CN106713266B - Method, device, terminal and system for preventing information leakage - Google Patents
Method, device, terminal and system for preventing information leakage Download PDFInfo
- Publication number
- CN106713266B CN106713266B CN201611029752.6A CN201611029752A CN106713266B CN 106713266 B CN106713266 B CN 106713266B CN 201611029752 A CN201611029752 A CN 201611029752A CN 106713266 B CN106713266 B CN 106713266B
- Authority
- CN
- China
- Prior art keywords
- url
- address
- user
- url address
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
- G06F16/9566—URL specific, e.g. using aliases, detecting broken or misspelled links
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a method, a device, a terminal and a system for preventing information leakage, which can correspondingly process a URL to be visited based on the safety state of the URL to be visited; the method has the advantages that dangerous webpages are intercepted, safe webpages are directly accessed, and unknown webpages are subjected to safety protection based on user behaviors, so that various safety states are considered. If the security state of the URL to be accessed is unknown, the information input by the user is detected, the sensitive information is prompted, the user is prevented from being shielded by a malicious website to reveal the sensitive information, and the property and privacy security of the user is protected.
Description
Technical Field
The present invention relates to the field of security, and in particular, to a method, an apparatus, a terminal, and a system for preventing information leakage.
Background
In recent years, phishing websites frequently appear around the world, which seriously affects the development of online financial services and electronic commerce, harms the benefits of users and affects the confidence of users in using the internet. Phishing websites typically spoof private information such as a user's bank card number and password by spoofing the Universal Resource Locator (URL) address and page content of a legitimate website, or by other means masquerading as a legitimate website.
In the prior art, the URL of the phishing website is usually identified by a specific method to form a phishing website library, and whether the URL to be accessed is the phishing website is judged based on the phishing website library. However, the data in the phishing website library is not complete, a certain missing proportion exists, and when the user accesses the missing phishing websites, safety protection cannot be obtained.
Disclosure of Invention
The invention provides a method, a device, a terminal and a system for preventing information leakage.
The invention is realized by the following technical scheme:
a method of preventing information leakage, the method comprising:
responding to the detected interface operation, and acquiring a Uniform Resource Locator (URL) address to be accessed;
sending a query request to a server, wherein the query request is used for querying the security state of the URL address; the server is used for receiving the query request and returning the security state of the Uniform Resource Locator (URL) address;
receiving the security state of the Uniform Resource Locator (URL) address returned by the server;
judging whether information leakage prompting is needed or not according to the safety state; if so, then
Accessing the Uniform Resource Locator (URL) address;
monitoring and acquiring user input information;
judging whether the input information is sensitive information;
and if so, prompting the user.
Accordingly, an apparatus for preventing information leakage, comprising:
the address acquisition module is used for responding to the detected interface operation and acquiring a Uniform Resource Locator (URL) address to be accessed;
the query request sending module is used for sending a query request to a server, wherein the query request is used for querying the security state of the Uniform Resource Locator (URL) address; the server is used for receiving the query request and returning the security state of the Uniform Resource Locator (URL) address;
the query request receiving module is used for receiving the security state of the uniform resource locator URL address returned by the server;
the leakage prompt judging module is used for judging whether information leakage prompt is needed or not according to the safety state;
the access module is used for accessing the URL address;
the input information tracking module is used for monitoring and acquiring user input information;
the sensitive information judging module is used for judging whether the input information is sensitive information;
and the prompting module is used for prompting the user.
A terminal for preventing information leakage comprises the device for preventing information leakage.
A system for preventing information leakage, the system comprising the above-mentioned apparatus for preventing information leakage and a server, the server comprising:
the extraction module is used for extracting the URL address of the uniform resource locator carried in the query request;
the white list inquiring module is used for inquiring whether the URL address of the uniform resource locator is positioned in a preset safe URL white list or not;
the query blacklist module is used for querying whether the URL address of the uniform resource locator is positioned in a preset dangerous URL blacklist or not;
and the safety state returning module is used for setting the safety state of the URL address and returning the safety state.
The method, the device, the terminal and the system for preventing information leakage have the following beneficial effects:
(1) based on the safety state of the URL to be accessed, the URL to be accessed is processed differently, so that various safety states are considered.
(2) If the security state of the URL to be accessed is unknown, the information input by the user is detected, the sensitive information is prompted, the user is prevented from being shielded by a malicious website to reveal the sensitive information, and the property and privacy security of the user is protected.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a method for preventing information leakage according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of an interception access interface provided by an embodiment of the present invention;
FIG. 3 is a schematic diagram of a hint page provided by an embodiment of the present invention;
FIG. 4 is a flowchart of a method for determining whether a bank card number is provided in an embodiment of the present invention;
FIG. 5 is a flowchart of a method for preventing information leakage according to an embodiment of the present invention;
FIG. 6 is a flow chart of a method for obtaining a security status according to an embodiment of the present invention;
FIG. 7 is a flowchart of a method for determining a phishing website based on page content according to an embodiment of the invention;
FIG. 8 is a flowchart of a method for obtaining user input information based on a browser plug-in according to an embodiment of the present invention;
FIG. 9 is a flowchart of a method for obtaining user input information based on browser injection according to an embodiment of the present invention;
fig. 10 is a block diagram of an apparatus for preventing information leakage according to an embodiment of the present invention;
FIG. 11 is a block diagram of an input information tracking module provided by an embodiment of the present invention;
FIG. 12 is a block diagram of another input information tracking module provided by embodiments of the present invention;
fig. 13 is a block diagram of a system for preventing information leakage according to an embodiment of the present invention;
fig. 14 is a block diagram of a terminal according to an embodiment of the present invention;
fig. 15 is a block diagram of a server according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
An embodiment of the present invention provides a method for preventing information leakage, as shown in fig. 1, the method includes:
s101, responding to the detected interface operation, and acquiring a Uniform Resource Locator (URL) address to be accessed.
And if the user inputs a website address or clicks a website link, the terminal used by the user acquires the URL address of the uniform resource locator to be accessed. The URL address is the website address of the target website to be accessed.
And S102, sending a query request to a server, wherein the query request is used for querying the security state of the URL address.
The server is used for receiving the query request and returning the security state of the uniform resource locator URL address. Specifically, the safety state in this embodiment is dangerous, safe, and unknown.
And S103, receiving the safety state of the URL address returned by the server.
And S104, judging whether the safety state is dangerous or not, and if so, intercepting the access of a user to the URL address.
In this embodiment, the user is prevented from entering the dangerous website by mistake in a manner of intercepting the user access, so that the property and privacy security of the user is ensured, and a terminal interception interface used by the user is shown in fig. 2. In fig. 2, the user is not only reminded of possible risks, but also lists the website of the target website to be accessed, that is, the underlined part in the picture, and the user can search for the related information of the website of the target website by clicking the search button, thereby avoiding cheating by a malicious website. Moreover, 4 clickable buttons are provided in fig. 2, and when a safe internet access button is clicked, a user can access the internet under the monitoring of relevant safety software, so that the internet access risk is reduced. And clicking a continuous access button, and if the user neglects to prompt to access the target website by himself, the risk of cheating by the malicious website is high, and the recommendation is not considered. Clicking the next no-interception button allows the target website to be accessed, and the interception interface shown in fig. 2 cannot be given when the target website is accessed again. The user may communicate with the administrator by clicking the sitter complaint button.
And S105, if not, judging whether the safety state is unknown.
And judging whether the safety state is unknown or not so as to judge whether information leakage prompt is required or not according to the safety state. If the information is unknown, prompting is needed; if the safety is ensured, no prompt is needed.
And S106, if not, directly accessing the URL address.
If the safety state is neither dangerous nor unknown, the target website to be accessed is safe, the danger of information leakage does not exist, and the user can directly access the target website without information leakage prompt. In this embodiment, the page of the target website is directly displayed to the user.
And S107, if yes, accessing the URL address.
And S108, monitoring and acquiring user input information.
And S109, judging whether the input information is sensitive information.
And S110, if yes, prompting the user.
The security state is unknown, which indicates that the target website is accessed or the risk of information leakage exists, so that information leakage prompt is required. In this embodiment, the terminal used by the user does not prompt in the process of browsing the target website by the user, monitors the input behavior of the user, prompts the user if sensitive information is input, and a prompt page of the terminal used by the user is shown in fig. 3. In fig. 3, taking a website for exchanging a certain credit for cash as an example, if the security status of the website is unknown and the user is induced to input the sensitive information of the bank card number, a prompt is given.
In this embodiment, the sensitive information includes an identification number, a bank card number, a payment account number, and/or a login account number of common software. The embodiment uses different methods to detect the ID number, the bank card number, the Payment account number and/or the login account number of the common software.
(1) Identity card number
The citizen identity card number is compiled according to the national standard GB 11643-1999 national identity card number, and consists of 18 digits: the first 6 bits are administrative region division codes, the 7 th to 14 th bits are birth date codes, the 15 th to 17 th bits are sequence codes, and the 18 th bit is a check code. The ID card number can be detected according to the generation rule of the ID card number.
(2) Bank card number
The bank card number has relatively fixed specification, and the bank card number comprises three parts: the card issuing bank card comprises an issuer identification code, a custom bit and a check code, wherein the length of a bank card is generally 13-19 bits, and the length of a Unionpay standard card is generally 16-19 bits according to an ISO standard; issuer identification codes typically consist of 6 digits, for example as follows: agricultural bank 622848, intermediate bank 622689, recruiter bank 370285; the issuing bank identification codes of all banks are fixedly distributed, the length of the bank card is known, and therefore the identification codes of the mainstream banks can be exhaustive. The method for determining whether the card number is a bank card number in this embodiment is shown in fig. 4:
A1. judging whether the user input information is a numeric string;
A2. comparing the first 6 digits of the digital string with records in a preset card issuer identification list; the preset issuing bank identification list records identification codes of all mainstream banks;
A3. if the record which is the same as the front 6 of the digital string exists in the preset card issuer identification list, a bank corresponding to the record is obtained;
A4. judging whether the length of the numeric string is consistent with the length of a bank card issued by a bank;
A5. if the two are consistent, the bank card number is judged.
(3) Payment account
For a Payment treasure account, a user is required to configure account information to be protected in advance, a terminal used by the user records the account information, after user input information is obtained, the user input information is compared with preset account information, and if the user input information is consistent with the preset account information, the user inputs the Payment treasure account.
(4) Login account of common software
The QQ number, the micro signal and the login account number of other common software belong to internal data of a software company, and after the authorization of the software company is obtained, the information input by the user is compared with the internal data, so that whether the user inputs the login account number of the common software is judged.
Further, the method for protecting the user information based on the input behavior of the user provided in this embodiment may be set to be turned on or turned off at any time according to the user in advance, so as to meet the specific requirements of the user.
The embodiment provides a method for preventing information leakage, and further prevents a user from mistakenly inputting sensitive information through a judging method for detailing the sensitive information, and timely reminds the user through a prompt page, so that the privacy and property safety of the user are ensured.
Another embodiment of the present invention provides a method for preventing information leakage, where the method is shown in fig. 5 and includes:
s201, responding to the detected interface operation, and acquiring a Uniform Resource Locator (URL) address to be accessed.
And if the user inputs a website address or clicks a website link, the terminal used by the user acquires the URL address of the uniform resource locator to be accessed. The URL address is the website address of the target website to be accessed.
S202, sending a query request to a server, wherein the query request is used for querying the safety state of the URL address; the server is used for receiving the query request and returning the security state of the uniform resource locator URL address.
S203, receiving the security state of the URL address returned by the server.
S204, judging whether information leakage prompting is needed or not according to the safety state; if yes, then.
S205, accessing the URL address.
S206, monitoring and acquiring user input information.
And S207, judging whether the input information is sensitive information.
And S208, if so, prompting the user.
In this embodiment, the server receives the query request and returns the security status of the URL address, as shown in fig. 6, including the following steps:
B1. and extracting the URL address of the uniform resource locator carried in the query request.
B2. And inquiring whether the URL address is in a preset safe URL white list.
The websites stored in the safe URL white list are all safe websites, and comprise all bank official websites which can be acquired in a manual collection mode. The safe URL white list can also comprise other safe websites which are safely identified and judged to be safe.
B3. If so, setting the safety state of the URL address as safety, and returning to the safety state.
B4. Otherwise, inquiring whether the URL address is in a preset dangerous URL blacklist or not.
The websites stored in the dangerous URL blacklist are all dangerous websites, and the dangerous websites can be phishing websites or other dangerous websites. The phishing website is an address of a phishing website, and the phishing website usually refers to a website disguised as a bank and electronic commerce and used for stealing private information such as a bank account number, a password and the like submitted by a user. And the other dangerous websites are websites which are safely identified and judged to be dangerous.
B5. And if so, setting the safety state of the URL address as a danger, and returning to the safety state.
B6. Otherwise, identifying whether the uniform resource locator URL address is a dangerous URL address.
And identifying the URL address of the uniform resource locator which does not exist in the safe URL white list or the dangerous URL black list according to a preset identification algorithm. In this embodiment, there are various methods for identifying phishing websites, and in this embodiment, a method based on page content is used, as shown in fig. 7, the method includes the following steps:
C1. downloading a page corresponding to the URL address;
C2. extracting key information such as texts, input boxes and the like in the page;
C3. and judging whether the URL address is a fishing website or not according to the key information based on a keyword model. In other embodiments, a Bayesian model may also be used.
B7. And if so, setting the safety state of the URL address as a danger, and returning to the safety state.
B8. And adding the identified URL address of the uniform resource locator into a preset dangerous URL blacklist.
B9. Otherwise, setting the security state of the URL address as unknown and returning the security state.
The embodiment provides a method for preventing information leakage, which is used for specifically prompting the information leakage based on the security state of a target website accessed by a user. The safety state of the target website is accurately judged through the background server, and information leakage is prompted based on user behaviors on the basis that the safety state is reliable, so that the purpose of safe internet surfing is achieved.
The embodiment of the invention also provides a method for preventing information leakage, which comprises the following steps:
s301, responding to the detected interface operation, and acquiring a Uniform Resource Locator (URL) address to be accessed.
And if the user inputs a website address or clicks a website link, the terminal used by the user acquires the URL address of the uniform resource locator to be accessed. The URL address is the website address of the target website to be accessed.
S302, sending a query request to a server, wherein the query request is used for querying the security state of the URL address; the server is used for receiving the query request and returning the security state of the uniform resource locator URL address.
And S303, receiving the security state of the URL address returned by the server.
S304, judging whether information leakage prompting is needed or not according to the safety state; if yes, then.
S305, accessing the uniform resource locator URL address.
S306, monitoring and acquiring user input information.
And S307, judging whether the input information is sensitive information.
And S308, if so, prompting the user.
Specifically, the present embodiment provides two methods for monitoring and acquiring user input information.
(1) Plug-in based on browser
As shown in fig. 8, the method comprises the following steps:
D1. responding to an input instruction, traversing an input box of a webpage on a browser and obtaining a mouse focus;
D2. and acquiring the user input information in the input box.
Take a chrome browser as an example, which is a web browser developed by Google corporation. The browser is written based on other open source software, including WebKit, with the goal of improving stability, speed, and security, and creating a simple and efficient user interface. The chrome browser provides an interface for browser plug-in development, and the interface can be used for traversing an input box of a page and obtaining a mouse focus so as to obtain the content of the input box.
(2) Browser injection
As shown in fig. 9, the method comprises the following steps:
E1. in response to an input instruction, enumerating child windows of the browser in a browser process space;
E2. obtaining a focus of the mouse;
E3. judging whether the focus is positioned in an input box;
E4. and if so, acquiring the handle of the input box, and reading the user input information in the input box.
Enumerating the sub-windows of the browser by injecting the sub-windows into the process space of the browser, judging whether the focus of the mouse is an input box, if so, acquiring a handle of the input box, and reading characters in the input box.
The invention provides a method for preventing information leakage, which does not completely depend on the identification result of dangerous URL, but prompts a user when the user inputs sensitive information by monitoring the input behavior of the user on a webpage. According to the embodiment, the security protection based on the user input behavior can be performed on the website with the unknown security state, and the user protection strength is improved.
An embodiment of the present invention further provides an apparatus for preventing information leakage, as shown in fig. 10, including:
an address obtaining module 401, configured to obtain, in response to the detected interface operation, a URL address to be accessed;
a query request sending module 402, configured to send a query request to a server, where the query request is used to query a security status of the URL address; the server is used for receiving the query request and returning the security state of the Uniform Resource Locator (URL) address;
a query request receiving module 403, configured to receive a security status of the URL address returned by the server;
a leakage prompt judging module 404, configured to judge whether an information leakage prompt needs to be performed according to the security state;
an accessing module 405, configured to access the uniform resource locator URL address;
an input information tracking module 406 for monitoring and acquiring user input information;
a sensitive information determining module 407, configured to determine whether the input information is sensitive information;
and a prompt module 408 for prompting the user.
If the leakage prompt determining module 404 determines that information leakage prompt is required, the accessing module 405 accesses the URL address. While the input information tracking module 406 tracks user behavior. If the user input is detected, the sensitive information determining module 407 determines whether the input content is sensitive information, and if the input content is sensitive information, the prompting module 408 prompts the user.
A danger judging module 409 for judging whether the safety state is dangerous or not;
and the intercepting module 4010 is configured to intercept an access of a user to the URL address.
If the danger judging module 409 judges whether the safety state is dangerous, the interception module intercepts the access of the user to the URL address.
Specifically, the input information tracking module 406 is shown in fig. 11 and includes:
the traversing unit 4061 is configured to traverse an input box of a web page on the browser in response to the input instruction;
a focus first obtaining unit 4062, configured to obtain a mouse focus;
an information first acquisition unit 4063, configured to acquire user input information in the input box.
In another embodiment, the input information tracking module 406 is shown in fig. 12 and includes:
an enumeration unit 4061, configured to enumerate child windows of the browser in a browser process space in response to an input instruction;
a focus second obtaining unit 4062, configured to obtain a mouse focus;
a focus judgment unit 4063 configured to judge whether the focus is located in the input frame;
the second information obtaining unit 4064 is configured to obtain the handle of the input box and read the user input information in the input box.
The present embodiment is based on the same inventive concept and provides an information leakage prevention apparatus, which can be used to implement the information leakage prevention method provided in the above-described embodiments.
The present invention also provides a system for preventing information leakage, as shown in fig. 13, the system comprising the above-mentioned apparatus for preventing information leakage and a server 502, the server 502 comprising:
an extracting module 5021, configured to extract a uniform resource locator URL address carried in the query request;
a white list querying module 5022, configured to query whether the URL address of the URL is in a preset safe URL white list;
a blacklist querying module 5023, configured to query whether the URL address of the URL is located in a preset dangerous URL blacklist;
a security status returning module 5024, configured to set a security status of the URL address, and return to the security status.
The server 502 obtains the URL address through the extraction module 5021, determines whether the URL address is dangerous or safe through the white list query module 5022 and the black list query module 5023, and sets a safety state through the safety state return module 5024 according to a query result.
The server 502 further comprises:
an identifying module 5025, configured to identify whether the URL address is a dangerous URL address;
an adding module 5026, configured to add the identified URL address of the URL into a preset danger URL blacklist.
If the URL address is not in the safe URL white list or in the preset dangerous URL black list, the identifying module 5025 identifies whether the URL address is a dangerous URL address according to an identification algorithm, and if so, the adding module 5026 adds the URL address to the dangerous URL black list, so as to expand the number of dangerous URLs recorded in the dangerous URL black list and improve the coverage rate of the dangerous URL black list.
The present embodiment is based on the same inventive concept and provides a system for preventing information leakage, and the present embodiment can be used to implement the method for preventing information leakage provided in the above embodiments.
An embodiment of the present invention further provides a terminal, as shown in fig. 14, where the terminal may be configured to implement the method for preventing information leakage provided in the foregoing embodiment. Specifically, the method comprises the following steps:
the terminal may include RF (Radio Frequency) circuitry 110, memory 120 including one or more computer-readable storage media, input unit 130, display unit 140, sensor 150, audio circuitry 160, WiFi (wireless fidelity) module 170, processor 180 including one or more processing cores, and power supply 190. Those skilled in the art will appreciate that the terminal structure shown in fig. 14 is not intended to be limiting and may include more or fewer components than shown, or some components may be combined, or a different arrangement of components. Wherein:
the RF circuit 110 may be used for receiving and transmitting signals during information transmission and reception or during a call, and in particular, receives downlink information from a base station and then sends the received downlink information to the one or more processors 180 for processing; in addition, data relating to uplink is transmitted to the base station. In general, the RF circuitry 110 includes, but is not limited to, an antenna, at least one Amplifier, a tuner, one or more oscillators, a Subscriber Identity Module (SIM) card, a transceiver, a coupler, an LNA (Low Noise Amplifier), a duplexer, and the like. In addition, the RF circuitry 110 may also communicate with networks and other devices via wireless communications. The wireless communication may use any communication standard or protocol, including but not limited to GSM (Global System for Mobile communications), GPRS (General Packet Radio Service), CDMA (Code Division Multiple Access), WCDMA (Wideband Code Division Multiple Access), LTE (Long Term Evolution), e-mail, SMS (short messaging Service), etc.
The memory 120 may be used to store software programs and modules, and the processor 180 executes various functional applications and data processing by operating the software programs and modules stored in the memory 120. The memory 120 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, application programs required for functions, and the like; the storage data area may store data created according to the use of the terminal, and the like. Further, the memory 120 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, the memory 120 may further include a memory controller to provide the processor 180 and the input unit 130 with access to the memory 120.
The input unit 130 may be used to receive input numeric or character information and generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control. In particular, the input unit 130 may include a touch-sensitive surface 131 as well as other input devices 132. The touch-sensitive surface 131, also referred to as a touch display screen or a touch pad, may collect touch operations by a user on or near the touch-sensitive surface 131 (e.g., operations by a user on or near the touch-sensitive surface 131 using a finger, a stylus, or any other suitable object or attachment), and drive the corresponding connection device according to a predetermined program. Alternatively, the touch sensitive surface 131 may comprise two parts, a touch detection means and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 180, and can receive and execute commands sent by the processor 180. Additionally, the touch-sensitive surface 131 may be implemented using various types of resistive, capacitive, infrared, and surface acoustic waves. In addition to the touch-sensitive surface 131, the input unit 130 may also include other input devices 132. In particular, other input devices 132 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.
The display unit 140 may be used to display information input by or provided to a user and various graphic user interfaces of the terminal, which may be configured by graphics, text, icons, video, and any combination thereof. The Display unit 140 may include a Display panel 141, and optionally, the Display panel 141 may be configured in the form of an LCD (Liquid Crystal Display), an OLED (Organic Light-Emitting Diode), or the like. Further, the touch-sensitive surface 131 may cover the display panel 141, and when a touch operation is detected on or near the touch-sensitive surface 131, the touch operation is transmitted to the processor 180 to determine the type of the touch event, and then the processor 180 provides a corresponding visual output on the display panel 141 according to the type of the touch event. Although in FIG. 14, touch-sensitive surface 131 and display panel 141 are shown as two separate components to implement input and output functions, in some embodiments, touch-sensitive surface 131 may be integrated with display panel 141 to implement input and output functions.
The terminal may also include at least one sensor 150, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor that adjusts the brightness of the display panel 141 according to the brightness of ambient light, and a proximity sensor that turns off the display panel 141 and/or a backlight when the terminal is moved to the ear. As one of the motion sensors, the gravity acceleration sensor can detect the magnitude of acceleration in each direction (generally, three axes), detect the magnitude and direction of gravity when the terminal is stationary, and can be used for applications of recognizing terminal gestures (such as horizontal and vertical screen switching, related games, magnetometer gesture calibration), vibration recognition related functions (such as pedometer and tapping), and the like; as for other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which can be configured in the terminal, detailed description is omitted here.
WiFi belongs to a short-distance wireless transmission technology, and the terminal can help a user to send and receive e-mails, browse webpages, access streaming media and the like through the WiFi module 170, and provides wireless broadband internet access for the user. Although fig. 14 shows the WiFi module 170, it is understood that it does not belong to the essential constitution of the terminal, and may be omitted entirely as needed within the scope not changing the essence of the invention.
The processor 180 is a control center of the terminal, connects various parts of the entire terminal using various interfaces and lines, performs various functions of the terminal and processes data by operating or executing software programs and/or modules stored in the memory 120 and calling data stored in the memory 120, thereby performing overall monitoring of the terminal. Optionally, processor 180 may include one or more processing cores; preferably, the processor 180 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 180.
The terminal also includes a power supply 190 (e.g., a battery) for powering the various components, which may preferably be logically coupled to the processor 180 via a power management system to manage charging, discharging, and power consumption management functions via the power management system. The power supply 190 may also include any component including one or more of a dc or ac power source, a recharging system, a power failure detection circuit, a power converter or inverter, a power status indicator, and the like.
Although not shown, the terminal may further include a camera, a bluetooth module, and the like, which are not described herein again. Specifically, in this embodiment, the display unit of the terminal is a touch screen display, the terminal further includes a memory, and one or more programs, where the one or more programs are stored in the memory and configured to be executed by the one or more processors, and the one or more programs include instructions for:
responding to the detected interface operation, and acquiring a Uniform Resource Locator (URL) address to be accessed;
sending a query request to a server, wherein the query request is used for querying the security state of the URL address; the server is used for receiving the query request and returning the security state of the Uniform Resource Locator (URL) address;
receiving the security state of the Uniform Resource Locator (URL) address returned by the server;
judging whether information leakage prompting is needed or not according to the safety state; if so, then
Accessing the Uniform Resource Locator (URL) address;
monitoring and acquiring user input information;
judging whether the input information is sensitive information;
and if so, prompting the user.
Further, the memory of the terminal further contains instructions for:
the safety state includes danger, safety and unknown, judging whether to need to carry out information leakage prompting according to the safety state includes:
and judging whether the safety state is unknown or not, if so, prompting information leakage.
Further, the memory of the terminal further contains instructions for:
after the receiving the security status of the uniform resource locator URL address returned by the server, the method further includes:
and judging whether the safety state is dangerous or not, and if so, intercepting the access of a user to the URL address.
Further, the memory of the terminal further contains instructions for:
the sensitive information comprises an identity card number, a bank card number, a payment account number and/or a login account number of common software.
Further, the memory of the terminal further contains instructions for:
accessing the URL address through a browser, wherein the monitoring and obtaining user input information comprises:
responding to an input instruction, traversing an input box of a webpage on a browser and obtaining a mouse focus;
and acquiring the user input information in the input box.
Further, the memory of the terminal further contains instructions for:
accessing the URL address through a browser, wherein the monitoring and obtaining user input information comprises:
in response to an input instruction, enumerating child windows of the browser in a browser process space;
obtaining a mouse focus and judging whether the focus is positioned in an input box;
and if so, acquiring the handle of the input box, and reading the user input information in the input box.
In summary, the terminal provided in the embodiment of the present invention can be used to implement a method for preventing information leakage, and can perform different processing on a URL to be visited based on a security state of the URL to be visited, thereby taking into account multiple security states. In addition, if the security state of the URL to be accessed is unknown, the information input by the user is detected, the sensitive information is prompted, the user is prevented from being shielded by a malicious website to reveal the sensitive information, and the property and privacy security of the user is protected.
An embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium may be a computer-readable storage medium contained in the memory in the foregoing embodiment; or it may be a separate computer-readable storage medium not incorporated in the terminal. A computer-readable storage medium storing one or more programs, the one or more programs being used by one or more processors to perform a method of preventing information leakage, the method comprising:
responding to the detected interface operation, and acquiring a Uniform Resource Locator (URL) address to be accessed;
sending a query request to a server, wherein the query request is used for querying the security state of the URL address; the server is used for receiving the query request and returning the security state of the Uniform Resource Locator (URL) address;
receiving the security state of the Uniform Resource Locator (URL) address returned by the server;
judging whether information leakage prompting is needed or not according to the safety state; if so, then
Accessing the Uniform Resource Locator (URL) address;
monitoring and acquiring user input information;
judging whether the input information is sensitive information;
and if so, prompting the user.
Further, the method further comprises: the server is used for extracting the uniform resource locator URL address carried in the query request, querying whether the uniform resource locator URL address is located in a preset safe URL white list, if so, setting the safe state of the uniform resource locator URL address as safe, and returning to the safe state.
Further, the method further comprises: the server is also used for inquiring whether the URL address is positioned in a preset dangerous URL blacklist or not, if so, the safety state of the URL address is set to be dangerous, and the safety state is returned.
Further, the method further comprises: the server is also used for identifying whether the URL address is a dangerous URL address, if so, setting the safety state of the URL address as dangerous, and returning to the safety state.
Further, the method further comprises: the server is also used for adding the identified URL address of the uniform resource locator into a preset danger URL blacklist.
Further, the method further comprises: the server also judges whether the URL address has a definite safety state, wherein the definite safety state is dangerous or safe; if not, setting the security state of the URL address as unknown, and returning to the security state.
Further, the method further comprises: the safety state includes danger, safety and unknown, judging whether to need to carry out information leakage prompting according to the safety state includes:
and judging whether the safety state is unknown or not, if so, prompting information leakage.
Further, the method further comprises: after the receiving the security status of the uniform resource locator URL address returned by the server, the method further includes:
and judging whether the safety state is dangerous or not, and if so, intercepting the access of a user to the URL address.
Further, the method further comprises: the sensitive information comprises an identity card number, a bank card number, a payment account number and/or a login account number of common software.
Further, the method further comprises: accessing the URL address through a browser, wherein the monitoring and obtaining user input information includes:
responding to an input instruction, traversing an input box of a webpage on a browser and obtaining a mouse focus;
and acquiring the user input information in the input box.
Further, the method further comprises: accessing the URL address through a browser, wherein the monitoring and obtaining user input information comprises:
in response to an input instruction, enumerating child windows of the browser in a browser process space;
obtaining a mouse focus and judging whether the focus is positioned in an input box;
and if so, acquiring the handle of the input box, and reading the user input information in the input box.
In summary, the computer-readable storage medium provided in the embodiments of the present invention can be used to implement a method for preventing information leakage, and can perform different processing on a URL to be accessed based on a security state of the URL to be accessed, thereby taking into account multiple security states. In addition, if the security state of the URL to be accessed is unknown, the information input by the user is detected, the sensitive information is prompted, the user is prevented from being shielded by a malicious website to reveal the sensitive information, and the property and privacy security of the user is protected.
The embodiment of the invention also provides a graphical user interface, which is used on a terminal, wherein the terminal comprises a touch screen display, a memory and one or more processors for executing one or more programs; the graphical user interface comprises:
responding to the detected interface operation, and acquiring a Uniform Resource Locator (URL) address to be accessed;
sending a query request to a server, wherein the query request is used for querying the security state of the URL address; the server is used for receiving the query request and returning the security state of the Uniform Resource Locator (URL) address;
receiving the security state of the Uniform Resource Locator (URL) address returned by the server;
judging whether information leakage prompting is needed or not according to the safety state; if so, then
Accessing the Uniform Resource Locator (URL) address;
monitoring and acquiring user input information;
judging whether the input information is sensitive information;
and if so, prompting the user.
In summary, the graphical user interface provided in the embodiment of the present invention can perform corresponding security measures according to the interface operation of the user, prevent the user information from being leaked, and maintain the property and privacy security of the user.
Fig. 15 is a schematic diagram of a server structure according to another embodiment of the present invention. The server 600 may vary significantly due to configuration or performance, and may include one or more Central Processing Units (CPUs) 622 (e.g., one or more processors) and memory 632, one or more storage media 630 (e.g., one or more mass storage devices) storing applications 642 or data 644. Memory 632 and storage medium 630 may be, among other things, transient or persistent storage. The program stored in the storage medium 630 may include one or more modules (not shown), each of which may include a series of instruction operations for the server. Still further, the central processor 622 may be configured to communicate with the storage medium 630 and execute a series of instruction operations in the storage medium 630 on the server 600. The server 600 may also include one or more power supplies 626, one or more wired or wireless network interfaces 650, one or more input-output interfaces 658, and/or one or more operating systems 641, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, and so forth. The related functions of the server described in the above method embodiments may be based on the server structure shown in fig. 15.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed terminal can be implemented in other manners. The above-described system embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention.
Claims (14)
1. A method for preventing information leakage, the method comprising:
responding to the detected interface operation, and acquiring a Uniform Resource Locator (URL) address to be accessed;
sending a query request to a server, wherein the query request is used for querying the security state of the URL address; the server is used for receiving the query request and returning the security state of the Uniform Resource Locator (URL) address; the server is used for judging whether the URL address has a clear safety state, and the clear safety state is dangerous or safe; if not, setting the security state of the URL address as unknown;
receiving the security state of the Uniform Resource Locator (URL) address returned by the server;
judging whether information leakage prompting is needed or not according to the safety state;
if the safety state is unknown, judging that information leakage prompting is needed; accessing the Uniform Resource Locator (URL) address; monitoring and acquiring user input information; judging whether the input information is sensitive information; if so, prompting the user;
and if the safety state is dangerous, intercepting the access of the user to the URL address, displaying an interception interface, wherein the interception interface is used for reminding the user of the risk and allowing the user to inquire the counterfeited legal website.
2. The method according to claim 1, wherein the server is configured to extract a uniform resource locator URL address carried in the query request, query whether the uniform resource locator URL address is in a preset security URL white list, set a security status of the uniform resource locator URL address as secure if the uniform resource locator URL address is in the preset security URL white list, and return to the security status.
3. The method of claim 2, wherein the server is further configured to query whether the URL address is in a predefined URL blacklist, and if so, set the security status of the URL address to dangerous and return to the security status.
4. The method of claim 3, wherein the server is further configured to identify whether the URL address is a dangerous URL address, and if so, set a safe state of the URL address to dangerous, and return to the safe state.
5. The method of claim 4, wherein the server is further configured to add the identified URL address to a pre-defined blacklist of dangerous URLs.
6. The method of claim 1, wherein the sensitive information includes an identification number, a bank card number, a pay bank account number, and/or a login account number of a common software.
7. The method of claim 1, wherein accessing the Uniform Resource Locator (URL) address via a browser, the monitoring and retrieving user input information comprises:
responding to an input instruction, traversing an input box of a webpage on a browser and obtaining a mouse focus;
and acquiring the user input information in the input box.
8. The method of claim 1, wherein accessing the Uniform Resource Locator (URL) address via a browser, the monitoring and retrieving user input information comprises:
in response to an input instruction, enumerating child windows of the browser in a browser process space;
obtaining a mouse focus and judging whether the focus is positioned in an input box;
and if so, acquiring the handle of the input box, and reading the user input information in the input box.
9. An apparatus for preventing information leakage, comprising:
the address acquisition module is used for responding to the detected interface operation and acquiring a Uniform Resource Locator (URL) address to be accessed;
the query request sending module is used for sending a query request to a server, wherein the query request is used for querying the security state of the Uniform Resource Locator (URL) address; the server is used for receiving the query request and returning the security state of the Uniform Resource Locator (URL) address; the server is used for judging whether the URL address has a clear safety state, and the clear safety state is dangerous or safe; if not, setting the security state of the URL address as unknown;
the query request receiving module is used for receiving the security state of the uniform resource locator URL address returned by the server;
the leakage prompt judging module is used for judging whether information leakage prompt is needed or not according to the safety state;
the access module is used for accessing the URL address;
the input information tracking module is used for judging that information leakage prompt is needed if the safety state is unknown; monitoring and acquiring user input information;
the sensitive information judging module is used for judging whether the input information is sensitive information;
the prompting module is used for prompting a user;
the danger judgment module is used for judging whether the safety state is dangerous or not;
and the interception module is used for intercepting the access of the user to the URL address, displaying an interception interface, and the interception interface is used for reminding the user of the existence of risks and allowing the user to inquire a counterfeited legal website.
10. The apparatus of claim 9, wherein the input information tracking module comprises:
the traversing unit is used for responding to the input instruction and traversing the input box of the webpage on the browser;
a focus first acquisition unit for acquiring a mouse focus;
the first information acquisition unit is used for acquiring the user input information in the input box.
11. The apparatus of claim 9, wherein the input information tracking module comprises:
the enumeration unit is used for responding to an input instruction and enumerating the child windows of the browser in the process space of the browser;
a focus second acquisition unit for obtaining a mouse focus;
a focus judgment unit for judging whether the focus is located in an input frame;
and the second information acquisition unit is used for acquiring the handle of the input box and reading the user input information in the input box.
12. A terminal for preventing information leakage, characterized in that the terminal comprises an apparatus for preventing information leakage according to any of claims 9-11.
13. A system for preventing information leakage, comprising the apparatus for preventing information leakage of any one of claims 9 to 11 and a server, the server comprising:
the extraction module is used for extracting the URL address of the uniform resource locator carried in the query request;
the white list inquiring module is used for inquiring whether the URL address of the uniform resource locator is positioned in a preset safe URL white list or not;
the query blacklist module is used for querying whether the URL address of the uniform resource locator is positioned in a preset dangerous URL blacklist or not;
the safety state returning module is used for judging whether the URL address has a definite safety state, and the definite safety state is dangerous or safe; if not, setting the security state of the URL address as unknown; and returning to the safe state.
14. The system of claim 13, wherein the server further comprises:
the identification module is used for identifying whether the URL address is a dangerous URL address or not;
and the adding module is used for adding the identified URL address into a preset danger URL blacklist.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611029752.6A CN106713266B (en) | 2016-11-14 | 2016-11-14 | Method, device, terminal and system for preventing information leakage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611029752.6A CN106713266B (en) | 2016-11-14 | 2016-11-14 | Method, device, terminal and system for preventing information leakage |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106713266A CN106713266A (en) | 2017-05-24 |
| CN106713266B true CN106713266B (en) | 2020-09-04 |
Family
ID=58941230
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611029752.6A Active CN106713266B (en) | 2016-11-14 | 2016-11-14 | Method, device, terminal and system for preventing information leakage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106713266B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108712275A (en) * | 2018-04-19 | 2018-10-26 | 平安科技(深圳)有限公司 | Data transmission methods of risk assessment, device, computer equipment and storage medium |
| CN110677374A (en) * | 2018-07-02 | 2020-01-10 | 中国电信股份有限公司 | Method and device for preventing phishing attack and computer readable storage medium |
| CN108810233B (en) * | 2018-07-10 | 2022-01-21 | 郑友缘 | Malicious incoming call identification method and device |
| CN112350992A (en) * | 2020-09-28 | 2021-02-09 | 广东电力信息科技有限公司 | Safety protection method, device, equipment and storage medium based on web white list |
| CN112073439A (en) * | 2020-10-13 | 2020-12-11 | 中国联合网络通信集团有限公司 | Secure Internet access control method, gateway equipment and storage medium |
| CN112437075A (en) * | 2020-11-18 | 2021-03-02 | 中国联合网络通信集团有限公司 | Data processing method, device, equipment and storage medium |
| CN115174222A (en) * | 2022-07-06 | 2022-10-11 | 北京神州安付科技股份有限公司 | Information security protection method and system based on mobile device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102930214A (en) * | 2012-10-29 | 2013-02-13 | 珠海市君天电子科技有限公司 | Method and device for proving risk prompts against unknown shopping website |
| CN104615940A (en) * | 2014-10-27 | 2015-05-13 | 腾讯科技(深圳)有限公司 | Sensitive information displaying method and device |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7606821B2 (en) * | 2004-06-30 | 2009-10-20 | Ebay Inc. | Method and system for preventing fraudulent activities |
| CN101183415A (en) * | 2007-12-19 | 2008-05-21 | 腾讯科技(深圳)有限公司 | Method and device for preventing sensitive information from leakage |
| US8438642B2 (en) * | 2009-06-05 | 2013-05-07 | At&T Intellectual Property I, L.P. | Method of detecting potential phishing by analyzing universal resource locators |
| CN102647408A (en) * | 2012-02-27 | 2012-08-22 | 珠海市君天电子科技有限公司 | Method for judging phishing website based on content analysis |
| CN102638448A (en) * | 2012-02-27 | 2012-08-15 | 珠海市君天电子科技有限公司 | Method for judging phishing websites based on non-content analysis |
| CN102957693B (en) * | 2012-10-25 | 2015-09-30 | 北京奇虎科技有限公司 | Fishing website determination methods and device |
| CN102938766B (en) * | 2012-11-12 | 2016-08-24 | 北京奇虎科技有限公司 | Maliciously website prompt method and device |
| CN103368958A (en) * | 2013-07-05 | 2013-10-23 | 腾讯科技(深圳)有限公司 | Method, device and system for detecting webpage |
-
2016
- 2016-11-14 CN CN201611029752.6A patent/CN106713266B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102930214A (en) * | 2012-10-29 | 2013-02-13 | 珠海市君天电子科技有限公司 | Method and device for proving risk prompts against unknown shopping website |
| CN104615940A (en) * | 2014-10-27 | 2015-05-13 | 腾讯科技(深圳)有限公司 | Sensitive information displaying method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106713266A (en) | 2017-05-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106713266B (en) | Method, device, terminal and system for preventing information leakage | |
| CN104125216B (en) | A kind of method, system and terminal for lifting credible performing environment security | |
| US9703971B2 (en) | Sensitive operation verification method, terminal device, server, and verification system | |
| CN103425736B (en) | A kind of web information recognition, Apparatus and system | |
| US9712562B2 (en) | Method, device and system for detecting potential phishing websites | |
| EP3200487B1 (en) | Message processing method and apparatus | |
| CN110869907B (en) | Method and terminal for browsing application page | |
| US20160241589A1 (en) | Method and apparatus for identifying malicious website | |
| CN104901805B (en) | A kind of identification authentication methods, devices and systems | |
| CN108475304B (en) | Method and device for associating application program and biological characteristics and mobile terminal | |
| WO2014108005A1 (en) | Co-verification method, two-dimensional code generation method, and device and system therefor | |
| CN109089229B (en) | Method, device, storage medium and terminal for risk prompt | |
| CN105912905A (en) | Fingerprint unlocking method and terminal | |
| CN105281906A (en) | Safety authentication method and device | |
| CN109873794B (en) | Protection method for denial of service attack and server | |
| WO2015078274A1 (en) | Devices and methods for password storage | |
| WO2018127048A1 (en) | Data display method and device, and storage medium | |
| WO2018214748A1 (en) | Method and apparatus for displaying application interface, terminal and storage medium | |
| CN108573169A (en) | Nearest task list display methods and device, storage medium, electronic equipment | |
| CN104573437A (en) | Information authentication method, device and terminal | |
| CN109450853B (en) | Malicious website determination method and device, terminal and server | |
| CN110856173B (en) | Network access method and device and electronic equipment | |
| CN105791253B (en) | Method and device for acquiring authentication information of website | |
| CN103532988A (en) | Web page access control method, related devices and system | |
| CN104966024B (en) | A kind of method and device of protection database |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |