CN115842656A - Management and control method and device based on private data calling - Google Patents
Management and control method and device based on private data calling Download PDFInfo
- Publication number
- CN115842656A CN115842656A CN202211414288.8A CN202211414288A CN115842656A CN 115842656 A CN115842656 A CN 115842656A CN 202211414288 A CN202211414288 A CN 202211414288A CN 115842656 A CN115842656 A CN 115842656A
- Authority
- CN
- China
- Prior art keywords
- calling
- private data
- behavior sequence
- applet
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 230000006870 function Effects 0.000 claims abstract description 26
- 230000006399 behavior Effects 0.000 claims description 173
- 230000009471 action Effects 0.000 claims description 5
- 238000004590 computer program Methods 0.000 claims description 3
- 238000004891 communication Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000005034 decoration Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000011895 specific detection Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6281—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
Abstract
The specification provides a management and control method and a device based on private data calling, wherein calling authorities of small programs are configured in advance according to basic functions of the small programs, and the calling authorities are used for describing legal behavior sequences and/or illegal behavior sequences corresponding to the small programs calling various private data; the method comprises the steps of obtaining an actual behavior sequence of a target small program operated before calling privacy data; and determining whether the target small program is prohibited from calling the private data or not by using the acquired behavior sequence, the type of the private data and the preset calling authority of the target small program.
Description
Technical Field
The present specification relates to the technical field of information security, and in particular, to a method and an apparatus for managing and controlling based on private data call.
Background
The applet technology allows a user to directly use services of other applications on a platform-type application without downloading the other applications, wherein the other applications are supported on the platform-type application in an applet form and can enjoy the user on the platform-type application.
The applet needs to call the user data to perform business processing during the operation process, wherein the user data includes some conventional data and some data which is very valuable to the user, such as privacy data of the user. Since each applet acquires the private data of the user on the platform-type application, for the platform-type application, if the behavior of acquiring the private data by the applet is not controlled, a serious potential safety hazard is undoubtedly generated.
Disclosure of Invention
In view of the above technical problems, the present specification provides a method and an apparatus for managing and controlling calling private data, where the technical scheme is as follows:
according to a first aspect of the present description, a control method for calling privacy data is provided, where a calling authority of each applet is configured in advance, where the calling authority is used to describe a legal behavior sequence and/or an illegal behavior sequence corresponding to calling of various privacy data by the applet; the method is applied to a platform type application server side and comprises the following steps:
the method for acquiring the actual behavior sequence of the target applet operated before calling the private data comprises the following steps: receiving the actual behavior sequence uploaded by the platform type application client, the type of the privacy data and the identification of the target small program;
and determining whether the target small program is prohibited from calling the private data or not by using the acquired behavior sequence, the type of the private data and the preset calling authority of the target small program.
According to a second aspect of the present specification, there is provided a management and control apparatus for calling private data, where the management and control apparatus is configured with a calling authority of each applet in advance, and the calling authority is used to describe a legal behavior sequence and/or an illegal behavior sequence corresponding to calling of each private data by the applet; the device is applied to platform type application server side, includes:
the behavior sequence acquisition module is used for acquiring a behavior sequence operated by a target small program before calling the private data, and is specifically used for receiving the behavior sequence uploaded by the platform type application client, the type of the private data and the identification of the target small program;
and the calling behavior management and control module is used for determining whether the target applet is prohibited from calling the private data or not by utilizing the acquired behavior sequence, the type of the private data and the preset calling authority of the target applet.
In this specification, the platform application may manage and control the behavior of invoking the private data by the applet according to a behavior sequence that runs before the applet invokes the private data of the user, so that the behavior of invoking the private data by the applet is more refined and flexible, that is, the applet is not completely prohibited from acquiring certain private data, or is completely allowed to acquire certain private data, but the applet starts from an actual situation according to a basic function of the applet to determine whether each applet really needs to acquire the private data, and then performs management and control, thereby ensuring the security of the private data, and ensuring that the applet can perform normal service processing.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the specification.
Drawings
In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the embodiments of the present specification, and other drawings can be obtained by those skilled in the art according to these drawings.
FIG. 1 is a schematic diagram of a network architecture of a platform application and an applet according to an embodiment of the present disclosure;
fig. 2 is a flowchart illustrating a method for managing and controlling private data call according to an embodiment of the present specification;
FIG. 3 is a flow diagram illustrating another method for managing invocation of private data, in accordance with an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a device for managing and controlling private data calls according to an embodiment of the present specification;
fig. 5 is a schematic structural diagram of another privacy data invocation management device according to an embodiment of the present specification;
fig. 6 is a schematic diagram of a device for configuring an apparatus according to an embodiment of the present disclosure.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the embodiments of the present specification, the technical solutions in the embodiments of the present specification will be described in detail below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of protection.
The terminology used in the description herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the description. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the present specification. The word "if," as used herein, may be interpreted as "at \8230; \8230when" or "when 8230; \823030when" or "in response to a determination," depending on the context.
The platform type application generally refers to a platform with a large number of users, and other applications usually cooperate with the platform type application in order to expand business or increase user base number, and are supported on the platform type application in a small program form to enjoy a user group of the platform type application.
The applet can be regarded as an application with light-weight running data, and in order to reduce the data development amount and the data maintenance amount of the applet, the platform type application usually provides some complex functions of the applet for each applet to use, that is, each applet does not need to configure the complex functions locally, and the complex functions provided by the platform type application can be called through an interface provided by the platform type application. Meanwhile, in the running process of the applet, the data of the user needs to be called for service processing, and because the user is a user of the platform type application, the applet also needs to acquire the data of the user through an interface provided by the platform type application, wherein the data of the user not only includes some conventional data, but also includes some data which is very valuable to the user, such as privacy data of the user. Therefore, the platform application is used as a manager, and if the behavior of calling the user privacy data by each applet is not managed, serious potential safety hazards are undoubtedly generated.
A schematic architecture diagram of a platform-type application client and applets is shown in fig. 1, where multiple applets are typically supported in a platform-type application, and the platform-type application client is generally responsible for managing privacy data of a user, where the privacy data of the user includes location information, address book information, device information, account information, transaction information, and the like of the user. The applet invokes the user's private data through an interface provided by the platform-type application and needs to export the data through an export provided by the platform-type application.
At present, the management and control method for acquiring user privacy data from an applet by a platform application is as follows: the method includes allowing a user to set the authority of the applet by himself, for example, when the user uses the applet for the first time, popping up prompt information in a dialog box mode, prompting the user to set the authority of the applet for obtaining private data, for example, popping up prompt information including 'whether the XX applet is allowed to access an address book', 'whether the XX applet is allowed to access a geographic position', and generating the authority of the applet according to the operation of the user. For example, for the prompt message "whether XX applet is allowed to access the address book", if the user selects "yes", a piece of authority information that can access the address book is generated for the applet.
After the authority of the applet is generated, the private data calling behavior of the applet can be managed and controlled according to the authority of the applet.
The applet needs to acquire the private data through the interface provided by the platform type application, so that when the interface detects that the applet needs to acquire the private data, whether the applet has the authority to call the private data or not can be determined based on the pre-generated authority of the applet and the type of the private data which the applet needs to acquire. If so, the applet is allowed to obtain the private data through the interface, and if not, the applet is prohibited from obtaining the private data through the interface.
It can be seen that in the current management and control mode, a management and control authority is set from a applet dimension, and a behavior of calling private data of the applet is managed and controlled based on the management and control authority, and the management and control granularity is coarse and not fine enough.
The security of the management and control in the above manner is also low, for example, for a certain applet with a telephone fee recharging function, a user needs to set the applet to obtain address book data, and after the setting is completed. The applet can access the address book data at any time, namely the applet can still access the address book at any time to acquire the data in the address book when a user does not need recharging, which is undoubtedly a safety hidden danger for the user, and meanwhile, for a manager, namely platform type application, the applet does not protect the privacy data of the user.
In addition, the applet cannot be directly prohibited from acquiring the private data of the user due to the security problem, which may cause the applet to fail to perform normal service processing.
Therefore, for the platform-type application, a method with high security, strong flexibility and finer control granularity is lacked for controlling the behavior of calling the user private data by the applet.
In view of the above problems, the present specification proposes:
the calling authority of each applet is configured in advance, the calling authority comprises a behavior sequence which specifies that the applet can obtain various privacy data through which behavior sequence, when the behavior of calling the privacy data by the target applet is controlled, the behavior sequence which is run by the target applet before calling the privacy data can be obtained, and then whether the target applet is forbidden to call the privacy data is determined according to the obtained behavior sequence and the preconfigured calling authority of the target applet.
As shown in fig. 2, a method for managing and controlling based on private data call is proposed in the present specification, and the method is applied to a platform-type application.
Presetting calling authority of each small program, wherein the calling authority is used for describing legal behavior sequences and/or illegal behavior sequences corresponding to various private data called by the small program;
when the small program is installed in a platform type application, according to the basic functions of the small program, it can be determined which users' private data need to be acquired by the small program, and what functions need to be acquired when executing the private data.
And automatically generating the calling authority of the small program according to the determined information, wherein the calling authority can comprise a legal behavior sequence and/or an illegal behavior sequence for the small program to acquire various private data.
Taking a taxi-taking applet as an example, the applet needs to acquire the position information of a user when executing a function of calling a vehicle; at the end of the journey, account information of the user needs to be acquired for settlement. The applet does not need to obtain other user privacy data than location information, account information.
Then, the calling authority of the taxi-taking applet can be generated according to the determined information, and the generated calling authority can be as shown in table 1:
TABLE 1
In the above example, the calling authority including the legal behavior sequence of the applet is automatically generated, but certainly, the illegal behavior sequence may also be automatically generated, and still taking the taxi taking applet as an example, the illegal behavior sequence may be starting the applet, viewing a historical order, and acquiring location information; open an applet-evaluate the order-obtain location information, etc.
It is to be understood that the legal behavior sequence and the illegal behavior sequence in the above examples are only illustrative, and in practical applications, a plurality of legal behavior sequences and/or illegal behavior sequences may be automatically generated according to the basic function of each applet, wherein a plurality of legal behavior sequences and/or illegal behavior sequences may exist for each kind of privacy data.
Meanwhile, the platform type application can synchronously update legal behavior sequences and/or illegal behavior sequences in the calling authority of the small program according to the updating content of the basic function after the basic function of the small program is updated.
Still taking the taxi taking applet as an example, for example, if the basic function of "adding an emergency contact" is added to the taxi taking applet, a legal behavior sequence of starting the applet, adding the emergency contact and acquiring the address book information can be correspondingly added to the calling authority of the taxi taking applet.
Or after the small program closes some basic functions, the legal behavior sequence and/or the illegal behavior sequence in the calling authority of the taxi cab small program can be correspondingly updated.
By adopting the mode, the platform type application can update the content according to the basic function of the small program, dynamically update the calling authority of the small program and meet the normal calling requirement of the private data of the small program.
After the calling authority of each applet is configured in advance, the platform-type application client can use the calling authority to manage and control the behavior of the target applet for acquiring the user privacy data, and basically, the following steps are executed during each management and control:
s201, acquiring an actual behavior sequence of a target applet operated before calling privacy data;
the target applet needs to acquire the private data through an interface provided by the platform type application, so that the platform type application client can acquire the actual behavior sequence when detecting that the applet sends a private data acquisition request at the interface;
s202, determining whether to prohibit the target small program from calling the privacy data or not by using the acquired actual behavior sequence, the type of the privacy data and the preset calling authority of the target small program.
In an embodiment, if the calling authority only includes a legal behavior sequence of the target applet calling various kinds of private data, in this step, it may be determined whether the obtained actual behavior sequence of the applet is one of the legal behavior sequences in the calling authority, and if so, it is determined that the target applet specifically obtains the authority of the private data through the behavior sequence, and the target applet is allowed to call the private data. If not, the target applet is prohibited from invoking the private data.
Taking the taxi taking applet and table 1 as examples, the behavior sequence executed by the taxi taking applet before obtaining the private data may be obtained, for example, the obtained actual behavior sequence of the applet is "start applet-start taxi calling", the type of the private data to be obtained is location information, the obtained implementation behavior sequence of the applet may be determined, the implementation behavior sequence is one of legal behavior sequences of the taxi taking applet, the taxi taking applet is determined to have the authority to call the location information through the behavior sequence, and the taxi taking applet is further allowed to obtain the location information.
In one embodiment, if only the illegal behavior sequence that the target applet calls various private data is included in the calling authority, in this step, it may be determined whether the obtained implementation behavior sequence of the applet is one of the illegal behavior sequences in the calling authority, and if so, it is determined that the target applet does not have the authority to obtain the private data through the behavior sequence, and the target applet is prohibited from calling the private data. If not, the target applet is allowed to invoke the privacy data.
In one embodiment, if the calling authority includes both a legal behavior sequence of the target applet calling various private data and an illegal behavior sequence, in order to ensure security, it may be determined whether the obtained implementation behavior sequence of the applet is one of the legal behavior sequences in the calling authority, and if so, it is determined that the target applet specifically obtains the authority of the private data through the behavior sequence, and the target applet is allowed to call the private data. If not, the target applet is directly prohibited from invoking the private data. I.e. only with legal sequences of actions in the invocation rights.
Of course, the method described in fig. 3 can also be performed using both legal and illegal action sequences; considering that most behaviors for calling the private data are legal, in order to improve efficiency, S301 may be executed first, that is, it is determined whether the obtained actual behavior sequence of the applet is one of the legal behavior sequences in the calling authority, if so, S304 is executed, that is, the target applet is allowed to call the private data, and since most behaviors for calling the private data are legal, most private data calling behaviors are only executed S304. If not, executing S302, namely determining whether the acquired implementation behavior sequence of the applet is one of illegal behavior sequences in the calling authority, if so, executing S305, namely directly prohibiting the target applet from calling the privacy data, if not, executing S303, namely reporting to the user, determining whether the applet can acquire the privacy data currently by the user, for example, popping up in a dialog box to 'whether the target applet is allowed to acquire your XX data through the XX behavior sequence', and providing the dialog box to a corresponding operation interface of the user so that the applet can perform input according to the operation interface, and after the user inputs, determining whether the target applet is prohibited from calling the privacy data according to the input of the user.
And after the execution, dynamically updating the calling authority of the target small program according to the input of the user, wherein the updating mode can be that the obtained behavior sequence is configured as an illegal behavior sequence in the calling authority of the small program after the user selects and does not allow the behavior sequence, or the obtained behavior sequence is configured as a legal behavior sequence in the calling authority of the small program after the user selects and allows the behavior sequence.
By adopting the method, under the uncertain condition, the user can determine whether to allow the applet to call the private data according to the actual requirement of the user, and dynamically configure the calling authority of the target applet.
In this specification, the behavior of calling the private data by the applet can be managed and controlled according to the behavior sequence running before the applet calls the private data of the user, so that the management and control of obtaining the private data by the applet are more refined and flexibly achieved, that is, the applet is not completely prohibited from obtaining certain private data, or the applet is completely allowed to obtain certain private data, but whether each applet really needs to obtain the private data or not is determined according to the basic function of the applet from the practical situation, and then management and control are performed, so that the safety of the private data is ensured, and meanwhile, the applet can be guaranteed to perform normal service processing.
Considering that the applet depends on the platform application, the applet needs to call a network outlet of the platform application to send out data, and if the applet obtains the private data only through the interface without sending out the private data, the privacy is not revealed to the user, so that the foregoing S201 may also be executed at the network outlet, that is, after the target applet obtains the private data, when the private data is sent out through the network outlet, the behavior sequence is obtained, that is, the actual behavior sequence run by the target applet before calling the private data is obtained.
And if the target small program is determined not to have the authority to call the private data through the actual behavior sequence, forbidding the target small program to send the private data out.
In this way, when it is detected that the applet needs to call a network outlet to send out data, the outgoing behavior of the applet is intercepted, whether the applet sends out private data is detected, and other data sent out by the applet is not sensed, that is, specific data content of other data sent out by the applet is not known. The specific detection means can refer to the related art, and the detailed description is omitted. In the event that it is determined that the target applet is to send out private data, a category of the private data may be further obtained and it may be determined whether to prohibit the target applet from sending out such private data.
In addition, considering that the local processing performance of the platform-type application client may be poor, S201 and S202 may also be executed by the platform-type application server, that is, the platform-type application server may receive the actual behavior sequence uploaded by the platform-type application client, the category of the private data, and the identifier of the target applet;
the platform-type application client may be an actual behavior sequence that is executed by the acquired target applet before calling the private data at the interface or the network outlet.
If the platform type application server side determines that the target small program does not have the authority of calling the privacy data through the actual behavior sequence, generating an instruction for forbidding the target small program to call the privacy data; wherein, reference is made to the above for determining whether the right is available, and the detailed description is omitted here.
And sending the instruction to the platform type application client so that the platform type application client executes the instruction.
If the platform type application client is an actual behavior sequence which is obtained by the target applet at the interface and runs before the private data is called, the platform type application server can issue an instruction which allows or forbids the target applet to obtain the private data;
if the platform-type application client is the actual behavior sequence of the target applet obtained at the exit and run before calling the private data, the platform-type application server may issue an instruction to allow or prohibit the target applet from issuing the private data.
Of course, the platform-type application server may also directly issue an instruction that allows or prohibits the target applet from acquiring and issuing the private data without knowing the behavior sequence where the client is.
After receiving the instruction, the platform type application client can allow or prohibit the target applet to acquire and send out the private data according to the instruction.
By adopting the method, the call authority and the main call behavior management and control function do not need to be deployed at the client, but are deployed at the server, so that the pressure of the platform type application client is reduced.
As shown in fig. 4, corresponding to the foregoing method for managing and controlling based on private data call, the present specification further provides a device for managing and controlling based on private data call, where the calling authority of each applet is configured in advance according to the basic function of each applet, and the calling authority is used to describe a legal behavior sequence and/or an illegal behavior sequence corresponding to the applet calling various private data; the device comprises:
a behavior sequence obtaining module 410, configured to obtain a behavior sequence that is run by the target applet before invoking the private data;
the calling behavior control module 420 is configured to determine whether to prohibit the target applet from calling the private data by using the obtained behavior sequence, the type of the private data, and a preset calling authority of the target applet.
In one embodiment, the device is deployed on a platform-type application client,
the behavior sequence obtaining module 410 is specifically configured to obtain the behavior sequence when detecting that the applet sends a private data obtaining request;
the invoking behavior management and control module 420 is specifically configured to prohibit the target applet from acquiring the private data when it is determined that the target applet does not have the authority to invoke the private data through the behavior sequence.
In one embodiment, the device is deployed on a platform-type application client,
the behavior sequence obtaining module 410 is specifically configured to obtain the behavior sequence when the target applet sends the private data out through a network outlet after obtaining the private data;
the invoking behavior management and control module 420 is specifically configured to prohibit the target applet from issuing the private data when it is determined that the target applet does not have the authority to invoke the private data through the behavior sequence.
In one embodiment, the calling authority of the target applet comprises a legal behavior sequence corresponding to calling of various private data by the target applet;
the invoking behavior control module 420 is specifically configured to determine that the target applet does not have the authority to invoke the type of privacy data through the behavior sequence, when the obtained behavior sequence does not invoke any legal behavior sequence of the type of privacy data for the target applet included in the invoking authority.
As shown in fig. 5, in an embodiment, the apparatus further includes a calling authority updating module 430, configured to update the legal behavior sequence and/or the illegal behavior sequence in the calling authority of the target applet synchronously according to the updated content of the basic function of the target applet after the basic function of the target applet is updated.
In one embodiment, the device is deployed on a platform type application server,
the behavior sequence obtaining module 410 is specifically configured to receive the behavior sequence uploaded by the platform-type application client, the type of the private data, and the identifier of the target applet;
the calling behavior management and control module 420 is specifically configured to generate an instruction for prohibiting the target applet from calling the private data if it is determined that the target applet does not have the authority to call the private data through the behavior sequence; and sending the instruction to the platform type application client so that the platform type application client executes the instruction.
In an embodiment, the call behavior management and control module 420 is specifically configured to issue the generated instruction to the platform application client, so that the platform application client prohibits the target applet from acquiring and/or sending out the privacy data.
In one embodiment, the calling authority of the target applet comprises a legal behavior sequence and an illegal behavior sequence corresponding to calling of various privacy data by the target applet;
the calling behavior management and control module 420 is further configured to determine whether the obtained actual behavior sequence calls any legal behavior sequence of the kind of privacy data for the target applet included in the calling authority;
under the condition that the calling authority is not any legal behavior sequence, determining whether the actual behavior sequence is any illegal behavior sequence of calling the private data for the target small program included in the calling authority;
under the condition that any illegal action sequence is not available, an operation interface is provided for a user;
and determining whether to prohibit the target small program from calling the private data or not according to an input result of the user through the operation interface.
The calling behavior management and control module 420 is further configured to update the calling permission of the target applet according to the input result of the user through the operation interface.
The implementation processes of the functions and actions of the components in the above device are specifically described in the implementation processes of the corresponding steps in the above method, and are not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described apparatus embodiments are merely illustrative. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution in the specification. One of ordinary skill in the art can understand and implement without inventive effort.
Embodiments of the present specification also provide a computer device, which at least includes a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the aforementioned method when executing the program. The method at least comprises the following steps:
acquiring an actual behavior sequence of a target small program operated before calling privacy data;
and determining whether the target small program is prohibited from calling the private data or not by using the acquired behavior sequence, the type of the private data and the preset calling authority of the target small program.
Fig. 6 is a schematic diagram illustrating a more specific hardware structure of a computing device according to an embodiment of the present disclosure, where the computing device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static storage device, a dynamic storage device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.
The input/output interface 1030 is used for connecting an input/output module to input and output information. The i/o module may be configured as a component within the device (not shown) or may be external to the device to provide corresponding functionality. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present apparatus and other apparatuses. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, bluetooth and the like).
It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
Embodiments of the present specification also provide a computer-readable storage medium on which a computer program is stored, which when executed by a processor implements the foregoing method. The method at least comprises the following steps:
acquiring an actual behavior sequence of a target small program operated before calling privacy data;
and determining whether the target small program is prohibited from calling the private data or not by using the acquired behavior sequence, the type of the private data and the preset calling authority of the target small program.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
From the above description of the embodiments, it is clear to those skilled in the art that the embodiments of the present disclosure can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the embodiments of the present specification may be essentially or partially implemented in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments of the present specification.
The systems, apparatuses, modules or units described in the above embodiments may be specifically implemented by a computer chip or an entity, or implemented by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus embodiment, since it is substantially similar to the method embodiment, it is relatively simple to describe, and reference may be made to some descriptions of the method embodiment for relevant points. The above-described apparatus embodiments are merely illustrative, and the modules described as separate components may or may not be physically separate, and the functions of the modules may be implemented in one or more software and/or hardware when implementing the embodiments of the present disclosure. And part or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
The foregoing is only a specific embodiment of the embodiments of the present disclosure, and it should be noted that, for those skilled in the art, a plurality of modifications and decorations can be made without departing from the principle of the embodiments of the present disclosure, and these modifications and decorations should also be regarded as the protection scope of the embodiments of the present disclosure.
Claims (14)
1. A control method based on private data calling is characterized in that calling authorities of small programs are configured in advance, wherein the calling authorities are used for describing legal behavior sequences and/or illegal behavior sequences corresponding to calling of various private data by the small programs; the method is applied to a platform type application server side and comprises the following steps:
the method for acquiring the actual behavior sequence of the target applet operated before calling the private data comprises the following steps: receiving the actual behavior sequence uploaded by the platform type application client, the type of the privacy data and the identification of the target small program;
and determining whether the target small program is prohibited from calling the private data or not by using the acquired behavior sequence, the type of the private data and the preset calling authority of the target small program.
2. The method of claim 1, wherein the pre-configuring the invocation authority of each applet comprises: and pre-configuring the calling authority of each small program according to the basic function of each small program.
3. The method of claim 1, further comprising: it is determined whether the target applet has invocation authority for the private data.
4. The method of claim 1, the sequence of actual behaviors comprising: and the platform type application client acquires the actual behavior sequence of the target applet operated before calling the private data at the interface or the network outlet.
5. The method of claim 1, wherein the obtaining of the actual sequence of behaviors that the target applet runs prior to obtaining the private data comprises:
receiving the actual behavior sequence uploaded by the platform type application client, the type of the privacy data and the identification of the target small program; the actual behavior sequence is acquired by the platform type application client when detecting that the small program sends a privacy data acquisition request;
the determining whether to prohibit the target applet from calling the private data by using the obtained actual behavior sequence, the type of the private data, and the pre-configured calling authority of the target applet includes:
and if the target small program is determined not to have the authority of calling the private data through the actual behavior sequence, prohibiting the target small program from acquiring the private data.
6. The method of claim 1, the obtaining an actual sequence of behaviors that a target applet runs before obtaining private data, comprising:
receiving the actual behavior sequence uploaded by the platform type application client, the type of the privacy data and the identification of the target small program; the actual behavior sequence is obtained by the platform type application client when the privacy data is sent out through a network outlet after the target applet obtains the privacy data;
the determining whether to prohibit the target applet from calling the private data by using the obtained actual behavior sequence, the type of the private data, and the pre-configured calling authority of the target applet includes:
and if the target small program is determined not to have the authority to call the private data through the actual behavior sequence, forbidding the target small program to send the private data out.
7. The method of claim 5 or 6, wherein the calling authority of the target applet comprises a legal behavior sequence corresponding to the calling of various privacy data by the target applet;
said determining that the target applet does not have permission to invoke the type of private data through the actual sequence of behaviors includes:
and if the obtained actual behavior sequence does not call any legal behavior sequence of the privacy data for the target applet included in the calling authority, determining that the target applet does not have the authority to call the privacy data through the actual behavior sequence.
8. The method of claim 1, further comprising:
and after the basic function of the target small program is updated, synchronously updating a legal behavior sequence and/or an illegal behavior sequence in the calling authority of the target small program according to the basic function updating content of the target small program.
9. The method of claim 1, wherein the determining whether to prohibit the target applet from calling the private data by using the obtained actual behavior sequence, the type of the private data, and the pre-configured calling authority of the target applet comprises:
if the target small program is determined not to have the authority of calling the privacy data through the actual behavior sequence, generating an instruction for forbidding the target small program to call the privacy data;
and sending the instruction to the platform type application client so that the platform type application client executes the instruction.
10. The method of claim 9, wherein issuing the instruction to the platform-based application client to cause the platform-based application client to execute the instruction comprises:
and issuing the generated instruction to a platform type application client so that the platform type application client prohibits the target applet from acquiring and/or issuing the privacy data.
11. The method of claim 1, wherein the calling authority of the target applet comprises a legal behavior sequence and an illegal behavior sequence corresponding to the calling of various privacy data by the target applet; the method further comprises the following steps:
determining whether the obtained actual behavior sequence calls any legal behavior sequence of the privacy data for the target applet included in the calling authority;
under the condition that the real behavior sequence is not any legal behavior sequence, determining whether the real behavior sequence is any illegal behavior sequence of the target small program included in the calling authority calling the privacy data;
under the condition that any illegal action sequence is not available, an operation interface is provided for a user;
and determining whether to prohibit the target applet from calling the private data according to an input result of the user through the operation interface.
12. The method of claim 11, further comprising:
and updating the calling authority of the target small program according to the input result of the user through the operation interface.
13. A management and control device based on private data calling is characterized in that calling authorities of small programs are configured in advance, wherein the calling authorities are used for describing legal behavior sequences and/or illegal behavior sequences corresponding to the small programs calling various private data; the device is applied to platform type application server side, includes:
the behavior sequence acquisition module is used for acquiring a behavior sequence which is run by a target small program before calling the private data, and is specifically used for receiving the behavior sequence uploaded by the platform type application client, the type of the private data and the identification of the target small program;
and the calling behavior management and control module is used for determining whether the target applet is prohibited from calling the private data or not by utilizing the acquired behavior sequence, the type of the private data and the preset calling authority of the target applet.
14. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements at least the method of claim 1 when executing the program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211414288.8A CN115842656A (en) | 2021-01-07 | 2021-01-07 | Management and control method and device based on private data calling |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211414288.8A CN115842656A (en) | 2021-01-07 | 2021-01-07 | Management and control method and device based on private data calling |
| CN202110018496.5A CN112765654B (en) | 2021-01-07 | 2021-01-07 | Management and control method and device based on private data calling |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110018496.5A Division CN112765654B (en) | 2021-01-07 | 2021-01-07 | Management and control method and device based on private data calling |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115842656A true CN115842656A (en) | 2023-03-24 |
Family
ID=75700641
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211414288.8A Pending CN115842656A (en) | 2021-01-07 | 2021-01-07 | Management and control method and device based on private data calling |
| CN202110018496.5A Active CN112765654B (en) | 2021-01-07 | 2021-01-07 | Management and control method and device based on private data calling |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110018496.5A Active CN112765654B (en) | 2021-01-07 | 2021-01-07 | Management and control method and device based on private data calling |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN115842656A (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114201776A (en) * | 2021-07-29 | 2022-03-18 | 支付宝(杭州)信息技术有限公司 | Method and device for hiding user identity aiming at target applet |
| CN114217931B (en) * | 2021-12-21 | 2022-07-15 | 广州瑞修得信息科技有限公司 | Application program management method and intelligent repair system for user terminal |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140259096A1 (en) * | 2011-08-31 | 2014-09-11 | Debmalya BISWAS | Method and apparatus for privacy policy management |
| CN104462961A (en) * | 2014-12-24 | 2015-03-25 | 北京奇虎科技有限公司 | Mobile terminal and privacy permission optimizing method thereof |
| CN110309661A (en) * | 2019-04-19 | 2019-10-08 | 中国科学院信息工程研究所 | A kind of sensitive data access right management method and device based on control stream |
| CN111259421A (en) * | 2020-01-15 | 2020-06-09 | 奇安信科技集团股份有限公司 | Privacy authority anti-disclosure processing method and device, electronic equipment and storage medium |
| CN112035881A (en) * | 2020-11-03 | 2020-12-04 | 支付宝(杭州)信息技术有限公司 | Privacy protection-based application program identification method, device and equipment |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103716313B (en) * | 2013-12-24 | 2016-07-13 | 中国科学院信息工程研究所 | A kind of user privacy information guard method and system |
| CN109214178B (en) * | 2017-06-30 | 2021-03-16 | 中国电信股份有限公司 | APP application malicious behavior detection method and device |
| CN110826006B (en) * | 2019-11-22 | 2021-03-19 | 支付宝(杭州)信息技术有限公司 | Abnormal collection behavior identification method and device based on privacy data protection |
| CN111680287B (en) * | 2020-08-14 | 2020-11-13 | 支付宝(杭州)信息技术有限公司 | Application program detection method and device based on user privacy protection |
-
2021
- 2021-01-07 CN CN202211414288.8A patent/CN115842656A/en active Pending
- 2021-01-07 CN CN202110018496.5A patent/CN112765654B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140259096A1 (en) * | 2011-08-31 | 2014-09-11 | Debmalya BISWAS | Method and apparatus for privacy policy management |
| CN104462961A (en) * | 2014-12-24 | 2015-03-25 | 北京奇虎科技有限公司 | Mobile terminal and privacy permission optimizing method thereof |
| CN110309661A (en) * | 2019-04-19 | 2019-10-08 | 中国科学院信息工程研究所 | A kind of sensitive data access right management method and device based on control stream |
| CN111259421A (en) * | 2020-01-15 | 2020-06-09 | 奇安信科技集团股份有限公司 | Privacy authority anti-disclosure processing method and device, electronic equipment and storage medium |
| CN112035881A (en) * | 2020-11-03 | 2020-12-04 | 支付宝(杭州)信息技术有限公司 | Privacy protection-based application program identification method, device and equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112765654A (en) | 2021-05-07 |
| CN112765654B (en) | 2022-09-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9104840B1 (en) | Trusted security zone watermark | |
| US9226145B1 (en) | Verification of mobile device integrity during activation | |
| CN110046023B (en) | Data processing method and system based on intelligent contract of block chain | |
| US10885218B2 (en) | Privacy protection method and terminal device | |
| CN110009321B (en) | Transfer method and system based on block chain intelligent contract | |
| CN106330958B (en) | Secure access method and device | |
| CN112765654B (en) | Management and control method and device based on private data calling | |
| CN112765655B (en) | Control method and device based on private data outgoing | |
| CN110048846B (en) | Signature verification method and system based on block chain intelligent contract | |
| EP2744244A1 (en) | Method for managing charge security and mobile terminal | |
| US10733685B1 (en) | Private information disclosure consent management system | |
| CN110738473B (en) | Wind control method, system, device and equipment | |
| US20150356283A1 (en) | User Configurable Profiles for Security Permissions | |
| CN109271211B (en) | Method, device, equipment and medium for separating application program | |
| US20140310606A1 (en) | Method and device for providing plugin in contact list | |
| US11570611B2 (en) | Electronic device, external electronic device, and method for managing eSIM of external electronic device | |
| CN102426639A (en) | Information safety monitoring method and device | |
| US9628939B2 (en) | Data calling method and device | |
| CN109117605B (en) | Authentication method, device and equipment thereof and storage medium | |
| CN110727941A (en) | Private data protection method and device, terminal equipment and storage medium | |
| CN106162505B (en) | Soft SIM communication method, device and terminal | |
| CN108920159B (en) | Security upgrading method and device and electronic equipment | |
| CN110619221A (en) | Virtual authorization method, device, terminal equipment and storage medium | |
| WO2017003885A1 (en) | Brokered advanced pairing | |
| US20100100938A1 (en) | Method and apparatus for managing service lists |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |