and if not, determining the data identifier matched with the data acquisition request according to the application process state.
In one embodiment, the processor 701 is specifically configured to: the application process state is foreground operation or background operation; under the condition that the application process state is background operation, determining that the data identifier matched with the data acquisition request is a false data identifier; outputting a prompt message of the data acquisition request under the condition that the application process state is foreground operation; and if receiving a confirmation operation input by the user aiming at the prompt message, determining that the data identifier matched with the data acquisition request is a real data identifier.
In an embodiment, the processor 701 is further specifically configured to: and if the confirmation operation of the user for the input of the prompt message is not received within the preset time length, or the refusal operation of the user for the input of the prompt message is received, determining that the data identifier matched with the data acquisition request is a false data identifier.
In one embodiment, the processor 701 is specifically configured to: receiving a broadcast message sent by an operating system of the terminal device after receiving a data acquisition request of a target application, wherein the broadcast message comprises the data acquisition request of the target application, and the data acquisition request comprises an application identifier of the target application.
In one embodiment, the processor 701 is specifically configured to: and sending the data identifier to the operating system, so that the operating system acquires real data or false data corresponding to the data identifier and returns the real data or false data to the target application.
In an embodiment, before returning, by the operating system, real data or dummy data corresponding to the data identifier to the target application, the processor 701 is further specifically configured to: generating dummy data of at least one data type; sending the dummy data to the operating system to enable the operating system to perform storage operation on the dummy data.
It should be understood that, in the embodiment of the present invention, the Processor 701 may be a Central Processing Unit (CPU), and the Processor 701 may also be other general processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field-Programmable Gate arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete a hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 704 may include both read-only memory and random-access memory, and provides instructions and data to the processor 701. A portion of the memory 704 may also include non-volatile random access memory. For example, the memory 704 may also store device type information. The input device 702 may include a touch pad, a fingerprint sensor (for collecting fingerprint information of a user), a microphone, a physical keyboard, etc., and the output device 703 may include a display (LCD, etc.), a speaker, etc.
In a specific implementation, the processor 701, the memory 704, the input device 702, and the output device 703 described in this embodiment of the present invention may execute the implementation described in the method embodiment of fig. 1 or fig. 4 provided in this embodiment of the present invention, and may also execute the implementation method of the data authorization apparatus described in fig. 5 in this embodiment of the present invention, which is not described herein again.
Based on the description of the method embodiment and the apparatus item embodiment, the embodiment of the present invention further provides a terminal device. Referring to fig. 8, the terminal device may include at least a processor 801, an input device 802, an output device 803, and a memory 804; the processor 801, the input device 802, the output device 803, and the memory 804 may be connected by a bus or other connection means. The memory 804 is used for storing a computer program comprising program instructions, and the processor 801 is used for executing the program instructions stored by the memory 804. The processor 801 (or CPU) is a computing core and a control core of the terminal device, and is adapted to implement one or more instructions, and specifically, adapted to load and execute the one or more instructions so as to implement the corresponding method flow or the corresponding function in the foregoing data authorization method embodiment. Wherein the processor 801 is configured to call the program instructions to perform: receiving a data acquisition request sent by a target application; sending a broadcast message to the system security component, wherein the broadcast message comprises a data acquisition request of a target application to instruct the system security component to respond to the data acquisition request and determine a data identifier matched with the data acquisition request according to an application process state of the target application, wherein the data identifier comprises a real data identifier or a false data identifier; receiving a data identifier sent by the system security component; and returning real data or false data corresponding to the data identification to the target application.
It should be understood that, in the embodiment of the present invention, the Processor 801 may be a Central Processing Unit (CPU), and the Processor 801 may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete a hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 804 may include both read-only memory and random access memory, and provides instructions and data to the processor 801. A portion of the memory 804 may also include non-volatile random access memory. For example, the memory 804 may also store device type information. The input device 802 may include a touch pad, a fingerprint sensor (for collecting fingerprint information of a user), a microphone, a physical keyboard, etc., and the output device 803 may include a display (LCD, etc.), a speaker, etc.
In a specific implementation, the processor 801, the memory 804, the input device 802, and the output device 803 described in this embodiment of the present invention may execute the implementation manner described in the method embodiment of fig. 3 or fig. 4 provided in this embodiment of the present invention, and may also execute the implementation method of the data authorization apparatus described in fig. 6 in this embodiment of the present invention, which is not described herein again.
In another embodiment of the present invention, a computer-readable storage medium is provided, where a computer program is stored, where the computer program includes program instructions, and the program instructions, when executed by a processor, implement the implementation described in the method implementation in fig. 1, fig. 3, or fig. 4 provided in the embodiment of the present invention, and the computer-readable storage medium may be an internal storage unit of a terminal device, such as a hard disk or a memory of the terminal device, in any one of the foregoing embodiments. The computer readable storage medium may also be an external storage device of the terminal device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like provided on the terminal device. Further, the computer-readable storage medium may also include both an internal storage unit and an external storage device of the terminal device. The computer-readable storage medium is used for storing the computer program and other programs and data required by the terminal device. The computer readable storage medium may also be used to temporarily store data that has been output or is to be output.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer readable storage medium, and when executed, can include the processes of the embodiments of the methods described above.
The readable storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.

Claims (10)

1. A data authorization method applied to a system security component running in an operating system of a terminal device, the method comprising:
acquiring a data acquisition request of a target application, wherein the data acquisition request comprises an application identifier of the target application;
acquiring an application process state of the target application according to the application identifier;
determining a data identifier matched with the data acquisition request according to the application process state, wherein the data identifier comprises a real data identifier or a false data identifier;
and returning real data or false data corresponding to the data identification to the target application through the operating system.
2. The method of claim 1, wherein before determining the data identifier matching the data acquisition request according to the application process state, the method further comprises:
acquiring operation authority information of the target application according to the application identifier;
determining whether the target application has data acquisition permission or not according to the operation permission information;
and if not, determining the data identifier matched with the data acquisition request according to the application process state.
3. The method of claim 2, wherein determining the data identifier matching the data acquisition request according to the application process state comprises:
the application process state is foreground operation or background operation;
under the condition that the application process state is background operation, determining that the data identifier matched with the data acquisition request is a false data identifier;
outputting a prompt message of the data acquisition request under the condition that the application process state is foreground operation;
and if receiving a confirmation operation input by the user aiming at the prompt message, determining that the data identifier matched with the data acquisition request is a real data identifier.
4. The method of claim 3, further comprising:
and if the confirmation operation of the user for the input of the prompt message is not received within the preset time length, or the refusal operation of the user for the input of the prompt message is received, determining that the data identifier matched with the data acquisition request is a false data identifier.
5. The method according to any one of claims 1 to 4, wherein the obtaining of the data obtaining request of the target application comprises:
receiving a broadcast message sent by an operating system of the terminal device after receiving a data acquisition request of a target application, wherein the broadcast message comprises the data acquisition request of the target application, and the data acquisition request comprises an application identifier of the target application.
6. The method of claim 5, wherein returning, by the operating system, real data or dummy data corresponding to the data identifier to the target application comprises:
and sending the data identifier to the operating system, so that the operating system acquires real data or false data corresponding to the data identifier and returns the real data or false data to the target application.
7. The method of claim 5, wherein before returning, by the operating system, the real data or dummy data corresponding to the data identification to the target application, the method further comprises:
generating dummy data of at least one data type;
sending the dummy data to the operating system to enable the operating system to perform storage operation on the dummy data.
8. A data authorization method is applied to an operating system of a terminal device, wherein a system security component runs in the operating system, and the method comprises the following steps:
receiving a data acquisition request sent by a target application;
sending a broadcast message to the system security component, wherein the broadcast message comprises a data acquisition request of a target application to instruct the system security component to respond to the data acquisition request and determine a data identifier matched with the data acquisition request according to an application process state of the target application, wherein the data identifier comprises a real data identifier or a false data identifier;
receiving a data identifier sent by the system security component;
and returning real data or false data corresponding to the data identification to the target application.
9. A data authorization apparatus, wherein the apparatus is deployed in a system security component running in an operating system of a terminal device, the apparatus comprising:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring a data acquisition request of a target application, and the data acquisition request comprises an application identifier of the target application;
the obtaining module is further configured to obtain an application process state of the target application according to the application identifier;
the processing module is used for determining a data identifier matched with the data acquisition request according to the application process state, wherein the data identifier comprises a real data identifier or a false data identifier;
and the output module is used for returning real data or false data corresponding to the data identification to the target application through the operating system.
10. A data authorization apparatus, wherein the apparatus is deployed in an operating system of a terminal device, and a system security component runs in the operating system, and the apparatus comprises:
the acquisition module is used for receiving a data acquisition request sent by a target application;
an output module, configured to send a broadcast message to the system security component, where the broadcast message includes a data acquisition request of a target application, so as to instruct the system security component to determine, in response to the data acquisition request, a data identifier matching the data acquisition request according to an application process state of the target application, where the data identifier includes a real data identifier or a false data identifier;
the acquisition module is further used for receiving the data identifier sent by the system security component;
the output module is further configured to return real data or false data corresponding to the data identifier to the target application.
CN202010482656.7A 2020-05-29 2020-05-29 Data authorization method and device Pending CN111625811A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010482656.7A CN111625811A (en) 2020-05-29 2020-05-29 Data authorization method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010482656.7A CN111625811A (en) 2020-05-29 2020-05-29 Data authorization method and device

Publications (1)

Publication Number Publication Date
CN111625811A true CN111625811A (en) 2020-09-04

Family

ID=72272542

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010482656.7A Pending CN111625811A (en) 2020-05-29 2020-05-29 Data authorization method and device

Country Status (1)

Country Link
CN (1) CN111625811A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111814146A (en) * 2020-09-10 2020-10-23 平安国际智慧城市科技股份有限公司 Incidence relation establishing method and device for object, server and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080022376A1 (en) * 2006-06-23 2008-01-24 Lenovo (Beijing) Limited System and method for hardware access control
CN102801688A (en) * 2011-05-23 2012-11-28 联想(北京)有限公司 Data access method, device and terminal supporting data access
CN107563187A (en) * 2017-08-30 2018-01-09 广东欧珀移动通信有限公司 Access operation monitoring method, device, mobile terminal and readable storage medium storing program for executing
CN108932435A (en) * 2018-07-05 2018-12-04 宇龙计算机通信科技(深圳)有限公司 A kind of information security management method, terminal device and computer readable storage medium
CN110321678A (en) * 2019-06-19 2019-10-11 北京信安世纪科技股份有限公司 A kind of control method of virtual system, device, equipment and medium
CN111095211A (en) * 2017-10-13 2020-05-01 华为技术有限公司 Application starting control method and user terminal

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080022376A1 (en) * 2006-06-23 2008-01-24 Lenovo (Beijing) Limited System and method for hardware access control
CN102801688A (en) * 2011-05-23 2012-11-28 联想(北京)有限公司 Data access method, device and terminal supporting data access
CN107563187A (en) * 2017-08-30 2018-01-09 广东欧珀移动通信有限公司 Access operation monitoring method, device, mobile terminal and readable storage medium storing program for executing
CN111095211A (en) * 2017-10-13 2020-05-01 华为技术有限公司 Application starting control method and user terminal
CN108932435A (en) * 2018-07-05 2018-12-04 宇龙计算机通信科技(深圳)有限公司 A kind of information security management method, terminal device and computer readable storage medium
CN110321678A (en) * 2019-06-19 2019-10-11 北京信安世纪科技股份有限公司 A kind of control method of virtual system, device, equipment and medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111814146A (en) * 2020-09-10 2020-10-23 平安国际智慧城市科技股份有限公司 Incidence relation establishing method and device for object, server and storage medium

Similar Documents

Publication Publication Date Title
US9104840B1 (en) Trusted security zone watermark
US9569607B2 (en) Security verification method and apparatus
CN108965250B (en) Digital certificate installation method and system
EP3176719B1 (en) Methods and devices for acquiring certification document
CN115102744B (en) Data access method and device
CN110727941A (en) Private data protection method and device, terminal equipment and storage medium
CN110619221B (en) Virtual authorization method, device, terminal equipment and storage medium
CN112398824A (en) Authority verification method, storage medium and electronic equipment
CN111625811A (en) Data authorization method and device
CN111400690B (en) Biological verification method and device
CN110008668B (en) Data processing method, device and storage medium
CN113572827B (en) Registration processing method and device
CN106603625B (en) Data protection method and device
CN115564435A (en) Block chain asset protection method and device based on intelligent contracts
CN106203087B (en) Injection protection method, system, terminal and storage medium
CN110765426A (en) Equipment permission setting method, device, equipment and computer storage medium
CN114287002A (en) Electronic device for controlling access to device resources and method of operation thereof
CN111901095A (en) Safe starting method and system based on hardware encryption
CN113256853B (en) Information transmission method, electronic equipment, door lock, server and storage medium
CN112787989B (en) Signature method and device
CN110580179A (en) information processing method and device, electronic device and storage medium
CN115589571B (en) Device retrieving method, user equipment, ground satellite equipment and storage medium
CN111383025B (en) Method and device for forwarding wind control data and electronic equipment
WO2023240506A1 (en) Request processing method and apparatus, server, and storage medium
CN114519407A (en) Display control method, display control device, electronic device, and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination