update docs

Signed-off-by: NAnnie_wang <annie.wangli@huawei.com>

en/application-dev/security/Readme-EN.md

@@ -3,8 +3,8 @@
 - Access Control  
   - [Access Control (Permission) Overview](accesstoken-overview.md)
   - [Permission Application Guide](accesstoken-guidelines.md)
-  - [Permission Verification Guide](permission-verify-guidelines.md)
-  - [App Permission List](permission-list.md)
+  - [API Access Permission Verification](permission-verify-guidelines.md)
+  - [Application Permission List](permission-list.md)
 - User Authentication
   - [User Authentication Overview](userauth-overview.md)
   - [User Authentication Development](userauth-guidelines.md)

en/application-dev/security/accesstoken-guidelines.md

@@ -2,7 +2,7 @@
 
 ## When to Use
 
-The [Ability Privilege Level (APL)](accesstoken-overview.md#app-apls) of an application can be **normal**, **system_basic**, or **system_core**. The default APL is **normal**. The [permission types](accesstoken-overview.md#permission-types) include **system_grant** and **user_grant**. For details about the permissions for apps, see the [App Permission List](permission-list.md).
+The [Ability Privilege Level (APL)](accesstoken-overview.md#app-apls) of an application can be **normal**, **system_basic**, or **system_core**. The default APL is **normal**. The [permission types](accesstoken-overview.md#permission-types) include **system_grant** and **user_grant**. For details about the permissions for apps, see the [Application Permission List](permission-list.md).
 
 This document describes the following operations:
 

en/application-dev/security/permission-verify-guidelines.md

-# Permission Verification Guide
+# API Access Permission Verification
 
 ## When to Use
 
-To protect sensitive data and eliminate security threads on core abilities, you can use the permissions in the [App Permission List](permission-list.md) to protect the related API from unauthorized calling. Each time before the API is called, a permission verification is performed to check whether the caller has the required permission.
+To protect sensitive data and eliminate security threads on core abilities, you can use the permissions in the [Application Permission List](permission-list.md) to protect the related API from unauthorized calling. Each time before the API is called, a permission verification is performed to check whether the caller has the required permission.
 
 ## Available APIs
 
-The table below lists only the API used in this guide. For more information, see [AbilityContext](../reference/apis/js-apis-ability-context.md).
+The table below lists only the API used for access permission verification. For more information, see [AbilityContext](../reference/apis/js-apis-ability-context.md).
 
 | API                                                      | Description                                            |
 | ------------------------------------------------------------ | --------------------------------------------------- |
@@ -18,8 +18,11 @@ The table below lists only the API used in this guide. For more information, see
 The procedure is as follows:
 
 1. Obtain the caller's identity (**tokenId**).
+   > **NOTE**
+   > 
+   > You can use **getCallingTokenId** to obtain the caller's **tokenId**. For details, see [RPC](../reference/apis/js-apis-rpc.md#getcallingtokenid8).
 2. Determine the permission to verify, which is **ohos.permission.PERMISSION** in this example.
-3. Call **verifyAccessToken()** to perform a permission verification of the caller.
+3. Call **verifyAccessToken()** to perform a permission verification for the caller.
 4. Proceed based on the permission verification result.
 
 ```js
@@ -42,5 +45,3 @@ The procedure is as follows:
   }
 
 ```
-> **NOTE**<br>
-> You can use **getCallingTokenId** to obtain the caller's **tokenId**. For details, see [RPC](../reference/apis/js-apis-rpc.md#getcallingtokenid8).