WO2013075422A1 - Method for protecting privacy information and mobile terminal - Google Patents

Method for protecting privacy information and mobile terminal Download PDF

Info

Publication number
WO2013075422A1
WO2013075422A1 PCT/CN2012/071547 CN2012071547W WO2013075422A1 WO 2013075422 A1 WO2013075422 A1 WO 2013075422A1 CN 2012071547 W CN2012071547 W CN 2012071547W WO 2013075422 A1 WO2013075422 A1 WO 2013075422A1
Authority
WO
WIPO (PCT)
Prior art keywords
privacy information
application software
personal privacy
function
permission
Prior art date
Application number
PCT/CN2012/071547
Other languages
French (fr)
Chinese (zh)
Inventor
雷明剑
王巍
徐立锋
古幼鹏
钟声
胡炜
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2013075422A1 publication Critical patent/WO2013075422A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Definitions

  • the present invention relates to access control technologies in mobile terminals, and in particular, to a method for protecting private information and a mobile terminal. Background technique
  • Mobile terminals such as mobile phones have entered the era of intelligence, and a variety of application software can be installed and run on mobile phones to enhance the convenience of mobile phone users.
  • an object of the present invention is to provide a method and a mobile terminal for protecting private information, which can control the authority of a calling function involving a user's personal privacy information, thereby protecting the personal privacy information of the mobile terminal user.
  • the present invention provides a method of protecting private information, the method comprising: Generating a privacy information security control policy according to a configuration file of a preset privacy information security control policy;
  • the application software detects the function related to the personal privacy information defined in the privacy information security control policy
  • the permission usage control policy according to the function of the privacy information security control policy related to the personal privacy information is used by the application software. Permissions to control the functionality of personal privacy information are controlled.
  • the method before the detecting that the application software uses the function related to the personal privacy information defined in the privacy information security control policy, the method further includes: determining, in real time, whether the currently accessed application software uses the personal privacy information. Function, if yes, detecting whether the right corresponding to the function related to the personal privacy information used by the application software matches any one of the privacy information security control policies; otherwise, continuing to determine whether the currently accessed application software uses personal privacy information The function.
  • whether the permission corresponding to the function related to the personal privacy information used by the detection application software is consistent with any one of the privacy information security control policies includes: viewing the privacy information security control policy according to the trust level of the application software. Corresponding to the function permission control list related to the personal privacy information under the trust level; determining whether the function related to the personal privacy information used by the application software and the function permission control list related to the personal privacy information need to be controlled involves personal privacy The functions of the information are the same. If there is the same item, the application software is detected to use the function related to the personal privacy information defined in the privacy information security control policy; if there is no identical item, the application software is allowed to use the personal privacy involved. The function of information.
  • the method before the viewing of the function permission control list related to the personal privacy information in the privacy information security control policy, the method further includes: determining to perform the installation of the new application software, decompressing the new application software.
  • the installation package extracts signature information of the new application software; uses the signature information of the application software to perform authentication, determines the trust level of the application software according to the authentication result; and saves the trust level in the attribute configuration file corresponding to the application software.
  • the method further includes: determining whether a function related to the personal privacy information used by the application software has a corresponding permission use control policy, and if yes, using the control policy according to the permission, the personal privacy information to be used by the application software The authority of the function is controlled; if not, the permission for the function related to the personal privacy information is set and saved using the control policy.
  • the present invention also provides a mobile terminal, where the mobile terminal includes: a rights usage policy module and a rights usage control module;
  • a permission usage policy module configured to generate a privacy information security control policy according to a preset configuration file of the privacy information security control policy, and provide the permission usage control module;
  • the permission use control module is configured to refer to the personal information according to the privacy information security control policy when the function related to the personal privacy information defined in the system connection permission control policy in the application software usage right policy module is detected
  • the permission of the function of the private information uses the control policy to control the authority of the application to use the function related to the personal privacy information.
  • the mobile terminal further includes: an application processing module, configured to determine in real time whether the currently accessed application software uses any function related to personal privacy information, and if yes, sends the application software to the rights usage control module.
  • an application processing module configured to determine in real time whether the currently accessed application software uses any function related to personal privacy information, and if yes, sends the application software to the rights usage control module.
  • the permission use control module is specifically configured to receive a name of a function related to the personal privacy information used by the application software sent by the application processing module, and detect whether the function related to the personal privacy information and the privacy information security control Any one of the policies matches.
  • the permission usage control module is specifically used to trust according to application software.
  • Level view the function permission control list related to personal privacy information under the corresponding trust level in the privacy information security control policy in the policy module; determine whether the function related to the personal privacy information used by the application software relates to personal privacy
  • the functions related to the personal privacy information that need to be controlled in the function permission control list of the information are the same. If there is the same item, the function that the application software uses to refer to the personal privacy information defined in the privacy information security control policy is detected; The same item, the notification application processing module allows the application software to use the function related to personal privacy information;
  • the application processing module is further configured to receive, by the permission usage control module, a function that allows the application software to use the personal privacy information;
  • the rights usage policy module is specifically configured to provide a privacy information security control policy for the rights usage control module.
  • the mobile terminal further includes: an application trust level authentication module, configured to receive an installation package of a new application software sent by the application processing module, decompress a new application software installation package, and extract a new application software. Signature information; use the signature information of the application software for authentication, determine the trust level of the application software according to the authentication result; and then save the trust level in the attribute configuration file corresponding to the application software;
  • an application trust level authentication module configured to receive an installation package of a new application software sent by the application processing module, decompress a new application software installation package, and extract a new application software.
  • Signature information use the signature information of the application software for authentication, determine the trust level of the application software according to the authentication result; and then save the trust level in the attribute configuration file corresponding to the application software
  • the application processing module is further configured to: when the installation of the new application software is performed, send the installation package of the new application software to the application trust level authentication module.
  • the permission use control module is specifically configured to determine whether a function related to the personal privacy information used by the application software has a corresponding permission use control policy, and if yes, use the control policy according to the permission,
  • the application software controls the rights of the functions related to the personal privacy information; if not, the rights control policy for the functions related to the personal privacy information is set, and the personal privacy information is involved.
  • the permissions of the feature are saved to the rights usage policy module using the control policy;
  • the permission usage policy module is specifically used to receive the permission usage control module
  • the privilege uses the control policy, and saves the privilege usage control policy to the corresponding functional item related to the personal privacy information in the function permission control list related to the personal privacy information.
  • the method for protecting private information and the mobile terminal provided by the present invention set a privacy information security control policy for application software with different trust levels, and focus on detecting the use of some functions related to personal privacy information that the user cares about;
  • the control policy is used according to the specific authority of the function related to the personal privacy information; thus, according to the application
  • the trust level, classification control and management of the application software on the mobile terminal to the use of personal privacy information, thereby protecting the privacy information of the mobile terminal user and improving the security of the personal information in the mobile terminal.
  • the privacy information security control policy can be modified or deleted according to the actual situation, so that the usage rights of the functions related to personal privacy information can be flexibly controlled.
  • FIG. 1 is a schematic flow chart of a method for protecting private information according to the present invention
  • FIG. 2 is a schematic structural diagram of a mobile terminal according to the present invention. detailed description
  • the basic idea of the present invention is: generating a privacy information security control policy according to a configuration file of a preset privacy information security control policy; and detecting that the application software uses a function related to personal privacy information defined in the privacy information security control policy, The authority to use the control policy based on the rights of the functions used in the privacy information security control policy controls the rights of the application to use the functions related to personal privacy information.
  • the privacy information security control policy is: a specific function of the required control corresponding to the function of the personal privacy information under different trust levels, and a permission use control policy of the function related to the personal privacy information;
  • the permission use control policy is a permission control manner for using a function related to personal privacy information in any one of the privacy information security control policies, and may include: always allowing, always rejecting, or asking each time.
  • the following takes the mobile terminal as a mobile phone as an example.
  • the method for protecting the private information of the present invention is as shown in FIG. 1 , and includes the following steps:
  • Step 101 Pre-configure the configuration file of the privacy information security control policy in the mobile phone.
  • the configuration file of the privacy information security control policy is written according to the actual situation, and may include the type of the permission, the trust level, the name of the permission group, and the individual involved in the permission group.
  • the function of the private information, the format can be written in the Extensible Markup Language (XML) format;
  • Step 102 After the mobile phone is started, generate a privacy information security control policy according to the configuration file of the privacy information security control policy.
  • step 103 After the mobile phone is started, check whether there is a new privacy information security control policy configuration file from the specified directory. If not, go directly to step 103; if yes, read the private information security control policy configuration file, from In the configuration file of the privacy information security control policy, the trust level, the permission group name, and the specific control function under the permission group are extracted; the specific control function under the trust level as the identifier, the permission group name, and the permission group is added to the personal privacy involved.
  • the function permission control list of the information finally, the function permission control list related to the personal privacy information is saved in the phone memory to form a privacy information security control policy, and then step 103 is performed;
  • the specified directory is: a file directory of a configuration file storing a privacy information security control policy, for example, the specified directory may be a root directory of a mobile phone memory card.
  • Step 103 Real-timely determine whether the currently used application software uses any function of the personal privacy information in the mobile phone. If yes, execute step 104; otherwise, repeat step 103.
  • the mobile phone real-time monitoring application software running process determines whether the calling information of any function related to personal privacy information is issued during the running of the application software, so that it can be judged whether the currently used application software is used. Any one of the phones involves personal privacy The function of the information, if issued, performing step 104, and extracting the function related to the personal privacy information used in the calling information of the function related to the personal privacy information; if not, repeating step 103;
  • the calling information for any function related to personal privacy information includes: a function to be invoked related to personal privacy information; a method for generating the calling information is prior art, and is not mentioned here.
  • Step 104 Detect whether the right corresponding to the function related to the personal privacy information used by the application software matches any one of the privacy information security control policies, and if yes, perform step 105; otherwise, allow the application to use the personal privacy The function of the information, ending the processing flow.
  • the mobile phone checks the function permission control list related to the personal privacy information in the privacy information security control policy according to the trust level of the application software; and determines whether the function related to the personal privacy information used by the application software relates to The function related to the personal privacy information that needs to be controlled in any of the function permission control lists of the personal privacy information is the same. If there is the same item, step 105 is performed; if not, the application software is allowed to use the function related to the personal privacy information. , performing subsequent processing on the access application software according to the prior art;
  • the mobile phone determines that the currently used application software uses the access phone book function, the mobile phone checks the function permission control list related to the personal privacy information under the corresponding trust level in the privacy information security control policy according to the trust level of the application software; When the trust level of the application software is untrustworthy, if the access permission book is recorded in the function permission control list corresponding to the personal privacy information corresponding to the untrustable level, step 105 is performed; when the trust level of the application software is trusted If the access phone book function item is recorded in the function permission control list related to the personal privacy information in the corresponding trusted level, step 105 is performed.
  • Step 105 The mobile phone determines whether there is a corresponding permission use control policy for the function related to the personal privacy information used by the application software. If yes, step 106 is performed; if not, step 107 is performed. Step 106: The mobile phone uses the control policy according to the permission, and controls the permission of the application to use the function related to the personal privacy information, and ends the processing flow.
  • control viewing the specific setting in the permission use control policy, when the specific setting is always allowed, the application is allowed to use the function related to the personal privacy information, and then the application is followed according to the prior art. Operation; when the specific setting is always rejected, the application software is rejected to use the function related to personal privacy information, and then the application software is followed according to the prior art; when the specific setting is for each inquiry, the user pops up the selection. Box, the user selects whether to allow the application software to use the function related to the personal privacy information, and then allows or denies the application software to use the function related to the personal privacy information according to the user's selection, and then follows the prior art according to the prior art. operating.
  • Step 107 The mobile phone sets the permission usage control policy for the function related to personal privacy information.
  • This step is specifically as follows:
  • the mobile phone pops up a prompt dialog box for the user to remind the user that the permission for the function related to the personal privacy information is always allowed, always refused, or set each time, and the current application processing flow is suspended.
  • the user saves the setting of the permission as a permission use control policy, adds a function item corresponding to the personal privacy information in the privacy information security control policy, and uses the control policy to follow the current application according to the set authority. deal with.
  • the specific authentication process includes the following steps:
  • Step a The mobile phone determines in real time whether the operation selected by the user is to install any new application software or use any application software. If any new application software is installed, step b is performed; if any application software is accessed, the steps are executed. 103.
  • Step b The mobile phone decompresses the installation package of the new application software, and extracts the signature information of the new application software.
  • the installation package for decompressing the new application software is a prior art, and no comment is made here;
  • the extracting the signature information of the new application software is: after extracting the installation package of the new application software, extracting the signature information therein;
  • the signature information is: using a special tool to write signature information into a specific field of the application software, indicating that the application has passed the audit of the signer, and the specific fields are divided into three types: Saipan.
  • Step c The mobile phone first uses the signature information of the application software to perform authentication, and determines the trust level of the application software according to the authentication result; then saves the trust level in the attribute configuration file corresponding to the application software, and continues to install the application software according to the prior art, and returns step&.
  • the performing the authentication by using the signature information of the application software includes: matching the signature information of the application software with the signature information of the plurality of certificates preset in the mobile phone, if the signature information of the application and the signature information of any one of the certificates If the authentication result is the same, the authentication result is not passed.
  • the determining the trust level of the application software according to the authentication result includes: setting the trust level of the application software according to the specific signature information when the authentication result is passed; and setting the application software to be unavailable when the authentication result is not passed.
  • the trust level includes two categories, namely, an untrustworthy level and a trusted level.
  • the trusted level of the application is set according to the specific signature information: the mobile phone manufacturer customizes the preset certificate according to actual needs.
  • Signature information, the trust level corresponding to different signature information may include: "vendor trust level”, “operator trust level”, “third-party partner trust level”, and the like.
  • the privacy information security control policy may be modified or deleted according to actual conditions, specifically: when any one of the privacy information security control policies needs to be modified or deleted, the original privacy information security control policy is found.
  • the configuration file is modified in the configuration file, and then step 102 is performed.
  • the present invention also provides a mobile terminal.
  • the mobile terminal includes: The use of the policy module 21 and the permission use control module 22; wherein
  • the privilege usage policy module 21 is configured to generate a privacy information security control policy according to a preset configuration file of the privacy information security control policy, and provide the privilege usage control module 22, where the privilege usage control module 22 is configured to detect the application software.
  • the control policy is applied to the application software. Use the permissions of the functions related to personal privacy information to control.
  • the permission usage policy module 21 is specifically configured to save a configuration file of the preset privacy information security control policy; and when the mobile terminal is powered on, generate a system connection authority control policy according to the configuration file of the privacy information security control policy.
  • the permission usage policy module 21 is specifically configured to check whether there is a configuration file of a new privacy information security control policy from the specified directory, and if not, end the processing flow; if yes, read the configuration of the privacy information security control policy
  • the file from the configuration file of the privacy information security control policy, extracts the trust level, the permission group name, and the specific control of the personal privacy information under the permission group; the trust level is the identifier, the permission group name, and the permission group are specific.
  • the function of controlling the personal privacy information is added to the function permission control list related to the personal privacy information; finally, the function permission control list related to the personal privacy information is saved, and the privacy information security control policy is formed.
  • the mobile terminal further includes: an application processing module 23, configured to determine in real time whether the currently accessed application software uses any function related to personal privacy information, and if yes, send the application software to the rights usage control module 22 The name of the function related to the personal privacy information; otherwise, it continues to determine whether the currently accessed application software uses any of the functions related to the personal privacy information; correspondingly, the rights usage control module 22 is specifically configured to receive the application processing.
  • the application processing module 23 is specifically configured to monitor the running process of the application software in real time, and determine whether to call any function related to the personal privacy information during the running of the application software to determine the currently used application software. Whether to use any function related to personal privacy information in the mobile phone, and if so, to send the name of the function related to the personal privacy information used by the application software to the authority use control module 22; otherwise, continue to determine whether the currently accessed application software is Use any feature that involves personal privacy information.
  • the privilege use control module 22 is configured to: when detecting whether the function related to the personal privacy information matches any one of the privacy information security control policies, view the privacy information of the privilege usage policy module 21 according to the trust level of the application software.
  • a function permission control list related to personal privacy information corresponding to the trust level in the security control policy; determining whether the function related to the personal privacy information used by the application software is required by any one of the function permission control lists related to the personal privacy information The function of controlling the personal privacy information is the same. If there is the same item, it is determined whether there is a corresponding permission use control policy for the function related to the personal privacy information used by the application software; if there is no identical item, the application processing module is notified. 23 allowing the application to use the functionality related to personal privacy information;
  • the application processing module 23 is further configured to receive the function of the application permission control module 22 to allow the application software to use the personal privacy information, and then perform subsequent processing on the access application software according to the prior art.
  • the privilege use control module 22 is specifically configured to: when the privilege used by the application software for the function related to the personal privacy information has the privilege to use the control policy, use the privilege in the privacy information security control policy of the policy module 21 according to the viewing privilege Using the control policy, controlling the authority of the application to use the function related to the personal privacy information, and ending the operation flow; if not, setting the permission use control policy of the function related to the personal privacy information, and then Permissions using the function of personal privacy information are saved to the rights usage policy module using the control policy
  • the privilege usage policy module 21 is specifically configured to receive the privilege usage control policy sent by the privilege usage control module 22, and save the privilege usage control policy to a corresponding privilege control list related to the personal privacy information.
  • the privilege usage policy module 21 is specifically configured to receive the privilege usage control policy sent by the privilege usage control module 22, and save the privilege usage control policy to a corresponding privilege control list related to the personal privacy information. In a functional project involving personal privacy information.
  • the privilege use control module 22 is specifically configured to view specific settings in the privilege use control policy.
  • the application software When the specific setting is always allowed, the application software is allowed to use the function related to the personal privacy information, and then according to the prior art.
  • the application software performs the following operations; when the specific setting is always rejected, the application software is rejected to use the function related to the personal privacy information, and then the application software is followed according to the prior art; when specifically set to each inquiry, Popping a selection box for the user, the user selects whether to allow the application software to use the function related to the personal privacy information, and then allows or denies the application software to use the function related to the personal privacy information according to the user's selection, and then according to the prior art
  • the application software does the follow-up operation.
  • the privilege use control module 22 is further configured to remind the user to set the privilege usage control policy for the function related to the personal privacy information, and suspend the current application processing flow; and receive the user's privilege usage control policy for the function. Make settings, and control the permissions of the functions to be used by the application according to the rights set by the user.
  • the mobile terminal further includes: an application trust level authentication module 24, configured to receive an installation package of the application software sent by the application processing module 23; correspondingly, the application processing module 23 is further configured to determine, in real time, that the operation selected by the user is Install any new application software or access any application software. If any new application software is installed, the installation package of the application software is sent to the application trust level authentication module 24, and if any application software is accessed, it is determined. Whether the currently accessed application uses any of the features related to personal privacy information.
  • the application trust level authentication module 24 is further configured to decompress the installation package of the new application software. Extracting the signature information of the new application software, using the signature information of the application software to authenticate the application, determining the trust level of the application software according to the authentication result, and then saving the trust level in the attribute configuration file corresponding to the application software, and decompressing the The installation package of the application software and the attribute configuration file of the application software are sent back to the application processing module 23; correspondingly, the application processing module 23 is further configured to receive the installation of the decompressed application software sent by the application trust level authentication module 24. Package and application software attribute configuration file, and then continue to install the application software according to the prior art for the decompressed application software.
  • the application trust level authentication module 24 is specifically configured to match signature information of the application software with signature information of multiple certificates preset in the module. If the signature information of the application is the same as the signature information of any one of the certificates, The authentication result is passed; otherwise, the authentication result is not passed.
  • the application trust level authentication module 24 is specifically configured to: when the authentication result is passed, set a trusted level of the application according to the specific signature information; when the authentication result is not passed, set the application software to an untrustable level. .
  • the application of the mobile terminal application to the function related to the personal privacy information can be classified and controlled according to the trust level of the application, and the function of the personal privacy information related to the mobile terminal can be effectively prevented from being used by the malware. , thereby ensuring the security of the information data of the mobile terminal user.

Abstract

Disclosed is a method for protecting privacy information, including: a mobile terminal generating a privacy information security control policy according to a preset privacy information security control policy configuration file; when detecting that an application software uses a function involving personal privacy information defined in the privacy information security control policy, the mobile terminal controlling the right of the function involving personal privacy information used by the application software according to a right to use control policy of the function used in the privacy information security control policy. Also at the same time disclosed is a mobile terminal. The present invention can be applied to control the right of the invoke function involving user personal privacy information and thus protect the personal privacy information about the mobile terminal user.

Description

一种保护隐私信息的方法及移动终端 技术领域  Method for protecting private information and mobile terminal
本发明涉及移动终端中的权限控制技术, 尤其涉及一种保护隐私信息 的方法及移动终端。 背景技术  The present invention relates to access control technologies in mobile terminals, and in particular, to a method for protecting private information and a mobile terminal. Background technique
移动终端如手机已进入智能时代, 可以在手机上安装运行多种应用软 件, 以提升手机用户的使用便利性。  Mobile terminals such as mobile phones have entered the era of intelligence, and a variety of application software can be installed and run on mobile phones to enhance the convenience of mobile phone users.
目前, 手机上安装运行的应用软件中, 植入恶意盗取用户隐私信息的 恶意应用软件数量越来越多。 这些恶意应用软件通过隐蔽在后台运行, 在 用户不易察觉的情况下, 获取手机用户的私人信息, 比如: 短信、 联系人、 通话记录等; 这些恶意应用软件可以在后台运行, 自动获取用户的私人信 息, 并将用户的私人信息发送给非法供应商(SP, Service Provider ) , 如此, 将会泄露手机用户的隐私。  At present, the number of malicious applications that maliciously steal user's private information is increasing in the application software installed on the mobile phone. These malicious applications run hidden in the background, and obtain private information of mobile phone users, such as: short messages, contacts, call records, etc.; these malicious applications can be run in the background to automatically obtain the user's private Information, and the user's private information is sent to the illegal supplier (SP, Service Provider), thus, will leak the privacy of the mobile phone user.
可见, 由于目前没有对移动终端, 如手机中的恶意应用软件调用涉及 到用户的私人信息的功能权限进行控制, 导致用户在没有察觉的情况下泄 露了个人隐私信息。 发明内容  It can be seen that since the malicious application in the mobile terminal, such as the mobile phone, does not control the function authority of the user's private information, the user reveals the personal privacy information without being aware of it. Summary of the invention
有鉴于此, 本发明的目的在于提供一种保护隐私信息的方法及移动终 端, 能对涉及用户个人隐私信息的调用功能的权限进行控制, 从而保护移 动终端用户的个人隐私信息。  In view of the above, an object of the present invention is to provide a method and a mobile terminal for protecting private information, which can control the authority of a calling function involving a user's personal privacy information, thereby protecting the personal privacy information of the mobile terminal user.
为达到上述目的, 本发明的技术方案是这样实现的:  In order to achieve the above object, the technical solution of the present invention is achieved as follows:
本发明提供了一种保护隐私信息的方法, 该方法包括: 根据预置的隐私信息安全控制策略的配置文件, 生成隐私信息安全控 制策略; The present invention provides a method of protecting private information, the method comprising: Generating a privacy information security control policy according to a configuration file of a preset privacy information security control policy;
检测到应用软件使用隐私信息安全控制策略中所限定的涉及到个人隐 私信息的功能时, 根据隐私信息安全控制策略中所使用涉及到个人隐私信 息的功能的权限使用控制策略, 对应用软件所使用涉及到个人隐私信息的 功能的权限进行控制。  When the application software detects the function related to the personal privacy information defined in the privacy information security control policy, the permission usage control policy according to the function of the privacy information security control policy related to the personal privacy information is used by the application software. Permissions to control the functionality of personal privacy information are controlled.
上述方案中, 所述检测到应用软件使用隐私信息安全控制策略中所限 定的涉及到个人隐私信息的功能之前, 该方法还包括: 实时判断当前访问 的应用软件是否使用到涉及到个人隐私信息的功能, 若是, 则检测应用软 件使用的涉及到个人隐私信息的功能对应的权限是否与隐私信息安全控制 策略中任意一项相符; 否则, 继续判断当前访问的应用软件是否使用到涉 及到个人隐私信息的功能。  In the foregoing solution, before the detecting that the application software uses the function related to the personal privacy information defined in the privacy information security control policy, the method further includes: determining, in real time, whether the currently accessed application software uses the personal privacy information. Function, if yes, detecting whether the right corresponding to the function related to the personal privacy information used by the application software matches any one of the privacy information security control policies; otherwise, continuing to determine whether the currently accessed application software uses personal privacy information The function.
上述方案中, 所述检测应用软件使用的涉及到个人隐私信息的功能对 应的权限是否与隐私信息安全控制策略中任意一项相符, 包括: 根据应用 软件的信任级别, 查看隐私信息安全控制策略中对应信任级别下的涉及到 个人隐私信息的功能权限控制列表; 判断所述应用软件使用的涉及到个人 隐私信息的功能是否与涉及到个人隐私信息的功能权限控制列表中需要控 制的涉及到个人隐私信息的功能相同, 若有相同项, 则检测到应用软件使 用到隐私信息安全控制策略中所限定的涉及到个人隐私信息的功能; 若没 有相同项, 则允许应用软件使用所述涉及到个人隐私信息的功能。  In the above solution, whether the permission corresponding to the function related to the personal privacy information used by the detection application software is consistent with any one of the privacy information security control policies, includes: viewing the privacy information security control policy according to the trust level of the application software. Corresponding to the function permission control list related to the personal privacy information under the trust level; determining whether the function related to the personal privacy information used by the application software and the function permission control list related to the personal privacy information need to be controlled involves personal privacy The functions of the information are the same. If there is the same item, the application software is detected to use the function related to the personal privacy information defined in the privacy information security control policy; if there is no identical item, the application software is allowed to use the personal privacy involved. The function of information.
上述方案中, 所述查看隐私信息安全控制策略中对应信任级别下的涉 及到个人隐私信息的功能权限控制列表之前, 该方法还包括: 确定进行新 应用软件的安装时, 解压新的应用软件的安装包, 提取新的应用软件的签 名信息; 利用应用软件的签名信息进行认证, 根据认证结果确定应用软件 的信任级别; 再将信任级别保存在与应用软件对应的属性配置文件中。 上述方案中, 所述根据隐私信息安全控制策略中的所述涉及到个人隐 私信息的功能的权限使用控制策略对应用软件要使用到的涉及到个人隐私 信息的功能的权限进行控制之前, 该方法还包括: 判断对于应用软件所使 用的涉及到个人隐私信息的功能是否有对应的权限使用控制策略, 若有, 则根据所述权限使用控制策略, 对应用软件要使用到的涉及到个人隐私信 息的功能的权限进行控制; 若没有, 则对所述涉及到个人隐私信息的功能 的权限使用控制策略进行设定并保存。 In the foregoing solution, before the viewing of the function permission control list related to the personal privacy information in the privacy information security control policy, the method further includes: determining to perform the installation of the new application software, decompressing the new application software. The installation package extracts signature information of the new application software; uses the signature information of the application software to perform authentication, determines the trust level of the application software according to the authentication result; and saves the trust level in the attribute configuration file corresponding to the application software. In the above solution, before the permission usage control policy according to the function related to the personal privacy information in the privacy information security control policy controls the authority of the function related to the personal privacy information to be used by the application software, the method The method further includes: determining whether a function related to the personal privacy information used by the application software has a corresponding permission use control policy, and if yes, using the control policy according to the permission, the personal privacy information to be used by the application software The authority of the function is controlled; if not, the permission for the function related to the personal privacy information is set and saved using the control policy.
本发明还提供了一种移动终端, 该移动终端包括: 权限使用策略模块 和权限使用控制模块; 其中,  The present invention also provides a mobile terminal, where the mobile terminal includes: a rights usage policy module and a rights usage control module;
权限使用策略模块, 用于根据预置的隐私信息安全控制策略的配置 文件, 生成隐私信息安全控制策略并提供给权限使用控制模块;  a permission usage policy module, configured to generate a privacy information security control policy according to a preset configuration file of the privacy information security control policy, and provide the permission usage control module;
权限使用控制模块, 用于在检测到有应用软件使用权限使用策略模 块中的系统连接权限控制策略中所限定的涉及到个人隐私信息的功能 时, 根据隐私信息安全控制策略中所述涉及到个人隐私信息的功能的权限 使用控制策略, 对应用软件要使用到的涉及到个人隐私信息的功能的权限 进行控制。  The permission use control module is configured to refer to the personal information according to the privacy information security control policy when the function related to the personal privacy information defined in the system connection permission control policy in the application software usage right policy module is detected The permission of the function of the private information uses the control policy to control the authority of the application to use the function related to the personal privacy information.
上述方案中, 所述移动终端, 还包括: 应用处理模块, 用于实时判断 当前访问的应用软件是否使用到任意一项涉及到个人隐私信息的功能, 若 是, 则向权限使用控制模块发送应用软件使用的涉及到个人隐私信息的功 能的名称; 否则, 继续判断当前访问的应用软件是否使用到涉及到个人隐 私信息的功能;  In the above solution, the mobile terminal further includes: an application processing module, configured to determine in real time whether the currently accessed application software uses any function related to personal privacy information, and if yes, sends the application software to the rights usage control module. The name of the function used to refer to personal privacy information; otherwise, continue to determine whether the currently accessed application uses the functionality related to personal privacy information;
相应的, 所述权限使用控制模块, 具体用于接收应用处理模块发来的 应用软件使用的涉及到个人隐私信息的功能的名称, 检测所述涉及到个人 隐私信息的功能是否与隐私信息安全控制策略中任意一项相符。  Correspondingly, the permission use control module is specifically configured to receive a name of a function related to the personal privacy information used by the application software sent by the application processing module, and detect whether the function related to the personal privacy information and the privacy information security control Any one of the policies matches.
上述方案中, 所述权限使用控制模块, 具体用于根据应用软件的信任 级别, 查看权限使用策略模块中隐私信息安全控制策略中对应信任级别下 的涉及到个人隐私信息的功能权限控制列表; 判断所述应用软件使用的涉 及到个人隐私信息的功能是否与涉及到个人隐私信息的功能权限控制列表 中需要控制的涉及到个人隐私信息的功能相同, 若有相同项, 则检测到应 用软件使用到隐私信息安全控制策略中所限定的涉及到个人隐私信息的功 能; 若没有相同项, 则通知应用处理模块允许应用软件使用所述涉及到个 人隐私信息的功能; In the above solution, the permission usage control module is specifically used to trust according to application software. Level, view the function permission control list related to personal privacy information under the corresponding trust level in the privacy information security control policy in the policy module; determine whether the function related to the personal privacy information used by the application software relates to personal privacy The functions related to the personal privacy information that need to be controlled in the function permission control list of the information are the same. If there is the same item, the function that the application software uses to refer to the personal privacy information defined in the privacy information security control policy is detected; The same item, the notification application processing module allows the application software to use the function related to personal privacy information;
相应的, 所述应用处理模块, 还用于接收到权限使用控制模块发来的 允许应用软件使用所述涉及到个人隐私信息的功能;  Correspondingly, the application processing module is further configured to receive, by the permission usage control module, a function that allows the application software to use the personal privacy information;
所述权限使用策略模块, 具体用于为权限使用控制模块提供隐私信 息安全控制策略。  The rights usage policy module is specifically configured to provide a privacy information security control policy for the rights usage control module.
上述方案中, 所述移动终端, 还包括: 应用信任等级认证模块, 用于 接收应用处理模块发来的新的应用软件的安装包, 解压新的应用软件的安 装包, 提取新的应用软件的签名信息; 利用应用软件的签名信息进行认证, 根据认证结果确定应用软件的信任级别; 再将信任级别保存在与应用软件 对应的属性配置文件中;  In the above solution, the mobile terminal further includes: an application trust level authentication module, configured to receive an installation package of a new application software sent by the application processing module, decompress a new application software installation package, and extract a new application software. Signature information; use the signature information of the application software for authentication, determine the trust level of the application software according to the authentication result; and then save the trust level in the attribute configuration file corresponding to the application software;
相应的, 所述应用处理模块, 还用于确定进行新应用软件的安装时, 将所述新的应用软件的安装包发送给应用信任等级认证模块。  Correspondingly, the application processing module is further configured to: when the installation of the new application software is performed, send the installation package of the new application software to the application trust level authentication module.
上述方案中, 所述权限使用控制模块, 具体用于判断对于应用软件所 使用的涉及到个人隐私信息的功能是否有对应的权限使用控制策略, 若有, 则根据所述权限使用控制策略, 对应用软件要使用到的涉及到个人隐私信 息的功能的权限进行控制; 若没有, 则对所述涉及到个人隐私信息的功能 的权限使用控制策略进行设定, 再将所述涉及到个人隐私信息的功能的权 限使用控制策略保存到权限使用策略模块中;  In the foregoing solution, the permission use control module is specifically configured to determine whether a function related to the personal privacy information used by the application software has a corresponding permission use control policy, and if yes, use the control policy according to the permission, The application software controls the rights of the functions related to the personal privacy information; if not, the rights control policy for the functions related to the personal privacy information is set, and the personal privacy information is involved. The permissions of the feature are saved to the rights usage policy module using the control policy;
相应的, 所述权限使用策略模块, 具体用于接收权限使用控制模块发 来的权限使用控制策略, 并将所述权限使用控制策略保存到涉及到个人隐 私信息的功能权限控制列表中对应的涉及到个人隐私信息的功能项目中。 Correspondingly, the permission usage policy module is specifically used to receive the permission usage control module The privilege uses the control policy, and saves the privilege usage control policy to the corresponding functional item related to the personal privacy information in the function permission control list related to the personal privacy information.
本发明所提供的保护隐私信息的方法及移动终端, 通过针对不同信任 级别的应用软件设置隐私信息安全控制策略, 对用户关心的一些涉及到个 人隐私信息的功能的使用进行重点检测; 在有应用软件使用到移动终端的 隐私信息安全控制策略中的任意一项涉及到个人隐私信息的功能时, 根据 该项涉及到个人隐私信息的功能的具体权限使用控制策略进行处理; 如此, 就能根据应用的信任级别, 分类控制及管理移动终端上的应用软件对涉及 到个人隐私信息的功能的使用, 进而保护移动终端用户的个人隐私信息, 提高移动终端中个人信息的安全性。 另外, 还可以根据实际情况对隐私信 息安全控制策略进行修改或删除, 从而可以灵活控制涉及到个人隐私信息 的功能的使用权限。 附图说明  The method for protecting private information and the mobile terminal provided by the present invention set a privacy information security control policy for application software with different trust levels, and focus on detecting the use of some functions related to personal privacy information that the user cares about; When any one of the privacy information security control policies used by the software to the mobile terminal relates to the function of the personal privacy information, the control policy is used according to the specific authority of the function related to the personal privacy information; thus, according to the application The trust level, classification control and management of the application software on the mobile terminal to the use of personal privacy information, thereby protecting the privacy information of the mobile terminal user and improving the security of the personal information in the mobile terminal. In addition, the privacy information security control policy can be modified or deleted according to the actual situation, so that the usage rights of the functions related to personal privacy information can be flexibly controlled. DRAWINGS
图 1为本发明保护隐私信息的方法流程示意图;  1 is a schematic flow chart of a method for protecting private information according to the present invention;
图 2为本发明移动终端的结构示意图。 具体实施方式  2 is a schematic structural diagram of a mobile terminal according to the present invention. detailed description
本发明的基本思想是: 根据预置的隐私信息安全控制策略的配置文件, 生成隐私信息安全控制策略; 检测到应用软件使用隐私信息安全控制策略 中所限定的涉及到个人隐私信息的功能时, 根据隐私信息安全控制策略中 所使用功能的权限使用控制策略, 对应用软件所使用的涉及个人隐私信息 的功能的权限进行控制。  The basic idea of the present invention is: generating a privacy information security control policy according to a configuration file of a preset privacy information security control policy; and detecting that the application software uses a function related to personal privacy information defined in the privacy information security control policy, The authority to use the control policy based on the rights of the functions used in the privacy information security control policy controls the rights of the application to use the functions related to personal privacy information.
其中, 所述隐私信息安全控制策略为: 在不同信任级别下、 涉及到个 人隐私信息的功能中对应的所需控制的具体功能, 以及该涉及到个人隐私 信息的功能的权限使用控制策略; 所述权限使用控制策略为对使用隐私信息安全控制策略中任意一项涉 及到个人隐私信息的功能的权限控制方式, 可以包括: 总是允许、 总是拒 绝、 或每次询问。 The privacy information security control policy is: a specific function of the required control corresponding to the function of the personal privacy information under different trust levels, and a permission use control policy of the function related to the personal privacy information; The permission use control policy is a permission control manner for using a function related to personal privacy information in any one of the privacy information security control policies, and may include: always allowing, always rejecting, or asking each time.
下面结合附图及具体实施例对本发明再作进一步详细的说明。  The present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments.
以下以移动终端是手机为例, 本发明保护隐私信息的方法如图 1所示, 包括以下步驟:  The following takes the mobile terminal as a mobile phone as an example. The method for protecting the private information of the present invention is as shown in FIG. 1 , and includes the following steps:
步驟 101 : 在手机中预置隐私信息安全控制策略的配置文件。  Step 101: Pre-configure the configuration file of the privacy information security control policy in the mobile phone.
这里, 所述隐私信息安全控制策略的配置文件, 根据实际情况对所需 控制的功能的使用权限进行编写, 可以包括权限的类型、 信任等级、 权限 组名称、 权限组下需要控制的涉及到个人隐私信息的功能, 编写的格式可 以为可扩展标 i己语言 (XML, Extensible Markup Language )格式;  Here, the configuration file of the privacy information security control policy is written according to the actual situation, and may include the type of the permission, the trust level, the name of the permission group, and the individual involved in the permission group. The function of the private information, the format can be written in the Extensible Markup Language (XML) format;
比如, 可以按照如下格式编写隐私信息安全控制策略的配置文件: <?xml version- 1.0' encoding='utf-8' standalone='yes' ?>  For example, you can write a configuration file for the privacy information security control policy in the following format: <?xml version- 1.0' encoding='utf-8' standalone='yes' ?>
<sysControlPermission>  <sysControlPermission>
<trustLevel name="unApproved">  <trustLevel name="unApproved">
<permissionGroup name=" personal— info" /> <permissionGroup name=" personal_ info" />
permission name="ACCESS— MESSAGE" /> permission name=" ACCESS— CONTACTS" /> Permission name="ACCESS— MESSAGE" /> permission name=" ACCESS— CONTACTS" />
permission name=" ACCESS— CALLLOG" /> Permission name=" ACCESS- CALLLOG" />
permission name=" ACCESS— LOCATION" /> Permission name=" ACCESS- LOCATION" />
permission name=" ACCESS— DEVICE— INFO" />  Permission name=" ACCESS- DEVICE_ INFO" />
< /permissionGroup >  < /permissionGroup >
</ trustLevel >  </ trustLevel >
</sysControlPermission>  </sysControlPermission>
其中, <sysControlPermission>表示权限的类型属于系统默认控制的权 限 , <trustLevel name="unApproved"> ^示信任等级为不可信任 Where <sysControlPermission> indicates that the type of the permission belongs to the default control of the system, <trustLevel name = "unApproved"> ^ indicates that the trust level is untrusted
( unApproved ), <permissionGroup name:" personal— info " /> 表示权限组 名称为个人隐私信息类 ( personal— info ) , permission ( unApproved ), <permissionGroup name:" personal— info "/> represents the permission group Name is personal privacy information class ( personal_ info ) , permission
name="ACCESS— MESSAGE >、 permission name=" ACCESS— CONTACTS" />、 permission name=" ACCESS— CALLLOG" />、 <permission name=" ACCESS— LOCATION" /:^<permission name=" ACCESS— DEVICE— INFO" />表示个人隐私信息类权限组下所需控制的是访问短信 Name="ACCESS— MESSAGE >, permission name=" ACCESS— CONTACTS" />, permission name=" ACCESS_ CALLLOG" />, <permission name=" ACCESS- LOCATION" /:^<permission name=" ACCESS- DEVICE — INFO" /> indicates that the personal privacy information type permission group needs to control the access message
( ACCESS_MESSAGE )、 访问电话簿( ACCESS_CONTACTS )、 访问通话 记录( ACCESS_CALLLOG )、 访问用户位置( ACCESS_LOCATION )和访 问设备信息 ( ACCESS— DEVICE— INFO )。  ( ACCESS_MESSAGE ), access phone book ( ACCESS_CONTACTS ), access call record ( ACCESS_CALLLOG ), access user location ( ACCESS_LOCATION ) and access device information ( ACCESS — DEVICE — INFO ).
步驟 102: 手机启动后,根据隐私信息安全控制策略的配置文件生成隐 私信息安全控制策略。  Step 102: After the mobile phone is started, generate a privacy information security control policy according to the configuration file of the privacy information security control policy.
具体的: 手机启动后, 从指定的目录查看是否有新的隐私信息安全控 制策略的配置文件, 如果没有, 则直接执行步驟 103; 如果有, 则读取隐私 信息安全控制策略的配置文件, 从隐私信息安全控制策略的配置文件中, 提取信任等级、 权限组名称和权限组下具体控制的功能; 以信任级别为标 识、 以权限组名称和权限组下具体控制的功能添加到涉及到个人隐私信息 的功能权限控制列表中; 最后将涉及到个人隐私信息的功能权限控制列表 保存在手机内存中, 形成隐私信息安全控制策略, 然后执行步驟 103;  Specifically: After the mobile phone is started, check whether there is a new privacy information security control policy configuration file from the specified directory. If not, go directly to step 103; if yes, read the private information security control policy configuration file, from In the configuration file of the privacy information security control policy, the trust level, the permission group name, and the specific control function under the permission group are extracted; the specific control function under the trust level as the identifier, the permission group name, and the permission group is added to the personal privacy involved. The function permission control list of the information; finally, the function permission control list related to the personal privacy information is saved in the phone memory to form a privacy information security control policy, and then step 103 is performed;
这里, 所述指定的目录为: 保存隐私信息安全控制策略的配置文件的 文件目录, 比如, 指定的目录可以为手机存储卡的根目录。  Here, the specified directory is: a file directory of a configuration file storing a privacy information security control policy, for example, the specified directory may be a root directory of a mobile phone memory card.
步驟 103:实时判断当前使用的应用软件是否使用到手机中任意一项涉 及到个人隐私信息的功能, 若是, 则执行步驟 104; 否则, 重复执行步驟 103。  Step 103: Real-timely determine whether the currently used application software uses any function of the personal privacy information in the mobile phone. If yes, execute step 104; otherwise, repeat step 103.
具体的: 手机实时监测应用软件的运行过程, 判断在应用软件的运行 过程中是否发出对任意一项涉及到个人隐私信息的功能的调用信息, 如此, 即可判断当前使用的应用软件是否使用到手机中任意一项涉及到个人隐私 信息的功能, 如果发出, 则执行步驟 104, 并提取出该涉及到个人隐私信息 的功能的调用信息中所要用到的涉及到个人隐私信息的功能; 如果没有发 出, 则重复执行步驟 103; Specific: The mobile phone real-time monitoring application software running process determines whether the calling information of any function related to personal privacy information is issued during the running of the application software, so that it can be judged whether the currently used application software is used. Any one of the phones involves personal privacy The function of the information, if issued, performing step 104, and extracting the function related to the personal privacy information used in the calling information of the function related to the personal privacy information; if not, repeating step 103;
这里, 所述对任意一项涉及到个人隐私信息的功能的调用信息包括: 所要调用的涉及到个人隐私信息的功能; 产生调用信息的方法为已有技术, 这里不做赞述。  Here, the calling information for any function related to personal privacy information includes: a function to be invoked related to personal privacy information; a method for generating the calling information is prior art, and is not mentioned here.
步驟 104:检测应用软件使用的涉及到个人隐私信息的功能对应的权限 是否与隐私信息安全控制策略中任意一项相符, 如果是, 则执行步驟 105; 否则, 允许应用软件使用该涉及到个人隐私信息的功能, 结束处理流程。  Step 104: Detect whether the right corresponding to the function related to the personal privacy information used by the application software matches any one of the privacy information security control policies, and if yes, perform step 105; otherwise, allow the application to use the personal privacy The function of the information, ending the processing flow.
具体为: 手机根据应用软件的信任级别, 查看隐私信息安全控制策略 中对应信任级别下的涉及到个人隐私信息的功能权限控制列表; 判断该应 用软件使用的涉及到个人隐私信息的功能是否与涉及到个人隐私信息的功 能权限控制列表中任意一个需要控制的涉及到个人隐私信息的功能相同, 若有相同项, 则执行步驟 105; 若没有, 则允许应用软件使用该涉及到个人 隐私信息的功能, 按照已有技术对访问应用软件进行后续处理;  Specifically, the mobile phone checks the function permission control list related to the personal privacy information in the privacy information security control policy according to the trust level of the application software; and determines whether the function related to the personal privacy information used by the application software relates to The function related to the personal privacy information that needs to be controlled in any of the function permission control lists of the personal privacy information is the same. If there is the same item, step 105 is performed; if not, the application software is allowed to use the function related to the personal privacy information. , performing subsequent processing on the access application software according to the prior art;
比如, 手机判断出当前使用的应用软件使用到访问电话簿功能, 则手 机根据应用软件的信任级别, 查看隐私信息安全控制策略中对应信任级别 下的涉及到个人隐私信息的功能权限控制列表; 当应用软件的信任级别为 不可信任时, 若不可信任级别对应的涉及到个人隐私信息的功能权限控制 列表中记录有访问电话簿功能项, 则执行步驟 105; 当应用软件的信任级别 为可信任时, 若对应的可信任级别中的涉及到个人隐私信息的功能权限控 制列表中记录有访问电话簿功能项, 则执行步驟 105。  For example, if the mobile phone determines that the currently used application software uses the access phone book function, the mobile phone checks the function permission control list related to the personal privacy information under the corresponding trust level in the privacy information security control policy according to the trust level of the application software; When the trust level of the application software is untrustworthy, if the access permission book is recorded in the function permission control list corresponding to the personal privacy information corresponding to the untrustable level, step 105 is performed; when the trust level of the application software is trusted If the access phone book function item is recorded in the function permission control list related to the personal privacy information in the corresponding trusted level, step 105 is performed.
步驟 105:手机判断对于应用软件所使用的涉及到个人隐私信息的功能 是否有对应的权限使用控制策略, 若有, 则执行步驟 106; 若没有, 则执行 步驟 107。 步驟 106: 手机根据该权限使用控制策略,对应用软件要使用到的涉及 到个人隐私信息的功能的权限进行控制, 结束处理流程。 Step 105: The mobile phone determines whether there is a corresponding permission use control policy for the function related to the personal privacy information used by the application software. If yes, step 106 is performed; if not, step 107 is performed. Step 106: The mobile phone uses the control policy according to the permission, and controls the permission of the application to use the function related to the personal privacy information, and ends the processing flow.
这里, 所述控制为: 查看权限使用控制策略中的具体设置, 当具体设 置为总是允许时, 则允许应用软件使用涉及到个人隐私信息的功能, 然后 按照已有技术对该应用软件做后续操作; 当具体设置为总是拒绝时, 则拒 绝应用软件使用涉及到个人隐私信息的功能, 然后按照已有技术对该应用 软件做后续操作; 当具体设置为每次询问, 则为用户弹出选择框, 由用户 选择是否允许应用软件使用该涉及到个人隐私信息的功能, 再根据用户的 选择允许或拒绝应用软件使用该涉及到个人隐私信息的功能, 然后按照已 有技术对该应用软件做后续操作。  Here, the control is: viewing the specific setting in the permission use control policy, when the specific setting is always allowed, the application is allowed to use the function related to the personal privacy information, and then the application is followed according to the prior art. Operation; when the specific setting is always rejected, the application software is rejected to use the function related to personal privacy information, and then the application software is followed according to the prior art; when the specific setting is for each inquiry, the user pops up the selection. Box, the user selects whether to allow the application software to use the function related to the personal privacy information, and then allows or denies the application software to use the function related to the personal privacy information according to the user's selection, and then follows the prior art according to the prior art. operating.
步驟 107: 手机设定该涉及到个人隐私信息的功能的权限使用控制策 略。  Step 107: The mobile phone sets the permission usage control policy for the function related to personal privacy information.
本步驟具体为: 手机为用户弹出提示对话框, 提醒用户对该涉及到个 人隐私信息的功能的权限为总是允许、 总是拒绝或每次询问进行设定, 同 时将当前应用的处理流程暂停; 将用户对于该权限的设定保存为权限使用 控制策略, 添加在隐私信息安全控制策略中对应的涉及到个人隐私信息的 功能项中, 并且根据设定的权限使用控制策略对当前应用进行后续处理。  This step is specifically as follows: The mobile phone pops up a prompt dialog box for the user to remind the user that the permission for the function related to the personal privacy information is always allowed, always refused, or set each time, and the current application processing flow is suspended. The user saves the setting of the permission as a permission use control policy, adds a function item corresponding to the personal privacy information in the privacy information security control policy, and uses the control policy to follow the current application according to the set authority. deal with.
另外, 上述步驟 103之前, 还需要对应用软件的信任级别进行认证, 具体认证的过程包括下述步驟:  In addition, before the foregoing step 103, the trust level of the application software needs to be authenticated. The specific authentication process includes the following steps:
步驟 a: 手机实时判断用户选择的操作为安装任意一个新应用软件、还 是使用任意一个应用软件,如果为安装任意一个新应用软件,则执行步驟 b; 如果为访问任意一个应用软件, 则执行步驟 103。  Step a: The mobile phone determines in real time whether the operation selected by the user is to install any new application software or use any application software. If any new application software is installed, step b is performed; if any application software is accessed, the steps are executed. 103.
步驟 b: 手机解压新的应用软件的安装包,提取新的应用软件的签名信 这里, 所述解压新的应用软件的安装包为已有技术, 这里不做赞述; 所述提取新的应用软件的签名信息为: 解压新的应用软件的安装包后, 提取其中的签名信息; Step b: The mobile phone decompresses the installation package of the new application software, and extracts the signature information of the new application software. Here, the installation package for decompressing the new application software is a prior art, and no comment is made here; The extracting the signature information of the new application software is: after extracting the installation package of the new application software, extracting the signature information therein;
其中, 所述签名信息为: 使用专用工具将签名信息写入应用软件的特 定字段, 表示该应用已经通过签署者的审核, 所述特定字段分三种: 塞班 The signature information is: using a special tool to write signature information into a specific field of the application software, indicating that the application has passed the audit of the signer, and the specific fields are divided into three types: Saipan.
( Symbian ) 收费证书签名、 作者使用公共免费证书签名和用户签名。 (Symbian) Signature of the charge certificate, the author uses the public free certificate signature and the user's signature.
步驟 c: 手机先利用应用软件的签名信息进行认证, 根据认证结果确定 应用软件的信任级别; 再将信任级别保存在与应用软件对应的属性配置文 件中, 按照已有技术继续安装应用软件, 返回步驟&。  Step c: The mobile phone first uses the signature information of the application software to perform authentication, and determines the trust level of the application software according to the authentication result; then saves the trust level in the attribute configuration file corresponding to the application software, and continues to install the application software according to the prior art, and returns step&.
这里, 所述利用应用软件的签名信息进行认证, 包括: 将应用软件的签 名信息、 与预置在手机中的多个证书的签名信息进行匹配, 如果应用的签 名信息与任意一个证书的签名信息相同, 则认证结果为通过; 否则认证结 果为不通过;  Here, the performing the authentication by using the signature information of the application software includes: matching the signature information of the application software with the signature information of the plurality of certificates preset in the mobile phone, if the signature information of the application and the signature information of any one of the certificates If the authentication result is the same, the authentication result is not passed.
所述根据认证结果确定应用软件的信任级别, 包括: 当认证结果为通 过时, 则根据具体的签名信息设置应用软件的可信任级别; 当认证结果为 不通过时, 则设置该应用软件为不可信任级别;  The determining the trust level of the application software according to the authentication result includes: setting the trust level of the application software according to the specific signature information when the authentication result is passed; and setting the application software to be unavailable when the authentication result is not passed. Trust level
其中, 所述信任级别包括两大类, 分别为不可信任级别和可信任级别; 所述根据具体的签名信息设置应用的可信任级别为: 手机生产厂商按 照实际需要自定义预置的证书中的签名信息, 不同的签名信息对应的可信 任级别可以包括: "厂商信任级别"、 "运营商信任级别"、 "第三方合作厂商 信任级别"等。  The trust level includes two categories, namely, an untrustworthy level and a trusted level. The trusted level of the application is set according to the specific signature information: the mobile phone manufacturer customizes the preset certificate according to actual needs. Signature information, the trust level corresponding to different signature information may include: "vendor trust level", "operator trust level", "third-party partner trust level", and the like.
另外, 上述步驟 102之前, 还可以根据实际情况修改或删除隐私信息 安全控制策略, 具体为: 当需要修改或删除隐私信息安全控制策略中的任 意一项时, 查找到原始的隐私信息安全控制策略的配置文件, 在该配置文 件中作具体修改, 然后执行步驟 102。  In addition, before the foregoing step 102, the privacy information security control policy may be modified or deleted according to actual conditions, specifically: when any one of the privacy information security control policies needs to be modified or deleted, the original privacy information security control policy is found. The configuration file is modified in the configuration file, and then step 102 is performed.
本发明还提供了一种移动终端, 如图 2所示, 该移动终端包括: 权 限使用策略模块 21和权限使用控制模块 22; 其中, The present invention also provides a mobile terminal. As shown in FIG. 2, the mobile terminal includes: The use of the policy module 21 and the permission use control module 22; wherein
权限使用策略模块 21 , 用于根据预置的隐私信息安全控制策略的配 置文件, 生成隐私信息安全控制策略并提供给权限使用控制模块 22; 权限使用控制模块 22 , 用于在检测到有应用软件使用权限使用策略 模块 21 中隐私信息安全控制策略所限定的涉及到个人隐私信息的功能 时,根据隐私信息安全控制策略中的该涉及到个人隐私信息的功能的权限, 使用控制策略对应用软件要使用到的涉及到个人隐私信息的功能的权限进 行控制。  The privilege usage policy module 21 is configured to generate a privacy information security control policy according to a preset configuration file of the privacy information security control policy, and provide the privilege usage control module 22, where the privilege usage control module 22 is configured to detect the application software. When using the function of personal privacy information defined by the privacy information security control policy in the policy usage policy module 21, according to the permission of the privacy information security control policy, the control policy is applied to the application software. Use the permissions of the functions related to personal privacy information to control.
所述权限使用策略模块 21 ,具体用于保存预置的隐私信息安全控制策 略的配置文件; 当所在移动终端开机后, 根据隐私信息安全控制策略的配 置文件生成系统连接权限控制策略。  The permission usage policy module 21 is specifically configured to save a configuration file of the preset privacy information security control policy; and when the mobile terminal is powered on, generate a system connection authority control policy according to the configuration file of the privacy information security control policy.
所述权限使用策略模块 21 ,具体用于从指定的目录查看是否有新的隐 私信息安全控制策略的配置文件, 如果没有, 则结束处理流程; 如果有, 则读取隐私信息安全控制策略的配置文件, 从隐私信息安全控制策略的配 置文件中, 提取信任等级、 权限组名称和权限组下具体控制的涉及到个人 隐私信息的功能; 以信任级别为标识、 以权限组名称和权限组下具体控制 的涉及到个人隐私信息的功能添加到涉及到个人隐私信息的功能权限控制 列表中; 最后保存涉及到个人隐私信息的功能权限控制列表, 形成隐私信 息安全控制策略。  The permission usage policy module 21 is specifically configured to check whether there is a configuration file of a new privacy information security control policy from the specified directory, and if not, end the processing flow; if yes, read the configuration of the privacy information security control policy The file, from the configuration file of the privacy information security control policy, extracts the trust level, the permission group name, and the specific control of the personal privacy information under the permission group; the trust level is the identifier, the permission group name, and the permission group are specific. The function of controlling the personal privacy information is added to the function permission control list related to the personal privacy information; finally, the function permission control list related to the personal privacy information is saved, and the privacy information security control policy is formed.
所述移动终端, 还包括: 应用处理模块 23 , 用于实时判断当前访问的 应用软件是否使用到任意一项涉及到个人隐私信息的功能, 若是, 则向权 限使用控制模块 22 发送应用软件使用的涉及到个人隐私信息的功能的名 称; 否则, 继续判断当前访问的应用软件是否使用到任意一项涉及到个人 隐私信息的功能; 相应的, 所述权限使用控制模块 22 , 具体用于接收应用 处理模块 23发来的应用软件使用的涉及到个人隐私信息的功能的名称, 检 测该涉及到个人隐私信息的功能是否与隐私信息安全控制策略中任意一项 相符。 The mobile terminal further includes: an application processing module 23, configured to determine in real time whether the currently accessed application software uses any function related to personal privacy information, and if yes, send the application software to the rights usage control module 22 The name of the function related to the personal privacy information; otherwise, it continues to determine whether the currently accessed application software uses any of the functions related to the personal privacy information; correspondingly, the rights usage control module 22 is specifically configured to receive the application processing. The name of the function related to personal privacy information used by the application software sent by module 23, check Whether the function related to personal privacy information matches any of the privacy information security control policies.
所述应用处理模块 23 , 具体用于实时监测应用软件的运行过程, 判断 在应用软件的运行过程中是否发出对任意一项涉及到个人隐私信息的功能 的调用信息, 以判断当前使用的应用软件是否使用到手机中任意一项涉及 到个人隐私信息的功能, 若是, 则向权限使用控制模块 22发送应用软件 使用的涉及到个人隐私信息的功能的名称; 否则, 继续判断当前访问的应 用软件是否使用到任意一项涉及到个人隐私信息的功能。  The application processing module 23 is specifically configured to monitor the running process of the application software in real time, and determine whether to call any function related to the personal privacy information during the running of the application software to determine the currently used application software. Whether to use any function related to personal privacy information in the mobile phone, and if so, to send the name of the function related to the personal privacy information used by the application software to the authority use control module 22; otherwise, continue to determine whether the currently accessed application software is Use any feature that involves personal privacy information.
所述权限使用控制模块 22 , 具体用于检测该涉及到个人隐私信息的 功能是否与隐私信息安全控制策略中任意一项相符时, 根据应用软件的信 任级别, 查看权限使用策略模块 21 的隐私信息安全控制策略中对应信任 级别下的涉及到个人隐私信息的功能权限控制列表; 判断该应用软件使用 的涉及到个人隐私信息的功能, 是否与涉及到个人隐私信息的功能权限控 制列表中任意一个需要控制的涉及到个人隐私信息的功能相同, 若有相同 项, 则确定对于应用软件所使用的涉及到个人隐私信息的功能是否有对应 的权限使用控制策略; 若没有相同项, 则通知应用处理模块 23允许应用软 件使用该涉及到个人隐私信息的功能;  The privilege use control module 22 is configured to: when detecting whether the function related to the personal privacy information matches any one of the privacy information security control policies, view the privacy information of the privilege usage policy module 21 according to the trust level of the application software. A function permission control list related to personal privacy information corresponding to the trust level in the security control policy; determining whether the function related to the personal privacy information used by the application software is required by any one of the function permission control lists related to the personal privacy information The function of controlling the personal privacy information is the same. If there is the same item, it is determined whether there is a corresponding permission use control policy for the function related to the personal privacy information used by the application software; if there is no identical item, the application processing module is notified. 23 allowing the application to use the functionality related to personal privacy information;
相应的, 所述应用处理模块 23 ,还用于接收到权限使用控制模块 22发 来的允许应用软件使用该涉及到个人隐私信息的功能, 然后按照已有技术 对访问应用软件进行后续处理。  Correspondingly, the application processing module 23 is further configured to receive the function of the application permission control module 22 to allow the application software to use the personal privacy information, and then perform subsequent processing on the access application software according to the prior art.
所述权限使用控制模块 22 , 具体用于当应用软件所使用的涉及到个 人隐私信息的功能对应的权限有权限使用控制策略时, 根据查看权限使用 策略模块 21的隐私信息安全控制策略中该权限使用控制策略 ,对应用软件 要使用的涉及到个人隐私信息的功能的权限进行控制, 结束操作流程; 若 没有, 则设定该涉及到个人隐私信息的功能的权限使用控制策略, 再将该 涉及到个人隐私信息的功能的权限使用控制策略保存到权限使用策略模块The privilege use control module 22 is specifically configured to: when the privilege used by the application software for the function related to the personal privacy information has the privilege to use the control policy, use the privilege in the privacy information security control policy of the policy module 21 according to the viewing privilege Using the control policy, controlling the authority of the application to use the function related to the personal privacy information, and ending the operation flow; if not, setting the permission use control policy of the function related to the personal privacy information, and then Permissions using the function of personal privacy information are saved to the rights usage policy module using the control policy
21中; 21;
相应的, 所述权限使用策略模块 21 , 具体用于接收权限使用控制模块 22发来的权限使用控制策略, 并将该权限使用控制策略保存到涉及到个人 隐私信息的功能权限控制列表中对应的涉及到个人隐私信息的功能项目 中。  Correspondingly, the privilege usage policy module 21 is specifically configured to receive the privilege usage control policy sent by the privilege usage control module 22, and save the privilege usage control policy to a corresponding privilege control list related to the personal privacy information. In a functional project involving personal privacy information.
所述权限使用控制模块 22 ,具体用于查看权限使用控制策略中的具体 设置, 当具体设置为总是允许时, 则允许应用软件使用涉及到个人隐私信 息的功能, 然后按照已有技术对该应用软件做后续操作; 当具体设置为总 是拒绝时, 则拒绝应用软件使用涉及到个人隐私信息的功能, 然后按照已 有技术对该应用软件做后续操作; 当具体设置为每次询问, 则为用户弹出 选择框, 由用户选择是否允许应用软件使用该涉及到个人隐私信息的功能, 再根据用户的选择允许或拒绝应用软件使用该涉及到个人隐私信息的功 能, 然后按照已有技术对该应用软件做后续操作。  The privilege use control module 22 is specifically configured to view specific settings in the privilege use control policy. When the specific setting is always allowed, the application software is allowed to use the function related to the personal privacy information, and then according to the prior art. The application software performs the following operations; when the specific setting is always rejected, the application software is rejected to use the function related to the personal privacy information, and then the application software is followed according to the prior art; when specifically set to each inquiry, Popping a selection box for the user, the user selects whether to allow the application software to use the function related to the personal privacy information, and then allows or denies the application software to use the function related to the personal privacy information according to the user's selection, and then according to the prior art The application software does the follow-up operation.
所述权限使用控制模块 22 ,还用于提醒用户对该涉及到个人隐私信息 的功能的权限使用控制策略进行设定, 并将当前应用的处理流程暂停; 接 收用户对于该功能的权限使用控制策略进行设定, 并根据用户设定的权限 使用策略的对应用软件要使用的功能的权限进行控制。  The privilege use control module 22 is further configured to remind the user to set the privilege usage control policy for the function related to the personal privacy information, and suspend the current application processing flow; and receive the user's privilege usage control policy for the function. Make settings, and control the permissions of the functions to be used by the application according to the rights set by the user.
所述移动终端还包括: 应用信任等级认证模块 24, 用于接收应用处理 模块 23发来的应用软件的安装包; 相应的, 所述应用处理模块 23 , 还用于 实时判断用户选择的操作为安装任意一个新应用软件、 还是访问任意一个 应用软件, 如果为安装任意一个新应用软件, 则将该应用软件的安装包发 送给应用信任等级认证模块 24, 如果为访问任意一个应用软件, 则判断当 前访问的应用软件是否使用到任意一项涉及到个人隐私信息的功能。  The mobile terminal further includes: an application trust level authentication module 24, configured to receive an installation package of the application software sent by the application processing module 23; correspondingly, the application processing module 23 is further configured to determine, in real time, that the operation selected by the user is Install any new application software or access any application software. If any new application software is installed, the installation package of the application software is sent to the application trust level authentication module 24, and if any application software is accessed, it is determined. Whether the currently accessed application uses any of the features related to personal privacy information.
所述应用信任等级认证模块 24, 还用于解压新的应用软件的安装包, 提取新的应用软件的签名信息, 利用应用软件的签名信息对应用进行认证, 根据认证结果确定应用软件的信任级别, 再将信任级别保存在与应用软件 对应的属性配置文件中, 将解压后的应用软件的安装包及应用软件的属性 配置文件发回给应用处理模块 23; 相应的, 所述应用处理模块 23 , 还用于 接收应用信任等级认证模块 24发来的解压后的应用软件的安装包及应用软 件的属性配置文件, 然后对解压后的应用软件按照已有技术继续安装应用 软件。 The application trust level authentication module 24 is further configured to decompress the installation package of the new application software. Extracting the signature information of the new application software, using the signature information of the application software to authenticate the application, determining the trust level of the application software according to the authentication result, and then saving the trust level in the attribute configuration file corresponding to the application software, and decompressing the The installation package of the application software and the attribute configuration file of the application software are sent back to the application processing module 23; correspondingly, the application processing module 23 is further configured to receive the installation of the decompressed application software sent by the application trust level authentication module 24. Package and application software attribute configuration file, and then continue to install the application software according to the prior art for the decompressed application software.
所述应用信任等级认证模块 24, 具体用于将应用软件的签名信息、 与 预置在本模块中的多个证书的签名信息进行匹配, 如果应用的签名信息与 任意一个证书的签名信息相同, 则认证结果为通过; 否则认证结果为不通 过。  The application trust level authentication module 24 is specifically configured to match signature information of the application software with signature information of multiple certificates preset in the module. If the signature information of the application is the same as the signature information of any one of the certificates, The authentication result is passed; otherwise, the authentication result is not passed.
所述应用信任等级认证模块 24, 具体用于当认证结果为通过时, 则根 据具体的签名信息设置应用软件的可信任级别; 当认证结果为不通过时, 则设置该应用软件为不可信任级别。  The application trust level authentication module 24 is specifically configured to: when the authentication result is passed, set a trusted level of the application according to the specific signature information; when the authentication result is not passed, set the application software to an untrustable level. .
可见, 使用上述方案, 就可以根据应用的信任等级, 分类控制及管理 移动终端的应用对涉及到个人隐私信息的功能的使用, 能够有效防止对移 动终端涉及到个人隐私信息的功能被恶意软件使用, 从而保证移动终端用 户的信息数据的安全性。  It can be seen that, by using the above scheme, the application of the mobile terminal application to the function related to the personal privacy information can be classified and controlled according to the trust level of the application, and the function of the personal privacy information related to the mobile terminal can be effectively prevented from being used by the malware. , thereby ensuring the security of the information data of the mobile terminal user.
以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保 护范围。  The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention.

Claims

权利要求书 Claim
1、 一种保护隐私信息的方法, 其特征在于, 该方法包括:  A method for protecting private information, characterized in that the method comprises:
根据预置的隐私信息安全控制策略的配置文件, 生成隐私信息安全控 制策略;  Generating a privacy information security control policy according to a configuration file of a preset privacy information security control policy;
检测到应用软件使用隐私信息安全控制策略中所限定的涉及到个人隐 私信息的功能时, 根据隐私信息安全控制策略中所使用涉及到个人隐私信 息的功能的权限使用控制策略, 对应用软件所使用涉及到个人隐私信息的 功能的权限进行控制。  When the application software detects the function related to the personal privacy information defined in the privacy information security control policy, the permission usage control policy according to the function of the privacy information security control policy related to the personal privacy information is used by the application software. Permissions to control the functionality of personal privacy information are controlled.
2、 根据权利要求 1所述的方法, 其特征在于, 所述检测到应用软件使 用隐私信息安全控制策略中所限定的涉及到个人隐私信息的功能之前, 该 方法还包括: 实时判断当前访问的应用软件是否使用到涉及到个人隐私信 息的功能, 若是, 则检测应用软件使用的涉及到个人隐私信息的功能对应 的权限是否与隐私信息安全控制策略中任意一项相符; 否则, 继续判断当 前访问的应用软件是否使用到涉及到个人隐私信息的功能。  The method according to claim 1, wherein before the detecting that the application software uses the function related to the personal privacy information defined in the privacy information security control policy, the method further comprises: determining the current access in real time. Whether the application software uses the function related to personal privacy information, and if so, whether the permission corresponding to the function related to the personal privacy information used by the application software matches any one of the privacy information security control policies; otherwise, the current access is continuously determined. Whether the application uses features that involve personal privacy information.
3、 根据权利要求 2所述的方法, 其特征在于, 所述检测应用软件使用 的涉及到个人隐私信息的功能对应的权限是否与隐私信息安全控制策略中 任意一项相符, 包括: 根据应用软件的信任级别, 查看隐私信息安全控制 策略中对应信任级别下的涉及到个人隐私信息的功能权限控制列表; 判断 所述应用软件使用的涉及到个人隐私信息的功能是否与涉及到个人隐私信 息的功能权限控制列表中需要控制的涉及到个人隐私信息的功能相同, 若 有相同项, 则检测到应用软件使用到隐私信息安全控制策略中所限定的涉 及到个人隐私信息的功能; 若没有相同项, 则允许应用软件使用所述涉及 到个人隐私信息的功能。  The method according to claim 2, wherein the detecting the right corresponding to the function related to the personal privacy information used by the application software is consistent with any one of the privacy information security control policies, including: according to the application software Trust level, view the function permission control list related to the personal privacy information under the corresponding trust level in the privacy information security control policy; determine whether the function related to the personal privacy information used by the application software and the function related to the personal privacy information The functions related to personal privacy information that need to be controlled in the permission control list are the same. If there is the same item, the function that the application software uses to refer to the personal privacy information defined in the privacy information security control policy is detected; if there is no identical item, The application is then allowed to use the functionality described in relation to personal privacy information.
4、 根据权利要求 3所述的方法, 其特征在于, 所述查看隐私信息安全 控制策略中对应信任级别下的涉及到个人隐私信息的功能权限控制列表之 前, 该方法还包括: 确定进行新应用软件的安装时, 解压新的应用软件的 安装包, 提取新的应用软件的签名信息; 利用应用软件的签名信息进行认 证, 根据认证结果确定应用软件的信任级别; 再将信任级别保存在与应用 软件对应的属性配置文件中。 The method according to claim 3, wherein the viewing of the function authority control list related to the personal privacy information under the corresponding trust level in the privacy information security control policy is The method further includes: determining to install the new application software, extracting the installation package of the new application software, extracting the signature information of the new application software, using the signature information of the application software for authentication, and determining the application software according to the authentication result. Trust level; then save the trust level in the attribute configuration file corresponding to the application software.
5、 根据权利要求 1所述的方法, 其特征在于, 所述根据隐私信息安全 控制策略中的所述涉及到个人隐私信息的功能的权限使用控制策略对应用 软件要使用到的涉及到个人隐私信息的功能的权限进行控制之前, 该方法 还包括: 判断对于应用软件所使用的涉及到个人隐私信息的功能是否有对 应的权限使用控制策略, 若有, 则根据所述权限使用控制策略, 对应用软 件要使用到的涉及到个人隐私信息的功能的权限进行控制; 若没有, 则对 所述涉及到个人隐私信息的功能的权限使用控制策略进行设定并保存。  The method according to claim 1, wherein the rights usage control policy according to the function related to personal privacy information in the privacy information security control policy relates to personal privacy involved in the application software. Before the control of the function of the information is controlled, the method further includes: determining whether the function related to the personal privacy information used by the application software has a corresponding permission use control policy, and if yes, using the control policy according to the permission, The application software controls the rights of the functions related to the personal privacy information; if not, the rights control policy for the functions related to the personal privacy information is set and saved.
6、 一种移动终端, 其特征在于, 该移动终端包括: 权限使用策略模 块和权限使用控制模块; 其中,  A mobile terminal, the mobile terminal comprising: a rights usage policy module and a rights usage control module; wherein
权限使用策略模块, 用于根据预置的隐私信息安全控制策略的配置 文件, 生成隐私信息安全控制策略并提供给权限使用控制模块;  a permission usage policy module, configured to generate a privacy information security control policy according to a preset configuration file of the privacy information security control policy, and provide the permission usage control module;
权限使用控制模块, 用于在检测到有应用软件使用权限使用策略模 块中的系统连接权限控制策略中所限定的涉及到个人隐私信息的功能 时, 根据隐私信息安全控制策略中所述涉及到个人隐私信息的功能的权限 使用控制策略, 对应用软件要使用到的涉及到个人隐私信息的功能的权限 进行控制。  The permission use control module is configured to refer to the personal information according to the privacy information security control policy when the function related to the personal privacy information defined in the system connection permission control policy in the application software usage right policy module is detected The permission of the function of the private information uses the control policy to control the authority of the application to use the function related to the personal privacy information.
7、 根据权利要求 6所述的移动终端, 其特征在于, 所述移动终端, 还 包括:  The mobile terminal according to claim 6, wherein the mobile terminal further includes:
应用处理模块, 用于实时判断当前访问的应用软件是否使用到任意一 项涉及到个人隐私信息的功能, 若是, 则向权限使用控制模块发送应用软 件使用的涉及到个人隐私信息的功能的名称; 否则, 继续判断当前访问的 应用软件是否使用到涉及到个人隐私信息的功能; An application processing module, configured to determine in real time whether the currently accessed application software uses any function related to personal privacy information, and if yes, sends a name of a function related to personal privacy information used by the application software to the permission use control module; Otherwise, continue to judge the current visit Whether the application uses features related to personal privacy information;
相应的, 所述权限使用控制模块, 具体用于接收应用处理模块发来的 应用软件使用的涉及到个人隐私信息的功能的名称, 检测所述涉及到个人 隐私信息的功能是否与隐私信息安全控制策略中任意一项相符。  Correspondingly, the permission use control module is specifically configured to receive a name of a function related to the personal privacy information used by the application software sent by the application processing module, and detect whether the function related to the personal privacy information and the privacy information security control Any one of the policies matches.
8、 根据权利要求 6所述的移动终端, 其特征在于,  8. The mobile terminal of claim 6, wherein
所述权限使用控制模块, 具体用于根据应用软件的信任级别, 查看权 限使用策略模块中隐私信息安全控制策略中对应信任级别下的涉及到个人 隐私信息的功能权限控制列表; 判断所述应用软件使用的涉及到个人隐私 信息的功能是否与涉及到个人隐私信息的功能权限控制列表中需要控制的 涉及到个人隐私信息的功能相同, 若有相同项, 则检测到应用软件使用到 隐私信息安全控制策略中所限定的涉及到个人隐私信息的功能; 若没有相 同项, 则通知应用处理模块允许应用软件使用所述涉及到个人隐私信息的 功能;  The privilege usage control module is configured to: according to the trust level of the application software, view a function privilege control list related to personal privacy information under a corresponding trust level in the privacy information security control policy in the privilege usage policy module; Whether the function related to the personal privacy information used is the same as the function related to the personal privacy information that needs to be controlled in the function permission control list related to the personal privacy information, and if there is the same item, the application software is detected to use the privacy information security control. a function defined in the policy relating to personal privacy information; if there is no identical item, the notification application processing module allows the application software to use the function related to personal privacy information;
相应的, 所述应用处理模块, 还用于接收到权限使用控制模块发来的 允许应用软件使用所述涉及到个人隐私信息的功能;  Correspondingly, the application processing module is further configured to receive, by the permission usage control module, a function that allows the application software to use the personal privacy information;
所述权限使用策略模块, 具体用于为权限使用控制模块提供隐私信 息安全控制策略。  The rights usage policy module is specifically configured to provide a privacy information security control policy for the rights usage control module.
9、 根据权利要求 8所述的移动终端, 其特征在于, 所述移动终端, 还 包括: 应用信任等级认证模块, 用于接收应用处理模块发来的新的应用软 件的安装包, 解压新的应用软件的安装包, 提取新的应用软件的签名信息; 利用应用软件的签名信息进行认证, 根据认证结果确定应用软件的信任级 别; 再将信任级别保存在与应用软件对应的属性配置文件中;  The mobile terminal according to claim 8, wherein the mobile terminal further comprises: an application trust level authentication module, configured to receive an installation package of a new application software sent by the application processing module, and decompress the new one. The installation package of the application software extracts the signature information of the new application software; the signature information of the application software is used for authentication, and the trust level of the application software is determined according to the authentication result; and the trust level is saved in the attribute configuration file corresponding to the application software;
相应的, 所述应用处理模块, 还用于确定进行新应用软件的安装时, 将所述新的应用软件的安装包发送给应用信任等级认证模块。  Correspondingly, the application processing module is further configured to: when the installation of the new application software is performed, send the installation package of the new application software to the application trust level authentication module.
10、 根据权利要求 9所述的移动终端, 其特征在于, 所述权限使用控制模块, 具体用于判断对于应用软件所使用的涉及到 个人隐私信息的功能是否有对应的权限使用控制策略, 若有, 则根据所述 权限使用控制策略, 对应用软件要使用到的涉及到个人隐私信息的功能的 权限进行控制; 若没有, 则对所述涉及到个人隐私信息的功能的权限使用 控制策略进行设定 , 再将所述涉及到个人隐私信息的功能的权限使用控制 策略保存到权限使用策略模块中; 10. The mobile terminal of claim 9, wherein The permission use control module is specifically configured to determine whether a function corresponding to the personal privacy information used by the application software has a corresponding permission use control policy, and if yes, use the control policy according to the permission to use the application software. The access to the function related to the personal privacy information is controlled; if not, the permission control policy is applied to the function related to the personal privacy information, and the function relating to the function of the personal privacy information is further set. Use the control policy to save to the permission usage policy module;
相应的, 所述权限使用策略模块, 具体用于接收权限使用控制模块发 来的权限使用控制策略, 并将所述权限使用控制策略保存到涉及到个人隐 私信息的功能权限控制列表中对应的涉及到个人隐私信息的功能项目中。  Correspondingly, the privilege usage policy module is specifically configured to receive a privilege usage control policy sent by the privilege usage control module, and save the privilege usage control policy to a corresponding privilege control list related to personal privacy information. Go to the function item of personal privacy information.
PCT/CN2012/071547 2011-11-24 2012-02-23 Method for protecting privacy information and mobile terminal WO2013075422A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110378920.3 2011-11-24
CN201110378920.3A CN102413221B (en) 2011-11-24 2011-11-24 Method for protecting privacy information and mobile terminal

Publications (1)

Publication Number Publication Date
WO2013075422A1 true WO2013075422A1 (en) 2013-05-30

Family

ID=45915060

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/071547 WO2013075422A1 (en) 2011-11-24 2012-02-23 Method for protecting privacy information and mobile terminal

Country Status (2)

Country Link
CN (1) CN102413221B (en)
WO (1) WO2013075422A1 (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103457921B (en) * 2012-06-05 2016-08-17 联想(北京)有限公司 A kind of electronic equipment and the safety protecting method of electronic equipment
CN102819715A (en) * 2012-08-15 2012-12-12 腾讯科技(深圳)有限公司 API (application programming interface) monitoring method and device
CN103593238A (en) * 2012-08-16 2014-02-19 腾讯科技(深圳)有限公司 Method and device for controlling invocation of application programming interfaces
CN104239752A (en) * 2013-06-09 2014-12-24 腾讯科技(深圳)有限公司 Method and apparatus for protecting private information during using of browser
CN103327183B (en) * 2013-06-13 2015-05-20 中国科学院信息工程研究所 Black box protecting method and system for private data of Android user based on tag
CN103309808B (en) * 2013-06-13 2016-06-15 华为技术有限公司 Based on privacy disclosure of Android user black box detection method and the system of label
CN104520866B (en) 2014-03-31 2018-08-21 华为技术有限公司 Method for secret protection and terminal device
CN105809040A (en) * 2014-12-29 2016-07-27 北京奇虎科技有限公司 Method and apparatus for detecting application privacy security information
CN106599709B (en) * 2015-10-15 2021-08-17 中兴通讯股份有限公司 Method, device and terminal for preventing privacy information leakage
CN106572266A (en) * 2016-11-16 2017-04-19 努比亚技术有限公司 Display processing method, device and terminal
CN106845240A (en) * 2017-03-10 2017-06-13 西京学院 A kind of Android malware static detection method based on random forest
CN109451345A (en) * 2018-11-05 2019-03-08 四川长虹电器股份有限公司 A kind of method that DLNA throws screen authority managing and controlling in Android intelligent television
CN110990798B (en) * 2019-12-02 2021-07-20 珠海格力电器股份有限公司 Application program permission configuration method and device, electronic equipment and storage medium
CN113032766B (en) * 2021-05-26 2021-09-24 荣耀终端有限公司 Application authority management method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090119745A1 (en) * 2007-11-05 2009-05-07 Chung Boheung System and method for preventing private information from leaking out through access context analysis in personal mobile terminal
CN101645926A (en) * 2009-09-01 2010-02-10 北京邮电大学 Mobile SNS communication system based on address book of mobile phone and operating method thereof
CN102110220A (en) * 2011-02-14 2011-06-29 宇龙计算机通信科技(深圳)有限公司 Application program monitoring method and device
CN102186167A (en) * 2011-04-11 2011-09-14 中兴通讯股份有限公司 Method and system for monitoring applications

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2881854B1 (en) * 2005-02-04 2008-01-11 Radiotelephone Sfr METHOD FOR SECURELY MANAGING THE EXECUTION OF AN APPLICATION
CN101655892A (en) * 2009-09-22 2010-02-24 成都市华为赛门铁克科技有限公司 Mobile terminal and access control method
CN102170495B (en) * 2011-04-07 2013-11-13 宇龙计算机通信科技(深圳)有限公司 Mobile phone application classification management method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090119745A1 (en) * 2007-11-05 2009-05-07 Chung Boheung System and method for preventing private information from leaking out through access context analysis in personal mobile terminal
CN101645926A (en) * 2009-09-01 2010-02-10 北京邮电大学 Mobile SNS communication system based on address book of mobile phone and operating method thereof
CN102110220A (en) * 2011-02-14 2011-06-29 宇龙计算机通信科技(深圳)有限公司 Application program monitoring method and device
CN102186167A (en) * 2011-04-11 2011-09-14 中兴通讯股份有限公司 Method and system for monitoring applications

Also Published As

Publication number Publication date
CN102413221B (en) 2014-03-12
CN102413221A (en) 2012-04-11

Similar Documents

Publication Publication Date Title
WO2013075422A1 (en) Method for protecting privacy information and mobile terminal
US20210014220A1 (en) Trusted container
WO2013075419A1 (en) Method for managing right to use of function, and mobile terminal
US11301569B2 (en) Quarantine of software based on analysis of updated device data
CN103491056B (en) The control method and device of application permission
EP3920064A1 (en) Permissions policy manager to configure permissions on computing devices
US10375116B2 (en) System and method to provide server control for access to mobile client data
US9928360B2 (en) Hardware-based device authentication
WO2013075458A1 (en) Method for managing charge security and mobile terminal
US8955075B2 (en) Hardware-based device authentication
WO2013075421A1 (en) Method for classifying and managing right to use of function, and mobile terminal
US9143509B2 (en) Granular assessment of device state
WO2013075418A1 (en) Method for controlling right to use of connection function, and mobile terminal
US10033743B2 (en) Methods and systems for a portable data locker
WO2014040461A1 (en) Access control method and device
US20110126260A1 (en) Access authorization having embedded policies
KR20160097323A (en) Near field communication authentication mechanism
WO2014175721A1 (en) A system and method for privacy management for internet of things services
EP1643409A2 (en) Application programming Interface for Access authorization
US20170201528A1 (en) Method for providing trusted service based on secure area and apparatus using the same
CN113704826A (en) Privacy protection-based business risk detection method, device and equipment
WO2019037521A1 (en) Security detection method, device, system, and server
Muthukumaran et al. Protecting the integrity of trusted applications in mobile phone systems
CN109359450B (en) Security access method, device, equipment and storage medium of Linux system
CN108664805B (en) Application program safety verification method and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12850788

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12850788

Country of ref document: EP

Kind code of ref document: A1