WO2014169802A1 - 终端、网络侧设备、终端应用控制方法及*** - Google Patents
终端、网络侧设备、终端应用控制方法及*** Download PDFInfo
- Publication number
- WO2014169802A1 WO2014169802A1 PCT/CN2014/075360 CN2014075360W WO2014169802A1 WO 2014169802 A1 WO2014169802 A1 WO 2014169802A1 CN 2014075360 W CN2014075360 W CN 2014075360W WO 2014169802 A1 WO2014169802 A1 WO 2014169802A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- application
- information
- terminal
- identification information
- user
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000013475 authorization Methods 0.000 claims abstract description 53
- 238000004891 communication Methods 0.000 claims description 7
- 238000012545 processing Methods 0.000 claims description 5
- 238000010586 diagram Methods 0.000 description 12
- 238000009434 installation Methods 0.000 description 6
- 238000011161 development Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/629—Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
Definitions
- Terminal network side device, terminal application control method and system
- the present invention relates to the field of control of terminal applications, and in particular, to a terminal, a network side device, a terminal application control method and system for controlling an application on a terminal.
- the method is a technical problem to be solved by those skilled in the art.
- the embodiment of the invention provides a terminal, a network side device, a terminal application control method and system,
- the embodiment of the present invention provides a terminal application control method.
- the method includes: before entering an application selected by the terminal, the terminal acquires user identification information of the application, where the user identification information includes application information and application of the application. User information that matches the information; uploading the user identification information to the network side device for authentication; receiving the authentication result returned by the network side device, and the authentication result is the result obtained by the network side device authenticating the user identification information according to the stored application authorization information; The authentication result performs corresponding control operations on the application.
- the manner of uploading the user identification information to the network side device in the foregoing embodiment includes: at least one of a second generation digital communication 2G, a third generation digital communication 3G, a wireless fidelity WIFI, and a short message. .
- the steps include: if the authentication is passed, the application is entered, and if the authentication fails, the application is quit or deleted.
- the application information in the foregoing embodiment includes at least one of account password information and authorization information of the application, where the user information includes at least one of user identity information and user terminal identification information.
- the information further includes the identification information of the application, and the identification information is the identification information configured by the application store for the application; the application information includes the legal account password information allocated by the application store for the application user, and the user information includes the user terminal legally authorized by the application store for the application user. Terminal identification information.
- the embodiment of the present invention provides a method for controlling a terminal application.
- the method includes: receiving user identification information uploaded by a terminal, where the user identification information includes application information of an application selected by the terminal, and user information matching the application.
- the user identification information is authenticated according to the stored application authorization information, and the authentication result is returned to the terminal.
- the foregoing embodiment further includes: updating the application authorization information stored by the network side device; and the step of authenticating the user identification information includes: performing, according to the updated application authorization information, the user Identification information for authentication.
- the time of the stored application authorization information in the foregoing embodiment includes: storing application authorization information of the application when the application is developed and/or downloaded; the application authorization information includes all legalities allocated by the application store providing the application. Account password information and terminal identification information of all user terminals that are legally authorized.
- the embodiment of the present invention provides a terminal.
- the terminal includes: an obtaining module, configured to acquire user identification information of the application before the application selected by the terminal, where the user identification information includes application information of the application. And the user information that matches the application information; the first sending module is configured to upload the user identification information to the network side device for authentication; the first receiving module is configured to receive the authentication result returned by the network side device, and the authentication result is the network side Device based on storage Applying the authorization information to the result of authenticating the user identification information; and processing a module configured to perform a corresponding control operation on the application according to the authentication result.
- the embodiment of the present invention provides a network side device.
- the network side device includes: a second receiving module, configured to receive user identification information uploaded by the terminal, where the user identification information includes an application selected by the terminal. Information and user information matching the application; an authentication module configured to authenticate the user identification information according to the stored application authorization information to generate an authentication result; and a second sending module configured to return the authentication result to the terminal.
- the embodiment of the present invention provides a terminal application control system, including the terminal and the network side device provided by the present invention.
- the terminal, the network side device, and the terminal application control method and system provided by the embodiment of the present invention after the user selects the application and directly enters the application to serve the user, obtains the user identification information of the application, and obtains the user identification information.
- FIG. 1 is a schematic diagram of a terminal application control system according to a first embodiment of the present invention
- FIG. 2 is a schematic diagram of a terminal according to a second embodiment of the present invention.
- FIG. 3 is a schematic diagram of a terminal application control method according to a third embodiment of the present invention.
- FIG. 4 is a schematic diagram of a network side device according to a fourth embodiment of the present invention.
- FIG. 5 is a schematic diagram of a terminal application control method according to a fifth embodiment of the present invention.
- FIG. 6 is a schematic diagram of a terminal application control method according to a sixth embodiment of the present invention.
- FIG. 7 is a schematic diagram of a terminal application control method according to a seventh embodiment of the present invention. Preferred embodiment of the invention
- the terminal application control system 1 is a schematic diagram of a terminal application control system according to a first embodiment of the present invention.
- the terminal application control system 1 provided by the embodiment of the present invention includes: a terminal 11 and a network side device 12; among them,
- the terminal 11 may be a mobile terminal or a fixed device such as a computer, and is mainly used for selecting an application to obtain user identification information of the application, where the user identification information includes application information of the application and user information matching the application information; uploading the user identification information to The network side device 12 performs authentication; receives the authentication result returned by the network side device 12, and the authentication result is a result obtained by the network side device authenticating the user identification information according to the stored application authorization information; and performing corresponding control operations on the application according to the authentication result;
- the network side device 12 may be an application store providing an application, or may be an application development/supplier, or may be a third-party authentication server or the like, and is mainly used for receiving user identification information uploaded by the terminal 11, and the user identification information includes the terminal selection. Application information of the application and user information matching the application; authenticating the user identification information according to the stored application authorization information, and returning the authentication result to the terminal 11.
- FIG. 2 is a schematic diagram of a terminal according to a second embodiment of the present invention.
- the terminal 11 provided by the embodiment of the present invention includes:
- the obtaining module 111 is configured to obtain user identification information of the application before entering the application selected by the terminal, where the user identification information includes application information of the application and user information that matches the application information;
- the first sending module 112 is configured to upload user identification information to the network side device 12 for authentication
- the first receiving module 113 is configured to receive the authentication result returned by the network side device 12, and the authentication result is a result obtained by the network side device authenticating the user identification information according to the stored application authorization information;
- the processing module 114 is configured to perform a corresponding control operation on the application according to the authentication result.
- FIG. 3 is a schematic diagram of a terminal application control method according to a third embodiment of the present invention.
- the terminal application control method provided by the embodiment of the present invention includes the following processing process:
- S301 Obtain user identification information of the application before entering the application selected by the terminal; the user identification information includes application information of the application and user information that matches the application information;
- S303 Receive an authentication result returned by the network side device; the authentication result is a result obtained by the network side device authenticating the user identification information according to the stored application authorization information;
- the application information in the embodiment shown in FIG. 3 includes at least one of account password information and authorization information of the application, where the user information includes user identity information (eg, a mobile phone number) and a user terminal identifier. At least one of the information (eg, the IMEI of the terminal).
- the step of uploading the user identification information to the network side device in the embodiment shown in FIG. 3 includes: through the short message, the second generation digital communication 2G, the third generation digital communication 3G, and the wireless fidelity WIFI. At least one communication method uploads the user identification information to the network side device.
- the step of performing corresponding control operations on the application according to the authentication result in the embodiment shown in FIG. 3 includes: if the authentication passes, the application is entered, and if the authentication fails, the application is quit or deleted. .
- the network side device in the embodiment shown in FIG. 3 is an application store that provides an application; the user identification information further includes identification information of the application, and the identification information is identification information configured by the application store for the application, For example, the application ID or the application name, etc.; the application information includes the legal account password information allocated by the application store for the application user, and the user information includes the terminal identification information of the user terminal legally authorized by the application store for the application user.
- FIG. 4 is a schematic diagram of a network side device according to a fourth embodiment of the present invention.
- the network side device 12 provided by the embodiment of the present invention includes:
- a second receiving module 121 configured to receive user identification information uploaded by the terminal 11, where the user identification information includes application information of the application selected by the terminal and user information that matches the application;
- the authentication module 122 is configured to authenticate the user identification information according to the stored application authorization information, and generate an authentication result.
- the second transmitting module 123 is arranged to return the authentication result to the terminal 11.
- the network side device in the embodiment shown in FIG. 4 is an application store that provides an application.
- FIG. 5 is a schematic diagram of a terminal application control method according to a fifth embodiment of the present invention.
- the terminal application control method provided by the embodiment of the present invention includes the following processing process:
- S501 Receive user identifier information uploaded by the terminal, where the user identifier information includes application information selected by the terminal and user information matched with the application;
- S502 Perform user authentication information according to the stored application authorization information, and generate an authentication result.
- the embodiment shown in FIG. 5 before the user identification information is authenticated, the embodiment shown in FIG. 5 further includes: updating the stored application authorization information; and the step of authenticating the user identification information is specifically: according to the updated The application authorization information authenticates the user identification information.
- the time of the stored application authorization information in the embodiment shown in FIG. 5 includes: storing application authorization information of the application when the application is developed and/or downloaded; Terminal identification information of the terminal.
- the embodiment shown in FIG. 5 further includes the step of adding a security plug-in to the application installation package; when the user installs the application, the security plug-in is installed at the same time, and the security plug-in can be used to execute FIG. 3 The terminal application control method shown.
- the application selected by the terminal is a confidential application, and the confidential application must use a specific account on a specific terminal device. In order to enter the confidential application;
- the terminal application control method provided by the embodiment of the present invention includes the following steps: S601: The application provider provides a confidential application including a security plugin;
- the application provider provides a confidential application.
- the security application installation board includes a security plug-in for any user to download, and sets the application authorization information of the security application, if the application authorization information is stored in the form of a table, as shown in Table 1 below. Shown as follows:
- S602 The user downloads and installs the confidential application.
- the application authorization information stored in the network side device is updated and saved.
- the updated application authorization information is as shown in Table 2 below:
- S603 The user selects the confidential application and attempts to enter the confidential application.
- S604 Acquire and upload the user identification information that is stored by the terminal and corresponding to the security application.
- the step may be performed by using a security plug-in in the security application installed by the terminal, where the user identifier is The information includes application information of the confidential application stored by the terminal and user information that matches the application information, where the application information includes at least one of an account password information and an authorization information of the application, where the user information includes at least the user identity information and the user terminal identification information.
- the application information is set as the account information
- the user information is set as the user terminal identification information; it is assumed that two users respectively upload the user identification information, wherein the user identification information uploaded by the user A terminal Including "account information: 1111, terminal identification: aaaa”; user identification information uploaded by the user B terminal includes "account information: 2222, terminal identification: b2b3";
- S605 Authenticate the user identification information according to the application authorization information, and return the authentication result; before the authentication, the application authorization information may be updated in real time to achieve the most accurate authentication of the user identification information;
- the process of performing the authentication may be: determining whether the application authorization information has the same security as the user identification information uploaded by the terminal, and if yes, the authentication is passed; otherwise, the authentication fails; for the assumption in step S604, the application is authorized.
- the information in the information that is identical to the user ID information uploaded by the user A terminal does not exist.
- the authentication result of the user A terminal is the same as the user ID information uploaded by the user B terminal. , the authentication result of the user A terminal is failed;
- step S604 the management operation performed by the user A terminal is to enter the confidential application, and the management operation performed by the user B terminal is launched. / Delete into the confidential application.
- S701 The application provider provides a confidential application including a security plug-in;
- the application provider provides "Enterprise Edition** Weibo".
- the installation board of the "Enterprise Edition** Weibo” includes a security plug-in for any user to download, and also sets the application of "Enterprise Edition** Weibo". Grant Right information, if the application authorization information is stored in the form of a table, as shown in Table 3 below:
- the company receives new employees and assigns legitimate application information and user information to them; at this time, it is necessary to update and save the application authorization information stored in the application store, for example, the updated application authorization information.
- the updated application authorization information As shown in Table 4 below:
- S703 The user selects and attempts to enter the application
- step S704 is performed; if the user selects "** Weibo” and tries to enter, then directly enter "** Weibo";
- S704 Acquire and upload user identification information corresponding to the security application stored by the terminal; the step may be performed by a security plug-in in the security application installed by the terminal, where the user identification information includes application identification information, legal account password information. And a terminal of a legally authorized user terminal Identification information; now 4 users have uploaded user identification information, such as "application identification: enterprise version ** microblog; account information: 1111, terminal identification: aaaa";
- S705 Authenticate the user identification information according to the application authorization information, and return the authentication result; before the authentication, the application authorization information may be updated in real time to achieve the most accurate authentication of the user identification information;
- the process of performing the authentication may be: determining whether the application authorization information has the same security as the user identification information uploaded by the terminal, and if yes, the authentication is passed; otherwise, the authentication fails; and the application authorization is performed according to the assumption in step S704. There is an entry in the message that is identical to the user ID information uploaded by the user. For example, if the entry number is 1, then the authentication result is the authentication pass;
- the enterprise will update the table 3, and the entry with the entry number 1 will be deleted.
- the application authorization information does not exist exactly the same as the user identification information uploaded by the user. Entry, the result of the certification is that the certification failed;
- This step is similar to step S606 and will not be described again.
- the user After the user selects the application, the user does not directly enter the application to serve the user, but obtains the user identification information of the application, and uploads the user identification information to the network side device for authentication, and performs management operations according to the authentication result, and the application download is achieved.
- the problem of authenticating the user's share after installation and before using the application is achieved.
- the application authorization information stored by the network side device is updated, and the user identification information uploaded by the application is authenticated according to the updated application authorization information, thereby ensuring real-time validity of the authentication result;
- the application is closed or deleted, thereby ensuring the interests of the legitimate user.
- the terminal, the network side device, and the terminal application control method and system provided by the embodiment of the present invention after the user selects the application, does not directly enter the application to serve the user, but obtains the user identification information of the application, and uploads the user identification information.
- the device on the network side performs authentication and performs management operations according to the authentication result, which achieves the problem of authenticating the user identity after the application is downloaded and installed and before the application is used.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Information Transfer Between Computers (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2014256198A AU2014256198A1 (en) | 2013-09-23 | 2014-04-15 | Terminal, network side device, terminal application control method, and system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310436913.3 | 2013-09-23 | ||
CN201310436913.3A CN103731268A (zh) | 2013-09-23 | 2013-09-23 | 终端、网络侧设备、终端应用控制方法及*** |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014169802A1 true WO2014169802A1 (zh) | 2014-10-23 |
Family
ID=50455203
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2014/075360 WO2014169802A1 (zh) | 2013-09-23 | 2014-04-15 | 终端、网络侧设备、终端应用控制方法及*** |
Country Status (3)
Country | Link |
---|---|
CN (1) | CN103731268A (zh) |
AU (1) | AU2014256198A1 (zh) |
WO (1) | WO2014169802A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107294987A (zh) * | 2017-06-30 | 2017-10-24 | 江西博瑞彤芸科技有限公司 | 信息处理方法 |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105101183B (zh) * | 2014-05-07 | 2018-11-27 | 中国电信股份有限公司 | 对移动终端上隐私内容进行保护的方法和*** |
CN104010044B (zh) * | 2014-06-12 | 2018-02-23 | 北京握奇数据***有限公司 | 基于可信执行环境技术的应用受限安装方法、管理器和终端 |
CN104468096B (zh) * | 2014-12-01 | 2018-01-05 | 公安部第三研究所 | 基于密钥分散运算实现网络电子身份标识信息保护的方法 |
CN109196891B (zh) * | 2017-01-13 | 2020-09-08 | 华为技术有限公司 | 一种签约数据集的管理方法、终端及服务器 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1139324A (zh) * | 1993-11-15 | 1997-01-01 | 美国电报电话公司 | 软件按次使用收费*** |
CN1740940A (zh) * | 2005-09-09 | 2006-03-01 | 北京兆日科技有限责任公司 | 基于可信计算模块芯片实现计算机软件防盗版的方法 |
CN101183416A (zh) * | 2007-12-10 | 2008-05-21 | 东信和平智能卡股份有限公司 | 软件保护方法及其*** |
CN102479304A (zh) * | 2010-11-26 | 2012-05-30 | 深圳市硅格半导体有限公司 | 软件权限控制方法、客户端及*** |
CN102868732A (zh) * | 2012-08-27 | 2013-01-09 | 北京小米科技有限责任公司 | 一种基于账户密码的登录实现方法、***及装置 |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102446106A (zh) * | 2010-09-30 | 2012-05-09 | 联想(北京)有限公司 | 应用程序的安装管理方法、服务器和终端 |
CN103188668B (zh) * | 2011-12-27 | 2017-02-08 | 方正国际软件(北京)有限公司 | 一种移动终端应用的安全保护方法及*** |
CN103188677A (zh) * | 2011-12-29 | 2013-07-03 | ***通信集团北京有限公司 | 一种客户端软件的认证方法、装置及*** |
CN103249045B (zh) * | 2013-05-13 | 2016-08-10 | 华为技术有限公司 | 一种身份识别的方法、装置和*** |
-
2013
- 2013-09-23 CN CN201310436913.3A patent/CN103731268A/zh active Pending
-
2014
- 2014-04-15 AU AU2014256198A patent/AU2014256198A1/en not_active Abandoned
- 2014-04-15 WO PCT/CN2014/075360 patent/WO2014169802A1/zh active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1139324A (zh) * | 1993-11-15 | 1997-01-01 | 美国电报电话公司 | 软件按次使用收费*** |
CN1740940A (zh) * | 2005-09-09 | 2006-03-01 | 北京兆日科技有限责任公司 | 基于可信计算模块芯片实现计算机软件防盗版的方法 |
CN101183416A (zh) * | 2007-12-10 | 2008-05-21 | 东信和平智能卡股份有限公司 | 软件保护方法及其*** |
CN102479304A (zh) * | 2010-11-26 | 2012-05-30 | 深圳市硅格半导体有限公司 | 软件权限控制方法、客户端及*** |
CN102868732A (zh) * | 2012-08-27 | 2013-01-09 | 北京小米科技有限责任公司 | 一种基于账户密码的登录实现方法、***及装置 |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107294987A (zh) * | 2017-06-30 | 2017-10-24 | 江西博瑞彤芸科技有限公司 | 信息处理方法 |
Also Published As
Publication number | Publication date |
---|---|
CN103731268A (zh) | 2014-04-16 |
AU2014256198A1 (en) | 2016-04-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10084788B2 (en) | Peer to peer enterprise file sharing | |
KR102018971B1 (ko) | 네트워크 액세스 디바이스가 무선 네트워크 액세스 포인트를 액세스하게 하기 위한 방법, 네트워크 액세스 디바이스, 애플리케이션 서버 및 비휘발성 컴퓨터 판독가능 저장 매체 | |
US20200145409A1 (en) | Internet of things (iot) device management | |
US9867051B2 (en) | System and method of verifying integrity of software | |
US9455830B2 (en) | Method for securing credentials in a remote repository | |
US11457018B1 (en) | Federated messaging | |
CN111130770B (zh) | 基于区块链的信息存证方法、***、用户终端、电子设备及存储介质 | |
US11184336B2 (en) | Public key pinning for private networks | |
US9571288B2 (en) | Peer to peer enterprise file sharing | |
US9584508B2 (en) | Peer to peer enterprise file sharing | |
US11349659B2 (en) | Transmitting an encrypted communication to a user in a second secure communication network | |
WO2014169802A1 (zh) | 终端、网络侧设备、终端应用控制方法及*** | |
CN109815666B (zh) | 基于fido协议的身份认证方法、装置、存储介质和电子设备 | |
US20170039388A1 (en) | Multi-party authentication and authorization | |
CN107040501B (zh) | 基于平台即服务的认证方法和装置 | |
US10791196B2 (en) | Directory lookup for federated messaging with a user from a different secure communication network | |
WO2012051076A2 (en) | A method for securing credentials in a remote repository | |
WO2018219260A1 (zh) | 用于绑定手机号码的方法、装置及*** | |
US20190068567A1 (en) | Receiving an Encrypted Communication from a User in a Second Secure Communication Network | |
Reimair et al. | MoCrySIL-Carry your Cryptographic keys in your pocket | |
WO2013067792A1 (zh) | 智能卡的访问方法、装置及*** | |
CN117121435A (zh) | 连接弹性多因素认证 | |
WO2020263938A1 (en) | Document signing system for mobile devices | |
WO2020191027A1 (en) | Chained trusted platform modules (tpms) as a secure bus for pre-placement of device capabilities | |
US11977620B2 (en) | Attestation of application identity for inter-app communications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14785802 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2014256198 Country of ref document: AU Date of ref document: 20140415 Kind code of ref document: A |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 14785802 Country of ref document: EP Kind code of ref document: A1 |