CN115048666A - Safety control method and device - Google Patents

Safety control method and device Download PDF

Info

Publication number
CN115048666A
CN115048666A CN202210783775.5A CN202210783775A CN115048666A CN 115048666 A CN115048666 A CN 115048666A CN 202210783775 A CN202210783775 A CN 202210783775A CN 115048666 A CN115048666 A CN 115048666A
Authority
CN
China
Prior art keywords
application program
image
electronic equipment
application
content displayed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210783775.5A
Other languages
Chinese (zh)
Inventor
于立民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Eswin Computing Technology Co Ltd
Original Assignee
Beijing Eswin Computing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Eswin Computing Technology Co Ltd filed Critical Beijing Eswin Computing Technology Co Ltd
Priority to CN202210783775.5A priority Critical patent/CN115048666A/en
Publication of CN115048666A publication Critical patent/CN115048666A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/451Execution arrangements for user interfaces
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V10/00Arrangements for image or video recognition or understanding
    • G06V10/10Image acquisition
    • G06V10/12Details of acquisition arrangements; Constructional details thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V10/00Arrangements for image or video recognition or understanding
    • G06V10/70Arrangements for image or video recognition or understanding using pattern recognition or machine learning
    • G06V10/77Processing image or video features in feature spaces; using data integration or data reduction, e.g. principal component analysis [PCA] or independent component analysis [ICA] or self-organising maps [SOM]; Blind source separation
    • G06V10/774Generating sets of training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/16Human faces, e.g. facial parts, sketches or expressions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Abstract

The application discloses a safety control method and a safety control device, which relate to the technical field of safety and mainly aim to reduce the possibility of leakage of content displayed by an application program; the main technical scheme comprises: when an application program needing safety control runs in electronic equipment, monitoring whether a safety event occurs, wherein the safety event is used for acquiring the content displayed by the application program; and when the safety event is monitored, preventing the content displayed by the application program from being acquired.

Description

Safety control method and device
Technical Field
The present application relates to the field of security technologies, and in particular, to a security control method and apparatus.
Background
Mobile office is a product of the combination of the communication technology and the computer technology which are rapidly developed at present as an office model. The mobile office refers to that office workers such as enterprise managers and enterprise employees get rid of the limitation that office work must be carried out on fixed equipment in fixed places, and the electronic equipment has office functions by installing application programs for office work of enterprises on the electronic equipment such as mobile phones, tablet computers and notebook computers, so that the office workers can carry out work through the electronic equipment by means of the convenience of communication of the electronic equipment no matter what kind of situation the office workers are.
Although mobile office can provide convenience for office staff, mobile office brings the following data security problems: when a holder of the electronic equipment uses an application program required by enterprise office, the 'artificial' secret divulging behavior of the holder is uncontrollable, and enterprise information data is easily leaked. Data security issues are the biggest hurdle for businesses to push mobile offices, as the security issues described above make most businesses less than ideal for mobile offices.
Therefore, the content displayed by the application program in the mobile office scene may be leaked at present, so that the hidden danger of data security is brought to the mobile office.
Disclosure of Invention
In view of the above, the present application provides a security control method and apparatus, which are intended to reduce the possibility of leakage of the content displayed by the application.
In order to achieve the above purpose, the present application mainly provides the following technical solutions:
in a first aspect, the present application provides a safety control method, including:
when an application program needing safety control runs in the electronic equipment, monitoring whether a safety event occurs, wherein the safety event is used for acquiring the content displayed by the application program;
when a security event is detected, the content displayed by the application is prevented from being acquired.
According to the safety control method, when the application program needing safety control runs in the electronic equipment, whether a safety event for acquiring the display content of the application program occurs or not is monitored. When a security event is detected, the content displayed by the application is prevented from being acquired. Therefore, according to the scheme provided by the application, malicious persons can be effectively prevented from acquiring the content displayed by the application program through the security event, and the possibility that the content displayed by the application program is leaked can be reduced.
In some embodiments, monitoring whether a security event occurs includes: controlling an image acquisition module corresponding to the electronic equipment to acquire an image of the target area; and when the image of the target image acquisition equipment is detected to exist in the acquired image, determining that the safety event is monitored. The security incident is monitored in an image identification mode, so that a holder of the electronic equipment or malicious personnel can be prevented from stealing enterprise data through the image acquisition equipment.
In some embodiments, preventing the content displayed by the application from being obtained comprises: controlling the application program to exit the current interface; or controlling the application program to display the target picture and locking the application program. The control application program exits from the current interface or controls the application program to display the target picture and lock the application program, and the content displayed by the application program can be hidden, so that the content displayed by the application program is prevented from being leaked.
In some embodiments, monitoring whether a security event occurs includes: detecting whether the electronic equipment is subjected to screen capture operation; and if the electronic equipment is detected to be subjected to screen capturing operation, determining that the safety event is monitored. The security incident is monitored by monitoring the screen capture operation mode, so that the leakage of sensitive enterprise information by a holder or malicious personnel of the electronic equipment in a screen capture mode can be prevented.
In some embodiments, preventing the content displayed by the application from being obtained comprises: and storing the image acquired corresponding to the intercepted screen capture operation in the electronic equipment, and/or transmitting the image acquired corresponding to the intercepted screen capture operation by the electronic equipment. The image that can effectively avoid the screenshot is propagated, consequently can effectively avoid enterprise data to be revealed.
In some embodiments, after preventing the content displayed by the application from being acquired, the security control method further comprises: acquiring an image corresponding to content displayed by an application program when a security event occurs and image information corresponding to the image; and sending the image and the image information to a service platform corresponding to the application program, so that the service platform performs security behavior analysis on the user logging in the application program through the electronic equipment based on the image and the image information. The image corresponding to the content displayed by the application program when the security event occurs and the image information service platform corresponding to the image are convenient for the service platform to carry out security behavior analysis on the user logging in the application program through the electronic equipment based on the image and the image information, so that the service platform can timely adjust the security control strategy according to the security behavior analysis result.
In some embodiments, after the application program is executed in the electronic device, the security control method further includes: controlling an image acquisition module corresponding to the electronic equipment to acquire an image of the target area; and when the acquired image does not comprise the face image of the user who logs in the application program through the electronic equipment, locking the application program. The scheme can prevent enterprise data from being leaked by locking the application program even if the electronic equipment is lost or a user of the electronic equipment possibly leaves the electronic equipment for a long time due to some matters.
In some embodiments, after the application program is executed in the electronic device, the security control method further includes: and when the cache file of the application program exists, encrypting the cache file, and storing the encrypted cache file to a target storage area corresponding to the application program, wherein the target storage area is used by the application program independently. The enterprise data is recorded in the cache file of the application program during the operation period, and in order to protect the safety of the enterprise data, the cache file needs to be encrypted, so that the enterprise data is prevented from being leaked after the cache file is maliciously acquired. In addition, in order to ensure the security of the cache file, the encrypted cache file is stored in a target storage area corresponding to the application program, and the target storage area is used by the application program alone, so that the application program and other data in the electronic device are managed in a partitioned manner, and the security of the cache file of the application program is ensured.
In some embodiments, after monitoring the safety event, the safety control method further comprises: judging whether the application program is in a login interface when the security event is monitored; and if so, preventing all users who perform login operation through the login interface from logging in the application program. When a security event is monitored, if the application program is in the login interface, it is indicated that the holder of the electronic device has an incentive to steal the enterprise data, so that in order to avoid leakage of the enterprise data, all users who perform login operation through the login interface are prevented from logging in the application program, and the application program is prevented from displaying the content corresponding to the enterprise data.
In a second aspect, the present application provides a safety control device comprising:
the monitoring unit is used for monitoring whether a safety event occurs when an application program needing safety control runs in the electronic equipment, wherein the safety event is used for acquiring the content displayed by the application program;
and the blocking unit is used for blocking the content displayed by the application program from being acquired when the safety event is monitored.
In some embodiments, the monitoring unit comprises: the control module is used for controlling the image acquisition module corresponding to the electronic equipment to acquire an image of the target area; the determining module is used for determining that the safety event is monitored when the acquired image is detected to have the image of the target image acquisition device.
In some embodiments, the preventing unit includes: the first preventing module is used for controlling the application program to exit the current interface; or controlling the application program to display the target picture and locking the application program.
In some embodiments, the monitoring unit comprises: the detection module is used for detecting whether the electronic equipment is subjected to screen capture operation; and if the electronic equipment is detected to be subjected to screen capturing operation, determining that the safety event is monitored.
In some embodiments, the preventing unit includes: and the second blocking module is used for intercepting the image acquired corresponding to the screen capturing operation and storing the image in the electronic equipment, and/or intercepting the transmission operation of the electronic equipment on the image acquired corresponding to the screen capturing operation.
In some embodiments, the safety control device further comprises: the sending unit is used for acquiring an image corresponding to the content displayed by the application program when the security event occurs and image information corresponding to the image after the blocking unit prevents the content displayed by the application program from being acquired; and sending the image and the image information to a service platform corresponding to the application program, so that the service platform performs security behavior analysis on the user logging in the application program through the electronic equipment based on the image and the image information.
In some embodiments, the safety control device further comprises: the locking unit is used for controlling an image acquisition module corresponding to the electronic equipment to acquire an image of the target area after the application program runs in the electronic equipment; and when the acquired image does not comprise the face image of the user who logs in the application program through the electronic equipment, locking the application program.
In some embodiments, the safety control device further comprises: the storage unit is used for encrypting the cache file when the cache file of the application program exists after the application program runs in the electronic equipment, and storing the encrypted cache file to a target storage area corresponding to the application program, wherein the target storage area is used for the application program to use alone.
In some embodiments, the blocking unit is further configured to determine, after the security event is monitored, whether the application is in the login interface when the security event is monitored; and if so, preventing all users who perform login operation through the login interface from logging in the application program.
The beneficial effects of the second aspect can be referred to the description of the first aspect, and are not repeated herein.
In a third aspect, the present application provides a controller comprising: a memory for storing a computer program; a processor for implementing the safety control method according to the first aspect when executing the computer program.
The beneficial effects of the third aspect can refer to the description of the first aspect, and are not repeated herein.
In a fourth aspect, the present application provides an electronic device, comprising: the controller of the third aspect.
The beneficial effects of the fourth aspect can be referred to the description of the third aspect, and are not repeated herein.
The foregoing description is only an overview of the technical solutions of the present application, and the present application can be implemented according to the content of the description in order to make the technical means of the present application more clearly understood, and the following detailed description of the present application is given in order to make the above and other objects, features, and advantages of the present application more clearly understandable.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 shows a flowchart of a safety control method provided in an embodiment of the present application;
FIG. 2 is a schematic diagram illustrating a display situation of an application program in an electronic device according to an embodiment of the present application;
FIG. 3 is a second schematic diagram illustrating a display situation of an application program in an electronic device according to an embodiment of the present application;
fig. 4 shows one of the schematic structural diagrams of the safety control device provided by the embodiment of the present application;
fig. 5 shows a second schematic structural diagram of the safety control device according to the embodiment of the present application.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
At present, although mobile office can provide convenience for office staff, mobile office brings the following data security problems: when a holder of the electronic equipment uses an application program required by enterprise office, the 'artificial' secret divulging behavior of the holder is uncontrollable, and enterprise information data is easily leaked. The data security problem is the biggest obstacle for enterprises to promote mobile office, because the data security problem causes the use of mobile office by most enterprises to be not ideal.
The safety control method and the safety control device provided by the embodiment of the application can help to prevent the content displayed by the application program installed in the electronic equipment from being leaked, so that the problem of data safety brought by mobile office is solved, and enterprises are helped to promote the mobile office. The security control method and the security control device provided by the embodiment of the application can be applied to any electronic equipment provided with the enterprise office application program based on specific business requirements, so that the possibility that the content displayed by the application program is leaked is reduced.
The security control method and device provided by the application can be used in combination with other security control methods deployed by electronic equipment. By way of example, other security control methods described herein may include, but are not limited to: a security control method for adding watermarks to an application program interface and a security control method for limiting copy permission.
The following describes a security control method and device provided in the embodiments of the present application in detail.
As shown in fig. 1, an embodiment of the present application provides a safety control method, which may include the following steps:
101. when an application program needing safety control runs in the electronic equipment, monitoring whether a safety event occurs or not; when a safety event is monitored, executing step 102; when the safety event is not monitored, the step is continuously executed.
In practical applications, the application requiring security control is an application used in business offices, and the displayed content of the application is related to business data. The embodiment of the present application does not limit the specific type of the application, and for example, the application may include but is not limited to an application having at least one of the following functions: mobile approval, mobile meeting, mobile mail, mobile reporting, mobile instant messaging.
The electronic device may be an electronic device such as a mobile phone, a tablet computer, a notebook computer, etc., which can be carried portably and has good communication performance. Electronic equipment is used for installing the required application of enterprise's official working for the convenience of office staff's communication can both be carried out work through electronic equipment no matter under any kind of circumstances of department with the help of electronic equipment.
When a holder of an electronic device is working as an office worker through the electronic device, an application program requiring security control is run in the electronic device. When an application program runs in an electronic device, in order to improve the security of enterprise data in a transmission process, a Virtual Private Network (VPN) control module in the electronic device temporarily establishes a Virtual Private Network channel, so that the electronic device establishes communication with a service platform corresponding to the application program. And when the application program is opened, establishing a VPN channel, and when the application program is closed, automatically closing the VPN network channel. When the application program is opened, the authentication information input by office staff is encrypted and then sent to a service platform (namely an enterprise server side) corresponding to the application program through a VPN network channel for verification, and the application program can enter an operation interface to display enterprise data only after the verification is passed.
When an application program needing safety control runs in the electronic equipment, it is explained that office workers use the application program to carry out office operation, and in order to ensure the safety of enterprise data, whether a safety event occurs or not is monitored when the application program runs in the electronic equipment. In one embodiment, running the application in the electronic device may be defined as running the application in the foreground, and when the application is running in the foreground, the possibility that the content displayed by the application is photographed and screenshot is higher.
The security event may refer to acquiring content displayed by the application, for example, the security event is a screen shot of the content displayed by the application, or the security event is a shooting of the content displayed by the application through the image capture device. If the content displayed by the application is acquired, the enterprise data is leaked, and therefore whether a security event occurs needs to be monitored. The method for monitoring whether the security event occurs is related to the specific type of the security event, and the method for monitoring whether the security event occurs may include the following two methods:
first, a specific process for monitoring whether a security event occurs includes the following steps 101A to 101B:
101A, controlling an image acquisition module corresponding to the electronic equipment to acquire an image of the target area.
The target area is a visual area of the image acquisition module, and people entering the area can shoot contents displayed by the application program through the image acquisition equipment, so that the image acquisition module corresponding to the electronic equipment needs to be controlled to acquire images of the target area, and enterprise data leakage behaviors are discovered in time.
In a mobile office scenario, two situations may occur: firstly, the holder of the electronic equipment can acquire images of contents displayed by the application program through other equipment with an image acquisition function in the office process by using the electronic equipment, and enterprise data can be leaked; secondly, because the holder of the electronic equipment can work anytime and anywhere, the environment in which the holder is located may be noisy, and once someone maliciously collects the image of the content displayed by the application program through the equipment with the photographing function, enterprise data will be leaked. Therefore, in order to avoid that the content displayed by the application program is acquired by the device having the image acquisition function, the image acquisition module corresponding to the electronic device needs to be controlled to perform image acquisition on the target area, so as to analyze whether a suspicious image acquisition device for the content displayed by the application program exists currently according to the image acquisition result.
The image acquisition module corresponding to the electronic device may be an image acquisition module built in the electronic device or an image acquisition module externally arranged on the electronic device. Exemplarily, as shown in fig. 2, an electronic device 2A exists in fig. 2, and an image capture module corresponding to the electronic device 2A is a front camera 2B built in the electronic device 2A. An interface 2C corresponding to the application program is displayed in the electronic device 2A, and the content displayed by the interface 2C relates to the enterprise data "bidding content". In order to avoid the content displayed by the application program from being leaked, the front camera 2B performs image acquisition on the visible area thereof.
In some embodiments, only when the application program runs, the image acquisition module corresponding to the electronic device is controlled to acquire the image of the target area, thereby helping to avoid invading the privacy of the individual.
101B, when the acquired image is detected to have the image of the target image acquisition equipment, determining that the safety event is monitored.
In order to protect the content displayed by the application program in time, image recognition needs to be performed on the acquired image every time one frame of image is acquired. The specific method for image recognition comprises the following steps: and inputting the acquired current frame image into an image recognition model, and then obtaining a recognition result output by the image recognition model, wherein the recognition result can determine whether the image of the target image acquisition equipment exists in the image. The image recognition model is a pre-trained model used for recognizing the image of the target image acquisition equipment.
When the image of the target image acquisition device is detected to exist in the acquired image, it is indicated that the content displayed by the application program is shot by the image acquisition device, and the content displayed by the application program is possibly leaked, so that the security event is determined to be monitored. The target image capture device may include, but is not limited to, the following devices including a camera: single lens reflex, card camera, cell-phone, selfie stick.
Further, in order to improve the recognition effect of the image recognition model, when it is detected that the image of the target image acquisition device exists in the acquired image, the training and updating of the image recognition model are carried out based on the image. The training updating method can comprise the following two methods: the service platform updates the image recognition model according to the image received by the service platform, and issues the updated image recognition model to the electronic device. And the other method is that the image is stored in a local designated position of the electronic equipment, and when the updating time point of the periodic updating is reached, the image recognition model is trained and updated through the image at the designated position.
Further, when it is detected that an image corresponding to the photographing action exists in the acquired image, it is determined that a security event is monitored. In consideration of the fact that malicious persons may adopt hidden equipment to shoot contents displayed by an application program, images of the hidden shooting equipment are not easy to collect, and therefore, in order to identify the shooting behaviors more comprehensively, whether a security event exists or not can be determined by detecting the identification of the shooting actions in the images.
Secondly, the specific process of monitoring whether a security event occurs includes the following steps 101C to 101D:
101C, detecting whether the electronic equipment is executed with screen capture operation.
In order to prevent leakage of enterprise sensitive information by means of screen capture, whether the electronic device is subjected to screen capture operation or not needs to be detected during running of an application program. The specific method for detecting whether the electronic device is executed with the screen capture operation may be: monitoring whether a screen capturing API (Application Programming Interface) of the electronic equipment is called, and capturing the content currently displayed by the electronic equipment when the screen capturing API is called. When the screen capturing API of the electronic equipment is monitored to be called, the electronic equipment is detected to be executed with screen capturing operation.
And 101D, if the electronic equipment is detected to be subjected to screen capturing operation, determining that the safety event is monitored.
When the electronic equipment is detected to be executed with the screen capturing operation, the content displayed by the application program is captured into the image, and the content displayed by the application program has the possibility of being leaked, so that the security event is determined to be monitored.
Whether a safety event occurs can be monitored by the two methods, the two methods can be used independently or in combination, and the embodiment is not limited specifically.
When a security event is detected, it indicates that there is a possibility that the content displayed by the application program is leaked, so step 102 needs to be performed to prevent the content displayed by the application program from being acquired.
When the security event is not detected, it indicates that there is no possibility of leakage of the content displayed by the application program, so that it is necessary to continue to execute this step 101 in order to find the security event in time.
102. Preventing the content displayed by the application from being acquired.
To reduce the likelihood of the content displayed by the application being compromised, it is desirable to prevent the content displayed by the application from being acquired when a security event is detected. The method for preventing the content displayed by the application program from being acquired is related to the specific type of the security event, so the method for preventing the content displayed by the application program from being acquired at least comprises the following two methods:
first, if an image of a target image capturing device is detected in an image captured by an image capturing module corresponding to an electronic device, methods for preventing content displayed by an application program from being acquired include the following two methods:
first, the control application exits the current interface.
When the image of the target image acquisition device is detected to exist in the acquired image, it is indicated that the possibility that the content displayed by the application program is leaked exists when the image acquisition device shoots the content displayed by the application program, and therefore, in order to avoid the content displayed by the application program being acquired, the application program is controlled to exit the current interface. The purpose of controlling the application program to exit the current interface is to prevent the content currently displayed by the application program from being shot by the target image acquisition device. Further, after the control application program exits the current interface, one of the following operations may be further entered: firstly, the application program is controlled to enter the login interface, the purpose of controlling the application program to enter the login interface is to lock the application program, and the application program is prevented from being continuously used in the environment where the target image acquisition equipment exists, so that the enterprise data is prevented from being exposed in the environment. And secondly, displaying warning information to inform a user of the electronic equipment that the behavior of revealing enterprise data currently occurs.
Illustratively, as shown in fig. 2, an interface 2C corresponding to an application program is shown in the electronic device 2A, and the content displayed by the interface 2C relates to the enterprise data "bidding content". The camera 2B of the electronic device 2A performs image acquisition on the target area. If it is detected that the image of the target image acquisition device exists in the acquired image, the application program is controlled to exit from the interface 2C in order to avoid data leakage related to the bidding content in the interface 2C, and after the application program exits from the interface 2C, the application program is controlled to enter into the login interface 2D shown in fig. 3.
Furthermore, the owner of the electronic equipment is considered to be the user of the target image acquisition equipment, and after entering the login interface, all users who perform login operation through the login interface are prevented from logging in the application program, so that the user is prevented from continuously revealing enterprise data. The registration is enabled only after the registration request is made and the registration request is passed.
And secondly, controlling the application program to display the target picture and locking the application program.
When the image of the target image acquisition device is detected to exist in the acquired image, it is indicated that the content displayed by the application program is possibly leaked when the image acquisition device shoots the content displayed by the application program, so that in order to avoid the content displayed by the application program being acquired, the application program is controlled to display a target picture, and the application program is locked. The purpose of controlling the application program to display the target picture is to shield the content currently displayed by the application program and prevent the displayed content from being shot by the target image acquisition equipment. The purpose of locking the application program is to prevent the application program from being used continuously in an environment where the target image acquisition device exists, and to prevent enterprise data from being revealed in the environment.
Further, after the application is locked, when the holder of the electronic device desires to continue using the application, the holder needs to send an unlocking request to the service platform corresponding to the application through the electronic device, so that the service platform performs unlocking verification on the application based on the unlocking request, and only after the unlocking verification passes, data required for unlocking is issued to the application.
Secondly, if it is detected that the electronic device is executed with the screen capture operation, the method for preventing the content displayed by the application program from being acquired comprises the following two methods:
firstly, images acquired correspondingly by intercepting screen capture operations are stored in the electronic equipment.
When the screen capturing operation of the electronic equipment is detected, the content displayed by the application program is captured into the image, and the content displayed by the application program is possibly leaked, so that in order to avoid the image obtained by the screen capturing operation being leaked, the image obtained by intercepting the screen capturing operation correspondingly is stored in the electronic equipment, and the enterprise data is prevented from being leaked from the electronic equipment. After the image acquired corresponding to the intercepted screen capturing operation is stored in the electronic equipment, the image can be deleted, and the application program can be locked.
And secondly, the transmission operation of the image acquired corresponding to the screen capturing operation is carried out by the intercepting electronic equipment.
When the electronic equipment is detected to be executed with the screen capturing operation, the content displayed by the application program is captured into the image, and the content displayed by the application program is likely to be leaked. After the transmission operation is carried out on the image acquired corresponding to the screen capture operation by the intercepting electronic equipment, the image can be deleted, and the application program is locked.
The image acquired corresponding to the screen capture intercepting operation is stored in the electronic device, and the transmission operation of the image acquired corresponding to the screen capture intercepting operation is performed by the electronic device, and the image acquisition unit can be used alone or in combination, and the embodiment is not particularly limited.
According to the safety control method provided by the embodiment of the application, when the application program needing safety control runs in the electronic equipment, whether a safety event for acquiring the display content of the application program occurs or not is monitored. When a security event is detected, the content displayed by the application is prevented from being acquired. Therefore, according to the scheme provided by the embodiment of the application, malicious persons can be effectively prevented from acquiring the content displayed by the application program through the security event, and therefore the possibility that the content displayed by the application program is leaked can be reduced.
In some embodiments of the present application, further, after the application program runs in the electronic device, the security control method may further include the following steps 201 to 202:
201. and controlling an image acquisition module corresponding to the electronic equipment to acquire an image of the target area.
During the running of an application in an electronic device, the following three scenarios may be encountered: one is that electronic devices, while having the advantage of being portable, this advantage makes electronic devices susceptible to loss. When the electronic device is lost, if the application program is in normal operation, the content displayed by the application program may be viewed by a pickup of the electronic device, which may cause leakage of enterprise data. Secondly, during the operation of the application program, the user of the electronic device may leave the electronic device for a long time due to some matters, and forget to lock the application program, and the content displayed by the application program may be viewed by other people, which may cause leakage of enterprise data. Thirdly, during the running of the application program, after the user or other personnel of the electronic equipment blocks the image module, the content displayed by the application program is collected through other image collection equipment, and the situation can cause leakage of enterprises.
Therefore, in order to avoid leakage of enterprise data in the three scenes, the image acquisition module corresponding to the electronic device is controlled to acquire images of the target area. The target area is a visual area of the image acquisition module, and people entering the area can shoot contents displayed by the application program through the image acquisition equipment, so that the image acquisition module corresponding to the electronic equipment needs to be controlled to acquire images of the target area, and behaviors of revealing enterprise data are discovered in time
202. And when the acquired image does not comprise the face image of the user who logs in the application program through the electronic equipment, locking the application program.
When the acquired image does not include the face image of the user logging in the application program through the electronic equipment, the situation that the electronic equipment is lost or the user of the electronic equipment possibly leaves the electronic equipment for a long time due to some matters is indicated, and in order to avoid leakage of enterprise data, the application program is locked so that the application program cannot be used, and the enterprise data is not displayed any more. In some embodiments, the detection of the face image of the user may be implemented by human face recognition technology, and in the human face recognition process, a living body detection mechanism may be combined to prevent the human face image detection mechanism of the user from being bypassed.
In order to reduce the probability of misjudgment, the application program is locked when the face image of the user who logs in the application program through the electronic equipment is not included in the continuously collected multi-frame images.
In some embodiments of the present application, further, after the application program runs in the electronic device, the security control method may further include the following steps: and when the cache file of the application program exists, encrypting the cache file, and storing the encrypted cache file to a target storage area corresponding to the application program, wherein the target storage area is used by the application program independently.
The application program records enterprise data in a cache file during the operation period, and in order to protect the security of the enterprise data, the cache file needs to be encrypted so as to prevent the enterprise data from being leaked after the cache file is maliciously acquired. And storing the encrypted cache file to a target storage area corresponding to the application program, wherein the target storage area is used by the application program independently. The purpose of the target storage area for the application to use alone includes at least the following three: firstly, partition management of data of an application program and other data in the electronic equipment is realized, and the safety of a cache file of the application program is ensured; and secondly, enterprise data and personal data of a holder in the electronic equipment are distinguished and processed, so that the personal privacy data are prevented from being infringed.
In some embodiments of the present application, further, after the monitoring of the safety event in step 101, the safety control method may further include the following steps 301 to 302:
301. judging whether the application program is in a login interface when the security event is monitored; if so, go to step 302; otherwise, step 102 is performed.
The application is in the login interface, that is, the holder of the electronic equipment does not log in the application, and the application does not display the content related to the enterprise data. If the application is in the login interface when the security event is detected, it indicates that the holder of the electronic device has an incentive to steal the enterprise data, and therefore step 302 needs to be executed.
302. And preventing all users who perform login operation through the login interface from logging in the application program.
When the application program is in the login interface when the security event is monitored, the owner of the electronic equipment is indicated to have an incentive to steal the enterprise data, and in order to avoid the enterprise data from being leaked, all users who perform login operation through the login interface are prevented from logging in the application program, so that the application program is prevented from displaying the content corresponding to the enterprise data.
In some embodiments of the present application, further, after the step 102 prevents the content displayed by the application from being acquired, the security control method may further include the following steps 401 to 402:
401. and acquiring an image corresponding to the content displayed by the application program when the security event occurs and image information corresponding to the image.
In order to facilitate management and control of the safety of enterprise data, after a safety event is monitored, an image corresponding to content displayed by an application program when the safety event occurs and image information corresponding to the image are obtained. The image corresponding to the content displayed by the application program represents the stealing intention of stealing the enterprise data, namely which enterprise data the application program desires to acquire. The image information may carry the occurrence time of the security event, the type of the security event, such as the attribute information of the user who took a picture or captured a screen, or logged in.
402. And sending the image and the image information to a service platform corresponding to the application program, so that the service platform performs security behavior analysis on the user logging in the application program through the electronic equipment based on the image and the image information.
And sending the image and the image information to a service platform corresponding to the application program. In order to ensure the security of transmission, the image and the image information need to be transmitted after being encrypted. In addition, once the image and the image information are failed to be transmitted, the image and the image information are stored in the local electronic equipment, so that the image and the image information are sent to the service platform corresponding to the application program again after the transmission failure is eliminated.
After the image and the image information are sent to the service platform, the service platform analyzes the safety behavior of the user logging in the application program through the electronic equipment based on the image and the image information. The main purposes of security behavior analysis are: and determining which enterprise data are at which time point and at which electronic equipment of which office worker, the leakage risk is generated based on the image and the image information, adjusting the prevention and control strategy of the enterprise data according to the determined information, and performing security assessment on the determined office worker.
In some embodiments of the present application, further, after the application program runs in the electronic device, the security control method may further include the following steps: acquiring identity information of a user, and sending the identity information to a service platform corresponding to an application program for the service platform to perform identity authentication; and after receiving the verification passing feedback of the service platform, controlling the application program to log in the operation interface.
After the application program runs in the electronic equipment, the identity authentication module acquires the identity information of the user. And then the data encryption and decryption module encrypts the identity information and sends the encrypted identity information to the service platform for verification. And after the feedback verification of the service platform is passed, the application program enters an operation interface. In order to improve the security of identity authentication, the identity authentication module can call the VPN control module, so that in the process of identity authentication, identity information can be transmitted to the service platform through a VPN network channel established by the VPN control module.
After the application program enters an operation interface meeting, the application program can execute specific business processing, the business processing is completed by a business processing module, and the business processing module is mainly used for processing internal business of the enterprise related to the application program, such as mobile approval business and the like.
After the application program enters an operation interface meeting, the process related to the application program is managed by a daemon process module, and the daemon process module is mainly responsible for receiving push messages of the service platform and displaying the received push messages in the application program.
In addition, in order to improve the security of the application program, the storage space of the application program needs to be protected regardless of whether the application program is started. The storage space of the application is a space that is used by the application alone, and the authority control is performed on the file in the storage space that is used by the application alone. The main purpose of the authority control is that unauthorized processes cannot access the storage space used by the unauthorized processes without the right to improve the safety of application programs.
Further, according to the above method embodiment, another embodiment of the present application further provides a safety control device, as shown in fig. 4, the device includes:
a monitoring unit 51, configured to monitor whether a security event occurs when an application program requiring security control runs in the electronic device, where the security event is used to obtain content displayed by the application program;
a blocking unit 52 for blocking the content displayed by the application from being acquired when a security event is detected.
According to the safety control device provided by the embodiment of the application program, when the application program needing safety control runs in the electronic equipment, whether a safety event for acquiring the display content of the application program occurs or not is monitored. When a security event is detected, the content displayed by the application is prevented from being acquired. Therefore, according to the scheme provided by the embodiment of the application, malicious persons can be effectively prevented from acquiring the content displayed by the application program through the security event, and therefore the possibility that the content displayed by the application program is leaked can be reduced.
Optionally, as shown in fig. 5, the monitoring unit 51 includes:
the control module 511 is used for controlling an image acquisition module corresponding to the electronic device to acquire an image of the target area;
a determining module 512, configured to determine that a security event is monitored when it is detected that an image of the target image capturing device exists in the captured image.
Alternatively, as shown in fig. 5, the preventing unit 52 includes:
a first preventing module 521, configured to control the application to exit the current interface; or controlling the application program to display the target picture and locking the application program.
Optionally, as shown in fig. 5, the monitoring unit 51 includes:
a detection module 513, configured to detect whether the electronic device is performing a screen capture operation; and if the electronic equipment is detected to be subjected to screen capturing operation, determining that the safety event is monitored.
Alternatively, as shown in fig. 5, the preventing unit 52 includes:
the second preventing module 522 is configured to intercept that an image obtained corresponding to the screen capture operation is stored in the electronic device, and/or intercept that the electronic device performs a transmission operation on the image obtained corresponding to the screen capture operation.
Optionally, as shown in fig. 5, the safety control device further includes:
a sending unit 53, configured to, after the blocking unit 52 blocks the content displayed by the application from being acquired, acquire an image corresponding to the content displayed by the application at the time of the security event and image information corresponding to the image; and sending the image and the image information to a service platform corresponding to the application program, so that the service platform performs security behavior analysis on the user logging in the application program through the electronic equipment based on the image and the image information.
Optionally, as shown in fig. 5, the safety control device further includes:
the locking unit 54 is configured to control an image acquisition module corresponding to the electronic device to acquire an image of the target area after the application program runs in the electronic device; and when the acquired image does not comprise the face image of the user who logs in the application program through the electronic equipment, locking the application program.
Optionally, as shown in fig. 5, the safety control device further includes:
and the storage unit 55 is configured to encrypt the cache file when the cache file of the application exists after the application runs in the electronic device, and store the encrypted cache file to a target storage area corresponding to the application, where the target storage area is used by the application alone.
Optionally, as shown in fig. 5, the blocking unit 52 is further configured to, after the security event is monitored, determine whether the application is in a login interface when the security event is monitored; and if so, preventing all users who perform login operation through the login interface from logging in the application program.
In the safety control device provided in the embodiment of the present application, for details of methods used in the operation process of each functional module, reference may be made to details of corresponding methods in the safety control method embodiment, and details are not described herein again.
Further, according to the above-mentioned embodiment, another embodiment of the present application also provides a controller, including: a memory for storing a computer program; a processor for implementing the security control method as described above when executing the computer program.
The beneficial effects of the controller provided in the embodiment of the present application can refer to the description in the embodiment of the above safety control method, and are not described herein again.
Further, according to the above embodiment, another embodiment of the present application also provides an electronic device, including: the controller is described above.
The beneficial effects of the electronic device provided in the embodiment of the present application may refer to the description in the embodiment of the controller, which is not repeated herein.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
It will be appreciated that the relevant features of the method and apparatus described above are referred to one another. In addition, "first", "second", and the like in the above embodiments are for distinguishing the embodiments, and do not represent merits of the embodiments.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. In addition, this application is not directed to any particular programming language. It will be appreciated that a variety of programming languages may be used to implement the teachings of the present application as described herein, and any descriptions of specific languages are provided above to disclose the best modes of the present application.
In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the application may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the application and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the present application may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components of the methods, apparatus and frameworks for operation of the deep neural network model according to embodiments of the present application. The present application may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present application may be stored on a computer readable medium or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the application, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The application may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.

Claims (18)

1. A security control method, characterized in that the method comprises:
when an application program needing safety control runs in the electronic equipment, monitoring whether a safety event occurs, wherein the safety event is used for acquiring the content displayed by the application program;
and when the safety event is monitored, preventing the content displayed by the application program from being acquired.
2. The method of claim 1, wherein monitoring whether a security event occurs comprises:
controlling an image acquisition module corresponding to the electronic equipment to acquire an image of a target area;
and when the image of the target image acquisition equipment is detected to exist in the acquired image, determining that the safety event is monitored.
3. The method of claim 1 or 2, wherein preventing the content displayed by the application from being obtained comprises:
controlling the application program to exit the current interface;
or controlling the application program to display a target picture and locking the application program.
4. The method of claim 1, wherein monitoring whether a security event occurs comprises:
detecting whether the electronic equipment is subjected to screen capture operation;
and if the electronic equipment is detected to be subjected to screen capture operation, determining that the safety event is monitored.
5. The method of claim 4, wherein preventing the content displayed by the application from being obtained comprises:
and intercepting the image which is acquired corresponding to the screen capture operation and stored in the electronic equipment, and/or intercepting the transmission operation of the electronic equipment on the image which is acquired corresponding to the screen capture operation.
6. The method of any of claims 1, 2, 4, or 5, wherein after preventing the content displayed by the application from being obtained, the method further comprises:
acquiring an image corresponding to the content displayed by the application program and image information corresponding to the image when the security event occurs;
and sending the image and the image information to a service platform corresponding to the application program, so that the service platform performs security behavior analysis on a user logging in the application program through the electronic equipment based on the image and the image information.
7. The method of any of claims 1, 2, 4, or 5, wherein after the application is run in the electronic device, the method further comprises:
controlling an image acquisition module corresponding to the electronic equipment to acquire an image of a target area;
and when the acquired image does not contain the face image of the user logging in the application program through the electronic equipment, locking the application program.
8. The method of any of claims 1, 2, 4, 5, or 7, wherein after the application is run in the electronic device, the method further comprises:
and when the cache file of the application program exists, encrypting the cache file, and storing the encrypted cache file to a target storage area corresponding to the application program, wherein the target storage area is used by the application program independently.
9. The method of any one of claims 1, 2, 4, 5, 7, or 8, wherein after the security event is monitored, the method further comprises:
judging whether the application program is in a login interface when the security event is monitored;
and if so, preventing all users who perform login operation through the login interface from logging in the application program.
10. A safety control device, characterized in that the device comprises:
the monitoring unit is used for monitoring whether a safety event occurs when an application program needing safety control runs in the electronic equipment, wherein the safety event is used for acquiring the content displayed by the application program;
and the blocking unit is used for blocking the content displayed by the application program from being acquired when the safety event is monitored.
11. The apparatus of claim 10, wherein the monitoring unit comprises:
the control module is used for controlling the image acquisition module corresponding to the electronic equipment to acquire images of the target area;
the determining module is used for determining that the safety event is monitored when the acquired image is detected to have the image of the target image acquisition device.
12. The apparatus according to claim 10 or 11, wherein the preventing unit comprises:
the first preventing module is used for controlling the application program to exit the current interface; or controlling the application program to display a target picture and locking the application program.
13. The apparatus of claim 10, wherein the monitoring unit comprises:
the detection module is used for detecting whether the electronic equipment is subjected to screen capture operation; and if the electronic equipment is detected to be subjected to screen capture operation, determining that the safety event is monitored.
14. The apparatus of claim 13, wherein the preventing unit comprises:
and the second blocking module is used for intercepting the image acquired corresponding to the screen capturing operation and storing the image in the electronic equipment, and/or intercepting the transmission operation of the electronic equipment on the image acquired corresponding to the screen capturing operation.
15. The apparatus of any one of claims 10, 11, 13 or 14, wherein the safety control device further comprises:
the sending unit is used for acquiring an image corresponding to the content displayed by the application program and image information corresponding to the image when the security event occurs after the blocking unit prevents the content displayed by the application program from being acquired; and sending the image and the image information to a service platform corresponding to the application program, so that the service platform performs security behavior analysis on a user logging in the application program through the electronic equipment based on the image and the image information.
16. The apparatus of any one of claims 10, 11, 13 or 14, wherein the safety control device further comprises:
the locking unit is used for controlling an image acquisition module corresponding to the electronic equipment to acquire an image of a target area after the application program runs in the electronic equipment; and when the acquired image does not contain the face image of the user logging in the application program through the electronic equipment, locking the application program.
17. The apparatus of any one of claims 10, 11, 13, 14 or 16, wherein the safety control device further comprises:
the storage unit is used for encrypting the cache file when the cache file of the application program exists after the application program runs in the electronic equipment, and storing the encrypted cache file to a target storage area corresponding to the application program, wherein the target storage area is used by the application program alone.
18. The apparatus according to any one of claims 10, 11, 13, 14, 16, or 17, wherein the preventing unit is further configured to determine whether the application is in a login interface when the security event is monitored after the security event is monitored; and if so, preventing all users who perform login operation through the login interface from logging in the application program.
CN202210783775.5A 2022-07-05 2022-07-05 Safety control method and device Pending CN115048666A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210783775.5A CN115048666A (en) 2022-07-05 2022-07-05 Safety control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210783775.5A CN115048666A (en) 2022-07-05 2022-07-05 Safety control method and device

Publications (1)

Publication Number Publication Date
CN115048666A true CN115048666A (en) 2022-09-13

Family

ID=83164765

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210783775.5A Pending CN115048666A (en) 2022-07-05 2022-07-05 Safety control method and device

Country Status (1)

Country Link
CN (1) CN115048666A (en)

Similar Documents

Publication Publication Date Title
US20220229886A1 (en) Methods and systems for generating history data of system use and replay mode for identifying security events showing data and user bindings
US10055559B2 (en) Security device, methods, and systems for continuous authentication
KR101610657B1 (en) Three-dimensional virtual entrance control and communicable disease control system and method based on entrance control data
CA2713320C (en) Method and apparatus for detecting behavior in a monitoring system
CN110009784A (en) Monitoring joint defence method and apparatus and system and storage medium based on artificial intelligence
US20140320664A1 (en) Security system for tracking and surveilling an object determined as unrecognizable using a surveillance camera and method for providing security service using the system
KR20170013597A (en) Method and Apparatus for Strengthening of Security
US11763548B2 (en) Monitoring devices at enterprise locations using machine-learning models to protect enterprise-managed information and resources
EP3828837A1 (en) Frictionless security processing
Han et al. The privacy protection framework for biometric information in network based CCTV environment
CN111832458A (en) Anti-theft method and system
CN115048666A (en) Safety control method and device
CN115359539A (en) Office place information security detection method, device, equipment and storage medium
KR101053474B1 (en) Access control system and method
CN113420613B (en) Identity verification method based on face recognition, face recognition system and associated equipment
JP2012141989A (en) Abnormal behavior detection device, monitoring system, abnormal behavior detection method, and program
US11706214B2 (en) Continuous multifactor authentication system integration with corporate security systems
KR102337779B1 (en) Method of preventing the leakage of the information based on behavior and system performing the same
US20230262053A1 (en) Intelligent authentication mechanism for applications
JP2023068624A (en) Operator fraud detection system
CN117494109A (en) Information leakage prevention method and device and storage medium
JP2021136016A (en) Method and system for identifying unauthorized image capture of secure monitor in work environment
CN117692193A (en) Safe processing method, device, equipment and medium for video conference
CN112217786A (en) Information security protection method based on zero trust technology
WO2018232657A1 (en) Privacy information protection method and electronic device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination