CN113806697B - Watermark adding method and system in proxy mode - Google Patents
Watermark adding method and system in proxy mode Download PDFInfo
- Publication number
- CN113806697B CN113806697B CN202111107535.5A CN202111107535A CN113806697B CN 113806697 B CN113806697 B CN 113806697B CN 202111107535 A CN202111107535 A CN 202111107535A CN 113806697 B CN113806697 B CN 113806697B
- Authority
- CN
- China
- Prior art keywords
- file
- proxy server
- http proxy
- http
- initial file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000012790 confirmation Methods 0.000 claims description 21
- 238000012217 deletion Methods 0.000 claims description 8
- 230000037430 deletion Effects 0.000 claims description 8
- 230000002194 synthesizing effect Effects 0.000 claims description 7
- 238000012545 processing Methods 0.000 claims description 5
- 230000003139 buffering effect Effects 0.000 claims description 2
- 238000004590 computer program Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000005192 partition Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 239000000872 buffer Substances 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000003786 synthesis reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/16—Program or content traceability, e.g. by watermarking
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/17—Details of further file system functions
- G06F16/172—Caching, prefetching or hoarding of files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/106—Enforcing content protection by specific content processing
- G06F21/1063—Personalisation
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application provides a watermark adding method and a watermark adding system in a proxy mode, which belong to the technical field of data security, and the embodiment of the application sequentially caches a plurality of first block files which are obtained by dividing a first initial file and uploaded by an actual http client through a watermark adding module, synthesizes all first block files into the first initial file after obtaining all first block files, adds a preset watermark mark to the first initial file to obtain a first target file, and divides the first target file into a plurality of second block files; and the pseudo http client sequentially transmits the plurality of second block files to the http proxy server so as to realize uploading of the first target file added with the watermark. The embodiment of the application realizes the purposes of adding the watermark to the file in the network proxy mode and uploading the file added with the watermark to the http proxy server by deploying the watermark adding module and the pseudo http client on the DLP server.
Description
Technical Field
The application relates to the technical field of data security, in particular to a watermark adding method and system in a proxy mode.
Background
With the rapid development of computer and network technologies, particularly the popularization of the internet, the security problem of information is increasingly prominent. With the widespread use of multimedia technology, there is an increasing need for an effective copyright protection method for multimedia digital products such as digital images, audio and video. In order to prevent information from being stolen, some enterprises generally upload files of staff to a public network or a corporate intranet to watermark, mark staff information and department information of the uploaded files, and the like. At present, in order to prevent the leakage of the data of the mails, the watermark is generally added by adding a mail proxy server. If a data leakage protection system (Mail data leakage prevention system, abbreviated as mail DLP) server is deployed, namely, a DLP server is added to receive mails sent by senders, the addition of watermarks of attachments in the mails is completed, the mails with the added watermarks are delivered to a mail server, and finally, a receiver acquires the mails with sender watermarks from the mail server.
However, the current mail proxy server is not suitable for adding watermarks in a network proxy mode, and in the network proxy mode, the watermark addition of the file cannot be completed due to the limitation of the http proxy server on the data size of the file uploaded once.
Disclosure of Invention
The application provides a watermark adding method and a watermark adding system in a proxy mode, which are used for solving the problem that the watermark cannot be added to an uploaded file in a network proxy mode.
In order to solve the problems, the application adopts the following technical scheme:
in a first aspect, an embodiment of the present application provides a method for watermarking in a proxy mode, where the method is applied to a watermarking system in a proxy mode, where the watermarking system in the proxy mode includes a real http client, an http proxy server, and a DLP server of a data leakage protection system, where the DLP server is deployed with a watermarking module and a pseudo http client, and the method includes:
the real http client sequentially transmits a plurality of first block files obtained by dividing a first initial file to the http proxy server under the condition that the data volume of the first initial file exceeds a single data volume receiving threshold value of the http proxy server;
the http proxy server sequentially transmits the plurality of first block files to the DLP server;
the watermark adding module sequentially receives and caches the obtained first block files by the DLP server until all the first block files are obtained, and synthesizes all the first block files into the first initial file;
The watermark adding module adds a preset watermark identifier to the first initial file to obtain a first target file, and segments the first target file into a plurality of second block files according to a single data volume receiving threshold of the http proxy server;
the pseudo http client transmits the second block files in the DLP server to the http proxy server in sequence;
and the http proxy server synthesizes all the obtained http proxy servers of the second blocked files into the first target file.
In an embodiment of the present application, the method further includes:
the real http client transmits a second initial file to the http proxy server under the condition that the data volume of the second initial file does not exceed the single data volume receiving threshold value of the http proxy server;
the http proxy server transmits the second initial file to the DLP server;
the watermark adding module caches the second initial file received and obtained by the DLP server, and adds a preset watermark identifier to the second initial file to obtain a second target file;
the pseudo-http client transmits the second target file to the http proxy server.
In an embodiment of the present application, the step of buffering, by the watermarking module, the obtained first block files sequentially received by the DLP server until all the first block files are obtained, and synthesizing all the first block files into the first initial file includes:
each time the watermark adding module caches one obtained first block file received by the DLP server, a confirmation request is returned to the http proxy server, wherein the returned confirmation request comprises the first block file cached currently;
the watermark adding module receives the next first block file sent by the http proxy server aiming at the confirmation request;
the watermark adding module synthesizes all the first block files into the first initial file under the condition that all the first block files are obtained;
the method further comprises the steps of:
and the watermark adding module sends a file deleting instruction to the http proxy server under the condition that all the first block files are synthesized into the first initial file, so that the http proxy server deletes all the first block files obtained before the http proxy server according to the file deleting instruction.
In an embodiment of the present application, the method further includes:
the watermark adding module judges whether the first initial file or the second initial file contains sensitive information or not;
the watermark adding module returns a failure indication to the http proxy server under the condition that the first initial file or the second initial file contains sensitive information;
the http proxy server forwards the failure indication to the real http client.
In an embodiment of the present application, the method further includes:
the watermark adding module judges whether the first initial file or the second initial file contains sensitive information or not;
the watermark adding module returns a release inquiry request to the http proxy server under the condition that the first initial file or the second initial file contains sensitive information; wherein the release query request includes the sensitive information;
the http proxy server forwards the release inquiry request to the real http client;
the real http client receives the query request and sends the query request, and responds to a release instruction from a user, and returns the release instruction to the http proxy server;
The http proxy server receives the release instruction and transmits the release instruction to the watermark adding module;
the watermark adding module adds the preset watermark identification to the first initial file according to the release instruction to obtain the first target file, or,
and the watermark adding module adds the preset watermark identification to the second initial file according to the release instruction to obtain the second target file.
In a second aspect, based on the same inventive concept, an embodiment of the present application provides a watermarking system in proxy mode, where the system includes an actual http client, an http proxy server, and a DLP server of a data leakage protection system, where the DLP server is deployed with a watermarking module and a pseudo http client, where,
the real http client is used for sequentially transmitting a plurality of first block files obtained by dividing a first initial file to the http proxy server under the condition that the data volume of the first initial file exceeds the single data volume receiving threshold of the http proxy server;
the http proxy server is used for sequentially transmitting the plurality of first block files to the DLP server;
The watermark adding module is used for caching the obtained first block files received by the DLP server in sequence until all the first block files are obtained, and synthesizing all the first block files into the first initial file;
the watermark adding module is further used for adding a preset watermark identifier to the first initial file to obtain a first target file, and dividing the first target file into a plurality of second block files according to a single data volume receiving threshold of the http proxy server;
the pseudo http client is used for sequentially transmitting the plurality of second block files in the DLP server to the http proxy server;
the http proxy server is used for synthesizing all the obtained http proxy servers of the second block files into the first target file.
In an embodiment of the present application, the real http client is further configured to transmit the second initial file to the http proxy server if the data size of the second initial file does not exceed a single data size receiving threshold of the http proxy server;
the http proxy server is further configured to transmit the second initial file to the DLP server;
The watermark adding module is further configured to cache the second initial file received and obtained by the DLP server, and add a preset watermark identifier to the second initial file to obtain a second target file;
the watermarking module is further configured to transmit the second target file to the http proxy server.
In an embodiment of the present application, the watermarking module is further configured to return a confirmation request to the http proxy server after each time the DLP server receives and caches the obtained one first block file, where the confirmation request includes the first block file that is currently cached;
the watermark adding module is further used for receiving the next first block file sent by the http proxy server aiming at the confirmation request;
the watermark adding module is further configured to synthesize all the first block files into the first initial file if all the first block files are obtained;
the watermark adding module is further configured to send a file deletion instruction to the http proxy server when all the first blocked files are synthesized into the first initial file, so that the http proxy server deletes all the first blocked files obtained before the http proxy server according to the file deletion instruction.
In an embodiment of the present application, the watermark adding module is further configured to determine whether the first initial file or the second initial file contains sensitive information, and return a failure indication to the http proxy server when the first initial file or the second initial file contains sensitive information;
the http proxy server is further configured to forward the failure indication to the real http client.
In an embodiment of the present application, the watermark adding module is further configured to determine whether the first initial file or the second initial file contains sensitive information;
the watermark adding module is further used for returning a release inquiry request to the http proxy server under the condition that the first initial file or the second initial file contains sensitive information; wherein the release query request includes the sensitive information;
the http proxy server is further configured to forward the release query request to the real http client;
the real http client is also used for receiving the query request and sending, responding to a release instruction from a user, and returning the release instruction to the http proxy server;
the http proxy server is also used for receiving the release instruction and transmitting the release instruction to the watermark adding module;
The watermark adding module is further configured to add the preset watermark identifier to the first initial file according to the release instruction, so as to obtain the first target file, or,
the watermark adding module is further configured to add the preset watermark identifier to the second initial file according to the release instruction, so as to obtain the second target file.
Compared with the prior art, the application has the following advantages:
according to the embodiment of the application, a watermark adding module sequentially caches a plurality of first block files which are uploaded by an actual http client and are obtained by dividing a first initial file, after all the first block files are obtained, all the first block files are synthesized into the first initial file, a preset watermark mark is added to the first initial file, so that a first target file containing the preset watermark mark is obtained, and the first target file is divided into a plurality of second block files; and the pseudo http client sequentially transmits the plurality of second block files to the http proxy server so as to realize uploading of the first target file added with the watermark. According to the embodiment of the application, the watermark adding module and the pseudo http client are deployed on the DLP server, so that the purposes of adding the watermark to the file in the network proxy mode and uploading the file with the watermark to the http proxy server are realized, the DLP server can meet the function requirement of adding the watermark to the file in the network proxy mode, and the application range is wide.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart illustrating steps of a method for watermarking in proxy mode according to an embodiment of the present application;
fig. 2 is a schematic diagram of a connection relationship of a watermark adding system in a proxy mode according to an embodiment of the present application.
Reference numerals: 200-watermarking system in proxy mode; 201-an actual http client; 202-http proxy server; 203-a DLP server; 2031-a watermark adding module; 2032-pseudo http client.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
It should be noted that, in the existing network proxy mode, the limitation of the http proxy server 202 on the size of the data volume of the uploaded file is limited, and the uploading of the file is generally implemented by adopting a block uploading technology. In one example, the real http client 201 wants to upload a file with a data size of 10M to the http proxy server 202, and the single data size of the http proxy server 202 receives a threshold of 4M, that is, the http proxy server 202 can only receive content with a size of 4M at a time. At this time, the file is split into 3 blocks of 4M, 4M and 2M with continuous file numbers, and then sequentially uploaded to the http proxy server 202 according to the file number sequence, and finally the http proxy server 202 synthesizes all the block files into a complete file, thereby realizing the uploading of the file. Due to the mechanism of the block uploading technology, a plurality of block files divided by the uploading file are sequentially uploaded to the http proxy server 202, so that the complete uploading file cannot be added with the watermark in the network proxy mode.
Aiming at the technical problems existing in the prior art, the embodiment of the application provides a watermark adding method and system in a proxy mode, which realizes the purposes of adding the watermark to the file in the network proxy mode and uploading the file with the watermark to the http proxy server 202 by deploying a DLP server 203 on the basis of the prior art and deploying a watermark adding module 2031 and a pseudo http client 2032 on the DLP server 203, so that the DLP server 203 can meet the function requirement of adding the watermark to the file in the network proxy mode.
Referring to fig. 1, a watermarking method in proxy mode of the present application is shown, where the method is applied to a watermarking system 200 in proxy mode, and the watermarking system 200 in proxy mode includes a real http client 201, an http proxy server 202, and a DLP server 203 of a data leakage protection system, where the DLP server 203 is deployed with a watermarking module 2031 and a pseudo http client 2032, and the method may include the following steps:
s101: the real http client 201 sequentially transmits, to the http proxy server 202, a plurality of first block files obtained by dividing the first initial file, in a case where the data amount of the first initial file exceeds the single data amount reception threshold of the http proxy server 202.
In this embodiment, it should be noted that the real http client 201, that is, the sender terminal, refers to a user terminal that is used for performing data interaction with an http server based on an http protocol, and may be, but not limited to, various http browsers that are commonly used.
In this embodiment, the real http client 201 sends a file upload request to the http proxy server 202 in response to a file upload instruction of the user, and obtains a single data size receiving threshold of the http proxy server 202 from the http proxy server 202, and if the data size of the first initial file exceeds the single data size receiving threshold of the http proxy server 202, the real http client 201 segments the first initial file according to the single data size receiving threshold of the http proxy server 202, and obtains a plurality of first block files.
S102: the http proxy server 202 transmits the plurality of first block files to the DLP server 203 in sequence.
It should be noted that, based on the block uploading technology, the http proxy server 202 can only accept one first block file at a time, so each time the http proxy server 202 obtains one first block file, the first block file is transmitted to the DLP server 203 until all the first block files are transmitted to the DLP server 203.
S103: the watermark adding module 2031 buffers the obtained first block files sequentially received by the DLP server 203 until all the first block files are obtained, and synthesizes all the first block files into a first initial file.
In this embodiment, since the watermark cannot be added to a single first block file, each time the DLP server 203 receives a first block file, the first block file is cached until all first block files are obtained, and all first block files are synthesized to obtain a complete first initial file.
It should be noted that, in the file uploading stage, the real http client 201 divides the first initial file into a plurality of first block files with continuous file numbers according to the single data size receiving threshold of the http proxy server 202, so when caching the current first block file, the watermark adding module 2031 reads the file number corresponding to the current first block file, and further determines whether all the first block files are received. In an alternative embodiment, whether all the first block files are received may be further determined by reading an offset of the current first block file in the first initial file, where the offset refers to a reading position of the current first block file in the first initial file, that is, a subscript position in a file stream corresponding to the first initial file, where the subscript position is also a starting position of reading each first block file, and an exemplary data size of the first initial file is 10M, a single data size receiving threshold of the http proxy server is 4M, then the real http client 201 divides the first initial file into 3 blocks of 4M, 2M according to the single data size receiving threshold of the http proxy server 202, the first block file is 4M, then the offset is 0, the second block file is 4M, the offset is 4M, and the third block first block file is 2M, and the offset is 8M in the file uploading stage.
It should be further noted that, for the DLP server 203 with sufficient storage space, the first block file may be directly cached in the DLP server 203, or a storage hard disk or other devices may be added to store the first block file and the first initial file to relieve the storage pressure of the DLP server, so that the watermark adding module 2031 and the pseudo http client 2032 may find the corresponding file according to the storage path, and set according to the actual requirement.
In this embodiment, to ensure that all the first block files can be completely and orderly cached in the DLP server 203, the http proxy server 202 may be controlled to upload the next first block file by returning a confirmation request to the http proxy server 202, and in particular, S103 may include the following steps:
s103-1: each time the watermarking module 2031 caches one of the obtained first block files by the DLP server 203, a confirmation request is returned to the http proxy server 202, wherein the returned confirmation request includes the first block file currently cached.
S103-2: the watermarking module 2031 receives the next first chunk file sent by the http proxy server 202 for the validation request.
S103-3: the watermark adding module 2031 synthesizes all the first divided files into a first initial file in the case where all the first divided files are obtained.
In this embodiment, the watermark adding module 2031 returns a confirmation request to the http proxy server 202, so that the http proxy server 202 can be informed that the first block file is completely uploaded, and the http proxy server 202 continuously transmits the next first block file to the DLP server 203 according to the returned confirmation request, and the process is circulated until all the first block files are transmitted to the DLP server 203, so that the watermark adding module 2031 completely and orderly caches all the first block files, and the phenomena of omission, synthesis error and the like of the first block files are avoided.
In this embodiment, in order to enable data interaction between the DLP server 203 and the http proxy server 202 based on different protocols, an interface module may be deployed at the DLP server 203 for implementing protocol conversion between the DLP server 203 and the http proxy server 202. In one example, an ICAP interface module may be deployed based on the ICAP (Internet Contentt Adaptation Protocol) protocol for implementing protocol conversion between the watermarking module 2031 using the ICAP protocol and the http proxy server 202 using the http protocol, where ICAP is a lightweight protocol that performs RPC (Remote Procedure Call ) on the http message. In this embodiment, the ICAP interface module may perform protocol conversion on the first partition file based on the http protocol and then transmit the converted first partition file to the watermark adding module 2031; and in the process that the pseudo http client 2032 sequentially transmits the plurality of second block files segmented from the first target file by the watermark adding module 2031 to the http proxy server 202, the pseudo http client is responsible for converting the second block files based on the ICAP protocol into the http protocol and transmitting the http protocol to the http proxy server 202, so as to realize uploading of the second block files.
S104: the watermark adding module 2031 adds a preset watermark identifier to the first initial file to obtain a first target file, and segments the first target file into a plurality of second block files according to a single data volume receiving threshold of the http proxy server 202.
In this embodiment, the watermarking system 200 in proxy mode further includes a DLP management platform, which is configured to control parameters of the watermarking module 2031, where the parameters include, but are not limited to, whether watermarking is performed, and the watermark content is customized. It should be noted that if the user does not perform the custom addition, default content is added, where the default content is an IP address corresponding to the real http client 201 or a mailbox address of the real http client 201, and the mailbox address of the real http client 201 has a higher priority than the IP address corresponding to the real http client 201.
Under the condition that a watermark adding switch is triggered, the watermark adding module 2031 can automatically add a preset watermark identifier to the first initial file after synthesizing the complete first initial file, and in consideration of the limitation of the http proxy server 202 on the data size of the uploaded file, in order to ensure that the first target file after adding the watermark can be smoothly uploaded to the http proxy server 202, the first target file is cut into a plurality of second block files according to the single data size receiving threshold of the http proxy server 202.
S105: the pseudo-http client 2032 transmits the plurality of second block files in the DLP server 203 to the http proxy server 202 in sequence.
In this embodiment, to upload the watermarked first target file to the http proxy server 202 by bypassing the real http client 201, a pseudo http client 2032 is deployed in the DLP server 203 to sequentially transmit a plurality of second block files to the http proxy server 202, where the pseudo http client 2032 may directly obtain the plurality of second block files in the DLP server 203 or the storage hard disk, and sequentially transmit the plurality of second block files to the http proxy server 202 based on a block uploading technology.
In this embodiment, it is considered that, each time the watermark adding module 2031 caches one first block file obtained by the DLP server 203, a confirmation request including the first block file currently cached is returned to the http proxy server 202, and thus, the http proxy server 202 stores all the first block files obtained previously. In order to ensure that the plurality of second block files are successfully uploaded to the http proxy server 202, in this embodiment, when the watermark adding module 2031 synthesizes all the first block files into the first initial file, the watermark adding module 2031 sends a file deletion instruction to the http proxy server 202, so that the http proxy server 202 deletes all the first block files obtained before the http proxy server 202 according to the file deletion instruction, and ensures that the http proxy server 202 finally obtains the watermarked first target file.
S106: the http proxy server 202 synthesizes all the obtained second partition files, the http proxy server 202, into the first target file.
In this embodiment, it should be noted that, after the http proxy server 202 synthesizes all the obtained http proxy servers 202 of the second block files into the first target file, the first target file is transmitted to the http server, and the recipient terminal can obtain the first target file through the http server, where the first target file already includes the preset watermark identifier added by the sender terminal, so as to further realize copyright protection of the file and effectively prevent repudiation.
According to the embodiment of the application, a watermark adding module 2031 sequentially caches a plurality of first block files which are uploaded by an actual http client 201 and are obtained by dividing a first initial file, after all the first block files are obtained, all the first block files are synthesized into the first initial file, a preset watermark identifier is added to the first initial file, so that a first target file containing the preset watermark identifier is obtained, and the first target file is divided into a plurality of second block files; the pseudo-http client 2032 sequentially transmits a plurality of second block files to the http proxy server 202 to upload the watermarked first target file. The embodiment of the application realizes the purposes of adding the watermark to the file in the network proxy mode and uploading the file added with the watermark to the http proxy server 202 by deploying the watermark adding module and the pseudo http client 2032 on the DLP server 203, so that the DLP server 203 can meet the function requirement of adding the watermark to the file in the network proxy mode, and the application range is wide.
In a possible embodiment, the method for watermarking in proxy mode may further include the steps of:
s107: the real http client 201 transmits the second initial file to the http proxy server 202 in case the data amount of the second initial file does not exceed the single data amount reception threshold of the http proxy server 202.
S108: the http proxy server 202 transmits the second initial file to the DLP server 203.
S109: the watermark adding module 2031 caches the second initial file received by the DLP server 203, and adds a preset watermark identifier to the second initial file, thereby obtaining a second target file.
S110: the pseudo-http client 2032 transmits the second target file to the http proxy server 202.
In this embodiment, for the case that the data size of the second initial file does not exceed the single data size receiving threshold of the http proxy server 202, that is, the case that the second initial file does not need to be uploaded in blocks, the watermark adding module 2031 may directly add the preset watermark identifier to the second initial file, and the pseudo http client 2032 transmits the second target file to the http proxy server 202, so as to further implement watermark adding to the second initial file and uploading of the second target file.
In a possible embodiment, the method for watermarking in proxy mode may further include the steps of:
s111: the watermarking module 2031 determines whether the first initial file or the second initial file contains sensitive information.
Considering that there is a certain risk of data leakage in the transmission of the file in the http network, protection of the sensitive information is particularly important for both individuals and enterprises, so in this embodiment, before the first initial file or the second initial file is sent to the http proxy server 202, the watermark adding module 2031 may further scan the sensitive information of the first initial file or the second initial file to determine whether the sensitive information is included.
In this embodiment, the sensitive information may be customized by the DLP management platform and sent to the watermark adding module 2031, and after the watermark adding module 2031 parses the sensitive information, the first initial file or the second initial file is scanned for the sensitive information according to the parsed sensitive information, so as to determine whether the corresponding sensitive information is included; it should be noted that, according to the actual requirement, the DLP management platform may trigger the virtual switch for scanning the sensitive information to select whether to scan the sensitive information, that is, when the virtual switch for scanning the sensitive information is in the off state or has no custom content, the virtual switch for scanning the sensitive information does not scan the sensitive information.
S112: the watermarking module 2031 returns a failure indication to the http proxy server 202 in case the first or second initial file contains sensitive information.
S113: the http proxy server 202 forwards the failure indication to the real http client 201.
In this embodiment, when the first initial file or the second initial file is found to contain sensitive information, an interception measure is directly adopted to prevent the first initial file or the second initial file containing the sensitive information from being uploaded to the http proxy server 202, so as to ensure data security.
In a possible embodiment, the method for watermarking in proxy mode may further include the steps of:
s114: the watermark adding module 2031 determines whether the first initial file or the second initial file contains sensitive information;
s115: the watermarking module 2031 determines whether the first initial file or the second initial file contains sensitive information.
S116: the watermark adding module 2031 returns a release query request to the http proxy server 202 if the first initial file or the second initial file contains sensitive information; wherein the release query request includes sensitive information.
In this embodiment, in the case that it is determined that the first initial file or the second initial file contains the sensitive information, a direct interception measure is no longer adopted, but a release query request including the sensitive information is returned, and after the user refers to the corresponding sensitive information, the user can select whether to release according to the actual situation.
S117: the http proxy server 202 forwards the release query request to the real http client 201.
S118: the real http client 201 receives the query request transmission and returns a release instruction to the http proxy server 202 in response to the release instruction from the user.
S119: the http proxy server 202 receives the release instruction and transmits the release instruction to the watermark adding module 2031.
S120: the watermark adding module 2031 adds a preset watermark identifier to the first initial file according to the release instruction to obtain a first target file, or the watermark adding module 2031 adds a preset watermark identifier to the second initial file according to the release instruction to obtain a second target file.
In this embodiment, in order to enable the user to select whether to send the first initial file or the second initial file containing the sensitive information according to the actual situation, a release query request is returned to the real http client 201 in an inquiry manner, and release can be performed after approval by the user, so that the corresponding first initial file or second initial file is subjected to subsequent addition of the preset watermark identifier.
Referring to fig. 2, which illustrates a watermarking system 200 in proxy mode according to an embodiment of the present application, the watermarking system 200 in proxy mode includes a real http client 201, an http proxy server 202, and a DLP server 203 of a data leakage prevention system, wherein the DLP server 203 is deployed with a watermarking module 2031 and a dummy http client 2032,
The real http client 201 is configured to sequentially transmit, to the http proxy server 202, a plurality of first block files obtained by dividing the first initial file, when the data size of the first initial file exceeds a single data size receiving threshold of the http proxy server 202;
the http proxy server 202 is configured to sequentially transmit the plurality of first block files to the DLP server 203;
the watermark adding module 2031 is configured to cache the obtained first block files sequentially received by the DLP server 203 until all the first block files are obtained, and synthesize all the first block files into a first initial file;
the watermark adding module 2031 is further configured to add a preset watermark identifier to the first initial file, obtain a first target file, and segment the first target file into a plurality of second block files according to a single data volume receiving threshold of the http proxy server 202;
the pseudo http client 2032 is configured to sequentially transfer the plurality of second block files in the DLP server 203 to the http proxy server 202;
the http proxy server 202 is configured to synthesize all the obtained second partition files, the http proxy server 202, into the first target file.
In a possible embodiment, the real http client 201 is further configured to transmit the second initial file to the http proxy server 202 if the data size of the second initial file does not exceed the single data size reception threshold of the http proxy server 202;
The http proxy server 202 is further configured to transmit the second initial file to the DLP server 203;
the watermark adding module 2031 is further configured to cache the second initial file received and obtained by the DLP server 203, and add a preset watermark identifier to the second initial file to obtain a second target file;
the watermarking module 2031 is further adapted to transfer the second object file to the http proxy server 202.
In a possible implementation manner, the watermarking module 2031 is further configured to return a confirmation request to the http proxy server 202 after each time the DLP server 203 receives and caches the obtained first chunk file, where the confirmation request includes the first chunk file currently cached;
the watermark adding module 2031 is further configured to receive a next first chunk file sent by the http proxy server 202 for the confirmation request;
the watermark adding module 2031 is further configured to, in a case where all the first block files are obtained, synthesize all the first block files into a first initial file;
the watermark adding module 2031 is further configured to send a file deletion instruction to the http proxy server 202 when all the first blocked files are synthesized into the first initial file, so that the http proxy server 202 deletes all the first blocked files obtained before the http proxy server 202 according to the file deletion instruction.
In a possible embodiment, the watermark adding module 2031 is further configured to determine whether the first initial file or the second initial file contains sensitive information, and return a failure indication to the http proxy server 202 if the first initial file or the second initial file contains sensitive information;
the http proxy server 202 is also used to forward the failure indication to the real http client 201.
In one possible embodiment, the watermarking module 2031 determines whether the first initial file or the second initial file contains sensitive information;
the watermark adding module 2031 is further configured to return a release query request to the http proxy server 202 when the first initial file or the second initial file contains sensitive information; wherein the release query request includes sensitive information;
the http proxy server 202 is further configured to forward the release query request to the real http client 201;
the real http client 201 is further configured to receive the query request and send, and respond to a release instruction from the user, and return the release instruction to the http proxy server 202;
the http proxy server 202 is further configured to receive a release instruction, and transmit the release instruction to the watermark adding module 2031;
the watermark adding module 2031 is further configured to add a preset watermark identification to the first initial file according to the release instruction, so as to obtain a first target file, or,
The watermark adding module 2031 is further configured to add a preset watermark identifier to the second initial file according to the release instruction, so as to obtain a second target file.
It should be noted that, the specific implementation of the watermarking system 200 in the proxy mode according to the embodiment of the present application may refer to the specific implementation of the watermarking method in the proxy mode according to the embodiment of the present application, which is not described herein.
It will be apparent to those skilled in the art that embodiments of the present application may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the application may take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or terminal device comprising the element.
The foregoing has described in detail a method and system for watermarking in proxy mode provided by the present invention, and specific examples have been applied herein to illustrate the principles and embodiments of the present invention, the above examples being provided only to assist in understanding the method and core idea of the present invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.
Claims (8)
1. The method for adding the watermark in the proxy mode is characterized by being applied to a watermark adding system in the proxy mode, wherein the watermark adding system in the proxy mode comprises a real http client, an http proxy server and a DLP (digital light processing) server of a data leakage protection system, and a watermark adding module and a pseudo http client are deployed on the DLP server, and the method comprises the following steps:
the real http client sequentially transmits a plurality of first block files obtained by dividing a first initial file to the http proxy server under the condition that the data volume of the first initial file exceeds a single data volume receiving threshold value of the http proxy server;
the http proxy server sequentially transmits the plurality of first block files to the DLP server;
the watermark adding module sequentially receives and caches the obtained first block files by the DLP server until all the first block files are obtained, and synthesizes all the first block files into the first initial file;
the watermark adding module adds a preset watermark identifier to the first initial file to obtain a first target file, and segments the first target file into a plurality of second block files according to a single data volume receiving threshold of the http proxy server;
The pseudo http client transmits the second block files in the DLP server to the http proxy server in sequence;
the http proxy server synthesizes all the obtained http proxy servers of the second block files into the first target file;
the real http client transmits a second initial file to the http proxy server under the condition that the data volume of the second initial file does not exceed the single data volume receiving threshold value of the http proxy server;
the http proxy server transmits the second initial file to the DLP server;
the watermark adding module caches the second initial file received and obtained by the DLP server, and adds a preset watermark identifier to the second initial file to obtain a second target file;
the pseudo-http client transmits the second target file to the http proxy server.
2. The method of claim 1, wherein the step of the watermarking module buffering the obtained first blocked files received by the DLP server in turn until all the first blocked files are obtained and synthesizing all the first blocked files into the first initial file comprises:
Each time the watermark adding module caches one obtained first block file received by the DLP server, a confirmation request is returned to the http proxy server, wherein the returned confirmation request comprises the first block file cached currently;
the watermark adding module receives the next first block file sent by the http proxy server aiming at the confirmation request;
the watermark adding module synthesizes all the first block files into the first initial file under the condition that all the first block files are obtained;
the method further comprises the steps of:
and the watermark adding module sends a file deleting instruction to the http proxy server under the condition that all the first block files are synthesized into the first initial file, so that the http proxy server deletes all the first block files obtained before the http proxy server according to the file deleting instruction.
3. The method according to claim 1, wherein the method further comprises:
the watermark adding module judges whether the first initial file or the second initial file contains sensitive information or not;
The watermark adding module returns a failure indication to the http proxy server under the condition that the first initial file or the second initial file contains sensitive information;
the http proxy server forwards the failure indication to the real http client.
4. The method according to claim 1, wherein the method further comprises:
the watermark adding module judges whether the first initial file or the second initial file contains sensitive information or not;
the watermark adding module returns a release inquiry request to the http proxy server under the condition that the first initial file or the second initial file contains sensitive information; wherein the release query request includes the sensitive information;
the http proxy server forwards the release inquiry request to the real http client;
the real http client receives the query request and sends the query request, and responds to a release instruction from a user, and returns the release instruction to the http proxy server;
the http proxy server receives the release instruction and transmits the release instruction to the watermark adding module;
the watermark adding module adds the preset watermark identification to the first initial file according to the release instruction to obtain the first target file, or,
And the watermark adding module adds the preset watermark identification to the second initial file according to the release instruction to obtain the second target file.
5. The system for watermarking in proxy mode is characterized by comprising a real http client, an http proxy server and a DLP server of a data leakage protection system, wherein the DLP server is provided with a watermarking module and a pseudo http client,
the real http client is used for sequentially transmitting a plurality of first block files obtained by dividing a first initial file to the http proxy server under the condition that the data volume of the first initial file exceeds the single data volume receiving threshold of the http proxy server;
the http proxy server is used for sequentially transmitting the plurality of first block files to the DLP server;
the watermark adding module is used for caching the obtained first block files received by the DLP server in sequence until all the first block files are obtained, and synthesizing all the first block files into the first initial file;
the watermark adding module is further used for adding a preset watermark identifier to the first initial file to obtain a first target file, and dividing the first target file into a plurality of second block files according to a single data volume receiving threshold of the http proxy server;
The pseudo http client is used for sequentially transmitting the plurality of second block files in the DLP server to the http proxy server;
the http proxy server is used for synthesizing all the obtained http proxy servers of the second block files into the first target file;
the real http client is further configured to transmit the second initial file to the http proxy server if the data size of the second initial file does not exceed a single data size receiving threshold of the http proxy server;
the http proxy server is further configured to transmit the second initial file to the DLP server;
the watermark adding module is further configured to cache the second initial file received and obtained by the DLP server, and add a preset watermark identifier to the second initial file to obtain a second target file;
the watermarking module is further used for transmitting the second target file to the http proxy server.
6. The system of claim 5, wherein the system further comprises a controller configured to control the controller,
the watermark adding module is further configured to return a confirmation request to the http proxy server after each time the DLP server receives and caches one obtained first block file, where the confirmation request includes the first block file that is currently cached;
The watermark adding module is further used for receiving the next first block file sent by the http proxy server aiming at the confirmation request;
the watermark adding module is further configured to synthesize all the first block files into the first initial file if all the first block files are obtained;
the watermark adding module is further configured to send a file deletion instruction to the http proxy server when all the first blocked files are synthesized into the first initial file, so that the http proxy server deletes all the first blocked files obtained before the http proxy server according to the file deletion instruction.
7. The system of claim 5, wherein the system further comprises a controller configured to control the controller,
the watermark adding module is further configured to determine whether the first initial file or the second initial file contains sensitive information, and return a failure indication to the http proxy server when the first initial file or the second initial file contains sensitive information;
the http proxy server is further configured to forward the failure indication to the real http client.
8. The system of claim 5, wherein the system further comprises a controller configured to control the controller,
the watermark adding module is further used for judging whether the first initial file or the second initial file contains sensitive information;
the watermark adding module is further used for returning a release inquiry request to the http proxy server under the condition that the first initial file or the second initial file contains sensitive information; wherein the release query request includes the sensitive information;
the http proxy server is further configured to forward the release query request to the real http client;
the real http client is also used for receiving the query request and sending, responding to a release instruction from a user, and returning the release instruction to the http proxy server;
the http proxy server is also used for receiving the release instruction and transmitting the release instruction to the watermark adding module;
the watermark adding module is further configured to add the preset watermark identifier to the first initial file according to the release instruction, so as to obtain the first target file, or,
the watermark adding module is further configured to add the preset watermark identifier to the second initial file according to the release instruction, so as to obtain the second target file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111107535.5A CN113806697B (en) | 2021-09-22 | 2021-09-22 | Watermark adding method and system in proxy mode |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111107535.5A CN113806697B (en) | 2021-09-22 | 2021-09-22 | Watermark adding method and system in proxy mode |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113806697A CN113806697A (en) | 2021-12-17 |
| CN113806697B true CN113806697B (en) | 2023-09-01 |
Family
ID=78939925
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111107535.5A Active CN113806697B (en) | 2021-09-22 | 2021-09-22 | Watermark adding method and system in proxy mode |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113806697B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103404164A (en) * | 2011-01-14 | 2013-11-20 | 耶德托公司 | Multiparty watermarking method and system |
| CN104050400A (en) * | 2014-06-27 | 2014-09-17 | 西南交通大学 | Webpage link protection method based on control character coding and steganography |
| CN110348182A (en) * | 2019-05-23 | 2019-10-18 | 李晓妮 | A kind of method and apparatus of web document watermark insertion |
| CN111835742A (en) * | 2020-07-03 | 2020-10-27 | 南京普建维思信息技术有限公司 | Data security management system and method based on distributed copy storage |
| CN112017097A (en) * | 2020-08-27 | 2020-12-01 | 豪威科技(武汉)有限公司 | Watermark adding method, device, terminal and computer readable storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7287275B2 (en) * | 2002-04-17 | 2007-10-23 | Moskowitz Scott A | Methods, systems and devices for packet watermarking and efficient provisioning of bandwidth |
| US20130346379A1 (en) * | 2012-06-22 | 2013-12-26 | W. Andrew Loe | Streaming dynamically-generated zip archive files |
-
2021
- 2021-09-22 CN CN202111107535.5A patent/CN113806697B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103404164A (en) * | 2011-01-14 | 2013-11-20 | 耶德托公司 | Multiparty watermarking method and system |
| CN104050400A (en) * | 2014-06-27 | 2014-09-17 | 西南交通大学 | Webpage link protection method based on control character coding and steganography |
| CN110348182A (en) * | 2019-05-23 | 2019-10-18 | 李晓妮 | A kind of method and apparatus of web document watermark insertion |
| CN111835742A (en) * | 2020-07-03 | 2020-10-27 | 南京普建维思信息技术有限公司 | Data security management system and method based on distributed copy storage |
| CN112017097A (en) * | 2020-08-27 | 2020-12-01 | 豪威科技(武汉)有限公司 | Watermark adding method, device, terminal and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113806697A (en) | 2021-12-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7194514B1 (en) | Stripping email attachment from an email message and adding into the email message a link to fetch the attachment | |
| US7171222B2 (en) | Multimedia messaging method and system for transferring multimedia content | |
| US20080281924A1 (en) | End user transparent email attachment handling to overcome size and attachment policy barriers | |
| KR101132027B1 (en) | System and method for automatic modification of multimedia messages | |
| US8914897B2 (en) | Controlling access to digital images based on device proximity | |
| US8086719B2 (en) | Bypassing uploading of data from a wireless device using outbound attachment caching | |
| US11102159B2 (en) | Method and communication device for processing data for transmission from the communication device to a second communication device | |
| WO2007133504A2 (en) | End user transparent email attachment handling to overcome size and attachment policy barriers | |
| WO1998058332A1 (en) | Method and apparatus for accessing and retrieving messages | |
| US10757052B2 (en) | Embedding actionable content in electronic communication | |
| WO2009129723A1 (en) | Method and system of off-line image transmission and off-line image server | |
| US20060041511A1 (en) | Device and method for digital rights management in a mobile terminal | |
| CA2263247C (en) | Communication apparatus and communication method | |
| EP2939450B1 (en) | Transmission of a multimedia message doubled with the transmission of a text message | |
| CN113806697B (en) | Watermark adding method and system in proxy mode | |
| CN109479026B (en) | Methods, systems, and computer program products for selectively modifying and sending messaging data | |
| US20020054363A1 (en) | Facsimile server, electronic mail device, and communication method | |
| US20050154728A1 (en) | Notification of access for a sender of an electronic message | |
| JP2005525605A (en) | Substitution with attachment URL in electronic content transfer | |
| CN104980479B (en) | A kind of file pre-push method, associated server and system | |
| WO2009155877A1 (en) | Method, device and system for processing multimedia messages | |
| JP3284439B2 (en) | Method and apparatus for transmitting and receiving attached information | |
| JP2004334427A (en) | Communication device | |
| CA2688755C (en) | Method and communication device for processing data for transmission from the communication device to a second communication device | |
| JP3380234B2 (en) | FAX transmission device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |