WO2024021883A1 - 防信息泄露方法及其装置、存储介质 - Google Patents
防信息泄露方法及其装置、存储介质 Download PDFInfo
- Publication number
- WO2024021883A1 WO2024021883A1 PCT/CN2023/098609 CN2023098609W WO2024021883A1 WO 2024021883 A1 WO2024021883 A1 WO 2024021883A1 CN 2023098609 W CN2023098609 W CN 2023098609W WO 2024021883 A1 WO2024021883 A1 WO 2024021883A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- cloud desktop
- video information
- leakage
- leakage prevention
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 230000002265 prevention Effects 0.000 title claims abstract description 40
- 238000004458 analytical method Methods 0.000 claims abstract description 23
- 230000004044 response Effects 0.000 claims abstract description 7
- 230000006399 behavior Effects 0.000 claims description 23
- 238000004590 computer program Methods 0.000 claims description 6
- 230000006870 function Effects 0.000 description 15
- 230000001960 triggered effect Effects 0.000 description 6
- 238000012550 audit Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 238000007726 management method Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 230000000875 corresponding effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000012790 confirmation Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000001815 facial effect Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 210000000352 storage cell Anatomy 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
- 238000012384 transportation and delivery Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V20/00—Scenes; Scene-specific elements
- G06V20/40—Scenes; Scene-specific elements in video content
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/20—Movements or behaviour, e.g. gesture recognition
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/18—Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
Definitions
- the embodiments of the present application relate to the technical field of cloud desktop applications, and in particular, to an information leakage prevention method, device, and storage medium thereof.
- Embodiments of the present application provide an information leakage prevention method, device, and storage medium.
- inventions of the present application provide a method for preventing information leakage.
- the method for preventing information leakage includes: receiving video information sent by a cloud desktop terminal, wherein the video information is received by the cloud desktop terminal at the first time. Collected under the condition of a trigger instruction, the first trigger instruction is issued by the cloud desktop server in response to the target operation performed on the cloud desktop; leakage analysis is performed on the video information; when it is determined that there is leakage behavior based on the video information , lock the screen of the cloud desktop, and save the video information within a first target time period, wherein the first target time period is determined based on the moment when it is determined that leakage behavior exists.
- embodiments of the present application also provide an information leakage prevention device, including: a memory, a processor, and a computer program stored in the memory and executable on the processor.
- an information leakage prevention device including: a memory, a processor, and a computer program stored in the memory and executable on the processor.
- the processor executes the computer program Implement the above information leakage prevention methods.
- embodiments of the present application also provide a computer-readable storage medium that stores computer-executable instructions, and the computer-executable instructions are used to execute the above-mentioned information leakage prevention method.
- Figure 1 is a flow chart of an information leakage prevention method provided by an embodiment of the present application.
- Figure 2 is a flow chart for leakage analysis of video information provided by an embodiment of the present application.
- Figure 3 is a flow chart of subsequent operations of locking the screen provided by an embodiment of the present application.
- Figure 4 is a flow chart of subsequent operations of locking the screen provided by another embodiment of the present application.
- Figure 5 is a flow chart of subsequent operations of locking the screen provided by another embodiment of the present application.
- Figure 6 is a block diagram of an information leakage prevention device provided by an embodiment of the present application.
- Figure 7 is a complete flow chart of information leakage prevention provided by an embodiment of the present application.
- the user's permission or consent when it is necessary to perform relevant processing based on the user's attribute information or attribute information collection and other data related to the user's characteristics, the user's permission or consent will first be obtained. Moreover, the collection, use and processing of this data will comply with the relevant laws, regulations and standards of relevant countries and regions. In addition, when the embodiment of this application needs to obtain the user's attribute information, it will obtain the user's separate permission or consent through a pop-up window or jump to a confirmation page. After clearly obtaining the user's separate permission or consent, it will obtain the user's attribute information. Necessary user-related data used to enable the embodiments of this application to operate normally.
- Embodiments of the present application provide an information leakage prevention method, device, and storage medium.
- the cloud desktop server will issue a first trigger instruction, and then the cloud desktop terminal can receive the first trigger instruction according to the target operation.
- the video information collected by the command is then leaked and analyzed to determine whether there is any leakage behavior such as mobile terminal candid photography.
- the cloud desktop is locked, thereby eliminating the involvement at the source. leakage of confidential information.
- video information that is confirmed to have been leaked is also saved, which is conducive to subsequent audits.
- video collection by the cloud desktop terminal is triggered based on the target operation performed by the user on the cloud desktop, and video collection is only performed during the target period, so the user's privacy can be effectively protected.
- Figure 1 is a flow chart of an information leakage prevention method provided by an embodiment of the present application.
- the information leakage prevention method includes step S100, step S200 and step S300.
- Step S100 Receive video information sent by the cloud desktop terminal, where the video information is collected by the cloud desktop terminal upon receiving a first triggering instruction, and the first triggering instruction is generated by the cloud desktop server in response to a target operation performed on the cloud desktop. and send out;
- Step S200 Perform leakage analysis on the video information
- Step S300 When it is determined that there is a leakage behavior based on the video information, lock the screen of the cloud desktop and save the video information within the first target time period, where the first target time period is determined based on the moment when it is determined that there is a leakage behavior.
- a first triggering instruction when receiving the target operation executed by the cloud desktop, a first triggering instruction can be generated and sent to the cloud desktop terminal, and then the video information collected by the cloud desktop terminal can be received. After starting to receive the video information, the video information is leaked and analyzed intelligently to determine whether there is any leakage behavior such as mobile terminal candid photography in the received video information. When there is candid photography behavior in the video information, that is, when it is determined that there is a leakage behavior, a lock will be sent immediately. Use the screen command to go to the cloud desktop terminal to lock the cloud desktop screen. At the same time, the video information within the first target time period is saved, and the first target time period is the time interval before and after the moment when the leakage behavior is determined by analysis.
- the information leakage prevention method of this embodiment not only prevents information leakage, but also effectively protects the user's own privacy and security, and provides users with trust.
- the information leakage prevention method in this embodiment can be applied to different scenarios such as corporate office or individual user office.
- the anti-candid camera function can be set to automatically start, and the above information leakage prevention method can be applied.
- the user can decide whether to enable the anti-candid camera function and when to use the anti-candid camera function based on the individual user's privacy considerations.
- Step S200 includes but is not limited to steps: step S210 and step S220.
- Step S210 Cache the video information in the second target time period, where the video information in the second target time period includes the video information in the first target time period;
- Step S220 Perform leakage analysis on the video information within the second target time period.
- the leakage analysis is expanded here.
- the first N seconds of video information at the current moment of analysis are stored in the cache, so that when candid filming is detected, that is, Relevant video information can be stored and used for post-audit evidence.
- the time parameter N is configurable, for example, it can be 10 seconds.
- Step S300 includes but is not limited to step S310 and step S320.
- Step S310 Generate first alarm information
- Step S320 Send the first alarm information to the cloud desktop terminal, so that the cloud desktop terminal displays the first alarm information.
- the first alarm message When the cloud desktop is locked, the first alarm message will be immediately generated and sent to the cloud desktop terminal, and the first alarm message will be displayed on the locked screen, prompting a suspicious person to perform candid photography operations.
- Step S300 includes but is not limited to step S330 and step S340.
- Step S330 Generate second alarm information
- Step S340 Send the second alarm information to the management terminal.
- the sending method can be through email, SMS, or a pop-up box on the network management interface.
- Step S300 includes but is not limited to step S350 and step S360.
- Step S350 Generate disabled duration information
- Step S360 Disable the account that logs in to the cloud desktop system according to the disabling duration information.
- the disabling duration information After alerting administrators and users, the disabling duration information will be generated immediately, so that the cloud desktop terminal can disable the account currently logged in to the cloud desktop based on the disabling duration information.
- the disabling duration is configurable, for example, it can be 30 minutes.
- FIG. 6 is a block diagram of an information leakage prevention device provided by an embodiment of the present application, and mainly illustrates the system supporting the information leakage prevention method.
- the left side of the picture is the cloud desktop terminal, which mainly receives instructions from the cloud desktop server and completes corresponding actions according to the instructions, that is, video information collection.
- the right side of the figure is the cloud desktop server, which mainly sends the first trigger command, video collection command, etc. to the cloud desktop terminal, and performs leakage detection on the video information transmitted by the cloud desktop terminal. After detecting the leakage behavior, the video information is storage.
- Figure 7 is a complete flow chart for preventing information leakage provided by an embodiment of the present application.
- the execution process of the entire information leakage prevention method is as follows:
- the user logs in to the cloud desktop system and determines whether to activate the anti-candid photography function. If it is not enabled, video information will not be collected; if it is enabled, proceed to the next step to determine whether to open confidential files. If the confidential file is not opened, the video information will not be collected; if the confidential file is opened, the video information will be collected and transmitted to the cloud desktop server for leakage analysis of the video information. Analyze whether there is any leakage behavior in the video information. If there is no leakage behavior, access the cloud desktop system normally; if there is a leakage behavior, the cloud desktop system will be locked, the current user account will be disabled, and the first alarm will be displayed on the locked screen. information and store the leaked video information, and finally send the second alarm information to the management terminal at the same time.
- corresponding permissions can be set for the administrator, or the user can use various methods to perform the operation. verify. For example, when an individual user is misjudged to have been secretly photographed while working, resulting in the account being disabled, the ban can be lifted through facial recognition, custom unlocking passwords and other related verification methods to protect the user's normal work.
- the target operation includes one of the following:
- the target operation when you are in a corporate office, you can set the target operation to log in to the cloud desktop system and automatically start the anti-candid camera function. You can also set the target operation to open confidential files to trigger the anti-candid camera function, thereby triggering video collection.
- the anti-leakage control can also be triggered by the user himself, and the anti-candid photography function can be turned on after obtaining the user's permission, fully respecting the user's choice and privacy protection.
- the information leakage prevention method also includes:
- the information leakage prevention method before receiving the video information sent by the cloud desktop terminal, the information leakage prevention method further includes:
- the cloud desktop server When the cloud desktop triggers any of the above target operations, the cloud desktop server will generate a first trigger instruction and send it to the cloud desktop terminal.
- the first trigger instruction includes a video information collection instruction.
- the cloud desktop terminal will start collecting after receiving the first trigger instruction. Video information.
- This information leakage prevention method includes the following steps:
- the enterprise uniformly configures a client with video collection function for employees to log in to the cloud desktop for corporate office work.
- the background administrator enables the anti-candid camera function.
- opening confidential files triggers the collection of video information.
- the collected video information is the real-time video information of the employees in front of the client, which is transmitted to the backend cloud desktop server for intelligent analysis to see if there is any candid filming behavior.
- the first N seconds of video at the time of intelligent analysis are stored in the cache of the cloud desktop server.
- the lock screen information is generated and sent to the cloud desktop terminal, which automatically locks the employee's cloud desktop screen.
- the first alarm information is used to display on the locked screen.
- the above prompts the employee for illegal operations;
- the second alarm message is used to send to the administrator, reminding the administrator that there is a risk of leakage of confidential information; after prompting the illegal operations on the locked screen, the employee account is disabled based on the disable duration information.
- Video collection devices include but are not limited to smart cameras, USB cameras, or cameras that come with the client.
- the disabling duration information is usually set to 30 minutes, but this embodiment does not limit this.
- This information leakage prevention method includes the following steps:
- the anti-candid camera function can be enabled according to the user's needs. Users enter their account and password to log in to the cloud desktop for work. Users can set up the anti-candid photography function when opening confidential files or turn on the anti-leakage control to turn on the anti-candid photography function.
- the client is triggered to collect video while opening the confidential file.
- the video information around the user in front of the client is collected in real time and transmitted to the cloud desktop server for intelligent analysis to detect whether there is a candid camera.
- the first N seconds of video at the time of intelligent analysis are stored in the cache of the cloud desktop server.
- the lock screen information is generated and sent to the cloud desktop terminal, which automatically locks the user's cloud desktop screen.
- the first alarm information, the second alarm information and the disabled duration information are generated.
- the first alarm information is used to prompt the suspicious person to perform candid photography on the locked screen;
- the second alarm information is used to send to the user to remind the user of the current situation.
- There is a risk of leakage of confidential information after the locked screen prompts that there is an illegal operation, the current user account will be disabled based on the ban duration information. After ensuring that confidential information has not been leaked, store the video information before and after the moment when the candid filming was confirmed for post-audit evidence.
- the user can use face recognition, verification code verification or disabled password verification to confirm that no suspected person is currently filming secretly, then the ban can be lifted and the user's work can be continued. It effectively protects the user's normal work efficiency while also protecting the user's privacy and security of confidential file information.
- the client is triggered to collect the video. The subsequent steps have been described in detail and will not be repeated here.
- an embodiment of the present application also provides a computer-readable storage medium.
- the computer-readable storage medium stores computer-executable instructions.
- the computer-executable instructions are used to execute the above-mentioned information leakage prevention method, for example, by the above-mentioned method.
- Execution by a processor in the embodiment of the information leakage prevention device can cause the above-mentioned processor to execute the information processing method in the above embodiment, for example, execute the method in FIGS. 1 to 5 described above.
- an embodiment of the present application also provides an information leakage prevention device.
- the information leakage prevention device includes: a memory, a processor, and a computer program stored in the memory and executable on the processor.
- the processor executes the computer program.
- the non-transitory software programs and instructions required to implement the information leakage prevention method of the above embodiment are stored in the memory.
- the information leakage prevention method in the above embodiment is executed, for example, the above-described Figure 1 is executed. to the method in Figure 5.
- Embodiments of the present application include: receiving video information sent by a cloud desktop terminal, wherein the video information is collected by the cloud desktop terminal upon receiving a first trigger instruction, and the first trigger instruction is obtained by the cloud desktop server. Issued in response to the target operation performed on the cloud desktop; perform leakage analysis on the video information; when it is determined that there is a leakage behavior based on the video information, lock the screen on the cloud desktop and save all the information within the first target time period.
- the video information wherein the first target time period is determined according to the moment when it is determined that there is a leakage behavior.
- the cloud desktop server will issue a first trigger instruction, and then the video information collected by the cloud desktop terminal according to the first trigger instruction can be received, and then the video information will be leaked and analyzed to analyze whether there is a mobile terminal.
- Secret filming and other leaking behaviors should be based on the
- the cloud desktop is locked, thereby preventing the leakage of confidential information at the source.
- the video information that is confirmed to be leaked is also saved, which is conducive to subsequent audits.
- video collection by the cloud desktop terminal is triggered based on the target operation performed by the user on the cloud desktop, and video collection is only performed during the target period, so the user's privacy can be effectively protected.
- Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other storage cell technology, CD-ROM, Digital Versatile Disk (DVD) or other optical disk storage, magnetic cassettes, tapes, disk storage or other magnetic storage devices, or Any other medium that can be used to store the desired information and that can be accessed by a computer.
- communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism, and may include any information delivery media .
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Multimedia (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Bioethics (AREA)
- Signal Processing (AREA)
- Human Computer Interaction (AREA)
- Social Psychology (AREA)
- Psychiatry (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
本申请提供了一种防信息泄露方法及其装置、存储介质。其中,防信息泄露方法包括:接收云桌面终端发送的视频信息,其中,视频信息由云桌面终端在接收到第一触发指令的情况下采集得到,第一触发指令由云桌面服务器响应于在云桌面执行的目标操作而发出(S100);对视频信息进行泄密分析(S200);当根据视频信息确定存在泄密行为,对云桌面进行锁屏,保存第一目标时间段内的视频信息,其中,第一目标时间段根据确定存在泄密行为的时刻而确定(S300)。
Description
相关申请的交叉引用
本申请基于申请号为202210875550.2、申请日为2022年07月25日的中国专利申请提出,并要求该中国专利申请的优先权,该中国专利申请的全部内容在此引入本申请作为参考。
本申请实施例涉及云桌面应用技术领域,尤其涉及一种防信息泄露方法及其装置、存储介质。
当前云桌面系统防信息泄露主要还是通过数字水印技术来震慑泄露者或企图进行信息泄露的人员,而数字水印技术本质上属于事后追责,并不能直接阻断泄密的发生。另外,随着智能手机的普及,使得通过手机偷拍录屏非常便利,且通过手机拍摄的方式没有原始文档元数据,一般是比较难直接溯源的。
发明内容
本申请实施例提供了一种防信息泄露方法及其装置、存储介质。
第一方面,本申请实施例提供了一种防信息泄露方法,所述防信息泄露方法包括:接收云桌面终端发送的视频信息,其中,所述视频信息由所述云桌面终端在接收到第一触发指令的情况下采集得到,所述第一触发指令由云桌面服务器响应于在云桌面执行的目标操作而发出;对所述视频信息进行泄密分析;当根据所述视频信息确定存在泄密行为,对所述云桌面进行锁屏,保存第一目标时间段内的所述视频信息,其中,所述第一目标时间段根据确定存在泄密行为的时刻而确定。
第二方面,本申请实施例还提供了一种防信息泄露装置,包括:存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现如上述的防信息泄露方法。
第三方面,本申请实施例还提供了一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行如上述的防信息泄露方法。
图1是本申请一个实施例提供的防信息泄露方法的流程图;
图2是本申请一个实施例提供的对视频信息进行泄密分析的流程图;
图3是本申请一个实施例提供的锁屏后续操作的流程图;
图4是本申请另一个实施例提供的锁屏后续操作的流程图;
图5是本申请另一个实施例提供的锁屏后续操作的流程图;
图6是本申请一个实施例提供的防信息泄漏装置的框图;
图7是本申请一个实施例提供的防信息泄漏的完整流程图。
为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处所描述的实施例仅用以解释本申请,并不用于限定本申请。
需要说明的是,虽然在流程图中示出了逻辑顺序,但是在某些情况下,可以以不同于流程图中的顺序执行所示出或描述的步骤。说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。
还需要说明的是,在本申请的各个实施方式中,当涉及到需要根据用户的属性信息或属性信息集合等与用户的特性相关的数据进行相关处理时,都会先获得用户的许可或者同意,而且,对这些数据的收集、使用和处理等,都会遵守相关国家和地区的相关法律法规和标准。此外,当本申请实施例需要获取用户的属性信息时,会通过弹窗或者跳转到确认页面等方式获得用户的单独许可或者单独同意,在明确获得用户的单独许可或者单独同意之后,再获取用于使本申请实施例能够正常运行的必要的用户的相关数据。
本申请实施例提供了一种防信息泄露方法及其装置、存储介质,根据在云桌面上执行的目标操作,云桌面服务器会发出第一触发指令,进而可以接收到云桌面终端根据第一触发指令采集的视频信息,接着对视频信息进行泄密分析,分析是否存在移动终端偷拍等泄密行为,当根据视频信息分析确定存在泄密行为时,对云桌面实行锁屏操作,从而在源头上杜绝了涉密信息的泄露,另外,还同时保存确定有泄密行为的视频信息,有利于进行事后审计。此外,云桌面终端进行视频采集是根据用户在云桌面上执行的目标操作而触发的,而且视频采集只针对目标时段进行采集,因此可以有效保护用户的隐私安全。
如图1所示,图1是本申请一个实施例提供的防信息泄露方法的流程图。
如图1所示,该防信息泄露方法包括步骤S100、步骤S200和步骤S300,
步骤S100:接收云桌面终端发送的视频信息,其中,视频信息由云桌面终端在接收到第一触发指令的情况下采集得到,第一触发指令由云桌面服务器响应于在云桌面执行的目标操作而发出;
步骤S200:对视频信息进行泄密分析;
步骤S300:当根据视频信息确定存在泄密行为,对云桌面进行锁屏,保存第一目标时间段内的视频信息,其中,第一目标时间段根据确定存在泄密行为的时刻而确定。
本实施例中,在接收到云桌面执行的目标操作时,可以生成第一触发指令发送至云桌面终端,进而接收云桌面终端采集的视频信息。开始接收视频信息后,则对视频信息进行泄密分析,智能分析接收到的视频信息中是否存在有移动终端偷拍等泄密行为,当视频信息中存在偷拍行为,即确定存在泄密行为时,立即发送锁屏指令至云桌面终端对云桌面进行锁屏。同时,保存第一目标时间段内的视频信息,第一目标时间段为分析确定存在泄密行为的时刻前后的时间间隔内。因此,可以直接通过锁屏操作来保证信息不外泄,也可通过存储泄密时刻的视频信息保证事后审计。另外,由于触发视频采集是由用户在云桌面执行的目标操作实现的,所以本实施例的防信息泄漏方法在防止信息泄露的基础上,还有效保护了用户自身的隐私安全,给用户提供使用信任。
本实施例中的防信息泄漏方法可以针对企业办公或个人用户办公等不同场景,针对企业办公时,可以设置自动启动防偷拍功能,即可应用上述的防信息泄漏方法。针对个人用户办公时,由于个人用户通常在私人的设备上进行处理,所以针对于个人用户对隐私的考虑,可以由用户个人决定是否启用防偷拍功能以及何时使用防偷拍功能。
如图2所示,图2是本申请一个实施例提供的对视频信息进行泄密分析的流程图,是对步骤S200进行了进一步说明,步骤S200包括但不限于步骤:步骤S210和步骤S220。
步骤S210:缓存第二目标时间段内的视频信息,其中,第二目标时间段内的视频信息包括第一目标时间段内的视频信息;
步骤S220:对第二目标时间段内的视频信息进行泄密分析。
这里对泄密分析进行了拓展,当开始对接收到的视频信息进行智能分析时,同时将分析时的当前时刻的前N秒视频信息存储在缓存中,以便于当检测到有偷拍行为时,即可将相关视频信息存储下来,用于事后审计举证。需要说明的是,时间参数N是可配置的,例如可以为10秒。
如图3所示,图3是本申请一个实施例提供的锁屏后续操作的流程图,对步骤S300进行了进一步说明,步骤S300包括但不限于步骤S310和步骤S320。
步骤S310:生成第一告警信息;
步骤S320:向云桌面终端发送第一告警信息,使得云桌面终端显示第一告警信息。
当对云桌面进行锁屏之后,会立即生成第一告警信息发送至云桌面终端,并在锁定的屏幕上显示第一告警信息,提示存在可疑人员进行偷拍行为操作。
如图4所示,图4是本申请另一个实施例提供的锁屏后续操作的流程图,对步骤S300进行了进一步说明,步骤S300包括但不限于步骤S330和步骤S340。
步骤S330:生成第二告警信息;
步骤S340:向管理终端发送所述第二告警信息。
当对云桌面进行锁屏之后,还会立即生成第二告警信息发送给用户和管理员,提醒用户和管理员存在可疑人员进行偷拍行为操作。其中,发送方式可以通过邮件、短信或网管界面弹框的方式。
如图5所示,图5是本申请另一个实施例提供的锁屏后续操作的流程图,对步骤S300进行了进一步说明,步骤S300包括但不限于步骤S350和步骤S360。
步骤S350:生成禁用时长信息;
步骤S360:根据禁用时长信息禁用登录云桌面系统的账号。
当对管理员和用户进行告警提示之后,会立即生成禁用时长信息,使得云桌面终端根据禁用时长信息对当前登录云桌面的账号进行禁用操作,禁用时长可配置,例如可以为30分钟。
如图6所示,图6是本申请一个实施例提供的防信息泄漏装置的框图,主要对支撑防信息泄漏方法的系统进行了说明。图中左侧为云桌面终端,主要起到接收来自云桌面服务器的指令并根据指令完成相应动作,即视频信息采集。图中右侧为云桌面服务器,主要起到发送第一触发指令、视频采集指令等等至云桌面终端,并对云桌面终端传输的视频信息进行泄密检测,检测出泄密行为后对视频信息进行存储。
如图7所示,图7是本申请一个实施例提供的防信息泄漏的完整流程图。整个防信息泄漏方法的执行流程如下:
用户登录云桌面系统,判断是否启动防偷拍功能。如没有启用,则不采集视频信息;如启用了,则进行下一步判断是否打开涉密文件。如没有打开涉密文件,则不采集视频信息;如打开了涉密文件,则采集视频信息传输至云桌面服务器,对视频信息进行泄密分析。分析视频信息是否存在泄密行为,如不存在泄密行为,则正常访问云桌面系统;如存在泄密行为,则对云桌面进行锁屏,对当前用户账号进行禁用,在锁定的屏幕上显示第一告警信息并存储有关泄密的视频信息,最后同时发送第二告警信息至管理终端。
在一些实施例中,为了避免出现误判的情况或对涉密文件进行拍照为用户在特殊情况下本身需要进行的操作,可通过对管理员设置相应权限,或对用户本身采用多种方式进行验证。例如,当个人用户在办公过程中被误判为偷拍操作,从而导致账号被禁用时,可通过人脸识别、自定义解锁密码等相关验证方式解除禁用,以保护用户正常办公。
在一些实施例中,目标操作包括如下之一:
登录云桌面系统;或
打开涉密文件;或
触发防泄密控件。
由于办公场景的不同,目标操作也包括多种。其中,当处于企业办公时,可以将目标操作设置为登录云桌面系统即自动启动防偷拍功能。也可以将目标操作设置为打开涉密文件即触发防偷拍功能,进而触发视频采集。当处于个人用户办公时,除了上述目标操作外,还可以通过用户自身触发防泄密控件,在获取用户许可后再开启防偷拍功能,充分尊重用户的选择和隐私保护。
在一些实施例中,防信息泄露方法还包括:
当根据视频信息确定不存在泄密行为,维持云桌面的当前运行状态。
当智能分析视频信息中不存在相关偷拍行为时,即不采取任何措施,维持云桌面的当前运行状态。在涉密文件被关闭之前,视频信息会持续采集并持续进行分析,以确保涉密信息在整个使用过程中均不会被泄露。
在一些实施例中,接收云桌面终端发送的视频信息之前,防信息泄露方法还包括:
响应于在云桌面执行目标操作,生成第一触发指令;
向云桌面终端发送第一触发指令,使得云桌面终端根据第一触发指令采集视频信息。
当云桌面触发上述目标操作中的任一操作,云桌面服务器会生成第一触发指令向云桌面终端发送,第一触发指令包含视频信息采集指令,云桌面终端接收到第一触发指令即开始采集视频信息。
为了更加清楚的说明本申请实施例提供的防信息泄露方法的处理流程,下面以两种办公场景示例进行说明。
企业办公场景:该防信息泄露方法包括以下步骤:
企业给员工统一配置带视频采集功能的客户端,用于登录云桌面进行企业办公。后台管理员启用防偷拍功能。员工登录至云桌面系统后,打开涉密文件即触发视频信息采集。采集的视频信息为客户端前员工的实时视频信息,传输到后台云桌面服务器进行智能分析是否存在偷拍行为。同时,将进行智能分析时刻的前N秒视频存储在云桌面服务器的缓存中。当智能分析出有手机偷拍行为时,生成锁屏信息发送至云桌面终端,自动将此员工的云桌面锁屏。并同时生成第一告警信息、第二告警信息和禁用时长信息,第一告警信息用来在锁定的屏幕
上提示员工存在违规操作;第二告警信息用来发送给管理员,提示管理员当前有涉密信息泄露风险;在锁定的屏幕上提示存在违规操作后,根据禁用时长信息将此员工账号禁用。确保涉密信息未被泄露后,存储确定存在偷拍行为时刻的前后视频信息,用于事后审计举证。视频采集设备包括但不限于智能摄像头、USB摄像头或客户端自带的摄像头等。禁用时长信息通常设置为30分钟,但本实施例对此不做限定。
个人用户办公场景:该防信息泄露方法包括以下步骤:
当用户在公共场所办公并使用带视频采集功能的客户端时,可根据用户的需求启用防偷拍功能。用户输入账号密码登录云桌面进行办公,用户可自行设置打开涉密文件即启动防偷拍功能或打开防泄密控件以打开防偷拍功能。当用户打开涉密文件即开启防偷拍功能时,打开涉密文件的同时触发客户端进行视频采集,将客户端前用户周围的视频信息实时采集并传输到云桌面服务器进行智能分析检测有无偷拍行为,同时,将进行智能分析时刻的前N秒视频存储在云桌面服务器的缓存中。当智能分析出有手机偷拍行为时,生成锁屏信息发送至云桌面终端,自动将此用户的云桌面锁屏。并同时生成第一告警信息、第二告警信息和禁用时长信息,第一告警信息用来在锁定的屏幕上提示存在可疑人员进行偷拍行为操作;第二告警信息用来发送至用户,提示用户当前有涉密信息泄露风险;在锁定的屏幕上提示存在违规操作后,根据禁用时长信息将当前用户账号禁用。确保涉密信息未被泄露后,存储确定存在偷拍行为时刻的前后视频信息,用于事后审计举证。如果为智能分析误判或拍摄操作为用户本人实行,则用户可通过人脸识别、验证码验证或禁用密码验证等方式,证实当前无嫌疑人员进行偷拍,则可以解除禁用,继续用户的工作。有效在保护了用户正常工作效率的同时,还保护了用户的隐私安全和涉密文件信息的安全。当用户打开防泄密控件以开启防偷拍功能时,即在打开防泄密控件后,再打开涉密文件的同时触发客户端进行视频采集,后续步骤已做详细描述,在此不做赘述。
另外,本申请的一个实施例还提供了一种计算机可读存储介质,计算机可读存储介质存储有计算机可执行指令,计算机可执行指令用于执行如上述的防信息泄露方法,例如,被上述防信息泄漏装置的实施例中的一个处理器执行,可使得上述处理器执行上述实施例中的信息处理方法,例如,执行以上描述的图1至图5中的方法。
另外,本申请的一个实施例还提供了一种防信息泄漏装置,该防信息泄漏装置包括:存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,处理器执行计算机程序时实现如上述的防信息泄露方法。
实现上述实施例的防信息泄露方法所需的非暂态软件程序以及指令存储在存储器中,当被处理器执行时,执行上述实施例中的防信息泄露方法,例如,执行以上描述的图1至图5中的方法。
本申请实施例包括:接收云桌面终端发送的视频信息,其中,所述视频信息由所述云桌面终端在接收到第一触发指令的情况下采集得到,所述第一触发指令由云桌面服务器响应于在云桌面执行的目标操作而发出;对所述视频信息进行泄密分析;当根据所述视频信息确定存在泄密行为,对所述云桌面进行锁屏,保存第一目标时间段内的所述视频信息,其中,所述第一目标时间段根据确定存在泄密行为的时刻而确定。根据在云桌面上执行的目标操作,云桌面服务器会发出第一触发指令,进而可以接收到云桌面终端根据第一触发指令采集的视频信息,接着对视频信息进行泄密分析,分析是否存在移动终端偷拍等泄密行为,当根据视
频信息分析确定存在泄密行为时,对云桌面实行锁屏操作,从而在源头上杜绝了涉密信息的泄露,另外,还同时保存确定有泄密行为的视频信息,有利于进行事后审计。此外,云桌面终端进行视频采集是根据用户在云桌面上执行的目标操作而触发的,而且视频采集只针对目标时段进行采集,因此可以有效保护用户的隐私安全。
本领域普通技术人员可以理解,上文中所公开方法中的全部或某些步骤、系统可以被实施为软件、固件、硬件及其适当的组合。某些物理组件或所有物理组件可以被实施为由处理器,如中央处理器、数字信号处理器或微处理器执行的软件,或者被实施为硬件,或者被实施为集成电路,如专用集成电路。这样的软件可以分布在计算机可读介质上,计算机可读介质可以包括计算机存储介质(或非暂时性介质)和通信介质(或暂时性介质)。如本领域普通技术人员公知的,术语计算机存储介质包括在用于存储信息(诸如计算机可读指令、数据结构、程序模块或其他数据)的任何方法或技术中实施的易失性和非易失性、可移除和不可移除介质。计算机存储介质包括但不限于RAM、ROM、EEPROM、闪存或其他存储单元技术、CD-ROM、数字多功能盘(DVD)或其他光盘存储、磁盒、磁带、磁盘存储或其他磁存储装置、或者可以用于存储期望的信息并且可以被计算机访问的任何其他的介质。此外,本领域普通技术人员公知的是,通信介质通常包含计算机可读指令、数据结构、程序模块或者诸如载波或其他传输机制之类的调制数据信号中的其他数据,并且可包括任何信息递送介质。
Claims (10)
- 一种防信息泄露方法,包括:接收云桌面终端发送的视频信息,其中,所述视频信息由所述云桌面终端在接收到第一触发指令的情况下采集得到,所述第一触发指令由云桌面服务器响应于在云桌面执行的目标操作而发出;对所述视频信息进行泄密分析;当根据所述视频信息确定存在泄密行为,对所述云桌面进行锁屏,保存第一目标时间段内的所述视频信息,其中,所述第一目标时间段根据确定存在泄密行为的时刻而确定。
- 根据权利要求1所述的防信息泄露方法,其中,所述对所述视频信息进行泄密分析,包括:缓存第二目标时间段内的所述视频信息,其中,所述第二目标时间段内的所述视频信息包括所述第一目标时间段内的所述视频信息;对所述第二目标时间段内的所述视频信息进行泄密分析。
- 根据权利要求1所述的防信息泄露方法,其中,所述对所述云桌面进行锁屏后,所述防信息泄露方法还包括:生成第一告警信息;向所述云桌面终端发送所述第一告警信息,使得所述云桌面终端显示所述第一告警信息。
- 根据权利要求1所述的防信息泄露方法,其中,所述对所述云桌面进行锁屏后,所述防信息泄露方法还包括:生成第二告警信息;向管理终端发送所述第二告警信息。
- 根据权利要求1所述的防信息泄露方法,其中,所述对所述云桌面进行锁屏后,所述防信息泄露方法还包括:生成禁用时长信息;根据所述禁用时长信息禁用登录云桌面系统的账号。
- 根据权利要求1所述的防信息泄露方法,其中,所述目标操作包括如下之一:登录云桌面系统;或打开涉密文件;或触发防泄密控件。
- 根据权利要求1所述的防信息泄露方法,其中,所述防信息泄露方法还包括:当根据所述视频信息确定不存在泄密行为,维持所述云桌面的当前运行状态。
- 根据权利要求1所述的防信息泄露方法,其中,所述接收云桌面终端发送的视频信息之前,所述防信息泄露方法还包括:响应于在所述云桌面执行所述目标操作,生成所述第一触发指令;向所述云桌面终端发送所述第一触发指令,使得所述云桌面终端根据所述第一触发指令采集所述视频信息。
- 一种防信息泄露装置,包括:存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现如权利要求1至8中任意一项所述的 防信息泄露方法。
- 一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行权利要求1至8中任意一项所述的防信息泄露方法。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210875550.2 | 2022-07-25 | ||
CN202210875550.2A CN117494109A (zh) | 2022-07-25 | 2022-07-25 | 防信息泄露方法及其装置、存储介质 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2024021883A1 true WO2024021883A1 (zh) | 2024-02-01 |
Family
ID=89676922
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2023/098609 WO2024021883A1 (zh) | 2022-07-25 | 2023-06-06 | 防信息泄露方法及其装置、存储介质 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN117494109A (zh) |
WO (1) | WO2024021883A1 (zh) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112257124A (zh) * | 2020-09-29 | 2021-01-22 | 西安万像电子科技有限公司 | 图像处理方法及装置 |
CN112884641A (zh) * | 2021-03-05 | 2021-06-01 | 西安万像电子科技有限公司 | 图像显示处理的方法、装置和系统 |
CN113012033A (zh) * | 2021-03-05 | 2021-06-22 | 西安万像电子科技有限公司 | 图像显示处理的方法、装置和系统 |
CN113761515A (zh) * | 2021-08-20 | 2021-12-07 | 上海酷栈科技有限公司 | 一种云桌面安全检测方法、系统、计算设备和存储介质 |
-
2022
- 2022-07-25 CN CN202210875550.2A patent/CN117494109A/zh active Pending
-
2023
- 2023-06-06 WO PCT/CN2023/098609 patent/WO2024021883A1/zh unknown
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112257124A (zh) * | 2020-09-29 | 2021-01-22 | 西安万像电子科技有限公司 | 图像处理方法及装置 |
CN112884641A (zh) * | 2021-03-05 | 2021-06-01 | 西安万像电子科技有限公司 | 图像显示处理的方法、装置和系统 |
CN113012033A (zh) * | 2021-03-05 | 2021-06-22 | 西安万像电子科技有限公司 | 图像显示处理的方法、装置和系统 |
CN113761515A (zh) * | 2021-08-20 | 2021-12-07 | 上海酷栈科技有限公司 | 一种云桌面安全检测方法、系统、计算设备和存储介质 |
Also Published As
Publication number | Publication date |
---|---|
CN117494109A (zh) | 2024-02-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11394555B2 (en) | Mobile terminal privacy protection method and protection apparatus, and mobile terminal | |
US9826093B2 (en) | Mobile terminal calling request message processing method, device and system | |
US9734352B2 (en) | Data protection based on user and gesture recognition | |
US8719909B2 (en) | System for monitoring the unauthorized use of a device | |
US20160267290A1 (en) | Information viewing method, device, system and storage medium | |
WO2017166582A1 (zh) | 支付方法及装置 | |
US9800577B2 (en) | Method and apparatus for controlling communications terminal and corresponding communications terminal | |
WO2021249181A1 (zh) | 用于保护隐私的方法、装置和系统 | |
CN109711148A (zh) | 应用程序行为的拦截方法、装置、计算机设备和存储介质 | |
CN106485170A (zh) | 一种信息输入方法和装置 | |
CN104091119A (zh) | 一种移动终端及其数据的保护方法、保护系统 | |
KR101643936B1 (ko) | 모니터 보안시스템 | |
GB2512140A (en) | Messaging system and method | |
WO2024021883A1 (zh) | 防信息泄露方法及其装置、存储介质 | |
US20200026866A1 (en) | Method and device for covering private data | |
JP2023068624A (ja) | オペレータ不正検知システム | |
CN110263521A (zh) | 登入保护方法及装置、系统、电子设备和存储介质 | |
CN113672925B (zh) | 阻止勒索软件攻击的方法、装置、存储介质及电子设备 | |
CN114547631B (zh) | 终端控制方法、装置及终端 | |
CN115086478A (zh) | 一种终端信息保密方法、装置、电子设备及存储介质 | |
GB2529392A (en) | Detection of webcam abuse | |
CN111125660B (zh) | 一种隐私保护方法、移动终端和具有存储功能的装置 | |
KR20180003897A (ko) | 전자 문서의 유출 방지 방법, 디바이스 및 컴퓨터 판독가능 매체 | |
WO2018232657A1 (zh) | 一种隐私信息保护方法及电子设备 | |
US12107854B2 (en) | Continuous multifactor authentication system integration with corporate security systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 23845096 Country of ref document: EP Kind code of ref document: A1 |