[go: up one dir, main page]

CN113904813A - Data protection method and device, electronic equipment and storage medium - Google Patents

Data protection method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN113904813A
CN113904813A CN202111106153.0A CN202111106153A CN113904813A CN 113904813 A CN113904813 A CN 113904813A CN 202111106153 A CN202111106153 A CN 202111106153A CN 113904813 A CN113904813 A CN 113904813A
Authority
CN
China
Prior art keywords
internet
data
things
transmitted
sending request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111106153.0A
Other languages
Chinese (zh)
Inventor
张斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sangfor Technologies Co Ltd
Original Assignee
Sangfor Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sangfor Technologies Co Ltd filed Critical Sangfor Technologies Co Ltd
Priority to CN202111106153.0A priority Critical patent/CN113904813A/en
Publication of CN113904813A publication Critical patent/CN113904813A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the application discloses a data protection method, a data protection device, electronic equipment and a storage medium, wherein the method comprises the following steps: receiving a data sending request sent by the Internet of things equipment; determining a device type of the Internet of things device in response to the data sending request; determining a connection strategy based on the device type of the Internet of things device; processing the data transmission request based on the connection policy.

Description

Data protection method and device, electronic equipment and storage medium
Technical Field
The present application relates to the field of data security, and relates to, but is not limited to, a data protection method, apparatus, electronic device, and storage medium.
Background
Along with the rapid development of science and technology and economy, the internet of things gradually affects all industries, wherein smart homes are key application fields of the internet of things in the family environment. Networking devices are increasingly deployed in homes, but network security for the networking devices does not bring enough attention to the industry, and cases that many home network cameras are stolen and personal privacy is exposed to the internet are exposed.
Disclosure of Invention
In view of this, embodiments of the present application provide a data protection method, an apparatus, an electronic device, and a storage medium.
In a first aspect, an embodiment of the present application provides a data protection method, where the method includes: receiving a data sending request sent by the Internet of things equipment; determining a device type of the Internet of things device in response to the data sending request; determining a connection strategy based on the device type of the Internet of things device; processing the data transmission request based on the connection policy.
In a second aspect, an embodiment of the present application provides a data protection apparatus, where the apparatus includes: the receiving module is used for receiving a data sending request sent by the Internet of things equipment; the response module is used for responding to the data sending request and determining the equipment type of the equipment of the Internet of things; a first determination module, configured to determine a connection policy based on a device type of the internet of things device; and the processing module is used for processing the data sending request based on the connection strategy.
In a third aspect, an embodiment of the present application provides an electronic device, including a memory and a processor, where the memory stores a computer program that is executable on the processor, and the processor implements, when executing the computer program, the steps in the data protection method according to the first aspect of the embodiment of the present application.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps in the data protection method according to the first aspect of the embodiment of the present application.
In the embodiment of the application, the gateway device determines the device type of the internet of things device by responding to the data sending request of the internet of things device, further determines the connection strategy of the internet of things device, and processes the data sending request based on the connection strategy, so that a targeted connection strategy can be provided for the internet of things device according to the device type of the internet of things device, and data leakage is prevented.
Drawings
Fig. 1 is a schematic flowchart of a data protection method according to an embodiment of the present application;
FIG. 2 is a schematic diagram illustrating a structure of a data protection device according to an embodiment of the present disclosure;
fig. 3 is a hardware entity diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solution of the present application is further elaborated below with reference to the drawings and the embodiments.
Fig. 1 is a schematic flowchart of a data protection method according to an embodiment of the present application, and as shown in fig. 1, the method includes:
step 102: receiving a data sending request sent by the Internet of things equipment;
the data protection method can be applied to gateway equipment, the Internet of things equipment can comprise an intelligent home and intelligent wearing, the intelligent home comprises a sweeping robot, an intelligent computer, an intelligent mobile phone, an intelligent sound box, an intelligent television, a network camera, an intelligent kitchen and toilet, an intelligent air purifier, an intelligent extension socket and the like, the intelligent wearing comprises wearing by an intelligent old person, wearing by an intelligent pet, an intelligent adult watch and an intelligent child watch and the like, and the data sending request can comprise data to be transmitted and receiving equipment of the data to be transmitted; the data sending request is used for the Internet of things equipment to request the gateway equipment to send the data to be transmitted to the receiving equipment through the Internet; the receiving device may be a receiver of the data to be transmitted, and the receiving device may be other devices of an owner (or a user or an operator) of the internet of things device, or may be devices of other users.
Step 104: determining a device type of the Internet of things device in response to the data sending request;
wherein the device type may be one of a stereo, a television, a camera, a sweeping robot, a smart watch, an air purifier, and the like.
Step 106: determining a connection strategy based on the device type of the Internet of things device;
the connection strategy can be a strategy for connecting the internet of things equipment with the internet, and can also be called an internet connection strategy, and the internet connection strategy can be used for limiting the network connection time of the internet of things equipment, the content and the authority of the data to be transmitted of the internet of things equipment, receiving equipment and the like under the condition that the internet of things equipment sends the data to be transmitted through the internet.
Step 108: processing the data transmission request based on the connection policy.
In the embodiment of the application, the gateway device determines the device type of the internet of things device by responding to the data sending request of the internet of things device, further determines the connection strategy of the internet of things device, and processes the data sending request based on the connection strategy, so that a targeted connection strategy can be provided for the internet of things device according to the device type of the internet of things device, and data leakage is prevented.
The embodiment of the application also provides a data protection method, which comprises the following steps:
step S202: receiving a data sending request sent by the Internet of things equipment; the data sending request comprises data to be transmitted and receiving equipment of the data to be transmitted;
step S204: responding to the data sending request, and sending a detection data packet to the Internet of things equipment;
the detection packet may be configured to detect a network connection attribute of the Internet of things device, such as at least one of an IP (Internet Protocol) address, a subnet mask, a default gateway, and a DNS (Domain Name System) server of the Internet of things device; the detection data packet can also be used for detecting an operating system, port services and the like of the equipment of the internet of things.
Step S206: receiving a response result of the Internet of things equipment to the detection data packet;
the response result may be a corresponding IP address, subnet mask, DNS server, etc. sent by the internet of things device to the gateway device; the response result can also be an operating system, a port service and the like of the equipment of the internet of things.
Step S208: determining the equipment type of the equipment of the Internet of things according to the response result;
the gateway equipment can be pre-configured with operating systems and port services of the Internet of things equipment of different equipment types; different operating systems and port services respond differently to probe packets; if the service port on the windows system comprises a 3389 port, the gateway device can determine that the device type of the internet of things device is an intelligent computer by detecting that the internet of things device is the windows system and has the 3389 port; the gateway device can determine that the device type of the internet of things device is a smart television by detecting that the internet of things device is a Video-On-Demand (VOD) System in an Real Time Operating System (RTOS), and can determine that the device type of the internet of things device is a smart phone by detecting that the internet of things device is an android System.
Step S210: under the condition that the device type of the Internet of things device is a first preset type, determining an Internet connection strategy as controlling the Internet of things device to be connected with the Internet in a target time period;
the first preset type can be one of a network camera, an intelligent sound box and a television; the target time period may be between 8:00 and 22:00, and may also be between 15:00 and 21:00, and so on.
In the case that the device type is a webcam, the internet connection policy may be that the gateway device only allows the webcam to communicate with the internet for a specific period of time, such as between 8:00 and 22: 00; in the case where the device type is smart audio, the internet connection policy may be that the gateway device allows the smart audio to connect to the internet only for a certain period of time, such as between 15:00 and 21: 00.
Step S212: and transmitting the data to be transmitted to the receiving equipment through the Internet in the target time period.
In the embodiment of the application, the gateway device can actively send the detection data packet to the internet of things device, and determine the device type of the internet of things device according to the response of the internet of things device to the detection data packet, so that the device type of the internet of things device can be determined more accurately and more efficiently; in addition, by limiting the networking time interval when the Internet of things equipment is networked, the data can be further prevented from being leaked.
The embodiment of the application also provides a data protection method, which comprises the following steps:
step S302: receiving a data sending request sent by the Internet of things equipment; the data sending request comprises data to be transmitted and receiving equipment of the data to be transmitted;
step S304: responding to the data sending request, and acquiring the network flow of the Internet of things equipment;
the network traffic may be a data volume transmitted by the internet of things device on the internet, and the data volume may be the number of transmitted data packets and the size of each data packet.
Step S306: analyzing the network flow according to the coding format of the network flow to obtain an analysis result;
the encoding format of the network traffic may be encoding formats of video streams such as MP4, MOV and RMVB (real Media Variable bit rate), etc., or encoding formats of Audio streams such as MP3(Moving Picture Experts Group Audio Layer III, motion Picture Experts Group Audio Layer III), ogg (ogg volts), WMA (Windows Media Audio, microsoft Audio format), etc., and according to the encoding formats, it may be determined whether the network traffic is a video stream or an Audio stream, or a combination of a video stream and an Audio stream, etc.; the analysis result of the network traffic may be that the network traffic is a video stream, the network traffic is an audio stream, and the network traffic includes a video stream and an audio stream.
Step S308: determining the equipment type of the equipment of the Internet of things according to the analysis result;
the device type of the internet of things device can be a television under the condition that the analysis result is that the network traffic is a video stream; when the analysis result is that the network traffic is an audio stream, the device type of the internet of things device may be a sound device; and under the condition that the analysis result is that the network traffic comprises video streams and audio streams, the device type of the internet of things can be a camera.
Step S310: determining an internet connection policy to modify the data to be transmitted under the condition that the equipment type of the internet of things equipment is a second preset type;
the second preset type can be one of a network camera, an intelligent sound box and a television; the modification process may include a content modification process and/or an encryption process, etc. of the data to be transmitted.
In a case that the device type is a network camera, the internet connection policy may be to encrypt and modify transmitted data when the gateway device finds that the network camera transmits data to the internet.
Step S312: modifying the data to be transmitted to obtain modified data to be transmitted;
step S314: and sending the modified data to be transmitted to the receiving equipment through the Internet.
In the embodiment of the application, the gateway device can analyze the acquired network traffic of the internet of things device and determine the device type of the internet of things device according to the analysis result, so that the device type of the internet of things device can be determined more accurately and efficiently, and the diversity of device type determination is increased; in addition, by limiting the content or authority of the data to be transmitted, the data can be further prevented from leaking.
The embodiment of the application also provides a data protection method, which comprises the following steps:
step S402: receiving a data sending request sent by the Internet of things equipment; the data sending request comprises data to be transmitted and receiving equipment of the data to be transmitted;
step S404: responding to the data sending request, and acquiring the network flow of the Internet of things equipment;
step S406: analyzing the network flow according to the coding format of the network flow to obtain an analysis result;
step S408: determining the equipment type of the equipment of the Internet of things according to the analysis result;
step S410: under the condition that the equipment type of the Internet of things equipment is a third preset type, determining an Internet connection strategy as controlling preset equipment to access the Internet of things equipment through the Internet;
the third preset type can be one of a network camera, an intelligent sound box and an intelligent television; the preset device may be a device of an owner of the internet of things device, such as a mobile phone, a notebook computer, a desktop computer, a smart watch, and the like.
In the case that the device type is a webcam, the internet connection policy may be that the gateway device only allows a specific device to access the webcam through the internet, for example, only allows a mobile phone of an owner of the webcam to access the webcam.
Step S412: and under the condition that the receiving equipment is the preset equipment, sending the data to be transmitted to the receiving equipment through the Internet.
In the embodiment of the application, the gateway device can analyze the acquired network traffic of the internet of things device and determine the device type of the internet of things device according to the analysis result, so that the device type of the internet of things device can be determined more accurately and efficiently, and the diversity of device type determination is increased; in addition, by restricting the receiving apparatus, it is possible to further prevent data leakage.
The embodiment of the application also provides a data protection method, which comprises the following steps:
step S502: receiving a data sending request sent by the Internet of things equipment; the data sending request comprises data to be transmitted and receiving equipment of the data to be transmitted;
step S504: responding to the data sending request, and acquiring the network flow of the Internet of things equipment;
step S506: analyzing the network flow according to the coding format of the network flow to obtain an analysis result;
step S508: determining the equipment type of the equipment of the Internet of things according to the analysis result;
step S510: acquiring a target network connection attribute of the Internet of things equipment;
the target network connection attribute may be an IP address, a subnet mask, and the like of the internet of things device;
step S512: determining the safety of the equipment of the Internet of things according to the target network connection attribute and the equipment type;
wherein the security of the IOT device is used to characterize whether the IOT device is a secure, trusted device.
In one embodiment, step S512 may include the following steps S5121 to S5123:
step S5121: determining a reference network connection attribute corresponding to the equipment type based on the trained deep learning model; step S5122: determining that the Internet of things device is unsafe when the similarity between the target network connection attribute and the reference network connection attribute is less than or equal to a preset similarity threshold; step S5123: and under the condition that the similarity between the target network connection attribute and the reference network connection attribute is greater than the similarity threshold value, determining the safety of the Internet of things equipment.
The similarity threshold value can be 80%, 90%, 95% and the like, the initial deep learning model can be trained according to the network connection attribute and the device type of the internet of things device to obtain a trained deep learning model, so that the reference network connection attribute corresponding to the device type can be determined based on the trained deep learning model, and the obtained target network connection attribute of the internet of things device and the reference network connection attribute determined by the trained deep learning model are compared to determine whether the internet of things device is an unknown and untrustworthy unsafe device with a possibility of data leakage risk.
Step S514: determining an internet connection strategy based on the device type of the internet of things device;
step S516: processing the data sending request based on the Internet connection strategy under the condition that the security represents that the Internet of things equipment is not secure;
step S518: under the condition that the safety represents the safety of the Internet of things equipment, performing identity authentication on the receiving equipment;
step S520: and under the condition that the identity authentication is passed, sending the data to be transmitted and the secret key to the receiving equipment so that the receiving equipment can decrypt the acquired data to be transmitted by using the secret key.
The receiving device may be a mobile phone, and the identity authentication may be through phone number verification.
In the embodiment of the application, the gateway device can analyze the acquired network traffic of the internet of things device and determine the device type of the internet of things device according to the analysis result, so that the device type of the internet of things device can be determined more accurately and efficiently, and the diversity of device type determination is increased; the security of the Internet of things equipment is determined through the acquired target network connection attribute and the equipment type of the Internet of things equipment, and the data sending request is processed only under the condition that the Internet of things equipment is unsafe, so that the data protection efficiency can be improved; the reference network connection attribute is determined through the trained deep learning model, so that the accuracy, reliability and efficiency of determining the network connection attribute of the Internet of things equipment corresponding to the equipment type can be improved; under the condition of the safety of the equipment in the Internet of things, the identity of the receiving equipment is verified, so that the safety of data transmission can be improved.
Along with the rapid development of science and technology and economy, the internet of things gradually affects all industries, wherein smart homes are key application fields of the internet of things in the family environment. Networking devices are increasingly deployed in homes, but network security for the networking devices does not bring enough attention to the industry, and cases that many home network cameras are stolen and personal privacy is exposed to the internet are exposed.
At present, equipment manufacturers and security manufacturers are not invested in data leakage prevention. The intelligent home data leakage attention is insufficient, and no mature intelligent home privacy data leakage related protection scheme exists.
The application provides a data protection method, which is applied to a safe family gateway routing product (also called a safe gateway product or a safe gateway), and detects and solves the following problems of intelligent household equipment: such as the data leakage problem of networking equipment such as network camera, family's intelligent stereo set. The method comprises the following steps:
step S601: identifying the equipment type of the intelligent household products accessed to the home network;
the security gateway product can identify the equipment type of the intelligent household product in a passive and active fingerprint identification mode. The intelligent household products can be camera equipment, intelligent sound boxes, intelligent televisions and other equipment which are interactive with the Internet; the passive fingerprint identification may be that the security gateway product obtains the network traffic of the smart home product, analyzes the network traffic to obtain the device type of the smart home product, and determines that the device type of the smart home product is a television, for example, when the network traffic is analyzed to be a video stream; the active fingerprint identification mode can be the security gateway product
Step S602: setting a corresponding internet connection strategy based on the equipment type of the intelligent household equipment;
the intelligent household products can also be called intelligent household equipment, and the internet connection strategy can also be called a networking strategy; the security gateway is internally provided with a default networking strategy for each type of intelligent household equipment.
In the case that the device type is a webcam, the internet connection policy may be that the security gateway only allows the webcam to communicate with the internet for a certain period of time, such as between 8:00 and 22: 00; in the case that the device type is the smart audio, the internet connection policy may be that the security gateway allows the smart audio to connect to the internet only for a specific period of time, such as between 15:00 and 21:00 for communication with the internet; when the device type is a certain device type, the internet connection policy may be to encrypt and modify transmitted data when the security gateway finds that the smart home device of the certain device type transmits data to the internet; in the case that the device type is another device type, the internet connection policy may also be that the security gateway only allows a specific device to access the smart home device through the internet, for example, only allows a device of an owner of the smart home device (for example, a mobile phone, a notebook computer, and a desktop computer of the owner) to access the smart home device.
Step S603: automatically detecting whether the networking equipment has a data leakage risk;
the security gateway may be embedded with an anomaly detection algorithm based on a time series, and automatically learns network connection characteristics of the networking device, where the network connection characteristics may be an IP address, a subnet mask, and the like of the networking device; the security gateway can acquire the network connection characteristics of the networking equipment, and determines the reference network connection characteristics of the equipment type according to the equipment type and the anomaly detection algorithm of the networking equipment, if the acquired network connection characteristics of the networking equipment are not consistent with the network connection characteristics of the networking equipment, the networking equipment is indicated to have a data leakage risk; if the obtained IP address of the networking device is not consistent with the IP address determined by the device type of the networking device, the networking device can be a device of an unfamiliar user and is unsafe, namely the networking device has a data leakage risk; the internet connection policy in step S402 is automatically triggered when the secure network finds that a networked device at risk of data leakage sends out a large amount of data over the internet.
Step S604: and automatically encrypting the suspected leaked data and automatically encrypting the data.
In step S604, if the user sets a setting item for modifying the data packet which is suspected to have data leakage. The security gateway automatically modifies and encrypts the transmitted data packets so that even if the data is leaked out, it is difficult for an attacker to restore the complete data.
It should be noted that, if the data is sent out by a normal user, that is, the networking device does not have a risk of data leakage, the security gateway may send the key to the user in a manner of telephone number authentication or the like, and decrypt the acquired data.
In the embodiment of the application, abnormal data leakage behaviors are identified by learning a model of home intelligent household equipment and internet access; by developing a security gateway, the data leakage behavior of the smart home can be limited through a built-in strategy; aiming at suspected leaked data, the security gateway can automatically encrypt the data, and even if the data is stolen, the data leakage cannot be caused; for data transmitted to the outside, after passing through the security gateway, the data can be really acquired only after identity authentication.
Based on the foregoing embodiments, embodiments of the present application provide a data protection apparatus, where each module included in the apparatus may be implemented by a processor in an electronic device; of course, the implementation can also be realized through a specific logic circuit; in the implementation process, the processor may be a Central Processing Unit (CPU), a Microprocessor Unit (MPU), a Digital Signal Processor (DSP), a Field Programmable Gate Array (FPGA), or the like.
Fig. 2 is a schematic structural diagram of a data protection apparatus according to an embodiment of the present application, and referring to fig. 2, the apparatus 200 includes:
a receiving module 201, configured to receive a data sending request sent by an internet of things device;
a response module 202, configured to determine, in response to the data sending request, a device type of the internet of things device;
a first determining module 203, configured to determine a connection policy based on a device type of the internet of things device;
a processing module 204, configured to process the data sending request based on the connection policy.
In one embodiment, the response module 202 includes: the sending submodule is used for responding to the data sending request and sending a detection data packet to the Internet of things equipment; the receiving submodule is used for receiving a response result of the Internet of things equipment to the detection data packet; and the first determining submodule is used for determining the equipment type of the equipment of the Internet of things according to the response result.
In one embodiment, the response module 202 includes: the obtaining submodule is used for responding to the data sending request and obtaining the network flow of the Internet of things equipment; the analysis submodule is used for analyzing the network flow according to the coding format of the network flow to obtain an analysis result; and the second determining submodule is used for determining the equipment type of the equipment of the Internet of things according to the analysis result.
In one embodiment, the data sending request includes data to be transmitted and receiving equipment of the data to be transmitted; the first determining module 203 is configured to determine a connection policy to control the internet-of-things device to connect to the internet in a target time period when the device type of the internet-of-things device is a first preset type; the processing module 204 is configured to send the data to be transmitted to the receiving device through the internet in the target time period.
In one embodiment, the data sending request includes data to be transmitted and receiving equipment of the data to be transmitted; the first determining module 203 is configured to determine, when the device type of the internet of things device is a second preset type, that the connection policy is to modify the data to be transmitted;
the processing module 204 is configured to modify the data to be transmitted to obtain modified data to be transmitted; and sending the modified data to be transmitted to the receiving equipment through the Internet.
In one embodiment, the data sending request includes data to be transmitted and receiving equipment of the data to be transmitted; the first determining module 203 is configured to determine the connection policy as controlling a preset device to access the internet of things device through the internet, when the device type of the internet of things device is a third preset type; the processing module 204 is configured to send the data to be transmitted to the receiving device through the internet when the receiving device is the preset device.
In one embodiment, the apparatus further comprises: the acquisition module is used for acquiring the target network connection attribute of the Internet of things equipment; the second determining module is used for determining the safety of the equipment of the Internet of things according to the target network connection attribute and the equipment type; the processing module 204 is configured to process the data sending request based on the connection policy under the condition that the security represents that the internet of things device is not secure.
In one embodiment, the processing module 204 is further configured to perform identity authentication on the receiving device if the security represents that the internet of things device is secure; and under the condition that the identity authentication is passed, sending the data to be transmitted and the secret key to the receiving equipment so that the receiving equipment can decrypt the acquired data to be transmitted by using the secret key.
In one embodiment, the second determining module includes: the third determining submodule is used for determining a reference network connection attribute corresponding to the equipment type based on the trained deep learning model; a fourth determining submodule, configured to determine that the internet of things device is unsafe when a similarity between the target network connection attribute and the reference network connection attribute is less than or equal to a preset similarity threshold; a fifth determining submodule, configured to determine that the internet of things device is safe when a similarity between the target network connection attribute and the reference network connection attribute is greater than the similarity threshold.
It should be noted that, in the embodiment of the present application, if the data protection method is implemented in the form of a software functional module and is sold or used as a standalone product, the data protection method may also be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially implemented or a part contributing to the related art may be embodied in the form of a software product stored in a storage medium, and including a plurality of instructions for enabling an electronic device (which may be a mobile phone, a tablet computer, a desktop computer, a personal digital assistant, a navigator, a digital phone, a video phone, a television, a sensing device, etc.) to execute all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read Only Memory (ROM), a magnetic disk, or an optical disk. Thus, embodiments of the present application are not limited to any specific combination of hardware and software.
The above description of the apparatus embodiments, similar to the above description of the method embodiments, has similar beneficial effects as the method embodiments. For technical details not disclosed in the embodiments of the apparatus of the present application, reference is made to the description of the embodiments of the method of the present application for understanding.
Correspondingly, an embodiment of the present application provides an electronic device, fig. 3 is a schematic diagram of a hardware entity of the electronic device according to the embodiment of the present application, and as shown in fig. 3, the hardware entity of the electronic device 300 includes: the data protection method comprises a memory 301 and a processor 302, wherein the memory 301 stores a computer program capable of running on the processor 302, and the processor 302 executes the computer program to realize the steps of the data protection method of the embodiment.
The Memory 301 is configured to store instructions and applications executable by the processor 302, and may also buffer data (e.g., image data, audio data, voice communication data, and video communication data) to be processed or already processed by the processor 302 and modules in the telephony device 300, and may be implemented by a FLASH Memory (FLASH) or a Random Access Memory (RAM).
Correspondingly, the present application provides a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the steps in the data protection method provided in the foregoing embodiments.
Here, it should be noted that: the above description of the storage medium and device embodiments, similar to the above description of the method embodiments, has similar advantageous effects as the device embodiments. For technical details not disclosed in the embodiments of the storage medium and method of the present application, reference is made to the description of the embodiments of the apparatus of the present application for understanding.
It should be appreciated that reference throughout this specification to "one embodiment" or "an embodiment" means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present application. Thus, the appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. It should be understood that, in the various embodiments of the present application, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application. The above-mentioned serial numbers of the embodiments of the present application are merely for description and do not represent the merits of the embodiments.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described device embodiments are merely illustrative, for example, the division of the unit is only a logical functional division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units; can be located in one place or distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment. In addition, all functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may be separately regarded as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium includes: various media that can store program codes, such as a removable Memory device, a Read Only Memory (ROM), a magnetic disk, or an optical disk. Alternatively, the integrated units described above in the present application may be stored in a computer-readable storage medium if they are implemented in the form of software functional modules and sold or used as independent products. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially implemented or a part contributing to the related art may be embodied in the form of a software product stored in a storage medium, and including a plurality of instructions for enabling a computer device (which may be a mobile phone, a tablet computer, a desktop computer, a personal digital assistant, a navigator, a digital phone, a video phone, a television, a sensing device, etc.) to execute all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a removable storage device, a ROM, a magnetic or optical disk, or other various media that can store program code.
The methods disclosed in the several method embodiments provided in the present application may be combined arbitrarily without conflict to obtain new method embodiments. Features disclosed in several of the product embodiments provided in the present application may be combined in any combination to yield new product embodiments without conflict. The features disclosed in the several method or apparatus embodiments provided in the present application may be combined arbitrarily, without conflict, to arrive at new method embodiments or apparatus embodiments.
The above description is only for the embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (12)

1.一种数据防护方法,其特征在于,所述方法包括:1. A data protection method, wherein the method comprises: 接收物联网设备发送的数据发送请求;Receive data sending requests sent by IoT devices; 响应于所述数据发送请求,确定所述物联网设备的设备类型;In response to the data transmission request, determining the device type of the Internet of Things device; 基于所述物联网设备的设备类型确定连接策略;determining a connection policy based on the device type of the IoT device; 基于所述连接策略,处理所述数据发送请求。Based on the connection policy, the data sending request is processed. 2.根据权利要求1所述的方法,其特征在于,所述响应于所述数据发送请求,确定所述物联网设备的设备类型,包括:2. The method according to claim 1, wherein the determining the device type of the Internet of Things device in response to the data sending request comprises: 响应于所述数据发送请求,向所述物联网设备发送探测数据包;In response to the data sending request, sending a probe data packet to the Internet of Things device; 接收所述物联网设备对所述探测数据包的响应结果;receiving the response result of the IoT device to the probe data packet; 根据所述响应结果,确定所述物联网设备的设备类型。According to the response result, the device type of the IoT device is determined. 3.根据权利要求1所述的方法,其特征在于,所述响应于所述数据发送请求,确定所述物联网设备的设备类型,包括:3. The method according to claim 1, wherein the determining the device type of the Internet of Things device in response to the data sending request comprises: 响应于所述数据发送请求,获取所述物联网设备的网络流量;In response to the data sending request, obtain the network traffic of the IoT device; 根据所述网络流量的编码格式,对所述网络流量进行分析,得到分析结果;According to the encoding format of the network traffic, analyze the network traffic to obtain an analysis result; 根据所述分析结果,确定所述物联网设备的设备类型。According to the analysis result, the device type of the IoT device is determined. 4.根据权利要求1至3任一项所述的方法,其特征在于,所述数据发送请求中包括待传输数据和所述待传输数据的接收设备;所述连接策略包括互联网连接策略;4. The method according to any one of claims 1 to 3, wherein the data sending request includes the data to be transmitted and the receiving device of the data to be transmitted; the connection strategy includes an Internet connection strategy; 所述基于所述物联网设备的设备类型确定连接策略,包括:在所述物联网设备的设备类型为第一预设类型的情况下,确定互联网连接策略为控制所述物联网设备在目标时段内连接互联网;The determining of the connection strategy based on the device type of the Internet of Things device includes: when the device type of the Internet of Things device is the first preset type, determining the Internet connection strategy to control the Internet of Things device in a target period of time Internet connection; 所述基于所述连接策略,处理所述数据发送请求,包括:在所述目标时段内通过所述互联网将所述待传输数据发送至所述接收设备。The processing of the data sending request based on the connection policy includes: sending the data to be transmitted to the receiving device through the Internet within the target period. 5.根据权利要求1至3任一项所述的方法,其特征在于,所述数据发送请求中包括待传输数据和所述待传输数据的接收设备;所述连接策略包括互联网连接策略;5. The method according to any one of claims 1 to 3, wherein the data sending request includes the data to be transmitted and the receiving device of the data to be transmitted; the connection strategy includes an Internet connection strategy; 所述基于所述物联网设备的设备类型确定连接策略,包括:在所述物联网设备的设备类型为第二预设类型的情况下,确定互联网连接策略为对所述待传输数据进行修改处理;The determining the connection strategy based on the device type of the Internet of Things device includes: in the case that the device type of the Internet of Things device is the second preset type, determining the Internet connection strategy to modify the data to be transmitted ; 所述基于所述连接策略,处理所述数据发送请求,包括:对所述待传输数据进行修改处理,得到修改后的待传输数据;将所述修改后的待传输数据通过互联网发送至所述接收设备。The processing of the data sending request based on the connection policy includes: modifying the data to be transmitted to obtain the modified data to be transmitted; sending the modified data to be transmitted to the receiving device. 6.根据权利要求1至3任一项所述的方法,其特征在于,所述数据发送请求中包括待传输数据和所述待传输数据的接收设备;所述连接策略包括互联网连接策略;6. The method according to any one of claims 1 to 3, wherein the data sending request includes the data to be transmitted and the receiving device of the data to be transmitted; the connection strategy includes an Internet connection strategy; 所述基于所述物联网设备的设备类型确定连接策略,包括:在所述物联网设备的设备类型为第三预设类型的情况下,确定互联网连接策略为控制预设设备通过互联网访问所述物联网设备;The determining the connection strategy based on the device type of the Internet of Things device includes: in the case that the device type of the Internet of Things device is a third preset type, determining the Internet connection strategy to control the preset device to access the Internet of Things through the Internet. IoT devices; 所述基于所述连接策略,处理所述数据发送请求,包括:在所述接收设备为所述预设设备的情况下,通过所述互联网将所述待传输数据发送至所述接收设备。The processing of the data sending request based on the connection policy includes: if the receiving device is the preset device, sending the data to be transmitted to the receiving device through the Internet. 7.根据权利要求1至3中任一项所述的方法,其特征在于,所述方法还包括:7. The method according to any one of claims 1 to 3, wherein the method further comprises: 获取所述物联网设备的目标网络连接属性;Obtain the target network connection properties of the IoT device; 根据所述目标网络连接属性和所述设备类型,确定所述物联网设备的安全性;determining the security of the IoT device according to the target network connection attribute and the device type; 所述基于所述连接策略,处理所述数据发送请求,包括:The processing of the data sending request based on the connection policy includes: 在所述安全性表征所述物联网设备不安全的情况下,基于所述连接策略,处理所述数据发送请求。In the case that the security indicates that the IoT device is not secure, the data sending request is processed based on the connection policy. 8.根据权利要求7所述的方法,其特征在于,所述数据发送请求中包括待传输数据和所述待传输数据的接收设备,所述方法还包括:8. The method according to claim 7, wherein the data sending request includes the data to be transmitted and the receiving device of the data to be transmitted, and the method further comprises: 在所述安全性表征所述物联网设备安全的情况下,对所述接收设备进行身份认证;Under the condition that the security characterizes the security of the Internet of Things device, performing identity authentication on the receiving device; 在身份认证通过的情况下,将所述待传输数据和密钥发送至所述接收设备,以供所述接收设备利用所述密钥对获取到的所述待传输数据进行解密。When the identity authentication is passed, the data to be transmitted and the key are sent to the receiving device, so that the receiving device can decrypt the acquired data to be transmitted by using the key. 9.根据权利要求7所述的方法,其特征在于,所述根据所述目标网络连接属性和所述设备类型,确定所述物联网设备的安全性,包括:9. The method according to claim 7, wherein the determining the security of the Internet of Things device according to the target network connection attribute and the device type comprises: 基于已训练的深度学习模型,确定所述设备类型对应的参考网络连接属性;Determine the reference network connection attribute corresponding to the device type based on the trained deep learning model; 在所述目标网络连接属性和所述参考网络连接属性之间的相似度小于或等于预设的相似度阈值的情况下,确定所述物联网设备不安全;In the case that the similarity between the target network connection attribute and the reference network connection attribute is less than or equal to a preset similarity threshold, determine that the Internet of Things device is insecure; 在所述目标网络连接属性和所述参考网络连接属性之间的相似度大于所述相似度阈值的情况下,确定所述物联网设备安全。In a case where the similarity between the target network connection attribute and the reference network connection attribute is greater than the similarity threshold, it is determined that the Internet of Things device is secure. 10.一种数据防护装置,其特征在于,所述装置包括:10. A data protection device, characterized in that the device comprises: 接收模块,用于接收物联网设备发送的数据发送请求;The receiving module is used to receive the data sending request sent by the IoT device; 响应模块,用于响应于所述数据发送请求,确定所述物联网设备的设备类型;a response module, configured to determine the device type of the Internet of Things device in response to the data sending request; 第一确定模块,用于基于所述物联网设备的设备类型确定连接策略;a first determining module, configured to determine a connection strategy based on the device type of the Internet of Things device; 处理模块,用于基于所述连接策略,处理所述数据发送请求。A processing module, configured to process the data sending request based on the connection policy. 11.一种电子设备,包括存储器和处理器,所述存储器存储有可在处理器上运行的计算机程序,其特征在于,所述处理器执行所述程序时实现权利要求1至9任一项所述数据防护方法中的步骤。11. An electronic device, comprising a memory and a processor, wherein the memory stores a computer program that can be run on the processor, wherein the processor implements any one of claims 1 to 9 when executing the program Steps in the data protection method. 12.一种计算机可读存储介质,其上存储有计算机程序,其特征在于,该计算机程序被处理器执行时实现权利要求1至9任一项所述数据防护方法中的步骤。12. A computer-readable storage medium on which a computer program is stored, characterized in that, when the computer program is executed by a processor, the steps in the data protection method of any one of claims 1 to 9 are implemented.
CN202111106153.0A 2021-09-22 2021-09-22 Data protection method and device, electronic equipment and storage medium Pending CN113904813A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111106153.0A CN113904813A (en) 2021-09-22 2021-09-22 Data protection method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111106153.0A CN113904813A (en) 2021-09-22 2021-09-22 Data protection method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN113904813A true CN113904813A (en) 2022-01-07

Family

ID=79028940

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111106153.0A Pending CN113904813A (en) 2021-09-22 2021-09-22 Data protection method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113904813A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080098062A1 (en) * 2006-10-20 2008-04-24 Verizon Services Corp. Systems And Methods For Managing And Monitoring Mobile Data, Content, Access, And Usage
US9781602B1 (en) * 2016-03-31 2017-10-03 Ca, Inc. Geographically based access management for internet of things device data
CN108809948A (en) * 2018-05-21 2018-11-13 中国科学院信息工程研究所 A kind of abnormal network connecting detection method based on deep learning
CN109271793A (en) * 2018-08-29 2019-01-25 国家计算机网络与信息安全管理中心 Internet of Things cloud platform device class recognition methods and system
CN111314286A (en) * 2019-12-20 2020-06-19 杭州迪普科技股份有限公司 Configuration method and device of security access control policy
CN111934946A (en) * 2020-07-16 2020-11-13 深信服科技股份有限公司 Network equipment identification method, device, equipment and readable storage medium
WO2021041965A1 (en) * 2019-08-28 2021-03-04 Pulse Secure, Llc Autonomous policy enforcement point configuration for role based access control
CN113381984A (en) * 2021-05-21 2021-09-10 珠海格力电器股份有限公司 Data processing method, device and system, electronic equipment and storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080098062A1 (en) * 2006-10-20 2008-04-24 Verizon Services Corp. Systems And Methods For Managing And Monitoring Mobile Data, Content, Access, And Usage
US9781602B1 (en) * 2016-03-31 2017-10-03 Ca, Inc. Geographically based access management for internet of things device data
CN108809948A (en) * 2018-05-21 2018-11-13 中国科学院信息工程研究所 A kind of abnormal network connecting detection method based on deep learning
CN109271793A (en) * 2018-08-29 2019-01-25 国家计算机网络与信息安全管理中心 Internet of Things cloud platform device class recognition methods and system
WO2021041965A1 (en) * 2019-08-28 2021-03-04 Pulse Secure, Llc Autonomous policy enforcement point configuration for role based access control
CN111314286A (en) * 2019-12-20 2020-06-19 杭州迪普科技股份有限公司 Configuration method and device of security access control policy
CN111934946A (en) * 2020-07-16 2020-11-13 深信服科技股份有限公司 Network equipment identification method, device, equipment and readable storage medium
CN113381984A (en) * 2021-05-21 2021-09-10 珠海格力电器股份有限公司 Data processing method, device and system, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
US12273334B2 (en) Systems and methods for providing secure services
Seliem et al. Towards privacy preserving iot environments: a survey
CN103098441B (en) Equipment communicates
CN103621128B (en) Context-Based Secure Computing
JP6814147B2 (en) Terminals, methods, non-volatile storage media
US11895346B2 (en) Techniques for secure video frame management
CN112134893B (en) Internet of things safety protection method and device, electronic equipment and storage medium
US20190297077A1 (en) Methods For Security System-Agnostic Uniform Device Identification
Chhetri et al. Identifying vulnerabilities in security and privacy of smart home devices
WO2019134303A1 (en) Live stream room popularity processing method and apparatus, server and storage medium
EP3474247B1 (en) Media content privacy control
WO2019041627A1 (en) Method, apparatus, and server for detecting address of video stream, and computer readable medium
Albano et al. Secure and distributed video surveillance via portable devices
TWI820064B (en) Securing digital data transmission in a communication network
KR20140051483A (en) Method and apparatus for selectively providing protection of screen information data
CN113904813A (en) Data protection method and device, electronic equipment and storage medium
US20140108804A1 (en) System and method for verifying the authenticity of an electronic device
CN112487455B (en) A data processing method, device and data interaction system
KR101714306B1 (en) Security system and method for information of moving object
KR101861923B1 (en) Security system of moving object information and security method of moving object information using the system
KR101834632B1 (en) Security system of moving object information and security method of moving object information using the system
EP4475024A1 (en) Enhanced data protection for data-producing devices
US20200351088A1 (en) System and method for managing certification for webpage service system
CN110263553B (en) Database access control method, device and electronic device based on public key authentication
CN119496930A (en) Video data protection method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20220107

RJ01 Rejection of invention patent application after publication