CN104506563A - Process access control method, process access control system and terminal - Google Patents
Process access control method, process access control system and terminal Download PDFInfo
- Publication number
- CN104506563A CN104506563A CN201510030232.6A CN201510030232A CN104506563A CN 104506563 A CN104506563 A CN 104506563A CN 201510030232 A CN201510030232 A CN 201510030232A CN 104506563 A CN104506563 A CN 104506563A
- Authority
- CN
- China
- Prior art keywords
- operating system
- access control
- processes
- switching
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/48—Program initiating; Program switching, e.g. by interrupt
- G06F9/4806—Task transfer initiation or dispatching
- G06F9/4812—Task transfer initiation or dispatching by interrupt, e.g. masked
- G06F9/4831—Task transfer initiation or dispatching by interrupt, e.g. masked with variable priority
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a process access control method, a process access control system and a terminal. The process access control method includes that acquiring a switching command for switching a first process which runs on a first operating system to a second operating system to run; switching the first process to run on the second operating system according to the switching command; controlling the access control process between the other processes of the second operating system and the first process according to the safety levels of the first operating system and second operating system. By means of the technical scheme, the access authority between a plurality of processes can be confirmed according to the safety level of the operating system, and a user does not need to set access authorities for each process and data information to guarantee the safety of assigned resource of each process and the system stability; the user experience is improved.
Description
Technical field
The present invention relates to control technology field, in particular to access control system and a kind of terminal of a kind of access control method of process, a kind of process.
Background technology
In the related, in order to strengthen the experience of user, manufacturer terminal has carried out multiple system compatible in the technology of same terminal, terminal use is made to select operating system according to individual needs and operating habit, and in order to strengthen fail safe, in operating system handoff procedure, cryptographic authorization functions is set, but after systematic evaluation, cipher mode and the level of security of the data message in process all do not change, therefore be the simplification of mode of operation, the access process of data message does not change, in addition, after each systematic evaluation, all need to be conducted interviews authority setting to each process and data message by user, the access rights of ability Update Table information, therefore the more energy and time of user is wasted.
Therefore, the access control scheme how improving process makes the access process of the process of multiple operating system safer and conveniently become technical problem urgently to be resolved hurrily.
Summary of the invention
The present invention just based on above-mentioned technical problem one of at least; propose a kind of access control scheme of new process and a kind of terminal; by the judgement of the level of security to the first operating system and the second operating system; can for process in switching operating system process; the allocated resource relevant to the process that level of security is higher is protected and isolates; in addition; user is after the switching standards of setting process; process can realize the switching of intelligence and the effect of access, and does not need user to carry out loaded down with trivial details handover operation at every turn.
In view of this, the present invention proposes a kind of access control method of process, comprising: obtain the first process switching of operating in described first operating system to the switching command of described second operating system; According to described switching command by described first process switching extremely described second operating system; The access control process between other processes in described second operating system and described first process is controlled according to the level of security of described first operating system and described second operating system.
In this technical scheme; by the judgement of the level of security to the first operating system and the second operating system; can for process in switching operating system process; the allocated resource relevant to the process that level of security is higher is protected and isolates; in addition, user is after the switching standards of setting process, and process can realize the switching of intelligence and the effect of access; and it is more easy not need user to carry out loaded down with trivial details handover operation mode of operation, improves Consumer's Experience at every turn.
Wherein, the first operating system can be the safety system of terminal, and the second operating system can be the conventional system of terminal.
In technique scheme, preferably, according to described switching command by described first process switching to before described second operating system also, comprise following concrete steps: if the level of security of described first operating system is higher than the level of security of described second operating system, then the allocated resource be associated with described first process is encrypted.
In this technical scheme; when the level of security of the first operating system is higher than the second safety system; by being encrypted the allocated resource be associated with described first process; ensure that when running in the first process switching to the second operating system of high safety system; the allocated resource relevant to the first process can obtain encipherment protection; allocated resource is stolen to prevent other processes in the second operating system; or cause the collapse of the first process; wherein, allocated resource comprises application data, the read-write data resource such as code data and associated data of the first process.
In technique scheme, preferably, then the allocated resource be associated with described first process is encrypted, comprises following concrete steps: judge whether described first process comprises private data; When judging that described first process comprises described private data, be encrypted using described private data as described allocated resource.
In this technical scheme, by being encrypted the private data of the first process, when to ensure that with the first process switching to other operating system of low level security, private data by the access of other process of low level security or can not be stolen, to ensure the data security of the first process, wherein, private data comprises encrypted message, account information, private image information and comprises the information of the keyword that user sets.
In technique scheme, preferably, other processes in described second operating system are to the access control process of described first process, comprise following concrete steps: when the access request of other processes in described second operating system that get to described first process, if described first process comprises described private data, then after the confirmation instruction obtaining user, other processes described are allowed to conduct interviews to described first process; If described first process does not comprise described private data, then forbid that other processes described conduct interviews to described first process.
In this technical scheme; by controlling other processes according to the confirmation instruction of user, the first process comprising private data is conducted interviews; ensure that the protection of the private data of the first process further; and set other processes in the second operating system to the access rights of private data according to the user demand of user, further increasing the experience of user.
In technique scheme, preferably, after by described first process switching to described second operating system, also comprise: if the level of security of described first operating system is higher than the level of security of described second operating system, then other processes in described second operating system of storing are to the accessed record of described first process.
In this technical scheme, stored by the accessed record of the first process to high level of security, as the identification record switching to low level safety system from high-level safety system of the first process, the basis for estimation of follow-up handover operation or access control operation accurately can be provided.
Particularly, when the first operating system is safety system, when second operating system is conventional system, from process first time switching operating system, process switches to conventional system from safety system, the then accessed record of storage process, and after conventional system switches to safety system, accessed record is the foundation of handover operation, if process does not comprise accessed record, then process is under the jurisdiction of conventional system at first, if process comprises Visitor Logs, then process is under the jurisdiction of level of security at first, therefore, after switching record through several times, still can determine whether this process belongs to safety system or conventional system according to accessed record.
In technique scheme, preferably, also comprise: obtain and operate in the switching command of the second process switching in described second operating system to described first operating system; According to described switching command by described second process switching extremely described first operating system, and judge whether described second process stores described accessed record; When judging that described second process does not store described accessed record, forbid that described second process conducts interviews to other processes in described first operating system.
In this technical scheme, by whether storing accessed record to the second process to control the access control process of the second process to other processes in the first operating system, second process that accurately controls is to the access process of other processes in the first operating system.
Particularly, when the first operating system is safety system, when second operating system is conventional system, from process first time switching operating system, process switches to conventional system from safety system, the then accessed record of storage process, and after conventional system switches to safety system, accessed record is the foundation of handover operation, if process does not comprise accessed record, then process is under the jurisdiction of conventional system at first, if process comprises Visitor Logs, then process is under the jurisdiction of level of security at first, therefore, when process switches to safety system by conventional system, if process does not comprise accessed record, then forbid that this process conducts interviews to other processes in safety system, to ensure the data security of other processes in safety system.
According to a further aspect in the invention, also proposed a kind of access control system of process, comprising: acquiring unit, for obtaining the first process switching of operating in described first operating system to the switching command of described second operating system; Switch unit, for according to described switching command by described first process switching to described second operating system; Control unit, for controlling the access control process between other processes in described second operating system and described first process according to the level of security of described first operating system and described second operating system.
In this technical scheme; by the judgement of the level of security to the first operating system and the second operating system; can for process in switching operating system process; the allocated resource relevant to the process that level of security is higher is protected and isolates; in addition, user is after the switching standards of setting process, and process can realize the switching of intelligence and the effect of access; and it is more easy not need user to carry out loaded down with trivial details handover operation mode of operation, improves Consumer's Experience at every turn.
Wherein, the first operating system can be the safety system of terminal, and the second operating system can be the conventional system of terminal.
In technique scheme, preferably, comprise following concrete steps: ciphering unit, if for the level of security of described first operating system higher than the level of security of described second operating system, be then encrypted the allocated resource be associated with described first process.
In this technical scheme; when the level of security of the first operating system is higher than the second safety system; by being encrypted the allocated resource be associated with described first process; ensure that when running in the first process switching to the second operating system of high safety system; the allocated resource relevant to the first process can obtain encipherment protection; allocated resource is stolen to prevent other processes in the second operating system; or cause the collapse of the first process; wherein, allocated resource comprises application data, the read-write data resource such as code data and associated data of the first process.
In technique scheme, preferably, also comprise: judging unit, for judging whether described first process comprises private data; Described ciphering unit also for, judge described first process comprise described private data time, be encrypted using described private data as described allocated resource.
In this technical scheme, by being encrypted the private data of the first process, when to ensure that with the first process switching to other operating system of low level security, private data by the access of other process of low level security or can not be stolen, to ensure the data security of the first process, wherein, private data comprises encrypted message, account information, private image information and comprises the information of the keyword that user sets.
In technique scheme, preferably, described control unit also for, when the access request of other processes in described second operating system that get to described first process, if described first process comprises described private data, then after the confirmation instruction obtaining user, other processes described are allowed to conduct interviews to described first process; And if do not comprise described private data for described first process, then forbid that other processes described conduct interviews to described first process.
In this technical scheme; by controlling other processes according to the confirmation instruction of user, the first process comprising private data is conducted interviews; ensure that the protection of the private data of the first process further; and set other processes in the second operating system to the access rights of private data according to the user demand of user, further increasing the experience of user.
In technique scheme, preferably, also comprise: memory cell, if for the level of security of described first operating system higher than the level of security of described second operating system, then other processes in described second operating system of storing are to the accessed record of described first process.
In this technical scheme, stored by the accessed record of the first process to high level of security, as the identification record switching to low level safety system from high-level safety system of the first process, the basis for estimation of follow-up handover operation or access control operation accurately can be provided.
Particularly, when the first operating system is safety system, when second operating system is conventional system, from process first time switching operating system, process switches to conventional system from safety system, the then accessed record of storage process, and after conventional system switches to safety system, accessed record is the foundation of handover operation, if process does not comprise accessed record, then process is under the jurisdiction of conventional system at first, if process comprises Visitor Logs, then process is under the jurisdiction of level of security at first, therefore, after switching record through several times, still can determine whether this process belongs to safety system or conventional system according to accessed record.
In technique scheme, preferably, described acquiring unit also for, obtain and operate in the second process switching in described second operating system switching command to described first operating system; Described judging unit also for, according to described switching command by described second process switching to described first operating system, and judge whether described second process stores described accessed record; Described control unit also for, judge described second process do not store described accessed record time, forbid that described second process conducts interviews to other processes in described first operating system.
In this technical scheme, by whether storing accessed record to the second process to control the access control process of the second process to other processes in the first operating system, second process that accurately controls is to the access process of other processes in the first operating system.
Particularly, when the first operating system is safety system, when second operating system is conventional system, from process first time switching operating system, process switches to conventional system from safety system, the then accessed record of storage process, and after conventional system switches to safety system, accessed record is the foundation of handover operation, if process does not comprise accessed record, then process is under the jurisdiction of conventional system at first, if process comprises Visitor Logs, then process is under the jurisdiction of level of security at first, therefore, when process switches to safety system by conventional system, if process does not comprise accessed record, then forbid that this process conducts interviews to other processes in safety system, to ensure the data security of other processes in safety system.
According to a third aspect of the invention we, also proposed a kind of terminal, comprising: the access control system of the process as described in above-mentioned any one technical scheme.
By above technical scheme; propose a kind of access control scheme of new process and a kind of terminal; by the judgement of the level of security to the first operating system and the second operating system; can for process in switching operating system process; the allocated resource relevant to the process that level of security is higher is protected and isolates; in addition; user is after the switching standards of setting process; process can realize the switching of intelligence and the effect of access; and it is more easy not need user to carry out loaded down with trivial details handover operation mode of operation, improves Consumer's Experience at every turn.
Accompanying drawing explanation
Fig. 1 shows the schematic flow diagram of the access control method of process according to an embodiment of the invention;
Fig. 2 shows the schematic block diagram of the access control system of process according to an embodiment of the invention;
Fig. 3 shows the schematic flow diagram of the access control method of process according to another embodiment of the invention;
Fig. 4 shows the schematic diagram at the access control interface of process according to another embodiment of the invention;
Fig. 5 shows the schematic flow diagram of the access control method of process according to another embodiment of the invention;
Fig. 6 shows the schematic flow diagram of the access control method of process according to still a further embodiment;
Fig. 7 shows the schematic flow diagram of the access control method of process according to another embodiment of the invention;
Fig. 8 shows the schematic diagram at the access control interface of process according to another embodiment of the invention.
Embodiment
In order to more clearly understand above-mentioned purpose of the present invention, feature and advantage, below in conjunction with the drawings and specific embodiments, the present invention is further described in detail.It should be noted that, when not conflicting, the feature in the embodiment of the application and embodiment can combine mutually.
Set forth a lot of detail in the following description so that fully understand the present invention; but; the present invention can also adopt other to be different from other modes described here and implement, and therefore, protection scope of the present invention is not by the restriction of following public specific embodiment.
Fig. 1 shows the schematic flow diagram of the access control method of process according to an embodiment of the invention.
As shown in Figure 1, the access control method of process according to an embodiment of the invention, comprising: step 102, and the first process switching in described first operating system is to the switching command of described second operating system; Step 104, instruction is by described first process switching extremely described second operating system; Step 106, other processes in described second operating system of level of security control of operating system and described second operating system and the access control process between described first process.
In this technical scheme; by the judgement of the level of security to the first operating system and the second operating system; can for process in switching operating system process; the allocated resource relevant to the process that level of security is higher is protected and isolates; in addition, user is after the switching standards of setting process, and process can realize the switching of intelligence and the effect of access; and it is more easy not need user to carry out loaded down with trivial details handover operation mode of operation, improves Consumer's Experience at every turn.
Wherein, the first operating system can be the safety system of terminal, and the second operating system can be the conventional system of terminal.
In technique scheme, preferably, according to described switching command by described first process switching to before described second operating system also, comprise following concrete steps: if the level of security of described first operating system is higher than the level of security of described second operating system, then the allocated resource be associated with described first process is encrypted.
In this technical scheme; when the level of security of the first operating system is higher than the second safety system; by being encrypted the allocated resource be associated with described first process; ensure that when running in the first process switching to the second operating system of high safety system; the allocated resource relevant to the first process can obtain encipherment protection; allocated resource is stolen to prevent other processes in the second operating system; or cause the collapse of the first process; wherein, allocated resource comprises application data, the read-write data resource such as code data and associated data of the first process.
In technique scheme, preferably, then the allocated resource be associated with described first process is encrypted, comprises following concrete steps: judge whether described first process comprises private data; When judging that described first process comprises described private data, be encrypted using described private data as described allocated resource.
In this technical scheme, by being encrypted the private data of the first process, when to ensure that with the first process switching to other operating system of low level security, private data by the access of other process of low level security or can not be stolen, to ensure the data security of the first process, wherein, private data comprises encrypted message, account information, private image information and comprises the information of the keyword that user sets.
In technique scheme, preferably, other processes in described second operating system are to the access control process of described first process, comprise following concrete steps: when the access request of other processes in described second operating system that get to described first process, if described first process comprises described private data, then after the confirmation instruction obtaining user, other processes described are allowed to conduct interviews to described first process; If described first process does not comprise described private data, then forbid that other processes described conduct interviews to described first process.
In this technical scheme; by controlling other processes according to the confirmation instruction of user, the first process comprising private data is conducted interviews; ensure that the protection of the private data of the first process further; and set other processes in the second operating system to the access rights of private data according to the user demand of user, further increasing the experience of user.
In technique scheme, preferably, after by described first process switching to described second operating system, also comprise: if the level of security of described first operating system is higher than the level of security of described second operating system, then other processes in described second operating system of storing are to the accessed record of described first process.
In this technical scheme, stored by the accessed record of the first process to high level of security, as the identification record switching to low level safety system from high-level safety system of the first process, the basis for estimation of follow-up handover operation or access control operation accurately can be provided.
Particularly, when the first operating system is safety system, when second operating system is conventional system, from process first time switching operating system, process switches to conventional system from safety system, the then accessed record of storage process, and after conventional system switches to safety system, accessed record is the foundation of handover operation, if process does not comprise accessed record, then process is under the jurisdiction of conventional system at first, if process comprises Visitor Logs, then process is under the jurisdiction of level of security at first, therefore, after switching record through several times, still can determine whether this process belongs to safety system or conventional system according to accessed record.
In technique scheme, preferably, also comprise: obtain and operate in the switching command of the second process switching in described second operating system to described first operating system; According to described switching command by described second process switching extremely described first operating system, and judge whether described second process stores described accessed record; When judging that described second process does not store described accessed record, forbid that described second process conducts interviews to other processes in described first operating system.
In this technical scheme, by whether storing accessed record to the second process to control the access control process of the second process to other processes in the first operating system, second process that accurately controls is to the access process of other processes in the first operating system.
Particularly, when the first operating system is safety system, when second operating system is conventional system, from process first time switching operating system, process switches to conventional system from safety system, the then accessed record of storage process, and after conventional system switches to safety system, accessed record is the foundation of handover operation, if process does not comprise accessed record, then process is under the jurisdiction of conventional system at first, if process comprises Visitor Logs, then process is under the jurisdiction of level of security at first, therefore, when process switches to safety system by conventional system, if process does not comprise accessed record, then forbid that this process conducts interviews to other processes in safety system, to ensure the data security of other processes in safety system.
Fig. 2 shows the schematic block diagram of the access control system of process according to an embodiment of the invention.
As shown in Figure 2, the access control system 200 of process according to an embodiment of the invention, comprising: acquiring unit 202, for obtaining the first process switching of operating in described first operating system to the switching command of described second operating system; Switch unit 204, for according to described switching command by described first process switching to described second operating system; Control unit 206, for controlling the access control process between other processes in described second operating system and described first process according to the level of security of described first operating system and described second operating system.
In this technical scheme; by the judgement of the level of security to the first operating system and the second operating system; can for process in switching operating system process; the allocated resource relevant to the process that level of security is higher is protected and isolates; in addition, user is after the switching standards of setting process, and process can realize the switching of intelligence and the effect of access; and it is more easy not need user to carry out loaded down with trivial details handover operation mode of operation, improves Consumer's Experience at every turn.
Wherein, the first operating system can be the safety system of terminal, and the second operating system can be the conventional system of terminal.
In technique scheme, preferably, comprise following concrete steps: ciphering unit 208, if for the level of security of described first operating system higher than the level of security of described second operating system, be then encrypted the allocated resource be associated with described first process.
In this technical scheme; when the level of security of the first operating system is higher than the second safety system; by being encrypted the allocated resource be associated with described first process; ensure that when running in the first process switching to the second operating system of high safety system; the allocated resource relevant to the first process can obtain encipherment protection; allocated resource is stolen to prevent other processes in the second operating system; or cause the collapse of the first process; wherein, allocated resource comprises application data, the read-write data resource such as code data and associated data of the first process.
In technique scheme, preferably, also comprise: judging unit 210, for judging whether described first process comprises private data; Described ciphering unit 208 also for, judge described first process comprise described private data time, be encrypted using described private data as described allocated resource.
In this technical scheme, by being encrypted the private data of the first process, when to ensure that with the first process switching to other operating system of low level security, private data by the access of other process of low level security or can not be stolen, to ensure the data security of the first process, wherein, private data comprises encrypted message, account information, private image information and comprises the information of the keyword that user sets.
In technique scheme, preferably, described control unit 212 also for, when the access request of other processes in described second operating system that get to described first process, if described first process comprises described private data, then after the confirmation instruction obtaining user, other processes described are allowed to conduct interviews to described first process; And if do not comprise described private data for described first process, then forbid that other processes described conduct interviews to described first process.
In this technical scheme; by controlling other processes according to the confirmation instruction of user, the first process comprising private data is conducted interviews; ensure that the protection of the private data of the first process further; and set other processes in the second operating system to the access rights of private data according to the user demand of user, further increasing the experience of user.
In technique scheme, preferably, also comprise: memory cell 212, if for the level of security of described first operating system higher than the level of security of described second operating system, then other processes in described second operating system of storing are to the accessed record of described first process.
In this technical scheme, stored by the accessed record of the first process to high level of security, as the identification record switching to low level safety system from high-level safety system of the first process, the basis for estimation of follow-up handover operation or access control operation accurately can be provided.
Particularly, when the first operating system is safety system, when second operating system is conventional system, from process first time switching operating system, process switches to conventional system from safety system, the then accessed record of storage process, and after conventional system switches to safety system, accessed record is the foundation of handover operation, if process does not comprise accessed record, then process is under the jurisdiction of conventional system at first, if process comprises Visitor Logs, then process is under the jurisdiction of level of security at first, therefore, after switching record through several times, still can determine whether this process belongs to safety system or conventional system according to accessed record.
In technique scheme, preferably, described acquiring unit 202 also for, obtain and operate in the second process switching in described second operating system switching command to described first operating system; Described judging unit 210 also for, according to described switching command by described second process switching to described first operating system, and judge whether described second process stores described accessed record; Described control unit 206 also for, judge described second process do not store described accessed record time, forbid that described second process conducts interviews to other processes in described first operating system.
In this technical scheme, by whether storing accessed record to the second process to control the access control process of the second process to other processes in the first operating system, second process that accurately controls is to the access process of other processes in the first operating system.
Particularly, when the first operating system is safety system, when second operating system is conventional system, from process first time switching operating system, process switches to conventional system from safety system, the then accessed record of storage process, and after conventional system switches to safety system, accessed record is the foundation of handover operation, if process does not comprise accessed record, then process is under the jurisdiction of conventional system at first, if process comprises Visitor Logs, then process is under the jurisdiction of level of security at first, therefore, when process switches to safety system by conventional system, if process does not comprise accessed record, then forbid that this process conducts interviews to other processes in safety system, to ensure the data security of other processes in safety system.
To sum up, user can arrange the switching at runtime of process between multiple operating system, specifically comprises following several mode:
(1) when terminal power is lower than default electricity (as 20% electricity), can all process switchings of high power consumption operating system be run reminding user to low power consumption operating system.
(2) in multiple operating system, add up the internal memory taken in each process running, process switching more for committed memory is run to the higher operating system of operational efficiency, to keep the operation of process smooth.
(3) when the arbitrary operating system collapse or ossified in multiple operating system; automatically by all process switchings under this operating system in another operating system; to ensure the normal of above-mentioned process and reliability; simultaneously; again collapse or after ossified operating system, above-mentioned process can be automatically switched.
Composition graphs 3 to Fig. 5, process safety system being switched to conventional system is described.
As shown in Figure 3, for safety system switches to the schematic flow sheet of conventional system, comprising: step 302, conventional system switches to safety system; Step 304, process A is transformed into A1 in operation; Step 306, process B conducts interviews to A1; Step 308, determines whether enciphered message, if so, then performs step 310, if not, then performs step 312; Step 310, user's prompting (prompting interface is as shown in Figure 5); Step 312, accesses and records the access of B to A1; Step 314, judges whether to allow access, if so, then performs step 312, if not, then terminate.
As shown in Figure 4, the data message in A process is carried out to the sequence of level of security, then automatically encrypt as A contains unencrypted sensitive information, and check the accessed record of A process, be then converted to the process of conventional system.
Composition graphs 6 to Fig. 8, process safety system being switched to conventional system is described.
As shown in Figure 6, for safety system switches to the schematic flow sheet of conventional system, comprising: step 602, safety system switches to conventional system; Step 604, process B is transformed into A1 in operation; Step 606, process B conducts interviews to B1; Step 608, has judged whether accessed record, if so, then performs step 610, if not, then performs step 612; Step 610, checks accessed record (checking that interface as shown in Figure 8); Step 612, the level of security of restriction B1 process; Step 414, judges whether to relate to safety, if so, then performs step 612, if not, then terminates.
As shown in Figure 7, relate in process B account, password, keyword information etc. belong to high level of security, the read-write of ordinary file belongs to middle level of security, and the reading of ordinary file belongs to lower security rank.
More than be described with reference to the accompanying drawings technical scheme of the present invention, considered that the access control scheme how improving process makes the safer and technical problem easily of the access process of data message.Therefore, the present invention proposes a kind of access control scheme of new process and a kind of terminal, by the level of security according to the first system, the level of security of second system, level of security and the described accessed recorded information of described enciphered message process the cipher mode of described enciphered message and access rights, and determine whether other processes described can access described data message according to the cipher mode of described enciphered message and access rights, improve the fail safe of process institute access data information, too increase the function that unencrypted sensitive information is encrypted simultaneously, and mode of operation is more easy, can according to the level of security determination process of switched system to the access rights of described data message, therefore need not after each systematic evaluation, all need to be conducted interviews authority setting to each process and data message by user, improve Consumer's Experience.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (13)
1. an access control method for process, is applicable to terminal, and described terminal operating has the first operating system and the second operating system, it is characterized in that, described access control method comprises:
Obtain the first process switching of operating in described first operating system to the switching command of described second operating system;
According to described switching command by described first process switching extremely described second operating system;
The access control process between other processes in described second operating system and described first process is controlled according to the level of security of described first operating system and described second operating system.
2. the access control method of process according to claim 1, is characterized in that, according to described switching command by described first process switching to before described second operating system also, comprise following concrete steps:
If the level of security of described first operating system is higher than the level of security of described second operating system, then the allocated resource be associated with described first process is encrypted.
3. the access control method of process according to claim 2, is characterized in that, be then encrypted the allocated resource be associated with described first process, comprise following concrete steps:
Judge whether described first process comprises private data;
When judging that described first process comprises described private data, be encrypted using described private data as described allocated resource.
4. the access control method of process according to claim 3, is characterized in that, other processes in described second operating system, to the access control process of described first process, comprise following concrete steps:
When the access request of other processes in described second operating system that get to described first process, if described first process comprises described private data, then after the confirmation instruction obtaining user, other processes described are allowed to conduct interviews to described first process;
If described first process does not comprise described private data, then forbid that other processes described conduct interviews to described first process.
5. the access control method of process according to claim 1, is characterized in that, after by described first process switching to described second operating system, also comprises:
If the level of security of described first operating system is higher than the level of security of described second operating system, then other processes in described second operating system of storing are to the accessed record of described first process.
6. the access control method of process according to claim 5, is characterized in that, also comprises:
Obtain and operate in the switching command of the second process switching in described second operating system to described first operating system;
According to described switching command by described second process switching extremely described first operating system, and judge whether described second process stores described accessed record;
When judging that described second process does not store described accessed record, forbid that described second process conducts interviews to other processes in described first operating system.
7. an access control system for process, is applicable to terminal, and described terminal operating has the first operating system and the second operating system, it is characterized in that, described access control system comprises:
Acquiring unit, for obtaining the first process switching of operating in described first operating system to the switching command of described second operating system;
Switch unit, for according to described switching command by described first process switching to described second operating system;
Control unit, for controlling the access control process between other processes in described second operating system and described first process according to the level of security of described first operating system and described second operating system.
8. the access control system of process according to claim 7, is characterized in that, comprises following concrete steps:
Ciphering unit, if for the level of security of described first operating system higher than the level of security of described second operating system, be then encrypted the allocated resource be associated with described first process.
9. the access control system of process according to claim 8, is characterized in that, also comprises:
Judging unit, for judging whether described first process comprises private data;
Described ciphering unit also for, judge described first process comprise described private data time, be encrypted using described private data as described allocated resource.
10. the access control system of process according to claim 9, it is characterized in that, described control unit also for, when the access request of other processes in described second operating system that get to described first process, if described first process comprises described private data, then after the confirmation instruction obtaining user, other processes described are allowed to conduct interviews to described first process; And
If do not comprise described private data for described first process, then forbid that other processes described conduct interviews to described first process.
The access control system of 11. processes according to claim 7, is characterized in that, also comprise:
Memory cell, if for the level of security of described first operating system higher than the level of security of described second operating system, then other processes in described second operating system of storing are to the accessed record of described first process.
The access control system of 12. processes according to claim 11, is characterized in that, described acquiring unit also for, obtain and operate in the second process switching in described second operating system switching command to described first operating system;
Described judging unit also for, according to described switching command by described second process switching to described first operating system, and judge whether described second process stores described accessed record;
Described control unit also for, judge described second process do not store described accessed record time, forbid that described second process conducts interviews to other processes in described first operating system.
13. 1 kinds of terminals, is characterized in that, comprising: the access control system of the process according to any one of claim 7 to 12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510030232.6A CN104506563B (en) | 2015-01-20 | 2015-01-20 | Access control method, access control system and the terminal of process |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510030232.6A CN104506563B (en) | 2015-01-20 | 2015-01-20 | Access control method, access control system and the terminal of process |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104506563A true CN104506563A (en) | 2015-04-08 |
| CN104506563B CN104506563B (en) | 2018-09-07 |
Family
ID=52948278
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510030232.6A Active CN104506563B (en) | 2015-01-20 | 2015-01-20 | Access control method, access control system and the terminal of process |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104506563B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105046156A (en) * | 2015-08-26 | 2015-11-11 | 北京元心科技有限公司 | Intelligent terminal and equipment access permission control method thereof |
| CN106485098A (en) * | 2015-08-26 | 2017-03-08 | 北京奇虎科技有限公司 | Application program encryption method, application program encryption device and terminal |
| WO2017049731A1 (en) * | 2015-09-24 | 2017-03-30 | 宇龙计算机通信科技(深圳)有限公司 | Method for application security protection among multiple systems, and terminal |
| CN106774794A (en) * | 2016-11-30 | 2017-05-31 | 宇龙计算机通信科技(深圳)有限公司 | The processing method and processing device of terminal traffic |
| CN108154037A (en) * | 2016-12-05 | 2018-06-12 | 中国石油天然气股份有限公司 | Inter-process data transmission method and device |
| CN110046043A (en) * | 2018-01-15 | 2019-07-23 | 比特大陆科技有限公司 | System switching method, device and electronic equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1606307A (en) * | 2004-11-15 | 2005-04-13 | 南京大学 | Network forced access control method based on safe operating system |
| US20050149933A1 (en) * | 1999-02-19 | 2005-07-07 | Masahiko Saito | Computer executing multiple operating systems |
| CN101409719A (en) * | 2007-10-08 | 2009-04-15 | 联想(北京)有限公司 | Method and client terminal for implementing network safety payment |
| CN102402820A (en) * | 2010-09-13 | 2012-04-04 | ***通信有限公司 | Electronic transaction method and terminal equipment |
| CN102420911A (en) * | 2011-12-31 | 2012-04-18 | 深圳市金立通信设备有限公司 | Switching device and switching method for dual systems of smart phone |
-
2015
- 2015-01-20 CN CN201510030232.6A patent/CN104506563B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050149933A1 (en) * | 1999-02-19 | 2005-07-07 | Masahiko Saito | Computer executing multiple operating systems |
| CN1606307A (en) * | 2004-11-15 | 2005-04-13 | 南京大学 | Network forced access control method based on safe operating system |
| CN101409719A (en) * | 2007-10-08 | 2009-04-15 | 联想(北京)有限公司 | Method and client terminal for implementing network safety payment |
| CN102402820A (en) * | 2010-09-13 | 2012-04-04 | ***通信有限公司 | Electronic transaction method and terminal equipment |
| CN102420911A (en) * | 2011-12-31 | 2012-04-18 | 深圳市金立通信设备有限公司 | Switching device and switching method for dual systems of smart phone |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105046156A (en) * | 2015-08-26 | 2015-11-11 | 北京元心科技有限公司 | Intelligent terminal and equipment access permission control method thereof |
| CN106485098A (en) * | 2015-08-26 | 2017-03-08 | 北京奇虎科技有限公司 | Application program encryption method, application program encryption device and terminal |
| CN105046156B (en) * | 2015-08-26 | 2018-05-08 | 北京元心科技有限公司 | Intelligent terminal and its equipment access right control method |
| CN106485098B (en) * | 2015-08-26 | 2019-08-02 | 北京安云世纪科技有限公司 | Application program encryption method, application program encryption device and terminal |
| WO2017049731A1 (en) * | 2015-09-24 | 2017-03-30 | 宇龙计算机通信科技(深圳)有限公司 | Method for application security protection among multiple systems, and terminal |
| CN106774794A (en) * | 2016-11-30 | 2017-05-31 | 宇龙计算机通信科技(深圳)有限公司 | The processing method and processing device of terminal traffic |
| CN108154037A (en) * | 2016-12-05 | 2018-06-12 | 中国石油天然气股份有限公司 | Inter-process data transmission method and device |
| CN110046043A (en) * | 2018-01-15 | 2019-07-23 | 比特大陆科技有限公司 | System switching method, device and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104506563B (en) | 2018-09-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104506563A (en) | Process access control method, process access control system and terminal | |
| CN106301774B (en) | Safety chip, its encryption key generation method and encryption method | |
| CN104461749B (en) | A kind of application program synchronous method, sychronisation and the terminal of multisystem terminal | |
| JP6275653B2 (en) | Data protection method and system | |
| CN107508679B (en) | Binding and authentication method for intelligent terminal main control chip and encryption chip | |
| CN104008345B (en) | Guard method to the privacy of user data of application program and device | |
| CN104091135A (en) | Intelligent terminal safety system and safety storage method | |
| CN105706169A (en) | Hybrid secure non-volatile main memory | |
| CN101968774A (en) | Device and method for storing mobile data safely | |
| CN105653986B (en) | A kind of data guard method and device based on microSD card | |
| CN104769983A (en) | Methods and apparatus for managing data within a secure element | |
| CN103581196A (en) | Distributed file transparent encryption method and transparent decryption method | |
| CN102262719A (en) | Method for protecting computer safety based on BIOS (Basic Input/Output System) password and computer | |
| CN103686716A (en) | Android access control system for enhancing confidentiality and integrality | |
| CN104318176A (en) | Terminal and data management method and device thereof | |
| CN104123506A (en) | Data access method and device and data encryption storage and access method and device | |
| CN114448727B (en) | Information processing method and system based on industrial internet identification analysis system | |
| CN101403996A (en) | Data security protection method and device | |
| CN106650373A (en) | SIM card information protection method and device | |
| CN102646075A (en) | Storage card locking method and system | |
| CN104463025A (en) | System switching method, system switching device and terminal | |
| CN109977039A (en) | HD encryption method for storing cipher key, device, equipment and readable storage medium storing program for executing | |
| CN105631353A (en) | Encrypted information storage method, encrypted information storage apparatus and terminal | |
| CN102831081A (en) | Transparent encryption and decryption secure digital memory card (SD card) and implementation method thereof | |
| CN106899463A (en) | Environmental information and equipment exchange method and system in smart home |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |