CN115203754B - Scene mode management device, initialization method, and scene mode switching method - Google Patents

Scene mode management device, initialization method, and scene mode switching method Download PDF

Info

Publication number
CN115203754B
CN115203754B CN202211112977.3A CN202211112977A CN115203754B CN 115203754 B CN115203754 B CN 115203754B CN 202211112977 A CN202211112977 A CN 202211112977A CN 115203754 B CN115203754 B CN 115203754B
Authority
CN
China
Prior art keywords
user
password
scene mode
scene
isolated
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211112977.3A
Other languages
Chinese (zh)
Other versions
CN115203754A (en
Inventor
刘闻欢
闫博文
李鹤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Uniontech Software Technology Co Ltd
Original Assignee
Uniontech Software Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Uniontech Software Technology Co Ltd filed Critical Uniontech Software Technology Co Ltd
Priority to CN202211112977.3A priority Critical patent/CN115203754B/en
Publication of CN115203754A publication Critical patent/CN115203754A/en
Application granted granted Critical
Publication of CN115203754B publication Critical patent/CN115203754B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2105Dual mode as a secondary aspect

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • General Business, Economics & Management (AREA)
  • Business, Economics & Management (AREA)
  • Mathematical Physics (AREA)
  • Automation & Control Theory (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a scene mode management device, an initialization method and a scene mode switching method, relates to the technical field of system security, and can solve the technical problem that an existing operating system is difficult to provide effective isolation environments for different members. The scene mode management device includes: the scene mode management module is used for providing a scene mode management interface; the configuration file management module is used for analyzing and modifying the scene configuration file; the pluggable authentication module authenticates a user password when a user logs in an operating system, reads a system directory to be isolated from a scene configuration file in response to the opening of a user session when a scene mode is started after the authentication is passed, creates a corresponding name space, and mounts the system directory to be isolated corresponding to the current scene mode into the created name space to realize isolation. According to the technical scheme of the invention, an effective isolation environment can be provided for different members of the operating system.

Description

Scene mode management device, initialization method, and scene mode switching method
Technical Field
The present invention relates to the field of system security technologies, and in particular, to a scene mode management device, an initialization method, and a scene mode switching method.
Background
With the popularization and the continuous improvement of functions of smart phones, functions which originally need to be completed by a personal computer can be realized on the smart phones nowadays. In other words, in the daily life of people, the position of a personal computer is gradually replaced by a smart phone, and the demand of people for the number of personal computers gradually changes from one original person to one shared by multiple people.
In a use place such as a home, different members have different functional demands on a personal computer, and people do not want to share private data such as personal use records with others. Thus, there is a need for an operating system in a personal computer to provide a mechanism to isolate the use environments of different members.
Disclosure of Invention
To this end, the present invention provides a scene mode management apparatus, an initialization method, and a scene mode switching method in an effort to solve or at least alleviate at least one of the problems presented above.
According to a first aspect of the present invention, there is provided a scene mode management apparatus comprising: the scene mode management module is used for providing a scene mode management interface, and the scene mode comprises a plurality of preset modes; the configuration file management module is used for analyzing and modifying a scene configuration file, and the scene configuration file is used for describing the system directories to be isolated corresponding to the preset modes; the pluggable authentication module is used for performing password authentication on a user password based on an accessed authentication mode when a user logs in an operating system, reading a system directory to be isolated corresponding to a current scene mode from a scene configuration file in response to the opening of a user session under the condition that the scene mode is started after the password authentication is passed, creating a corresponding name space, and mounting the system directory to be isolated corresponding to the current scene mode into the created name space to realize isolation.
Optionally, in the scene mode management apparatus according to the present invention, the number of the system directories included in the system directory to be isolated is one or more.
Optionally, in the scene mode management apparatus according to the present invention, the system directory to be isolated includes at least one of the following system directories: a home directory; an installed application system catalog; a network configuration system directory; and a firewall system directory.
Optionally, in the scene mode management device according to the present invention, the plurality of preset modes include at least one of: an old age mode in which applications outside the first application white list are prohibited from being used, application installation and uninstallation functions are prohibited, a firewall is configured, and access to malicious websites is denied; a teenager mode, in which applications outside the second application white list are prohibited from being used, application installation and uninstallation functions are prohibited, a firewall is configured, and access to a malicious website is denied; a working mode, in which VPN connection is enabled by default and the connection state of the VPN is monitored, if the offline duration of the VPN exceeds a preset value, an operating system is cancelled, a firewall is configured and access to a game website and a malicious website is forbidden; an entertainment mode in which display enhancement and high performance modes are turned on by default; and a maintenance mode, which is used for data isolation when the user equipment is maintained.
Optionally, the scene mode management apparatus according to the present invention further includes: the password verification module is used for requesting a user to set a password when the scene mode management device is started for the first time and receiving the password set by the user as an initial password; and responding to a scene mode switching request of a user, prompting the user to input a password, and performing authentication on the password input by the user based on the initial password so as to allow the user to use the management interface to perform scene mode management under the condition that the password input by the user passes the authentication.
Optionally, in the scene mode management apparatus according to the present invention, the management interface of the scene mode includes an enabling interface and a switching interface, and the switching interface is used for enabling and switching the scene mode, and the switching interface is only allowed to be used when the user inputs a password and the authentication is passed.
According to a second aspect of the present invention, there is provided an initialization method performed by the scene mode management apparatus as described above, the initialization method comprising: when the scene mode management device is started for the first time, requesting a user to set a password, and receiving the password set by the user as an initial password; obtaining a corresponding initial password abstract according to the initial password; and saving the initial password abstract and starting a scene mode switching function.
According to a third aspect of the present invention, there is provided a scene mode switching method performed by the scene mode management apparatus as described above, the scene mode switching method comprising: responding to a scene mode switching request of a user, prompting the user to input a password, and receiving the password input by the user; obtaining a corresponding user password abstract according to a password input by a user; verifying the user password abstract according to the initial password abstract; if the user password abstract is consistent with the initial password abstract, the verification is passed, and the scene mode switching request of the user is allowed; and if the user password abstract is inconsistent with the initial password abstract, the verification fails, and the scene mode switching request of the user is refused.
According to a fourth aspect of the present invention, there is provided a user login method performed by the scene mode management apparatus as described above, the user login method comprising: responding to a system login request of a user, and prompting the user to input a password; receiving a password input by a user, and performing summary calculation on the password to obtain a corresponding password summary; performing password verification by using the password abstract; if the password is not verified, rejecting the system login request of the user; if the password passes the verification, allowing a system login request of a user, starting and creating a session, reading a scene configuration file to obtain a corresponding system directory to be isolated, creating a name space, and mounting the system directory to be isolated into the name space to realize isolation.
According to a fifth aspect of the invention, there is provided a computing device comprising: at least one processor and a memory storing program instructions; the program instructions, when read and executed by the processor, cause the computing device to perform any of the initialization method, the scene mode switching method, and the user login method described above.
According to a sixth aspect of the present invention, there is provided a readable storage medium storing program instructions that, when read and executed by a computing device, cause the computing device to execute any one of the initialization method, the scene mode switching method, and the user login method described above.
The scene mode management device, the initialization method, the scene mode switching method and the user login method enable the operating system to isolate the use environments of different users.
Drawings
To the accomplishment of the foregoing and related ends, certain illustrative aspects are described herein in connection with the following description and the annexed drawings, which are indicative of various ways in which the principles disclosed herein may be practiced, and all aspects and equivalents thereof are intended to be within the scope of the claimed subject matter. The above and other objects, features and advantages of the present disclosure will become more apparent from the following detailed description read in conjunction with the accompanying drawings. Throughout this disclosure, like reference numerals generally refer to like parts or elements.
Fig. 1 shows a schematic block diagram of a scene mode management apparatus 100 according to an embodiment of the present invention;
FIG. 2 illustrates an exemplary process diagram of initialization by the scene mode management device according to an embodiment of the present invention;
fig. 3 illustrates an exemplary process diagram of scene mode switching by the scene mode management device according to the embodiment of the present invention;
FIG. 4 is a diagram illustrating an exemplary process of a scene mode management device performing a user login according to an embodiment of the present invention;
FIG. 5 shows a schematic diagram of a computing device, according to one embodiment of the invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
In the existing operating systems such as Linux and Windows, the multi-user mode is a simple isolation method, and different accounts have different home directories by configuring different accounts for different members. In the above method, different accounts are typically created for members by an administrator of the operating system, and different home directories are created named by user names; in addition, the administrator can set different access control strategies for different home directories, and only allows the same-name user to access; when a different user logs in, the same directory is used as the home directory, and the operating system use data is stored in the home directory. In the method, the current user does not have access right to the home directories of other users, so that the privacy data of other users cannot be peered.
However, the present inventors found that the above multi-user mode isolation method can only ensure the isolation of the home directory, and other system directories in the system are shared, and cannot achieve the isolation of the application, because the application is not installed in the home directory; in addition, the home directory in the method is protected through the access control policy, and if the user has the role of an administrator, the access control policy can still be bypassed, and the privacy of other users can still be peered.
Thus, an embodiment of the present invention provides a scene mode management apparatus, including: the scene mode management module is used for providing a scene mode management interface, and the scene mode comprises a plurality of preset modes; the configuration file management module is used for analyzing and modifying a scene configuration file, and the scene configuration file is used for describing the system directories to be isolated corresponding to the plurality of preset modes; the pluggable authentication module is used for carrying out password authentication on a user password based on an accessed authentication mode when a user logs in an operating system, reading a system directory to be isolated corresponding to a current scene mode from a scene configuration file in response to the starting of a user session under the condition that the scene mode is enabled after the password authentication is passed, creating a corresponding name space, and mounting the system directory to be isolated corresponding to the current scene mode into the created name space to realize isolation.
According to an embodiment of the present invention, there is provided a scene mode management apparatus. Fig. 1 shows a schematic block diagram of a scene mode management device 100 according to an embodiment of the present invention. As shown in fig. 1, the scene mode management apparatus 100 includes a scene mode management module 110, a profile management module 120, and a pluggable authentication module 130.
As shown in fig. 1, the scene mode management module 110 is configured to provide a management interface for a scene mode, where the scene mode includes a plurality of preset modes.
The management interface includes, for example, an enabling interface and a switching interface for enabling and switching the scene mode, wherein the switching interface of the scene mode allows use only in a case where the user input password passes authentication (i.e., the user input password coincides with an initial password set by the administrator in advance). In addition, the management interface may also include other functional interfaces, which are not described in detail herein.
In the embodiment of the present invention, the profile management module 120 is configured to parse the scene profile, and optionally, modify the scene profile.
The scene configuration file is a file used for describing the system directory to be isolated corresponding to each of the plurality of preset modes. Of course, besides describing the to-be-isolated system directories corresponding to the plurality of preset modes, the scene configuration file may also include contents describing other information.
As an example, the scene profile may be a profile in YAML format for enabling and switching of scene modes.
According to an embodiment of the present invention, the scene configuration file may include, for example, version information of the current scene configuration file.
Further, in the scene configuration file, for example, state information of the scene mode, such as enabled or not enabled, may be contained.
According to an embodiment of the present invention, the scene configuration file may include, for example, a current scene mode and a corresponding isolated system directory, i.e., a to-be-isolated system directory. Wherein the current scene mode is one of a plurality of preset modes.
In one example, one scene configuration file may include all the preset modes and the system directories to be isolated corresponding to each preset mode, so that by modifying the current scene mode in the scene configuration file, the system directories to be isolated of the current scene mode may be determined by reading one scene configuration file.
In another example, different preset modes may also be described by different scene profiles. For example, the first scene configuration file is used to describe a first preset mode and a corresponding to-be-isolated system directory, the second scene configuration file is used to describe a second preset mode and a corresponding to-be-isolated system directory, and so on. In this way, the to-be-isolated system directory of the current scene mode may be determined by using another configuration file for describing the current scene mode (for example, the current scene mode in the file may be modified to any one of the plurality of preset modes), and by combining the scene configuration file corresponding to the preset mode.
According to the embodiment of the invention, in the scene configuration file, the system directory to be isolated can be described through the system directory original path, the system directory isolation path prefix, the user list ignoring directory isolation and the script executed after isolation. For example, for any to-be-isolated system directory A x (hereinafter abbreviated as directory A) x ) Can be defined by defining a directory A x Original path, directory A x Isolated path prefix, ignore directory a x The isolated user list and the script executed after the isolation.
Furthermore, according to an embodiment of the present invention, a personalized configuration of the scene mode may also be set in the scene profile, for example, the personalized configuration may include a mode name, a maximum system usage time (i.e., a maximum time allowed to be used), a firewall setting, and the like.
According to the embodiment of the invention, one or more system directories in the system directory to be isolated can be used.
According to embodiments of the invention, the system directory to be isolated may be one or more of the predetermined system directories. The predetermined system catalog may include, but is not limited to: a home directory; a system directory of installed applications; a system directory of network configurations; and firewall system directories, etc.
In addition, according to an embodiment of the present invention, the plurality of preset modes may be any one or more of an old age mode, a teenage mode, a work mode, an entertainment mode, a maintenance mode, and the like.
In the old age mode, only the applications on the first application white list can be used, and the applications outside the first application white list are forbidden to be used; applications are not allowed to be installed and are not allowed to be uninstalled (for example, an application store and an application installer can be blacklisted), so that the old people are prevented from being attacked by malicious applications; a firewall is configured and access to malicious websites, such as those that are pre-set or detected or otherwise obtained, is denied. The first application white list is an application white list corresponding to the old age mode, and the application list included in the first application white list can be set according to experience or actual requirements.
In the teenager mode, only the application on the second application white list can be used, and the application outside the second application white list is forbidden to be used; not allowing the application to be installed, nor uninstalled (e.g., application store, application installer may be blacklisted), protecting teenagers from malicious applications; configuring a firewall and refusing to access a malicious website; malicious websites are, for example, preset or detected or otherwise obtained. The second application white list is an application white list corresponding to the teenager mode, and the application list included in the second application white list can be set according to experience or actual requirements.
In the working mode, the VPN connection is started by default and the connection state of the VPN is monitored, and if the offline duration of the VPN exceeds a preset value, the operating system is cancelled, so that data leakage is prevented; configuring a firewall and forbidding access to a game website and a malicious website; the gaming website and/or malicious website are, for example, pre-set, or detected or otherwise obtained. The preset value may be set empirically or determined experimentally, for example, and will not be described in detail here.
And in the entertainment mode, the display enhancement and high-performance mode is started by default, so that the entertainment experience is improved.
In addition, the maintenance mode is used for data isolation in the maintenance of the user equipment; if the mobile terminal is returned to the factory for maintenance, the mode can be switched to, so that the data of the user can be protected under the condition that the operation of maintenance personnel is not influenced.
Besides, for the various modes, the system directory to be isolated and the personalized configuration corresponding to each mode can be set or changed in a personalized manner.
As an example, the directories of the system to be isolated corresponding to different preset modes may be the same or different.
In an example, the to-be-isolated system directories corresponding to any two different preset modes may be different, for example, the to-be-isolated system directories corresponding to the first preset mode are A1, A2, and A3, and the to-be-isolated system directories corresponding to the second preset mode are A1, A2, and A4; for another example, the system directories to be isolated corresponding to the first preset mode are A1, A2, and A3, and the system directories to be isolated corresponding to the second preset mode are A4, A5, and A6.
In another example, the system directories to be isolated corresponding to all the preset modes may be the same, for example, the system directories to be isolated corresponding to each preset mode are A1, A2, and A3.
Therefore, even for the same system catalog, the system catalog can be isolated from each other under different scene modes, and different contents can be displayed.
An exemplary description of a scene profile is given below, the definition and meaning of the exemplary scene profile is as follows:
# configuration File version
version: 1.0
Whether # scene mode is enabled
enabled: true
# current scene mode, available values are: entertainment mode (normal), old age mode (old), work mode (work), teenager mode (child), maintenance mode (maintenance)
scene_mode: "normal"
# isolated System directory, multiple configurable
poly_dirs:
-
# System directory original Path
poly_dir: "/usr/share/applications"
# System directory isolation Path Prefix
poly_inst_dir: "/usr/share/applications.inst/"
# ignore user List of directory isolation
ignore_user: "root,lightdm"
# script executed after isolation
hooks:
-
"app_white.sh"
-
poly_dir: "$HOME"
poly_inst_dir: "$HOME/$USER.inst/"
ignore_user: "root,lightdm"
# mode personalization configuration
mode_list:
-
# Pattern name
name: "normal"
# maximum System time of use
max_usage_time: 0
# Firewall
firewall:
- "-t mangle -D OUTPUT -j SCENE"
- "-t mangle -F SCENE"
- "-t mangle -X SCENE"
According to the embodiment of the present invention, when a user logs in an operating system, the system requests (or prompts) the user to input a password, the system receives the password as a user password, and the pluggable authentication module 130 can perform password authentication on the user password based on an accessed authentication manner; after the password authentication is passed, in the case that the scene mode is enabled, in response to the opening of the user session, the pluggable authentication module 130 reads the system directory to be isolated corresponding to the current scene mode from the scene configuration file, creates a corresponding namespace, and mounts the system directory to be isolated corresponding to the current scene mode into the created namespace to implement isolation.
According to the embodiment of the present invention, if the pluggable authentication module 130 fails to perform the password authentication on the user password, the user cannot complete the login.
In the embodiment of the present invention, the Pluggable Authentication module 130 may be a PAM module that implements a PAM (Pluggable Authentication Modules) session interface, and is used to configure a multi-directory isolation environment when a user logs in; in other words, the pluggable authentication module 130 may be implemented using a PAM module with a session interface. When the user session is opened, the pluggable authentication module 130 may read the system directory to be isolated from the scene configuration file, create a namespace (namespace) under the condition that the scene mode is opened, and mount (mount) the configured directory into the namespace, thereby implementing directory isolation.
The PAM is an authentication framework, and can access any authentication mode through the provided API. The name space is a method for isolating kernel level environment, and provides an isolation mechanism for UTS, IPC, mount, PID, network, user and other system directories.
In this way, when the scene mode is enabled and one of the preset modes has been selected as the current scene mode, the pluggable authentication module 130 can configure the isolation environment corresponding to the current scene mode for the user according to the scene configuration file.
The namespace may be created using a unshare (CLONE _ NEWNS) function, for example, or may be created in other ways, which are not described in detail herein.
It should be noted that in operating systems such as Linux, a namespace may be used to represent the views seen from different process perspectives. The resources or process tables seen by processes of different namespaces are different; while different processes in the same namespace see the same resource.
For example, an mnt namespace (mnt namespace) may provide an independent file system view for a process. When a CLONE function or unshared function has a CLONE _ NEWNS flag, a new mount namespace is created in the sub-process. A new mount namespace is a copy of the parent mount namespace, but invoking a mount-mounted file system in a child process will occur only on the new mount namespace, independent of the parent process' mount namespace.
Based on the principle, when the user session is opened, the unshared function with CLONE _ NEWNS is used for creating the user session process, and then the user session process has an independent mount namespace, namely an independent file system. And then, executing mount operation of the directory to be isolated in the process of the user session, namely enabling the user session to have the isolated file system.
According to an embodiment of the present invention, the scene mode management device 100 may further include at least one of a password authentication module 140 and a user interface module 150.
It should be noted that the dashed boxes in fig. 1 indicate that the corresponding modules are optional, but not necessary.
As an example, when the scene mode management apparatus is first started, the password authentication module 140 requests the user to set a password and receives the password set by the user as an initial password.
Further, in response to a scene mode switching request of the user (as an example of scene mode management), the password authentication module 140 prompts the user to input a password, authenticates the password input by the user based on the initial password, and allows the user to perform scene mode switching using the management interface in the case where the password input by the user passes the authentication (as an example of scene mode management).
For example, when the password input by the user is consistent with the initial password, the password input by the user is judged to pass the identity authentication; and when the password input by the user is inconsistent with the initial password, judging that the password input by the user fails to pass the authentication.
The initial password may be pre-stored in the password authentication module 140, for example. Alternatively, the initial password may be set by the administrator when the scene mode management device initializes the scene change function.
The user interface module 150 is a graphical interface for providing different predetermined modes for selection by a user (e.g., an administrator).
Fig. 2 shows a process flow of the scene mode management apparatus for initializing the scene switching function according to the embodiment of the present invention.
As shown in fig. 2, when the scene mode management apparatus is first started, a password needs to be configured for authentication in scene mode management (e.g., scene mode switching).
A user who performs the initialization of the scene switching function is used as an administrator user (hereinafter, referred to as an administrator), when the user starts the scene mode switching function, a scene mode switching interface (equivalent to a user interface module hereinafter) requests the administrator to set a password, and the password set by the administrator is used as an initial password; and performing digest calculation on the initial password to obtain a corresponding password digest as the initial password digest, wherein the digest calculation process can be implemented by any existing digest calculation method, and details are not repeated here. The scene mode switching interface sends the obtained initial password abstract to a scene mode switching service for storage so as to complete the starting of a scene mode switching function; and the scene mode switching service returns the starting result to the administrator through the scene mode switching interface.
It should be noted that the scene mode switching service shown in fig. 2 refers to, for example, other components except for a user interface module described below in the scene mode management device according to the embodiment of the present invention; in other words, if the user interface module according to the embodiment of the present invention is regarded as a two-part composition, one part is the user interface module, and the other part is all the other modules except the user interface module.
In this way, the initial password digest may be saved by the password authentication module, or may also be saved by other modules in the scene mode management apparatus, such as the scene mode management module.
The opening result is, for example, success of opening or failure of opening. For example, some limiting conditions (character limitation, word number limitation, etc.) can be preset to determine whether the opening is successful; in other words, the scene mode switching function can be successfully started by the password digest obtained by the password which meets the preset limiting condition, and the function cannot be started by the password digest obtained by the password which does not meet the preset limiting condition. In addition, other manners may also be adopted to determine whether the starting is successful, and details are not described here.
Thus, after the administrator sets the initial password (or the initial password is pre-stored), when the user wants to switch the current scene mode, the user needs to input the password to verify the identity of the user, that is, to verify whether the user is the administrator or the user authorized by the administrator; if the password is consistent with the initial password (such as the password set by an administrator during initialization), the authentication is passed, otherwise, the authentication fails. And if the verification fails, the scene mode is not allowed to be switched, and the scene mode is allowed to be switched only if the verification passes, so that the scene mode can be modified only after the authorization passes.
It should be understood that, in other examples, the processing performed by the user interface module may also be performed by other modules in the scene mode management apparatus, such as the scene mode management module, and the like, and can achieve the same functions and effects. For example, the process of requesting the user to set the password by the user interface module may also be implemented by the scene mode management module or other modules, for example, the scene mode management module or other modules may be provided with a keyboard (which may be a computer keyboard or other physical keyboard) for the user to input (or set) the password, optionally, the keyboard may be provided with a prompt lamp to prompt the user when to input (or set), and so on.
Fig. 3 shows an exemplary process flow for switching scene modes.
As shown in fig. 3, a user (such as the administrator shown in fig. 3, or possibly other users) wants to switch the current scene mode, and the scene mode switching interface requests the user to enter a password for authentication. For example, the password input by the user at this time can be calculated by the above-mentioned digest calculation method, the password digest obtained at this time is verified and compared with the password digest corresponding to the initial password (i.e. the initial password digest), and if the password digest is consistent with the password digest, the verification is successful; otherwise, the verification fails.
When the verification fails, the switching fails, that is, the user is not allowed to switch the scene mode.
When the authentication is successful, the user is allowed to perform scene mode switching.
FIG. 4 illustrates an exemplary process flow for a user logging into an operating system.
As shown in fig. 4, when the user logs in the operating system, the PAM authentication module verifies the password input by the user. For example, the password is subjected to digest calculation by using an algorithm corresponding to the access authentication mode to obtain a corresponding password digest, and then the password digest is verified: if the password verification is not passed, the authentication fails, and the login cannot be performed; if the password passes the verification, the authentication is successful (namely the authentication passes), the PAM authentication module opens the session, the PAM session module creates the session, and the scene configuration file is read through the scene mode PAM session module to obtain a corresponding directory list (namely the corresponding system directory to be isolated).
After the directory list is obtained, a namespace is created, for example, by an unshare command (or other command or system call), so that all directories in the directory list are mounted in the newly created namespace, isolation of the directories is realized, and user login is completed.
It should be noted that, in the example shown in fig. 4, the functions of the three modules, PAM authentication module, PAM session module, and scene mode PAM session module, may be implemented by the pluggable authentication module described above. For example, three sub-modules, namely a first sub-module, a second sub-module and a third sub-module, may be provided in the pluggable authentication module, so that the function and process of the PAM authentication module are implemented by the first sub-module, the function and process of the PAM session module are implemented by the second sub-module, and the function and process of the scene mode PAM session module are implemented by the third sub-module.
According to the scene mode management device provided by the embodiment of the invention, the corresponding system directory to be isolated is mounted in the created name space by using the characteristics of the name space, so that the isolation of the directory is realized; in addition, through a hook (hooks) mechanism, the content of the system directory to be isolated in different scene modes can be customized, and the requirements of personalization and safety management are met.
The embodiment of the invention also provides a scene mode management method, wherein the scene mode comprises a plurality of preset modes, and the scene mode management method comprises the following steps: when a user logs in an operating system, under the condition that a scene mode is started and one of a plurality of preset modes is selected as a current scene mode, determining a system directory to be isolated corresponding to the current scene mode by analyzing a scene configuration file so as to configure an isolation environment corresponding to the current scene mode; the management interface of the scene mode comprises an enabling interface and a switching interface, and is used for enabling and switching the scene mode, and the switching interface is only allowed to be used under the condition that a user inputs a password and passes identity authentication; the scene configuration file is used for describing the system directories to be isolated corresponding to the preset modes respectively.
In the method, when a user logs in an operating system, under the condition that a scene mode is enabled and one of a plurality of preset modes is selected as a current scene mode, a system directory to be isolated corresponding to the current scene mode is determined by analyzing a scene configuration file so as to configure an isolation environment corresponding to the current scene mode.
The management interface of the scene mode comprises an enabling interface and a switching interface, and is used for enabling and switching the scene mode, and the switching interface is only allowed to be used when a user inputs a password and passes identity authentication; the scene configuration file is used for describing the system directories to be isolated corresponding to the preset modes respectively.
As an example, before determining the to-be-isolated system directory corresponding to the current scene mode by parsing the scene configuration file, the method may further include: and authenticating the user password based on the authentication mode accessed by the pluggable authentication module.
As an example, the isolation environment corresponding to the current scene mode may be configured as follows: under the condition that the user password authentication is passed, in response to the opening of a user session, reading a system directory to be isolated corresponding to the current scene mode from a scene configuration file, creating a corresponding name space, and mounting the system directory to be isolated corresponding to the current scene mode into the created name space to realize isolation.
As an example, the system directory to be isolated may include one or more system directories.
As an example, the to-be-isolated system catalog may include at least one of: a home directory; an installed application system directory; a network configuration system directory; and a firewall system directory.
As an example, the plurality of preset modes may include at least one of: an old age mode in which applications outside the first application white list are prohibited from being used, application installation and uninstallation functions are prohibited, a firewall is configured, and access to malicious websites is denied; a teenager mode, in which applications outside the second application white list are prohibited from being used, application installation and uninstallation functions are prohibited, a firewall is configured, and access to a malicious website is denied; a working mode, in which VPN connection is enabled by default and the connection state of the VPN is monitored, if the offline duration of the VPN exceeds a preset value, an operating system is cancelled, a firewall is configured and access to a game website and a malicious website is forbidden; an entertainment mode in which display enhancement and high performance modes are turned on by default; and a maintenance mode, which is used for data isolation when the user equipment is maintained.
As an example, the scene mode management method may further include: and when the mobile terminal is started for the first time, prompting a user to set a password, and using the set password for the identity authentication.
For a part of the scene mode management method according to an embodiment of the present invention, please refer to the detailed description about the device embodiment above.
According to the scene mode management device and the scene mode management method provided by the embodiment of the invention, a scene mode switching technology based on a name space is provided, different scene modes such as an old age mode, a working mode, an entertainment mode, a teenager mode, a maintenance mode and the like are preset, and the same directories are mutually isolated in different modes through a name space isolation system directory, so that different contents are displayed.
The technology of the invention can configure a plurality of system directories as the system directories to be isolated, and can provide complete isolation environments for different modes, including but not limited to home directories, installed applications, network configuration, firewalls and the like.
The technology of the invention uses the namespace to isolate the system directory, ensures the isolation of the system directory under different scene modes, and can not check the data under other modes even if the administrator has the authority.
The technology of the invention can be configured with a plurality of scene modes, and can meet the requirements of different members and the return to the factory for maintenance.
In addition, the technology of the invention uses a single user, which can avoid the management problem of multiple users.
An embodiment of the present invention further provides an initialization method, which is executed by the scene mode management apparatus as described above. The initialization method is similar to the exemplary process of initializing the scene mode management device described above in conjunction with fig. 2, and can achieve similar technical effects.
Referring to fig. 2, in the initialization method, when the scene mode management apparatus is first started, a user is requested to set a password, and the password set by the user is received as an initial password.
And then, acquiring a corresponding initial password abstract according to the initial password.
And saving the initial password abstract and starting a scene mode switching function.
In addition, an embodiment of the present invention further provides a scene mode switching method, which is executed by the scene mode management apparatus as described above. The scene mode switching method is similar to the exemplary process of performing scene mode switching by the scene mode management device described above with reference to fig. 3, and can achieve similar technical effects.
Referring to fig. 3, in response to a scene mode switching request of a user, the user is prompted to input a password and the password input by the user is received.
And then, acquiring a corresponding user password abstract according to the password input by the user.
The user password digest is then verified based on the initial password digest.
And if the user password abstract is consistent with the initial password abstract, the verification is passed, and the scene mode switching request of the user is allowed.
If the user password digest is not consistent with the initial password digest, the authentication fails, and the scene mode switching request of the user is rejected (for example, the entry corresponding to the alt tag in fig. 3).
In addition, the embodiment of the invention also provides a user login method, which is executed by the scene mode management device. The user login method is similar to the exemplary process of performing user login by the scene mode management device described above with reference to fig. 4, and can achieve similar technical effects.
Referring to fig. 4, in response to a system login request of a user, the user is prompted to enter a password.
And receiving a password input by a user, and performing summary calculation on the password to obtain a corresponding password summary.
Then, password verification is performed using the password digest.
If the password authentication is not passed, the system login request of the user is rejected (for example, the entry corresponding to the alt tag in fig. 4).
And if the password passes the verification, allowing a system login request of a user, starting and creating a session, reading the scene configuration file to obtain a corresponding system directory to be isolated, creating a name space, and mounting the system directory to be isolated into the name space to realize isolation.
It should be noted that the alt labels in fig. 3 and 4 indicate corresponding alternatives, that is, indicate alternatives.
In the above-described scene mode management apparatus and the above-described methods according to an embodiment of the present invention, the operating system may be, for example, a Linux operating system, or may be any other operating system to which the above-described scene mode management apparatus and the above-described methods can be applied.
The methods of the present invention may be performed in a computing device. The computing device may be any device with storage and computing capabilities, and may be implemented, for example, as a server, a workstation, or the like, as a personal computer such as a desktop computer or a notebook computer, or as a terminal device such as a mobile phone, a tablet computer, a smart wearable device, or an internet of things device, but is not limited thereto.
FIG. 5 shows a schematic diagram of a computing device, according to an embodiment of the invention. It should be noted that the computing device shown in fig. 5 is only an example, and in practice, the computing device for implementing the method of the present invention may be any type of device, and the hardware configuration may be the same as that of the computing device shown in fig. 5 or different from that of the computing device shown in fig. 5. Hardware components of a computing device for practicing the methods of the present invention may be added or deleted from those shown in FIG. 5 in practice. The present invention is not limited to the specific hardware configuration of the computing device.
As shown in fig. 5, the apparatus may include: a processor 510, a memory 520, an input/output interface 530, a communication interface 540, and a bus 550. Wherein processor 510, memory 520, input/output interface 530, and communication interface 540 are communicatively coupled to each other within the device via bus 550.
The processor 510 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present specification.
The Memory 520 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static storage device, a dynamic storage device, or the like. The memory 520 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 520 and called by the processor 510 for execution.
The input/output interface 530 is used for connecting an input/output module to realize information input and output. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 540 is used for connecting a communication module (not shown in the figure) to implement communication interaction between the present device and other devices. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, bluetooth and the like).
Bus 550 includes a pathway to transfer information between various components of the device, such as processor 510, memory 520, input/output interface 530, and communication interface 540.
It should be noted that although the above-mentioned device only shows the processor 510, the memory 520, the input/output interface 530, the communication interface 540 and the bus 550, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
Embodiments of the present invention also provide a non-transitory readable storage medium storing instructions for causing a computing device to perform a method according to embodiments of the present invention. The readable media of the present embodiments include permanent and non-permanent, removable and non-removable media, and the storage of information may be accomplished by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of readable storage media include, but are not limited to: phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic tape cassettes, magnetic tape disk storage, and the like.
In the description provided herein, algorithms and displays are not inherently related to any particular computer, virtual system, or other apparatus. Various general purpose systems may also be used with examples of this invention. The required structure for constructing such a system is apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose preferred embodiments of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. It will be appreciated by the person skilled in the art that the modules or units or components of the devices in the examples disclosed herein may be arranged in a device as described in this embodiment, or alternatively may be located in one or more devices different from the devices in this example. The modules in the foregoing examples may be combined into one module or may be further divided into multiple sub-modules.
Those skilled in the art will appreciate that the modules in the device of an embodiment may be adaptively changed and provided in one or more devices different from the embodiment. The modules or units or components in the embodiments may be combined into one module or unit or component, and furthermore, they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than others, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. Furthermore, some of the described implementations are described herein as methods or combinations of method elements that can be performed by a processor of a computer system or by other means for performing the described functions. A processor having the necessary instructions for carrying out the method or method elements thus forms a means for carrying out the method or method elements.
As used herein, unless otherwise specified the use of the ordinal adjectives "first", "second", "third", etc., to describe a common object, merely indicate that different instances of like objects are being referred to, and are not intended to imply that the objects so described must be in a given sequence, either temporally, spatially, in ranking, or in any other manner.
While the invention has been described with respect to a limited number of embodiments, those skilled in the art, having benefit of this description, will appreciate that other embodiments can be devised which do not depart from the scope of the invention as disclosed herein. Furthermore, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the inventive subject matter.

Claims (11)

1. A scene mode management apparatus comprising:
the scene mode management module is used for providing a management interface of a scene mode, and the scene mode comprises a plurality of preset modes;
the configuration file management module is used for analyzing and modifying a scene configuration file, and the scene configuration file is used for describing the system directories to be isolated corresponding to the preset modes;
the pluggable authentication module is used for carrying out password authentication on a user password based on an accessed authentication mode when a user logs in an operating system, reading a system directory to be isolated corresponding to a current scene mode from a scene configuration file in response to the starting of a user session under the condition that the scene mode is enabled after the password authentication is passed, creating a corresponding name space, and mounting the system directory to be isolated corresponding to the current scene mode into the created name space to realize isolation.
2. The scene mode management device according to claim 1, wherein the system directory to be isolated includes one or more system directories in number.
3. The scene mode management device according to claim 1 or 2, wherein the system directory to be isolated includes at least one of the following system directories:
a home directory; an installed application system catalog; a network configuration system directory; and a firewall system directory.
4. The scene mode management device according to claim 1 or 2, wherein the plurality of preset modes include at least one of:
an old age mode in which applications outside the first application white list are prohibited from being used, application installation and uninstallation functions are prohibited, a firewall is configured, and access to malicious websites is denied;
a teenager mode in which applications outside the second application white list are prohibited from being used, application installation and uninstallation functions are prohibited, a firewall is configured, and access to a malicious website is denied;
a working mode, in which VPN connection is enabled by default and the connection state of the VPN is monitored, if the offline duration of the VPN exceeds a preset value, an operating system is cancelled, a firewall is configured and access to a game website and a malicious website is forbidden;
an entertainment mode in which display enhancement and high performance modes are turned on by default; and
a maintenance mode for data isolation at user equipment maintenance.
5. The scene mode management apparatus according to claim 1 or 2, further comprising:
the password verification module is used for requesting a user to set a password when the scene mode management device is started for the first time and receiving the password set by the user as an initial password; and responding to a scene mode switching request of a user, prompting the user to input a password, and carrying out identity verification on the password input by the user based on the initial password so as to allow the user to use the management interface to carry out scene mode management under the condition that the password input by the user passes the identity verification.
6. The scene mode management device according to claim 1 or 2, wherein the scene mode management interface includes an enabling interface and a switching interface for enabling and switching the scene mode, and the switching interface allows use only in case that the user inputs a password through authentication.
7. An initialization method performed by the scene mode management apparatus according to any one of claims 1 to 6, the initialization method comprising:
when the scene mode management device is started for the first time, requesting a user to set a password, and receiving the password set by the user as an initial password;
obtaining a corresponding initial password abstract according to the initial password;
and storing the initial password abstract and starting a scene mode switching function.
8. A scene mode switching method performed by the scene mode management apparatus of any one of claims 1 to 6, the scene mode switching method comprising:
responding to a scene mode switching request of a user, prompting the user to input a password, and receiving the password input by the user;
obtaining a corresponding user password abstract according to a password input by a user;
verifying the user password abstract according to the initial password abstract;
if the user password abstract is consistent with the initial password abstract, the user password abstract passes the verification, and the scene mode switching request of the user is allowed;
and if the user password abstract is inconsistent with the initial password abstract, the verification fails, and the scene mode switching request of the user is refused.
9. A user login method performed by the scene mode management apparatus according to any one of claims 1 to 6, the user login method comprising:
prompting the user to input a password in response to a system login request of the user;
receiving a password input by a user, and performing summary calculation on the password to obtain a corresponding password summary;
performing password verification by using the password abstract;
if the password is not verified, rejecting the system login request of the user;
if the password passes the verification, allowing a system login request of a user, starting and creating a session, reading a scene configuration file to obtain a corresponding system directory to be isolated, creating a name space, and mounting the system directory to be isolated into the name space to realize isolation.
10. A computing device, comprising:
at least one processor and a memory storing program instructions;
the program instructions, when read and executed by the processor, cause the computing device to perform any one of the initialization method of claim 7, the scene mode switching method of claim 8, and the user login method of claim 9.
11. A readable storage medium storing program instructions that, when read and executed by a computing device, cause the computing device to perform any one of the initialization method of claim 7, the scene mode switching method of claim 8, and the user login method of claim 9.
CN202211112977.3A 2022-09-14 2022-09-14 Scene mode management device, initialization method, and scene mode switching method Active CN115203754B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211112977.3A CN115203754B (en) 2022-09-14 2022-09-14 Scene mode management device, initialization method, and scene mode switching method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211112977.3A CN115203754B (en) 2022-09-14 2022-09-14 Scene mode management device, initialization method, and scene mode switching method

Publications (2)

Publication Number Publication Date
CN115203754A CN115203754A (en) 2022-10-18
CN115203754B true CN115203754B (en) 2022-12-02

Family

ID=83572779

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211112977.3A Active CN115203754B (en) 2022-09-14 2022-09-14 Scene mode management device, initialization method, and scene mode switching method

Country Status (1)

Country Link
CN (1) CN115203754B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115951947A (en) * 2022-12-23 2023-04-11 企知道网络技术有限公司 Information interaction method and device and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104618584A (en) * 2015-01-09 2015-05-13 深圳市前海富达科技有限公司 Method and system for switching intelligent terminal safe work mode
CN106156575A (en) * 2015-04-16 2016-11-23 中兴通讯股份有限公司 A kind of user interface control method and terminal
CN113176899A (en) * 2021-03-15 2021-07-27 西安神鸟软件科技有限公司 Operation method of multi-android operating system and terminal equipment
CN114047925A (en) * 2021-11-24 2022-02-15 北京天融信网络安全技术有限公司 Method, device, equipment and storage medium for constructing isolated compiling environment

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8261361B2 (en) * 2009-03-11 2012-09-04 Microsoft Corporation Enabling sharing of mobile communication device
US10296595B2 (en) * 2014-05-12 2019-05-21 Ctera Networks, Ltd. Multi-level namespace management system and method thereof for hybrid cloud storage systems
US9990505B2 (en) * 2014-08-12 2018-06-05 Redwall Technologies, Llc Temporally isolating data accessed by a computing device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104618584A (en) * 2015-01-09 2015-05-13 深圳市前海富达科技有限公司 Method and system for switching intelligent terminal safe work mode
CN106156575A (en) * 2015-04-16 2016-11-23 中兴通讯股份有限公司 A kind of user interface control method and terminal
CN113176899A (en) * 2021-03-15 2021-07-27 西安神鸟软件科技有限公司 Operation method of multi-android operating system and terminal equipment
CN114047925A (en) * 2021-11-24 2022-02-15 北京天融信网络安全技术有限公司 Method, device, equipment and storage medium for constructing isolated compiling environment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
系统安全隔离技术研究综述;郑显义等;《计算机学报》;20170531;第40卷(第05期);全文 *

Also Published As

Publication number Publication date
CN115203754A (en) 2022-10-18

Similar Documents

Publication Publication Date Title
US11012455B2 (en) Modifying a user session lifecycle in a cloud broker environment
US10375111B2 (en) Anonymous containers
US20200228622A1 (en) Dynamic Runtime Interface for Device Management
EP3731120B1 (en) Wrapping unmanaged applications on a mobile device
EP3370449B1 (en) Method and device for configuring security indication information
EP3467692A1 (en) Message permission management method and device, and storage medium
US8484625B2 (en) Method and apparatus to vet an executable program using a model
US11902268B2 (en) Secure gateway onboarding via mobile devices for internet of things device management
EP3179697A1 (en) Validating the identity of a mobile application for mobile application management
US10757079B2 (en) Method and system for controlling remote session on computer systems using a virtual channel
US10216943B2 (en) Dynamic security questions in electronic account management
US11201889B2 (en) Security device selection based on secure content detection
US20090327911A1 (en) Method and system for customizing access to a resource
GB2391655A (en) Mobile wireless device with protected file system
CN115203754B (en) Scene mode management device, initialization method, and scene mode switching method
CN112328938B (en) Web application permission control method and device
US7596694B1 (en) System and method for safely executing downloaded code on a computer system
CN114691157A (en) Cloud-based FPGA management control system and method and electronic equipment
CN115333828A (en) Web access security encryption verification method and equipment based on UKEY hardware
CN111966422A (en) Localized plug-in service method and device, electronic equipment and storage medium
CN112560006B (en) Single sign-on method and system under multi-application system
CN116723029A (en) Access control method, device, equipment and storage medium
US9143510B2 (en) Secure identification of intranet network
US11531784B1 (en) System and method for protecting browser data
US11368459B2 (en) Providing isolated containers for user request processing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant