CN114257449A - Data label tracing technology for Web layer - Google Patents
Data label tracing technology for Web layer Download PDFInfo
- Publication number
- CN114257449A CN114257449A CN202111567465.1A CN202111567465A CN114257449A CN 114257449 A CN114257449 A CN 114257449A CN 202111567465 A CN202111567465 A CN 202111567465A CN 114257449 A CN114257449 A CN 114257449A
- Authority
- CN
- China
- Prior art keywords
- data
- label
- document
- tracing
- tag
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000005516 engineering process Methods 0.000 title claims abstract description 28
- 238000000034 method Methods 0.000 claims abstract description 16
- 239000000284 extract Substances 0.000 claims abstract description 9
- 230000000694 effects Effects 0.000 claims abstract description 7
- 238000004458 analytical method Methods 0.000 claims abstract description 4
- 238000007726 management method Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000026676 system process Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/146—Tracing the source of attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Computing Systems (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a data label tracing technology for a Web layer, which comprises the following steps: extracting basic data from HTTP (S) format data, and judging whether the type of the basic data is a character string or a document type; if the character string format data exists, automatically adding an identity characteristic label in the data, then encrypting the characteristic, processing by using an invisible characteristic technology, and sending to a third-party service system; if the document format type is the document format type, deeply analyzing the format of the document, adding an identity characteristic label to the document data after the analysis is successful, encrypting the characteristic, and processing by using an invisible characteristic technology; importing the leaked data into matched tracing software, wherein the tracing software can extract identity characteristic label information in the data and decrypt and visually process the label to determine identity characteristic information of specific leaked personnel and time for leaking the data, so that a tracing effect is realized; by utilizing the technical means of the invention, the data leakage risk can be greatly reduced.
Description
Technical Field
The invention belongs to the technical field of network information security, and particularly relates to a data label tracing technology for a Web layer.
Background
When the computer business system is much based on the Web form, it has become the mainstream. Data communication and service interaction between Web systems are basically completed by calling a Web interface form. Particularly, for a database system and a core service system, the server Web interface of the system needs to provide various data to the external use, such as basic data used by an external third-party service system, as shown in fig. 5 and 6. The basic data given to external or third parties in the form of Web interfaces are often homogeneous, i.e., there is almost no difference in the underlying data received by different third parties. After the data without difference on the interface level is sent to a plurality of third party systems, if a certain third party leaks basic data, the basic data is difficult to trace as a management party, or it is difficult to determine which of the third parties is a leakage source.
Solving such data leakage risk is currently done more by management plus technical means. If the management means requires that all third-party contact server system personnel need strict management for operation, all the personnel contacting the server need to apply for operation, and the like. The technical means requires that the authority distribution of the personnel contacting the server is minimized, all logs of the server operation are recorded, and the like.
At present, some means for tracing data identification are available, for example, metadata is added for identification in a data storage link, such data identification needs to change a database structure and add metadata identification on one hand, and on the other hand, data can only be traced to the source, and a leakage person cannot be traced to the source. The management and technical means can guarantee data security to a certain extent, but still have great loopholes or probability to cause the basic data to be spread and leaked by third-party users, and the main reason is that the basic data is not different from the third-party users. The content of basic data taken by a third party A is identical to that of basic data taken by a third party B, the data is not different, namely, after any party leaks the data, the data serving as a data source manager is difficult to determine a specific leakage source, and therefore a data label tracing technology for a Web layer is provided.
Disclosure of Invention
The invention aims to provide a data label tracing technology for a Web layer, which realizes a data tracing effect by using an invisible characteristic technology so as to accurately trace the source of data of various leakage paths and solve the problems in the background technology.
In order to achieve the purpose, the invention adopts the following technical scheme: a data label tracing technology for a Web layer comprises the following steps:
after receiving HTTP (S) data sent by a third-party service system, a Web data label traceability system extracts basic data from the HTTP (S) format data and judges the type of the data;
B. when the data is in a character string type, automatically adding an identity characteristic label in the character string data, then encrypting the characteristic, and processing by using an invisible characteristic technology, wherein the traceability system needs to restore the character string data with the encrypted characteristic label in an HTTP (S) protocol form and send the character string data to a third-party service system;
C. when the data is a streaming document or a format document, the format of the document in various formats needs to be deeply analyzed, an identity feature tag is added to the data after the analysis is successful, the features are encrypted and processed by using an invisible feature technology, the identity feature tag can be further added to the document extended attribute for the document format, identity feature information is added in multiple forms, the assembly and the reduction of various document formats are completed after the identity feature tag is added, and the document with the encrypted feature tag is sent to a third-party service system;
D. and when the third-party service system receives the data returned by the Web interface of the server, the data can be normally used. If the third-party service personnel reveals the received data, the manager of the data can lead the revealed data into the matched tracing software, and the tracing software can extract the identity characteristic label information in the data so as to determine the identity characteristic information of the specific revealing personnel and the time of revealing the data, thereby realizing the tracing effect
Further, before step a, the third-party service system initiates a request to the server Web interface through the URL address of the http(s) protocol and acquires data, the Web data tag tracing system transfers the received request to the server Web interface, and the server Web interface receives the request and starts to process the request.
Furthermore, the traceability system is used as an intermediate network link to complete all network bottom layer operations such as request receiving, request forwarding and the like.
Further, the identity tag includes, but is not limited to, a source IP address, a login account number, an AppID, or AppKey identification information of the business system.
Further, the identity feature tag selects at least one of a source IP address, a login account, an AppID or an AppKey as an identifier.
Further, the identity tag is added while adding the current timestamp information.
Further, the feature encryption method includes, but is not limited to, AES, RSA, and cryptographic SM.
Compared with the prior art, the invention has the beneficial effects that:
the invention relates to an identity characteristic technology aiming at Web data source tracing. The technology can realize the tracing effect only aiming at the data acquired in the form of calling the Web interface of the server. Namely, the third-party identity feature labels are automatically added to the basic data of each third party, the identity feature labels are encrypted and invisible, so that the identity feature labels cannot be seen when a user looks over the identity feature labels with naked eyes, but the identity feature labels can be normally identified by special feature identification software matched with the traceability system. The encryption technology ensures that the identity characteristic information is not easy to be falsified and forged. When data is sent to a third party A through a Web interface, the identity characteristic label of A is automatically added to the underlying basic data, when the data is sent to a third party B, the identity characteristic label of B is automatically added to the underlying basic data, and the feature label is invisible in encryption, so that the normal use of services is not influenced, and the browsing and checking of a user are not influenced. After a plurality of third party basic numbers are given by a Web interface of the server, once data with identity feature labels are leaked by a certain party, a management party can extract features of the data through special feature recognition software matched with a traceability system, if identity feature information extracted from the leaked data belongs to a third party A, the leakage source can be determined to be the third party A, if the identity feature information extracted from the leaked data belongs to a third party B, the leakage source can be determined to be the third party B, and the like.
If the third party A copies the data to be leaked by using the micro-letter transmission, copies the data to be transmitted by using the mail, copies the data to be transmitted after storing the file, transmits the file by using the network command, transmits the document by using the micro-letter and other tools, and uploads the important document to some public platforms (such as a Baidu library, a Douding network, a Darbus, an E library, a New love shared data, a CSDN download, a Suzhou network and the like), the special feature recognition software matched with the tracing system can extract and recognize the feature of the leaked data or document.
The technology of the invention can provide a good tracing mode for an administrator. The source tracing effect plays a good role in frightening data leakage behaviors of related data using personnel, and the data leakage risk can be greatly reduced and the data safety can be improved by utilizing the technical means.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention.
FIG. 1 is a flow chart of the present invention;
FIG. 2 is a data processing flow diagram of the present invention;
FIG. 3 is a flow chart of an evolution process of adding identity tags in accordance with the present invention;
FIG. 4 is a flowchart of the process of extracting feature tags by the tracing software of the present invention;
FIG. 5 is a current data transmission flow diagram;
fig. 6 is a current data flow diagram.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Referring to fig. 1 to 4, the present invention provides a technical solution: a data label tracing technology for a Web layer comprises the following steps:
STEP 1: the operation sequence is a third-party service system-Web data label tracing system-server Web interface;
the method comprises the processes of S1, S2 and S3 in the figure 1, wherein a third-party service system initiates a request to a server Web interface through a URL (Uniform resource locator) address of an HTTP (S) protocol and acquires data, a Web data label traceability system transfers the received request to the server Web interface, the server Web interface receives the request and starts to process the request, and the traceability system is used as an intermediate network link to complete all network bottom layer operations such as request receiving, request forwarding and the like.
STEP 2: the operation sequence is a Web interface-Web data label traceability system of the server;
after receiving the transmitted http (S) business data, the Web data tag traceability system extracts basic data (i.e., real business data) from http (S) format data, and determines whether the basic data is of a string type or a document type, wherein subsequent steps of different types have different processing modes.
STEP 3: processing the character string type data by the Web data tag traceability system;
the method comprises the processes of S6, S7 and S8 in figure 1, if a tracing system judges that basic data is a character string type, identity characteristic tags are automatically added into the character string data, the identity characteristic tags can self-define and select a source IP address, a login account number, an AppID or an AppKey of a service system, and current timestamp information is added, because the identity characteristic tags are added aiming at the character strings, the identity characteristic tags still need to be specially processed, such as encryption processing of algorithms such as AES, RSA and national secret SM and the like are carried out on the characteristics, invisible characteristic technology processing is used for ensuring that the identity characteristics are difficult to tamper, forge and cannot be checked, the character string data can be in a text format which can be transmitted by (HTTP S) (such as a JSON format, an XML format, a common character string format and the like, after the identity characteristic tags are automatically added, the tracing system needs to restore the complete character string data with the identity characteristic tags in a form of an HTTP (S) protocol, and sending the data to a third-party service system to ensure that the service process is normal.
STEP 4: the Web data label traceability system processes the document data;
including the S9, S10, S11 processes of fig. 1. If the traceability system judges that the service data is of a streaming document (such as a docx format, an xlsx format, and a pptx format) or a format document (such as a pdf format, and a domestic ofd format), the format of the documents in various formats needs to be deeply analyzed, and after the analysis is successful, an identity feature tag is added to the data, and the specific processing mode can be the same as the above character string type processing flow. For the document type format, identity characteristic tags can be further added to the document extended attributes, and identity characteristic information can be added in a multiple mode. And after the identity characteristic tag is added, completing the assembly and reduction of various document formats, and finally sending the document with the identity characteristic tag to a third-party service system to ensure that the service process is normal. The traceability system can automatically complete the work of adding the identity characteristic label, the mode belongs to a non-sensing mode, manual access is not needed, a server is not needed to modify codes, a third-party service terminal is not needed to modify the codes, and the whole process is completed in an automatic transparent mode.
STEP 5: a third-party service system, namely a Web data label traceability system;
including the processes of S12 and S13, the data can be normally used after the third-party service system receives the data returned by the Web interface of the server. If the data is finally leaked out through different ways, an administrator can trace the source of the leaked data, specifically, the leaked data (including character string data and document types) are led into the tracing software, and the tracing software can extract identity characteristic label information in the data so as to determine the identity characteristic information of specific leaked personnel and the time for leaking the data, so that the tracing effect is realized.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.
Claims (7)
1. A data label tracing technology for a Web layer is characterized by comprising the following steps:
after receiving HTTP (S) data sent by a third-party service system, a Web data label traceability system extracts basic data from the HTTP (S) format data and judges the type of the data;
B. when the data is in a character string type, automatically adding an identity characteristic label in the character string data, then encrypting the characteristic, and processing by using an invisible characteristic technology, wherein the traceability system needs to restore the character string data with the identity characteristic label in an HTTP (S) protocol form and send the character string data to a third-party service system;
C. when the data is a streaming document or a format document, the format of the document in various formats needs to be deeply analyzed, an identity characteristic tag is added to the data after the analysis is successful, the tag is encrypted and processed by using an invisible characteristic technology, the identity characteristic tag can be further added to the document extended attribute for the document format, identity characteristic information is added in multiple forms, the assembly and the reduction of various document formats are completed after the identity characteristic tag is added, and the document with the identity characteristic tag is sent to a third-party service system;
D. when the third-party service system receives the data returned by the Web interface of the server, the data can be normally used, if the third-party service personnel reveals the received data, a manager of the data can lead the revealed data into matched tracing software, and the tracing software can extract the identity characteristic label information in the data so as to determine the identity characteristic information of the specific revealing personnel and the time of revealing the data, thereby realizing the tracing effect.
2. The data tag tracing technology for the Web layer according to claim 1, wherein: before the step A, the third-party service system initiates a request to the Web interface of the server through the URL address of the HTTP (S) protocol and acquires data, the Web data label tracing system transfers the received request to the Web interface of the server, and the Web interface of the server receives the request and starts to process the request.
3. The data tag tracing technology for the Web layer according to claim 1, wherein: the traceability system is used as an intermediate network link to complete all network bottom layer operations such as request receiving, request forwarding and the like.
4. The data tag tracing technology for the Web layer according to claim 1, wherein: the identity tag includes, but is not limited to, a source IP address, a login account number, an AppID, or AppKey identification information of the business system.
5. The data tag tracing technology for the Web layer according to claim 4, wherein: the identity characteristic label selects at least one of a source IP address, a login account number, an AppID or an AppKey as an identifier.
6. The data tag tracing technology for the Web layer according to claim 4, wherein: and adding the current timestamp information while adding the identity characteristic label.
7. The data tag tracing technology for the Web layer according to claim 1, wherein: the features are encrypted by algorithms including, but not limited to, AES, RSA, or national secret SM.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111567465.1A CN114257449A (en) | 2021-12-20 | 2021-12-20 | Data label tracing technology for Web layer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111567465.1A CN114257449A (en) | 2021-12-20 | 2021-12-20 | Data label tracing technology for Web layer |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114257449A true CN114257449A (en) | 2022-03-29 |
Family
ID=80796196
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111567465.1A Pending CN114257449A (en) | 2021-12-20 | 2021-12-20 | Data label tracing technology for Web layer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114257449A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101197857A (en) * | 2007-12-26 | 2008-06-11 | 腾讯科技(深圳)有限公司 | Document downloading method and device |
| FR3010560A1 (en) * | 2013-09-11 | 2015-03-13 | Univ Troyes Technologie | COLLABORATIVE WORKING TOOL FOR ARCHIVING, TRACABILITY AND PROBATION VALUE OF ORGANIZATION DATA |
| CN107423629A (en) * | 2017-04-12 | 2017-12-01 | 李晓妮 | A kind of anti-method and system divulged a secret with tracing of fileinfo output |
| CN108809803A (en) * | 2018-04-18 | 2018-11-13 | 北京明朝万达科技股份有限公司 | A kind of anti-method and system divulged a secret with tracing of fileinfo |
| CN109657426A (en) * | 2019-01-30 | 2019-04-19 | 贵州大学 | A kind of data source tracing method based on digital signature and digital watermarking |
| CN111625854A (en) * | 2020-05-25 | 2020-09-04 | 聚好看科技股份有限公司 | Document encryption method, access method, server and system |
| CN113032744A (en) * | 2021-03-29 | 2021-06-25 | 吉林省容汇科技服务中心(有限合伙) | Digital watermark all-in-one system |
-
2021
- 2021-12-20 CN CN202111567465.1A patent/CN114257449A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101197857A (en) * | 2007-12-26 | 2008-06-11 | 腾讯科技(深圳)有限公司 | Document downloading method and device |
| FR3010560A1 (en) * | 2013-09-11 | 2015-03-13 | Univ Troyes Technologie | COLLABORATIVE WORKING TOOL FOR ARCHIVING, TRACABILITY AND PROBATION VALUE OF ORGANIZATION DATA |
| CN107423629A (en) * | 2017-04-12 | 2017-12-01 | 李晓妮 | A kind of anti-method and system divulged a secret with tracing of fileinfo output |
| CN108809803A (en) * | 2018-04-18 | 2018-11-13 | 北京明朝万达科技股份有限公司 | A kind of anti-method and system divulged a secret with tracing of fileinfo |
| CN109657426A (en) * | 2019-01-30 | 2019-04-19 | 贵州大学 | A kind of data source tracing method based on digital signature and digital watermarking |
| CN111625854A (en) * | 2020-05-25 | 2020-09-04 | 聚好看科技股份有限公司 | Document encryption method, access method, server and system |
| CN113032744A (en) * | 2021-03-29 | 2021-06-25 | 吉林省容汇科技服务中心(有限合伙) | Digital watermark all-in-one system |
Non-Patent Citations (1)
| Title |
|---|
| 王丽娜: "《信息隐藏技术与应用》", 中国铁道出版社有限公司, pages: 103 - 148 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108989346B (en) | Third-party valid identity escrow agile authentication access method based on account hiding | |
| US9763100B2 (en) | Instant messaging message processing method and device and storage medium | |
| CN106341429A (en) | Authentication method capable of protecting safety of server data | |
| CN109889469B (en) | Short message verification method, device, storage medium, short message verification system and terminal | |
| KR20110058649A (en) | Methods and systems for real time language translation using social networking | |
| CN102271035A (en) | Password transmission method and device | |
| CN110399748A (en) | A kind of screenshot method and device based on image recognition | |
| CN113536250B (en) | Token generation method, login verification method and related equipment | |
| CN112150113A (en) | Method, device and system for borrowing file data and method for borrowing data | |
| CN110807209B (en) | Data processing method, device and storage medium | |
| CN110913397B (en) | Short message verification method, device, storage medium and computer equipment | |
| US20190018751A1 (en) | Digital Asset Tracking System And Method | |
| CN104426834B (en) | A kind of web-page requests method, client, server and system | |
| CN105812460A (en) | Mobile Internet message push technology for enterprise customers | |
| CN106559386A (en) | A kind of authentication method and device | |
| CN106921557B (en) | Mail sending method and equipment | |
| CN107645474A (en) | Log in the method for open platform and log in the device of open platform | |
| CN113449829A (en) | Data transmission method based on optical character recognition technology and related device | |
| KR102072134B1 (en) | Message transmission apparatus, message server and message receipt appratus | |
| CN113098758A (en) | Enterprise message pushing security gateway system based on enterprise WeChat | |
| CN116743481A (en) | Service security management and control method, device, equipment and storage medium | |
| CN115102720B (en) | Virtual machine security management method, system and computer equipment | |
| CN107995616A (en) | The processing method and device of user behavior data | |
| CN114257449A (en) | Data label tracing technology for Web layer | |
| CN110162941A (en) | A kind of terminal log-on message store method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |