公开(公告)号：US20240232428A9

公开(公告)日：2024-07-11

申请号：US18547700

申请日：2022-01-27

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Zhewen Mao ,  Bingfei Ren

IPC: G06F21/62 ,  G06F21/60

CPC classification number: G06F21/6245 ,  G06F21/604 ,  G06F2221/2141

Abstract: This application discloses an access control method, an electronic device, and a system, so as to run different instances when a callee provides services for different callers, and keep isolation between memory data of the different instances. This resolves a problem that memory data of each caller is abused, misused, or leaked, and ensures data security.

公开(公告)号：US20240176872A1

公开(公告)日：2024-05-30

申请号：US18551721

申请日：2022-03-21

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bingfei Ren ,  Zhewen Mao

IPC: G06F21/53 ,  H04L67/10

CPC classification number: G06F21/53 ,  H04L67/10

Abstract: A method includes sending, by a first device to a second device, a first request identifying a first caller, identifying a callee, and comprising indication information of a first service; running, by the second device in response to the first request, a first instance in a first sandbox; sending, by a third device to the second device, a second request identifying a second caller, identifying the callee, and comprising indication information of a second service; and running, by the second device in response to the second request, a second instance in a second sandbox, where the second instance is of the callee and provides the second service to the second caller, and where the second sandbox is different from the first sandbox.

公开(公告)号：US20230262065A1

公开(公告)日：2023-08-17

申请号：US18002746

申请日：2021-03-23

Applicant: Huawei Technologies Co., Ltd.

Inventor： Zhewen Mao ,  Chong Zhou ,  Bingfei Ren

IPC: H04L9/40 ,  G06F21/71 ,  G06F21/60

CPC classification number: H04L63/102 ,  G06F21/71 ,  G06F21/604

Abstract: An atomic ability invoking method includes a terminal device obtaining an invoking request of an app for an atomic ability (A/A). When the AA is deployed in the terminal device, the terminal device starts the AA and grants, to the AA, a resource access permission required by the AA, so that the AA responds to the invoking request based on the resource access permission required by the AA. According to this method, in a process in which the app invokes the AA, the AA has only the resource access permission required by the AA, to prevent the AA from accessing a corresponding system resource based on a resource access permission that the AA should not have.

公开(公告)号：US20240146740A1

公开(公告)日：2024-05-02

申请号：US18547636

申请日：2022-03-10

Applicant: Huawei Technologies Co., Ltd.

Inventor： Bingfei Ren ,  Zhewen Mao

IPC: H04L9/40

CPC classification number: H04L63/107

Abstract: A method includes: an electronic device sends a sign-in request to enable a management party device to learn that the electronic device has entered a specific environment. The management party device selects one access policy from one or more stored access policies based on one or more of the following: restriction levels for the specific environment, restriction categories for functions of electronic devices in the specific environment, a device type or a login user of an electronic device, a time point at which the management party device receives the sign-in request, or an area in which the electronic device is located in the specific environment, and sends the access policy to the electronic device, to restrict a function of the electronic device.

公开(公告)号：US20240012899A1

公开(公告)日：2024-01-11

申请号：US18041795

申请日：2022-03-03

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Zhewen Mao ,  Bingfei Ren

IPC: G06F21/44 ,  G06F21/31

CPC classification number: G06F21/44 ,  G06F21/31

Abstract: This disclosure provides a flexible authorization access control method, a related apparatus, and a system. In the method, if an electronic device that receives an access request does not meet an authorization condition, is currently not suitable for authorization, or cannot currently obtain authorization from a user in time, the electronic device may select one electronic device in a distributed system as an authorization device. After obtaining a permission that is granted by the user and that is required for the access request, the authorization device notifies the electronic device, and then the electronic device may respond to the access request. In this disclosure, the electronic device can quickly and conveniently obtain the permission required for the access request and respond to the access request in a case in which the user is not disturbed, to ensure data security in the electronic device and meet a requirement of the user.

公开(公告)号：US20240406306A1

公开(公告)日：2024-12-05

申请号：US18807652

申请日：2024-08-16

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Ran Ding ,  Bingfei Ren ,  Yi Zhang

IPC: H04M1/72463 ,  G06F3/04847

Abstract: The method includes: receiving first indication information sent by another electronic device connected to an electronic device, where the first indication information indicates that an application of a first electronic device is using a first resource or the first electronic device intercepts permission for an application of the first electronic device to use a first resource; outputting second prompt information, where the second prompt information is used to prompt a user whether to terminate or allow the permission for the application of the first electronic device; detecting an input of the user for terminating or allowing use of the first resource by the application of the first electronic device; and sending second indication information to the first electronic device in response to detecting the input, where the second indication information indicates the first electronic device to terminate or allow the permission for the application to use the first resource.

公开(公告)号：US20240154966A1

公开(公告)日：2024-05-09

申请号：US18549353

申请日：2022-03-15

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Zhewen Mao ,  Bingfei Ren

IPC: H04L9/40

CPC classification number: H04L63/10

Abstract: This application provides an access control method and a related apparatus and system. In the method, a same callee may enable a plurality of instances, and serve different callers by using different instances. Due to an attribute of natural isolation between instances, the different instances cannot access memory data of each other. In this way, a system-level memory data security mechanism can be provided, problems of abuse and leakage of memory data of each caller are avoided, and data security is ensured.

公开(公告)号：US20240135033A1

公开(公告)日：2024-04-25

申请号：US18547700

申请日：2022-01-27

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Zhewen Mao ,  Bingfei Ren

IPC: G06F21/62 ,  G06F21/60

CPC classification number: G06F21/6245 ,  G06F21/604 ,  G06F2221/2141

Abstract: This application discloses an access control method, an electronic device, and a system, so as to run different instances when a callee provides services for different callers, and keep isolation between memory data of the different instances. This resolves a problem that memory data of each caller is abused, misused, or leaked, and ensures data security.