CN103310154A - Information security processing method, equipment and system - Google Patents
Information security processing method, equipment and system Download PDFInfo
- Publication number
- CN103310154A CN103310154A CN2013102189899A CN201310218989A CN103310154A CN 103310154 A CN103310154 A CN 103310154A CN 2013102189899 A CN2013102189899 A CN 2013102189899A CN 201310218989 A CN201310218989 A CN 201310218989A CN 103310154 A CN103310154 A CN 103310154A
- Authority
- CN
- China
- Prior art keywords
- file
- information
- client
- server end
- virus document
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses an information security processing method, information security processing equipment and an information security processing system, and belongs to the technical field of information security. The information security processing method comprises the following steps: when a client side executes file scanning, acquiring a list of information to be acquired, which is sent down by a server side; according to the list of information to be acquired, acquiring information of files included in corresponding local software; reporting the acquired information of the files to the server side; screening all the received information of the files reported by the client side according to a preset rule by the server side; and according to the screened data, synchronously updating background data which is used for repairing a virus file in the client side. The server side acquires the information of the files from the client side, timely updates the background data and obtains information of latest software, so that after certain software installed on the client side is destroyed, the software can be repaired timely, thus improving the repairing capability of security software.
Description
Technical field
The present invention relates to field of information security technology, particularly a kind of method, apparatus and system of information security processing.
Background technology
Along with Internet development, various application are arisen at the historic moment, and the user can download various own interested application on the internet, and it is installed in this locality.But some malicious attacker can be implanted to virus in the application on the internet, and when this of terminal downloads used, virus will intrude on the terminal along with the installation of using, and other on the terminal just used might be by virus damage, thereby can not use.So how could repair ruined application and be and need the problem that solves in the prior art.
At present a lot of fail-safe softwares provide the method for repairing of using for terminal, existing application information is collected by the operator of the Internet security software, after terminal is installed this fail-safe software, fail-safe software is monitored the application on the terminal, if finding has ruined application, then according to saved software information in advance ruined application is repaired.
In realizing process of the present invention, the inventor finds that there is following problem at least in prior art:
Application on the internet updates than very fast, collect the information of current application by fail-safe software operator, efficient is lower, current emerging application message can not upgrade in time, like this in case there is emerging application to be infracting by virus, owing to do not have the information of this application, just can not in time repair it, thereby reduce the repair ability of this fail-safe software.
Summary of the invention
For the repair ability to using of fail-safe software, the method, apparatus and system that provide a kind of information security to handle in the embodiment of the invention are provided.Described technical scheme is as follows:
On the one hand, the method that provides a kind of information security to handle, described method comprises:
When the client executing file scans, obtain the information list to be collected that server end issues;
Information according to the file that comprises in the local corresponding software of the indication collection of described information list to be collected;
The information of the described described file that collects is reported to described server end, the information of the file that described server end reports all clients that receive is screened by preset rules, and according to the described data synchronization updating back-end data that screens, described back-end data is used for the virus document of described client is repaired.
On the other hand, the method that provides a kind of information security to handle, described method comprises:
Server end issues information list to be collected to a plurality of clients in execute file scanning, makes described client gather the information of the file that comprises in the described client corresponding software according to the indication of described information list to be collected;
Receive the information of the file that described each client reports;
The information of the file that described all clients that receive are reported is screened by preset rules, and according to the described data synchronization updating back-end data that screens, described back-end data is used for the virus document of described client is repaired.
On the other hand, also provide a kind of client, described client comprises:
Acquisition module is used for obtaining the information list to be collected that server end issues when the client executing file scans;
Acquisition module is for the information of the file that comprises according to the local corresponding software of the indication collection of described information list to be collected;
Reporting module, be used for the information of the described described file that collects is reported to described server end, the information of the file that described server end reports all clients that receive is screened by preset rules, and according to the described data synchronization updating back-end data that screens, described back-end data is used for the virus document of described client is repaired.
On the other hand, also provide a kind of server end, described server end comprises:
Issue module, be used for server end and issue information list to be collected to a plurality of clients in execute file scanning, make described client gather the information of the file that comprises in the described client corresponding software according to the indication of described information list to be collected;
Receiver module be used for to receive the information of the file that described each client reports;
Synchronization module, information for the file that described all clients that receive are reported is screened by preset rules, and according to the described data synchronization updating back-end data that screens, described back-end data is used for the virus document of described client is repaired.
On the other hand, the system that also provides a kind of information security to handle, described system comprises: aforesaid client and aforesaid server end.
The beneficial effect that the technical scheme that the embodiment of the invention provides is brought is: server end is by gathering the information of file from client, back-end data upgrades in time, obtain the information of recent software, like this after this software of installing on certain client is destroyed, because server end has been stored this information of software, just can in time repair it, thereby improve the repair ability of fail-safe software.Because the data of server end collect from each client, all popular popular softwares have on the market been comprised like this, so the method repair coverage in the employing present embodiment is wider, repairing object is all abnormal documents, comprise infection type and abduction type, support all popular on the market popular softwares, can directly use after the software reparation, saved the cost of reinstalling; On the other hand, in repair process, just virus document is replaced with secure file, the software at virus document place is not reset, make and repair degree of accuracy than higher, file and source document after the reparation are in full accord, and highly versatile: do not fear any virus mutation, all support to repair as long as can identify dangerous file.
Description of drawings
In order to be illustrated more clearly in the technical scheme in the embodiment of the invention, the accompanying drawing of required use is done to introduce simply in will describing embodiment below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the method flow diagram that a kind of information security that provides in the embodiment of the invention one is handled;
Fig. 2 is the method flow diagram that a kind of information security that provides in the embodiment of the invention two is handled;
Fig. 3 is the method flow diagram that a kind of information security that provides in the embodiment of the invention three is handled;
Fig. 4 is the method flow diagram that a kind of information security that provides in the embodiment of the invention four is handled;
Fig. 5 is the synoptic diagram of a kind of client of providing in the embodiment of the invention five;
Fig. 6 is the synoptic diagram of the another kind of client that provides in the embodiment of the invention five;
Fig. 7 is the synoptic diagram of a kind of server end of providing in the embodiment of the invention six;
Fig. 8 is the synoptic diagram of the another kind of server end that provides in the embodiment of the invention six;
Fig. 9 is the application scenarios synoptic diagram that a kind of information security that provides in the embodiment of the invention six is handled;
Figure 10 is the system schematic that a kind of information security that provides in the embodiment of the invention seven is handled.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, embodiment of the present invention is described further in detail below in conjunction with accompanying drawing.
Embodiment one
Referring to Fig. 1, the method that provides a kind of information security to handle in the present embodiment comprises:
101, when the client executing file scans, obtain the information list to be collected that server end issues;
102, the information of the file that comprises in the indication collection this locality corresponding software according to described information list to be collected;
103, the information with the described described file that collects is reported to server end, the information of the file that described server end reports all clients that receive is screened by preset rules, and according to the described data synchronization updating back-end data that screens, described back-end data is used for the virus document of described client is repaired.
In another embodiment, describedly obtain the information list to be collected that server end issues, comprising:
Send the inquiry request to server end, described inquiry request is used for asking described server end for instructions and whether needs to gather current information of software;
Receive the query-response that described server end returns, described query-response comprises information list to be collected.
In another embodiment, described before server end transmission inquiry request, also comprise:
Whether the user who judges described client authorizes the information acquisition of server end, if then continue to carry out the step that sends the inquiry request to server end, otherwise stop to send the inquiry request to server end.
In another embodiment, the information of described file includes but not limited to following one or more: the version of the software at the title of the software at file place, filename, FileVersion, file size, file signature information, file place, file MD5(Message Digest Algorithm5, Message Digest Algorithm 5) and the GUID(Globally Unique Identifier of described client, Globally Unique Identifier).
In another embodiment, described method also comprises:
When in described client scan process, finding virus document, whether detect described virus document is the file of supporting reparation, if, then obtain the back-end data of the described server end of described virus document correspondence, and according to the back-end data of described server end described virus document is repaired.
In another embodiment, whether the described virus document of described detection is the file of supporting reparation, comprising:
Whether detect described virus document place catalogue is the popular software installation directory of supporting reparation, if, confirm that then described virus document is the file of supporting reparation, otherwise confirm that described virus document is not the file of support repairing, with described virus document deletion or remove infected fragment in the described virus document.
In another embodiment, the described back-end data of obtaining the described server end of described virus document correspondence, and according to the back-end data of described server end described virus document is repaired, comprising:
The information of described virus document is sent to described server end;
When receiving the described server end fileinfo that is complementary with information described virus document that return, download the secure file corresponding with described virus document according to the described fileinfo that is complementary, and replace described virus document with described secure file, the described fileinfo that is complementary comprises: the download address information of the MD5 of described secure file and described secure file.
In another embodiment, described method also comprises:
When the fileinfo that is not complementary with the information of described virus document that receives that described server end returns, with described virus document deletion or remove infected fragment in the described virus document.
The beneficial effect of present embodiment comprises: server end is by gathering the information of file from client, back-end data upgrades in time, obtain the information of recent software, like this after this software of installing on certain client is destroyed, because server end has been stored this information of software, just can in time repair it, thereby improve the repair ability of fail-safe software.
Embodiment two
Referring to Fig. 2, the method that provides a kind of information security to handle in the embodiment of the invention comprises:
201, server end issues information list to be collected to a plurality of clients in execute file scanning, makes described client gather the information of the file that comprises in the described client corresponding software according to the indication of described information list to be collected;
202, receive the information of the file that described each client reports;
203, the information of the file that described all clients that receive are reported is screened by preset rules, and according to the described data synchronization updating back-end data that screens, described back-end data is used for the virus document of described client is repaired.
In another embodiment, described server end issues information list to be collected to a plurality of clients in execute file scanning, comprising:
Server end receives the inquiry request that a plurality of clients send when execute file scans, described inquiry request is used for asking described server end for instructions and whether needs to gather current information of software;
Return query-response to described a plurality of clients, comprise information list to be collected in the described query-response.
In another embodiment, the information of described file includes but not limited to following one or more: the Globally Unique Identifier GUID of the version of the software at the title of the software at file place, filename, FileVersion, file size, file signature information, file place, file MD5 and described client.
In another embodiment, the information of the described file that described all clients that receive are reported is screened by preset rules, and according to the described data synchronization updating back-end data that screens, comprising:
The information of the file that described all clients that receive is reported every Preset Time is screened, with in the information of the file of described all client upload except the GUID of client, the accumulative total of the record of out of Memory unanimity surpasses the document screening of first preset value and comes out;
In the described file that screens, select the file of described accumulative total maximum;
When the file of described accumulative total maximum accounts for second preset value that all report ratio, and described file is when being secure file, with described file synchronization in back-end data.
In another embodiment, described with after described file synchronization is in back-end data, also comprise:
Obtain the MD5 of described file;
Obtain the secure file of described file correspondence and the described secure file of corresponding stored according to the MD5 of described file.
In another embodiment, described method also comprises:
Receive the information of the virus document that arbitrary client sends in described a plurality of client;
Information and the described back-end data of described virus document are complementary;
When in the described back-end data fileinfo that is complementary with described virus document being arranged, the described fileinfo that is complementary is sent to described arbitrary client, make described arbitrary client download the secure file corresponding with described virus document according to the described fileinfo that is complementary, and replace described virus document with described secure file, wherein, the described fileinfo that is complementary comprises: the download address information of the MD5 of described secure file and described secure file.
The beneficial effect of present embodiment comprises: server end is by gathering the information of file from client, back-end data upgrades in time, obtain the information of recent software, like this after this software of installing on certain client is destroyed, because server end has been stored this information of software, just can in time repair it, thereby improve the repair ability of fail-safe software.
Embodiment three
The method that provides a kind of information security to handle in the embodiment of the invention, server end possibility while and a plurality of client are carried out information interaction in the present embodiment, the client of mentioning in the present embodiment comprises with server end carries out any one mutual client, the execution flow process of other clients and this client is similar, to repeating no more in this present embodiment.In the present embodiment, in order to realize the reparation to client file, by gathering the information of the file on the client, set up background data base beyond the clouds, when the file in certain client was destroyed, the back-end data that just can utilize server end to safeguard was repaired corrupted file.Referring to Fig. 3, method flow comprises:
301, when the client executing file scans, judge whether the user of described client authorizes the information acquisition of server end, if then execution in step 302, otherwise stop to send the inquiry request to server end.
In this step, default fail-safe software has been installed on the client, for the right of privacy and the right to know that guarantees the user, this fail-safe software can be gathered the fileinfo on this client after authorized.Concrete, when triggering client, the user carries out file when scanning, whether the user who checks this client has earlier added the appointment plan, if, confirm that then this client user authorizes the information acquisition of server end, client can continue to carry out collecting flowchart, if the user of this client does not add executive plan, confirm that then this client user does not authorize the information acquisition of server end, server end cannot obtain the fileinfo on this client.Wherein, the appointment plan includes but not limited to the cloud killing plan that operator initiates.
What deserves to be explained is, in order to improve the user to the experience sense of default fail-safe software, in the present embodiment preferably, when gathering the information of client, confirm earlier whether the user authorizes server end, certainly, in order to guarantee the security of client-side information, also can gather the information of client by the default setting server end, and not need client user's mandate, to not doing concrete restriction in this present embodiment.
Certainly, preferably when scanning, the client executing file carries out information acquisition in the present embodiment, trigger message collection by other means, for example, server end and client are carried out information acquisition by the designated time, to not doing concrete restriction in this present embodiment.
302, the user end to server end sends the inquiry request, and described inquiry request is used for asking described server end for instructions and whether needs to gather current information of software.
In this step, in order to save the electric weight of client, do not take to gather in real time the method for client-side information, but after the mandate that obtains the client user, inquire about earlier whether server end needs to gather current information of software, if server end needs Information Monitoring, then carry out collecting flowchart again, otherwise do not gather, thereby saved the power consumption of client.
303, server end receives the inquiry request that client sends, and returns query-response to client.
In this step, when server end receives the inquiry request of client, Information Monitoring if desired, then carry information list to be collected in query-response, if do not need Information Monitoring, then returning in query-response does not need the indication of gathering, as return sky, then expression does not need Information Monitoring.Wherein, specifically indicate client not need not do in the Information Monitoring present embodiment concrete restriction in which way.
In this step, information list to be collected is used for determining which the correct file of certain filename correspondence under certain software version is, it includes but not limited to one or more information: the Globally Unique Identifier GUID of the version of the title of software to be collected, filename, FileVersion, file size, file signature information, software, file MD5 and described client etc.Wherein, client is carried out information acquisition according to the indication of information list to be collected to the corresponding software in the client.
In this step, server end may simultaneously and carry out mutual between a plurality of client, will return query-response information to each client that sends inquiry message, but the content of its query-response information can be different, to not doing concrete restriction in this present embodiment.
304, client receives the query-response that described server end returns, and described query-response comprises information list to be collected.
Wherein, step 302-304 specifically carries out the flow process that client is obtained the information list to be collected that server end issues, this flow process is initiated by client, certainly the client method of obtaining the information list to be collected that server end issues also is not limited thereto, as client and server end real-time Communication for Power, when server end finds that client when carrying out file scanning, then directly issues information list to be collected to client, to not doing concrete restriction in this present embodiment.
305, client is according to the information of the file that comprises in the local corresponding software of described information list collection to be collected, and the information of the described file that collects is reported to server end.
In this step, client is gathered the information of the file that comprises in the corresponding software in the client according to the indication of this tabulation after getting access to information list to be collected, and wherein, corresponding software need to refer to the software of Information Monitoring in the client.Concrete, when client scans at execute file, judge the current software that scans whether in information list to be collected, if, then this software is carried out information acquisition, if not, then do not need this software is gathered.Wherein, the information of file includes but not limited to following one or more: the Globally Unique Identifier GUID of the version of the software at the title of the software at file place, filename, FileVersion, file size, file signature information, file place, file MD5 and described client etc.Wherein, concrete method and prior art of gathering is similar, to repeating no more in this present embodiment.
306, the information of server end file that all clients that receive are reported is screened by preset rules, and according to the data synchronization updating back-end data that screens, described back-end data is used for the virus document of described client is repaired.
In this step, server end carries out pre-service to the information of the file that all clients that receive report, to upgrade back-end data.Preferably, the information of the file that described all clients that receive are reported is screened by preset rules, and according to the described data synchronization updating back-end data that screens, comprising:
The information of the file that described all clients that receive is reported every Preset Time is screened, with in the information of the file of described all client upload except the GUID of client, the accumulative total of the record of out of Memory unanimity surpasses the document screening of first preset value and comes out;
In the described file that screens, select the file of described accumulative total maximum;
When the file of described accumulative total maximum accounts for second preset value that all report ratio, and described file is when being secure file, with described file synchronization in back-end data.
For example, every 6 hours the information of collecting is carried out synchronously, wherein synchronous information satisfies: a. is except user GUID, and the record accumulative total of all the other full detail unanimities must be greater than 1000, and select the file of cumulative amount maximum to carry out synchronously; B. the file of cumulative amount maximum accounts for and reports the record ratio to surpass 50%, enters software information inquiry storehouse to prevent junk data; C. the safe class of the file of cumulative amount maximum is necessary for whitely, is safe to guarantee synchronous fileinfo.Default fail-safe software in the present embodiment, preserve the library that data volume is huge at server end, the file that has comprised user's overwhelming majority in this document storehouse, each file has a security level attributes, grade generally can be divided into from low to high: black, unknown and white, and can be to the safe class of each file of this document library inquiry.
In the present embodiment, the dynamic information of collecting the file on a plurality of clients of server end, to upgrade the back-end data of high in the clouds storage, when having new software to occur like this, server end can get access to new information of software timely, if this software goes wrong when follow-up operation, utilize back-end data just can in time repair it, thereby improved the repair ability of fail-safe software.
307, obtain the MD5 of described file, obtain the secure file of described file correspondence and the described secure file of corresponding stored according to the MD5 of described file.
In this step, after filtering out the synchronous file of needs, obtain the MD5 of this document, and mating in white library according to the MD5 of this document, corresponding file is synchronized to file downloads in the storehouse.Wherein, white library and file download storehouse all are the parts of server end.When file that needs are repaired, download the storehouse from file according to the MD5 of file and to obtain its corresponding secure file, download this document and also repair.
The beneficial effect of present embodiment comprises: server end is by gathering the information of file from client, back-end data upgrades in time, obtain the information of recent software, like this after this software of installing on certain client is destroyed, because server end has been stored this information of software, just can in time repair it, thereby improve the repair ability of fail-safe software.Because the data of server end collect from each client, all popular popular softwares have on the market been comprised like this, so the method repair coverage in the employing present embodiment is wider, repairing object is all abnormal documents, comprise infection type and abduction type, support all popular on the market popular softwares, can directly use after the software reparation, saved the cost of reinstalling; On the other hand, in repair process, just virus document is replaced with secure file, the software at virus document place is not reset, make and repair degree of accuracy than higher, file and source document after the reparation are in full accord, and highly versatile: do not fear any virus mutation, all support to repair as long as can identify dangerous file.
Embodiment four
The method that provides a kind of information security to handle in the embodiment of the invention, the back-end data that server end is set up in the Application Example three in the present embodiment is repaired the ruined file of client, and referring to Fig. 4, method flow comprises:
401, when finding virus document in described client scan process, whether be the file of supporting reparation, if then execution in step 402, otherwise infected fragment in the virus document is directly deleted or removed to this virus document if detecting described virus document.
In this step, virus document can be found in scanning, also can find in file is monitored, to not doing concrete restriction in this present embodiment.Preferably, whether detect described virus document is the file of supporting reparation, whether comprise: detecting described virus document place catalogue is the popular software installation directory of supporting reparation, if, confirm that then described virus document is the file of supporting reparation, otherwise confirm that described virus document is not the file of supporting reparation, with infected fragment in described virus document deletion or the removing virus document.Whether be the method for supporting the file of reparation, to not doing concrete restriction in this present embodiment if can also have other to detect virus document certainly in the present embodiment.
In the present embodiment, if the not section's of the support reparation of detected virus document, then directly with infected fragment in this document deletion or the removing virus document, in order to avoid this virus document can continue to infect to other file.
402, the information with described virus document sends to described server end.
In this step, the file of virus document for supporting to repair, then the information with this virus document sends to server end, so that it is repaired.Wherein, the information of virus document includes but not limited to: the version of the title of virus document place software, virus file names, virus document version, virus document size, virus document signing messages, virus document place software, virus document MD5 etc.
403, server end is complementary information and the described back-end data of described virus document, and the information that coupling obtains is returned to client.
In this step, after server end is received the information of the virus document that client sends, the information of virus document and the information in the software information inquiry storehouse are mated, if the information that is complementary is arranged, then the fileinfo that will be complementary returns to client, wherein, the fileinfo that is complementary includes but not limited to: the download address information of the MD5 of described secure file and described secure file etc.Software information inquiry storehouse is the part of server end.
404, client receives the described server end fileinfo that is complementary with information described virus document that return, download the secure file corresponding with described virus document according to the described fileinfo that is complementary, and replace described virus document with described secure file.
In this step, when client receives the server end fileinfo that is complementary with information virus document that return, download this secure file according to the download address of secure file, and the MD5 value of verification this document, after verification succeeds, replace current virus document with secure file, thereby finish the reparation to virus document.Wherein do not need to reinstall the software at this document place, only need replace wherein virus document with secure file, the software at this virus document place is normally moved, improved remediation efficiency.
What deserves to be explained is, when the fileinfo that is not complementary with the information of described virus document that client receives that described server end returns, with described virus document deletion or remove infected fragment in the virus document.
Wherein, step 402-404 is the concrete back-end data of carrying out the described server end that obtains described virus document correspondence, and the step of described virus document being repaired according to the back-end data of described server end.
The beneficial effect of present embodiment comprises: server end is by gathering the information of file from client, back-end data upgrades in time, obtain the information of recent software, like this after this software of installing on certain client is destroyed, because server end has been stored this information of software, just can in time repair it, thereby improve the repair ability of fail-safe software.Because the data of server end collect from each client, all popular popular softwares have on the market been comprised like this, so the method repair coverage in the employing present embodiment is wider, repairing object is all abnormal documents, comprise infection type and abduction type, support all popular on the market popular softwares, can directly use after the software reparation, saved the cost of reinstalling; On the other hand, in repair process, just virus document is replaced with secure file, the software at virus document place is not reset, make and repair degree of accuracy than higher, file and source document after the reparation are in full accord, and highly versatile: do not fear any virus mutation, all support to repair as long as can identify dangerous file.
Embodiment five
Referring to Fig. 5, a kind of client is provided in the embodiment of the invention, comprising: acquisition module 501, acquisition module 502 and reporting module 503.
Acquisition module 501 is used for obtaining the information list to be collected that server end issues when the client executing file scans;
Acquisition module 502 is for the information of the file that comprises according to the local corresponding software of the indication collection of described information list to be collected;
Reporting module 503, be used for the information of the described described file that collects is reported to server end, the information of the file that described server end reports all clients that receive is screened by preset rules, and according to the described data synchronization updating back-end data that screens, described back-end data is used for the virus document of described client is repaired.
In another embodiment, referring to Fig. 6, described acquisition module 501 comprises:
The first transmitting element 501a is used for sending the inquiry request to server end, and described inquiry request is used for asking described server end for instructions and whether needs to gather current information of software;
Receiving element 501b is used for receiving the query-response that described server end returns, and described query-response comprises information list to be collected.
In another embodiment, referring to Fig. 6, described acquisition module also comprises:
Judging unit 501c, be used for before the described first transmitting element 501a sends the inquiry request to server end, whether the user who judges described client authorizes the information acquisition of server end, if, then continue to carry out the step that sends the inquiry request to server end, otherwise stop to send the inquiry request to server end.
In another embodiment, the information of described file includes but not limited to following one or more: the Globally Unique Identifier GUID of the version of the software at the title of the software at file place, filename, FileVersion, file size, file signature information, file place, file MD5 and described client.
In another embodiment, referring to Fig. 6, described client also comprises:
Repair module 504, be used for when when described client scan process is found virus document, whether detect described virus document is the file of supporting reparation, if, then obtain the back-end data of the described server end of described virus document correspondence, and according to the back-end data of described server end described virus document is repaired.
In another embodiment, referring to Fig. 6, described reparation module 504 comprises:
Detecting unit 504a, whether be to support the popular software installation directory repaired for detection of described virus document place catalogue, if, confirm that then described virus document is the file of supporting reparation, otherwise confirm that described virus document is not the file of support repairing, with described virus document deletion or remove infected fragment in the described virus document.
In another embodiment, described reparation module 504 comprises:
The second transmitting element 504b is used for the information of described virus document is sent to described server end;
Repair unit 504c, be used for when the described server end of the reception fileinfo that is complementary with information described virus document that return, download the secure file corresponding with described virus document according to the described fileinfo that is complementary, and replace described virus document with described secure file, the described fileinfo that is complementary comprises: the download address information of the MD5 of described secure file and described secure file.
In another embodiment, described reparation module 504 also comprises:
Delete cells 504d is used for when the fileinfo that is not complementary with the information of described virus document that receives that described server end returns, described virus document is deleted or is removed infected fragment in the described virus document.
The beneficial effect of present embodiment comprises: server end is by gathering the information of file from client, back-end data upgrades in time, obtain the information of recent software, like this after this software of installing on certain client is destroyed, because server end has been stored this information of software, just can in time repair it, thereby improve the repair ability of fail-safe software.
Embodiment six
Referring to Fig. 7, a kind of server end is provided in the embodiment of the invention, comprising: issue module 601, receiver module 602 and synchronization module 603.
Issue module 601, be used for server end and issue information list to be collected to a plurality of clients in execute file scanning, make described client gather the information of the file that comprises in the described client corresponding software according to the indication of described information list to be collected;
Receiver module 602 be used for to receive the information of the file that described each client reports;
Synchronization module 603, information for the file that described all clients that receive are reported is screened by preset rules, and according to the described data synchronization updating back-end data that screens, described back-end data is used for the virus document of described client is repaired.
In another embodiment, referring to Fig. 8, the described module 601 that issues comprises:
Receiving element 601a is used for receiving the inquiry request that a plurality of clients send when execute file scans, described inquiry request is used for asking described server end for instructions and whether needs to gather current information of software;
Return unit 601b, be used for returning query-response to described a plurality of clients, comprise information list to be collected in the described query-response.
In another embodiment, the information of described file includes but not limited to following one or more: the Globally Unique Identifier GUID of the version of the software at the title of the software at file place, filename, FileVersion, file size, file signature information, file place, file MD5 and described client.
In another embodiment, referring to Fig. 8, described synchronization module 603 comprises:
Screening unit 603a, the information that is used for the file that described all clients that receive reported every Preset Time is screened, with in the information of the file of described all client upload except the GUID of client, the accumulative total of the record of out of Memory unanimity surpasses the document screening of first preset value and comes out;
Acquiring unit 603b is for the file of selecting described accumulative total maximum at the described file that screens;
Lock unit 603c is used for accounting for second preset value that all report ratio when the file of described accumulative total maximum, and described file is when being secure file, with described file synchronization in back-end data.
In another embodiment, referring to Fig. 8, described synchronization module 603 also comprises:
Storage unit 603d, be used for described lock unit with described file synchronization after back-end data, obtain the MD5 of described file, obtain the secure file of described file correspondence and the described secure file of corresponding stored according to the MD5 of described file.
In another embodiment, described receiver module also is used for the information of the virus document of the arbitrary client transmission of the described a plurality of clients of reception;
Referring to Fig. 8, described server end also comprises: matching module 604 is used for information and the described back-end data of described virus document are complementary;
The described module that issues also is used for when described back-end data has the fileinfo that is complementary with described virus document, the described fileinfo that is complementary is sent to described arbitrary client, make described arbitrary client download the secure file corresponding with described virus document according to the described fileinfo that is complementary, and replace described virus document with described secure file, wherein, the described fileinfo that is complementary comprises: the download address information of the MD5 of described secure file and described secure file.
Need to prove: the server end that above-described embodiment provides only is illustrated with the division of above-mentioned each functional module, in the practical application, can as required the above-mentioned functions distribution be finished by different functional modules, the inner structure of the equipment of being about to is divided into different functional modules, to finish all or part of function described above.For example, application scenarios synoptic diagram as shown in Figure 9, a plurality of clients and server end carry out alternately, and server end comprises that software information collects storehouse, software information inquiry storehouse, file/software information Cache(cache memory), white library and file download the storehouse.Software information is collected the storehouse for the fileinfo of collecting on the client, then information synchronization is inquired about in the storehouse to software information, after finishing synchronously, take out the file MD5 that newly is synchronized in the software information inquiry storehouse, in white library, mate, corresponding file is synchronized to file downloads the storehouse.After client detects virus document, by the information of file/software information Cache to this virus document of software information inquiry library inquiry, and secure file is downloaded in the address from coupling after obtaining match information, and carry out verification by the secure file of MD5, replace virus document by the back with secure file in verification, finish the reparation to virus document.File is downloaded storehouse, software information inquiry storehouse and file/software information Cache and is associated together by MD5, and wherein concrete reciprocal process does not repeat them here.
The beneficial effect of present embodiment comprises: server end is by gathering the information of file from client, back-end data upgrades in time, obtain the information of recent software, like this after this software of installing on certain client is destroyed, because server end has been stored this information of software, just can in time repair it, thereby improve the repair ability of fail-safe software.
Embodiment 7
Referring to Figure 10, the system that provides a kind of information security to handle in the embodiment of the invention comprises: the server end 600 described in the client 500 described in the embodiment five and the embodiment six.
The beneficial effect of present embodiment comprises: server end is by gathering the information of file from client, back-end data upgrades in time, obtain the information of recent software, like this after this software of installing on certain client is destroyed, because server end has been stored this information of software, just can in time repair it, thereby improve the repair ability of fail-safe software.
Need to prove: the system that the server end that above-described embodiment provides, client and information security are handled, only the division with above-mentioned each functional module is illustrated, in the practical application, can as required the above-mentioned functions distribution be finished by different functional modules, the inner structure of the equipment of being about to is divided into different functional modules, to finish all or part of function described above.
In addition, the method embodiment that the system that the server end that above-described embodiment provides, client and information security are handled and information security are handled belongs to same design, and its specific implementation process sees method embodiment for details, repeats no more here.
The invention described above embodiment sequence number does not represent the quality of embodiment just to description.
The all or part of step that one of ordinary skill in the art will appreciate that realization above-described embodiment can be finished by hardware, also can instruct relevant hardware to finish by program, described program can be stored in a kind of computer-readable recording medium, the above-mentioned storage medium of mentioning can be ROM (read-only memory), disk or CD etc.
The above only is preferred embodiment of the present invention, and is in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of doing, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (29)
1. the method handled of an information security is characterized in that described method comprises:
When the client executing file scans, obtain the information list to be collected that server end issues;
Information according to the file that comprises in the local corresponding software of the indication collection of described information list to be collected;
The information of the described described file that collects is reported to described server end, the information of the file that described server end reports all clients that receive is screened by preset rules, and according to the described data synchronization updating back-end data that screens, described back-end data is used for the virus document of described client is repaired.
2. method according to claim 1 is characterized in that, describedly obtains the information list to be collected that server end issues, and comprising:
Send the inquiry request to server end, described inquiry request is used for asking described server end for instructions and whether needs to gather current information of software;
Receive the query-response that described server end returns, described query-response comprises information list to be collected.
3. method according to claim 2 is characterized in that, and is described before server end transmission inquiry request, also comprises:
Whether the user who judges described client authorizes the information acquisition of server end, if then continue to carry out the step that sends the inquiry request to server end, otherwise stop to send the inquiry request to server end.
4. method according to claim 1, it is characterized in that the information of described file comprises following one or more: the Globally Unique Identifier GUID of the version of the software at the title of the software at file place, filename, FileVersion, file size, file signature information, file place, file MD5 and described client.
5. method according to claim 1 is characterized in that, described method also comprises:
When in described client scan process, finding virus document, whether detect described virus document is the file of supporting reparation, if, then obtain the back-end data of the described server end of described virus document correspondence, and according to the back-end data of described server end described virus document is repaired.
6. method according to claim 5 is characterized in that, whether the described virus document of described detection is the file of supporting reparation, comprising:
Whether detect described virus document place catalogue is the popular software installation directory of supporting reparation, if, confirm that then described virus document is the file of supporting reparation, otherwise confirm that described virus document is not the file of support repairing, with described virus document deletion or remove infected fragment in the described virus document.
7. method according to claim 5 is characterized in that, the described back-end data of obtaining the described server end of described virus document correspondence, and according to the back-end data of described server end described virus document is repaired, comprising:
The information of described virus document is sent to described server end;
When receiving the described server end fileinfo that is complementary with information described virus document that return, download the secure file corresponding with described virus document according to the described fileinfo that is complementary, and replace described virus document with described secure file, the described fileinfo that is complementary comprises: the download address information of the MD5 of described secure file and described secure file.
8. method according to claim 7 is characterized in that, described method also comprises:
When the fileinfo that is not complementary with the information of described virus document that receives that described server end returns, with described virus document deletion or remove infected fragment in the file.
9. the method handled of an information security is characterized in that described method comprises:
Server end issues information list to be collected to a plurality of clients in execute file scanning, makes described client gather the information of the file that comprises in the described client corresponding software according to the indication of described information list to be collected;
Receive the information of the file that described each client reports;
The information of the file that described all clients that receive are reported is screened by preset rules, and according to the described data synchronization updating back-end data that screens, described back-end data is used for the virus document of described client is repaired.
10. method according to claim 9 is characterized in that, described server end issues information list to be collected to a plurality of clients in execute file scanning, comprising:
Server end receives the inquiry request that a plurality of clients send when execute file scans, described inquiry request is used for asking described server end for instructions and whether needs to gather current information of software;
Return query-response to described a plurality of clients, comprise information list to be collected in the described query-response.
11. method according to claim 9, it is characterized in that the information of described file comprises following one or more: the Globally Unique Identifier GUID of the version of the software at the title of the software at file place, filename, FileVersion, file size, file signature information, file place, file MD5 and described client.
12. method according to claim 9 is characterized in that, the information of the described file that described all clients that receive are reported is screened by preset rules, and according to the described data synchronization updating back-end data that screens, comprising:
The information of the file that described all clients that receive is reported every Preset Time is screened, with in the information of the file of described all client upload except the GUID of client, the accumulative total of the record of out of Memory unanimity surpasses the document screening of first preset value and comes out;
In the described file that screens, select the file of described accumulative total maximum;
When the file of described accumulative total maximum accounts for second preset value that all report ratio, and described file is when being secure file, with described file synchronization in back-end data.
13. method according to claim 12 is characterized in that, and is described with after described file synchronization is in back-end data, also comprises:
Obtain the MD5 of described file;
Obtain the secure file of described file correspondence and the described secure file of corresponding stored according to the MD5 of described file.
14. method according to claim 9 is characterized in that, described method also comprises:
Receive the information of the virus document that arbitrary client sends in described a plurality of client;
Information and the described back-end data of described virus document are complementary;
When in the described back-end data fileinfo that is complementary with described virus document being arranged, the described fileinfo that is complementary is sent to described arbitrary client, make described arbitrary client download the secure file corresponding with described virus document according to the described fileinfo that is complementary, and replace described virus document with described secure file, wherein, the described fileinfo that is complementary comprises: the download address information of the MD5 of described secure file and described secure file.
15. a client is characterized in that, described client comprises:
Acquisition module is used for obtaining the information list to be collected that server end issues when the client executing file scans;
Acquisition module is for the information of the file that comprises according to the local corresponding software of the indication collection of described information list to be collected;
Reporting module, be used for the information of the described described file that collects is reported to described server end, the information of the file that described server end reports all clients that receive is screened by preset rules, and according to the described data synchronization updating back-end data that screens, described back-end data is used for the virus document of described client is repaired.
16. client according to claim 15 is characterized in that, described acquisition module comprises:
First transmitting element is used for sending the inquiry request to server end, and described inquiry request is used for asking described server end for instructions and whether needs to gather current information of software;
Receiving element is used for receiving the query-response that described server end returns, and described query-response comprises information list to be collected.
17. client according to claim 16 is characterized in that, described acquisition module also comprises:
Judging unit, be used for before described first transmitting element sends the inquiry request to server end, whether the user who judges described client authorizes the information acquisition of server end, if, then continue to carry out the step that sends the inquiry request to server end, otherwise stop to send the inquiry request to server end.
18. client according to claim 15, it is characterized in that the information of described file comprises following one or more: the Globally Unique Identifier GUID of the version of the software at the title of the software at file place, filename, FileVersion, file size, file signature information, file place, file MD5 and described client.
19. client according to claim 15 is characterized in that, described client also comprises:
Repair module, be used for when when described client scan process is found virus document, whether detect described virus document is the file of supporting reparation, if, then obtain the back-end data of the described server end of described virus document correspondence, and according to the back-end data of described server end described virus document is repaired.
20. client according to claim 19 is characterized in that, described reparation module comprises:
Detecting unit, whether be to support the popular software installation directory repaired for detection of described virus document place catalogue, if, confirm that then described virus document is the file of supporting reparation, otherwise confirm that described virus document is not the file of support repairing, with described virus document deletion or remove infected fragment in the described virus document.
21. client according to claim 19 is characterized in that, described reparation module comprises:
Second transmitting element is used for the information of described virus document is sent to described server end;
Repair the unit, be used for when the described server end of the reception fileinfo that is complementary with information described virus document that return, download the secure file corresponding with described virus document according to the described fileinfo that is complementary, and replace described virus document with described secure file, the described fileinfo that is complementary comprises: the download address information of the MD5 of described secure file and described secure file.
22. client according to claim 21 is characterized in that, described reparation module also comprises:
Delete cells is used for when the fileinfo that is not complementary with the information of described virus document that receives that described server end returns, described virus document is deleted or is removed infected fragment in the described virus document.
23. a server end is characterized in that, described server end comprises:
Issue module, be used for server end and issue information list to be collected to a plurality of clients in execute file scanning, make described client gather the information of the file that comprises in the described client corresponding software according to the indication of described information list to be collected;
Receiver module be used for to receive the information of the file that described each client reports;
Synchronization module, information for the file that described all clients that receive are reported is screened by preset rules, and according to the described data synchronization updating back-end data that screens, described back-end data is used for the virus document of described client is repaired.
24. server end according to claim 23 is characterized in that, the described module that issues comprises:
Receiving element is used for receiving the inquiry request that a plurality of clients send when execute file scans, described inquiry request is used for asking described server end for instructions and whether needs to gather current information of software;
Return the unit, be used for returning query-response to described a plurality of clients, comprise information list to be collected in the described query-response.
25. server end according to claim 23, it is characterized in that the information of described file comprises following one or more: the Globally Unique Identifier GUID of the version of the software at the title of the software at file place, filename, FileVersion, file size, file signature information, file place, file MD5 and described client.
26. server end according to claim 23 is characterized in that, described synchronization module comprises:
The screening unit, the information that is used for the file that described all clients that receive reported every Preset Time is screened, with in the information of the file of described all client upload except the GUID of client, the accumulative total of the record of out of Memory unanimity surpasses the document screening of first preset value and comes out;
Acquiring unit is for the file of selecting described accumulative total maximum at the described file that screens;
Lock unit is used for accounting for second preset value that all report ratio when the file of described accumulative total maximum, and described file is when being secure file, with described file synchronization in back-end data.
27. server end according to claim 26 is characterized in that, described synchronization module also comprises:
Storage unit, be used for described lock unit with described file synchronization after back-end data, obtain the MD5 of described file, obtain the secure file of described file correspondence and the described secure file of corresponding stored according to the MD5 of described file.
28. server end according to claim 23 is characterized in that, described server end also comprises:
Described receiver module also is used for the information of the virus document of the arbitrary client transmission of the described a plurality of clients of reception;
Matching module is used for information and the described back-end data of described virus document are complementary;
The described module that issues also is used for when described back-end data has the fileinfo that is complementary with described virus document, the described fileinfo that is complementary is sent to described arbitrary client, make described arbitrary client download the secure file corresponding with described virus document according to the described fileinfo that is complementary, and replace described virus document with described secure file, wherein, the described fileinfo that is complementary comprises: the download address information of the MD5 of described secure file and described secure file.
29. the system that information security is handled is characterized in that described system comprises: as each described client of claim 15-22 with as each described server end of claim 13-28.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310218989.9A CN103310154B (en) | 2013-06-04 | 2013-06-04 | The method, apparatus and system that information security processes |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310218989.9A CN103310154B (en) | 2013-06-04 | 2013-06-04 | The method, apparatus and system that information security processes |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103310154A true CN103310154A (en) | 2013-09-18 |
CN103310154B CN103310154B (en) | 2016-12-28 |
Family
ID=49135359
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310218989.9A Active CN103310154B (en) | 2013-06-04 | 2013-06-04 | The method, apparatus and system that information security processes |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103310154B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103593613A (en) * | 2013-11-26 | 2014-02-19 | 北京网秦天下科技有限公司 | Method, terminal, server and system for computer virus detection |
CN104317672A (en) * | 2014-10-24 | 2015-01-28 | 北京奇虎科技有限公司 | System file repairing method, device and system |
CN106709344A (en) * | 2016-08-09 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Notification method for virus checking and killing and server |
CN106934276A (en) * | 2015-12-30 | 2017-07-07 | 北京金山安全软件有限公司 | Method and device for detecting security of mobile terminal system and mobile terminal |
CN109587095A (en) * | 2017-09-28 | 2019-04-05 | 中国电信股份有限公司 | Information security control method, device and system |
CN112580037A (en) * | 2019-09-30 | 2021-03-30 | 奇安信安全技术(珠海)有限公司 | Method, device and equipment for repairing virus file data |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102592103A (en) * | 2011-01-17 | 2012-07-18 | 中国电信股份有限公司 | Secure file processing method, equipment and system |
CN102799500A (en) * | 2012-06-25 | 2012-11-28 | 腾讯科技(深圳)有限公司 | System repair method, device and storage medium |
CN102843400A (en) * | 2011-06-23 | 2012-12-26 | 珠海市君天电子科技有限公司 | method and system for downloading file |
CN102902604A (en) * | 2012-09-28 | 2013-01-30 | 北京奇虎科技有限公司 | Method and device for repairing files |
CN102902922A (en) * | 2012-09-29 | 2013-01-30 | 北京奇虎科技有限公司 | File repair method and system |
CN103023988A (en) * | 2012-11-27 | 2013-04-03 | 北京金山云科技有限公司 | File synchronization method, file synchronization server, file synchronization client side and terminal device |
CN103078864A (en) * | 2010-08-18 | 2013-05-01 | 北京奇虎科技有限公司 | Active defense file repairing method based on cloud security |
-
2013
- 2013-06-04 CN CN201310218989.9A patent/CN103310154B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103078864A (en) * | 2010-08-18 | 2013-05-01 | 北京奇虎科技有限公司 | Active defense file repairing method based on cloud security |
CN102592103A (en) * | 2011-01-17 | 2012-07-18 | 中国电信股份有限公司 | Secure file processing method, equipment and system |
CN102843400A (en) * | 2011-06-23 | 2012-12-26 | 珠海市君天电子科技有限公司 | method and system for downloading file |
CN102799500A (en) * | 2012-06-25 | 2012-11-28 | 腾讯科技(深圳)有限公司 | System repair method, device and storage medium |
CN102902604A (en) * | 2012-09-28 | 2013-01-30 | 北京奇虎科技有限公司 | Method and device for repairing files |
CN102902922A (en) * | 2012-09-29 | 2013-01-30 | 北京奇虎科技有限公司 | File repair method and system |
CN103023988A (en) * | 2012-11-27 | 2013-04-03 | 北京金山云科技有限公司 | File synchronization method, file synchronization server, file synchronization client side and terminal device |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103593613A (en) * | 2013-11-26 | 2014-02-19 | 北京网秦天下科技有限公司 | Method, terminal, server and system for computer virus detection |
CN104317672A (en) * | 2014-10-24 | 2015-01-28 | 北京奇虎科技有限公司 | System file repairing method, device and system |
CN106934276A (en) * | 2015-12-30 | 2017-07-07 | 北京金山安全软件有限公司 | Method and device for detecting security of mobile terminal system and mobile terminal |
CN106934276B (en) * | 2015-12-30 | 2020-02-28 | 北京金山安全软件有限公司 | Method and device for detecting security of mobile terminal system and mobile terminal |
CN106709344A (en) * | 2016-08-09 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Notification method for virus checking and killing and server |
CN106709344B (en) * | 2016-08-09 | 2019-12-13 | 腾讯科技(深圳)有限公司 | Virus checking and killing notification method and server |
CN109587095A (en) * | 2017-09-28 | 2019-04-05 | 中国电信股份有限公司 | Information security control method, device and system |
CN112580037A (en) * | 2019-09-30 | 2021-03-30 | 奇安信安全技术(珠海)有限公司 | Method, device and equipment for repairing virus file data |
CN112580037B (en) * | 2019-09-30 | 2023-12-12 | 奇安信安全技术(珠海)有限公司 | Method, device and equipment for repairing virus file data |
Also Published As
Publication number | Publication date |
---|---|
CN103310154B (en) | 2016-12-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103310154A (en) | Information security processing method, equipment and system | |
CN103685150B (en) | The method and apparatus of upload file | |
CN102819713B (en) | A kind of method and system detecting bullet window safe | |
US8087084B1 (en) | Security for scanning objects | |
CN102369713B (en) | Automatic removing method and device of system configuration items | |
TWI490702B (en) | Method for recovering system file in computer and apparatus thereof | |
CN107294924B (en) | Vulnerability detection method, device and system | |
US8443445B1 (en) | Risk-aware scanning of objects | |
CN101478446B (en) | Network appliance version loading method, apparatus and system | |
CN105653329A (en) | Application management method, apparatus and system | |
CN109684155B (en) | Monitoring configuration method, device, equipment and readable storage medium | |
CN102932391A (en) | Method and device for processing data in peer to server/peer (P2SP) system, and P2SP system | |
CN102469146A (en) | Cloud security downloading method | |
CN101594248A (en) | The remote assistance method of information security and system maintenance, system and server | |
CN101789980A (en) | Batch upgrading method based on cluster network | |
CN111010405B (en) | SaaS-based website security monitoring system | |
CN103366117A (en) | Repairing method and system for files infected by infectious viruses | |
CN104750811A (en) | Multithreading real-time acquisition method for mobile communication data file | |
CN109614131A (en) | A kind of broadcasting equipment upgrading control system | |
CN116095065A (en) | Intranet office software version downloading method based on server side dynamic allocation | |
CN113407636B (en) | Offline data synchronization method and device for digital factory and server | |
CN113407555B (en) | Operation data updating method and system of equipment handheld terminal | |
CN109240726A (en) | A kind of Oftware updating method and system | |
CN117492772A (en) | Method and device for generating patch installation strategy in intranet environment and electronic equipment | |
CN102799812B (en) | Method and device for processing application program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20190730 Address after: Shenzhen Futian District City, Guangdong province 518044 Zhenxing Road, SEG Science Park 2 East Room 403 Co-patentee after: Tencent cloud computing (Beijing) limited liability company Patentee after: Tencent Technology (Shenzhen) Co., Ltd. Address before: 518000 Guangdong city of Shenzhen province Futian District SEG Science Park 2 East Room 403 Patentee before: Tencent Technology (Shenzhen) Co., Ltd. |