CN115730345A - Private data processing method, detection engine and system - Google Patents
Private data processing method, detection engine and system Download PDFInfo
- Publication number
- CN115730345A CN115730345A CN202211370613.5A CN202211370613A CN115730345A CN 115730345 A CN115730345 A CN 115730345A CN 202211370613 A CN202211370613 A CN 202211370613A CN 115730345 A CN115730345 A CN 115730345A
- Authority
- CN
- China
- Prior art keywords
- data
- target data
- detection
- privacy
- detection engine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a privacy data processing method, which is applied to a communication layer of an applet and comprises the following steps: responding to a calling request sent when the logic processing layer receives the data request, calling a communication layer interface to acquire target data through the communication layer interface; carrying out privacy detection on the obtained target data; and processing the target data according to the private data detection result, and returning the processed target data to the logic processing layer. Responding to a calling request sent when the logic processing layer receives the sending request, and acquiring data to be sent; carrying out privacy detection on the acquired data; processing data to be sent according to the privacy detection result; and calling a communication layer interface to send the processed data to be sent through the communication layer interface. Accordingly, the invention discloses a private data detection engine and a system.
Description
Technical Field
The present invention relates to data processing technologies, and in particular, to a method, an engine and a system for processing private data.
Background
An applet is an application that can be used without downloading and installation, and a user can open the application by a simple operation such as two-dimensional code scanning or searching. The applet usually runs on the APP of the mobile terminal, and the common applets such as pay pal and wechat. In principle, the method can be regarded as a webpage application, and runs in a browser built in an APP. Generally, applets are developed by js language, and access to data of a mobile terminal and open openAPI services on the internet through an Application Program Interface (API) provided by an applet framework. Through the interface, the applet can acquire the host application of the applet, namely the personal privacy data of the mobile terminal where the APP is located, and the risk of privacy leakage exists.
In the prior art, most of the manual code audits aiming at the privacy security of small programs are easy to omit; and, the automation code auditing tool aiming at privacy security in the prior art cannot be used in the small program scene.
In view of this, it is desirable to obtain a new privacy data processing method, which can directly work on the framework of applet running to block the behavior endangering personal privacy in real time.
Disclosure of Invention
One of the purposes of the invention is to provide a privacy data processing method, which can directly work on a framework of small program operation and block behaviors endangering personal privacy in real time.
Based on the above object, the present invention provides a method for processing private data, which is applied to a communication layer of an applet, and comprises the steps of:
responding to a calling request sent when a logic processing layer receives a data request, and calling a communication layer interface to acquire target data through the communication layer interface;
carrying out privacy detection on the obtained target data;
processing the target data according to a private data detection result;
and returning the processed target data to the logic processing layer.
The privacy data processing method for protecting the small program privacy can directly work on a small program operation frame, carry out privacy detection on data in real time according to the data acquired by a data processing layer data request, process the privacy data and protect the data privacy.
Further, in some embodiments, the privacy detection comprises a type detection, the method comprising:
and performing type detection on the target data, and performing blocking processing on the target data under the condition that the type of the target data is a preset privacy data type.
Further, in some embodiments, the privacy detection comprises content detection, the method comprising:
and detecting the content of the target data, judging that the target data contains private data under the condition that the target data comprises sensitive information, and blocking the sensitive information, wherein the sensitive information is the data content meeting the preset sensitive information judgment condition.
The invention also provides another privacy data processing method, which is applied to a communication layer of an applet and comprises the following steps:
responding to a calling request sent when the logic processing layer receives the sending request, and acquiring data to be sent;
carrying out privacy detection on the acquired data;
processing the data to be sent according to a privacy detection result;
and calling a communication layer interface to send the processed data to be sent through the communication layer interface.
Further, in some embodiments, the privacy detection comprises content detection, the method comprising:
and detecting the content of the target data, judging that the target data contains privacy data under the condition that the target data comprises sensitive information, and carrying out privacy protection processing on the target data, wherein the sensitive information is data content meeting preset sensitive information judgment conditions.
Further, in some embodiments, the privacy preserving measures include performing a desensitization operation or a blocking operation on the privacy data.
Another object of the present invention is to provide a private data detection engine, which is applied to a communication layer of an applet architecture, and detects and protects private data in real time.
Based on the above object, the present invention further provides a private data detection engine, applied to a communication layer of an applet framework:
the detection engine responds to a calling request sent when the logic processing layer receives the data request, and calls a communication layer interface to acquire target data through the communication layer interface;
the detection engine carries out privacy detection on the obtained target data and processes the target data according to the detection result of the privacy data;
and the detection engine returns the processed target data to the logic processing layer.
Further, in some embodiments, the private data detection engine includes a first interface for requesting access to the mobile terminal data, and the detection engine is sent through the first interface in response to a call request sent when the logical processing layer receives a data request.
Further, in some embodiments, the detection engine performs type detection on the target data, and performs blocking processing on the target data in a case that the type of the target data is a preset privacy data type.
Further, in some embodiments, the detection engine performing privacy detection on the target data comprises:
the detection engine detects the content of the target data, judges that the target data contains private data under the condition that the target data comprises sensitive information, and blocks the sensitive information, wherein the sensitive information is data content meeting preset sensitive information judgment conditions.
The invention also provides another privacy data detection engine which is applied to a communication layer of the applet framework and comprises the following steps:
the detection engine responds to a calling request sent when the logic processing layer receives the sending request, and obtains data to be sent;
the detection engine carries out privacy detection on the acquired data and processes the data to be sent according to a privacy detection result;
and the detection engine calls a communication layer interface to send the processed data to be sent through the communication layer interface.
Further, in some embodiments, the private data detection engine comprises a second interface for requesting access to an internet open interface service, the detection engine being sent over the second interface in response to a call request issued in response to the logical processing layer receiving the send request.
Further, in some embodiments, the detection engine is further configured to perform content detection on the target data, determine that the target data contains private data when the target data includes sensitive information, and perform privacy protection processing on the target data, where the sensitive information is data content meeting a preset sensitive information determination condition.
Further, in some embodiments, the detection engine is further to perform a desensitization operation or a blocking operation on the private data.
The invention further aims to provide a private data processing system which is applied to a communication layer of an applet framework and is used for detecting and protecting private data in real time.
In view of the above object, the present invention further provides a private data processing system, which includes a communication layer applied to an applet framework, and a logic processing layer in communication with the communication layer, where the communication layer further includes a detection engine, the detection engine includes a first interface for accessing data of a mobile terminal, the logic processing layer communicates with the detection engine through the first interface, and the detection engine communicates with other interfaces of the communication layer through the communication layer interface:
the logic processing layer sends a call request to the detection engine through the first interface when receiving a data request,
the detection engine calls the communication layer interface to acquire target data through the communication layer interface;
the detection engine carries out privacy detection on the obtained target data and processes the target data according to the detection result of the privacy data;
and the detection engine returns the processed target data to the logic processing layer.
Further, in some embodiments, the detection engine performing privacy detection on the target data comprises:
the detection engine carries out type detection on the target data, and carries out blocking processing on the target data under the condition that the type of the target data is a preset privacy data type.
Further, in some embodiments, the detection engine performing privacy detection on the target data comprises:
the detection engine detects the content of the target data, judges that the target data contains private data under the condition that the target data comprises sensitive information, and blocks the sensitive information, wherein the sensitive information is data content meeting preset sensitive information judgment conditions.
Further, in some embodiments, the system further comprises a presentation layer, the detection engine further comprises a second interface to access an internet open interface service, the logical processing layer communicates with the detection engine through the second interface, the detection engine communicates with other interfaces of the communication layer through the communication layer interface:
the logic processing layer sends a calling request to the detection engine through the second interface when receiving a sending request;
the detection engine carries out privacy detection on the acquired data and processes the data to be sent according to a privacy detection result;
and the detection engine calls a communication layer interface so as to send the processed data to be sent to the display layer through the communication layer interface.
Further, in some embodiments, the private data processing system is further configured to perform content detection on the target data, determine that the target data contains private data when the target data includes sensitive information, and perform privacy protection processing on the target data, where the sensitive information is data content meeting a preset sensitive information determination condition.
Further, in some embodiments, the detection engine is further configured to perform a desensitization operation or a blocking operation on the private data.
The privacy data processing method, the frame and the system have the following beneficial effects:
the system directly works on a framework for running the small program, and blocks the behavior which endangers personal privacy in real time; the method is embedded into a small program frame, detects the data reading behavior of a logic layer, and can block the behavior which endangers personal privacy in real time; the method can be directly embedded into a small program frame, detects data returned to a page display layer, and blocks the desensitized irregular behavior of private data in real time;
drawings
Fig. 1 schematically shows an architecture diagram of an existing applet framework in an embodiment.
Fig. 2 schematically shows a flow chart of the private data processing method according to an embodiment of the present invention.
Fig. 3 schematically shows a flow chart of the private data processing method according to another embodiment of the present invention.
FIG. 4 is a flowchart illustrating steps performed by the private data processing detection engine of one embodiment of the present invention.
Fig. 5 is a flowchart illustrating steps performed by the private data processing detection engine according to another embodiment of the present invention.
FIG. 6 is a block diagram illustrating an architecture of a private data processing system according to an embodiment of the present invention.
Detailed Description
The method, detection engine, and system for private data processing according to the present invention are described in further detail below with reference to the figures and the specific embodiments, but the detailed description is not meant to limit the invention.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. Furthermore, the modules described in the embodiments of the present application may be implemented by software or hardware.
Fig. 1 exemplarily illustrates an architecture diagram of a conventional applet framework in an embodiment, and as shown in fig. 1, the conventional applet framework mainly includes a page presentation layer, a communication frame and a logic processing layer. The page display layer requests data from the logic processing layer through the communication frame; and the logic processing layer realizes access to the data of the mobile terminal and open openAPI service on the Internet through the API provided by the applet communication frame, and transmits the processed data to the page display layer through the communication frame, and the page display layer finishes final data display. In the data transmission process, privacy security problems can occur in some scenes, for example, the logic processing layer directly reads user privacy data in an illegal way through a communication framework of the small program; for another example, the logical layer is in a state that the service needs to read the data of the mobile terminal in compliance, or read the personal privacy data through openAPI compliance, but the page display layer does not perform desensitization or desensitization error, and the personal privacy data is displayed in non-compliance.
The invention relates to a privacy data processing method which can be applied to the existing applet framework, can be directly embedded into the existing applet running framework, and can detect and process the behaviors which harm the data privacy in real time.
In an embodiment of the present invention, a private data processing method is provided, which is applied to a detection engine in an applet communication framework, where the detection engine is used to detect target data to be processed in the applet communication framework, and fig. 2 exemplarily shows a flowchart of the private data processing method according to an embodiment of the present invention.
As shown in fig. 2, the private data processing method includes the steps of:
200: and responding to a calling request sent when the logic processing layer receives the data request, and calling a communication layer interface to acquire target data through the communication layer interface.
In some embodiments, when the logical processing layer receives the data request, it sends a data call request to the communication layer of the applet to read the target data. The target data may be data obtained from a mobile terminal where the applet host application is located through an existing interface in the applet framework, and the data is originally returned to the logic processing layer for further data processing. The host application is an APP where the applet is located, and the mobile terminal where the host application is located installs the mobile device where the APP is located, such as a mobile phone, a tablet, a personal computer, or even a device management apparatus. According to the privacy data processing method provided by the invention, the logic processing layer can not directly call the existing interface of the applet communication layer, but can request the communication layer through the interface provided by the invention; the data acquired from the mobile terminal can not be directly fed back to the logic processing layer, but is returned to the logic processing layer after subsequent privacy detection and processing. Therefore, the private data returned to the logic layer in the applet is detected and processed.
210: and carrying out privacy detection on the acquired target data.
220: and processing the target data according to the private data detection result, and returning the processed target data to the logic processing layer.
In some embodiments, the privacy detection comprises a type detection, the method of privacy data processing further comprising the steps of: and detecting the type of the target data, and blocking the target data under the condition that the type of the target data is a preset privacy data type.
In this embodiment, whether the target data is private data is determined according to the data type of the target data. For example, the preset data types related to privacy include, but are not limited to, MAC address, device number, IP address, geographical location or address book information of the mobile terminal, and there may be a specific data type for these data, or a specific field is used to indicate a certain data type according to the standardized or structured definition of data. Illustratively, type detection may be performed by the format or type of the data itself, e.g., MAC address fixed to 48 bits; the geographic location is made up of longitude and latitude; the IP address also has a standard data format, for example, the length of the ipv4 address is 32 bits, the range of each address number is 0-255, the address length of the ipv6 address is 128 bits, etc. And detecting target data according to the characteristics of the data, and judging that the target data comprises the private data under the condition of detecting that the composition characteristics of a certain section of data accord with the type preset as the private data. Optionally, in other embodiments, according to the standard definition of data in the interface, the device number may use DeviceID as an indication, and in the type detection process, if the obtained target data includes the data indicated by the field, it may be determined that the target data includes the device number, and if the device number is preset privacy data, the target data includes the privacy data. On the other hand, when the target data includes private data, blocking is performed directly. The blocking may be performed for all data included in the call request, that is, empty data is returned to the logic processing layer; or filtering the data related to the call request, blocking all the private data, and returning only the readable data to the logic processing layer.
It should be noted that the above-mentioned type detection manner is only an optional implementation manner of the type detection provided by the present invention, and in the application process, more other detection manners or a combination of various manners may be used to obtain higher detection accuracy.
In some embodiments, the privacy detection comprises content detection, the method of privacy data processing further comprising the steps of: and detecting the content of the target data, judging that the target data contains private data under the condition that the target data comprises sensitive information, and blocking the sensitive information, wherein the sensitive information is the data content meeting the preset sensitive information judgment condition.
In this embodiment, the main purpose of content detection is to determine whether the target data contains preset data content that should not be returned to the logical processing layer. For example, the user information of the user corresponding to the host application where the applet is located includes an identity card number, and according to the preset privacy setting, the mobile phone number of the user is only allowed to obtain the last 4 digits. In this embodiment, the numbers except the last four digits in the id number belong to sensitive information, and if the id number is to be acquired, desensitization of the sensitive information is required, for example, the sensitive information is hidden and replaced by an x number, or only the last four digits are read during reading. When content detection is performed, it is necessary to determine whether the target data meets the sensitive information determination condition, for example, if all data of the mobile phone number is read, the target data is considered to include private data. Optionally, in some more specific embodiments, the sensitive information determination condition may be preset by a designer of the applet, or may be manually set by a user from the host application or the mobile terminal.
Similarly, in the case where the target data contains private data, blocking is performed. The blocking may be performed for all data included in the call request, that is, empty data is returned to the logic processing layer; or filtering the data related to the call request, blocking all the private data, and returning only the readable data to the logic processing layer. Optionally, after blocking, desensitization processing may be performed on the target data through desensitization processing, and then the desensitized data is transmitted to the logic processing layer.
In the method for processing private data provided by the present invention, the manner in which the detection engine acquires the target data is not limited. In some embodiments, a detection engine may be added to all data interfaces and data streams of the communication framework, so as to obtain target data to be delivered to the logical processing layer and perform privacy detection on the target data. In other embodiments, in order to improve the working efficiency of the detection engine, the original interface between the applet communication framework and the logic processing layer may be encapsulated, and the logic processing layer may not directly call the original interface of the applet communication framework, but only call the interface provided by the detection engine. The interface detects data of the mobile terminal and all data returned to the logic layer when the open openAPI service on the Internet is accessed, and executes privacy detection
The steps of the method show that the privacy data processing method provided by the invention can overcome the problems that the existing privacy security aiming at the small program, most of the existing artificial code auditing is easy to miss, and the existing automatic code auditing tool aiming at the privacy security cannot be used in the small program scene, and can directly work on the small program operation frame to block the behavior of endangering the individual privacy in real time.
In another embodiment of the present invention, a private data processing method is provided, which is applied to a detection engine in an applet communication framework, where the detection engine is used to detect target data to be processed in the applet communication framework, and fig. 3 exemplarily shows a flowchart of the private data processing method according to another embodiment of the present invention.
As shown in fig. 3, the private data processing method includes the steps of:
300: and responding to a calling request sent when the logic processing layer receives the sending request, and acquiring data to be sent.
In some more specific embodiments, after the logic processing layer acquires and processes the data, the logic processing layer needs to return the data to the presentation layer and present the data to the user through the interactive interface. In this scenario, when the logic processing layer receives a request for sending data, it typically sends an interface call request to the communication layer of the applet, so as to transmit the data to be exposed to the exposure layer through the communication layer. The communication layer obtains the data to be sent based on the call request. Different from the existing small program framework, the privacy processing method provided by the invention does not directly transmit the acquired data to be transmitted to the display layer, but carries out privacy detection on the data to be transmitted.
310: carrying out privacy detection on the acquired data;
320: processing the data to be sent according to the privacy detection result; and calling a communication layer interface to send the processed data to be sent through the communication layer interface.
In some embodiments, the privacy detection comprises content detection, comprising the steps of:
and detecting the content of the target data, judging that the target data contains privacy data under the condition that the target data comprises sensitive information, and carrying out privacy protection processing on the target data, wherein the sensitive information is data content meeting preset sensitive information judgment conditions.
In this embodiment, the target data of the privacy detection is mainly data to be sent to the page presentation layer for presentation. In this case, the data type of the data acquired from the mobile terminal is generally allowed to be acquired, and the logic processing layer may further process the data according to a preset logic to finally obtain target data to be fed back to the page display layer, and when the target data flows through the applet communication framework, the detection engine will perform content detection on the target data. The main purpose of content detection is to determine whether the target data contains sensitive information that is not suitable for being displayed on the page display layer. For example, the user information of the user corresponding to the host application where the applet is located includes an identity card number, and according to a preset privacy setting, the identity card number of the user is 18 bits in total, and only a part of bits are allowed to be displayed when the mobile terminal interface is displayed. In this embodiment, the identity card number contains sensitive information except the bits that are allowed to be displayed. If the information is to be displayed on the page display layer, the sensitive information may be further desensitized, for example, the sensitive information is hidden and replaced by an asterisk, or the information may be directly blocked from being output to the display layer. When content detection is performed, it is necessary to determine whether target data for display has met the display requirements, that is, a sensitive information determination condition.
Optionally, in some more specific embodiments, the sensitive information determination condition may be preset by a designer of the applet, or may be manually set by a user from the host application or the mobile terminal. The operation of desensitization is not limited to concealment or replacement of numbers or characters, but also includes various types such as erasing or mosaic processing of private information in a picture.
In some embodiments, the privacy safeguards include performing a desensitization operation on the private data. In some more specific embodiments, a desensitization operation is performed for when privacy data is contained and no desensitization or desensitization is not compliant. The desensitization operation corresponds to the type of sensitive information and the sensitive information judgment condition. For example, for numbers or characters, the numbers or characters on the corresponding number of bits may be obscured according to desensitization requirements; for pictures, a masking pattern may be added to the part of the picture that must not be shown for privacy protection or processed in a mosaic. In some more specific application scenarios, the privacy protection measures provided in the above embodiments may be performed simultaneously or sequentially.
In the method for processing private data provided by the present invention, the manner in which the detection engine acquires the target data is not limited. In some embodiments, a detection engine may be added to all data interfaces and data streams of the communication framework, so as to obtain target data to be delivered to the logical processing layer and perform privacy detection on the target data. In other embodiments, in order to improve the working efficiency of the detection engine, the original interface between the applet communication framework and the logic processing layer may be encapsulated, and the logic processing layer may not directly call the original interface of the applet communication framework, but only call the interface provided by the detection engine. The interface detects data of the mobile terminal and all data returned to the logic layer when the open openAPI service on the Internet is accessed, and privacy detection is executed.
According to the steps of the method, the privacy data processing method provided by the invention can overcome the problems that the prior privacy security aiming at the small program is easy to miss due to most of the prior artificial code auditing, and the prior automatic code auditing tool aiming at the privacy security cannot be used in the small program scene, and can directly work on the small program running frame to block the behaviors damaging the personal privacy in real time.
In another embodiment of the invention, a private data detection engine is provided for application to the communication layer of an applet framework. Fig. 4 exemplarily shows a flow of steps performed by the private data detection engine according to an embodiment of the present invention, and as shown in fig. 4, the detection engine is configured to perform the following steps:
400: the detection engine responds to a call request sent when the logic processing layer receives the data request, and calls the communication layer interface to acquire target data through the communication layer interface.
In some embodiments, when the logical processing layer receives the data request, it sends a data call request to the communication layer of the applet to read the target data. The target data may be data obtained from a mobile terminal where the applet host application is located through an existing interface in the applet framework, and the data is originally returned to the logic processing layer for further data processing. The host application is an APP where the applet is located, and the mobile terminal where the host application is located installs the mobile device where the APP is located, such as a mobile phone, a tablet, a personal computer, or even a device management apparatus. The manner in which the detection engine obtains the target data is not limited. In some embodiments, a detection engine may be added to all data streams of the communication framework, and is configured to acquire target data to be transferred to the logic processing layer or the page display layer, and perform privacy detection on the target data.
In some embodiments, the private data detection engine includes a first interface for requesting access to mobile-side data, and the detection engine is sent through the first interface in response to a call request sent when the logical processing layer receives the data request. In this embodiment, when the logical layer needs to request to access the mobile side data, the logical layer cannot be acquired through the original applet communication layer interface but through the interface provided by the detection engine. And after the detection engine acquires the request, acquiring target data from the original communication interface of the applet, performing privacy detection, and returning the target data to the logic processing layer through the interface. In this way, the detection engine can perform private data detection on data requested by all the logical processing layers to the mobile terminal, so as to implement data detection and processing.
410: and the detection engine carries out privacy detection on the obtained target data and processes the target data according to the detection result of the privacy data.
420: and the detection engine returns the processed target data to the logic processing layer.
In some embodiments, the privacy detection includes type detection, and the detection engine performs privacy detection on the acquired target data further includes: and detecting the type of the target data, and blocking the target data under the condition that the type of the target data is a preset privacy data type.
In this embodiment, whether the target data is private data is determined according to the data type of the target data. For example, the preset data types related to privacy include, but are not limited to, MAC address, device number, IP address, geographical location or address book information of the mobile terminal, and there may be a specific data type for these data, or a specific field is used to indicate a certain data type according to the standardized or structured definition of data. Illustratively, the type detection may be performed by the format or type of the data itself, e.g., the MAC address is fixed to 48 bits; the geographic location is made up of longitude and latitude; the IP address also has a standard data format, for example, the length of the ipv4 address is 32 bits, the range of each address number is 0-255, the address length of the ipv6 address is 128 bits, etc. And detecting target data according to the characteristics of the data, and judging that the target data comprises the private data under the condition that the composition characteristics of a certain section of data are detected to be in accordance with the type preset as the private data. Optionally, in other embodiments, according to the standard definition of data in the interface, the device number may use DeviceID as an indication, and in the type detection process, if the obtained target data includes data indicated by the field, it may be determined that the target data includes the device number, and if the device number is preset privacy data, the target data includes privacy data. On the other hand, when the target data includes private data, blocking is performed directly. The blocking may be performed for all data included in the call request, that is, empty data is returned to the logic processing layer; or filtering the data related to the call request, blocking all the private data, and returning only the readable data to the logic processing layer.
It should be noted that the above-mentioned type detection method is only an alternative embodiment of the type detection provided by the present invention, and during the application process, more other detection methods or a combination of multiple methods may be used to obtain higher detection accuracy.
In some embodiments, the privacy detection of the target data by the privacy data detection engine comprises:
and the detection engine detects the content of the target data, judges that the target data contains private data under the condition that the target data comprises sensitive information, and blocks the sensitive information. The sensitive information is data content meeting preset sensitive information judgment conditions.
In this embodiment, the main purpose of content detection is to determine whether the target data contains preset data content that should not be returned to the logical processing layer. For example, the user information of the user corresponding to the host application where the applet is located includes an identity card number, and according to the preset privacy setting, the mobile phone number of the user is only allowed to obtain the last 4 digits. In this embodiment, the numbers except the last four digits in the id number belong to sensitive information, and if the id number is to be acquired, desensitization of the sensitive information is required, for example, the sensitive information is hidden and replaced by an x number, or only the last four digits are read during reading. When content detection is performed, it is necessary to determine whether the target data meets the sensitive information determination condition, for example, if all data of the mobile phone number is read, the target data is considered to include private data. Optionally, in some more specific embodiments, the sensitive information determination condition may be preset by a designer of the applet, or may be manually set by a user from the host application or the mobile terminal.
Similarly, in the case where the target data contains private data, blocking is performed. The blocking may be performed for all data included in the call request, that is, empty data is returned to the logic processing layer; or filtering the data related to the call request, blocking all the private data, and returning only the readable data to the logic processing layer. Optionally, after blocking, desensitization processing may be performed on the target data through desensitization processing, and then the desensitized data is transmitted to the logic processing layer.
In yet another embodiment of the invention, another private data detection engine is provided for application to the communication layer of an applet architecture. Fig. 5 is a flowchart illustrating steps performed by the private data detection engine according to another embodiment of the present invention, and as shown in fig. 5, the detection engine is configured to perform the following steps:
500: the detection engine responds to a call request sent when the logic processing layer receives the sending request, and obtains data to be sent;
in some more specific embodiments, after the logic processing layer acquires and processes the data, the logic processing layer needs to return the data to the presentation layer and present the data to the user through the interactive interface. In this scenario, when the logic processing layer receives a data sending request, an interface call request is usually sent to the communication layer of the applet, so that the data to be displayed is transmitted to the display layer through the communication layer, and the communication layer obtains the data to be sent based on the call request. Different from the existing small program framework, the privacy processing method provided by the invention does not directly transmit the acquired data to be transmitted to the display layer, but transmits the data to be transmitted through the detection engine so as to perform privacy detection on the data to be transmitted.
In some embodiments, the private data detection engine comprises a second interface for requesting access to an internet open interface service, the detection engine being sent over the second interface in response to a call request issued in response to the logical processing layer receiving the send request.
510: the detection engine carries out privacy detection on the acquired data and processes the data to be transmitted according to the privacy detection result;
520: and the detection engine calls a communication layer interface to send the processed data to be sent through the communication layer interface.
In some embodiments, the privacy detection includes content detection, and the privacy data detection engine is configured to perform content detection on the target data, determine that the target data includes privacy data when the target data includes sensitive information, and perform privacy protection processing on the target data, where the sensitive information is data content meeting a preset sensitive information determination condition.
In this embodiment, the target data of the privacy detection is mainly data to be sent to the page presentation layer for presentation. In this case, the data type of the data acquired from the mobile terminal is generally allowed to be acquired, and the logic processing layer may further process the data according to a preset logic to finally obtain target data to be fed back to the page display layer, and when the target data flows through the applet communication framework, the detection engine will perform content detection on the target data. The main purpose of content detection is to determine whether the target data contains sensitive information that is not suitable for being displayed on the page display layer. For example, the user information of the user corresponding to the host application where the applet is located includes an identity card number, and according to a preset privacy setting, the identity card number of the user is 18 bits in total, and only a part of bits are allowed to be displayed when the mobile terminal interface is displayed. In this embodiment, the identity card number contains sensitive information except for the bits allowed to be displayed. If the information is to be displayed on the page display layer, the sensitive information may be further desensitized, for example, the sensitive information is hidden and replaced by an asterisk, or the information may be directly blocked from being output to the display layer. When content detection is performed, it is necessary to determine whether target data for display has met the display requirements, that is, a sensitive information determination condition.
Optionally, in some more specific embodiments, the sensitive information determination condition may be preset by a designer of the applet, or may be manually set by a user from the host application or the mobile terminal. The operation of desensitization is not limited to concealment or replacement of numbers or characters, but also includes various types such as erasing or mosaic processing of private information in a picture.
In some embodiments, the detection engine is further operable to perform a desensitization operation or a blocking operation on the private data. In some more specific embodiments, a desensitization operation is performed for when privacy data is contained and no desensitization or desensitization is not compliant. The desensitization operation corresponds to the type of sensitive information and the sensitive information judgment condition. For example, for numbers or characters, the numbers or characters on the corresponding number of bits may be obscured according to desensitization requirements; for pictures, a masking pattern may be added to the part of the picture that must not be shown for privacy protection or processed in a mosaic. In some more specific application scenarios, the privacy protection measures provided in the above embodiments may be performed simultaneously or sequentially.
It should be noted that, in some specific application scenarios, the detection engine may include both a first interface for accessing the mobile-end data and a second interface for accessing the internet open interface service, and the target data is transmitted through the first interface or the second interface. According to the private data processing detection engine provided by the invention, the detection engine of the private data is added in the existing applet communication framework, the detection engine can also be used for encapsulating the original interface between the applet communication framework and the logic processing layer, the logic processing layer can not directly call the original interface of the applet framework, and only can call the interface provided by the detection engine, and the detection engine comprises the following steps: the system comprises a set of APIs for providing the applet developers to access data of the mobile terminal and a set of APIs for accessing open API services on the Internet. The interface can detect data of the mobile terminal and data returned when the open openAPI service on the Internet is accessed, and privacy detection is executed.
The method steps show that the privacy data detection engine provided by the invention can overcome the problems that the existing privacy security aiming at the small program, most of the existing artificial code auditing is easy to miss, and the existing automatic code auditing tool aiming at the privacy security cannot be used in the small program scene, and can directly work on the small program operation frame to block the behavior of endangering the individual privacy in real time. Furthermore, the method can be directly embedded into an applet framework, the data reading behavior of a logic layer is detected, and the behavior endangering personal privacy can be blocked in real time; and the data returned to the page display layer is detected, so that the behavior of desensitization and irregularity of the private data can be blocked in real time.
The invention further provides a private data processing system. Fig. 6 exemplarily shows an architecture diagram of a private data processing system according to an embodiment of the present invention, as shown in fig. 6, the private data processing system includes a communication layer applied to an applet framework, and a logic processing layer in communication with data of the communication layer, the communication layer further includes a private data detection engine, the detection engine includes a first interface (not separately shown in the figure) for accessing data of a mobile terminal, the logic processing layer communicates with the detection engine through the first interface, and the detection engine communicates with other interfaces of the communication layer through interfaces of the communication layer. The private data processing system may perform the steps of:
firstly, when receiving a data request, the logic processing layer sends a call request to the detection engine through the first interface. Then, the detection engine calls the communication layer interface to acquire target data through the communication layer interface; then, the detection engine carries out privacy detection on the obtained target data and processes the target data according to the detection result of the privacy data; and finally, the detection engine returns the processed target data to the logic processing layer.
In some embodiments, when the logical processing layer receives the data request, it sends a data call request to the communication layer of the applet to read the target data. The target data may be data obtained from a mobile terminal where the applet host application is located through an existing interface in the applet framework, and the data is originally returned to the logic processing layer for further data processing. The host application is an APP where the applet is located, and the mobile terminal where the host application is located installs the mobile device where the APP is located, such as a mobile phone, a tablet, a personal computer, or even a device management apparatus. The manner in which the detection engine obtains the target data is not limited. In some embodiments, a detection engine may be added to all data streams of the communication framework, and is configured to acquire target data to be transferred to the logic processing layer or the page display layer, and perform privacy detection on the target data.
In some embodiments, the private data detection engine includes a first interface for requesting access to mobile-side data, and the detection engine is sent through the first interface in response to a call request sent when the logical processing layer receives the data request. In this embodiment, when the logical layer needs to request to access the mobile side data, the logical layer cannot be acquired through the original applet communication layer interface but through the interface provided by the detection engine. And after the detection engine acquires the request, acquiring target data from the original communication interface of the applet, performing privacy detection, and returning the target data to the logic processing layer through the interface. In this way, the detection engine can perform private data detection on data requested by all the logic processing layers to the mobile terminal, so as to perform data detection and processing.
In some embodiments, the privacy detection of the target data by the detection engine includes performing type detection on the target data, and performing blocking processing on the target data if the type of the target data is a preset privacy data type.
In this embodiment, whether the target data is private data is determined according to the data type of the target data. For example, the preset data types related to privacy include, but are not limited to, MAC address, device number, IP address, geographical location or address book information of the mobile terminal, and there may be a specific data type for these data, or a specific field is used to indicate a certain data type according to the standardized or structured definition of data. Illustratively, type detection may be performed by the format or type of the data itself, e.g., MAC address fixed to 48 bits; the geographic location is made up of longitude and latitude; the IP address also has a standard data format, for example, the length of the ipv4 address is 32 bits, the range of each address number is 0-255, the address length of the ipv6 is 128 bits, and the like. And detecting target data according to the characteristics of the data, and judging that the target data comprises the private data under the condition of detecting that the composition characteristics of a certain section of data accord with the type preset as the private data. Optionally, in other embodiments, according to the standard definition of data in the interface, the device number may use DeviceID as an indication, and in the type detection process, if the obtained target data includes the data indicated by the field, it may be determined that the target data includes the device number, and if the device number is preset privacy data, the target data includes the privacy data. On the other hand, when the target data includes private data, blocking is performed directly. The blocking may be performed for all data included in the call request, that is, empty data is returned to the logic processing layer; or filtering the data related to the call request, blocking all the private data, and returning only the readable data to the logic processing layer.
It should be noted that the above-mentioned type detection method is only an alternative embodiment of the type detection provided by the present invention, and during the application process, more other detection methods or a combination of multiple methods may be used to obtain higher detection accuracy.
In some implementations, the detection engine in the private data processing system is further configured to perform content detection on the target data, determine that the target data contains the private data when the target data includes sensitive information, and perform blocking processing on the sensitive information, where the sensitive information is data content meeting a preset sensitive information determination condition.
In this embodiment, the main purpose of content detection is to determine whether the target data contains preset data content that should not be returned to the logical processing layer. For example, the user information of the user corresponding to the host application where the applet is located includes an identity card number, and according to the preset privacy setting, the mobile phone number of the user is only allowed to obtain the last 4 digits. In this embodiment, the numbers except the last four digits in the id number belong to sensitive information, and if the id number is to be acquired, desensitization of the sensitive information is required, for example, the sensitive information is hidden and replaced by an x number, or only the last four digits are read during reading. When content detection is performed, it is necessary to determine whether the target data meets the sensitive information determination condition, for example, if all data of the mobile phone number is read, the target data is considered to include private data. Optionally, in some more specific embodiments, the sensitive information determination condition may be preset by a designer of the applet, or may be manually set by a user from the host application or the mobile terminal.
Similarly, in the case where the target data contains private data, blocking is performed. The blocking may be performed for all data included in the call request, that is, returning null data to the logic processing layer; or filtering the data related to the call request, blocking all the private data, and returning only the readable data to the logic processing layer. Optionally, after blocking, desensitization processing may be performed on the target data through desensitization processing, and then the desensitized data is transmitted to the logic processing layer.
In some embodiments, the system further comprises a presentation layer, the detection engine further comprises a second interface for accessing an internet open interface service, the logical processing layer communicates with the detection engine through the second interface, and the detection engine communicates with other interfaces of the communication layer through interfaces of the communication layer. The logic processing layer sends a calling request to the detection engine through the second interface when receiving the sending request; the detection engine carries out privacy detection on the acquired data and processes the data to be transmitted according to the privacy detection result; and the detection engine calls a communication layer interface so as to send the processed data to be sent to the display layer through the communication layer interface.
In this embodiment, the communication framework in the private data processing system further includes a first interface for accessing the mobile-end data and a second interface for accessing the internet open interface service, and the target data is obtained through the first interface or the second interface. In this embodiment, according to the private data processing communication framework provided by the present invention, a detection engine for private data is added in an existing applet communication framework, the detection engine is further configured to encapsulate an original interface between the applet communication framework and a logic processing layer, the logic processing layer cannot directly call the original interface of the applet communication framework, and can only call an interface provided by the detection engine, where the detection engine includes: the system comprises a set of API for providing the applet developers to access the data of the mobile terminal and a set of API for accessing open API services on the Internet. The interface can detect data of the mobile terminal and data returned when the open openAPI service on the Internet is accessed, and privacy detection is executed.
In some more specific embodiments, the privacy data processing system is further configured to perform content detection on the target data, determine that the target data contains the privacy data if the target data includes sensitive information, and perform privacy protection processing on the target data. The sensitive information is data content meeting preset sensitive information judgment conditions.
For an interface of an internet open service, target data of privacy detection is mainly data to be sent to a page display layer for display. In this case, the data type of the data acquired from the mobile terminal is generally allowed to be acquired, and the logic processing layer may further process the data according to a preset logic to finally obtain target data to be fed back to the page display layer, and when the target data flows through the applet communication framework, the detection engine will perform content detection on the target data. The main purpose of content detection is to determine whether the target data contains sensitive information that is not suitable for being displayed on the page display layer. For example, the user information of the user corresponding to the host application where the applet is located includes an identity card number, and according to a preset privacy setting, the identity card number of the user is 18 bits in total, and only a part of bits are allowed to be displayed when the mobile terminal interface is displayed. In this embodiment, the identity card number contains sensitive information except the bits that are allowed to be displayed. If the information is to be displayed on the page display layer, the sensitive information may be further desensitized, for example, the sensitive information is hidden and replaced by an asterisk, or the information may be directly blocked from being output to the display layer. When content detection is performed, it is necessary to determine whether target data for display has met the display requirements, that is, a sensitive information determination condition.
Optionally, in some more specific embodiments, the sensitive information determination condition may be preset by a designer of the applet, or may be manually set by a user from the host application or the mobile terminal. The operation of desensitization is not limited to concealment or replacement of numbers or characters, but also includes various types such as erasing or mosaic processing of private information in a picture.
In some embodiments, the detection engine is further operable to perform a desensitization operation or a blocking operation on the private data. In some more specific embodiments, a desensitization operation is performed for when privacy data is contained and no desensitization or desensitization is not compliant. The desensitization operation corresponds to the type of sensitive information and the sensitive information judgment condition. For example, for numbers or characters, the numbers or characters on the corresponding number of bits may be obscured according to desensitization requirements; for the picture, a shading pattern may be added to the part of the picture that cannot be shown for privacy protection or processed in a mosaic. In some more specific application scenarios, the privacy protection measures provided in the above embodiments may be performed simultaneously or sequentially.
The steps of the method can be seen that the privacy data processing system provided by the invention can overcome the problems that the existing privacy security aiming at the small program, most of the existing manual code auditing is easy to miss, and the existing automatic code auditing tool aiming at the privacy security cannot be used in the small program scene, and can directly work on the small program operation frame to block the behavior endangering the individual privacy in real time. Furthermore, the method can be directly embedded into an applet framework, detect the data reading behavior of a logic layer, and block the behavior which endangers personal privacy in real time; and the data returned to the page display layer is detected, so that the behavior of desensitization and irregularity of the private data can be blocked in real time.
It should be noted that the above list is only specific examples of the present invention, and it is obvious that the present invention is not limited to the above examples, and many similar variations are possible. All modifications which would occur to one skilled in the art and which are, therefore, directly derived or suggested from the disclosure herein are deemed to be within the scope of the present invention.
Claims (20)
1. A private data processing method applied to a communication layer of an applet, the method comprising:
responding to a calling request sent when a logic processing layer receives a data request, and calling a communication layer interface to acquire target data through the communication layer interface;
carrying out privacy detection on the obtained target data;
and processing the target data according to a private data detection result, and returning the processed target data to the logic processing layer.
2. The private data processing method of claim 1, the privacy detection comprising type detection, the method comprising:
and performing type detection on the target data, and performing blocking processing on the target data under the condition that the type of the target data is a preset privacy data type.
3. The private data processing method of claim 1, the privacy detection comprising content detection, the method comprising:
and detecting the content of the target data, judging that the target data contains private data under the condition that the target data comprises sensitive information, and blocking the sensitive information, wherein the sensitive information is the data content meeting the preset sensitive information judgment condition.
4. A private data processing method applied to a communication layer of an applet, the method comprising:
responding to a calling request sent when the logic processing layer receives the sending request, and acquiring data to be sent;
carrying out privacy detection on the acquired data;
processing the data to be sent according to a privacy detection result; and calling a communication layer interface to send the processed data to be sent through the communication layer interface.
5. The private data processing method of claim 4, the privacy detection comprising content detection, the method comprising:
and detecting the content of the target data, judging that the target data contains privacy data under the condition that the target data comprises sensitive information, and carrying out privacy protection processing on the target data, wherein the sensitive information is data content meeting preset sensitive information judgment conditions.
6. The private data processing method of claim 5, the privacy preserving measures comprising performing a desensitization operation or a blocking operation on the private data.
7. A private data detection engine is applied to a communication layer of an applet framework:
the detection engine responds to a calling request sent when the logic processing layer receives the data request, and calls a communication layer interface to acquire target data through the communication layer interface;
the detection engine carries out privacy detection on the obtained target data and processes the target data according to the detection result of the privacy data;
and the detection engine returns the processed target data to the logic processing layer.
8. The private data detection engine of claim 7, comprising a first interface for requesting access to the mobile-side data, wherein the detection engine is sent via the first interface in response to a call request sent when the logical processing layer receives the data request.
9. The private data detection engine of claim 7, the detection engine to privacy detect the target data comprising:
the detection engine carries out type detection on the target data, and carries out blocking processing on the target data under the condition that the type of the target data is a preset privacy data type.
10. The private data detection engine of claim 7, the detection engine to privacy detect the target data comprising:
the detection engine detects the content of the target data, judges that the target data contains private data under the condition that the target data comprises sensitive information, and blocks the sensitive information, wherein the sensitive information is data content meeting preset sensitive information judgment conditions.
11. A private data detection engine is applied to a communication layer of an applet framework:
the detection engine responds to a calling request sent when the logic processing layer receives the sending request, and obtains data to be sent;
the detection engine carries out privacy detection on the acquired data and processes the data to be sent according to a privacy detection result;
and the detection engine calls a communication layer interface to send the processed data to be sent through the communication layer interface.
12. The private data detection engine of claim 11 comprising a second interface for requesting access to an internet open interface service, the detection engine being sent over the second interface in response to a call request issued by the logical processing layer upon receipt of the send request.
13. The private data detection engine according to claim 11, wherein the detection engine is further configured to perform content detection on the target data, determine that the target data contains the private data if the target data includes sensitive information, and perform privacy protection processing on the target data, where the sensitive information is data content meeting a preset sensitive information determination condition.
14. The private data detection engine of claim 13, the detection engine further to perform a desensitization operation or a blocking operation on the private data.
15. A private data processing system comprising a communication layer applied to an applet framework, and a logical processing layer in communication with the communication layer data, the communication layer further comprising a detection engine comprising a first interface for accessing mobile-side data, the logical processing layer in communication with the detection engine through the first interface, the detection engine in communication with other interfaces of the communication layer through a communication layer interface:
the logic processing layer sends a calling request to the detection engine through the first interface when receiving a data request;
the detection engine calls the communication layer interface to acquire target data through the communication layer interface;
the detection engine carries out privacy detection on the obtained target data and processes the target data according to the detection result of the privacy data;
and the detection engine returns the processed target data to the logic processing layer.
16. The private data processing system of claim 15, the detection engine to privacy detect the target data comprising:
the detection engine carries out type detection on the target data, and carries out blocking processing on the target data under the condition that the type of the target data is a preset privacy data type.
17. The private data processing system of claim 15, the detection engine to privacy detect the target data comprising:
the detection engine detects the content of the target data, judges that the target data contains private data under the condition that the target data comprises sensitive information, and blocks the sensitive information, wherein the sensitive information is data content meeting preset sensitive information judgment conditions.
18. The private data processing system of claim 15, the system further comprising a presentation layer, the detection engine further comprising a second interface to access an internet open interface service, the logical processing layer in communication with the detection engine through the second interface, the detection engine in communication with other interfaces of the communication layer through communication layer interfaces:
the logic processing layer sends a calling request to the detection engine through the second interface when receiving the sending request;
the detection engine carries out privacy detection on the acquired data and processes the data to be sent according to a privacy detection result;
and the detection engine calls a communication layer interface so as to send the processed data to be sent to the display layer through the communication layer interface.
19. The private data processing system according to claim 18, further configured to perform content detection on the target data, determine that the target data contains private data if the target data includes sensitive information, and perform privacy protection processing on the target data, where the sensitive information is data content meeting a preset sensitive information determination condition.
20. The private data processing system of claim 19, the detection engine to further perform a desensitization operation or a blocking operation on the private data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211370613.5A CN115730345B (en) | 2022-11-03 | 2022-11-03 | Privacy data processing method, detection engine and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211370613.5A CN115730345B (en) | 2022-11-03 | 2022-11-03 | Privacy data processing method, detection engine and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115730345A true CN115730345A (en) | 2023-03-03 |
| CN115730345B CN115730345B (en) | 2023-10-20 |
Family
ID=85294474
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211370613.5A Active CN115730345B (en) | 2022-11-03 | 2022-11-03 | Privacy data processing method, detection engine and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115730345B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108768964A (en) * | 2018-05-14 | 2018-11-06 | 无锡知更鸟网络科技有限公司 | One kind being based on SaaS data management systems |
| CN109492423A (en) * | 2018-09-26 | 2019-03-19 | 中国平安人寿保险股份有限公司 | Method, apparatus, computer equipment and the storage medium of sensitive information filtering |
| CN111291374A (en) * | 2020-02-20 | 2020-06-16 | 支付宝(杭州)信息技术有限公司 | Application program detection method, device and equipment |
| CN112434095A (en) * | 2020-11-24 | 2021-03-02 | 医渡云(北京)技术有限公司 | Data acquisition system, method, electronic device and computer readable medium |
| CN112714128A (en) * | 2020-12-29 | 2021-04-27 | 北京安华金和科技有限公司 | Data desensitization processing method and device |
| CN112765655A (en) * | 2021-01-07 | 2021-05-07 | 支付宝(杭州)信息技术有限公司 | Control method and device based on private data outgoing |
| CN112948824A (en) * | 2021-03-31 | 2021-06-11 | 支付宝(杭州)信息技术有限公司 | Program communication method, device and equipment based on privacy protection |
| CN114764508A (en) * | 2022-04-18 | 2022-07-19 | 张煜琦 | Enterprise data security management system based on artificial intelligence |
| US20220245283A1 (en) * | 2021-01-30 | 2022-08-04 | Zoom Video Communications, Inc. | Intelligent detection of sensitive data within a communication platform |
-
2022
- 2022-11-03 CN CN202211370613.5A patent/CN115730345B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108768964A (en) * | 2018-05-14 | 2018-11-06 | 无锡知更鸟网络科技有限公司 | One kind being based on SaaS data management systems |
| CN109492423A (en) * | 2018-09-26 | 2019-03-19 | 中国平安人寿保险股份有限公司 | Method, apparatus, computer equipment and the storage medium of sensitive information filtering |
| CN111291374A (en) * | 2020-02-20 | 2020-06-16 | 支付宝(杭州)信息技术有限公司 | Application program detection method, device and equipment |
| CN112434095A (en) * | 2020-11-24 | 2021-03-02 | 医渡云(北京)技术有限公司 | Data acquisition system, method, electronic device and computer readable medium |
| CN112714128A (en) * | 2020-12-29 | 2021-04-27 | 北京安华金和科技有限公司 | Data desensitization processing method and device |
| CN112765655A (en) * | 2021-01-07 | 2021-05-07 | 支付宝(杭州)信息技术有限公司 | Control method and device based on private data outgoing |
| US20220245283A1 (en) * | 2021-01-30 | 2022-08-04 | Zoom Video Communications, Inc. | Intelligent detection of sensitive data within a communication platform |
| CN112948824A (en) * | 2021-03-31 | 2021-06-11 | 支付宝(杭州)信息技术有限公司 | Program communication method, device and equipment based on privacy protection |
| CN114764508A (en) * | 2022-04-18 | 2022-07-19 | 张煜琦 | Enterprise data security management system based on artificial intelligence |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115730345B (en) | 2023-10-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20120084864A1 (en) | System and method for a mobile cross-platform software system | |
| EP3089068A1 (en) | Application program management method, device, terminal, and computer storage medium | |
| CN106446672B (en) | Android third-party class library permission isolation method and device | |
| CN103198255A (en) | Method and system for monitoring and intercepting sensitive behaviour of Android software | |
| CN109145590B (en) | Function hook detection method, detection equipment and computer readable medium | |
| US20150150119A1 (en) | Framework for fine-grain access control from high-level application permissions | |
| CN110442502B (en) | Point burying method, device, equipment and storage medium | |
| WO2016118621A1 (en) | Methods, apparatus, and systems for resource access permission management | |
| CN112711770A (en) | Sensitive behavior blocking method, device, terminal and storage medium | |
| EP3828696A1 (en) | Method invoke chain tracing method, electronic apparatus, and computer-readable storage medium | |
| CN103888619A (en) | Message processing method and system thereof | |
| CN110968872A (en) | File vulnerability detection processing method and device, electronic equipment and storage medium | |
| CN110110544A (en) | Android intelligent terminal method for secret protection and device | |
| Bu-Pasha et al. | EU law perspectives on location data privacy in smartphones and informed consent for transparency | |
| CN108875393B (en) | Security realization method, device and medium for client data screen capturing | |
| CN111698237A (en) | Method and system for adding watermark to WEB page | |
| CN106327156A (en) | Car damage assessment method, client and system | |
| CN114115664A (en) | Screenshot processing method, device, equipment and medium | |
| CN110851208A (en) | Interface parameter and response data modification method and device | |
| CN115730345A (en) | Private data processing method, detection engine and system | |
| KR20150059882A (en) | System and method for analyzing malicious application of smart-phone and service system and service method for blocking malicious application of smart-phone | |
| CN112532790B (en) | Short message processing method, system, terminal device and storage medium | |
| US11222135B2 (en) | User device privacy protection | |
| CN112417533A (en) | Anti-screenshot method and device, computer equipment and storage medium | |
| CN110765426A (en) | Equipment permission setting method, device, equipment and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |