CN117492596A - Document content operation control method and device, electronic equipment and medium - Google Patents

Document content operation control method and device, electronic equipment and medium Download PDF

Info

Publication number
CN117492596A
CN117492596A CN202311360318.6A CN202311360318A CN117492596A CN 117492596 A CN117492596 A CN 117492596A CN 202311360318 A CN202311360318 A CN 202311360318A CN 117492596 A CN117492596 A CN 117492596A
Authority
CN
China
Prior art keywords
window
document
content
document content
management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311360318.6A
Other languages
Chinese (zh)
Inventor
余经猷
谢少飞
王志海
喻波
汪洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Wondersoft Technology Co Ltd
Original Assignee
Beijing Wondersoft Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Wondersoft Technology Co Ltd filed Critical Beijing Wondersoft Technology Co Ltd
Priority to CN202311360318.6A priority Critical patent/CN117492596A/en
Publication of CN117492596A publication Critical patent/CN117492596A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0481Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0484Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range
    • G06F3/0486Drag-and-drop
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/543User-generated data transfer, e.g. clipboards, dynamic data exchange [DDE], object linking and embedding [OLE]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/544Buffers; Shared memory; Pipes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Human Computer Interaction (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

The application discloses a document content operation control method, a device, electronic equipment and a medium, wherein the document content operation control method comprises the following steps: in the event that a first operation is monitored for document content within the first window, determining whether the document content within the first window is a regulatory content; if the document content in the first window is the management content and the first operation is the copy operation, executing a first management and control action, wherein the first management and control action is used for limiting the document content in the first window to be copied to other documents; and if the document content in the first window is the control content and the first operation is the dragging operation, executing a second control action, wherein the second control action is used for limiting the document content in the first window to be dragged to other documents. By applying the technical scheme provided by the application, the document content operation is effectively controlled, the document content can be effectively prevented from being leaked, and the security of the document content is ensured.

Description

Document content operation control method and device, electronic equipment and medium
Technical Field
The present disclosure relates to the field of computer applications, and in particular, to a method, an apparatus, an electronic device, and a medium for controlling document content.
Background
In the information age, security of document contents, particularly those related to sensitive information, has been receiving increasing attention, and the purpose of protecting document contents can be achieved by file encryption. When a user needs to check the document content after the file encryption, the document content can be displayed to the user after the encrypted file is decrypted. The user can further operate on the displayed document content. However, further operations easily cause the document content to be leaked, and the security of the document content cannot be ensured.
Disclosure of Invention
The purpose of the application is to provide a method, a device, electronic equipment and a medium for controlling document content operation, so that the document content is effectively prevented from being leaked, and the security of the document content is ensured.
In order to solve the technical problems, the application provides the following technical scheme:
in a first aspect, a document content operation control method is provided, including:
determining whether the document content in a first window is a management content under the condition that a first operation for the document content in the first window is monitored;
if the document content in the first window is the management content and the first operation is the copy operation, executing a first management and control action, wherein the first management and control action is used for limiting the document content in the first window to be copied to other documents;
And if the document content in the first window is the control content and the first operation is the dragging operation, executing a second control action, wherein the second control action is used for limiting the document content in the first window to be dragged to other documents.
Optionally, the determining whether the document content in the first window is the management content includes:
and determining whether the document content in the first window is the management content or not according to the process identification of the first window and/or the current title of the first window.
Optionally, determining whether the document content in the first window is the management content according to the process identifier of the first window and/or the current title of the first window includes:
determining a first application program corresponding to the first window according to the process identification of the first window;
if the first application program supports window title management and control, determining whether the document content in the first window is management and control content according to a comparison result of the current title of the first window and the encrypted document name in the shared memory;
and if the first application program does not support window title management and control, determining whether the document content in the first window is management and control content according to whether the process identifier of the first window is stored in the shared memory.
Optionally, in the case that the first operation for the document content in the first window is monitored, before determining whether the document content in the first window is the management content, the method further includes:
receiving an open request for a first document;
if the first document is an encrypted document, transparently decrypting the first document and displaying the document content of the first document in a second window;
and caching the process identification of the second window and the file information of the first document into the shared memory, wherein the file information of the first document at least comprises the file name of the first document.
Optionally, the performing the first controlling action includes:
acquiring ownership of the shear plate;
and returning null data or messy code data when the paste request is received.
Optionally, the performing the second controlling action includes:
and deleting the drag attribute of each current window.
Optionally, after deleting the drag attribute of all the windows currently, the method further includes:
and if the second operation on the document content in the third window is monitored, restoring the deleted drag attribute of the current windows if the document content in the third window is not the management content.
In a second aspect, there is provided a document content operation control apparatus, including:
the first determining module is used for determining whether the document content in the first window is the management content or not under the condition that the first operation on the document content in the first window is monitored;
the first execution module is used for executing a first management and control action when the document content in the first window is the management and control content and the first operation is the copy operation, wherein the first management and control action is used for limiting the document content in the first window to be copied to other documents;
and the second execution module is used for executing a second control action when the document content in the first window is the control content and the first operation is the dragging operation, wherein the second control action is used for limiting the document content in the first window to be dragged to other documents.
In a third aspect, an electronic device is provided, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the document content operation management method according to the first aspect when executing the computer program.
In a fourth aspect, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the document content operation management method according to the first aspect.
In a fifth aspect, there is provided a computer program product comprising computer instructions stored in a computer readable storage medium and adapted to be read and executed by a processor to cause a computer device having the processor to perform the steps of the document content operation management method according to the first aspect.
By applying the technical scheme provided by the embodiment of the application, under the condition that the first operation aiming at the document content in the first window is monitored, whether the document content in the first window is the management content or not is determined, if the first operation is the management content and the first operation is the copying operation, the first management and control action is executed so as to limit the document content in the first window to be copied to other documents, if the first operation is the dragging operation, the second management and control action is executed so as to limit the document content in the first window to be dragged to other documents, the document content operation is effectively managed, the document content can be effectively prevented from being leaked, and the safety of the document content is ensured.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a method for controlling document content operations according to an embodiment of the present application;
FIG. 2 is a schematic diagram of the overall architecture of a leak protection system according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a clipboard control of document content in an embodiment of the present application;
FIG. 4 is a schematic diagram of text drag control of document content in an embodiment of the present application;
FIG. 5 is a schematic diagram of an example of clipboard management of document content in an embodiment of the present application;
FIG. 6 is a schematic diagram of an example of text drag management of document content in an embodiment of the present application;
FIG. 7 is a schematic diagram of a document content operation control device according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of an electronic device in an embodiment of the present application.
Detailed Description
In order to provide a better understanding of the present application, those skilled in the art will now make further details of the present application with reference to the drawings and detailed description. It will be apparent that the described embodiments are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
The core of the application is to provide a document content operation management and control method which can be applied to a terminal configured with an X11 desktop environment of a Linux system. The terminal can monitor the currently opened window, and under the condition that the first operation aiming at the document content in the first window is monitored, determine whether the document content in the first window is the management content, if the first operation is the management content and the first operation is the copying operation, execute the first management and control action to limit the document content in the first window to be copied to other documents, if the first operation is the dragging operation, execute the second management and control action to limit the document content in the first window to be dragged to other documents, effectively manage the document content operation, effectively prevent the document content from being leaked, and ensure the security of the document content.
Referring to fig. 1, a flowchart of an implementation of a document content operation control method according to an embodiment of the present application may include the following steps:
s110: in the event that a first operation is monitored for document content within the first window, it is determined whether the document content within the first window is a regulated content.
In this embodiment of the present application, the first window may be any currently opened window, and the user may perform operations on each opened window, for example, may perform a copy operation, a drag operation, a delete operation, a labeling operation, and so on document content displayed by the currently opened window. The window targeted by the current operation of the user is the focus window.
Each window is monitored, and when a first operation for the document content in the first window is monitored, whether the document content in the first window is the management content can be determined. The current first window is the focus window.
For any document, if the document is an encrypted document, when receiving a viewing request or an opening request of a user, the document content can be displayed to the user after being decrypted, and the document content can be regarded as management content. Or the document content with the setting information may be regarded as the management content.
The document content for which the first operation is directed may be part or all of the document content presented by the first window.
S120: if the document content in the first window is the management content and the first operation is the copy operation, performing a first management action, wherein the first management action is used for limiting the document content in the first window to be copied to other documents.
In the embodiment of the application, in the case that the first operation on the document content in the first window is monitored, whether the document content in the first window is the management content is determined.
If the document content within the first window is not the administrative content, indicating that the document content within the first window is not related to a leakage problem, the first operation may be responded to.
If the document content within the first window is the management content, it indicates that the document content within the first window needs to be protected from leakage. In this case, if the first operation is a copy operation, i.e., there is a copy operation for the document content within the first window, a first governance action may be performed to limit the document content within the first window from being copied to other documents, such as other plain text documents. This is because if the document content within the first window is copied to another document, the propagation of the document content will not be controlled, and security cannot be ensured. And the document content in the first window is limited to be copied to other documents, so that the security of the document content can be ensured.
It may be determined whether the first operation is a copy operation by listening for a clipboard change.
S130: and if the document content in the first window is the control content and the first operation is the dragging operation, executing a second control action, wherein the second control action is used for limiting the document content in the first window to be dragged to other documents.
In the embodiment of the application, in the case that the first operation on the document content in the first window is monitored, whether the document content in the first window is the management content is determined.
If the document content within the first window is the management content, it indicates that the document content within the first window needs to be protected from leakage. In this case, if the first operation is a drag operation, i.e., there is a drag operation for the document content within the first window, a second governance action may be performed to limit the document content within the first window from being dragged to other documents, such as other plain text documents. This is because if the document content within the first window is dragged to other documents, the propagation of the document content will not be controlled, and security cannot be ensured. And the document content in the first window is limited to be dragged to other documents, so that the security of the document content can be ensured.
It should be noted that, the execution sequence of step S120 and step S130 is not limited in the embodiment of the present application.
By applying the method provided by the embodiment of the application, under the condition that the first operation aiming at the document content in the first window is monitored, whether the document content in the first window is the management content or not is determined, if the first operation is the management content and the first operation is the copying operation, the first management and control action is executed so as to limit the document content in the first window to be copied to other documents, and if the first operation is the dragging operation, the second management and control action is executed so as to limit the document content in the first window to be dragged to other documents, the document content operation is effectively managed, the document content can be effectively prevented from being leaked, and the safety of the document content is ensured.
In some embodiments of the present application, step S110 of determining whether the document content within the first window is the regulated content may include the steps of:
and determining whether the document content in the first window is the management content according to the process identification of the first window and/or the current title of the first window.
In the embodiment of the application, when the first operation on the document content in the first window is monitored, a process identifier of the first window, such as a process controller (Process Identifier, PID), may be acquired, and/or a current title of the first window may be acquired.
Based on the process identification of the first window and/or the current title of the first window, it may be determined whether the document content within the first window is the managed content.
Alternatively, it may be determined whether the document content within the first window is the management content according to whether the process identifier of the first window is stored in the shared memory. If the process identification of the first window is stored in the shared memory, determining that the document content in the first window is the management and control content; if the process identification of the first window is not stored in the shared memory, it is determined that the document content within the first window is not the managed content.
Optionally, it may be determined whether the document content in the first window is the management content according to a comparison result of the current title of the first window and the encrypted document name in the shared memory. If the current title of the first window contains the encrypted document name cached in the shared memory, determining the document content in the first window as the management content; if the current header of the first window does not contain the encrypted document name cached in the shared memory, it is determined that the document content within the first window is not the management content.
Optionally, it may be determined whether the process identifier of the first window is stored in the shared memory, and if not, it is determined whether the document content in the first window is the management content according to a comparison result of the current title of the first window and the encrypted document name in the shared memory.
Optionally, the current title of the first window may be compared with the encrypted file name in the shared memory, and if the current title of the first window includes the encrypted file name cached in the shared memory, whether the file content in the first window is the management content is determined according to whether the process identifier of the first window is stored in the shared memory.
In some embodiments of the present application, determining whether the document content in the first window is the management content according to the process identifier of the first window and/or the current title of the first window may include the following steps:
step one: determining a first application program corresponding to the first window according to the process identification of the first window;
step two: if the first application program supports window title management and control, determining whether the document content in the first window is management and control content according to a comparison result of the current title of the first window and the encrypted document name in the shared memory;
step three: if the first application program does not support window title management and control, determining whether document content in the first window is management and control content according to whether process identification of the first window is stored in a shared memory.
For convenience of description, the above three steps are described in combination.
In the embodiment of the application, the encrypted document name and/or the process identifier generated when the encrypted document is opened can be cached in the shared memory.
Under the condition that the first operation for the document content in the first window is monitored, the process identification of the first window can be determined first, and the first application program corresponding to the first window is determined according to the process identification of the first window. It may further be determined whether the first application supports window title management. For example, whether the first application program supports window title management may be determined according to the support information of each application program acquired in advance.
If the first application program supports window title management and control, comparing the current title of the first window with the encrypted document names in the shared memory, and determining whether the current title of the first window contains the encrypted document names cached in the shared memory according to a comparison result. If so, the document content within the first window may be determined to be the administrative content, otherwise, it may be determined that the document content within the first window is not the administrative content.
If the first application program does not support window header management and control, the process identification of the first window can be compared with the process identification in the shared memory, and whether the process identification of the first window is stored in the shared memory is determined according to the comparison result. If so, the document content within the first window may be determined to be the administrative content, otherwise, it may be determined that the document content within the first window is not the administrative content.
According to the process identification of the first window and/or the current title of the first window, whether the document content in the first window is the management and control content is judged, so that the judgment accuracy can be improved.
In some embodiments of the present application, in the case where the first operation for the document content in the first window is monitored in step S110, before determining whether the document content in the first window is the management content, the method may further include the steps of:
the first step: receiving an open request for a first document;
and a second step of: if the first document is an encrypted document, transparently decrypting the first document and displaying the document content of the first document in a second window;
and a third step of: and caching the process identification of the second window and the file information of the first document into a shared memory, wherein the file information of the first document at least comprises the file name of the first document.
For convenience of description, the above three steps are described in combination.
In the embodiment of the application, the user can open the first document according to the requirement, and the first document can be any document in the terminal.
Upon receiving an open request for a first document, it may be determined whether the first document is an encrypted document.
If the first document is an encrypted document, the first document may be transparently decrypted and document content of the first document may be presented within the second window. And decrypting the first document transparently and displaying the document content of the first document without manually inputting decryption information by a user, thereby facilitating the access of the user to the document content of the first document. Alternatively, in the case where the first document is an encrypted document, the first document may be decrypted according to the decryption information input by the user, and the document content of the first document may be displayed in the second window.
After the document content of the first document is displayed in the second window, the process identifier of the second window and the file information of the first document can be cached in the shared memory. The document information of the first document includes at least a file name of the first document, and may further include information related to a storage path of the first document.
As long as the window displays the document content of the encrypted document, namely, the process identification of the window and the file information of the encrypted document are cached in the shared memory, when the first operation aiming at the document content in the first window is monitored, the process identification of the first window and/or the current title of the first window can be compared with the process identification and/or the encrypted document name cached in the shared memory, and whether the document content in the first window operated by the current user is the management content or not can be accurately determined.
In some embodiments of the present application, step S120 performs a first controlling action, which may include the following steps:
step one: acquiring ownership of the shear plate;
step two: and returning null data or messy code data when the paste request is received.
For convenience of description, the above two steps are described in combination.
In the embodiment of the application, when the first operation on the document content in the first window is monitored, if the document content in the first window is the control content and the first operation is the copy operation, the clipboard ownership can be obtained. For example, the application program code interface (Application Programming Interface, API) related to the Linux system X11 can occupy the ownership of the clipboard and take over the clipboard.
After the ownership of the cut-off board is obtained, null data or messy code data can be returned under the condition that a paste request is received. That is, after the user performs the copy operation on the document content in the first window, if the paste operation is performed in the first window or other windows, there will be no paste content or paste messy code data. Therefore, the document content in the first window can be effectively limited to be copied to other documents, and the security of the management and control content is improved.
Optionally, if the copy operation for the document content in the first window or other windows is monitored again, and the document content for which the copy operation is for is the management content, the step of acquiring the ownership of the clipboard, and returning the null data or the scrambled data if the paste request is received, may be repeatedly performed.
In some embodiments of the present application, step S130 performs a second controlling action, which may include the following steps:
and deleting the drag attribute of each current window.
In the embodiment of the application, when the first operation on the document content in the first window is monitored, if the document content in the first window is the control content and the first operation is the drag operation, the drag attribute of each current window may be deleted. Such as deleting the XdndAware attribute of the current windows.
The second control can be understood as drag control, which is implemented according to the XDND protocol principle. The XDND protocol implements a drag function agreement, if the target window contains an XdndAwar attribute, it indicates that it supports XDND protocol, and can receive drag data, and if its XdndAwar attribute is deleted, it will make the document content in the first window unable to be dragged to the target window.
Therefore, the document content in the first window can be effectively limited to be dragged to other documents, and the security of the document content of the encrypted document is improved.
In some embodiments of the present application, after deleting the drag attribute of all the windows currently, the method may further include the steps of:
in the case that the second operation is monitored for the document content in the third window, if the document content in the third window is not the management content, restoring the drag attribute of which the current windows are deleted.
In the embodiment of the application, when the first operation on the document content in the first window is monitored, if the document content in the first window is the control content and the first operation is the drag operation, the drag attribute of each current window can be deleted, so that the document content in the first window cannot be dragged to other windows.
After that, if the second operation for the document content in the third window is monitored, it may be determined whether the document content in the third window is the control content, and if so, the document content in the third window cannot be dragged to other windows because the dragging attribute of all the current windows is deleted, so that the security of the document content in the third window may be ensured. If the document content in the third window is not the control content, the deleted drag attribute of each window needs to be restored, so that the user can perform normal drag operation on the document content in the third window.
The second operation may be any operation for document content within the third window.
Fig. 2 is a schematic diagram of an overall architecture of a leak-proof system corresponding to a document content operation control method according to an embodiment of the present application, where the leak-proof system includes a transparent decryption driving module, a clipboard control module, and a text dragging control module.
When the system receives an opening request for a first document, if the first document is an encrypted document, the transparent decryption driving module can be used for transparent decryption of the first document and displaying the document content of the first document in a second window, and meanwhile, the transparent decryption driving module can be used for caching the process identification of the second window and the file information of the first document into a shared memory;
the system, upon monitoring a first operation on document content within the first window, may determine whether the document content within the first window is a regulatory content. If the document content in the first window is the control content and the first operation is the copy operation, the ownership of the clipboard can be obtained through the clipboard control module, and under the condition that a paste request is received, null data or messy code data is returned. If the document content in the first window is the control content and the first operation is the drag operation, the drag attribute of each current window can be deleted through the text drag control module.
Operations other than those performed by the transparent decryption drive module, the clipboard management module, and the text drag management module may be considered as being performed by a processing module of the system.
The transparent decryption driving module can realize transparent decryption of the encrypted document, and access to document contents can be performed without inputting decryption information by a user, so that the user can use the encrypted document conveniently. The safety of the control content can be improved through the shear plate control module and the text dragging control module.
In one possible implementation, the document content operation management process is as shown in fig. 3:
1) The user opens the encrypted document through the application program, the transparent decryption driving module is responsible for transparent decryption of the encrypted document, and synchronously informs the application layer of the process PID for opening the encrypted document and the encrypted document path;
2) The anti-leakage system monitors the driving information, receives the process PID and the encrypted document path of the driving synchronization, caches the process PID and the encrypted document path in the shared memory, and provides the process PID and the encrypted document path for the clipboard management and control module and the text dragging management and control module to access;
3) When a user copies the document content from the opened document, the clipboard changes;
4) The shear plate control module monitors the change of the shear plate of the operating system, and acquires the process PID and the current title of the focus window;
Inquiring an application program corresponding to the process PID, and determining whether the application program supports window title management and control;
comparing the current title of the focus window with the encrypted document names in the shared memory if the application program supports window title management and control, and determining that the focus window is open to the encrypted document if the current title of the focus window contains the encrypted document names cached in the shared memory;
if the application program does not support window title management and control, searching the process PID in the shared memory, and if the process PID is found, determining that the process is opened to be an encrypted document;
if the process or focus window is open to an encrypted document, then take over the clipboard ownership via the X11-dependent API;
after taking over the ownership of the cutting board, if the sticking request is monitored, the user is indicated to be carrying out the sticking operation, and then the blank data or the messy code data are directly returned;
after taking over the clipboard ownership, if a clear clipboard request is monitored, indicating that the user is re-copying the document content to the clipboard, then it is restarted from step 4).
In one possible implementation, the document content operation management process is as shown in fig. 4:
1) The user opens the encrypted document through the application program, the transparent decryption driving module is responsible for transparent decryption of the encrypted document, and synchronously informs the application layer of the process PID for opening the encrypted document and the encrypted document path;
2) The anti-leakage system monitors the driving information, receives the process PID and the encrypted document path of the driving synchronization, caches the process PID and the encrypted document path in the shared memory, and provides the process PID and the encrypted document path for the clipboard management and control module and the text dragging management and control module to access;
3) When a user uses a window for opening a document, the focus window changes;
4) The text dragging control module monitors the change of the focus window and acquires the process PID and the current title of the focus window;
inquiring an application program corresponding to the process PID, and determining whether the application program supports window title management and control;
comparing the current title of the focus window with the encrypted document names in the shared memory if the application program supports window title management and control, and determining that the focus window is open to the encrypted document if the current title of the focus window contains the encrypted document names cached in the shared memory;
if the application program does not support window title management and control, directly searching the process PID in the shared memory, and if the process PID is found, determining that the process is opened to be an encrypted document;
if the process or the focus window is opened by encrypting the document, deleting the dragging attribute of all the current windows, such as the XdndAware attribute, through the X11 related API;
if the process or focus window is open and not an encrypted document, the XdndAware properties of all windows deleted are restored through the X11-related API.
In order to facilitate understanding, the technical solutions provided in the embodiments of the present application are further described below by specific examples.
Example one: taking the example of the clipboard control performed when the WPS opens an encrypted WORD document under the unified trust UOS operating system, a possible implementation process is shown in fig. 5 (as known from the command line xwininfo query window information, the WPS header contains the document name of the opened document):
1) The user opens the encrypted document through the WPS, the transparent decryption driving module is responsible for transparent decryption of the encrypted document, and synchronously informs an application layer of a process PID for opening the encrypted document and an encrypted document path, and the WPS displays document content;
2) The anti-leakage system monitors the driving information, receives the process PID and the encrypted document path of the driving synchronization, caches the process PID and the encrypted document path in the shared memory, and provides the process PID and the encrypted document path for the clipboard management and control module and the text dragging management and control module to access;
3) When a user copies the document content from the opened document, the clipboard changes;
4) The shear plate control module monitors the change of the shear plate, acquires a focus window ID, and acquires the process PID and the current title of the focus window through the focus window ID;
inquiring an application program corresponding to the process PID, and determining that the application program supports window title management and control because the application program is WPS;
Comparing the current title of the focus window with the encrypted document names in the shared memory, and if the current title of the focus window contains the encrypted document names cached in the shared memory, determining that the focus window is open to the encrypted document;
if the focus window is open and the document is encrypted, the copy content is emptied by occupying the ownership of the clipboard through the X11 related API, so that when the user pastes, the paste content is empty.
Example two: taking text drag control as an example when an encrypted TXT document is opened from a self-contained text editor under a unified trust UOS operating system, a possible implementation process is shown in fig. 6:
1) The user opens the encrypted document through a text editor, the transparent decryption driving module is responsible for decrypting the encrypted document, and synchronously informs an application layer of a process PID of opening the encrypted document and an encrypted document path, and the text editor displays document contents;
2) The anti-leakage system monitors the driving message, receives the process PID and the encrypted document path of the driving synchronization, caches the process PID and the encrypted document path into the shared memory, and provides the process PID and the encrypted document path for the text dragging management and control module to access;
3) When a user switches to a text editor window to view the document content, the focus window changes;
4) The text dragging control module monitors the change of the focus window, acquires a focus window ID, and acquires the process PID and the current title of the focus window through the focus window ID;
Inquiring an application program corresponding to the process PID, and determining that the application program does not support window title management and control because the application program is a text editor;
directly searching the process PID in the shared memory, and if the process PID is found, determining that the process is opened to be an encrypted document;
if the process opens an encrypted document, deleting the dragging attribute of all windows of the current desktop, such as the XdndAware attribute, through the X11 related API, so that the dragging of the document content is failed;
if the process opens a non-encrypted document, the deleted XdndAware attribute is restored through the X11-related API.
According to the embodiment of the invention, the technical scheme provided by the embodiment of the application can effectively prevent the leakage of the encrypted document content in a copying mode or a dragging mode.
Corresponding to the above method embodiments, the embodiments of the present application further provide a document content operation control device, where the document content operation control device described below and the document content operation control method described above may be referred to correspondingly.
Referring to fig. 7, the document content operation management apparatus 700 may include the following modules:
a first determining module 710, configured to determine, if a first operation for the document content in the first window is detected, whether the document content in the first window is a management content;
The first execution module 720 is configured to execute a first management action when the document content in the first window is the management content and the first operation is a copy operation, where the first management action is used to limit the document content in the first window from being copied to other documents;
and the second execution module 730 is configured to execute a second control action when the document content in the first window is the control content and the first operation is a drag operation, where the second control action is used to limit the document content in the first window from being dragged to other documents.
By the device provided by the embodiment of the application, under the condition that the first operation of the document content in the first window is monitored, whether the document content in the first window is the management content is determined, if the first operation is the copy operation, the first management and control action is executed to limit the document content in the first window to be copied to other documents, and if the first operation is the drag operation, the second management and control action is executed to limit the document content in the first window to be dragged to other documents, the document content operation is effectively managed and controlled, the document content can be effectively prevented from being leaked, and the safety of the document content is ensured.
In some embodiments of the present application, the first determining module 710 is configured to:
and determining whether the document content in the first window is the management content according to the process identification of the first window and/or the current title of the first window.
In some embodiments of the present application, the first determining module 710 is configured to:
determining a first application program corresponding to the first window according to the process identification of the first window;
if the first application program supports window title management and control, determining whether the document content in the first window is management and control content according to a comparison result of the current title of the first window and the encrypted document name in the shared memory;
if the first application program does not support window title management and control, determining whether document content in the first window is management and control content according to whether process identification of the first window is stored in a shared memory.
In some embodiments of the present application, the document content operation management apparatus 700 further includes a third execution module for:
in the event that a first operation is monitored for document content within a first window, determining whether the document content within the first window is administrative content, receiving an open request for the first document;
If the first document is an encrypted document, transparently decrypting the first document and displaying the document content of the first document in a second window;
and caching the process identification of the second window and the file information of the first document into a shared memory, wherein the file information of the first document at least comprises the file name of the first document.
In some embodiments of the present application, the first execution module 720 is configured to:
acquiring ownership of the shear plate;
and returning null data or messy code data when the paste request is received.
In some embodiments of the present application, the second execution module 730 is configured to:
and deleting the drag attribute of each current window.
In some embodiments of the present application, the second execution module 730 is further configured to:
and after deleting the drag attributes of all the current windows, if the second operation on the document content in the third window is monitored, restoring the drag attributes of all the current windows which are deleted if the document content in the third window is not the management content.
The specific manner in which the various modules perform the operations in the apparatus of the above embodiments have been described in detail in connection with the embodiments of the method, and will not be described in detail herein.
Corresponding to the above method embodiment, the embodiment of the present application further provides an electronic device, including:
a memory for storing a computer program;
and the processor is used for realizing the steps of the document content operation control method when executing the computer program.
As shown in fig. 8, which is a schematic diagram of a composition structure of an electronic device, the electronic device may include: a processor 10, a memory 11, a communication interface 12 and a communication bus 13. The processor 10, the memory 11 and the communication interface 12 all complete communication with each other through a communication bus 13.
In the present embodiment, the processor 10 may be a central processing unit (Central Processing Unit, CPU), an asic, a dsp, a field programmable gate array, or other programmable logic device, etc.
The processor 10 may call a program stored in the memory 11, and in particular, the processor 10 may perform operations in an embodiment of the document content operation control method.
The memory 11 is used for storing one or more programs, and the programs may include program codes, where the program codes include computer operation instructions, and in this embodiment, at least the programs for implementing the following functions are stored in the memory 11:
In the event that a first operation is monitored for document content within the first window, determining whether the document content within the first window is a regulatory content;
if the document content in the first window is the management content and the first operation is the copy operation, executing a first management and control action, wherein the first management and control action is used for limiting the document content in the first window to be copied to other documents;
and if the document content in the first window is the control content and the first operation is the dragging operation, executing a second control action, wherein the second control action is used for limiting the document content in the first window to be dragged to other documents.
In one possible implementation, the memory 11 may include a storage program area and a storage data area, where the storage program area may store an operating system, and at least one application program required for functions, etc.; the storage data area may store data created during use.
In addition, the memory 11 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device or other volatile solid-state storage device.
The communication interface 12 may be an interface of a communication module for interfacing with other devices or systems.
Of course, it should be noted that the structure shown in fig. 8 is not limited to the electronic device in the embodiment of the present application, and the electronic device may include more or fewer components than those shown in fig. 8 or may combine some components in practical applications.
Corresponding to the above method embodiments, the present application further provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the steps of the above document content operation management method.
In addition, it should be noted that: embodiments of the present application also provide a computer program product or computer program that may include computer instructions that may be stored in a computer-readable storage medium. The processor of the computer device reads the computer instructions from the computer readable storage medium, and the processor can execute the computer instructions, so that the computer device performs the description of the method for controlling the content operation in the embodiment of the present invention, and thus, a detailed description thereof will be omitted herein. In addition, the description of the beneficial effects of the same method is omitted. For technical details not disclosed in the computer program product or the computer program embodiments related to the present application, please refer to the description of the method embodiments of the present application.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, so that the same or similar parts between the embodiments are referred to each other.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Specific examples are used herein to illustrate the principles and embodiments of the present application, and the description of the above examples is only for aiding in understanding the technical solution of the present application and its core ideas. It should be noted that it would be obvious to those skilled in the art that various improvements and modifications can be made to the present application without departing from the principles of the present application, and such improvements and modifications fall within the scope of the claims of the present application.

Claims (10)

1. A document content operation control method, comprising:
determining whether the document content in a first window is a management content under the condition that a first operation for the document content in the first window is monitored;
if the document content in the first window is the management content and the first operation is the copy operation, executing a first management and control action, wherein the first management and control action is used for limiting the document content in the first window to be copied to other documents;
and if the document content in the first window is the control content and the first operation is the dragging operation, executing a second control action, wherein the second control action is used for limiting the document content in the first window to be dragged to other documents.
2. The method of claim 1, wherein the determining whether the document content within the first window is administrative content comprises:
and determining whether the document content in the first window is the management content or not according to the process identification of the first window and/or the current title of the first window.
3. The method of claim 2, wherein determining whether the document content within the first window is a managed content based on the process identification of the first window and/or the current title of the first window comprises:
determining a first application program corresponding to the first window according to the process identification of the first window;
if the first application program supports window title management and control, determining whether the document content in the first window is management and control content according to a comparison result of the current title of the first window and the encrypted document name in the shared memory;
and if the first application program does not support window title management and control, determining whether the document content in the first window is management and control content according to whether the process identifier of the first window is stored in the shared memory.
4. The method of claim 3, wherein, in the event that the first operation is monitored for document content within a first window, determining whether the document content within the first window is administrative content is preceded by:
receiving an open request for a first document;
if the first document is an encrypted document, transparently decrypting the first document and displaying the document content of the first document in a second window;
and caching the process identification of the second window and the file information of the first document into the shared memory, wherein the file information of the first document at least comprises the file name of the first document.
5. The method of claim 1, wherein the performing a first administration action comprises:
acquiring ownership of the shear plate;
and returning null data or messy code data when the paste request is received.
6. The method according to any one of claims 1 to 5, wherein the performing a second policing action comprises:
and deleting the drag attribute of each current window.
7. The method of claim 6, wherein after said deleting the drag attribute of all the current windows, the method further comprises:
And if the second operation on the document content in the third window is monitored, restoring the deleted drag attribute of the current windows if the document content in the third window is not the management content.
8. A document content operation control apparatus, comprising:
the first determining module is used for determining whether the document content in the first window is the management content or not under the condition that the first operation on the document content in the first window is monitored;
the first execution module is used for executing a first management and control action when the document content in the first window is the management and control content and the first operation is the copy operation, wherein the first management and control action is used for limiting the document content in the first window to be copied to other documents;
and the second execution module is used for executing a second control action when the document content in the first window is the control content and the first operation is the dragging operation, wherein the second control action is used for limiting the document content in the first window to be dragged to other documents.
9. An electronic device, comprising:
a memory for storing a computer program;
A processor for implementing the steps of the document content operation management method according to any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the document content operation management method according to any one of claims 1 to 7.
CN202311360318.6A 2023-10-19 2023-10-19 Document content operation control method and device, electronic equipment and medium Pending CN117492596A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311360318.6A CN117492596A (en) 2023-10-19 2023-10-19 Document content operation control method and device, electronic equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311360318.6A CN117492596A (en) 2023-10-19 2023-10-19 Document content operation control method and device, electronic equipment and medium

Publications (1)

Publication Number Publication Date
CN117492596A true CN117492596A (en) 2024-02-02

Family

ID=89668019

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311360318.6A Pending CN117492596A (en) 2023-10-19 2023-10-19 Document content operation control method and device, electronic equipment and medium

Country Status (1)

Country Link
CN (1) CN117492596A (en)

Similar Documents

Publication Publication Date Title
US11057355B2 (en) Protecting documents using policies and encryption
US11700112B2 (en) Distributed key caching for encrypted keys
US10860727B2 (en) Mass encryption management
US9542563B2 (en) Accessing protected content for archiving
US20150081644A1 (en) Method and system for backing up and restoring a virtual file system
US9195849B2 (en) Cloud application installed in client terminal connected to cloud server
US20070038680A1 (en) Management of mobile-device data
EP1698991A2 (en) Method and computer-readable medium for generating usage rights for an item based upon access rights
US10104044B2 (en) Coerced encryption on connected devices
WO2008063384A2 (en) Systems and methods for document control using public key encryption
GB2498142A (en) Data distribution device, data distribution system, client device, data distribution method, data reception method, program and recording medium
CN102609642A (en) Clipboard control method and clipboard control system
EP1536307B1 (en) Encryption of system paging file
WO2022247503A1 (en) Data content processing method and apparatus, terminal, and storage medium
US8782798B2 (en) Method and apparatus for protecting data using a virtual environment
WO2020000765A1 (en) Off-line data storage method and apparatus, computer device and storage medium
CN111858094B (en) Data copying and pasting method and system and electronic equipment
CN112416622A (en) Clipboard data protection method and device, computer equipment and storage medium
CN117492596A (en) Document content operation control method and device, electronic equipment and medium
US10284586B1 (en) Data loss prevention techniques for applications with save to web functionality
CN113326526B (en) Data access method, device, equipment and storage medium
US8839138B1 (en) Systems and methods for transitioning between user interface environments
CN108205631A (en) A kind of content copying methods and device
CN114339630B (en) Method and device for protecting short message
CN117077127A (en) Transparent encryption method, device, equipment and storage medium under macOS

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination