WO2015010578A1 - 应用的访问控制方法和装置 - Google Patents
应用的访问控制方法和装置 Download PDFInfo
- Publication number
- WO2015010578A1 WO2015010578A1 PCT/CN2014/082567 CN2014082567W WO2015010578A1 WO 2015010578 A1 WO2015010578 A1 WO 2015010578A1 CN 2014082567 W CN2014082567 W CN 2014082567W WO 2015010578 A1 WO2015010578 A1 WO 2015010578A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- application
- information
- verification
- module
- package name
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000012795 verification Methods 0.000 claims abstract description 93
- 230000001960 triggered effect Effects 0.000 claims abstract description 63
- 238000012544 monitoring process Methods 0.000 claims description 27
- 230000000694 effects Effects 0.000 claims description 18
- 238000012545 processing Methods 0.000 claims description 8
- 239000000284 extract Substances 0.000 claims description 4
- 238000000605 extraction Methods 0.000 claims 1
- 230000004913 activation Effects 0.000 abstract description 6
- 230000006870 function Effects 0.000 description 14
- 238000004891 communication Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- BOJKULTULYSRAS-OTESTREVSA-N Andrographolide Chemical compound C([C@H]1[C@]2(C)CC[C@@H](O)[C@]([C@H]2CCC1=C)(CO)C)\C=C1/[C@H](O)COC1=O BOJKULTULYSRAS-OTESTREVSA-N 0.000 description 4
- 238000001514 detection method Methods 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 230000005236 sound signal Effects 0.000 description 2
- 241000283690 Bos taurus Species 0.000 description 1
- 241000699670 Mus sp. Species 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000007599 discharging Methods 0.000 description 1
- 230000005484 gravity Effects 0.000 description 1
- 238000012905 input function Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000010079 rubber tapping Methods 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000010897 surface acoustic wave method Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
Definitions
- the present application relates to security control technologies, and more particularly to an access control method and apparatus for an application. Background of the invention
- Various applications are usually installed on the operating system platform of the terminal device to meet various needs of users. For example, users can view contact information, call logs, and more by accessing the contacts application. Any user of any handheld device can access any application installed in the terminal device, and then use the functions provided by the application to obtain various materials provided by the application.
- any one of the users can access the application arbitrarily after obtaining the terminal device, and cannot control the access of the application in the terminal device. For example, after the terminal device is lost, others can access it at will.
- the application installed in the picked-up terminal device causes a defect in application security.
- An application access control method includes the following steps:
- the startup of the monitoring application is obtained by the currently triggered application
- the application is run by the verification according to the verification.
- An application access control device includes:
- a monitoring module configured to monitor an application to start an application that is currently triggered to be activated
- a verification module configured to verify that the validity of the user accessing the application is verified by the information
- a running module configured to run the application by using the verification.
- An application access control device for a mobile terminal device includes a memory and a processor; wherein the memory is configured to store computer readable instructions, including: a listening module, a verification module, and an operation module; The memory is in communication, executing the instructions stored in the memory; when the processor executes the instructions stored in the memory,
- the monitoring module is configured to monitor an application to start an application that is currently triggered to be activated;
- the verification module is configured to determine whether the user accesses the application is legal; if it is determined that the user accesses the application, the verification is passed. Information; if it is determined that the user accessing the application is illegal, the application that is currently triggered to start is prohibited from running;
- the running module is configured to run the application by using the verification.
- the access control method and device of the above application the startup of the monitoring application is obtained by the currently triggered application, and the validity of the user accessing the application is verified, and the application triggered by the current trigger is obtained through the information obtained by the 3 full certificate, and the user is implemented.
- the access of the application, and the legality verification performed by the user accessing the application makes it impossible for others to access the application in the terminal device arbitrarily, effectively controls the access of the application in the terminal device, and improves the security of the application. Sex. BRIEF DESCRIPTION OF THE DRAWINGS
- FIG. 1 is a schematic diagram of an application environment of an access control method applied in an embodiment
- FIG. 2 is a flowchart of an access control method applied in an embodiment
- FIG. 3 is a flow chart of a method for starting an application that is currently triggered by the startup of the monitoring application in FIG. 2;
- FIG. 5 is a flowchart of a method for verifying the validity of a user accessing the application to verify the passing information in an embodiment
- FIG. 6 is a schematic structural diagram of an access control apparatus applied in an embodiment
- FIG. 7 is a schematic structural diagram of a listening module in FIG.
- FIG. 8 is a schematic structural diagram of an access control device applied in another embodiment
- FIG. 9 is a schematic structural diagram of a risk module in an embodiment
- FIG. 10 is a block diagram showing a part of a structure of a mobile phone related to a terminal provided in an embodiment of the present application. Mode for carrying out the invention
- An application access control method can be implemented by a computer program, and an access control device of an application constructed by an application access control method is stored in the terminal device to operate in the terminal device, thereby implementing access control of the application.
- the terminal device 100 includes a display 110, a memory 130, and a processor. 150.
- the memory 130 stores program instructions corresponding to various applications, application access control devices, and other data, and the functions of the program instructions will be described in detail in the following method content;
- the display 110 is configured to provide an operation interface for the user.
- the terminal device 100 is operated;
- the processor 150 is configured to execute an access control device of the application in the memory 130 to implement access to control the application in the terminal device.
- an application access control method includes the following steps:
- Step S210 The startup of the monitoring application is obtained by the currently triggered application.
- the monitored application may be any application in the terminal device, and the application startup in the terminal device is monitored to obtain the application that is currently triggered to be detected, so as to accurately detect the time point when the user opens the application, and then control The application runs to control the user's access application.
- Step S230 Verify that the validity of the user accessing the application is verified by the information.
- the user who starts the application is verified for legality to determine whether the user has access to access the application, and if the user is authenticated, the user has access to the application. Permission, it is determined that the user is legally accessing the application, and generates 3 full-pass information.
- Step S250 running the application according to the verification pass information.
- the application triggered by the current trigger is allowed to be run under the action of the verification pass information, so that the user can access the application, use the function provided by the application, and browse the information provided by the application. .
- the access control method of the above application verifies the validity of the user after the application of the application of the terminal device is detected, so as to ensure the security of the application access, so that the application is not illegally used and the sensitive information is leaked.
- the foregoing step S210 may include: Step S211, obtaining log information triggered by the application by monitoring the output of the log information.
- the log information related to the triggering of the application is displayed in the log information of the monitoring output. If yes, the occurrence of the log information indicates that the application is currently triggered.
- the log information will be output by logcat (the command line tool of the Android platform). Therefore, a thread is pre-created for listening to the logcat to monitor the output of the log information.
- step S211 the specific process of step S211 is: detecting the output log information to obtain row information matching the activity manager string, and recording the row information.
- the line information is the log information triggered by the application. Since the application startup will generate and output the line information containing the activity manager string, the output log information includes several pieces of line information, so the line information in the log information will be detected one by one to obtain the activity manager string. Match the line information and record this line information.
- the activity manager string is an "Activitymanager" string.
- the obtained line information matching the activity management string will include an "Activitymanager” string, a "Starting” string, or a "START” string, which is currently triggered to be started.
- App package name and activity name ie, Activity name
- the application package name is used to uniquely mark the application, that is, each application has a unique package name, which is a mark used to distinguish other applications, and the application package name is different from the application name. For example, two applications may have the same application name. , but it is impossible to have the same application package name; Activity name refers to the interface identifier name of the application interface that triggers the launch.
- Step S213 extracting, from the log information triggered by the application, the application that triggers the startup The corresponding application package name.
- the log information triggered by the application is located to locate the application package name that appears in the log information, and then the application package name is extracted. For example, triggering a run
- the log information generated by the application of the Andro id platform can be located according to the location identifier, and the location of the location identifier in the log information is obtained, and then the application package name corresponding to the application triggered by the trigger can be extracted according to the location.
- the location identifier used can be set according to the characteristics of the log information, for example, the format. For example, the location identifier can be "cmp".
- the method before the step of step S230, the method further includes: determining whether the currently triggered application is a sensitive application, and if yes, proceeding to step S230, and if not, running the currently triggered application.
- the step of determining whether the currently triggered application is a sensitive application includes:
- Step S 31 reading the sensitive application package name.
- the sensitive application may be an application related to protection of operating system security and configuration information in the terminal device, for example, may be an application, or may be an application related to user information security. Therefore, the operating system is, for example, the Andro id platform.
- a certain application can be set as a sensitive application in advance, and the user can also set the installed application as a sensitive application as needed.
- the sensitive application package name read is at least one.
- Step S330 comparing the extracted application package name with the sensitive application package name, determining whether the application package name is consistent with the sensitive application package name, and if yes, proceeding to step S230, if not, Then, the process proceeds to step S350.
- the extracted application package name is compared with a plurality of sensitive application package names one by one, and it is determined whether the read sensitive application package name includes a sensitive application package name that is consistent with the extracted application package name. If yes, it indicates that the application that is currently triggered to start is a sensitive application, and the validity of the access needs to be verified. If not, the application that is currently triggered to start is not a sensitive application and can be directly run.
- Step S350 Run the application that is currently triggered to start.
- the foregoing step S230 may include:
- Step S231 displaying a verification interface, and obtaining the input verification information through the verification interface.
- the verification interface that can be controlled by the user is displayed in the terminal device, and the verification information input by the user on the verification interface is obtained.
- the verification information may be an input unlock password or an input unlock gesture, which is not exemplified here.
- Step S233 verifying the validity of the user accessing the application according to the verification information, determining whether the verification is passed, and if yes, proceeding to step S235, and if not, ending.
- the verification is performed according to the input verification information to determine whether the currently triggered application is executable for the current user to access, and if so, the verification pass information is generated, and if not, the currently triggered application running is disabled. .
- Step S235 generating verification pass information.
- an application access control device includes a listening module 110, a verification module 130, and an execution module 150.
- the monitoring module 110 is configured to monitor the application to start the application that is currently triggered to be started.
- the application monitored by the monitoring module 110 may be any application in the terminal device, and the application startup in the terminal device is monitored to obtain an application that is currently triggered to be detected, so as to accurately detect the time point when the user opens the application. , in turn, controls the operation of the application and controls the user's access application.
- the verification module 130 is configured to verify that the validity of the user accessing the application is verified by the information. In this embodiment, after the triggering of an application is initiated, the verification module 130 performs legality verification on the user who starts the application to determine whether the user has the access right to access the application, and if the verification is that the user is a legitimate access application. , generate verification pass information.
- the running module 140 is configured to run the application by using the verification information.
- the running module 140 under the action of the verification pass information, will allow the application that is currently triggered to be activated to enable the user to access the application, use the functions provided by the application, and browse the application. Information provided.
- the access control device of the above application verifies the validity of the user after the application of the application of the terminal device is detected, so as to ensure the security of the application access, so that the application is not illegally used and the sensitive information is leaked.
- the above-mentioned listening module 110 includes a log obtaining unit 111 and an extracting unit 113.
- the log obtaining unit 111 is configured to obtain log information triggered by the application by monitoring the output of the log information.
- the log obtaining unit 111 will know by the output of the monitoring log information that the activation of the application is currently triggered.
- the log obtaining unit 111 monitors whether the log information related to the triggering of the application is generated in the output log information, and if yes, the occurrence of the log information indicates that the application is currently triggered to be started.
- the log information will be output by the logca t (command line tool of the Andro id platform). Therefore, the log obtaining unit 111 will pre-create a thread for monitoring logca t to implement log information output. monitor.
- the log obtaining unit 111 is further configured to detect the output log message.
- the line information is matched with the activity manager string, and the line information is recorded.
- the line information is the log information triggered by the application. Since the application startup will generate and output the line information including the activity manager string, the output log information includes a plurality of pieces of line information, and therefore, the log obtaining unit 111 will detect the line information in the log information one by one to obtain the activity.
- the manager string matches the line information and records this line information.
- the activity manager string is the "Act ivi tymanager" string.
- the line information obtained by the log obtaining unit 111 and matching the activity management string will include an "Act iv i tymanager" string, a "Star t ing" string or " START" String, the application package name and the activity name (ie, the Act ivi ty name) that are currently triggered to start.
- the application package name is used to uniquely mark the application, that is, each application has a unique package name, which is a mark used to distinguish other applications, and the application package name is different from the application name. For example, two applications may have the same application name. , but it is impossible to have the same application package name; Act ivi ty name refers to the interface identification name of the application interface that triggers the launch.
- the extracting unit 113 is configured to extract, from the log information triggered by the application, the application package name corresponding to the application that triggers the startup.
- the extracting unit 113 locates the log information triggered by the application to locate the application package name that appears in the log information, and extracts the application package name. For example, in the log information generated by the application running the Android platform, the extracting unit 113 may perform positioning according to the positioning identifier, obtain a location where the positioning identifier is located in the log information, and then extract an application that triggers the activation according to the location. The corresponding application package name.
- the location identifier used can be set according to the characteristics of the log information, for example, the format. For example, the location identifier can be "cmp".
- the access control device of the application further determines whether the currently triggered application is a sensitive application, and if so, notifies the verification module 130, and if not, operates as The application that triggered the launch before.
- the application's access control device can set sensitive applications according to security needs and user requirements, and thus only verify the validity of access to sensitive applications, taking into account the security of the application and the simplification of user operations.
- the access control device of the above application further includes a read module 210 and a comparison module 230.
- the reading module 21 0 is used to read the sensitive application package name.
- the sensitive application may be an application related to protection of operating system security and configuration information in the terminal device, for example, may be an application, or may be an application related to user information security. Therefore, the operating system is, for example, the Andro id platform. A certain application can be set as a sensitive application in advance, and the user can also set the installed application as a sensitive application as needed.
- the sensitive application package name read by the reading module 210 is at least one.
- the comparison module 230 is configured to compare the extracted application package name with the sensitive application package name, determine whether the application package name is consistent with the sensitive application package name, and if yes, notify the verification module 1 30, and if not, notify Run module 150.
- the comparison module 230 compares the extracted application package name with a plurality of sensitive application package names one by one, and determines whether the extracted sensitive application package name includes the extracted application package name with the same sensitivity.
- the application package name if yes, indicates that the application that is currently triggered to start is a sensitive application, and the validity of the access needs to be verified. If not, the application that is currently triggered to start is not a sensitive application and can be directly run.
- Run module 1 50 used to run the application that is currently triggered to start.
- the above verification module 1 30 includes an interface processing unit 1 31 and a legality verification unit 1 33.
- the interface processing unit 1 31 is configured to display a verification interface, and obtain the input horse certificate information through the verification interface.
- the interface processing unit 1 31 displays the verification interface that can be manipulated by the user in the terminal device, and obtains the verification information input by the user on the verification interface.
- the verification information may be an input unlocking password or an input unlocking gesture, which is not exemplified here.
- the legality verification unit 1 33 verifies the validity of the user accessing the application according to the verification information, and determines whether the verification is passed. If yes, the verification pass information is generated, and if not, the execution is stopped.
- the validity verification unit 1 33 performs verification according to the input verification information to determine whether the currently triggered application is executable for the current user to access, and if so, generates verification pass information, and if not, disables The application currently triggering the launch is running.
- the access control method and device of the foregoing application the startup of the monitoring application is obtained by the currently triggered application, and the validity of the user accessing the application is verified, and the verification triggered verification information is used to run the currently triggered application, thereby realizing the user's application to the application.
- Access, and the legality verification performed by the user accessing the application makes it impossible for others to access the application in the terminal device arbitrarily, effectively controlling the access occurring by the application in the terminal device, and improving the security of the application.
- the embodiment of the present application further provides a terminal for running an access control device of the application. As shown in FIG.
- the terminal can be any mobile terminal device including a mobile phone, a tablet computer, a PDA (Personal Digital Assistant), a P0S (Point of Sales), a car computer, and the like.
- FIG. 10 is a block diagram showing a part of the structure of a mobile phone related to the terminal provided by the embodiment of the present application.
- the mobile phone includes: a radio frequency (RF) circuit 1010, a memory 1020, an input unit 1030, a display unit 1040, a sensor 1050, an audio circuit 1060, and a communication module 1070.
- RF radio frequency
- communication module 1070 will be referred to as “wif i module 1070”
- processor 1080 and power supply 1090.
- the structure of the handset shown in Figure 10 does not constitute a limitation to the handset, and may include more or fewer components than those illustrated, or some components may be combined, or different components may be arranged.
- the RF circuit 1010 can be used for transmitting and receiving information or receiving and transmitting signals during a call. Specifically, after receiving the downlink information of the base station, it is processed by the processor 1080. In addition, the designed uplink data is sent to the base station.
- RF circuit 1010 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a Low Noise Amplifier (LNA), a duplexer, and the like. In addition, the RF circuit 1010 can also communicate with the network and other devices via wireless communication.
- LNA Low Noise Amplifier
- the above wireless communication may use any communication standard or protocol, including but not limited to Global System of Mobile communication (GSM), General Packet Radio Service (GPRS), and code division multiple iiL ( Code Division Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (Long Term) Evo lut ion, LTE ) ), electronic by cattle, short message, Shor t Mes sag ing Serv i ce (SMS).
- GSM Global System of Mobile communication
- GPRS General Packet Radio Service
- CDMA Code Division Multiple Access
- WCDMA Wideband Code Division Multiple Access
- LTE Long Term Evolution
- SMS Shor t Mes sag ing Serv i ce
- the memory 1020 can be used to store software programs and modules, and the processor 1080 executes various functional applications and data processing of the mobile phone by running software programs and modules stored in the memory 1020.
- the memory 1020 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may be stored according to Data created by the use of the mobile phone (such as audio data, phone book, etc.).
- the memory 1020 may include a high speed random access memory, and may also include a nonvolatile memory such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
- the input unit 1030 can be configured to receive input numeric or character information and to generate key signal inputs related to user settings and function controls of the handset.
- the input unit 1 030 may include a touch panel 1031 and other input devices 1032.
- the touch panel 1031 also referred to as a touch screen, can collect touch operations on or near the user (such as the user using a finger, a stylus, or the like on the touch panel 1031 or near the touch panel 1031. Operation), and drive the corresponding connecting device according to a preset program.
- the touch panel 1031 may include two parts: a touch detection device and a touch controller.
- the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information
- the processor 1080 is provided and can receive commands from the processor 1080 and execute them.
- the touch panel 1031 can be implemented in various types such as resistive, capacitive, infrared, and surface acoustic waves.
- the input unit 1030 may also include other input devices 1032.
- other input devices 1032 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackballs, mice, joysticks, and the like.
- the display unit 1040 can be used to display information input by the user or information provided to the user as well as various menus of the mobile phone.
- the display unit 1040 may include a display panel 1041.
- the display panel 1041 may be configured in the form of a liquid crystal display (LCD), an organic light-emitting diode (OLED), or the like.
- the touch panel 1031 can cover the display panel 1041.
- the touch panel 1031 After the touch panel 1031 detects a touch operation on or near the touch panel 1031, the touch panel 1031 transmits to the processor 1080 to determine the type of the touch event, and then the processor 1080 according to the touch event.
- the type provides a corresponding visual output on display panel 1041.
- the touch panel 1031 and the display panel 1041 are used as two independent components to implement the input and input functions of the mobile phone in FIG. 10, in some embodiments, the touch panel 1031 and the display panel 1041 may be integrated. Realize the input and output functions of the phone.
- the Light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 1041 according to the brightness of the ambient light, and the proximity sensor may close the display panel 1041 and/or when the mobile phone moves to the ear. Or backlight.
- the accelerometer sensor can detect the magnitude of acceleration in all directions (usually three axes). When it is stationary, it can detect the magnitude and direction of gravity.
- An audio circuit 1060, a speaker 1061, and a microphone 1062 can provide an audio interface between the user and the handset.
- the audio circuit 1060 can transmit the converted electrical data of the received audio data to the speaker 1061, and convert it into a sound signal output by the speaker 1061.
- the microphone 1062 converts the collected sound signal into an electrical signal, by the audio circuit 1060. After receiving, it is converted into audio data, and then processed by the audio data output processor 1080, via the RF circuit 1010. To send to, for example, another handset, or to output audio data to memory 1020 for further processing.
- WiFi is a short-range wireless transmission technology.
- the mobile phone through the WiFi module 1070 can help users to send and receive e-mail, browse web pages and access streaming media, etc. It provides users with wireless broadband Internet access.
- FIG. 10 shows the WiFi module 1070, it can be understood that it does not belong to the essential configuration of the mobile phone, and can be omitted as needed within the scope of not changing the nature of the application.
- the processor 1080 is the control center of the handset, which connects various portions of the entire handset using various interfaces and lines, by executing or executing software programs and/or modules stored in the memory 1020, and invoking data stored in the memory 1020, The phone's various functions and processing data, so that the overall monitoring of the phone.
- the processor 1080 may include one or more processing units.
- the processor 1080 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like.
- the modem processor primarily handles wireless communications. It will be appreciated that the above described modem processor may also not be integrated into the processor 1080.
- the handset also includes a power supply 1090 (such as a battery) that supplies power to the various components.
- a power supply 1090 can be logically coupled to the processor 1080 through a power management system to manage charging, discharging, and power management functions through the power management system.
- the mobile phone may further include a camera, a Bluetooth module, and the like, and details are not described herein again.
- the processor 1080 included in the terminal further has the following functions: the startup of the monitoring application obtains the currently triggered application;
- the step of the startup of the monitoring application to obtain the application that is currently triggered to start includes: obtaining the log information triggered by the application by monitoring the output of the log information; The application package name corresponding to the application that triggers the startup is extracted from the log information that is triggered by the application.
- the step of obtaining the log information triggered by the application by monitoring the output of the log information includes:
- the line information is the log information that the application triggers to start.
- the method further includes:
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Telephone Function (AREA)
Abstract
本申请提供了一种应用的访问控制方法和装置。所述方法包括:监听应用的启动得到当前触发启动的应用;验证用户访问所述应用的合法性得到验证通过信息;根据所述验证通过信息运行所述应用。所述装置包括:监听模块,用于监听应用的启动得到当前触发启动的应用;验证模块,用于验证用户访问所述应用的合法性得到验证通过信息;运行模块,用于通过所述验证通过信息运行所述应用。采用本申请能有效控制终端设备中应用所发生的访问,提高了应用的安全性。
Description
本申请要求于 2013 年 7 月 22 日提交中国专利局、 申请号为 201310309608.8, 申请名称为 "应用的访问控制方法和装置" 的中国专 利申请的优先权, 其全部内容通过引用结合在本申请中。
技术领域 本申请涉及安全控制技术, 特别是涉及一种应用的访问控制方法和 装置。 发明背景
终端设备所搭载的操作系统平台上通常安装各种应用, 以满足用户 的各种需求。 例如, 用户可通过访问联系人应用查看联系人信息以及通 话记录等。 任一手持终端设备的用户均可访问终端设备中安装的任一应 用, 进而使用该应用所提供的功能, 获取到该应用所提供的各种资料。
然而, 对于终端设备而言, 任何一个人在拿到该终端设备之后均可 以任意访问其中的应用,无法控制终端设备中应用所发生的访问,例如, 在终端设备发生遗失之后, 他人可随意访问拾取到的终端设备中安装的 应用, 进而造成应用安全性较氏的缺陷。 发明内容
基于此, 有必要针对无法控制终端设备中应用所发生的访问, 造成 应用安全性较低的技术问题, 提供一种能提高应用安全性的应用的访问 控制方法。
此外, 还有必要提供一种能提高应用安全性的应用的访问控制装
置。
一种应用的访问控制方法, 包括如下步骤:
监听应用的启动得到当前触发启动的应用;
验证用户访问所述应用的合法性得到验证通过信息;
根据所述验证通过信息运行所述应用。
一种应用的访问控制装置, 包括:
监听模块, 用于监听应用的启动得到当前触发启动的应用; 验证模块, 用于验证用户访问所述应用的合法性得到验证通过信 息;
运行模块, 用于通过所述验证通过信息运行所述应用。
一种移动终端设备的应用访问控制装置, 包括存储器和处理器; 其 中, 所述存储器用于存储计算机可读取的指令, 包括: 监听模块、 验证 模块和运行模块; 所述处理器用于与所述存储器进行通信, 执行所述存 储器中存储的所述指令; 当所述处理器执行所述存储器中存储的所述指 令时,
所述监听模块, 用于监听应用的启动得到当前触发启动的应用; 所述验证模块, 用于判断用户访问所述应用是否合法性; 若判断出 所述用户访问所述应用合法, 生成验证通过信息; 若判断出所述用户访 问所述应用不合法, 禁止当前触发启动的应用运行;
所述运行模块, 用于通过所述验证通过信息运行所述应用。
上述应用的访问控制方法和装置, 监听应用的启动得到当前触发启 动的应用, 验证用户访问该应用的合法性, 以通过 3全证得到的险证通过 信息运行当前触发启动的应用, 实现用户对该应用的访问, 并且通过用 户访问该应用所进行的合法性验证使得他人无法随意访问终端设备中 的应用, 有效控制了终端设备中应用所发生的访问, 提高了应用的安全
性。 附图简要说明
图 1为一个实施例中应用的访问控制方法的应用环境示意图; 图 2为一个实施例中应用的访问控制方法的流程图;
图 3为图 2中监听应用的启动得到当前触发启动的应用的方法流程 图;
图 4为另一个实施例中应用的访问控制方法的流程图;
图 5为一个实施例中验证用户访问该应用的合法性得到验证通过信 息的方法流程图;
图 6为一个实施例中应用的访问控制装置的结构示意图; 图 7为图 6中监听模块的结构示意图;
图 8为另一个实施例中应用的访问控制装置的结构示意图; 图 9为一个实施例中险证模块的结构示意图;
图 10 为一个实施例中与本申请实施例提供的终端相关的手机的部 分结构的框图。 实施本发明的方式
为了使本申请的目的、 技术方案及优点更加清楚明白, 以下结合附 图及实施例, 对本申请进行进一步详细说明。 应当理解, 此处所描述的 具体实施例仅仅用以解释本申请, 并不用于限定本申请。
一种应用的访问控制方法可由计算机程序实现, 应用的访问控制方 法所构建的应用的访问控制装置则被存储于终端设备中, 以在该终端设 备中运行, 进而实施应用的访问控制。
如图 1所示, 终端设备 100包括显示器 110、 存储器 1 30和处理器
150。 其中, 存储器 130存储了各种应用、 应用的访问控制装置所对应 的程序指令以及其它数据, 该程序指令的功能将在后续的方法内容中进 行详细描述; 显示器 110用于提供一个操作界面供用户对终端设 100进 行操作; 处理器 150用于执行存储器 130中的应用的访问控制装置, 以 实现控制终端设备中应用所发生的访问。
如图 2所示, 在一个实施例中, 一种应用的访问控制方法, 包括如 下步骤:
步骤 S 210, 监听应用的启动得到当前触发启动的应用。
本实施例中, 监听的应用可以为终端设备中的任一应用, 对终端设 备中的应用启动进行监听, 以得到当前触发启动的应用, 以准确侦测到 用户打开应用的时间点, 进而控制该应用的运行, 对用户的访问应用进 行控制。
步骤 S230, 验证用户访问该应用的合法性得到验证通过信息。 本实施例中, 触发启动某一应用之后, 将对启动该应用的用户进行 合法性验证, 以判断该用户是否具备对应用进行访问的访问权限, 若验 证得到该用户具备访问所述应用的访问权限, 则判定该用户是合法访问 应用的, 生成 3全证通过信息。
步骤 S250, 根据验证通过信息运行应用。
本实施例中, 通过用户访问的合法性验证之后, 在验证通过信息的 作用下将允许运行当前触发启动的应用, 以使得用户能够访问应用, 使 用应用所提供的功能以及浏览应用所提供的信息。
上述应用的访问控制方法, 在监听得到终端设备发生了应用的启动 之后, 将对用户的合法性进行验证, 以保证应用的访问安全, 进而使得 应用不会被非法使用, 泄露敏感信息。
如图 3所示, 在一个实施例中, 上述步骤 S210可包括:
步骤 S211, 通过监听日志信息的输出得到应用触发启动的日志信 息。
本实施例中,应用的启动和运行过程中,将会产生相应的日志信息, 以记录应用的启动和运行过程。 因此, 将通过监听日志信息的输出来获 知当前触发了应用的启动。
具体的, 监听输出的日志信息中是否存在与应用触发启动相关的日 志信息, 若存在, 则该日志信息的出现即表明当前触发了应用启动。
在一个实施例中, Android平台中, 日志信息将由 logcat ( Android 平台的命令行工具)输出,因此,将预先创建一个线程,用于监听 logcat, 以实现日志信息输出的监听。
在一个实施例中,上述步骤 S211的具体过程为:检测输出的日志信 息得到与活动管理器字符串匹配的行信息, 记录行信息。
本实施例中, 该行信息即为应用触发启动的日志信息。 由于应用启 动将会产生并输出包含了活动管理器字符串的行信息, 输出的日志信息 包括了若干条行信息, 因此, 将逐一检测日志信息中的行信息, 以得到 与活动管理器字符串相匹配的行信息, 并记录这一条行信息。 具体的, 活动管理器字符串为 "Activitymanager" 字符串。
进一步的, 对于运行于 Android平台的应用而言, 所得到的与活动 管理字符串相匹配的行信息将包括 "Activitymanager" 字符串、 "Starting" 字符串或 "START" 字符串、 当前触发启动的应用包名和 活动名 (即, Activity名)。 其中, 应用包名用于唯一标记应用, 即每 一应用均有唯一的包名, 是用于区别其它应用的标记, 应用包名不同于 应用名称, 例如, 两个应用可以有相同的应用名称, 但不可能有相同的 应用包名; Activity名指的是触发启动的应用界面的界面标识名称。
步骤 S213, 从应用触发启动的日志信息提取得到触发启动的应用所
对应的应用包名。
本实施例中, 对应用触发启动的日志信息进行定位, 以定位到该日 志信息所出现的应用包名, 进而提取该应用包名。 例如, 触发运行
Andro id平台的应用所产生的日志信息中,可根据定位标识符进行定位, 得到日志信息中定位标识符所在的位置, 进而根据该位置即可提取得到 触发启动的应用所对应的应用包名。 所釆用的定位标识符可根据日志信 息的特征, 例如, 格式进行设定。 如, 定位标识符可为 "cmp"。
在一个实施例中, 上述步骤 S230的步骤之前, 该方法还包括: 判断 当前触发启动的应用是否为敏感应用, 若是, 则进入步骤 S230, 若否, 则运行当前触发启动的应用。
本实施例中, 终端设备所运行的应用中, 并不是所有应用需要进行 访问控制的, 对用户而言, 每一应用均需要进行合法性验证之后方可运 行该应用将造成了较多不必要的繁瑣操作, 因此, 可根据安全性需要和 用户需求设置敏感应用, 进而仅对敏感应用进行访问的合法性验证, 兼 顾了应用的安全性和用户操作的简化。
如图 4所示, 在一个实施例中, 上述判断当前触发启动的应用是否 为敏感应用的步骤包括:
步骤 S 31 0, 读取敏感应用包名。
本实施例中, 敏感应用可以是终端设备中涉及操作系统安全和配置 信息的保护的应用, 例如, 可以是设置应用; 也可以是涉及用户信息安 全的应用, 因此, 操作系统例如, Andro id平台可预先将一定的应用设 置为敏感应用, 用户也可以根据需要将安装的应用设置为敏感应用。 所 读取到的敏感应用包名是至少一个的。
步骤 S 330, 将提取得到的应用包名与敏感应用包名进行比对, 判断 应用包名是否与敏感应用包名相一致, 若是, 则进入步骤 S230, 若否,
则进入步骤 S 350。
本实施例中, 将提取得到的应用包名与若干个敏感应用包名逐一进 行比对, 判断读取得到的敏感应用包名中是否包含与提取得到的应用包 名相一致的敏感应用包名, 若是, 则说明当前触发启动的应用为敏感应 用, 需要对其进行访问的合法性验证, 若否, 则说明当前触发启动的应 用并不是敏感应用, 可直接运行。
步骤 S350, 运行当前触发启动的应用。
如图 5所示, 在一个实施例中, 上述步骤 S230可包括:
步骤 S231, 显示验证界面, 并通过验证界面获取输入的验证信息。 本实施例中, 将可供用户操控的验证界面显示于终端设备中, 并获 取用户在验证界面所输入的验证信息。 其中, 该验证信息可为输入的解 锁密码, 也可以是输入的解锁手势, 在此不——进行例举。
步骤 S233, 根据验证信息验证用户访问应用的合法性, 判断验证是 否通过, 若是, 则进入步骤 S235, 若否, 则结束。
本实施例中, 根据输入的验证信息进行验证, 以判断当前触发启动 的应用是否可以运行, 以供当前的用户访问, 若是, 则生成验证通过信 息, 若否, 则禁用当前触发启动的应用运行。
步骤 S235, 生成验证通过信息。
如图 6所示, 在一个实施例中, 一种应用的访问控制装置, 包括监 听模块 110、 验证模块 130和运行模块 150。
监听模块 110, 用于监听应用的启动得到当前触发启动的应用。 本实施例中, 监听模块 110监听的应用可以为终端设备中的任一应 用, 对终端设备中的应用启动进行监听, 以得到当前触发启动的应用, 以准确侦测到用户打开应用的时间点, 进而控制该应用的运行, 对用户 的访问应用进行控制。
验证模块 130, 用于验证用户访问应用的合法性得到验证通过信息。 本实施例中, 触发启动某一应用之后, 验证模块 130将对启动该应 用的用户进行合法性验证, 以判断该用户是否具备对应用进行访问的访 问权限, 若验证得到该用户是合法访问应用的, 生成验证通过信息。
运行模块 140, 用于通过验证通过信息运行应用。
本实施例中, 通过用户访问的合法性验证之后, 运行模块 140在验 证通过信息的作用下将允许运行当前触发启动的应用, 以使得用户能够 访问应用, 使用应用所提供的功能以及浏览应用所提供的信息。
上述应用的访问控制装置, 在监听得到终端设备发生了应用的启动 之后, 将对用户的合法性进行验证, 以保证应用的访问安全, 进而使得 应用不会被非法使用, 泄露敏感信息。
如图 7所示, 在一个实施例中, 上述监听模块 110包括日志获取单 元 111和提取单元 113。
日志获取单元 111, 用于通过监听日志信息的输出得到应用触发启 动的日志信息。
本实施例中,应用的启动和运行过程中,将会产生相应的日志信息, 以记录应用的启动和运行过程。 因此, 日志获取单元 111将通过监听日 志信息的输出来获知当前触发了应用的启动。
具体的, 日志获取单元 111监听输出的日志信息中是否存在与应用 触发启动相关的日志信息, 若存在, 则该日志信息的出现即表明当前触 发了应用启动。
在一个实施例中, Android平台中, 日志信息将由 logca t ( Andro id 平台的命令行工具)输出, 因此, 日志获取单元 111将预先创建一个线 程, 用于监听 logca t , 以实现日志信息输出的监听。
在一个实施例中, 上述日志获取单元 111还用于检测输出的日志信
息得到与活动管理器字符串匹配的行信息, 记录该行信息。
本实施例中, 该行信息即为应用触发启动的日志信息。 由于应用启 动将会产生并输出包含了活动管理器字符串的行信息, 输出的日志信息 包括了若干条行信息, 因此, 日志获取单元 111将逐一检测日志信息中 的行信息, 以得到与活动管理器字符串相匹配的行信息, 并记录这一条 行信息。 具体的, 活动管理器字符串为 "Act ivi tymanager" 字符串。
进一步的,对于运行于 Android平台的应用而言, 日志获取单元 111 所得到的与活动管理字符串相匹配的行信息将包括 "Act iv i tymanager" 字符串、 "Star t ing" 字符串或 "START" 字符串、 当前触发启动的应用 包名和活动名 (即, Act ivi ty名)。 其中, 应用包名用于唯一标记应用, 即每一应用均有唯一的包名, 是用于区别其它应用的标记, 应用包名不 同于应用名称, 例如, 两个应用可以有相同的应用名称, 但不可能有相 同的应用包名; Act ivi ty名指的是触发启动的应用界面的界面标识名 称。
提取单元 113, 用于从应用触发启动的日志信息提取得到触发启动 的应用所对应的应用包名。
本实施例中, 提取单元 113对应用触发启动的日志信息进行定位, 以定位到该日志信息所出现的应用包名, 进而提取该应用包名。 例如, 触发运行 Android平台的应用所产生的日志信息中, 提取单元 113可根 据定位标识符进行定位, 得到日志信息中定位标识符所在的位置, 进而 根据该位置即可提取得到触发启动的应用所对应的应用包名。 所釆用的 定位标识符可根据日志信息的特征, 例如, 格式进行设定。 如, 定位标 识符可为 "cmp"。
在一个实施例中, 上述应用的访问控制装置还将判断当前触发启动 的应用是否为敏感应用, 若是, 则通知验证模块 130, 若否, 则运行当
前触发启动的应用。
本实施例中, 终端设备所运行的应用中, 并不是所有应用需要进行 访问控制的, 对用户而言, 每一应用均需要进行合法性验证之后方可运 行该应用将造成了较多不必要的繁瑣操作, 因此, 应用的访问控制装置 可根据安全性需要和用户需求设置敏感应用, 进而仅对敏感应用进行访 问的合法性验证, 兼顾了应用的安全性和用户操作的简化。
如图 8所示, 在一个实施例中, 上述应用的访问控制装置还包括读 取模块 21 0和比对模块 230。
读取模块 21 0, 用于读取敏感应用包名。
本实施例中, 敏感应用可以是终端设备中涉及操作系统安全和配置 信息的保护的应用, 例如, 可以是设置应用; 也可以是涉及用户信息安 全的应用, 因此, 操作系统例如, Andro i d平台可预先将一定的应用设 置为敏感应用, 用户也可以根据需要将安装的应用设置为敏感应用。 读 取模块 21 0所读取到的敏感应用包名是至少一个的。
比对模块 230, 用于将提取得到的应用包名与敏感应用包名进行比 对, 判断应用包名是否与敏感应用包名相一致, 若是, 则通知验证模块 1 30 , 若否, 则通知运行模块 150。
本实施例中, 比对模块 230将提取得到的应用包名与若干个敏感应 用包名逐一进行比对, 判断读取得到的敏感应用包名中是否包含提取得 到的应用包名相一致的敏感应用包名, 若是, 则说明当前触发启动的应 用为敏感应用, 需要对其进行访问的合法性验证, 若否, 则说明当前触 发启动的应用并不是敏感应用, 可直接运行。
运行模块 1 50, 用于运行当前触发启动的应用。
如图 9所示, 在一个实施例中, 上述验证模块 1 30包括界面处理单 元 1 31和合法性验证单元 1 33。
界面处理单元 1 31, 用于显示验证界面, 并通过验证界面获取输入 的马全证信息。
本实施例中, 界面处理单元 1 31将可供用户操控的验证界面显示于 终端设备中, 并获取用户在验证界面所输入的验证信息。 其中, 该验证 信息可为输入的解锁密码, 也可以是输入的解锁手势, 在此不——进行 例举。
合法性验证单元 1 33, 根据验证信息验证用户访问应用的合法性, 判断验证是否通过, 若是, 则生成验证通过信息, 若否, 则停止执行。
本实施例中, 合法性验证单元 1 33根据输入的验证信息进行验证, 以判断当前触发启动的应用是否可以运行,以供当前的用户访问,若是, 则生成验证通过信息, 若否, 则禁用当前触发启动的应用运行。
上述应用的访问控制方法和装置, 监听应用的启动得到当前触发启 动的应用, 验证用户访问该应用的合法性, 以通过验证得到的验证通过 信息运行当前触发启动的应用, 实现用户对该应用的访问, 并且通过用 户访问该应用所进行的合法性验证使得他人无法随意访问终端设备中 的应用, 有效控制了终端设备中应用所发生的访问, 提高了应用的安全 性。
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分 流程, 是可以通过计算机程序来指令相关的硬件来完成, 所述的程序可 存储于一计算机可读取存储介质中, 附图 6至附图 9所示应用的访问控 制装置的模块或单元对应的程序指令可存储在终端的可读存储介质内, 并被该终端中的至少一个处理器执行, 以实现上述应用的访问控制方 法, 该方法包括图 2至图 5中各方法实施例所述的流程。 其中, 所述的 存储介质可为磁碟、 光盘、 只读存储记忆体(Read-Only Memory, ROM ) 或随机存储记忆体 ( Random Acces s Memory, RAM )等。
本申请实施例还提供了运行应用的访问控制装置的终端, 如图 10 所示, 为了便于说明, 仅示出了与本申请实施例相关的部分, 具体技术 细节未揭示的,请参照本申请实施例方法部分。该终端可以为包括手机、 平板电脑、 PDA (Personal Digital Assistant, 个人数字助理)、 P0S (Point of Sales, 销售终端)、 车载电脑等任意移动终端设备, 以终 端为手机为例:
图 10 示出的是与本申请实施例提供的终端相关的手机的部分结构 的框图。参考图 10,手机包括: 射频(Radio Frequency, RF)电路 1010、 存储器 1020、 输入单元 1030、 显示单元 1040、 传感器 1050、 音频电路 1060、 通讯模块 1070 (本实施例以 w i f i模块为例进行说明, 以下将 "通 讯模块 1070" 称为 "wif i模块 1070" )、 处理器 1080、 以及电源 1090 等部件。 本领域技术人员可以理解, 图 10 中示出的手机结构并不构成 对手机的限定,可以包括比图示更多或更少的部件,或者组合某些部件, 或者不同的部件布置。
下面结合图 10对手机的各个构成部件进行具体的介绍:
RF电路 1010可用于收发信息或通话过程中信号的接收和发送, 特 别地, 将基站的下行信息接收后, 给处理器 1080 处理; 另外, 将设计 上行的数据发送给基站。 通常, RF电路 1010包括但不限于天线、 至少 一个放大器、 收发信机、耦合器、低噪声放大器(Low Noise Amplifier, LNA)、 双工器等。 此外, RF电路 1010还可以通过无线通信与网络和其 他设备通信。 上述无线通信可以使用任一通信标准或协议, 包括但不限 于全球移动通讯系统 (Global System of Mobile communication, GSM )、 通用分组无线月良务 ( General Packet Radio Service, GPRS )、 码分多 iiL ( Code Division Multiple Access, CDMA )、 宽带码分多址( Wideband Code Division Multiple Access, WCDMA )、 长期演进 ( Long Term
Evo lut ion, LTE ) )、 电子由 牛、短消息、月良务( Shor t Mes sag ing Serv i ce , SMS )等。
存储器 1020可用于存储软件程序以及模块, 处理器 1080通过运行 存储在存储器 1020 的软件程序以及模块, 从而执行手机的各种功能应 用以及数据处理。 存储器 1020 可主要包括存储程序区和存储数据区, 其中, 存储程序区可存储操作系统、 至少一个功能所需的应用程序 (比 如声音播放功能、 图像播放功能等)等; 存储数据区可存储根据手机的 使用所创建的数据(比如音频数据、 电话本等)等。 此外, 存储器 1020 可以包括高速随机存取存储器, 还可以包括非易失性存储器, 例如至少 一个磁盘存储器件、 闪存器件、 或其他易失性固态存储器件。
输入单元 1030可用于接收输入的数字或字符信息,以及产生与手机 的用户设置以及功能控制有关的键信号输入。 具体地, 输入单元 1 030 可包括触控面板 1031以及其他输入设备 1032。 触控面板 1031, 也称为 触摸屏, 可收集用户在其上或附近的触摸操作 (比如用户使用手指、 触 笔等任何适合的物体或附件在触控面板 1031上或在触控面板 1031附近 的操作), 并根据预先设定的程式驱动相应的连接装置。 可选的, 触控 面板 1031 可包括触摸检测装置和触摸控制器两个部分。 其中, 触摸检 测装置检测用户的触摸方位, 并检测触摸操作带来的信号, 将信号传送 给触摸控制器; 触摸控制器从触摸检测装置上接收触摸信息, 并将它转 换成触点坐标, 再送给处理器 1080, 并能接收处理器 1080发来的命令 并加以执行。 此外, 可以釆用电阻式、 电容式、 红外线以及表面声波等 多种类型实现触控面板 1031。 除了触控面板 1 031, 输入单元 1030还可 以包括其他输入设备 1032。 具体地, 其他输入设备 1032可以包括但不 限于物理键盘、 功能键(比如音量控制按键、 开关按键等)、 轨迹球、 鼠标、 操作杆等中的一种或多种。
显示单元 1040 可用于显示由用户输入的信息或提供给用户的信息 以及手机的各种菜单。 显示单元 1040可包括显示面板 1041 , 可选的, 可以釆用液晶显示器(Liquid Crys ta l Di splay, LCD ), 有机发光二极 管(Organic Light-Emi t t ing Diode, OLED )等形式来配置显示面板 1041。 进一步的, 触控面板 1031可覆盖显示面板 1041, 当触控面板 1031检测 到在其上或附近的触摸操作后, 传送给处理器 1080 以确定触摸事件的 类型, 随后处理器 1080根据触摸事件的类型在显示面板 1041上提供相 应的视觉输出。 虽然在图 10中, 触控面板 1031与显示面板 1041是作 为两个独立的部件来实现手机的输入和输入功能, 但是在某些实施例 中, 可以将触控面板 1031与显示面板 1041集成而实现手机的输入和输 出功能。
传感器 1050可以为光传感器、 运动传感器或其他传感器。 具体地, 光传感器可包括环境光传感器及接近传感器, 其中, 环境光传感器可根 据环境光线的明暗来调节显示面板 1041 的亮度, 接近传感器可在手机 移动到耳边时,关闭显示面板 1041和 /或背光。作为运动传感器的一种, 加速计传感器可检测各个方向上(一般为三轴)加速度的大小, 静止时 可检测出重力的大小及方向, 可用于识别手机姿态的应用 (比如横竖屏 切换、 相关游戏、 磁力计姿态校准)、 振动识别相关功能(比如计步器、 敲击)等; 至于手机还可配置的陀螺仪、 气压计、 湿度计、 温度计、 红 外线传感器等其他传感器, 在此不再赘述。
音频电路 1060、 扬声器 1061, 传声器 1062可提供用户与手机之间 的音频接口。 音频电路 1060 可将接收到的音频数据转换后的电信号, 传输到扬声器 1061, 由扬声器 1061转换为声音信号输出; 另一方面, 传声器 1062将收集的声音信号转换为电信号, 由音频电路 1060接收后 转换为音频数据,再将音频数据输出处理器 1080处理后,经 RF电路 1010
以发送给比如另一手机, 或者将音频数据输出至存储器 1020 以便进一 步处理。
WiFi属于短距离无线传输技术, 手机通过 WiFi模块 1070可以帮助 用户收发电子邮件、 浏览网页和访问流式媒体等, 它为用户提供了无线 的宽带互联网访问。 虽然图 10示出了 WiFi模块 1070, 但是可以理解的 是, 其并不属于手机的必须构成, 完全可以根据需要在不改变申请的本 质的范围内而省略。
处理器 1080是手机的控制中心,利用各种接口和线路连接整个手机 的各个部分, 通过运行或执行存储在存储器 1020内的软件程序和 /或模 块, 以及调用存储在存储器 1020 内的数据, 执行手机的各种功能和处 理数据, 从而对手机进行整体监控。 可选的, 处理器 1080 可包括一个 或多个处理单元; 优选的, 处理器 1080 可集成应用处理器和调制解调 处理器, 其中,应用处理器主要处理操作系统、用户界面和应用程序等, 调制解调处理器主要处理无线通信。 可以理解的是, 上述调制解调处理 器也可以不集成到处理器 1080中。
手机还包括给各个部件供电的电源 1090 (比如电池), 优选的, 电 源 1090可以通过电源管理系统与处理器 1080逻辑相连, 从而通过电源 管理系统实现管理充电、 放电、 以及功耗管理等功能。
尽管未示出, 手机还可以包括摄像头、 蓝牙模块等, 在此不再赘述。 在本申请实施例中, 该终端所包括的处理器 1080还具有以下功能: 监听应用的启动得到当前触发的应用;
验证用户访问应用的合法性得到验证通过信息;
根据验证通过信息运行应用。
进一步的, 监听应用的启动得到当前触发启动的应用的步骤包括: 通过监听日志信息的输出得到应用触发启动的日志信息;
从应用触发启动的日志信息提取得到触发启动的应用所对应的应用 包名。
进一步的, 通过监听日志信息的输出得到应用触发启动的日志信息 的步骤包括:
检测输出的日志信息得到与活动管理器字符串匹配的行信息, 记录 行信息;
行信息即为应用触发启动的日志信息。
进一步的, 验证用户访问应用的合法性得到验证通过信息的步骤之 前, 该方法还包括:
读取敏感应用包名;
将提取得到的应用包名与敏感应用包名进行比对, 判断应用包名是 否与敏感应用包名相一致, 若是, 则
进入验证用户访问应用的合法性得到验证通过信息的步骤。
进一步的, 验证用户访问应用的合法性得到验证通过信息的步骤包 括:
显示险证界面, 并通过险证界面获取输入的险证信息;
根据验证信息验证用户访问应用的合法性, 判断验证是否通过, 若 是, 则
生成 3全证通过信息。
以上所述实施例仅表达了本申请的几种实施方式, 其描述较为具体 和详细, 但并不能因此而理解为对本申请专利范围的限制。 应当指出的 是, 对于本领域的普通技术人员来说, 在不脱离本申请构思的前提下, 还可以做出若干变形和改进, 这些都属于本申请的保护范围。 因此, 本 申请专利的保护范围应以所附权利要求为准。
Claims
1、 一种应用的访问控制方法, 包括如下步骤:
监听应用的启动得到当前触发启动的应用;
验证用户访问所述应用的合法性得到验证通过信息;
根据所述验证通过信息运行所述应用。
2、根据权利要求 1所述的方法, 其特征在于, 所述监听应用的启动 得到当前触发启动的应用的步骤包括:
通过监听日志信息的输出得到应用触发启动的日志信息; 从所述应用触发启动的日志信息提取得到触发启动的应用所对应的 应用包名。
3、根据权利要求 2所述的方法, 其特征在于, 所述通过监听日志信 息的输出得到应用触发启动的日志信息的步骤包括:
检测输出的日志信息得到与活动管理器字符串匹配的行信息, 记录 所述行信息;
所述行信息即为所述应用触发启动的日志信息。
4、根据权利要求 2所述的方法, 其特征在于, 所述验证用户访问所 述应用的合法性得到验证通过信息的步骤之前, 所述方法还包括: 读取敏感应用包名;
将所述提取得到的应用包名与所述敏感应用包名进行比对, 判断所 述应用包名是否与所述敏感应用包名相一致, 若是, 则 骤。
5、根据权利要求 1所述的方法, 其特征在于, 所述验证用户访问所 述应用的合法性得到验证通过信息的步骤包括:
显示验证界面, 并通过所述验证界面获取输入的验证信息; 根据所述验证信息验证用户访问所述应用的合法性, 判断验证是否 通过, 若是, 则
生成 3全证通过信息。
6、 一种应用的访问控制装置, 其特征在于, 包括:
监听模块, 用于监听应用的启动得到当前触发启动的应用; 验证模块,用于验证用户访问所述应用的合法性得到验证通过信息; 运行模块, 用于通过所述验证通过信息运行所述应用。
7、 根据权利要求 6所述的装置, 其特征在于, 所述监听模块包括: 日志获取单元, 用于通过监听日志信息的输出得到应用触发启动的 日志信息;
提取单元, 用于从所述应用触发启动的日志信息提取得到触发启动 的应用所对应的应用包名。
8、根据权利要求 7所述的装置, 其特征在于, 所述日志获取单元还 用于检测输出的日志信息得到与活动管理器字符串匹配的行信息, 记录 所述行信息;
所述行信息即为所述应用触发启动的日志信息。
9、 根据权利要求 7所述的装置, 其特征在于, 所述装置还包括: 读取模块, 用于读取敏感应用包名;
比对模块, 用于将所述提取得到的应用包名与所述敏感应用包名进 行比对, 判断所述应用包名是否与所述敏感应用包名相一致, 若是, 则 通知所述验证模块。
10、根据权利要求 6所述的装置, 其特征在于, 所述验证模块包括: 界面处理单元, 用于显示验证界面, 并通过所述验证界面获取输入 的马全证信息;
合法性验证单元, 用于根据所述验证信息验证用户访问所述应用的 合法性, 判断验证是否通过, 若是, 则生成验证通过信息。
11、 一种移动终端设备的应用访问控制装置, 其特征在于, 所述装 置包括存储器和处理器; 其中, 所述存储器用于存储计算机可读取的指 令, 包括: 监听模块、 验证模块和运行模块; 所述处理器用于与所述存 储器进行通信, 执行所述存储器中存储的所述指令; 当所述处理器执行 所述存储器中存储的所述指令时,
所述监听模块, 用于监听应用的启动得到当前触发启动的应用; 所述验证模块, 用于判断用户访问所述应用是否合法性; 若判断出 所述用户访问所述应用合法, 生成验证通过信息; 若判断出所述用户访 问所述应用不合法, 禁止当前触发启动的应用运行;
所述运行模块, 用于通过所述验证通过信息运行所述应用。
12、根据权利要求 11所述的装置, 其特征在于, 所述监听模块进一 步用于通过监听日志信息的输出得到应用触发启动的日志信息并从所 述应用触发启动的日志信息提取得到触发启动的应用所对应的应用包 名。
13、根据权利要求 12所述的装置, 其特征在于, 所述监听模块还用 于检测输出的日志信息得到与活动管理器字符串匹配的行信息, 记录所 述行信息;
所述行信息即为所述应用触发启动的日志信息。
14、根据权利要求 12所述的装置, 其特征在于, 所述计算机可读取 的指令还包括:
读取模块, 用于读取敏感应用包名;
比对模块, 用于将所述提取得到的应用包名与所述敏感应用包名进 行比对, 判断所述应用包名是否与所述敏感应用包名相一致, 若是, 则
通知所述验证模块。
15、根据权利要求 11所述的装置, 其特征在于, 所述验证模块还用 于显示验证界面、 通过所述验证界面获取输入的验证信息、 并根据所述 验证信息判断用户访问所述应用是否合法性。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310309608.8 | 2013-07-22 | ||
CN2013103096088A CN103366104A (zh) | 2013-07-22 | 2013-07-22 | 应用的访问控制方法和装置 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015010578A1 true WO2015010578A1 (zh) | 2015-01-29 |
Family
ID=49367429
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2014/082567 WO2015010578A1 (zh) | 2013-07-22 | 2014-07-21 | 应用的访问控制方法和装置 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN103366104A (zh) |
WO (1) | WO2015010578A1 (zh) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103366104A (zh) * | 2013-07-22 | 2013-10-23 | 腾讯科技(深圳)有限公司 | 应用的访问控制方法和装置 |
CN104281473A (zh) * | 2014-09-22 | 2015-01-14 | 深圳市金立通信设备有限公司 | 一种插件的处理方法 |
CN104281804A (zh) * | 2014-09-22 | 2015-01-14 | 深圳市金立通信设备有限公司 | 一种终端 |
CN106791025A (zh) * | 2016-11-28 | 2017-05-31 | 努比亚技术有限公司 | 移动终端控制装置及方法 |
CN106991307A (zh) * | 2017-04-10 | 2017-07-28 | 四川阵风科技有限公司 | 应用保密方法及装置 |
CN108769106B (zh) * | 2018-04-12 | 2021-06-01 | 网宿科技股份有限公司 | 应用包名的获取方法、数据包的传输方法及终端设备 |
CN112817822A (zh) * | 2021-02-05 | 2021-05-18 | 深圳市思迪信息技术股份有限公司 | App行为监控方法和装置、终端及存储介质 |
CN112905258B (zh) * | 2021-02-05 | 2024-10-01 | 杭州天宽科技有限公司 | 移动端应用安全启动方法 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002075547A1 (en) * | 2001-03-16 | 2002-09-26 | Kavado, Inc. | Application layer security method and system |
CN1744100A (zh) * | 2004-09-01 | 2006-03-08 | 微软公司 | 对于特定用户许可软件的使用 |
CN102316112A (zh) * | 2011-09-16 | 2012-01-11 | 李建成 | 网络应用中的密码验证方法及系统 |
CN102414664A (zh) * | 2009-04-27 | 2012-04-11 | 高通股份有限公司 | 用于以sms消息接发来激活计算机应用程序的方法和系统 |
CN102842007A (zh) * | 2012-07-16 | 2012-12-26 | 腾讯科技(深圳)有限公司 | 移动终端应用程序的访问控制方法和系统 |
CN103366104A (zh) * | 2013-07-22 | 2013-10-23 | 腾讯科技(深圳)有限公司 | 应用的访问控制方法和装置 |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100918626B1 (ko) * | 2007-08-02 | 2009-09-25 | 주식회사 플랜티넷 | 어플리케이션 프로그램 검증 및 실행 제어 방법 |
KR100966073B1 (ko) * | 2007-10-15 | 2010-06-28 | 한국전자통신연구원 | 단말 사용자 관리 장치 및 방법 |
CN103002342B (zh) * | 2012-11-12 | 2015-08-19 | 北京奇虎科技有限公司 | 电视摄像头防护方法及系统 |
-
2013
- 2013-07-22 CN CN2013103096088A patent/CN103366104A/zh active Pending
-
2014
- 2014-07-21 WO PCT/CN2014/082567 patent/WO2015010578A1/zh active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002075547A1 (en) * | 2001-03-16 | 2002-09-26 | Kavado, Inc. | Application layer security method and system |
CN1744100A (zh) * | 2004-09-01 | 2006-03-08 | 微软公司 | 对于特定用户许可软件的使用 |
CN102414664A (zh) * | 2009-04-27 | 2012-04-11 | 高通股份有限公司 | 用于以sms消息接发来激活计算机应用程序的方法和系统 |
CN102316112A (zh) * | 2011-09-16 | 2012-01-11 | 李建成 | 网络应用中的密码验证方法及系统 |
CN102842007A (zh) * | 2012-07-16 | 2012-12-26 | 腾讯科技(深圳)有限公司 | 移动终端应用程序的访问控制方法和系统 |
CN103366104A (zh) * | 2013-07-22 | 2013-10-23 | 腾讯科技(深圳)有限公司 | 应用的访问控制方法和装置 |
Also Published As
Publication number | Publication date |
---|---|
CN103366104A (zh) | 2013-10-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11269981B2 (en) | Information displaying method for terminal device and terminal device | |
JP6576555B2 (ja) | サービス処理方法、デバイス及びシステム | |
WO2015010578A1 (zh) | 应用的访问控制方法和装置 | |
WO2017118412A1 (zh) | 一种更新密钥的方法、装置和系统 | |
US20150294101A1 (en) | Running applications, and authenticating users | |
WO2018161743A1 (zh) | 指纹识别方法及相关产品 | |
WO2017084288A1 (zh) | 身份验证方法及装置 | |
WO2017020630A1 (zh) | 一种处理订单信息的方法、装置和系统 | |
WO2018045487A1 (zh) | 数据共享的方法与终端 | |
WO2019101096A1 (zh) | 安全验证的方法、装置及移动终端 | |
CN108551521B (zh) | 一种登录信息提示方法及移动终端 | |
WO2018049893A1 (zh) | 数据传输方法及终端设备 | |
CN104573437B (zh) | 信息认证方法、装置和终端 | |
CN106255102B (zh) | 一种终端设备的鉴定方法及相关设备 | |
WO2014000652A1 (zh) | 浏览器插件安装方法、装置及终端 | |
WO2019007371A1 (zh) | 一种防止信息被盗的方法、存储设备及移动终端 | |
WO2018161540A1 (zh) | 指纹注册方法及相关产品 | |
WO2016192511A1 (zh) | 远程删除信息的方法和装置 | |
WO2019019837A1 (zh) | 生物识别方法及相关产品 | |
CN116679967B (zh) | 一种基本输入输出系统固件升级方法和装置 | |
CN108491713B (zh) | 一种安全提醒方法和电子设备 | |
CN106713319B (zh) | 终端间的远程控制方法、装置、系统及移动终端 | |
WO2018166169A1 (zh) | 指纹识别方法及相关产品 | |
WO2019071581A1 (zh) | 一种应用启动的控制方法及用户终端 | |
CN106815510B (zh) | 一种数据处理的方法及终端 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14830222 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC ( EPO FORM 1205A DATED 28/06/2016 ) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 14830222 Country of ref document: EP Kind code of ref document: A1 |