[go: up one dir, main page]

WO2018171092A1 - Permission update method and terminal device - Google Patents

Permission update method and terminal device Download PDF

Info

Publication number
WO2018171092A1
WO2018171092A1 PCT/CN2017/093025 CN2017093025W WO2018171092A1 WO 2018171092 A1 WO2018171092 A1 WO 2018171092A1 CN 2017093025 W CN2017093025 W CN 2017093025W WO 2018171092 A1 WO2018171092 A1 WO 2018171092A1
Authority
WO
WIPO (PCT)
Prior art keywords
permission
terminal device
permission list
application
list
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2017/093025
Other languages
French (fr)
Chinese (zh)
Inventor
黄洁静
彭峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201780028139.9A priority Critical patent/CN109076126B/en
Publication of WO2018171092A1 publication Critical patent/WO2018171092A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Definitions

  • the embodiment of the present invention relates to the field of communications, and in particular, to a rights update method and a terminal device.
  • API Application Programming Interface
  • APK Android Package
  • the traditional certificate authorization scheme does not involve subsequent update issues. If the API permissions of the APK are changed (adding or revoking a permission), you need to package the new authorization file and reinstall the APK, or download it over the air.
  • Over-the-Air Technology OTA
  • the OTA method is equivalent to downloading and installing the APK. The update process is cumbersome. At the same time, by directly uninstalling the entire APK or directly canceling the entire certificate, the APK is affected. Continue to use, expanding the scope of the damage of the authorized APK manufacturers.
  • the embodiment of the invention provides a rights update method and a terminal device.
  • the entire APK is not processed or the entire certificate is revoked, so that the user does not need to re-download the update APK, thereby improving the user experience and reducing the conflict of interest between the user and the authorized APK manufacturer.
  • a method for updating a privilege may include: acquiring, by a terminal device, a first privilege list from a server, where the first privilege list is a privilege list after the server updates the privilege, and the server is corresponding to the application distribution service of the terminal device. server.
  • the terminal device obtains the first permission list from the server.
  • the terminal device updates the permission list of the application currently installed by the terminal device according to the first permission list, and obtains the second permission list of the terminal device, so that the terminal device controls or manages the currently installed application according to the second permission list.
  • the method adopts refined control to specifically add or disable an API permission, or implements granting or reclaiming API permissions in one time, and the user does not need to re-download the update APK, thereby improving the user experience and reducing conflicts of interest between the two parties.
  • the first privilege list is a privilege list after the privilege is updated, and the terminal device obtains the first privilege list from the server, where the terminal device sends a trigger message to the server, where the trigger message includes
  • the identification information of the terminal device where the identification information may be the device number information of the terminal device or the user account information corresponding to the terminal device, such as the user identity information such as the user's mobile phone number and the user mailbox number.
  • the identifier information is used to enable the server to determine, according to the identifier information, the application currently installed by the device, and send a response message to the terminal device, where the response message includes the first permission list.
  • the first privilege list is specifically a privilege list after the privilege is updated by the application provided by the application distribution service on the terminal device of the server service, and the terminal device obtains the first privilege list from the server, including: receiving by the terminal device The server broadcasts a system message sent, and the system message includes a first permission list.
  • the first permission list includes modified permissions for at least one application.
  • the first list of permissions includes permissions granted or revoked for at least one application.
  • the first permission list includes rights to reauthorize at least one application.
  • the terminal device updates the permission list of the currently installed application of the terminal device according to the first permission list, and obtains the second permission list of the terminal device, including: the terminal device according to the first permission list, to the terminal
  • the permission of the permission list of the currently installed application of the device is updated, and the updated permission list is the second permission list of the terminal device.
  • the method further includes: when the terminal device applies for a permission, the terminal device identifies the authorization certificate of the applied authority and the authority authorization file of the corresponding application of the permission. Legitimacy; if the authorization certificate of the authority and the authority authorization file of the corresponding application of the authority are legal, and the second permission list includes the permission of the application, the terminal device completes the application for the authority of the application.
  • a terminal device having a function of implementing the behavior of the terminal device in the actual method.
  • This function can be implemented in hardware or in hardware by executing the corresponding software.
  • the hardware or software includes one or more modules corresponding to the functions described above.
  • another terminal device which can include a receiver and a processor.
  • the receiver is configured to obtain a first permission list from the server, where the first permission list is a permission list after the server updates the authority, and the server is a server corresponding to the application distribution service of the terminal device.
  • the processor is configured to update the permission list of the currently installed application of the terminal device according to the first permission list, and generate a second permission list of the terminal device, so that the terminal device controls or manages the currently installed application according to the second permission list.
  • the terminal device includes a sender
  • the first permission list is an updated permission list of the application currently installed by the terminal device
  • the sender is configured to send a trigger message to the server, where the trigger message includes the identifier information of the terminal device.
  • the identifier information is used to enable the server to determine, according to the identifier information, the application currently installed by the terminal device, and send a response message to the terminal device, where the response message includes the first permission list.
  • the first privilege list is a privilege list for updating the privilege of the application provided by the application distribution service on the terminal device of the server service
  • the receiver is further configured to receive the system message sent by the server broadcast, where the system message includes A list of permissions.
  • the first permission list includes modified permissions for at least one application.
  • the first list of permissions includes permissions granted or revoked for at least one application.
  • the first permission list includes rights to reauthorize at least one application.
  • the terminal device is specifically configured to update, according to the first permission list, the permission of the currently installed application permission list, to obtain an updated permission list, where the updated permission list is the terminal.
  • the second permission list for the device.
  • the processor is further configured to: when the terminal device applies for a permission, identify the authorization certificate of the applied authority and the legality of the authority authorization file of the corresponding application of the permission; The authority authorization file of the corresponding application of the certificate and the authority is legal, and the second permission list includes the permission of the application, and the application for the authority of the application is completed.
  • a computer program product which, when run on a computer, causes the computer to perform the method of any of the alternative implementations described above.
  • a fifth aspect a computer readable storage medium having stored thereon a computer program, the computer program being executed to implement the method of any of the above alternative implementations.
  • FIG. 1 is a schematic structural diagram of a rights update system
  • FIG. 2 is a schematic diagram of a permission update prompt information
  • FIG. 3 is a schematic flowchart of a method for updating a rights according to an embodiment of the present disclosure
  • FIG. 4 is a schematic diagram of a scenario in which a terminal device acquires a first permission list according to an embodiment of the present disclosure
  • FIG. 5 is a schematic flowchart of a permission disabling method according to an embodiment of the present invention.
  • FIG. 6 is a schematic flowchart of a method for granting or revoking rights according to an embodiment of the present invention.
  • FIG. 7 is a schematic structural diagram of a terminal device according to an embodiment of the present disclosure.
  • FIG. 8 is a schematic structural diagram of another terminal device according to an embodiment of the present invention.
  • the authority update method of the present application can be applied to the authority update system shown in FIG. 1.
  • the system can include, but is not limited to, a server and a terminal device.
  • a server for at least one APK (such as WeChat, QQ, Tencent video, etc.) provided by an application distribution service (such as an application market, an application store, etc.) on an associated device (or service)
  • the server may be a server corresponding to the distribution service of the terminal device, or may be a server that provides a cloud service for the terminal device, or a server corresponding to the terminal device manufacturer.
  • the server may include an API token platform for managing the update of the API permissions of each APK (assuming that the API permissions have been authorized for each APK), and collecting the violations of the user feedback or the violation of the APK. , generate permission update information.
  • the API token platform may update the API permissions, including but not limited to disabling permissions, adding permissions, or reclaiming (granting or revoking) permissions and reauthorizing permissions.
  • the API permissions may include accessing location information permissions, using network interface permissions, and accessing. Address book permissions and SMS reminder permissions.
  • the API token platform can detect violations of all APKs. If the APK includes only three APKs, WeChat, QQ, and Weibo, the API token platform detects violations of WeChat, QQ, and Weibo. .
  • WeChat authorized permissions can have full Internet access, read address book permissions, recording permissions, read SMS permissions;
  • QQ authorized permissions can have access to precise location, use camera permissions, read contacts, and record Permissions and read SMS permissions;
  • Weibo authorized permissions can have access to address book permissions, use of camera permissions, text messaging permissions, access to precise location permissions.
  • WeChat obtains the user when not applying for the precise location permission. Violation of location information, QQ violation of the camera to work when not applying for camera permissions, and violations of microblogging to record users when not applying for recording permission.
  • the API token platform can disable the corresponding API permissions for WeChat, QQ, and Weibo, as shown in Table 1.
  • the authorization file corresponding to WeChat is NO.20151201XXX. After the permission is changed, the read SMS permission is disabled and the precise location permission is obtained.
  • the authorization file corresponding to Weibo is NO.20150815XXX, and the recording permission is disabled after the permission is changed; the corresponding authorization of QQ
  • the file is NO.20150109XXX, and the permission to read SMS permission is disabled after the permission is changed.
  • the scenario of the API token platform for an API privilege (such as Google's new development of a functional interface) or collective recovery of an API privilege (such as a related violation of an APK vendor, reclaiming a certain privilege of all APKs of the vendor), That is, the API token platform can adopt a scenario in which a single API authority is granted or revoked at one time.
  • an API privilege such as Google's new development of a functional interface
  • collective recovery of an API privilege such as a related violation of an APK vendor, reclaiming a certain privilege of all APKs of the vendor
  • the API license platform will only add the change network status permission to WeChat and QQ, and will prevent the mobile phone sleep right from being granted to WeChat, QQ and Weibo (ie all APKs), and will read the address book permissions to WeChat, QQ and Weibo is disabled (ie all APKs) as shown in Table 2.
  • API permissions API authorization file Corresponding APK Change network status permissions NO.20151201XXX WeChat and QQ increase this permission Prevent mobile phone sleep permissions NO.20150815XXX WeChat, QQ and Weibo grant this permission Read address book permissions NO.20150109XXX WeChat, QQ and Weibo disable this permission
  • the authorization file corresponding to changing the network status authority is NO.20151201XXX, the authority is authorized to WeChat and QQ;
  • the authorization file corresponding to the mobile phone dormancy permission is NO.20150815XXX, the authority is authorized to all APKs; read communication
  • the authorization file corresponding to the recording permission is NO.20150109XXX, and this permission is disabled by all APKs.
  • APK1 is WeChat
  • the list of permissions of WeChat before re-authorization can be: prevent the phone from sleeping, calculate the application storage space, send stubborn broadcasts, change the Wi-Fi status, retrieve the running application, read Sync settings, Bluetooth management, display system level alerts, autostart at boot time, write sync settings, read system settings, view WLAN status, full Internet access, view network status, control vibrators, use cameras, read text messages, Read contacts, write contacts, a total of 19 permissions.
  • APK2 is QQ
  • the list of permissions of QQ before re-authorization can be: prevent the phone from sleeping, disable the key lock, send the stubborn broadcast, read the system log file, retrieve the running application, read the synchronization settings, Bluetooth management, expand / Collapse status bar, display system level alerts, update UI settings, write sync settings to restart other applications, view WLAN status, full Internet access, control flash, control vibrator, 15 permissions.
  • APK3 is Weibo.
  • the list of permissions of Weibo before re-authorization can be: prevent the phone from sleeping, disable key lock, read synchronization statistics, send stubborn broadcasts, retrieve running applications, read synchronization settings, Bluetooth management. , Display system level alerts, autostart at boot time, update UI settings, reorder running applications, write sync settings, view WLAN status, full internet access, view network status, control flash, control vibrator, total 17 permissions.
  • the API token platform reauthorizes the API permissions of at least one of WeChat, QQ or Weibo.
  • the list of permissions for the reauthorized WeChat is: Calculate application storage space, send stubborn broadcasts, change Wi-Fi status, Bluetooth management, create Bluetooth connection, display system level alarms, auto start at boot time, write sync settings, read system Set, view WLAN status, full Internet access, view network status, control vibrator, use camera, read text messages, read contacts, write contacts, write text messages, a total of 18 permissions.
  • the list of permissions for re-authorized QQ is: compute application storage space, disable key locks, change Wi-Fi status, send stubborn broadcasts, read system log files, retrieve running applications, create Bluetooth connections, read sync Settings, Bluetooth management, expand/collapse status bar, display system level alerts, update UI settings, write sync settings to restart other applications, view WLAN status, full internet access, control flash, control vibrator, get coarse location permissions , a total of 18 permissions.
  • the list of permissions for re-authorized QQ is: disable key locks, read synchronization statistics, change Wi-Fi status, send stubborn broadcasts, retrieve running applications, read sync settings, Bluetooth management, create Bluetooth connections, display System level alerts, autostart at boot time, update UI settings, reorder running applications, write sync settings, view WLAN status, full internet access, view network status, control flash, control vibrator, write Contact, recording, a total of 20 permissions.
  • the API privilege of at least one of WeChat, QQ or Weibo after the re-authorization is the same as the API privilege of the corresponding re-authorization, that is, the new API privilege of WeChat, QQ or Weibo is the API privilege of the re-authorization. Precise, regardless of the reauthorization (or original) API permissions.
  • the subject of the scene (1) is an APK, that is, certain rights are granted or disabled for an APK (such as WeChat), and the subject of the scene (2) is an API, that is, for an API (such as accessing communication).
  • the permissions granted are granted to certain APKs or require certain APKs to disable this permission.
  • the subject of the scene (3) is the APK.
  • the re-authorized API will directly replace the API permissions of the original APK, that is, the scene (3) does not need to consider which permissions the APK is granted before, which can be directly Make a replacement for the API.
  • the terminal device may be any mobile or portable mobile terminal, including but not limited to a mobile phone, a mobile computer, a tablet computer, a personal digital assistant (PDA), a media player, a smart TV, and the above two or Two or more combinations, etc.
  • a mobile phone a mobile computer
  • a tablet computer a personal digital assistant (PDA)
  • PDA personal digital assistant
  • media player a smart TV
  • the terminal device may include, but is not limited to, an input unit, a rights update unit, a rights check unit, an output unit, a communication unit, a storage unit, and the like. These components communicate over one or more buses. It will be understood by those skilled in the art that the structure of the terminal device shown in the figure does not constitute a limitation of the present application. It may be a bus-shaped structure or a star structure, and may include more or less than the illustration. Parts, or combine some parts, or different parts.
  • the communication unit is configured to establish a communication channel between the terminal device and the server, so as to obtain permission update information (such as a permission update list) from the server.
  • the communication unit may include a wireless local area network (wireless LAN) module, a Bluetooth module, a baseband module, and the like, and a radio frequency (RF) circuit corresponding to the communication module.
  • the communication module is used to control communication of components in the terminal device, and can support Direct Memory Access.
  • the storage unit is configured to store the acquisition authority update information, the software program (such as a sound player, an image player, and the like) and the data (such as audio data, phone book, etc.) created according to the use of the terminal device.
  • the storage unit may include a volatile memory, such as non-volatile volatile random access memory (NVRAM), phase change random access memory (PRAM), magnetic Resistive random access memory (MRAM), etc., may also include non-volatile memory, such as at least one disk storage device, Electronically Erasable Programmable Read-Only Memory (EEPROM) , flash memory devices, such as NOR flash memory or NAND flash memory
  • NVRAM non-volatile volatile random access memory
  • PRAM phase change random access memory
  • MRAM magnetic Resistive random access memory
  • EEPROM Electronically Erasable Programmable Read-Only Memory
  • flash memory devices such as NOR flash memory or NAND flash memory
  • the privilege updating unit is configured to send the first indication information to the input unit according to the privilege of the currently installed APK of the terminal device and the acquired privilege update information, where the first indication information is used to indicate whether the input unit (such as a display screen) displays whether to apply The updated prompt information is used to complete the permission update according to the input information of the user. As shown in FIG. 2, the display screen displays whether an APK (such as XXX) has a new version updated, and when the user selects Yes, the permission update unit pairs The permissions of the APK are updated, and vice versa.
  • the input unit may be a touch panel or other human-computer interaction interface.
  • the rights update unit may further send second indication information to the output unit according to the rights of the currently installed APK and the obtained rights update information, where the second indication information is used to indicate the voice of the output unit (such as a sound output unit) Prompt whether to perform the application update prompt information, so as to complete the permission update according to the user input information.
  • the input unit may be an image output unit (such as a display panel) and a sound output unit.
  • the rights update unit may further update the rights of the currently installed APK according to the obtained rights update information.
  • the touch panel used in the above input unit can also serve as a display panel of the output unit at the same time.
  • the touch panel detects a touch or proximity gesture operation thereon, the touch panel is transmitted to the rights update unit to determine the type of the touch event, and then the rights update unit provides a corresponding visual output on the display panel according to the type of the touch event.
  • the input unit and the output unit are two independent components to implement the input and output functions of the terminal device, in some embodiments, the touch panel and the display panel may be integrated to implement the terminal device. Input and output functions.
  • the permission checking unit is configured to determine the legality of the APK's authorization certificate and determine the APK's API authorization file when the terminal device applies for an API permission (such as using the network interface authority) during the operation of the APK (such as WeChat). Legitimacy (that is, check whether the signature information of the authorization file is true). If it is legal, further query the second permission list, and confirm the API permission of the current application to determine whether the APK has the right to apply for the API permission, thereby determining whether The application for the API permission is completed, that is, the terminal device allows the APK to apply for the call only if the permission exists in the second permission list.
  • an API permission such as using the network interface authority
  • Legitimacy that is, check whether the signature information of the authorization file is true. If it is legal, further query the second permission list, and confirm the API permission of the current application to determine whether the APK has the right to apply for the API permission, thereby determining whether The application for the API permission is completed, that is, the terminal device allows the APK to apply for
  • terminal device is only an example provided by the embodiment of the present invention, and the terminal device may have more or less components than the illustrated components, may combine two or more components, or may have Different configurations of components are implemented.
  • the present application uses a more refined control to specifically disable at least one API permission of an APK, or uniformly grant or revoke an API permission for multiple APKs, or re-issue the API rights of the re-authorization.
  • the update process does not involve processing the entire APK or revoking the entire certificate, that is, it does not affect the continued use of other permissions of the APK, which improves the user experience and does not expand the scope of the interests of the authorized APK vendors; at the same time, the user does not need to re-download the update APK. It ensures that the certificate and authorized API permissions can be updated or disabled in time, eliminating the abuse of certificates and API permissions, thus ensuring the security of the user terminal.
  • FIG. 3 is a schematic flowchart diagram of a method for updating a rights according to an embodiment of the present invention.
  • the method can include:
  • Step 310 The terminal device acquires the first permission list.
  • the terminal device After the terminal device is connected to the network, when it is detected that the current system version is low or the associated server has an application update, the terminal device needs to obtain the first permission list of the application to perform permission update on the currently installed application.
  • the first permission list is a permission list after the server updates the permission to the application on the application distribution service, or the first permission list is a permission list after the permission is updated for the currently installed application of the terminal device, that is, the first permission list. It can include only the changed API permissions corresponding to all APKs, and can also include changed API permissions and unchanged API permissions for all APKs.
  • the first privilege list may include only the changed API privilege corresponding to the APK currently installed by the terminal device, and may also include the changed API privilege corresponding to the currently installed APK of the terminal device and the unmodified API privilege.
  • all APKs are applications provided by the application distribution service on the terminal device served by the server, that is, all APKs are applications that the server can control.
  • the APK in the API license platform of the server may include NetEase mailbox, Tencent video, Taobao, and Meituan, and the correspondence between the above APK and the corresponding API is as shown in Table 3.
  • APK package name API authorization file Corresponding API NetEase mailbox NO.20151xxx Read contact permissions, read calendar permissions
  • change Wi-Fi permissions Meituan NO.20154xxx Get precise location permissions
  • the authorization file corresponding to the NetEase mailbox is NO.20151xxx, the corresponding API is to read the contact authority and read the calendar permission; the authorization file corresponding to the Tencent video is NO.20152xxx, and the corresponding API is to obtain the precise location permission;
  • the authorization file corresponding to Taobao is NO.20153xxx, the corresponding API is to read the contact authority and change the Wi-Fi permission; the authorization file corresponding to the US group is NO.20154xxx, and the corresponding API is to obtain the precise location permission.
  • the terminal device obtains the first permission list from the server, as shown in FIG. 4:
  • the terminal device may receive a system message sent by the server, and the system message includes a first permission list, so that the terminal device obtains the first permission list.
  • the first permission list is an updated permission list of all the APKs, and before the terminal device obtains the first permission from the server, the API token platform of the server applies the application provided by the distribution service to the terminal device served by the server. The permissions are updated to generate a first permission list.
  • the API token platform of the server checks that the NetEase mailbox has violations, it needs to disable its corresponding permissions.
  • the API token platform updates Table 3.
  • the permission update list may only include API permissions corresponding to the changed APK (such as Table 4) and API permissions corresponding to the changed APK and API permissions corresponding to the unchanged APK (eg table 5).
  • APK package name API authorization file Corresponding API NetEase mailbox NO.20151xxx Read contact permissions, read calendar permissions Tencent video NO.20152xxx Get precise location permissions, retrieve running application permissions Meituan NO.20154xxx Get precise location permissions, retrieve running application permissions
  • APK package name API authorization file Corresponding API NetEase mailbox NO.20151xxx Read contact permissions, read calendar permissions
  • Tencent video NO.20152xxx Get precise location permissions retrieve running application permissions Taobao NO.20153xxx Read contact permissions, change Wi-Fi permissions Meituan NO.20154xxx Get precise location permissions, retrieve running application permissions
  • the terminal device may send a trigger message to the API license platform of the server, where the trigger message may include the identifier information of the terminal device.
  • the identification information may be device number information of the terminal device or user account information corresponding to the terminal device, such as user identity information such as the user's mobile phone number and user mailbox number.
  • the API token platform of the server obtains the APK currently installed by the terminal device according to the identifier information of the terminal device, and updates the permission of the currently installed application of the terminal device to generate the first A list of permissions.
  • the API token platform of the server sends the response message of the trigger message to the terminal device, where the response message may include a first permission list, where the first permission list is an API update list corresponding to the APK currently installed by the terminal device.
  • the trigger message may further include one or more of an APK list of the terminal device, an installation status of the corresponding APK, an APK list currently installed by the terminal device, and server account information of the terminal device.
  • the API token platform queries whether the APK currently installed by the terminal device exists in the updated permission list of all the APKs. If not, the API token platform sends a response message to the terminal device, and the response message may include the indication information. To indicate that the terminal device does not have an API permission update. If the API token platform sends a response message to the terminal device, the response message may include a first permission list to indicate that the terminal device has an update of the API authority.
  • Step 320 The terminal device updates the permission list of the application currently installed by the terminal device according to the first permission list, and generates a second permission list of the terminal device, so that the terminal device controls the currently installed application according to the second permission list. management.
  • update refers to recording, waiting for the APK to check when applying for API permission during use.
  • a list of currently installed APKs and corresponding API permissions stored locally by the terminal device is shown in Table 6.
  • APK package name API authorization file Corresponding API NetEase mailbox NO.20151xxx Read contact permissions, read calendar permissions Taobao NO.20153xxx Read contact permissions, change Wi-Fi permissions Meituan NO.20154xxx Get precise location permissions
  • the authorization file corresponding to the currently installed NetEase mailbox is NO.20151xxx, and the corresponding API is the read contact permission and the read calendar permission;
  • the currently installed Taobao authorization file is NO.20153xxx, and the corresponding API is Read the contact rights and change the Wi-Fi rights;
  • the currently installed US group's authorization file is NO.20154xxx, and the corresponding API is to obtain the precise location permission.
  • the terminal device pops up a prompt box prompting the user whether to update, and when the user selects to perform the update, the terminal device uses the first permission list and the application information of the terminal device (for example, the number of the installed APK, the category, and the like), determine the APK to be updated by the terminal device, and update the rights corresponding to the updated APK, and obtain the updated permission list, and the updated permission list is the terminal device.
  • Two permission lists For example, the number of the installed APK, the category, and the like, determine the APK to be updated by the terminal device, and update the rights corresponding to the updated APK, and obtain the updated permission list, and the updated permission list is the terminal device.
  • the terminal device determines, according to the obtained first permission list and the application information of the terminal device, a locally stored list of rights of the currently installed APK to be updated, and the currently installed updated APK has a permission list as shown in Table 7. .
  • the terminal device pops up a prompt box prompting the user whether to update, when the user selects to perform the update, the terminal device Directly receiving the first permission list sent by the API token platform, the terminal device updates the locally stored APK to be updated according to the first permission list, and obtains the updated permission list, where the updated permission list is the terminal device.
  • the second permission list the terminal device
  • an APK such as WeChat
  • an API permission such as using the network interface permission
  • the method of the above embodiment of the present invention adopts refined control to specifically disable certain API permissions, by simply reclaiming or granting an API permission, or by separately binding the authorization file with an API permission to achieve a one-time operation.
  • To grant or reclaim an API permission the user does not need to re-download the update APK, so that the user has no perception, thereby improving the user experience and reducing conflicts of interest between the two parties.
  • the following is an example of obtaining the first permission list sent by the server through the terminal device. Use the process.
  • FIG. 5 is a schematic flowchart of a permission disabling method according to an embodiment of the present invention.
  • the method can include:
  • Step 500 The API token platform updates the API permissions of each APK according to the violation behavior of the vendor feedback or the violation of the APK, forms a first permission list, and broadcasts and issues the first permission list to the online terminal device, the first permission The list is a list of permissions for all APKs after the update.
  • Step 510 The terminal device receives the first permission list and stores it locally.
  • Step 520 The terminal device determines, according to the installation situation of the local APK and the first permission list, the APK of the terminal device to be updated with the API authority.
  • Step 530 The terminal device updates, according to the first permission list, a second permission list corresponding to the APK to which the API permission is to be updated, where the second permission list is a corresponding permission list of the currently installed APK locally stored by the terminal device.
  • Step 540 The APK applies for an API permission during the running process, and the terminal device first determines whether the authorization certificate of the APK is legal. If it is not legal, step 550 is performed. If it is legal, step 560 is performed.
  • Step 550 rejecting the application of the API permission of the current time.
  • Step 560 The end device determines the validity of the API authorization file of the APK (that is, checks whether the signature information of the authorization file or the public key is true). If it is legal, go to step 570. If not, go to step 550.
  • Step 570 The terminal device queries the updated second permission list to determine whether the APK has the right to apply for the API permission. If yes, go to step 480. If not, go to step 590.
  • Step 580 The API permission of the APK is disabled in the second permission list, and the terminal device rejects the application of the current API permission.
  • Step 590 The API permission of the APK is not in the second permission list, and the terminal device allows the application of the current API permission (not disabled).
  • the above method can specifically disable the API permission, and does not involve processing the entire APK or revoking the entire certificate.
  • the method does not affect the continued use of the APK, and does not expand the scope of damage to the authorized APK vendors; the user does not need to re-download the update APK, so that the user has no perception, thereby improving the user experience and reducing the conflict of interest between the two parties.
  • the foregoing method is not limited to the disabling of the API privilege, and is also applicable to the scenario of granting or revoking the API privilege, and replacing or re-authorizing the privilege of the API.
  • the following takes the first permission list delivered by the server in the terminal device mode 2 as an example to describe in detail the process of granting or revoking individual rights.
  • FIG. 6 is a schematic flowchart of a method for granting or revoking rights according to an embodiment of the present invention.
  • the method can include:
  • Step 600 The API token platform updates the API permissions of each APK according to the violation behavior reported by the vendor or the violation event of the APK, and forms an updated permission list of all the APKs.
  • Step 610 The terminal device sends a trigger message to the API license platform of the server, where the trigger message may include the identifier information of the terminal device to request the first permission list, where the first permission list is an API update corresponding to the APK currently installed by the terminal device. List.
  • Step 620 The API token platform determines an APK currently installed by the terminal device according to the identifier information of the terminal device.
  • Step 630 The API token platform determines whether there is an APK currently installed by the terminal device in the updated permission list of all the APKs. If not, step 640 is performed; if yes, step 650 is performed.
  • Step 640 The API token platform sends a response message to the terminal device, where the response message may include indication information to indicate that the terminal device does not have an update of the API authority.
  • Step 650 The API token platform filters out the first permission list required by the terminal device, and sends a response message to the terminal device, where the response message may include the first permission list.
  • Step 660 The terminal device updates, according to the first permission list, a second permission list corresponding to the APK to which the API permission is to be updated, where the second permission list is a corresponding permission list of the currently installed APK locally stored by the terminal device.
  • Step 670 The APK applies for an API permission during the running process, and the terminal device first determines whether the authorization certificate of the APK is legal. If it is not legal, go to step 680. If it is legal, go to step 690.
  • step 680 the application for the API permission of this time is rejected.
  • Step 690 The terminal device determines the validity of the API authorization file of the APK (that is, checks whether the signature information of the authorization file or the public key is true). If it is legal, go to step 700. If not, go to step 680.
  • Step 700 The terminal device queries the updated second permission list to determine whether the APK has the right to apply for the API permission. If yes, go to step 710. If not, go to step 720.
  • Step 710 The API permission of the APK is disabled in the second permission list, and the terminal device rejects the application of the current API permission.
  • Step 720 The API permission of the APK is not in the second permission list, and the terminal device allows the application of the current API permission (not disabled).
  • an authorization file can control multiple APKs at the same time, and the management of the API is convenient and simple, thereby improving the user experience and reducing conflicts of interest between the two parties.
  • the embodiment of the present invention corresponding to the foregoing method further provides a terminal device.
  • the terminal device may include a receiving unit 810 and a processing unit 820.
  • the processing unit may include a rights update unit and a rights check unit.
  • the receiving unit 810 is configured to obtain a first permission list from an API token platform of the server, where the first permission list is a permission list after the server updates the permission on the application on the application distribution service, or the first permission list is the current installation of the terminal device.
  • the application updates the permission list after the permission, and the server distributes the server corresponding to the application of the terminal device.
  • the processing unit (or the authority update unit) 820 is configured to update the permission list of the application currently installed by the terminal device according to the first permission list, and generate a second permission list of the terminal device, so that the terminal device is configured according to the second permission list. Control or manage the currently installed application.
  • the terminal device may further include a sending unit 830.
  • the first permission list is a permission list after the permission is updated for the application currently installed by the terminal device, and the sending unit 830 is configured to send a trigger message to the server, where the trigger message includes the identification information of the terminal device, where the identifier information is used to enable the server to identify the identifier according to the identifier.
  • the information is sent to the terminal device, and the response message includes a first permission list.
  • the first privilege list is a privilege list after the server updates the privilege to the application on the application distribution service
  • the receiving unit 810 is further configured to receive the system message sent by the server broadcast, where the system message includes the first privilege List.
  • the first permission list includes the modified rights to the at least one application.
  • the first permission list includes rights granted or revoked to the at least one application.
  • the first permission list includes rights after reauthorizing the at least one application.
  • the processing unit (or the rights update unit) 820 is specifically configured to: according to the first permission list, update the permission of the currently installed application permission list, and obtain an updated permission list, where the updated permission list is The second permission list of the terminal device.
  • the processing unit (or the permission checking unit) 820 is further configured to: when applying for a permission, identify the authorization certificate of the applied authority and the legality of the authority authorization file of the corresponding application of the permission; And the permission authorization file of the corresponding application of the permission is legal, and the second permission list includes the permission of the application, and the application for the permission of the application is completed.
  • the embodiment of the present invention corresponding to the foregoing method further provides another terminal device.
  • the terminal device may include a receiver 910, a processor 920, a transmitter 930, and a storage 940.
  • Receiver 910 and transmitter 930 can be antennas.
  • Processor 920 can be a central processing unit (CPU), or a combination of a CPU and a hardware chip.
  • the hardware chip may be an application-specific integrated circuit (ASIC), a programmable logic device (PLD), or a combination thereof.
  • the PLD may be a complex programmable logic device (CPLD), a field-programmable gate array (FPGA), a general array logic (GAL), or any combination thereof.
  • the memory 940 may include a volatile memory such as a random-access memory (RAM); the memory 940 may also include a non-volatile memory such as a read-only memory (read) -only memory, ROM), flash memory, hard disk drive (HDD) or solid-state drive (SSD). Memory 940 can also include a combination of the above types of memory.
  • the memory 940 stores the program code and can transfer the stored program code to the processor 920.
  • the receiver 910 is configured to obtain a first permission list from an API token platform of the server.
  • the first permission list is a permission list after the server updates the permission to the application on the application distribution service, or the first permission list is a permission list after the permission is updated by the currently installed application of the terminal device.
  • the server is a server corresponding to the application distribution service of the terminal device.
  • the processor 920 is configured to update the permission list of the currently installed application of the terminal device according to the first permission list, and generate a second permission list of the terminal device, so that the terminal device controls the currently installed application according to the second permission list or management.
  • the first privilege list is an updated privilege list of the application currently installed by the terminal device
  • the sender 930 is configured to send a trigger message to the server, where the trigger message includes the identifier information of the device.
  • the identifier information is used to enable the server to determine, according to the identifier information, the application currently installed by the device, and send a response message to the device, where the response message may include the first permission list.
  • the first privilege list is a privilege list after the server updates the privilege to the application on the application distribution service, and the receiver is further configured to receive the system message sent by the server broadcast, where the system message includes the first privilege list.
  • the first permission list includes the modified rights to the at least one application.
  • the first permission list includes rights granted or revoked to the at least one application.
  • the first permission list includes rights after reauthorizing the at least one application.
  • the processor 920 is configured to: update the permission list of the currently installed application of the terminal device according to the first permission list and the application currently installed by the device, and obtain the second permission list of the terminal device.
  • the processor 920 is further configured to: when the device applies for a permission, identify an authorization certificate of the applied authority and a legal authorization file of the corresponding application of the permission; if the authorization certificate and the authority of the authority The permission authorization file of the corresponding application is legal, and the second permission list includes the permission of the application, and the application for the permission of the application is completed.
  • Non-transitory medium such as random access memory, read only memory, flash memory, hard disk, solid state disk, magnetic tape, floppy disk, optical disc, and any combination thereof.

Landscapes

  • Telephonic Communication Services (AREA)

Abstract

Embodiments of the present invention relate to a permission update method and system. The method may comprise: a terminal device acquiring a first permission list from a server, the first permission list being a permission list obtained after the server has updated permissions of an application on an application distribution service, or the first permission list being a permission list obtained after permissions of an application currently installed on the terminal device have been updated, and the server being a server corresponding to the application distribution service of the terminal device; the terminal device updating, according to the first permission list, the permission list of the application currently installed on the terminal device, to generate a second permission list of the terminal device, such that the terminal device controls or manages the currently installed application according to the second permission list. This method employs granular control to specifically enable or disable an API permission, or to grant or reclaim one-time API permissions, and a user does not need to re-download and re-update an APK, thereby improving user experience and reducing conflicts of interest between two parties.

Description

权限更新方法和终端设备Authority update method and terminal device 技术领域Technical field

本申请实施例涉及通信领域,尤其涉及一种权限更新方法和终端设备。The embodiment of the present invention relates to the field of communications, and in particular, to a rights update method and a terminal device.

背景技术Background technique

目前针对应用程序编程接口(Application Programming Interface,API)授权的方法是将每个APK授予特定的权限后,形成授权文件与Android安装包(Android Package,APK)(或称应用)打包在一起。APK安装后,并在其的使用中每次调用权限时,终端便会检查其授权文件,确认其是否有权使用该API的权限。Currently, the method for authorizing the Application Programming Interface (API) is to assign each APK to a specific permission, and then form an authorization file packaged with the Android package (Android Package, APK) (or application). Once the APK is installed and each time it is invoked during its use, the terminal checks its authorization file to see if it has access to the API.

然而,传统的证书授权方案并未涉及后续的更新问题,若对APK的API权限有变更(新增或撤销某个权限),则需要打包新的授权文件并重新安装APK,或是通过空中下载技术(Over-the-Air Technology,OTA)的方式,OTA的方式其实也相当于下载并安装APK,更新过程比较繁琐,同时通过直接卸载整个APK或直接撤销整个证书的方式,影响了该APK的继续使用,扩大了被授权APK厂商的利益损害范围。However, the traditional certificate authorization scheme does not involve subsequent update issues. If the API permissions of the APK are changed (adding or revoking a permission), you need to package the new authorization file and reinstall the APK, or download it over the air. Over-the-Air Technology (OTA), the OTA method is equivalent to downloading and installing the APK. The update process is cumbersome. At the same time, by directly uninstalling the entire APK or directly canceling the entire certificate, the APK is affected. Continue to use, expanding the scope of the damage of the authorized APK manufacturers.

发明内容Summary of the invention

本发明实施例提供了一种权限更新方法和终端设备。通过更新API权限过程中,不涉及到处理整个APK或撤销整个证书,实现用户无需重新下载更新APK,从而提升用户体验,减少用户与被授权APK厂商双方的利益冲突。The embodiment of the invention provides a rights update method and a terminal device. By updating the API permissions process, the entire APK is not processed or the entire certificate is revoked, so that the user does not need to re-download the update APK, thereby improving the user experience and reducing the conflict of interest between the user and the authorized APK manufacturer.

第一方面,提供了一种权限更新方法,该方法可以包括终端设备从服务器获取第一权限列表,第一权限列表为服务器更新权限后的权限列表,服务器为终端设备的应用分发服务所对应的服务器。终端设备从服务器获取第一权限列表。终端设备根据第一权限列表,对终端设备当前安装的应用的权限列表进行更新,得到终端设备的第二权限列表,以使终端设备根据第二权限列表对当前安装的应用进行控制或管理。该方法采用精细化的控制可以具体到增加或禁用某个API权限,或者实现一次性地授予或收回API权限,用户无需重新下载更新APK,从而提升用户体验,减少双方利益冲突。In a first aspect, a method for updating a privilege is provided. The method may include: acquiring, by a terminal device, a first privilege list from a server, where the first privilege list is a privilege list after the server updates the privilege, and the server is corresponding to the application distribution service of the terminal device. server. The terminal device obtains the first permission list from the server. The terminal device updates the permission list of the application currently installed by the terminal device according to the first permission list, and obtains the second permission list of the terminal device, so that the terminal device controls or manages the currently installed application according to the second permission list. The method adopts refined control to specifically add or disable an API permission, or implements granting or reclaiming API permissions in one time, and the user does not need to re-download the update APK, thereby improving the user experience and reducing conflicts of interest between the two parties.

在一个可选的实现中,第一权限列表为终端设备当前安装的应用更新了权限后的权限列表,终端设备从服务器获取第一权限列表,包括:终端设备向服务器发送触发消息,触发消息包括终端设备的标识信息,该标识信息可以是终端设备的设备号信息或该终端设备对应的用户账号信息,如用户手机号、用户邮箱号等用户身份信息。其中,标识信息用于使服务器根据标识信息确定设备当前安装的应用后,向终端设备发送响应消息,响应消息包括第一权限列表。In an optional implementation, the first privilege list is a privilege list after the privilege is updated, and the terminal device obtains the first privilege list from the server, where the terminal device sends a trigger message to the server, where the trigger message includes The identification information of the terminal device, where the identification information may be the device number information of the terminal device or the user account information corresponding to the terminal device, such as the user identity information such as the user's mobile phone number and the user mailbox number. The identifier information is used to enable the server to determine, according to the identifier information, the application currently installed by the device, and send a response message to the terminal device, where the response message includes the first permission list.

在一个可选的实现中,第一权限列表具体为服务器服务的终端设备上应用分发服务所提供的应用更新了权限后的权限列表,终端设备从服务器获取第一权限列表,包括:终端设备接收服务器广播发送的系统消息,系统消息包括第一权限列表。In an optional implementation, the first privilege list is specifically a privilege list after the privilege is updated by the application provided by the application distribution service on the terminal device of the server service, and the terminal device obtains the first privilege list from the server, including: receiving by the terminal device The server broadcasts a system message sent, and the system message includes a first permission list.

在一个可选的实现中,第一权限列表包括对至少一个应用进行修改后的权限。In an optional implementation, the first permission list includes modified permissions for at least one application.

在一个可选的实现中,第一权限列表包括对至少一个应用授予或撤销后的权限。 In an optional implementation, the first list of permissions includes permissions granted or revoked for at least one application.

在一个可选的实现中,第一权限列表包括对至少一个应用重授权后的权限。In an optional implementation, the first permission list includes rights to reauthorize at least one application.

在一个可选的实现中,终端设备根据第一权限列表,对终端设备当前安装的应用的权限列表进行更新,得到终端设备的第二权限列表,包括:终端设备根据第一权限列表,对终端设备当前安装的应用的权限列表的权限进行更新,得到更新后的权限列表为终端设备的第二权限列表。In an optional implementation, the terminal device updates the permission list of the currently installed application of the terminal device according to the first permission list, and obtains the second permission list of the terminal device, including: the terminal device according to the first permission list, to the terminal The permission of the permission list of the currently installed application of the device is updated, and the updated permission list is the second permission list of the terminal device.

在一个可选的实现中,生成终端设备的第二权限列表之后,该方法还包括:在终端设备申请一种权限时,终端设备识别申请的权限的授权证书和权限的相应应用的权限授权文件的合法性;若权限的授权证书和权限的相应应用的权限授权文件合法,且第二权限列表包括申请的权限,则终端设备完成对申请的权限的申请。In an optional implementation, after generating the second permission list of the terminal device, the method further includes: when the terminal device applies for a permission, the terminal device identifies the authorization certificate of the applied authority and the authority authorization file of the corresponding application of the permission. Legitimacy; if the authorization certificate of the authority and the authority authorization file of the corresponding application of the authority are legal, and the second permission list includes the permission of the application, the terminal device completes the application for the authority of the application.

第二方面,提供了一种终端设备,该终端设备具有实现上述方法实际中终端设备行为的功能。该功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。该硬件或软件包括一个或多个与上述功能相对应的模块。In a second aspect, a terminal device is provided, the terminal device having a function of implementing the behavior of the terminal device in the actual method. This function can be implemented in hardware or in hardware by executing the corresponding software. The hardware or software includes one or more modules corresponding to the functions described above.

第三方面,提供了另一种终端设备,该终端设备可以包括接收器和处理器,In a third aspect, another terminal device is provided, which can include a receiver and a processor.

接收器用于从服务器获取第一权限列表,第一权限列表为服务器更新权限后的权限列表,服务器为终端设备的应用分发服务所对应的服务器。处理器用于根据第一权限列表,对终端设备当前安装的应用的权限列表进行更新,生成终端设备的第二权限列表,以使终端设备根据第二权限列表对当前安装的应用进行控制或管理。The receiver is configured to obtain a first permission list from the server, where the first permission list is a permission list after the server updates the authority, and the server is a server corresponding to the application distribution service of the terminal device. The processor is configured to update the permission list of the currently installed application of the terminal device according to the first permission list, and generate a second permission list of the terminal device, so that the terminal device controls or manages the currently installed application according to the second permission list.

在一个可选的实现中,终端设备包括发送器,第一权限列表为终端设备当前安装的应用在更新后的权限列表,发送器用于向服务器发送触发消息,触发消息包括终端设备的标识信息。其中,标识信息用于使服务器根据标识信息确定终端设备当前安装的应用后,向终端设备发送响应消息,所述响应消息包括第一权限列表。In an optional implementation, the terminal device includes a sender, the first permission list is an updated permission list of the application currently installed by the terminal device, and the sender is configured to send a trigger message to the server, where the trigger message includes the identifier information of the terminal device. The identifier information is used to enable the server to determine, according to the identifier information, the application currently installed by the terminal device, and send a response message to the terminal device, where the response message includes the first permission list.

在一个可选的实现中,第一权限列表为服务器服务的终端设备上应用分发服务所提供的应用更新了权限的权限列表,接收器还用于接收服务器广播发送的系统消息,系统消息包括第一权限列表。In an optional implementation, the first privilege list is a privilege list for updating the privilege of the application provided by the application distribution service on the terminal device of the server service, and the receiver is further configured to receive the system message sent by the server broadcast, where the system message includes A list of permissions.

在一个可选的实现中,第一权限列表包括对至少一个应用进行修改后的权限。In an optional implementation, the first permission list includes modified permissions for at least one application.

在一个可选的实现中,第一权限列表包括对至少一个应用授予或撤销后的权限。In an optional implementation, the first list of permissions includes permissions granted or revoked for at least one application.

在一个可选的实现中,第一权限列表包括对至少一个应用重授权后的权限。In an optional implementation, the first permission list includes rights to reauthorize at least one application.

在一个可选的实现中,终端设备具体用于根据第一权限列表,对当前安装的应用的权限列表的权限进行更新,得到更新后的权限列表,所述更新后的权限列表为所述终端设备的第二权限列表。In an optional implementation, the terminal device is specifically configured to update, according to the first permission list, the permission of the currently installed application permission list, to obtain an updated permission list, where the updated permission list is the terminal. The second permission list for the device.

在一个可选的实现中,所述处理器,还具体用于在终端设备申请一种权限时,识别申请的权限的授权证书和权限的相应应用的权限授权文件的合法性;若权限的授权证书和权限的相应应用的权限授权文件合法,且第二权限列表包括申请的权限,则完成对申请的权限的申请。In an optional implementation, the processor is further configured to: when the terminal device applies for a permission, identify the authorization certificate of the applied authority and the legality of the authority authorization file of the corresponding application of the permission; The authority authorization file of the corresponding application of the certificate and the authority is legal, and the second permission list includes the permission of the application, and the application for the authority of the application is completed.

第四方面,提供了一种计算机程序产品,当计算机程序产品在计算机上运行时,使得计算机执行如上述可选的实现中任意一项所述的方法。 In a fourth aspect, a computer program product is provided which, when run on a computer, causes the computer to perform the method of any of the alternative implementations described above.

第五方面,提供了一种计算机可读存储介质,该计算机可读存储介质上存储有计算机程序,计算机程序执行时实现如上述可选的实现中任意一项所述的方法。A fifth aspect, a computer readable storage medium having stored thereon a computer program, the computer program being executed to implement the method of any of the above alternative implementations.

附图说明DRAWINGS

图1为一种权限更新系统的结构示意图;1 is a schematic structural diagram of a rights update system;

图2为一种权限更新提示信息的示意图;2 is a schematic diagram of a permission update prompt information;

图3为本发明实施例提供的一种权限更新方法的流程示意图;FIG. 3 is a schematic flowchart of a method for updating a rights according to an embodiment of the present disclosure;

图4为本发明实施例提供的一种终端设备获取第一权限列表的场景示意图;FIG. 4 is a schematic diagram of a scenario in which a terminal device acquires a first permission list according to an embodiment of the present disclosure;

图5为本发明实施例提供的一种权限禁用方法的流程示意图;FIG. 5 is a schematic flowchart of a permission disabling method according to an embodiment of the present invention;

图6为本发明实施例提供的一种权限授予或撤销方法的流程示意图;FIG. 6 is a schematic flowchart of a method for granting or revoking rights according to an embodiment of the present invention;

图7为本发明实施例提供的一种终端设备的结构示意图;FIG. 7 is a schematic structural diagram of a terminal device according to an embodiment of the present disclosure;

图8为本发明实施例提供的另一种终端设备的结构示意图。FIG. 8 is a schematic structural diagram of another terminal device according to an embodiment of the present invention.

具体实施方式detailed description

下面通过附图和实施例,对本申请的技术方案做进一步的详细描述。The technical solutions of the present application are further described in detail below through the accompanying drawings and embodiments.

本申请的权限更新方法可以适用于图1所示权限更新系统。如图1所示,该系统可以包括但不限于服务器和终端设备。The authority update method of the present application can be applied to the authority update system shown in FIG. 1. As shown in FIG. 1, the system can include, but is not limited to, a server and a terminal device.

服务器,用于对关联(或服务)的终端设备上的应用分发服务(如应用市场、应用商店(application store,App Store)等)所提供的至少一个APK(如微信,QQ,腾讯视频等)进行管理(如更新、删除等),服务器可以是终端设备的分发服务所对应的服务器,还可以是为终端设备提供云服务的服务器,或是终端设备制造商所对应的服务器。其中,服务器可以包括API权签平台,以用于管理各个APK的API权限的更新(假设在先已对各APK授权所应有的API权限),以及搜集用户反馈的违规行为或APK的违规事件,生成权限更新信息。A server for at least one APK (such as WeChat, QQ, Tencent video, etc.) provided by an application distribution service (such as an application market, an application store, etc.) on an associated device (or service) For management (such as update, deletion, etc.), the server may be a server corresponding to the distribution service of the terminal device, or may be a server that provides a cloud service for the terminal device, or a server corresponding to the terminal device manufacturer. The server may include an API token platform for managing the update of the API permissions of each APK (assuming that the API permissions have been authorized for each APK), and collecting the violations of the user feedback or the violation of the APK. , generate permission update information.

API权签平台对API权限的更新可以包括但不限于禁用权限、新增权限或收回(授予或撤销)权限和重授权权限,其中,API权限可以包括访问位置信息权限、使用网络接口权限、访问通讯录权限和短信提醒权限等。The API token platform may update the API permissions, including but not limited to disabling permissions, adding permissions, or reclaiming (granting or revoking) permissions and reauthorizing permissions. The API permissions may include accessing location information permissions, using network interface permissions, and accessing. Address book permissions and SMS reminder permissions.

在一个例子中,API权签平台可以针对所有APK的违规行为进行检测,若APK仅包括微信、QQ和微博三个APK,即API权签平台对微信、QQ和微博的违规行为进行检测。微信已授权的权限可以有完全的互联网访问权限、读取通讯录权限、录音权限、读取短信权限;QQ已授权的权限可以有获取精确位置权限、使用摄像头权限、读取通讯录权限、录音权限和读取短信权限等;微博已授权的权限可以有读取通讯录权限、使用摄像头权限、发短信权限、获取精确位置权限等。In one example, the API token platform can detect violations of all APKs. If the APK includes only three APKs, WeChat, QQ, and Weibo, the API token platform detects violations of WeChat, QQ, and Weibo. . WeChat authorized permissions can have full Internet access, read address book permissions, recording permissions, read SMS permissions; QQ authorized permissions can have access to precise location, use camera permissions, read contacts, and record Permissions and read SMS permissions; Weibo authorized permissions can have access to address book permissions, use of camera permissions, text messaging permissions, access to precise location permissions.

(1)API权签平台针对至少一个APK的违规行为的场景。(1) The scenario of the API token platform for the violation of at least one APK.

如,当API权签平台搜集到微信和QQ在未申请读取短信权限(未得到用户的同意)时读取了用户收发的短信的违规事件、微信在未申请获取精确位置权限时获取了用户的位置信息的违规事件、QQ在未申请使用摄像头权限时打开了摄像头进行工作的违规事件,以及微博在未申请录音权限时对用户进行录音的违规事件。API权签平台可以对微信、QQ、微博禁用相应的API权限,如表1所示。 For example, when the API token platform collects WeChat and QQ to read the SMS violation message sent by the user when not applying for the SMS permission (without the user's consent), WeChat obtains the user when not applying for the precise location permission. Violation of location information, QQ violation of the camera to work when not applying for camera permissions, and violations of microblogging to record users when not applying for recording permission. The API token platform can disable the corresponding API permissions for WeChat, QQ, and Weibo, as shown in Table 1.

表1Table 1

APK包名APK package name API授权文件API authorization file 禁用APIDisable API 微信WeChat NO.20151201XXXNO.20151201XXX 读取短信权限获取精确位置权限Read SMS permissions to get precise location permissions 微博Weibo NO.20150815XXXNO.20150815XXX 录音权限Recording permission QQQQ NO.20150109XXXNO.20150109XXX 读取短信权限使用摄像头权限Read SMS permission to use camera permissions

表1中,微信对应的授权文件为NO.20151201XXX,权限更改后禁用读取短信权限、获取精确位置权限;微博对应的授权文件为NO.20150815XXX,权限更改后禁用录音权限;QQ对应的授权文件为NO.20150109XXX,权限更改后禁用读取短信权限使用摄像头权限。In Table 1, the authorization file corresponding to WeChat is NO.20151201XXX. After the permission is changed, the read SMS permission is disabled and the precise location permission is obtained. The authorization file corresponding to Weibo is NO.20150815XXX, and the recording permission is disabled after the permission is changed; the corresponding authorization of QQ The file is NO.20150109XXX, and the permission to read SMS permission is disabled after the permission is changed.

(2)API权签平台针对某个API权限(如Google新开发某功能接口)或集体收回某API权限(如某APK厂商的相关违规行为,收回该厂商旗下所有APK的某权限)的场景,即API权签平台可以采用对单个API权限一次性授予或撤销的场景。(2) The scenario of the API token platform for an API privilege (such as Google's new development of a functional interface) or collective recovery of an API privilege (such as a related violation of an APK vendor, reclaiming a certain privilege of all APKs of the vendor), That is, the API token platform can adopt a scenario in which a single API authority is granted or revoked at one time.

如,API权签平台将新增的改变网络状态权限只授予微信和QQ、将防止手机休眠权限授予微信、QQ和微博(即所有APK),以及将读取通讯录权限对微信、QQ和微博进行禁用(即所有APK),如表2所示。For example, the API license platform will only add the change network status permission to WeChat and QQ, and will prevent the mobile phone sleep right from being granted to WeChat, QQ and Weibo (ie all APKs), and will read the address book permissions to WeChat, QQ and Weibo is disabled (ie all APKs) as shown in Table 2.

表2Table 2

API权限API permissions API授权文件API authorization file 可对应的APKCorresponding APK 改变网络状态权限Change network status permissions NO.20151201XXXNO.20151201XXX 微信和QQ增加此权限WeChat and QQ increase this permission 防止手机休眠权限Prevent mobile phone sleep permissions NO.20150815XXXNO.20150815XXX 微信、QQ和微博授予此权限WeChat, QQ and Weibo grant this permission 读取通讯录权限Read address book permissions NO.20150109XXXNO.20150109XXX 微信、QQ和微博禁用此权限WeChat, QQ and Weibo disable this permission

表2中,改变网络状态权限对应的授权文件为NO.20151201XXX,该权限被授权给微信和QQ;防止手机休眠权限对应的授权文件为NO.20150815XXX,该权限被授权给所有APK;读取通讯录权限对应的授权文件为NO.20150109XXX,该权限被所有APK禁用。In Table 2, the authorization file corresponding to changing the network status authority is NO.20151201XXX, the authority is authorized to WeChat and QQ; the authorization file corresponding to the mobile phone dormancy permission is NO.20150815XXX, the authority is authorized to all APKs; read communication The authorization file corresponding to the recording permission is NO.20150109XXX, and this permission is disabled by all APKs.

(3)API权签平台针对单个或多个APK重授权的API权限的场景。该重授权过程为直接替换原API权限,作权限的更新,也就是说,更新后的单个或多个APK的权限是以重授权的API权限为准,与原API权限无关。(3) A scenario in which the API token platform re-authorizes API permissions for single or multiple APKs. The re-authorization process directly replaces the original API permissions and updates the permissions. That is to say, the rights of the updated single or multiple APKs are based on the re-authorized API permissions, and are independent of the original API permissions.

在一个例子中,APK1为微信,重授权前的微信的权限清单可以为:防止手机休眠、计算应用程序存储空间、发送顽固广播、改变Wi-Fi状态、检索正在运行的的应用程序、读取同步设置、蓝牙管理、显示系统级警报、引导时自动启动、写入同步设置、读取系统设置、查看WLAN状态、完全的互联网访问、查看网络状态、控制振动器、使用摄像头、读取短信、读取联系人、写入联系人,共19项权限。In one example, APK1 is WeChat, and the list of permissions of WeChat before re-authorization can be: prevent the phone from sleeping, calculate the application storage space, send stubborn broadcasts, change the Wi-Fi status, retrieve the running application, read Sync settings, Bluetooth management, display system level alerts, autostart at boot time, write sync settings, read system settings, view WLAN status, full Internet access, view network status, control vibrators, use cameras, read text messages, Read contacts, write contacts, a total of 19 permissions.

APK2为QQ,重授权前的QQ的权限清单可以为:防止手机休眠、禁用键锁、发送顽固广播、读取系统日志文件、检索正在运行的的应用程序、读取同步设置、蓝牙管理、展开/收拢状态栏、显示系统级警报、更新UI设置、写入同步设置重新启动其他应用程序、查看WLAN状态、完全的互联网访问、控制闪光灯、控制振动器,共15项权限。APK2 is QQ, and the list of permissions of QQ before re-authorization can be: prevent the phone from sleeping, disable the key lock, send the stubborn broadcast, read the system log file, retrieve the running application, read the synchronization settings, Bluetooth management, expand / Collapse status bar, display system level alerts, update UI settings, write sync settings to restart other applications, view WLAN status, full Internet access, control flash, control vibrator, 15 permissions.

APK3为微博,重授权前的微博的权限清单可以为:防止手机休眠、禁用键锁、读取同步统计信息、发送顽固广播、检索正在运行的的应用程序、读取同步设置、蓝牙管理、 显示系统级警报、引导时自动启动、更新UI设置、对正在运行的的应用程序重新排序、写入同步设置、查看WLAN状态、完全的互联网访问、查看网络状态、控制闪光灯、控制振动器,共17项权限。APK3 is Weibo. The list of permissions of Weibo before re-authorization can be: prevent the phone from sleeping, disable key lock, read synchronization statistics, send stubborn broadcasts, retrieve running applications, read synchronization settings, Bluetooth management. , Display system level alerts, autostart at boot time, update UI settings, reorder running applications, write sync settings, view WLAN status, full internet access, view network status, control flash, control vibrator, total 17 permissions.

API权签平台将微信、QQ或微博中的至少一个的API权限进行重授权。The API token platform reauthorizes the API permissions of at least one of WeChat, QQ or Weibo.

重授权的微信的权限清单为:计算应用程序存储空间、发送顽固广播、改变Wi-Fi状态、蓝牙管理,创建蓝牙连接、显示系统级警报、引导时自动启动、写入同步设置、读取系统设置、查看WLAN状态、完全的互联网访问、查看网络状态、控制振动器、使用摄像头、读取短信、读取联系人、写入联系人、写入短信,共18项权限。The list of permissions for the reauthorized WeChat is: Calculate application storage space, send stubborn broadcasts, change Wi-Fi status, Bluetooth management, create Bluetooth connection, display system level alarms, auto start at boot time, write sync settings, read system Set, view WLAN status, full Internet access, view network status, control vibrator, use camera, read text messages, read contacts, write contacts, write text messages, a total of 18 permissions.

重授权的QQ的权限清单为:计算应用程序存储空间、禁用键锁、改变Wi-Fi状态、发送顽固广播、读取系统日志文件、检索正在运行的的应用程序、创建蓝牙连接、读取同步设置、蓝牙管理、展开/收拢状态栏、显示系统级警报、更新UI设置、写入同步设置重新启动其他应用程序、查看WLAN状态、完全的互联网访问、控制闪光灯、控制振动器、获取粗略位置权限,共18项权限。The list of permissions for re-authorized QQ is: compute application storage space, disable key locks, change Wi-Fi status, send stubborn broadcasts, read system log files, retrieve running applications, create Bluetooth connections, read sync Settings, Bluetooth management, expand/collapse status bar, display system level alerts, update UI settings, write sync settings to restart other applications, view WLAN status, full internet access, control flash, control vibrator, get coarse location permissions , a total of 18 permissions.

重授权的QQ的权限清单为:禁用键锁、读取同步统计信息、改变Wi-Fi状态、发送顽固广播、检索正在运行的的应用程序、读取同步设置、蓝牙管理、创建蓝牙连接、显示系统级警报、引导时自动启动、更新UI设置、对正在运行的的应用程序重新排序、写入同步设置、查看WLAN状态、完全的互联网访问、查看网络状态、控制闪光灯、控制振动器、写入联系人、录音,共20项权限。The list of permissions for re-authorized QQ is: disable key locks, read synchronization statistics, change Wi-Fi status, send stubborn broadcasts, retrieve running applications, read sync settings, Bluetooth management, create Bluetooth connections, display System level alerts, autostart at boot time, update UI settings, reorder running applications, write sync settings, view WLAN status, full internet access, view network status, control flash, control vibrator, write Contact, recording, a total of 20 permissions.

综上所述,重授权后微信、QQ或微博中的至少一个的API权限与相应重授权的API权限相同,即微信、QQ或微博的新的API权限是以重授权的API权限为准,与重授权(或原来)的API权限无关。In summary, the API privilege of at least one of WeChat, QQ or Weibo after the re-authorization is the same as the API privilege of the corresponding re-authorization, that is, the new API privilege of WeChat, QQ or Weibo is the API privilege of the re-authorization. Precise, regardless of the reauthorization (or original) API permissions.

需要说明的是,场景(1)关注的主体为APK,即针对某个APK(如微信)授予或禁用某些权限,场景(2)关注的主体为API,即针对某个API(如访问通讯录的权限)授予给某些APK或要求某些APK禁用该权限。场景(3)关注的主体为APK,与场景(1)不同的是,重授权的API将直接替换原APK具有的API权限,即场景(3)不需要考虑之前APK被授予哪些权限,可直接进行API的替换。It should be noted that the subject of the scene (1) is an APK, that is, certain rights are granted or disabled for an APK (such as WeChat), and the subject of the scene (2) is an API, that is, for an API (such as accessing communication). The permissions granted are granted to certain APKs or require certain APKs to disable this permission. The subject of the scene (3) is the APK. Unlike the scene (1), the re-authorized API will directly replace the API permissions of the original APK, that is, the scene (3) does not need to consider which permissions the APK is granted before, which can be directly Make a replacement for the API.

进一步的,终端设备可以是任何移动或便携式移动终端,包括但不限于移动电话、移动电脑、平板电脑、个人数字助理(Personal Digital Assistant,PDA)、媒体播放器、智能电视,以及上述两项或两项以上的组合等。Further, the terminal device may be any mobile or portable mobile terminal, including but not limited to a mobile phone, a mobile computer, a tablet computer, a personal digital assistant (PDA), a media player, a smart TV, and the above two or Two or more combinations, etc.

其中,终端设备可以包括但不限于输入单元、权限更新单元、权限检查单元、输出单元、通信单元、存储单元等组件。这些组件通过一条或多条总线进行通信。本领域技术人员可以理解,图中示出的终端设备的结构并不构成对本申请的限定,它既可以是总线形结构,也可以是星型结构,还可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。The terminal device may include, but is not limited to, an input unit, a rights update unit, a rights check unit, an output unit, a communication unit, a storage unit, and the like. These components communicate over one or more buses. It will be understood by those skilled in the art that the structure of the terminal device shown in the figure does not constitute a limitation of the present application. It may be a bus-shaped structure or a star structure, and may include more or less than the illustration. Parts, or combine some parts, or different parts.

通信单元,用于建立终端设备与服务器间的通信信道,以使从服务器获取权限更新信息(如权限更新列表)。通信单元可以包括无线局域网(Wireless Local Area Network,wireless LAN)模块、蓝牙模块、基带(Base Band)模块等通信模块,以及所述通信模块对应的射频(Radio Frequency,简称RF)电路,用于进行无线局域网络通信、蓝牙通信、红外线通信及/或蜂窝式通信系统通信,例如宽带码分多重接入(Wideband Code  Division Multiple Access,W-CDMA)及/或高速下行封包存取(High Speed Downlink Packet Access,HSDPA)。所述通信模块用于控制终端设备中的各组件的通信,并且可以支持直接内存存取(Direct Memory Access)。The communication unit is configured to establish a communication channel between the terminal device and the server, so as to obtain permission update information (such as a permission update list) from the server. The communication unit may include a wireless local area network (wireless LAN) module, a Bluetooth module, a baseband module, and the like, and a radio frequency (RF) circuit corresponding to the communication module. Wireless local area network communication, Bluetooth communication, infrared communication, and/or cellular communication system communication, such as wideband code division multiple access (Wideband Code) Division Multiple Access (W-CDMA) and/or High Speed Downlink Packet Access (HSDPA). The communication module is used to control communication of components in the terminal device, and can support Direct Memory Access.

存储单元,用于存储获取权限更新信息、软件程序(比如声音播放程序、图像播放程序等等)以及根据终端设备的使用所创建的数据(比如音频数据、电话本等)等。在本发明具体实施方式中,存储单元可以包括易失性存储器,例如非挥发性动态随机存取内存(Nonvolatile Random Access Memory,NVRAM)、相变化随机存取内存(Phase Change RAM,PRAM)、磁阻式随机存取内存(Magetoresistive RAM,MRAM)等,还可以包括非易失性存储器,例如至少一个磁盘存储器件、电子可擦除可编程只读存储器(Electrically Erasable Programmable Read-Only Memory,EEPROM)、闪存器件,例如反或闪存(NOR flash memory)或是反及闪存(NAND flash memory)The storage unit is configured to store the acquisition authority update information, the software program (such as a sound player, an image player, and the like) and the data (such as audio data, phone book, etc.) created according to the use of the terminal device. In a specific embodiment of the present invention, the storage unit may include a volatile memory, such as non-volatile volatile random access memory (NVRAM), phase change random access memory (PRAM), magnetic Resistive random access memory (MRAM), etc., may also include non-volatile memory, such as at least one disk storage device, Electronically Erasable Programmable Read-Only Memory (EEPROM) , flash memory devices, such as NOR flash memory or NAND flash memory

权限更新单元,用于根据终端设备当前安装的APK的权限与获取的权限更新信息,向输入单元发送第一指示信息,该第一指示信息用于指示输入单元(如显示屏)显示是否进行应用更新的提示信息,从而根据用户的输入信息完成权限更新,如图2所示,显示屏上显示某一APK(如:XXX)有新版本是否进行更新,当用户选择是时,权限更新单元对该APK的权限进行更新,反之,不进行更新。其中,输入单元可以是触控面板,也可以是其他人机交互界面。The privilege updating unit is configured to send the first indication information to the input unit according to the privilege of the currently installed APK of the terminal device and the acquired privilege update information, where the first indication information is used to indicate whether the input unit (such as a display screen) displays whether to apply The updated prompt information is used to complete the permission update according to the input information of the user. As shown in FIG. 2, the display screen displays whether an APK (such as XXX) has a new version updated, and when the user selects Yes, the permission update unit pairs The permissions of the APK are updated, and vice versa. The input unit may be a touch panel or other human-computer interaction interface.

可选地,权限更新单元,还可以根据当前安装的APK的权限与获取的权限更新信息,向输出单元发送第二指示信息,该第二指示信息用于指示输出单元(如声音输出单元)语音提示是否进行应用更新的提示信息,从而根据用户的输入信息完成权限更新。其中,输入单元可以是影像输出单元(如显示面板)和声音输出单元。Optionally, the rights update unit may further send second indication information to the output unit according to the rights of the currently installed APK and the obtained rights update information, where the second indication information is used to indicate the voice of the output unit (such as a sound output unit) Prompt whether to perform the application update prompt information, so as to complete the permission update according to the user input information. The input unit may be an image output unit (such as a display panel) and a sound output unit.

可选地,权限更新单元,还可以根据获取的权限更新信息,直接对当前安装的APK的权限进行更新。Optionally, the rights update unit may further update the rights of the currently installed APK according to the obtained rights update information.

可以理解的是,上述输入单元所采用的触控面板亦可同时作为输出单元的显示面板。例如,当触控面板检测到在其上的触摸或接近的手势操作后,传送给权限更新单元以确定触摸事件的类型,随后权限更新单元根据触摸事件的类型在显示面板上提供相应的视觉输出。虽然在图1中,输入单元与输出单元是作为两个独立的部件来实现终端设备的输入和输出功能,但是在某些实施例中,可以将触控面板与显示面板集成一体而实现终端设备的输入和输出功能。It can be understood that the touch panel used in the above input unit can also serve as a display panel of the output unit at the same time. For example, when the touch panel detects a touch or proximity gesture operation thereon, the touch panel is transmitted to the rights update unit to determine the type of the touch event, and then the rights update unit provides a corresponding visual output on the display panel according to the type of the touch event. . Although in FIG. 1, the input unit and the output unit are two independent components to implement the input and output functions of the terminal device, in some embodiments, the touch panel and the display panel may be integrated to implement the terminal device. Input and output functions.

权限检查单元,用于在APK(如微信)运行过程中,终端设备申请某个API权限(如使用网络接口权限)时,判断该APK的授权证书的合法性,以及判断APK的API授权文件的合法性(即检查授权文件的签名信息是否真实),若合法,进一步查询第二权限列表,对当前申请调用的API权限进行确认,以确定该APK是否有申请该API权限的资格,从而确定是否完成对该API权限的申请,即只有在第二权限列表中的存在的权限,终端设备才会允许该APK申请调用。The permission checking unit is configured to determine the legality of the APK's authorization certificate and determine the APK's API authorization file when the terminal device applies for an API permission (such as using the network interface authority) during the operation of the APK (such as WeChat). Legitimacy (that is, check whether the signature information of the authorization file is true). If it is legal, further query the second permission list, and confirm the API permission of the current application to determine whether the APK has the right to apply for the API permission, thereby determining whether The application for the API permission is completed, that is, the terminal device allows the APK to apply for the call only if the permission exists in the second permission list.

应当理解,上述的终端设备仅为本发明实施例提供的一个例子,并且,终端设备可具有比示出的部件更多或更少的部件,可以组合两个或更多个部件,或者可具有部件的不同配置实现。 It should be understood that the above-mentioned terminal device is only an example provided by the embodiment of the present invention, and the terminal device may have more or less components than the illustrated components, may combine two or more components, or may have Different configurations of components are implemented.

可见,本申请通过采用更精细化的控制,以具体到禁用某个APK的至少一个API权限,或是针对多个APK统一授予或撤销某个API权限,或是重新发放重授权的API权限,该更新过程不涉及处理整个APK或撤销整个证书,即不会影响APK其他权限的继续使用,提升了用户体验,也不会扩大被授权APK厂商的利益损害范围;同时用户无需重新下载更新APK,保证了证书以及已授权的API权限可以及时地更新或禁用,杜绝了证书以及API权限的滥用,从而保证了用户终端的安全。It can be seen that the present application uses a more refined control to specifically disable at least one API permission of an APK, or uniformly grant or revoke an API permission for multiple APKs, or re-issue the API rights of the re-authorization. The update process does not involve processing the entire APK or revoking the entire certificate, that is, it does not affect the continued use of other permissions of the APK, which improves the user experience and does not expand the scope of the interests of the authorized APK vendors; at the same time, the user does not need to re-download the update APK. It ensures that the certificate and authorized API permissions can be updated or disabled in time, eliminating the abuse of certificates and API permissions, thus ensuring the security of the user terminal.

图3为本发明实施例提供的一种权限更新方法的流程示意图。该方法可以包括:FIG. 3 is a schematic flowchart diagram of a method for updating a rights according to an embodiment of the present invention. The method can include:

步骤310、终端设备获取第一权限列表。Step 310: The terminal device acquires the first permission list.

终端设备连网后,当检测到当前系统版本低或者关联的服务器有应用更新时,终端设备需要获取应用的第一权限列表,以对当前安装的应用进行权限更新。After the terminal device is connected to the network, when it is detected that the current system version is low or the associated server has an application update, the terminal device needs to obtain the first permission list of the application to perform permission update on the currently installed application.

可选地,第一权限列表为服务器对应用分发服务上的应用更新了权限后的权限列表,或者第一权限列表为终端设备当前安装的应用更新了权限后的权限列表,即第一权限列表可以仅包括所有APK对应的更改后的API权限,也可以包括所有APK对应的更改后的API权限和未更改的API权限。或者,第一权限列表可以仅包括终端设备当前安装的APK对应的更改后的API权限,也可以包括终端设备当前安装的APK对应的更改后的API权限和未更改的API权限。其中,所有APK为该服务器服务的终端设备上应用分发服务所提供的应用,即所有APK为该服务器可以管控的应用。Optionally, the first permission list is a permission list after the server updates the permission to the application on the application distribution service, or the first permission list is a permission list after the permission is updated for the currently installed application of the terminal device, that is, the first permission list. It can include only the changed API permissions corresponding to all APKs, and can also include changed API permissions and unchanged API permissions for all APKs. Alternatively, the first privilege list may include only the changed API privilege corresponding to the APK currently installed by the terminal device, and may also include the changed API privilege corresponding to the currently installed APK of the terminal device and the unmodified API privilege. Among them, all APKs are applications provided by the application distribution service on the terminal device served by the server, that is, all APKs are applications that the server can control.

在一个例子中,在服务器的API权签平台中APK可以包括网易邮箱、腾讯视频、淘宝和美团,上述APK与相应API的对应关系,如表3所示。In an example, the APK in the API license platform of the server may include NetEase mailbox, Tencent video, Taobao, and Meituan, and the correspondence between the above APK and the corresponding API is as shown in Table 3.

表3table 3

APK包名APK package name API授权文件API authorization file 对应的APICorresponding API 网易邮箱NetEase mailbox NO.20151xxxNO.20151xxx 读取联系人权限、读取日历权限Read contact permissions, read calendar permissions 腾讯视频Tencent video NO.20152xxxNO.20152xxx 获取精确位置权限Get precise location permissions 淘宝Taobao NO.20153xxxNO.20153xxx 读取联系人权限、改变Wi-Fi权限Read contact permissions, change Wi-Fi permissions 美团Meituan NO.20154xxxNO.20154xxx 获取精确位置权限Get precise location permissions

表3中,网易邮箱对应的授权文件为NO.20151xxx,对应的API为读取联系人权限、读取日历权限;腾讯视频对应的授权文件为NO.20152xxx,对应的API为获取精确位置权限;淘宝对应的授权文件为NO.20153xxx,对应的API为读取联系人权限、改变Wi-Fi权限;美团对应的授权文件为NO.20154xxx,对应的API为获取精确位置权限。In Table 3, the authorization file corresponding to the NetEase mailbox is NO.20151xxx, the corresponding API is to read the contact authority and read the calendar permission; the authorization file corresponding to the Tencent video is NO.20152xxx, and the corresponding API is to obtain the precise location permission; The authorization file corresponding to Taobao is NO.20153xxx, the corresponding API is to read the contact authority and change the Wi-Fi permission; the authorization file corresponding to the US group is NO.20154xxx, and the corresponding API is to obtain the precise location permission.

可选地,终端设备从服务器获取第一权限列表的方式有两种,如图4所示:Optionally, there are two ways for the terminal device to obtain the first permission list from the server, as shown in FIG. 4:

方式一,终端设备可以接收服务器广播发送的系统消息,该系统消息包括第一权限列表,从而使终端设备获取第一权限列表。In a first mode, the terminal device may receive a system message sent by the server, and the system message includes a first permission list, so that the terminal device obtains the first permission list.

其中,该第一权限列表是所有APK的更新后的权限列表时,终端设备从服务器获取第一权限之前,服务器的API权签平台对该服务器服务的终端设备上应用分发服务所提供的应用的权限进行更新,生成第一权限列表。Wherein, the first permission list is an updated permission list of all the APKs, and before the terminal device obtains the first permission from the server, the API token platform of the server applies the application provided by the distribution service to the terminal device served by the server. The permissions are updated to generate a first permission list.

当服务器的API权签平台检查到网易邮箱有违规行为需要禁用其对应的权限,同时需要对腾讯视频、美团增加检索正在运行的应用程序权限时,API权签平台对表3进行更新, 生成更新后的所有APK对应的权限列表,该权限更新列表可以仅包括发生更改的APK对应的API权限(如表4)和更改的APK对应的API权限和未更改的APK对应的API权限(如表5)。When the API license platform of the server checks that the NetEase mailbox has violations, it needs to disable its corresponding permissions. At the same time, when the Tencent video and the US group need to increase the retrieval of the running application permissions, the API token platform updates Table 3. Generate an updated list of permissions corresponding to all APKs, the permission update list may only include API permissions corresponding to the changed APK (such as Table 4) and API permissions corresponding to the changed APK and API permissions corresponding to the unchanged APK (eg table 5).

表4Table 4

APK包名APK package name API授权文件API authorization file 对应的APICorresponding API 网易邮箱NetEase mailbox NO.20151xxxNO.20151xxx 读取联系人权限、读取日历权限Read contact permissions, read calendar permissions 腾讯视频Tencent video NO.20152xxxNO.20152xxx 获取精确位置权限、检索正在运行的应用程序权限Get precise location permissions, retrieve running application permissions 美团Meituan NO.20154xxxNO.20154xxx 获取精确位置权限、检索正在运行的应用程序权限Get precise location permissions, retrieve running application permissions

表5table 5

APK包名APK package name API授权文件API authorization file 对应的APICorresponding API 网易邮箱NetEase mailbox NO.20151xxxNO.20151xxx 读取联系人权限、读取日历权限Read contact permissions, read calendar permissions 腾讯视频Tencent video NO.20152xxxNO.20152xxx 获取精确位置权限、检索正在运行的应用程序权限Get precise location permissions, retrieve running application permissions 淘宝Taobao NO.20153xxxNO.20153xxx 读取联系人权限、改变Wi-Fi权限Read contact permissions, change Wi-Fi permissions 美团Meituan NO.20154xxxNO.20154xxx 获取精确位置权限、检索正在运行的应用程序权限Get precise location permissions, retrieve running application permissions

方式二,终端设备可以向服务器的API权签平台发送触发消息,该触发消息可以包括终端设备的标识信息。In the second mode, the terminal device may send a trigger message to the API license platform of the server, where the trigger message may include the identifier information of the terminal device.

标识信息可以是终端设备的设备号信息或该终端设备对应的用户账号信息,如用户手机号、用户邮箱号等用户身份信息。The identification information may be device number information of the terminal device or user account information corresponding to the terminal device, such as user identity information such as the user's mobile phone number and user mailbox number.

其中,终端设备从服务器获取第一权限之前,服务器的API权签平台根据终端设备的标识信息,获取该终端设备当前安装的APK,并对该终端设备当前安装的应用的权限进行更新,生成第一权限列表。Before the terminal device obtains the first permission from the server, the API token platform of the server obtains the APK currently installed by the terminal device according to the identifier information of the terminal device, and updates the permission of the currently installed application of the terminal device to generate the first A list of permissions.

进一步的,服务器的API权签平台向终端设备发送该触发消息的响应消息,该响应消息可以包括第一权限列表,该第一权限列表为该终端设备当前安装的APK对应的API更新列表。Further, the API token platform of the server sends the response message of the trigger message to the terminal device, where the response message may include a first permission list, where the first permission list is an API update list corresponding to the APK currently installed by the terminal device.

可选地,该触发消息还可以包括终端设备的APK名单及相应APK的安装情况、终端设备当前安装的APK名单和终端设备的服务器账号信息中的一种或多种信息。Optionally, the trigger message may further include one or more of an APK list of the terminal device, an installation status of the corresponding APK, an APK list currently installed by the terminal device, and server account information of the terminal device.

例如,API权签平台在更新后的所有APK对应的权限列表中查询是否存在该终端设备当前安装的APK,若不存在,API权签平台向终端设备发送响应消息,该响应消息可以包括指示信息,以指示终端设备没有API权限的更新。若存在API权签平台向终端设备发送响应消息,该响应消息可以包括第一权限列表,以指示终端设备有API权限的更新。For example, the API token platform queries whether the APK currently installed by the terminal device exists in the updated permission list of all the APKs. If not, the API token platform sends a response message to the terminal device, and the response message may include the indication information. To indicate that the terminal device does not have an API permission update. If the API token platform sends a response message to the terminal device, the response message may include a first permission list to indicate that the terminal device has an update of the API authority.

步骤320、终端设备根据第一权限列表,对终端设备当前安装的应用的权限列表进行更新,生成终端设备的第二权限列表,以使终端设备根据第二权限列表对当前安装的应用进行控制或管理。Step 320: The terminal device updates the permission list of the application currently installed by the terminal device according to the first permission list, and generates a second permission list of the terminal device, so that the terminal device controls the currently installed application according to the second permission list. management.

可以理解的是,此处的更新是指作记录,等待APK在使用过程中申请API权限时再查看。It can be understood that the update here refers to recording, waiting for the APK to check when applying for API permission during use.

终端设备本地存储的当前安装的APK与相应API权限的列表,如表6所示。 A list of currently installed APKs and corresponding API permissions stored locally by the terminal device is shown in Table 6.

表6Table 6

APK包名APK package name API授权文件API authorization file 对应的APICorresponding API 网易邮箱NetEase mailbox NO.20151xxxNO.20151xxx 读取联系人权限、读取日历权限Read contact permissions, read calendar permissions 淘宝Taobao NO.20153xxxNO.20153xxx 读取联系人权限、改变Wi-Fi权限Read contact permissions, change Wi-Fi permissions 美团Meituan NO.20154xxxNO.20154xxx 获取精确位置权限Get precise location permissions

表6中,当前安装的网易邮箱对应的授权文件为NO.20151xxx,对应的API为读取联系人权限和读取日历权限;当前安装的淘宝对应的授权文件为NO.20153xxx,对应的API为读取联系人权限和改变Wi-Fi权限;当前安装的美团对应的授权文件为NO.20154xxx,对应的API为获取精确位置权限。In Table 6, the authorization file corresponding to the currently installed NetEase mailbox is NO.20151xxx, and the corresponding API is the read contact permission and the read calendar permission; the currently installed Taobao authorization file is NO.20153xxx, and the corresponding API is Read the contact rights and change the Wi-Fi rights; the currently installed US group's authorization file is NO.20154xxx, and the corresponding API is to obtain the precise location permission.

可选地,当终端设备以方式一获取第一权限列表后,终端设备弹出提示用户是否进行更新的提示框,当用户选择进行更新时,终端设备根据第一权限列表和终端设备的应用信息(如安装的APK的个数、类别等信息),确定终端设备待更新的APK,并对待更新的APK对应的权限进行更新,得到更新后的权限列表,该更新后的权限列表为终端设备的第二权限列表。Optionally, after the terminal device obtains the first permission list in mode 1, the terminal device pops up a prompt box prompting the user whether to update, and when the user selects to perform the update, the terminal device uses the first permission list and the application information of the terminal device ( For example, the number of the installed APK, the category, and the like), determine the APK to be updated by the terminal device, and update the rights corresponding to the updated APK, and obtain the updated permission list, and the updated permission list is the terminal device. Two permission lists.

也就是说,终端设备根据获取的第一权限列表和终端设备的应用信息,确定本地存储的当前安装的待更新的APK的权限列表,当前安装的更新后的APK的权限列表如表7所示。In other words, the terminal device determines, according to the obtained first permission list and the application information of the terminal device, a locally stored list of rights of the currently installed APK to be updated, and the currently installed updated APK has a permission list as shown in Table 7. .

表7Table 7

Figure PCTCN2017093025-appb-000001
Figure PCTCN2017093025-appb-000001

可选地,当终端设备以方式二获取第一权限列表(当前安装的待更新的APK的权限列表)后,终端设备弹出提示用户是否进行更新的提示框,当用户选择进行更新时,终端设备直接接收API权签平台发送的第一权限列表,终端设备根据第一权限列表对本地存储的待更新的APK的权限进行更新,得到更新后的权限列表,该更新后的权限列表为终端设备的第二权限列表。Optionally, after the terminal device acquires the first permission list (the currently installed permission list of the to-be-updated APK) in the second mode, the terminal device pops up a prompt box prompting the user whether to update, when the user selects to perform the update, the terminal device Directly receiving the first permission list sent by the API token platform, the terminal device updates the locally stored APK to be updated according to the first permission list, and obtains the updated permission list, where the updated permission list is the terminal device. The second permission list.

在APK(如微信)运行过程中,终端设备申请某个API权限(如使用网络接口权限)时,需要判断该APK的授权证书的合法性,以及判断APK的API授权文件的合法性(即检查授权文件的签名信息是否真实),若合法,进一步查询第二权限列表,确定该APK是否有申请该API权限的资格,从而确定是否完成对该API权限的申请。In the process of running an APK (such as WeChat), when the terminal device applies for an API permission (such as using the network interface permission), it is necessary to judge the legality of the authorization certificate of the APK, and determine the legality of the API authorization file of the APK (ie, check Whether the signature information of the authorization file is true or not. If it is legal, further query the second permission list to determine whether the APK has the right to apply for the API permission, thereby determining whether to complete the application for the API permission.

本发明上述实施例的方法采用精细化的控制可以具体到禁用某个API权限,通过单纯地收回或授予某个API权限,或者通过将授权文件与某个API权限单独绑定,实现一次性地授予或收回某个API权限,用户无需重新下载更新APK,可做到用户无感知,从而提升用户体验,减少双方利益冲突。The method of the above embodiment of the present invention adopts refined control to specifically disable certain API permissions, by simply reclaiming or granting an API permission, or by separately binding the authorization file with an API permission to achieve a one-time operation. To grant or reclaim an API permission, the user does not need to re-download the update APK, so that the user has no perception, thereby improving the user experience and reducing conflicts of interest between the two parties.

下面以通过终端设备方式一获取服务器下发的第一权限列表为例,详细介绍权限的禁 用过程。The following is an example of obtaining the first permission list sent by the server through the terminal device. Use the process.

图5为本发明实施例提供的一种权限禁用方法的流程示意图。该方法可以包括:FIG. 5 is a schematic flowchart of a permission disabling method according to an embodiment of the present invention. The method can include:

步骤500、API权签平台根据厂商反馈的违规行为或APK的违规事件,更新各APK的API权限,形成第一权限列表,并向在线的终端设备广播并发放该第一权限列表,第一权限列表为更新后的所有APK对应的权限列表。Step 500: The API token platform updates the API permissions of each APK according to the violation behavior of the vendor feedback or the violation of the APK, forms a first permission list, and broadcasts and issues the first permission list to the online terminal device, the first permission The list is a list of permissions for all APKs after the update.

步骤510、终端设备接收第一权限列表,并存储于本地。Step 510: The terminal device receives the first permission list and stores it locally.

步骤520、终端设备根据本地APK的安装情况和第一权限列表,确定终端设备待更新API权限的APK。Step 520: The terminal device determines, according to the installation situation of the local APK and the first permission list, the APK of the terminal device to be updated with the API authority.

步骤530、终端设备根据第一权限列表,对待更新API权限的APK对应的第二权限列表进行更新,第二权限列表为终端设备本地存储的当前安装的APK的对应的权限列表。Step 530: The terminal device updates, according to the first permission list, a second permission list corresponding to the APK to which the API permission is to be updated, where the second permission list is a corresponding permission list of the currently installed APK locally stored by the terminal device.

步骤540、APK在运行过程中申请某个API权限,终端设备首先判断该APK的授权证书是否合法,若不合法,执行步骤550,若合法,执行步骤560。Step 540: The APK applies for an API permission during the running process, and the terminal device first determines whether the authorization certificate of the APK is legal. If it is not legal, step 550 is performed. If it is legal, step 560 is performed.

步骤550、拒绝本次的API权限的申请。Step 550, rejecting the application of the API permission of the current time.

步骤560、端设备判断该APK的API授权文件的合法性(即检查授权文件的签名信息或公钥是否真实),若合法,执行步骤570,若不合法,执行步骤550。Step 560: The end device determines the validity of the API authorization file of the APK (that is, checks whether the signature information of the authorization file or the public key is true). If it is legal, go to step 570. If not, go to step 550.

步骤570、终端设备查询更新后的第二权限列表,确定该APK是否有申请该API权限的资格,若有,执行步骤480,若没有,执行步骤590。Step 570: The terminal device queries the updated second permission list to determine whether the APK has the right to apply for the API permission. If yes, go to step 480. If not, go to step 590.

步骤580、该APK的该API权限在第二权限列表中被禁用,则终端设备拒绝本次的API权限的申请。Step 580: The API permission of the APK is disabled in the second permission list, and the terminal device rejects the application of the current API permission.

步骤590、该APK的该API权限未在第二权限列表中,则终端设备允许本次的API权限的申请(未被禁用)。Step 590: The API permission of the APK is not in the second permission list, and the terminal device allows the application of the current API permission (not disabled).

与现有技术中对APK违规的采用的直接卸载APK或直接撤销该证书的方式不同的是,上述方法可以具体到禁用某个API权限,而不涉及到处理整个APK或撤销整个证书,这种方式不影响该APK的继续使用,也不会扩大对被授权APK厂商的利益损害范围;用户无需重新下载更新APK,可做到用户无感知,从而提升用户体验,减少双方利益冲突。Different from the prior art method of directly uninstalling the APK for the violation of the APK or directly canceling the certificate, the above method can specifically disable the API permission, and does not involve processing the entire APK or revoking the entire certificate. The method does not affect the continued use of the APK, and does not expand the scope of damage to the authorized APK vendors; the user does not need to re-download the update APK, so that the user has no perception, thereby improving the user experience and reducing the conflict of interest between the two parties.

可以理解的是,上述方法不仅限于禁用API权限,还适用于授予或撤销API权限,替换或重授权API权限的场景,本发明实施例在此不再赘述。It is to be understood that the foregoing method is not limited to the disabling of the API privilege, and is also applicable to the scenario of granting or revoking the API privilege, and replacing or re-authorizing the privilege of the API.

下面以通过终端设备方式二获取服务器下发的第一权限列表为例,详细介绍单个权限的授予或撤销过程。The following takes the first permission list delivered by the server in the terminal device mode 2 as an example to describe in detail the process of granting or revoking individual rights.

图6为本发明实施例提供的一种权限授予或撤销方法的流程示意图。该方法可以包括:FIG. 6 is a schematic flowchart of a method for granting or revoking rights according to an embodiment of the present invention. The method can include:

步骤600、API权签平台根据厂商反馈的违规行为或APK的违规事件,更新各APK的API权限,形成更新后的所有APK对应的权限列表。Step 600: The API token platform updates the API permissions of each APK according to the violation behavior reported by the vendor or the violation event of the APK, and forms an updated permission list of all the APKs.

步骤610、终端设备向服务器的API权签平台发送触发消息,该触发消息可以包括终端设备的标识信息,以请求第一权限列表,第一权限列表为该终端设备当前安装的APK对应的API更新列表。Step 610: The terminal device sends a trigger message to the API license platform of the server, where the trigger message may include the identifier information of the terminal device to request the first permission list, where the first permission list is an API update corresponding to the APK currently installed by the terminal device. List.

步骤620、API权签平台根据终端设备的标识信息,确定终端设备当前安装的APK。Step 620: The API token platform determines an APK currently installed by the terminal device according to the identifier information of the terminal device.

步骤630、API权签平台判断在更新后的所有APK对应的权限列表中是否有该终端设备当前安装的APK,若没有,则执行步骤640;若有,则执行步骤650。 Step 630: The API token platform determines whether there is an APK currently installed by the terminal device in the updated permission list of all the APKs. If not, step 640 is performed; if yes, step 650 is performed.

步骤640、API权签平台向终端设备发送响应消息,该响应消息可以包括指示信息,以指示终端设备没有API权限的更新。Step 640: The API token platform sends a response message to the terminal device, where the response message may include indication information to indicate that the terminal device does not have an update of the API authority.

步骤650、API权签平台筛选出终端设备需要的第一权限列表,并向终端设备发送响应消息,该响应消息可以包括第一权限列表。Step 650: The API token platform filters out the first permission list required by the terminal device, and sends a response message to the terminal device, where the response message may include the first permission list.

步骤660、终端设备根据第一权限列表,对待更新API权限的APK对应的第二权限列表进行更新,第二权限列表为终端设备本地存储的当前安装的APK的对应的权限列表。Step 660: The terminal device updates, according to the first permission list, a second permission list corresponding to the APK to which the API permission is to be updated, where the second permission list is a corresponding permission list of the currently installed APK locally stored by the terminal device.

步骤670、APK在运行过程中申请某个API权限,终端设备首先判断该APK的授权证书是否合法,若不合法,执行步骤680,若合法,执行步骤690。Step 670: The APK applies for an API permission during the running process, and the terminal device first determines whether the authorization certificate of the APK is legal. If it is not legal, go to step 680. If it is legal, go to step 690.

步骤680、拒绝本次的API权限的申请。In step 680, the application for the API permission of this time is rejected.

步骤690、终端设备判断该APK的API授权文件的合法性(即检查授权文件的签名信息或公钥是否真实),若合法,执行步骤700,若不合法,执行步骤680。Step 690: The terminal device determines the validity of the API authorization file of the APK (that is, checks whether the signature information of the authorization file or the public key is true). If it is legal, go to step 700. If not, go to step 680.

步骤700、终端设备查询更新后的第二权限列表,确定该APK是否有申请该API权限的资格,若有,执行步骤710,若没有,执行步骤720。Step 700: The terminal device queries the updated second permission list to determine whether the APK has the right to apply for the API permission. If yes, go to step 710. If not, go to step 720.

步骤710、该APK的该API权限在第二权限列表中被禁用,则终端设备拒绝本次的API权限的申请。Step 710: The API permission of the APK is disabled in the second permission list, and the terminal device rejects the application of the current API permission.

步骤720、该APK的该API权限未在第二权限列表中,则终端设备允许本次的API权限的申请(未被禁用)。Step 720: The API permission of the APK is not in the second permission list, and the terminal device allows the application of the current API permission (not disabled).

与现有技术中对APK违规的采用的直接卸载APK或直接撤销该证书的方式不同的是,通过将授权文件与特定API权限一对一的绑定,可以实现一次性地授予或撤销某个API权限。也就是说,一个授权文件可同时管控多个APK,对API的管理方便简单,从而提升用户体验,减少双方利益冲突。Different from the direct uninstallation of the APK in the prior art for the violation of the APK or the way the certificate is directly revoked, by binding the authorization file to the specific API authority one-to-one, one-time grant or revocation can be achieved. API permissions. In other words, an authorization file can control multiple APKs at the same time, and the management of the API is convenient and simple, thereby improving the user experience and reducing conflicts of interest between the two parties.

可以理解的是,上述方法不仅限于授予或撤销API权限,还适用于禁用API权限,替换或重授权API权限的场景,本发明实施例在此不再赘述。It is to be understood that the foregoing method is not limited to granting or revoking API rights, and is also applicable to the scenario of disabling API rights, replacing or re-authorizing API rights, and details are not described herein again.

与上述方法对应的本发明实施例还提供了一种终端设备,如图7所示,该终端设备可以包括接收单元810和处理单元820。处理单元可以包括权限更新单元和权限检查单元。The embodiment of the present invention corresponding to the foregoing method further provides a terminal device. As shown in FIG. 7, the terminal device may include a receiving unit 810 and a processing unit 820. The processing unit may include a rights update unit and a rights check unit.

接收单元810,用于从服务器的API权签平台获取第一权限列表,第一权限列表为服务器对应用分发服务上的应用更新了权限后的权限列表,或者第一权限列表为终端设备当前安装的应用更新了权限后的权限列表,服务器为终端设备的应用分发服务所对应的服务器。The receiving unit 810 is configured to obtain a first permission list from an API token platform of the server, where the first permission list is a permission list after the server updates the permission on the application on the application distribution service, or the first permission list is the current installation of the terminal device. The application updates the permission list after the permission, and the server distributes the server corresponding to the application of the terminal device.

处理单元(或称权限更新单元)820,用于根据第一权限列表,对终端设备当前安装的应用的权限列表进行更新,生成终端设备的第二权限列表,以使终端设备根据第二权限列表对当前安装的应用进行控制或管理。The processing unit (or the authority update unit) 820 is configured to update the permission list of the application currently installed by the terminal device according to the first permission list, and generate a second permission list of the terminal device, so that the terminal device is configured according to the second permission list. Control or manage the currently installed application.

可选地,该终端设备还可以包括发送单元830。第一权限列表为终端设备当前安装的应用更新了权限后的权限列表,发送单元830,用于向服务器发送触发消息,触发消息包括终端设备的标识信息;其中,标识信息用于使服务器根据标识信息确定终端设备当前安装的应用后,向终端设备发送响应消息,响应消息包括第一的权限列表。Optionally, the terminal device may further include a sending unit 830. The first permission list is a permission list after the permission is updated for the application currently installed by the terminal device, and the sending unit 830 is configured to send a trigger message to the server, where the trigger message includes the identification information of the terminal device, where the identifier information is used to enable the server to identify the identifier according to the identifier. After determining the application currently installed by the terminal device, the information is sent to the terminal device, and the response message includes a first permission list.

可选地,所述第一权限列表为所述服务器对应用分发服务上的应用更新了权限后的权限列表,接收单元810,还用于接收服务器广播发送的系统消息,系统消息包括第一权限 列表。Optionally, the first privilege list is a privilege list after the server updates the privilege to the application on the application distribution service, and the receiving unit 810 is further configured to receive the system message sent by the server broadcast, where the system message includes the first privilege List.

可选地,第一权限列表包括对至少一个应用进行修改后的权限。Optionally, the first permission list includes the modified rights to the at least one application.

可选地,第一权限列表包括对至少一个应用授予或撤销后的权限。Optionally, the first permission list includes rights granted or revoked to the at least one application.

可选地,第一权限列表包括对至少一个应用重授权后的权限。Optionally, the first permission list includes rights after reauthorizing the at least one application.

可选地,处理单元(或称权限更新单元)820具体用于根据第一权限列表,对当前安装的应用的权限列表的权限进行更新,得到更新后的权限列表,该更新后的权限列表为终端设备的第二权限列表。Optionally, the processing unit (or the rights update unit) 820 is specifically configured to: according to the first permission list, update the permission of the currently installed application permission list, and obtain an updated permission list, where the updated permission list is The second permission list of the terminal device.

可选地,处理单元(或称权限检查单元)820具体还用于在申请一种权限时,识别申请的权限的授权证书和权限的相应应用的权限授权文件的合法性;若权限的授权证书和权限的相应应用的权限授权文件合法,且第二权限列表包括申请的权限,则完成对该申请的权限的申请。Optionally, the processing unit (or the permission checking unit) 820 is further configured to: when applying for a permission, identify the authorization certificate of the applied authority and the legality of the authority authorization file of the corresponding application of the permission; And the permission authorization file of the corresponding application of the permission is legal, and the second permission list includes the permission of the application, and the application for the permission of the application is completed.

与上述方法对应的本发明实施例还提供了另一种终端设备,如图8所示,该终端设备可以包括接收器910、处理器920、发送器930和储存器940,The embodiment of the present invention corresponding to the foregoing method further provides another terminal device. As shown in FIG. 8, the terminal device may include a receiver 910, a processor 920, a transmitter 930, and a storage 940.

接收器910和发送器930可以是天线。处理器920可以是中央处理器(central processing unit,CPU),或者CPU和硬件芯片的组合。上述硬件芯片可以是专用集成电路(application-specific integrated circuit,ASIC),可编程逻辑器件(programmable logic device,PLD)或其组合。上述PLD可以是复杂可编程逻辑器件(complex programmable logic device,CPLD),现场可编程逻辑门阵列(field-programmable gate array,FPGA),通用阵列逻辑(generic array logic,GAL)或其任意组合。Receiver 910 and transmitter 930 can be antennas. Processor 920 can be a central processing unit (CPU), or a combination of a CPU and a hardware chip. The hardware chip may be an application-specific integrated circuit (ASIC), a programmable logic device (PLD), or a combination thereof. The PLD may be a complex programmable logic device (CPLD), a field-programmable gate array (FPGA), a general array logic (GAL), or any combination thereof.

存储器940可以包括易失性存储器(volatile memory),例如随机存取存储器(random-access memory,RAM);存储器940也可以包括非易失性存储器(non-volatile memory),例如只读存储器(read-only memory,ROM),快闪存储器(flash memory),硬盘(hard disk drive,HDD)或固态硬盘(solid-state drive,SSD)。存储器940还可以包括上述种类的存储器的组合。存储器940存储程序代码,并可以将存储的程序代码传输给处理器920。The memory 940 may include a volatile memory such as a random-access memory (RAM); the memory 940 may also include a non-volatile memory such as a read-only memory (read) -only memory, ROM), flash memory, hard disk drive (HDD) or solid-state drive (SSD). Memory 940 can also include a combination of the above types of memory. The memory 940 stores the program code and can transfer the stored program code to the processor 920.

接收器910用于从服务器的API权签平台获取第一权限列表。其中,该第一权限列表为服务器对应用分发服务上的应用更新了权限后的权限列表,或者第一权限列表为终端设备当前安装的应用更新了权限后的权限列表。该服务器为终端设备的应用分发服务所对应的服务器。The receiver 910 is configured to obtain a first permission list from an API token platform of the server. The first permission list is a permission list after the server updates the permission to the application on the application distribution service, or the first permission list is a permission list after the permission is updated by the currently installed application of the terminal device. The server is a server corresponding to the application distribution service of the terminal device.

处理器920用于根据第一权限列表,对终端设备当前安装的应用的权限列表进行更新,生成终端设备的第二权限列表,以使终端设备根据第二权限列表对当前安装的应用进行控制或管理。The processor 920 is configured to update the permission list of the currently installed application of the terminal device according to the first permission list, and generate a second permission list of the terminal device, so that the terminal device controls the currently installed application according to the second permission list or management.

可选地,第一权限列表为终端设备当前安装的应用在更新后的权限列表,发送器930用于向服务器发送触发消息,触发消息包括设备的标识信息。其中,标识信息用于使服务器根据标识信息确定设备当前安装的应用后,向设备发送响应消息,响应消息可以包括第一权限列表。Optionally, the first privilege list is an updated privilege list of the application currently installed by the terminal device, and the sender 930 is configured to send a trigger message to the server, where the trigger message includes the identifier information of the device. The identifier information is used to enable the server to determine, according to the identifier information, the application currently installed by the device, and send a response message to the device, where the response message may include the first permission list.

可选地,第一权限列表为服务器对应用分发服务上的应用更新了权限后的权限列表,接收器还用于接收服务器广播发送的系统消息,该系统消息包括第一权限列表。 Optionally, the first privilege list is a privilege list after the server updates the privilege to the application on the application distribution service, and the receiver is further configured to receive the system message sent by the server broadcast, where the system message includes the first privilege list.

可选地,第一权限列表包括对至少一个应用进行修改后的权限。Optionally, the first permission list includes the modified rights to the at least one application.

可选地,第一权限列表包括对至少一个应用授予或撤销后的权限。Optionally, the first permission list includes rights granted or revoked to the at least one application.

可选地,第一权限列表包括对至少一个应用重授权后的权限。Optionally, the first permission list includes rights after reauthorizing the at least one application.

可选地,处理器920,具体用于根据第一权限列表和设备当前安装的应用,对终端设备当前安装的应用的权限列表进行更新,获取终端设备的第二权限列表。Optionally, the processor 920 is configured to: update the permission list of the currently installed application of the terminal device according to the first permission list and the application currently installed by the device, and obtain the second permission list of the terminal device.

可选地,处理器920,具体还用于在该设备申请一种权限时,识别申请的权限的授权证书和该权限的相应应用的权限授权文件的合法性;若权限的授权证书和权限的相应应用的权限授权文件合法,且第二权限列表包括该申请的权限,则完成对该申请的权限的申请。Optionally, the processor 920 is further configured to: when the device applies for a permission, identify an authorization certificate of the applied authority and a legal authorization file of the corresponding application of the permission; if the authorization certificate and the authority of the authority The permission authorization file of the corresponding application is legal, and the second permission list includes the permission of the application, and the application for the permission of the application is completed.

专业人员应该还可以进一步意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。A person skilled in the art should further appreciate that the elements and algorithm steps of the various examples described in connection with the embodiments disclosed herein can be implemented in electronic hardware, computer software, or a combination of both, in order to clearly illustrate hardware and software. Interchangeability, the composition and steps of the various examples have been generally described in terms of function in the above description. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods to implement the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present application.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分步骤是可以通过程序来指令处理器完成,所述的程序可以存储于计算机可读存储介质中,所述存储介质是非短暂性(non-transitory)介质,例如随机存取存储器,只读存储器,快闪存储器,硬盘,固态硬盘,磁带(magnetic tape),软盘(floppy disk),光盘(optical disc)及其任意组合。It will be understood by those skilled in the art that all or part of the steps of implementing the above embodiments may be performed by a program, and the program may be stored in a computer readable storage medium, which is non-transitory ( Non-transitory medium, such as random access memory, read only memory, flash memory, hard disk, solid state disk, magnetic tape, floppy disk, optical disc, and any combination thereof.

以上所述,仅为本申请较佳的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应该以权利要求的保护范围为准。 The above description is only a preferred embodiment of the present application, but the scope of protection of the present application is not limited thereto, and any person skilled in the art can easily think of changes or within the technical scope disclosed in the present application. Replacement should be covered by the scope of this application. Therefore, the scope of protection of the present application should be determined by the scope of protection of the claims.

Claims (26)

一种权限更新方法,其特征在于,所述方法包括:A method for updating rights, characterized in that the method comprises: 终端设备从服务器获取第一权限列表,所述第一权限列表为服务器更新权限后的权限列表,所述服务器为所述终端设备的应用分发服务所对应的服务器;The terminal device obtains a first privilege list from the server, where the first privilege list is a privilege list after the server updates the privilege, and the server is a server corresponding to the application distribution service of the terminal device; 所述终端设备根据所述第一权限列表,对所述终端设备当前安装的应用的权限列表进行更新,得到所述终端设备的第二权限列表,以使所述终端设备根据所述第二权限列表对所述当前安装的应用进行控制或管理。The terminal device updates the permission list of the application currently installed by the terminal device according to the first permission list, and obtains a second permission list of the terminal device, so that the terminal device according to the second permission The list controls or manages the currently installed application. 根据权利要求1所述的方法,其特征在于:The method of claim 1 wherein: 所述第一权限列表为所述终端设备当前安装的应用更新了权限后的权限列表;The first permission list is a permission list after the permission is updated by the currently installed application of the terminal device; 所述终端设备从所述服务器获取所述第一权限列表,包括:Obtaining, by the terminal device, the first permission list from the server, including: 所述终端设备向所述服务器发送触发消息,所述触发消息包括所述终端设备的标识信息;其中,所述标识信息用于使所述服务器根据所述标识信息确定所述终端设备当前安装的应用后,向所述终端设备发送响应消息,所述响应消息包括所述第一权限列表。The terminal device sends a trigger message to the server, where the trigger message includes the identifier information of the terminal device, where the identifier information is used to enable the server to determine, according to the identifier information, that the terminal device is currently installed. After the application, the response message is sent to the terminal device, where the response message includes the first permission list. 根据权利要求1所述的方法,其特征在于:The method of claim 1 wherein: 所述第一权限列表为所述服务器对应用分发服务上的应用更新了权限后的权限列表;The first permission list is a permission list after the server updates the authority to the application on the application distribution service; 所述终端设备从所述服务器获取所述第一权限列表,包括:Obtaining, by the terminal device, the first permission list from the server, including: 所述终端设备接收所述服务器广播发送的系统消息,所述系统消息包括所述第一权限列表。The terminal device receives a system message that is sent by the server, and the system message includes the first permission list. 根据权利要求1-3任一项所述的方法,其特征在于,所述第一权限列表包括对至少一个所述应用进行修改后的权限。The method according to any one of claims 1 to 3, wherein the first permission list comprises a modified authority for at least one of the applications. 根据权利要求1-3任一项所述的方法,其特征在于,所述第一权限列表包括对至少一个所述应用授予或撤销后的权限。The method according to any one of claims 1 to 3, wherein the first permission list comprises rights granted or revoked to at least one of the applications. 根据权利要求1-3任一项所述的方法,其特征在于,所述第一权限列表包括对至少一个所述应用重授权后的权限。The method according to any one of claims 1 to 3, wherein the first permission list comprises rights after reauthorizing at least one of the applications. 根据权利要求3-6任一项所述的方法,其特征在于,所述终端设备根据所述第一权限列表,对所述终端设备当前安装的应用的权限列表进行更新,得到所述终端设备的第二权限列表,包括:The method according to any one of claims 3-6, wherein the terminal device updates the permission list of the application currently installed by the terminal device according to the first permission list, and obtains the terminal device. The second list of permissions, including: 所述终端设备根据所述第一权限列表,对所述终端设备当前安装的应用的权限列表的权限进行更新,得到更新后的权限列表为所述终端设备的第二权限列表。The terminal device updates the permission of the permission list of the application currently installed by the terminal device according to the first permission list, and obtains the updated permission list as the second permission list of the terminal device. 根据权利要求1-7任一项所述的方法,其特征在于,所述生成所述终端设备的第二权限列表之后,所述方法还包括:The method according to any one of claims 1 to 7, wherein after the generating the second permission list of the terminal device, the method further comprises: 在所述终端设备申请一种权限时,所述终端设备识别所述申请的权限的授权证书和所述权限的相应应用的权限授权文件的合法性;若所述权限的授权证书和所述权限的相应应用的权限授权文件合法,且所述第二权限列表包括所述申请的权限,则所述终端设备完成对所述申请的权限的申请。When the terminal device applies for a permission, the terminal device identifies the authorization certificate of the applied authority and the legality of the authority authorization file of the corresponding application of the permission; if the authorization certificate and the permission of the authority The permission authorization file of the corresponding application is legal, and the second permission list includes the permission of the application, and the terminal device completes the application for the authority of the application. 一种终端设备,其特征在于,所述设备包括:接收单元和处理单元,A terminal device, comprising: a receiving unit and a processing unit, 所述接收单元,用于从服务器获取第一权限列表,所述第一权限列表为服务器更新权限后的权限列表,所述服务器为所述终端设备的应用分发服务所对应的服务器; The receiving unit is configured to obtain a first privilege list from a server, where the first privilege list is a privilege list after the server updates the privilege, and the server is a server corresponding to the application distribution service of the terminal device; 所述处理单元,用于根据所述第一权限列表,对所述终端设备当前安装的应用的权限列表进行更新,生成所述终端设备的第二权限列表,以使所述终端设备根据所述第二权限列表对所述当前安装的应用进行控制或管理。The processing unit is configured to update, according to the first permission list, a permission list of an application currently installed by the terminal device, and generate a second permission list of the terminal device, so that the terminal device is configured according to the The second permission list controls or manages the currently installed application. 根据权利要求9所述的设备,其特征在于:The device according to claim 9, wherein: 所述设备还包括发送单元;The device also includes a transmitting unit; 所述第一权限列表为所述设备当前安装的应用在更新后的权限列表;The first permission list is an updated permission list of an application currently installed by the device; 所述发送单元,用于向所述服务器发送触发消息,所述触发消息包括所述设备的标识信息;其中,所述标识信息用于使所述服务器根据所述标识信息确定所述终端设备当前安装的应用后,向所述终端设备发送响应消息,所述响应消息包括所述第一权限列表。The sending unit is configured to send a trigger message to the server, where the trigger message includes identifier information of the device, where the identifier information is used to enable the server to determine, according to the identifier information, that the terminal device is currently After the installed application, the response message is sent to the terminal device, and the response message includes the first permission list. 根据权利要求9所述的设备,其特征在于:所述第一权限列表为所述服务器对应用分发服务上的应用更新了权限后的权限列表;The device according to claim 9, wherein the first permission list is a permission list after the server updates the authority to the application on the application distribution service; 所述接收单元,还用于接收所述服务器广播发送的系统消息,所述系统消息包括所述第一权限列表。The receiving unit is further configured to receive a system message that is sent by the server, where the system message includes the first permission list. 根据权利要求9-11任一项所述的设备,其特征在于,所述第一权限列表包括对至少一个所述应用进行修改后的权限。The device according to any one of claims 9-11, wherein the first permission list comprises a modified authority for at least one of the applications. 根据权利要求9-11任一项所述的设备,其特征在于,所述第一权限列表包括对至少一个所述应用授予或撤销后的权限。The device according to any one of claims 9-11, wherein the first permission list comprises rights granted or revoked to at least one of the applications. 根据权利要求9-11任一项所述的设备,其特征在于,所述第一权限列表包括对至少一个所述应用重授权后的权限。The device according to any one of claims 9-11, wherein the first rights list comprises rights after reauthorizing at least one of the applications. 根据权利要求11-14任一项所述的设备,其特征在于,所述处理单元,具体用于根据第一权限列表,对当前安装的应用的权限列表的权限进行更新,得到更新后的权限列表,所述更新后的权限列表为所述终端设备的第二权限列表。The device according to any one of claims 11 to 14, wherein the processing unit is configured to update the permission of the currently installed application permission list according to the first permission list, and obtain the updated permission. a list, the updated permission list is a second permission list of the terminal device. 根据权利要求9-15任一项所述的设备,其特征在于,所述处理单元,还具体用于在所述终端设备申请一种权限时,识别所述申请的权限的授权证书和所述权限的相应应用的权限授权文件的合法性;若所述权限的授权证书和所述权限的相应应用的权限授权文件合法,且所述第二权限列表包括所述申请的权限,则完成对所述申请的权限的申请。The device according to any one of claims 9 to 15, wherein the processing unit is further configured to: when the terminal device applies for a permission, identify an authorization certificate of the application authority and the The validity of the authority authorization file of the corresponding application of the permission; if the authorization certificate of the authority and the authority authorization file of the corresponding application of the authority are legal, and the second permission list includes the permission of the application, the completion of the The application for the authority of the application. 一种终端设备,其特征在于,所述设备包括:接收器和处理器,A terminal device, the device comprising: a receiver and a processor, 所述接收器,用于从服务器获取第一权限列表,所述第一权限列表为服务器更新权限后的权限列表,所述服务器为所述终端设备的应用分发服务所对应的服务器;The receiver is configured to obtain a first permission list from a server, where the first permission list is a permission list after the server updates the authority, and the server is a server corresponding to the application distribution service of the terminal device; 所述处理器,用于根据所述第一权限列表,对所述终端设备当前安装的应用的权限列表进行更新,生成所述终端设备的第二权限列表,以使所述终端设备根据所述第二权限列表对所述当前安装的应用进行控制或管理。The processor is configured to update, according to the first permission list, a permission list of an application currently installed by the terminal device, and generate a second permission list of the terminal device, so that the terminal device is configured according to the The second permission list controls or manages the currently installed application. 根据权利要求17所述的设备,其特征在于:The device of claim 17 wherein: 所述设备还包括发送器;The device also includes a transmitter; 所述第一权限列表为所述设备当前安装的应用在更新后的权限列表;The first permission list is an updated permission list of an application currently installed by the device; 所述发送器,用于向所述服务器发送触发消息,所述触发消息包括所述设备的标识信息;其中,所述标识信息用于使所述服务器根据所述标识信息确定所述终端设备当前安装的应用后,向所述终端设备发送响应消息,所述响应消息包括所述第一权限列表。The transmitter is configured to send a trigger message to the server, where the trigger message includes identifier information of the device, where the identifier information is used to enable the server to determine, according to the identifier information, the current status of the terminal device. After the installed application, the response message is sent to the terminal device, and the response message includes the first permission list. 根据权利要求17所述的设备,其特征在于: The device of claim 17 wherein: 当所述第一权限列表为所述设备当前安装的应用在更新后的权限列表;When the first permission list is an updated permission list of an application currently installed by the device; 所述接收器,还用于接收所述服务器广播发送的系统消息,所述系统消息包括所述第一权限列表。The receiver is further configured to receive a system message that is sent by the server, where the system message includes the first permission list. 根据权利要求17-19任一项所述的设备,其特征在于,所述第一权限列表包括对至少一个所述应用进行修改后的权限。The device according to any one of claims 17 to 19, wherein the first permission list comprises a modified authority for at least one of the applications. 根据权利要求17-19任一项所述的设备,其特征在于,所述第一权限列表包括对至少一个所述应用授予或撤销后的权限。The device according to any one of claims 17 to 19, wherein the first permission list comprises rights granted or revoked to at least one of the applications. 根据权利要求17-19任一项所述的设备,其特征在于,所述第一权限列表包括对至少一个所述应用重授权后的权限。The device according to any one of claims 17 to 19, wherein the first rights list comprises rights after reauthorizing at least one of the applications. 根据权利要求19-22任一项所述的设备,其特征在于,所述处理器,具体用于根据第一权限列表,对当前安装的应用的权限列表的权限进行更新,得到更新后的权限列表,所述更新后的权限列表为所述终端设备的第二权限列表。The device according to any one of claims 19 to 22, wherein the processor is specifically configured to update the permission of the currently installed application permission list according to the first permission list, and obtain the updated permission. a list, the updated permission list is a second permission list of the terminal device. 根据权利要求17-23任一项所述的设备,其特征在于,所述处理器,还具体用于在所述终端设备申请一种权限时,识别所述申请的权限的授权证书和所述权限的相应应用的权限授权文件的合法性;若所述权限的授权证书和所述权限的相应应用的权限授权文件合法,且所述第二权限列表包括所述申请的权限,则完成对所述申请的权限的申请。The device according to any one of claims 17 to 23, wherein the processor is further configured to: when the terminal device applies for a permission, identify an authorization certificate of the application authority and the The validity of the authority authorization file of the corresponding application of the permission; if the authorization certificate of the authority and the authority authorization file of the corresponding application of the authority are legal, and the second permission list includes the permission of the application, the completion of the The application for the authority of the application. 一种包含指令的计算机程序产品,其特征在于,当所述计算机程序产品在计算机上运行时,使得所述计算机执行如权利要求1-8任意一项所述的方法。A computer program product comprising instructions, wherein the computer program product, when run on a computer, causes the computer to perform the method of any of claims 1-8. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有计算机程序,所述计算机程序执行时实现如权利要求1-8任意一项所述的方法。 A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program, the computer program being executed to implement the method of any one of claims 1-8.
PCT/CN2017/093025 2017-03-21 2017-07-14 Permission update method and terminal device Ceased WO2018171092A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201780028139.9A CN109076126B (en) 2017-03-21 2017-07-14 Permission updating method and terminal equipment

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710170715 2017-03-21
CN201710170715.5 2017-03-21

Publications (1)

Publication Number Publication Date
WO2018171092A1 true WO2018171092A1 (en) 2018-09-27

Family

ID=63583928

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/093025 Ceased WO2018171092A1 (en) 2017-03-21 2017-07-14 Permission update method and terminal device

Country Status (2)

Country Link
CN (1) CN109076126B (en)
WO (1) WO2018171092A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230188519A1 (en) * 2020-08-06 2023-06-15 Huawei Technologies Co., Ltd. Method and system for invoking application programming interface, and apparatus

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11544049B2 (en) 2016-02-12 2023-01-03 Nutanix, Inc. Virtualized file server disaster recovery
US11568073B2 (en) 2016-12-02 2023-01-31 Nutanix, Inc. Handling permissions for virtualized file servers
CN111222122A (en) * 2019-12-31 2020-06-02 航天信息股份有限公司 Application authority management method and device and embedded equipment
CN111753701B (en) * 2020-06-18 2023-08-15 百度在线网络技术(北京)有限公司 Method, device, equipment and readable storage medium for detecting violation of application program
CN114741720B (en) * 2020-07-31 2023-03-24 华为技术有限公司 Authority management method and terminal equipment
CN115202559A (en) * 2021-04-08 2022-10-18 华为技术有限公司 Rights management method and related equipment
CN115422521B (en) * 2022-08-31 2025-08-15 重庆长安汽车股份有限公司 Method, device, equipment and storage medium for managing application permission of vehicle-mounted system
US12461832B2 (en) 2023-09-27 2025-11-04 Nutanix, Inc. Durable handle management for failover in distributed file servers

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102200922A (en) * 2011-04-06 2011-09-28 宇龙计算机通信科技(深圳)有限公司 Application program installation method and terminal
CN103761471A (en) * 2014-02-21 2014-04-30 北京奇虎科技有限公司 Application program installation method and device based on intelligent terminal
CN103905651A (en) * 2014-04-30 2014-07-02 北京邮电大学 Method and system for application permission management in intelligent terminal
CN104125335A (en) * 2014-06-24 2014-10-29 小米科技有限责任公司 Method, device and system for managing authority

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9578085B2 (en) * 2011-02-28 2017-02-21 Unwired Nation Mobile application system
ES2626552T3 (en) * 2013-08-23 2017-07-25 Huawei Device Co., Ltd. Permission and terminal management method and apparatus
CN104462889B (en) * 2013-09-12 2019-04-30 腾讯科技(深圳)有限公司 A kind of application rights management method and device
CN105320882A (en) * 2014-07-28 2016-02-10 腾讯科技(深圳)有限公司 Method and device for controlling permission of application programs
CN105630518A (en) * 2014-10-28 2016-06-01 北京娜迦信息科技发展有限公司 Method and device for updating resources of Android application software
EP3236382A4 (en) * 2015-02-09 2017-12-13 Huawei Technologies Co., Ltd. Method and controller for controlling application permissions

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102200922A (en) * 2011-04-06 2011-09-28 宇龙计算机通信科技(深圳)有限公司 Application program installation method and terminal
CN103761471A (en) * 2014-02-21 2014-04-30 北京奇虎科技有限公司 Application program installation method and device based on intelligent terminal
CN103905651A (en) * 2014-04-30 2014-07-02 北京邮电大学 Method and system for application permission management in intelligent terminal
CN104125335A (en) * 2014-06-24 2014-10-29 小米科技有限责任公司 Method, device and system for managing authority

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230188519A1 (en) * 2020-08-06 2023-06-15 Huawei Technologies Co., Ltd. Method and system for invoking application programming interface, and apparatus

Also Published As

Publication number Publication date
CN109076126B (en) 2020-09-18
CN109076126A (en) 2018-12-21

Similar Documents

Publication Publication Date Title
CN109076126B (en) Permission updating method and terminal equipment
US12250220B2 (en) Certificate based profile confirmation
JP6599341B2 (en) Method, device and system for dynamic network access management
CN112771826B (en) Application program registration method, application program registration device and mobile terminal
US11025604B2 (en) Methods and apparatus for providing access to a service
US10911939B2 (en) Embedded universal integrated circuit card profile management method and apparatus
US8208900B2 (en) Secure device configuration profiles
US10187425B2 (en) Issuing security commands to a client device
US10673639B1 (en) Dynamic object creation and certificate management
CN106506511B (en) A kind of address list information processing method, device
CN103298072A (en) Method, system and mobile communication terminal for automatically connecting to WiFi access point
KR20160089436A (en) Managed domains for remote content and configuration control on mobile information devices
CN108540433A (en) User identity method of calibration and device
CN108848113A (en) Client device login control method and device, storage medium and server
US20150067766A1 (en) Application service management device and application service management method
US20150067124A1 (en) Application service management device and application service management method
CN111418181B (en) Shared data processing method, communication device, and communication equipment
CN107852598B (en) Circumventing wireless device spatial tracking based on wireless device identifiers
CN119312372A (en) Device resource decryption method, device, electronic device and storage medium
US20240220145A1 (en) Systems and methods of remote data storage
CN112106376A (en) Universal streaming device configured as a set-top box
WO2024064942A1 (en) Systems and methods for identity and access risk reduction informed by risk signaling and device posture

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17902233

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17902233

Country of ref document: EP

Kind code of ref document: A1