[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN114257449A - Data label tracing technology for Web layer - Google Patents

Data label tracing technology for Web layer Download PDF

Info

Publication number
CN114257449A
CN114257449A CN202111567465.1A CN202111567465A CN114257449A CN 114257449 A CN114257449 A CN 114257449A CN 202111567465 A CN202111567465 A CN 202111567465A CN 114257449 A CN114257449 A CN 114257449A
Authority
CN
China
Prior art keywords
data
label
document
tracing
tag
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111567465.1A
Other languages
Chinese (zh)
Inventor
完新说
马正鲍
谢富国
陈剑航
喻广融
付豪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Yanshuo Information Technology Co ltd
Original Assignee
Shanghai Yanshuo Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Yanshuo Information Technology Co ltd filed Critical Shanghai Yanshuo Information Technology Co ltd
Priority to CN202111567465.1A priority Critical patent/CN114257449A/en
Publication of CN114257449A publication Critical patent/CN114257449A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/146Tracing the source of attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Computing Systems (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a data label tracing technology for a Web layer, which comprises the following steps: extracting basic data from HTTP (S) format data, and judging whether the type of the basic data is a character string or a document type; if the character string format data exists, automatically adding an identity characteristic label in the data, then encrypting the characteristic, processing by using an invisible characteristic technology, and sending to a third-party service system; if the document format type is the document format type, deeply analyzing the format of the document, adding an identity characteristic label to the document data after the analysis is successful, encrypting the characteristic, and processing by using an invisible characteristic technology; importing the leaked data into matched tracing software, wherein the tracing software can extract identity characteristic label information in the data and decrypt and visually process the label to determine identity characteristic information of specific leaked personnel and time for leaking the data, so that a tracing effect is realized; by utilizing the technical means of the invention, the data leakage risk can be greatly reduced.

Description

Data label tracing technology for Web layer
Technical Field
The invention belongs to the technical field of network information security, and particularly relates to a data label tracing technology for a Web layer.
Background
When the computer business system is much based on the Web form, it has become the mainstream. Data communication and service interaction between Web systems are basically completed by calling a Web interface form. Particularly, for a database system and a core service system, the server Web interface of the system needs to provide various data to the external use, such as basic data used by an external third-party service system, as shown in fig. 5 and 6. The basic data given to external or third parties in the form of Web interfaces are often homogeneous, i.e., there is almost no difference in the underlying data received by different third parties. After the data without difference on the interface level is sent to a plurality of third party systems, if a certain third party leaks basic data, the basic data is difficult to trace as a management party, or it is difficult to determine which of the third parties is a leakage source.
Solving such data leakage risk is currently done more by management plus technical means. If the management means requires that all third-party contact server system personnel need strict management for operation, all the personnel contacting the server need to apply for operation, and the like. The technical means requires that the authority distribution of the personnel contacting the server is minimized, all logs of the server operation are recorded, and the like.
At present, some means for tracing data identification are available, for example, metadata is added for identification in a data storage link, such data identification needs to change a database structure and add metadata identification on one hand, and on the other hand, data can only be traced to the source, and a leakage person cannot be traced to the source. The management and technical means can guarantee data security to a certain extent, but still have great loopholes or probability to cause the basic data to be spread and leaked by third-party users, and the main reason is that the basic data is not different from the third-party users. The content of basic data taken by a third party A is identical to that of basic data taken by a third party B, the data is not different, namely, after any party leaks the data, the data serving as a data source manager is difficult to determine a specific leakage source, and therefore a data label tracing technology for a Web layer is provided.
Disclosure of Invention
The invention aims to provide a data label tracing technology for a Web layer, which realizes a data tracing effect by using an invisible characteristic technology so as to accurately trace the source of data of various leakage paths and solve the problems in the background technology.
In order to achieve the purpose, the invention adopts the following technical scheme: a data label tracing technology for a Web layer comprises the following steps:
after receiving HTTP (S) data sent by a third-party service system, a Web data label traceability system extracts basic data from the HTTP (S) format data and judges the type of the data;
B. when the data is in a character string type, automatically adding an identity characteristic label in the character string data, then encrypting the characteristic, and processing by using an invisible characteristic technology, wherein the traceability system needs to restore the character string data with the encrypted characteristic label in an HTTP (S) protocol form and send the character string data to a third-party service system;
C. when the data is a streaming document or a format document, the format of the document in various formats needs to be deeply analyzed, an identity feature tag is added to the data after the analysis is successful, the features are encrypted and processed by using an invisible feature technology, the identity feature tag can be further added to the document extended attribute for the document format, identity feature information is added in multiple forms, the assembly and the reduction of various document formats are completed after the identity feature tag is added, and the document with the encrypted feature tag is sent to a third-party service system;
D. and when the third-party service system receives the data returned by the Web interface of the server, the data can be normally used. If the third-party service personnel reveals the received data, the manager of the data can lead the revealed data into the matched tracing software, and the tracing software can extract the identity characteristic label information in the data so as to determine the identity characteristic information of the specific revealing personnel and the time of revealing the data, thereby realizing the tracing effect
Further, before step a, the third-party service system initiates a request to the server Web interface through the URL address of the http(s) protocol and acquires data, the Web data tag tracing system transfers the received request to the server Web interface, and the server Web interface receives the request and starts to process the request.
Furthermore, the traceability system is used as an intermediate network link to complete all network bottom layer operations such as request receiving, request forwarding and the like.
Further, the identity tag includes, but is not limited to, a source IP address, a login account number, an AppID, or AppKey identification information of the business system.
Further, the identity feature tag selects at least one of a source IP address, a login account, an AppID or an AppKey as an identifier.
Further, the identity tag is added while adding the current timestamp information.
Further, the feature encryption method includes, but is not limited to, AES, RSA, and cryptographic SM.
Compared with the prior art, the invention has the beneficial effects that:
the invention relates to an identity characteristic technology aiming at Web data source tracing. The technology can realize the tracing effect only aiming at the data acquired in the form of calling the Web interface of the server. Namely, the third-party identity feature labels are automatically added to the basic data of each third party, the identity feature labels are encrypted and invisible, so that the identity feature labels cannot be seen when a user looks over the identity feature labels with naked eyes, but the identity feature labels can be normally identified by special feature identification software matched with the traceability system. The encryption technology ensures that the identity characteristic information is not easy to be falsified and forged. When data is sent to a third party A through a Web interface, the identity characteristic label of A is automatically added to the underlying basic data, when the data is sent to a third party B, the identity characteristic label of B is automatically added to the underlying basic data, and the feature label is invisible in encryption, so that the normal use of services is not influenced, and the browsing and checking of a user are not influenced. After a plurality of third party basic numbers are given by a Web interface of the server, once data with identity feature labels are leaked by a certain party, a management party can extract features of the data through special feature recognition software matched with a traceability system, if identity feature information extracted from the leaked data belongs to a third party A, the leakage source can be determined to be the third party A, if the identity feature information extracted from the leaked data belongs to a third party B, the leakage source can be determined to be the third party B, and the like.
If the third party A copies the data to be leaked by using the micro-letter transmission, copies the data to be transmitted by using the mail, copies the data to be transmitted after storing the file, transmits the file by using the network command, transmits the document by using the micro-letter and other tools, and uploads the important document to some public platforms (such as a Baidu library, a Douding network, a Darbus, an E library, a New love shared data, a CSDN download, a Suzhou network and the like), the special feature recognition software matched with the tracing system can extract and recognize the feature of the leaked data or document.
The technology of the invention can provide a good tracing mode for an administrator. The source tracing effect plays a good role in frightening data leakage behaviors of related data using personnel, and the data leakage risk can be greatly reduced and the data safety can be improved by utilizing the technical means.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention.
FIG. 1 is a flow chart of the present invention;
FIG. 2 is a data processing flow diagram of the present invention;
FIG. 3 is a flow chart of an evolution process of adding identity tags in accordance with the present invention;
FIG. 4 is a flowchart of the process of extracting feature tags by the tracing software of the present invention;
FIG. 5 is a current data transmission flow diagram;
fig. 6 is a current data flow diagram.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Referring to fig. 1 to 4, the present invention provides a technical solution: a data label tracing technology for a Web layer comprises the following steps:
STEP 1: the operation sequence is a third-party service system-Web data label tracing system-server Web interface;
the method comprises the processes of S1, S2 and S3 in the figure 1, wherein a third-party service system initiates a request to a server Web interface through a URL (Uniform resource locator) address of an HTTP (S) protocol and acquires data, a Web data label traceability system transfers the received request to the server Web interface, the server Web interface receives the request and starts to process the request, and the traceability system is used as an intermediate network link to complete all network bottom layer operations such as request receiving, request forwarding and the like.
STEP 2: the operation sequence is a Web interface-Web data label traceability system of the server;
after receiving the transmitted http (S) business data, the Web data tag traceability system extracts basic data (i.e., real business data) from http (S) format data, and determines whether the basic data is of a string type or a document type, wherein subsequent steps of different types have different processing modes.
STEP 3: processing the character string type data by the Web data tag traceability system;
the method comprises the processes of S6, S7 and S8 in figure 1, if a tracing system judges that basic data is a character string type, identity characteristic tags are automatically added into the character string data, the identity characteristic tags can self-define and select a source IP address, a login account number, an AppID or an AppKey of a service system, and current timestamp information is added, because the identity characteristic tags are added aiming at the character strings, the identity characteristic tags still need to be specially processed, such as encryption processing of algorithms such as AES, RSA and national secret SM and the like are carried out on the characteristics, invisible characteristic technology processing is used for ensuring that the identity characteristics are difficult to tamper, forge and cannot be checked, the character string data can be in a text format which can be transmitted by (HTTP S) (such as a JSON format, an XML format, a common character string format and the like, after the identity characteristic tags are automatically added, the tracing system needs to restore the complete character string data with the identity characteristic tags in a form of an HTTP (S) protocol, and sending the data to a third-party service system to ensure that the service process is normal.
STEP 4: the Web data label traceability system processes the document data;
including the S9, S10, S11 processes of fig. 1. If the traceability system judges that the service data is of a streaming document (such as a docx format, an xlsx format, and a pptx format) or a format document (such as a pdf format, and a domestic ofd format), the format of the documents in various formats needs to be deeply analyzed, and after the analysis is successful, an identity feature tag is added to the data, and the specific processing mode can be the same as the above character string type processing flow. For the document type format, identity characteristic tags can be further added to the document extended attributes, and identity characteristic information can be added in a multiple mode. And after the identity characteristic tag is added, completing the assembly and reduction of various document formats, and finally sending the document with the identity characteristic tag to a third-party service system to ensure that the service process is normal. The traceability system can automatically complete the work of adding the identity characteristic label, the mode belongs to a non-sensing mode, manual access is not needed, a server is not needed to modify codes, a third-party service terminal is not needed to modify the codes, and the whole process is completed in an automatic transparent mode.
STEP 5: a third-party service system, namely a Web data label traceability system;
including the processes of S12 and S13, the data can be normally used after the third-party service system receives the data returned by the Web interface of the server. If the data is finally leaked out through different ways, an administrator can trace the source of the leaked data, specifically, the leaked data (including character string data and document types) are led into the tracing software, and the tracing software can extract identity characteristic label information in the data so as to determine the identity characteristic information of specific leaked personnel and the time for leaking the data, so that the tracing effect is realized.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.

Claims (7)

1. A data label tracing technology for a Web layer is characterized by comprising the following steps:
after receiving HTTP (S) data sent by a third-party service system, a Web data label traceability system extracts basic data from the HTTP (S) format data and judges the type of the data;
B. when the data is in a character string type, automatically adding an identity characteristic label in the character string data, then encrypting the characteristic, and processing by using an invisible characteristic technology, wherein the traceability system needs to restore the character string data with the identity characteristic label in an HTTP (S) protocol form and send the character string data to a third-party service system;
C. when the data is a streaming document or a format document, the format of the document in various formats needs to be deeply analyzed, an identity characteristic tag is added to the data after the analysis is successful, the tag is encrypted and processed by using an invisible characteristic technology, the identity characteristic tag can be further added to the document extended attribute for the document format, identity characteristic information is added in multiple forms, the assembly and the reduction of various document formats are completed after the identity characteristic tag is added, and the document with the identity characteristic tag is sent to a third-party service system;
D. when the third-party service system receives the data returned by the Web interface of the server, the data can be normally used, if the third-party service personnel reveals the received data, a manager of the data can lead the revealed data into matched tracing software, and the tracing software can extract the identity characteristic label information in the data so as to determine the identity characteristic information of the specific revealing personnel and the time of revealing the data, thereby realizing the tracing effect.
2. The data tag tracing technology for the Web layer according to claim 1, wherein: before the step A, the third-party service system initiates a request to the Web interface of the server through the URL address of the HTTP (S) protocol and acquires data, the Web data label tracing system transfers the received request to the Web interface of the server, and the Web interface of the server receives the request and starts to process the request.
3. The data tag tracing technology for the Web layer according to claim 1, wherein: the traceability system is used as an intermediate network link to complete all network bottom layer operations such as request receiving, request forwarding and the like.
4. The data tag tracing technology for the Web layer according to claim 1, wherein: the identity tag includes, but is not limited to, a source IP address, a login account number, an AppID, or AppKey identification information of the business system.
5. The data tag tracing technology for the Web layer according to claim 4, wherein: the identity characteristic label selects at least one of a source IP address, a login account number, an AppID or an AppKey as an identifier.
6. The data tag tracing technology for the Web layer according to claim 4, wherein: and adding the current timestamp information while adding the identity characteristic label.
7. The data tag tracing technology for the Web layer according to claim 1, wherein: the features are encrypted by algorithms including, but not limited to, AES, RSA, or national secret SM.
CN202111567465.1A 2021-12-20 2021-12-20 Data label tracing technology for Web layer Pending CN114257449A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111567465.1A CN114257449A (en) 2021-12-20 2021-12-20 Data label tracing technology for Web layer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111567465.1A CN114257449A (en) 2021-12-20 2021-12-20 Data label tracing technology for Web layer

Publications (1)

Publication Number Publication Date
CN114257449A true CN114257449A (en) 2022-03-29

Family

ID=80796196

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111567465.1A Pending CN114257449A (en) 2021-12-20 2021-12-20 Data label tracing technology for Web layer

Country Status (1)

Country Link
CN (1) CN114257449A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101197857A (en) * 2007-12-26 2008-06-11 腾讯科技(深圳)有限公司 Document downloading method and device
FR3010560A1 (en) * 2013-09-11 2015-03-13 Univ Troyes Technologie COLLABORATIVE WORKING TOOL FOR ARCHIVING, TRACABILITY AND PROBATION VALUE OF ORGANIZATION DATA
CN107423629A (en) * 2017-04-12 2017-12-01 李晓妮 A kind of anti-method and system divulged a secret with tracing of fileinfo output
CN108809803A (en) * 2018-04-18 2018-11-13 北京明朝万达科技股份有限公司 A kind of anti-method and system divulged a secret with tracing of fileinfo
CN109657426A (en) * 2019-01-30 2019-04-19 贵州大学 A kind of data source tracing method based on digital signature and digital watermarking
CN111625854A (en) * 2020-05-25 2020-09-04 聚好看科技股份有限公司 Document encryption method, access method, server and system
CN113032744A (en) * 2021-03-29 2021-06-25 吉林省容汇科技服务中心(有限合伙) Digital watermark all-in-one system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101197857A (en) * 2007-12-26 2008-06-11 腾讯科技(深圳)有限公司 Document downloading method and device
FR3010560A1 (en) * 2013-09-11 2015-03-13 Univ Troyes Technologie COLLABORATIVE WORKING TOOL FOR ARCHIVING, TRACABILITY AND PROBATION VALUE OF ORGANIZATION DATA
CN107423629A (en) * 2017-04-12 2017-12-01 李晓妮 A kind of anti-method and system divulged a secret with tracing of fileinfo output
CN108809803A (en) * 2018-04-18 2018-11-13 北京明朝万达科技股份有限公司 A kind of anti-method and system divulged a secret with tracing of fileinfo
CN109657426A (en) * 2019-01-30 2019-04-19 贵州大学 A kind of data source tracing method based on digital signature and digital watermarking
CN111625854A (en) * 2020-05-25 2020-09-04 聚好看科技股份有限公司 Document encryption method, access method, server and system
CN113032744A (en) * 2021-03-29 2021-06-25 吉林省容汇科技服务中心(有限合伙) Digital watermark all-in-one system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王丽娜: "《信息隐藏技术与应用》", 中国铁道出版社有限公司, pages: 103 - 148 *

Similar Documents

Publication Publication Date Title
CN108989346B (en) Third-party valid identity escrow agile authentication access method based on account hiding
CN104113534B (en) The login system and method for application APP
US9763100B2 (en) Instant messaging message processing method and device and storage medium
CN105763635B (en) Information processing method, system and server
CN112131564B (en) Method, device, equipment and medium for encrypting data communication
CN106341429A (en) Authentication method capable of protecting safety of server data
CN111447133B (en) Message transmission method and device, storage medium and electronic device
KR20110058649A (en) Methods and systems for real time language translation using social networking
CN110399748A (en) A kind of screenshot method and device based on image recognition
CN107528865A (en) The method for down loading and system of file
CN113536250B (en) Token generation method, login verification method and related equipment
CN106331331A (en) Display method, generation method and display device for terminal information and server
CN103490978A (en) Terminal, server and message monitoring method
CN110807209B (en) Data processing method, device and storage medium
CN110913397B (en) Short message verification method, device, storage medium and computer equipment
CN104426834B (en) A kind of web-page requests method, client, server and system
CN105812460A (en) Mobile Internet message push technology for enterprise customers
CN106559386A (en) A kind of authentication method and device
CN113449829B (en) Data transmission method and related device based on optical character recognition technology
CN104639387A (en) Users' network behavior tracking method and equipment
CN113098758B (en) Enterprise message pushing security gateway system based on enterprise WeChat
CN107645474A (en) Log in the method for open platform and log in the device of open platform
KR102072134B1 (en) Message transmission apparatus, message server and message receipt appratus
CN114257449A (en) Data label tracing technology for Web layer
CN118317304A (en) Short message dual-mechanism security authentication method, computer program product and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination