WO2021185245A1

WO2021185245A1 - Access-control method and electronic device

Info

Publication number: WO2021185245A1
Application number: PCT/CN2021/081067
Authority: WO
Inventors: Xiaofeng Li; Yiwei ZHAO
Original assignee: Guangdong Oppo Mobile Telecommunications Corp Ltd
Current assignee: Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date: 2020-03-17
Filing date: 2021-03-16
Publication date: 2021-09-23
Anticipated expiration: 2022-09-17

Abstract

An access-control method and an electronic device are disclosed. The access-control method includes receiving an access request for accessing a data service from an application; and performing an access-granting process of the data service in response to the access request, such that the application is granted to access the data service.

Description

ACCESS-CONTROL METHOD AND ELECTRONIC DEVICE

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims a priority to U.S. Provisional Patent Application, Serial No. 62/990,741, filed on March17, 2020, the content of which isherein incorporated by reference inits entirety.

TECHNICAL FIELD

The present disclosuregenerally relates to the technical fieldofsmart devices, and in particular relates to an access-control method and an electronic device.

BACKGROUND

Most operating systems (OS) have built-in access control system to protect all kinds of resources. For example, OSes in Unix family such as Linux, BSD, etc. use Access Control List (ACL) to authorize a user or a group of users to access its files. Since “everything is a file” in Unix, ACL provides a systematic mechanism to protect the resources from unauthorized accesses. For example, if a user wants to access the system’s microphone to record external voice, the user may have to have the “read” privilege to the microphone device file.

Taking Android system as another example, Android framework implements a comprehensive permission-based mechanism to authorize resource access to an installed application. When an Android application needs to access resources like camera, call, SMS etc., it needs to request the corresponding permission (s) . For some requests that have very low risk to the phone user’s privacy and to the operation of the other applications (APPs) (e.g. permission to set the phone’s time zone) , Android OS will grant the permissions directly. For other access requests, the APP must follow some “Special Permission Request Process” (“SPRP” , which represents the access granting process enforced by Android OS) to ask for permission. To grant the permission, SPRP may prompt the phone user to approve the permission when the application is installed, or when the application needs the access at runtime. SPRP may verify the APP’s signature for some permission requests.

Further, In Android, the APPs can request to access some resources without going through SPRP, for example, sensor data and digital data.

SUMMARY OF THE DISCLOSURE

According to one aspect of the present disclosure, anaccess-control method is provided. The access-control method includesreceiving an access request for accessing a data service from an application; and performing an access-granting process of the data service in response to the access request, such that the application is granted to access the data service.

According to another aspect of the present disclosure, another access-control method is provided. The access-control method includes sending an access request for accessing a data service, wherein an access-granting process of the data service is performed in response to the access request such that the data service is granted to be accessed.

According to yet another aspect of the present disclosure, an electronic device is provided. The electronic device includes a processor and a memory storing instructions. The instructions when executed by the processor, causes the processor to perform the method as described in above aspects.

According to yet another aspect of the present disclosure, A non-transitory computer-readable storage medium is provided. The A non-transitory computer-readable storage medium stores instructions, when executed by the processor, causes the processor to perform the method as described in above aspects.

BRIEF DESCRIPTION OF THE DRAWINGS

In order to make the technical solution described in the embodiments of the present disclosure more clearly, the drawings used for the description of the embodimentswill be briefly described. Apparently, the drawings described below are onlyfor illustration but not for limitation. It should be understood that, one skilled in the art may acquire other drawings based on these drawings, without making any inventive work.

FIG. 1 is a flow chart of an access-control method according to some embodiments of the present disclosure;

FIG. 2 is a flow chart of an access-control method according to some embodiments of the present disclosure;

FIG. 3 is a flow chart of another access-control method according to some embodiments of the present disclosure; and

FIG. 4 is a structural schematic view of an electronic device according to some embodiments of the present disclosure.

DETAILED DESCRIPTION

Current smart devices such as smart phones have one or more built-in sensors, such as motion sensors (accelerometers, gyroscopes) , touch sensor, optical sensor, acoustic sensor, etc. to provide different kinds of sensing data to the device OS, which in turn may pass the data to the installed applications for various purposes. For example, an APP may read the data from the motion sensors to infer the device user’s gesture and activities, such as tilting, shaking, rotating, or walking, running, sleeping, in a vehicle, under certain illness condition, etc.

Sampling rate of the sensors is critical to deciding how they should be used by the applications. Normally the higher of the sampling rate is, the more information can be inferred from the sensor data. It is important to make sure certain sensor data is only used for certain purpose. For example, although the audio signals passing through a smart phone can also be sampled by the motion sensors, these sensors can only pick up a narrow band (85-100Hz) of speech signals, because of these sensors usually have a sampling ceiling of 200Hz in current smart phones. The sampled data from the speech signals are not adequate to be exploited for conversation eavesdropping. The threat of abusing the motion sensor data is considered low-risk. However, along with the advancement of sensing technology in sensor material, senor design and sensing algorithm, the sampling ceiling of the sensors has been rising. For example, recent smart phones’ motion sensors can have up to 500Hz sampling rates, which almost covers the entire fundamental frequency band (85-255Hz) of adult speech. Ba et al. has proposed a novel deep-learning based algorithm that learns to recognize and reconstruct speech information from the spectrogram representation of accelerator signals. Their recognition software has achieved 78%accuracy on recognizing the spoken ten digits and can identify hot words in phone calls while snooping the accelerometer with 500Hz sampling rate. So, without any user notice, a correctly installed and authorized APP in a phone can eavesdrop on user’s phone conversation by collecting the accelerometer data.

Therefore, the privilege to read motion sensor data should not be granted by default to the applications. For example, in Android, the applications should follow SPRP to request the permission. The similar access control policies should be applied in all OSes like iOS, Linux, Windows, etc. that support motion sensor data access. But there are problems if the OS simply enforces the new policy or granting process to the sensor data access that had not had that process before the OS update. For example, all the existing APPs, which already have the access to the sensors, must be updated to follow the policy; otherwise they may not work properly. This is too abrupt to the developer community. Another problem is that even if the APPs have been updated following the new policy, it would be unnecessary for them to do so, because most APPs may only use the data of low sampling rate for gesture detection. It is like to enforce the same access policy for camera to infrared sensor, although they both can sense the lights. The system has no way to discriminate the sensor access requests for different sampling rates. Meanwhile, it is also abrupt for end users to grant access every time for every APP that accesses the motion sensor only for gesture detection. They may feel skeptical and reject the request, which finally impacts the user experience.

Furthermore, the problem with sensor sampling rate is not only a privacy or security issue, but also a copyright issue. We know that, digital media works like movie, photo, song, they all be made or encoded in certain sampling rate or resolution. For example, videos can have different resolutions (definition) and different FPS (frame per second) ; and can be traded with different prices accordingly. Photos have different color depths and resolutions. Audios can have different sampling rates and number of channels. When a user passes a photo to a friend or post to a social website, he/she may not want to pass a copy with full resolution. When an APP installed in the user’s smart phone asks permission to access his/her photo albums, in current design of all OSes, the permission is granted in a way of all-or-nothing. There is no way to control the resolution or color depth of the photos. When the user projects his own video to another display, in current OS design, he/she has no way to control the projecting resolution or FPS. The current DRM (digital right management) system does not address this problem.

To solve the above problems, the present disclosure provides an access-control method, which achieves access control to data services such as sensor data and digital data, without granting access in a way of all-or-nothing.

Below embodiments of the present disclosure will be described in detail, examples of which are shown in the accompanying drawings, in which the same or similar reference numerals have been used throughout to denote the same or similar elements or elements serving the same or similar functions. The embodiments described below with reference to the accompanying drawings are exemplary only, meaning they are intended to be illustrative of rather than limiting the present disclosure.

FIG. 1 is a flow chart of an access-control method according to some embodiments of the present disclosure. The method may be performed by an electronic device, which includes, but is not limited to, a smart device such as a smart phone, a tablet computer, etc. That is, the method may be applied in the electronic device, for example, the operating system of the electronic device. The method includes actions/operations in the following blocks.

At block 110, the method receives an access request for accessing a data service from an application.

Theapplication may be installed in the electronic device, or installed in another device which is communicated with the electronic device. The data service, which the application may need to access, may provide data with different data properties. That is, the data service has different data properties. The data service may include sensor data and digital data, which is not limited herein.

The sensor data is data of sensors, which is generated by the operating system in the electronic device from the sensors. The sensors may include a motion sensor, an accelerometer, a gyroscope, a magnetometer, a GPS, a proximity sensor, an ambient light sensor, a touch screen sensor, a pressure sensor, a fingerprint sensor, a pedometer, a Barcode/Qrcode sensor, a barometer, a thermometer, an acoustic sensor (including a microphone) , an optical sensor (including a camera, a scanner) , a humidity sensor, a Geiger counter, an ECG (electrocardiography) sensor, a PPG (photoplethysmography) sensor, etc.

The digital data are not necessarily generated by the operating system in the electronic device from its hardware such as sensors, and may be also generated by an application, a software service, or transferred from outside of the electronic device. The digital data may include photos, videos, and audios in the electronic device, which is not limited herein. In this case, the photos may be called as the photo service, the videos may be called as the video service, and the audios may be called as the audio service.

At block 120, the method performs an access-granting process of the data service in response to the access request, such that the application is granted to access the data service.

The access-granting process of the data service refers that the data service will be permitted to be accessed after the access-granting process. When the application requests to access the data service, the access-granting process is performed in response to the access request, and thus the application is granted to access the data service.

In these embodiments, as the access-granting process of the data service is performed in response to the access request from the application, the application is granted to access the data service. This achieves access control to the data service without granting access in a way of all-or-nothing.

As stated above, the data service has different data properties. In some embodiments the data properties include encoding properties, data attributes, semantic inputs, and data transformations.

For a sensor, the sensor data has different encoding properties such as a sampling rate of the sensor. Different sensors have different encoding properties, which are listed in the following table.

Sampling rate of the sensors is critical to deciding how the sensor should be used by the application. Normally the higher of the sampling rate is, the more information can be inferred from data of the sensors. The data accuracy can be specified with bit length in binary representation, or float number precision. The dimension can be specified with number of dimensions, or specified dimensions such as one or more of (x, y, z) .

It should be noted that, some of the above sensors actually use some other sensors internally, or completely implemented in software. These sensors are still considered sensors herein as their data are produced by the operating system, and are provided to the application by the operating system. Moreover, for a sensor, some of the encoding properties are not the properties of the sensor’s raw data, but are computed results by the sensor or a computing unit that processes its data, which is not limited herein.

The digital data do not only have encoding properties, but also data attributes. The data attributes refer to those values that are not inherent to the digital data, and can be stripped off from the digital data without destroying the digital data. For example, encoding properties and data attributes of a photomay include color depth, resolution, taken locationof the photo, taken time of the photo, selfie of the photo, family, private, etc. For another example, encoding properties and data attributes of a video may include resolution (definition) , FPS (frame per second) , length, etc. For yet another example, encoding properties and data attributes of audios may include sampling rate, the number of channels, amplitude, etc.

The semantic inputs of a data service may be predefined by the data service, or just comes from the application which requests to access the data service, such as a word or a phrase. For example, to indicate that a data service supports semantic input as data property, the data service may return a specific property such as “Random” or “AI” to a user of the electronic device when the application queries for the data service before requesting to access the data service.

For example, for a data service such as the photo service, a deep-learning AI engine inside the electronic device that can generate images according to semantic inputs may be built for the photo service in the electronic device. When an application requests to access the photo service with the sematic input of “In front of a tower” , the data service can generate photos of the user or other people in front of towers.

For a data service, the data property of data transformation means that, the data service can provide data transformed from original data of the data service according to the data property of data transformation, which is not limited to the encoding properties or data attributes. For example, for a data service such as the photo service, data transformations may include “Face masked” , “Kids removed” , “Eyes covered with glasses” , “Background removed” , etc. For example, the photo service can have a data transformation “Face masked” . Then when an application requests to access the photo service with this data transformation, then all the photos that have person’s faces in them will be provided as a copy of the original photo but with the faces masked. For another example, for data service such as the audio service, data transformations may include “tone changed” , “voice distorted” , etc.

As fore-mentioned, the access-granting process of the data service is performed in response to the access request, such that the application is granted to access the data service. In some embodiments, the access request may include at least one data property of the data service, and the at least one property include at least one of at least one encoding property, at least one data attribute, at least one semantic input, and at least one data transformation. For example, the access request includes a sampling rate when the application requests to access the motion sensor data. For another example, the access request includes a semantic input of “In front of a tower” when the application requests to access the digital data such as the photo service.

In another some embodiments, the access requestmay include a flag indicating at least one data property of the data service, andthe at least one property include at least one of at least one encoding property, at least one data attribute, at least one semantic input, and at least one data transformation. For example, the access request includes a flag indicating a sampling rate.

In these embodiments, as the access request includes at least one property or a flag indicating at least one property, it can discriminate the access requests for the same data service but at different values of the data properties and can provide different granting process for the user based on different values of the data properties.

Further, in some embodiments, in the access request, the at least one data property includes a first data property, and the first data property is specified with a value. For example, the first data property may be sampling rate of anaccelerometer, andthe access request includes a sampling rate of 200 Hzwhen the application requests to access accelerometer data.

Further, in some examples, for performing an access-granting process of the data service at the block 120, as shown in FIG. 2, the method includes actions/operations in the following blocks.

At block 121, the methoddetermines whether the value of the first data property meets a preset condition.

At block 122, the method performs the access-granting process of the data service, in response to the value of the first data property meeting the preset condition.

The preset condition may be preset in the electronic device, which is either agreed by the industry, or practically used in current devices. The preset condition may include a preset value, at least one set of preset values, and at least one preset range. The preset value of a data propertyis a safe threshold for the data service when an application requests to access the data service at the data property. The preset range of a data property is a safe range for the data service when an application requests to access the data service at the data property. For example, for a sensor such as an accelerometer, the preset value of the accelerometer is a sampling rate of 200Hz.

It should be noted that, for some data properties, there may be no common practice or industry-agreed value for preset values. For example, for requesting to access a photo service, the preset value of the data property of resolution can be user-specific, and not commonly agreed, which have to be set by the system or by the user. At this time, for simplicity, the operating system can always use same value for both a default value of the data property of resolution and the preset value.

The value of the first data property meeting the preset condition indicates the value of the first data property being less than or equal to the preset value, being same to one preset value in the at least one set of preset values, or being located in at least one preset range. That is, the value is compatible with the preset condition. Generally, for a data service, when a value S of a encoding property is compatible with another value T, it means that data Dt with the value T has more information than data Ds with the value S, assuming Dt and Ds are both derived from the same source data with different encoding property values. In the example of the access request including a sampling rate of 200 Hz when the application requests to access accelerometer data, when the value of the first data property, i.e. the sampling rate of 200 Hz, is equal to the preset value (i.e. 200Hz) , the access-granting process of the data service is performed, and thus the application is granted to access the accelerometer data.

Alternatively, in some examples, the method further rejects the access request, in response to the value of the first data property un-meeting the preset condition. For example, the access request includes a sampling rate of 400 Hz when the application requests to access accelerometer data. When the value of the first data property, i.e. the sampling rate of 400 Hz, is greater than the preset value (i.e. 200Hz) , the access request is rejected, and thus the application is not granted to access the accelerometer data directly.

Further, in some embodiments, when the value of the first data property un-meets the preset condition, the method further returns the value of the first data property to the application, such that the application sends another access request in which the value of the first data property is modified.

For sensor data, in the example of the access request including a sampling rate of 400 Hz when the application requests to access accelerometer data, as the value of the first data property, i.e. the sampling rate of 400 Hz, is greater than the preset value (i.e. 200Hz) , the sampling rate of 400 Hzis returned to the application, and the application may choose to request again with modified sample rate such as 200 Hz. That is, the 400 Hz is returned to the application, and the application sends another access request with the sampling rate of 200 Hz.

In another some embodiments, when the value of the first data property un-meets the preset condition, the method further generates a data-copy of the data service for the value of the first data property, in response to the value of the first data property un-meeting the preset condition, and provides the data-copy to the application to access.

In some examples, the data-copymay be generated from the data service at another value of the first data property. Given the value of the first data property is X1, and the another value of the first data property is X2, for example, the another value X2 of the first data property is less than the value X1 of the first data property, i.e. X2 < X1. For example, for a data service such as a photo service, the first data property is resolution, and a data-copy with a resolution of 100 is generated from a photo with the preset resolution of 200 if the access request of the application includes a resolution of 400 greater than a preset resolution of 200 when the application requests to access the photo service. That is, the data-copy is generated from the photo at the resolution of 100, and then the data-copy has the resolution of 100. For another example, the another value X2 of the first data property is greater than the value X1 of the first data property, i.e. X1 < X2. For example, for a data service such as a photo service, the first data property is resolution, and a data-copy with a resolution of 500 is generated from a photo with the preset resolution of 200 if the access request of the application includes a resolution of 400 greater than a preset resolution of 200 when the application requests to access the photo service. That is, the data-copy is generated from the photo at the resolution of 500, and then the data-copy has the resolution of 500.

In another some examples, the data-copy may be generated from the data service at value of the first data property. For example, for a data service such as a photo service, the first data property is a semantic input, and a value of the semantic input is “In front of a tower” , and a data-copy in which the user or other people is in front of a tower is generated from a photo if the access request of the application includes the semantic input of “In front of a tower” is different from a preset semantic inputof “public shared” when the application requests to access the photo service. That is, the data-copy is generated from the photo at the semantic input of “In front of a tower” , and then the data-copy has the semantic input of “In front of a tower” .

Further, in some embodiments, based on the above embodiments, as shown in FIG. 2 again, the method further includes actions/operations in the following block.

At block 130, the method generates a notification-interface to a user, in response to the value of the first data property un-meeting the preset condition, the notification-interface defining at least one operation for the accessing.

When the value of the first data property un-meets the preset condition, the notification-interface is generated to the user, and then the user may choose one operation in the notification-interface.

In some examples, the at least one operation includes allowing the accessing in response to no action in a preset duration from the user, requesting the user to allow the accessing, requesting the user to allow the accessing currently, and requesting another user having a privilege to allow the accessing in response to the user having no privilege.

Allowing the accessing in response to no action in a preset duration from the user means the accessing from the application is granted if the user does not take any action on the notification-interface within the preset duration. Requesting the user to allow the accessing means that asking for the user’s approval for the accessing with a key command on the notification-interface. Requesting the user to allow the accessing currently means that with a key command on the notification-interface, asking for the user’s temporary approval only for the current access request, and will expire later. Requesting another user having a privilege to allow the accessing in response to the user having no privilege means that If the user is a kid, who has no privilege, asking for the user’s guardian’s approval with a key command on the notification-interface, wherein the guardian has the privilege to allow the accessing.

Further, in another some embodiments, in the access request, the at least one data property includes a first data property, and the first data property is specified with no value. For example, the first data property may be sampling rate of anaccelerometer, and the access request includes a sampling rate without a specific value when the application requests to access accelerometer data.

Further in some examples, for performing an access-granting process of the data service at the block 120, the method assigns a default value to the first data property, and performs the access-granting process of the data service for the default value of the first data property.

The default value of the first data property meets a preset condition.

For each data property, a default value is usually specified. The default value is a safe value for the data service when an application requests to access the data service at the data property with the default value. The preset condition may be preset in the electronic device, which is either agreed by the industry, or practically used in current devices. The preset condition may include a preset value, at least one set of preset values, and at least one preset range. The preset value of a data property is a safe threshold for the data service when an application requests to access the data service at the data property. The preset range of a data property is a safe range for the data service when an application requests to access the data service at the data property. For example, for a sensor such as an accelerometer, the preset value of the accelerometer is a sampling rate of 200Hz.

In some examples, the default value of each data property can be the same or compatible with as the preset condition of the data property.

Further, in yet another some embodiments, in the access request, the at least one data property includes a first data property and a second data property, and each of the first data property and the second data property is specified with a value. For example, the first data property may be sampling rate of an accelerometer, the second data property may be data accuracy of the accelerometer, and the access request includes a sampling rate of 200 Hz and data accuracy of 70%when the application requests to access accelerometer data.

Further, in some examples, for performing an access-granting process of the data service at the block 120, firstly, the method determines whether the value of the first data property meets a first preset condition, and whether the value of the second data property meets a second preset condition, and then the method performs the access-granting process of the data service for at least one of the value of the first data property and the value of the second data property, in response to the value of the first data property meeting the first preset condition and the value of the second data property meeting the second preset condition.

For example, when the value of the first data property meets the first preset condition and the value of the second data property meets the second preset condition, the access-granting process of the data service is performed for the value of the first or second data property. That is, the access request with the value of the first or second data property is granted. For another example, when the value of the first data property meets the first preset condition and the value of the second data property meets the second preset condition, the access-granting process of the data service is performed for both the value of the first data property and the value of the second data property. That is, the access request with the value of the first data property and the value of the second data property is granted.

Alternatively, in another some examples, for performing an access-granting process of the data service at the block 120, firstly, the method determines whether the value of the first data property meets a first preset condition, and whether the value of the second data property meets a second preset condition, and then performs the access-granting process of the data service for one of the value of the first data property and the value of the second data property, and rejects the accessing for another of the value of the first data property and the value of the second data property, in response to the value of the first data property meeting the first preset condition or the value of the second data property meeting the second preset condition.

For example, when the value of the first data property meets the first preset condition, the access-granting process of the data service is performed for the value of the first data property, and the accessing is rejected for the value of the second data property. That is, the access request with the value of the first data property is granted, and the accessing for the value of the second data property is rejected. For another example, when the value of the second data property meets the second preset condition, the access-granting process of the data service is performed for the value of the second data property, and the accessing is rejected for the value of the first data property. That is, the access request with the value of the second data property is granted, and the accessing for the value of the first data property is rejected.

Each of the first and second preset condition may be preset in the electronic device, which is either agreed by the industry, or practically used in current devices. Each of the first and second preset condition may include a preset value, at least one set of preset values, and at least one preset range. The preset value of a data property is a safe threshold for the data service when an application requests to access the data service at the data property. The preset range of a data property is a safe range for the data service when an application requests to access the data service at the data property. For example, for a sensor such as an accelerometer, the preset value of the accelerometer is a sampling rate of 200Hz.

The value of the first data property meeting the first preset condition indicates the value of the first data property being less than or equal to the preset value, being same to one preset value in the at least one set of preset values, or being located in at least one preset range. That is, the value is compatible with the preset condition. Similarly, The value of the second data property meeting the second preset condition indicates the value of the second data property being less than or equal to the preset value, being same to one preset value in the at least one set of preset values, or being located in at least one preset range. Generally, for a data service, when a value S of a encoding property is compatible with another value T, it means that data Dt with the value T has more information than data Ds with the value S, assuming Dt and Ds are both derived from the same source data with different encoding property values.

For example, in the example of the access request including a sampling rate of 200 Hz and data accuracy of 70% when the application requests to access accelerometer data, whenonly the value of the first data property, i.e. the sampling rate of 200 Hz, is equal to the preset value (i.e. 200Hz) , the access-granting process of the data service is performed for the sampling rate of 200 Hz, and the accessing is rejected for the data accuracy of 70%, and thus the application is granted to access the accelerometer data at the sampling rate of 200 Hz. That is, when only the value of the first data property, i.e. the sampling rate of 200 Hz, is equal to the preset value (i.e. 200Hz) , the accessing for the sampling rate of 200 Hz is allowed, but the accessing for the data accuracy of 70%is rejected.

Similarly, when only the value of the second data property, i.e. the data accuracy of 70%, is equal to the preset value (i.e. 70%) , the access-granting process of the data service is performed for the data accuracy of 70%, and the accessing is rejected for the sampling rate of 200 Hz, and thus the application is granted to access the accelerometer data at the data accuracy of 70%. That is, when only the value of the second data property, i.e. the data accuracy of 70%, is equal to the preset value (i.e. 70%) , the accessing for the data accuracy of 70%is allowed, and the accessing for the sampling rate of 200 Hz is rejected.

When the value of the first data property, i.e. the sampling rate of 200 Hz, is equal to the preset value (i.e. 200Hz) and the value of the second data property, i.e. the data accuracy of 70%, is equal to the preset value (i.e. 70%) , the access-granting process of the data service is performed for at least one of the sampling rate of 200 Hz and the data accuracy of 70%, and thus the application is granted to access the accelerometer data only at the sampling rate of 200 Hz, only at the data accuracy of 70%, or at both the sampling rate of 200 Hz and the data accuracy of 70%. That is, when the value of the first data property, i.e. the sampling rate of 200 Hz, is equal to the preset value (i.e. 200Hz) and the value of the second data property, i.e. the data accuracy of 70%, is equal to the preset value (i.e. 70%) , the access request with the sampling rate of 200 Hz is granted, the access request with the data accuracy of 70%is granted, or the access request with both the sampling rate of 200 Hz and the data accuracy of 70%is granted.

Alternatively, in some examples, the method further rejects the access request in response to the value of the first data property un-meeting the preset condition and the value of the second data property un-meeting the second preset condition. For example, the access request includes a sampling rate of 400 Hz and the data accuracy of 70%when the application requests to access accelerometer data. When the value of the first data property, i.e. the sampling rate of 400 Hz, is greater than the preset value (i.e. 200Hz) , and the value of the second data property, i.e. the data accuracy of 70%, is greater than the preset value (i.e. 60%Hz) , the access request is rejected, and thus the application is not granted to access the accelerometer data directly.

Further, in some embodiments, when the value of the first data property un-meets the preset condition, the method further returns the value of the first data property and the value of the second data property to the application, such that the application sends another access request in which at least one of the value of the first data property and the value of the second data property is modified.

For sensor data, in the example of the access request including a sampling rate of 400 Hz and the data accuracy of 70%when the application requests to access accelerometer data, as the value of the first data property, i.e. the sampling rate of 400 Hz, is greater than the preset value (i.e. 200Hz) , and the value of the second data property, i.e. the data accuracy of 70%, is greater than the preset value (i.e. 60%Hz) , the sampling rate of 400 Hz and the data accuracy of 70%are returned to the application, and the application may choose to request again with modified sample rate such as 200 Hz and modified sample data accuracy such 60%. That is, the 400 Hz and 70%are returned to the application, and the application sends another access request with the sampling rate of 200 Hz and the data accuracy of 70%.

In another some embodiments, when the value of the first data property un-meets the preset condition and the value of the second data property un-meets the second preset condition, the method further generates a respective data-copy of the data service for the value of the first data property and the value of the second data property, in response to the value of the first data property un-meeting the preset condition and the value of the second data property un-meeting the second preset condition, and provides the respective data-copy to the application to access.

Alternatively, in some examples, when the value of the first data property un-meets the preset condition and the value of the second data property un-meets the second preset condition, the method further generates a whole data-copy of the data service for both the value of the first data property and the value of the second data property, and provides the whole data-copy to the application to access.

In some examples, for the first data property, the data-copy may be generated from the data service at another value of the first data property. Given the value of the first data property is X1, and the another value of the first data property is X2, for example, the another value X2 of the first data property is less than the value X1 of the first data property, i.e. X2 < X1. For the second data property, the data-copy may be generated from the data service at another value of the second data property. Given the value of the second data property is Y1, and the another value of the second data property is Y2, for example, the another value Y2 of the second data property is less than the value X1 of the second data property, i.e. Y2 <Y1.

For example, for a data service such as a photo service, the first data property is resolution and the second data property iscolor depth, and a data-copy with the resolution of 100 is generated from a photo with the preset resolution of 200, a data-copy with the color depth of 256 is generated from a photo with the preset color depth of 512, or a data-copy with both the resolution of 100and the color depth of 256, if the access request of the application includes a resolution of 400 greater than a preset resolution of 200 and a color depth of 1024 greater than a preset color depth of 512 when the application requests to access the photo service. That is, a respective data-copy is generated from the photo at the resolution of 100 or the color depth of 256, and then one data-copy has the resolution of 100, one data-copy has the color depth of 256, one data-copy has both the resolution of 100 and the color depth of 256. For another example, the another value X2 of the first data property is greater than the value X1 of the first data property, i.e. X1 < X2, and the another value X2 of the second data property is greater than the value Y1 of the second data property, i.e. Y1 < Y2. For example, for a data service such as a photo service, the first data property is resolution and the second data property is color depth, and a data-copy with a resolution of 500 is generated from a photo with the preset resolution of 200, or a data-copy with the color depth of 2048 is generated from a photo with the preset color depth of 512, or a data-copy with both the resolution of 500 and the color depth of 1024, if the access request of the application includes a resolution of 400 greater than a preset resolution of 200 and a color depth of 1024 greater than a preset color depth of 512 when the application requests to access the photo service. That is, a respective data-copy is generated from the photo at the resolution of 500 or the color depth of 2048, and then one data-copy has the resolution of 500, one data-copy has the color depth of 2048, one data-copy has both the resolution of 500 and the color depth of 2048.

In another some examples, a data-copy may be generated from the data service at the value of the first data property, a data-copy may be generated from the data service at the value of the second data property, or a data-copy may be generated from the data service at both the value of the first data property and the value of the second data property. For example, for a data service such as a photo service, the first data property is a semantic input with a value “In front of a tower” , and the second data property is another semantic input with a value “Faced marked” , and a data-copy in which the user or other people is in front of a tower is generated from a photo, a data-copy in which the user or other people has his/her face marked is generated from a photo, or a data-copy in which the user or other people has his/her face marked and is in front of a tower is generated from a photo, if the access request of the application includes the semantic input of “In front of a tower” and the semantic input of “Faced marked” which are different from a preset semantic input of “public shared” when the application requests to access the photo service. That is, the data-copy is generated from the photo at one of the semantic input of “In front of a tower” and the semantic input of “Faced marked” , and then one data-copy has the semantic input of “In front of a tower” , one data-copy has the semantic input of “Faced marked” , one data-copy has both the semantic input of “In front of a tower” and the semantic input of “Faced marked” .

Further, in yet another some embodiments, in the access request, the at least one data property includes a first data property and a second data property, and at least one of the first data property and the second data property is specified with no value. For example, the first data property may be sampling rate of an accelerometer, the second data property may be data accuracy of the accelerometer, and the access request includes a sampling rate with a specific value (200Hz) and data accuracy without a specific value (e.g. 70%) when the application requests to access accelerometer data.

In some examples, in the access request, the first data property is specified with a value, and the second data property is specified with no value. At this case, for performing an access-granting process of the data service at the block 120, firstly, the method determines whether the value of the first data property meets a first preset condition, and assigns a default value to the second data property, and then performs the access-granting process of the data service for at least one of the value of the first data property and the default value of the second data property, in response to the value of the first data property meeting the first preset condition.

For example, when the value of the first data property meets the first preset condition, the access-granting process of the data service is performed for the value of the first data property or the default value of the second data property. For another example, when the value of the first data property meets the first preset condition, the access-granting process of the data service is performed for both the value of the first data property and the default value of the second data property.

The default value of the second data property meets a second preset condition.

The value of the first data property meeting the first preset condition indicates the value of the first data property being less than or equal to the preset value, being same to one preset value in the at least one set of preset values, or being located in at least one preset range. That is, the value is compatible with the first preset condition. Generally, for a data service, when a value S of a encoding property is compatible with another value T, it means that data Dt with the value T has more information than data Ds with the value S, assuming Dt and Ds are both derived from the same source data with different encoding property values. In the example of the access request including a sampling rate of 200 Hz when the application requests to access accelerometer data, when the value of the first data property, i.e. the sampling rate of 200 Hz, is equal to the preset value (i.e. 200Hz) , the access-granting process of the data service is performed, and thus the application is granted to access the accelerometer data.

Alternatively, in some examples, for performing an access-granting process of the data service at the block 120, the method further performs the access-granting process of the data service for the default value of the second data property, and rejects the accessing for the value of the first data property, in response to the value of the first data property un-meeting the first preset condition.

For example, the access request includes a sampling rate of 400 Hz and data accuracy without a specific value when the application requests to access accelerometer data. When the value of the first data property, i.e. the sampling rate of 400 Hz, is greater than the preset value (i.e. 200Hz) , the accessing for the value of the first data property is rejected, and thus the application is not granted to access the accelerometer data at the value of the first data property, but the application is granted to access the accelerometer data at the default value of the second data property.

For sensor data, in the example of the access request including a sampling rate of 400 Hz when the application requests to access accelerometer data, as the value of the first data property, i.e. the sampling rate of 400 Hz, is greater than the preset value (i.e. 200Hz) , the sampling rate of 400 Hz is returned to the application, and the application may choose to request again with modified sample rate such as 200 Hz. That is, the 400 Hz is returned to the application, and the application sends another access request with the sampling rate of 200 Hz.

In some examples, the data-copy may be generated from the data service at another value of the first data property. Given the value of the first data property is X1, and the another value of the first data property is X2, for example, the another value X2 of the first data property is less than the value X1 of the first data property, i.e. X2 < X1. For example, for a data service such as a photo service, the first data property is resolution, and a data-copy with a resolution of 100 is generated from a photo with the preset resolution of 200 if the access request of the application includes a resolution of 400 greater than a preset resolution of 200 when the application requests to access the photo service. That is, the data-copy is generated from the photo at the resolution of 100, and then the data-copy has the resolution of 100. For another example, the another value X2 of the first data property is greater than the value X1 of the first data property, i.e. X1 < X2. For example, for a data service such as a photo service, the first data property is resolution, and a data-copy with a resolution of 500 is generated from a photo with the preset resolution of 200 if the access request of the application includes a resolution of 400 greater than a preset resolution of 200 when the application requests to access the photo service. That is, the data-copy is generated from the photo at the resolution of 500, and then the data-copy has the resolution of 500.

In another some examples, the data-copy may be generated from the data service at the value of the first data property. For example, for a data service such as a photo service, the first data property is a semantic input, and a value of the semantic input is “In front of a tower” , and a data-copy in which the user or other people is in front of a tower is generated from a photo if the access request of the application includes the semantic input of “In front of a tower” is different from a preset semantic input of “public shared” when the application requests to access the photo service. That is, the data-copy is generated from the photo at the semantic input of “In front of a tower” , and then the data-copy has the semantic input of “In front of a tower” .

In another some examples, in the access request, the first data property and the second data property are specified with no value. At this case, for performing an access-granting process of the data service at the block 120, firstly, the method assigns a first default value to the first data property and a second default value to the second data property, the first default value of the first data property meeting a first preset condition and the second default value of the second data property meeting a second preset condition, and then performs the access-granting process of the data service for at least one of the first default value of the first data property and the second default value of the second data property.

For example, when the access request includes the first data property without a specific value and the second data property without a specific value, the access-granting process of the data service is performed for the first default value of the first data property or the second default value of the second data property. For another example, when the access request includes the first data property without a specific value and the second data property without a specific value, the access-granting process of the data service is performed for both the first default value of the first data property and the second default value of the second data property.

The first default value of the first data property meets a first preset condition and the second default value of the second data property meets a second preset condition

The first default value of the first data property meeting the first preset condition indicates the first default value of the first data property being less than or equal to the preset value, being same to one preset value in the at least one set of preset values, or being located in at least one preset range. That is, the first default value is compatible with the first preset condition. The second default value of the second data property meeting the second preset condition indicates the second default value of the second data property being less than or equal to the preset value, being same to one preset value in the at least one set of preset values, or being located in at least one preset range. That is, the second default value is compatible with the second preset condition. Generally, for a data service, when a value S of a encoding property is compatible with another value T, it means that data Dt with the value T has more information than data Ds with the value S, assuming Dt and Ds are both derived from the same source data with different encoding property values. In the example of the access request including a sampling rate of 200 Hz when the application requests to access accelerometer data, when the value of the first data property, i.e. the sampling rate of 200 Hz, is equal to the preset value (i.e. 200Hz) , the access-granting process of the data service is performed, and thus the application is granted to access the accelerometer data.

As fore-mentioned, the access-granting process of the data service is performed in response to the access request, such that the application is granted to access the data service. In another some embodiments, no data property is specified in the access request. At this case, the access-granting process of the data service is performed for at least one default value of at least one property, and the at least one property include at least one of at least one encoding property, at least one data attribute, at least one semantic input, and at least one data transformation.

For example, when the access request specifies no data property, the access-granting process of the motion sensor data is performed at a sampling rate with a default value if the application requests to access the motion sensor data. For another example, when the access request specifies no data property, the access-granting process of the motion sensor data is performed at a semantic input of “In front of a tower” if the application requests to access the digital data such as the photo service.

In some embodiments, the access request includes a flag, and the flag is configured for indicating all data properties which the data service supports and/or information of the all data properties.

Based on the above embodiments, at this case, the method further generates a notification-interface to a user in response to the access request, such that at least one data property which are allowed to access are selected by the user, wherein the notification-interface include the all data properties listed based on the flag and/or the information of the all data properties.

In some examples, the flag includes a first value and/or a second value, wherein the flag being equal to the first value indicates the all data properties which the data service supports, and the flag being equal to the second value indicates the information of the all data properties.

For example, the first value may be “Options” , the second value may be “Max” or “Min” . When the flag equal to “Max” , it indicates the maximum values of the all data properties. The information of the all data properties include the maximum values of the all data properties.

In some embodiments, based on the above embodiments, the method further generates a notification-interface to a user in response to the access request, such that at least one data property which are allowed to access are selected by the user, wherein the notification-interface include the at least one data property listed in response to the access request and/or the information of the at least one data property.

As fore-mentioned, the access request may include at least one data property of the data service or a flag indicating at least one data property of the data service, and the at least one property include at least one of at least one encoding property, at least one data attribute, at least one semantic input, and at least one data transformation.

In some embodiments, the at least one data property or the flag is obtained from the data service as the application queries.

The application is capable of querying the data service to which it connects for data properties of the data service. The pseudo-code below shows a typical flow of the query for “Target_data_service” . build_list_of_requested_properties (Target_data_service)

FIG. 3 is a flow chart of an access-control method according to some embodiments of the present disclosure. The method may be performed by an electronic device, which includes, but is not limited to, a smart device such as a smart phone, a tablet computer, etc. That is, the method may be applied in the electronic device, for example an application. The method includes actions/operations in the following blocks.

At block 310, the method sends an access request for accessing a data service, wherein an access-granting process of the data service is performed in response to the access request such that the data service is granted to be accessed.

The application may be installed in the electronic device, or installed in another device which is communicated with the electronic device. The data service, which the application may need to access, may provide data with different data properties. That is, the data service has different data properties. The data service may include sensor data and digital data, which is not limited herein.

In some embodiments, the access request includes at least one data property; and the at least one property include at least one of at least one encoding property, at least one data attribute, at least one semantic input, and at least one data transformation.

In another some embodiments, the access request includes a flag indicating at least one data property; and the at least one property include at least one of at least one encoding property, at least one data attribute, at least one semantic input, and at least one data transformation.

Alternatively, the at least one data property includes a first data property, and the first data property is specified with a value.

Alternatively, the access-granting process of the data service is performed in response to the value of the first data property meeting a preset condition.

Alternatively, the access request is rejected in response to the value of the first data property un-meeting a preset condition.

Alternatively, the method further includes modifying the value of the first data property, and sending another access request in which the value of the first data property is modified.

Alternatively, the method further includes accessing a data-copy of the data service at the value of the first data property, in response to the value of the first data property un-meeting the preset condition.

Alternatively, a notification-interface is generated to a user in response to the value of the first data property un-meeting the preset condition, the notification-interface defining at least one operation for the accessing.

Alternatively, the at least one operation includes allowing the accessing in response to no action in a preset duration from the user, requesting the user to allow the accessing, requesting the user to allow the accessing currently, and requesting another user having a privilege to allow the accessing in response to the user having no privilege.

Alternatively, the at least one data property includes a first data property, and the first data property is specified with no value.

Alternatively, default value is assigned to the first data property, and the access-granting process of the data service is performed for the default value of the first data property, the default value of the first data property meeting a preset condition.

Alternatively, the at least one data property includes a first data property and a second data property, and each of the first data property and the second data property is specified with a value.

Alternatively, the access-granting process of the data service is performed for at least one of the value of the first data property and the value of the second data property, in response to the value of the first data property meeting the first preset condition and the value of the second data property meeting the second preset condition.

Alternatively, the access-granting process of the data service is performed for one of the value of the first data property and the value of the second data property, and rejecting the accessing for another of the value of the first data property and the value of the second data property, in response to the value of the first data property meeting the first preset condition or the value of the second data property meeting the second preset condition.

Alternatively, the access request is rejected in response to the value of the first data property un-meeting the preset condition and the value of the second data property un-meeting the second preset condition.

Alternatively, the method further includesmodifying the value of the first data property and the value of the second data property, and sending another access request in which at least one of the value of the first data property and the value of the second data property is modified.

Alternatively, the method further includes accessing a respective data-copy of the data service at the value of the first data property and the value of the second data property, in response to the value of the first data property un-meeting the preset condition and the value of the second data property un-meeting the second preset condition.

Alternatively, the at least one data property includes a first data property and a second data property, and at least one of the first data property and the second data property is specified with no value.

Alternatively, the first data property is specified with a value, and the second data property is specified with no value; a default value is assigned to the second data property, the default value of the second data property meeting a second preset condition; andthe access-granting process of the data service is performed for at least one of the value of the first data property and the default value of the second data property, in response to the value of the first data property meeting the first preset condition.

Alternatively, the access-granting process of the data service is performed for the default value of the second data property, and the access request is rejected for the value of the first data property, in response to the value of the first data property un-meeting the first preset condition.

Alternatively, the first data property and the second data property are specified with no value; a first default value is assigned to the first data property and a second default value is assigned to the second data property, the first default value of the first data property meeting a first preset condition and the second default value of the second data property meeting a second preset condition; andthe access-granting process of the data service is performed for at least one of the first default value of the first data property and the second default value of the second data property.

Alternatively, no data property is specified in the access request; the access-granting process of the data service is performed for at least one default value of at least one property; and

the at least one property include at least one of at least one encoding property, at least one data attribute, at least one semantic input, and at least one data transformation.

Alternatively, each of the preset condition, the first preset condition, and the second preset condition includes a preset value, at least one set of preset values, and at least one preset range; andmeeting the preset condition indicates being less than or equal to the preset value, being same to one preset value in the at least one set of preset values, or being located in at least one preset range; meeting the first preset condition indicates being less than or equal to the preset value, being same to one preset value in the at least one set of preset values, or being located in at least one preset range; meeting the second preset condition indicates being less than or equal to the preset value, being same to one preset value in the at least one set of preset values, or being located in at least one preset range.

Alternatively, the access request includes a flag, and the flag is configured for indicating all data properties which the data service supports and/or information of the all data properties; anda notification-interface is generated to a user in response to the access request, such that at least one data property which are allowed to access are selected by the user, wherein the notification-interface include the all data properties listed based on the flag and/or the information of the all data properties.

Alternatively, the flag includes a first value and/or a second value, wherein the flag being equal to the first value indicates the all data properties which the data service supports, and the flag being equal to the second value indicates the information of the all data properties.

Alternatively, the information of the all data properties include the maximum values of the all data properties.

Alternatively, a notification-interface is generated to a user in response to the access request, such that at least one data property which are allowed to access are selected by the user, wherein the notification-interface include the at least one data property listed in response to the access request and/or the information of the at least one data property.

Alternatively, the method further includes querying for the at least one data property or the flag from the data service.

It should be noted that, details of these embodiments which is not described can be referred to that in the above embodiments, which is not described again herein, for brevity.

FIG. 4 is a structural schematic view of an electronic device according to some embodiments of the present disclosure. The electronic device 400 may include a processor 410 and a memory 420, which are coupled together.

The memory 420 is configured to store executable program instructions. The processor 410 may be configured to read the executable program instructions stored in the memory 420 to implement a procedure corresponding to the executable program instructions, so as to perform any methods for searching images as described in the previous embodiments or a method provided with arbitrary and non-conflicting combination of the previous embodiments, or any methods for indexing images as described in the previous embodiments or a method provided with arbitrary and non-conflicting combination of the previous embodiments.

The electronic device 400 may be a smart device such as a smart phone, a tablet computer, etc. in one example. The electronic device 400 may be a separate component integrated in a smart device such as a smart phone, a tablet computer, etc. in another example.

A non-transitory computer-readable storage medium is provided, which may be in the memory 420. The non-transitory computer-readable storage medium stores instructions, when executed by a processor, causing the processor to perform the method as described in the previous embodiments.

A person of ordinary skill in the art may appreciate that, in combination with the examples described in the embodiments disclosed in this specification, units and algorithm steps may be implemented by electronic hardware, computer software, or a combination thereof. In order to clearly describe the interchangeability between the hardware and the software, the foregoing has generally described compositions and steps of every embodiment according to functions. Whether the functions are performed by hardware or software depends on particular applications and design constraint conditions of the technical solutions. A person skilled in the art may use different methods to implement the described functions for each particular application, but it should not be considered that the implementation goes beyond the scope of the present disclosure.

It can be clearly understood by a person skilled in the art that, for the purpose of convenient and brief description, for a detailed working process of the foregoing system, apparatus and unit, reference may be made to the corresponding process in the method embodiments, and the details will not be described herein again.

In the several embodiments provided in the present disclosure, it should be understood that the disclosed system, apparatus, and method may be implemented in other manners. For example, the described apparatus embodiment is merely exemplary. For example, the unit division is merely logical function division and may be other division in actual implementation. For example, a plurality of units or components may be combined or integrated into another system, or some features may be ignored or not performed. In addition, the displayed or discussed mutual couplings or direct couplings or communication connections may be implemented through some interfaces. The indirect couplings or communication connections between the apparatuses or units may be implemented in electronic, mechanical, or other forms.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on a plurality of network units. A part or all of the units herein may be selected according to the actual needs to achieve the objectives of the solutions of the embodiments of the present disclosure.

In addition, functional units in the embodiments of the present disclosure may be integrated into one processing unit, or each of the units may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in a form of hardware, or may be implemented in a form of a software functional unit.

When the integrated unit are implemented in a form of a software functional unit and sold or used as an independent product, the integrated unit may be stored in a computer-readable storage medium. Based on such an understanding, the technical solutions of the present disclosure essentially, or the part contributing to the prior art, or all or a part of the technical solutions may be implemented in a form of software product. The computer software product is stored in a storage medium, for example, non-transitory computer-readable storage medium, and includes several instructions for instructing a computer device (which may be a personal computer, a server, or a network device) to perform all or a part of the steps of the methods described in the embodiments of the present disclosure. The foregoing storage medium includes any medium that can store program codes, such as a USB flash disk, a removable hard disk, a read-only memory (ROM) , a random access memory (RAM) , a magnetic disk, or an optical disk.

The foregoing descriptions are merely specific embodiments of the present disclosure, but are not intended to limit the protection scope of the present disclosure. Any equivalent modification or replacement figured out by a person skilled in the art within the technical scope of the present disclosure shall fall within the protection scope of the present disclosure. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.

Claims

An access-control method, comprising:

receiving an access request for accessing a data service from an application;

performing an access-granting process of the data service in response to the access request, such that the application is granted to access the data service.
The access-control method of claim 1, wherein the access request comprises at least one data property of the data service; and

the at least one property comprise at least one of at least one encoding property, at least one data attribute, at least one semantic input, and at least one data transformation.
The access-control method of claim 1, whereinthe access request comprises a flag indicating at least one data property of the data service; and

the at least one property comprise at least one of at least one encoding property, at least one data attribute, at least one semantic input, and at least one data transformation.
The access-control method of claim 2 or 3, wherein the at least one data property comprises a first data property, and the first data property is specified with a value.
The access-control method of claim 4, wherein the performing an access-granting process of the data service comprises:

determining whether the value of the first data property meets a preset condition;

performing the access-granting process of the data service, in response to the value of the first data property meeting the preset condition.
The access-control method of claim 5, further comprising:

rejecting the access request, in response to the value of the first data property un-meeting the preset condition.
The access-control method of claim 6, further comprising:

returning the value of the first data property to the application, such that the application sends another access request in which the value of the first data property is modified.
The access-control method of claim 6, further comprising:

generating a data-copy of the data service for the value of the first data property, in response to the value of the first data property un-meeting the preset condition, and providing the data-copy to the application to access.
The access-control method of claim 5, further comprising:

generating a notification-interface to a user, in response to the value of the first data property un-meeting the preset condition, the notification-interface defining at least one operation for the accessing.
The access-control method of claim 9, wherein the at least one operation comprises allowing the accessing in response to no action in a preset duration from the user, requesting the user to allow the accessing, requesting the user to allow the accessing currently, and requesting another user having a privilege to allow the accessing in response to the user having no privilege.
The access-control method of claim 2 or 3, wherein the at least one data property comprises a first data property, and the first data property is specified with no value.
The access-control method of claim 11, wherein the performing an access-granting process of the data service comprises:

assigning a default value to the first data property, and performing the access-granting process of the data service for the default value of the first data property, the default value of the first data property meeting a preset condition.
The access-control method of claim 2 or 3, wherein the at least one data property comprises a first data property and a second data property, and each of the first data property and the second data property is specified with a value.
The access-control method of claim 13, wherein the performing an access-granting process of the data service comprises:

determining whether the value of the first data property meets a first preset condition, and whether the value of the second data property meets a second preset condition; and

performing the access-granting process of the data service for at least one of the value of the first data property and the value of the second data property, in response to the value of the first data property meeting the first preset condition and the value of the second data property meeting the second preset condition.
The access-control method of claim 13, wherein the performing an access-granting process of the data service comprises:

determining whether the value of the first data property meets a first preset condition, and whether the value of the second data property meets a second preset condition;

performing the access-granting process of the data service for one of the value of the first data property and the value of the second data property, and rejecting the accessing for another of the value of the first data property and the value of the second data property, in response to the value of the first data property meeting the first preset condition or the value of the second data property meeting the second preset condition.
The access-control method of claim 14 or 15, further comprising:

rejecting the access request, in response to the value of the first data property un-meeting the preset condition and the value of the second data property un-meeting the second preset condition.
The access-control method of claim 16, further comprising:

returning the value of the first data property and the value of the second data property to the application, such that the application sends another access request in which at least one of the value of the first data property and the value of the second data property is modified.
The access-control method of claim 14 or 15, further comprising:

generating a respective data-copy of the data service for the value of the first data property and the value of the second data property, in response to the value of the first data property un-meeting the preset condition and the value of the second data property un-meeting the second preset condition, and providing the respective data-copy to the application to access.
The access-control method of claim 2 or 3, whereinthe at least one data property comprises a first data property and a second data property, and at least one of the first data property and the second data property is specified with no value.
The access-control method of claim 19, wherein the first data property is specified with a value, and the second data property is specified with no value; and

the performing an access-granting process of the data service comprises:

determining whether the value of the first data property meets a first preset condition, and assigning a default value to the second data property, the default value of the second data property meeting a second preset condition; and

performing the access-granting process of the data service for at least one of the value of the first data property and the default value of the second data property, in response to the value of the first data property meeting the first preset condition.
The access-control method of claim 20, wherein the performing an access-granting process of the data service further comprises:

performing the access-granting process of the data service for the default value of the second data property, and rejecting the accessing for the value of the first data property, in response to the value of the first data property un-meeting the first preset condition.
The access-control method of claim 21, further comprising:

returning the value of the first data property to the application, such that the application sends another access request in which the value of the first data property is modified.
The access-control method of claim 20, further comprising:

generating a data-copy of the data service for the value of the first data property, in response to the value of the first data property un-meeting the preset condition, and providing the data-copy to the application to access.
The access-control method of claim 19, wherein the first data property and the second data property are specified with no value; and

the performing an access-granting process of the data service comprises:

assigning a first default value to the first data property and a second default value to the second data property, the first default value of the first data property meeting a first preset condition and the second default value of the second data property meeting a second preset condition;

performing the access-granting process of the data service for at least one of the first default value of the first data property and the second default value of the second data property.
The access-control method of claim 1, whereinno data property is specified in the access request;

the access-granting process of the data service is performed for at least one default value of at least one property; and

the at least one property comprise at least one of at least one encoding property, at least one data attribute, at least one semantic input, and at least one data transformation.
The access-control method of any one of claims 1-25, wherein each of the preset condition, the first preset condition, and the second preset condition comprises a preset value, at least one set of preset values, and at least one preset range; and

meeting the preset condition indicates being less than or equal to the preset value, being same to one preset value in the at least one set of preset values, or being located in at least one preset range;

meeting the first preset condition indicates being less than or equal to the preset value, being same to one preset value in the at least one set of preset values, or being located in at least one preset range;

meeting the second preset condition indicates being less than or equal to the preset value, being same to one preset value in the at least one set of preset values, or being located in at least one preset range.
The access-control method of claim 1, wherein the access request comprises a flag, and the flag is configured for indicating all data properties which the data service supports and/or information of the all data properties; and

the method further comprises:

generating a notification-interface to a user in response to the access request, such that at least one data property which are allowed to access are selected by the user, wherein the notification-interface comprise the all data properties listed based on the flag and/or the information of the all data properties.
The access-control method of claim 27, wherein the flag comprises a first value and/or a second value, wherein the flag being equal to the first value indicates the all data properties which the data service supports, and the flag being equal to the second value indicates the information of the all data properties.
The access-control method of claim 28, wherein the information of the all data properties comprise the maximum values of the all data properties.
The access-control method of claim 1, further comprising:

generating a notification-interface to a user in response to the access request, such that at least one data property which are allowed to access are selected by the user, wherein the notification-interface comprise the at least one data property listed in response to the access request and/or the information of the at least one data property.
The access-control method of claim 2 or 3, wherein the at least one data property or the flag is obtained from the data service as the application queries.
An access-control method, comprising:

sending an access request for accessing a data service, wherein an access-granting process of the data service is performed in response to the access request such that the data service is granted to be accessed.
The access-control method of claim 32, wherein the access request comprises at least one data property; and

the at least one property comprise at least one of at least one encoding property, at least one data attribute, at least one semantic input, and at least one data transformation.
The access-control method of claim 32, wherein the access request comprises a flag indicating at least one data property; and

the at least one property comprise at least one of at least one encoding property, at least one data attribute, at least one semantic input, and at least one data transformation.
The access-control method of claim 33 or 34, wherein the at least one data property comprises a first data property, and the first data property is specified with a value.
The access-control method of claim 35, wherein the access-granting process of the data service is performed in response to the value of the first data property meeting a preset condition.
The access-control method of claim 35, wherein the access request is rejected in response to the value of the first data property un-meeting a preset condition.
The access-control method of claim 37, further comprising:

modifying the value of the first data property, and sending another access request in which the value of the first data property is modified.
The access-control method of claim 37, further comprising:

accessing a data-copy of the data service at the value of the first data property, in response to the value of the first data property un-meeting the preset condition.
The access-control method of claim 36, wherein a notification-interface is generated to a user in response to the value of the first data property un-meeting the preset condition, the notification-interface defining at least one operation for the accessing.
The access-control method of claim 40, wherein the at least one operation comprises allowing the accessing in response to no action in a preset duration from the user, requesting the user to allow the accessing, requesting the user to allow the accessing currently, and requesting another user having a privilege to allow the accessing in response to the user having no privilege.
The access-control method of claim 33 or 34, wherein the at least one data property comprises a first data property, and the first data property is specified with no value.
The access-control method of claim 42, wherein a default value is assigned to the first data property, and the access-granting process of the data service is performed for the default value of the first data property, the default value of the first data property meeting a preset condition.
The access-control method of claim 33 or 34, wherein the at least one data property comprises a first data property and a second data property, and each of the first data property and the second data property is specified with a value.
The access-control method of claim 44, wherein the access-granting process of the data service is performed for at least one of the value of the first data property and the value of the second data property, in response to the value of the first data property meeting the first preset condition and the value of the second data property meeting the second preset condition.
The access-control method of claim 44, wherein the access-granting process of the data service is performed for one of the value of the first data property and the value of the second data property, and rejecting the accessing for another of the value of the first data property and the value of the second data property, in response to the value of the first data property meeting the first preset condition or the value of the second data property meeting the second preset condition.
The access-control method of claim 45 or 46, wherein the access request is rejected in response to the value of the first data property un-meeting the preset condition and the value of the second data property un-meeting the second preset condition.
The access-control method of claim 47, further comprising:

modifying the value of the first data property and the value of the second data property, and sending another access request in which at least one of the value of the first data property and the value of the second data property is modified.
The access-control method of claim 45 or 46, further comprising:

accessing a respective data-copy of the data service at the value of the first data property and the value of the second data property, in response to the value of the first data property un-meeting the preset condition and the value of the second data property un-meeting the second preset condition.
The access-control method of claim 33 or 34, wherein the at least one data property comprises a first data property and a second data property, and at least one of the first data property and the second data property is specified with no value.
The access-control method of claim 50, wherein the first data property is specified with a value, and the second data property is specified with no value;

a default value is assigned to the second data property, the default value of the second data property meeting a second preset condition; and

the access-granting process of the data service is performed for at least one of the value of the first data property and the default value of the second data property, in response to the value of the first data property meeting the first preset condition.
The access-control method of claim 51, wherein the access-granting process of the data service is performed for the default value of the second data property, and the access request is rejected for the value of the first data property, in response to the value of the first data property un-meeting the first preset condition.
The access-control method of claim 52, further comprising:

modifying the value of the first data property, and sending another access request in which the value of the first data property is modified.
The access-control method of claim 51, further comprising:

accessing a data-copy of the data service at the value of the first data property, in response to the value of the first data property un-meeting the preset condition.
The access-control method of claim 50, wherein the first data property and the second data property are specified with no value;

a first default value is assigned to the first data property and a second default value is assigned to the second data property, the first default value of the first data property meeting a first preset condition and the second default value of the second data property meeting a second preset condition; and

the access-granting process of the data service is performed for at least one of the first default value of the first data property and the second default value of the second data property.
The access-control method of claim 32, wherein no data property is specified in the access request;

the access-granting process of the data service is performed for at least one default value of at least one property; and

the at least one property comprise at least one of at least one encoding property, at least one data attribute, at least one semantic input, and at least one data transformation.
The access-control method of any one of claims 33-56, wherein each of the preset condition, the first preset condition, and the second preset condition comprises a preset value, at least one set of preset values, and at least one preset range; and

meeting the preset condition indicates being less than or equal to the preset value, being same to one preset value in the at least one set of preset values, or being located in at least one preset range;

meeting the first preset condition indicates being less than or equal to the preset value, being same to one preset value in the at least one set of preset values, or being located in at least one preset range;

meeting the second preset condition indicates being less than or equal to the preset value, being same to one preset value in the at least one set of preset values, or being located in at least one preset range.
The access-control method of claim 33, wherein the access request comprises a flag, and the flag is configured for indicating all data properties which the data service supports and/or information of the all data properties; and

a notification-interface is generated to a user in response to the access request, such that at least one data property which are allowed to access are selected by the user, wherein the notification-interface comprise the all data properties listed based on the flag and/or the information of the all data properties.
The access-control method of claim 58, wherein the flag comprises a first value and/or a second value, wherein the flag being equal to the first value indicates the all data properties which the data service supports, and the flag being equal to the second value indicates the information of the all data properties.
The access-control method of claim 59, wherein the information of the all data properties comprise the maximum values of the all data properties.
The access-control method of claim 33, wherein

a notification-interface is generated to a user in response to the access request, such that at least one data property which are allowed to access are selected by the user, wherein the notification-interface comprise the at least one data property listed in response to the access request and/or the information of the at least one data property.
The access-control method of claim 33 or 34, further comprising:

querying for the at least one data property or the flag from the data service.
An electronic device, comprising a processor and a memory storing instructions, when executed by the processor, causing the processor to perform the method of any one of claims 1-32 and claims 33-62.
A non-transitory computer-readable storage medium, storing instructions, when executed by a processor, causing the processor to perform the method of any one of claims 1-32 and claims 33-62.