CN115600236A - Access control method and device, equipment and storage medium - Google Patents

Access control method and device, equipment and storage medium Download PDF

Info

Publication number
CN115600236A
CN115600236A CN202110778214.1A CN202110778214A CN115600236A CN 115600236 A CN115600236 A CN 115600236A CN 202110778214 A CN202110778214 A CN 202110778214A CN 115600236 A CN115600236 A CN 115600236A
Authority
CN
China
Prior art keywords
authentication
access
account
identity
cross
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110778214.1A
Other languages
Chinese (zh)
Inventor
陈刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN202110778214.1A priority Critical patent/CN115600236A/en
Priority to PCT/CN2022/101766 priority patent/WO2023280009A1/en
Publication of CN115600236A publication Critical patent/CN115600236A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2137Time limited access, e.g. to a computer or data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

An embodiment of the application provides an access control method, an access control device, an access control apparatus, and a storage medium, including: when cross-device media data is requested to be accessed, if the first device is determined to exceed the authentication timeliness currently, the current user is authenticated secondarily, and the authentication timeliness is updated after the secondary authentication is passed; and after the secondary authentication is passed, acquiring access authority according to the authentication account passing the secondary authentication, and accessing the target media data of the target equipment in a cross-equipment manner based on the access authority. The secondary authentication interface can be pulled up in real time as required according to the access time of the access user, and the user can access the target media data after passing the secondary authentication, so that the privacy and the safety of the media data stored on the equipment logged in by the same account are ensured, and the user experience is improved.

Description

Access control method and device, equipment and storage medium
Technical Field
The present application relates to the field of terminal technologies, and in particular, to an access control method and apparatus, a device, and a storage medium.
Background
The super terminal supports functions of distributed file searching, distributed file browsing, distributed file editing and the like. Fig. 1a is a schematic diagram of a super terminal performing distributed file global search in the prior art, as shown in fig. 1a, a user may input a keyword "examination data" in a file search box, and a search result may include a file corresponding to the super terminal and a file stored in other devices under the same account. In some application scenarios, the super terminal may be a sharing device, the sharing device may be a terminal that has no password or can be unlocked by multiple people, and a login account of the sharing device is the same as a login account of another device or multiple devices, so that a person using the sharing device can view media data stored in a private device that logs in with the sharing device through the sharing device with the same account, and privacy and security of data stored in the private device are difficult to guarantee, thereby reducing user experience.
Disclosure of Invention
The embodiment of the invention provides an access control method, an access control device and a storage medium, through the method, a secondary authentication interface can be pulled up in real time according to the access time of an access user, and the user can access target media data only after passing secondary authentication, so that the privacy and the safety of the media data stored on equipment logged in by the same account are ensured, and the user experience is improved.
In a first aspect, an embodiment of the present application provides a cross-device access control method, executed on a first device, where the method includes: when cross-device media data is requested to be accessed, if the first device is determined to exceed the authentication timeliness currently, the current user is authenticated secondarily, and the authentication timeliness is updated after the secondary authentication is passed; and sending cross-device access request information to the second device after the secondary authentication is passed, wherein the cross-device access request information comprises an authentication account passing the secondary authentication, so that a first access right is obtained through the authentication account, and the cross-device access to the target media data stored in the second device is performed based on the first access right.
Further, the determining that the first device has currently exceeded the authentication age comprises: determining whether the first device is currently within an authentication age of a last authentication, wherein the last authentication comprises a first authentication or the second authentication, and the first authentication comprises a screen unlocking authentication.
Further, if it is determined that the first device currently exceeds the authentication aging, performing secondary authentication on the current user includes: if the first equipment is determined to exceed the authentication timeliness currently and the second access authority corresponding to the authentication identity is determined to fail to access, performing secondary authentication on the current user, and updating the authentication timeliness after the secondary authentication is passed; and after the secondary authentication is passed, acquiring a first access right according to the authentication account passing the secondary authentication, and accessing the target media data stored in the second equipment in a cross-equipment mode based on the access right.
Further, before the determining that the access based on the second access right corresponding to the authentication identity fails, after the determining that the first device has exceeded the authentication aging, the method further includes: sending cross-device access request information to second equipment, wherein the cross-device access request information comprises an authentication identity, so that a second access right is obtained through the authentication identity, cross-device access is performed on target media data stored in the second equipment based on the second access right, and whether the target media data stored in the second equipment is successfully accessed or not is determined.
Further, before obtaining the second access right by authenticating the identity, the method further includes: and marking the identity which passes the last authentication as the authentication identity.
Further, the marking the authenticated identity as the authentication identity comprises: and acquiring the identity information of the current user in an authentication stage, and marking the identity passing the authentication as the authentication identity matched with the identity information of the current user.
Further, after the step of marking the identity passing the last authentication as the authentication identity, the method further comprises the steps of: and if a screen locking event is monitored, clearing the authentication timeliness and the authentication identity identification.
Further, the determining whether the target media data stored in the second device is successfully accessed comprises: acquiring an authentication result sent by the second equipment, and determining whether the access is successful according to the authentication result; wherein, if the access fails, the authentication result comprises: prompt information of access failure and reason of access failure.
In a second aspect, a further embodiment of the present application provides an access control method, executed on a second device, including: acquiring cross-device access request information sent by first equipment, and if the cross-device access request information comprises an authentication account passing the secondary authentication, performing access authentication on the authentication account to determine a file or a folder accessible to the authentication account and operation authority of the file or the folder; when it is determined that a target file requested to be accessed by first equipment exceeds the access right of an account corresponding to account information sent by the first equipment, authentication fails, and an access result of the first equipment is fed back to the first equipment according to the authentication result.
Further, before the first device performs cross-device access to the second device, the method further includes: configuring a device account and a user identity which can access media data of the second device to obtain one or more authorized accounts and one or more authorized identity identifications; and configuring media data accessible by the authorization account and the authorization identity, and configuring operation permission of the authorization account and the authorization identity to the accessible media data, wherein the operation permission comprises read-only permission or read-write permission.
Further, the configuring media data accessible to the authorized account includes: performing accessible authority configuration by taking single media data as granularity; or performing accessible authority configuration by taking the media data group as granularity; wherein, the single media data is a single file, and the media data group is a single folder.
Further, if the cross-device access request information includes an authentication identity, performing access authentication on the authentication account to determine a file or a folder accessible to the authentication identity and an operation authority of the file or the folder; when it is determined that the target file requested to be accessed by the first device exceeds the access right of the account corresponding to the account information sent by the first device, authentication fails, and the access result of the first device is fed back to the first device according to the authentication result.
In a third aspect, a further embodiment of the present application provides an access control apparatus, including: a processor and a memory for storing at least one instruction which is loaded and executed by the processor to implement the cross device access control method provided by the first aspect or the access control method provided by the second aspect. In one embodiment, the access control device may be a component (e.g., a chip) of the apparatus.
In a fourth aspect, a further embodiment of the present application further provides an apparatus, which may include an apparatus body and the access control device provided in the fourth aspect.
In a fifth aspect, a further embodiment of the present application further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the cross-device access control method provided by the first aspect or the access control method provided by the second aspect.
By the technical scheme, whether secondary authentication is needed or not can be determined when cross-device media data are accessed, wherein the security risk that public devices access distributed device media resources is solved through the secondary authentication.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1a is a diagram illustrating a distributed file global search performed by a super terminal in the prior art;
FIG. 1b is a schematic diagram of security risk of device data in a home scenario in the prior art;
FIG. 1c is a diagram illustrating the delivery of a shared file by air in the prior art;
FIG. 2 is a schematic diagram of a distributed architecture according to an embodiment of the present application;
FIG. 3 is a flow diagram for accessing media data across devices as provided by one embodiment of the present application;
FIG. 4a is a flow chart of personal device authorization provided by yet another embodiment of the present application;
FIG. 4b is a flowchart of a cross-device access control method according to yet another embodiment of the present application;
FIG. 4c is a flowchart of a secondary authentication process according to yet another embodiment of the present application;
FIG. 4d is a schematic illustration of authentication aging provided by an embodiment of the present application;
FIG. 4e is a flowchart of a cross device access control method according to yet another embodiment of the present application;
FIG. 4f is a schematic diagram illustrating authentication of an identity tag according to an embodiment of the present application;
fig. 4g is a schematic diagram of secondary authentication after authentication identity acquisition and authorization failure according to an embodiment of the present application;
fig. 5 is a flowchart of a cross-device access control apparatus according to still another embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the prior art, a super terminal may be composed of terminal devices logged in by using the same account, and the super terminal may include several sharing devices and several personal devices. A person who can use the sharing device (e.g., can unlock the sharing device) can perform operations such as distributed file search, distributed file browsing, distributed file editing, and the like on other personal devices logged in by using the same account through the sharing device, and the privacy and security of media data stored in the personal devices are violated.
Fig. 1b is a schematic diagram illustrating security risks of device data in a family scenario in the prior art, as shown in fig. 1b, the scenario may include a shared device logged in by using an account a and a personal device logged in by using the account a (logged in by using the same account). The shared device may be a large screen and/or a tablet computer (PAD), and the personal device may be a private terminal such as a mobile phone.
Media data stored in a personal device logged in using account a may currently be accessed through the media library of the shared device.
In some scenarios, family members may include: grandpa, grand, mom, child. The device such as a tablet computer and a large screen in a family usually logs in an account of a family member (e.g., dad), and the whole family member uses the device together, and the login account of the device such as the tablet computer and the large screen is rarely switched. When a non-account corresponding user (dad) uses a sharing device, the non-account corresponding user may perform distributed file query through the sharing device and query an important file in a personal device of the account corresponding user (dad), and a problem that data in the personal device (mobile phone) of the account corresponding user (dad) is damaged and lost due to misoperation may occur.
Therefore, in a family scene, family members can access personal equipment logged in by using the same account through shared equipment, and the hidden data privacy danger and the hidden data safety danger of the equipment under the same account exist.
A sharing device and a private terminal connectable to the sharing device may also be included in an office scenario. The shared device can be a conference large screen, a personal account of a secretary of a certain department is usually logged in by the conference large screen, the personal device of the secretary also logs in through the personal account, the conference large screen is used by all colleagues in a department together, the login accounts are rarely switched by the conference large screen, and as the login account of a private terminal of the department secretary is the same as the login account of the conference large screen, the private terminal can be a mobile phone or a personal computer of each member in the department, in the process of using the shared device to hold a department conference, if a staff using the shared device performs file search operation on the shared device, related files stored in the private terminal of the department secretary logged in the same account can be found in a search result, and private data stored in the private terminal of the department secretary can be leaked.
Therefore, in an office scene, data privacy and data security risks of devices under the same account exist.
It should be noted that, in the prior art, only the terminal devices that support logging in the same account form a super terminal (distributed), however, two devices that log in through different accounts cannot perform cross-device access to media data of the other device.
In the prior art, if it is desired to implement cross-device access data between devices logging in different accounts or cross-device sharing data between devices logging in different accounts, the following non-distributed schemes are included:
1. cloud scheme
Since devices logged in to different accounts cannot directly access across devices, that is, a sharing device logged in to the account a cannot directly access media data of a personal device logged in to the account B. The shared device needs to open a cloud album function to realize cross-device access, specifically, the shared device logs in a cloud account before the cross-device access, performs transfer through the cloud to realize the cross-device access of media data, and can close the cloud album function after the access is finished.
2. Screen projection scheme
Can be through sweeping modes such as sign indicating number or input identifying code, with user's personal device screen projection on public equipment, after the sharing, disconnection, clear connection relation. If the user needs to share the screen again, the user needs to scan the code again or input the verification code for screen projection.
3. Air-isolated delivery
FIG. 1c is a schematic diagram of delivering a shared file through air-break in the prior art, as shown in FIG. 1c, after a user opens a file A to be delivered, the user can click a "share" button; or long pressing the control for a certain time (such as long pressing 2 s) in the access to select the file A to be shared, and then selecting the share from the shortcut key tragedy. And then, selecting 'air delivery' from the listed sharing options, and selecting a corresponding receiver (target user) from the list of 'air delivery', thereby completing the cross-device data sharing.
In the above non-distributed schemes, the cloud is relied on for the transfer, and the operation steps of the user are complicated, so that the user experience is not strong.
Based on the above problem, an embodiment of the present application provides an access control method, where before a user accesses media data in a personal device that logs in to a same account or a personal device that logs in to an authorized account through a shared device, when it is determined that current state information meets a trigger authentication condition, a current user of the shared device is secondarily authenticated, so as to ensure privacy and security of the media data in the accessed personal device.
Fig. 2 is a schematic diagram of a distributed architecture according to an embodiment of the present application, and as shown in fig. 2, the distributed architecture may include a shared device 21 and a personal device group 22. The personal device group can include personal devices logged in through the same account and personal devices logged in through different accounts, wherein the shared device can log in to a corresponding account of any one of the personal devices in the personal device group, and the shared device can be one or more devices which have no password or can be unlocked by multiple persons. For example, as shown in fig. 2, the sharing device 21 may be a large-screen device, and the personal device group 22 may include a mobile phone, a tablet computer, and a notebook computer. The mobile phone and the tablet computer log in by using an account A, the notebook computer logs in an account B, and the large-screen device and the mobile phone and the tablet computer log in by using the same account (account A). The distributed architecture of the embodiment shown in fig. 2 is an implementation manner in the present application, and is not limited thereto. Other implementations are also possible, for example, both the large screen and the tablet pc are used as the shared device 21, the personal device group 22 may include multiple mobile phones, and login accounts of the mobile phones are different, and the large screen or the tablet pc logs in an account of one of the multiple mobile phones, or logs in corresponding accounts of devices other than the personal device group 22. That is, the number of shared devices and the login account are not limited, and the number of personal devices and the login account are not limited. In other words, the terminal devices supporting login of different accounts form a super terminal.
Fig. 3 is a flowchart of cross-device access to media data according to yet another embodiment of the present application, and as shown in fig. 3, authorized media data in a device that logs in an authorized account can be accessed through a sharing device. The authorized account may include the same account and/or a different account from the account on which the shared device logs in, that is, the accessed device (target device) may authorize the device that it finds (compared to the login account of the device, the device that logs in the same account and/or the device that logs in a different account), and the authorized device may access the authorized media data in the accessed device (target device) across devices. The authorized media data may include media data of different granularities authorized to be accessible in the target device (accessed device), and the media data may include document data, image data, video data, and the like.
As shown in fig. 3, when the super terminal (first device) currently serving as the access device performs cross-device access to the super terminal (second device) currently serving as the accessed device, an access request needs to be issued through the Media Library of the access device, and the Media Library of the accessed device can authenticate the cross-device access request of the access device, so the Media Library (Media Library) serves as a globally unique access control point of the super terminal. In particular, the media library of the personal device may authorize access to devices in the distributed architecture, i.e., devices that authorize login to set accounts may access authorized media data stored locally (by the personal device). When a user uses other devices (such as a shared device) to access a personal device across devices, the user first unlocks the shared device (unlocks a screen) to complete first authentication. Further, the user performs an operation request on a cross-device access interface of the sharing device to access the media data of the target personal device, the media library of the sharing device performs secondary authentication, and the authorized accessible media data of the target personal device can only be accessed after the secondary authentication is passed.
The specific operation of sending the cross-device access request includes: the application in the sharing device of the login account a sends cross-device access request information to the media library of the sharing device, where the cross-device access request information may include target device information and target media data information, for example, the target device information is a personal device of the login account B, and the target media data information is an album in the personal device. If a plurality of personal devices of the login account B exist, the identification information of the target device may be carried in the cross-device access request information, so as to accurately indicate the target device that the user wants to access.
After receiving cross-device access request information sent by an application, a media library of the sharing device can determine whether secondary authentication is needed currently, if the secondary authentication is not needed, the media library of the sharing device initiates connection to a target device through a communication bus, and after the connection is successful, cross-device access request information is sent to the target device through the communication bus, wherein the cross-device access request information can carry an authentication result of the latest authentication. If the secondary authentication is needed, the media library of the sharing device starts the secondary authentication, after the authentication is successful, the media library of the sharing device initiates connection to the target device through the communication bus, and after the connection is successful, cross-device access request information is sent to the target device through the communication bus, wherein the cross-device access request information can carry an authentication result of the current secondary authentication.
The authentication result carried in the cross-device access request information may include authentication account information.
After the target device receives cross-device access request information sent by the shared device through the communication bus, the media library of the target device can determine whether the corresponding account has access permission according to authentication account information in the cross-device access request information, and if the corresponding account has access permission, specific permission of the account corresponding to the authentication account information is further determined. And then the media library of the target device can send the specific authority of the account corresponding to the acquired authentication account information to the distributed file system of the target device, and the distributed file system of the target device provides corresponding access service for the sharing device according to the specific authority.
If the media library of the target device can determine that the corresponding account does not have the access right according to the authentication account information in the cross-device access request information, the media library of the target device can feed back the authentication result to the sharing device through the communication bus. Specifically, the account does not have access right, which may include that the account does not have access right for any media data of the target device, or that the account does not have access right for the target media data information that is desired to be accessed this time.
In an embodiment, when the media library of the target device determines that the sharing device has the access right, the target media data that the sharing device wants to access at this time may be further transmitted to the sharing device through the communication bus, so that the sharing device caches the target media data in the distributed file system of the sharing device, and if the sharing device accesses the target media data again within the effective caching time period, the target media data cached in the distributed file system of the sharing device may be directly accessed without performing cross-device access again.
The personal device may perform access authorization on devices in the distributed architecture in advance, where the authorization operation may include authorizing a login account (i.e., an account that the authorized device logs in) that may access the local media data, authorizing a local application (system application, three-party application) that the corresponding device (device logging in the authorization account) may be accessed, and authorizing an operation right (read only, read and write) of the corresponding device (device logging in the authorization account) on the local media data.
Fig. 4a is a flowchart of a personal device authorization method according to still another embodiment of the present application, as shown in fig. 3, the media data sharing rights can be configured through a media library of the personal device. The configuration mode of the media sharing authority can comprise batch configuration and single configuration.
In a batch configuration mode, sharing permission configuration can be performed on one or more groups of media data, where the group of media data may be data stored in a target folder. That is, sharing authority configuration can be performed on one folder.
In a single configuration mode, sharing authority configuration can be performed in a single media data granularity, where the single media data granularity may be a certain picture, a current video, a certain text file, or the like. That is, sharing authority configuration can be performed on a certain picture, a current video or a certain text file.
In either a batch configuration or a single configuration, in one embodiment, at least the account number that can access the target media data (folder or single granularity file) is configured. For example, the login account included in the device group under the distributed architecture comprises account A, account B and account C \8230. An account that can access local media data in the multiple accounts may be configured through a media library of the personal device, and specifically, for the multiple accounts, a target account (such as an account a and an account B) may be used as an authorized account, and then, a device corresponding to the login account a or the login account B may perform cross-device access to the device.
In one embodiment, some users (e.g., elderly people and children in the home) do not have their own accounts, but such users may use the shared device for cross-device access to other devices. In order to implement cross-device access authorization for the user, access rights of the identity identifier of the user may be configured through a media library of the personal device, so as to obtain a corresponding authorized identity identifier, for example, the user having the authorized identity identifier may be configured to only access sharable data in local media data, where the sharable data may be a shared contact in a shared album, a shared video in a video application, or an address book. It should be noted that the sharing authority of the shared data can be configured in advance.
For example, in a family scenario, the tablet logs in to the account registered for "dad" in family members using account a, and both "mom" and "child" in family members can unlock the tablet. If the tablet computer identifies the current user information "child" in the unlocking stage, and marks the "child" identity as an authentication identity ("child" identity) after the user passes the unlocking authentication.
In other embodiments, an application accessible to the device that logs into the authorized account may also be configured. The personal device is provided with a plurality of system applications (such as photo albums, memorandum and the like) and a plurality of three-party applications (such as video APPs, music APPs, web lessons APPs, WPSs and the like). An application accessible to the device that logs into the authorized account may be configured via the media library of the personal device.
In other embodiments, the device for logging in the authorized account can also be configured to operate the authority to access the media data. Wherein, the operation authority comprises read-only and read-write.
In some embodiments, different permissions may be configured for different accounts. That is, when a device logging in a different account accesses a certain personal device, the accessible media data may be different, and the operation authority for the media data may be different. For example, under a distributed architecture, when accessing a device of a login account C, a device logged in by using an account a and a device of a login account B may access data in a system application in the login account C, and the device of the login account B may access data in the system application in the login account C and part of data of a three-party application according to different permissions configured by the device of the login account C for the account a and the account B.
In some embodiments, different permissions may also be configured for different users using the same account device. That is, a user using a logged-on, co-account device may have different media data accessible when accessing a personal device logged-on to the same account. For example, a user x (old people or children) can access a personal device (daddy mobile phone) logged in by using an account a by using a sharing device (a large screen or a tablet computer) logged in by using the account a, and in order to ensure privacy and security of data in the personal device (daddy mobile phone) logged in by using the account a, access permissions of the user (each family member) of the sharing device (a large screen or a tablet computer) logged in by using the account a on the personal device (daddy mobile phone) logged in by using the account a can be configured. The current user identity can be identified when a user of the shared device logged in by using the account A unlocks the device, and then the corresponding cross-device access authority can be determined according to the user identity obtained by unlocking when the user performs cross-device access.
Fig. 4b is a flowchart of a cross-device access control method according to an embodiment of the present application, and as shown in fig. 4b, the cross-device access control method may include the following steps:
step 301: when device a requests access to cross-device media data, the media library of device a may determine whether device a is currently within an authentication lifetime, if so, perform step 302, and if so, perform step 303.
Step 302: and the media library of the device A acquires the access right through the authentication account, and accesses the target cross-device media data based on the access right.
Step 303: the media library of device a performs a secondary authentication, updates the authentication age after the secondary authentication is passed, and performs step 302 after the secondary authentication is passed.
Fig. 4c is a flowchart of secondary authentication according to yet another embodiment of the present application, and as shown in fig. 4c, in a device group under a distributed architecture, a device a serves as an access device, and a device B serves as an accessed device. The device a and the device B may be devices that log in the same account, or devices that log in different accounts. In this case (the devices a and B are devices logging in the same account or devices logging in different accounts), the device a may be a sharing device or a personal device, and the device B is configured with local media data sharing rights in advance.
The user first unlocks the device a (unlock screen) to complete the first authentication, which may include but is not limited to scanning a code, a password, swiping a face, a fingerprint, a voice, and other authentication manners. Wherein, the identity information of the user of the unlocking device a can be determined through the first authentication operation. And after the user passes the first authentication (unlocking the screen), acquiring and storing authentication account information.
In order to ensure privacy and security of media data of an accessed device (device B), the embodiment of the present application provides an authentication operation of secondary authentication, and specifically, after an application of device a accesses cross-device media data (media data of device B) by calling a media library interface, a media library may determine whether secondary authentication is currently required, and cross-device access can be performed only after the current authentication is valid or passes.
In the embodiment shown in fig. 4b, the step 301 of determining whether the secondary authentication is required may specifically be included. In an implementation of step 301, it may be determined whether it is currently within the authentication age. FIG. 4d is a schematic diagram of authentication aging according to an embodiment of the present application, as shown in FIG. 4d, in one scenario, device A is at t 0 The unlocking is successful at time t, i.e. at 0 The user first authentication operation is completed at the moment, and the user in use is confirmed to be the owner (i.e., dad among the family members) at the time of first authentication. t is t 0 Time to t e The moment is the authentication valid period (t) of the first authentication of the user 0 ~t e ). Further, it may be determined whether the time at which device a requests media data to access device B across devices is within the authentication validity period (t) described above 0 ~t e ) Inner; in another scenario, device a has performed one or more secondary authentications, and further, it may be determined whether the time when device a requests access to media data of device B across devices is within an authentication validity period (t) of the secondary authentication 0 ~t e ) And (4) the following steps. It should be noted that, the time lengths of the authentication valid period of the first authentication and the authentication valid period of the second authentication may be the same or different. According to whether the authentication is in the valid period (t) 0 ~t e ) If the determined result is within the valid authentication period (t) 0 ~t e ) If the authentication is determined to be within the authentication validity period, the device a can access the authorized media data of the device B to the device a within the authentication validity period without performing secondary authentication.
In a specific implementation of step 302, as shown in fig. 3, the media library of device a may initiate a connection to device B through the communication bus within the authentication period, and send a cross-device access request (distributed access request) to device B, where the cross-device access request (distributed access request) may include authentication account information that may prove that device a is currently within the authentication period. After receiving a cross-device access request (distributed access request) sent by a device a, a media library of the device B may query access permissions of corresponding accounts (if a current user is considered as an owner, and the corresponding account information is a login account of the device a) in the device B according to authentication account information in the cross-device access request (distributed access request), and the media library of the device B feeds back the queried access permission information to a distributed file system of the device B, so that the distributed file system of the device B may provide corresponding cross-device access services for the device a to access corresponding authorized media data in the device B according to the access permissions of the login account of the device a in the device B.
For example, as shown in FIGS. 3, 4c, and 4d, device A is at t 1 Requesting cross-device access to device B's media data at a time, device A's media library determines t 1 The moment is in the authentication valid period (t) 0 ~t e ) And if the judgment is that the secondary authentication is not needed, initiating connection to the equipment B through a communication bus by the equipment A, and sending access request information for accessing the album of the equipment B to the equipment B after the connection is successful, wherein the access request information can comprise authentication account information of the equipment A. The media library of the device B may perform access authentication according to the authentication account corresponding to the authentication account information in the distributed file access information sent by the device a, and feed back an authentication result to the distributed file system of the device B. The authentication process of the media library of the device B comprises the following steps: and determining whether the media data requested to be accessed by the device A is within the access authority of the authentication account corresponding to the authentication account information in the distributed file access information sent by the device A, if so, passing the authentication, and if so, failing the authentication. Specifically, if the authentication account of the device a can access the album and the memo of the device B, and the authentication account of the device a only has read-only operation permission for the album and the memo of the device B, and the target media file to be accessed of the device a is the album, the authentication is passed, the device B media library feeds back the authentication result to the distributed file system of the device B, where the authentication result may include that the authentication account corresponding to the authentication account information in the distributed file access information sent by the device a passes the authentication, and the access permission of the authentication account includes that the authentication account of the device a can access the album and the memo of the device B, and the authentication account of the device a can access the album and the memo of the device BAnd the authentication account of the device A only has read-only operation right for the album and the memorandum of the device B. The distributed file system of device B may allow device a to read only device B's albums.
In the implementation of step 303, if the media library of device a determines that the time when device a requests cross-device access to media data of device B exceeds the authentication validity period (t) 0 ~t e ) The media library of device a may then perform a secondary authentication, determining that the authentication age of the previous authentication (primary or secondary) has been exceeded. The authentication method of the secondary authentication may include, but is not limited to, a code scanning, a password, a face brushing, a fingerprint, a voice, and other authentication methods. After the user passes the secondary authentication, the media library of the device a may update the authentication validity, and the media library of the device a may initiate a connection to the device B through the communication bus, and send a cross-device access request (distributed access request) to the device B, where the cross-device access request (distributed access request) may include an authentication result that may prove that the device a passes the secondary authentication, and the authentication result includes account information of the device a that passes the authentication this time. The account information passing the authentication this time may be the identity account information of the user currently using the device a. After the second authentication is passed, the authentication account aging may be updated, and after the second authentication is passed, step 302 is performed, that is, access rights are acquired through the authentication account, and the target media data of device B is accessed based on the access rights.
After receiving a cross-device access request (distributed access request) sent by a device a, a media library of the device B may perform access authentication according to an authentication result in the cross-device access request (distributed access request) to query an access right of a corresponding account (account information passing authentication this time) in the device B, and the media library of the device B feeds back the queried access right information to a distributed file system of the device B, so that the distributed file system of the device B may authorize the device a to access corresponding authorized media data in the device B according to the access right of the account information passing authentication this time in the device B.
For example, as shown in FIGS. 3, 4c and 4d, device A is att 2 Requesting cross-device access to device B's media data at a time, device A's media library determines t 2 The moment has exceeded the authentication validity period (t) 0 ~t e ) The media library of device a determines that the user needs to perform secondary authentication, and can perform cross-device access only after the authentication is passed. Specifically, the device a may perform fingerprint identification authentication on a current user, after the user passes the fingerprint identification authentication, the device a initiates connection to the device B through the communication bus, and after the connection is successful, sends distributed file access information requesting access to the album of the device B to the device B, where the distributed file access information includes an authentication result that can prove that the device a passes secondary authentication (fingerprint identification authentication), and the authentication result includes account information that passes the authentication this time. The media library of the device B inquires that the currently authenticated account number can access the album and the memorandum of the device B according to the authentication result information in the distributed file access information sent by the device A, and the device A only has read-only operation permission for the album and the memorandum of the device B, so that the device B can authorize the device A to read only the album of the device B.
Fig. 4e is a flowchart of a cross-device access control method according to another embodiment of the present application, and as shown in fig. 4e, the cross-device access control method may include the following steps:
step 411: when the media library of the access device requests access to the cross-device media data, the media library of the access device may determine whether the access device is currently within the authentication lifetime, if so, perform step 412, and if beyond, perform step 413.
Step 412: and the media library of the access device acquires the first access right through the authentication account, and accesses the target cross-device media data based on the first access right.
Step 413: and the media library of the access device acquires a second access right through the authentication identity mark and accesses the target media data based on the second access right.
Step 414: and determining whether the second access right corresponding to the authentication identity is successful in accessing the target media data across the devices, if the second access right is not successful in accessing, executing step 415, and if the second access right is successful in accessing, executing step 416.
Step 415: and executing secondary authentication, and updating the authentication time limit after the authentication is passed.
Step 416: and updating the authentication timeliness of the authentication identity.
In the embodiment shown in fig. 4e, after the user passes the first authentication (unlocking the screen), the user acquires the identity, and may mark the authenticated identity as an authentication identity.
In an implementation of step 411, the media library of device a may determine whether device a is currently within the authentication lifetime when device a requests access to the cross-device media data, and if so, perform step 412.
The specific implementation of step 412 is similar to the specific implementation of step 302 in the embodiment shown in fig. 4b, and is not described herein again.
In the implementation of step 413, if the media library of device a determines that the time when device a requests access to media data of device B across devices exceeds the authentication validity period of the previous authentication (t) 0 ~t e ) If the authentication time limit is exceeded, the media library of the device a may obtain the authorization of the authentication identity of the device B through the authentication identity. Specifically, the file system media library of the device a may initiate a connection to the device B through the communication bus, and send a cross-device access request (distributed access request) to the device B, where the cross-device access request (distributed access request) may include the authentication identifier. For example, a user currently using the device a is a child in a family member, the user identity of the currently using device a can be determined in an authentication stage (e.g., fingerprint identification), and after the user passes the authentication this time, the identification information of the device a passing the authentication this time, which is included in the authentication result, is an authentication identification of the "child". After receiving a cross-device access request (distributed access request) sent by a device a, a media library of a device B may perform access authentication according to an authentication identity in the cross-device access request (distributed access request) to query an access right of the authentication identity in the device B, and a media of the device BThe body library feeds back the access authority information of the inquired authentication identity in the equipment B to the distributed file system of the equipment B, and then the distributed file system of the equipment B can authorize the equipment A to access the corresponding authorized media data in the equipment B according to the access authority of the current authentication identity in the equipment B. After the distributed file system of the device B determines that the target media data to be accessed by the device A exceeds the access authority of the authentication identity, the authentication result (access failure) is fed back to the media library of the device A through the communication bus.
In the specific implementation of step 414, after determining whether the authentication identifier sent by the device a has the access right, the media library of the device B may feed back the authentication result to the device a through the communication bus, and the media library of the device a may determine whether the access is successful according to the authentication result fed back by the media library of the device B, and if the access is failed (that is, the authority corresponding to the authentication identifier is not authorized to access), perform the secondary authentication, and if the access is successful, update the validity of the authentication identifier.
The implementation of step 415 is similar to the implementation of step 303 in the embodiment shown in fig. 4b, and is not repeated herein.
In the specific implementation of step 416, if the access based on the authority corresponding to the authentication identifier is successful, the time limit of the authentication identifier is updated, that is, the time is counted after the access is successfully confirmed, and the time duration of the time counting may be the same as the time limit of the authentication after the first authentication or the time limit of the authentication after the second authentication.
For example, as shown in FIGS. 3, 4c, and 4f, device A is at t 3 Requesting cross-device access to device B's media data at a time, device A's media library determines t 3 When the time exceeds the valid authentication period, the media library of the device a can acquire the authorization of the device B for the authentication identity through the authentication identity. The equipment A initiates connection to the equipment B through a communication bus, and sends cross-equipment access request information requesting to access the album of the equipment B to the equipment B after the connection is successful, wherein the cross-equipment access request information comprises the authentication identity of the current user of the equipment A.
And the media library of the equipment B performs access authentication according to the authentication identity in the cross-equipment access request information sent by the equipment A so as to inquire the access authorization corresponding to the authentication identity, performs access authentication according to the authentication identity in the cross-equipment access request information sent by the equipment A, and feeds back the authentication result to the distributed file system of the equipment B. The authentication process of the media library of the device B comprises the following steps: and determining whether the media data requested to be accessed by the device A is in the access right (second access right) of the authentication identity in the distributed file access information sent by the device A, if so, passing the authentication, and if not, failing to pass the authentication. Specifically, if the authentication identifier of the device a can access the album of the device B, and the device a only has a read-only operation right to the album of the device B, and the target media file to be accessed of the device a is the album, the authentication passes, and the device B media library feeds back the authentication result to the distributed file system of the device B, where the authentication result may include that the authentication identifier in the distributed file access information sent by the device a passes the authentication, and the access right of the authentication identifier includes that the current user of the device a can access the album of the device B, and the device a only has a read-only operation right to the album of the device B. After the distributed file system of the device B determines the access authority of the device A to the device B, corresponding media data is opened to the device A according to the access authority, so that the device A can perform cross-device access.
If the media library of the device A determines that the time when the device A requests the media data of the cross-device access device B exceeds the authentication valid period (t) of the previous authentication 0 ~t e ) And if the access is failed through the authentication identity of the device a (the media library of the device a acquires the authentication failure message sent by the media library of the device B, that is, the target media data cannot be accessed based on the right corresponding to the authentication identity), the media library of the device a may perform the secondary authentication. The authentication method of the secondary authentication may include, but is not limited to, a code scanning method, a password method, a face brushing method, a fingerprint method, a voice method, and the like. After the user passes the secondary authentication, the media library of device a may update the authentication age, and the media library of device a may initiate a connection to device B over the communication busAnd then, sending a cross-device access request (distributed access request) to the device B, where the cross-device access request (distributed access request) may include an authentication result that can prove that the device a passes the secondary authentication, and the authentication result includes account information that passes the authentication this time. The media library of the device B receives the cross-device access request (distributed access request) sent by the device a, and then the media library of the device B can perform access authentication according to an authentication result in the cross-device access request (distributed access request) to query the access right of a corresponding account (an authentication identity after the current user passes the secondary authentication) in the device B, and feed back the queried access right information to the distributed file system of the device B, and then the distributed file system of the device B can authorize the device a to access corresponding authorized media data in the device B according to the access right of the current authentication identity in the device B.
It should be noted that, when the access right of the access device (device a) is configured by the accessed device (device B), a first access right of the authentication account of the device a and a second access right of the authentication identity of the device B may be configured separately, and the first access right and the second access right may be different, and in some embodiments, the first access right of the authentication account is higher than the second access right of the authentication identity. Therefore, when the device a obtains the second access right and accesses the device B through the authentication identity after exceeding the authentication time limit, there may be a possibility of failure in accessing the target file, and then after the access failure, the media library of the device a may perform secondary authentication on the current user, and after the user passes the secondary authentication, obtain the first access right of the authentication account authorized by the device B through the authentication result, and access the authorized media data of the device B after obtaining the first access right of the authentication account.
For example, as shown in FIGS. 3, 4c, and 4g, device A is at t 3 Requesting cross-device access to device B's media data at a time, device A's media library determines t 3 The time exceeds the authentication valid period, and the media library of the device A acquires a second access right through the authentication identity mark and accesses through the second access rightThe target file fails. In case of the access failure, the media library of device a may perform a second authentication to obtain a first access right with higher authority. Specifically, the device a may perform face identification authentication on a current user, after the user passes the face identification authentication, the device a initiates connection to the device B through the communication bus, and after the connection is successful, sends distributed file access information requesting access to the cached video in the third-party video APP of the device B to the device B, where the distributed file access information includes an authentication result that can prove that the device a passes secondary authentication (face identification authentication), and the authentication result includes account information that passes the authentication this time. The media library of the device B inquires the album, the memo, all the third-party video APPs and all the third-party web lessons APPs which can be accessed by the device A according to the authentication result information in the distributed file access information sent by the device A, the device A has read-write operation permission on the authorized media data in the device B, and then the device B can authorize the device A to access the cache video in the target video APP of the device B.
In any embodiment of the present application, after the device a monitors the screen locking event, the media library of the device a may empty the authentication account. And after the user unlocks the equipment A again, the authentication is passed and the authentication timeliness is updated. Further, in order to avoid frequently pulling up the secondary authentication interface, within the authentication timeliness of the device a, the authentication result triggered by any application is valid for other applications, and repeated authentication is not needed, so that good experience of the user is guaranteed. For example, a user requests cross-device access to media data of device B while using an instant messenger APP in device a, and device a is within an authentication period (within a first authentication period or within a second authentication period) and completes cross-device access in a social APP. When the user switches to the calendar program of the device A and requests the media data of the cross-device access device B again, if the device A is still within the authentication timeliness at the moment, the device A does not need to switch the application and perform secondary authentication again.
Fig. 5 is a flowchart of a cross-device access control apparatus according to still another embodiment of the present application, and as shown in fig. 5, the apparatus may include a processor 501 and a memory 502, where the memory 502 is used to store at least one instruction, and the instruction is loaded by the processor 501 and executed to implement the cross-device access control method according to the embodiment shown in fig. 4b or fig. 4 e.
Still another embodiment of the present application further provides an apparatus, which may include an apparatus body and the cross-apparatus access control device provided in the embodiment shown in fig. 5.
In an embodiment, the present application further provides a system, where the system may include at least two devices described above, and in an implementation manner, the at least two devices may log in using the same account. In another embodiment, the accounts on which the at least two devices log may be different. The architecture of the system may be as shown in fig. 2, but is not limited to the structure shown in fig. 2.
Still another embodiment of the present application further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the cross-device access control method provided in the embodiment shown in fig. 4b or fig. 4 e.
It should be noted that the terminal according to the embodiment of the present invention may include, but is not limited to, a Personal Computer (PC), a Personal Digital Assistant (PDA), a wireless handheld device, a Tablet Computer (Tablet Computer), a mobile phone, an MP3 player, an MP4 player, and the like.
It should be understood that the application may be an application program (native app) installed on the terminal, or may also be a web page program (webApp) of a browser on the terminal, which is not limited in this embodiment of the present invention.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the embodiments provided in the present invention, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions in actual implementation, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer-readable storage medium. The software functional unit is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) or a Processor (Processor) to execute some steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, an optical disk, or other various media capable of storing program codes.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and these modifications or substitutions do not depart from the spirit of the corresponding technical solutions of the embodiments of the present invention.

Claims (15)

1. A cross-device access control method, executed on a first device, the method comprising:
when cross-device media data is requested to be accessed, if the first device is determined to exceed the authentication timeliness currently, performing secondary authentication on the current user, and updating the authentication timeliness after the secondary authentication is passed; and
and sending cross-device access request information to the second device after the secondary authentication is passed, wherein the cross-device access request information comprises an authentication account passing the secondary authentication, so as to obtain a first access right through the authentication account, and cross-device access to target media data stored in the second device based on the first access right.
2. The method of claim 1, wherein the determining that the first device has currently exceeded an authentication age comprises:
determining whether the first device is currently within an authentication age of a last authentication, wherein the last authentication comprises a first authentication or the second authentication, and the first authentication comprises a screen unlocking authentication.
3. The cross-device access control method according to claim 2, wherein if it is determined that the first device currently exceeds an authentication age, performing secondary authentication on the current user comprises:
if the first equipment is determined to exceed the authentication timeliness currently and the second access authority corresponding to the authentication identity is determined to fail to access, performing secondary authentication on the current user, and updating the authentication timeliness after the secondary authentication is passed; and
and after the secondary authentication is passed, acquiring a first access right according to the authentication account passing the secondary authentication, and accessing the target media data stored in the second equipment in a cross-equipment mode based on the first access right.
4. The method of claim 3, wherein after the determining that the first device has currently exceeded the authentication age before the determining that the access right corresponding to the authentication-based identity fails, further comprising:
sending cross-device access request information to second equipment, wherein the cross-device access request information comprises an authentication identity, so that a second access right is obtained through the authentication identity, cross-device access is performed on target media data stored in the second equipment based on the second access right, and whether the target media data stored in the second equipment is successfully accessed or not is determined.
5. The method of claim 3, wherein before the obtaining the second access right by authenticating the identity, the method further comprises:
and marking the identity which passes the last authentication as the authentication identity.
6. The method of claim 5, wherein the marking the identity that passes the last authentication as the authentication identity comprises:
and acquiring the current user identity information in an authentication stage, and marking the identity label passing the latest authentication as the authentication identity label matched with the current user identity information.
7. The method of claim 5, further comprising, after said marking the identity that passed the last authentication as the authentication identity:
and if a screen locking event is monitored, clearing the authentication timeliness and the authentication identity identification.
8. The method of claim 4, wherein the determining whether the target media data stored in the second device is successfully accessed comprises:
acquiring an authentication result sent by the second equipment, and determining whether the access is successful according to the authentication result;
wherein, if the access fails, the authentication result comprises: prompt information of access failure and reason of access failure.
9. An access control method, performed in a second device, the method comprising:
acquiring cross-device access request information sent by first equipment, and if the cross-device access request information comprises an authentication account passing the secondary authentication, performing access authentication on the authentication account to determine a file or a folder accessible to the authentication account and operation authority of the file or the folder;
when it is determined that the target file requested to be accessed by the first device exceeds the access right of the account corresponding to the account information sent by the first device, authentication fails, and the access result of the first device is fed back to the first device according to the authentication result.
10. The method of claim 9, prior to the first device making cross-device access to the second device, further comprising:
configuring a device account and a user identity which can access media data of the second device to obtain one or more authorized accounts and one or more authorized identity identifications; and
configuring media data which can be accessed by the authorization account and the authorization identity, and configuring operation authority of the authorization account and the authorization identity to the accessible media data, wherein the operation authority comprises read-only authority or read-write authority.
11. The method of claim 10, wherein the configuring media data accessible to the authorized account comprises:
performing accessible authority configuration by taking single media data as granularity; or
Performing accessible authority configuration by taking the media data group as granularity;
wherein, the single media data is a single file, and the media data group is a single folder.
12. The method according to claim 11, wherein if the cross-device access request information includes an authentication identity, performing access authentication on the authentication account to determine a file or folder accessible by the authentication identity and an operation authority of the file or folder;
when it is determined that the target file requested to be accessed by the first device exceeds the access right of the account corresponding to the account information sent by the first device, authentication fails, and the access result of the first device is fed back to the first device according to the authentication result.
13. An access control apparatus, characterized in that the apparatus comprises:
a processor and a memory for storing at least one instruction which is loaded and executed by the processor to implement the cross device access control method of any of claims 1 to 8 or the access control method of any of claims 9 to 12.
14. An apparatus, characterized in that the apparatus comprises the access control device of claim 13.
15. A computer-readable storage medium on which a computer program is stored, the computer program, when executed by a processor, implementing a cross device access control method according to any one of claims 1 to 8 or an access control method according to any one of claims 9 to 12.
CN202110778214.1A 2021-07-09 2021-07-09 Access control method and device, equipment and storage medium Pending CN115600236A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202110778214.1A CN115600236A (en) 2021-07-09 2021-07-09 Access control method and device, equipment and storage medium
PCT/CN2022/101766 WO2023280009A1 (en) 2021-07-09 2022-06-28 Access control method and apparatus, device, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110778214.1A CN115600236A (en) 2021-07-09 2021-07-09 Access control method and device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN115600236A true CN115600236A (en) 2023-01-13

Family

ID=84801243

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110778214.1A Pending CN115600236A (en) 2021-07-09 2021-07-09 Access control method and device, equipment and storage medium

Country Status (2)

Country Link
CN (1) CN115600236A (en)
WO (1) WO2023280009A1 (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102142143B1 (en) * 2013-08-20 2020-08-06 삼성전자주식회사 System, apparaus and method for sharing electronic device
US10007779B1 (en) * 2015-09-29 2018-06-26 Amazon Technologies, Inc. Methods and systems for gradual expiration of credentials
CN107979571B (en) * 2016-10-25 2021-10-26 中国移动通信有限公司研究院 File use processing method, terminal and server
US10581842B2 (en) * 2017-03-30 2020-03-03 At&T Intellectual Property I, L.P. Seamless authentication device

Also Published As

Publication number Publication date
WO2023280009A1 (en) 2023-01-12

Similar Documents

Publication Publication Date Title
US9887846B2 (en) Information processing apparatus, information processing method, information processing program and information processing system
CN109600306B (en) Method, device and storage medium for creating session
JP6675163B2 (en) Authority transfer system, control method of authorization server, authorization server and program
CN109756915B (en) Wireless network management method and system
EP3386167B1 (en) Cloud operation interface sharing method, related device and system
JP6161827B2 (en) Preliminary authentication of client application accessing user account on content management system
JP6323994B2 (en) Content management apparatus, content management method and program
JP6331684B2 (en) Information processing apparatus, communication system, and program
US20210136061A1 (en) Authenticate a first device based on a push message to a second device
US11962428B2 (en) Meeting room reservation system and related techniques
JP2009181153A (en) User authentication system and method, program, medium
CN107145531B (en) Distributed file system and user management method of distributed file system
CN112507295A (en) Data processing method and system
US20220256438A1 (en) Role-based access control system
JP5353298B2 (en) Access authentication system, information processing apparatus, access authentication method, program, and recording medium
JP5903004B2 (en) Information processing apparatus and authorization information management method
JP2016024715A (en) Information processing device and program
CN113312588A (en) Method, device, equipment and storage medium for managing operation authority of online document
CN115600236A (en) Access control method and device, equipment and storage medium
US20230214508A1 (en) Systems and Methods to Provide Temporary Document Access for Secure File Sharing
US9201406B2 (en) Information processing apparatus, information processing method, and computer-readable recording medium storing a program
US7752318B2 (en) Method of exchanging secured data through a network
CN114202840B (en) Authentication control method, device and medium
KR100845309B1 (en) Method and Apparatus for controlling accessing right of contents
JP2003233595A (en) User authentifying system and method for cell phone terminal as well as user authentifying program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination