CN110502925B - Method for protecting privacy of web page content - Google Patents
Method for protecting privacy of web page content Download PDFInfo
- Publication number
- CN110502925B CN110502925B CN201910784523.2A CN201910784523A CN110502925B CN 110502925 B CN110502925 B CN 110502925B CN 201910784523 A CN201910784523 A CN 201910784523A CN 110502925 B CN110502925 B CN 110502925B
- Authority
- CN
- China
- Prior art keywords
- page
- layer
- content
- password
- mask
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method for protecting the privacy of web page content, which comprises the following steps: step 1: setting a multi-layer structure mask at least comprising a password locking layer, a page fuzzy shielding layer and a page content encryption layer which are sequentially arranged, and setting a timer and at least one button to be associated with the mask; step 2: when the user clicks the associated button or after a period of time, the mask of the multi-layer structure is triggered to lock and protect the current page. The screen is shielded through the mask of the multilayer structure, wherein the password locking layer is common, but the password locking layer is easy to crack, and therefore the fuzzy page shielding layer is arranged below the password locking layer to fuzzify the content of the page, so that the content can be prevented from being stolen by modes such as shooting and screen capturing, the content encryption layer encrypts the content information of the page, the original content can not be obtained after the content information is clearly processed by picture processing software such as PS (packet switched), and the safety factor is higher.
Description
Technical Field
The invention relates to the technical field of computer software, in particular to a method for protecting privacy of web page content.
Background
At present, the Internet in China is popularized to a plurality of villages and towns, the Internet is deep in the aspects of people's life, people enjoy high-speed and convenient services of the Internet and have a plurality of Internet potential safety hazards, and the personal privacy and the personal information are particularly dangerous to leak.
There are currently roughly two types of protection for pages viewed by users on the internet.
One is to generate an environment similar to an isolation sandbox by using a privacy mode of the browser for a user to use the browser, and in the mode, the web page does not record and store any operation of the user in the page, such as an input password, a history of searching, a history of browsed web pages, and the like, so as to achieve the purpose of protecting the content of the page. The method comprises the following steps that a user opens a page, a code executes and detects the name and the version of a current browser, the name and the version of the browser supporting a privacy mode are compared with the name and the version of the browser preset in the code, if the name and the version of the browser supporting the privacy mode are in accordance with the name and the version of the browser, a corresponding interface of the browser is called to start the privacy mode corresponding to the browser to open the page, if the name and the version of the browser are not in accordance with the privacy mode, the user is prompted that the currently used browser does not support the privacy mode, the browser supporting the privacy mode is recommended for the user, and the page is continuously loaded in a conventional mode until the page is completely loaded. The technical defect is that a browser is required to support a privacy mode, and the page content protection provided by the privacy mode is only protection for user behavior, but not substantial protection of page content, and other people can still see the content on the page after the user leaves the device terminal, that is, the data of the page does not play a role in protecting the data in the living environment where the user is located.
The second is to form an identification pattern with user information on a page by adding a mark to original page data, specifically, embedding a watermark in a form of picture into a DOM (text object model, i.e., a layout support frame for all contents of a web page) of the page, so as to indicate the ownership of the content of the page, thereby achieving the purpose of protecting the privacy of the content of the page. The technical process comprises the steps of obtaining login information when a user logs in a website, generating a watermark according to the login information, and adding the watermark to a webpage browsed by the user, so that the risk of revealing privacy through modes of screen capturing, photographing and the like is reduced, the source of information disclosure can be known according to the watermark information on the webpage, and the traceability of the information disclosure is ensured. The obvious defect is that the watermark is used on the page, the original content information of the page can be possibly shielded, the page content is incompletely or not clearly displayed, the user is influenced to obtain the original content information of the page, the original information of the page content is damaged in data transmission, the method cannot prevent the user information from being stolen by other people, and the other people can perform watermark removal processing on the screenshot of the page content with the watermark through image processing software such as Photoshop after the page content is screenshot. Some people with web page development experience can also remove or modify the code in the DOM about the watermark by calling up the browser console and manually positioning, resulting in the failure of the watermark effect.
The existing two methods do not substantially protect page content, and are also easy to steal page content or steal encrypted content by modifying codes through a browser console.
Disclosure of Invention
The invention aims to provide a method for protecting the privacy of web page content, which is used for solving the problems that the two methods in the prior art do not protect the page content substantially and are also easy to steal the page content by people or steal the encrypted content by modifying codes through a browser console.
The invention solves the problems through the following technical scheme:
a method of privacy protection of web page content, the method comprising the steps of:
step 1: setting a multi-layer structure mask at least comprising a password locking layer, a page fuzzy shielding layer and a page content encryption layer which are sequentially arranged, and setting a timer and at least one button to be associated with the mask;
step 2: and when the user clicks the associated button or stops operating for a period of time, triggering the mask of the multilayer structure to lock and protect the current page.
The screen is shielded through the mask of the multilayer structure, wherein the password locking layer is common, but the password locking layer is easy to crack, and therefore the fuzzy page shielding layer is arranged below the password locking layer to fuzzify the content of the page, so that the content can be prevented from being stolen by modes such as shooting and screen capturing, the content encryption layer encrypts the content information of the page, the original content can not be obtained after the content information is clearly processed by picture processing software such as PS (packet switched), and the safety factor is higher.
Preferably, the page fuzzy shielding layer comprises a plurality of independent shielding partitions, transparency of each shielding partition is independent, the transparency of each shielding partition can be consistent or different, the plurality of independent shielding partitions can protect page contents more finely, each independent partition needs to be adjusted once even if the contents are checked in a transparency adjusting mode, and cracking difficulty is high.
Preferably, the page fuzzy shielding layers are at least 1 layer, the transparency of each fuzzy shielding layer is different, shielding effects can be formed among the shielding layers with different transparencies, the shielding effects are better, each shielding layer needs to be adjusted once even if the content is checked in a transparency adjusting mode, and the cracking difficulty is higher.
Preferably, the page content encryption layer is encrypted and replaced by a hash encryption algorithm and is associated with the password locking layer, and the content of the original page can be viewed only after the password locking layer inputs a correct password, because the hash encryption is irreversible, the content of the page cannot be viewed if the password cannot be input correctly, and the safety factor is very high.
Preferably, the original page content is sent to a server of the web page for storage after passing through a hash encryption algorithm, and only after the user inputs a correct password in the password locking layer, the server transmits the real original content to the user terminal for rendering.
Preferably, the password is encrypted by a hash encryption algorithm after being set and then transmitted to the web page server side for storage, and the password cannot be cracked due to the irreversible hash and has high safety performance.
Preferably, the time for stopping the operation may be set to not more than five minutes at most.
Compared with the prior art, the invention has the following advantages and beneficial effects:
(1) the method protects the page content privacy of the user in all directions from three dimensions of user behavior, terminal equipment and a server, so that the user does not need to worry about the content privacy being snooped by others while browsing the page, and the method is reliable and safe.
(2) The method has simple operation steps, strong portability, strong cross-platform performance and wide application range, and is suitable for any page with a login system.
Drawings
FIG. 1 is a schematic block diagram of a method of web page content privacy protection of the present invention;
FIG. 2 is a schematic view of a mask multilayer structure according to the present invention;
FIG. 3 is a schematic diagram of a structure of a page obscuring shield layer according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to examples, but the embodiments of the present invention are not limited thereto.
Example 1:
referring to fig. 1, a method for protecting privacy of web page content includes the following steps:
step 1: setting a multi-layer structure mask at least comprising a password locking layer, a page fuzzy shielding layer and a page content encryption layer which are sequentially arranged, and setting a timer and at least one button to be associated with the mask;
step 2: and when the user clicks the associated button or stops operating for a period of time, triggering the mask of the multilayer structure to lock and protect the current page.
Taking the native HTML5 page as an example, the following three files are first created:
file1, an HTML file of the source code of the web page.
File2, a CSS file of web page source code, is used to modify the style layout in the page.
The file3 is a JavaScript file of a web page source code, and is used for event triggering, data processing, and data transmission.
A "sandwich model" is then created, i.e. a multi-layer structure mask:
creating D1 as a password lock layer, which includes a password entry box and an "unlock" button.
Creating D2 as a page obscuring mask is a full screen page mask made up of a number of tiles. The "width" attribute of the outermost tag of D2 is set to "100%", and full-screen rendering is achieved. The method comprises the steps of obtaining the width and the height of the inside of a page through the native clientWidth and clientHeight methods of a browser, and then dividing the width and the height by a positive integer to obtain the width and the height of each block. For example, if there is a page with a width of 1920px and a height of 960px, taking a positive integer of 10, a small block with a width of 192px and a height of 96px is obtained, then, through traversal rendering, 100 small blocks with the same attribute are rendered on the page by using a browser native method "lnnerhtml", and each small block is loaded with a CSS class selector with a transparency attribute of 1, which not only achieves full-screen page masking, but also plays a great barrier role in actions of others to modify mask codes to remove the masking effect by using a browser console, because 100 small blocks in the fuzzy layer need to be operated separately to completely remove the masking effect.
Creation D3 encrypts the page content layer, including a "leave" button and example page content — this is a page content.
Next, the NodeJS software is downloaded and installed, and the encrypted library file is downloaded and installed by the npm package manager command, for example, "npm install js-sha 512", and the library file is imported in the file3 using the "import" method. Instead of using nodjs' npm to download "js-sha 512," the file can be downloaded and referenced via the web site that provides "js-sha 512.
And finally, compiling a function method, namely a function1, popping up an input box of the password set by the user when the user clicks a 'leave' button, acquiring the password input by the user, carrying out hash encryption and transmitting the encrypted password to the server, judging whether to render D1 and D2 or not according to whether the password returned by the server is successfully marked or not, and calling the function2 or not.
The method function2 encrypts the page text content by using the method "sha 512" of "js-sha 512", for example, the example page content is "this is a page content", and the content is encrypted as a parameter to be "7086 ffee61042430ddc7d71af7f8f787e6097ce27997b6a6344a1b28e8e7b5e1875aa1cf3fc0831e45c113971bd4d15ff39113415c157c1bfc3877943a2aa5d 6", so that readability is greatly reduced, and security of the user page content itself is greatly protected.
The method function3, when the user clicks 'unlock', obtains the decryption password input by the user, encrypts the hash of the password and transmits the encrypted password to the server, and the server compares the encrypted password with the set password, if the encrypted password is the same as the set password, the original page content data and the identification are returned, and the identification is used for informing the page to cancel rendering D1 and D2.
The method function4 includes monitoring whether a user mouse moves by using a browser native event onmousenove, if the user mouse does not move for more than 5 minutes, determining that the user leaves an equipment terminal and a page should be locked, then sending a request to a server, informing a back end of setting a user password as a decryption password, rendering D1 and D2 after the server returns a password success identifier, and calling a function2 to encrypt page content.
Although the present invention has been described herein with reference to the illustrated embodiments thereof, which are intended to be preferred embodiments of the present invention, it is to be understood that the invention is not limited thereto, and that numerous other modifications and embodiments can be devised by those skilled in the art that will fall within the spirit and scope of the principles of this disclosure.
Claims (3)
1. A method for privacy protection of web page content, the method comprising the steps of:
step 1: setting a multi-layer structure mask at least comprising a password locking layer, a page fuzzy shielding layer and a page content encryption layer which are sequentially arranged, and setting a timer and at least one button to be associated with the mask;
step 2: when a user clicks a related button or stops operating for a period of time, triggering a mask of a multilayer structure to lock and protect a current page;
the page fuzzy shielding layer comprises a plurality of independent shielding subareas, the transparency of each shielding subarea is independent, and the transparency of each shielding subarea can be consistent or different;
the page fuzzy shielding layers are at least 1 layer, and the transparency of each fuzzy shielding layer is different;
the page content encryption layer is encrypted and replaced through a hash encryption algorithm and is associated with the password locking layer, and the content of the original page can be checked only after a correct password is input into the password locking layer;
the original page content is sent to a server of the web page for storage after passing through a hash encryption algorithm, and only after a user inputs a correct password in a password locking layer, the server transmits the real original content to a user terminal for rendering;
and after being set, the password is encrypted by a hash encryption algorithm and then transmitted to a web page server for storage.
2. The method of web page content privacy protection according to claim 1, wherein: and after being set, the password is encrypted by a hash encryption algorithm and then transmitted to a web page server for storage.
3. The method of web page content privacy protection according to claim 1, wherein: the time for stopping the operation may be set to not more than five minutes at most.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910784523.2A CN110502925B (en) | 2019-08-23 | 2019-08-23 | Method for protecting privacy of web page content |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910784523.2A CN110502925B (en) | 2019-08-23 | 2019-08-23 | Method for protecting privacy of web page content |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110502925A CN110502925A (en) | 2019-11-26 |
| CN110502925B true CN110502925B (en) | 2022-04-15 |
Family
ID=68589254
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910784523.2A Active CN110502925B (en) | 2019-08-23 | 2019-08-23 | Method for protecting privacy of web page content |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110502925B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111222125A (en) * | 2019-12-17 | 2020-06-02 | 中国电力科学研究院有限公司 | Client and server safety protection system of enterprise browser |
| CN112039662B (en) * | 2020-08-26 | 2024-07-16 | 山谷网安科技股份有限公司 | Symmetric encryption transmission method for sensitive data in secret related unit Web application webpage |
| CN112700512A (en) * | 2020-12-28 | 2021-04-23 | 北京小米移动软件有限公司 | Application display method and device, electronic equipment and storage medium |
| CN113296773B (en) * | 2021-05-28 | 2023-07-25 | 北京思特奇信息技术股份有限公司 | Copyright labeling method and system for cascading style sheets |
| CN113987472B (en) * | 2021-09-14 | 2023-07-18 | 北京纽盾网安信息技术有限公司 | Webpage browsing security detection method, device and system |
| CN116756708B (en) * | 2023-05-30 | 2023-12-05 | 佛山众陶联供应链服务有限公司 | Protection method for variable granularity of digital product page copyright |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101296457A (en) * | 2008-06-25 | 2008-10-29 | 深圳华为通信技术有限公司 | Screen operation method and device |
| CN105260682A (en) * | 2015-10-14 | 2016-01-20 | 广东小天才科技有限公司 | Method and device for protecting user privacy |
| CN106056011A (en) * | 2016-05-30 | 2016-10-26 | 维沃移动通信有限公司 | Display method and mobile terminal |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9047713B2 (en) * | 2010-04-30 | 2015-06-02 | Bryan P. Chapman | Multiface document |
| CN103177044B (en) * | 2011-12-26 | 2017-11-21 | 腾讯科技(深圳)有限公司 | Web page display screen locking means and system |
| CN103870558B (en) * | 2012-03-29 | 2017-01-25 | 北京奇虎科技有限公司 | Page rendering method and mask layer creating method |
| CN106250152B (en) * | 2016-07-29 | 2019-09-27 | 北京金山安全软件有限公司 | Mobile terminal control method and device and mobile terminal |
| CN106961517B (en) * | 2017-02-27 | 2019-12-06 | 杨戈 | information security protection method and system based on mobile phone webpage |
| CN106959855A (en) * | 2017-03-27 | 2017-07-18 | 福建中金在线信息科技有限公司 | The display methods and device of a kind of mask layer |
| CN107609373A (en) * | 2017-09-07 | 2018-01-19 | 欧东方 | A kind of terminal device and its method for safeguard protection |
| WO2019095235A1 (en) * | 2017-11-16 | 2019-05-23 | 华为技术有限公司 | Display method and device, and terminal |
| CN109905346A (en) * | 2017-12-07 | 2019-06-18 | 镇江长圣信息技术咨询服务有限公司 | A kind of internet sensitive information encryption technology |
| CN110119634A (en) * | 2018-11-28 | 2019-08-13 | 熵加网络科技(北京)有限公司 | A method of with browser plug-in to text encryption and decryption |
-
2019
- 2019-08-23 CN CN201910784523.2A patent/CN110502925B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101296457A (en) * | 2008-06-25 | 2008-10-29 | 深圳华为通信技术有限公司 | Screen operation method and device |
| CN105260682A (en) * | 2015-10-14 | 2016-01-20 | 广东小天才科技有限公司 | Method and device for protecting user privacy |
| CN106056011A (en) * | 2016-05-30 | 2016-10-26 | 维沃移动通信有限公司 | Display method and mobile terminal |
Non-Patent Citations (3)
| Title |
|---|
| 《Privacy Protection in Street-View Panoramas using Depth and Multi-View Imagery》;Ries Uittenbogaard等;《2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)》;20190620;第10573-10582页 * |
| 《手机端当页面弹出遮罩层的时候,遮罩后面的页面禁止滚动且"锁定当前位置"》;https://blog.csdn.net/sophia_xiaoma/article/details/79173125;《https://blog.csdn.net/sophia_xiaoma/article/details/79173125》;20180126;全文 * |
| 《页面全屏遮罩的实现方式》;rainbow702;《https://blog.csdn.net/rainbow702/article/details/50519622》;20160114;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110502925A (en) | 2019-11-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110502925B (en) | Method for protecting privacy of web page content | |
| CN106095869B (en) | Advertisement information processing method, user equipment, background server and system | |
| Gupta et al. | Cross-Site Scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art | |
| KR101311286B1 (en) | Apparatus and method for displaying a watermark on screen | |
| Lekies et al. | 25 million flows later: large-scale detection of DOM-based XSS | |
| US6298446B1 (en) | Method and system for copyright protection of digital images transmitted over networks | |
| Li et al. | A survey on server-side approaches to securing web applications | |
| US8578499B1 (en) | Script-based scan engine embedded in a webpage for protecting computers against web threats | |
| KR100519842B1 (en) | Virus checking and reporting for computer database search results | |
| US8392706B2 (en) | Method and system for searching for, and collecting, electronically-stored information | |
| US20150058992A1 (en) | Method and system for malicious code detection | |
| CN105631355A (en) | Data processing method and device | |
| JP2014142960A (en) | Method and system of preventing browser-based fraud | |
| US8931084B1 (en) | Methods and systems for scripting defense | |
| KR20110087195A (en) | Apparatus and method for marking documents with executable text | |
| US20130074160A1 (en) | Method of controlling information processing system, computer-readable recording medium storing program for controlling apparatus | |
| US20080034210A1 (en) | Systems and Methods for Securely Providing and/or Accessing Information | |
| CN105488400A (en) | Comprehensive detection method and system of malicious webpage | |
| CN110417746A (en) | Cross-site scripting attack defence method, device, equipment and storage medium | |
| CN114969681A (en) | Method and system for generating webpage invisible watermark | |
| US9104876B1 (en) | Virtual file-based tamper resistant repository | |
| CN104598812B (en) | Web-page approach and device are browsed in sandbox | |
| CN112003847A (en) | Front-end authority access method and equipment | |
| Saini et al. | The darker side of firefox extension | |
| US20220253510A1 (en) | Web Browser Extension Script Obfuscation System |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |