CN113139186A - Personal information security audit evaluation system - Google Patents
Personal information security audit evaluation system Download PDFInfo
- Publication number
- CN113139186A CN113139186A CN202110399125.6A CN202110399125A CN113139186A CN 113139186 A CN113139186 A CN 113139186A CN 202110399125 A CN202110399125 A CN 202110399125A CN 113139186 A CN113139186 A CN 113139186A
- Authority
- CN
- China
- Prior art keywords
- module
- information
- item
- detection
- app
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012550 audit Methods 0.000 title claims abstract description 24
- 238000011156 evaluation Methods 0.000 title claims abstract description 12
- 238000001514 detection method Methods 0.000 claims abstract description 33
- 238000004891 communication Methods 0.000 claims abstract description 8
- 238000012937 correction Methods 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 4
- 238000000034 method Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000007667 floating Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Virology (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The utility model provides a personal information security audit evaluation system, the basic information who inputs privacy policy text and treat APP that detects in advance to the APP is treated to the filling, includes: a system information initialization module: the system is used for objectifying input information and mounting detection items to detect the information item by personnel to be detected; and (4) a strip-by-strip auditing module: the system information initialization module is in communication connection with a system information initialization module so as to prepare for a detector to open detection items one by one and detect the detection items; a report output module: and the audit module is in communication connection with the item-by-item audit module and is used for exporting the detection result according to a specified report format for the user to use after all the detection items are audited. The invention adopts the algorithm of keyword hit and keyword association, quickly finds the content indicated by the specified item, is convenient for detection personnel to more accurately judge whether the personal information violation condition exists or not, and finally arranges the content into a detection report for the correction of an owner unit.
Description
Technical Field
The invention relates to the technical field of information security assessment, in particular to a personal information security audit assessment system.
Background
In recent years, the phenomenon of mobile application security and illegal collection of personal information is not optimistic, and the personal information security is always a focus of people's attention and is an important part to be strengthened in the mobile application security work. In recent years, experience and law of personal information detection and evaluation work for APP illegal rule violation collection are provided, reference is provided for behaviors of monitoring and managing departments to determine that APP illegal rule violation collection uses personal information, and guidance is provided for APP operator self-checking and self-correction and netizen social supervision.
At present, a detection unit mainly carries out a personal information security assessment mode on APP by a manual 'naked eye' walk-through mode, and particularly sensitive information in privacy policies and messages. This method works inefficiently, and there is a certain probability of error evaluation. Especially, under the condition that the privacy policy and the message structure change, a certain amount of floating can occur in the probability of manual error.
Disclosure of Invention
Objects of the invention
In order to solve the technical problems in the background technology, the invention provides a personal information security audit evaluation system, which adopts an algorithm of keyword hit and keyword association, quickly finds the content indicated by an appointed item, is convenient for detection personnel to more accurately judge whether the personal information illegal condition exists, and finally arranges the content into a detection report for the adjustment of an owner unit.
(II) technical scheme
The invention provides a personal information security audit evaluation system, which inputs a privacy policy text and basic information of an APP to be detected in advance, and fills the APP to be detected, and comprises the following steps:
a system information initialization module: the system is used for objectifying input information and mounting detection items to detect the information item by personnel to be detected;
and (4) a strip-by-strip auditing module: the system information initialization module is in communication connection with a system information initialization module so as to prepare for a detector to open detection items one by one and detect the detection items;
a report output module: and the audit module is in communication connection with the item-by-item audit module and is used for exporting the detection result according to a specified report format for the user to use after all the detection items are audited.
Preferably, the system information initialization module comprises an input information objectification module, a detection item mounting module and an APK plug-in pull-up module.
Preferably, the item-by-item auditing module comprises an item-by-item record auditing module and an APP filling module.
Preferably, the report output module comprises a data sorting module and a report export module.
Preferably, when the privacy policy text is detected, an algorithm of 'hit of the privacy policy keywords and surrounding of the keywords in association' is called to prompt a user that the information is covered; when the project of the message needs to be detected, trying to pull up the APP to be detected and a message viewing tool for auditing; and when detecting whether the SDK is contained, pulling up the SDK viewing tool, and auditing by detection personnel.
Compared with the prior art, the technical scheme of the invention has the following beneficial technical effects: .
Drawings
Fig. 1 is a system block diagram of a personal information security audit evaluation system according to the present invention.
Fig. 2 is a structural block diagram of a system information initialization module in the personal information security audit evaluation system according to the present invention.
Fig. 3 is a block diagram of a structure of a piece-by-piece audit module in the personal information security audit evaluation system provided by the present invention.
FIG. 4 is a block diagram of a report output module in a personal information security audit evaluation system according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings in conjunction with the following detailed description. It should be understood that the description is intended to be exemplary only, and is not intended to limit the scope of the present invention. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present invention.
As shown in fig. 1 to 4, the system for auditing and evaluating personal information security according to the present invention inputs a privacy policy text and basic information of an APP to be detected in advance, and fills the APP to be detected, including:
a system information initialization module: the system is used for objectifying input information and mounting detection items to detect the information item by personnel to be detected;
and (4) a strip-by-strip auditing module: the system information initialization module is in communication connection with a system information initialization module so as to prepare for a detector to open detection items one by one and detect the detection items;
a report output module: and the audit module is in communication connection with the item-by-item audit module and is used for exporting the detection result according to a specified report format for the user to use after all the detection items are audited.
In an optional embodiment, the system information initialization module comprises an input information objectification module, a detection item mounting module and an APK plug-in pull-up module.
In an optional embodiment, the item-by-item audit module includes an item-by-item record audit module and an APP filling module, and the APP filling module is used for filling the APP to be detected.
In an alternative embodiment, the report output module includes a data marshalling module and a report derivation module.
The data sorting module sorts the data, and the sorted data is exported by the report export module.
In an optional embodiment, when the privacy policy text is detected, an algorithm of 'privacy policy keyword hit and keyword association surrounding' is called to prompt a user that the piece of information is covered; when the project of the message needs to be detected, trying to pull up the APP to be detected and a message viewing tool for auditing; and when detecting whether the SDK is contained, pulling up the SDK viewing tool, and auditing by detection personnel.
The invention adopts the algorithm of keyword hit and keyword association, quickly finds the content indicated by the specified item, is convenient for detection personnel to more accurately judge whether the personal information violation condition exists or not, and finally arranges the content into a detection report for the correction of an owner unit.
It is to be understood that the above-described embodiments of the present invention are merely illustrative of or explaining the principles of the invention and are not to be construed as limiting the invention. Therefore, any modification, equivalent replacement, improvement and the like made without departing from the spirit and scope of the present invention should be included in the protection scope of the present invention. Further, it is intended that the appended claims cover all such variations and modifications as fall within the scope and boundaries of the appended claims or the equivalents of such scope and boundaries.
Claims (5)
1. The utility model provides a personal information security audit evaluation system which characterized in that, inputs privacy policy text and the basic information who waits to detect APP in advance to the APP is waited to the filling includes:
a system information initialization module: the system is used for objectifying input information and mounting detection items to detect the information item by personnel to be detected;
and (4) a strip-by-strip auditing module: the system information initialization module is in communication connection with a system information initialization module so as to prepare for a detector to open detection items one by one and detect the detection items;
a report output module: and the audit module is in communication connection with the item-by-item audit module and is used for exporting the detection result according to a specified report format for the user to use after all the detection items are audited.
2. The system of claim 1, wherein the system information initialization module comprises an input information objectification module, a test item mounting module and an APK plug-in pull-up module.
3. The system of claim 2, wherein the audit module includes a log audit module and an APP filing module.
4. The system of claim 3, wherein the report output module comprises a data marshalling module and a report export module.
5. The system of claim 1, wherein when detecting a privacy policy document, an algorithm of "privacy policy keyword hit and keyword association surround" is called to prompt a user that the piece of information is covered; when the project of the message needs to be detected, trying to pull up the APP to be detected and a message viewing tool for auditing; and when detecting whether the SDK is contained, pulling up the SDK viewing tool, and auditing by detection personnel.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110399125.6A CN113139186A (en) | 2021-04-14 | 2021-04-14 | Personal information security audit evaluation system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110399125.6A CN113139186A (en) | 2021-04-14 | 2021-04-14 | Personal information security audit evaluation system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113139186A true CN113139186A (en) | 2021-07-20 |
Family
ID=76812480
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110399125.6A Pending CN113139186A (en) | 2021-04-14 | 2021-04-14 | Personal information security audit evaluation system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113139186A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109344657A (en) * | 2018-12-07 | 2019-02-15 | 百度在线网络技术(北京)有限公司 | Privacy risk appraisal procedure and device |
| CN109598127A (en) * | 2018-12-07 | 2019-04-09 | 百度在线网络技术(北京)有限公司 | Privacy risk appraisal procedure and device |
| CN109739748A (en) * | 2018-12-13 | 2019-05-10 | 北京小米移动软件有限公司 | Close rule detection method and device |
| CN110414241A (en) * | 2019-08-05 | 2019-11-05 | 深圳市网安计算机安全检测技术有限公司 | Privacy policy detection method, device, computer equipment and storage medium |
| CN111753322A (en) * | 2020-07-03 | 2020-10-09 | 烟台中科网络技术研究所 | Automatic verification method and system for mobile App permission list |
| CN111835756A (en) * | 2020-07-10 | 2020-10-27 | 深圳市网安计算机安全检测技术有限公司 | APP privacy compliance detection method and device, computer equipment and storage medium |
| CN112199506A (en) * | 2020-11-10 | 2021-01-08 | 支付宝(杭州)信息技术有限公司 | Information detection method, device and equipment for application program |
-
2021
- 2021-04-14 CN CN202110399125.6A patent/CN113139186A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109344657A (en) * | 2018-12-07 | 2019-02-15 | 百度在线网络技术(北京)有限公司 | Privacy risk appraisal procedure and device |
| CN109598127A (en) * | 2018-12-07 | 2019-04-09 | 百度在线网络技术(北京)有限公司 | Privacy risk appraisal procedure and device |
| CN109739748A (en) * | 2018-12-13 | 2019-05-10 | 北京小米移动软件有限公司 | Close rule detection method and device |
| CN110414241A (en) * | 2019-08-05 | 2019-11-05 | 深圳市网安计算机安全检测技术有限公司 | Privacy policy detection method, device, computer equipment and storage medium |
| CN111753322A (en) * | 2020-07-03 | 2020-10-09 | 烟台中科网络技术研究所 | Automatic verification method and system for mobile App permission list |
| CN111835756A (en) * | 2020-07-10 | 2020-10-27 | 深圳市网安计算机安全检测技术有限公司 | APP privacy compliance detection method and device, computer equipment and storage medium |
| CN112199506A (en) * | 2020-11-10 | 2021-01-08 | 支付宝(杭州)信息技术有限公司 | Information detection method, device and equipment for application program |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107577939B (en) | Data leakage prevention method based on keyword technology | |
| CA2900527C (en) | Identifying and preventing leaks of sensitive information | |
| CN108011809A (en) | Anti-data-leakage analysis method and system based on user behavior and document content | |
| CN110990836B (en) | Code leakage detection system and method based on natural language processing technology | |
| CN103957205A (en) | Trojan horse detection method based on terminal traffic | |
| US20150113651A1 (en) | Spammer group extraction apparatus and method | |
| CN110851872A (en) | Risk assessment method and device for private data leakage | |
| CN106027520A (en) | Method and device for detecting and processing stealing of website accounts | |
| CN105528558B (en) | A kind of detection method and device of private communication channel communication | |
| CN110866108A (en) | Sensitive data detection system and detection method thereof | |
| CN103365963B (en) | Database audit system compliance method for quickly detecting | |
| CN106127459A (en) | A kind of intelligence seal and measure of supervision thereof | |
| CN111915331A (en) | Enterprise credit investigation data management method and system based on block chain | |
| CN109684863A (en) | Data leakage prevention method, device, equipment and storage medium | |
| CN110337107A (en) | A kind of fraud text message intelligent monitoring alarm device | |
| CN110020161B (en) | Data processing method, log processing method and terminal | |
| CN105763555A (en) | Website risk control server and method and client | |
| CN117592092A (en) | Secret checking method and system for database content | |
| CN113139186A (en) | Personal information security audit evaluation system | |
| CN103699828A (en) | Information security management method | |
| CN106780254A (en) | Traffic safety analysis method and terminal device | |
| CN102571723A (en) | Data transmission method and system approved by third party | |
| CN202404694U (en) | Adaptive disturbance signal identification module of distributing type optical fiber sensing application system | |
| CN109873786A (en) | For the safety situation evaluation system of multi-source heterogeneous information cloud platform | |
| CN102024104A (en) | Computer safety inspecting and scoring method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: Room 202, floor 2, No. 18, Jianshe Road, Kaixuan street, Liangxiang, Fangshan District, Beijing 102400 Applicant after: Kaiyuan Huachuang Technology (Group) Co.,Ltd. Address before: No.0697, building a, Daxing airport area, pilot Free Trade Zone, No.1 Qianping Road, Lixian Town, Daxing District, Beijing, 102604 Applicant before: Beijing Kaiyuan Huachuang Information Technology Co.,Ltd. |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210720 |