CN112434327A - Information protection method and device and electronic equipment - Google Patents
Information protection method and device and electronic equipment Download PDFInfo
- Publication number
- CN112434327A CN112434327A CN201910791656.2A CN201910791656A CN112434327A CN 112434327 A CN112434327 A CN 112434327A CN 201910791656 A CN201910791656 A CN 201910791656A CN 112434327 A CN112434327 A CN 112434327A
- Authority
- CN
- China
- Prior art keywords
- streaming media
- sensitive information
- information
- applying
- drm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000012545 processing Methods 0.000 claims description 33
- 238000006243 chemical reaction Methods 0.000 claims description 23
- 238000012544 monitoring process Methods 0.000 claims description 8
- 238000005516 engineering process Methods 0.000 abstract description 7
- 238000010586 diagram Methods 0.000 description 24
- 230000006870 function Effects 0.000 description 15
- 238000004891 communication Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 230000000694 effects Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 4
- 238000011161 development Methods 0.000 description 3
- 230000001960 triggered effect Effects 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
The present disclosure relates to the field of computer technologies, and in particular, to an information protection method, an information protection apparatus, and an electronic device. The method comprises the following steps: acquiring sensitive information in a page to be displayed; converting the sensitive information to obtain streaming media applying DRM rules; and replacing the original control corresponding to the sensitive information with a streaming media playing control applying the DRM rule so as to play the streaming media applying the DRM rule by using the streaming media playing control. According to the technical scheme, the DRM protection strategy can be used for protecting the sensitive information in the page at the terminal equipment, and the fact that the sensitive information cannot be acquired in a screen capturing or screen recording mode is guaranteed.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to an information protection method, an information protection apparatus, and an electronic device.
Background
In the use process of the terminal device, in order to avoid leakage of the displayed sensitive information or confidential information in the display screen, a watermark, such as an explicit watermark or a blind watermark, may be added to the control of the on-screen display content. If the user leaks the secret information through the equipment screenshot or the recording screen, the leakage source can be checked back through the watermark. Or the terminal equipment can also monitor screen recording or screenshot events in the application, when the operation occurs, the terminal equipment pops up the window to remind and record the operation information, and when the subsequent security check is carried out, the terminal equipment can carry out back check through the operation log. Or, for the iOS Device, MDM (Mobile Device Management) technology may be used to directly and globally disable the screen capture and capture functions of the iOS Device in a configuration file manner, so that the content displayed on the screen in the application is not leaked in a screenshot or screen capture video manner.
However, the method of adding a watermark or monitoring screen recording and screen capturing events can only search a leakage source after information leakage, and cannot solve the problem of information leakage from the root. The MDM technology also has good effect only on non-jail-breaking iOS equipment; meanwhile, the MDM technology inevitably causes inconvenience for the user because such functions are globally disabled.
In view of this, there is a need in the art to develop a new information protection method.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present disclosure, and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
The embodiment of the disclosure provides an information protection method, an information protection device and electronic equipment, so that sensitive information can be effectively prevented from being leaked in a screenshot and screen recording mode at least to a certain extent.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the disclosure.
According to an aspect of an embodiment of the present disclosure, there is provided an information protection method, including: acquiring sensitive information in a page to be displayed; converting the sensitive information to obtain streaming media applying DRM rules; and replacing the original control corresponding to the sensitive information with a streaming media playing control applying the DRM rule so as to play the streaming media applying the DRM rule by using the streaming media playing control.
According to an aspect of an embodiment of the present disclosure, there is provided an information protection apparatus including: the sensitive information identification module is used for acquiring sensitive information in a page to be displayed; the sensitive information conversion module is used for carrying out conversion processing on the sensitive information to obtain streaming media applying DRM rules; and the original control replacing module is used for replacing the original control corresponding to the sensitive information with the streaming media playing control applying the DRM rule so as to play the streaming media applying the DRM rule by using the streaming media playing control.
In some embodiments of the present disclosure, based on the foregoing solution, the information protection apparatus further includes: the storage mode reading module is used for acquiring the storage mode of the sensitive information and executing a corresponding conversion strategy on the original control corresponding to the sensitive information according to the storage mode; wherein, the storage mode comprises: local storage and cloud storage.
In some embodiments of the present disclosure, based on the foregoing scheme, the storage manner of the sensitive information is cloud storage; the original control replacement module comprises: and the cloud processing unit is used for replacing the original control with an application DRM streaming media playing control so as to play the streaming media which is received from the cloud and is converted and processed by the sensitive information and applied with the DRM rule by using the streaming media playing control.
In some embodiments of the present disclosure, based on the foregoing scheme, the storage manner of the sensitive information is local storage; the original control replacement module comprises: and the local processing unit is used for replacing the original control with an application DRM streaming media playing control so as to play the streaming media applying the DRM rule, which is acquired after the sensitive information is locally converted, by using the streaming media playing control.
In some embodiments of the present disclosure, based on the foregoing solution, the local processing unit further includes: the information identification unit is used for identifying the type of the sensitive information; the text processing unit is used for prerendering a page where the text data are located to acquire a corresponding intermediate image and converting the intermediate image to acquire the streaming media data applying the DRM rule when the sensitive information is the text data; and the image processing unit is used for converting the image data to obtain the streaming media applying the DRM rule when the sensitive information is the image data.
In some embodiments of the present disclosure, based on the foregoing solution, the local processing unit further includes: the initialization unit is used for starting network service and initializing the streaming media playing control; the first callback triggering unit is used for configuring a play source for the streaming media play control so as to trigger callback of the streaming media play control; the second callback triggering unit is used for returning the address information and the key information of the streaming media to the streaming media playing control so as to trigger the streaming media playing control to call back again; and the streaming media playing unit is used for returning the updated key to the streaming media player so as to play the streaming media applying the DRM rule.
In some embodiments of the present disclosure, based on the foregoing solution, the local processing unit further includes: and the parameter configuration unit is used for configuring the playing parameters of the streaming media playing control so as to circularly play the streaming media applying the DRM rule.
In some embodiments of the present disclosure, based on the foregoing scheme, the sensitive data is configured with obfuscation information; the information protection apparatus further includes: the target operation monitoring module is used for monitoring target operation on the current display page and judging whether the current display page contains sensitive information or not when the target operation occurs; and the confusion information feedback module is used for reading the confusion information corresponding to the sensitive information and returning the confusion information as a feedback result of the target operation when the current display page is judged to contain the sensitive information.
According to an aspect of an embodiment of the present disclosure, there is provided an electronic device including: one or more processors; a storage device for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the information protection method as described in the above embodiments.
In the technical solutions provided in some embodiments of the present disclosure, after the sensitive information is obtained in the page to be displayed, the sensitive information may be converted to obtain the corresponding streaming media data to which the DRM rule is applied and which includes the sensitive information, and the original control corresponding to the sensitive information is replaced with the corresponding streaming media playing control in the page to be displayed. Therefore, the sensitive information in the page can be protected by using the DRM protection strategy at the terminal equipment, and the situation that the sensitive information cannot be acquired in a screen capturing or recording mode is ensured.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure. It is to be understood that the drawings in the following description are merely exemplary of the disclosure, and that other drawings may be derived from those drawings by one of ordinary skill in the art without the exercise of inventive faculty. In the drawings:
fig. 1 shows a schematic diagram of an exemplary system architecture to which technical aspects of embodiments of the present disclosure may be applied;
FIG. 2 schematically illustrates a flow diagram of an information protection method according to one embodiment of the present disclosure;
FIG. 3 schematically illustrates a flow diagram of a method of converting sensitive information into streaming media data according to one embodiment of the present disclosure;
FIG. 4 is a schematic flow chart diagram illustrating a method for a streaming media player to play converted streaming media data containing sensitive information according to an embodiment of the disclosure;
FIG. 5 schematically illustrates a flow diagram of a method of listening for screen capture or screen recording operations, according to one embodiment of the present disclosure;
6a-6b schematically illustrate a diagram of text format sensitive information and corresponding screen capture processing results, according to one embodiment of the present disclosure;
7a-7b schematically illustrate image format sensitive information and corresponding screen capture processing results according to one embodiment of the present disclosure;
8a-8b schematically illustrate a diagram of text format sensitive information and corresponding screen capture processing results, according to one embodiment of the present disclosure;
9a-9b schematically illustrate a diagram of text format sensitive information configured with obfuscated information and corresponding screen capture processing results, according to one embodiment of the present disclosure;
FIG. 10 schematically illustrates a diagram of screen capture processing results corresponding to image format sensitive information configured with obfuscation information, in accordance with one embodiment of the present disclosure;
FIG. 11 schematically illustrates a flow diagram of an information protection method according to one embodiment of the present disclosure;
FIG. 12 schematically illustrates a block diagram of an information protection apparatus according to one embodiment of the present disclosure;
FIG. 13 illustrates a schematic structural diagram of a computer system suitable for use in implementing the electronic device of an embodiment of the present disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the subject matter of the present disclosure can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the disclosure.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
Fig. 1 shows a schematic diagram of an exemplary system architecture to which the technical solutions of the embodiments of the present disclosure may be applied.
As shown in fig. 1, the system architecture 100 may include terminal devices (e.g., one or more of a smartphone 101, a tablet computer 102, and a portable computer 103 shown in fig. 1, and of course, a desktop computer, etc.), a network 104, and a server 105. The network 104 serves as a medium for providing communication links between terminal devices and the server 105. Network 104 may include various connection types, such as wired communication links, wireless communication links, and so forth.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation. For example, server 105 may be a server cluster comprised of multiple servers, or the like.
In one embodiment of the present disclosure, a user may utilize the terminal device 101 (which may also be the terminal device 102 or 103) to receive data sent by the server 105; and reads data from the server on the terminal device through an application such as a browser. Sensitive information in a page to be displayed can be identified at a terminal device or a server; converting the sensitive information to obtain the streaming media applying the DRM rule; and replacing the original control corresponding to the sensitive information with a streaming media playing control applying the DRM rule so as to play the streaming media applying the DRM rule by using the streaming media playing control. According to the technical scheme, on one hand, after the sensitive information is converted into the streaming media applying the DRM rule, the sensitive information in the page can be protected by applying the DRM rule, and when the screen capturing or recording of the page containing the sensitive information is monitored, the sensitive information is prevented from being leaked according to the DRM rule; on the other hand, it is possible to provide a function of preventing sensitive information from being captured or screen-recorded in compliance with the iOS system specification without using any proprietary API in the case where the iOS system itself does not provide such an API.
It should be noted that the information protection method provided by the embodiment of the present disclosure is generally executed by the terminal device 101, and accordingly, the information protection apparatus is generally disposed in the terminal device 101. However, in other embodiments of the present disclosure, the server 105 may also have similar functions as the terminal device 101, so as to execute the information protection scheme provided by the embodiments of the present disclosure.
In recent years, with the rapid development of intelligent terminal devices, people have higher and higher dependence on the terminal devices. People can send messages, read letters, perform financial transactions, etc. through terminal devices. Information and data that need to be kept secret can be generated during use. However, with the development of screen capture function and screen recording, and the wide use of applications of recording desktops such as XCode, the risk of leakage of sensitive information that needs to be kept secret in the screen of the terminal device exists.
In the related art, a watermark, such as an explicit watermark or a blind watermark, may be added directly to a control of the on-screen content. Or, a screen capture or screen recording event in the application program can be monitored, and when the operation occurs, the popup window is reminded and the operation information is recorded. Alternatively, MDM (Mobile Device Management) technology may be used to globally disable the screen recording and capturing functions of the terminal Device in a configuration file manner.
However, the related art has corresponding defects, which are mainly reflected in the following aspects: the method for adding the watermark and monitoring intelligently searches a leakage source after the sensitive information is leaked, and the sensitive information cannot be prevented from being leaked at the beginning; the MDM technology can disable screen capture and recording functions globally, and cannot disable screen capture and recording functions for a single display content, so that a user is inconvenient to use.
In view of the problems in the related art, the embodiment of the present disclosure first provides an information protection method, and details of implementation of the technical solution of the embodiment of the present disclosure are set forth below:
fig. 2 schematically shows a flowchart of an information protection method according to an embodiment of the present disclosure, and the target method may be performed at a terminal device, which may be the terminal device shown in fig. 1. Referring to fig. 2, the information protection method at least includes steps S210 to S230, which are described in detail as follows:
in step S210, sensitive information in the page to be displayed is obtained.
In an embodiment of the present disclosure, the terminal device may be an intelligent terminal device such as a mobile phone, a tablet computer, or a portable computer, which applies an iOS system. The user performs screen capture and screen recording operations on the terminal device by combining keys, using plug-ins or other external software and the like.
For example, when a user uses a browser, a shopping application or a financial application on a mobile phone, and when the user browses a current page in an APP, the terminal device or the server may read and identify content in the page to be displayed in advance, and determine whether sensitive information exists. For example, the sensitive information may be text, images or other forms of information and content in the page that needs to be kept secret from others for the user. Specifically, the sensitive information may be an account number, a password, and a corresponding input box, or identity information such as certificate information, or text information such as a transaction amount and a balance; alternatively, image information such as a two-dimensional code or a certificate image, and a corresponding input box may be used. The specific form of the sensitive information is not particularly limited in this disclosure. In addition, the sensitive information may be local content in the current page or global content in the current page.
Specifically, a sensitive information form may be pre-established, and the content determined as the sensitive information may be described in the form, for example, what kind of text, image, or control may be used as the sensitive information, and then, the content in the page, such as the text, the image, and the like, may be identified and recognized according to the form, so as to determine whether each part of the content in the page is the sensitive information. Of course, in other exemplary embodiments of the present disclosure, the sensitive information in the page to be displayed may be identified and confirmed in other manners, which is not limited in the present disclosure.
In step S220, the sensitive information is converted to obtain streaming media to which DRM rules are applied.
In step S230, the original control corresponding to the sensitive information is replaced with a streaming media playing control applying the DRM rule, so that the streaming media applying the DRM rule is played by using the streaming media playing control.
In one embodiment of the disclosure, when the page to be displayed contains the sensitive information, the sensitive information can be pre-rendered to obtain the streaming media applying the DRM rule; and simultaneously, replacing the original control corresponding to the sensitive information in the page with the streaming media playing control applying the DRM rule. The DRM (Digital rights management) rule works by first establishing a Digital program authorization center. The compressed digital program content is encoded and protected (lock) by using a Key (Key), and the encrypted digital program header stores a KeyID and a URL of a program authorization center. When the user requests, according to the KeyID and URL information of the program head, the user can send out the related key decryption (unlock) after the verification and authorization of the digital program authorization center, and the program can be played by the program side. The program to be protected is encrypted, and even if the program is downloaded and stored by a user, the program cannot be played without being verified and authorized by a digital program authorization center, so that the copyright of the program is strictly protected.
In one embodiment of the present disclosure, sensitive information and other information displayed in the terminal device may be stored differently for the terminal device. For example, the data is stored in the local memory of the terminal device and stored in the cloud. And based on the above working principle of the DRM rule, a corresponding mode of adding a key to the streaming media can be selected according to a storage mode of the sensitive information.
Specifically, when the sensitive data is stored in the cloud, that is, the data does not fall to the ground, the server may perform conversion and encryption processing on the sensitive data in the cloud, so as to obtain the streaming media, that is, video streaming data, to which the DRM rule is applied and which includes data content corresponding to the sensitive information. For the terminal device, the original control can be replaced by the streaming media playing control applying the DRM rule, so that the streaming media playing control can be used to play the video stream data received from the cloud storage.
Specifically, as shown in fig. 11, for the protection of the sensitive information under the condition that the data does not fall to the ground, the contents of the original text, the picture and the like corresponding to the sensitive information are not directly issued to the App, but the server performs format conversion, encryption and watermarking on the sensitive information at the cloud end to generate video stream data containing the data content corresponding to the sensitive information. And on the side of the terminal equipment, the APP directly receives the video stream data processed at the cloud end. And meanwhile, replacing the original control corresponding to the sensitive information in the page to be displayed with a streaming media playing control applying the DRM rule, and playing the received video stream data containing the data content corresponding to the sensitive information by using the streaming media playing control, namely a streaming media player. For example, when the sensitive information in the page to be displayed is text data, and the corresponding original control is a text box, the text data is converted at the cloud to obtain corresponding video stream data, and meanwhile, the original text box control corresponding to the sensitive information in the page to be displayed is replaced by the streaming media player control. And the terminal equipment receives the video stream data after cloud conversion and encryption processing, and plays the video stream data in the page to be displayed by using the replaced streaming media player control.
In an embodiment of the present disclosure, the above-mentioned storage manner of the sensitive information may also be a local storage, i.e. protection against a data landing situation. In this case, as shown in fig. 11, the data communication between the APP and the server side may be left as it is, and the sensitive information is converted locally at the terminal device. For example, when using a policy of local protection, the server normally issues information in a page to the terminal device through a data link, and the terminal device processes the information locally after receiving the information. Namely, the sensitive information is converted locally to obtain the corresponding video stream data. Based on the DRM rule, a corresponding key and URL may be configured for the video stream data, so as to obtain the video stream data to which the DRM rule is applied and which includes the data content corresponding to the sensitive information. Meanwhile, the original control corresponding to the sensitive information can be replaced by the streaming media playing control applying the DRM rule, so that the converted video streaming data applying the DRM rule and containing the data content corresponding to the sensitive information can be played by using the streaming media playing control.
In an embodiment of the present disclosure, as shown in fig. 3, the above locally performing conversion processing on the sensitive information to obtain streaming media to which the DRM rule is applied may specifically include:
in step S310, identifying a type of the sensitive information;
in step S320, when the sensitive information is text data, pre-rendering a page where the text data is located to obtain a corresponding intermediate image, and converting the intermediate image to obtain the streaming media to which the DRM rule is applied;
in step S330, when the sensitive information is image data, the image data is converted to obtain the streaming media to which the DRM rule is applied.
Specifically, when the page to be displayed is identified to contain the sensitive information, the presentation form of the sensitive information can be identified, and a corresponding conversion strategy is executed. Specifically, as shown in fig. 11, when the sensitive information is text data, the View (View) corresponding to the current page (Layer) where the text data is located may be pre-rendered, a corresponding intermediate image is drawn, and the intermediate image is converted to obtain corresponding video data, for example, a video stream in MP4 format. Or, when the sensitive information is image data, the sensitive information can be directly converted to obtain corresponding video data. The conversion of the image into the video can be completed by a conversion tool, and the specific conversion process is not described in detail in this disclosure.
In an embodiment of the present disclosure, a conversion template corresponding to the style and style of the APP may also be configured for the APP in advance, so that the identified sensitive information may be directly filled into the conversion template to obtain converted video stream data, thereby saving operation time, and ensuring that the display effect of the data content of the sensitive information in the converted video stream is consistent with the display effect in the original control.
In an embodiment of the present disclosure, after an intermediate image is generated according to text data, or when the sensitive information is image data, a watermark may be added to the image, so that the video data obtained after conversion also includes watermark information. For example, an explicit watermark or a blind watermark may be added to the image, and the specific form of adding the watermark may be determined according to actual needs.
Of course, in other exemplary embodiments of the present disclosure, the sensitive information may be converted at the server side by using the above method. The sensitive information conversion and the replacement of the original control can be executed simultaneously; or, the original control corresponding to the sensitive information may be replaced first, and then the sensitive information may be converted.
In an embodiment of the present disclosure, based on the DRM rule, after the terminal device locally converts the sensitive information to obtain corresponding video stream data, in order to reduce the computational pressure of the terminal device and ensure that the video stream data is applied with the DRM rule without being captured or recorded, the video stream data may be further processed by "pseudo-encryption". Referring to fig. 4, specifically, the following steps may be included:
in step S410, starting a network service, and initializing the streaming media playing control;
in step S420, configuring a play source for the streaming media play control to trigger the callback of the streaming media play control;
in step S430, returning address information and key information of the streaming media to the streaming media playing control to trigger the streaming media playing control to call back again;
in step S440, returning an updated key to the streaming media player to play the streaming media to which the DRM rule is applied.
In order to make the converted video stream data protected by DRM rules and not to increase the computational pressure of the terminal device, the converted video stream data may be "pseudo-encrypted". Specifically, since HLS (HTTP Live Streaming) push Streaming needs to be implemented locally on the terminal device, and a URL of an online service is needed for the player to play a video, a Web Server needs to be started inside App first to initialize the player. Since the generated video stream data by direct playing cannot be protected by the DRM rules, only the encrypted video is protected by the DRM rules. Therefore, in order to enable the player to consider the played video stream data to be encrypted data, wrong or false key information is configured for the video stream data initially to trigger the player to call back, and then the key information is updated, so that the player can normally play the video stream data, the player can consider the currently played video stream data to be encrypted video, and the video stream data is subjected to 'false encryption'; so that the player can also be made to consider playing encrypted video stream data when the video stream data is not actually encrypted.
Based on this, a false URL (or an uninterpretable format) can be provided to the player at the beginning to make the player try playing, and when the player cannot play, a callback is triggered. For example, the standard source may be http:// aaa. com/demo.m3u8, which may replace http protocol to achieve the effect of being unable to parse, thereby triggering callback, and making the player wait for providing the source. At this time, the local real m3u8 corresponding to the converted video stream can be returned at the time of callback, and the real address and key are provided. For example, the index file may be:
#EXTM3U
#EXT-X-TARGETDURATION:12
#EXT-X-ALLOW-CACHE:YES
#EXT-X-KEY:METHOD=AES-128,URI="demo://key.txt”
#EXT-X-VERSION:5
#EXT-X-MEDIA-SEQUENCE:1
#EXTINF:0.067,
http://localhost:8080/content.mp4
#EXT-X-ENDLIS
the address in the index file is the real video address after replacement, and the encryption mode in the index file is the encryption mode telling the player to the video and where to read the decryption Key. Thereby making the player think that the video stream data is protected by DRM rules. Meanwhile, as the video stream is not encrypted actually, an unresolvable key address is provided for the player, and the callback is triggered again. After the callback is triggered again, a null value string, for example, 0 of 16bytes, can be returned to the player, so that the system assumes that the video stream data is already encrypted, thereby realizing the encryption of the locally played video stream data and achieving the effect of DRM protection. Because the video stream data is not encrypted actually, the operation pressure of the terminal equipment can be effectively reduced.
Because the video protected by the DRM rule cannot be captured or recorded, the user can normally browse the information in the playing process of the video stream containing the sensitive information; moreover, the screen recording can not be realized no matter in the application or outside the application through development tools such as XCode and the like, so that the aim of protecting sensitive information is effectively fulfilled.
In an embodiment of the present disclosure, before playing the video stream, the playing parameters of the player may also be configured in advance, and the video stream is played in a loop, so as to achieve an effect that the control displays the sensitive information content.
In one embodiment of the disclosure, sensitive information identified in a page to be displayed can be configured with obfuscated data, and when a screen capture or screen recording operation occurs, the obfuscated data is used as a result of the screen capture or screen recording. Specifically, as shown with reference to fig. 5, the following steps may be included:
in step S510, a target operation on the current display page is monitored, and when the target operation occurs, whether the current display page contains sensitive information is determined;
in step S520, when it is determined that the current display page includes the sensitive information, the obfuscation information corresponding to the sensitive information is read, and the obfuscation information is returned as a feedback result of the target operation.
For example, the target operation may be a screen capture or screen recording operation. As shown in fig. 11, the terminal device may monitor a screen capture or recording operation in the current page of the APP in real time, and when it is monitored that the screen capture or recording operation occurs, it is determined whether the current page contains sensitive information. If the current page contains sensitive information, the converted video stream corresponding to the sensitive information is protected by the DRM rule, and then the screenshot or screen recording after the sensitive information is hidden can be returned; or when the sensitive information is pre-configured with the confusion information, the screen capture or screen recording result of the confusion information can be contained.
For example, FIGS. 6a-6b schematically illustrate a diagram of text format sensitive information and corresponding screen capture processing results. Referring to fig. 6a, the sensitive information is global content in the current page, the sensitive information is text data, and if the text data is not configured with corresponding confusion information, a blank result as shown in fig. 6b may be returned when a screenshot occurs in the current page.
Fig. 7a-7b schematically show diagrams of image format sensitive information and corresponding screen capture processing results. Referring to fig. 7a, the sensitive information is global content in the current page, the sensitive information is image data, and if the image data is not configured with corresponding obfuscation information, a blank result as shown in fig. 7b may be returned when the current page is screenshot.
Fig. 8a-8b schematically show a diagram of text format sensitive information and corresponding screen capture processing results. Referring to fig. 8a, the sensitive information is local content in the current page, the sensitive information is text data, and if the text data is not configured with corresponding confusion information, when a screenshot occurs in the current page, the screenshot result that only the sensitive information is hidden as shown in fig. 8b may be returned.
9a-9b schematically illustrate text format sensitive information configured with obfuscated information and corresponding screen capture processing results. Referring to fig. 9a, sensitive information in text form is pre-configured with corresponding confusion information, and when the page is screenshot, the screenshot result of replacing text data with confusion information as shown in fig. 9b can be returned.
Fig. 10 schematically shows a diagram of a screen capture processing result corresponding to image format sensitive information configured with obfuscated information. For example, sensitive information in the image format shown in fig. 7a is pre-configured with corresponding obfuscation information, when the page is screenshot, the screenshot result of replacing the image data with the obfuscation information as shown in fig. 10 may be returned. Of course, in other exemplary embodiments of the present disclosure, the obfuscated data pre-configured with the sensitive data in the text format or the image format may also be in the format of an image, an animation, or a text, and the format of the obfuscated information is not particularly limited by the present disclosure.
In an embodiment of the disclosure, when monitoring screen capture and screen recording events, operation information of a user can be recorded, so that a source can be traced after sensitive information is leaked.
According to the information protection method in the embodiment of the disclosure, sensitive information (text, pictures and the like) in a page to be displayed can be converted into an encrypted video stream, and then an original control is replaced (or covered) by a playing component capable of playing the encrypted video stream at the position of original sensitive information, so that the purpose of protecting sensitive data by utilizing DRM rule protection to realize information screenshot and screen recording of limiting equipment in an App is realized. In a general application scenario, the scheme can prevent a user from unintentionally leaking sensitive data, such as a two-dimensional code for payment. In the enterprise security application environment, the scheme can copy the content or share the content by adding the watermark and applying the watermark, so that the loss caused by the leakage of the internal confidential information is effectively prevented. Moreover, the scheme can effectively utilize DRM rules and provide the functions of prohibiting screen capture and screen recording when sensitive information is contained in the page under the condition that the iOS system does not provide the API and does not use any private API.
The following describes an embodiment of an apparatus of the present disclosure, which may be used to perform the information protection method in the above-described embodiment of the present disclosure. For details not disclosed in the embodiments of the apparatus of the present disclosure, please refer to the embodiments of the target positioning method described above in the present disclosure.
FIG. 12 schematically shows a block diagram of an information protection apparatus according to one embodiment of the present disclosure.
Referring to fig. 12, an information protection apparatus 1200 according to an embodiment of the present disclosure includes: a sensitive information identification module 1201, a sensitive information conversion module 1202 and an original control replacement module 1203.
The sensitive information identification module 1201 is used for acquiring sensitive information in a page to be displayed; a sensitive information conversion module 1202, configured to perform conversion processing on the sensitive information to obtain streaming media to which a DRM rule is applied; and an original control replacing module 1203, configured to replace the original control corresponding to the sensitive information with a streaming media playing control applying a DRM rule, so as to play the streaming media applying the DRM rule by using the streaming media playing control.
In one embodiment of the present disclosure, the information protection apparatus 1200 further includes: the storage mode reading module is used for acquiring the storage mode of the sensitive information and executing a corresponding conversion strategy on the original control corresponding to the sensitive information according to the storage mode; wherein, the storage mode comprises: local storage and cloud storage.
In an embodiment of the present disclosure, the sensitive information is stored in a cloud storage manner; the original control replacement module 1203 includes: and the cloud processing unit is used for replacing the original control with an application DRM streaming media playing control so as to play the streaming media which is received from the cloud and is converted and processed by the sensitive information and applied with the DRM rule by using the streaming media playing control.
In one embodiment of the present disclosure, the sensitive information is stored locally; the sensitive information conversion module 1202 includes: and the local processing unit is used for replacing the original control with an application DRM streaming media playing control so as to play the streaming media applying the DRM rule, which is acquired after the sensitive information is locally converted, by using the streaming media playing control.
In one embodiment of the present disclosure, the local processing unit further includes: the information identification unit is used for identifying the type of the sensitive information; the text processing unit is used for prerendering a page where the text data is located to acquire a corresponding intermediate image and converting the intermediate image to acquire the streaming media applying the DRM rule when the sensitive information is the text data; and the image processing unit is used for converting the image data to obtain the streaming media applying the DRM rule when the sensitive information is the image data.
In one embodiment of the present disclosure, the local processing unit further includes: the initialization unit is used for starting network service and initializing the streaming media playing control; the first callback triggering unit is used for configuring a play source for the streaming media play control so as to trigger callback of the streaming media play control; the second callback triggering unit is used for returning the address information and the key information of the streaming media to the streaming media playing control so as to trigger the streaming media playing control to call back again; and the streaming media playing unit is used for returning the updated key to the streaming media player so as to play the streaming media applying the DRM rule.
In one embodiment of the present disclosure, the local processing unit further includes: and the parameter configuration unit is used for configuring the playing parameters of the streaming media playing control so as to circularly play the streaming media applying the DRM rule.
In one embodiment of the present disclosure, the sensitive data is configured with obfuscation information; the information protecting apparatus 1200 further includes: the target operation monitoring module is used for monitoring target operation on the current display page and judging whether the current display page contains sensitive information or not when the target operation occurs; and the confusion information feedback module is used for reading the confusion information corresponding to the sensitive information and returning the confusion information as a feedback result of the target operation when the current display page is judged to contain the sensitive information.
FIG. 13 illustrates a schematic structural diagram of a computer system suitable for use in implementing the electronic device of an embodiment of the present disclosure.
It should be noted that the computer system 1300 of the electronic device shown in fig. 13 is only an example, and should not bring any limitation to the functions and the scope of the application of the embodiments of the present disclosure.
As shown in fig. 13, the computer system 1300 includes a Central Processing Unit (CPU) 11301, which can perform various appropriate actions and processes in accordance with a program stored in a Read-Only Memory (ROM) 11302 or a program loaded from a storage section 1308 into a Random Access Memory (RAM) 1303. In the RAM 1303, various programs and data necessary for system operation are also stored. The CPU 1301, the ROM 1302, and the RAM 1303 are connected to each other via a bus 1304. An Input/Output (I/O) interface 1305 is also connected to bus 1304.
The following components are connected to the I/O interface 1305: an input portion 1306 including a keyboard, a mouse, and the like; an output section 1307 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage portion 1308 including a hard disk and the like; and a communication section 1309 including a Network interface card such as a LAN (Local Area Network) card, a modem, or the like. The communication section 1309 performs communication processing via a network such as the internet. A drive 1310 is also connected to the I/O interface 1305 as needed. A removable medium 1311 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 1310 as necessary, so that a computer program read out therefrom is mounted into the storage portion 1308 as necessary.
In particular, the processes described below with reference to the flowcharts may be implemented as computer software programs, according to embodiments of the present disclosure. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such embodiments, the computer program may be downloaded and installed from a network via communications component 1309 and/or installed from removable media 1311. The computer program, when executed by a Central Processing Unit (CPU)1301, performs various functions defined in the system of the present disclosure.
It should be noted that the computer readable medium shown in the embodiments of the present disclosure may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read-Only Memory (ROM), an Erasable Programmable Read-Only Memory (EPROM), a flash Memory, an optical fiber, a portable Compact Disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer-readable signal medium may include a propagated data signal with computer-readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software, or may be implemented by hardware, and the described units may also be disposed in a processor. Wherein the names of the elements do not in some way constitute a limitation on the elements themselves.
As another aspect, the present disclosure also provides a computer-readable medium, which may be contained in the electronic device described in the above embodiments; or may exist separately without being assembled into the electronic device. The computer readable medium carries one or more programs which, when executed by an electronic device, cause the electronic device to implement the method described in the above embodiments.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a touch terminal, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This disclosure is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
Claims (10)
1. An information protection method, comprising:
acquiring sensitive information in a page to be displayed;
converting the sensitive information to obtain streaming media applying DRM rules; and
and replacing the original control corresponding to the sensitive information with a streaming media playing control applying the DRM rule so as to play the streaming media applying the DRM rule by using the streaming media playing control.
2. The information protection method according to claim 1, wherein after the sensitive information in the page to be displayed is obtained, the method further comprises:
acquiring a storage mode of the sensitive information, and executing a corresponding conversion strategy on the sensitive information according to the storage mode;
wherein, the storage mode comprises: local storage and cloud storage.
3. The information protection method according to claim 2, wherein the sensitive information is stored in a cloud storage manner;
replacing the original control corresponding to the sensitive information with a streaming media playing control applying the DRM rule so as to play the streaming media applying the DRM rule by using the streaming media playing control, wherein the method comprises the following steps:
and replacing the original control with a streaming media playing control applying the DRM rule, so as to play the streaming media applying the DRM rule after the sensitive information stored in the cloud is converted and processed by using the streaming media playing control.
4. The information protection method according to claim 2, wherein the sensitive information is stored locally;
replacing the original control corresponding to the sensitive information with a streaming media playing control applying the DRM rule so as to play the streaming media applying the DRM rule by using the streaming media playing control, wherein the method comprises the following steps:
and replacing the original control with a streaming media playing control applying the DRM rule so as to play the streaming media applying the DRM rule, which is obtained after the sensitive information is converted locally, by using the streaming media playing control.
5. The information protection method according to claim 4, wherein locally converting the sensitive information to obtain streaming media applying DRM rules comprises:
identifying a type of the sensitive information;
when the sensitive information is text data, prerendering a page where the text data is located to obtain a corresponding intermediate image, and converting the intermediate image to obtain the streaming media applying the DRM rule;
and when the sensitive information is image data, converting the image data to acquire the streaming media applying the DRM rule.
6. The information protection method according to claim 4 or 5, wherein playing the streaming media to which the DRM rule is applied by using a streaming media playing control comprises:
starting a network service, and initializing the streaming media playing control;
configuring a playing source for the streaming media playing control to trigger the callback of the streaming media playing control;
returning address information and key information of the streaming media to the streaming media playing control to trigger the streaming media playing control to call back again;
and returning an updated key to the streaming media player to play the streaming media applying the DRM rule.
7. The information protection method according to claim 6, wherein when the streaming media to which the DRM rule is applied is played, the method further comprises:
and configuring the playing parameters of the streaming media playing control to circularly play the streaming media applying the DRM rule.
8. The information protection method of claim 1, wherein the sensitive data is configured with obfuscation information;
the method further comprises the following steps:
monitoring target operation on a current display page, and judging whether the current display page contains sensitive information or not when the target operation occurs;
and when the current display page is judged to contain the sensitive information, reading confusion information corresponding to the sensitive information, and returning the confusion information as a feedback result of the target operation.
9. An information protection apparatus, comprising:
the sensitive information identification module is used for acquiring sensitive information in a page to be displayed;
the sensitive information conversion module is used for carrying out conversion processing on the sensitive information to obtain streaming media applying DRM rules;
and the original control replacing module is used for replacing the original control corresponding to the sensitive information with the streaming media playing control applying the DRM rule so as to play the streaming media applying the DRM rule by using the streaming media playing control.
10. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the information protection method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910791656.2A CN112434327A (en) | 2019-08-26 | 2019-08-26 | Information protection method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910791656.2A CN112434327A (en) | 2019-08-26 | 2019-08-26 | Information protection method and device and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112434327A true CN112434327A (en) | 2021-03-02 |
Family
ID=74690238
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910791656.2A Pending CN112434327A (en) | 2019-08-26 | 2019-08-26 | Information protection method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112434327A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113806806A (en) * | 2021-09-18 | 2021-12-17 | 罗普特科技集团股份有限公司 | Desensitization and restoration method and system for webpage screenshot |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102004890A (en) * | 2010-12-07 | 2011-04-06 | 武汉大学 | Network environment-based universal digital copyright protection method |
| CN106210753A (en) * | 2016-05-24 | 2016-12-07 | 北京畅游天下网络技术有限公司 | A kind of net cast method and device |
-
2019
- 2019-08-26 CN CN201910791656.2A patent/CN112434327A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102004890A (en) * | 2010-12-07 | 2011-04-06 | 武汉大学 | Network environment-based universal digital copyright protection method |
| CN106210753A (en) * | 2016-05-24 | 2016-12-07 | 北京畅游天下网络技术有限公司 | A kind of net cast method and device |
Non-Patent Citations (1)
| Title |
|---|
| 俞子将: "iOS防截屏方案(基于DRM)", Retrieved from the Internet <URL:https://www.jianshu.com/p/86d0cfed5f4e> * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113806806A (en) * | 2021-09-18 | 2021-12-17 | 罗普特科技集团股份有限公司 | Desensitization and restoration method and system for webpage screenshot |
| CN113806806B (en) * | 2021-09-18 | 2024-02-27 | 罗普特科技集团股份有限公司 | Desensitization and restoration method and system for webpage screenshot |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11853403B2 (en) | Pairing devices to prevent digital content misuse | |
| WO2017128869A1 (en) | Information processing method, first terminal, second terminal, and server | |
| CN101529366A (en) | Identification and visualization of trusted user interface objects | |
| US10461944B2 (en) | Challenge-response method and associated computing device | |
| WO2016026532A1 (en) | User authentication using a randomized keypad over a drm secured video path | |
| CN113411638A (en) | Video file playing processing method and device, electronic equipment and storage medium | |
| CN109891907A (en) | Using credible platform module verifying to the rendering of video content at client device | |
| CN115277143B (en) | Data security transmission method, device, equipment and storage medium | |
| CN107342966A (en) | Authority credentials distribution method and device | |
| WO2021158274A1 (en) | Method and system for protecting privacy of users in session recordings | |
| CN106203141A (en) | The data processing method of a kind of application and device | |
| WO2020135038A1 (en) | Image processing method, electronic apparatus, and computer readable medium | |
| KR20140051483A (en) | Method and apparatus for selectively providing protection of screen information data | |
| CN112434327A (en) | Information protection method and device and electronic equipment | |
| US11356580B1 (en) | Method for preventing screen capture | |
| CN109462604A (en) | A kind of data transmission method, device, equipment and storage medium | |
| CN113870416B (en) | Three-dimensional live-action model display method based on full-link encryption and related device | |
| CN112511510B (en) | Authorization authentication method, system, electronic equipment and readable storage medium | |
| CN114121049B (en) | Data processing method, device and storage medium | |
| US20240126841A1 (en) | Detecting unauthorized access to digital content using digital credential access control | |
| Liu | Enhanced Password Security on Mobile Devices. | |
| CN117375986A (en) | Application access method, device and server | |
| CN116933284A (en) | File processing method and device and electronic equipment | |
| CN115688058A (en) | Code obfuscation method, apparatus, device and medium | |
| CN115051799A (en) | Digital information processing system based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |