| CPC G06F 21/604 (2013.01) [G06F 21/44 (2013.01); G06F 2221/2141 (2013.01); H04L 67/30 (2013.01); H04L 67/34 (2013.01)] | 20 Claims |
|
1. A method, implemented by a distributed system comprising a first device and a second device, wherein the method comprises:
sending, by the first device, control information to the second device, wherein the control information comprises a first device identifier of the first device, user identifiers of a plurality of applications of the first device, and permission information of the plurality of applications, wherein permission information of each application of the plurality of applications indicates an object in the first device that the application has permission to access, wherein the plurality of applications comprises a first application, and wherein the object in the first device comprises a software resource or a hardware resource in the first device;
receiving, by the second device, the control information;
creating, by the second device, a first virtual identity based on the control information, wherein the first virtual identity comprises the first device identifier and the user identifiers;
storing, by the second device, the first virtual identity, the permission information, and a correspondence between the first virtual identity and the permission information;
sending, by the first device, when the first device is running the first application, an access request to the second device, wherein the access request is for the first application to request access to a first object in the second device, wherein the first object is a software resource or a hardware resource in the second device, and wherein the access request comprises the first device identifier and a first user identifier of the first application;
receiving, by the second device, the access request;
querying, by the second device, in response to the access request, the first virtual identity from one or more virtual identities stored in the second device, wherein the first virtual identity corresponds to the first device identifier and the first user identifier;
querying, by the second device, first permission information corresponding to the first virtual identity from the permission information stored in the second device; and
providing, by the second device, a service for accessing a first resource to the first application based on a permission indicated by the first permission information.
|