WO2013075418A1 - Method for controlling right to use of connection function, and mobile terminal - Google Patents

Method for controlling right to use of connection function, and mobile terminal Download PDF

Info

Publication number
WO2013075418A1
WO2013075418A1 PCT/CN2012/071535 CN2012071535W WO2013075418A1 WO 2013075418 A1 WO2013075418 A1 WO 2013075418A1 CN 2012071535 W CN2012071535 W CN 2012071535W WO 2013075418 A1 WO2013075418 A1 WO 2013075418A1
Authority
WO
WIPO (PCT)
Prior art keywords
connection function
application software
permission
control
control policy
Prior art date
Application number
PCT/CN2012/071535
Other languages
French (fr)
Chinese (zh)
Inventor
雷明剑
王巍
徐立锋
古幼鹏
钟声
胡炜
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2013075418A1 publication Critical patent/WO2013075418A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/66Substation equipment, e.g. for use by subscribers with means for preventing unauthorised or fraudulent calling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/128Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72448User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions
    • H04M1/72463User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions to restrict the functionality of the device

Definitions

  • the present invention relates to an access control technology in a mobile terminal, and more particularly to a method and a mobile terminal for controlling usage rights of a connection function. Background technique
  • Mobile terminals such as mobile phones have entered the era of intelligence, and a variety of application software can be installed and run on mobile phones to enhance the convenience of mobile phone users.
  • connection function of the malicious application in the mobile phone is used by the malicious application software, thereby threatening the information security of the mobile phone user.
  • an object of the present invention is to provide a method for controlling the use right of a connection function and a mobile terminal, which can prevent the connection function of the mobile terminal from being used by the malicious application software, thereby ensuring the information security of the mobile terminal user.
  • the present invention provides a method for controlling usage rights of a connection function, the method comprising: generating a connection function control policy according to a configuration file of a preset connection function control policy; When detecting that the application software uses the connection function defined in the connection function control policy, the permission control policy according to the permission function of the connection function control policy controls the authority of the connection function to be used by the application software.
  • the method before detecting that the application software uses the connection function defined in the connection function control policy, the method further includes: determining whether the currently accessed application software uses the connection function in real time, and if yes, detecting the connection used by the application software. Whether the permission corresponding to the function matches any one of the connection function control policies; otherwise, it repeatedly determines whether the currently accessed application software uses the connection function.
  • whether the permission corresponding to the connection function used by the detection application software is consistent with any one of the connection function control policies includes: viewing the connection function under the corresponding trust level in the connection function control policy according to the trust level of the application software The permission control list; determining whether the connection function used by the application software is the same as the connection function to be controlled in the connection function permission control list, and if there is the same item, detecting that the application software uses the connection function defined in the connection function control policy; If there is no identical item, the application is allowed to use the connection function.
  • the method before the viewing the function permission control list under the corresponding trust level in the connection function control policy according to the trust level of the application software, the method further includes: determining to install the new application software, decompressing the new application software
  • the installation package extracts the signature information of the new application software; uses the signature information of the application software for authentication, determines the trust level of the application software according to the authentication result; and saves the trust level in the attribute configuration file corresponding to the application software.
  • the method before the controlling the privilege usage control policy of the connection function in the connection function control policy to control the permission of the connection function to be used by the application software, the method further includes: determining the connection function used by the application software Whether there is a corresponding permission to use the control policy, if any, the control policy is used according to the permission, and the authority of the connection function to be used by the application software is controlled and managed; if not, the permission control policy for the connection function is set. Set and save.
  • the present invention also provides a mobile terminal, where the mobile terminal includes: a rights usage policy module and a rights usage control module;
  • the permission use policy module is configured to generate a connection function control policy according to a preset connection function control policy configuration file and provide the permission use control module;
  • the permission use control module is configured to: when detecting that the application software uses the connection function defined in the system connection permission control policy in the permission use policy module, use the control policy pair according to the permission of the connection function in the connection function control policy
  • the application software controls the permissions of the connection function to be used.
  • the mobile terminal further includes:
  • the application processing module is configured to determine in real time whether the currently accessed application software uses the connection function, and if yes, send the name of the connection function used by the application software to the permission use control module; otherwise, repeatedly determine whether the currently accessed application software uses any a connection function;
  • the permission use control module is specifically configured to receive a name of a connection function used by the application software sent by the application processing module, and detect whether the connection function matches any one of the connection function control policies.
  • the permission use control module is specifically configured to view, according to the trust level of the application software, a connection function permission control list under the corresponding trust level in the connection function control policy in the permission use policy module; determine the connection used by the application software. Whether the function is the same as the connection function to be controlled in the connection function permission control list. If there is the same item, it detects that the application software uses the connection function defined in the connection function control policy; if there is no identical item, the application processing module is notified to allow The application software uses this connection function;
  • the application processing module is further configured to: receive the permission application software sent by the permission usage control module to use the connection function;
  • the rights usage policy module is specifically configured to provide a connection function control policy for the rights usage control module.
  • the mobile terminal further includes: an application trust level authentication module, configured to receive an installation package of a new application software sent by the application processing module, decompress a new application software installation package, and extract a new application software. Signature information; use the signature information of the application software for authentication, determine the trust level of the application software according to the authentication result; and then save the trust level in the attribute configuration file corresponding to the application software;
  • the application processing module is further configured to: when the installation of the new application software is performed, send the installation package of the new application software to the application trust level authentication module.
  • the privilege use control module is specifically configured to determine whether a connection privilege usage control policy is used for the connection function used by the application software, and if yes, use the control policy according to the privilege to use the application software.
  • the permission of the connection function is controlled and managed; if not, the permission of the connection function is set by using the control policy, and then the permission use control policy of the connection function is saved to the permission use policy module;
  • the permission usage policy module is specifically configured to receive the permission usage control policy sent by the permission control module, and save the permission usage control policy to the corresponding connection function item in the connection function permission control list.
  • the method for controlling the use permission of the connection function and the mobile terminal provided by the invention, by setting the connection function control strategy, focus on detecting the use of some connection functions that the user cares about; the connection function control strategy used by the application software to the mobile terminal
  • the control policy is used according to the specific permission of the connection function; thus, the connection function of the mobile terminal can be prevented from being used by the malicious application software, thereby ensuring the information data of the mobile terminal user. safety.
  • FIG. 1 is a schematic flow chart of a method for controlling usage rights of a connection function according to the present invention
  • FIG. 2 is a schematic structural diagram of a mobile terminal according to the present invention. detailed description
  • the mobile terminal generates a connection function control policy according to a configuration file of a preset connection function control policy; and when the mobile terminal detects that the application software uses the connection function defined in the connection function control policy, according to the connection function
  • the permissions of the connection function in the control policy use the control policy to control the permissions of the connection function to be used by the application software.
  • connection function control policy is: a specific connection function of the required control corresponding to the connection function recorded by the mobile terminal, and a permission use control policy of the connection function;
  • the permission usage control policy is that the control of the authority to use any one of the connection functions may include: always allowing, always rejecting, or asking each time.
  • the following is a method in which the mobile terminal is a mobile phone.
  • the method for controlling the use permission of the connection function of the present invention is as shown in FIG. 1 and includes the following steps:
  • Step 101 Preset the configuration file of the connection function control policy in the mobile phone.
  • the configuration file of the connection function control policy writes the usage authority of the connection function to be controlled according to the actual situation, and may include the type of the permission, the trust level, the name of the permission group, and the connection function to be controlled under the permission group.
  • the format can be written in Extensible Markup Language (XML) format;
  • ⁇ sysControlPermission> indicates that the type of the permission belongs to the default control of the system
  • ⁇ trustLevel name indicates that the trust level is untrusted ( unApproved )
  • ⁇ permissionGroup name indicates that the permission group name is the connection class ( connect )
  • permission name indicates that the Wi-fi and Bluetooth ( BLUETOOTH ) connection functions are required under the connection class permission group.
  • Step 102 After the mobile phone is started, a connection function control policy is generated according to the configuration file of the connection function control policy.
  • step 103 After the mobile phone is started, check whether there is a configuration file of the new connection function control policy from the specified directory. If not, directly execute step 103; if yes, read the configuration file of the connection function control policy, and the connection function In the configuration file of the control policy, extract the trust level, the permission group name, and the specific control connection function under the permission group; add the connection function to the connection function permission control list with the trust level as the identifier, the permission group name, and the specific control under the permission group. Finally, the connection function permission control list is saved in the memory of the mobile phone to form a connection function control policy, and then step 103 is performed;
  • the specified directory is: a file directory storing a configuration file of the connection function control policy, for example, the specified directory may be the root directory of the mobile phone memory card.
  • Step 103 Determine in real time whether the currently used application software uses any one of the connection functions in the mobile phone, and if yes, execute step 104; otherwise, repeat step 103.
  • the calling information of any one of the connecting functions is issued during the running process of the application software, so that it can be judged whether the currently used application software uses any one of the mobile phones.
  • Item connection function if issued, proceed to step 104, and extract the connection function to be used in the call information of the connection function; if not, repeat step 103;
  • the calling information for any one of the connection functions includes: a connection function to be called; a method for generating the call information is a prior art, and is not mentioned here.
  • Step 104 Detect whether the permission corresponding to the connection function used by the application software matches any one of the connection function control policies. If yes, execute step 105; otherwise, allow the application software to use the connection function to end the processing flow.
  • the mobile phone checks the connection function permission control list under the corresponding trust level in the connection function control policy according to the trust level of the application software; determines whether the connection function used by the application software and any connection in the connection function permission control list need to be controlled. The function is the same, if there is the same item, step 105 is performed; if not, the application software is allowed to use the connection function, and the access application software is subsequently processed according to the prior art, and the processing flow is ended;
  • the mobile phone determines that the currently used application software uses the Wi-fi connection function
  • the mobile phone checks the connection function permission control list under the corresponding trust level in the connection function control policy according to the trust level of the application software; when the application software trust level If it is untrustable, if there is a Wi-fi connection function item in the connection function permission control list corresponding to the untrustable level, step 105 is performed; when the application software trust level is trusted, if the connection in the corresponding trusted level is If there is a Wi-fi connection function item in the function authority control list, step 105 is performed.
  • Step 105 The mobile phone determines whether there is a corresponding permission for the connection function used by the application software, and uses the control policy, if yes, step 106 is performed; if not, step 107 is performed.
  • Step 106 The mobile phone uses the control policy according to the permission to control the permission of the connection function to be used by the application software, and ends the processing flow.
  • control refers to: viewing the specific settings in the permission use control policy, and when the specific setting is always allowed, the application software is allowed to use the connection function, and then the application software is followed according to the prior art; When it is set to always refuse, the application software is refused to use the connection function, and then the application software is followed according to the prior art; when the specific setting is for each inquiry, the user pops up a selection box, and the user selects whether to allow the application software. Use this connection Function, then allow or deny the application to use the connection function according to the user's choice, and then follow up the application according to the prior art.
  • Step 107 The mobile phone sets the permission usage control policy of the connection function.
  • This step is specifically as follows: The mobile phone pops up a prompt dialog box for the user, reminding the user that the permission of the connection function is always allowed, always refused, or each inquiry is set, and the current application processing flow is suspended; The permission setting is saved as the permission usage control policy, added in the corresponding connection function item in the connection function control policy, and the current application is subsequently processed according to the set authority using the control policy.
  • the specific authentication process includes the following steps:
  • Step a The mobile phone determines in real time whether the operation selected by the user is to install any new application software or use any application software. If any new application software is installed, step b is performed; if any application software is accessed, the steps are executed. 103.
  • Step b The mobile phone decompresses the installation package of the new application software, and extracts the signature information of the new application software.
  • the installation package of the decompressed new application software is prior art, and no comment is made here; the new application is extracted.
  • the signature information of the software is: After extracting the installation package of the new application software, extracting the signature information therein;
  • the signature information is: using a special tool to write signature information into a specific field of the application software, indicating that the application has passed the audit of the signer, and the specific fields are divided into three types: Saipan.
  • Step c The mobile phone first uses the signature information of the application software to perform authentication, and determines the trust level of the application software according to the authentication result; then saves the trust level in the attribute configuration file corresponding to the application software, and continues to install the application software according to the prior art, and returns step&.
  • the authenticating by using the signature information of the application software includes: signing the application software The name information is matched with the signature information of the plurality of certificates preset in the mobile phone. If the signature information of the application is the same as the signature information of any one of the certificates, the authentication result is passed; otherwise, the authentication result is not passed;
  • the determining the trust level of the application software according to the authentication result includes: setting the trust level of the application software according to the specific signature information when the authentication result is passed; and setting the application software to be unavailable when the authentication result is not passed.
  • the trust level includes two categories, namely, an untrustworthy level and a trusted level.
  • the trusted level of the application is set according to the specific signature information: the mobile phone manufacturer customizes the preset certificate according to actual needs.
  • Signature information, the trust level corresponding to different signature information may include: "vendor trust level”, “operator trust level”, “third-party partner trust level”, and the like.
  • connection function control policy may be modified or deleted according to actual conditions, specifically: when any one of the connection function control policies needs to be modified or deleted, the configuration file of the original connection function control policy is found. , make specific modifications in the configuration file, and then perform step 102.
  • the present invention further provides a mobile terminal.
  • the mobile terminal includes: a rights usage policy module 21 and a rights usage control module 22;
  • the permission usage policy module 21 is configured to generate a connection function control policy according to the configuration file of the preset connection function control policy, and provide a connection function control policy for the authority usage control module 22;
  • the privilege use control module 22 is configured to: when detecting that a connection function defined by the connection function control policy in the privilege use policy module 21 is used by the application software, use the control policy according to the privilege of the connection function in the connection function control policy Controls the permissions of the connection functions that the application uses.
  • the permission usage policy module 21 is specifically configured to save a preset connection function control policy.
  • the configuration file when the mobile terminal is powered on, generates a system connection permission control policy according to the configuration file of the connection function control policy.
  • the permission usage policy module 21 is specifically configured to check whether there is a configuration file of a new connection function control policy from the specified directory, and if not, end the processing flow; if yes, read the configuration file of the connection function control policy, From the configuration file of the connection function control policy, extract the trust level, the permission group name, and the specific control connection function under the permission group; add the connection function to the connection function with the trust level as the identifier, the permission group name, and the specific control group under the permission group. In the permission control list; finally save the connection function permission control list to form a connection function control strategy.
  • the mobile terminal further includes: an application processing module 23, configured to determine in real time whether the currently accessed application software uses any one of the connection functions, and if yes, send the name of the connection function used by the application software to the rights usage control module 22; Otherwise, continue to determine whether the currently accessed application software uses any of the connection functions;
  • the permission use control module 22 is specifically configured to receive a name of a connection function used by the application software sent by the application processing module 23, and detect whether the connection function matches any one of the connection function control policies.
  • the application processing module 23 is specifically configured to detect whether the calling information of any one of the connection functions is issued during the running process of the application software to determine whether the currently used application software is used arbitrarily during the running process of the real-time monitoring application software.
  • a connection function if yes, sends the name of the connection function used by the application software to the rights usage control module 11; otherwise, it continues to determine whether the currently accessed application software uses any of the connection functions.
  • the privilege use control module 22 is configured to check whether the connection function is consistent with any one of the connection function control policies, and view the corresponding trust level in the connection function control policy of the privilege usage policy module 21 according to the trust level of the application software.
  • the connection function permission control list under the connection determining whether the connection function used by the application software is the same as the connection function to be controlled by any one of the connection function permission control lists, and if there is the same item, determining the application software Whether the connection function used has a corresponding permission usage control policy; if there is no identical item, the notification application processing module 23 allows the application software to use the connection function;
  • the application processing module 23 is further configured to receive the permission application software sent by the permission usage control module 22 to use the connection function, and then perform subsequent processing on the access application software according to the prior art.
  • the privilege usage control module 22 is specifically configured to: when the privilege corresponding to the connection function used by the application software has the privilege to use the control policy, use the privilege usage control policy in the connection function control policy of the policy module 21 according to the viewing privilege, The permission of the connection function to be used by the software is controlled, and the operation flow is ended; if not, the permission use control policy of the connection function is set, and the permission use control policy of the connection function is saved to the authority use policy module 21;
  • the rights usage policy module 21 is specifically configured to receive the rights usage control policy sent by the rights usage control module 22, and save the rights usage control policy to the corresponding connection function item in the connection function authority control list.
  • the privilege usage control module 22 is specifically configured to view specific settings in the privilege usage control policy.
  • the specific setting is always allowed, the application software is allowed to use the connection function, and then the application software is subsequently operated according to the prior art.
  • the specific setting is always rejected, the application software is refused to use the connection function, and then the application software is followed according to the prior art;
  • the specific setting is for each inquiry, the user pops up a selection box, and the user selects whether The application software is allowed to use the connection function, and then the application software is allowed or denied according to the user's selection, and then the application software is followed according to the prior art.
  • the permission use control module 22 is further configured to remind the user to use the control setting of the permission of the connection function, and suspend the processing flow of the current application; receive the user's permission control policy for the function, and according to The permissions set by the user use the policy to control the permissions of the functions to be used by the application.
  • the mobile terminal further includes: an application trust level authentication module 24, configured to receive an installation package of the application software sent by the application processing module 23; correspondingly, the application processing module 23 is further configured to determine, in real time, that the operation selected by the user is Install any new application software or access any application software. If any new application software is installed, the installation package of the application software is sent to the application trust level authentication module 24, and if any application software is accessed, it is determined. Whether the currently accessed application uses any of the connection features.
  • the application trust level authentication module 24 is further configured to decompress the installation package of the new application software, extract signature information of the new application software, authenticate the application by using the signature information of the application software, and determine the trust level of the application software according to the authentication result. Then, the trust level is saved in the attribute configuration file corresponding to the application software, and the installation package of the decompressed application software and the attribute configuration file of the application software are sent back to the application processing module 23; correspondingly, the application processing module 23
  • the utility model is further configured to receive an installation package of the decompressed application software sent by the application trust level authentication module 24 and an attribute configuration file of the application software, and then continue to install the application software according to the prior art on the decompressed application software.
  • the application trust level authentication module 24 is specifically configured to match signature information of the application software with signature information of multiple certificates preset in the module. If the signature information of the application is the same as the signature information of any one of the certificates, The authentication result is passed; otherwise, the authentication result is not passed.
  • the application trust level authentication module 24 is specifically configured to: when the authentication result is passed, set a trusted level of the application according to the specific signature information; when the authentication result is not passed, set the application software to an untrustable level. .
  • connection function by the application of the mobile terminal can be classified and controlled according to the trust level of the application, and the connection function of the mobile terminal can be effectively prevented from being used by the malware, thereby ensuring the information data of the mobile terminal user. safety.

Abstract

Disclosed is a method for controlling the right to use of a connection function, including: generating a connection function control policy according to a preset connection function control policy configuration file; when detecting that an application software uses a connection function defined in the connection function control policy, controlling the right of the connection function to be used by the application software using the right to use control policy of the connection function in the connection function control policy. Also at the same time disclosed is a mobile terminal. The present invention can be applied to prevent the connection function of a mobile terminal being used by a malicious application software, thus ensuring the information security of the mobile terminal user.

Description

一种控制连接功能的使用权限的方法及移动终端 技术领域  Method for controlling usage right of connection function and mobile terminal
本发明涉及移动终端中的权限控制技术, 尤其涉及一种控制连接功能 的使用权限的方法及移动终端。 背景技术  The present invention relates to an access control technology in a mobile terminal, and more particularly to a method and a mobile terminal for controlling usage rights of a connection function. Background technique
移动终端如手机已进入智能时代, 可以在手机上安装运行多种应用软 件, 以提升手机用户的使用便利性。  Mobile terminals such as mobile phones have entered the era of intelligence, and a variety of application software can be installed and run on mobile phones to enhance the convenience of mobile phone users.
目前, 手机上安装运行的应用软件中, 容易泄露用户隐私信息、 私有 数据信息及数据存储文件的恶意应用软件数量越来愈多, 这些恶意应用软 件在手机后台运行, 能够隐蔽的使用连接功能, 使用户不易觉察, 比如, 通过使用手机中的无线宽带 (Wi-Fi, Wireless Fidelity )和蓝牙等连接功能 将用户的私有信息对外传输, 导致用户的私有信息安全受到威胁  At present, in the application software installed and running on the mobile phone, the number of malicious application software that easily leaks user privacy information, private data information, and data storage files is increasing. These malicious application softwares run in the background of the mobile phone, and can use the connection function concealedly. It is difficult for users to detect, for example, by using the wireless broadband (Wi-Fi, Wireless Fidelity) and Bluetooth connection functions in the mobile phone to transmit the user's private information to the outside, resulting in the user's private information security being threatened.
可见, 由于目前没有对手机中的恶意应用软件使用连接功能的权限进 行控制, 导致手机的连接功能被恶意应用软件使用, 进而威胁到手机用户 的信息安全性。 发明内容  It can be seen that since the right to use the connection function of the malicious application in the mobile phone is not currently controlled, the connection function of the mobile phone is used by the malicious application software, thereby threatening the information security of the mobile phone user. Summary of the invention
有鉴于此, 本发明的目的在于提供一种控制连接功能的使用权限的方 法及移动终端, 能防止移动终端的连接功能被恶意应用软件使用, 进而保 证移动终端用户的信息安全性。  In view of the above, an object of the present invention is to provide a method for controlling the use right of a connection function and a mobile terminal, which can prevent the connection function of the mobile terminal from being used by the malicious application software, thereby ensuring the information security of the mobile terminal user.
为达到上述目的, 本发明的技术方案是这样实现的:  In order to achieve the above object, the technical solution of the present invention is achieved as follows:
本发明提供了一种控制连接功能的使用权限的方法, 该方法包括: 根据预置的连接功能控制策略的配置文件, 生成连接功能控制策略; 检测到应用软件使用连接功能控制策略中所限定的连接功能时, 根据 连接功能控制策略中的该连接功能的权限使用控制策略对应用软件要使用 到的连接功能的权限进行控制。 The present invention provides a method for controlling usage rights of a connection function, the method comprising: generating a connection function control policy according to a configuration file of a preset connection function control policy; When detecting that the application software uses the connection function defined in the connection function control policy, the permission control policy according to the permission function of the connection function control policy controls the authority of the connection function to be used by the application software.
上述方案中, 所述检测到应用软件使用连接功能控制策略中所限定的 连接功能之前, 该方法还包括: 实时判断当前访问的应用软件是否使用到 连接功能, 若是, 则检测应用软件使用的连接功能对应的权限是否与连接 功能控制策略中任意一项相符; 否则, 重复判断当前访问的应用软件是否 使用到连接功能。  In the above solution, before detecting that the application software uses the connection function defined in the connection function control policy, the method further includes: determining whether the currently accessed application software uses the connection function in real time, and if yes, detecting the connection used by the application software. Whether the permission corresponding to the function matches any one of the connection function control policies; otherwise, it repeatedly determines whether the currently accessed application software uses the connection function.
上述方案中, 所述检测应用软件使用的连接功能对应的权限是否与连 接功能控制策略中任意一项相符, 包括: 根据应用软件的信任级别, 查看 连接功能控制策略中对应信任级别下的连接功能权限控制列表; 判断该应 用软件使用的连接功能是否与连接功能权限控制列表中需要控制的连接功 能相同, 若有相同项, 则检测到应用软件使用到连接功能控制策略中所限 定的连接功能; 若没有相同项, 则允许应用软件使用该连接功能。  In the above solution, whether the permission corresponding to the connection function used by the detection application software is consistent with any one of the connection function control policies includes: viewing the connection function under the corresponding trust level in the connection function control policy according to the trust level of the application software The permission control list; determining whether the connection function used by the application software is the same as the connection function to be controlled in the connection function permission control list, and if there is the same item, detecting that the application software uses the connection function defined in the connection function control policy; If there is no identical item, the application is allowed to use the connection function.
上述方案中, 所述根据应用软件的信任级别, 查看连接功能控制策略 中对应信任级别下的连接功能权限控制列表之前, 该方法还包括: 确定进 行新应用软件的安装时, 解压新的应用软件的安装包, 提取新的应用软件 的签名信息; 利用应用软件的签名信息进行认证, 根据认证结果确定应用 软件的信任级别; 再将信任级别保存在与应用软件对应的属性配置文件中。  In the foregoing solution, before the viewing the function permission control list under the corresponding trust level in the connection function control policy according to the trust level of the application software, the method further includes: determining to install the new application software, decompressing the new application software The installation package extracts the signature information of the new application software; uses the signature information of the application software for authentication, determines the trust level of the application software according to the authentication result; and saves the trust level in the attribute configuration file corresponding to the application software.
上述方案中, 所述根据连接功能控制策略中的该连接功能的权限使用 控制策略对应用软件要使用到的连接功能的权限进行控制之前, 该方法还 包括: 判断对于应用软件所使用的连接功能是否有对应的权限使用控制策 略, 若有, 则根据该权限使用控制策略, 对应用软件要使用到的连接功能 的权限进行控制管理; 若没有, 则对该连接功能的权限使用控制策略进行 设定并保存。 本发明还提供了一种移动终端, 该移动终端包括: 权限使用策略模 块和权限使用控制模块; 其中, In the above solution, before the controlling the privilege usage control policy of the connection function in the connection function control policy to control the permission of the connection function to be used by the application software, the method further includes: determining the connection function used by the application software Whether there is a corresponding permission to use the control policy, if any, the control policy is used according to the permission, and the authority of the connection function to be used by the application software is controlled and managed; if not, the permission control policy for the connection function is set. Set and save. The present invention also provides a mobile terminal, where the mobile terminal includes: a rights usage policy module and a rights usage control module;
权限使用策略模块,用于根据预置的连接功能控制策略的配置文件, 生成连接功能控制策略并提供给权限使用控制模块;  The permission use policy module is configured to generate a connection function control policy according to a preset connection function control policy configuration file and provide the permission use control module;
权限使用控制模块, 用于在检测到有应用软件使用了权限使用策略 模块中的系统连接权限控制策略中所限定的连接功能时, 根据连接功能 控制策略中的该连接功能的权限使用控制策略对应用软件要使用到的连接 功能的权限进行控制。  The permission use control module is configured to: when detecting that the application software uses the connection function defined in the system connection permission control policy in the permission use policy module, use the control policy pair according to the permission of the connection function in the connection function control policy The application software controls the permissions of the connection function to be used.
上述方案中, 所述移动终端, 还包括:  In the above solution, the mobile terminal further includes:
应用处理模块, 用于实时判断当前访问的应用软件是否使用到连接功 能, 若是, 则向权限使用控制模块发送应用软件使用的连接功能的名称; 否则, 重复判断当前访问的应用软件是否使用到任意一项连接功能;  The application processing module is configured to determine in real time whether the currently accessed application software uses the connection function, and if yes, send the name of the connection function used by the application software to the permission use control module; otherwise, repeatedly determine whether the currently accessed application software uses any a connection function;
相应的, 所述权限使用控制模块, 具体用于接收应用处理模块发来的 应用软件使用的连接功能的名称, 检测该连接功能是否与连接功能控制策 略中任意一项相符。  Correspondingly, the permission use control module is specifically configured to receive a name of a connection function used by the application software sent by the application processing module, and detect whether the connection function matches any one of the connection function control policies.
上述方案中, 所述权限使用控制模块, 具体用于根据应用软件的信任 级别, 查看权限使用策略模块中连接功能控制策略中对应信任级别下的连 接功能权限控制列表; 判断该应用软件使用的连接功能是否与连接功能权 限控制列表中需要控制的连接功能相同, 若有相同项, 则检测到应用软件 使用到连接功能控制策略中所限定的连接功能; 若没有相同项, 则通知应 用处理模块允许应用软件使用该连接功能;  In the above solution, the permission use control module is specifically configured to view, according to the trust level of the application software, a connection function permission control list under the corresponding trust level in the connection function control policy in the permission use policy module; determine the connection used by the application software. Whether the function is the same as the connection function to be controlled in the connection function permission control list. If there is the same item, it detects that the application software uses the connection function defined in the connection function control policy; if there is no identical item, the application processing module is notified to allow The application software uses this connection function;
相应的, 所述应用处理模块, 还用于接收到权限使用控制模块发来的 允许应用软件使用该连接功能;  Correspondingly, the application processing module is further configured to: receive the permission application software sent by the permission usage control module to use the connection function;
所述权限使用策略模块, 具体用于为权限使用控制模块提供连接功 能控制策略。 上述方案中, 所述移动终端, 还包括: 应用信任等级认证模块, 用于 接收应用处理模块发来的新的应用软件的安装包, 解压新的应用软件的安 装包, 提取新的应用软件的签名信息; 利用应用软件的签名信息进行认证, 根据认证结果确定应用软件的信任级别; 再将信任级别保存在与应用软件 对应的属性配置文件中; The rights usage policy module is specifically configured to provide a connection function control policy for the rights usage control module. In the above solution, the mobile terminal further includes: an application trust level authentication module, configured to receive an installation package of a new application software sent by the application processing module, decompress a new application software installation package, and extract a new application software. Signature information; use the signature information of the application software for authentication, determine the trust level of the application software according to the authentication result; and then save the trust level in the attribute configuration file corresponding to the application software;
相应的, 所述应用处理模块, 还用于确定进行新应用软件的安装时, 将该新的应用软件的安装包发送给应用信任等级认证模块。  Correspondingly, the application processing module is further configured to: when the installation of the new application software is performed, send the installation package of the new application software to the application trust level authentication module.
上述方案中, 所述权限使用控制模块, 具体用于判断对于应用软件所 使用的连接功能是否有对应的权限使用控制策略, 若有, 则根据该权限使 用控制策略, 对应用软件要使用到的连接功能的权限进行控制管理; 若没 有, 则对该连接功能的权限使用控制策略进行设定, 再将该连接功能的权 限使用控制策略保存到权限使用策略模块中;  In the foregoing solution, the privilege use control module is specifically configured to determine whether a connection privilege usage control policy is used for the connection function used by the application software, and if yes, use the control policy according to the privilege to use the application software. The permission of the connection function is controlled and managed; if not, the permission of the connection function is set by using the control policy, and then the permission use control policy of the connection function is saved to the permission use policy module;
相应的 , 所述权限使用策略模块 , 具体用于接收权限使用控制模块发 来的权限使用控制策略, 并将该权限使用控制策略保存到连接功能权限控 制列表中对应的连接功能项目中。  Correspondingly, the permission usage policy module is specifically configured to receive the permission usage control policy sent by the permission control module, and save the permission usage control policy to the corresponding connection function item in the connection function permission control list.
本发明所提供的控制连接功能的使用权限的方法及移动终端, 通过设 置连接功能控制策略, 对用户关心的一些连接功能的使用进行重点检测; 在有应用软件使用到移动终端的连接功能控制策略中的任意一项连接功能 时, 则根据该项连接功能的具体的权限使用控制策略进行处理; 如此, 就 可以防止移动终端的连接功能被恶意应用软件使用, 进而保证移动终端用 户的信息数据的安全性。 另外, 还可以根据实际情况对连接功能控制策略 进行修改或删除, 从而可以灵活控制连接功能的使用权限。 附图说明  The method for controlling the use permission of the connection function and the mobile terminal provided by the invention, by setting the connection function control strategy, focus on detecting the use of some connection functions that the user cares about; the connection function control strategy used by the application software to the mobile terminal When any one of the connection functions is used, the control policy is used according to the specific permission of the connection function; thus, the connection function of the mobile terminal can be prevented from being used by the malicious application software, thereby ensuring the information data of the mobile terminal user. safety. In addition, you can modify or delete the connection function control policy according to the actual situation, so that you can flexibly control the usage rights of the connection function. DRAWINGS
图 1为本发明控制连接功能的使用权限的方法流程示意图;  1 is a schematic flow chart of a method for controlling usage rights of a connection function according to the present invention;
图 2为本发明移动终端的结构示意图。 具体实施方式 2 is a schematic structural diagram of a mobile terminal according to the present invention. detailed description
本发明的基本思想是: 移动终端根据预置的连接功能控制策略的配置 文件, 生成连接功能控制策略; 该移动终端检测到应用软件使用连接功能 控制策略中所限定的连接功能时, 根据连接功能控制策略中的该连接功能 的权限使用控制策略对应用软件要使用到的连接功能的权限进行控制。  The basic idea of the present invention is: The mobile terminal generates a connection function control policy according to a configuration file of a preset connection function control policy; and when the mobile terminal detects that the application software uses the connection function defined in the connection function control policy, according to the connection function The permissions of the connection function in the control policy use the control policy to control the permissions of the connection function to be used by the application software.
其中, 所述连接功能控制策略为, 移动终端记录的在不同的信任级别 下、 连接功能中对应的所需控制的具体连接功能、 以及该连接功能的权限 使用控制策略;  The connection function control policy is: a specific connection function of the required control corresponding to the connection function recorded by the mobile terminal, and a permission use control policy of the connection function;
所述权限使用控制策略为, 对使用任意一项连接功能的权限的控制, 可以包括: 总是允许、 总是拒绝、 或每次询问。  The permission usage control policy is that the control of the authority to use any one of the connection functions may include: always allowing, always rejecting, or asking each time.
下面结合附图及具体实施例对本发明再作进一步详细的说明。  The present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments.
以下以移动终端是手机为例, 本发明控制连接功能的使用权限的方法 如图 1所示, 包括以下步驟:  The following is a method in which the mobile terminal is a mobile phone. The method for controlling the use permission of the connection function of the present invention is as shown in FIG. 1 and includes the following steps:
步驟 101 : 在手机中预置连接功能控制策略的配置文件。  Step 101: Preset the configuration file of the connection function control policy in the mobile phone.
这里, 所述连接功能控制策略的配置文件, 根据实际情况对所需控制 的连接功能的使用权限进行编写, 可以包括权限的类型、 信任等级、 权限 组名称、 权限组下需要控制的连接功能, 编写的格式可以为可扩展标记语 言 ( XML, Extensible Markup Language )格式;  Here, the configuration file of the connection function control policy writes the usage authority of the connection function to be controlled according to the actual situation, and may include the type of the permission, the trust level, the name of the permission group, and the connection function to be controlled under the permission group. The format can be written in Extensible Markup Language (XML) format;
比如, 可以按照如下所示格式编写连接功能控制策略的配置文件: <?xml version- 1.0' encoding='utf-8' standalone='yes' ?>  For example, you can write a configuration file for the connection function control policy in the format shown below: <?xml version- 1.0' encoding='utf-8' standalone='yes' ?>
<sysControlPermission>  <sysControlPermission>
<trustLevel name="unApproved">  <trustLevel name="unApproved">
<permissionGroup name=" connect" /> <permissionGroup name=" connect" />
permission name="WIFr' /> Permission name="WIFr' />
permission name=" BLUETOOTH" />  Permission name=" BLUETOOTH" />
< /permissionGroup > </ trustLevel > < /permissionGroup > </ trustLevel >
</sysControlPermission>  </sysControlPermission>
其中, <sysControlPermission>表示权限的类型属于系统默认控制的权 限 , <trustLevel name="unApproved">表示信任等级为 不可信任 ( unApproved ), <permissionGroup name=" connect " /> 表示权限组名称为 连接类 ( connect ) , permission name=" WIFI" />和 permission name=" BLUETOOTH " />表示连接类权限组下所需控制的是 Wi-fi 及蓝牙 ( BLUETOOTH )连接功能。  Where <sysControlPermission> indicates that the type of the permission belongs to the default control of the system, <trustLevel name="unApproved"> indicates that the trust level is untrusted ( unApproved ), and <permissionGroup name=" connect " /> indicates that the permission group name is the connection class ( connect ) , permission name=" WIFI" /> and permission name=" BLUETOOTH " /> indicates that the Wi-fi and Bluetooth ( BLUETOOTH ) connection functions are required under the connection class permission group.
步驟 102: 手机启动后,根据连接功能控制策略的配置文件生成连接功 能控制策略。  Step 102: After the mobile phone is started, a connection function control policy is generated according to the configuration file of the connection function control policy.
具体的: 手机启动后, 从指定的目录查看是否有新的连接功能控制策 略的配置文件, 如果没有, 则直接执行步驟 103; 如果有, 则读取连接功能 控制策略的配置文件, 从连接功能控制策略的配置文件中, 提取信任等级、 权限组名称和权限组下具体控制的连接功能; 以信任级别为标识、 以权限 组名称和权限组下具体控制的连接功能添加到连接功能权限控制列表中; 最后将连接功能权限控制列表保存在手机内存中, 形成连接功能控制策略, 然后执行步驟 103;  Specifically: After the mobile phone is started, check whether there is a configuration file of the new connection function control policy from the specified directory. If not, directly execute step 103; if yes, read the configuration file of the connection function control policy, and the connection function In the configuration file of the control policy, extract the trust level, the permission group name, and the specific control connection function under the permission group; add the connection function to the connection function permission control list with the trust level as the identifier, the permission group name, and the specific control under the permission group. Finally, the connection function permission control list is saved in the memory of the mobile phone to form a connection function control policy, and then step 103 is performed;
这里, 所述指定的目录为: 保存连接功能控制策略的配置文件的文件 目录, 比如, 指定的目录可以为手机存储卡的根目录。  Here, the specified directory is: a file directory storing a configuration file of the connection function control policy, for example, the specified directory may be the root directory of the mobile phone memory card.
步驟 103:实时判断当前使用的应用软件是否使用到手机中任意一项连 接功能, 若是, 则执行步驟 104; 否则, 重复执行步驟 103。  Step 103: Determine in real time whether the currently used application software uses any one of the connection functions in the mobile phone, and if yes, execute step 104; otherwise, repeat step 103.
具体的: 手机实时监测应用软件的运行过程中, 判断在应用软件的运 行过程中是否发出对任意一项连接功能的调用信息, 如此, 即可判断当前 使用的应用软件是否使用到手机中任意一项连接功能, 如果发出, 则执行 步驟 104, 并提取出该连接功能的调用信息中所要用到的连接功能; 如果没 有发出, 则重复执行步驟 103; 这里, 所述对任意一项连接功能的调用信息包括: 所要调用的连接功 能; 产生调用信息的方法为已有技术, 这里不做赞述。 Specific: During the running process of the mobile phone real-time monitoring application software, it is judged whether the calling information of any one of the connecting functions is issued during the running process of the application software, so that it can be judged whether the currently used application software uses any one of the mobile phones. Item connection function, if issued, proceed to step 104, and extract the connection function to be used in the call information of the connection function; if not, repeat step 103; Here, the calling information for any one of the connection functions includes: a connection function to be called; a method for generating the call information is a prior art, and is not mentioned here.
步驟 104:检测应用软件使用的连接功能对应的权限是否与连接功能控 制策略中任意一项相符, 如果是, 则执行步驟 105; 否则, 允许应用软件使 用该连接功能, 结束处理流程。  Step 104: Detect whether the permission corresponding to the connection function used by the application software matches any one of the connection function control policies. If yes, execute step 105; otherwise, allow the application software to use the connection function to end the processing flow.
具体为: 手机根据应用软件的信任级别, 查看连接功能控制策略中对 应信任级别下的连接功能权限控制列表; 判断该应用软件使用的连接功能 是否与连接功能权限控制列表中任意一个需要控制的连接功能相同, 若有 相同项, 则执行步驟 105; 若没有, 则允许应用软件使用该连接功能, 按照 已有技术对访问应用软件进行后续处理, 结束处理流程;  Specifically, the mobile phone checks the connection function permission control list under the corresponding trust level in the connection function control policy according to the trust level of the application software; determines whether the connection function used by the application software and any connection in the connection function permission control list need to be controlled. The function is the same, if there is the same item, step 105 is performed; if not, the application software is allowed to use the connection function, and the access application software is subsequently processed according to the prior art, and the processing flow is ended;
比如, 手机判断出当前使用的应用软件使用到 Wi-fi连接功能, 则手机 根据应用软件的信任级别, 查看连接功能控制策略中对应信任级别下的连 接功能权限控制列表; 当应用软件的信任级别为不可信任时, 若不可信任 级别对应的连接功能权限控制列表中有 Wi-fi连接功能项,则执行步驟 105; 当应用软件的信任级别为可信任时, 若对应的可信任级别中的连接功能权 限控制列表中有 Wi-fi连接功能项, 则执行步驟 105。  For example, if the mobile phone determines that the currently used application software uses the Wi-fi connection function, the mobile phone checks the connection function permission control list under the corresponding trust level in the connection function control policy according to the trust level of the application software; when the application software trust level If it is untrustable, if there is a Wi-fi connection function item in the connection function permission control list corresponding to the untrustable level, step 105 is performed; when the application software trust level is trusted, if the connection in the corresponding trusted level is If there is a Wi-fi connection function item in the function authority control list, step 105 is performed.
步驟 105:手机判断对于应用软件所使用的连接功能是否有对应的权限 使用控制策略, 若有, 则执行步驟 106; 若没有, 则执行步驟 107。  Step 105: The mobile phone determines whether there is a corresponding permission for the connection function used by the application software, and uses the control policy, if yes, step 106 is performed; if not, step 107 is performed.
步驟 106: 手机根据该权限使用控制策略,对应用软件要使用到的连接 功能的权限进行控制, 结束处理流程。  Step 106: The mobile phone uses the control policy according to the permission to control the permission of the connection function to be used by the application software, and ends the processing flow.
这里, 所述控制, 指: 查看权限使用控制策略中的具体设置, 当具体 设置为总是允许时, 则允许应用软件使用连接功能, 然后按照已有技术对 该应用软件做后续操作; 当具体设置为总是拒绝时, 则拒绝应用软件使用 连接功能, 然后按照已有技术对该应用软件做后续操作; 当具体设置为每 次询问, 则为用户弹出选择框, 由用户选择是否允许应用软件使用该连接 功能, 再根据用户的选择允许或拒绝应用软件使用该连接功能, 然后按照 已有技术对该应用软件做后续操作。 Here, the control refers to: viewing the specific settings in the permission use control policy, and when the specific setting is always allowed, the application software is allowed to use the connection function, and then the application software is followed according to the prior art; When it is set to always refuse, the application software is refused to use the connection function, and then the application software is followed according to the prior art; when the specific setting is for each inquiry, the user pops up a selection box, and the user selects whether to allow the application software. Use this connection Function, then allow or deny the application to use the connection function according to the user's choice, and then follow up the application according to the prior art.
步驟 107: 手机设定该连接功能的权限使用控制策略。  Step 107: The mobile phone sets the permission usage control policy of the connection function.
本步驟具体为: 手机为用户弹出提示对话框, 提醒用户对该连接功能 的权限为总是允许、 总是拒绝或每次询问进行设定, 同时将当前应用的处 理流程暂停; 将用户对于该权限的设定保存为权限使用控制策略, 添加在 连接功能控制策略中对应的连接功能项中, 并且根据设定的权限使用控制 策略对当前应用进行后续处理。  This step is specifically as follows: The mobile phone pops up a prompt dialog box for the user, reminding the user that the permission of the connection function is always allowed, always refused, or each inquiry is set, and the current application processing flow is suspended; The permission setting is saved as the permission usage control policy, added in the corresponding connection function item in the connection function control policy, and the current application is subsequently processed according to the set authority using the control policy.
另外, 上述步驟 103之前, 还需要对应用软件的信任级别进行认证, 具体认证的过程包括下述步驟:  In addition, before the foregoing step 103, the trust level of the application software needs to be authenticated. The specific authentication process includes the following steps:
步驟 a: 手机实时判断用户选择的操作为安装任意一个新应用软件、还 是使用任意一个应用软件,如果为安装任意一个新应用软件,则执行步驟 b; 如果为访问任意一个应用软件, 则执行步驟 103。  Step a: The mobile phone determines in real time whether the operation selected by the user is to install any new application software or use any application software. If any new application software is installed, step b is performed; if any application software is accessed, the steps are executed. 103.
步驟 b: 手机解压新的应用软件的安装包,提取新的应用软件的签名信 这里, 所述解压新的应用软件的安装包为已有技术, 这里不做赞述; 所述提取新的应用软件的签名信息为: 解压新的应用软件的安装包后, 提取其中的签名信息;  Step b: The mobile phone decompresses the installation package of the new application software, and extracts the signature information of the new application software. Here, the installation package of the decompressed new application software is prior art, and no comment is made here; the new application is extracted. The signature information of the software is: After extracting the installation package of the new application software, extracting the signature information therein;
其中, 所述签名信息为: 使用专用工具将签名信息写入应用软件的特 定字段, 表示该应用已经通过签署者的审核, 所述特定字段分三种: 塞班 The signature information is: using a special tool to write signature information into a specific field of the application software, indicating that the application has passed the audit of the signer, and the specific fields are divided into three types: Saipan.
( Symbian ) 收费证书签名、 作者使用公共免费证书签名和用户签名。 (Symbian) Signature of the charge certificate, the author uses the public free certificate signature and the user's signature.
步驟 c: 手机先利用应用软件的签名信息进行认证, 根据认证结果确定 应用软件的信任级别; 再将信任级别保存在与应用软件对应的属性配置文 件中, 按照已有技术继续安装应用软件, 返回步驟&。  Step c: The mobile phone first uses the signature information of the application software to perform authentication, and determines the trust level of the application software according to the authentication result; then saves the trust level in the attribute configuration file corresponding to the application software, and continues to install the application software according to the prior art, and returns step&.
这里, 所述利用应用软件的签名信息进行认证, 包括: 将应用软件的签 名信息、 与预置在手机中的多个证书的签名信息进行匹配, 如果应用的签 名信息与任意一个证书的签名信息相同, 则认证结果为通过; 否则认证结 果为不通过; Here, the authenticating by using the signature information of the application software includes: signing the application software The name information is matched with the signature information of the plurality of certificates preset in the mobile phone. If the signature information of the application is the same as the signature information of any one of the certificates, the authentication result is passed; otherwise, the authentication result is not passed;
所述根据认证结果确定应用软件的信任级别, 包括: 当认证结果为通 过时, 则根据具体的签名信息设置应用软件的可信任级别; 当认证结果为 不通过时, 则设置该应用软件为不可信任级别;  The determining the trust level of the application software according to the authentication result includes: setting the trust level of the application software according to the specific signature information when the authentication result is passed; and setting the application software to be unavailable when the authentication result is not passed. Trust level
其中, 所述信任级别包括两大类, 分别为不可信任级别和可信任级别; 所述根据具体的签名信息设置应用的可信任级别为: 手机生产厂商按 照实际需要自定义预置的证书中的签名信息, 不同的签名信息对应的可信 任级别可以包括: "厂商信任级别"、 "运营商信任级别"、 "第三方合作厂商 信任级别"等。  The trust level includes two categories, namely, an untrustworthy level and a trusted level. The trusted level of the application is set according to the specific signature information: the mobile phone manufacturer customizes the preset certificate according to actual needs. Signature information, the trust level corresponding to different signature information may include: "vendor trust level", "operator trust level", "third-party partner trust level", and the like.
另外, 上述步驟 102之前, 还可以根据实际情况修改或删除连接功能 控制策略, 具体为: 当需要修改或删除连接功能控制策略中的任意一项时, 查找到原始的连接功能控制策略的配置文件, 在该配置文件中作具体修改, 然后执行步驟 102。  In addition, before the foregoing step 102, the connection function control policy may be modified or deleted according to actual conditions, specifically: when any one of the connection function control policies needs to be modified or deleted, the configuration file of the original connection function control policy is found. , make specific modifications in the configuration file, and then perform step 102.
本发明还提供了一种移动终端, 如图 2所示, 该移动终端包括: 权 限使用策略模块 21和权限使用控制模块 22; 其中,  The present invention further provides a mobile terminal. As shown in FIG. 2, the mobile terminal includes: a rights usage policy module 21 and a rights usage control module 22;
权限使用策略模块 21 , 用于根据预置的连接功能控制策略的配置文 件, 生成连接功能控制策略, 为权限使用控制模块 22提供连接功能控制 策略;  The permission usage policy module 21 is configured to generate a connection function control policy according to the configuration file of the preset connection function control policy, and provide a connection function control policy for the authority usage control module 22;
权限使用控制模块 22 , 用于在检测到有应用软件使用了权限使用策 略模块 21 中的连接功能控制策略中所限定的连接功能时, 根据连接功能 控制策略中的该连接功能的权限使用控制策略对应用软件要使用到的连接 功能的权限进行控制。  The privilege use control module 22 is configured to: when detecting that a connection function defined by the connection function control policy in the privilege use policy module 21 is used by the application software, use the control policy according to the privilege of the connection function in the connection function control policy Controls the permissions of the connection functions that the application uses.
所述权限使用策略模块 21 ,具体用于保存预置的连接功能控制策略的 配置文件; 当所在移动终端开机后, 根据连接功能控制策略的配置文件生 成系统连接权限控制策略。 The permission usage policy module 21 is specifically configured to save a preset connection function control policy. The configuration file; when the mobile terminal is powered on, generates a system connection permission control policy according to the configuration file of the connection function control policy.
所述权限使用策略模块 21 ,具体用于从指定的目录查看是否有新的连 接功能控制策略的配置文件, 如果没有, 则结束处理流程; 如果有, 则读 取连接功能控制策略的配置文件, 从连接功能控制策略的配置文件中, 提 取信任等级、 权限组名称和权限组下具体控制的连接功能; 以信任级别为 标识、 以权限组名称和权限组下具体控制的连接功能添加到连接功能权限 控制列表中; 最后保存连接功能权限控制列表, 形成连接功能控制策略。  The permission usage policy module 21 is specifically configured to check whether there is a configuration file of a new connection function control policy from the specified directory, and if not, end the processing flow; if yes, read the configuration file of the connection function control policy, From the configuration file of the connection function control policy, extract the trust level, the permission group name, and the specific control connection function under the permission group; add the connection function to the connection function with the trust level as the identifier, the permission group name, and the specific control group under the permission group. In the permission control list; finally save the connection function permission control list to form a connection function control strategy.
所述移动终端, 进一步包括: 应用处理模块 23 , 用于实时判断当前访 问的应用软件是否使用到任意一项连接功能, 若是, 则向权限使用控制模 块 22发送应用软件使用的连接功能的名称; 否则, 继续判断当前访问的应 用软件是否使用到任意一项连接功能;  The mobile terminal further includes: an application processing module 23, configured to determine in real time whether the currently accessed application software uses any one of the connection functions, and if yes, send the name of the connection function used by the application software to the rights usage control module 22; Otherwise, continue to determine whether the currently accessed application software uses any of the connection functions;
相应的, 所述权限使用控制模块 22 , 具体用于接收应用处理模块 23 发来的应用软件使用的连接功能的名称, 检测该连接功能是否与连接功能 控制策略中任意一项相符。  Correspondingly, the permission use control module 22 is specifically configured to receive a name of a connection function used by the application software sent by the application processing module 23, and detect whether the connection function matches any one of the connection function control policies.
所述应用处理模块 23 , 具体用于实时监测应用软件的运行过程中, 判 断在应用软件的运行过程中是否发出对任意一项连接功能的调用信息, 以 判断当前使用的应用软件是否使用到任意一项连接功能, 若是, 则向权限 使用控制模块 11 发送应用软件使用的连接功能的名称; 否则, 继续判断 当前访问的应用软件是否使用到任意一项连接功能。  The application processing module 23 is specifically configured to detect whether the calling information of any one of the connection functions is issued during the running process of the application software to determine whether the currently used application software is used arbitrarily during the running process of the real-time monitoring application software. A connection function, if yes, sends the name of the connection function used by the application software to the rights usage control module 11; otherwise, it continues to determine whether the currently accessed application software uses any of the connection functions.
所述权限使用控制模块 22 , 具体用于检测该连接功能是否与连接功 能控制策略中任意一项相符时, 根据应用软件的信任级别, 查看权限使用 策略模块 21 的连接功能控制策略中对应信任级别下的连接功能权限控制 列表; 判断该应用软件使用的连接功能是否与连接功能权限控制列表中任 意一个需要控制的连接功能相同, 若有相同项, 则确定对于应用软件所使 用的连接功能是否有对应的权限使用控制策略; 若没有相同项, 则通知应 用处理模块 23允许应用软件使用该连接功能; The privilege use control module 22 is configured to check whether the connection function is consistent with any one of the connection function control policies, and view the corresponding trust level in the connection function control policy of the privilege usage policy module 21 according to the trust level of the application software. The connection function permission control list under the connection; determining whether the connection function used by the application software is the same as the connection function to be controlled by any one of the connection function permission control lists, and if there is the same item, determining the application software Whether the connection function used has a corresponding permission usage control policy; if there is no identical item, the notification application processing module 23 allows the application software to use the connection function;
相应的, 所述应用处理模块 23 ,还用于接收到权限使用控制模块 22发 来的允许应用软件使用该连接功能, 然后按照已有技术对访问应用软件进 行后续处理。  Correspondingly, the application processing module 23 is further configured to receive the permission application software sent by the permission usage control module 22 to use the connection function, and then perform subsequent processing on the access application software according to the prior art.
所述权限使用控制模块 22 , 具体用于当应用软件所使用的连接功能 对应的权限有权限使用控制策略时, 根据查看权限使用策略模块 21 的连 接功能控制策略中该权限使用控制策略, 对应用软件要使用的连接功能的 权限进行控制, 结束操作流程; 若没有, 则设定该连接功能的权限使用控 制策略,再将该连接功能的权限使用控制策略保存到权限使用策略模块 21 中;  The privilege usage control module 22 is specifically configured to: when the privilege corresponding to the connection function used by the application software has the privilege to use the control policy, use the privilege usage control policy in the connection function control policy of the policy module 21 according to the viewing privilege, The permission of the connection function to be used by the software is controlled, and the operation flow is ended; if not, the permission use control policy of the connection function is set, and the permission use control policy of the connection function is saved to the authority use policy module 21;
相应的, 所述权限使用策略模块 21 , 具体用于接收权限使用控制模块 22发来的权限使用控制策略, 并将该权限使用控制策略保存到连接功能权 限控制列表中对应的连接功能项目中。  Correspondingly, the rights usage policy module 21 is specifically configured to receive the rights usage control policy sent by the rights usage control module 22, and save the rights usage control policy to the corresponding connection function item in the connection function authority control list.
所述权限使用控制模块 22 ,具体用于查看权限使用控制策略中的具体 设置, 当具体设置为总是允许时, 则允许应用软件使用连接功能, 然后按 照已有技术对该应用软件做后续操作; 当具体设置为总是拒绝时, 则拒绝 应用软件使用连接功能, 然后按照已有技术对该应用软件做后续操作; 当 具体设置为每次询问, 则为用户弹出选择框, 由用户选择是否允许应用软 件使用该连接功能, 再根据用户的选择允许或拒绝应用软件使用该连接功 能 , 然后按照已有技术对该应用软件做后续操作。  The privilege usage control module 22 is specifically configured to view specific settings in the privilege usage control policy. When the specific setting is always allowed, the application software is allowed to use the connection function, and then the application software is subsequently operated according to the prior art. When the specific setting is always rejected, the application software is refused to use the connection function, and then the application software is followed according to the prior art; when the specific setting is for each inquiry, the user pops up a selection box, and the user selects whether The application software is allowed to use the connection function, and then the application software is allowed or denied according to the user's selection, and then the application software is followed according to the prior art.
所述权限使用控制模块 22 ,还用于提醒用户对该连接功能的权限进行 使用控制设定, 并将当前应用的处理流程暂停; 接收用户对于该功能的权 限使用控制策略进行设定, 并根据用户设定的权限使用策略的对应用软件 要使用的功能的权限进行控制。 所述移动终端还包括: 应用信任等级认证模块 24, 用于接收应用处理 模块 23发来的应用软件的安装包; 相应的, 所述应用处理模块 23 , 还用于 实时判断用户选择的操作为安装任意一个新应用软件、 还是访问任意一个 应用软件, 如果为安装任意一个新应用软件, 则将该应用软件的安装包发 送给应用信任等级认证模块 24, 如果为访问任意一个应用软件, 则判断当 前访问的应用软件是否使用到任意一项连接功能。 The permission use control module 22 is further configured to remind the user to use the control setting of the permission of the connection function, and suspend the processing flow of the current application; receive the user's permission control policy for the function, and according to The permissions set by the user use the policy to control the permissions of the functions to be used by the application. The mobile terminal further includes: an application trust level authentication module 24, configured to receive an installation package of the application software sent by the application processing module 23; correspondingly, the application processing module 23 is further configured to determine, in real time, that the operation selected by the user is Install any new application software or access any application software. If any new application software is installed, the installation package of the application software is sent to the application trust level authentication module 24, and if any application software is accessed, it is determined. Whether the currently accessed application uses any of the connection features.
所述应用信任等级认证模块 24, 还用于解压新的应用软件的安装包, 提取新的应用软件的签名信息, 利用应用软件的签名信息对应用进行认证, 根据认证结果确定应用软件的信任级别, 再将信任级别保存在与应用软件 对应的属性配置文件中, 将解压后的应用软件的安装包及应用软件的属性 配置文件发回给应用处理模块 23; 相应的, 所述应用处理模块 23 , 还用于 接收应用信任等级认证模块 24发来的解压后的应用软件的安装包及应用软 件的属性配置文件, 然后对解压后的应用软件按照已有技术继续安装应用 软件。  The application trust level authentication module 24 is further configured to decompress the installation package of the new application software, extract signature information of the new application software, authenticate the application by using the signature information of the application software, and determine the trust level of the application software according to the authentication result. Then, the trust level is saved in the attribute configuration file corresponding to the application software, and the installation package of the decompressed application software and the attribute configuration file of the application software are sent back to the application processing module 23; correspondingly, the application processing module 23 The utility model is further configured to receive an installation package of the decompressed application software sent by the application trust level authentication module 24 and an attribute configuration file of the application software, and then continue to install the application software according to the prior art on the decompressed application software.
所述应用信任等级认证模块 24, 具体用于将应用软件的签名信息、 与 预置在本模块中的多个证书的签名信息进行匹配, 如果应用的签名信息与 任意一个证书的签名信息相同, 则认证结果为通过; 否则认证结果为不通 过。  The application trust level authentication module 24 is specifically configured to match signature information of the application software with signature information of multiple certificates preset in the module. If the signature information of the application is the same as the signature information of any one of the certificates, The authentication result is passed; otherwise, the authentication result is not passed.
所述应用信任等级认证模块 24, 具体用于当认证结果为通过时, 则根 据具体的签名信息设置应用软件的可信任级别; 当认证结果为不通过时, 则设置该应用软件为不可信任级别。  The application trust level authentication module 24 is specifically configured to: when the authentication result is passed, set a trusted level of the application according to the specific signature information; when the authentication result is not passed, set the application software to an untrustable level. .
可见, 使用上述方案, 就可以根据应用的信任等级, 分类控制及管理 移动终端的应用对连接功能的使用, 能够有效防止对移动终端连接功能被 恶意软件使用, 从而保证移动终端用户的信息数据的安全性。  It can be seen that, by using the above scheme, the use of the connection function by the application of the mobile terminal can be classified and controlled according to the trust level of the application, and the connection function of the mobile terminal can be effectively prevented from being used by the malware, thereby ensuring the information data of the mobile terminal user. safety.
以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保 护范围。 The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention. Range of protection.

Claims

权利要求书 Claim
1、 一种控制连接功能的使用权限的方法, 其特征在于, 该方法包括: 根据预置的连接功能控制策略的配置文件, 生成连接功能控制策略; 检测到应用软件使用连接功能控制策略中所限定的连接功能时, 根据 连接功能控制策略中的该连接功能的权限使用控制策略对应用软件要使用 到的连接功能的权限进行控制。  A method for controlling usage rights of a connection function, the method comprising: generating a connection function control policy according to a preset connection function control policy configuration file; detecting that the application software uses a connection function control strategy When the limited connection function is used, the control policy is used to control the permission of the connection function to be used by the application according to the permission of the connection function in the connection function control policy.
2、 根据权利要求 1所述的方法, 其特征在于, 所述检测到应用软件使 用连接功能控制策略中所限定的连接功能之前, 该方法还包括: 实时判断 当前访问的应用软件是否使用到连接功能, 若是, 则检测应用软件使用的 连接功能对应的权限是否与连接功能控制策略中任意一项相符; 否则, 重 复判断当前访问的应用软件是否使用到连接功能。  2. The method according to claim 1, wherein before the detecting that the application software uses the connection function defined in the connection function control policy, the method further comprises: determining in real time whether the currently accessed application software uses the connection. Function, if yes, check whether the permission corresponding to the connection function used by the application software matches any one of the connection function control policies; otherwise, it repeatedly determines whether the currently accessed application software uses the connection function.
3、 根据权利要求 2所述的方法, 其特征在于, 所述检测应用软件使用 的连接功能对应的权限是否与连接功能控制策略中任意一项相符, 包括: 根据应用软件的信任级别, 查看连接功能控制策略中对应信任级别下的连 接功能权限控制列表; 判断该应用软件使用的连接功能是否与连接功能权 限控制列表中需要控制的连接功能相同, 若有相同项, 则检测到应用软件 使用到连接功能控制策略中所限定的连接功能; 若没有相同项, 则允许应 用软件使用该连接功能。  The method according to claim 2, wherein the detecting the permission corresponding to the connection function used by the application software is consistent with any one of the connection function control policies, including: viewing the connection according to the trust level of the application software. In the function control policy, the connection function permission control list corresponding to the trust level; determining whether the connection function used by the application software is the same as the connection function to be controlled in the connection function permission control list, and if there is the same item, detecting that the application software is used The connection function defined in the connection function control policy; if there is no identical item, the application software is allowed to use the connection function.
4、 根据权利要求 3所述的方法, 其特征在于, 所述根据应用软件的信 任级别, 查看连接功能控制策略中对应信任级别下的连接功能权限控制列 表之前, 该方法还包括: 确定进行新应用软件的安装时, 解压新的应用软 件的安装包, 提取新的应用软件的签名信息; 利用应用软件的签名信息进 行认证, 根据认证结果确定应用软件的信任级别; 再将信任级别保存在与 应用软件对应的属性配置文件中。  The method according to claim 3, wherein before the viewing the connection function permission control list under the corresponding trust level in the connection function control policy according to the trust level of the application software, the method further includes: determining to perform a new When the application software is installed, the installation package of the new application software is decompressed, and the signature information of the new application software is extracted; the signature information of the application software is used for authentication, and the trust level of the application software is determined according to the authentication result; and the trust level is saved in the The application software corresponds to the property profile.
5、 根据权利要求 1所述的方法, 其特征在于, 所述根据连接功能控制 策略中的该连接功能的权限使用控制策略对应用软件要使用到的连接功能 的权限进行控制之前, 该方法还包括: 判断对于应用软件所使用的连接功 能是否有对应的权限使用控制策略, 若有, 则根据该权限使用控制策略, 对应用软件要使用到的连接功能的权限进行控制管理; 若没有, 则对该连 接功能的权限使用控制策略进行设定并保存。 5. The method according to claim 1, wherein said controlling according to a connection function Before the permission of the connection function in the policy uses the control policy to control the permission of the connection function to be used by the application software, the method further includes: determining whether the connection function used by the application software has a corresponding permission use control policy, if If yes, the control policy is used according to the permission, and the authority of the connection function to be used by the application software is controlled and managed; if not, the permission of the connection function is set and saved using the control policy.
6、 一种移动终端, 其特征在于, 该移动终端包括: 权限使用策略模 块和权限使用控制模块; 其中,  A mobile terminal, the mobile terminal comprising: a rights usage policy module and a rights usage control module; wherein
权限使用策略模块,用于根据预置的连接功能控制策略的配置文件, 生成连接功能控制策略并提供给权限使用控制模块;  The permission use policy module is configured to generate a connection function control policy according to a preset connection function control policy configuration file and provide the permission use control module;
权限使用控制模块, 用于在检测到有应用软件使用了权限使用策略 模块中的系统连接权限控制策略中所限定的连接功能时, 根据连接功能 控制策略中的该连接功能的权限使用控制策略对应用软件要使用到的连接 功能的权限进行控制。  The permission use control module is configured to: when detecting that the application software uses the connection function defined in the system connection permission control policy in the permission use policy module, use the control policy pair according to the permission of the connection function in the connection function control policy The application software controls the permissions of the connection function to be used.
7、 根据权利要求 6所述的移动终端, 其特征在于, 所述移动终端, 还 包括:  The mobile terminal according to claim 6, wherein the mobile terminal further includes:
应用处理模块, 用于实时判断当前访问的应用软件是否使用到连接功 能, 若是, 则向权限使用控制模块发送应用软件使用的连接功能的名称; 否则, 重复判断当前访问的应用软件是否使用到任意一项连接功能;  The application processing module is configured to determine in real time whether the currently accessed application software uses the connection function, and if yes, send the name of the connection function used by the application software to the permission use control module; otherwise, repeatedly determine whether the currently accessed application software uses any a connection function;
相应的, 所述权限使用控制模块, 具体用于接收应用处理模块发来的 应用软件使用的连接功能的名称, 检测该连接功能是否与连接功能控制策 略中任意一项相符。  Correspondingly, the permission use control module is specifically configured to receive a name of a connection function used by the application software sent by the application processing module, and detect whether the connection function matches any one of the connection function control policies.
8、 根据权利要求 6所述的移动终端, 其特征在于,  8. The mobile terminal of claim 6, wherein
所述权限使用控制模块, 具体用于根据应用软件的信任级别, 查看权 限使用策略模块中连接功能控制策略中对应信任级别下的连接功能权限控 制列表; 判断该应用软件使用的连接功能是否与连接功能权限控制列表中 需要控制的连接功能相同, 若有相同项, 则检测到应用软件使用到连接功 能控制策略中所限定的连接功能; 若没有相同项, 则通知应用处理模块允 许应用软件使用该连接功能; The permission use control module is specifically configured to: according to the trust level of the application software, view the connection function permission control list under the corresponding trust level in the connection function control policy in the permission use policy module; determine whether the connection function used by the application software is connected Function permission control list The connection function to be controlled is the same. If there is the same item, the application software detects that the connection function defined in the connection function control policy is used; if there is no identical item, the application processing module is notified to allow the application software to use the connection function;
相应的, 所述应用处理模块, 还用于接收到权限使用控制模块发来的 允许应用软件使用该连接功能;  Correspondingly, the application processing module is further configured to: receive the permission application software sent by the permission usage control module to use the connection function;
所述权限使用策略模块, 具体用于为权限使用控制模块提供连接功 能控制策略。  The rights usage policy module is specifically configured to provide a connection function control policy for the rights usage control module.
9、 根据权利要求 8所述的移动终端, 其特征在于, 所述移动终端, 还 包括: 应用信任等级认证模块, 用于接收应用处理模块发来的新的应用软 件的安装包, 解压新的应用软件的安装包, 提取新的应用软件的签名信息; 利用应用软件的签名信息进行认证, 根据认证结果确定应用软件的信任级 别; 再将信任级别保存在与应用软件对应的属性配置文件中;  The mobile terminal according to claim 8, wherein the mobile terminal further comprises: an application trust level authentication module, configured to receive an installation package of a new application software sent by the application processing module, and decompress the new one. The installation package of the application software extracts the signature information of the new application software; the signature information of the application software is used for authentication, and the trust level of the application software is determined according to the authentication result; and the trust level is saved in the attribute configuration file corresponding to the application software;
相应的, 所述应用处理模块, 还用于确定进行新应用软件的安装时, 将该新的应用软件的安装包发送给应用信任等级认证模块。  Correspondingly, the application processing module is further configured to: when the installation of the new application software is performed, send the installation package of the new application software to the application trust level authentication module.
10、 根据权利要求 9所述的移动终端, 其特征在于,  10. The mobile terminal of claim 9, wherein
所述权限使用控制模块, 具体用于判断对于应用软件所使用的连接功 能是否有对应的权限使用控制策略, 若有, 则根据该权限使用控制策略, 对应用软件要使用到的连接功能的权限进行控制管理; 若没有, 则对该连 接功能的权限使用控制策略进行设定, 再将该连接功能的权限使用控制策 略保存到权限使用策略模块中;  The permission use control module is specifically configured to determine whether there is a corresponding permission use control policy for the connection function used by the application software, and if yes, use the control policy according to the permission, and the permission function of the connection function to be used by the application software Perform control management; if not, set the permission of the connection function using the control policy, and then save the permission usage control policy of the connection function to the permission usage policy module;
相应的 , 所述权限使用策略模块 , 具体用于接收权限使用控制模块发 来的权限使用控制策略, 并将该权限使用控制策略保存到连接功能权限控 制列表中对应的连接功能项目中。  Correspondingly, the permission usage policy module is specifically configured to receive the permission usage control policy sent by the permission control module, and save the permission usage control policy to the corresponding connection function item in the connection function permission control list.
PCT/CN2012/071535 2011-11-24 2012-02-23 Method for controlling right to use of connection function, and mobile terminal WO2013075418A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110378686.4A CN102413220B (en) 2011-11-24 2011-11-24 Method for controlling right of using connection function and mobile terminal
CN201110378686.4 2011-11-24

Publications (1)

Publication Number Publication Date
WO2013075418A1 true WO2013075418A1 (en) 2013-05-30

Family

ID=45915059

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/071535 WO2013075418A1 (en) 2011-11-24 2012-02-23 Method for controlling right to use of connection function, and mobile terminal

Country Status (2)

Country Link
CN (1) CN102413220B (en)
WO (1) WO2013075418A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103491056B (en) * 2012-06-12 2017-12-26 中兴通讯股份有限公司 The control method and device of application permission
CN103686722B (en) * 2012-09-13 2018-06-12 中兴通讯股份有限公司 Access control method and device
CN102999713A (en) * 2012-11-15 2013-03-27 沈阳中科博微自动化技术有限公司 Multi-user remote data operating method with authority management
CN104573435A (en) * 2013-10-15 2015-04-29 北京网秦天下科技有限公司 Method for terminal authority management and terminal
CN106156645A (en) * 2015-03-30 2016-11-23 中兴通讯股份有限公司 Terminal data protection method, terminal and equipment
CN105760751B (en) * 2016-02-14 2019-02-05 联想(北京)有限公司 A kind of information processing method and electronic equipment
CN106372496A (en) * 2016-08-31 2017-02-01 福建联迪商用设备有限公司 Method and system for improving payment terminal application security
CN109344605B (en) * 2018-09-10 2022-04-05 惠尔丰(中国)信息系统有限公司 Authority control method and system of intelligent POS machine

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1723674A (en) * 2002-11-08 2006-01-18 捷讯研究有限公司 System and method of connection control for wireless mobile communication devices
CN101677340A (en) * 2008-09-19 2010-03-24 Lg电子株式会社 Mobile terminal capable of preventing virus infection and method of controlling operation of the mobile terminal
CN102215229A (en) * 2011-06-01 2011-10-12 宇龙计算机通信科技(深圳)有限公司 Terminal and method for controlling application program to access exterior of terminal
CN102244858A (en) * 2011-08-01 2011-11-16 王冬梅 Method for mobile terminal to possess communication function of locking and unlocking, and mobile terminal thereof

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7769995B2 (en) * 2004-01-07 2010-08-03 Microsoft Corporation System and method for providing secure network access
CN101068196B (en) * 2006-05-01 2010-05-12 中兴通讯股份有限公司 Bluetooth mobile telephone switch-in bluetooth gateway service insertion controlling method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1723674A (en) * 2002-11-08 2006-01-18 捷讯研究有限公司 System and method of connection control for wireless mobile communication devices
CN101677340A (en) * 2008-09-19 2010-03-24 Lg电子株式会社 Mobile terminal capable of preventing virus infection and method of controlling operation of the mobile terminal
CN102215229A (en) * 2011-06-01 2011-10-12 宇龙计算机通信科技(深圳)有限公司 Terminal and method for controlling application program to access exterior of terminal
CN102244858A (en) * 2011-08-01 2011-11-16 王冬梅 Method for mobile terminal to possess communication function of locking and unlocking, and mobile terminal thereof

Also Published As

Publication number Publication date
CN102413220A (en) 2012-04-11
CN102413220B (en) 2014-08-20

Similar Documents

Publication Publication Date Title
WO2013075419A1 (en) Method for managing right to use of function, and mobile terminal
WO2013075422A1 (en) Method for protecting privacy information and mobile terminal
WO2013075418A1 (en) Method for controlling right to use of connection function, and mobile terminal
USRE49585E1 (en) Certificate based profile confirmation
WO2013075458A1 (en) Method for managing charge security and mobile terminal
WO2013075421A1 (en) Method for classifying and managing right to use of function, and mobile terminal
US20210014220A1 (en) Trusted container
CN103491056B (en) The control method and device of application permission
CN108173822B (en) Intelligent door lock control method, intelligent door lock and computer readable storage medium
EP3651500B1 (en) Managing mobile device applications in a wireless network
CA2849769C (en) Managing mobile device applications on a mobile device
WO2014040461A1 (en) Access control method and device
KR20160097323A (en) Near field communication authentication mechanism
WO2013075412A1 (en) Security control method and device for mobile terminal
CA2849763A1 (en) Managing mobile device applications
EP2859487A1 (en) Evaluating whether to block or allow installation of a software application
CA2849757A1 (en) Managing mobile device applications on a mobile device
CN111259348A (en) Method and system for safely running executable file
WO2019037581A1 (en) Method and device for carrying out wireless connection pre-authorization for user equipment
WO2019037521A1 (en) Security detection method, device, system, and server
US9521552B2 (en) Method and apparatus to use smart phones to securely and conveniently monitor intel pcs remotely
CN108494749B (en) Method, device and equipment for disabling IP address and computer readable storage medium
Muthukumaran et al. Protecting the integrity of trusted applications in mobile phone systems
CN108664805B (en) Application program safety verification method and system
CN114826724B (en) Data processing method, device, electronic equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12851613

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12851613

Country of ref document: EP

Kind code of ref document: A1