CN114091112A - Application authority control method and device and electronic equipment - Google Patents
Application authority control method and device and electronic equipment Download PDFInfo
- Publication number
- CN114091112A CN114091112A CN202111250571.7A CN202111250571A CN114091112A CN 114091112 A CN114091112 A CN 114091112A CN 202111250571 A CN202111250571 A CN 202111250571A CN 114091112 A CN114091112 A CN 114091112A
- Authority
- CN
- China
- Prior art keywords
- application
- certificate
- content
- authority
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Abstract
The application discloses an application authority control method and device and electronic equipment. The method comprises the following steps: under the condition that a first certificate corresponding to the application supervision authority of the application store is obtained, if an racking request of the first application is received, checking first authority content applied by the first application; if the first permission content meets the preset requirement, the first application is put on shelf, and a second certificate is issued for the first application based on the first certificate; otherwise, the first application is rejected.
Description
Technical Field
The application belongs to the technical field of communication, and particularly relates to an application authority control method and device and electronic equipment.
Background
With the continuous development of the mobile internet, the performance of the electronic equipment is improved, and more applications are installed on the electronic equipment.
In the related art, during the process of using the applications by the user, the related rights are generally required to be authorized for the applications to be normally used. In the current application authority management, authority management is mainly performed based on a mode set by an application developer and selected by a user.
However, since users generally do not have professional knowledge in the aspect of rights management, the use of rights cannot be reasonably controlled. For example, there is a risk that privacy information is leaked due to too many permissions granted to some applications, or the related functions of some applications cannot be used normally due to too few grants to some applications, thereby affecting the user experience.
Disclosure of Invention
The embodiment of the application authority management and control method and device and electronic equipment can solve the technical problem that privacy information is leaked or application cannot be normally used due to unreasonable application authority management and control.
In a first aspect, an embodiment of the present application provides an application authority management and control method, where the method includes: under the condition that a first certificate corresponding to the application supervision authority of the application store is obtained, if an racking request of the first application is received, checking first authority content applied by the first application; if the first permission content meets the preset requirement, the first application is put on shelf, and a second certificate is issued for the first application based on the first certificate; otherwise, the first application is rejected.
In a second aspect, an embodiment of the present application provides an application authority management and control device, where the device includes: the device comprises a receiving module and a processing module; the receiving module is used for auditing the first authority content applied by the first application if receiving an uploading request of the first application under the condition of acquiring the first certificate corresponding to the application supervision authority of the application store; the processing module is configured to put the first application on shelf if the first permission content received by the receiving module meets a preset requirement, and issue a second certificate for the first application based on the first certificate; otherwise, the first application is rejected.
In a third aspect, embodiments of the present application provide an electronic device, which includes a processor, a memory, and a program or instructions stored on the memory and executable on the processor, and when executed by the processor, implement the steps of the method according to the first aspect.
In a fourth aspect, embodiments of the present application provide a readable storage medium on which a program or instructions are stored, which when executed by a processor implement the steps of the method according to the first aspect.
In a fifth aspect, embodiments of the present application provide a chip, where the chip includes a processor and a communication interface, where the communication interface is coupled to the processor, and the processor is configured to execute a program or instructions to implement the method according to the first aspect.
In the embodiment of the application, under the condition that the application store acquires the first certificate corresponding to the application supervision authority of the application store, if the application store receives a shelf loading request of the first application, the first authority content applied by the first application is checked; if the first permission content meets the preset requirement, the first application is put on shelf, and a second certificate is issued for the first application based on the first certificate; otherwise, the first application is rejected. Therefore, the first right content can be directly started when the first application installed by the user is downloaded through the application store, and the user does not need to select the first right content.
In addition, under the condition that the application store acquires the first certificate of the application supervision authority, the second certificate issued for the first application based on the first certificate forms a certificate chain, based on the certificate chain, unified supervision and management on the authority content of the first application on the shelf is achieved, and the risk that privacy information is leaked or the first application cannot be normally used due to unreasonable management and control on the first application by a user is avoided. The authority management operation of the user is simplified, and the man-machine interaction performance is improved.
Drawings
Fig. 1 is a schematic flowchart of an application authority control method according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of an application authority management and control apparatus according to an embodiment of the present application;
fig. 3 is a hardware schematic diagram of an electronic device according to an embodiment of the present disclosure;
fig. 4 is a second hardware schematic diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present application will be described clearly below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of the present disclosure.
The terms first, second and the like in the description and in the claims of the present application are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application are capable of operation in sequences other than those illustrated or described herein. In addition, "and/or" in the specification and claims means at least one of connected objects, a character "/" generally means that a preceding and succeeding related objects are in an "or" relationship.
It should be noted that, the marks in the embodiments of the present application are used to indicate words, symbols, images, and the like of information, and a control or other container may be used as a carrier for displaying information, including but not limited to a word mark, a symbol mark, and an image mark.
The App authority management method, device and electronic device provided by the embodiment of the present application are described in detail below with reference to the accompanying drawings through specific embodiments and application scenarios thereof.
The application authority control method provided by the embodiment of the application can be applied to application authority control scenes.
Take the authority to manage application 1 as an example. In the related art, after the application 1 is downloaded and installed, when the application 1 is started, the right content corresponding to the application 1 is selected by the user to be turned on or off, for example, the application 1 does not need to read the location information of the corresponding electronic device all the time, and since the user does not have professional knowledge of right management, the user is allowed to read the location information of the corresponding electronic device all the time, so that the risk that the location information of the user is leaked is caused.
In this embodiment of the application, when the application store receives the application 1 racking request, if the authority content applied by the application store to check the application 1 is: and only allowing the position information of the corresponding electronic equipment to be read during the use (namely the first authority content meets the preset requirement), the application 1 is put on shelf, otherwise, the application 1 is rejected. Therefore, a user downloads the installed application 1 through the application store, and when the application 1 is started, the authority content of 'allowing to read the position information of the corresponding electronic equipment only during use' can be directly started without the user selecting the on-off of the authority content. The method and the device realize the uniform supervision and management of the authority content of the application 1 on the shelf, and avoid the risk of privacy information leakage or the situation that the application cannot be normally used due to unreasonable application authority control of a user. The authority management operation of the user is simplified, and the man-machine interaction performance is improved.
The application authority management and control method, device, electronic device and medium provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings through specific embodiments and application scenarios thereof.
The embodiment of the application authority management and control method provides that an execution main body of the application authority management and control method can be an application authority management and control device, and the application authority management and control device can be a server, an electronic device and a functional module in the electronic device. The method is exemplified by taking the execution subject as the application authority management device.
As shown in fig. 1, an embodiment of the present application provides an application right management method, which may include steps 101 to 102 described below.
It should be noted that after the application permission management and control device obtains the first certificate corresponding to the application monitoring permission of the application store, the application permission management and control device can apply for becoming a third-party monitoring authority of the application monitoring permission. The application authority management and control device can be a server of an application store, and can also be equipment capable of acquiring the first certificate corresponding to the application supervision authority.
It will be appreciated that the application store may be an application program that is capable of providing a user with a variety of application installation package downloads.
Typically, an electronic Certificate Authority (CA) has a Certificate (i.e., a root Certificate, which contains a public key), and of course, has its own private key, so that it has the ability to sign. A public user on the network trusts the CA by verifying its signature, and anyone can obtain the CA's certificate (including the public key) to verify the certificate it issued.
Generally, if a user wants to obtain a certificate belonging to the user, the user should first apply for the certificate from the CA. After the CA identifies the applicant's identity, a public key is assigned to the user, and the CA binds the public key to the applicant's identity information and signs it, forming a certificate to issue to that user (applicant).
It is understood that the application store may previously submit its own qualifications to a Certificate Authority (e.g., a Certificate Authority (CA)) to apply for a third party monitoring Authority for application monitoring Authority, and after the application passes the verification, the Certificate Authority issues a trusted Certificate (e.g., a first Certificate) to the application store.
Illustratively, the application store issues an application supervision authority application to the CA, and after the CA identifies the identity of the application store, a public key is assigned to the application store, and the CA binds the public key with the identity information of the application store and signs the public key, so as to form a certificate (i.e. the first certificate (e.g. the intermediate certificate or the secondary certificate)) and issue the certificate to the application store. Therefore, the application store acquires the first certificate corresponding to the application supervision authority of the application store, and becomes a third-party supervision mechanism for application authority management and control.
It is understood that the first certificate is a certificate issued by the certificate authority for the application store to supervise the application authority.
The first certificate may be built into the electronic device.
In this embodiment, the type of the first application may include: social applications, gaming applications, shopping applications, financial applications, and the like.
In an embodiment of the present application, the first right content includes: the authority to access the location information, the authority to access the phone, the authority to access the address book, the authority to access the photo album, etc.
102, if the first permission content meets a preset requirement, putting the first application on shelf, and issuing a second certificate for the first application based on the first certificate; otherwise, the first application is rejected.
In the embodiment of the present application, the preset requirement means: the permission to turn on by default does not threaten the privacy security of the user and/or the privacy permission specification requirements of the application.
In the embodiment of the present application, the first right content is: the open rights content is allowed by default.
It is understood that the first right content meeting the preset requirement means that: and allowing the default opened authority content to meet the preset requirement.
Illustratively, the rights contents that allow default opening include: the corresponding right content is allowed to be opened only during the use period, or is allowed to be opened all the time.
In one example, taking the first right content as an example, the right to access the location information is allowed to be opened by default, and the right to access the location information includes: enabling access to the location information only during use, or enabling access to the location information always.
It should be noted that, if the first application type is different, the corresponding preset requirements may be different. Namely, the first applications of different types correspond to different preset requirements.
That is, different types of first applications may correspond to different first rights contents. I.e. different types of first applications, the corresponding rights contents allowing opening by default are different.
Therefore, different preset requirements can be flexibly set according to different types of first applications, so that the first applications can be normally used by a user while the authority content of the first applications is monitored.
In an embodiment of the present application, the second certificate is: the application store issues a certificate for a first application for a developer corresponding to the first application (e.g., an electronic device that sent the racking request).
That is, the second certificate is a certificate (e.g., a tertiary certificate or a server certificate) issued by the application store for the first application based on the first certificate.
It will be appreciated that the issuer of the second certificate (e.g., the server certificate) is the user (i.e., the application store) of the first certificate (e.g., the intermediate certificate), and the issuer of the first certificate is the user (e.g., the CA) of the superior root certificate.
It should be noted that each level of certificate has a signature value, the root certificate can use its own root CA public key to verify its own signature, and also to verify the signature value of the intermediate certificate (i.e., the first certificate), and the public key of the intermediate certificate is used to verify the signature value of the server certificate (i.e., the second certificate) of the next level, so as to form a certificate chain (i.e., a trust chain).
Optionally, in this embodiment of the application, the second certificate includes a first field, and the first field is used to indicate the first right content.
It is to be understood that the first field is used to indicate: the open rights content is allowed by default.
In this embodiment of the present application, the first field may be used to record the content of the permission that the corresponding first application allows default opening (or permission list information that allows normal opening).
Therefore, according to the method and the device, the authority content which is indicated by the first field and runs the default opening can be directly opened according to the first field, manual selection of a user is not needed, and authority management operation of the user is simplified.
It should be noted that, in order to further ensure the security of the application right supervision, a second certificate is formed based on the first field, and the second certificate is issued to the first application. Next, a scheme of issuing the second certificate will be described.
Optionally, in this embodiment of the application, the step 102 of "issuing a second certificate for the first application based on the first certificate" includes steps 102a to 102 c.
Step 102a, first information is obtained.
And 102b, signing and encrypting the first authority content and the first information based on the private key in the first certificate to form a second certificate.
Step 102c, issuing a second certificate for the first application.
Wherein the first information is used for indicating a first application; the second certificate includes the first signature value.
In this embodiment of the application, the first information may be: application information of the first application. The application information of the first application may be unique identification information of the first application, such as an app id.
In an embodiment of the present application, the first signature value is a signature value obtained after the signature encryption is completed.
In one example, the application right management and control apparatus may obtain first information (such as app id) of the first application, then sign and encrypt the first right content (or an identifier corresponding to the first right content) and the first information based on a private key in the first certificate, form a second certificate, and send the second certificate to the on-shelf requester of the first application.
In one example, the application store may assign a public key to the first application, bind the public key with the first right content and the first information to obtain the second information, sign and encrypt the second information based on a private key in the first certificate to form the second certificate, and send the second certificate to a shelf requester of the first application (e.g., an electronic device sending the shelf request).
It will be appreciated that after signing the encryption is complete, the corresponding signature value (i.e. the first signature value described above) is obtained, and the application rights management means may then place the used signature algorithm and signature value into the second certificate. Thus, a verifier (e.g., an electronic device that sent the racking request) can verify the signature value using the public key of the signer (e.g., the application store described above) to verify whether the certificate was issued by the signer. Alternatively, in the process of managing and controlling the authority, the signer can verify the certificate so as to confirm whether the authority content of the first application is tampered.
It should be noted that, on one hand, in order to further ensure the security of application right supervision, on the other hand, since the first right content that has passed the audit after the first application is put on shelf may be tampered, which may cause the first right content not to meet the preset requirement, after the first application is downloaded and installed, when the first application is started, the first application also needs to be verified. Next, a scheme of verifying the first application will be described.
Optionally, in this embodiment of the application, after the step 101, the method further includes steps 103 to 105.
Step 103, under the condition that the first application is successfully downloaded and installed from the application store, when the first application is started, verifying a second certificate corresponding to the first application based on a public key of the first certificate and a first signature value in the second certificate.
And step 104, if the verification is successful, opening the first authority content.
And 105, if the verification fails, closing the second right content and opening the first right content.
Wherein, the second right content is: the authority content which does not meet the preset requirement in the authority content of the first application;
in the embodiment of the present application, successfully downloading and installing the first application from the application store includes: a first application successfully downloaded and installed directly at the application store, and a first application successfully downloaded and installed from a third party application through the application store.
In this embodiment of the present application, the public key of the first certificate may be used to verify the first signature value in the second certificate, thereby completing the verification of the second certificate.
It is understood that, when the verification fails, the rights contents of the first application include: a first rights content and a second rights content.
In one example, if the verification is successful, the second certificate is a trusted certificate, which indicates that the second certificate is issued by a signer of the first certificate (i.e., the application store), and also indicates that the first right content applied by the first application meets the preset requirement. Therefore, the first right content can be directly opened without manual selection of a user.
In another example, if the verification fails, the second certificate is not trusted, which indicates that the rights content of the first application may be tampered, for example, the first field is tampered, so that the rights content in the first application includes rights content that does not meet the preset requirement (i.e., the second rights content) and rights content that meets the preset requirement (i.e., the first rights content). Therefore, the second permission content can be closed, the first permission content can be opened, the user does not need to manually select to open and close the corresponding permission content, the user permission management operation is simplified, and privacy information can be prevented from being leaked.
In the embodiment of the application, the second certificate corresponding to the first application is verified, the second certificate can be verified when the first application is started for the first time, the second certificate can be verified when the first application is started every time, the second certificate can be set according to specific requirements, and the embodiment of the application is not limited to this.
Optionally, the verifying the second certificate corresponding to the first application includes, but is not limited to, the following two possible implementation manners.
In one possible implementation, the second certificate may be built into the first application, so that the verification of the second certificate may be done directly locally.
In another possible implementation manner, the second certificate is built in a server of the developer corresponding to the first application, and verification of the second certificate can be completed by accessing the server corresponding to the first application.
Optionally, in this embodiment of the application, if the check in the step 105 fails, the method further includes a step 105 a.
And 105a, sending first prompt information to the first electronic equipment.
The first electronic equipment downloads the first application, and the first prompt information is used for prompting a user that the first application has a security risk.
It can be understood that, due to the verification failure, it is indicated that the authority content of the first application may be tampered with, so that a potential safety hazard of privacy disclosure exists, and therefore, first prompt information may be sent to the first electronic device to prompt a user of the first electronic device that the first application has a safety risk, so that the user can pay attention to privacy authority management and protection of privacy information in a subsequent process of using the first application.
Illustratively, the first prompt message may include a voice message or a text message or other possible information.
For example, if the first prompt message is a text message, after the first electronic device receives the first prompt message, the first prompt message is displayed in a display area of the first electronic device in a dialog box form, so that the first prompt message is convenient for a user to view.
Optionally, in this embodiment of the application, after the step 101, the method further includes a step 106.
And step 106, if the first authority content does not meet the preset requirement, sending second prompt information to the second electronic equipment.
The second electronic device is used for sending a racking request, and the second prompt information is used for prompting that the first permission content does not meet the preset requirement.
For example, the second prompt message is used to prompt that the first right content does not meet the preset requirement, and may be: the second prompt message is used for prompting the authority content which does not meet the preset requirement in the first authority content.
Therefore, the first authority content can be modified according to the second prompt message, so that the modified first authority content meets the preset requirement.
Optionally, in this embodiment of the application, in a case that an application store in the electronic device obtains the first certificate of the application supervision authority, the method further includes steps 107 to 108.
And 107, under the condition that the second application is successfully downloaded and installed and started, verifying the second application.
And step 108, if the second application is an application on the shelf of another application store, the verification fails, the third right content of the second application is closed, and the fourth right content of the second application is opened.
Wherein, the third right content is: the authority content which does not meet the preset requirement; the fourth right content is: and the authority content meeting the preset requirement.
It is understood that the second application is: an application that is not on-shelf at the application store that acquired the first certificate.
It will be appreciated that other application stores are: an application store other than the application store from which the first certificate was obtained.
It should be noted that, since the second application is not on the shelf at the application store that acquired the first certificate, the verification inevitably fails when the second application is verified. The fourth permission content can be opened, and the third permission content can be closed, so that the permission content of the second application is controlled while the requirement of the user is met, and the safety of the privacy information of the user is guaranteed.
Optionally, in this embodiment of the application, referring to the step 105a, the step 108 "failed in the verification" further includes a step 108 a.
Step 108a, sending third prompt information to the first electronic equipment; the first electronic equipment is used for downloading the second application, and the third prompt information is used for prompting the user that the second application has a safety risk. Step 108a is not described again to avoid repetition.
Optionally, the application authority management and control method provided in the embodiment of the present application may also be used in other privacy information management and control fields, which are not limited in the embodiment of the present application.
Optionally, in an embodiment of the present application, based on any one of the above embodiments, an application development standard is further provided in the embodiment of the present application. Thus allowing for integration with the certificate verification process of current page loading. When an application (e.g., the first application or the second application) is started, some key information in the certificate verification process performed by the developer server corresponding to the application may be reused by the subsequent page-loading certificate verification process. Therefore, SSL handshake steps in the page loading process are simplified, and the page loading stability and the loading speed are improved.
In the application authority control method provided by the embodiment of the application, under the condition that an application store acquires a first certificate corresponding to application supervision authority of the application store, if the application store receives an on-shelf request of a first application, the first authority content applied by the first application is checked; if the first permission content meets the preset requirement, the first application is put on shelf, and a second certificate is issued for the first application based on the first certificate; otherwise, the first application is rejected. Therefore, the first right content can be directly started when the first application installed by the user is downloaded through the application store, and the user does not need to select the first right content. In addition, the method is based on the certificate chain, so that the authority content of the first application on the shelf is uniformly supervised and managed, and the risk of privacy information leakage or the condition that the first application cannot be normally used due to unreasonable authority control of the user on the first application is avoided. The authority management operation of the user is simplified, and the man-machine interaction performance is improved.
It should be noted that, in the application permission management and control method provided in the embodiment of the present application, the execution subject may be an application permission management and control device, or a control module in the application permission management and control device, configured to execute the application permission management and control method. In the embodiment of the present application, an application right management and control apparatus is taken as an example to execute an application right management and control method, and the application right management and control apparatus provided in the embodiment of the present application is described.
With reference to fig. 2, an embodiment of the present application provides an application authority management and control apparatus, where the application authority management and control apparatus may include: a receiving module 401 and a processing module 402.
The receiving module 401 is configured to, when a first certificate corresponding to an application monitoring authority of an application store is obtained, if an uploading request of a first application is received, check first authority content applied by the first application;
the processing module 402 is configured to put the first application on shelf if the first right content received by the receiving module 401 meets a preset requirement, and issue a second certificate for the first application based on the first certificate; otherwise, the first application is rejected.
Optionally, in this embodiment of the application, the second certificate includes a first field, and the first field is used to indicate the first rights content.
Optionally, in this embodiment of the application, the processing module is specifically configured to obtain first information of a first application corresponding to the racking request received by the receiving module; signing and encrypting the first authority content and the first information based on a private key in the first certificate to form a second certificate; issuing a second certificate for the first application;
wherein the first information is used for indicating a first application; the second certificate includes the first signature value.
Optionally, in this embodiment of the present application, the apparatus further includes a verification module.
The verification module is configured to, when the first application is started, verify a second certificate corresponding to the first application in a case where the first application on the shelf of the processing module 402 is successfully downloaded and installed from the application store;
if the verification is successful, starting the first authority content;
and if the verification fails, closing the second authority content and opening the first authority content.
Wherein, the second right content is: and the authority content which does not meet the preset requirement in the authority content of the first application.
Optionally, in this embodiment of the application, the verification module is specifically configured to send the first prompt message to the first electronic device if the verification fails.
The first electronic equipment downloads the first application, and the first prompt information is used for prompting a user that the first application has a security risk.
Optionally, in this embodiment of the application, the processing module is further configured to send a second prompt message to the second electronic device if the first right content received by the receiving module does not meet the preset requirement.
The second electronic equipment is used for sending a racking request, and the second prompt information is used for prompting that the first authority content does not meet the preset requirement.
In the application authority management and control device provided in the embodiment of the application, under the condition that an application store acquires a first certificate corresponding to an application supervision authority of the application store, if a receiving module receives an on-shelf request of a first application, a first authority content applied by the first application is checked; if the first permission content meets the preset requirement, the processing module shelves the first application, and based on the first certificate, issues a second certificate for the first application; otherwise, the processing module rejects the on-shelf first application. Thus, for the user to download the installed first application through the application store, the device can directly open the first right content at the time of starting without the user's selection. In addition, the device is based on the certificate chain, so that the authority content of the first application on the shelf is uniformly supervised and managed, and the risk of privacy information leakage or the condition that the first application cannot be normally used due to unreasonable authority control of the user on the first application is avoided. The authority management operation of the user is simplified, and the man-machine interaction performance is improved.
The application authority management and control device in the embodiment of the application may be a device, or may also be a component, an integrated circuit, or a chip in a terminal. The device can be mobile electronic equipment or non-mobile electronic equipment. By way of example, the mobile electronic device may be a mobile phone, a tablet computer, a notebook computer, a palm top computer, a vehicle-mounted electronic device, a wearable device, an ultra-mobile personal computer (UMPC), a netbook or a Personal Digital Assistant (PDA), and the like, and the non-mobile electronic device may be a server, a Network Attached Storage (NAS), a Personal Computer (PC), a Television (TV), a teller machine or a self-service machine, and the like, and the embodiments of the present application are not particularly limited.
The application right management and control device in the embodiment of the present application may be a device having an operating system. The operating system may be an Android (Android) operating system, an ios operating system, or other possible operating systems, and embodiments of the present application are not limited specifically.
The application authority control device provided in the embodiment of the present application can implement each process implemented by the above method embodiment, and is not described here again in order to avoid repetition.
As shown in fig. 3, an electronic device 200 is further provided in the embodiment of the present application, and includes a processor 202, a memory 201, and a program or an instruction stored in the memory 201 and executable on the processor 202, where the program or the instruction is executed by the processor 202 to implement the processes of the above-mentioned embodiment of the application right management and control method, and can achieve the same technical effects, and no further description is provided here to avoid repetition.
It should be noted that the electronic devices in the embodiments of the present application include the mobile electronic devices and the non-mobile electronic devices described above.
Fig. 4 is a schematic diagram of a hardware structure of an electronic device implementing an embodiment of the present application.
The electronic device 1000 includes, but is not limited to: a radio frequency unit 1001, a network module 1002, an audio output unit 1003, an input unit 1004, a sensor 1005, a display unit 1006, a user input unit 1007, an interface unit 1008, a memory 1009, and a processor 1010.
Those skilled in the art will appreciate that the electronic device 1000 may further comprise a power source (e.g., a battery) for supplying power to various components, and the power source may be logically connected to the processor 1010 through a power management system, so as to implement functions of managing charging, discharging, and power consumption through the power management system. The electronic device structure shown in fig. 4 does not constitute a limitation of the electronic device, and the electronic device may include more or less components than those shown, or combine some components, or arrange different components, and thus, the description is omitted here.
The processor 1010 is configured to, under the condition that a first certificate corresponding to an application monitoring authority of an application store is acquired, if an uploading request of a first application is received, check first authority content applied by the first application; if the first permission content meets the preset requirement, the first application is put on shelf, and a second certificate is issued for the first application based on the first certificate; otherwise, the first application is rejected.
According to the electronic device provided by the embodiment of the application, under the condition that the application store acquires the first certificate corresponding to the application supervision authority of the application store, if an uploading request of the first application is received, the first authority content applied by the first application is checked; if the first permission content meets the preset requirement, the first application is put on shelf, and a second certificate is issued for the first application based on the first certificate; otherwise, the processing module rejects the on-shelf first application. Therefore, for the first application installed by the user through the application store, when the first application is started, the electronic equipment can directly start the first right content without the selection of the user. In addition, the electronic equipment realizes unified supervision and management on the authority content of the first application on the shelf based on the certificate chain, and avoids the risk of privacy information leakage or the condition that the first application cannot be normally used due to unreasonable authority control of the user on the first application. The authority management operation of the user is simplified, and the man-machine interaction performance is improved.
Optionally, the second certificate includes a first field, and the first field is used for indicating the first rights content.
Optionally, the processor 1010 is further configured to obtain first information; based on a private key in the first certificate, signing and encrypting the first authority content and the first information to form a second certificate; issuing a second certificate for the first application; wherein the first information is used for indicating a first application; the second certificate includes the first signature value.
Optionally, the processor 1010 is further configured to, in a case that the first application is successfully downloaded and installed from the application store, check a second certificate corresponding to the first application when the first application is started; if the verification is successful, starting the first authority content; and if the verification fails, closing the second authority content and opening the first authority content.
Wherein, the second right content is: and the authority content which does not meet the preset requirement in the authority content of the first application.
Optionally, the processor 1010 is further configured to send a first prompt message to the first electronic device if the verification fails.
The first electronic equipment downloads the first application, and the first prompt information is used for prompting a user that the first application has a security risk.
Optionally, the processor 1010 is further configured to send a second prompt message to the second electronic device if the first right content does not meet the preset requirement.
The second electronic equipment is used for sending a racking request, and the second prompt information is used for prompting that the first authority content does not meet the preset requirement.
It should be understood that in the embodiment of the present application, the input Unit 1004 may include a Graphics Processing Unit (GPU) 10041 and a microphone 10042, and the Graphics Processing Unit 10041 processes image data of still pictures or videos obtained by an image capturing device (such as a camera) in a video capturing mode or an image capturing mode. The display unit 1006 may include a display panel 10061, and the display panel 10061 may be configured in the form of a liquid crystal display, an organic light emitting diode, or the like. The user input unit 1007 includes a touch panel 10071 and other input devices 10072. The touch panel 10071 is also referred to as a touch screen. The touch panel 10071 may include two parts, a touch detection device and a touch controller. Other input devices 10072 may include, but are not limited to, a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, a mouse, and a joystick, which are not described in detail herein. The memory 1009 may be used to store software programs as well as various data, including but not limited to application programs and operating systems. Processor 1010 may integrate an application processor that handles primarily operating systems, user interfaces, applications, etc. and a modem processor that handles primarily wireless communications. It will be appreciated that the modem processor described above may not be integrated into processor 1010.
The embodiment of the present application further provides a readable storage medium, where a program or an instruction is stored on the readable storage medium, and when the program or the instruction is executed by a processor, the process of the embodiment of the application permission management and control method is implemented, and the same technical effect can be achieved, and in order to avoid repetition, details are not repeated here.
The processor is a processor in the electronic device in the above embodiment. The readable storage medium includes a computer readable storage medium, such as a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk. The embodiment of the present application further provides a chip, where the chip includes a processor and a communication interface, the communication interface is coupled to the processor, and the processor is configured to run a program or an instruction, to implement each process of the above embodiment of the application permission management and control method, and can achieve the same technical effect, and in order to avoid repetition, the description is omitted here.
It should be understood that the chips mentioned in the embodiments of the present application may also be referred to as system-on-chip, system-on-chip or system-on-chip, etc.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element. Further, it should be noted that the scope of the methods and apparatus of the embodiments of the present application is not limited to performing the functions in the order illustrated or discussed, but may include performing the functions in a substantially simultaneous manner or in a reverse order based on the functions involved, e.g., the methods described may be performed in an order different than that described, and various steps may be added, omitted, or combined. In addition, features described with reference to certain examples may be combined in other examples.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present application may be embodied in the form of a computer software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal (such as a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present application.
While the present embodiments have been described with reference to the accompanying drawings, it is to be understood that the invention is not limited to the precise embodiments described above, which are meant to be illustrative and not restrictive, and that various changes may be made therein by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (10)
1. An application authority management and control method, characterized in that the method comprises:
under the condition that a first certificate corresponding to application supervision authority of an application store is obtained, if an racking request of a first application is received, checking first authority content applied by the first application;
if the first permission content meets a preset requirement, the first application is put on shelf, and a second certificate is issued for the first application based on the first certificate; otherwise, the first application is refused to be put on shelf.
2. The method of claim 1, wherein the second certificate includes a first field therein, and wherein the first field is used to indicate the first rights content.
3. The method of claim 1 or 2, wherein issuing a second certificate for the first application based on the first certificate comprises:
acquiring first information, wherein the first information is used for indicating the first application;
based on a private key in the first certificate, signing and encrypting the first right content and the first information to form a second certificate;
issuing the second certificate for the first application;
wherein the second certificate includes a first signature value therein.
4. The method according to claim 1 or 2,
after the first application is put on shelf and a second certificate is issued to the first application based on the first certificate if the first permission content meets a preset requirement, the method further comprises:
under the condition that the first application is successfully downloaded and installed from the application store, when the first application is started, verifying a second certificate corresponding to the first application based on a public key corresponding to the first certificate and a first signature value in the second certificate;
if the verification is successful, opening the first authority content;
if the verification fails, closing the second authority content and opening the first authority content;
wherein the second right content is: and the authority content which does not meet the preset requirement in the authority content of the first application.
5. The method of claim 4,
if the verification fails, the method further comprises:
sending first prompt information to first electronic equipment;
the first electronic equipment downloads the first application, and the first prompt information is used for prompting a user that the first application has a security risk.
6. The method of claim 1,
after the checking the first right content applied by the first application, the method further includes:
if the first authority content does not meet the preset requirement, sending second prompt information to second electronic equipment;
the second electronic device is an electronic device sending the racking request, and the second prompt information is used for prompting that the first permission content does not meet the preset requirement.
7. An application right management and control apparatus, comprising: the device comprises a receiving module and a processing module;
the receiving module is used for auditing the first authority content applied by the first application if an uploading request of the first application is received under the condition that the first certificate corresponding to the application supervision authority of the application store is acquired;
the processing module is used for shelving the first application if the first permission content received by the receiving module meets a preset requirement, and issuing a second certificate for the first application based on the first certificate; otherwise, the first application is refused to be put on shelf.
8. The apparatus of claim 7,
the processing module is specifically configured to obtain first information of a first application corresponding to the racking request received by the receiving module; signing and encrypting the first authority content and the first information based on a private key in the first certificate to form a second certificate; issuing the second certificate for the first application;
wherein the first information is used to indicate the first application; the second certificate includes a first signature value therein.
9. The apparatus of claim 7, further comprising a verification module;
the verification module is used for verifying a second certificate corresponding to the first application based on a public key of the first certificate and a first signature value in the second certificate when the first application is started under the condition that the first application on the processing module is successfully downloaded and installed from the application store;
if the verification is successful, opening the first authority content;
if the verification fails, closing the second authority content and opening the first authority content;
wherein the second right content is: and the authority content which does not meet the preset requirement in the authority content of the first application.
10. An electronic device comprising a processor, a memory, and a program or instructions stored on the memory and executable on the processor, the program or instructions when executed by the processor implementing the steps of the application rights management method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111250571.7A CN114091112A (en) | 2021-10-26 | 2021-10-26 | Application authority control method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111250571.7A CN114091112A (en) | 2021-10-26 | 2021-10-26 | Application authority control method and device and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114091112A true CN114091112A (en) | 2022-02-25 |
Family
ID=80297691
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111250571.7A Pending CN114091112A (en) | 2021-10-26 | 2021-10-26 | Application authority control method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114091112A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115022091A (en) * | 2022-08-04 | 2022-09-06 | 亿次网联(杭州)科技有限公司 | Digital certificate-based autonomous authorization method and system |
-
2021
- 2021-10-26 CN CN202111250571.7A patent/CN114091112A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115022091A (en) * | 2022-08-04 | 2022-09-06 | 亿次网联(杭州)科技有限公司 | Digital certificate-based autonomous authorization method and system |
| CN115022091B (en) * | 2022-08-04 | 2022-12-16 | 亿次网联(杭州)科技有限公司 | Autonomous authorization method and system based on digital certificate |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10244578B2 (en) | Mobile communication device and method of operating thereof | |
| CN107113302B (en) | Security and permission architecture in multi-tenant computing systems | |
| JP2020005310A (en) | Method of authorizing operation to be performed on targeted computing device | |
| US9251332B2 (en) | Security system and method for controlling access to computing resources | |
| CN107431924B (en) | Device theft protection associating device identifiers with user identifiers | |
| US11172029B2 (en) | Systems and methods for sharing SaaS content across workspace | |
| US20120311663A1 (en) | Identity management | |
| CN112913213A (en) | System and method for presenting additional content for a web application accessed via an embedded browser of a client application | |
| US20200151243A1 (en) | Systems and methods for rich input into text fields using an embedded browser | |
| US11592966B2 (en) | Systems and methods for SaaS overlays using embedded browser | |
| KR20120019021A (en) | Image forming apparatus for executing user authentication and method for executing user authentication of image forming apparatus | |
| CN102938043A (en) | Access of authorized application to secure resources | |
| CN107506637A (en) | Information displaying method and device, terminal and readable storage medium storing program for executing | |
| WO2018184353A1 (en) | Method for application security authentication, terminal, and storage medium | |
| CN106156607B (en) | SElinux secure access method and POS terminal | |
| US20080172750A1 (en) | Self validation of user authentication requests | |
| CN103778379B (en) | Application in management equipment performs and data access | |
| US20220100874A1 (en) | Data loss protection on secondary displays | |
| US11595208B2 (en) | Self-service device encryption key access | |
| US10218505B1 (en) | Server based settings for client software with asymmetric signing | |
| CN114091112A (en) | Application authority control method and device and electronic equipment | |
| CN113032753A (en) | Identity verification method and device | |
| JP2008123070A (en) | Thin client system, and display program for client terminal in thin client system | |
| EP3975015B1 (en) | Applet package sending method and device and computer readable medium | |
| US20140089025A1 (en) | Authenticating a response to a change request |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |