A visual internet local area network data leakage prevention method, device and system

By managing the dynamic security policies of the video network terminal and the cloud platform, the problem of data leakage during the connection process between the terminal and external devices is solved, and the security protection of data interaction is achieved to prevent unauthorized devices and operations.

CN122160139AInactive Publication Date: 2026-06-05VISIONVERA INFORMATION TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
VISIONVERA INFORMATION TECH CO LTD
Filing Date
2026-03-13
Publication Date
2026-06-05
Estimated Expiration
Not applicable · inactive patent

AI Technical Summary

Technical Problem

There is a risk of file data leakage when local area network data is connected to external devices, especially due to technical vulnerabilities, human error or malicious attacks.

Method used

By connecting terminals in the video network to the target platform in the cloud, security policies are obtained and applied when the terminals interact with external devices. When the connection is disconnected, the policies are cleared to ensure data security.

Benefits of technology

Effectively prevent data leakage by dynamically acquiring and clearing security policies to avoid policy leaks, ensure terminal data security, and prevent unauthorized devices and operations.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122160139A_ABST
    Figure CN122160139A_ABST
Patent Text Reader

Abstract

The application discloses a kind of visual internet LAN data anti-leakage method, device and system, belong to data security technical field.The method includes: in response to the connection between the terminal and external equipment, security policy is obtained from the cloud target platform by the target component, and the security policy is the policy that the cloud target platform is configured to the terminal and external equipment between interaction security;In response to the interactive operation between the terminal and the external equipment, the security policy is called to process the interactive service corresponding to the interactive operation;In response to the disconnection between the terminal and the external equipment, clear the security policy on the target component.Through the embodiment of the application, the terminal does not need to store security policy, avoids security policy leakage, and can control the interactive behavior between the terminal and external equipment using security policy, to ensure data security.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application belongs to the field of data security technology, specifically relating to a method for preventing data leakage in a video network local area network, a system for preventing data leakage in a video network local area network, a device for preventing data leakage in a video network local area network, an electronic device, and a storage medium. Background Technology

[0002] Local area network (LAN) data breaches are undoubtedly a significant and undeniable security threat in the current cybersecurity field. This threat means that sensitive information within a LAN is at risk of being illegally obtained, disseminated, or exploited, potentially causing incalculable losses to individuals, businesses, and entire organizations. Specifically, LAN data breaches are not caused by a single reason but can occur through a variety of complex pathways and methods. For example, technical vulnerabilities are a common contributing factor. Imperfect network system design, untimely software updates, or defective hardware can all create weaknesses in security protection, thus creating opportunities for data leaks. Furthermore, human error is another crucial factor. Staff may inadvertently leak data due to negligence, lack of security awareness, or failure to follow standard procedures. More seriously, malicious attacks are premeditated and targeted acts. Hackers or internal malicious actors may use various methods, such as virus implantation, Trojan horse attacks, or social engineering, to deliberately steal important data from the LAN for their illegal purposes. Therefore, we must remain highly vigilant against local area network data leaks and take effective measures to prevent them.

[0003] Currently, during the connection process between terminals and external devices (especially storage devices), there are frequent issues of file data leakage, posing a significant threat to the security of users' file data. Summary of the Invention

[0004] The purpose of this application is to provide a method, device, electronic device, and medium for preventing data leakage in a video network local area network, which can solve the problem of file data leakage that exists in the current process of connecting terminals and external devices.

[0005] To solve the above-mentioned technical problems, this application is implemented as follows: In a first aspect, embodiments of this application provide a method for preventing data leakage in a video network local area network (LAN), applied to a terminal in the video network. The terminal is equipped with a target component for data interaction, and the video network is equipped with a cloud-based target platform for security protection. The cloud-based target platform is connected to the target component. The method includes: In response to the connection between the terminal and the external device, a security policy is obtained from the cloud target platform through the target component. The security policy is a security configuration policy of the cloud target platform for the interaction between the terminal and the external device. In response to the interaction operation between the terminal and the external device, the security policy is invoked to process the interaction service corresponding to the interaction operation; In response to the disconnection between the terminal and the external device, the security policy on the target component is cleared.

[0006] Optionally, it also includes: In response to the connection operation between the terminal and the external device, the device information of the external device is obtained; Based on the device information and the security policy, determine whether the external device is a legitimate device; When the external device is determined to be a legitimate device, the interaction operation performed by the target user between the terminal and the external device is executed.

[0007] Optionally, determining whether the external device is a legitimate device based on the device information and the security policy includes: Determine a whitelist of devices that the terminal can connect to from the security policy; Determine whether the device information exists on the device whitelist; When the device information is found in the device whitelist, the external device is determined to be a legitimate device. If the device information is not found on the device whitelist, the external device is determined to be an illegitimate device.

[0008] Optionally, the step of responding to an interaction operation between the terminal and the external device by invoking the security policy to process the interaction service corresponding to the interaction operation includes: In response to the interaction between the terminal and the external device, the system determines whether the target user has the permission to perform the interaction based on the security policy. When it is determined that the target user has the permission to perform the interactive operation, the interactive service corresponding to the interactive operation is executed; If it is determined that the target user does not have the permission to perform the interactive operation, the interactive service corresponding to the interactive operation is rejected.

[0009] Optionally, the interactive operation may include any one or more of the following: The target user's copying operation of the target file on the terminal or the external device; The target user performs a paste operation on the target file on the terminal or the external device; The target user's operation of opening the target file on the terminal or the external device; The target user performs editing operations on the opened target file on the terminal or the external device.

[0010] Optionally, it also includes: When it is determined that the target user does not have permission to perform the interactive operation, a prompt message is generated to notify the target user that they do not have permission to perform the interactive operation.

[0011] Optionally, the step of responding to the connection between the terminal and the external device and obtaining the security policy from the cloud target platform through the target component includes: In response to the connection between the terminal and the external device, a target request is generated to obtain a security policy from the target cloud platform; Send the target request to the cloud target platform; The target component receives the security policy feedback from the cloud target platform in response to the target request.

[0012] Secondly, embodiments of this application provide a data leakage prevention device for a video network local area network, the device comprising: A terminal used in a video network, the terminal having a target component for data interaction, the video network having a cloud target platform for security protection, the cloud target platform being connected to the target component, the device comprising: A security policy acquisition module is used to respond to the connection between the terminal and the external device, and to acquire a security policy from the cloud target platform through the target component. The security policy is a security configuration policy of the cloud target platform for the interaction between the terminal and the external device. The interactive service processing module is used to respond to the interactive operation between the terminal and the external device, and to call the security policy to process the interactive service corresponding to the interactive operation. A security policy clearing module is used to clear the security policy on the target component in response to the disconnection between the terminal and the external connection.

[0013] Thirdly, embodiments of this application provide a video network local area network (LAN) data leakage prevention system. The system may include: a target component configured on a terminal within the video network and a cloud-based target platform connected to the target component, wherein: The target component is used to obtain a security policy from the cloud target platform in response to a connection between the terminal and the external device, and to clear the security policy in response to a disconnection between the terminal and the external device. The cloud-based target platform is used to configure policies for security configuration of interactions between the terminal and external devices, and to send the security policies to the target component when the target component requests security policies; The terminal is used to respond to the interaction operation between the terminal and the external device, and to invoke the security policy to process the interaction service corresponding to the interaction operation.

[0014] Fourthly, embodiments of this application provide an electronic device including a processor, a memory, and a program or instructions stored in the memory and executable on the processor, wherein the program or instructions, when executed by the processor, implement the steps of the method described in the first aspect.

[0015] Fifthly, embodiments of this application provide a readable storage medium on which a program or instructions are stored, which, when executed by a processor, implement the steps of the method described in the first aspect.

[0016] In a sixth aspect, embodiments of this application provide a chip, the chip including a processor and a communication interface, the communication interface being coupled to the processor, the processor being used to run programs or instructions to implement the method as described in the first aspect.

[0017] In this embodiment, when the terminal is connected to an external device, it can obtain a security policy from the target platform in the cloud. The security policy can then be used to process the interactive services corresponding to the interaction between the terminal and the external device. When the terminal is disconnected from the external device, the security policy on the target component is cleared. This ensures that the terminal does not need to store the security policy, thus avoiding data leakage within the local area network of the video network caused by the leakage of the security policy. At the same time, by setting the security policy, the interaction behavior between the terminal and the external device can also be controlled to avoid data leakage within the local area network of the video network. Attached Figure Description

[0018] Figure 1a This is a flowchart illustrating a method for preventing data leakage in a video network local area network according to an embodiment of this application; Figure 1b This is a schematic diagram of the structure of a security management platform according to an embodiment of this application; Figure 1c This is a schematic diagram of the structure of a security control component in an embodiment of this application; Figure 2aThis is a flowchart illustrating another method for preventing data leakage in a video network local area network according to an embodiment of this application; Figure 2b This is a schematic diagram of a security protection process in an embodiment of this application; Figure 2c This is a schematic diagram of the structure of a video network local area network data leakage prevention system according to an embodiment of this application; Figure 3 This is a schematic diagram of the structure of a video network local area network data leakage prevention device according to an embodiment of this application; Figure 4 This is a schematic diagram of the structure of an electronic device according to an embodiment of this application. Detailed Implementation

[0019] The terms "first," "second," etc., used in the specification and claims of this application are used to distinguish similar objects and not to describe a specific order or sequence. It should be understood that such use of data can be interchanged where appropriate so that embodiments of this application can be implemented in orders other than those illustrated or described herein. Furthermore, in the specification and claims, "and / or" indicates at least one of the connected objects, and the character " / " generally indicates that the preceding and following objects are in an "or" relationship.

[0020] Local area network (LAN) data breaches are a significant security threat that can occur through various means, including technical vulnerabilities, human error, and malicious attacks. For example, the main channels for data breaches include: (1) Internal personnel operation: This is one of the main sources of data breach risk. Internal threats may come from unintentional operational errors by employees (such as accidentally clicking on phishing emails or using unsecured USB drives), or from the deliberate theft by a few malicious employees. For example, employees may inadvertently spread viruses brought in through removable storage devices to the intranet, or deliberately send internal files out via email or instant messaging tools.

[0021] External attack penetration: Hackers exploit system vulnerabilities, weak passwords, or phishing attacks to infiltrate local area networks (LANs) from the outside. Ransomware, in particular, encrypts your data and demands a ransom, directly causing business disruptions and data breaches. Furthermore, insecure network services (such as misconfigured applications or servers) can also expose large amounts of data to the public internet.

[0022] Technical and managerial vulnerabilities: Inadequate security protection within the network system itself is another critical issue. For example, the absence of firewalls or intrusion detection systems, unpatched security vulnerabilities in operating systems and software, and improper configuration of network equipment (such as switches and routers) can all provide easy access for attackers. Even the electromagnetic radiation generated by computer equipment during operation can be intercepted by specialized equipment within a certain distance, leading to information leakage.

[0023] Loss of physical media: If mobile devices such as smartphones, tablets, and USB flash drives are accidentally lost or stolen, and the devices themselves are not encrypted, the corporate data stored on them will be at risk of being leaked.

[0024] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.

[0025] In this application, in response to a connection operation between the terminal and an external device, device information of the external device can be obtained; based on the device information, it can be determined whether the external device is a legitimate device; if the external device is determined to be a legitimate device, in response to a request from a target user to perform interactive operations between the terminal and the external device, the security policy in the security management component can be used to protect the interactive operation. This ensures that the terminal can safely perform interactive operations when an external device is connected.

[0026] The security protection provided by the embodiments of this application will be described in detail below with reference to the accompanying drawings, through specific examples and application scenarios.

[0027] like Figure 1a The diagram shown is a flowchart illustrating a method for preventing data leakage in a local area network (LAN) within a video network, applicable to a terminal in the video network. The terminal includes a target component for data interaction, and the video network includes a cloud-based target platform for security protection. The cloud-based target platform is connected to the target component, and the method includes the following steps: Step S101: In response to the connection between the terminal and the external device, obtain the security policy from the cloud target platform through the target component.

[0028] The security policy is a policy configured by the cloud target platform for the security of interaction between the terminal and external devices. In this embodiment of the application, the terminal in the video network can connect to and interact with external devices. However, the connection or interaction with external devices may pose a risk of data leakage to the terminal. To ensure data security, this embodiment of the application provides a method for preventing data leakage in the local area network of the video network. In one example, the external device in this embodiment of the application can be a storage-type external device, such as a USB flash drive.

[0029] The video network has one or more terminals. Each terminal can be equipped with a target component, which serves as a portal for interaction between the terminal and other terminals. The target component can connect to a cloud-based target platform set up in the video network. The cloud-based target platform can be used to configure security policies associated with the terminal, thereby achieving terminal security protection and preventing data leakage from the video network's local area network.

[0030] In this embodiment of the application, the cloud target platform can pre-configure security policies related to the terminal, so that when the terminal is connected to an external device, the target component can obtain high security policies from the cloud target platform.

[0031] When the terminal is connected to an external device, the risk of data leakage in the local area network increases in this scenario. Therefore, the target component can obtain security policies from the cloud target platform outside the terminal to ensure that data leakage is avoided when the external device is connected.

[0032] In this embodiment, the security policy is not stored locally on the terminal, thereby avoiding the leakage or tampering of the security policy and resulting in data leakage. The security policy is configured on the target platform in the cloud and is only obtained when an external device with a high risk of leakage is connected. This isolates the security policy from the terminal, but it can still be applied to the terminal, effectively ensuring the security of terminal data.

[0033] In one embodiment of this application, the specific process of step 101 may be: responding to the connection between the terminal and the external device, generating a target request for obtaining a security policy from the cloud target platform; The target request is sent to the cloud target platform; the target component receives the security policy feedback from the cloud target platform in response to the target request.

[0034] Step S102: In response to the interaction operation between the terminal and the external device, the security policy is invoked to process the interaction service corresponding to the interaction operation. In practical applications, the security of external devices is questionable, and there are security risks involved in the interaction between the terminal and external devices. To ensure data security, security policies obtained beforehand from the target platform in the cloud can be invoked to handle interactive operations.

[0035] The interactive operation may include any one or more of the following: the target user's copy operation on the terminal or the external device for the target file; the target user's paste operation on the terminal or the external device for the target file; the target user's open operation on the terminal or the external device for the target file; and the target user's edit operation on the terminal or the external device for the opened target file.

[0036] Step S103: In response to the disconnection between the terminal and the external device, clear the security policy on the target component.

[0037] In practical applications, when the terminal is disconnected from the external device, the security threat to the external device is eliminated. At this time, the security policy on the target component can be cleared, thereby preventing the security policy from being exposed and thus allowing attacking devices to attack the terminal by obtaining or modifying the security policy.

[0038] In one embodiment of this application, when the time since the last interaction between the terminal and the external device is greater than a preset time, the security policy on the target component can be cleared.

[0039] In one embodiment of this application, when a terminal interacts with an external device, it can be determined whether a security policy exists on the target component. If no security device exists, the target component is controlled to request a security policy from the target platform in the cloud. After obtaining the security policy, the interaction business corresponding to the interaction operation is processed by calling the security policy.

[0040] In one embodiment of this application, when a terminal is connected to an external device, a security policy can be used to determine the legitimacy of the external device. Specifically, the legitimacy determination process is as follows: in response to the connection operation between the terminal and the external device, the device information of the external device is obtained; based on the device information and the security policy, it is determined whether the external device is a legitimate device; if the external device is determined to be a legitimate device, the interaction operation in response to the target user between the terminal and the external device is executed.

[0041] In this context, a legitimate device is a device defined by the terminal in the video network that can interact with the device. Device information can be used to uniquely identify external devices.

[0042] When the terminal is connected to an external device, the device information of the external device can be obtained first, and then the security policy obtained first can be used to determine whether the external device is a legitimate device. If the device is legitimate, then step S102 can be executed.

[0043] In one embodiment of this application, if it is determined that the external device is an illegitimate device, a security prompt can be generated and the connection can be actively disconnected to ensure that data is not leaked.

[0044] In one embodiment of this application, determining whether the external device is a legitimate device based on the device information and the security policy may include: determining a whitelist of devices that the terminal can connect to from the security policy; determining whether the device information exists on the device whitelist; determining that the external device is a legitimate device when the device information exists on the device whitelist; and determining that the external device is an illegitimate device when the device information does not exist on the device whitelist.

[0045] In practical applications, security policies can include device whitelists, which can pre-define one or more authorized devices and store device information for these authorized devices. When an external device connects to the terminal, its device information can be obtained first, and then matched against the device information stored in the device whitelist.

[0046] If the device information is found in the device whitelist, the match is successful, and the external device is considered a legitimate device. If the device information is not found in the device whitelist, the match is unsuccessful, and the external device is considered an illegitimate device.

[0047] like Figure 1b The diagram shown is a structural schematic of a security management platform according to an embodiment of this application. The security management platform can be divided into modules such as tunnel management, subject-object management, policy management, alarm management, policy analysis, and identity authentication.

[0048] The tunnel management module manages all communication tunnels within the video network cloud terminal, recording the tunnel identifier for each tunnel and the corresponding subject and object at both ends. The subject and object management module manages the corresponding subject and object information within the cloud terminal. Policy management allows for the creation, modification, and deletion of subject or object policies. Alarm management allows for setting alarm information related to data transmission, including alarm triggering conditions and corresponding alarm methods. Policy analysis can involve analyzing user-defined policies and adjusting the policies executed by the target user. Identity authentication includes authenticating users logging into the cloud terminal and setting specific authentication methods.

[0049] like Figure 1c The diagram shown is a structural schematic of a security management component in an embodiment of this application. The security management component may include a tunnel service module, an access control module, a policy configuration module, an alarm reporting module, an identity recognition module, and an identity authentication module.

[0050] The system includes several modules: a tunnel service module for creating data transmission tunnels between a subject and an object; an access control module for invoking stored subject and object policies; a policy configuration module for receiving subject or object policies from the security management platform and configuring them accordingly; an alarm reporting module for monitoring data transmission and reporting alarms using preset security methods when an alarm is triggered in the current scenario; user identification for verifying the identity of the currently operating user; and an authentication module for verifying the user's identity using preset authentication methods.

[0051] Step S103: When the external device is determined to be a legitimate device, in response to the target user's request to perform interactive operations between the terminal and the external device, the security policy in the security management component is used to protect the interactive operations.

[0052] If the external device is determined to be a legitimate device, the target user can perform interactive operations between the terminal and the external device. Security policies can be used to protect the interactive operations. These interactive operations can include open, read, write, delete, and other interactive operations between the external device and the terminal.

[0053] In this embodiment, in response to the connection operation between the terminal and the external device, device information of the external device can be obtained; based on the device information, it can be determined whether the external device is a legitimate device; when the external device is determined to be a legitimate device, in response to the request of the target user to perform interactive operations between the terminal and the external device, the security policy in the security management component is used to protect the interactive operations, thereby realizing the security protection of the interaction between the terminal and the external device and ensuring data security.

[0054] like Figure 2a The diagram shown is a flowchart illustrating another method for preventing data leakage in a video network local area network according to an embodiment of this application, including the following steps: Step S201: In response to the connection between the terminal and the external device, obtain the security policy from the cloud target platform through the target component.

[0055] The security policy is a policy configured by the cloud target platform for the security of interaction between the terminal and external devices. Step S202: In response to the interaction between the terminal and the external device, determine whether the target user has the permission information to perform the interaction based on the security policy; The interactive operation may include any one or more of the following: the target user's copy operation on the terminal or the external device for the target file; the target user's paste operation on the terminal or the external device for the target file; the target user's open operation on the terminal or the external device for the target file; and the target user's edit operation on the terminal or the external device for the opened target file.

[0056] Step S203: When it is determined that the target user has the permission to perform the interactive operation, the interactive service corresponding to the interactive operation is executed; In practical applications, the target component of the terminal can determine whether the current target user has the permission to perform interactive operations between the external device and the terminal based on the obtained security policy. When the user has the corresponding permission, the terminal can execute the corresponding interactive business according to the interactive operation.

[0057] Step S204: If it is determined that the target user does not have the permission to perform the interactive operation, the interactive service corresponding to the interactive operation is rejected. For example, when performing a copy operation on a target file between an external device and a terminal, the security policy can determine whether the target user has copy permissions. If the target user has copy permissions, the copy operation on the target file can be performed; if the target user does not have copy permissions, the copy operation on the target file can be refused.

[0058] When performing a paste operation on a target file between an external device and a terminal, the security policy can be used to determine whether the target user has paste permissions. If the target user has paste permissions, the paste operation on the target file can be performed; if the target user does not have paste permissions, the paste operation on the target file can be denied.

[0059] In one embodiment of this application, when it is determined that the target user does not have permission to perform the interactive operation, a prompt message is generated to notify the target user that they do not have permission to perform the interactive operation.

[0060] In practical applications, when the target user does not have the corresponding permissions, a prompt message can be generated to notify the target user that they do not have the corresponding permissions to perform the interactive operation.

[0061] Step S205: In response to the disconnection between the terminal and the external device, clear the security policy on the target component.

[0062] like Figure 2b The diagram shown is a security protection process illustration in an embodiment of this application, which may include the following process: When a USB drive is inserted, the Tianji component identifies the USB drive and authenticates it based on its identifier. If the drive is deemed legitimate, it is mounted and displayed normally by the operating system. When a user copies a file, the system checks if the user has permission to copy the file. If not, a permission error message is displayed, and the file copying fails. If there is a defect, the copying succeeds. When the user pastes a file into the target directory on the USB drive, the system checks if the user has write permissions to the USB drive. If write permissions are granted, the file pasting succeeds; otherwise, a permission error message is displayed, and the file pasting fails.

[0063] like Figure 2c As shown, this application provides a video network local area network (LAN) data leakage prevention system 210. The system 210 may include: a target component 211 configured on a terminal in the video network and a cloud target platform 212 connected to the target component 211, wherein: The target component 211 is configured to obtain a security policy from the cloud target platform in response to a connection between the terminal and the external device, and to clear the security policy in response to a disconnection between the terminal and the external device. The cloud target platform 212 is used to configure policies for security configuration of the interaction between the terminal and the external device, and to send the security policy to the target component when the target component requests the security policy; The terminal can be used to respond to the interaction operation between the terminal and the external device, and invoke the security policy to process the interaction service corresponding to the interaction operation.

[0064] It should be noted that the video network local area network (LAN) data leakage prevention method provided in this application embodiment can be executed by a video network LAN data leakage prevention device, or a control module in the video network LAN data leakage prevention device for executing the loading security protection method. This application embodiment uses the video network LAN data leakage prevention device executing the loading security protection method as an example to illustrate the security protection method provided in this application embodiment.

[0065] like Figure 3 The diagram shown illustrates the structure of a video network local area network (LAN) data leakage prevention device according to an embodiment of this application. This device is applied to a terminal within a video network, and the terminal is equipped with a security control component. The video network LAN data leakage prevention device may include: The security policy acquisition module 301 is used to respond to the connection between the terminal and the external device, and to acquire the security policy from the cloud target platform through the target component. The security policy is the policy of the cloud target platform for security configuration of the interaction between the terminal and the external device. The interactive service processing module 302 is used to respond to the interactive operation between the terminal and the external device, and call the security policy to process the interactive service corresponding to the interactive operation. The security policy clearing module 303 is used to clear the security policy on the target component in response to the disconnection between the terminal and the external connection.

[0066] In one embodiment of this application, the apparatus may further include: The device information acquisition module is used to acquire the device information of the external device in response to the connection operation between the terminal and the external device; A legitimate device determination module is used to determine whether the external device is a legitimate device based on the device information and the security policy. An execution module is used to execute the interaction operation performed by the target user between the terminal and the external device when the external device is determined to be a legitimate device.

[0067] In one embodiment of this application, the legitimate device determination module may include: The device whitelist determination submodule is used to determine the whitelist of devices that the terminal can connect to from the security policy; The device information determination submodule is used to determine whether the device information exists in the device whitelist; The first determination result submodule is used to determine that the external device is a legitimate device when the device information is found in the device whitelist. The second determination result submodule is used to determine that the external device is an illegitimate device when the device information is not found on the device whitelist.

[0068] In one embodiment of this application, the interactive service processing module 302 may include: The permission information determination submodule is used to respond to the interaction operation between the terminal and the external device, and determine whether the target user has the permission information to perform the interaction operation based on the security policy; The interactive service execution submodule is used to execute the interactive service corresponding to the interactive operation when it is determined that the target user has the permission to perform the interactive operation. The interactive service rejection submodule is used to reject the interactive service corresponding to the interactive operation when it is determined that the target user does not have the permission to perform the interactive operation.

[0069] In one embodiment of this application, the interactive operation may include any one or more of the following: The target user's copying operation of the target file on the terminal or the external device; The target user performs a paste operation on the target file on the terminal or the external device; The target user's operation of opening the target file on the terminal or the external device; The target user performs editing operations on the opened target file on the terminal or the external device.

[0070] In one embodiment of this application, the interactive service processing module 302 may further include: The prompt message generation module is used to generate a prompt message to notify the target user that they do not have permission to perform the interactive operation when it is determined that the target user does not have permission to perform the interactive operation.

[0071] In one embodiment of this application, the security policy acquisition module 301 may include: The target request generation submodule is used to respond to the connection between the terminal and the external device and generate a target request for obtaining security policies from the cloud target platform; The target request sending submodule is used to send the target request to the cloud target platform; The security policy receiving submodule is used to receive the security policy requested by the cloud target platform through the target component.

[0072] The data leakage prevention device for the video network local area network in this application embodiment can be a device, or a component, integrated circuit, or chip in a terminal. The device can be a mobile electronic device or a non-mobile electronic device. For example, mobile electronic devices can be mobile phones, tablets, laptops, PDAs, in-vehicle electronic devices, wearable devices, ultra-mobile personal computers (UMPCs), netbooks, or personal digital assistants (PDAs), etc., while non-mobile electronic devices can be servers, network attached storage (NAS), personal computers (PCs), televisions (TVs), ATMs, or self-service machines, etc. This application embodiment does not impose specific limitations.

[0073] The video network local area network data leakage prevention device in this application embodiment can be a device with an operating system. This operating system can be Android, iOS, or other possible operating systems; this application embodiment does not specifically limit it.

[0074] The video network local area network data leakage prevention device provided in this application embodiment can achieve... Figures 1a to 2a The various processes implemented by the network local area network data leakage prevention device in the method embodiment are not described in detail here to avoid repetition.

[0075] Optionally, this application embodiment also provides an electronic device, including a processor 1010, a memory 1009, and a program or instructions stored in the memory 1009 and executable on the processor 1010. When the program or instructions are executed by the processor 1010, they implement the various processes of the above-described video network local area network data anti-leakage method embodiment and can achieve the same technical effect. To avoid repetition, they will not be described again here.

[0076] It should be noted that the electronic devices in the embodiments of this application include the mobile electronic devices and non-mobile electronic devices described above.

[0077] Figure 4 A schematic diagram of the hardware structure of an electronic device to implement an embodiment of this application. The electronic device 1000 includes, but is not limited to, the following components: radio frequency unit 1001, network module 1002, audio output unit 1003, input unit 1004, sensor 1005, display unit 1006, user input unit 1007, interface unit 1008, memory 1009, and processor 1010.

[0078] The memory 1009 includes applications and an operating system; the user input unit 1007 may include a touch panel 10071 and other input devices 100072; the input unit 1004 may include an image processor 10041 and a microphone 10042; and the display unit 1006 may include a display panel 10061.

[0079] Those skilled in the art will understand that the electronic device 1000 may also include a power supply (such as a battery) for supplying power to various components. The power supply may be logically connected to the processor 1010 through a power management system, thereby enabling functions such as managing charging, discharging, and power consumption through the power management system. Figure 4 The electronic device structure shown does not constitute a limitation on the electronic device. The electronic device may include more or fewer components than shown, or combine certain components, or have different component arrangements, which will not be elaborated here. This application also provides a readable storage medium storing a program or instructions. When the program or instructions are executed by a processor, they implement the various processes of the above-described video network local area network data leakage prevention method embodiments and achieve the same technical effect. To avoid repetition, they will not be described again here.

[0080] The processor is the processor in the electronic device described in the above embodiments. The readable storage medium includes computer-readable storage media, such as computer read-only memory (ROM), random access memory (RAM), magnetic disk, or optical disk.

[0081] This application embodiment also provides a chip, which includes a processor and a communication interface. The communication interface and the processor are coupled. The processor is used to run programs or instructions to implement the various processes of the above-described video network local area network data leakage prevention method embodiments, and can achieve the same technical effect. To avoid repetition, it will not be described again here.

[0082] It should be understood that the chip mentioned in the embodiments of this application may also be referred to as a system-on-a-chip, system chip, chip system, or system-on-a-chip, etc.

[0083] It should be noted that, in this document, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitations, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes that element. Furthermore, it should be noted that the scope of the methods and apparatuses in the embodiments of this application is not limited to performing functions in the order shown or discussed, but may also include performing functions substantially simultaneously or in the reverse order, depending on the functions involved. For example, the described methods may be performed in a different order than described, and various steps may be added, omitted, or combined. Additionally, features described with reference to certain examples may be combined in other examples.

[0084] Through the above description of the embodiments, those skilled in the art can clearly understand that the methods of the above embodiments can be implemented by means of software plus necessary general-purpose hardware platforms. Of course, they can also be implemented by hardware, but in many cases the former is a better implementation method. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, can be embodied in the form of a software product. This computer software product is stored in a storage medium (such as ROM / RAM, magnetic disk, optical disk) and includes several instructions to cause a terminal (which may be a mobile phone, computer, server, air conditioner, or network device, etc.) to execute the methods described in the various embodiments of this application.

[0085] The embodiments of this application have been described above with reference to the accompanying drawings. However, this application is not limited to the specific embodiments described above. The specific embodiments described above are merely illustrative and not restrictive. Those skilled in the art can make many other forms under the guidance of this application without departing from the spirit and scope of the claims, and all of these forms are within the protection scope of this application.

Claims

1. A visual internet local area network data leakage prevention method, characterized in that, A terminal applied in a video network, wherein the terminal is equipped with a target component for data interaction, and the video network is equipped with a cloud target platform for security protection, wherein the cloud target platform is connected to the target component, the method comprising: In response to the connection between the terminal and the external device, a security policy is obtained from the cloud target platform through the target component. The security policy is a security configuration policy of the cloud target platform for the interaction between the terminal and the external device. In response to the interaction operation between the terminal and the external device, the security policy is invoked to process the interaction service corresponding to the interaction operation; In response to the disconnection between the terminal and the external device, the security policy on the target component is cleared.

2. The method of claim 1, wherein, Also includes: In response to the connection operation between the terminal and the external device, the device information of the external device is obtained; Based on the device information and the security policy, determine whether the external device is a legitimate device; When the external device is determined to be a legitimate device, the interaction operation performed by the target user between the terminal and the external device is executed.

3. The method according to claim 2, characterized in that, The step of determining whether the external device is a legitimate device based on the device information and the security policy includes: Determine a whitelist of devices that the terminal can connect to from the security policy; Determine whether the device information exists on the device whitelist; When the device information is found in the device whitelist, the external device is determined to be a legitimate device. If the device information is not found on the device whitelist, the external device is determined to be an illegitimate device.

4. The method according to any one of claims 1 to 3, characterized in that, The step of responding to the interaction operation between the terminal and the external device by invoking the security policy to process the interaction service corresponding to the interaction operation includes: In response to the interaction between the terminal and the external device, the system determines whether the target user has the permission to perform the interaction based on the security policy. When it is determined that the target user has the permission to perform the interactive operation, the interactive service corresponding to the interactive operation is executed; If it is determined that the target user does not have the permission to perform the interactive operation, the interactive service corresponding to the interactive operation is rejected.

5. The method according to claim 4, characterized in that, Also includes: When it is determined that the target user does not have permission to perform the interactive operation, a prompt message is generated to notify the target user that they do not have permission to perform the interactive operation.

6. The method according to any one of claims 1 to 3, characterized in that, The response to the connection between the terminal and the external device, obtaining the security policy from the cloud target platform through the target component, includes: In response to the connection between the terminal and the external device, a target request is generated to obtain a security policy from the target cloud platform; Send the target request to the cloud target platform; The target component receives the security policy feedback from the cloud target platform in response to the target request.

7. A video network local area network data leakage prevention system, characterized in that, The system for preventing data leakage in the video network local area network includes: a target component configured on a terminal in the video network and a cloud-based target platform connected to the target component, wherein: The target component is used to obtain a security policy from the cloud target platform in response to a connection between the terminal and the external device, and to clear the security policy in response to a disconnection between the terminal and the external device. The cloud-based target platform is used to configure policies for security configuration of interactions between the terminal and external devices, and to send the security policies to the target component when the target component requests security policies; The terminal is used to respond to the interaction operation between the terminal and the external device, and to invoke the security policy to process the interaction service corresponding to the interaction operation.

8. A data leakage prevention device for a video network local area network, characterized in that, A terminal used in a video network, the terminal having a target component for data interaction, the video network having a cloud target platform for security protection, the cloud target platform being connected to the target component, the device comprising: A security policy acquisition module is used to respond to the connection between the terminal and the external device, and to acquire a security policy from the cloud target platform through the target component. The security policy is a security configuration policy of the cloud target platform for the interaction between the terminal and the external device. The interactive service processing module is used to respond to the interactive operation between the terminal and the external device, and to call the security policy to process the interactive service corresponding to the interactive operation. A security policy clearing module is used to clear the security policy on the target component in response to the disconnection between the terminal and the external device.

9. An electronic device, characterized in that, It includes a processor, a memory, and a program or instructions stored in the memory and executable on the processor, wherein the program or instructions, when executed by the processor, implement the steps of the video network local area network data leakage prevention method as described in any one of claims 1 to 6.

10. A readable storage medium, characterized in that, The readable storage medium stores a program or instructions that, when executed by a processor, implement the steps of the video network local area network data leakage prevention method as described in any one of claims 1 to 6.