INFORMATION INTERCEPTION PROCESSING METHOD, TERMINAL, AND COMPUTER STORAGE MEDIUM

US 20200137451A1
Filed: 12/23/2019
Published: 04/30/2020
Est. Priority Date: 12/30/2015
Status: Active Grant

First Claim

Patent Images

1. A method for information interception processing, the method comprising:

starting, by a device comprising a memory and a processor in communication with the memory, a first application;

obtaining, by the device, a network request sent by a to-be-intercepted application; and

when the first application enters an interception mode;

monitoring, by the device, interactions of network requests in X target processes, to capture the network request, X being a natural number greater than 1,setting, by the device, hook functions in a first function sendto and a second function recvfrom that are used for representing a request message forwarding node,generating, by the device, a first monitoring function hook_sendto and a second monitoring function hook_recvfrom that are used for monitoring interactions of network requests,using, by the device, the first monitoring function hook_sendto and the second monitoring function hook_recvfrom as a monitoring detection interface, andobtaining, by the device, communication information according to the monitoring detection interface.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An information interception method, a terminal, and a computer storage medium are disclosed. The method includes: starting a first application, extracting an application list of applications that need to be intercepted, and separately configuring an interception policy for each to-be-intercepted application in the application list; obtaining a network request sent by a to-be-intercepted application, and monitoring, when the first application enters an interception mode, according to the configured interception policy, the network request sent by the to-be-intercepted application, to obtain, through matching, communication information that conforms to the interception policy, where the communication information is associated with the network request; and matching the communication information with a preset policy, when the communication information is specified target information corresponding to the preset policy, intercepting the network request and locating and tracing the to-be-intercepted application that sends the network request.

0 Citations

20 Claims

1. A method for information interception processing, the method comprising:
- starting, by a device comprising a memory and a processor in communication with the memory, a first application;
  
  obtaining, by the device, a network request sent by a to-be-intercepted application; and
  
  when the first application enters an interception mode;
  
  monitoring, by the device, interactions of network requests in X target processes, to capture the network request, X being a natural number greater than 1,setting, by the device, hook functions in a first function sendto and a second function recvfrom that are used for representing a request message forwarding node,generating, by the device, a first monitoring function hook_sendto and a second monitoring function hook_recvfrom that are used for monitoring interactions of network requests,using, by the device, the first monitoring function hook_sendto and the second monitoring function hook_recvfrom as a monitoring detection interface, andobtaining, by the device, communication information according to the monitoring detection interface.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, further comprising:
    - extracting, by the device, a list of applications that need to be intercepted; and
      
      configuring, by the device, an interception policy for a to-be-intercepted application in the list of applications.
  - 3. The method according to claim 2, wherein, when the first application enters the interception mode, the method further comprises:
    - matching, by the device, the communication information with a preset policy, andwhen it is determined, through matching, that the communication information is specified target information corresponding to the preset policy;
      
      intercepting, by the device, the network request, andlocating and tracing, by the device, the to-be-intercepted application that sends the network request.
  - 4. The method according to claim 3, wherein:
    - the preset policy comprises specifically a multi-feature audit policy.
  - 5. The method according to claim 2, wherein, when the first application enters the interception mode, the method further comprises:
    - parsing out, by the device, first information corresponding to the network request and second information corresponding to the to-be-intercepted application that sends the network request;
      
      using, by the device, the first information and the second information as the communication information;
      
      extracting, by the device, multiple advertising feature parameters from an advertising cloud list database; and
      
      comparing, by the device, the multiple advertising feature parameters with the communication information according to a multi-feature audit policy.
  - 6. The method according to claim 5, wherein, when the first application enters the interception mode, the method further comprises:
    - determining, by the device, that the communication information is advertising information;
      
      locating, by the device, the to-be-intercepted application that sends the network request;
      
      intercepting, by the device, the network request; and
      
      sending, by the device, prompt information to a terminal user, the prompt information being used for representing an information security risk that exists in the to-be-intercepted application.
  - 7. The method according to claim 2, wherein, when the first application enters the interception mode, the method further comprises:
    - establishing, by the device, an association between the first application and the X target processes of each respective to-be-intercepted application in the list of applications; and
      
      making, by the device, the first application enter the X target processes according to the established association, to monitor the X target processes.

8. A device for information interception processing, comprising:
- a memory storing instructions; and
  
  a processor in communication with the memory, wherein, when the processor executes the instructions, the processor is configured to cause the device to;
  
  start a first application,obtain a network request sent by a to-be-intercepted application, andwhen the first application enters an interception mode;
  
  monitor interactions of network requests in X target processes, to capture the network request, X being a natural number greater than 1,set hook functions in a first function sendto and a second function recvfrom that are used for representing a request message forwarding node,generate a first monitoring function hook_sendto and a second monitoring function hook_recvfrom that are used for monitoring interactions of network requests,use the first monitoring function hook_sendto and the second monitoring function hook_recvfrom as a monitoring detection interface, andobtain communication information according to the monitoring detection interface.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The device according to claim 8, wherein, when the processor executes the instructions, the processor is configured to further cause the device to:
    - extract a list of applications that need to be intercepted; and
      
      configure an interception policy for a to-be-intercepted application in the list of applications.
  - 10. The device according to claim 9, wherein, when the processor executes the instructions and the first application enters the interception mode, the processor is configured to further cause the device to:
    - match the communication information with a preset policy, andwhen it is determined, through matching, that the communication information is specified target information corresponding to the preset policy;
      
      intercept the network request, andlocate and trace the to-be-intercepted application that sends the network request.
  - 11. The device according to claim 10, wherein:
    - the preset policy comprises specifically a multi-feature audit policy.
  - 12. The device according to claim 9, wherein, when the processor executes the instructions and the first application enters the interception mode, the processor is configured to further cause the device to:
    - parse out first information corresponding to the network request and second information corresponding to the to-be-intercepted application that sends the network request;
      
      use the first information and the second information as the communication information;
      
      extract multiple advertising feature parameters from an advertising cloud list database; and
      
      compare the multiple advertising feature parameters with the communication information according to a multi-feature audit policy.
  - 13. The device according to claim 12, wherein, when the processor executes the instructions and the first application enters the interception mode, the processor is configured to further cause the device to:
    - determine that the communication information is advertising information;
      
      locate the to-be-intercepted application that sends the network request;
      
      intercept the network request; and
      
      send prompt information to a terminal user, the prompt information being used for representing an information security risk that exists in the to-be-intercepted application.
  - 14. The device according to claim 9, wherein, when the processor executes the instructions and the first application enters the interception mode, the processor is configured to further cause the device to:
    - establish an association between the first application and the X target processes of each respective to-be-intercepted application in the list of applications; and
      
      make the first application enter the X target processes according to the established association, to monitor the X target processes.

15. A non-transitory computer readable storage medium storing instructions, when the instructions are executed by a processor, the instructions configured to cause the processor to perform:
- starting a first application;
  
  obtaining a network request sent by a to-be-intercepted application; and
  
  when the first application enters an interception mode;
  
  monitoring interactions of network requests in X target processes, to capture the network request, X being a natural number greater than 1,setting hook functions in a first function sendto and a second function recvfrom that are used for representing a request message forwarding node,generating a first monitoring function hook_sendto and a second monitoring function hook_recvfrom that are used for monitoring interactions of network requests,using the first monitoring function hook_sendto and the second monitoring function hook_recvfrom as a monitoring detection interface, andobtaining communication information according to the monitoring detection interface.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable storage medium according to claim 15, wherein, when the instructions are executed by the processor, the instructions are configured to cause the processor to perform:
    - extracting a list of applications that need to be intercepted; and
      
      configuring an interception policy for a to-be-intercepted application in the list of applications.
  - 17. The non-transitory computer readable storage medium according to claim 16, wherein, when the instructions are executed by the processor and the first application enters the interception mode, the instructions are configured to cause the processor to perform:
    - matching the communication information with a preset policy, andwhen it is determined, through matching, that the communication information is specified target information corresponding to the preset policy;
      
      intercepting the network request, andlocating and tracing the to-be-intercepted application that sends the network request.
  - 18. The non-transitory computer readable storage medium according to claim 17, wherein:
    - the preset policy comprises specifically a multi-feature audit policy.
  - 19. The non-transitory computer readable storage medium according to claim 16, wherein, wherein, when the instructions are executed by the processor and the first application enters the interception mode, the instructions are configured to cause the processor to perform:
    - parsing out first information corresponding to the network request and second information corresponding to the to-be-intercepted application that sends the network request;
      
      using the first information and the second information as the communication information;
      
      extracting multiple advertising feature parameters from an advertising cloud list database;
      
      comparing the multiple advertising feature parameters with the communication information according to a multi-feature audit policy;
      
      determining that the communication information is advertising information;
      
      locating the to-be-intercepted application that sends the network request;
      
      intercepting the network request; and
      
      sending prompt information to a terminal user, the prompt information being used for representing an information security risk that exists in the to-be-intercepted application.
  - 20. The non-transitory computer readable storage medium according to claim 16, wherein, wherein, when the instructions are executed by the processor and the first application enters the interception mode, the instructions are configured to cause the processor to perform:
    - establishing an association between the first application and the X target processes of each respective to-be-intercepted application in the list of applications; and
      
      making the first application enter the X target processes according to the established association, to monitor the X target processes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tencent Technology Company Limited (Tencent Holdings Limited)
Original Assignee
Tencent Technology Company Limited (Tencent Holdings Limited)
Inventors
CHEN, Meng, HU, Jingjing, LIU, Hui, ZHANG, Fengfeng

Granted Patent

US 11,206,451 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 61/00   Network arrangements, proto...

H04L 67/564   Enhancement of application ...

H04N 21/454   Content or additional data ...

H04N 21/812   involving advertisement dat...

H04N 21/8173   End-user applications, e.g....

H04W 12/10   Integrity

INFORMATION INTERCEPTION PROCESSING METHOD, TERMINAL, AND COMPUTER STORAGE MEDIUM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

0 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

INFORMATION INTERCEPTION PROCESSING METHOD, TERMINAL, AND COMPUTER STORAGE MEDIUM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

0 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links