Information interception processing method, terminal, and computer storage medium

US 10,567,841 B2
Filed: 09/18/2017
Issued: 02/18/2020
Est. Priority Date: 12/30/2015
Status: Active Grant

First Claim

Patent Images

1. A method for information interception processing, the method comprising:

starting, by a device comprising a memory and a processor in communication with the memory, a first application;

extracting, by the device, an application list of applications that need to be intercepted;

separately configuring, by the device, an interception policy for each respective to-be-intercepted application in the application list;

obtaining, by the device, a network request sent by a respective to-be-intercepted application;

when the first application enters an interception mode;

monitoring, by the device, according to an interception policy of the respective to-be-intercepted application, the network request sent by the respective to-be-intercepted application,obtaining, by the device, through matching, communication information that conforms to the interception policy, the communication information being associated with the network request,matching, by the device, the communication information with a preset policy, andwhen it is determined, through matching, that the communication information is specified target information corresponding to the preset policy;

intercepting, by the device, the network request, andlocating and tracing, by the device, the respective to-be-intercepted application that sends the network request; and

wherein, when the first application enters the interception mode, monitoring, by the device according to the interception policy of the respective to-be-intercepted application, the network request sent by the respective to-be-intercepted application and obtaining, by the device through matching, the communication information being associated with the network request comprise;

monitoring, by the device, interactions of network requests in X target processes, to capture the network request, X being a natural number greater than 1,setting, by the device, hook functions in a first function sendto and a second function recvfrom that are used for representing a request message forwarding node,generating, by the device, a first monitoring function hook_sendto and a second monitoring function hook_recvfrom that are used for monitoring interactions of network requests,using, by the device, the first monitoring function hook_sendto and the second monitoring function hook_recvfrom as a monitoring detection interface, andobtaining, by the device, the communication information according to the monitoring detection interface.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An information interception method, a terminal, and a computer storage medium are disclosed. The method includes: starting a first application, extracting an application list of applications that need to be intercepted, and separately configuring an interception policy for each to-be-intercepted application in the application list; obtaining a network request sent by a to-be-intercepted application, and monitoring, when the first application enters an interception mode, according to the configured interception policy, the network request sent by the to-be-intercepted application, to obtain, through matching, communication information that conforms to the interception policy, where the communication information is associated with the network request; and matching the communication information with a preset policy, when the communication information is specified target information corresponding to the preset policy, intercepting the network request and locating and tracing the to-be-intercepted application that sends the network request.

Citations

14 Claims

1. A method for information interception processing, the method comprising:
- starting, by a device comprising a memory and a processor in communication with the memory, a first application;
  
  extracting, by the device, an application list of applications that need to be intercepted;
  
  separately configuring, by the device, an interception policy for each respective to-be-intercepted application in the application list;
  
  obtaining, by the device, a network request sent by a respective to-be-intercepted application;
  
  when the first application enters an interception mode;
  
  monitoring, by the device, according to an interception policy of the respective to-be-intercepted application, the network request sent by the respective to-be-intercepted application,obtaining, by the device, through matching, communication information that conforms to the interception policy, the communication information being associated with the network request,matching, by the device, the communication information with a preset policy, andwhen it is determined, through matching, that the communication information is specified target information corresponding to the preset policy;
  
  intercepting, by the device, the network request, andlocating and tracing, by the device, the respective to-be-intercepted application that sends the network request; and
  
  wherein, when the first application enters the interception mode, monitoring, by the device according to the interception policy of the respective to-be-intercepted application, the network request sent by the respective to-be-intercepted application and obtaining, by the device through matching, the communication information being associated with the network request comprise;
  
  monitoring, by the device, interactions of network requests in X target processes, to capture the network request, X being a natural number greater than 1,setting, by the device, hook functions in a first function sendto and a second function recvfrom that are used for representing a request message forwarding node,generating, by the device, a first monitoring function hook_sendto and a second monitoring function hook_recvfrom that are used for monitoring interactions of network requests,using, by the device, the first monitoring function hook_sendto and the second monitoring function hook_recvfrom as a monitoring detection interface, andobtaining, by the device, the communication information according to the monitoring detection interface.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method according to claim 1, wherein:
    - the preset policy comprises specifically a multi-feature audit policy; and
      
      the matching, by the device, the communication information with the preset policy and, when it is determined, through matching, that the communication information is the specified target information corresponding to the preset policy, the intercepting, by the device, the network request and locating and tracing, by the device, the respective to-be-intercepted application that sends the network request comprise;
      
      parsing out, by the device, first information corresponding to the network request and second information corresponding to the respective to-be-intercepted application that sends the network request,using, by the device, the first information and the second information as the communication information,extracting, by the device, multiple advertising feature parameters comprised in an advertising cloud list database,comparing, by the device, the multiple advertising feature parameters with the communication information according to the multi-feature audit policy, andwhen the comparison is successful;
      
      determining, by the device, that the communication information is advertising information,locating, by the device, the respective to-be-intercepted application that sends the network request,intercepting, by the device, the network request, andsending, by the device, prompt information to a terminal user, the prompt information being used for representing an information security risk that exists in the respective to-be-intercepted application.
  - 3. The method according to claim 2, wherein the separately configuring the interception policy for each respective to-be-intercepted application in the application list comprises:
    - separately configuring, by the device, the interception policy for each respective to-be-intercepted application in the application list, the interception policy being a same policy or a different policy.
  - 4. The method according to claim 1, wherein the separately configuring the interception policy for each respective to-be-intercepted application in the application list comprises:
    - separately configuring, by the device, the interception policy for each respective to-be-intercepted application in the application list, the interception policy being a same policy or a different policy.
  - 5. The method according to claim 1, further comprising:
    - establishing, by the device, an association between the first application and the X target processes of each respective to-be-intercepted application in the application list; and
      
      making, by the device, the first application enter the X target processes according to the established association, to monitor the X target processes.

6. A terminal, comprising:
- a memory storing instructions;
  
  a processor in communication with the memory, wherein, when the processor executes the instructions, the processor is configured to cause the terminal to;
  
  start a first application,extract an application list of applications that need to be intercepted,separately configure an interception policy for each respective to-be-intercepted application in the application list,obtain a network request sent by a respective to-be-intercepted application,when the first application enters an interception mode;
  
  monitor, according to an interception policy of the respective to-be-intercepted application, the network request sent by the respective to-be-intercepted application,obtain, through matching, communication information that conforms to the interception policy, the communication information being associated with the network request,match the communication information with a preset policy, andwhen it is determined, through matching, that the communication information is specified target information corresponding to the preset policy;
  
  intercept the network request, andlocate and trace the respective to-be-intercepted application that sends the network request; and
  
  wherein, when the first application enters the interception mode, and the processor is configured to cause the terminal to monitor, according to the interception policy of the respective to-be-intercepted application, the network request sent by the respective to-be-intercepted application and obtain, through matching, the communication information being associated with the network request, the processor is configured to cause the terminal to;
  
  monitor interactions of network requests in X target processes, to capture the network request, X being a natural number greater than 1,set hook functions in a first function sendto and a second function recvfrom that are used for representing a request message forwarding node,generate a first monitoring function hook_sendto and a second monitoring function hook_recvfrom that are used for monitoring interactions of network requests,use the first monitoring function hook_sendto and the second monitoring function hook_recvfrom as a monitoring detection interface, andobtain the communication information according to the monitoring detection interface.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The terminal according to claim 6, wherein:
    - when the processor executes the instructions, the processor is further configured to cause the terminal to;
      
      parse out first information corresponding to the network request and second information corresponding to the respective to-be-intercepted application that sends the network request;
      
      use the first information and the second information as the communication information;
      
      extract multiple advertising feature parameters comprised in an advertising cloud list database;
      
      compare the multiple advertising feature parameters with the communication information according to a multi-feature audit policy; and
      
      when the comparison is successful;
      
      determine that the communication information is advertising information,locate the respective to-be-intercepted application that sends the network request,intercept the network request, andsend prompt information to a terminal user; and
      
      the prompt information being used for representing an information security risk that exists in the respective to-be-intercepted application.
  - 8. The terminal according to claim 7, wherein, when the processor executes the instructions, the processor is further configured to cause the terminal to:
    - separately configure the interception policy for each respective to-be-intercepted application in the application list, the interception policy being a same policy or a different policy.
  - 9. The terminal according to claim 6, wherein, when the processor executes the instructions, the processor is further configured to cause the terminal to:
    - separately configure the interception policy for each respective to-be-intercepted application in the application list, the interception policy being a same policy or a different policy.
  - 10. The terminal according to claim 6, wherein, when the processor executes the instructions, the processor is further configured to cause the terminal to:
    - establish an association between the first application and the X target processes of each respective to-be-intercepted application in the application list; and
      
      make the first application enter the X target processes according to the established association, to monitor the X target processes.

11. A non-transitory computer readable storage medium storing instructions, the instructions, when executed by a processor, causing the processor to perform:
- starting a first application;
  
  extracting an application list of applications that need to be intercepted;
  
  separately configuring an interception policy for each respective to-be-intercepted application in the application list;
  
  obtaining a network request sent by a respective to-be-intercepted application;
  
  when the first application enters an interception mode;
  
  monitoring according to an interception policy of the respective to-be-intercepted application, the network request sent by the respective to-be-intercepted application,obtaining through matching, communication information that conforms to the interception policy, the communication information being associated with the network request,matching the communication information with a preset policy, andwhen it is determined, through matching, that the communication information is specified target information corresponding to the preset policy;
  
  intercepting the network request, andlocating and tracing the respective to-be-intercepted application that sends the network request; and
  
  wherein, when the first application enters an interception mode, and the instructions cause the processor to perform monitoring according to an interception policy of the respective to-be-intercepted application, the network request sent by the respective to-be-intercepted application, and obtaining through matching, communication information that conforms to the interception policy, the communication information being associated with the network request, the instructions cause the processor to perform;
  
  monitoring interactions of network requests in X target processes, to capture the network request, X being a natural number greater than 1,setting hook functions in a first function sendto and a second function recvfrom that are used for representing a request message forwarding node,generating a first monitoring function hook_sendto and a second monitoring function hook_recvfrom that are used for monitoring interactions of network requests,using the first monitoring function hook_sendto and the second monitoring function hook_recvfrom as a monitoring detection interface, andobtaining the communication information according to the monitoring detection interface.
- View Dependent Claims (12, 13, 14)
- - 12. The non-transitory computer readable storage medium according to claim 11, wherein:
    - the preset policy comprises specifically a multi-feature audit policy; and
      
      when the instructions cause the processor to perform the matching the communication information with the preset policy and, when it is determined, through matching, that the communication information is the specified target information corresponding to the preset policy, the intercepting the network request and locating and tracing the respective to-be-intercepted application that sends the network request, the instructions cause the processor to perform;
      
      parsing out first information corresponding to the network request and second information corresponding to the respective to-be-intercepted application that sends the network request,using the first information and the second information as the communication information,extracting multiple advertising feature parameters comprised in an advertising cloud list database,comparing the multiple advertising feature parameters with the communication information according to the multi-feature audit policy, andwhen the comparison is successful;
      
      determining that the communication information is advertising information,locating the respective to-be-intercepted application that sends the network request,intercepting the network request, andsending prompt information to a terminal user, the prompt information being used for representing an information security risk that exists in the respective to-be-intercepted application.
  - 13. The non-transitory computer readable storage medium according to claim 11, wherein, when the instructions cause the processor to perform the separately configuring the interception policy for each respective to-be-intercepted application in the application list, the instructions cause the processor to perform:
    - separately configuring the interception policy for each respective to-be-intercepted application in the application list, the interception policy being a same policy or a different policy.
  - 14. The non-transitory computer readable storage medium according to claim 11, wherein, when the instructions are executed by the processor, the instructions further cause the processor to perform:
    - establishing an association between the first application and the X target processes of each respective to-be-intercepted application in the application list; and
      
      making the first application enter the X target processes according to the established association, to monitor the X target processes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tencent Technology Shenzhen Company Limited (Tencent Holdings Limited)
Original Assignee
Tencent Technology Shenzhen Company Limited (Tencent Holdings Limited)
Inventors
Chen, Meng, Hu, Jingjing, Liu, Hui, Zhang, Fengfeng
Primary Examiner(s)
Hussain, Imad

Application Number

US15/707,414
Publication Number

US 20180027291A1
Time in Patent Office

883 Days
Field of Search

709224
US Class Current
CPC Class Codes

H04L 61/00   Network arrangements, proto...

H04L 67/564   Enhancement of application ...

H04N 21/454   Content or additional data ...

H04N 21/812   involving advertisement dat...

H04N 21/8173   End-user applications, e.g....

H04W 12/10   Integrity

Information interception processing method, terminal, and computer storage medium

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Information interception processing method, terminal, and computer storage medium

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links