CN106897613B - Operation execution method and device - Google Patents
Operation execution method and deviceDownload PDFInfo
- Publication number
- CN106897613B CN106897613BCN201510963209.2ACN201510963209ACN106897613BCN 106897613 BCN106897613 BCN 106897613BCN 201510963209 ACN201510963209 ACN 201510963209ACN 106897613 BCN106897613 BCN 106897613B
- Authority
- CN
- China
- Prior art keywords
- application software
- monitored
- event
- identifier
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
- Stored Programmes (AREA)
Abstract
Translated fromChinese
Description
Technical Field
The present application relates to the field of data security, and in particular, to an operation execution method and apparatus.
Background
With the popularity of paperless office, it is becoming more common for employees of a business to use their own user terminals to process transactions. For example, an enterprise employee may install work-specific software provided by the enterprise using a mobile phone for his own use, so that the work-specific software may be used to perform conference room booking, video call with a client, or work condition reporting. The data generated or transmitted by these transaction processes, which are often work related, may be referred to as work data.
In addition to the work-specific software capable of generating the work data, a part of application software installed on a user terminal such as a mobile phone may also generate or transmit the work data, such as an email.
Due to the data of the above-mentioned application software, it is likely to be accessed, copied, transmitted or modified by other application software, and so on, if the other application software is malicious software that expects to steal the working data, the working data faces a very large security risk.
At present, how to ensure the security of these working data becomes a problem to be solved urgently.
Disclosure of Invention
The embodiment of the application provides an operation execution method, which is used for providing a scheme for ensuring the data security of application software.
The embodiment of the application further provides an operation execution device, which is used for providing a scheme for ensuring the data security of the application software.
The embodiment of the application adopts the following technical scheme:
an operation execution method comprising:
acquiring an identifier of application software to be monitored;
determining application software with the identification from locally installed application software according to the identification;
and executing preset operation for ensuring the data security of the application software with the identification aiming at the application software with the identification.
An operation execution apparatus comprising:
the acquisition unit is used for acquiring the identifier of the application software to be monitored;
the screening unit is used for acquiring the identifier of the application software to be monitored according to the acquisition unit and determining the application software with the identifier from the locally installed application software;
and the execution unit is used for executing preset operation for ensuring the data security of the application software with the identification aiming at the application software with the identification determined by the screening unit.
The embodiment of the application adopts at least one technical scheme which can achieve the following beneficial effects:
the method includes the steps of determining corresponding application software from locally installed application software according to an identifier of the application software to be monitored, and executing an operation for ensuring data security on the determined application software, for example, executing an operation corresponding to a specified event for ensuring data security of the application software with the identifier when the application software with the identifier is monitored to have the specified event, and/or executing an encryption operation on data acquired, generated, transmitted or stored by the application software with the identifier, so that a scheme capable of ensuring data security of the application software is provided.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic flow chart illustrating an implementation of an operation execution method according to an embodiment of the present invention;
fig. 2 is a schematic view illustrating a process flow of an event for installing application software on a user terminal according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an operation execution device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.
Example 1
In order to ensure the data security of the application software, embodiment 1 of the present invention provides an operation execution method. The execution main body of the method may be, but is not limited to, at least one of a user terminal such as a mobile phone, a tablet Computer, and a Personal Computer (PC). In addition, the execution subject of the method may also be Application software itself, such as an Application (Application) that can be installed and run on the user terminal, or Application software that is installed and run on a PC.
For convenience of description, the following description will be made of an embodiment of the method by taking an execution subject of the method as application software. It is understood that the implementation of the method as application software is only an exemplary illustration and should not be construed as a limitation of the method. To distinguish from other application software mentioned in the embodiments of the present application, the application software as the execution subject may be referred to as "monitoring software".
The monitoring software serving as the execution subject in the embodiment of the present application may have some other functions besides the function of supporting monitoring of other application software and/or encrypting data in a database of other application software. For example, but not limited to, at least one of the following functions may be provided:
Storage function-can store data of other application software, such as short message content, mailing address, address book information, etc.; the antivirus function is that when other application software is infected with viruses, the antivirus operation can be carried out on the infected area of the application software; interception function-intercepting other applications to perform some unsafe operation or some illegal call.
Specifically, an implementation flow diagram of the operation execution method provided in embodiment 1 is shown in fig. 1, and includes the following main steps:
the application software to be monitored generally refers to application software that can be installed locally in the user terminal, such as a short message application, a telephone application, a mail application, and the like.
The application software to be monitored can acquire, generate, transmit or store data of one type or more than one type. The categories referred to herein may be classified according to the purpose of the data. For example, data is divided according to the purpose of use, and data related to work (referred to as work data) and data not related to work (referred to as private data) may be divided. In the embodiment of the present application, the format, structure, specific content, and the like of the data related to or unrelated to the work may be defined according to the actual situation, and the format, structure, specific content, and the like of the data related to or unrelated to the work are not limited in the embodiment of the present application.
In particular, the application software to be monitored in the embodiment of the present application may refer to, for example, application software capable of acquiring, generating, transmitting, or storing working data.
The identifier of the application software described in the embodiments of the present application generally refers to a symbol or code that can reflect the characteristics of the application software. In this embodiment, the identifier of the application software may be a software name set for the application software by a software developer when writing a program, such as: short message, telephone, mail, etc., or some kind of identification set by the server or software developer for the application software to distinguish the application software from the application software not to be monitored.
In the embodiment of the present application, the monitoring software may, but is not limited to, acquire the identifier of the application software to be monitored by using one of the following manners:
1. the method comprises the steps that monitoring software acquires a list which is preset in an installation package of the monitoring software and contains an identifier of application software to be monitored;
this list may be set, for example, by a software developer monitoring the software.
2. And the monitoring software receives the identifier of the application software to be monitored, which is sent by the server.
For example, the monitoring software may send an identifier obtaining request of the application software to be monitored to the server, so as to trigger the server to send the identifier of the application software to be monitored to the monitoring software; alternatively, the server may also actively launch the identification of the application software to be monitored to the monitoring software.
3. The monitoring software acquires the identifier of the application software to be monitored, which is input by a user.
Andstep 12, after the monitoring software acquires the identifier of the application software to be monitored, determining the application software with the identifier from the locally installed application software.
For convenience of description, the application software having the identifier determined later is referred to as the application software to be monitored.
The monitoring software may determine, according to the obtained identifier of the application software to be monitored, the application software having the identifier from the locally installed application software by comparing the locally installed identifier with the obtained identifier one by one. The identifier of the locally installed application software is generally stored in a local folder or a local database.
For example, taking an application (hereinafter referred to as an android application) that can be installed in an android system as an example, a typical android installation package (APK) usually includes an android mainfesk xml file, which is used to declare a condition required for running the application, such as a required permission, to the android system, and describes information of a name, a version, a permission, an application library file, and the like of application software.
After the APK is installed locally, the android mainfesk.xml file is moved to a data/app directory of the device as it is, and the monitoring software can obtain information such as the name of the application software (i.e., the identifier of the application software) in the android mainfesk.xml file from the directory. After the monitoring software acquires the identifier of the application software to be monitored, the name of the application software stored in the data/app directory of the device may be compared with the identifier (assumed to be also the name) of the application software to be monitored acquired by executingstep 11, and when the comparison result shows that the name of the application software stored in the data/app directory is consistent with the identifier of the application software to be monitored, the application software having the name of the application software is determined as the application software to be monitored, otherwise, the application software having the name of the application software is not determined as the application software to be monitored.
And step 13, executing preset operation for ensuring the data safety of the application software to be monitored aiming at the application software to be monitored.
The data security, among others, may include but is not limited to five aspects, namely, ensuring the confidentiality, authenticity, integrity, unauthorized copying of data, and security of the hosted system. The data security itself includes a wide range of information, including how to prevent the leakage of business enterprise secrets, prevent teenagers from browsing unhealthy information, leakage of personal information, etc. The present embodiment is described primarily with respect to the confidential, unauthorized copying of operational data of application software.
In this embodiment of the application, in order to ensure data security of the application software to be monitored, the executing, by the monitoring software, of the preset operation for ensuring data security of the application software to be monitored by the monitoring software may include:
and when monitoring that the application software to be monitored generates the specified event, the monitoring software executes the operation corresponding to the specified event and used for ensuring the data safety of the application software to be monitored.
In this embodiment of the application, the monitoring software may send, for example, related information of a specified event to the operating system, so that the operating system monitors whether the specified event occurs to the application software to be monitored according to the related information. The monitoring software may obtain the monitoring result from a notification message containing the monitoring result sent by the operating system to the monitoring software. After the monitoring software obtains the monitoring result, if the monitoring result is determined to indicate that the application software to be monitored has the specified event, the monitoring software executes the operation corresponding to the specified event and used for ensuring the data safety of the application software to be monitored.
Or, the monitoring software may also send the relevant information of the specified event to the application software to be monitored, so that the application software to be monitored sends a notification message to the monitoring software when determining that the specified event occurs in the application software to be monitored according to the relevant information.
The information related to the specific event may be, for example, some characteristic of the specific event, such as a characteristic that "the application software to be monitored receives a database access request sent by another application," is a "database access event," and the like.
Generally, the specified event may be an event of the application software to be monitored running alone, for example, the application software to be monitored "email application" sends information such as text and pictures to a contact through a network; the specified event may also be that the database of the application software to be monitored is requested to be accessed (hereinafter referred to as a request access event of the database), such as a "short message application" requesting to access the database of the application software to be monitored, an "email application"; the specified event can also be remotely called for the application software to be monitored; and so on.
Taking an access request event of the database of the application software to be monitored as an example, the executing an operation corresponding to the event for ensuring the data security of the application software to be monitored may include:
Judging whether the event meets the specified access condition; if not, prohibiting the initiator of the access request event from accessing the database of the application software to be monitored; and if so, allowing the initiator of the access request event to access the database of the application software to be monitored.
The access condition may specifically include at least one of the following:
1. the initiator requesting the access event has the right to access the database of the application software to be monitored.
For example, the monitoring software may store a "white list" in which the names of the application software having access to the database of the application software to be monitored are set. For example, in an actual application, application software that does not pose a threat to the data security of application software to be monitored may be predetermined, and the determined application software may be used as trusted software to generate a white list including names of the trusted software.
Based on the preset white list, when monitoring the access request event, the monitoring software can judge whether the name of the initiator of the event is in the white list or not; if so, judging that the initiator has the authority of accessing the database of the application software to be monitored, and allowing the initiator to access the database; if not, the initiator is judged to have the authority of accessing the database of the application software to be monitored, and therefore the initiator is forbidden to access the database. For example, the monitoring software may send a disable request to the operating system to trigger the operating system to intercept the operation instructions of the initiator for the database.
The initiator may be a server, a non-monitored application or a monitored application.
2. The occurrence time of the request access event is in a preset time range.
For example, the monitoring software may set a time range "7 o 'clock to 21 o' clock" in which the application software to be monitored is allowed to access or be accessed by other application software. The time range provided in this embodiment is only used as a reference example, and is not limited to the time range. For example, in an actual application, the application software that does not pose a threat to the data security of the application software to be monitored may be predetermined, and the determined application software may be notified of the set time range.
Continuing with the example of using the short message application as the initiator to access the email application, if the email application is used as the application software to be monitored and the monitoring software sets the time range of the email application allowed to be accessed to be 7 to 21 points, when the short message application is used as the initiator to access the database of the email application, if the access request event of the database occurs between 7 to 21 points set by the monitoring software, the short message application may be allowed to access the database, and if the access request event is outside the time range, the short message application is prohibited from accessing the email application.
Besides allowing the application software to be monitored to have access events within the time range, the monitoring software may also allow other events to occur within the time range, such as: allowing the application software to be monitored to transmit data; allowing the internal data of the application software to be monitored to be modified, deleted, etc.
In the embodiment of the application, whether the initiator requesting the access event has the specified access condition is judged, or whether the initiator requesting the access event has the right to access the database of the application software to be monitored and whether the occurrence time of the access event is within the preset time range are judged. And if the obtained judgment results are yes, allowing the initiator requesting the access event to access the database of the application software to be monitored, otherwise, forbidding the initiator requesting the access event to access the database of the application software to be monitored.
It should be noted that, in the embodiment of the present application, the monitoring software may request the operating system to execute an access operation, initiated by an initiator that intercepts a request access event, for the database of the application software to be monitored, by sending an instruction to the operating system, so as to achieve the purpose of prohibiting the initiator from accessing the database of the application software to be monitored. The transmitted instruction may be referred to as an access prohibition instruction.
Correspondingly, if the monitoring software does not send the instruction to the operating system, the purpose of allowing the initiator to access the database of the application software to be monitored can be achieved; or, the monitoring software may request the operating system to release the access operation, initiated by the initiator requesting the access event, for the database of the application software to be monitored by sending an "access permission instruction" to the operating system, and the purpose of allowing the initiator to access the database of the application software to be monitored may also be achieved.
According to the embodiment of the application software monitoring method and device, whether the specified event occurs to the application software to be monitored or not is monitored in real time through the monitoring software, and when the specified event occurs to the application software to be monitored, the authority and/or the preset time range are used as the basis for forbidding the untrusted application software to perform the relevant operation on the application software to be monitored, so that the data security of the application software to be monitored is effectively guaranteed.
In order to ensure the data security of the application to be monitored, the monitoring software executing preset operations for ensuring the data security of the application software to be monitored may further include:
the monitoring software encrypts data acquired, generated, transmitted or stored by the application software to be monitored.
The data generally refers to work data related to work, the monitoring software can store a 'work data feature list', and the monitoring software can determine the work data in the data acquired, generated, transmitted or stored by the application software to be monitored through the feature list so as to encrypt the work data. Taking a certain short message generated by the short message application as an example, if the number of a sender or the number of a receiver of the short message is the same as a certain number in an enterprise address list (corresponding to a "working data feature list") acquired by the monitoring software, it is indicated that the short message has working data features, so that the short message is determined to be working data and the working data is encrypted. Taking a certain email sent by an email application as an example, if the suffix of the receiver mailbox or the sender mailbox of the email is the same as the suffix (corresponding to the "working data feature") of the enterprise mailbox acquired by the monitoring software, it indicates that the email has the working data feature, and thus the email is determined to be the working data and encrypted.
In the embodiment of the application, data are encrypted, and the method mainly comprises the step of converting a plaintext into a ciphertext through an encryption algorithm and an encryption key. This may enable other applications to convert the ciphertext into plaintext through a decryption rule and a key when acquiring data generated, transmitted, or stored by the application software to be monitored. In the present embodiment, the execution Standard of the Encryption algorithm used may be Advanced Encryption Standard (AES). The basic requirement of the AES is that a symmetric block cipher system is adopted, the minimum support of the key length is 128, 192 and 256, the block length is 128 bits, and the algorithm is easy to realize by various hardware and software.
The above-mentioned short message application is used to access the e-mail application of the application software to be monitored, the e-mail application is the application software to be monitored, and the monitoring software encrypts the data stored in the e-mail application in advance. For example:
the plaintext stored by the email application is:
00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff
the 192 byte encryption key is:
00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17
encrypting a plaintext stored in an e-mail application through an encryption key and a preset encryption algorithm to obtain a ciphertext:
dd a9 7c a4 86 4c df c0 af 70 a0 ec 0d 71 91
then, if the short message application obtains the above-mentioned ciphertext "dd a 97 c a 4864 c df c0 af 70 a0 ec 0d 7191" by accessing the data stored in its email application, the short message application needs to know the corresponding encryption key and decryption algorithm to decrypt the ciphertext to obtain the corresponding plaintext. In the embodiment of the application, the application software which does not threaten the data security of the application software to be monitored can be determined in advance, and the encryption key and the decryption algorithm are notified to the determined application software.
The monitoring software encrypts the data acquired, generated, transmitted or stored by the application software to be monitored, so that the application which cannot acquire the decryption algorithm and the secret key cannot acquire the data of the plaintext, thereby ensuring the data security of the application software to be monitored to a certain extent. In particular, when the encrypted data is the working data, in this way, the security of the working data can be ensured to some extent.
In this embodiment of the application, the monitoring software may perform, in addition to the preset operation for ensuring data security for the locally installed application to be monitored, the monitoring for the application corresponding to the application event to be installed that occurs at the user terminal, and if the application corresponding to the application event to be installed has the identifier of the application to be monitored, which is obtained by performingstep 11, the monitoring software may perform the preset operation for ensuring data security of the application to be monitored, on the application corresponding to the application event to be installed.
The following illustrates the processing flow of the monitoring software for the user terminal to have an event of installing the application software. The process can be shown in fig. 2, for example, and the main steps include:
the monitoring software can compare the obtained identifier of the application software to be monitored with the installation application software, and if the installation application software has the identifier of the application software to be monitored, the monitoring software determines that the installation application software is the application software to be monitored.
Taking the application software corresponding to the application software event installation as android application software as an example, the name of the application software is stored in an android mainfesk.xml file included in the application software. When the application software is installed on a user terminal, the monitoring software can compare the name of the application software stored in an android mainfesk.xml file included in the installed application software with the obtained identifier of the application software to be monitored, and if the name of the application software is the same as the identifier of the application software to be monitored obtained by the monitoring software, the application software is judged to be the application software to be monitored.
And step 23, the monitoring software executes preset operation for ensuring data security on the installation application software.
For a specific implementation manner ofstep 23, reference may be made to the specific implementation manner of step 13, which is not described herein again.
By adopting the scheme provided by the embodiment of the application, the corresponding application software can be determined from the locally installed application software according to the identifier of the application software to be monitored, and the operation for ensuring the data security is executed on the determined application software, so that the scheme capable of ensuring the data security of the application software is provided.
It should be noted that the execution subjects of the steps of the method provided in embodiment 1 may be the same device, or different devices may be used as the execution subjects of the method. For example, the execution subject ofsteps step 11 may be device 1, and the execution subjects ofstep 12 and step 13 may be device 2; and so on.
Example 2
In order to ensure the data security of the application software, embodiment 2 of the present invention provides an operation execution device. The specific structural diagram of the device is shown in fig. 3, and the device comprises:
an obtainingunit 31, configured to obtain an identifier of application software to be monitored;
thescreening unit 32 is configured to determine, according to the identifier acquired by the acquiringunit 31, application software with the identifier from locally installed application software;
and theexecution unit 33 is configured to execute a preset operation for ensuring data security of the application software to be monitored, for the application software with the identifier determined by the screening unit.
For example, theexecution unit 33 may execute, when it is monitored that the specified event occurs in the application software having the identifier, an operation corresponding to the specified event for ensuring the data security of the application software to be monitored;
Specifically, when a request access event for the database of the application software with the identification is monitored, whether the request access event meets a specified access condition is judged. The access conditions referred to herein may include, but are not limited to: the initiator of the request access event has the right to access the database, and/or the occurrence time of the request access event is within a preset time range.
If the request access event does not accord with the specified access condition, prohibiting the initiator of the request access event from accessing the database;
and if the request access event meets the specified access condition, allowing the initiator to access the database.
For example, theexecution unit 33 may perform an encryption operation on data transmitted or stored by the application software having the identifier.
The operation performing apparatus may further include:
theidentification unit 34 is configured to, when an application software installation event occurs locally, determine whether the application software corresponding to the application software installation event has an identifier of the application software to be monitored, which is obtained by the monitoring software; then the process of the first step is carried out,
theexecution unit 33 may be configured to execute, for the application software with the identifier, a preset operation for ensuring data security of the application software to be monitored.
By adopting the operation executing device provided by the embodiment of the invention, thescreening unit 32 can determine the application software to be monitored on the user terminal according to the identifier of the application software to be monitored, which is acquired by the acquiringunit 31, and the executingunit 33 executes the operation for ensuring the safety of the application software to be monitored on the determined application software to be monitored, so that the data safety of the application software to be monitored is ensured.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, Compact Disc Read Only Memory (CDROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (6)
1. An operation execution method, comprising:
acquiring an identifier of application software to be monitored;
determining application software with the identification from locally installed application software according to the identification;
for the application software with the identification, at least one of the following operations is executed:
When monitoring that the application software with the identification generates a specified event, executing an operation corresponding to the specified event and used for ensuring the data security of the application software with the identification;
executing encryption operation on the data acquired, generated, transmitted or stored by the application software with the identification;
when the application software with the identifier is monitored to generate a specified event, executing an operation corresponding to the specified event and used for ensuring the data security of the application software with the identifier, wherein the operation comprises the following steps:
when a request access event for the database of the application software with the identification is monitored, judging whether the request access event meets a specified access condition;
if not, prohibiting the initiator of the access request event from accessing the database;
if yes, allowing the initiator to access the database;
wherein the access condition includes at least one of:
the initiator of the access request event has the right to access the database;
and the occurrence time of the request access event is in a preset time range.
2. The method of claim 1, wherein the application software to be monitored comprises:
And the application software is used for acquiring, generating, transmitting or storing the data with the working data characteristics.
3. The method of claim 1, wherein the method further comprises:
when an application software installation event occurs locally, judging whether application software corresponding to the application software installation event has the identifier or not;
and if the corresponding application software has the identifier, executing preset operation for ensuring the data safety of the application software to be monitored aiming at the application software corresponding to the application software installation event.
4. An operation execution apparatus, comprising:
the acquisition unit is used for acquiring the identifier of the application software to be monitored;
the screening unit is used for acquiring the identifier of the application software to be monitored according to the acquisition unit and determining the application software with the identifier from the locally installed application software;
an execution unit, configured to, for the application software with the identifier determined by the screening unit, perform at least one of the following operations:
when monitoring that the application software with the identification generates a specified event, executing an operation corresponding to the specified event and used for ensuring the data security of the application software with the identification;
Executing encryption operation on the data acquired, generated, transmitted or stored by the application software with the identification;
when the application software with the identifier is monitored to generate a specified event, executing an operation corresponding to the specified event and used for ensuring the data security of the application software with the identifier, wherein the operation comprises the following steps:
when a request access event for the database of the application software with the identification is monitored, judging whether the request access event meets a specified access condition;
if not, prohibiting the initiator of the access request event from accessing the database;
if yes, allowing the initiator to access the database;
wherein the access condition includes at least one of:
the initiator of the access request event has the right to access the database;
and the occurrence time of the request access event is in a preset time range.
5. The operation execution apparatus according to claim 4, wherein the application software to be monitored comprises:
and the application software is used for acquiring, generating, transmitting or storing the data with the working data characteristics.
6. The operation execution apparatus of claim 4, wherein the apparatus further comprises:
The identification unit is used for judging whether the application software corresponding to the application software installation event has the identifier or not when the application software installation event occurs locally;
and the execution unit is also used for executing preset operation for ensuring the data safety of the application software to be monitored aiming at the application software corresponding to the application software installation event.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510963209.2ACN106897613B (en) | 2015-12-21 | 2015-12-21 | Operation execution method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510963209.2ACN106897613B (en) | 2015-12-21 | 2015-12-21 | Operation execution method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106897613A CN106897613A (en) | 2017-06-27 |
| CN106897613Btrue CN106897613B (en) | 2021-09-28 |
Family
ID=59190102
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510963209.2AActiveCN106897613B (en) | 2015-12-21 | 2015-12-21 | Operation execution method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106897613B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113746690B (en)* | 2020-08-12 | 2023-01-31 | 西安京迅递供应链科技有限公司 | Method and device for monitoring flow data and computer readable storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101923610A (en)* | 2009-06-09 | 2010-12-22 | 深圳市联软科技有限公司 | Data protection method and system |
| CN102340398A (en)* | 2010-07-27 | 2012-02-01 | 中国移动通信有限公司 | Security Policy Setting, Confirmation Method, Application Program Execution Operation Method and Device |
| CN104468558A (en)* | 2014-11-28 | 2015-03-25 | 东莞宇龙通信科技有限公司 | Data security management method, device and terminal |
| CN104700029A (en)* | 2013-12-04 | 2015-06-10 | 中国移动通信集团广东有限公司 | On-line detecting method, device and server for software |
- 2015
- 2015-12-21CNCN201510963209.2Apatent/CN106897613B/enactiveActive
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101923610A (en)* | 2009-06-09 | 2010-12-22 | 深圳市联软科技有限公司 | Data protection method and system |
| CN102340398A (en)* | 2010-07-27 | 2012-02-01 | 中国移动通信有限公司 | Security Policy Setting, Confirmation Method, Application Program Execution Operation Method and Device |
| CN104700029A (en)* | 2013-12-04 | 2015-06-10 | 中国移动通信集团广东有限公司 | On-line detecting method, device and server for software |
| CN104468558A (en)* | 2014-11-28 | 2015-03-25 | 东莞宇龙通信科技有限公司 | Data security management method, device and terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106897613A (en) | 2017-06-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112818380B (en) | Backtracking processing method, device, equipment and system for business behaviors | |
| US10708051B2 (en) | Controlled access to data in a sandboxed environment | |
| CN109923548B (en) | Method, system and computer program product for implementing data protection by supervising process access to encrypted data | |
| CN106980794B (en) | TrustZone-based file encryption and decryption method and device and terminal equipment | |
| US9479333B2 (en) | Method of managing sensitive data in mobile terminal and escrow server for performing same | |
| US8489889B1 (en) | Method and apparatus for restricting access to encrypted data | |
| US9594921B2 (en) | System and method to provide server control for access to mobile client data | |
| JP6506884B2 (en) | System and method for preventing data loss while maintaining confidentiality | |
| CN106992851B (en) | TrustZone-based database file password encryption and decryption method and device and terminal equipment | |
| US10164980B1 (en) | Method and apparatus for sharing data from a secured environment | |
| US11295029B1 (en) | Computer file security using extended metadata | |
| EP4218204B1 (en) | Encrypted file control | |
| CA3086236A1 (en) | Encrypted storage of data | |
| Rottermanner et al. | Privacy and data protection in smartphone messengers | |
| CN116233158A (en) | A data storage method, device, equipment and storage medium | |
| CN106453398B (en) | A kind of data encryption system and method | |
| CN106897613B (en) | Operation execution method and device | |
| Wang et al. | MobileGuardian: A security policy enforcement framework for mobile devices | |
| US11841970B1 (en) | Systems and methods for preventing information leakage | |
| US9537842B2 (en) | Secondary communications channel facilitating document security | |
| CN105243330A (en) | Protection method and system facing internal data transfer process of Android system | |
| Talreja et al. | Sectrans: Enhacing user privacy on android platform | |
| KR101644070B1 (en) | Email service method and system for mobile | |
| Samper et al. | Leveraging remote attestation APIs for secure image sharing in messaging apps | |
| Cosby Jr | How Secure Are Android and Apple’s Operating Systems and Based Applications Against Cyber Attacks and Cyber Crime |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right | Effective date of registration:20220819 Address after:No. 9-3-401, No. 39, Gaoxin 6th Road, Binhai Science and Technology Park, High-tech Zone, Binhai New District, Tianjin 300000 Patentee after:3600 Technology Group Co.,Ltd. Address before:100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before:BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before:Qizhi software (Beijing) Co.,Ltd. |