Nothing Special   »   [go: up one dir, main page]

CN106022165A - Access control method and device - Google Patents

Access control method and device Download PDF

Info

Publication number
CN106022165A
CN106022165A CN201610378432.5A CN201610378432A CN106022165A CN 106022165 A CN106022165 A CN 106022165A CN 201610378432 A CN201610378432 A CN 201610378432A CN 106022165 A CN106022165 A CN 106022165A
Authority
CN
China
Prior art keywords
application
user data
data
user
system level
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610378432.5A
Other languages
Chinese (zh)
Inventor
蒋罗
傅文治
吕楠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Original Assignee
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yulong Computer Telecommunication Scientific Shenzhen Co Ltd filed Critical Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority to CN201610378432.5A priority Critical patent/CN106022165A/en
Publication of CN106022165A publication Critical patent/CN106022165A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1448Management of the data involved in backup or backup restore
    • G06F11/1451Management of the data involved in backup or backup restore by selection of backup contents
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/629Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Quality & Reliability (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides an access control method and device. After a freezing operation is triggered, designated data can be obtained from an application corresponding to the freezing operation, user data are obtained from the designated data, the user data are encrypted and saved in a system-level safe partition, and the system-level safe partition allows system-level interface access, so that a counterfeited legal application cannot access the user data in the system-level safe partition, the probability that the user data is leaked is reduced, and the safety of the user data is improved. In addition, after the freezing operation is triggered, the corresponding application is frozen, for example, the applications lower in using frequency can be frozen, and accordingly system resource waste is reduced. After the application is frozen, the user data corresponding to the application can be accessed through a system-level interface, it means that the user data corresponding to the application can be also accessed without application unfreezing processing, and accordingly application freezing times and unfreezing times are decreased.

Description

A kind of access control method and device
Technical field
The invention belongs to apply access control technology field, in particular, particularly relate to a kind of access and control Method and device processed.
Background technology
Along with the application on intelligent terminal gets more and more, a lot of application are required for accessing the use on intelligent terminal User data, such as instant messaging application need accessing address list, navigation application to need to access intelligent terminal's Position authenticates class application then needs to access the mark of intelligent terminal, but these apply the visits to data Ask and can cause leaking data, reduce the safety of data.
The method controlling to use to application access data at present is: obtains and accesses the application specifying data Identification key, and judge to apply according to identification key the most legal, if known according to identity Other key judges that application is valid application, then can control the valid application access to specifying data.
By above-mentioned control method can based on application identification double secret key intelligent terminal on whole answer With screening, the valid application in all being applied, the valid application on intelligent terminal can visit Ask appointment data.But this method needs identification key corresponding for valid application configuration in advance, If after disabled user gets the identification key that valid application is corresponding, then can be corresponding by valid application Identification cipher key configuration in illegal application, in this case, intelligent terminal is illegally should With being identified as valid application, to allow the valid application forged to access appointment data, cause leaking data, Thus reduce the safety of data.
Summary of the invention
In view of this, it is an object of the invention to provide a kind of access control method and device, behaviour will be freezed Make the ciphering user data in corresponding application to preserve to the security partitioning of system level so that forgery Valid application cannot access user data from the security partitioning of system level, improves the safety of data. Technical scheme is as follows:
The present invention provides a kind of access control method, and described method includes:
After triggering freeze operation, determine the application corresponding with described freeze operation;
Obtain the appointment data that described application is corresponding, and described appointment data are backed up, described appointment Data are recovered to the state before freezing after thawing in described application;
Obtaining user data from described appointment data, described user data is that described application is in use deposited The data of storage;
Described user data is encrypted, and the user data after encryption is preserved the peace to system level In full subregion;
Freeze described application to process.
Preferably, described method also includes: receive the access request sent by the interface of system level;
Based on the key word carried in described access request, obtain and described key from described security partitioning The user data that word is corresponding;
By the user data output corresponding with described key word.
Preferably, described method also includes: obtain the User Identity of user data described in current accessed;
If described User Identity mates with default identity, then performing will be corresponding with described key word User data output step or perform based on the key word carried in described access request, from described Security partitioning obtains the step of the user data corresponding with described key word.
Preferably, described acquisition user data from described appointment data, including: should receiving permission After instruction user data accessed after freezing, from described appointment data, obtain described user data.
Preferably, described method also includes: state application being detected reach pre-conditioned in the case of Or receive after freezing instruction, trigger freeze operation.
The present invention also provides for a kind of access control apparatus, and described device includes:
Determine unit, for, after triggering freeze operation, determining the application corresponding with described freeze operation;
First acquiring unit, for obtaining the appointment data that described application is corresponding, and to described appointment data Backing up, described appointment data are recovered to the state before freezing after thawing in described application;
Second acquisition unit, for obtaining user data from described appointment data, described user data is The data that described application in use stores;
Memory element, for being encrypted described user data, and preserves the user data after encryption To the security partitioning of system level;
Processing unit, for freezing process to described application.
Preferably, described device also includes:
Receive unit, for receiving the access request sent by the interface of system level;
3rd acquiring unit, for based on the key word carried in described access request, divides from described safety District obtains the user data corresponding with described key word;
Output unit, for by the user data output corresponding with described key word.
Preferably, described device also includes:
4th acquiring unit, for obtaining the User Identity of user data described in current accessed;
First trigger element, for when described User Identity mates with default identity, triggers Described output unit or described 3rd acquiring unit.
Preferably, described second acquisition unit, for receiving after permission application is freezed user data After the instruction accessed, from described appointment data, obtain described user data.
Preferably, described device also includes: the second trigger element, for reaching in state application being detected To in the case of pre-conditioned or after receiving and freezing instruction, trigger freeze operation.
Compared with prior art, the technique scheme that the present invention provides has the advantage that
Knowable to technique scheme, after triggering freeze operation, can answer from corresponding with freeze operation Get appointment data in, and from specifying, data obtain user data, will protect after ciphering user data Deposit to the security partitioning of system level, and the interface that the security partitioning of system level allows system level is visited Asking, the valid application therefore forged cannot access the user data in the security partitioning of system level, reduces The probability that user data is compromised, improves the safety of user data.
And after triggering freeze operation, the frozen process of corresponding application, such as can be to using frequency The relatively low application of rate carries out freezing to process, thus reduces the waste of system resource.And apply frozen after its Corresponding user data still can be by the interface accessing of system level, and this means that application is without thawing Process and the user data of its correspondence also can be made to be accessed, thus reduce application and freeze number of times and defrosting number of times.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to reality Execute the required accompanying drawing used in example or description of the prior art to be briefly described, it should be apparent that below, Accompanying drawing in description is some embodiments of the present invention, for those of ordinary skill in the art, not On the premise of paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is a kind of flow chart of the access control method that the embodiment of the present invention provides;
Fig. 2 is the schematic diagram of the display interface that the embodiment of the present invention provides;
Fig. 3 is the another kind of flow chart of the access control method that the embodiment of the present invention provides;
Fig. 4 is a kind of structural representation of the access control apparatus that the embodiment of the present invention provides;
Fig. 5 is the another kind of structural representation of the access control apparatus that the embodiment of the present invention provides.
Detailed description of the invention
Access control method and the thought of device that the embodiment of the present invention provides is: after triggering freeze operation, Determine the application corresponding with freeze operation, from the appointment data that application is corresponding, obtain user data, and will Preserve after ciphering user data to the security partitioning of system level, and the security partitioning of system level allows The interface accessing of system level, the valid application therefore forged cannot access in the security partitioning of system level User data, reduce the compromised probability of user data, improve the safety of user data.
For making the purpose of the embodiment of the present invention, technical scheme and advantage clearer, below in conjunction with this Accompanying drawing in bright embodiment, is clearly and completely described the technical scheme in the embodiment of the present invention, Obviously, described embodiment is a part of embodiment of the present invention rather than whole embodiments.Based on Embodiment in the present invention, those of ordinary skill in the art are obtained under not making creative work premise The every other embodiment obtained, broadly falls into the scope of protection of the invention.
Refer to Fig. 1, it illustrates a kind of flow chart of the access control method that the embodiment of the present invention provides, May comprise steps of:
101: after triggering freeze operation, determine the application corresponding with freeze operation.Wherein freeze operation is used Freeze in triggering the application by corresponding, and applying after freezing cannot be run before defrosting, therefore with After application that freeze operation is corresponding is frozen, the upper number of applications run of intelligent terminal reduces, thus drops The occupancy of low system resource.
Such as some application (referred to collectively below as low frequency applications) that use frequency is relatively low, these Although it is relatively low that low frequency applications is arranged on upper still its running frequency of intelligent terminal, therefore should for these low frequencies For with, can be freezed by freeze operation so that low frequency applications cannot be run automatically, reduce low frequency System resource is taken by application, thus reduces the waste of system resource.
Based on above-mentioned analysis, a kind of mode that embodiment of the present invention freeze operation triggers is: should detecting State reach pre-conditioned in the case of, trigger freeze operation.The most pre-conditioned can with application Use frequency on the basis of a predeterminated frequency is set, when the use frequency of application being detected less than presetting frequency During rate, it is determined that corresponding application is low frequency applications, now can automatically trigger freeze operation.
In embodiments of the present invention, the another way triggering freeze operation is: manually triggering, it is concrete Process may is that in the viewing area of intelligent terminal can show a display interface, described display interface For application being carried out freeze operation and operation of thawing, display interface is provided with freezing button and defrosting Button, and on display interface below pull-shaped formula display intelligent terminal on install whole application, such as Fig. 2 Shown in.
Wherein instruction is freezed in freezing button association, is used for triggering freeze operation, triggers freezing button user After, associate with freezing button freeze instruction sent, intelligent terminal receive freeze instruction after, touch Send out freeze operation.Corresponding, the association of defrosting button is thawed instruction, is used for triggering defrosting operation, with After defrosting button is triggered at family, the defrosting instruction associated with defrosting button is sent, and intelligent terminal is receiving Thaw after instruction, trigger operation of thawing.
After triggering freeze operation, freeze operation carries the application identities of application, and answers for each For with, application identities is unique, and therefore the application identities by carrying in freeze operation may determine that The application corresponding with freeze operation.
102: obtain the appointment data that application is corresponding, and to specifying data to back up, it is intended that data are used for Recover to the state before freezing after application is thawed.That is to the purpose specifying data to back up it is: After the application corresponding with freeze operation is thawed, can recover to the state before freezing, as freezed front application Once accessed which data and had which picture etc. by application memory.
In embodiments of the present invention, above-mentioned appointment data can include visiting when the installation data of application, operation The data of other application asked and user data, the data of other application accessed when wherein running are main It is system resource, operationally needs such as application to access address list.User data be then user in use The data of storage, such as link, the picture of collection, the operation history of user and the private of application of user's collection Close state tag such as grade, if whether application is hiden application, if for locking application etc..
Above-mentioned appointment data are stored in the file of intelligent terminal's configuration, and intelligent terminal is each file Folder is configured with corresponding store path, therefore after determining the application corresponding with freeze operation, and Ke Yijin One step determines the appointment data that application is corresponding, then obtain from corresponding store path with apply corresponding Appointment data.
103: obtaining user data data from specifying, wherein user data is applied and in use stored Data, link, the picture of collection, the operation history of user and the secret of application collected such as above-mentioned user Whether it is hiden application Deng state tag, such as application, if for locking application etc..
And be to receive after permission application is freezed user data visit from specifying acquisition user data data Perform after the instruction asked, i.e. before obtaining user data, it is necessary first to inquiry user is after application is freezed No permission continues to access user data, the most then mean to receive after permission application is freezed user The instruction of data access, now can obtain user data data from specifying, can be by by this operation User determines the data whether relating to user's secret in user data, if being not involved with user's secret Data, then can to intelligent terminal send allow application freeze after to user data access instruction, with Trigger from specifying the operation obtaining user data data.
104: user data is encrypted, and the user data after encryption is preserved the peace to system level In full subregion.In embodiments of the present invention, the security partitioning of system level is only can be by system level Application and interface accessing, and the safe coefficient of the application of system level and interface answering higher than other ranks With and interface so that disabled user is difficult to forge application and the interface of this rank, and then when after encryption User data preserves to the security partitioning of system level, is only capable of the application by system level and interface comes Access, and the valid application forged be cannot access from the security partitioning of system level these encryption after User data, therefore by the encryption of user data and will encryption after user data preserve to being The other security partitioning of irrespective of size can reduce the probability that user data is revealed, improve the safety of user data.
105: freeze application to process.After application is frozen, applying before defrosting is cannot be automatic Run, thus reduce the application waste to system resource.And after applying corresponding user data encrypted It is stored in the security partitioning of system level, when the application received by system level or interface send After access request, the user data that application is corresponding can be got from the security partitioning of system level, real Now apply in the case of not thawing, still can normally access user data, thus reduce application and freeze number of times With defrosting number of times.
Such as the application of medical treatment class, can be by the application of medical treatment class for other are applied Being considered as low frequency applications, the access control method provided by the embodiment of the present invention can be to the application of medical treatment class Perform freeze operation, the peace of system level will be stored in after ciphering user data corresponding for the application of medical treatment class In full subregion, as which kind of disease storage user is crossed by the application query of medical treatment class, preengage which doctor And clinic, and place an order to obtain which medicine etc..When user needs again to inquire about disease, can pass through The interface searching interface of system level inquires about disease, and detailed process is: input from searching interface The key word that disease is corresponding, then can trigger intelligent terminal after clicking on search and freeze in the application of medical treatment class In the case of knot, from the security partitioning of system level, search for the user data corresponding with key word.
Knowable to technique scheme, after triggering freeze operation, can answer from corresponding with freeze operation Get appointment data in, and from specifying, data obtain user data, will protect after ciphering user data Deposit to the security partitioning of system level, and the interface that the security partitioning of system level allows system level is visited Asking, the valid application therefore forged cannot access the user data in the security partitioning of system level, reduces The probability that user data is compromised, improves the safety of user data.
And after triggering freeze operation, the frozen process of corresponding application, such as can be to using frequency The relatively low application of rate carries out freezing to process, thus reduces the waste of system resource.And apply frozen after its Corresponding user data still can be by the interface accessing of system level, and this means that application is without thawing Process and the user data of its correspondence also can be made to be accessed, thus reduce application and freeze number of times and defrosting number of times.
Refer to Fig. 3, it illustrates the another kind of flow process of the access control method that the embodiment of the present invention provides Figure, can also comprise the following steps on the basis of Fig. 1:
106: receive the access request sent by the interface of system level.
107: based on the key word carried in access request, obtain corresponding with key word from security partitioning User data.
Wherein access request is that user wishes to conduct interviews the user data in the security partitioning of system level Time, sent by the interface of system level, and access request carries key word, described key Word is used for indicating currently to search for for which user data.
Such as the application of above-mentioned medical treatment class, can be in the interface searching interface of system level Middle input represents the key word of disease, and when clicking on the search button of searching interface, access request is sent, Intelligent terminal, after receiving access request, searches for corresponding use based on the key word representing disease User data, as in the security partitioning of system level storage the therapeutic scheme relevant to disease, expert and examine Institute etc..
108: by the user data output corresponding with key word.In embodiments of the present invention, will be with key word A kind of mode of corresponding user data output is: user data shows the viewing area intelligent terminal In, or user data is sent to on the electronic equipment carried with of user of intelligent terminal's binding, And show on the viewing area of the electronic equipment carried with user.
Another way is then: export user data, this mode intelligent terminal with voice broadcasting modes Limited in sight line or for the crowd that vision is more weak, it is simple to checking of user data.
Other modes it may also is that user data is shown during the viewing area of intelligent terminal, Simultaneous voice plays user data.
In embodiments of the present invention, when accessing user data by the interface of system level, it is also possible to The seam of system level can arrange user authentication mechanism, and the user meeting user authentication mechanism can look into See the user data of storage in security partitioning.Such as obtain the User Identity of current accessed user data, Wherein User Identity can be finger print information or the access password of user's input of user;Work as user Identity is mated with default identity, then perform step 108 by the user data corresponding with key word Output, the user so meeting access rights then can check user data from by intelligent terminal.
Or when User Identity mates with default identity, perform step 107, with from safety Subregion obtains the user data output corresponding with key word, equally makes to meet the user of access rights User data is checked by intelligent terminal.
In embodiments of the present invention, above-mentioned default identity and User Identity are same type of body Part mark, during such as finger print information that User Identity is user, default identity is pre-enter The information of certain fingerprint of user, when same User Identity is the access password that user inputs, in advance The access password that if identity is user to be pre-configured with, and due to for any one user, its Finger print information is unique, and therefore presetting identity in the embodiment of the present invention can be preferred with User Identity Finger print information.
Knowable to technique scheme, the seam in system level can arrange user authentication mechanism, when When User Identity mates with default identity, the user that the key word that access request carried is corresponding Data output or the user data that acquisition is corresponding with key word from security partitioning so that only with default body The user of part mark coupling can check the user data corresponding with key word, and then improves the safety of data Property.
For aforesaid each method embodiment, in order to be briefly described, therefore it is all expressed as a series of dynamic Combining, but those skilled in the art should know, the present invention is not by described sequence of movement Limiting, because according to the present invention, some step can use other orders or carry out simultaneously.Secondly, Those skilled in the art also should know, embodiment described in this description belongs to preferred embodiment, Necessary to involved action and the module not necessarily present invention.
Corresponding with said method embodiment, the embodiment of the present invention also provides for a kind of access control apparatus, its Structural representation as shown in Figure 4, may include that and determines unit the 11, first acquiring unit 12, second obtains Take unit 13, memory element 14 and processing unit 15.
Determine unit 11, for, after triggering freeze operation, determining the application corresponding with freeze operation.Its Corresponding application is freezed by middle freeze operation for triggering, and applying before defrosting after freezing is to transport Row, after therefore corresponding with freeze operation application is frozen, the upper number of applications run of intelligent terminal Reduce, thus reduce the occupancy of system resource.
Such as some application (referred to collectively below as low frequency applications) that use frequency is relatively low, these Although it is relatively low that low frequency applications is arranged on upper still its running frequency of intelligent terminal, therefore should for these low frequencies For with, can be freezed by freeze operation so that low frequency applications cannot be run automatically, reduce low frequency System resource is taken by application, thus reduces the waste of system resource.
Based on above-mentioned analysis, the access control apparatus that the embodiment of the present invention provides can also include the second triggering Unit, is used for triggering freeze operation, and a kind of mode of the second trigger element triggering freeze operation is: Detect the state of application reach pre-conditioned in the case of, trigger freeze operation.The most pre-conditioned can To arrange a predeterminated frequency, when use frequency application being detected is little on the basis of the use frequency of application When predeterminated frequency, it is determined that corresponding application is low frequency applications, now can automatically trigger freeze operation.
In embodiments of the present invention, the another way of the second trigger element triggering freeze operation is: manually Triggering, its detailed process may is that in the viewing area of intelligent terminal can show a display interface, Described display interface, for application carries out freeze operation and operation of thawing, is provided with in display interface and freezes Knot button and defrosting button, and installation whole on following pull-shaped formula display intelligent terminal on display interface Application, as shown in Figure 2.
Wherein instruction is freezed in freezing button association, is used for triggering freeze operation, triggers freezing button user After, associate with freezing button freeze instruction sent, the second trigger element receive freeze instruction after, Trigger freeze operation.Corresponding, the association of defrosting button is thawed and is instructed, and is used for triggering defrosting operation, After user triggers defrosting button, the defrosting instruction associated with defrosting button is sent, and the second trigger element exists After receiving defrosting instruction, trigger operation of thawing.
After triggering freeze operation, freeze operation carries the application identities of application, and answers for each For with, application identities is unique, and therefore the application identities by carrying in freeze operation may determine that The application corresponding with freeze operation.
First acquiring unit 12, for obtaining the appointment data that application is corresponding, and to specifying data to carry out standby Part, it is intended that data are recovered to the state before freezing after thawing in application.That is to specifying data The purpose carrying out backing up is: after the application corresponding with freeze operation is thawed, and can recover to before freezing Which data was state, once accessed as freezed front application and had which picture etc. by application memory.
In embodiments of the present invention, above-mentioned appointment data can include visiting when the installation data of application, operation The data of other application asked and user data, the data of other application accessed when wherein running are main It is system resource, operationally needs such as application to access address list.User data be then user in use The data of storage, such as link, the picture of collection, the operation history of user and the private of application of user's collection Close state tag such as grade, if whether application is hiden application, if for locking application etc..
Above-mentioned appointment data are stored in the file of intelligent terminal's configuration, and intelligent terminal is each file Folder is configured with corresponding store path, therefore after determining the application corresponding with freeze operation, and Ke Yijin One step determines the appointment data that application is corresponding, then obtain from corresponding store path with apply corresponding Appointment data.
Second acquisition unit 13, for from specifying acquisition user data data, user data is to apply Use the data of middle storage, the link collected such as above-mentioned user, the picture of collection, the operation history of user The state tags such as the secret with application, if whether application is hiden application, if for locking application etc..
And be to receive after permission application is freezed user data visit from specifying acquisition user data data Perform after the instruction asked, i.e. before obtaining user data, it is necessary first to inquiry user is after application is freezed No permission continues to access user data, the most then mean to receive after permission application is freezed user The instruction of data access, now can obtain user data data from specifying, can be by by this operation User determines the data whether relating to user's secret in user data, if being not involved with user's secret Data, then can to intelligent terminal send allow application freeze after to user data access instruction, with Trigger from specifying the operation obtaining user data data.
Memory element 14, for being encrypted user data, and preserves the user data after encryption extremely In the security partitioning of system level.In embodiments of the present invention, the security partitioning of system level is the most permissible By the application of system level and interface accessing, and the safe coefficient of the application of system level and interface is higher than The application of other ranks and interface so that disabled user is difficult to forge application and the interface of this rank, enters And when the user data after encryption preserves to the security partitioning of system level, be only capable of by system level Application and interface access, and the valid application forged is cannot to access from the security partitioning of system level User data after these encryptions, therefore by the encryption to user data and by the user after encryption Data preserve and can reduce the probability that user data is revealed to the security partitioning of system level, improve user The safety of data.
Processing unit 15, for freezing process to application.After application is frozen, applies and thawing Before cannot automatically run, thus reduce the application waste to system resource.And apply the user of correspondence It is stored in the security partitioning of system level after data are encrypted, when receiving the application by system level Or after the access request of interface transmission, application correspondence can be got from the security partitioning of system level User data, it is achieved apply and still can normally access user data in the case of not thawing, thus reduce Number of times and defrosting number of times are freezed in application.
Such as the application of medical treatment class, can be by the application of medical treatment class for other are applied Being considered as low frequency applications, the access control apparatus provided by the embodiment of the present invention can be to the application of medical treatment class Perform freeze operation, the peace of system level will be stored in after ciphering user data corresponding for the application of medical treatment class In full subregion, as which kind of disease storage user is crossed by the application query of medical treatment class, preengage which doctor And clinic, and place an order to obtain which medicine etc..When user needs again to inquire about disease, can pass through The interface searching interface of system level inquires about disease, and detailed process is: input from searching interface The key word that disease is corresponding, then can trigger intelligent terminal after clicking on search and freeze in the application of medical treatment class In the case of knot, from the security partitioning of system level, search for the user data corresponding with key word.
Knowable to technique scheme, after triggering freeze operation, can answer from corresponding with freeze operation Get appointment data in, and from specifying, data obtain user data, will protect after ciphering user data Deposit to the security partitioning of system level, and the interface that the security partitioning of system level allows system level is visited Asking, the valid application therefore forged cannot access the user data in the security partitioning of system level, reduces The probability that user data is compromised, improves the safety of user data.
And after triggering freeze operation, the frozen process of corresponding application, such as can be to using frequency The relatively low application of rate carries out freezing to process, thus reduces the waste of system resource.And apply frozen after its Corresponding user data still can be by the interface accessing of system level, and this means that application is without thawing Process and the user data of its correspondence also can be made to be accessed, thus reduce application and freeze number of times and defrosting number of times.
Referring to Fig. 5, the another kind of structure that it illustrates the access control apparatus that the embodiment of the present invention provides is shown It is intended to, can also include on the basis of Fig. 4: receive unit the 16, the 3rd acquiring unit 17 and output unit 18。
Receive unit 16, for receiving the access request sent by the interface of system level.
3rd acquiring unit 17, for based on the key word carried in access request, obtains from security partitioning Take the user data corresponding with key word.
Wherein access request is that user wishes to conduct interviews the user data in the security partitioning of system level Time, sent by the interface of system level, and access request carries key word, described key Word is used for indicating currently to search for for which user data.
Such as the application of above-mentioned medical treatment class, can be in the interface searching interface of system level Middle input represents the key word of disease, and when clicking on the search button of searching interface, access request is sent, Intelligent terminal, after receiving access request, searches for corresponding use based on the key word representing disease User data, as in the security partitioning of system level storage the therapeutic scheme relevant to disease, expert and examine Institute etc..
Output unit 18, for by the user data output corresponding with key word.In embodiments of the present invention, By a kind of mode of the user data output corresponding with key word it is: user data is shown intelligent terminal Viewing area in, or user data is sent to and the electricity carried with of user of intelligent terminal's binding On subset, and show on the viewing area of the electronic equipment carried with user.
Another way is then: export user data, this mode intelligent terminal with voice broadcasting modes Limited in sight line or for the crowd that vision is more weak, it is simple to checking of user data.
Other modes it may also is that user data is shown during the viewing area of intelligent terminal, Simultaneous voice plays user data.
In embodiments of the present invention, when accessing user data by the interface of system level, it is also possible to The seam of system level can arrange user authentication mechanism, and the user meeting user authentication mechanism can look into See the user data of storage in security partitioning.Concrete, the access control apparatus of embodiment of the present invention offer Can also include: the 4th acquiring unit and the first trigger element.
4th acquiring unit, for obtaining the User Identity of current accessed user data.
First trigger element, for when User Identity mates with default identity, triggers output Unit or the 3rd acquiring unit.
In embodiments of the present invention, above-mentioned default identity and User Identity are same type of body Part mark, during such as finger print information that User Identity is user, default identity is pre-enter The information of certain fingerprint of user, when same User Identity is the access password that user inputs, in advance The access password that if identity is user to be pre-configured with, and due to for any one user, its Finger print information is unique, and therefore presetting identity in the embodiment of the present invention can be preferred with User Identity Finger print information.
Knowable to technique scheme, the seam in system level can arrange user authentication mechanism, when When User Identity mates with default identity, the user that the key word that access request carried is corresponding Data output or the user data that acquisition is corresponding with key word from security partitioning so that only with default body The user of part mark coupling can check the user data corresponding with key word, and then improves the safety of data Property.
Finally, it should be noted that in this article, the relational terms of such as first and second or the like is only Only be used for by an entity or operation separate with another entity or operating space, and not necessarily require or Person implies relation or the order that there is any this reality between these entities or operation.And, term " include ", " comprising " or its any other variant are intended to comprising of nonexcludability, so that include The process of a series of key elements, method, article or equipment not only include those key elements, but also include not There are other key elements being expressly recited, or also include for this process, method, article or equipment institute Intrinsic key element.In the case of there is no more restriction, statement " including ... " key element limited, It is not precluded from there is also in including the process of described key element, method, article or equipment other identical Key element.
Described above to the disclosed embodiments, makes those skilled in the art be capable of or uses this Bright.Multiple amendment to these embodiments will be apparent from, herein for a person skilled in the art Defined in General Principle can be real at other without departing from the spirit or scope of the present invention Execute in example and realize.Therefore, the present invention is not intended to be limited to the embodiments shown herein, and is intended to Meet the widest scope consistent with principles disclosed herein and features of novelty.
The above is only the preferred embodiment of the present invention, it is noted that general for the art For logical technical staff, under the premise without departing from the principles of the invention, it is also possible to make some improvement and profit Decorations, these improvements and modifications also should be regarded as protection scope of the present invention.

Claims (10)

1. an access control method, it is characterised in that described method includes:
After triggering freeze operation, determine the application corresponding with described freeze operation;
Obtain the appointment data that described application is corresponding, and described appointment data are backed up, described appointment Data are recovered to the state before freezing after thawing in described application;
Obtaining user data from described appointment data, described user data is that described application is in use deposited The data of storage;
Described user data is encrypted, and the user data after encryption is preserved the peace to system level In full subregion;
Freeze described application to process.
Method the most according to claim 1, it is characterised in that described method also includes: receive logical Cross the access request that the interface of system level sends;
Based on the key word carried in described access request, obtain and described key from described security partitioning The user data that word is corresponding;
By the user data output corresponding with described key word.
Method the most according to claim 2, it is characterised in that described method also includes: obtain and work as The User Identity of the described user data of front access;
If described User Identity mates with default identity, then performing will be corresponding with described key word User data output step or perform based on the key word carried in described access request, from described Security partitioning obtains the step of the user data corresponding with described key word.
Method the most according to claim 1, it is characterised in that described obtain from described appointment data Take user data, including: after receiving the instruction after permission application is freezed, user data accessed, from Described appointment data obtain described user data.
Method the most according to claim 1, it is characterised in that described method also includes: in detection To application state reach pre-conditioned in the case of or receive freeze instruction after, trigger freeze operation.
6. an access control apparatus, it is characterised in that described device includes:
Determine unit, for, after triggering freeze operation, determining the application corresponding with described freeze operation;
First acquiring unit, for obtaining the appointment data that described application is corresponding, and to described appointment data Backing up, described appointment data are recovered to the state before freezing after thawing in described application;
Second acquisition unit, for obtaining user data from described appointment data, described user data is The data that described application in use stores;
Memory element, for being encrypted described user data, and preserves the user data after encryption To the security partitioning of system level;
Processing unit, for freezing process to described application.
Device the most according to claim 6, it is characterised in that described device also includes:
Receive unit, for receiving the access request sent by the interface of system level;
3rd acquiring unit, for based on the key word carried in described access request, divides from described safety District obtains the user data corresponding with described key word;
Output unit, for by the user data output corresponding with described key word.
Device the most according to claim 7, it is characterised in that described device also includes:
4th acquiring unit, for obtaining the User Identity of user data described in current accessed;
First trigger element, for when described User Identity mates with default identity, triggers Described output unit or described 3rd acquiring unit.
Device the most according to claim 6, it is characterised in that described second acquisition unit, is used for After receiving the instruction after permission application is freezed, user data accessed, obtain from described appointment data Described user data.
Device the most according to claim 6, it is characterised in that described device also includes: second Trigger element, for state application being detected reach pre-conditioned in the case of or receive and freeze After instruction, trigger freeze operation.
CN201610378432.5A 2016-05-31 2016-05-31 Access control method and device Pending CN106022165A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610378432.5A CN106022165A (en) 2016-05-31 2016-05-31 Access control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610378432.5A CN106022165A (en) 2016-05-31 2016-05-31 Access control method and device

Publications (1)

Publication Number Publication Date
CN106022165A true CN106022165A (en) 2016-10-12

Family

ID=57092909

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610378432.5A Pending CN106022165A (en) 2016-05-31 2016-05-31 Access control method and device

Country Status (1)

Country Link
CN (1) CN106022165A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106874795A (en) * 2017-01-16 2017-06-20 北京奇虎科技有限公司 A kind of tamper machine method of mobile terminal, device and mobile terminal
CN106874805A (en) * 2017-01-16 2017-06-20 北京奇虎科技有限公司 A kind of data guard method, device and mobile terminal
WO2023193318A1 (en) * 2022-04-08 2023-10-12 珠海艾派克微电子有限公司 Chip, encoding device, electronic device, and authentication data update system and method

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103559455A (en) * 2013-09-27 2014-02-05 李天才 Android device personal information protection method based on user identification
CN103699406A (en) * 2013-12-05 2014-04-02 广东欧珀移动通信有限公司 Method and device for intelligently freezing long-term unused applications
CN104021352A (en) * 2014-05-14 2014-09-03 上海卓悠网络科技有限公司 Method and system for isolating applications through data
CN104284024A (en) * 2014-09-30 2015-01-14 厦门美图移动科技有限公司 Method for hiding contact person information on intelligent device
CN104869255A (en) * 2015-05-28 2015-08-26 广东欧珀移动通信有限公司 Application access method and device and mobile terminal
CN104881299A (en) * 2014-02-28 2015-09-02 可牛网络技术(北京)有限公司 Application program freezing method and apparatus
CN105468426A (en) * 2016-01-05 2016-04-06 珠海市魅族科技有限公司 Application freezing method and terminal
CN105610671A (en) * 2016-01-11 2016-05-25 北京奇虎科技有限公司 Terminal data protection method and device

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103559455A (en) * 2013-09-27 2014-02-05 李天才 Android device personal information protection method based on user identification
CN103699406A (en) * 2013-12-05 2014-04-02 广东欧珀移动通信有限公司 Method and device for intelligently freezing long-term unused applications
CN104881299A (en) * 2014-02-28 2015-09-02 可牛网络技术(北京)有限公司 Application program freezing method and apparatus
CN104021352A (en) * 2014-05-14 2014-09-03 上海卓悠网络科技有限公司 Method and system for isolating applications through data
CN104284024A (en) * 2014-09-30 2015-01-14 厦门美图移动科技有限公司 Method for hiding contact person information on intelligent device
CN104869255A (en) * 2015-05-28 2015-08-26 广东欧珀移动通信有限公司 Application access method and device and mobile terminal
CN105468426A (en) * 2016-01-05 2016-04-06 珠海市魅族科技有限公司 Application freezing method and terminal
CN105610671A (en) * 2016-01-11 2016-05-25 北京奇虎科技有限公司 Terminal data protection method and device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106874795A (en) * 2017-01-16 2017-06-20 北京奇虎科技有限公司 A kind of tamper machine method of mobile terminal, device and mobile terminal
CN106874805A (en) * 2017-01-16 2017-06-20 北京奇虎科技有限公司 A kind of data guard method, device and mobile terminal
WO2023193318A1 (en) * 2022-04-08 2023-10-12 珠海艾派克微电子有限公司 Chip, encoding device, electronic device, and authentication data update system and method

Similar Documents

Publication Publication Date Title
Jonas et al. Effective counterterrorism and the limited role of predictive data mining
US20200118124A1 (en) Distributed ledger for encrypted digital identity
EP2731042B1 (en) Computer system for storing and retrieval of encrypted data items using a tablet computer and computer-implemented method
US9189606B2 (en) Information privacy system and method
CN104699559B (en) Backing up distributed data method and system
US20150040203A1 (en) Authentication method of wearable device and wearable device
US20220020235A1 (en) Blockchain-controlled and location-validated locking systems and methods
JP7502729B2 (en) System and method for secure access to assets or information using blockchain
Lu et al. Privacy information security classification study in internet of things
CN110706379A (en) Access control method and device based on block chain
CN106612259A (en) Identity recognition method and device, service information processing method and device and biological feature information processing method and device
US20150278604A1 (en) Systems, Devices And Methods For Person And Object Tracking And Data Exchange
US10387671B2 (en) Private data management system and method therefor
US20100214057A1 (en) Biometric device, system, and method for individual access control
CN106971159A (en) A kind of image definition recognition methods, identity identifying method and device
CN104967594B (en) Stolen account identification method and apparatus
CN106022165A (en) Access control method and device
Simmons The mirage of use restrictions
Levashov The Rise of New Type of Surveillance for Which the Law Wasn't Ready
CN106096384A (en) A kind of data processing method and device
De Rosa Privacy in the age of terror
Setiawan Cyber terrorism and its prevention in Indonesia
CN106157412A (en) A kind of personnel's access system and method
CN112967423A (en) Method, system, equipment and storage medium for unlocking coded lock
CN110447034A (en) The method for being securely accessed by data

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20161012

RJ01 Rejection of invention patent application after publication