WO2017101865A1 - Data processing method and device - Google Patents

Data processing method and device Download PDF

Info

Publication number
WO2017101865A1
WO2017101865A1 PCT/CN2016/110447 CN2016110447W WO2017101865A1 WO 2017101865 A1 WO2017101865 A1 WO 2017101865A1 CN 2016110447 W CN2016110447 W CN 2016110447W WO 2017101865 A1 WO2017101865 A1 WO 2017101865A1
Authority
WO
WIPO (PCT)
Prior art keywords
current webpage
window
current
preset
protection rule
Prior art date
Application number
PCT/CN2016/110447
Other languages
French (fr)
Chinese (zh)
Inventor
赵小宁
Original Assignee
北京奇虎科技有限公司
北京奇安信科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京奇虎科技有限公司, 北京奇安信科技有限公司 filed Critical 北京奇虎科技有限公司
Publication of WO2017101865A1 publication Critical patent/WO2017101865A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/957Browsing optimisation, e.g. caching or content distillation
    • G06F16/9577Optimising the visualization of content, e.g. distillation of HTML documents

Definitions

  • the present invention relates to the field of computer security technologies, and in particular, to a data processing method and a data processing device.
  • a browser is a piece of software that can display the contents of an HTML (HyperText Mark-up Language) file of a web server or file system and allow users to interact with these files.
  • the web browser mainly interacts with the web server through HTTP (HyperText Transfer Protocol) and acquires web pages. These web pages are specified by a URL (Uniform Resource Locator), and the file format is usually HTML.
  • LAN has become an indispensable part of enterprise development.
  • LANs also face a variety of attacks and threats, such as confidential leakage, data loss, network abuse, identity fraud, illegal intrusion and so on.
  • a local area network such as a bank or a military
  • the internal user terminal inevitably has some confidential data in the web page browsed by the browser. If the confidential data is leaked through the browser, it will bring great security risks. .
  • the present invention has been made in order to provide a data processing method and a data processing apparatus that overcome the above problems or at least partially solve the above problems.
  • a data processing method comprising:
  • the current webpage meets the preset protection rule, the current webpage is displayed, and the watermark content is displayed on the current webpage.
  • the method further includes:
  • the step of displaying the current webpage while displaying the watermark content on the current webpage includes:
  • the transparency of the second window is controlled to a value less than 100%, and the watermark content is displayed through the second window.
  • the step of displaying the current webpage and simultaneously displaying the watermark content on the current webpage includes:
  • the current webpage is displayed.
  • the step of determining whether the current webpage meets a preset protection rule comprises:
  • the method is applied to the local area network, and the preset protection rule is that the administrator of the local area network sends the preset protection rule to the browser client by using the rule preset by the server.
  • the watermark content is generated by the following steps:
  • the watermark content is generated according to at least one of an account of the current user, a login time of the current user, a current time, and a current enterprise corresponding enterprise identity.
  • the method further includes:
  • the transparency of the second window is controlled to be 100%.
  • the method further includes:
  • a data processing apparatus comprising:
  • the determining module is configured to determine whether the current webpage meets a preset protection rule before displaying the current webpage
  • the first display module is configured to display the current webpage when the current webpage meets the preset protection rule, and display the watermark content on the current webpage.
  • the device further includes:
  • the drawing module is configured to: before the determining module determines whether the current webpage meets the preset protection rule, in the process of starting the browser, drawing the first window and the second window located above the first window;
  • the first display module includes:
  • a first display submodule configured to display the current webpage through the first window
  • the second display submodule is configured to control the transparency of the second window to a value less than 100%, and display the watermark content through the second window.
  • a data processing method and apparatus when the current webpage meets a preset protection rule, displaying the current webpage, and displaying the watermark content on the current webpage;
  • the rule may indicate that there is sensitive data in the current webpage that needs to be protected.
  • the sensitive data may involve user privacy, and may also involve core technology or confidential technology of the local area network.
  • the watermark content is displayed on the current webpage, and can be currently When the page content of the webpage is leaked, the corresponding watermark content is traced to the corresponding leaker, so that not only the protection of the page content can be increased, but also the deterrent can be deterred; thus, the embodiment of the present invention can Effectively prevent sensitive data from current web pages from being leaked through the browser, thus improving the security of current web pages and browsers.
  • FIG. 1 is a flow chart showing the steps of a data processing method according to an embodiment of the present invention.
  • FIG. 2 is a flow chart showing the steps of a data processing method according to an embodiment of the present invention.
  • FIG. 3 is a flow chart showing the steps of a data processing method according to an embodiment of the present invention.
  • FIG. 4 is a flow chart showing the steps of a data processing method according to an embodiment of the present invention.
  • FIG. 5 is a block diagram showing the structure of a data processing apparatus according to an embodiment of the present invention.
  • FIG. 6 is a block diagram of a computing device configured to perform a data processing method in accordance with the present invention.
  • FIG. 7 is a storage unit configured to hold or carry program code that implements a data processing method in accordance with the present invention.
  • One of the core concepts of the embodiment of the present invention is that, according to whether the current webpage meets the preset protection rule Then, the watermark content is selectively displayed on the current webpage, specifically, when the current webpage meets the preset protection rule, the current webpage is displayed, and the watermark content is displayed on the current webpage; Compliance with the preset protection rules may indicate that there is sensitive data in the current webpage that needs to be protected.
  • the sensitive data may involve user privacy, and may also involve core technologies or confidential technologies of the local area network.
  • the watermark content is displayed on the current webpage.
  • the embodiment can effectively prevent the sensitive data involved in the current webpage from being leaked through the browser, thereby improving the security of the current webpage and the browser.
  • FIG. 1 a flow chart of steps of a data processing method according to an embodiment of the present invention is shown, which may specifically include the following steps:
  • Step 101 Before displaying the current webpage, determining whether the current webpage meets a preset protection rule
  • the embodiments of the present invention can be applied to various page access scenarios, where the pages can be abbreviated pages, WAP (Wireless Application Protocol, Wireless Application Protocol), and WWW (World Wide Web) and other formats.
  • WAP Wireless Application Protocol
  • WWW World Wide Web
  • the embodiment of the present invention does not limit the specific format of a specific page and a page.
  • the embodiments of the present invention can be applied to a network environment such as a wide area network or a local area network, and can improve the security of a single user terminal in the wide area network, or can improve the security of multiple user terminals and a local area network in the local area network.
  • the user terminal may specifically include various terminals having page access capabilities, such as a mobile phone, a PC (personal computer), a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, and a fitness device. Personal digital assistants, etc.
  • the embodiment of the present invention can be applied to a local area network such as an enterprise network, a government network, or a campus network; in the foregoing local area network, a user terminal refers to a terminal device with an operating system installed, and the user terminal can be connected to a local area network by wire, or Connect to the LAN wirelessly.
  • the watermark content can be selectively displayed on the current webpage of the user terminal in the local area network as the webpage operation of the user terminal in the local area network, so as to increase the protection of the page content. Sex.
  • the data processing procedure in the embodiment of the present invention may be performed by a browser.
  • the data processing process may be performed by a data processing device or a data processing plug-in in the browser, thereby effectively preventing the webpage data to be protected from being leaked through the browser. , which can improve the security of the browser.
  • the determining scheme 1 may match the page content of the current webpage with the first preset protection rule. If the matching result is that the matching is successful, it is determined that the current webpage meets the preset protection rule.
  • the first preset protection rule may specifically include: a rule corresponding to the at least one preset keyword, where the first preset protection rule may specifically include: between preset keywords
  • the (or) relationship may also be an AND relationship between the preset keywords, and the first preset protection rule may be described by using a regular expression.
  • the specific content and specific description of the protection rules are not limited.
  • the preset keywords may be located in a keyword set.
  • the keyword set may be a server of a local area network or a set of control terminals maintained according to security requirements of the local area network.
  • the keyword set may specifically include: at least one preset keyword, and the preset keyword may be related to a core technology or a secret of a local area network. Technology related.
  • the control terminal can receive the preset keyword specified by the user, and can also automatically determine the corresponding preset keyword according to the security requirement of the local area network. It can be understood that the specific preset keyword in the keyword set is not in the embodiment of the present invention. Limit it.
  • the determining scheme 2 can search for the webpage address according to the current webpage address, and if the search hits, determine that the current webpage meets the preset protection rule.
  • the foregoing set of the URLs may be a set of the local area network or the control set of the local area network, or the control set of the local area network may further include: at least one preset website address, where the corresponding website address may carry the core technology of the local area network or Confidential technology related Sensitive data.
  • the control terminal can receive the preset web address specified by the user, and can also automatically determine the corresponding preset web address according to the security requirements of the local area network. It can be understood that the specific preset web address in the foregoing web address set is not limited in the embodiment of the present invention.
  • the page address and the preset URL may be described in the form of a URL (Uniform Resource Locator), etc., and the embodiment of the present invention does not limit the specific description of the page address and the preset URL. .
  • URL Uniform Resource Locator
  • the determining scheme 3 may extract the protection identifier from the header information corresponding to the current webpage, and determine, according to the protection identifier, whether the current webpage meets the preset protection rule.
  • the server may add a protection identifier of the webpage in the header information of the webpage, and the protection identifier may be used to identify whether the webpage is a webpage to be protected.
  • the value of the protection identifier may be 0 or 1, 0 indicates that the web page is not a web page to be protected, and 1 identifies the web page as a web page to be protected.
  • the client may extract the protection identifier from the header information of the HTML code, and determine whether the current webpage conforms to the preset protection rule according to the protection identifier. It can be understood that the foregoing process of adding the protection identifier and extracting the protection identifier is only an example, and the specific process of adding the protection identifier and extracting the protection identifier is not limited in the embodiment of the present invention.
  • the preset protection rule when the method of the embodiment of the present invention is applied to a local area network, the preset protection rule may be a rule preset by a server of a local area network, and the server may The preset protection rules are sent to the browser client.
  • the determination scheme of determining whether the current webpage meets the preset protection rule is a detailed description of the determination scheme of determining whether the current webpage meets the preset protection rule. It can be understood that one skilled in the art may adopt one or a combination of the foregoing determination schemes according to actual application requirements, or may also adopt other
  • the judging scheme, for example, the preset protection rule may also involve user rights, some users may have the right to not watermark the content, and some users do not have the permission to not watermark the content.
  • Step 102 When the current webpage meets a preset protection rule, display the current webpage, and display the watermark content on the current webpage.
  • the embodiment of the present invention displays the watermark on the current webpage while displaying the current webpage.
  • the content can prevent the user from leaking the page content of the current webpage by means of screen capture, photographing, printing, etc. without displaying the watermark content.
  • the watermark content may be generated by generating, according to at least one of an account of a current user, a login time of a current user, a current time, and a current enterprise corresponding enterprise identifier.
  • Watermark content It is assumed that the watermark content includes the current user's account, and the user's account can be a unique user corresponding to the local area network, so that the corresponding leaker can be tracked by the corresponding watermark content when the page content of the current webpage is leaked.
  • the watermark content includes the enterprise identifier, the corresponding leaked enterprise is tracked by the corresponding watermark content when the page content of the current webpage is leaked.
  • At least one of the current user's account, the current user's login time, the current time, and the current user's corresponding enterprise identity may be used as the original content, and the original content is encoded or Encryption processing to obtain the corresponding watermark content.
  • the watermark content may be expressed in the form of a character, a two-dimensional code, a barcode, or the like.
  • the watermark content may be decoded or decrypted to obtain a corresponding original content. It can be understood that the specific original content, the encoding or encryption algorithm and the representation form corresponding to the watermark content are not limited in the embodiment of the present invention.
  • the watermark content may be distributed only in the vicinity of the sensitive data of the current webpage, or the watermark content may be distributed throughout the current webpage.
  • the embodiment of the present invention does not limit the specific distribution of the above watermark content.
  • the method may further include: in the process of starting the browser, drawing the first window and located in the first window The second window on;
  • the method may include:
  • the transparency of the second window is controlled to a value less than 100%, and the watermark content is displayed through the second window.
  • the current webpage may be displayed through the first window, and the watermark content may be displayed through the second window; wherein the second window may be located above the first window, and the second window may be displayed when the watermark content needs to be displayed
  • the transparency is controlled to a value less than 100%.
  • the transparency of the second window can be controlled to a value of 95%, 90%, etc., and the transparency of the second window is not limited in the embodiment of the present invention.
  • the display scheme 1 displays the watermark content through the second window located above the first window. Since the modification of the HTML code of the webpage may not be involved, the complexity of displaying the watermark content can be alleviated, and the amount of calculation required for displaying the watermark content can be reduced. And computing resources.
  • the step 102 of displaying the current webpage and simultaneously displaying the watermark content on the current webpage may specifically include: displaying the current webpage after embedding the watermark content in the current webpage.
  • Display scheme 2 can embed the watermark content in the current webpage by modifying the form of the webpage code.
  • the content can be embedded in the current webpage by using the DIV (Division) technology in the CSS (Cascading Style Sheets). It can be understood that the specific process of embedding the watermark content into the current webpage is not limited in the embodiment of the present invention.
  • the sensitive data that needs to be protected exists in the current webpage, and the sensitive data may involve user privacy, and may also involve core technologies or confidential technologies of the local area network.
  • the watermark content is displayed on the current webpage, and the corresponding watermark content can be tracked to the corresponding content when the page content of the current webpage is leaked.
  • the leaker can not only increase the protection of the content of the page, but also can act as a deterrent to the leaker; thus, the embodiment of the present invention can effectively prevent sensitive data related to the current webpage from being leaked through the browser, thereby improving Current web and browser security.
  • FIG. 2 a flow chart of steps of a data processing method according to an embodiment of the present invention is shown, which may specifically include the following steps:
  • Step 201 In the process of starting the browser, drawing a first window and a second window located above the first window;
  • Step 202 Before displaying the current webpage, determining whether the current webpage meets a preset protection rule
  • Step 203 When the current webpage meets a preset protection rule, display the current webpage by using the first window.
  • Step 204 Control the transparency of the second window to a value less than 100% while displaying the current webpage through the first window, and display the watermark content through the second window.
  • the embodiment describes a process from launching a browser to displaying a current webpage, wherein an initial transparency of the second window may be a first preset value, and, in the current webpage
  • the first window and the second preset value may be the same or different values.
  • the first preset value may be 100%
  • the second preset value may be 90%.
  • the specific value of the first preset value and the second preset value is not limited in the embodiment of the present invention.
  • the method may further include: displaying the current webpage when the current webpage does not meet the preset protection rule; and controlling the transparency of the second window to 100% . Since the transparency of the second window is 100%, it can exhibit a completely transparent effect, so the normal display of the current web page can be not affected.
  • FIG. 3 a flow chart of steps of a data processing method according to an embodiment of the present invention is shown, which may specifically include the following steps:
  • Step 301 In the process of starting the browser, drawing a first window and a second window located above the first window;
  • Step 302 Before displaying the current webpage, determining whether the current webpage meets a preset protection rule
  • Step 303 When the current webpage meets a preset protection rule, display the current webpage by using the first window.
  • Step 304 Control the transparency of the second window to a value less than 100% while displaying the current webpage through the first window, and display the watermark content through the second window;
  • the method in this embodiment may further include:
  • Step 305 Receive, by using the second window, an operation event of the user for the current webpage.
  • Step 306 Pass the operation event to the first window through the second window, so that the first window responds to the operation event.
  • the foregoing operation events may specifically include: a keyboard event and/or a mouse event.
  • the embodiment may pass the operation event to the first window through a second window, so that the first window can normally respond to the operation event.
  • an operation event may be delivered to the first window by an LRESULT SendMessage (HWND hWnd, UINT Msg, WPARAM wParam, LPARAM IParam) function; wherein hWnd is used to represent the handle of the first window, Msg Used to indicate the transmitted operational event message, wParam is used to specify additional message specific information, and IParam is used to specify additional message specific information.
  • HWND hWnd UINT Msg, WPARAM wParam, LPARAM IParam
  • hWnd is used to represent the handle of the first window
  • Msg Used to indicate the transmitted operational event message
  • wParam is used to specify additional message specific information
  • IParam is used to specify additional message specific information.
  • FIG. 4 a flow chart of steps of a data processing method according to an embodiment of the present invention is shown, which may specifically include the following steps:
  • Step 401 Before displaying the current webpage, determine whether the current webpage meets a preset protection rule
  • Step 402 When the current webpage meets a preset protection rule, display the current webpage, and display the watermark content on the current webpage;
  • Step 403 Reject the preset operation request when the current webpage meets a preset protection rule and monitors a preset operation request for the current webpage.
  • the embodiment may further reject the preset operation request for the current webpage when the current webpage meets the preset protection rule; and the current webpage conforms to the preset protection rule, indicating that the current webpage needs to be protected.
  • Sensitive data which may involve the user's privacy, may also involve the core technology or the secret technology of the local area network. Therefore, the embodiment of the present invention can effectively prevent the sensitive data involved in the current webpage from being leaked through the browser, thereby improving the current webpage and Browser security.
  • the preset operation request may specifically include at least one of the following requests: a request for copying and/or pasting; a request for screen capture; a request for printing Requests for uploading and/or downloading; and requests for right-click menu operations.
  • the request for copying and/or pasting, the request for screen capture, the request for printing, the request for right-click menu operation, and the request for download can effectively prevent the webpage data to be protected from leaking through the browser.
  • the request for uploading can effectively prevent the data of the user terminal in the local area network from being leaked through the browser.
  • the monitoring scheme 1 can be applied to the monitoring of preset operations performed by the browser, and the operation control device or the operation control plug-in for performing the control flow of the webpage operation can take over the operation of the browser.
  • the operation control device or the operation control plug-in may register a callback function corresponding to the preset operation request event in the browser, and receive the notification of the occurrence of the registered preset operation request event through the callback function.
  • the browser may call back the registrant (operation control device or operation control plug-in) through the interface provided by the callback function, so that the registrant knows the registered preset operation request event. happened.
  • Monitoring scheme 2 can be applied to the monitoring of preset operations performed by the browser, and can also be applied to monitoring of preset operations performed by non-browser operations, such as printing operations performed by the operating system.
  • Monitoring scenario 2 can establish a hook to monitor a preset operational request for the current web page.
  • a hook processing routine hooked to a preset operation request may be created to intercept an API (Application Program Interface) corresponding to the preset operation request.
  • the hook processing routine may specifically include two modules: one is a hook server (Hook Server), generally in the form of an EXE; and the other is a hook driver (Hook Driver), generally a DLL ( The form of the Dynamic Link Library.
  • the hook server is used to inject the hook driver into the target process so that the hook driver works in the address space of the target process, and the hook driver is used for the actual API interception work.
  • the hook driver injected into the security detection process is used to redirect the API corresponding to the preset operation request of the operating system (such as the API corresponding to the request for printing) to the hook function (usually by modifying the function entry address) ), such a hook function can obtain the information that the API is executed, so that the monitoring of the preset operation request for the current web page can be completed.
  • the preset operation request for the current webpage is monitored by the above two methods only as an application example of the present invention. In an actual application, the specific process of monitoring the preset operation request for the current webpage is not in the actual application. Limit it.
  • the method of the embodiment may further include: determining, when the current webpage meets the preset protection rule, whether the current user has the operation authority corresponding to the preset operation request; When the current user does not have the operation authority corresponding to the preset operation request, the preset operation request is rejected.
  • the optional embodiment can give a user with different identities a webpage operation corresponding to the identity by using the privilege control, and block the operation call that cannot be performed, which not only can realize the division of labor, but also can reduce the complexity of the control of the webpage operation.
  • the browser can obtain the current user's webpage operation authority from the server or the control terminal in the local area network; and the server can maintain the mapping relationship between the user identity and the webpage operation authority to provide the browser with the current user's webpage operation.
  • Permissions may be set according to the organizational structure of the enterprise, and the user identity may include: a first-level employee, a second-level employee, a third-level employee, a fourth-level employee, and a fifth-level employee.
  • the first-level staff is the board member
  • the second-level staff is the general manager
  • the third-level staff is the department head
  • the fourth-level staff is the grass-roots management staff
  • the fifth-level staff is the ordinary staff.
  • the webpage operation authority, the second-level staff, the third-level staff, and the fourth-level staff can have some webpage operation rights, and the five-level staff can not have any webpage operation authority.
  • the user identity and the corresponding webpage operation authority are only examples. In the embodiment of the present invention, the specific mapping relationship between the user identity and the webpage operation authority is not limited.
  • FIG. 5 a block diagram of a data processing apparatus according to an embodiment of the present invention is shown, which may specifically include the following modules:
  • the determining module 501 is configured to determine whether the current webpage meets a preset protection rule before displaying the current webpage;
  • the first display module 502 is configured to display the current webpage when the current webpage meets the preset protection rule, and display the watermark content on the current webpage.
  • the device may further include:
  • the drawing module is configured to: before the determining module determines whether the current webpage meets the preset protection rule, in the process of starting the browser, drawing the first window and the second window located above the first window;
  • the first display module 502 may specifically include:
  • a first display submodule configured to display the current webpage through the first window
  • the second display sub-module controls the transparency of the second window to a value less than 100%, and displays the watermark content through the second window.
  • the first display module 502 may specifically include:
  • the third display submodule is configured to display the current webpage after embedding the watermark content in the current webpage.
  • the determining module 501 may specifically include:
  • the first determining sub-module is configured to match the page content of the current webpage with the first preset protection rule, and if the matching result is that the matching is successful, determining that the current webpage meets the preset protection rule; or
  • the second determining sub-module is configured to perform a search in the web address set according to the page address of the current webpage, and if the search hits, determine that the current webpage meets the preset protection rule; or
  • the third determining sub-module is configured to extract a protection identifier from the header information corresponding to the current webpage, and determine, according to the protection identifier, whether the current webpage meets the preset protection rule.
  • the device may be configured as a local area network
  • the preset protection rule may be a rule preset by a server of a local area network through a server, and the pre-prepared by the server The protection rule is sent to the device located at the browser client.
  • the apparatus may further include: a generating module configured to generate the watermark content;
  • the generating module may specifically include:
  • generating a submodule configured to generate the watermark content according to at least one of an account of the current user, a login time of the current user, a current time, and a current enterprise identity.
  • the device may further include:
  • the second display module is configured to display the current webpage when the current webpage does not meet the preset protection rule
  • control module configured to control the transparency of the second window to be 100%.
  • the apparatus may further include:
  • a receiving module configured to receive, by using the second window, an operation event of the user for the current webpage
  • a delivery module configured to pass the operational event to the first window through the second window to cause the first window to respond to the operational event.
  • the description is relatively simple, and the relevant parts can be referred to the description of the method embodiment.
  • modules in the devices of the embodiments can be adaptively changed and placed in one or more devices different from the embodiment.
  • the modules or units or components of the embodiments may be combined into one module or unit or component, and further they may be divided into a plurality of sub-modules or sub-units or sub-components.
  • any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed, or All processes or units of the device are combined.
  • Each feature disclosed in this specification (including the accompanying claims, the abstract and the drawings) may be replaced by alternative features that provide the same, equivalent or similar purpose.
  • the various component embodiments of the present invention may be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof.
  • a microprocessor or digital signal processor may be used in practice to implement some or all of the functionality of some or all of the components of the data processing method and apparatus in accordance with embodiments of the present invention.
  • the invention can also be implemented as a device or device program (e.g., a computer program and a computer program product) for performing some or all of the methods described herein.
  • a program implementing the invention may be stored on a computer readable medium or may be in the form of one or more signals.
  • Such signals may be downloaded from an internet platform, provided on a carrier signal, or provided in any other form.
  • Figure 6 illustrates a computing device for performing a data processing method in accordance with the present invention.
  • the computing device conventionally includes a processor 1510 and a program product or readable medium in the form of a memory 1520.
  • the memory 1520 may be an electronic memory such as a flash memory, an EEPROM (Electrically Erasable Programmable Read Only Memory), an EPROM, or a ROM.
  • Memory 1520 has a storage space 1530 for program code 1531 for performing any of the method steps described above.
  • storage space 1530 for program code may include various program code 1531 for implementing various steps in the above methods, respectively.
  • These program codes can be read from or written to one or more program products.
  • These program products include program code carriers such as memory cards.
  • Such a program product is typically a portable or fixed storage unit as described with reference to FIG.
  • the storage unit may have storage segments, storage spaces, and the like that are similarly arranged to memory 1520 in the computing device of FIG.
  • the program code can be compressed, for example, in an appropriate form.
  • the storage unit includes readable code 1531', ie, code that can be read by a processor, such as, for example, 1510, which when executed by a computing device causes the computing device to perform various steps in the methods described above .

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Medical Informatics (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

A data method and device are provided, wherein the method specifically comprises: determining whether a current web page conforms to a preset protection rule (101) before displaying the current web page; when it conforms to the preset protection rule, displaying the current web page and displaying a watermark content at the same time on the current web page (102). This method can not only improve protection for the content of the page, but also have a deterrent effect on a leaker; thereby effectively preventing the current web page related sensitive data being leaked through a browser and improving security of the current web page and browser.

Description

一种数据处理方法和装置Data processing method and device 技术领域Technical field
本发明涉及计算机安全技术领域,特别是涉及一种数据处理方法和一种数据处理装置。The present invention relates to the field of computer security technologies, and in particular, to a data processing method and a data processing device.
背景技术Background technique
浏览器是指可以显示网页服务器或者文件系统的HTML(超文本标记语言,HyperText Mark-up Language))文件内容,并让用户与这些文件交互的一种软件。网页浏览器主要通过HTTP(超文本传输协议,HyperText Transfer Protocol)与网页服务器交互并获取网页,这些网页由URL(统一资源定位符,Uniform Resource Locator)指定,文件格式通常为HTML。A browser is a piece of software that can display the contents of an HTML (HyperText Mark-up Language) file of a web server or file system and allow users to interact with these files. The web browser mainly interacts with the web server through HTTP (HyperText Transfer Protocol) and acquires web pages. These web pages are specified by a URL (Uniform Resource Locator), and the file format is usually HTML.
随着互联网的迅速普及,局域网已成为企业发展中必不可少的一部分。然而,在为企业带来便利的同时,局域网也面临着各种各样的进攻和威胁,如机密泄漏、数据丢失、网络滥用、身份冒用、非法入侵等。例如,对于银行、军工等企业的局域网而言,其内部用户终端通过浏览器浏览的网页中不可避免地存在一些机密数据,如果这些机密数据通过浏览器泄露,则将带来极大的安全隐患。With the rapid spread of the Internet, LAN has become an indispensable part of enterprise development. However, while bringing convenience to enterprises, LANs also face a variety of attacks and threats, such as confidential leakage, data loss, network abuse, identity fraud, illegal intrusion and so on. For example, for a local area network such as a bank or a military, the internal user terminal inevitably has some confidential data in the web page browsed by the browser. If the confidential data is leaked through the browser, it will bring great security risks. .
然而,传统的浏览器对于自身的安全很少能进行监控和处理,需要借助于第三方的杀毒软件对浏览器的进行安全保护,由于需要与其他软件进行交互,其需要将很多浏览器接口开放给第三方程序,而很多不安全的程序也可以利用这些接口,导致浏览器的信息和操作很容易被劫持,从而导致局域网内的用户终端在使用浏览器过程中存在潜在的不安全性。However, traditional browsers rarely monitor and process their own security. They need to use third-party anti-virus software to protect the browser. Because they need to interact with other software, they need to open many browser interfaces. For third-party programs, many unsafe programs can also use these interfaces, which can cause the browser's information and operations to be easily hijacked, resulting in potential insecurities in the use of the browser by user terminals in the LAN.
发明内容Summary of the invention
鉴于上述问题,提出了本发明以便提供一种克服上述问题或者至少部分地解决上述问题的一种数据处理方法和一种数据处理装置。In view of the above problems, the present invention has been made in order to provide a data processing method and a data processing apparatus that overcome the above problems or at least partially solve the above problems.
依据本发明的一个方面,提供了一种数据处理方法,包括:According to an aspect of the present invention, a data processing method is provided, comprising:
在显示当前网页前,判断所述当前网页是否符合预置保护规则; Before displaying the current webpage, determining whether the current webpage meets a preset protection rule;
在所述当前网页符合预置保护规则时,显示所述当前网页,同时在所述当前网页上显示水印内容。When the current webpage meets the preset protection rule, the current webpage is displayed, and the watermark content is displayed on the current webpage.
可选地,在所述判断所述当前网页是否符合预置保护规则的步骤之前,所述方法还包括:Optionally, before the step of determining whether the current webpage meets a preset protection rule, the method further includes:
在启动浏览器的过程中,绘制第一窗口和位于所述第一窗口之上的第二窗口;Drawing a first window and a second window located above the first window during startup of the browser;
则所述显示所述当前网页,同时在所述当前网页上显示水印内容的步骤,包括:The step of displaying the current webpage while displaying the watermark content on the current webpage includes:
通过所述第一窗口显示所述当前网页;Displaying the current webpage through the first window;
将所述第二窗口的透明度控制为小于100%的值,并通过所述第二窗口显示水印内容。The transparency of the second window is controlled to a value less than 100%, and the watermark content is displayed through the second window.
可选地,所述显示所述当前网页,同时在所述当前网页上显示水印内容的步骤,包括:Optionally, the step of displaying the current webpage and simultaneously displaying the watermark content on the current webpage includes:
在将水印内容嵌入当前网页后,显示当前网页。After the watermark content is embedded in the current webpage, the current webpage is displayed.
可选地,所述判断所述当前网页是否符合预置保护规则的步骤,包括:Optionally, the step of determining whether the current webpage meets a preset protection rule comprises:
将所述当前网页的页面内容与第一预置保护规则进行匹配,若匹配结果为匹配成功,则判定所述当前网页符合预置保护规则;或者Matching the page content of the current webpage with the first preset protection rule, and if the matching result is that the matching is successful, determining that the current webpage meets the preset protection rule; or
依据当前网页的页面地址在网址集合中进行查找,若查找命中,则确定当前网页符合预置保护规则;或者Searching in the URL collection according to the page address of the current webpage, and if the search hits, determining that the current webpage meets the preset protection rule; or
从当前网页对应的头部信息中提取保护标识,并依据所述保护标识判断当前网页是否符合预置保护规则。Extracting a protection identifier from the header information corresponding to the current webpage, and determining, according to the protection identifier, whether the current webpage meets the preset protection rule.
可选地,所述方法应用于局域网,则所述预置保护规则为局域网的管理员通过服务器预置的规则,由所述服务器将所述预置保护规则下发给浏览器客户端。Optionally, the method is applied to the local area network, and the preset protection rule is that the administrator of the local area network sends the preset protection rule to the browser client by using the rule preset by the server.
可选地,通过如下步骤生成所述水印内容:Optionally, the watermark content is generated by the following steps:
依据当前用户的账户、当前用户的登录时间、当前时间和当前用户对应企业标识中的至少一种,生成所述水印内容。The watermark content is generated according to at least one of an account of the current user, a login time of the current user, a current time, and a current enterprise corresponding enterprise identity.
可选地,所述方法还包括: Optionally, the method further includes:
在所述当前网页不符合预置保护规则时,显示所述当前网页;Displaying the current webpage when the current webpage does not meet the preset protection rule;
将所述第二窗口的透明度控制为100%。The transparency of the second window is controlled to be 100%.
可选地,所述方法还包括:Optionally, the method further includes:
通过所述第二窗口接收用户对于所述当前网页的操作事件;Receiving, by the second window, an operation event of the user for the current webpage;
通过所述第二窗口将所述操作事件传递给所述第一窗口,以使所述第一窗口响应所述操作事件。Passing the operational event to the first window through the second window to cause the first window to respond to the operational event.
根据本发明的另一方面,提供了一种数据处理装置,包括:According to another aspect of the present invention, a data processing apparatus is provided, comprising:
判断模块,配置为在显示当前网页前,判断所述当前网页是否符合预置保护规则;及The determining module is configured to determine whether the current webpage meets a preset protection rule before displaying the current webpage; and
第一显示模块,配置为在所述当前网页符合预置保护规则时,显示所述当前网页,同时在所述当前网页上显示水印内容。The first display module is configured to display the current webpage when the current webpage meets the preset protection rule, and display the watermark content on the current webpage.
可选地,所述装置还包括:Optionally, the device further includes:
绘制模块,配置为在所述判断模块判断所述当前网页是否符合预置保护规则之前,在启动浏览器的过程中,绘制第一窗口和位于所述第一窗口之上的第二窗口;The drawing module is configured to: before the determining module determines whether the current webpage meets the preset protection rule, in the process of starting the browser, drawing the first window and the second window located above the first window;
则所述第一显示模块,包括:The first display module includes:
第一显示子模块,配置为通过所述第一窗口显示所述当前网页;及a first display submodule configured to display the current webpage through the first window; and
第二显示子模块,配置为将所述第二窗口的透明度控制为小于100%的值,并通过所述第二窗口显示水印内容。The second display submodule is configured to control the transparency of the second window to a value less than 100%, and display the watermark content through the second window.
根据本发明实施例的一种数据处理方法和装置,在所述当前网页符合预置保护规则时,显示所述当前网页,同时在所述当前网页上显示水印内容;由于当前网页符合预置保护规则可表示当前网页中存在需要保护的敏感数据,这些敏感数据可能涉及用户隐私,也可能涉及到局域网的核心技术或者机密技术,此种情况下在所述当前网页上显示水印内容,能够在当前网页的页面内容被泄露时通过对对应水印内容追踪到对应的泄露者,因此,不仅能够增加对于页面内容的保护性,而且能够对泄露者起到威慑作用;从而,因此,本发明实施例能够有效防止当前网页所涉及敏感数据通过浏览器泄露,因此能够提高当前网页和浏览器的安全性。 A data processing method and apparatus according to an embodiment of the present invention, when the current webpage meets a preset protection rule, displaying the current webpage, and displaying the watermark content on the current webpage; The rule may indicate that there is sensitive data in the current webpage that needs to be protected. The sensitive data may involve user privacy, and may also involve core technology or confidential technology of the local area network. In this case, the watermark content is displayed on the current webpage, and can be currently When the page content of the webpage is leaked, the corresponding watermark content is traced to the corresponding leaker, so that not only the protection of the page content can be increased, but also the deterrent can be deterred; thus, the embodiment of the present invention can Effectively prevent sensitive data from current web pages from being leaked through the browser, thus improving the security of current web pages and browsers.
上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solutions of the present invention, and the above-described and other objects, features and advantages of the present invention can be more clearly understood. Specific embodiments of the invention are set forth below.
附图说明DRAWINGS
通过阅读下文可选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出可选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those skilled in the art from a The drawings are only for the purpose of illustrating alternative embodiments and are not to be considered as limiting. Throughout the drawings, the same reference numerals are used to refer to the same parts. In the drawing:
图1示出了根据本发明一个实施例的一种数据处理方法的步骤流程示意图;1 is a flow chart showing the steps of a data processing method according to an embodiment of the present invention;
图2示出了根据本发明一个实施例的一种数据处理方法的步骤流程示意图;2 is a flow chart showing the steps of a data processing method according to an embodiment of the present invention;
图3示出了根据本发明一个实施例的一种数据处理方法的步骤流程示意图;FIG. 3 is a flow chart showing the steps of a data processing method according to an embodiment of the present invention; FIG.
图4示出了根据本发明一个实施例的一种数据处理方法的步骤流程示意图;4 is a flow chart showing the steps of a data processing method according to an embodiment of the present invention;
图5示出了根据本发明一个实施例的一种数据处理装置的结构示意;FIG. 5 is a block diagram showing the structure of a data processing apparatus according to an embodiment of the present invention; FIG.
图6是配置为执行根据本发明的数据处理方法的计算设备的框图;6 is a block diagram of a computing device configured to perform a data processing method in accordance with the present invention;
图7是配置为保持或者携带实现根据本发明的数据处理方法的程序代码的存储单元。7 is a storage unit configured to hold or carry program code that implements a data processing method in accordance with the present invention.
具体实施方式detailed description
下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While the embodiments of the present invention have been shown in the drawings, the embodiments Rather, these embodiments are provided so that this disclosure will be more fully understood and the scope of the disclosure will be fully disclosed.
本发明实施例的核心构思之一在于,根据当前网页是否符合预置保护规 则,选择性地在所述当前网页上显示水印内容,具体地,在所述当前网页符合预置保护规则时,显示所述当前网页,同时在所述当前网页上显示水印内容;由于当前网页符合预置保护规则可表示当前网页中存在需要保护的敏感数据,这些敏感数据可能涉及用户隐私,也可能涉及到局域网的核心技术或者机密技术,此种情况下在所述当前网页上显示水印内容,能够在当前网页的页面内容被泄露时通过对应水印内容追踪到对应的泄露者,因此,不仅能够增加对于页面内容的保护性,而且能够对泄露者起到威慑作用;从而,因此,本发明实施例能够有效防止当前网页所涉及敏感数据通过浏览器泄露,因此能够提高当前网页和浏览器的安全性。One of the core concepts of the embodiment of the present invention is that, according to whether the current webpage meets the preset protection rule Then, the watermark content is selectively displayed on the current webpage, specifically, when the current webpage meets the preset protection rule, the current webpage is displayed, and the watermark content is displayed on the current webpage; Compliance with the preset protection rules may indicate that there is sensitive data in the current webpage that needs to be protected. The sensitive data may involve user privacy, and may also involve core technologies or confidential technologies of the local area network. In this case, the watermark content is displayed on the current webpage. It is possible to track the corresponding leaker by the corresponding watermark content when the page content of the current webpage is leaked, thereby not only increasing the protection for the page content, but also deterring the leaker; thus, the present invention The embodiment can effectively prevent the sensitive data involved in the current webpage from being leaked through the browser, thereby improving the security of the current webpage and the browser.
参照图1,示出了根据本发明一个实施例的一种数据处理方法的步骤流程图,具体可以包括如下步骤:Referring to FIG. 1, a flow chart of steps of a data processing method according to an embodiment of the present invention is shown, which may specifically include the following steps:
步骤101、在显示当前网页前,判断所述当前网页是否符合预置保护规则;Step 101: Before displaying the current webpage, determining whether the current webpage meets a preset protection rule;
本发明实施例可以应用于各种页面的访问场景中,其中,上述页面可以为简略页面、WAP(无线应用通讯协议,Wireless Application Protocol)和WWW(万维网,World Wide Web)等各种格式的页面,本发明实施例对于具体的页面及页面的具体格式不加以限制。The embodiments of the present invention can be applied to various page access scenarios, where the pages can be abbreviated pages, WAP (Wireless Application Protocol, Wireless Application Protocol), and WWW (World Wide Web) and other formats. The embodiment of the present invention does not limit the specific format of a specific page and a page.
本发明实施例可以应用于广域网、或者局域网等网络环境中,可以提高广域网中单个用户终端的安全性,或者,可以提高局域网内多个用户终端及局域网的安全性。其中,上述用户终端具体可以包括具有页面访问能力的各种终端,如手机、PC(个人计算机,personal computer)、数字广播终端,消息收发设备,游戏控制台,平板设备,医疗设备,健身设备,个人数字助理等。The embodiments of the present invention can be applied to a network environment such as a wide area network or a local area network, and can improve the security of a single user terminal in the wide area network, or can improve the security of multiple user terminals and a local area network in the local area network. The user terminal may specifically include various terminals having page access capabilities, such as a mobile phone, a PC (personal computer), a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, and a fitness device. Personal digital assistants, etc.
尤其地,本发明实施例可以应用于企业网、政府网、校园网等局域网中;在上述局域网中,用户终端指安装有操作系统的终端设备,该用户终端可以有线方式连接局域网络,也可以无线方式连接局域网络。这样,可以根据当前网页是否符合预置保护规则,选择性地在局域网中用户终端的当前网页上显示水印内容为局域网中用户终端的网页操作,以增加对于页面内容的保护 性。In particular, the embodiment of the present invention can be applied to a local area network such as an enterprise network, a government network, or a campus network; in the foregoing local area network, a user terminal refers to a terminal device with an operating system installed, and the user terminal can be connected to a local area network by wire, or Connect to the LAN wirelessly. In this way, according to whether the current webpage meets the preset protection rule, the watermark content can be selectively displayed on the current webpage of the user terminal in the local area network as the webpage operation of the user terminal in the local area network, so as to increase the protection of the page content. Sex.
本发明实施例中数据处理流程可由浏览器来执行,具体地,可以通过浏览器内部的数据处理装置或者数据处理插件来执行上述数据处理流程,从而可有效防止需要保护的网页数据通过浏览器泄露,从而可以提高浏览器的安全性。The data processing procedure in the embodiment of the present invention may be performed by a browser. Specifically, the data processing process may be performed by a data processing device or a data processing plug-in in the browser, thereby effectively preventing the webpage data to be protected from being leaked through the browser. , which can improve the security of the browser.
本发明实施例可以提供判断所述当前网页是否符合预置保护规则的如下判断方案:The embodiment of the present invention may provide the following determination scheme for determining whether the current webpage meets the preset protection rule:
判断方案1Judgment plan 1
判断方案1可以将所述当前网页的页面内容与第一预置保护规则进行匹配,若匹配结果为匹配成功,则判定所述当前网页符合预置保护规则。The determining scheme 1 may match the page content of the current webpage with the first preset protection rule. If the matching result is that the matching is successful, it is determined that the current webpage meets the preset protection rule.
在本发明的一种可选实施例中,上述第一预置保护规则具体可以包括:至少一个预置关键词对应的规则,上述第一预置保护规则具体可以包括:预置关键词之间的或(or)关系、也可以为预置关键词之间的与(and)关系等;且,上述第一预置保护规则可以采用正则表达式来描述,本发明实施例对于上述第一预置保护规则的具体内容及具体描述方式不加以限制。In an optional embodiment of the present invention, the first preset protection rule may specifically include: a rule corresponding to the at least one preset keyword, where the first preset protection rule may specifically include: between preset keywords The (or) relationship may also be an AND relationship between the preset keywords, and the first preset protection rule may be described by using a regular expression. The specific content and specific description of the protection rules are not limited.
在本发明的另一种可选实施例中,上述预置关键词可以位于关键词集合中。该关键词集合可以为局域网的服务器或者控制终端依据局域网的安全需求维护的集合,上述关键词集合中具体可以包括:至少一个预置关键词,上述预置关键词可以与局域网的核心技术或者机密技术有关。其中,控制终端可以接收用户指定的预置关键词,也可以根据局域网的安全需求自动确定对应的预置关键词,可以理解,本发明实施例对于上述关键词集合中的具体预置关键词不加以限制。In another optional embodiment of the present invention, the preset keywords may be located in a keyword set. The keyword set may be a server of a local area network or a set of control terminals maintained according to security requirements of the local area network. The keyword set may specifically include: at least one preset keyword, and the preset keyword may be related to a core technology or a secret of a local area network. Technology related. The control terminal can receive the preset keyword specified by the user, and can also automatically determine the corresponding preset keyword according to the security requirement of the local area network. It can be understood that the specific preset keyword in the keyword set is not in the embodiment of the present invention. Limit it.
判断方案2Judgment plan 2
判断方案2可以依据当前网页的页面地址在网址集合中进行查找,若查找命中,则确定当前网页符合预置保护规则。The determining scheme 2 can search for the webpage address according to the current webpage address, and if the search hits, determine that the current webpage meets the preset protection rule.
上述网址集合可以为局域网的服务器或者控制终端依据局域网的安全需求维护的集合,上述网址集合中具体可以包括:至少一个预置网址,上述预置网址对应的页面中可能携带与局域网的核心技术或者机密技术相关的 敏感数据。其中,控制终端可以接收用户指定的预置网址,也可以根据局域网的安全需求自动确定对应的预置网址,可以理解,本发明实施例对于上述网址集合中的具体预置网址不加以限制。The foregoing set of the URLs may be a set of the local area network or the control set of the local area network, or the control set of the local area network may further include: at least one preset website address, where the corresponding website address may carry the core technology of the local area network or Confidential technology related Sensitive data. The control terminal can receive the preset web address specified by the user, and can also automatically determine the corresponding preset web address according to the security requirements of the local area network. It can be understood that the specific preset web address in the foregoing web address set is not limited in the embodiment of the present invention.
在实际应用中,上述页面地址和预置网址可以通过URL(统一资源定位符,Uniform Resource Locator)等形式描述,可以理解,本发明实施例对于页面地址和预置网址的具体描述形式不加以限制。In an actual application, the page address and the preset URL may be described in the form of a URL (Uniform Resource Locator), etc., and the embodiment of the present invention does not limit the specific description of the page address and the preset URL. .
判断方案3Judgment plan 3
判断方案3可以从当前网页对应的头部信息中提取保护标识,并依据所述保护标识判断当前网页是否符合预置保护规则。The determining scheme 3 may extract the protection identifier from the header information corresponding to the current webpage, and determine, according to the protection identifier, whether the current webpage meets the preset protection rule.
在实际应用中,服务器可以在网页的HTML代码的头部(head)信息中添加该网页的保护标识,该保护标识可用于标识该网页是否为需要保护的网页,例如,该保护标识的值可以为0或1,0标识该网页不是需要保护的网页,1标识该网页是需要保护的网页等。这样,客户端在获得来自服务器的HTML代码后,可以从HTML代码的头部信息中提取保护标识,并依据所述保护标识判断当前网页是否符合预置保护规则。可以理解,上述添加保护标识和提取保护标识的过程只是作为示例,本发明实施例对于添加保护标识和提取保护标识的具体过程不加以限制。In an actual application, the server may add a protection identifier of the webpage in the header information of the webpage, and the protection identifier may be used to identify whether the webpage is a webpage to be protected. For example, the value of the protection identifier may be 0 or 1, 0 indicates that the web page is not a web page to be protected, and 1 identifies the web page as a web page to be protected. In this way, after obtaining the HTML code from the server, the client may extract the protection identifier from the header information of the HTML code, and determine whether the current webpage conforms to the preset protection rule according to the protection identifier. It can be understood that the foregoing process of adding the protection identifier and extracting the protection identifier is only an example, and the specific process of adding the protection identifier and extracting the protection identifier is not limited in the embodiment of the present invention.
在本发明的一种可选实施例中,在本发明实施例的方法应用于局域网时,所述预置保护规则可以为局域网的管理员通过服务器预置的规则,由所述服务器将所述预置保护规则下发给浏览器客户端。In an optional embodiment of the present invention, when the method of the embodiment of the present invention is applied to a local area network, the preset protection rule may be a rule preset by a server of a local area network, and the server may The preset protection rules are sent to the browser client.
以上对判断所述当前网页是否符合预置保护规则的判断方案进行了详细介绍,可以理解,本领域技术人员可以根据实际应用需求采用上述判断方案中的一种或者组合,或者,还可以采用其他判断方案,例如,上述预置保护规则还可以涉及用户权限,有些用户可以具备不加水印内容的权限,而有些用户不具备不加水印内容的权限等。The above is a detailed description of the determination scheme of determining whether the current webpage meets the preset protection rule. It can be understood that one skilled in the art may adopt one or a combination of the foregoing determination schemes according to actual application requirements, or may also adopt other The judging scheme, for example, the preset protection rule may also involve user rights, some users may have the right to not watermark the content, and some users do not have the permission to not watermark the content.
步骤102、在所述当前网页符合预置保护规则时,显示所述当前网页,同时在所述当前网页上显示水印内容。Step 102: When the current webpage meets a preset protection rule, display the current webpage, and display the watermark content on the current webpage.
本发明实施例在显示所述当前网页的同时,在所述当前网页上显示水印 内容,能够防止用户在未显示水印内容的情况下,通过截屏、拍照、打印等方式泄露当前网页的页面内容。The embodiment of the present invention displays the watermark on the current webpage while displaying the current webpage. The content can prevent the user from leaking the page content of the current webpage by means of screen capture, photographing, printing, etc. without displaying the watermark content.
在本发明的一种可选实施例中,可以通过如下步骤生成所述水印内容:依据当前用户的账户、当前用户的登录时间、当前时间和当前用户对应企业标识中的至少一种,生成所述水印内容。假设上述水印内容中包含有当前用户的账户,而用户的账户能够在局域网中对应的唯一的用户,这样,能够在当前网页的页面内容被泄露时通过对应水印内容追踪到对应的泄露者。或者,假设上述水印内容中包含有企业标识,则在当前网页的页面内容被泄露时通过对应水印内容追踪到对应的泄露企业。In an optional embodiment of the present invention, the watermark content may be generated by generating, according to at least one of an account of a current user, a login time of a current user, a current time, and a current enterprise corresponding enterprise identifier. Watermark content. It is assumed that the watermark content includes the current user's account, and the user's account can be a unique user corresponding to the local area network, so that the corresponding leaker can be tracked by the corresponding watermark content when the page content of the current webpage is leaked. Alternatively, if the watermark content includes the enterprise identifier, the corresponding leaked enterprise is tracked by the corresponding watermark content when the page content of the current webpage is leaked.
在本发明的另一种可选实施例中,可以将当前用户的账户、当前用户的登录时间、当前时间和当前用户对应企业标识中的至少一种作为原始内容,并针对原始内容进行编码或者加密处理,以得到对应的水印内容。其中,上述水印内容可以表现为文字、二维码、条形码等形式,则在进行水印内容的追踪时,可以对水印内容进行解码或者解密处理,以得到对应的原始内容。可以理解,本发明实施例对于水印内容对应的具体原始内容、编码或加密算法及表现形式不加以限制。In another optional embodiment of the present invention, at least one of the current user's account, the current user's login time, the current time, and the current user's corresponding enterprise identity may be used as the original content, and the original content is encoded or Encryption processing to obtain the corresponding watermark content. The watermark content may be expressed in the form of a character, a two-dimensional code, a barcode, or the like. When the watermark content is tracked, the watermark content may be decoded or decrypted to obtain a corresponding original content. It can be understood that the specific original content, the encoding or encryption algorithm and the representation form corresponding to the watermark content are not limited in the embodiment of the present invention.
另外,本领域技术人员可以根据实际应用需求,控制水印内容在当前网页中的分布,例如,上述水印内容可以仅仅分布在当前网页的敏感数据附近,或者,上述水印内容可以分布在整个当前网页,本发明实施例对于上述水印内容的具体分布不加以限制。In addition, a person skilled in the art may control the distribution of the watermark content in the current webpage according to actual application requirements. For example, the watermark content may be distributed only in the vicinity of the sensitive data of the current webpage, or the watermark content may be distributed throughout the current webpage. The embodiment of the present invention does not limit the specific distribution of the above watermark content.
本发明实施例可以提供显示所述当前网页,同时在所述当前网页上显示水印内容的如下显示方案:The embodiment of the present invention may provide the following display scheme for displaying the current webpage and displaying the watermark content on the current webpage:
显示方案1Display scheme 1
显示方案1中,在所述判断所述当前网页是否符合预置保护规则的步骤之前,所述方法还可以包括:在启动浏览器的过程中,绘制第一窗口和位于所述第一窗口之上的第二窗口;In the display scheme 1, before the step of determining whether the current webpage meets the preset protection rule, the method may further include: in the process of starting the browser, drawing the first window and located in the first window The second window on;
则所述显示所述当前网页,同时在所述当前网页上显示水印内容的步骤102,具体可以包括: And the step of displaying the watermark content on the current webpage, and the step of displaying the watermark content on the current webpage, the method may include:
通过所述第一窗口显示所述当前网页;Displaying the current webpage through the first window;
将所述第二窗口的透明度控制为小于100%的值,并通过所述第二窗口显示水印内容。The transparency of the second window is controlled to a value less than 100%, and the watermark content is displayed through the second window.
显示方案1中,可以通过第一窗口显示当前网页,以及通过第二窗口显示水印内容;其中,第二窗口可以位于第一窗口之上,在需要显示水印内容时,可以将所述第二窗口的透明度控制为小于100%的值,例如,可以将所述第二窗口的透明度控制为95%、90%等数值,本发明实施例对于显示水印内容时第二窗口的透明度不加以限制。In the display scheme 1, the current webpage may be displayed through the first window, and the watermark content may be displayed through the second window; wherein the second window may be located above the first window, and the second window may be displayed when the watermark content needs to be displayed The transparency is controlled to a value less than 100%. For example, the transparency of the second window can be controlled to a value of 95%, 90%, etc., and the transparency of the second window is not limited in the embodiment of the present invention.
显示方案1通过位于第一窗口之上的第二窗口显示水印内容,由于可以不涉及网页的HTML代码的修改,因此能够减轻水印内容显示的复杂度,且能够降低水印内容显示所需的运算量和运算资源。The display scheme 1 displays the watermark content through the second window located above the first window. Since the modification of the HTML code of the webpage may not be involved, the complexity of displaying the watermark content can be alleviated, and the amount of calculation required for displaying the watermark content can be reduced. And computing resources.
显示方案2Display scheme 2
显示方案2中,上述显示所述当前网页,同时在所述当前网页上显示水印内容的步骤102,具体可以包括:在将水印内容嵌入当前网页后,显示当前网页。In the display scheme 2, the step 102 of displaying the current webpage and simultaneously displaying the watermark content on the current webpage may specifically include: displaying the current webpage after embedding the watermark content in the current webpage.
显示方案2可以通过修改网页代码的形式,将水印内容嵌入当前网页。具体地,可以采用CSS(层叠样式表,Cascading Style Sheets)中DIV(划分,Division)技术将内容嵌入当前网页,可以理解,本发明实施例对于将水印内容嵌入当前网页的具体过程不加以限制。Display scheme 2 can embed the watermark content in the current webpage by modifying the form of the webpage code. Specifically, the content can be embedded in the current webpage by using the DIV (Division) technology in the CSS (Cascading Style Sheets). It can be understood that the specific process of embedding the watermark content into the current webpage is not limited in the embodiment of the present invention.
以上通过显示方案1-显示方案2对显示所述当前网页,同时在所述当前网页上显示水印内容的技术方案进行了详细介绍,可以理解,本领域技术人员可以根据实际应用需求,采用显示所述当前网页,同时在所述当前网页上显示水印内容的其他技术方案,本发明实施例对于具体的显示方案不加以限制。The technical solution for displaying the current webpage and displaying the watermark content on the current webpage is described in detail by using the display scheme 1 - display scheme 2, and it can be understood that those skilled in the art can adopt the display according to actual application requirements. Other technical solutions for displaying the watermark content on the current webpage at the same time, the embodiment of the present invention does not limit the specific display scheme.
综上,由于本发明实施例中当前网页符合预置保护规则可表示当前网页中存在需要保护的敏感数据,这些敏感数据可能涉及用户隐私,也可能涉及到局域网的核心技术或者机密技术,此种情况下在所述当前网页上显示水印内容,能够在当前网页的页面内容被泄露时通过对应水印内容追踪到对应的 泄露者,因此,不仅能够增加对于页面内容的保护性,而且能够对泄露者起到威慑作用;从而,因此,本发明实施例能够有效防止当前网页所涉及敏感数据通过浏览器泄露,因此能够提高当前网页和浏览器的安全性。In summary, since the current webpage conforms to the preset protection rule in the embodiment of the present invention, the sensitive data that needs to be protected exists in the current webpage, and the sensitive data may involve user privacy, and may also involve core technologies or confidential technologies of the local area network. In the case that the watermark content is displayed on the current webpage, and the corresponding watermark content can be tracked to the corresponding content when the page content of the current webpage is leaked. The leaker can not only increase the protection of the content of the page, but also can act as a deterrent to the leaker; thus, the embodiment of the present invention can effectively prevent sensitive data related to the current webpage from being leaked through the browser, thereby improving Current web and browser security.
参照图2,示出了根据本发明一个实施例的一种数据处理方法的步骤流程图,具体可以包括如下步骤:Referring to FIG. 2, a flow chart of steps of a data processing method according to an embodiment of the present invention is shown, which may specifically include the following steps:
步骤201、在启动浏览器的过程中,绘制第一窗口和位于所述第一窗口之上的第二窗口;Step 201: In the process of starting the browser, drawing a first window and a second window located above the first window;
步骤202、在显示当前网页前,判断所述当前网页是否符合预置保护规则;Step 202: Before displaying the current webpage, determining whether the current webpage meets a preset protection rule;
步骤203、在所述当前网页符合预置保护规则时,通过所述第一窗口显示所述当前网页;Step 203: When the current webpage meets a preset protection rule, display the current webpage by using the first window.
步骤204、在通过所述第一窗口显示所述当前网页的同时,将所述第二窗口的透明度控制为小于100%的值,并通过所述第二窗口显示水印内容。Step 204: Control the transparency of the second window to a value less than 100% while displaying the current webpage through the first window, and display the watermark content through the second window.
相对于图1所示实施例,本实施例描述了从启动浏览器到显示当前网页的流程,其中,所述第二窗口的初始透明度可以为第一预设值,并且,在所述当前网页符合预置保护规则时,可以将所述第二窗口的透明度控制为小于100%的第二预设值,其中,上述第一预设值与上述第二预设值可以为相同或者不同的值,例如,上述第一预设值可以为100%,上述第二预设值可以为90%,本发明实施例对于上述第一预设值与上述第二预设值的具体数值不加以限制。With respect to the embodiment shown in FIG. 1, the embodiment describes a process from launching a browser to displaying a current webpage, wherein an initial transparency of the second window may be a first preset value, and, in the current webpage The first window and the second preset value may be the same or different values. For example, the first preset value may be 100%, and the second preset value may be 90%. The specific value of the first preset value and the second preset value is not limited in the embodiment of the present invention.
在本发明的一种可选实施例中,所述方法还可以包括:在所述当前网页不符合预置保护规则时,显示所述当前网页;将所述第二窗口的透明度控制为100%。由于在第二窗口的透明度为100%时,其可以呈现完全透明的效果,因此可以不影响当前网页的正常显示。In an optional embodiment of the present invention, the method may further include: displaying the current webpage when the current webpage does not meet the preset protection rule; and controlling the transparency of the second window to 100% . Since the transparency of the second window is 100%, it can exhibit a completely transparent effect, so the normal display of the current web page can be not affected.
参照图3,示出了根据本发明一个实施例的一种数据处理方法的步骤流程图,具体可以包括如下步骤:Referring to FIG. 3, a flow chart of steps of a data processing method according to an embodiment of the present invention is shown, which may specifically include the following steps:
步骤301、在启动浏览器的过程中,绘制第一窗口和位于所述第一窗口之上的第二窗口; Step 301: In the process of starting the browser, drawing a first window and a second window located above the first window;
步骤302、在显示当前网页前,判断所述当前网页是否符合预置保护规则;Step 302: Before displaying the current webpage, determining whether the current webpage meets a preset protection rule;
步骤303、在所述当前网页符合预置保护规则时,通过所述第一窗口显示所述当前网页;Step 303: When the current webpage meets a preset protection rule, display the current webpage by using the first window.
步骤304、在通过所述第一窗口显示所述当前网页的同时,将所述第二窗口的透明度控制为小于100%的值,并通过所述第二窗口显示水印内容;Step 304: Control the transparency of the second window to a value less than 100% while displaying the current webpage through the first window, and display the watermark content through the second window;
相对于图2所示实施例,本实施例的方法还可以包括:With respect to the embodiment shown in FIG. 2, the method in this embodiment may further include:
步骤305、通过所述第二窗口接收用户对于所述当前网页的操作事件;Step 305: Receive, by using the second window, an operation event of the user for the current webpage.
步骤306、通过所述第二窗口将所述操作事件传递给所述第一窗口,以使所述第一窗口响应所述操作事件。Step 306: Pass the operation event to the first window through the second window, so that the first window responds to the operation event.
对于Windows等操作系统而言,通常只有一个置顶的窗口能够捕获到操作事件,而本发明实施例中第二窗口位于第一窗口之上,故本发明实施例中,第二窗口可以捕获到操作事件,而第一窗口无法直接捕获到操作事件。在实际应用中,上述操作事件具体可以包括:键盘事件和/或鼠标事件。For an operating system such as Windows, there is usually only one top window capable of capturing an operation event, and in the embodiment of the present invention, the second window is located above the first window, so in the embodiment of the present invention, the second window can capture the operation. Event, and the first window cannot directly capture the action event. In an actual application, the foregoing operation events may specifically include: a keyboard event and/or a mouse event.
针对上述情形,本实施例可以通过第二窗口将所述操作事件传递给所述第一窗口,以使所述第一窗口能够正常响应所述操作事件。In view of the above situation, the embodiment may pass the operation event to the first window through a second window, so that the first window can normally respond to the operation event.
在本发明的一种应用示例中,可以通过LRESULT SendMessage(HWND hWnd,UINT Msg,WPARAM wParam,LPARAM IParam)函数向第一窗口传递操作事件;其中,hWnd,用于表示第一窗口的句柄,Msg用于表示被发送的操作事件消息,wParam用于指定附加的消息特定信息,IParam用于指定附加的消息特定信息。可以理解,本发明实施例对于通过所述第二窗口将所述操作事件传递给所述第一窗口的具体过程不加以限制。In an application example of the present invention, an operation event may be delivered to the first window by an LRESULT SendMessage (HWND hWnd, UINT Msg, WPARAM wParam, LPARAM IParam) function; wherein hWnd is used to represent the handle of the first window, Msg Used to indicate the transmitted operational event message, wParam is used to specify additional message specific information, and IParam is used to specify additional message specific information. It can be understood that the embodiment of the present invention does not limit the specific process of transmitting the operation event to the first window through the second window.
参照图4,示出了根据本发明一个实施例的一种数据处理方法的步骤流程图,具体可以包括如下步骤:Referring to FIG. 4, a flow chart of steps of a data processing method according to an embodiment of the present invention is shown, which may specifically include the following steps:
步骤401、在显示当前网页前,判断所述当前网页是否符合预置保护规则;Step 401: Before displaying the current webpage, determine whether the current webpage meets a preset protection rule;
步骤402、在所述当前网页符合预置保护规则时,显示所述当前网页,同时在所述当前网页上显示水印内容; Step 402: When the current webpage meets a preset protection rule, display the current webpage, and display the watermark content on the current webpage;
步骤403、在所述当前网页符合预置保护规则、且监测针对当前网页的预置操作请求时,拒绝所述预置操作请求。Step 403: Reject the preset operation request when the current webpage meets a preset protection rule and monitors a preset operation request for the current webpage.
相对于图1所示实施例,本实施例还可以在当前网页符合预置保护规则时,拒绝针对当前网页的预置操作请求;由于当前网页符合预置保护规则可表示当前网页中存在需要保护的敏感数据,这些敏感数据可能涉及用户隐私,也可能涉及到局域网的核心技术或者机密技术,因此,本发明实施例能够有效防止当前网页所涉及敏感数据通过浏览器泄露,因此能够提高当前网页和浏览器的安全性。Compared with the embodiment shown in FIG. 1 , the embodiment may further reject the preset operation request for the current webpage when the current webpage meets the preset protection rule; and the current webpage conforms to the preset protection rule, indicating that the current webpage needs to be protected. Sensitive data, which may involve the user's privacy, may also involve the core technology or the secret technology of the local area network. Therefore, the embodiment of the present invention can effectively prevent the sensitive data involved in the current webpage from being leaked through the browser, thereby improving the current webpage and Browser security.
在本发明的一种可选实施例中,所述预置操作请求具体可以包括如下请求中的至少一种:用于复制和/或粘贴的请求;用于截屏的请求;用于打印的请求;用于上传和/或下载的请求;及用于右键菜单操作的请求。In an optional embodiment of the present invention, the preset operation request may specifically include at least one of the following requests: a request for copying and/or pasting; a request for screen capture; a request for printing Requests for uploading and/or downloading; and requests for right-click menu operations.
其中,用于复制和/或粘贴的请求、用于截屏的请求、用于打印的请求、用于右键菜单操作的请求和用于下载的请求,可以有效防止需要保护的网页数据通过浏览器泄露;用于上传的请求可以有效防止局域网内用户终端的数据通过浏览器泄露。Among them, the request for copying and/or pasting, the request for screen capture, the request for printing, the request for right-click menu operation, and the request for download can effectively prevent the webpage data to be protected from leaking through the browser. The request for uploading can effectively prevent the data of the user terminal in the local area network from being leaked through the browser.
本发明实施例可以提供监测针对当前网页的预置操作请求的如下监测方案:Embodiments of the present invention may provide the following monitoring scheme for monitoring a preset operation request for a current web page:
监测方案1Monitoring programme 1
监测方案1可以适用于浏览器执行的预置操作的监测,用于执行网页操作的控制流程的操作控制装置或者操作控制插件可以接管浏览器的操作。The monitoring scheme 1 can be applied to the monitoring of preset operations performed by the browser, and the operation control device or the operation control plug-in for performing the control flow of the webpage operation can take over the operation of the browser.
具体地,上述操作控制装置或者操作控制插件可以在浏览器中注册预置操作请求事件对应的回调函数,并通过所述回调函数接收所注册预置操作请求事件的发生通知。其中,浏览器在获得上述所注册预置操作请求事件后,可以通过上述回调函数提供的接口回调注册者(操作控制装置或者操作控制插件),以使注册者获知其所注册预置操作请求事件的发生。Specifically, the operation control device or the operation control plug-in may register a callback function corresponding to the preset operation request event in the browser, and receive the notification of the occurrence of the registered preset operation request event through the callback function. After obtaining the above-mentioned registered preset operation request event, the browser may call back the registrant (operation control device or operation control plug-in) through the interface provided by the callback function, so that the registrant knows the registered preset operation request event. happened.
监测方案2Monitoring programme 2
监测方案2可以适用于浏览器执行的预置操作的监测,也可以适用于非浏览器执行的预置操作(如操作系统执行的打印操作)的监测。 Monitoring scheme 2 can be applied to the monitoring of preset operations performed by the browser, and can also be applied to monitoring of preset operations performed by non-browser operations, such as printing operations performed by the operating system.
监测方案2可以建立钩子来监测针对当前网页的预置操作请求。在实际应用中,可以创建挂钩到某个预置操作请求的钩子处理例程,用于拦截预置操作请求对应的API(应用程序编程接口,Application Program Interface)。Monitoring scenario 2 can establish a hook to monitor a preset operational request for the current web page. In an actual application, a hook processing routine hooked to a preset operation request may be created to intercept an API (Application Program Interface) corresponding to the preset operation request.
在本发明的一种应用示例中,上述钩子处理例程具体可以包括两个模块:一个是钩子服务器(Hook Server),一般为EXE的形式;一个是钩子驱动器(Hook Driver),一般为DLL(动态链接库,Dynamic Link Library)的形式。钩子服务器用于向目标进程注入钩子驱动器,使得钩子驱动器工作在目标进程的地址空间中,钩子驱动器用于实际的API拦截工作。在本发明实施例中,利用向安全检测进程注入的钩子驱动器,将操作系统的预置操作请求对应的API(如用于打印的请求对应的API)转向钩子函数(通常通过修改函数入口地址实现),这样钩子函数就能够获得API被执行的信息,从而可以完成对针对当前网页的预置操作请求的监听。In an application example of the present invention, the hook processing routine may specifically include two modules: one is a hook server (Hook Server), generally in the form of an EXE; and the other is a hook driver (Hook Driver), generally a DLL ( The form of the Dynamic Link Library. The hook server is used to inject the hook driver into the target process so that the hook driver works in the address space of the target process, and the hook driver is used for the actual API interception work. In the embodiment of the present invention, the hook driver injected into the security detection process is used to redirect the API corresponding to the preset operation request of the operating system (such as the API corresponding to the request for printing) to the hook function (usually by modifying the function entry address) ), such a hook function can obtain the information that the API is executed, so that the monitoring of the preset operation request for the current web page can be completed.
可以理解,通过上述两种方式监测针对当前网页的预置操作请求仅作为本发明的一种应用示例,在实际应用中,本发明实施例对监测针对当前网页的预置操作请求的具体过程不加以限制。It can be understood that the preset operation request for the current webpage is monitored by the above two methods only as an application example of the present invention. In an actual application, the specific process of monitoring the preset operation request for the current webpage is not in the actual application. Limit it.
在本发明的一种可选实施例中,本实施例的方法还可以包括:在所述当前网页符合预置保护规则时,判断当前用户是否具备所述预置操作请求对应的操作权限;在当前用户不具备所述预置操作请求对应的操作权限时,拒绝所述预置操作请求。本可选实施例可以通过权限控制为不同身份的用户赋予与之身份对应的网页操作,屏蔽不能执行的操作调用,不仅能够实现分工负责,而且能够降低网页操作的控制的复杂度。In an optional embodiment of the present invention, the method of the embodiment may further include: determining, when the current webpage meets the preset protection rule, whether the current user has the operation authority corresponding to the preset operation request; When the current user does not have the operation authority corresponding to the preset operation request, the preset operation request is rejected. The optional embodiment can give a user with different identities a webpage operation corresponding to the identity by using the privilege control, and block the operation call that cannot be performed, which not only can realize the division of labor, but also can reduce the complexity of the control of the webpage operation.
在实际应用中,浏览器可以从局域网内服务器或者控制终端获取当前用户的网页操作权限;而上述服务器可以维护用户身份与网页操作权限之间的映射关系,以向浏览器提供当前用户的网页操作权限。例如,在本本发明的一种应用示例中,可以根据企业的组织架构进行用户身份的设置,假设用户身份具有可以包括:一级职员、二级职员、三级职员、四级职员和五级职员,其中,一级职员为董事会成员,二级职员为总经理,三级职员为部门负责人,四级职员为基层管理人员,五级职员为普通职员,则一级职员可以具备所有 的网页操作权限,二级职员、三级职员和四级职员可以具备部分的网页操作权限,五级职员可以不具备任何网页操作权限。可以理解,上述用户身份及对应的网页操作权限只是作为示例,实际上,本发明实施例对于用户身份与网页操作权限之间的具体映射关系不加以限制。In an actual application, the browser can obtain the current user's webpage operation authority from the server or the control terminal in the local area network; and the server can maintain the mapping relationship between the user identity and the webpage operation authority to provide the browser with the current user's webpage operation. Permissions. For example, in an application example of the present invention, the user identity may be set according to the organizational structure of the enterprise, and the user identity may include: a first-level employee, a second-level employee, a third-level employee, a fourth-level employee, and a fifth-level employee. Among them, the first-level staff is the board member, the second-level staff is the general manager, the third-level staff is the department head, the fourth-level staff is the grass-roots management staff, and the fifth-level staff is the ordinary staff. The webpage operation authority, the second-level staff, the third-level staff, and the fourth-level staff can have some webpage operation rights, and the five-level staff can not have any webpage operation authority. It can be understood that the user identity and the corresponding webpage operation authority are only examples. In the embodiment of the present invention, the specific mapping relationship between the user identity and the webpage operation authority is not limited.
对于方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本发明实施例并不受所描述的动作顺序的限制,因为依据本发明实施例,某些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于可选实施例,所涉及的动作并不一定是本发明实施例所必须的。For the method embodiments, for the sake of simple description, they are all expressed as a series of action combinations, but those skilled in the art should understand that the embodiments of the present invention are not limited by the described action sequence, because the embodiment according to the present invention Some steps can be performed in other orders or at the same time. In the following, those skilled in the art should also understand that the embodiments described in the specification are optional embodiments, and the actions involved are not necessarily required by the embodiments of the present invention.
参照图5,示出了根据本发明一个实施例的一种数据处理装置的结构框图,具体可以包括如下模块:Referring to FIG. 5, a block diagram of a data processing apparatus according to an embodiment of the present invention is shown, which may specifically include the following modules:
判断模块501,配置为在显示当前网页前,判断所述当前网页是否符合预置保护规则;及The determining module 501 is configured to determine whether the current webpage meets a preset protection rule before displaying the current webpage; and
第一显示模块502,配置为在所述当前网页符合预置保护规则时,显示所述当前网页,同时在所述当前网页上显示水印内容。The first display module 502 is configured to display the current webpage when the current webpage meets the preset protection rule, and display the watermark content on the current webpage.
在本发明的一种可选实施例中,所述装置还可以包括:In an optional embodiment of the present invention, the device may further include:
绘制模块,配置为在所述判断模块判断所述当前网页是否符合预置保护规则之前,在启动浏览器的过程中,绘制第一窗口和位于所述第一窗口之上的第二窗口;The drawing module is configured to: before the determining module determines whether the current webpage meets the preset protection rule, in the process of starting the browser, drawing the first window and the second window located above the first window;
则所述第一显示模块502,具体可以包括:The first display module 502 may specifically include:
第一显示子模块,配置为通过所述第一窗口显示所述当前网页;及a first display submodule configured to display the current webpage through the first window; and
第二显示子模块,将所述第二窗口的透明度控制为小于100%的值,并通过所述第二窗口显示水印内容。The second display sub-module controls the transparency of the second window to a value less than 100%, and displays the watermark content through the second window.
在本发明的另一种可选实施例中,所述第一显示模块502,具体可以包括:In another optional embodiment of the present invention, the first display module 502 may specifically include:
第三显示子模块,配置为在将水印内容嵌入当前网页后,显示当前网页。The third display submodule is configured to display the current webpage after embedding the watermark content in the current webpage.
在本发明的再一种可选实施例中,所述判断模块501,具体可以包括: In a further optional embodiment of the present invention, the determining module 501 may specifically include:
第一判断子模块,配置为将所述当前网页的页面内容与第一预置保护规则进行匹配,若匹配结果为匹配成功,则判定所述当前网页符合预置保护规则;或者The first determining sub-module is configured to match the page content of the current webpage with the first preset protection rule, and if the matching result is that the matching is successful, determining that the current webpage meets the preset protection rule; or
第二判断子模块,配置为依据当前网页的页面地址在网址集合中进行查找,若查找命中,则确定当前网页符合预置保护规则;或者The second determining sub-module is configured to perform a search in the web address set according to the page address of the current webpage, and if the search hits, determine that the current webpage meets the preset protection rule; or
第三判断子模块,配置为从当前网页对应的头部信息中提取保护标识,并依据所述保护标识判断当前网页是否符合预置保护规则。The third determining sub-module is configured to extract a protection identifier from the header information corresponding to the current webpage, and determine, according to the protection identifier, whether the current webpage meets the preset protection rule.
在本发明的又一种可选实施例中,所述装置可以应配置为局域网,则所述预置保护规则可以为局域网的管理员通过服务器预置的规则,由所述服务器将所述预置保护规则下发给位于浏览器客户端的所述装置。In still another optional embodiment of the present invention, the device may be configured as a local area network, and the preset protection rule may be a rule preset by a server of a local area network through a server, and the pre-prepared by the server The protection rule is sent to the device located at the browser client.
在本发明的一种可选实施例中,所述装置还可以包括:配置为生成所述水印内容的生成模块;In an optional embodiment of the present invention, the apparatus may further include: a generating module configured to generate the watermark content;
所述生成模块,具体可以包括:The generating module may specifically include:
生成子模块,配置为依据当前用户的账户、当前用户的登录时间、当前时间和当前用户对应企业标识中的至少一种,生成所述水印内容。And generating a submodule, configured to generate the watermark content according to at least one of an account of the current user, a login time of the current user, a current time, and a current enterprise identity.
在本发明的另一种可选实施例中,所述装置还可以包括:In another optional embodiment of the present invention, the device may further include:
第二显示模块,配置为在所述当前网页不符合预置保护规则时,显示所述当前网页;The second display module is configured to display the current webpage when the current webpage does not meet the preset protection rule;
控制模块,配置为将所述第二窗口的透明度控制为100%。And a control module configured to control the transparency of the second window to be 100%.
在本发明的再一种可选实施例中,所述装置还可以包括:In still another optional embodiment of the present invention, the apparatus may further include:
接收模块,配置为通过所述第二窗口接收用户对于所述当前网页的操作事件;a receiving module, configured to receive, by using the second window, an operation event of the user for the current webpage;
传递模块,配置为通过所述第二窗口将所述操作事件传递给所述第一窗口,以使所述第一窗口响应所述操作事件。a delivery module configured to pass the operational event to the first window through the second window to cause the first window to respond to the operational event.
对于装置实施例而言,由于其与方法实施例基本相似,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。For the device embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant parts can be referred to the description of the method embodiment.
在此提供的算法和显示不与任何特定计算机、虚拟系统或者其它设备固 有相关。各种通用系统也可以与基于在此的示教一起使用。根据上面的描述,构造这类系统所要求的结构是显而易见的。此外,本发明也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本发明的内容,并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。The algorithms and displays provided here are not tied to any particular computer, virtual system, or other device. Related. Various general purpose systems can also be used with the teaching based on the teachings herein. The structure required to construct such a system is apparent from the above description. Moreover, the invention is not directed to any particular programming language. It is to be understood that the invention may be embodied in a variety of programming language, and the description of the specific language has been described above in order to disclose the preferred embodiments of the invention.
在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. However, it is understood that the embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures, and techniques are not shown in detail so as not to obscure the understanding of the description.
类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, the various features of the invention are sometimes grouped together into a single embodiment, in the above description of the exemplary embodiments of the invention, Figure, or a description of it. However, the method disclosed is not to be interpreted as reflecting the intention that the claimed invention requires more features than those recited in the claims. Rather, as the following claims reflect, inventive aspects reside in less than all features of the single embodiments disclosed herein. Therefore, the claims following the specific embodiments are hereby explicitly incorporated into the embodiments, and each of the claims as a separate embodiment of the invention.
本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art will appreciate that the modules in the devices of the embodiments can be adaptively changed and placed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and further they may be divided into a plurality of sub-modules or sub-units or sub-components. In addition to such features and/or at least some of the processes or units being mutually exclusive, any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed, or All processes or units of the device are combined. Each feature disclosed in this specification (including the accompanying claims, the abstract and the drawings) may be replaced by alternative features that provide the same, equivalent or similar purpose.
此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使 用。In addition, those skilled in the art will appreciate that, although some embodiments described herein include certain features that are included in other embodiments and not in other features, combinations of features of different embodiments are intended to be within the scope of the present invention. Different embodiments are formed and formed. For example, in the following claims, any one of the claimed embodiments may be use.
本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的数据处理方法和装置中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网平台上下载得到,或者在载体信号上提供,或者以任何其他形式提供。The various component embodiments of the present invention may be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or digital signal processor (DSP) may be used in practice to implement some or all of the functionality of some or all of the components of the data processing method and apparatus in accordance with embodiments of the present invention. The invention can also be implemented as a device or device program (e.g., a computer program and a computer program product) for performing some or all of the methods described herein. Such a program implementing the invention may be stored on a computer readable medium or may be in the form of one or more signals. Such signals may be downloaded from an internet platform, provided on a carrier signal, or provided in any other form.
例如,图6示出了用于执行根据本发明的数据处理方法的计算设备。该计算设备传统上包括处理器1510和以存储器1520形式的程序产品或者可读介质。存储器1520可以是诸如闪存、EEPROM(电可擦除可编程只读存储器)、EPROM或者ROM之类的电子存储器。存储器1520具有用于执行上述方法中的任何方法步骤的程序代码1531的存储空间1530。例如,用于程序代码的存储空间1530可以包括分别用于实现上面的方法中的各种步骤的各个程序代码1531。这些程序代码可以从一个或者多个程序产品中读出或者写入到这一个或者多个程序产品中。这些程序产品包括诸如存储卡之类的程序代码载体。这样的程序产品通常为如参考图7所述的便携式或者固定存储单元。该存储单元可以具有与图6的计算设备中的存储器1520类似布置的存储段、存储空间等。程序代码可以例如以适当形式进行压缩。通常,存储单元包括可读代码1531’,即可以由例如诸如1510之类的处理器读取的代码,这些代码当由计算设备运行时,导致该计算设备执行上面所描述的方法中的各个步骤。For example, Figure 6 illustrates a computing device for performing a data processing method in accordance with the present invention. The computing device conventionally includes a processor 1510 and a program product or readable medium in the form of a memory 1520. The memory 1520 may be an electronic memory such as a flash memory, an EEPROM (Electrically Erasable Programmable Read Only Memory), an EPROM, or a ROM. Memory 1520 has a storage space 1530 for program code 1531 for performing any of the method steps described above. For example, storage space 1530 for program code may include various program code 1531 for implementing various steps in the above methods, respectively. These program codes can be read from or written to one or more program products. These program products include program code carriers such as memory cards. Such a program product is typically a portable or fixed storage unit as described with reference to FIG. The storage unit may have storage segments, storage spaces, and the like that are similarly arranged to memory 1520 in the computing device of FIG. The program code can be compressed, for example, in an appropriate form. Typically, the storage unit includes readable code 1531', ie, code that can be read by a processor, such as, for example, 1510, which when executed by a computing device causes the computing device to perform various steps in the methods described above .
应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包括”不排除存在未列在权利要求中的元件或步骤。位 于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。 It is to be noted that the above-described embodiments are illustrative of the invention and are not intended to be limiting, and that the invention may be devised without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as a limitation. The word 'comprising' does not exclude the presence of the elements or steps that are not recited in the claims. Bit The word "a" or "an" The invention can be implemented by means of hardware comprising several distinct elements and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means can be embodied by the same hardware item. The use of the words first, second, and third does not indicate any order. These words can be interpreted as names.

Claims (18)

  1. 一种数据处理方法,包括:A data processing method comprising:
    在显示当前网页前,判断所述当前网页是否符合预置保护规则;Before displaying the current webpage, determining whether the current webpage meets a preset protection rule;
    在所述当前网页符合预置保护规则时,显示所述当前网页,同时在所述当前网页上显示水印内容。When the current webpage meets the preset protection rule, the current webpage is displayed, and the watermark content is displayed on the current webpage.
  2. 如权利要求1所述的方法,其特征在于,在所述判断所述当前网页是否符合预置保护规则的步骤之前,所述方法还包括:The method of claim 1, wherein before the step of determining whether the current webpage meets a preset protection rule, the method further comprises:
    在启动浏览器的过程中,绘制第一窗口和位于所述第一窗口之上的第二窗口;Drawing a first window and a second window located above the first window during startup of the browser;
    则所述显示所述当前网页,同时在所述当前网页上显示水印内容的步骤,包括:The step of displaying the current webpage while displaying the watermark content on the current webpage includes:
    通过所述第一窗口显示所述当前网页;Displaying the current webpage through the first window;
    将所述第二窗口的透明度控制为小于100%的值,并通过所述第二窗口显示水印内容。The transparency of the second window is controlled to a value less than 100%, and the watermark content is displayed through the second window.
  3. 如权利要求1所述的方法,其特征在于,所述显示所述当前网页,同时在所述当前网页上显示水印内容的步骤,包括:The method of claim 1, wherein the displaying the current webpage while displaying the watermark content on the current webpage comprises:
    在将水印内容嵌入当前网页后,显示当前网页。After the watermark content is embedded in the current webpage, the current webpage is displayed.
  4. 如权利要求1至3中任一所述的方法,其特征在于,所述判断所述当前网页是否符合预置保护规则的步骤,包括:The method according to any one of claims 1 to 3, wherein the step of determining whether the current webpage meets a preset protection rule comprises:
    将所述当前网页的页面内容与第一预置保护规则进行匹配,若匹配结果为匹配成功,则判定所述当前网页符合预置保护规则;或者Matching the page content of the current webpage with the first preset protection rule, and if the matching result is that the matching is successful, determining that the current webpage meets the preset protection rule; or
    依据当前网页的页面地址在网址集合中进行查找,若查找命中,则确定当前网页符合预置保护规则;或者Searching in the URL collection according to the page address of the current webpage, and if the search hits, determining that the current webpage meets the preset protection rule; or
    从当前网页对应的头部信息中提取保护标识,并依据所述保护标识判断当前网页是否符合预置保护规则。Extracting a protection identifier from the header information corresponding to the current webpage, and determining, according to the protection identifier, whether the current webpage meets the preset protection rule.
  5. 如权利要求1至3中任一所述的方法,其特征在于,所述方法应用于局域网,则所述预置保护规则为局域网的管理员通过服务器预置的规则,由所述服务器将所述预置保护规则下发给浏览器客户端。The method according to any one of claims 1 to 3, wherein the method is applied to a local area network, and the preset protection rule is that the administrator of the local area network adopts a rule preset by the server, and the server The preset protection rules are sent to the browser client.
  6. 如权利要求1至3中任一所述的方法,其特征在于,通过如下步骤 生成所述水印内容:A method according to any one of claims 1 to 3, characterized by the following steps Generating the watermark content:
    依据当前用户的账户、当前用户的登录时间、当前时间和当前用户对应企业标识中的至少一种,生成所述水印内容。The watermark content is generated according to at least one of an account of the current user, a login time of the current user, a current time, and a current enterprise corresponding enterprise identity.
  7. 如权利要求2所述的方法,其特征在于,所述方法还包括:The method of claim 2, wherein the method further comprises:
    在所述当前网页不符合预置保护规则时,显示所述当前网页;Displaying the current webpage when the current webpage does not meet the preset protection rule;
    将所述第二窗口的透明度控制为100%。The transparency of the second window is controlled to be 100%.
  8. 如权利要求2或7所述的方法,其特征在于,所述方法还包括:The method of claim 2 or 7, wherein the method further comprises:
    通过所述第二窗口接收用户对于所述当前网页的操作事件;Receiving, by the second window, an operation event of the user for the current webpage;
    通过所述第二窗口将所述操作事件传递给所述第一窗口,以使所述第一窗口响应所述操作事件。Passing the operational event to the first window through the second window to cause the first window to respond to the operational event.
  9. 一种数据处理装置,包括:A data processing device comprising:
    判断模块,配置为在显示当前网页前,判断所述当前网页是否符合预置保护规则;及The determining module is configured to determine whether the current webpage meets a preset protection rule before displaying the current webpage; and
    第一显示模块,配置为在所述当前网页符合预置保护规则时,显示所述当前网页,同时在所述当前网页上显示水印内容。The first display module is configured to display the current webpage when the current webpage meets the preset protection rule, and display the watermark content on the current webpage.
  10. 如权利要求9所述的装置,其特征在于,所述装置还包括:The device of claim 9 wherein said device further comprises:
    绘制模块,配置为在所述判断模块判断所述当前网页是否符合预置保护规则之前,在启动浏览器的过程中,绘制第一窗口和位于所述第一窗口之上的第二窗口;The drawing module is configured to: before the determining module determines whether the current webpage meets the preset protection rule, in the process of starting the browser, drawing the first window and the second window located above the first window;
    则所述第一显示模块,包括:The first display module includes:
    第一显示子模块,配置为通过所述第一窗口显示所述当前网页;及a first display submodule configured to display the current webpage through the first window; and
    第二显示子模块,配置为将所述第二窗口的透明度控制为小于100%的值,并通过所述第二窗口显示水印内容。The second display submodule is configured to control the transparency of the second window to a value less than 100%, and display the watermark content through the second window.
  11. 如权利要求9所述的装置,其特征在于,所述第一显示模块,包括:The device of claim 9, wherein the first display module comprises:
    第三显示子模块,配置为在将水印内容嵌入当前网页后,显示当前网页。The third display submodule is configured to display the current webpage after embedding the watermark content in the current webpage.
  12. 如权利要求9至11中任一所述的装置,其特征在于,所述判断模块,包括: The device according to any one of claims 9 to 11, wherein the determining module comprises:
    第一判断子模块,配置为将所述当前网页的页面内容与第一预置保护规则进行匹配,若匹配结果为匹配成功,则判定所述当前网页符合预置保护规则;或者The first determining sub-module is configured to match the page content of the current webpage with the first preset protection rule, and if the matching result is that the matching is successful, determining that the current webpage meets the preset protection rule; or
    第二判断子模块,配置为依据当前网页的页面地址在网址集合中进行查找,若查找命中,则确定当前网页符合预置保护规则;或者The second determining sub-module is configured to perform a search in the web address set according to the page address of the current webpage, and if the search hits, determine that the current webpage meets the preset protection rule; or
    第三判断子模块,配置为从当前网页对应的头部信息中提取保护标识,并依据所述保护标识判断当前网页是否符合预置保护规则。The third determining sub-module is configured to extract a protection identifier from the header information corresponding to the current webpage, and determine, according to the protection identifier, whether the current webpage meets the preset protection rule.
  13. 如权利要求9至11中任一所述的装置,其特征在于,所述装置应配置为局域网,则所述预置保护规则为局域网的管理员通过服务器预置的规则,由所述服务器将所述预置保护规则下发给位于浏览器客户端的所述装置。The device according to any one of claims 9 to 11, wherein the device is configured as a local area network, and the preset protection rule is a rule preset by a server of a local area network through a server, and the server will The preset protection rule is sent to the device located at the browser client.
  14. 如权利要求9至11中任一所述的装置,其特征在于,所述装置还包括:配置为生成所述水印内容的生成模块;The apparatus according to any one of claims 9 to 11, wherein the apparatus further comprises: a generating module configured to generate the watermark content;
    所述生成模块,包括:The generating module includes:
    生成子模块,配置为依据当前用户的账户、当前用户的登录时间、当前时间和当前用户对应企业标识中的至少一种,生成所述水印内容。And generating a submodule, configured to generate the watermark content according to at least one of an account of the current user, a login time of the current user, a current time, and a current enterprise identity.
  15. 如权利要求10所述的装置,其特征在于,所述装置还包括:The device of claim 10, wherein the device further comprises:
    第二显示模块,配置为在所述当前网页不符合预置保护规则时,显示所述当前网页;The second display module is configured to display the current webpage when the current webpage does not meet the preset protection rule;
    控制模块,配置为将所述第二窗口的透明度控制为100%。And a control module configured to control the transparency of the second window to be 100%.
  16. 如权利要求10或15所述的装置,其特征在于,所述装置还包括:The device of claim 10 or 15, wherein the device further comprises:
    接收模块,配置为通过所述第二窗口接收用户对于所述当前网页的操作事件;a receiving module, configured to receive, by using the second window, an operation event of the user for the current webpage;
    传递模块,配置为通过所述第二窗口将所述操作事件传递给所述第一窗口,以使所述第一窗口响应所述操作事件。a delivery module configured to pass the operational event to the first window through the second window to cause the first window to respond to the operational event.
  17. 一种程序,包括可读代码,当所述可读代码在计算设备上运行时,导致所述计算设备执行根据权利要求1至8中的任一项所述的数据处理方 法。A program comprising readable code, causing the computing device to perform a data processing device according to any one of claims 1 to 8 when the readable code is run on a computing device law.
  18. 一种可读介质,其中存储了如权利要求17所述的程序。 A readable medium storing the program of claim 17.
PCT/CN2016/110447 2015-12-18 2016-12-16 Data processing method and device WO2017101865A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510959117.7 2015-12-18
CN201510959117.7A CN105631355B (en) 2015-12-18 2015-12-18 A kind of data processing method and device

Publications (1)

Publication Number Publication Date
WO2017101865A1 true WO2017101865A1 (en) 2017-06-22

Family

ID=56046275

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/110447 WO2017101865A1 (en) 2015-12-18 2016-12-16 Data processing method and device

Country Status (2)

Country Link
CN (1) CN105631355B (en)
WO (1) WO2017101865A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112257037A (en) * 2020-11-13 2021-01-22 北京明朝万达科技股份有限公司 Process watermarking method and system and electronic equipment

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105631355B (en) * 2015-12-18 2019-09-06 北京奇虎科技有限公司 A kind of data processing method and device
CN107239679B (en) * 2017-04-28 2019-12-03 浙江华途信息安全技术股份有限公司 Program window information protecting method and system
CN107292180B (en) * 2017-05-27 2019-07-05 北京北信源软件股份有限公司 A kind of screen watermark handling method and device
CN109471985A (en) * 2017-09-08 2019-03-15 北京国双科技有限公司 A kind of page processing method, device, processor and storage medium
CN108959509A (en) * 2018-06-27 2018-12-07 中国建设银行股份有限公司 Webpage watermark processing method, device and electronic equipment
CN108920946A (en) * 2018-07-30 2018-11-30 美通云动(北京)科技有限公司 Data security control method and device based on browser
CN109345439A (en) * 2018-09-11 2019-02-15 北京京东尚科信息技术有限公司 Picture guard method, device, medium and electronic equipment
CN111026986B (en) * 2018-10-10 2023-07-04 阿里巴巴集团控股有限公司 Webpage watermark rendering method and device
CN111506905A (en) * 2019-01-31 2020-08-07 百度在线网络技术(北京)有限公司 Data processing method, device, server and storage medium
CN110245469B (en) * 2019-06-24 2021-06-18 睿视(苏州)视频科技有限公司 Webpage watermark generation method, watermark analysis method, device and storage medium
CN110765428A (en) * 2019-09-24 2020-02-07 云深互联(北京)科技有限公司 Behavior control method and device based on enterprise browser
CN111125647A (en) * 2019-12-24 2020-05-08 浙江华途信息安全技术股份有限公司 Injection type window watermarking system and method
CN111382399A (en) * 2020-03-06 2020-07-07 北京明朝万达科技股份有限公司 Method and device for adding watermark
CN111583091A (en) * 2020-05-25 2020-08-25 天津赢达信科技有限公司 Method and system for adding picture watermark to browser client
CN111783003A (en) * 2020-06-30 2020-10-16 北京海泰方圆科技股份有限公司 Method and device for displaying watermark of browser and electronic equipment
CN112434267B (en) * 2020-12-10 2021-12-24 北京海泰方圆科技股份有限公司 Method, device, medium and equipment for generating blind watermark
CN112347499B (en) * 2021-01-08 2021-04-30 北京东方通软件有限公司 Program self-protection method
CN117454336B (en) * 2023-12-22 2024-03-15 厦门天锐科技股份有限公司 Anti-disclosure method and device for adding watermark to target webpage

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100259560A1 (en) * 2006-07-31 2010-10-14 Gabriel Jakobson Enhancing privacy by affecting the screen of a computing device
CN102685076A (en) * 2011-03-16 2012-09-19 中国电信股份有限公司 Online information protection method and device
CN103632106A (en) * 2013-12-18 2014-03-12 北京明朝万达科技有限公司 OA (office automation) data protection method and system based on OA flow
CN104517046A (en) * 2014-12-24 2015-04-15 江苏敏捷科技股份有限公司 Screen display data protection method
CN105631355A (en) * 2015-12-18 2016-06-01 北京奇虎科技有限公司 Data processing method and device
CN105631359A (en) * 2015-12-23 2016-06-01 北京奇虎科技有限公司 Control method and device of webpage operation

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102467628A (en) * 2010-11-12 2012-05-23 深圳市虹安信息技术有限公司 Method for protecting data based on browser kernel intercept technology
CN103530570B (en) * 2013-09-24 2016-08-17 国家电网公司 A kind of electronic document safety management system and method
CN104766009B (en) * 2015-03-18 2018-10-30 杭州安恒信息技术有限公司 A kind of system distorted based on the anti-web page files of operating system bottom

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100259560A1 (en) * 2006-07-31 2010-10-14 Gabriel Jakobson Enhancing privacy by affecting the screen of a computing device
CN102685076A (en) * 2011-03-16 2012-09-19 中国电信股份有限公司 Online information protection method and device
CN103632106A (en) * 2013-12-18 2014-03-12 北京明朝万达科技有限公司 OA (office automation) data protection method and system based on OA flow
CN104517046A (en) * 2014-12-24 2015-04-15 江苏敏捷科技股份有限公司 Screen display data protection method
CN105631355A (en) * 2015-12-18 2016-06-01 北京奇虎科技有限公司 Data processing method and device
CN105631359A (en) * 2015-12-23 2016-06-01 北京奇虎科技有限公司 Control method and device of webpage operation

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112257037A (en) * 2020-11-13 2021-01-22 北京明朝万达科技股份有限公司 Process watermarking method and system and electronic equipment
CN112257037B (en) * 2020-11-13 2024-03-19 北京明朝万达科技股份有限公司 Process watermarking method, system and electronic equipment

Also Published As

Publication number Publication date
CN105631355A (en) 2016-06-01
CN105631355B (en) 2019-09-06

Similar Documents

Publication Publication Date Title
WO2017101865A1 (en) Data processing method and device
WO2017107956A1 (en) Data processing method, client and server
US11570211B1 (en) Detection of phishing attacks using similarity analysis
RU2610254C2 (en) System and method of determining modified web pages
US8495358B2 (en) Software based multi-channel polymorphic data obfuscation
US10728274B2 (en) Method and system for injecting javascript into a web page
US9348980B2 (en) Methods, systems and application programmable interface for verifying the security level of universal resource identifiers embedded within a mobile application
Bhavani Cross-site scripting attacks on android webview
US11503072B2 (en) Identifying, reporting and mitigating unauthorized use of web code
US20190222587A1 (en) System and method for detection of attacks in a computer network using deception elements
CN111163094B (en) Network attack detection method, network attack detection device, electronic device, and medium
CN111163095A (en) Network attack analysis method, network attack analysis device, computing device, and medium
Focardi et al. Security threats and solutions for two-dimensional barcodes: a comparative study
Bao et al. Cross-site scripting attacks on android hybrid applications
US10474810B2 (en) Controlling access to web resources
Wedman et al. An analytical study of web application session management mechanisms and HTTP session hijacking attacks
Kim et al. A study on the digital forensic investigation method of clever malware in IoT devices
US20230208878A1 (en) Systems and Methods for Tracking and Identifying Phishing Website Authors
CN112836186A (en) Page control method and device
US10567171B2 (en) Client-side security key generation
Mingsheng et al. Research and Development of Dual-Core Browser-Based Compatibility and Security
Fan et al. Privacy Petri net and privacy leak software
US12008105B2 (en) Protected QR code scanner using operational system override
Sharadqeh et al. Review and measuring the efficiency of SQL injection method in preventing e-mail hacking
US20230065787A1 (en) Detection of phishing websites using machine learning

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16874922

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16874922

Country of ref document: EP

Kind code of ref document: A1