CN104200175A - Information protection method and device - Google Patents
Information protection method and device Download PDFInfo
- Publication number
- CN104200175A CN104200175A CN201410427510.7A CN201410427510A CN104200175A CN 104200175 A CN104200175 A CN 104200175A CN 201410427510 A CN201410427510 A CN 201410427510A CN 104200175 A CN104200175 A CN 104200175A
- Authority
- CN
- China
- Prior art keywords
- identifier
- sensitive
- identification
- pseudo
- operation object
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 230000009466 transformation Effects 0.000 claims description 15
- 230000001131 transforming effect Effects 0.000 claims description 8
- 230000006870 function Effects 0.000 abstract description 18
- 230000035945 sensitivity Effects 0.000 abstract 3
- 238000004891 communication Methods 0.000 description 15
- 238000010586 diagram Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Medical Informatics (AREA)
- Information Transfer Between Computers (AREA)
- User Interface Of Digital Computer (AREA)
Abstract
The embodiment of the invention provides an information protection method and device and relates to the technical field of information security. The information protection method and device can guarantee the security of user personal information stored in a terminal without influencing the service functions of an APP. The method comprises the steps that a service instruction sent by the APP is obtained, wherein the service instruction comprises pseudo identifiers of operation objects, and the pseudo identifiers are in one-to-one correspondence with sensitivity identifiers of the operation objects; the sensitivity identifiers of the operation objects are obtained according to the pseudo identifiers, and service operation indicated by the service instruction is executed on the operation objects according to the sensitivity identifiers. The method is used for protecting the personal information stored in the terminal.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a method and an apparatus for information protection.
Background
Currently, with the popularity of terminals, Applications (APPs) applied to the terminals have been greatly developed. In order to provide better service for users, most APPs need to collect personal information stored in a terminal by a user, for example, when a map APP is navigating, location information of the user needs to be read, and a communication APP needs to read a mobile phone number of a user contact so that the user can set timing automatic dialing, or read a mail address of the user contact so that the user can select a target address for sending a mail.
Therefore, if the APP developer reveals the collected personal information of the user to an advertising platform for commercial promotion or reveals the personal information of the user to a lawbreaker for fraud, the user is puzzled or lost, and therefore, the safety of the APP collected information is guaranteed to be very important for the terminal capable of storing a large amount of personal information of the user.
In the prior art, generally, the safety of the personal information of the user is protected through an authority management technology, that is, a certain authority of an APP installed on a terminal is revoked, and the user personal information corresponding to the authority is prohibited from being read, for example, authority management software revokes the authority of the APP for reading an address book, so that the APP loses the ability of reading the contact information stored in the address book, and the safety of the contact information of the user is ensured.
Disclosure of Invention
The invention provides an information protection method and equipment, which can ensure the safety of user personal information stored in a terminal while not influencing the APP service function.
In order to achieve the above purpose, the embodiment of the invention adopts the following technical scheme:
in a first aspect, a method for information protection is provided, including:
acquiring a service instruction sent by an application program APP, wherein the service instruction comprises a pseudo identifier of an operation object, and the pseudo identifier and a sensitive identifier of the operation object have a one-to-one correspondence relationship;
acquiring a sensitive identifier of the operation object according to the pseudo identifier;
and executing the service operation indicated by the service instruction to the operation object according to the sensitive identification.
With reference to the first aspect, in a first possible implementation manner of the first aspect, before the obtaining a service instruction sent by an application APP, the method further includes:
reading identification information of the operation object from a database, wherein the identification information comprises a sensitive identification of the operation object;
determining a pseudo identifier of the operation object, and replacing the sensitive identifier in the identification information by using the pseudo identifier;
and returning the identification information carrying the pseudo identification to the APP.
With reference to the first possible implementation manner of the first aspect, in a second possible implementation manner of the first aspect, the identifying information further includes publicable identifying information of the operation object, and the determining a pseudo identifier of the operation object, and replacing the sensitive information of the operation object in the identifying information with the pseudo identifier specifically includes:
replacing the sensitive identification of the operation object in the identification information by the publicable identification information as a pseudo identification; or, transforming the publicable identifier to obtain the pseudo identifier, and replacing the sensitive identifier of the operation object in the identifier information with the pseudo identifier.
With reference to the second possible implementation manner of the first aspect, in a third possible implementation manner of the first aspect, the obtaining the sensitive identifier of the operation object according to the pseudo identifier specifically includes:
obtaining a sensitive identification corresponding to the publicable identification in the database; the database stores the corresponding relation between the sensitive identification and the public identification of the operation object;
after the sensitive identifier of the operation object is obtained according to the pseudo identifier, the method further includes:
and replacing the pseudo identifier in the service instruction with the sensitive identifier.
With reference to the second possible implementation manner of the first aspect, in a fourth possible implementation manner of the first aspect, the pseudo identifier is obtained by transforming the publicable identifier, and the obtaining the sensitive identifier of the operation object according to the pseudo identifier specifically includes: carrying out inverse transformation on the pseudo identifier to obtain the publicable identifier of the operation object, and obtaining a sensitive identifier corresponding to the publicable identifier in the database; the database stores the corresponding relation between the sensitive identification and the public identification of the operation object;
after the sensitive identifier of the operation object is obtained according to the pseudo identifier, the method further includes:
and replacing the pseudo identifier in the service instruction with the sensitive identifier.
With reference to the first aspect or any one of the second to fourth possible implementation manners of the first aspect, in a fifth possible implementation manner of the first aspect, the sensitive identifier is a mobile phone number of a user contact, and the public identifier is a storage serial number of the user contact.
In a second aspect, a terminal is provided, including:
the device comprises a first obtaining unit, a second obtaining unit and a third obtaining unit, wherein the first obtaining unit is used for obtaining a service instruction sent by an application program APP, the service instruction comprises a pseudo identifier of an operation object, and the pseudo identifier and a sensitive identifier of the operation object have a one-to-one correspondence relationship;
the second acquisition unit is used for acquiring the sensitive identification of the operation object according to the pseudo identification;
and the execution unit is used for executing the service operation indicated by the service instruction to the operation object according to the sensitive identification.
With reference to the second aspect, in a first possible implementation manner of the second aspect, the terminal further includes:
the information reading unit is used for reading identification information of the operation object from a database, wherein the identification information comprises a sensitive identification of the operation object;
a first replacing unit, configured to determine a pseudo identifier of the operation object, and replace the sensitive identifier in the identifier information with the pseudo identifier;
and the sending unit returns the identification information carrying the pseudo identification to the APP.
With reference to the first possible implementation manner of the second aspect, in a second possible implementation manner of the second aspect, the identification information further includes a publicly available identification of the operation object;
the first replacing unit is specifically configured to replace the sensitive identifier of the operation object in the identifier information with the publicable identifier as a pseudo identifier; or,
the terminal further includes a transformation unit configured to transform the publicable identifier to obtain the pseudo identifier, and the first replacement unit is specifically configured to replace the sensitive identifier of the operation object in the identifier information with the pseudo identifier.
With reference to the second possible implementation manner of the second aspect, in a third possible implementation manner of the second aspect, the terminal further includes a second replacing unit, and the second obtaining unit is specifically configured to, when the pseudo identifier is the publicable identifier, obtain, from the database, a sensitive identifier corresponding to the publicable identifier; the database stores the corresponding relation between the sensitive identification and the public identification of the operation object;
the second replacing unit is configured to replace the pseudo identifier in the service instruction with the sensitive identifier.
With reference to the second possible implementation manner of the second aspect, in a fourth possible implementation manner of the second aspect, the terminal further includes an inverse transformation unit, configured to perform inverse transformation on the pseudo identifier to obtain the publicable identifier of the operation object;
the second obtaining unit is used for obtaining the sensitive identification corresponding to the publicable identification from the database; the database stores the corresponding relation between the sensitive identification and the public identification of the operation object;
the second replacing unit is configured to replace the pseudo identifier in the service instruction with the sensitive identifier.
From the above, by adopting the method and the apparatus provided by the embodiment of the present invention, the sensitive identifier of the operation object in the identifier information obtained by the APP is replaced by the pseudo identifier, so that the APP cannot obtain the sensitive identifier of the operation object, thereby avoiding the leakage of the APP to the personal information of the user; when the APP initiates business operation, the pseudo identifier of the operation object in the business instruction sent by the APP is replaced by the sensitive identifier of the operation object, and the operation indicated by the business instruction is executed on the operation object according to the sensitive identifier of the operation object, so that the business function of the APP is not affected.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic flowchart of an information protection method according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of another information protection method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a terminal according to an embodiment of the present invention;
fig. 3a is a schematic structural diagram of another terminal according to an embodiment of the present invention;
fig. 3b is a schematic structural diagram of another terminal according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of another terminal according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The following embodiments of the present invention can be applied to a terminal using an android system, where functions of the terminal, such as making a call, sending a short message, and sending an email, are provided by system services of an operating system, and the system services are part of the operating system and are used by a third-party application APP through an exposed call interface. It is worth noting that the system service is fixed when the system is shipped from the factory, and the personal information of the user cannot be leaked.
An embodiment of the present invention provides an information protection method, as shown in fig. 1, including:
s101, obtaining a service instruction sent by an application program APP, wherein the service instruction comprises a pseudo identifier of an operation object.
And the pseudo identifier and the sensitive identifier of the operation object have a one-to-one correspondence relationship.
Specifically, before a service instruction sent by the APP is acquired, the identification information of the operation object is read from the database, where the identification information includes a sensitive identification of the operation object, a pseudo identification of the operation object is determined, the pseudo identification is used to replace the sensitive identification in the identification information, and the identification information carrying the pseudo identification is returned to the APP.
For example, when the communication APP installed on the terminal runs, an Application Programming Interface (API) in the terminal system is called to read contact information (i.e. identification information of the operation object) in an address book of the terminal, where the contact information includes a mobile phone number and a contact name of a contact and a storage serial number generated when the terminal stores the contact. The mobile phone number of the contact person is not expected to be revealed by the user, so that the mobile phone number of the contact person can be preset as the sensitive identification of the contact person, and the storage serial number is the publicable identification.
Further, the determining the pseudo identifier of the operation object and replacing the sensitive identifier of the operation object in the identifier information with the pseudo identifier may be implemented in the following two ways:
and replacing the sensitive identification of the operation object in the identification information by using the public identification as a pseudo identification.
Exemplarily, the APP calls an API in the terminal to read contact information in an address book, where the contact information includes a mobile phone number of a contact: 13912345678, contact name Zhang III, storage sequence number of the contact: 17. the API replaces the phone number 13912345678 of the contact with the storage serial number 17 of the contact after acquiring the contact information, so that the replaced contact information includes the phone number of the contact: 17. zhang III, the storage serial number of the contact: 17.
it should be noted that the contact information may be in a form of a list, and a column identifier is set corresponding to each column of information, so that the API may determine the sensitive identifier and the publicable identifier in the contact information according to the column identifier, and a specific alternative manner may be preset by a user, which is not limited in the present invention.
And secondly, transforming the publicable identifier to obtain the pseudo identifier, and replacing the sensitive identifier of the operation object in the identifier information with the pseudo identifier.
Illustratively, since the mobile phone numbers are all 11 digits, in order to keep consistent with the format of the sensitive information, the API adds 9 digits as a pseudo identifier in front of the storage serial number 17, such as 18100000017; com may be converted to 17 mail.17 as the pseudo identifier if the sensitive information is the mail address of the contact, so as to ensure that the pseudo identifier can be identified by the APP.
And S102, acquiring the sensitive identification of the operation object according to the pseudo identification.
Specifically, in the first manner, the terminal obtains the sensitive identifier corresponding to the publicable identifier from the database, where the database stores the corresponding relationship between the sensitive identifier of the operation object and the publicable identifier, and replaces the pseudo identifier in the service instruction with the sensitive identifier.
Illustratively, after receiving the contact information, the APP includes a pseudo identifier of the contact, and if a call-making instruction issued by a user is received, the APP generates a service instruction according to the contact information, and is configured to invoke a system service in the terminal to initiate a dialing function through the mobile phone number of the contact, but at this time, the mobile phone number of the contact has been replaced by the pseudo identifier, so that after receiving the service instruction, the system service in the terminal acquires the mobile phone number of the operation object in the database according to the pseudo identifier, replaces the pseudo identifier in the service instruction with the mobile phone number of the contact, and initiates a communication function for the contact by using the mobile phone number.
For the second mode, the terminal performs inverse transformation on the pseudo identifier to obtain the publicable identifier of the operation object, obtains the sensitive identifier corresponding to the publicable identifier from the database, and replaces the pseudo identifier in the service instruction with the sensitive identifier.
For example, the API transforms the publicable identifier into a pseudo identifier with the same format as the sensitive identifier, and the system service in the terminal restores the pseudo identifier to the publicable identifier by inverse transformation, for example, the system service deletes the first 9 digits of the pseudo identifier 18100000017 to obtain the storage serial number 17 of the contact, and the system service queries the mobile phone number of the contact corresponding to the storage serial number 17 in the database, and replaces the pseudo identifier 18100000017 in the service instruction with the mobile phone number. So that the system service initiates a communication function according to the real mobile phone number of the contact.
S103, executing the service operation indicated by the service instruction to the operation object according to the sensitive identification.
In the above description, the mobile phone number of the user contact is taken as the sensitive identifier, and the storage serial number is taken as the publicable identifier for illustration, but the sensitive identifier and the publicable identifier in the present invention are preset according to the user requirement, for example, if the user wants the name of the contact not to be revealed, the name of the contact can be preset as the sensitive identifier, which is not limited by the present invention.
In addition, the value is that after the API in the existing terminal acquires the identification information of the operation object, the identification information is directly returned to the APP, and the embodiment of the present invention can modify the existing API code to implement the replacement of the sensitive identification of the operation object by using the pseudo identification; the embodiment of the invention modifies the existing system service to realize that the system service replaces the pseudo identifier in the service instruction by using the sensitive information of the operation object.
By adopting the scheme, the terminal uses the pseudo identifier to replace the sensitive identifier of the operation object in the identifier information acquired by the APP, so that the APP cannot acquire the sensitive identifier of the operation object, and the leakage of the APP to the personal information of the user is avoided; when the APP initiates a business operation, the terminal replaces the pseudo identifier of the operation object in the business instruction sent by the APP with the sensitive identifier of the operation object, and executes the operation indicated by the business instruction to the operation object according to the sensitive identifier of the operation object, thereby ensuring that the business function of the APP is not affected.
In order to enable those skilled in the art to more clearly understand the technical solution of the information protection method provided by the embodiment of the present invention, the following describes in detail an information protection method provided by the present invention through a specific embodiment, as shown in fig. 2, including:
s201, reading identification information of an operation object in a database by an API in the APP calling terminal.
Wherein the identification information comprises a sensitive identification and a public identification.
For example, when an APP installed in a terminal is initially started, personal information of a user in the terminal is obtained, where the personal information includes identification information of a service operation object of the APP, for example, if the service of the APP is mobile communication, the personal information of the user obtained by the APP is user contact information, which includes names of contacts, mobile phone numbers, and the like.
After step S201 is executed, step S202 is executed, or, alternatively, step S203 is executed.
S202, the API in the terminal uses the public identification as a pseudo identification to replace the sensitive identification in the identification information.
In the implementation of the present invention, a first information replacement module is preset in the API, where when the API obtains the identifier information of the operation object, the identifier information is used as a parameter to call the first information replacement module, and the first information replacement module replaces the sensitive identifier in the identifier information with the publicable identifier; in addition, the first information replacing module may also intercept the identification information before the API returns the identification information to the APP by using an API Hook (Application Programming Interface Hook) technique, and replace the sensitive identifier in the identification information with the publicable identifier by the first information replacing module.
It should be noted that the API hook is a program segment for processing messages, which is hung in the API through a system call, and whenever the API sends out the identification information, the hook program captures the identification information first when the APP is not reached, that is, the first information replacement module obtains control to process the identification information first before the APP.
S203, the API in the terminal converts the public identification into a pseudo identification and replaces the sensitive identification in the identification information with the pseudo identification.
In particular, the API transforms the publicable identity into a pseudo-identity consistent with the format of the sensitive identity to ensure that the pseudo-identity is recognizable by the APP.
And S204, the API in the terminal returns the identification information carrying the pseudo identification to the APP.
It should be noted that, after the above steps S201 to S204, the APP may store the identification information of the operation object, where the identification information includes the pseudo identifier of the operation object, so that the APP may directly obtain the pseudo identifier of the operation object each time a service operation is performed later, and does not need to call an API to read the identification information of the operation object in the database.
S205, the system service in the terminal receives the business instruction which is sent by the APP and carries the pseudo identifier.
Specifically, the APP may start to execute a service flow according to an instruction of a user, and since functions of making a call, sending a short message, sending an email, and the like of the terminal are provided by a system service of the operating system, the APP needs to send a service instruction to the system service, and the system service executes the service operation.
If the pseudo identifier is the publicable identifier, that is, the optional step is executed in S202, after step S205 is executed, step S206 is executed; if the pseudo identifier is an identifier obtained by changing the publicable identifier, that is, the optional step is executed in S203, after step S205 is executed, step S207 is executed.
S206, the system service in the terminal acquires the sensitive identification corresponding to the publicable identification in the database.
Wherein, the database stores the corresponding relation between the sensitive identification and the public identification of the operation object. For example, if the operation object is an address book contact of the user, the sensitive identifier may be a mobile phone number of the contact, and the public identifier may be a storage serial number of the contact, so that the system service may obtain the mobile phone number of the contact in the database according to the storage serial number.
And S207, the system service in the terminal inversely transforms the pseudo identifier to obtain the publicable identifier, and obtains the sensitive identifier corresponding to the publicable identifier from the database.
And S208, replacing the pseudo identifier in the service instruction with the sensitive identifier by the system service in the terminal.
Illustratively, a second information replacement module is preset in the system service, after the system service receives the service instruction, the second information replacement module is called, and the second information replacement module completes replacement of the pseudo identifier in the service instruction.
S209, the system service in the terminal executes the operation indicated by the service instruction to the operation object according to the sensitive identification of the operation object.
It should be noted that, in the above description of the embodiment of the present invention, the mobile phone number is used as sensitive information, and the storage identifier is used as publicable information for illustration, but it should be clear to those skilled in the art that the identification information in the embodiment of the present invention may be any personal information stored in the terminal by the user.
In addition, the API and the system service belong to factory configuration of the terminal, and personal information of a user cannot be leaked.
Therefore, the invention replaces the sensitive identification with the false identification, so that the APP cannot obtain the real sensitive identification of the operation object in the operation process, thereby preventing the leakage of the APP to the sensitive identification, and meanwhile, the false identification in the service instruction sent by the APP is replaced with the sensitive identification, thereby ensuring that the service function of the APP is not influenced.
An embodiment of the present invention provides a terminal, corresponding to the method embodiment in fig. 1, where each functional unit of the terminal 30 is used in the method steps, as shown in fig. 3, the terminal includes:
a first obtaining unit 31, configured to obtain a service instruction sent by an application APP.
The service instruction comprises a pseudo identifier of an operation object, wherein the pseudo identifier and a sensitive identifier of the operation object have a one-to-one correspondence relationship.
And the second obtaining unit 32 is configured to obtain the sensitive identifier of the operation object according to the pseudo identifier.
And the execution unit 33 is configured to execute the service operation indicated by the service instruction on the operation object according to the sensitive identifier.
Optionally, as shown in fig. 3a, the terminal further includes: an information reading unit 34, configured to read identification information of the operation object from a database, where the identification information includes a sensitive identification of the operation object; a first replacing unit 35, configured to determine a pseudo identifier of the operation object, and replace the sensitive identifier in the identifier information with the pseudo identifier; the sending unit 36 returns the identification information carrying the pseudo identifier to the APP.
For example, when the communication type APP installed on the terminal runs, the API in the terminal system is called to read contact information (i.e. identification information of the operation object) in the terminal address book, where the contact information includes a mobile phone number and a contact name of a contact and a storage serial number generated when the terminal stores the contact. The mobile phone number of the contact person is not expected to be revealed by the user, so that the mobile phone number of the contact person can be preset as the sensitive identification of the contact person, and the storage serial number is the publicable identification.
Optionally, the identification information further includes a publicly available identification of the operation object; the first replacing unit 35 is specifically configured to replace the sensitive identifier of the operation object in the identifier information with the publicable identifier as a pseudo identifier; or, the terminal further includes a transforming unit 37, configured to transform the publicable identifier to obtain the pseudo identifier, and the first replacing unit 35 is specifically configured to replace the sensitive identifier of the operation object in the identifier information with the pseudo identifier.
That is, the sensitive identifier of the operation object is replaced by the pseudo identifier in the following two ways:
in the first mode, the first replacing unit 35 replaces the sensitive identifier of the operation object in the identifier information with the publicable identifier as a pseudo identifier.
Exemplarily, the APP calls an API in the terminal to read contact information in an address book, where the contact information includes a mobile phone number of a contact: 13912345678, contact name Zhang III, storage sequence number of the contact: 17. the API replaces the phone number 13912345678 of the contact with the storage serial number 17 of the contact after acquiring the contact information, so that the replaced contact information includes the phone number of the contact: 17. zhang III, the storage serial number of the contact: 17.
it should be noted that the contact information may be in a form of a list, and a column identifier is set corresponding to each column of information, so that the API may determine the sensitive identifier and the publicable identifier in the contact information according to the column identifier, and a specific alternative manner may be preset by a user, which is not limited in the present invention.
In a second mode, the transformation unit 37 transforms the publicable identifier to obtain the pseudo identifier, and the first replacement unit 35 replaces the sensitive identifier of the operation object in the identifier information with the pseudo identifier.
Illustratively, since the mobile phone numbers are all 11 digits, in order to keep consistent with the format of the sensitive information, the API adds 9 digits as a pseudo identifier in front of the storage serial number 17, such as 18100000017; com may be converted to 17 mail.17 as the pseudo identifier if the sensitive information is the mail address of the contact, so as to ensure that the pseudo identifier can be identified by the APP.
Optionally, as shown in fig. 3b, the terminal further includes a second replacing unit 38, where the second obtaining unit 32 is specifically configured to obtain, when the pseudo identifier is the publicable identifier, a sensitive identifier corresponding to the publicable identifier from the database, and the second replacing unit 38 is configured to replace the pseudo identifier in the service instruction with the sensitive identifier. Wherein, the database stores the corresponding relation between the sensitive identification and the public identification of the operation object.
Illustratively, after receiving the contact information, the APP includes a pseudo identifier of the contact, and if a call-making instruction issued by a user is received, the APP generates a service instruction according to the contact information, and is configured to invoke a system service in the terminal to initiate a dialing function through the mobile phone number of the contact, but at this time, the mobile phone number of the contact has been replaced by the pseudo identifier, so that after receiving the service instruction, the system service in the terminal acquires the mobile phone number of the operation object in the database according to the pseudo identifier, replaces the pseudo identifier in the service instruction with the mobile phone number of the contact, and initiates a communication function for the contact by using the mobile phone number.
Optionally, as shown in fig. 3b, the terminal further includes an inverse transformation unit 39, configured to perform inverse transformation on the pseudo identifier to obtain the publicable identifier of the operation object, the second obtaining unit 32, configured to obtain the sensitive identifier corresponding to the publicable identifier from the database, and the second replacing unit 38, configured to replace the pseudo identifier in the service instruction with the sensitive identifier.
For example, the API transforms the publicable identifier into a pseudo identifier with the same format as the sensitive identifier, and the system service in the terminal restores the pseudo identifier to the publicable identifier by inverse transformation, for example, the system service deletes the first 9 digits of the pseudo identifier 18100000017 to obtain the storage serial number 17 of the contact, and the system service queries the mobile phone number of the contact corresponding to the storage serial number 17 in the database, and replaces the pseudo identifier 18100000017 in the service instruction with the mobile phone number. So that the system service initiates a communication function according to the real mobile phone number of the contact.
It will be clear to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working processes of the system, the apparatus and the unit described above, reference may be made to the corresponding processes in the foregoing method embodiments, and details are not described here again.
By adopting the terminal, the terminal uses the pseudo identifier to replace the sensitive identifier of the operation object in the identifier information acquired by the APP, so that the APP cannot acquire the sensitive identifier of the operation object, and the leakage of the APP to the personal information of the user is avoided; when the APP initiates a business operation, the terminal replaces the pseudo identifier of the operation object in the business instruction sent by the APP with the sensitive identifier of the operation object, and executes the operation indicated by the business instruction to the operation object according to the sensitive identifier of the operation object, thereby ensuring that the business function of the APP is not affected.
An embodiment of the present invention provides a terminal 40, as shown in fig. 4, where the terminal 40 includes:
a processor (processor)41, a communication Interface (Communications Interface)42, a memory (memory)43, and a communication bus 44; wherein, the processor 41, the communication interface 42 and the memory 43 complete mutual communication through the communication bus 44.
The processor 41 may be a multi-core central processing unit CPU or an application Specific Integrated circuit asic or one or more Integrated circuits configured to implement embodiments of the present invention.
The memory 43 is used to store program code, including computer operating instructions and network flow diagrams. The memory 43 may comprise a high-speed RAM memory, and may also include a non-volatile memory (non-volatile memory), such as at least one disk memory.
The communication interface 42 is used for realizing connection communication between the devices.
The processor 41 is configured to execute the program code in the memory 43 to implement the following operations:
acquiring a service instruction sent by an application program APP, wherein the service instruction comprises a pseudo identifier of an operation object, and the pseudo identifier and a sensitive identifier of the operation object have a one-to-one correspondence relationship;
acquiring a sensitive identifier of the operation object according to the pseudo identifier;
and executing the service operation indicated by the service instruction to the operation object according to the sensitive identification.
Optionally, before the obtaining of the service instruction sent by the application APP, the operations further include:
reading identification information of the operation object from a database, wherein the identification information comprises a sensitive identification of the operation object;
determining a pseudo identifier of the operation object, and replacing the sensitive identifier in the identification information by using the pseudo identifier;
and returning the identification information carrying the pseudo identification to the APP.
Optionally, the identification information further includes publicable identification information of the operation object, the determining a pseudo identifier of the operation object, and replacing the sensitive information of the operation object in the identification information with the pseudo identifier specifically includes:
replacing the sensitive identification of the operation object in the identification information by the publicable identification information as a pseudo identification; or, transforming the publicable identifier to obtain the pseudo identifier, and replacing the sensitive identifier of the operation object in the identifier information with the pseudo identifier.
Optionally, the pseudo identifier is the publicable identifier, and the obtaining the sensitive identifier of the operation object according to the pseudo identifier specifically includes:
obtaining a sensitive identification corresponding to the publicable identification in the database; the database stores the corresponding relation between the sensitive identification and the public identification of the operation object;
after the sensitive identifier of the operation object is obtained according to the pseudo identifier, the method further includes:
and replacing the pseudo identifier in the service instruction with the sensitive identifier.
Optionally, the pseudo identifier is obtained by transforming the publicable identifier, and the obtaining the sensitive identifier of the operation object according to the pseudo identifier specifically includes: carrying out inverse transformation on the pseudo identifier to obtain the publicable identifier of the operation object, and obtaining a sensitive identifier corresponding to the publicable identifier in the database; the database stores the corresponding relation between the sensitive identification and the public identification of the operation object;
after the obtaining of the sensitive identifier of the operation object according to the pseudo identifier, the operation further includes:
and replacing the pseudo identifier in the service instruction with the sensitive identifier.
Optionally, the sensitive identifier is a mobile phone number of a user contact, and the public identifier is a storage serial number of the user contact.
It will be clear to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working processes of the system, the apparatus and the unit described above, reference may be made to the corresponding processes in the foregoing method embodiments, and details are not described here again.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) or a processor (processor) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (11)
1. A method of information protection, comprising:
acquiring a service instruction sent by an application program APP, wherein the service instruction comprises a pseudo identifier of an operation object, and the pseudo identifier and a sensitive identifier of the operation object have a one-to-one correspondence relationship;
acquiring a sensitive identifier of the operation object according to the pseudo identifier;
and executing the service operation indicated by the service instruction to the operation object according to the sensitive identification.
2. The method according to claim 1, characterized in that, before said obtaining of the service instruction sent by the application APP, it further comprises:
reading identification information of the operation object from a database, wherein the identification information comprises a sensitive identification of the operation object;
determining a pseudo identifier of the operation object, and replacing the sensitive identifier in the identification information by using the pseudo identifier;
and returning the identification information carrying the pseudo identification to the APP.
3. The method according to claim 2, wherein the identification information further includes a publicable identification of the operation object, and the determining a pseudo identification of the operation object and replacing the sensitive identification of the operation object in the identification information with the pseudo identification specifically includes:
replacing the sensitive identification of the operation object in the identification information by the publicable identification as a pseudo identification; or, transforming the publicable identifier to obtain the pseudo identifier, and replacing the sensitive identifier of the operation object in the identifier information with the pseudo identifier.
4. The method according to claim 3, wherein the pseudo identifier is the publicable identifier, and the obtaining the sensitive identifier of the operation object according to the pseudo identifier specifically includes:
obtaining a sensitive identification corresponding to the publicable identification in the database; the database stores the corresponding relation between the sensitive identification and the public identification of the operation object;
after the sensitive identifier of the operation object is obtained according to the pseudo identifier, the method further includes:
and replacing the pseudo identifier in the service instruction with the sensitive identifier.
5. The method according to claim 3, wherein the pseudo identifier is obtained by transforming the publicable identifier, and the obtaining the sensitive identifier of the operation object according to the pseudo identifier specifically includes: carrying out inverse transformation on the pseudo identifier to obtain the publicable identifier of the operation object, and obtaining a sensitive identifier corresponding to the publicable identifier in the database; the database stores the corresponding relation between the sensitive identification and the public identification of the operation object;
after the sensitive identifier of the operation object is obtained according to the pseudo identifier, the method further includes:
and replacing the pseudo identifier in the service instruction with the sensitive identifier.
6. The method of any of claims 1 to 5, wherein the sensitive identifier is a cell phone number of a user contact and the publicly identifiable identifier is a stored serial number of the user contact.
7. A terminal, comprising:
the device comprises a first obtaining unit, a second obtaining unit and a third obtaining unit, wherein the first obtaining unit is used for obtaining a service instruction sent by an application program APP, the service instruction comprises a pseudo identifier of an operation object, and the pseudo identifier and a sensitive identifier of the operation object have a one-to-one correspondence relationship;
the second acquisition unit is used for acquiring the sensitive identification of the operation object according to the pseudo identification;
and the execution unit is used for executing the service operation indicated by the service instruction to the operation object according to the sensitive identification.
8. The terminal of claim 7, further comprising:
the information reading unit is used for reading identification information of the operation object from a database, wherein the identification information comprises a sensitive identification of the operation object;
a first replacing unit, configured to determine a pseudo identifier of the operation object, and replace the sensitive identifier in the identifier information with the pseudo identifier;
and the sending unit returns the identification information carrying the pseudo identification to the APP.
9. The terminal of claim 8, wherein the identification information further comprises a publicly available identification of the operation object;
the first replacing unit is specifically configured to replace the sensitive identifier of the operation object in the identifier information with the publicable identifier as a pseudo identifier; or,
the terminal further includes a transformation unit configured to transform the publicable identifier to obtain the pseudo identifier, and the first replacement unit is specifically configured to replace the sensitive identifier of the operation object in the identifier information with the pseudo identifier.
10. The terminal according to claim 9, wherein the terminal further includes a second replacing unit, and the second obtaining unit is specifically configured to, when the pseudo identifier is the publicable identifier, obtain a sensitive identifier corresponding to the publicable identifier from the database; the database stores the corresponding relation between the sensitive identification and the public identification of the operation object;
the second replacing unit is configured to replace the pseudo identifier in the service instruction with the sensitive identifier.
11. The terminal according to claim 9, wherein the terminal further comprises an inverse transformation unit, configured to perform inverse transformation on the pseudo identifier to obtain the publicable identifier of the operation object;
the second obtaining unit is used for obtaining the sensitive identification corresponding to the publicable identification from the database; the database stores the corresponding relation between the sensitive identification and the public identification of the operation object;
the second replacing unit is configured to replace the pseudo identifier in the service instruction with the sensitive identifier.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410427510.7A CN104200175A (en) | 2014-08-27 | 2014-08-27 | Information protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410427510.7A CN104200175A (en) | 2014-08-27 | 2014-08-27 | Information protection method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104200175A true CN104200175A (en) | 2014-12-10 |
Family
ID=52085466
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410427510.7A Pending CN104200175A (en) | 2014-08-27 | 2014-08-27 | Information protection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104200175A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105630854A (en) * | 2015-01-28 | 2016-06-01 | 深圳酷派技术有限公司 | Data search method, data search apparatus and terminal |
| CN107145798A (en) * | 2017-05-03 | 2017-09-08 | 广州市千钧网络科技有限公司 | The display methods and system of a kind of login account |
| CN110737911A (en) * | 2018-07-19 | 2020-01-31 | 中国电信股份有限公司 | Data processing method, device and computer readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070005155A1 (en) * | 2003-08-28 | 2007-01-04 | Yoshinori Aoki | Database system, information acquisition enabled/disabled inspectiion system, information acquisition method, and program |
| CN101655892A (en) * | 2009-09-22 | 2010-02-24 | 成都市华为赛门铁克科技有限公司 | Mobile terminal and access control method |
| CN103164260A (en) * | 2011-12-15 | 2013-06-19 | 中国银联股份有限公司 | Application program management system and application program management method used for mobile terminal |
-
2014
- 2014-08-27 CN CN201410427510.7A patent/CN104200175A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070005155A1 (en) * | 2003-08-28 | 2007-01-04 | Yoshinori Aoki | Database system, information acquisition enabled/disabled inspectiion system, information acquisition method, and program |
| CN101655892A (en) * | 2009-09-22 | 2010-02-24 | 成都市华为赛门铁克科技有限公司 | Mobile terminal and access control method |
| CN103164260A (en) * | 2011-12-15 | 2013-06-19 | 中国银联股份有限公司 | Application program management system and application program management method used for mobile terminal |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105630854A (en) * | 2015-01-28 | 2016-06-01 | 深圳酷派技术有限公司 | Data search method, data search apparatus and terminal |
| CN105630854B (en) * | 2015-01-28 | 2020-07-03 | 深圳酷派技术有限公司 | Data searching method, data searching device and terminal |
| CN107145798A (en) * | 2017-05-03 | 2017-09-08 | 广州市千钧网络科技有限公司 | The display methods and system of a kind of login account |
| CN110737911A (en) * | 2018-07-19 | 2020-01-31 | 中国电信股份有限公司 | Data processing method, device and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104967997B (en) | A kind of Wi-Fi cut-in method, Wi-Fi equipment, terminal device and system | |
| CN105338515B (en) | Data service transmission method and mobile communication equipment | |
| US10009891B2 (en) | Communication method, server and terminal | |
| CN104881667A (en) | Characteristic information extraction method and apparatus | |
| CN110677492A (en) | Access request processing method and device, electronic equipment and storage medium | |
| CN113179266A (en) | Service request processing method and device, electronic equipment and storage medium | |
| CN108810947B (en) | Server for identifying real flow based on IP address | |
| CN111049822B (en) | Short message verification code sending method and device, short message server and storage medium | |
| CN104200175A (en) | Information protection method and device | |
| CN115374481A (en) | Data desensitization processing method and device, storage medium and electronic equipment | |
| CN109246280B (en) | Address book cloud processing method and device, computer equipment and readable storage medium | |
| CN105246069B (en) | SIM data using method and mobile terminal | |
| CN112804160B (en) | Application program-based current limiting method, device, equipment, medium and product | |
| CN108241515B (en) | Application shortcut establishing method and terminal | |
| CN108228248A (en) | A kind of determining method and apparatus of dependence | |
| CN105376733A (en) | Information processing method and electronic apparatus | |
| US10581917B2 (en) | Systems and methods for enforcing device policies | |
| CN109219051B (en) | False number determination method, device, equipment and readable storage medium | |
| CN107809758B (en) | SIM card information protection method and device | |
| CN103561035A (en) | Mobile subscriber safety protection method and system | |
| CN106102011A (en) | Method, device and the terminal that a kind of terminal positioning processes | |
| CN111970371B (en) | Method and device for acquiring extranet resources in private line environment | |
| CN101951585A (en) | User identity authentication method, system and mobile communication terminal | |
| CN111093186B (en) | eSIM card operator file management method and system | |
| CN105684343A (en) | Information processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20141210 |
|
| RJ01 | Rejection of invention patent application after publication |