CN113342449A - Data protection method and device - Google Patents
Data protection method and deviceDownload PDFInfo
- Publication number
- CN113342449A CN113342449ACN202110731637.8ACN202110731637ACN113342449ACN 113342449 ACN113342449 ACN 113342449ACN 202110731637 ACN202110731637 ACN 202110731637ACN 113342449 ACN113342449 ACN 113342449A
- Authority
- CN
- China
- Prior art keywords
- information
- display information
- acquisition
- data protection
- obtaining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/451—Execution arrangements for user interfaces
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Human Computer Interaction (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- User Interface Of Digital Computer (AREA)
Abstract
Description
Technical Field
The invention relates to the technical field of computers, in particular to a data protection method and device.
Background
Currently, a user can acquire different types of information on a terminal device through a screen capture function of the terminal device or a copying function and a sharing function of a client, and the like, and respectively obtain a picture, copied information, shared information and the like for screen capture, and send the different types of information to other terminal devices. If enterprise sensitive information exists in the information, information leakage can be caused.
Disclosure of Invention
In view of this, embodiments of the present invention provide a data protection method and apparatus, which can implement protection on display information.
To achieve the above object, according to an aspect of an embodiment of the present invention, there is provided a data protection method including:
responding to an acquisition operation aiming at display information, and acquiring process information of a process to which the display information belongs, wherein the acquisition operation indicates any one of screen capture operation, copy operation, sharing operation and drag operation;
judging whether the process information meets an operation execution strategy corresponding to the acquisition operation, and if so, allowing the acquisition operation aiming at the display information; otherwise, performing protection processing on the obtaining operation.
Alternatively,
for the case where the acquiring operation indicates a screen capture operation,
the operation execution strategy corresponding to the obtaining operation comprises the following steps:
and the state of the interface which bears the display information and is indicated by the process information is in a hidden state or a minimized state.
Optionally, the obtaining an operation execution policy corresponding to the operation further includes:
the process information further indicates an editing process.
Optionally, for a case where the obtaining operation indicates a sharing operation or a dragging operation,
the operation execution strategy corresponding to the obtaining operation comprises the following steps:
under the condition that the process information further indicates an editing process, matching the display information or the file to which the display information belongs with preset first key information;
if the matching fails, determining that the process information meets an operation execution strategy corresponding to the acquisition operation; otherwise, determining that the process information does not meet the operation execution strategy corresponding to the acquisition operation.
Optionally, for the case where the obtaining operation indicates a copy operation,
the operation execution strategy corresponding to the obtaining operation comprises the following steps:
and determining that the application executing the paste operation contains an editing process when the paste operation corresponding to the copy operation is received.
Optionally, the obtaining an operation execution policy corresponding to the operation further includes:
under the condition that the application executing the paste operation does not contain an editing process, recording a first application process and a first window handle to which the copy operation belongs;
matching a second application process and a second window handle for executing the paste operation with the first application process and the first window handle respectively;
and if the matching is successful, determining that the process information meets the operation execution strategy corresponding to the acquisition operation.
Optionally, the data protection method further includes: establishing and storing an incidence relation between the second key information and the protection strategy;
the protecting the obtaining operation includes:
judging whether the display information or the file to which the display information belongs includes the second key information, if so, determining a target protection strategy for the display information or the file to which the display information belongs according to the second key information and the association relation; processing the display information or the file where the display information is located by using the target protection strategy; otherwise, the acquisition operation for the display information is allowed.
In a second aspect, an embodiment of the present invention provides a data protection apparatus, including: an information acquisition unit and a data protection unit, wherein,
the information acquisition unit is used for responding to acquisition operation aiming at display information and acquiring process information of a process to which the display information belongs, wherein the acquisition operation indicates any one of screen capture operation, copy operation, sharing operation and drag operation;
the data protection unit is used for judging whether the process information meets an operation execution strategy corresponding to the acquisition operation, and if so, allowing the acquisition operation aiming at the display information; otherwise, performing protection processing on the obtaining operation.
One embodiment of the above invention has the following advantages or benefits: for the display information aimed at by the obtaining operation, the process information of the process to which the display information belongs can be obtained, and whether the obtaining operation is allowed or the obtaining operation is protected is judged by judging whether the process information meets the operation execution strategy corresponding to the obtaining operation, so that the protection of the display information is realized. In addition, different acquisition operations can be protected in a differentiated manner according to operation execution strategies corresponding to the different acquisition operations.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
FIG. 1 is an exemplary system architecture diagram of an application scenario in which embodiments of the present invention may be applied;
FIG. 2 is a schematic diagram of a main flow of a data protection method according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a relationship structure for dragging from one interface to another interface in accordance with an embodiment of the present invention;
FIG. 4 is a schematic diagram of the main flow of the guard processing for the fetch operation according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of the major elements of a data guard according to an embodiment of the present invention;
fig. 6 is a schematic block diagram of a computer system suitable for use in implementing a terminal device or server of an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
The data protection method and the device provided by the embodiment of the invention can have three application scenes, wherein,
the first application scenario is: each terminal device is used as an independent individual, and the data protection method and the data protection device are installed on each terminal device so as to perform data protection on the application operated by the terminal device.
The second application scenario is: various terminal devices are connected with a server through a network, the data protection method and the data protection device can be installed on the server and/or the terminal devices, and data protection or protection management is carried out on applications operated by the terminal devices through the server.
The third application scenario is: the data protection method and the device are installed on the server, and data protection is carried out on the application operated by the server.
Fig. 1 exemplarily shows a system architecture on which a second application scenario and a third application scenario depend.
As shown in fig. 1, thesystem architecture 100 may includeterminal devices network 104, and aserver 105. Thenetwork 104 serves as a medium for providing communication links between theterminal devices server 105.Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
For the second application scenario, the user may use theterminal devices server 105 may monitor the screen capture operation, the copy-and-paste operation, the sharing operation, the drag operation, and the like of theterminal devices network 104, perform data protection and the like on display information or files targeted by the screen capture operation, display information or files targeted by the copy-and-paste operation, display information or files targeted by the sharing operation, and display information or files targeted by the drag operation, and may record the screen capture operation, the copy-and-paste operation, the sharing operation, the drag operation, and the like existing in the respectiveterminal devices terminal devices
For the third application scenario, the user may use theterminal devices server 105 through thenetwork 104 to send instructions to the server, and receive the execution results of the server for the instructions, and the like. Various editing-like applications, communication client applications, such as shopping-like applications, web browser applications, search-like applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only) may be installed on theserver 105. Theterminal devices remote operation server 105.
Theterminal devices
It should be noted that, for the second application scenario, the data protection method provided in the embodiment of the present invention may be executed by theterminal devices server 105, and accordingly, the data protection device may be generally installed in theterminal devices server 105.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
In the embodiment of the present invention, the display information refers to information displayed through a terminal screen, such as content of a mail, information on a chat window, file names of files such as word, excel, pdf, and file content in files such as word, excel, pdf, and the like.
The screen capturing operation refers to capturing a part or all of a display screen of the terminal device through a screen capturing function of the terminal device or a screen capturing function of some instant chat applications, so as to obtain a part or all of content on the display screen in a picture form.
The copy operation is an operation in which the terminal device copies characters, pictures, symbols, and the like included in an application installed on the terminal device using the application or controlling the application installed on the server by a remote instruction.
The sharing operation is an operation in which the terminal device shares characters, pictures, symbols, and the like included in an application with another terminal device or the like by using the application installed on the terminal device or controlling the application installed on the server through a remote instruction.
The drag operation is an operation in which the terminal device uses an application installed on the terminal device or controls an application installed on the server through a remote instruction, and after characters, pictures, symbols and the like included in the application are selected, the selected characters, pictures, symbols and the like are dragged to another file or window from one file or window.
The characters, pictures, symbols and the like included in the application for realizing the sharing operation, the copying operation or the dragging operation may refer to editable applications, such as word, excel, WPS, PDF and the like, and correspondingly, the characters, pictures, symbols and the like included in the application refer to characters, pictures, symbols and the like in files generated by the editable applications; the application can also be a communication application such as an instant chat application, a mail application, a search application, and the like, and the content in a chat window in the application is text, pictures, files, and the like.
Fig. 2 is a data protection method according to an embodiment of the present invention, and as shown in fig. 2, the data protection method may include the following steps:
step S201: responding to an acquisition operation aiming at the display information, and acquiring process information of a process to which the display information belongs, wherein the acquisition operation indicates any one of screen capture operation, copy operation, sharing operation and drag operation;
step S202: judging whether the process information meets an operation execution strategy corresponding to the acquisition operation, if so, executing the step S203; otherwise, executing step S204;
in this step, for the case that the obtaining operation indicates the screen capture operation, the operation execution policy corresponding to the obtaining operation may include: the state of the interface which bears the display information and is indicated by the process information is in a hidden state or a minimized state; because the hidden state or the minimized state is not generally displayed on the interface, the process information meets the operation execution policy corresponding to the obtaining operation, and the screen capture operation on the display information corresponding to the process information can be allowed. In addition, in order to enable protection of content in the editing-like application, the process information may further indicate an editing process. Namely: the screen capturing operation is directed at the application with the editing process, and the application with the editing process is in a hidden state or a minimized state, so that the screen capturing operation meets the operation execution strategy, and the screen capturing operation can be allowed; the screen capturing operation is performed on the application with the editing process, and the application with the editing process is in a display state or a non-minimized state, so that the screen capturing operation does not meet the operation execution strategy, the screen capturing operation is not allowed, and the screen capturing operation needs to be protected.
For a case where the obtaining operation indicates a sharing operation or a dragging operation, the operation execution policy corresponding to the obtaining operation may include: under the condition that the process information indicates an editing process, matching the display information or a file to which the display information belongs with preset first key information; if the matching fails, determining that the process information meets an operation execution strategy corresponding to the acquisition operation; otherwise, determining that the process information does not meet the operation execution strategy corresponding to the acquisition operation. The first key information may be configured by the user, such as a file name (xx contract, xx internal use manual, etc.), a keyword contained in the file (xx internal regulation of the company, enterprise specification, account number, password, etc.), and the like. That is, the file or the display information having the first key information does not satisfy the operation execution policy and needs to be protected. The drag operation refers to adding selected partial information in one interface to another interface in a drag mode (the drag mode may be specific to a specific operation of the terminal device, such as selecting information, and then holding down a left button of a mouse to drag, so that the mouse enters another interface with the selected information from the one interface), for example, as shown in fig. 3, adding partial content 1 of the interface a to the interface B in a drag mode.
In a case where the obtaining operation indicates a copy operation, in a case where a paste operation corresponding to the copy operation is received, it is determined that an application that performs the paste operation contains an editing process. If the application performing the paste operation contains an editing process, it is determined that an operation execution policy is satisfied, by which setting the user can use a copy and paste function between the edited files.
In addition, for the case that the obtaining operation indicates the copy operation, the operation execution policy corresponding to the copy operation may further include: under the condition that the application for executing the paste operation does not contain an editing process, recording a first application process and a first window handle to which the copy operation belongs; matching a second application process and a second window handle for executing the paste operation with the first application process and the first window handle respectively; and if the matching is successful, determining that the process information meets the operation execution strategy corresponding to the acquisition operation. The window handle refers to an identifier of an object to which a window where the display information belongs, for example, for instant messaging software, the window handle may be an identifier of a chat object in a chat interface, such as a name, a nickname, and the like. That is, the windows corresponding to the same application process and the same window handle can be subjected to copy and paste operations.
It should be noted that the operation execution policy corresponding to the obtaining operation may be configured accordingly according to the user requirement. Specifically, the embodiments of the present invention provide various operation protection modules or templates, and a user may configure corresponding parameters for each operation protection module or template to implement protection.
Step S203: allowing the acquisition operation for the display information and ending the current flow;
step S204: and performing protection processing on the acquisition operation.
The implementation manner of this step S204 may be to directly intercept/block the acquisition operation, or may be as shown in fig. 4.
In the embodiment shown in fig. 2, for the display information targeted by the obtaining operation, the process information of the process to which the display information belongs can be obtained, and whether to allow the obtaining operation or perform protection processing on the obtaining operation is determined by determining whether the process information meets the operation execution policy corresponding to the obtaining operation, so as to implement protection on the display information. In addition, different acquisition operations can be protected in a differentiated manner according to operation execution strategies corresponding to the different acquisition operations.
In this embodiment of the present invention, as shown in fig. 4, the performing protection processing on the obtaining operation by the data protection method may include the following steps:
step S401: establishing and storing an incidence relation between the second key information and the protection strategy;
the second key information may also be set by the user according to actual needs. For example, different protection policies are configured for different sensitive information, enterprise internal information, and the like. The protection strategy can be deleting the sensitive information/the internal information of the enterprise, forbidding the acquisition operation, replacing the sensitive information/the internal information of the enterprise by adopting a preset field, covering the sensitive information/the internal information of the enterprise and the like.
Step S402: judging whether the display information or the file to which the display information belongs includes second key information, if so, executing step S403; otherwise, go to step S405;
step S403: determining a target protection strategy for the display information or the file to which the display information belongs according to the second key information and the association relation;
step S404: processing the display information or the file where the display information is located by using a target protection strategy, and ending the current flow;
for example, the protection policy for the sensitive information a is to replace the sensitive information a with information g, and if the display information includes the sensitive information a or the file to which the display information belongs includes the sensitive information a, the information g can be used to replace the sensitive information a, and the replaced display information is allowed to be subjected to operations such as screen capture, copy and paste, sharing, and dragging.
Step S405: the acquisition operation for the display information is allowed.
As shown in FIG. 5, an embodiment of the present invention provides adata guard 500, where thedata guard 500 may include: aninformation acquisition unit 501, and adata guard unit 502, wherein,
aninformation obtaining unit 501, configured to obtain, in response to an obtaining operation for display information, progress information of a progress to which the display information belongs, where the obtaining operation indicates any one of a screen capture operation, a copy operation, a share operation, and a drag operation;
adata protection unit 502, configured to determine whether the process information satisfies an operation execution policy corresponding to the obtaining operation, and if so, allow the obtaining operation for the display information; otherwise, performing protection processing on the obtaining operation.
In this embodiment of the present invention, the operation execution policy corresponding to the obtaining operation stored in thedata protection unit 502 includes: and aiming at the condition that the screen capturing operation is indicated by the acquiring operation, the state of the interface which is indicated by the process information and bears the display information is in a hidden state or a minimized state.
In this embodiment of the present invention, the operation execution policy corresponding to the obtaining operation stored in thedata protection unit 502 further includes: and aiming at the condition that the acquisition operation indicates screen capture operation, the process information further indicates an editing process.
In this embodiment of the present invention, the operation execution policy corresponding to the obtaining operation stored in thedata protection unit 502 further includes: aiming at the condition that the obtaining operation indicates sharing operation or dragging operation, matching the display information or the file to which the display information belongs with preset first key information under the condition that the process information further indicates an editing process;
if the matching fails, determining that the process information meets an operation execution strategy corresponding to the acquisition operation; otherwise, determining that the process information does not meet the operation execution strategy corresponding to the acquisition operation.
In this embodiment of the present invention, the operation execution policy corresponding to the obtaining operation stored in thedata protection unit 502 further includes: and for the condition that the obtaining operation indicates the copy operation, determining that the application executing the paste operation contains an editing process when the paste operation corresponding to the copy operation is received.
In this embodiment of the present invention, the operation execution policy corresponding to the obtaining operation stored in thedata protection unit 502 further includes: under the condition that the application executing the paste operation does not contain an editing process, recording a first application process and a first window handle to which the copy operation belongs;
matching a second application process and a second window handle for executing the paste operation with the first application process and the first window handle respectively;
and if the matching is successful, determining that the process information meets the operation execution strategy corresponding to the acquisition operation.
In this embodiment of the present invention,data protection unit 502 is further configured to construct and store an association relationship between the second key information and the protection policy; judging whether the display information or the file to which the display information belongs includes the second key information, if so, determining a target protection strategy for the display information or the file to which the display information belongs according to the second key information and the association relation; processing the display information or the file where the display information is located by using the target protection strategy; otherwise, the acquisition operation for the display information is allowed.
Referring now to FIG. 6, a block diagram of acomputer system 600 suitable for use with a terminal device or server implementing an embodiment of the invention is shown. The terminal device or the server shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 6, thecomputer system 600 includes a Central Processing Unit (CPU)601 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)602 or a program loaded from astorage section 608 into a Random Access Memory (RAM) 603. In theRAM 603, various programs and data necessary for the operation of thesystem 600 are also stored. TheCPU 601,ROM 602, andRAM 603 are connected to each other via abus 604. An input/output (I/O)interface 605 is also connected tobus 604.
The following components are connected to the I/O interface 605: aninput portion 606 including a keyboard, a mouse, and the like; anoutput portion 607 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; astorage section 608 including a hard disk and the like; and acommunication section 609 including a network interface card such as a LAN card, a modem, or the like. Thecommunication section 609 performs communication processing via a network such as the internet. Thedriver 610 is also connected to the I/O interface 605 as needed. Aremovable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on thedrive 610 as necessary, so that a computer program read out therefrom is mounted in thestorage section 608 as necessary.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through thecommunication section 609, and/or installed from theremovable medium 611. The computer program performs the above-described functions defined in the system of the present invention when executed by the Central Processing Unit (CPU) 601.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present invention may be implemented by software or hardware. The described units may also be provided in a processor, and may be described as: a processor includes an information acquisition unit and a data protection unit. Here, the names of these units do not constitute a limitation on the unit itself in some cases, and for example, the information acquisition unit may also be described as a "unit that acquires progress information of a progress to which the display information belongs in response to an acquisition operation for the display information".
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to comprise: responding to an acquisition operation aiming at the display information, and acquiring process information of a process to which the display information belongs, wherein the acquisition operation indicates any one of screen capture operation, copy operation, sharing operation and drag operation; judging whether the process information meets an operation execution strategy corresponding to the acquisition operation, and if so, allowing the acquisition operation aiming at the display information; otherwise, performing protection processing on the obtaining operation.
According to the technical scheme of the embodiment of the invention, for the display information aimed at by the obtaining operation, the process information of the process to which the display information belongs can be obtained, and whether the obtaining operation is allowed or the obtaining operation is protected is judged by judging whether the process information meets the operation execution strategy corresponding to the obtaining operation, so that the protection of the display information is realized. In addition, different acquisition operations can be protected in a differentiated manner according to operation execution strategies corresponding to the different acquisition operations.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A method of data protection, comprising:
responding to an acquisition operation aiming at display information, and acquiring process information of a process to which the display information belongs, wherein the acquisition operation indicates any one of screen capture operation, copy operation, sharing operation and drag operation;
judging whether the process information meets an operation execution strategy corresponding to the acquisition operation, and if so, allowing the acquisition operation aiming at the display information; otherwise, performing protection processing on the obtaining operation.
2. The data protection method of claim 1,
for the case where the acquiring operation indicates a screen capture operation,
the operation execution strategy corresponding to the obtaining operation comprises the following steps:
and the state of the interface which bears the display information and is indicated by the process information is in a hidden state or a minimized state.
3. The data protection method according to claim 2, wherein the operation execution policy corresponding to the obtaining operation further comprises:
the process information further indicates an editing process.
4. The data protection method of claim 1, wherein, for a case where the fetch operation indicates a share operation or a drag operation,
the operation execution strategy corresponding to the obtaining operation comprises the following steps:
under the condition that the process information further indicates an editing process, matching the display information or the file to which the display information belongs with preset first key information;
if the matching fails, determining that the process information meets an operation execution strategy corresponding to the acquisition operation; otherwise, determining that the process information does not meet the operation execution strategy corresponding to the acquisition operation.
5. The data protection method of claim 1,
for the case where the fetch operation indicates a copy operation,
the operation execution strategy corresponding to the obtaining operation comprises the following steps:
and determining that the application executing the paste operation contains an editing process when the paste operation corresponding to the copy operation is received.
6. The data protection method of claim 5, wherein the operation execution policy corresponding to the obtaining operation further comprises:
under the condition that the application executing the paste operation does not contain an editing process, recording a first application process and a first window handle to which the copy operation belongs;
matching a second application process and a second window handle for executing the paste operation with the first application process and the first window handle respectively;
and if the matching is successful, determining that the process information meets the operation execution strategy corresponding to the acquisition operation.
7. The data protection method of any one of claims 1 to 6,
further comprising: establishing and storing an incidence relation between the second key information and the protection strategy;
the protecting the obtaining operation includes:
judging whether the display information or the file to which the display information belongs includes the second key information, if so, determining a target protection strategy for the display information or the file to which the display information belongs according to the second key information and the association relation; processing the display information or the file where the display information is located by using the target protection strategy; otherwise, the acquisition operation for the display information is allowed.
8. A data protection device, comprising: an information acquisition unit and a data protection unit, wherein,
the information acquisition unit is used for responding to acquisition operation aiming at display information and acquiring process information of a process to which the display information belongs, wherein the acquisition operation indicates any one of screen capture operation, copy operation, sharing operation and drag operation;
the data protection unit is used for judging whether the process information meets an operation execution strategy corresponding to the acquisition operation, and if so, allowing the acquisition operation aiming at the display information; otherwise, performing protection processing on the obtaining operation.
9. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-7.
10. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110731637.8ACN113342449A (en) | 2021-06-29 | 2021-06-29 | Data protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110731637.8ACN113342449A (en) | 2021-06-29 | 2021-06-29 | Data protection method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113342449Atrue CN113342449A (en) | 2021-09-03 |
Family
ID=77481549
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110731637.8APendingCN113342449A (en) | 2021-06-29 | 2021-06-29 | Data protection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113342449A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116975853A (en)* | 2023-06-25 | 2023-10-31 | 阅霆信息技术(上海)有限公司 | Method for preventing text content from being completely intercepted at Web end |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103995990A (en)* | 2014-05-14 | 2014-08-20 | 江苏敏捷科技股份有限公司 | Method for preventing electronic documents from divulging secrets |
| CN104239812A (en)* | 2014-08-25 | 2014-12-24 | 福建伊时代信息科技股份有限公司 | Local area network data safety protection method and system |
| CN104506545A (en)* | 2014-12-30 | 2015-04-08 | 北京奇虎科技有限公司 | Data leakage prevention method and data leakage prevention device |
| CN106201468A (en)* | 2016-06-28 | 2016-12-07 | 北京金山安全软件有限公司 | Screen capture processing method and device and electronic equipment |
| CN112313652A (en)* | 2018-05-04 | 2021-02-02 | 思杰系统有限公司 | System and method for providing data loss prevention via embedded browser |
- 2021
- 2021-06-29CNCN202110731637.8Apatent/CN113342449A/enactivePending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103995990A (en)* | 2014-05-14 | 2014-08-20 | 江苏敏捷科技股份有限公司 | Method for preventing electronic documents from divulging secrets |
| CN104239812A (en)* | 2014-08-25 | 2014-12-24 | 福建伊时代信息科技股份有限公司 | Local area network data safety protection method and system |
| CN104506545A (en)* | 2014-12-30 | 2015-04-08 | 北京奇虎科技有限公司 | Data leakage prevention method and data leakage prevention device |
| CN106201468A (en)* | 2016-06-28 | 2016-12-07 | 北京金山安全软件有限公司 | Screen capture processing method and device and electronic equipment |
| CN112313652A (en)* | 2018-05-04 | 2021-02-02 | 思杰系统有限公司 | System and method for providing data loss prevention via embedded browser |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116975853A (en)* | 2023-06-25 | 2023-10-31 | 阅霆信息技术(上海)有限公司 | Method for preventing text content from being completely intercepted at Web end |
| CN116975853B (en)* | 2023-06-25 | 2024-04-05 | 阅霆信息技术(上海)有限公司 | Method for preventing text content from being completely intercepted at Web end |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11593055B2 (en) | Selective screen sharing | |
| US10402084B2 (en) | Collaboration for network-shared documents | |
| US9253130B2 (en) | Systems and methods for supporting social productivity using a dashboard | |
| CN109981322B (en) | Method and device for cloud resource management based on label | |
| US8661502B2 (en) | Determining a sensitivity label of document information in real time | |
| US10678413B2 (en) | Application for auto deletion of images | |
| US11113126B2 (en) | Verifying transfer of detected sensitive data | |
| US11743306B2 (en) | Intelligent screen and resource sharing during a meeting | |
| US10699066B2 (en) | Identifying and mapping emojis | |
| WO2023024835A1 (en) | Context-based consolidation of communications across different communication platforms | |
| CN112948138B (en) | A method and device for processing messages | |
| US10162973B2 (en) | Dynamically provisioning virtual machines | |
| CN111797600B (en) | Social media information collaborative editing method and device | |
| CN110647327B (en) | Method and device for dynamic control of user interface based on card | |
| US20160308782A1 (en) | Archive migration system | |
| CN113342449A (en) | Data protection method and device | |
| US20210374100A1 (en) | Recommending remotely executed applications for opening files | |
| CN107862035B (en) | Network reading method, device, smart tablet and storage medium for meeting records | |
| CN111814440B (en) | Cloud document processing method, device and system | |
| CN108763881A (en) | Method and apparatus for controlling user right | |
| CN109087097B (en) | Method and device for updating same identifier of chain code | |
| CN114995201B (en) | Intelligent equipment control system handover method and device | |
| CN113342288B (en) | Data protection method, client, server and system | |
| CN113329011B (en) | Security access control method and device | |
| CN113449228B (en) | Page rendering method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication | Application publication date:20210903 |