CN112287372B - Method and apparatus for protecting clipboard privacy - Google Patents
Method and apparatus for protecting clipboard privacy Download PDFInfo
- Publication number
- CN112287372B CN112287372B CN202011252297.2A CN202011252297A CN112287372B CN 112287372 B CN112287372 B CN 112287372B CN 202011252297 A CN202011252297 A CN 202011252297A CN 112287372 B CN112287372 B CN 112287372B
- Authority
- CN
- China
- Prior art keywords
- information
- clipboard
- text
- encrypted
- privacy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
Embodiments of the present disclosure disclose methods and apparatus for protecting clipboard privacy. The specific implementation mode of the method comprises the following steps: in response to receiving the copy instruction, detecting whether privacy information is included in the copy information; if the privacy information is included, encrypting the copy information to generate an encrypted text; storing the encrypted text into a clipboard and marking an encrypted label; in response to receiving a paste instruction, detecting whether a paste action is a safe action; if the security behavior is the security behavior, decrypting the clipboard text and returning the decrypted text; if the action is unsafe, the encrypted text in the clipboard is directly returned. According to the embodiment, even if the information of the clipboard is stolen, the information cannot be used at will, so that the risk of information leakage is reduced.
Description
Technical Field
Embodiments of the present disclosure relate to the field of computer technology, and in particular, to a method and apparatus for protecting clipboard privacy.
Background
The App can easily acquire the clipboard data of the system and provide the application through the clipboard content. Many apps use clipboard permissions to scan user clipboard information. When the shopping App shares the links with the WeChat friends, the friends copy the links of the babies in the WeChat, then switch to the shopping App client from the background, the App pops up a page and inquires whether to jump to the corresponding commodity page. The principle is very simple: when App is opened (or switched in), a clipboard is scanned and when the last copied information is found to be a merchandise shopping link or associated password, the user's merchandise information to be purchased is "intelligently" guessed. Although the user experience may be good, when the App scans the clipboard, user privacy information such as account passwords on the clipboard may be obtained. Each application mall has a large number of clipboard function related applications for "convenient" management of your record of cutting operations. Some rogue applications will force writing content in the clipboard that can be rewarded, and open related applications will pop up.
When App invokes the clipboard, the system will not require any authorization from the user at all, even without any prompt. Users with mobile devices that can interwork are more at risk, such as the iOS end having a generic clipboard enabled, and these applications can also access content that is replicated on a computer (Mac). The prior art makes the contents of the clipboard, particularly account passwords or more private information, have larger stealing risks and easily cause security problems such as information leakage. The information related to safety of the clipboard is identified and anonymized, so that the safety of user information is ensured.
Disclosure of Invention
Embodiments of the present disclosure propose methods and apparatus for protecting clipboard privacy.
In a first aspect, embodiments of the present disclosure provide a method for protecting clipboard privacy, comprising: in response to receiving the copy instruction, detecting whether privacy information is included in the copy information; if the privacy information is included, encrypting the copy information to generate an encrypted text; the encrypted text is stored in the clipboard and cryptographically tagged.
In some embodiments, encrypting the copy information to generate encrypted text includes: acquiring the position of privacy information in copy information; encrypting the privacy information to generate a ciphertext; and replacing the privacy information with the ciphertext according to the position to obtain the encrypted text.
In some embodiments, detecting whether the copy information includes private information includes: identifying whether the copy information includes private information by at least one of: regular expression matching method, rule matching method, dictionary matching method and named entity recognition method.
In some embodiments, the method further comprises: responding to a call instruction received by the clipboard, and acquiring text information to be pasted or displayed; if the text information has the encryption tag, judging whether the calling instruction is safe, and if so, decrypting the text information; and pasting or displaying the decrypted content.
In some embodiments, decrypting the text information includes: detecting whether a call instruction of the clipboard comes from an authorized application; if the text information is from the authorized application, the text information is decrypted, otherwise, the text information is not decrypted.
In some embodiments, decrypting the text information includes: if the encryption tag comprises the position information of the ciphertext, decrypting the ciphertext according to the position information to obtain a plaintext character string; and replacing ciphertext in the text information with a plaintext character string according to the position information.
In some embodiments, the method employs a block encryption algorithm.
In a second aspect, embodiments of the present disclosure provide an apparatus for protecting clipboard privacy, comprising: a detection unit configured to detect whether privacy information is included in the copy information in response to receiving the copy instruction; an encryption unit configured to encrypt the copy information to generate an encrypted text if the private information is included; and a storage unit configured to store the encrypted text in the clipboard and to tag the encrypted text.
In some embodiments, the encryption unit is further configured to: acquiring the position of privacy information in copy information; encrypting the privacy information to generate a ciphertext; and replacing the privacy information with the ciphertext according to the position to obtain the encrypted text.
In some embodiments, the detection unit is further configured to: identifying whether the copy information includes private information by at least one of: regular expression matching method, rule matching method, dictionary matching method and named entity recognition method.
In some embodiments, the apparatus further comprises a decryption unit configured to: responding to a call instruction received by the clipboard, and acquiring text information to be pasted or displayed; if the text information has the encryption tag, judging whether the calling instruction is safe, and if so, decrypting the text information; and pasting or displaying the decrypted content.
In some embodiments, the apparatus further comprises a rights management unit configured to: detecting whether a call instruction of the clipboard comes from an authorized application; and automatically decrypting the text information if the text information comes from the authorized application, otherwise, not decrypting the text information.
In some embodiments, the decryption unit is further configured to: if the encryption tag comprises the position information of the ciphertext, decrypting the ciphertext according to the position information to obtain a plaintext character string; and replacing ciphertext in the text information with a plaintext character string according to the position information.
In some embodiments, the apparatus employs a symmetric block encryption algorithm.
In a third aspect, embodiments of the present disclosure provide an electronic device for protecting clipboard privacy, comprising: one or more processors; a storage device having one or more programs stored thereon, which when executed by one or more processors, cause the one or more processors to implement the method of any of the first aspects.
In a fourth aspect, embodiments of the present disclosure provide a computer readable medium having a computer program stored thereon, wherein the program when executed by a processor implements the method according to any of the first aspects.
The embodiment of the disclosure provides a method and a device for protecting the privacy of a clipboard, which are used for identifying and encrypting privacy information such as account passwords in the clipboard when copying the information to the clipboard. When this information is used, decryption is performed on the information. Even if the information of the clipboard is stolen, the information cannot be used at will, so that the risk of information leakage is reduced.
Drawings
Other features, objects and advantages of the present disclosure will become more apparent upon reading of the detailed description of non-limiting embodiments, made with reference to the following drawings:
FIG. 1 is an exemplary system architecture diagram in which an embodiment of the present disclosure may be applied;
FIG. 2 is a flow chart of one embodiment of a method for protecting clipboard privacy in accordance with the present disclosure;
FIG. 3 is a schematic illustration of one application scenario of a method for protecting clipboard privacy according to the present disclosure;
FIG. 4 is a flow chart of yet another embodiment of a method for protecting clipboard privacy in accordance with the present disclosure;
FIG. 5 is a schematic diagram of yet another application scenario of a method for protecting clipboard privacy according to the present disclosure;
FIG. 6 is a schematic structural view of one embodiment of an apparatus for protecting clipboard privacy according to the present disclosure;
fig. 7 is a schematic diagram of a computer system suitable for use in implementing embodiments of the present disclosure.
Detailed Description
The present disclosure is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be noted that, for convenience of description, only the portions related to the present invention are shown in the drawings.
It should be noted that, without conflict, the embodiments of the present disclosure and features of the embodiments may be combined with each other. The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
FIG. 1 illustrates an exemplary system architecture 100 to which embodiments of the methods of the present disclosure for protecting clipboard privacy or apparatuses for protecting clipboard privacy may be applied.
As shown in fig. 1, system architecture 100 may include a network 102 of terminal devices 101 and a terminal device 103. Network 102 is the medium used to provide communication links between terminal device 101 and terminal device 103. The network may include various connection types, such as cellular mobile networks, WIFI, and so on.
The user can interact with the terminal device 103 through a network using the terminal device 101 to receive or send messages or the like. Various communication client applications, such as a web browser application, a shopping class application, a search class application, an instant messaging tool, a mailbox client, social platform software, etc., may be installed on the terminal devices 101, 103.
The terminal devices 101, 103 may be various electronic devices having a display screen and supporting copy and paste functions, including but not limited to smartphones, tablet computers, electronic book readers, MP3 players (Moving Picture Experts Group Audio Layer III, moving picture experts compression standard audio layer 3), MP4 (Moving Picture Experts Group Audio Layer IV, moving picture experts compression standard audio layer 4) players, laptop and desktop computers, and the like. When the terminal apparatus 101 is software, it can be installed in the above-listed electronic apparatus. Which may be implemented as multiple software or software modules (e.g., to provide distributed services), or as a single software or software module. The present invention is not particularly limited herein.
It should be noted that, the method for protecting the privacy of the clipboard provided by the embodiments of the present disclosure is generally performed by the terminal device 101, 103, and accordingly, the apparatus for protecting the privacy of the clipboard is generally provided in the terminal device 101, 103.
It should be understood that the number of terminal devices and networks in fig. 1 is merely illustrative. There may be any number of terminal devices and networks, as desired for implementation.
With continued reference to fig. 2, a flow 200 of one embodiment of a method for protecting clipboard privacy according to the present disclosure is shown. The method for protecting the privacy of the clipboard comprises the following steps:
in step 201, in response to receiving the copy instruction, it is detected whether privacy information is included in the copy information.
In the present embodiment, when the user uses the execution subject (e.g., the terminal device shown in fig. 1) of the method for protecting the privacy of the clipboard, a copy instruction is transmitted to the terminal device by an operation such as clicking/long pressing, and the copy instruction includes copy information. The copy information may include private information including, but not limited to: bank card number, bank account number, cell phone number, identification card number, password, email, driver license number, passport number, home address.
The detection modes of the privacy information mainly comprise a mode based on regular expression/rule matching/dictionary matching mode and a machine learning mode (named entity recognition (NER, named Entity Recognition)) based on a pre-training model. For the bank account, the bank card number, the driving license number, the email address, the passport number, the mobile phone IMEI code, the telephone number, the password and other entities with obvious rules, a mode of combining regular expressions and keyword rules is adopted. In a sentence, entities meeting both regular expressions and rules are identified to obtain a string of privacy entities in the sentence, and the privacy category to which the entities belong, and the starting and ending position information of the entities in the original sentence. On the other hand, for information concerning a specific address such as a home address of a user, a machine learning method is used to identify a named entity. And storing the pre-trained model in terminal equipment, and then calling a prediction function of the model to identify the named entity when the clipboard has data to be stored. The NER algorithm related to machine learning can select the existing NER toolkit, such as a Stanford toolkit and the like, and can also realize the improvement of the accuracy of identification by the current latest algorithm, such as the improvement of the embedding by using a knowledge enhancement mode, and the use of more complex models can be tried in the encoding stage.
In the present embodiment, the entire copy information may be encrypted to generate an encrypted text (integral encryption scheme). Only the private information may be encrypted (partial encryption method), and the other information may not be encrypted.
If a local encryption mode is adopted, the position of the privacy information in the copy information can be obtained; encrypting the privacy information to generate a ciphertext; and replacing the privacy information with the ciphertext according to the position to obtain the encrypted text.
Alternatively, the whole encryption or the partial encryption may be selected according to the number of privacy information (the ratio of the number of characters to the number of copy information or the number of discontinuous privacy information). For example, if the ratio of the number of characters to the copy information is greater than a predetermined ratio threshold, e.g., 70%, then the whole encryption may be performed. If the number of the privacy information is greater than the number threshold, for example, the copy information includes 3 privacy information of an identity card, a telephone number and a password, the whole encryption can be performed. Thus, the number of encryption times can be reduced and the encryption speed can be improved.
The same encryption algorithm can be used in either encryption mode. Because the encryption and decryption operations are carried out at the mobile phone end, network transmission is not needed, and certain requirements are made on the encryption and decryption efficiency, the encryption algorithm can select a symmetrical encryption mode. The symmetric encryption method only needs the same public key when encrypting and decrypting. And comparing algorithm efficiency, resource consumption and safety. A conventional symmetric encryption algorithm DES (Data Encryption Standard) or a domestic SM4 algorithm may be employed.
Alternatively, the encryption algorithm may select a symmetric block encryption algorithm AES (Advanced Encryption Standard). AES consists of multiple rounds, each of which is divided into 4 steps of SubBytes (byte substitution), shiftRows (row shift), mixColumns (column confusion), addRoundKey (round key addition). The number of rounds needed varies depending on the key length, and 10, 12 and 14 rounds are required for 128, 192 and 256 bit keys, respectively. Since the handset clipboard encryption is taking into account the speed issue, here a key length of 128 bits, 10 rounds of encryption may be chosen. The encrypted mode selects a CBC (Clipher Block Chaining Mode) mode with higher security, which can ensure that ciphertext blocks encrypted by the same plaintext block are different, and that the structures of the plaintext and ciphertext are also different.
In this embodiment, the encrypted text is stored in the clipboard and then made available to the system, application, user. Whichever encryption method is used, the encrypted text is labeled with the encryption tag. The encryption tag of the partial encryption scheme also needs to include the position of the private information in the copy information for indicating the decryption position at the time of decryption.
The copy information, which does not include the privacy information, is not encrypted and the original is saved in the clipboard.
With continued reference to fig. 3, fig. 3 is a schematic diagram of an application scenario of the method for protecting clipboard privacy according to the present embodiment. In the application scenario of fig. 3, the user presses the mobile phone screen long, and selects the copy information "name: zhang III, telephone number: 123456 mailbox: jianwang@1111, address: xingan street No. 235). The mobile phone does not directly store the copy information into the clipboard, but detects the privacy information first, encrypts the copy information if the privacy information is detected, and stores the copy information into the clipboard. The terminal can encrypt by adopting a whole encryption mode or a partial encryption mode. The integral encryption mode encrypts the complete copy information, generates an encrypted text, stores the encrypted text in the clipboard, and marks an encrypted tag (the encrypted tag of the integral encryption mode does not include a position of the private information). The complete information is directly decrypted when decrypted. The terminal may also employ a local encryption. Only "123456", "jianwang@1111" and "xingan street 235" are encrypted. When the privacy information is identified, the position of the privacy information can be obtained, the original plaintext is replaced by the ciphertext according to the position, and the encrypted text is the name: zhang III, telephone number: bmloYW8, mailbox: dfh45t0@v5, address: fjert 4509). The encrypted text is stored in the clipboard and tagged with an encryption tag (the encryption tag in the partial encryption mode includes the location of the private information). And directly decrypting only the content indicated by the position during decryption.
The clipboard in the prior art has no differential encryption and has poor readability when being used by users. Current clipboard encryption algorithms encrypt and store the entire clipboard text, and when in use, users face the encrypted text, and it is difficult to locate what is desired to be pasted. Therefore, the privacy information in the text is identified and only the privacy information part is encrypted, so that the experience of the user using the clipboard can be enhanced. Still further, when a certain operation on the clipboard is identified as an active action of the user, the full plaintext is automatically decrypted and presented to the user.
The clipboard in the prior art judges whether encryption is carried out or not according to the condition manually set by a user, and the user operation is complex. Some clipboard encryption algorithms judge which needs to be encrypted according to conditions manually set by a user, and the user has complex operation and poor experience. Therefore, the method and the device can automatically identify the privacy information in the text, and improve the use feeling of the user.
With further reference to FIG. 4, a flow 400 of yet another embodiment of a method for protecting clipboard privacy is shown. The process 400 of the method for protecting clipboard privacy includes the steps of:
in step 401, in response to receiving a call instruction of the clipboard, text information to be pasted or displayed is acquired.
In this embodiment, the clipboard provided by the terminal may store at least one piece of copied text information. The user may invoke the clipboard through a clipboard invocation instruction (e.g., paste or display, etc.). The clipboard can be opened directly to display the text information, or the last text information can be pasted directly to the target location by a paste operation.
In this embodiment, the text information may be encrypted or plaintext, and may be determined by whether the text information has an encryption tag or not. If the encrypted tag does not include the position information of the ciphertext, the description is integral encryption, and the complete text information is decrypted during decryption. If the encryption tag comprises the position information of the ciphertext, the description is local encryption, the encrypted content is found according to the position, and decryption is carried out, so that a plaintext character string is obtained. The ciphertext is then replaced with the plaintext string. The encryption algorithm and the key adopted in decryption are the same as the encryption process. Before decryption, it is necessary to determine whether the call instruction is secure, and if the call instruction is from the user or an authorized application, it is indicated that the call instruction is secure, otherwise it is not secure.
Optionally, decrypting the text information includes: detecting whether a call instruction of the clipboard comes from an authorized application; and automatically decrypting the text information if the text information comes from the authorized application, otherwise, not decrypting the text information. The privacy information of the clipboard can be read by authorizing some applications which can be set in advance through the system, and if the application is an application which is actively opened by a user, the privacy information of the clipboard can be read by authorizing the application.
And judging whether the current clipboard calling operation is a user-level operation or not through monitoring the user behavior. And judging the identity of the caller through the command and the parameter of the call clipboard. The caller is given different clipboard rights. The following 4 cases are classified:
1) Upon system level auto-invocation, clipboard defaults to automatically decrypt encrypted text and return
2) When the third party trusted app (user manually set) automatically calls, the clipboard defaults to automatically decrypt the encrypted text and returns
3) When other apps of the third party automatically call, the clipboard defaults to return the encrypted text
4) Upon user-level operation, the clipboard defaults to automatically decrypt the encrypted text and return
Thus, when the un-trusted ordinary app automatically calls the clipboard, the decrypted text information containing privacy cannot be obtained.
And step 403, pasting or displaying the decrypted content.
In this embodiment, the decrypted content (plaintext) can be pasted or displayed only when the clipboard is pasted or displayed by the system level call, the user level call, and the third party trusted app call. In other cases, ciphertext is pasted or displayed.
With continued reference to fig. 5, fig. 5 is a schematic diagram of an application scenario of the method for protecting clipboard privacy according to the present embodiment. In the application scenario of fig. 5, the clipboard is opened first when a user needs to read or copy information from the clipboard. The system judges that the operation of opening the clipboard is initiated by the user, the system can automatically acquire the key information and acquire the position information of the entity needing to be decrypted, so that the decryption process can be automatically executed, and the decrypted information of the full plaintext is returned to the user. When a trusted system level application accesses the clipboard, the system also recognizes its identity information and obtains its rights to the clipboard. At this time, if there is an operation of reading/copying information, the system decrypts in the same manner as described above.
For example, if the user presses the mobile phone screen for a long time and selects a paste option, the clipboard is opened to obtain the last copied content name: zhang III, telephone number: bmloYW8, mailbox: dfh45t0@v5, address: fjert4509 "and an encrypted tag (including location information of ciphertext). The content is encrypted content, and before executing the paste instruction, whether the app calling the paste instruction is authorized is judged, for example, if the user selects to paste on a certain app interface, the user is authorized for the app, and at this time, the terminal can decrypt according to the encryption tag to obtain a plaintext name: zhang III, telephone number: 123456 mailbox: jianwang@1111, address: xingan street No. 235). If not authorized, the app obtains ciphertext, thereby protecting the privacy of the user.
Clipboard copy paste scenario example:
scene: and the user A transfers accounts to the friend user B, the user B sends the bank account and the user name to the user A through WeChat/SMS, the user A pastes the sent bank account and user name to the clipboard, and the clipboard identifies and anonymizes the bank account and user name and stores the bank account and user name in the clipboard. And the bank client selects a user name and a bank account number in the clipboard, the clipboard manager anonymizes the record and then pastes the record to an account number editing column, and the user A confirms and then completes the transfer operation to the user B.
Clipboard privacy protection scenario example:
scene: the user A sends account passwords of the public comments to the friend user B, and the user B copies the passwords of the user A and successfully logs in the public comments. And then the user B opens a shop for visiting the baby, and the baby-washing APP automatically accesses the system clipboard data, and the system does not automatically decrypt the encrypted text because the baby-washing APP belongs to the untrusted third party APP in the clipboard authority control module, and only the encrypted text recorded by the password is visited at the moment, so that the privacy of the user is protected to a certain extent.
With further reference to fig. 6, as an implementation of the method shown in the foregoing figures, the present disclosure provides an embodiment of an apparatus for protecting clipboard privacy, which corresponds to the method embodiment shown in fig. 2, and which may be particularly applicable in a variety of electronic devices.
As shown in fig. 6, the apparatus 600 for protecting the privacy of a clipboard of the present embodiment includes: a detection unit 601, an encryption unit 602, and a storage unit 603. Wherein the detection unit 601 is configured to detect whether the copy information includes the privacy information in response to receiving the copy instruction; an encryption unit 602 configured to encrypt the copy information to generate an encrypted text if the private information is included; the storage unit 603 is configured to store the encrypted text in the clipboard and to tag the encrypted text.
In this embodiment, the specific processes of the detection unit 601, the encryption unit 602, and the storage unit 603 of the apparatus 600 for protecting clipboard privacy may refer to step 201, step 202, and step 203 in the corresponding embodiment of fig. 2.
In some optional implementations of the present embodiment, the encryption unit 602 is further configured to: acquiring the position of privacy information in copy information; encrypting the privacy information to generate a ciphertext; and replacing the privacy information with the ciphertext according to the position to obtain the encrypted text.
In some optional implementations of the present embodiment, the detection unit 601 is further configured to: identifying whether the copy information includes private information by at least one of: regular expression matching method, rule matching method, dictionary matching method and named entity recognition method.
In some optional implementations of the present embodiment, the apparatus further comprises a decryption unit 604 configured to: responding to a call instruction received by the clipboard, and acquiring text information to be pasted or displayed; if the text information has the encryption tag, judging whether the calling instruction is safe, and if so, decrypting the text information; and pasting or displaying the decrypted content.
In some optional implementations of this embodiment, the apparatus further comprises a rights management unit 605 configured to: detecting whether a call instruction of the clipboard comes from an authorized application; and automatically decrypting the text information if the text information comes from the authorized application, otherwise, not decrypting the text information.
In some alternative implementations of the present embodiment, the decryption unit 604 is further configured to: if the encryption tag comprises the position information of the ciphertext, decrypting the ciphertext according to the position information to obtain a plaintext character string; and replacing ciphertext in the text information with a plaintext character string according to the position information.
In some alternative implementations of the present embodiment, the apparatus employs a symmetric block encryption algorithm.
Referring now to fig. 7, a schematic diagram of a configuration of an electronic device (e.g., the terminal device of fig. 1) 700 suitable for use in implementing embodiments of the present disclosure is shown. The terminal devices in the embodiments of the present disclosure may include, but are not limited to, mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), car terminals (e.g., car navigation terminals), and the like, and stationary terminals such as digital TVs, desktop computers, and the like. The terminal device shown in fig. 7 is only one example, and should not impose any limitation on the functions and scope of use of the embodiments of the present disclosure.
As shown in fig. 7, the electronic device 700 may include a processing means (e.g., a central processor, a graphics processor, etc.) 701, which may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 702 or a program loaded from a storage means 708 into a Random Access Memory (RAM) 703. In the RAM 703, various programs and data required for the operation of the electronic device 700 are also stored. The processing device 701, the ROM 702, and the RAM 703 are connected to each other through a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
In general, the following devices may be connected to the I/O interface 705: input devices 706 including, for example, a touch screen, touchpad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, and the like; an output device 707 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 708 including, for example, magnetic tape, hard disk, etc.; and a communication device 709. The communication means 709 may allow the electronic device 700 to communicate wirelessly or by wire with other devices to exchange data. While fig. 7 shows an electronic device 700 having various means, it is to be understood that not all of the illustrated means are required to be implemented or provided. More or fewer devices may be implemented or provided instead. Each block shown in fig. 7 may represent one device or a plurality of devices as needed.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program may be downloaded and installed from a network via communication device 709, or installed from storage 708, or installed from ROM 702. The above-described functions defined in the methods of the embodiments of the present disclosure are performed when the computer program is executed by the processing device 701. It should be noted that, the computer readable medium according to the embodiments of the present disclosure may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In an embodiment of the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. Whereas in embodiments of the present disclosure, the computer-readable signal medium may comprise a data signal propagated in baseband or as part of a carrier wave, with computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, fiber optic cables, RF (radio frequency), and the like, or any suitable combination of the foregoing.
The computer readable medium may be contained in the electronic device; or may exist alone without being incorporated into the electronic device. The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: in response to receiving the copy instruction, detecting whether privacy information is included in the copy information; if the privacy information is included, encrypting the copy information to generate an encrypted text; the encrypted text is stored in the clipboard and cryptographically tagged.
Computer program code for carrying out operations of embodiments of the present disclosure may be written in one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units involved in the embodiments described in the present disclosure may be implemented by means of software, or may be implemented by means of hardware. The described units may also be provided in a processor, for example, described as: a processor includes a detection unit, an encryption unit, and a storage unit. The names of these units do not constitute a limitation on the unit itself in some cases, and for example, the detection unit may also be described as "a unit that detects whether privacy information is included in copy information in response to receiving a copy instruction".
The foregoing description is only of the preferred embodiments of the present disclosure and description of the principles of the technology being employed. It will be appreciated by those skilled in the art that the scope of the invention referred to in this disclosure is not limited to the specific combination of features described above, but encompasses other embodiments in which any combination of features described above or their equivalents is contemplated without departing from the inventive concepts described. Such as those described above, are mutually substituted with the technical features having similar functions disclosed in the present disclosure (but not limited thereto).
Claims (7)
1. A method for protecting clipboard privacy, comprising:
in response to receiving the copy instruction, detecting whether privacy information is included in the copy information, wherein the privacy information includes at least one of: bank card number, bank account number, cell phone number, identification card number, password, email box, driving license number, passport number, home address;
if the privacy information is included, encrypting the copy information to generate an encrypted text, wherein if the ratio of the number of characters to the copy information is greater than a preset proportion threshold value or the number of the privacy information is greater than a number threshold value, the copy information is integrally encrypted, otherwise, the privacy information is locally encrypted;
storing the encrypted text into a clipboard and marking an encrypted label, wherein the encrypted label in a local encryption mode also needs to comprise the position of private information in copy information so as to be used for indicating the decryption position during decryption;
responding to a call instruction received by the clipboard, and acquiring text information to be pasted or displayed;
if the text information has the encryption tag, judging whether the calling instruction is safe, and if so, decrypting the text information;
pasting or displaying the decrypted content;
wherein the detecting whether the copy information includes the privacy information includes:
for the regular entity, detecting whether privacy information is included or not by adopting a mode of combining a regular expression and a keyword rule;
for information related to a specific address, identifying a named entity in a machine learning mode;
judging whether the calling instruction is safe or not, and decrypting the text information if the calling instruction is safe, wherein the method specifically comprises the following steps of:
judging the identity of the caller through a command and parameters for calling the clipboard, and returning the decrypted text or the encrypted text according to the identity of the caller, wherein the method comprises the following steps:
when the system level is automatically called, the clipboard automatically decrypts the encrypted text by default and returns;
when the third party trusted app manually set by the user is automatically called, the clipboard defaults to automatically decrypt the encrypted text and returns;
when other apps of the third party automatically call, the clipboard defaults to return the encrypted text;
upon user-level operation, the clipboard defaults to automatically decrypt the encrypted text and return.
2. The method of claim 1, wherein the locally encrypted private information comprises:
acquiring the position of the privacy information in the copy information;
encrypting the privacy information to generate a ciphertext;
and replacing the privacy information with the ciphertext according to the position to obtain the encrypted text.
3. The method of claim 1, wherein the decrypting the text information comprises:
if the encryption tag comprises the position information of the ciphertext, decrypting the ciphertext according to the position information to obtain a plaintext character string;
and replacing ciphertext in the text information with the plaintext character string according to the position information.
4. A method according to any of claims 1-3, wherein the method employs a symmetric block encryption algorithm for encryption.
5. An apparatus for protecting clipboard privacy, comprising:
a detection unit configured to detect whether privacy information is included in the copy information in response to receiving the copy instruction, wherein the privacy information includes at least one of: bank card number, bank account number, cell phone number, identification card number, password, email box, driving license number, passport number, home address;
the encryption unit is configured to encrypt the copy information to generate an encrypted text if the private information is included, wherein if the ratio of the number of characters to the copy information is greater than a preset proportion threshold value or the number of the private information is greater than a number threshold value, the copy information is encrypted in a whole, otherwise, the private information is encrypted in a local mode;
a storage unit configured to store the encrypted text in the clipboard and apply an encrypted tag, wherein the encrypted tag in the partial encryption mode also needs to include a position of private information in copy information for indicating a decryption position when decrypting;
the decryption unit is configured to respond to receiving a call instruction of the clipboard and acquire text information to be pasted or displayed;
if the text information has the encryption tag, judging whether the calling instruction is safe, and if so, decrypting the text information;
pasting or displaying the decrypted content;
wherein the encryption unit is further configured to:
for the regular entity, detecting whether privacy information is included or not by adopting a mode of combining a regular expression and a keyword rule;
for information related to a specific address, identifying a named entity in a machine learning mode;
judging whether the calling instruction is safe or not, and decrypting the text information if the calling instruction is safe, wherein the method comprises the following steps:
judging the identity of a caller through a command and parameters for calling the clipboard, and returning the decrypted text or the encrypted text according to the identity of the caller, wherein the method specifically comprises the following steps of:
when the system level is automatically called, the clipboard automatically decrypts the encrypted text by default and returns;
when the third party trusted app manually set by the user is automatically called, the clipboard defaults to automatically decrypt the encrypted text and returns;
when other apps of the third party automatically call, the clipboard defaults to return the encrypted text;
upon user-level operation, the clipboard defaults to automatically decrypt the encrypted text and return.
6. An electronic device for protecting clipboard privacy, comprising:
one or more processors;
a storage device having one or more programs stored thereon,
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1-4.
7. A computer readable medium having stored thereon a computer program, wherein the computer program, when executed by a processor, implements the method of any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011252297.2A CN112287372B (en) | 2020-11-11 | 2020-11-11 | Method and apparatus for protecting clipboard privacy |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011252297.2A CN112287372B (en) | 2020-11-11 | 2020-11-11 | Method and apparatus for protecting clipboard privacy |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112287372A CN112287372A (en) | 2021-01-29 |
| CN112287372B true CN112287372B (en) | 2023-05-26 |
Family
ID=74397867
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011252297.2A Active CN112287372B (en) | 2020-11-11 | 2020-11-11 | Method and apparatus for protecting clipboard privacy |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112287372B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113297605B (en) * | 2021-06-24 | 2023-05-05 | 中国建设银行股份有限公司 | Copy data management method, apparatus, electronic device, and computer readable medium |
| CN113691875A (en) * | 2021-08-02 | 2021-11-23 | 康佳集团股份有限公司 | Application program password login processing method and device, intelligent terminal and storage medium |
| CN114945176B (en) * | 2022-04-12 | 2023-05-30 | 荣耀终端有限公司 | Clipboard access control method, electronic equipment and storage medium |
| CN117633853A (en) * | 2022-08-16 | 2024-03-01 | 华为技术有限公司 | Privacy protection method and related equipment |
| EP4365763A1 (en) * | 2022-11-07 | 2024-05-08 | Nokia Technologies Oy | Certified copy paste |
| CN116484396B (en) * | 2023-03-13 | 2023-10-31 | 数影星球(杭州)科技有限公司 | Method and system for encrypting clipboard content based on browser |
| CN117113417A (en) * | 2023-10-18 | 2023-11-24 | 中孚安全技术有限公司 | Method, system, equipment and medium for managing and controlling clipboard under Linux system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104361294B (en) * | 2014-10-28 | 2017-08-25 | 深圳市大成天下信息技术有限公司 | A kind of document protection method, equipment and system |
| CN109117670A (en) * | 2018-08-16 | 2019-01-01 | 海南新软软件有限公司 | A kind of realization shear plate data encryption and decryption method, apparatus and hardware device |
| CN111581665B (en) * | 2020-05-09 | 2021-07-06 | 维沃移动通信有限公司 | Data processing method and device and electronic equipment |
-
2020
- 2020-11-11 CN CN202011252297.2A patent/CN112287372B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN112287372A (en) | 2021-01-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112287372B (en) | Method and apparatus for protecting clipboard privacy | |
| US9477534B2 (en) | Inter-extension messaging | |
| US10880736B2 (en) | Method and apparatus for transmitting and receiving encrypted message between terminals | |
| CN113364760A (en) | Data encryption processing method and device, computer equipment and storage medium | |
| CN111835511A (en) | Data security transmission method and device, computer equipment and storage medium | |
| JP6506884B2 (en) | System and method for preventing data loss while maintaining confidentiality | |
| CN107786331B (en) | Data processing method, device, system and computer readable storage medium | |
| CN107666479A (en) | Information encrypting and decrypting method, apparatus, computer equipment and storage medium | |
| CN103095457A (en) | Login and verification method for application program | |
| CN111741028B (en) | Service processing method, device, equipment and system | |
| US9659189B2 (en) | Systems and methods of safeguarding user information while interacting with online service providers | |
| CN111199037B (en) | Login method, system and device | |
| CN109857571B (en) | Clipboard control method and device | |
| CN112417485B (en) | Model training method, system and device based on trusted execution environment | |
| US10439995B2 (en) | Method and system for secure private communications | |
| US11120160B2 (en) | Distributed personal data storage and encrypted personal data service based on secure computation | |
| CN111030827A (en) | Information interaction method and device, electronic equipment and storage medium | |
| CN112291268A (en) | Information transmission method, device, equipment and storage medium | |
| US10049222B1 (en) | Establishing application trust levels using taint propagation | |
| CN109120576B (en) | Data sharing method and device, computer equipment and storage medium | |
| KR20140001442A (en) | System, apparatus, method and computer readable recording medium for paymenting on the mobile terminal by the short message service | |
| CN105022965A (en) | Data encryption method and apparatus | |
| CN113037760B (en) | Message sending method and device | |
| CN106453335B (en) | Data transmission method and device | |
| CN109584138A (en) | Picture method for tracing, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |