CN115202559A

CN115202559A - Authority management method and related equipment

Info

Publication number: CN115202559A
Application number: CN202110379733.0A
Authority: CN
Inventors: 黄德志
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2021-04-08
Filing date: 2021-04-08
Publication date: 2022-10-18

Abstract

The embodiment of the application provides a permission management method and related equipment, and relates to the technical field of information security. The method comprises the following steps: a first application program of the first electronic device requests to access a second system resource of the second electronic device; the second electronic device acquires the authorization state of the second system resource to the first application program from a second authority database of the second electronic device; the second electronic device determining an authorization status of the first application program by the second system resource; and the second electronic equipment sends the authorization state of the second system resource to the first application program to the first electronic equipment. The efficiency of authority management can be effectively improved by utilizing the embodiment.

Description

Authority management method and related equipment

Technical Field

The embodiment of the application relates to the technical field of information security, in particular to a permission management method and related equipment.

Background

With the popularization of electronic devices (e.g., electronic devices such as smartphones and tablet computers) and the popularization of communication technologies, the electronic devices can perform resource access across devices.

When the electronic device performs cross-device resource access, the electronic device needs to manage access authority. However, the access authority management efficiency is low, and the user authorization process is cumbersome to operate, which is a problem to be solved currently.

Disclosure of Invention

The embodiment of the application discloses a permission management method and related equipment, which can improve the efficiency of access permission management among electronic equipment in a distributed system.

The application discloses a first aspect of a rights management method, which is applied to a first electronic device, and the rights management method includes: a first application program of a first electronic device requests to access a second system resource of a second electronic device; receiving the authorization state of the first application program by the second system resource returned by the second electronic equipment; and storing the authorization state of the second system resource to the first application program in a first authority database of the first electronic device.

By adopting the technical scheme, the first electronic equipment can use the authorization state returned by the second electronic equipment, so that the user is prevented from performing multiple authorization.

In some optional embodiments, the first electronic device is communicatively coupled to the second electronic device.

By adopting the technical scheme, global authorization state management can be performed through a plurality of electronic devices which are connected in a trusted mode.

In some alternative embodiments, the application identification of the second application of the second electronic device is identical to the application identification of the first application of the first electronic device.

By adopting the technical scheme, the same application programs in the first electronic equipment and the second electronic equipment have the same application identification, so that the unified authority management is facilitated.

In some optional embodiments, the method for managing rights further comprises: and carrying out data synchronization on the first permission database and a second permission database of the second electronic equipment.

By adopting the technical scheme, the authorization state can be synchronized between the two electronic devices. Such as data synchronization between an electronic device storing an authorized status and an electronic device not storing an authorized status.

In some optional embodiments, the method for rights management further comprises: and merging the authorization state in the first permission database according to the application identifier of the first application program and the application identifier of the second application program of the second electronic equipment.

By adopting the technical scheme, the authorization states can be merged, so that the authorization states of the two electronic devices are consistent.

In some optional embodiments, if the authorization status merge in the first rights database conflicts, the rights management method further includes: displaying a conflict processing interface; determining an authorization state of the conflict in a first authority database according to conflict processing operation of a user on a conflict processing interface; synchronizing the determined conflicting authorization status to a second rights database of the second electronic device.

By adopting the technical scheme, the problem of conflict of authorization states of a plurality of electronic devices in the merging process can be solved.

In some optional embodiments, after the first rights database of the first electronic device stores the authorization status of the first application program by the second system resource, the rights management method further includes: a first application program of the first electronic equipment requests to access a first system resource of the first electronic equipment, wherein the first system resource is consistent with a second system resource; and acquiring the authorization state of the first system resource to the first application program from the first authority database.

By adopting the technical scheme, the authorization state of the first permission database can be directly obtained without obtaining authorization from the user again, wherein the authorization state of the first system resource to the first application program is originated from the second electronic equipment.

In some optional embodiments, after the first electronic device obtains the authorization status of the first system resource to the first application program from the first rights database, the rights management method further includes: and controlling the access of the first application program to the first system resource according to the authorization state of the first system resource to the first application program.

By adopting the technical scheme, the access control of the application program to the system resource can be realized according to the authorization state.

In some optional embodiments, after the first rights database of the first electronic device stores the authorization status of the first application program by the second system resource, the rights management method further includes: receiving an access request of a second application program of second electronic equipment to a first system resource of first electronic equipment, wherein the first system resource is consistent with the second system resource, and an application identifier of the first application program is consistent with an application identifier of the second application program; obtaining the authorization state of the first system resource to the second application program from the first authority database; access by the second application to the first system resource is controlled based on the authorization status of the second application by the first system resource.

By adopting the technical scheme, the access of the second application program to the first system resource can be controlled according to the authorization state in the first authority database under the condition of not obtaining authorization from the user.

In some optional embodiments, the method for rights management further comprises: and if the first application program does not exist in the first electronic equipment and the second application program does not exist in the second electronic equipment, deleting the authorization state corresponding to the first application program in the first permission database.

By adopting the technical scheme, the authorization state corresponding to the given application program can be deleted after the user deletes the given application program in the distributed system.

In some optional embodiments, the authorization status includes an application identification field, a resource identification field, a permission field, and/or an authorization status field.

The second aspect of the present application discloses a rights management method, which is applied to a second electronic device, and the rights management method includes: receiving an access request of a first application program of first electronic equipment to a second system resource of second electronic equipment; acquiring the authorization state of the second system resource to the first application program from a second authority database of the second electronic equipment; determining the authorization state of the second system resource to the first application program; and sending the authorization state of the second system resource to the first application program to the first electronic equipment.

By adopting the technical scheme, the authorization state of the second system resource to the first application program can be sent to the first electronic equipment, so that the first electronic equipment can control the second application program to access the first system resource or the second system resource according to the authorization state of the second system resource to the first application program, wherein the first system resource and the second system resource are the same system resource.

In some alternative embodiments, the application identification of the second application of the second electronic device is consistent with the application identification of the first application of the first electronic device.

By adopting the technical scheme, the same application programs in the first electronic equipment and the second electronic equipment have the same application identifiers, so that the unified authority management is facilitated.

In some optional embodiments, the method for rights management further comprises: and carrying out data synchronization on the second permission database and the first permission database of the first electronic equipment.

In some optional embodiments, the method for rights management further comprises: and merging the authorization state in the second permission database according to the application identifier of the first application program and the application identifier of the second application program.

In some optional embodiments, if the authorization status merge in the second rights database conflicts, the rights management method further includes: displaying a conflict processing interface; determining the authorization state of the conflict in the second authority database according to the conflict processing operation of the user on the conflict processing interface; synchronizing the determined conflicting authorization status to a first permission database of the first electronic device.

In some alternative embodiments, determining the authorization status of the first application by the second system resource comprises: displaying a permission interaction interface of the first application program to the second system resource; and determining the authorization state of the second system resource to the first application program in a second authority database according to the authority determination operation of the user on the authority interaction interface.

By adopting the technical scheme, the authorization state of the system resource to the application program can be determined to be the permission state or the withdrawal state according to the user operation, wherein the withdrawal state indicates that the application program is not permitted to access the system resource.

In some optional embodiments, the method for rights management further comprises: requesting to access a second system resource by a second application program of the second electronic equipment, wherein the application identifier of the first application program is consistent with the application identifier of the second application program; obtaining the authorization state of the second system resource to the second application program from the second authority database; and controlling the access of the second application program to the second system resource according to the authorization state of the second system resource to the second application program.

In some optional embodiments, the method for managing rights further comprises: and if the second application program does not exist in the second electronic equipment and the first application program does not exist in the first electronic equipment, deleting the authorization state corresponding to the second application program in the second permission database.

A third aspect of the application discloses an electronic device comprising a processor and a memory; a memory to store instructions; and the processor is used for calling the instruction in the memory so as to enable the electronic equipment to execute the authority management method.

A fourth aspect of the present application discloses a computer-readable storage medium having stored thereon at least one instruction, the at least one instruction when executed by a processor implementing a method of rights management.

For technical effects brought by the second aspect to the fourth aspect, reference may be made to the description related to the methods in the foregoing method portion, and details are not described herein again.

Drawings

Fig. 1 is a schematic view of an application scenario of a rights management method.

Fig. 2 is a system framework diagram of a rights management method according to an embodiment of the present application.

Fig. 3 is a schematic view of an application scenario of a rights management method according to an embodiment of the present application.

Fig. 4 is a flowchart of a rights management method according to an embodiment of the present application.

Fig. 5 is a schematic diagram of an application program provided in an embodiment of the present application.

Fig. 6 is a schematic diagram of rights management provided in an embodiment of the present application.

Fig. 7 is a schematic diagram of another rights management provided in an embodiment of the present application.

Fig. 8 is a schematic diagram of another rights management provided in an embodiment of the present application.

Fig. 9 is a flowchart of a rights management method according to an embodiment of the present application.

Fig. 10 is a flowchart of another rights management method provided in an embodiment of the present application.

Fig. 11 is a schematic structural diagram of an electronic device according to an embodiment of the present application.

Fig. 12 is a block diagram of a software structure of an electronic device according to an embodiment of the present application.

Detailed Description

In the embodiments of the present application, "at least one" means one or more, "and" a plurality "means two or more than two. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, e.g., A and/or B may represent: a exists alone, A and B exist simultaneously, and B exists alone, wherein A and B can be singular or plural. The terms "first," "second," "third," "fourth," and the like in the description and in the claims and drawings of the present application, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.

In general, an Operating System (OS) may manage resources based on an independent underlying physical device. With the aid of a distributed operating system, a user can make resource access across devices. Since the electronic device stores personal data, such as private data, the distributed operating system needs to check and control the permissions when accessing resources across devices. If the authority control is complicated, the conditions of poor user experience and low authority management efficiency can occur.

As shown in fig. 1, a first electronic Device (Device 1) and a second electronic Device (Device 2) constitute a distributed management system, each electronic Device including a database storing authorization statuses (e.g., authorization records). The database of each electronic device stores the authorization status of applications in the respective electronic device to access system resources (e.g., software services, hardware services, etc.). The distributed system synchronizes the authorization status among the various databases, e.g., an authorization record on a first electronic device may be synchronized to a second electronic device. Wherein, the software service comprises decoding service, encoding service, compression service and the like; hardware services include camera services, sensor services, gyroscope services, and the like.

As shown in fig. 1, the first electronic device and the second electronic device are provided with a communication Application (APP) and a Camera service (Camera service). When a user uses a communication App on first electronic equipment and needs to access a Camera service on second electronic equipment, the user needs to confirm through a user popup box on the first electronic equipment and the second electronic equipment so as to authorize an application program to access the Camera service.

For ease of understanding, the problems of the above application scenarios are explained.

For a plurality of electronic devices in a distributed system, application access rights between the electronic devices are independent of each other. When an application program of one electronic device accesses system resources of another electronic device, the two electronic devices are required to respectively perform user frame popping confirmation.

After the communication application program in the first electronic device has the authority to access the Camera service in the second electronic device, the communication application program in the first electronic device does not have the authority to access the Camera service in the first electronic device. And if the communication application program in the first electronic equipment needs to access the Camera service in the first electronic equipment, the user needs to perform frame popping confirmation again.

After the communication application program in the first electronic device has the right to access the Camera service in the second electronic device, the communication application program on the second electronic device cannot access the Camera service on the first electronic device. And if the communication application program in the second electronic equipment needs to access the Camera service in the first electronic equipment, the user needs to perform frame popping confirmation again.

If the user needs to cancel the authorization, a large amount of information needs to be inquired, and then cancellation is carried out one by one.

In the process that a user uses the same application program on a plurality of devices, the situation of repeated authorization occurs, and the use experience and the authority management efficiency of the user are influenced.

As shown in fig. 2, the first electronic Device (Device 1) and the second electronic Device (Device 2) are communicatively connected through a distributed system communication layer, and transmit data through the communication connection. The distributed system security layer is used for managing user accounts, controlling the security of the user accounts of the electronic devices in the distributed system, and logging in the electronic devices in the distributed system through one user account. The first electronic device and the second electronic device may perform data synchronization through a distributed system database management layer, and the database of each electronic device may include an application package database and a permission authorization database. The data corresponding to the application package management service of the distributed system is stored in the application package database, and the application package management service of the distributed system can manage the application program packages in the distributed system.

The method comprises the steps that a plurality of electronic devices in the distributed system log in the same user account to form an inter-trust network comprising the plurality of electronic devices, wherein the plurality of electronic devices are provided with the same application program, such as a communication application program, the manufacturers of the application programs on each electronic device, the application program names, the application program signatures, the application program package names and the like are consistent, the application identifiers of the application programs can be generated by one or more of the manufacturers of the application programs, the application program names, the application program signatures and the application program package names and serve as unique identifiers of the application programs, the application identifiers of the same application programs on each electronic device in the distributed system are the same, and the management mechanisms of the same application programs on each electronic device in the distributed system are consistent. Data corresponding to the distributed system authority management service is stored in an authority authorization database, and the distributed system authority management service is used for controlling and authorizing access of an Application program to system resources (such as a system Application program Interface, an Application Programming Interface (API), and the like). For example, an application may access a system resource when the application has permission to access the system resource; when the application does not have permission to access the system resource, the application is prevented from accessing the system resource. The electronic device may display a User Interface (UI) for authorized interaction with the User. The distributed application running management service is used for managing the running and the request of an application program among a plurality of electronic devices of a distributed system, and can comprise remote method calling, remote data transmission, interface authentication and triggering and the like.

As shown in fig. 3, a first electronic Device (Device 1) establishes a mutual communication connection with a second electronic Device (Device 2), and the first electronic Device and the second electronic Device form a distributed management system, and each electronic Device includes a database storing an authorization status (authorization record). Each database stores the authorization status of applications in the electronic device to access system resources. The distributed system synchronizes the authorization status among the databases, and the authorization record on the first electronic device can be synchronized to the second electronic device. When the application program on the first electronic device accesses system resources in the distributed system for the first time (including the electronic device to which the application program belongs and the system resources in the electronic device in the distributed system, which is the same as the electronic device to which the application program belongs, and the user account), the distributed system performs authorization confirmation through the user. The user decides whether to allow authorization for a given application to access a given system resource. After the user allows authorization for the given application to access the given system resource, the given application in the distributed system can access the given system resource in the distributed system without performing user box popping confirmation for many times.

As shown in fig. 3, when a communication application on a first electronic device accesses a Camera service in a second electronic device of a distributed system for the first time, the second electronic device pops up an authorization interactive interface to a user, and the user determines whether to allow authorization for the communication application to access the Camera service, so that after the user allows authorization, the communication application in the distributed system can access the Camera service in the distributed system without multiple authorizations. For example, when a communication application program on a first electronic device accesses a Camera service in the first electronic device of the distributed system for the first time, the first electronic device pops up an authority interactive interface to a user, and the user determines that authorization for the communication application program to access the Camera service is allowed; after the user allows authorization, a communication application program in the first electronic equipment can access a Camera service in the second electronic equipment; the communication application program in the second electronic device can access the Camera service in the first electronic device, and the communication application program in the second electronic device can access the Camera service in the second electronic device without multiple authorizations.

If the user does not allow authorization of the communication application to access the Camera service, the communication application of each electronic device in the distributed system cannot access the Camera service in the distributed system.

Fig. 4 is a flowchart of a rights management method provided in an embodiment of the present application, where the rights management method is applied to a distributed system, and specifically, the rights management method includes:

s401, a first application program of first electronic equipment requests to access a second system resource of second electronic equipment.

In one embodiment of the present application, a first electronic device is communicatively coupled to a second electronic device.

In one embodiment of the present application, the first electronic device and the second electronic device are mutually connected by trust, including: the first electronic equipment is in communication connection with the second electronic equipment, and the user account of the first electronic equipment is consistent with the user account of the second electronic equipment; and/or the first electronic device and the second electronic device are in communication connection in a local area network.

Specifically, a plurality of electronic devices in the distributed system can perform mutual trust identification of a user account. The plurality of electronic devices may be connected via a wired network or a wireless network, and when the plurality of electronic devices access the network, the user account needs to be verified. Each electronic device broadcasts the locally logged user account to other electronic devices in the network, the other electronic devices match the logged user accounts with the logged user accounts of the other electronic devices after receiving the broadcasted user account, and the electronic devices with the logged user accounts consistent belong to the same mutual communication network space. I.e. a trusted connection between a plurality of electronic devices in a trusted network space.

Alternatively, the communication connection between a plurality of electronic devices in the same local area network may also be a mutual communication connection.

In one embodiment of the present application, the application identification of the second application of the second electronic device is consistent with the application identification of the first application of the first electronic device.

The distributed system application package management service (i.e., package management service) manages application identifications, such as application identification unique codes (IDs), of application programs in a plurality of electronic devices of the distributed system. The application identifications of the same application program in the application package management service in the plurality of electronic devices of the distributed system are the same. Fig. 5 is a schematic diagram of an application program according to an embodiment of the present application. As shown in fig. 5, the first electronic device and the second electronic device both install an application a, an application identifier of the application a in the first electronic device is consistent with an application identifier of the application a in the second electronic device, and the application a may be a communication application or an audio-visual application. A distributed application package database (i.e., an application package database) among a plurality of electronic devices may perform data synchronization, and record data of each application in the application package database may include a vendor, an application name (e.g., an application attribute of a database record in fig. 5), an application signature (e.g., a signature attribute of a database record in fig. 5), an application package name (e.g., a package name attribute of a database record in fig. 5), and the like. The first electronic device or the second electronic device may generate the application identifier of the application as the unique identifier of the application according to one or more of a vendor of the application, a name of the application, a signature of the application, and a name of an application package. That is, the application identification may include, but is not limited to: vendor, application name, application signature, and/or application package name.

The application package management service may identify an application identifier of an application when the application is installed on the electronic device.

The first application program of the first electronic device may request to call a system application programming interface API of the first electronic device, and a remote API call is made to a second system resource of the second electronic device through the system API of the first electronic device.

S402, based on a second permission database of the second electronic device, the second electronic device determines an authorization state of the second system resource to the first application program.

The authorization status of the first application by the second system resource represents the authority of the first application to access the second system resource.

(1) And the second electronic equipment acquires the authorization state of the second system resource to the first application program from a second authority database of the second electronic equipment.

The second rights database may include a rights authorization database of the second electronic device or a distributed application rights database of the second electronic device. For example, a first rights database is included in the first electronic device, and the first rights database may include a rights authorization database of the first electronic device or a distributed application rights database of the first electronic device.

In one embodiment of the present application, the authorization status includes an application identification field, a resource identification field, a permission field, and/or an authorization status field.

In an embodiment of the present application, the method for rights management further includes: and the first authority database of the first electronic equipment and the second authority database of the second electronic equipment are synchronized. The first electronic device and the second electronic device can store the authorization state and the synchronous authorization state through a distributed application authority database of the two electronic devices, and the first electronic device and the second electronic device can store the application identification and the synchronous application identification through a distributed application package database of the two electronic devices.

Optionally, the distributed system may further include a cloud server, and data synchronization may be performed among the first electronic device, the second electronic device, and the cloud server. For example, the first electronic device may synchronize the authorization status to a cloud server, and the second electronic device may synchronize the authorization status from the cloud server.

In an embodiment of the present application, the method for rights management further includes: the first electronic equipment merges authorization states in the first permission database according to the application identification of the first application program and the application identification of the second application program; and/or the second electronic equipment merges the authorization state in the second permission database according to the application identifier of the first application program and the application identifier of the second application program. For example, the authorization state of the second application program corresponding to Perm1 in the second permission database is allowed, the authorization state of the second application program corresponding to Perm1 in the first permission database is empty, and after the two authorization states are combined, the authorization state of the second application program corresponding to Perm1 in the first permission database is allowed.

For example, the second electronic device receives the authorization states of one or more applications of the first electronic device, matches the received authorization states of the applications with the authorization states of local applications, and merges the authorization states of the applications with the same application identifier. The second electronic device may synchronize the authorization state of the merged application program to the electronic devices in the distributed system, so that the electronic devices in the distributed system control access of the application program to the system resources according to the authorization state of the merged application program.

In an embodiment of the present application, if the authorization status merge in the first permission database or the second permission database occurs a conflict, the method for managing permissions further includes: displaying a conflict handling interface on any one of the first electronic device and the second electronic device; any electronic equipment receives conflict processing operation of a user on a conflict processing interface; according to the conflict processing operation, any one electronic device determines the authorization state of the conflict in the corresponding authority database; and any electronic equipment synchronizes the determined conflict authorization state to the authority databases of the electronic equipment in the distributed system.

The second electronic device may determine the permission of the first application program required for accessing the second system resource, and acquire an authorization status field of the second system resource to the first application program from a second permission database of the second electronic device according to the application identification field, the permission field, and/or the resource identification field of the second system resource of the first application program. Wherein the authorization status field may include an allowed status or a revoked status; the permission state of the second system resource to the first application indicates that the first application is permitted to access the second system resource; the revocation status of the first application by the second system resource indicates that the first application is not permitted to access the second system resource. The default value of the authorization status field is the revocation status.

(2) The second electronic device determines an authorization status of the first application by the second system resource.

In one embodiment of the present application, the determining, by the second electronic device, the authorization status of the first application by the second system resource includes: the second electronic equipment displays a permission interaction interface of the first application program to the second system resource; the second electronic equipment receives permission determination operation of a user on a permission interaction interface; and the second electronic equipment determines the authorization state of the second system resource to the first application program in a second authority database according to the authority determination operation.

Specifically, the second electronic device may determine an authorization status of the second system resource to the first application; if the authorization state of the second system resource to the first application program is a revocation state, the second electronic equipment displays a permission interaction interface of the first application program to the second system resource; the user can perform permission determination operation on the permission interaction interface, for example, the authorization state is modified into an allowed state, the authorization state is determined into an allowed state, and the like, and the second electronic device receives the permission determination operation of the user on the permission interaction interface; and according to the permission determination operation, the second electronic equipment determines the authorization state of the second system resource to the first application program in a second permission database as a permission state.

Alternatively, the user may determine the authorization status as an allowed status or a revoked status at the rights interaction interface. The authorization status may also include other states, such as a default state, etc.

Optionally, the second electronic device may directly display the permission interaction interface of the first application program to the second system resource; the user can perform permission determination operation on the permission interactive interface, for example, the authorization state is determined to be an allowed state or a revoked state, and the second electronic device receives permission determination operation of the user on the permission interactive interface; and the second electronic equipment determines the authorization state of the second system resource to the first application program in a second permission database as an allowed state or a withdrawn state according to the permission determination operation.

When a first application program of first electronic equipment accesses a second system resource API of second electronic equipment, the second system resource API needs to be subjected to authority check, because the authorization state of the first application program for accessing the second system resource is a revocation state, user operation interaction can be carried out, the authorization state is updated into an allowance state through authorization of a user, and the authorization state is written into a second authority database.

And S403, the second electronic device sends the authorization state of the second system resource to the first application program to the first electronic device.

After the second electronic device determines the authorization state of the second system resource to the first application program, or after the user determines the authorization state of the second system resource to the first application program, the second electronic device stores the determined authorization state of the second system resource to the first application program in a second permission database, and sends the authorization state of the second system resource to the first application program to the first electronic device through data synchronization of the second permission database and the first permission database.

The second electronic device may send the authorization status of the second system resource to the first application to other electronic devices in the distributed system.

In one embodiment of the present application, the method for rights management further includes: the first application program requests to access a first system resource of the first electronic device, wherein the first system resource is consistent with a second system resource; the first electronic equipment acquires the authorization state of the first system resource to the first application program from the first permission database; the first electronic device controls the access of the first application program to the first system resource according to the authorization state of the first system resource to the first application program.

Understandably, the application identifiers of the first application program and the second application program are consistent, the first system resource and the second system resource are consistent, and the access authority of the first application program to the second system resource is the same as the access authority of the first application program to the first system resource. The first authority database stores the authorization state of the first system resource to the first application program (data is synchronized with the second authority database), and the authorization state of the first system resource to the first application program is an allowed state.

In one embodiment of the present application, the method for rights management further includes: the second application program requests to access a first system resource of the first electronic equipment, and the first system resource is consistent with a second system resource; the first electronic equipment acquires the authorization state of the first system resource to the second application program from the first permission database; the first electronic device controls the access of the first application program to the first system resource according to the authorization state of the first system resource to the second application program.

Understandably, the application identifiers of the first application program and the second application program are consistent, the first system resource and the second system resource are consistent, and the access authority of the first application program to the second system resource is the same as the access authority of the second application program to the first system resource. The first authority database stores the authorization state of the first system resource to the second application program (data is synchronized with the second authority database), and the authorization state of the first system resource to the second application program is an allowed state.

In an embodiment of the present application, the method for rights management further includes: if the first application program does not exist in the first electronic device and the second application program does not exist in the second electronic device, the first electronic device deletes the authorization state corresponding to the first application program in the first permission database, and the second electronic device deletes the authorization state corresponding to the second application program in the second permission database. The first application and the second application may be applications having the same application identifier, that is, the first application and the second application are the same application.

Alternatively, the rights management method further comprises: for any application program in the distributed system, if any application program does not exist in each electronic device of the distributed system, deleting the authorization state corresponding to any application program in the authority database of each electronic device.

Alternatively, any one electronic device in the distributed system may determine the authorization status as a revocation status and synchronize the re-determined authorization status to other electronic devices in the distributed system.

Fig. 6 is a schematic diagram of rights management provided in the embodiment of the present application.

As shown in fig. 6, a first electronic Device (Device 1) and a second electronic Device (Device 2) are communicatively connected, and an application a (first application) of the first electronic Device needs to access a Camera service (second system resource) in the second electronic Device through an API call. And the application program A carries out remote API call through the system API and requests the second electronic equipment to call the Camera service API. And the second electronic equipment performs permission check on the request of the application program A, determines the permission Perm1 required by the application program A to access the Camera service in the second electronic equipment, and reads the authorization state of Perm1 from a distributed application permission database of the second electronic equipment according to the application identifier. If the authorization state of Perm1 is an unauthorized state, namely a revocation state, displaying an authorization bullet frame, and re-determining the authorization state as an allowed state according to the authorization operation of a user on the authorization bullet frame. And the second electronic equipment writes the re-determined authorization state into a distributed application authority database of the second electronic equipment, and synchronizes the authorization state in the distributed application authority database of the second electronic equipment to the distributed application authority database of the first electronic equipment. If the authorization status of Perm1 is the permission status, the second electronic device allows the application program A to call the Camera service API.

Fig. 7 is a schematic diagram of another rights management provided in the embodiment of the present application. After the second electronic device synchronizes the authorization state to the distributed application permission database of the first electronic device, the first electronic device may control access of the first application program to the first system resource according to the authorization state in the distributed application permission database of the first electronic device.

An application program A (a first application program) in the first electronic device makes a local API call through a system API to access a Camera service (a first system resource) on the first electronic device, and the first electronic device reads the authorization state of the permission (Perm 1) of the application program A to access the Camera service on the first electronic device from a distributed application permission database of the first electronic device; if permission Perm1 is authorized, application a is allowed to call the Camera service API on the first electronic device, and application a may access the Camera service on the first electronic device.

Fig. 8 is a schematic diagram of another rights management provided in the embodiment of the present application. When the authorization state in the first permission database of the first electronic device is modified or changed, the first electronic device writes the modified or changed authorization state into the first permission database, and synchronizes the authorization state in the first permission database to the second permission database of the second electronic device.

If the authorization state is modified into the revocation state by the first electronic device or the user, the first electronic device writes the modified authorization state into the distributed application permission database of the first electronic device, and synchronizes the distributed application permission database of the first electronic device to the distributed application permission database of the second electronic device.

Fig. 9 is a flowchart of a rights management method provided in an embodiment of the present application, where the rights management method is applied to a first electronic device, and specifically, the rights management method includes:

s901, a first application of a first electronic device requests to access a second system resource of a second electronic device.

The first electronic equipment and the second electronic equipment are mutually connected in a trusted mode. Specifically, the first electronic device is in communication connection with the second electronic device, and a user account of the first electronic device is consistent with a user account of the second electronic device; and/or the first electronic equipment is in communication connection with the second electronic equipment in a local area network; and/or the user account of the first electronic device is associated with the user account of the second electronic device.

For example, the first electronic device is a smart phone, the second electronic device is a tablet computer, the account number of the user logged in by the smart phone is consistent with the account number of the user logged in by the tablet computer, and the smart phone and the tablet computer are in mutual trust connection.

For another example, if the smart phone and the tablet computer belong to the same local area network, the mutual communication connection between the smart phone and the tablet computer can be determined.

The first application program can make a remote API call through the system API of the first electronic device, and remotely call a second system resource API of the second electronic device to access the second system resource.

And S902, receiving the authorization state of the first application program by the second system resource returned by the second electronic device.

Wherein the authorization status comprises an application identification field, a resource identification field, a permission field and/or an authorization status field. For example, the authorization status is "communication application: camera = grant ", wherein" communication application "is an application identification field; "Camera" is a resource identification field; the "grant" is an authorized state, indicating an allowed state, and the authorized state may further include "trusted", indicating a revoked state. For another example, the authorization status is "application a: perm1= allow ", where" application a "is an application identification field," Perm1 "is a permission field, indicating access rights of application a to system resources, and" allow "is an authorization status field.

The second electronic device may synchronize the authorization status determined by the user to the first electronic device through the second rights database of the second electronic device and the first rights database of the first electronic device.

S903, storing the authorization state of the second system resource to the first application program in a first authority database of the first electronic device.

In an embodiment of the present application, the method for rights management further includes: and carrying out data synchronization on the first permission database and a second permission database of the second electronic equipment.

For example, the first electronic device synchronizes the authorization status in the second rights database of the second electronic device to the first rights database.

Optionally, the first electronic device, the second electronic device and the cloud server are in mutual trusted connection, and data (such as an authorization state) synchronization is performed between the first electronic device and the cloud server.

The application identification of the second application program of the second electronic device is consistent with the application identification of the first application program of the first electronic device. Understandably, the first application and the second application are the same application on different electronic devices.

The rights management method further comprises: and merging the authorization state in the first permission database according to the application identifier of the first application program and the application identifier of the second application program of the second electronic equipment.

For example, the first application and the second application are the same application, the application identifier of the first application is consistent with the application identifier of the second application, and the authorization states of the applications with consistent application identifiers in the first permission database and the second permission database may be merged. For example, the authorization state of the second application program corresponding to Perm1 in the second permission database is allowed, the authorization state of the second application program corresponding to Perm1 in the first permission database is empty, and after the two authorization states are combined, the authorization state of the second application program corresponding to Perm1 in the first permission database is allowed.

If the authorization state in the first permission database is merged and conflicts, the permission management method further comprises the following steps: displaying a conflict processing interface; receiving conflict processing operation of a user on a conflict processing interface; determining an authorization state of the conflict in the first authority database according to the conflict processing operation; synchronizing the determined conflicting authorization status to a second rights database of the second electronic device.

For example, the authorization status in the first rights database is "application a: perm1= allow ", and the authorization status in the second rights database is" application a: perm1= revocation ", application a in both rights databases conflicts with respect to the merging of the authorization states of rights Perm 1. The first electronic equipment displays a conflict processing interface to a user; the user selects an authorization allowing state on the conflict processing interface, and the first electronic equipment receives conflict processing operation of the user on the conflict processing interface; the first electronic equipment determines the conflict authorization state as the permission state again according to the selection of the user on the permission authorization state; the authorization state of the application program a for the authority Perm1 is synchronized to the second authority database of the second electronic device.

In an embodiment of the present application, after the first rights database of the first electronic device stores an authorization status of the first application program by the second system resource, the rights management method further includes: a first application program of first electronic equipment requests to access a first system resource of the first electronic equipment, wherein the first system resource is consistent with a second system resource; and acquiring the authorization state of the first system resource to the first application program from the first authority database.

After the first electronic device obtains the authorization status of the first system resource to the first application program from the first permission database, the permission management method further includes: and controlling the access of the first application program to the first system resource according to the authorization state of the first system resource to the first application program.

For example, application a of a first electronic device requests access to a Camera service of the first electronic device, the Camera service of the first electronic device being the same as the Camera service of a second electronic device; the first electronic device acquires the authorization state of the application program A of the first electronic device to the Camera service of the first electronic device from the first permission database; the first electronic device allows or prohibits access to the Camera service of the first electronic device by application a of the first electronic device according to the authorization status of the Camera service of the first electronic device by application a of the first electronic device.

In an embodiment of the present application, after the first rights database of the first electronic device stores an authorization status of the first application program by the second system resource, the rights management method further includes: receiving an access request of a second application program of second electronic equipment to a first system resource of first electronic equipment, wherein the first system resource is consistent with the second system resource, and an application identifier of the first application program is consistent with an application identifier of the second application program; obtaining the authorization state of the first system resource to the second application program from the first authority database; and controlling the access of the second application program to the first system resource according to the authorization state of the first system resource to the second application program.

For example, a first electronic device receives an access request of an application program a of a second electronic device to a Camera service of the first electronic device, the Camera service of the first electronic device is the same as the Camera service of the second electronic device, and the application program a of the first electronic device is the same as the application program a of the second electronic device, that is, an application identifier of the application program a of the first electronic device is consistent with an application identifier of the application program a of the second electronic device; the first electronic device reads the authorization state of the application program A of the second electronic device to the Camera service of the first electronic device from the first permission database; and the first electronic device allows or forbids the access of the application program A of the second electronic device to the Camera service of the first electronic device according to the application program A of the second electronic device to the Camera service of the first electronic device.

In an embodiment of the present application, the method for rights management further includes: and if the first application program does not exist in the first electronic equipment and the second application program which is the same as the first application program does not exist in the second electronic equipment, deleting the authorization state corresponding to the first application program in the first permission database.

For example, the user deletes the application program a in both the first electronic device and the second electronic device, and the first electronic device deletes the authorization state corresponding to the application program a in the first permission database; and the second electronic equipment deletes the authorization state corresponding to the application program A in the second permission database.

Fig. 10 is a flowchart of another rights management method provided in an embodiment of the present application, where the rights management method is applied to a second electronic device, and specifically, the rights management method includes:

s1001, receiving an access request from a first application program of a first electronic device to a second system resource of a second electronic device.

The first electronic equipment and the second electronic equipment are mutually connected in a trusted mode. Specifically, the first electronic device is in communication connection with the second electronic device, and a user account of the first electronic device is consistent with a user account of the second electronic device; and/or the first electronic device and the second electronic device are in communication connection in a local area network.

Specifically, a plurality of electronic devices in the distributed system can perform mutual trust identification of a user account. The second electronic device may be connected to the first electronic device via a wired network or a wireless network, and when the second electronic device accesses the network, the user account needs to be verified. The second electronic equipment broadcasts the locally logged user account to the first electronic equipment in the network, the first electronic equipment receives the broadcasted user account, the second electronic equipment is matched with the logged user account of the first electronic equipment, and the two electronic equipment with the logged user accounts consistent belong to the same mutual trust network space.

S1002, obtaining the authorization state of the second system resource to the first application program from a second authority database of the second electronic device.

The authorization status comprises an application identification field, a resource identification field, a permission field and/or an authorization status field.

For example, the second electronic device may obtain, from the second permission database, the authorization status of the Camera service (second system resource) in the second electronic device by application a (first application) of the first electronic device, which is "application a: perm1= revocation ", indicating that application a of the first electronic device does not have the right to access the Camera service in the second electronic device.

And S1003, determining the authorization state of the second system resource to the first application program.

As for example, if application a of the first electronic device does not have the right to access the Camera service in the second electronic device, the second electronic device needs to re-determine the authorization status of application a of the first electronic device for the Camera service in the second electronic device. Such as re-determining the authorization status of the Camera service in the second electronic device to be an allowed status by application a of the first electronic device.

Determining the authorization status of the first application by the second system resource comprises: displaying a permission interaction interface of the first application program to the second system resource; receiving permission determination operation of a user on a permission interaction interface; and determining the authorization state of the second system resource to the first application program in a second authority database according to the authority determining operation.

For example, the second electronic device displays a permission interaction interface of an application program A of the first electronic device to a Camera service in the second electronic device to a user; the method comprises the steps that a user determines that the authorization state of an application program A of first electronic equipment to a Camera service in second electronic equipment is an authorization-allowed state in an authority interactive interface, and the second electronic equipment receives authority determination operation of the user in the authority interactive interface; and the second electronic equipment redetermines the authorization state of the application program A of the first electronic equipment to the Camera service in the second electronic equipment as the authorization-allowed state in the second permission database according to the determination of the authorization-allowed state by the user.

S1004, sending an authorization status of the second system resource to the first application to the first electronic device.

Specifically, the second electronic device may send the authorization status of the second system resource to the first application to the first electronic device through data synchronization between the second permission database and the second permission database.

In an embodiment of the present application, the method for rights management further includes: and carrying out data synchronization on the second permission database and the first permission database of the first electronic equipment.

Optionally, the distributed system may further include a cloud server, and data synchronization may be performed among the first electronic device, the second electronic device, and the cloud server. For example, the second electronic device may synchronize the authorization status to a cloud server, and the second electronic device may also synchronize the authorization status from the cloud server.

The application identification of the second application program of the second electronic device is consistent with the application identification of the first application program of the first electronic device.

In an embodiment of the present application, the method for rights management further includes: and merging the authorization state in the second permission database according to the application identifier of the first application program and the application identifier of the second application program.

If the authorization state in the second authority database is merged and conflicts occur, the authority management method further comprises the following steps: displaying a conflict processing interface; receiving conflict processing operation of a user on a conflict processing interface; determining the authorization state of the conflict in the second authority database according to the conflict processing operation; synchronizing the determined conflicting authorization status to a first rights database of the first electronic device.

In an embodiment of the present application, the method for rights management further includes: a second application program of the second electronic equipment requests to access a second system resource, and the application identifier of the first application program is consistent with the application identifier of the second application program; obtaining the authorization state of the first system resource to the first application program from the second authority database; and controlling access of the second application program to the second system resource according to the authorization state of the second system resource to the second application program.

For example, application a of the second electronic device requests to access a Camera service of the second electronic device, the Camera service of the first electronic device is the same as the Camera service of the second electronic device, and application a of the second electronic device is the same as application a of the first electronic device, that is, the application identifier of application a of the second electronic device is the same as the application identifier of application a of the first electronic device; the second electronic device acquires the authorization state of the application program A of the second electronic device to the Camera service of the second electronic device from the second permission database; and the second electronic device allows or forbids the access of the application program A of the second electronic device to the Camera service of the second electronic device according to the authorization state of the application program A of the second electronic device to the Camera service of the second electronic device.

In one embodiment of the present application, the method for rights management further includes: and if the second application program does not exist in the second electronic equipment and the first application program which is the same as the second application program does not exist in the first electronic equipment, deleting the authorization state corresponding to the second application program in the second permission database.

Fig. 11 is a schematic structural diagram of an electronic device 100 according to an embodiment of the present application. The electronic device 100 may include a processor 110, an external memory interface 120, an internal memory 121, a Universal Serial Bus (USB) interface 130, a charging management module 140, a power management module 141, a battery 142, an antenna 1, an antenna 2, a mobile communication module 150, a wireless communication module 160, an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, a sensor module 180, a button 190, a motor 191, an indicator 192, a camera 193, a display screen 194, a Subscriber Identity Module (SIM) card interface 195, and the like. The sensor module 180 may include a pressure sensor 180A, a gyroscope sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity light sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, an ambient light sensor 180L, a bone conduction sensor 180M, and the like.

It is to be understood that the illustrated structure of the embodiment of the present application does not specifically limit the electronic device 100. In other embodiments of the present application, electronic device 100 may include more or fewer components than shown, or some components may be combined, some components may be split, or a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.

Processor 110 may include one or more processing units, such as: the processor 110 may include an Application Processor (AP), a modem processor, a Graphics Processing Unit (GPU), an Image Signal Processor (ISP), a controller, a memory, a video codec, a Digital Signal Processor (DSP), a baseband processor, and/or a neural-Network Processing Unit (NPU), etc. The different processing units may be separate devices or may be integrated into one or more processors.

The controller may be, among other things, a neural center and a command center of the electronic device 100. The controller can generate an operation control signal according to the instruction operation code and the timing signal to complete the control of instruction fetching and instruction execution.

A memory may also be provided in processor 110 for storing instructions and data. In some embodiments, the memory in the processor 110 is a cache memory. The memory may hold instructions or data that have just been used or recycled by the processor 110. If the processor 110 needs to reuse the instruction or data, it can be called directly from the memory. Avoiding repeated accesses reduces the latency of the processor 110, thereby increasing the efficiency of the system.

In some embodiments, processor 110 may include one or more interfaces. The interface may include an integrated circuit (I2C) interface, an integrated circuit built-in audio (I2S) interface, a Pulse Code Modulation (PCM) interface, a universal asynchronous receiver/transmitter (UART) interface, a mobile industry processor interface (mobile industry processor interface, MIPI), a general-purpose-input/output (GPIO) interface, a Subscriber Identity Module (SIM) interface, and/or a Universal Serial Bus (USB) interface, etc.

The I2C interface is a bidirectional synchronous serial bus comprising a serial data line (SDA) and a Serial Clock Line (SCL). In some embodiments, the processor 110 may include multiple sets of I2C buses. The processor 110 may be coupled to the touch sensor 180K, a charger, a flash, a camera 193, etc. through different I2C bus interfaces, respectively. For example: the processor 110 may be coupled to the touch sensor 180K through an I2C interface, so that the processor 110 and the touch sensor 180K communicate through an I2C bus interface to implement a touch function of the electronic device 100.

The I2S interface may be used for audio communication. In some embodiments, processor 110 may include multiple sets of I2S buses. The processor 110 may be coupled to the audio module 170 through an I2S bus to enable communication between the processor 110 and the audio module 170. In some embodiments, the audio module 170 may transmit the audio signal to the wireless communication module 160 through the I2S interface, so as to implement a function of receiving a call through a bluetooth headset.

The PCM interface may also be used for audio communication, sampling, quantizing and encoding analog signals. In some embodiments, the audio module 170 and the wireless communication module 160 may be coupled by a PCM bus interface. In some embodiments, the audio module 170 may also transmit the audio signal to the wireless communication module 160 through the PCM interface, so as to implement the function of answering a call through the bluetooth headset. Both the I2S interface and the PCM interface may be used for audio communication.

The UART interface is a universal serial data bus used for asynchronous communications. The bus may be a bidirectional communication bus. It converts the data to be transmitted between serial communication and parallel communication. In some embodiments, a UART interface is generally used to connect the processor 110 and the wireless communication module 160. For example: the processor 110 communicates with a bluetooth module in the wireless communication module 160 through a UART interface to implement a bluetooth function. In some embodiments, the audio module 170 may transmit the audio signal to the wireless communication module 160 through a UART interface, so as to implement the function of playing music through a bluetooth headset.

MIPI interfaces may be used to connect processor 110 with peripheral devices such as display screen 194, camera 193, and the like. The MIPI interface includes a Camera Serial Interface (CSI), a Display Serial Interface (DSI), and the like. In some embodiments, processor 110 and camera 193 communicate through a CSI interface to implement the capture functionality of electronic device 100. The processor 110 and the display screen 194 communicate through the DSI interface to implement the display function of the electronic device 100.

The GPIO interface may be configured by software. The GPIO interface may be configured as a control signal and may also be configured as a data signal. In some embodiments, a GPIO interface may be used to connect the processor 110 with the camera 193, the display 194, the wireless communication module 160, the audio module 170, the sensor module 180, and the like. The GPIO interface may also be configured as an I2C interface, an I2S interface, a UART interface, an MIPI interface, and the like.

The USB interface 130 is an interface conforming to the USB standard specification, and may be a Mini USB interface, a Micro USB interface, a USB Type C interface, or the like. The USB interface 130 may be used to connect a charger to charge the electronic device 100, and may also be used to transmit data between the electronic device 100 and a peripheral device. And the method can also be used for connecting a headset and playing audio through the headset. The interface may also be used to connect other electronic devices, such as AR devices and the like.

It should be understood that the interface connection relationship between the modules illustrated in the embodiments of the present application is only an illustration, and does not limit the structure of the electronic device 100. In other embodiments of the present application, the electronic device 100 may also adopt different interface connection manners or a combination of multiple interface connection manners in the above embodiments.

The charging management module 140 is configured to receive charging input from a charger. The charger may be a wireless charger or a wired charger. In some wired charging embodiments, the charging management module 140 may receive charging input from a wired charger via the USB interface 130. In some wireless charging embodiments, the charging management module 140 may receive a wireless charging input through a wireless charging coil of the electronic device 100. The charging management module 140 may also supply power to the electronic device through the power management module 141 while charging the battery 142.

The power management module 141 is used to connect the battery 142, the charging management module 140 and the processor 110. The power management module 141 receives input from the battery 142 and/or the charge management module 140 and provides power to the processor 110, the internal memory 121, the external memory, the display 194, the camera 193, the wireless communication module 160, and the like. The power management module 141 may also be used to monitor parameters such as battery capacity, battery cycle count, battery state of health (leakage, impedance), etc. In other embodiments, the power management module 141 may be disposed in the processor 110. In other embodiments, the power management module 141 and the charging management module 140 may be disposed in the same device.

The wireless communication function of the electronic device 100 may be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, a modem processor, a baseband processor, and the like.

The antennas 1 and 2 are used for transmitting and receiving electromagnetic wave signals. Each antenna in the electronic device 100 may be used to cover a single or multiple communication bands. Different antennas can also be multiplexed to improve the utilization of the antennas. For example: the antenna 1 may be multiplexed as a diversity antenna of a wireless local area network. In other embodiments, the antenna may be used in conjunction with a tuning switch.

The mobile communication module 150 may provide a solution including 2G/3G/4G/5G wireless communication applied to the electronic device 100. The mobile communication module 150 may include at least one filter, a switch, a power amplifier, a Low Noise Amplifier (LNA), and the like. The mobile communication module 150 may receive the electromagnetic wave from the antenna 1, filter, amplify, etc. the received electromagnetic wave, and transmit the electromagnetic wave to the modem processor for demodulation. The mobile communication module 150 may also amplify the signal modulated by the modem processor, and convert the signal into electromagnetic wave through the antenna 1 to radiate the electromagnetic wave. In some embodiments, at least some of the functional modules of the mobile communication module 150 may be disposed in the processor 110. In some embodiments, at least some of the functional modules of the mobile communication module 150 may be disposed in the same device as at least some of the modules of the processor 110.

The modem processor may include a modulator and a demodulator. The modulator is used for modulating a low-frequency baseband signal to be transmitted into a medium-high frequency signal. The demodulator is used for demodulating the received electromagnetic wave signal into a low-frequency baseband signal. The demodulator then passes the demodulated low frequency baseband signal to a baseband processor for processing. The low frequency baseband signal is processed by the baseband processor and then transferred to the application processor. The application processor outputs a sound signal through an audio device (not limited to the speaker 170A, the receiver 170B, etc.) or displays an image or video through the display screen 194. In some embodiments, the modem processor may be a stand-alone device. In other embodiments, the modem processor may be provided in the same device as the mobile communication module 150 or other functional modules, independent of the processor 110.

The wireless communication module 160 may provide a solution for wireless communication applied to the electronic device 100, including Wireless Local Area Networks (WLANs) (e.g., wireless fidelity (Wi-Fi) networks), bluetooth (bluetooth, BT), global Navigation Satellite System (GNSS), frequency Modulation (FM), near Field Communication (NFC), infrared (IR), and the like. The wireless communication module 160 may be one or more devices integrating at least one communication processing module. The wireless communication module 160 receives electromagnetic waves via the antenna 2, performs frequency modulation and filtering processing on electromagnetic wave signals, and transmits the processed signals to the processor 110. The wireless communication module 160 may also receive a signal to be transmitted from the processor 110, perform frequency modulation and amplification on the signal, and convert the signal into electromagnetic waves via the antenna 2 to radiate the electromagnetic waves.

In some embodiments, antenna 1 of electronic device 100 is coupled to mobile communication module 150 and antenna 2 is coupled to wireless communication module 160 so that electronic device 100 can communicate with networks and other devices through wireless communication techniques. The wireless communication technology may include global system for mobile communications (GSM), general Packet Radio Service (GPRS), code Division Multiple Access (CDMA), wideband Code Division Multiple Access (WCDMA), time-division code division multiple access (TD-SCDMA), long Term Evolution (LTE), fifth Generation wireless communication system (5g, the Generation of wireless communication system), BT, GNSS, WLAN, NFC, FM, and/or IR technology, etc. The GNSS may include a Global Positioning System (GPS), a global navigation satellite system (GLONASS), a beidou navigation satellite system (BDS), a quasi-zenith satellite system (QZSS), and/or a Satellite Based Augmentation System (SBAS).

The electronic device 100 implements display functions via the GPU, the display screen 194, and the application processor. The GPU is a microprocessor for image processing, and is connected to the display screen 194 and an application processor. The GPU is used to perform mathematical and geometric calculations for graphics rendering. The processor 110 may include one or more GPUs that execute program instructions to generate or alter display information.

The display screen 194 is used to display images, video, and the like. The display screen 194 includes a display panel. The display panel may adopt a Liquid Crystal Display (LCD), an organic light-emitting diode (OLED), an active-matrix organic light-emitting diode (active-matrix organic light-emitting diode, AMOLED), a flexible light-emitting diode (FLED), a miniature, a Micro-oeld, a quantum dot light-emitting diode (QLED), and the like. In some embodiments, the electronic device 100 may include 1 or N display screens 194, N being a positive integer greater than 1.

The electronic device 100 may implement a photographing function through the ISP, the camera 193, the video codec, the GPU, the display screen 194, and the application processor, etc.

The ISP is used to process the data fed back by the camera 193. For example, when a photo is taken, the shutter is opened, light is transmitted to the camera photosensitive element through the lens, the optical signal is converted into an electrical signal, and the camera photosensitive element transmits the electrical signal to the ISP for processing and converting into an image visible to naked eyes. The ISP can also carry out algorithm optimization on the noise, brightness and skin color of the image. The ISP can also optimize parameters such as exposure, color temperature and the like of a shooting scene. In some embodiments, the ISP may be provided in camera 193.

The camera 193 is used to capture still images or video. The object generates an optical image through the lens and projects the optical image to the photosensitive element. The photosensitive element may be a Charge Coupled Device (CCD) or a complementary metal-oxide-semiconductor (CMOS) phototransistor. The light sensing element converts the optical signal into an electrical signal, which is then passed to the ISP where it is converted into a digital image signal. And the ISP outputs the digital image signal to the DSP for processing. The DSP converts the digital image signal into an image signal in a standard RGB, YUV and other formats. In some embodiments, electronic device 100 may include 1 or N cameras 193, N being a positive integer greater than 1.

The digital signal processor is used for processing digital signals, and can process digital image signals and other digital signals. For example, when the electronic device 100 selects a frequency bin, the digital signal processor is used to perform fourier transform or the like on the frequency bin energy.

Video codecs are used to compress or decompress digital video. The electronic device 100 may support one or more video codecs. In this way, the electronic device 100 may play or record video in a variety of encoding formats, such as: moving Picture Experts Group (MPEG) 1, MPEG2, MPEG3, MPEG4, and the like.

The NPU is a neural-network (NN) computing processor that processes input information quickly by using a biological neural network structure, for example, by using a transfer mode between neurons of a human brain, and can also learn by itself continuously. Applications such as intelligent recognition of the electronic device 100 can be realized through the NPU, for example: image recognition, face recognition, speech recognition, text understanding, and the like.

The external memory interface 120 may be used to connect an external memory card, such as a Micro SD card, to extend the memory capability of the electronic device 100. The external memory card communicates with the processor 110 through the external memory interface 120 to implement a data storage function. For example, files such as music, video, etc. are saved in an external memory card.

The internal memory 121 may be used to store computer-executable program code, which includes instructions. The processor 110 executes various functional applications of the electronic device 100 and data processing by executing instructions stored in the internal memory 121. The internal memory 121 may include a program storage area and a data storage area. The storage program area may store an operating system, an application program (such as a sound playing function, an image playing function, and the like) required by at least one function, and the like. The storage data area may store data (such as audio data, phone book, etc.) created during use of the electronic device 100, and the like. In addition, the internal memory 121 may include a high-speed random access memory, and may further include a nonvolatile memory, such as at least one magnetic disk storage device, a flash memory device, a universal flash memory (UFS), and the like.

The electronic device 100 may implement audio functions via the audio module 170, the speaker 170A, the receiver 170B, the microphone 170C, the headphone interface 170D, and the application processor. Such as music playing, recording, etc.

The audio module 170 is used to convert digital audio information into an analog audio signal output and also to convert an analog audio input into a digital audio signal. The audio module 170 may also be used to encode and decode audio signals. In some embodiments, the audio module 170 may be disposed in the processor 110, or some functional modules of the audio module 170 may be disposed in the processor 110.

The speaker 170A, also called a "horn", is used to convert the audio electrical signal into an acoustic signal. The electronic apparatus 100 can listen to music through the speaker 170A or listen to a handsfree call.

The receiver 170B, also called "earpiece", is used to convert the electrical audio signal into an acoustic signal. When the electronic apparatus 100 receives a call or voice information, it is possible to receive voice by placing the receiver 170B close to the human ear.

The microphone 170C, also referred to as a "microphone," is used to convert sound signals into electrical signals. When making a call or transmitting voice information, the user can input a voice signal to the microphone 170C by speaking near the microphone 170C through the mouth. The electronic device 100 may be provided with at least one microphone 170C. In other embodiments, the electronic device 100 may be provided with two microphones 170C to achieve a noise reduction function in addition to collecting sound signals. In other embodiments, the electronic device 100 may further include three, four or more microphones 170C to collect sound signals, reduce noise, identify sound sources, and perform directional recording.

The earphone interface 170D is used to connect a wired earphone. The headset interface 170D may be the USB interface 130, or may be a 3.5mm open mobile electronic device platform (OMTP) standard interface, a cellular telecommunications industry association (cellular telecommunications industry association of the USA, CTIA) standard interface.

The pressure sensor 180A is used for sensing a pressure signal, and can convert the pressure signal into an electrical signal. In some embodiments, the pressure sensor 180A may be disposed on the display screen 194. The pressure sensor 180A can be of a wide variety, such as a resistive pressure sensor, an inductive pressure sensor, a capacitive pressure sensor, and the like. The capacitive pressure sensor may be a sensor comprising at least two parallel plates having an electrically conductive material. When a force acts on the pressure sensor 180A, the capacitance between the electrodes changes. The electronic device 100 determines the strength of the pressure from the change in capacitance. When a touch operation is applied to the display screen 194, the electronic apparatus 100 detects the intensity of the touch operation according to the pressure sensor 180A. The electronic apparatus 100 may also calculate the touched position from the detection signal of the pressure sensor 180A. In some embodiments, the touch operations that are applied to the same touch position but different touch operation intensities may correspond to different operation instructions. For example: and when the touch operation with the touch operation intensity smaller than the first pressure threshold value acts on the short message application icon, executing an instruction for viewing the short message. And when the touch operation with the touch operation intensity larger than or equal to the first pressure threshold value acts on the short message application icon, executing an instruction of newly building the short message.

The gyro sensor 180B may be used to determine the motion attitude of the electronic device 100. In some embodiments, the angular velocity of electronic device 100 about three axes (i.e., the x, y, and z axes) may be determined by gyroscope sensor 180B. The gyro sensor 180B may be used for photographing anti-shake. Illustratively, when the shutter is pressed, the gyro sensor 180B detects a shake angle of the electronic device 100, calculates a distance to be compensated for the lens module according to the shake angle, and allows the lens to counteract the shake of the electronic device 100 through a reverse movement, thereby achieving anti-shake. The gyroscope sensor 180B may also be used for navigation, somatosensory gaming scenes.

The air pressure sensor 180C is used to measure air pressure. In some embodiments, electronic device 100 calculates altitude from barometric pressure values measured by barometric pressure sensor 180C to assist in positioning and navigation.

The magnetic sensor 180D includes a hall sensor. The electronic device 100 may detect the opening and closing of the flip holster using the magnetic sensor 180D. In some embodiments, when the electronic device 100 is a flip, the electronic device 100 may detect the opening and closing of the flip according to the magnetic sensor 180D. And then according to the opening and closing state of the leather sheath or the opening and closing state of the flip cover, the automatic unlocking of the flip cover is set.

The acceleration sensor 180E may detect the magnitude of acceleration of the electronic device 100 in various directions (typically three axes). The magnitude and direction of gravity can be detected when the electronic device 100 is stationary. The method can also be used for recognizing the posture of the electronic equipment, and is applied to horizontal and vertical screen switching, pedometers and other applications.

A distance sensor 180F for measuring a distance. The electronic device 100 may measure the distance by infrared or laser. In some embodiments, taking a picture of a scene, the electronic device 100 may utilize the distance sensor 180F to range to achieve fast focus.

The proximity light sensor 180G may include, for example, a Light Emitting Diode (LED) and a light detector, such as a photodiode. The light emitting diode may be an infrared light emitting diode. The electronic device 100 emits infrared light to the outside through the light emitting diode. The electronic device 100 detects infrared reflected light from a nearby object using a photodiode. When sufficient reflected light is detected, it can be determined that there is an object near the electronic device 100. When insufficient reflected light is detected, the electronic device 100 may determine that there are no objects near the electronic device 100. The electronic device 100 can utilize the proximity sensor 180G to detect that the user holds the electronic device 100 close to the ear for talking, so as to automatically turn off the screen to save power. The proximity light sensor 180G may also be used in a holster mode, a pocket mode automatically unlocks and locks the screen.

The ambient light sensor 180L is used to sense the ambient light level. Electronic device 100 may adaptively adjust the brightness of display screen 194 based on the perceived ambient light level. The ambient light sensor 180L may also be used to automatically adjust the white balance when taking a picture. The ambient light sensor 180L may also cooperate with the proximity light sensor 180G to detect whether the electronic device 100 is in a pocket to prevent accidental touches.

The fingerprint sensor 180H is used to collect a fingerprint. The electronic device 100 can utilize the collected fingerprint characteristics to unlock the fingerprint, access the application lock, photograph the fingerprint, answer an incoming call with the fingerprint, and so on.

The temperature sensor 180J is used to detect temperature. In some embodiments, electronic device 100 implements a temperature processing strategy using the temperature detected by temperature sensor 180J. For example, when the temperature reported by the temperature sensor 180J exceeds a threshold, the electronic device 100 performs a reduction in performance of a processor located near the temperature sensor 180J, so as to reduce power consumption and implement thermal protection. In other embodiments, the electronic device 100 heats the battery 142 when the temperature is below another threshold to avoid abnormal shutdown of the electronic device 100 due to low temperature. In other embodiments, when the temperature is lower than a further threshold, the electronic device 100 performs a boost on the output voltage of the battery 142 to avoid abnormal shutdown due to low temperature.

The touch sensor 180K is also referred to as a "touch panel". The touch sensor 180K may be disposed on the display screen 194, and the touch sensor 180K and the display screen 194 form a touch screen, which is also called a "touch screen". The touch sensor 180K is used to detect a touch operation acting thereon or nearby. The touch sensor may communicate the detected touch operation to the application processor to determine the touch event type. Visual output associated with the touch operation may be provided via the display screen 194. In other embodiments, the touch sensor 180K may be disposed on a surface of the electronic device 100, different from the position of the display screen 194.

The bone conduction sensor 180M may acquire a vibration signal. In some embodiments, the bone conduction sensor 180M may acquire a vibration signal of the human vocal part vibrating the bone mass. The bone conduction sensor 180M may also contact the human pulse to receive the blood pressure pulsation signal. In some embodiments, the bone conduction sensor 180M may also be disposed in a headset, integrated into a bone conduction headset. The audio module 170 may analyze a voice signal based on the vibration signal of the bone mass vibrated by the sound part acquired by the bone conduction sensor 180M, so as to implement a voice function. The application processor can analyze heart rate information based on the blood pressure beating signal acquired by the bone conduction sensor 180M, so as to realize the heart rate detection function.

The keys 190 include a power-on key, a volume key, and the like. The keys 190 may be mechanical keys. Or may be touch keys. The electronic apparatus 100 may receive a key input, and generate a key signal input related to user setting and function control of the electronic apparatus 100.

The motor 191 may generate a vibration cue. The motor 191 may be used for incoming call vibration cues, as well as for touch vibration feedback. For example, touch operations applied to different applications (e.g., photographing, audio playing, etc.) may correspond to different vibration feedback effects. The motor 191 may also respond to different vibration feedback effects in response to touch operations applied to different areas of the display screen 194. Different application scenes (such as time reminding, receiving information, alarm clock, game and the like) can also correspond to different vibration feedback effects. The touch vibration feedback effect may also support customization.

Indicator 192 may be an indicator light that may be used to indicate a state of charge, a change in charge, or a message, missed call, notification, etc.

The SIM card interface 195 is used to connect a SIM card. The SIM card can be attached to and detached from the electronic device 100 by being inserted into the SIM card interface 195 or being pulled out of the SIM card interface 195. The electronic device 100 may support 1 or N SIM card interfaces, N being a positive integer greater than 1. The SIM card interface 195 may support a Nano SIM card, a Micro SIM card, a SIM card, etc. The same SIM card interface 195 can be inserted with multiple cards at the same time. The types of the plurality of cards may be the same or different. The SIM card interface 195 is also compatible with different types of SIM cards. The SIM card interface 195 is also compatible with external memory cards. The electronic device 100 interacts with the network through the SIM card to implement functions such as communication and data communication. In some embodiments, the electronic device 100 employs esims, namely: an embedded SIM card. The eSIM card can be embedded in the electronic device 100 and cannot be separated from the electronic device 100.

The software system of the electronic device 100 may employ a layered architecture, an event-driven architecture, a micro-core architecture, a micro-service architecture, or a cloud architecture. The embodiment of the present application takes an Android system with a hierarchical architecture as an example, and exemplarily illustrates a software structure of the electronic device 100.

Fig. 12 is a block diagram of a software structure of the electronic device 100 according to an embodiment of the present disclosure. The layered architecture divides the software into several layers, each layer having a clear role and division of labor. The layers communicate with each other through a software interface. In some embodiments, the Android system is divided into four layers, an application layer, an application framework layer, an Android runtime (Android runtime) and system library, and a kernel layer from top to bottom. The application layer may include a series of application packages.

As shown in fig. 12, the application package may include camera, gallery, calendar, phone call, map, navigation, WLAN, bluetooth, music, video, short message, etc. applications.

The application framework layer provides an Application Programming Interface (API) and a programming framework for the application program of the application layer. The application framework layer includes a number of predefined functions.

As shown in FIG. 12, the application framework layers may include a window manager, content provider, view system, phone manager, resource manager, notification manager, and the like.

The window manager is used for managing window programs. The window manager can obtain the size of the display screen, judge whether a status bar exists, lock the screen, intercept the screen and the like.

The content provider is used to store and retrieve data and make it accessible to applications. The data may include video, images, audio, calls made and received, browsing history and bookmarks, phone books, etc.

The view system includes visual controls such as controls to display text, controls to display pictures, and the like. The view system may be used to build applications. The display interface may be composed of one or more views. For example, the display interface including the short message notification icon may include a view for displaying text and a view for displaying pictures.

The phone manager is used to provide communication functions of the electronic device 100. Such as management of call status (including on, off, etc.).

The resource manager provides various resources for the application, such as localized strings, icons, pictures, layout files, video files, and the like.

The notification manager enables the application to display notification information in the status bar, can be used to convey notification-type messages, can disappear automatically after a short dwell, and does not require user interaction. Such as a notification manager used to notify download completion, message alerts, etc. The notification manager may also be a notification that appears in the form of a chart or scroll bar text at the top status bar of the system, such as a notification of a background running application, or a notification that appears on the screen in the form of a dialog window. For example, prompting text information in the status bar, sounding a prompt tone, vibrating the electronic device, flashing an indicator light, etc.

The Android Runtime comprises a core library and a virtual machine. The Android runtime is responsible for scheduling and managing an Android system.

The core library comprises two parts: one part is a function which needs to be called by java language, and the other part is a core library of android.

The application layer and the application framework layer run in a virtual machine. And executing java files of the application program layer and the application program framework layer into a binary file by the virtual machine. The virtual machine is used for performing the functions of object life cycle management, stack management, thread management, safety and exception management, garbage collection and the like.

The system library may include a plurality of functional modules. For example: surface managers (surface managers), media Libraries (Media Libraries), three-dimensional graphics processing Libraries (e.g., openGL ES), 2D graphics engines (e.g., SGL), and the like.

The surface manager is used to manage the display subsystem and provide a fusion of the 2D and 3D layers for multiple applications.

The media library supports a variety of commonly used audio, video format playback and recording, and still image files, among others. The media library may support a variety of audio-video encoding formats such as MPEG4, h.264, MP3, AAC, AMR, JPG, PNG, etc.

The three-dimensional graphic processing library is used for realizing three-dimensional graphic drawing, image rendering, synthesis, layer processing and the like.

The 2D graphics engine is a drawing engine for 2D drawing.

The kernel layer is a layer between hardware and software. The inner core layer at least comprises a display driver, a camera driver, an audio driver and a sensor driver.

The modules integrated by the electronic device 100 may be stored in a computer-readable storage medium if they are implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, all or part of the flow in the method of the embodiments described above can be realized by the present application, and the computer readable instructions can also be used for instructing the related hardware, and the computer readable instructions can be stored in a computer readable storage medium, and when the computer readable instructions are executed by a processor, the steps of the above-described embodiments of the method can be realized. Wherein the computer readable instructions comprise computer readable instruction code which may be in source code form, object code form, an executable file or some intermediate form, and the like. The computer-readable medium may include: any entity or device capable of carrying the computer readable instruction code, recording medium, U disk, removable hard disk, magnetic disk, optical disk, computer memory, read Only Memory (ROM), random Access Memory (RAM), etc.

The present embodiment also provides a computer storage medium, where computer instructions are stored in the computer storage medium, and when the computer instructions are run on an electronic device, the electronic device is caused to execute the above related method steps to implement the rights management method in the above embodiments.

The embodiment also provides a computer program product, which, when running on an electronic device, causes the electronic device to execute the relevant steps described above, so as to implement the rights management method in the above embodiment.

In addition, an apparatus, which may be specifically a chip, a component or a module, may include a processor and a memory connected to each other; the memory is used for storing computer execution instructions, and when the device runs, the processor can execute the computer execution instructions stored in the memory, so that the chip can execute the authority management method in the above method embodiments.

The electronic device, the computer storage medium, the computer program product, or the chip provided in this embodiment are all configured to execute the corresponding method provided above, so that the beneficial effects achieved by the electronic device, the computer storage medium, the computer program product, or the chip may refer to the beneficial effects in the corresponding method provided above, and are not described herein again.

Through the above description of the embodiments, it is clear to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be completed by different functional modules according to needs, that is, the internal structure of the device may be divided into different functional modules to complete all or part of the above described functions.

In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described device embodiments are merely illustrative, and for example, the division of the module or unit is only one logical division, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or integrated into another device, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may be one physical unit or a plurality of physical units, that is, may be located in one place, or may be distributed to a plurality of different places. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in the form of hardware, or may also be implemented in the form of a software functional unit.

The integrated unit, if implemented as a software functional unit and sold or used as a stand-alone product, may be stored in a readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially or partially contributed to by the prior art, or all or part of the technical solutions may be embodied in the form of a software product, where the software product is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, or the like) or a processor (processor) to execute all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, an optical disk, or other various media capable of storing program codes.

The above description is only an embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions within the technical scope of the present disclosure should be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. A method for managing authority is applied to a first electronic device, and is characterized in that the method for managing the authority comprises the following steps:

a first application program of the first electronic equipment requests to access a second system resource of a second electronic equipment;

receiving the authorization state of the second system resource to the first application program returned by the second electronic device;

and storing the authorization state of the second system resource to the first application program in a first authority database of the first electronic device.

2. The rights management method of claim 1, wherein the first electronic device is communicatively connected to a second electronic device.

3. The rights management method of any of claims 1-2, wherein an application identification of a second application of the second electronic device is consistent with an application identification of a first application of the first electronic device.

4. A rights management method according to any one of claims 1 to 3, characterized in that the rights management method further comprises:

and carrying out data synchronization on the first permission database and a second permission database of the second electronic equipment.

5. The rights management method according to any one of claims 1 to 4, characterized in that the rights management method further comprises:

and merging the authorization state in the first permission database according to the application identifier of the first application program and the application identifier of the second application program of the second electronic equipment.

6. The rights management method of claim 5, wherein if there is a conflict in the merge of authorization states in the first rights database, the rights management method further comprises:

displaying a conflict processing interface;

determining an authorization state of conflict occurrence in the first authority database according to conflict processing operation of a user on the conflict processing interface;

synchronizing the determined conflicting authorization status to a second permission database of the second electronic device.

7. The rights management method of any of claims 1-6, wherein after the first rights database of the first electronic device stores a status of authorization of the first application by the second system resource, the rights management method further comprises:

a first application program of the first electronic equipment requests to access a first system resource of the first electronic equipment, wherein the first system resource is consistent with the second system resource;

and acquiring the authorization state of the first system resource to the first application program from the first permission database.

8. The rights management method of claim 7, wherein after the first electronic device obtains the authorization status of the first application from the first rights database for the first system resource, the rights management method further comprises:

and controlling the access of the first application program to the first system resource according to the authorization state of the first system resource to the first application program.

9. The rights management method of any of claims 1-6, wherein after the first rights database of the first electronic device stores the state of authorization of the first application by the second system resource, the rights management method further comprises:

receiving an access request of a second application program of the second electronic equipment to a first system resource of the first electronic equipment, wherein the first system resource is consistent with the second system resource, and an application identifier of the first application program is consistent with an application identifier of the second application program;

obtaining the authorization state of the first system resource to the second application program from the first authority database;

and controlling the access of the second application program to the first system resource according to the authorization state of the first system resource to the second application program.

10. The rights management method according to any one of claims 1 to 6, wherein the rights management method further comprises:

and if the first application program does not exist in the first electronic equipment and the second application program does not exist in the second electronic equipment, deleting the authorization state corresponding to the first application program in the first permission database.

11. The rights management method of claim 1, wherein the authorization status comprises an application identification field, a resource identification field, a rights field, and/or an authorization status field.

12. A method for managing authority is applied to a second electronic device, and is characterized in that the method for managing the authority comprises the following steps:

receiving an access request of a first application program of first electronic equipment to a second system resource of second electronic equipment;

obtaining the authorization state of the second system resource to the first application program from a second authority database of the second electronic device;

determining an authorization status of the first application by the second system resource;

and sending the authorization state of the second system resource to the first application program to the first electronic equipment.

13. The rights management method of claim 12, wherein the first electronic device is communicatively connected to a second electronic device.

14. The rights management method of any of claims 12-13, wherein an application identification of a second application of the second electronic device is consistent with an application identification of a first application of the first electronic device.

15. The rights management method according to any one of claims 12 to 14, wherein the rights management method further comprises:

and carrying out data synchronization on the second permission database and the first permission database of the first electronic equipment.

16. The rights management method according to any one of claims 12 to 15, wherein the rights management method further comprises:

and merging the authorization states in the second permission database according to the application identifier of the first application program and the application identifier of the second application program.

17. The rights management method of claim 16, wherein if a conflict occurs with an authorization state merge in the second rights database, the rights management method further comprises:

displaying a conflict processing interface;

determining an authorization state of the conflict in the second authority database according to the conflict processing operation of the user on the conflict processing interface;

synchronizing the determined conflicting authorization status to a first permission database of the first electronic device.

18. The rights management method of claim 12, wherein said determining an authorization status of said first application by said second system resource comprises:

displaying a permission interaction interface of the first application program to the second system resource;

and determining the authorization state of the second system resource to the first application program in the second authority database according to the authority determination operation of the user on the authority interaction interface.

19. The rights management method of claim 12, wherein the rights management method further comprises:

a second application program of the second electronic equipment requests to access the second system resource, and the application identifier of the first application program is consistent with the application identifier of the second application program;

obtaining the authorization state of the second system resource to the second application program from the second authority database;

and controlling the access of the second application program to the second system resource according to the authorization state of the second system resource to the second application program.

20. The rights management method according to any one of claims 12 to 16, wherein the rights management method further comprises:

and if the second application program does not exist in the second electronic equipment and the first application program does not exist in the first electronic equipment, deleting the authorization state corresponding to the second application program in the second permission database.

21. The rights management method of any of claims 12-16, wherein the authorization status comprises an application identification field, a resource identification field, a rights field, and/or an authorization status field.

22. An electronic device comprising a processor and a memory; the memory to store instructions; the processor, configured to invoke instructions in the memory, to cause the electronic device to perform the rights management method of any of claims 1-11, or to cause the electronic device to perform the rights management method of any of claims 12-21.

23. A computer-readable storage medium storing at least one instruction which, when executed by a processor, implements a rights management method as claimed in any one of claims 1 to 11, or which, when executed by a processor, implements a rights management method as claimed in any one of claims 12 to 21.