阅读说明：本技术 一种文件识别方法和电子终端设备 (File identification method and electronic terminal equipment ) 是由 詹琦 朱鸿宇 张宁 王旭 商聪 于 2021-09-14 设计创作，主要内容包括：一种文件识别方法,通过文件头的信息,确定文件类型,并与文件扩展名所表示的类型比较,快速识别出接收信息的危险文件,并可采取拦截等措施降低风险。若文件头所表明的文件类型与文件扩展名不一致,判定该文件为不安全文件。算法简单,易于在移动终端的应用程序框架层实现。(A file identification method determines the file type through the information of the file header, compares the file type with the type represented by the file extension name, quickly identifies the dangerous file of the received information, and can adopt the measures of interception and the like to reduce the risk. And if the file type indicated by the file header is not consistent with the file extension name, judging that the file is an unsafe file. The algorithm is simple and is easy to realize in an application program framework layer of the mobile terminal.)

1. A file identification method is applied to electronic terminal equipment, and comprises the following steps:

receiving file information, wherein the file information comprises a target file and file header information for identifying file attributes, and identifying whether the received target file is a dangerous file or not according to the file header information.

2. The method of claim 1, wherein the file information further includes a file extension of the target file, and wherein identifying whether the received target file is a dangerous file according to the file header information comprises:

and judging whether the file type represented by the file header information is consistent with the file type represented by the file extension name or not, and if not, judging that the target file is a dangerous file.

3. The method of claim 1, wherein identifying whether the received target file is a dangerous file according to the file header information comprises:

and matching the file header information with file header information of a pre-stored dangerous file, and if the file header information is matched with the file header information of the pre-stored dangerous file, judging that the target file is a dangerous file.

4. The method according to any one of claims 1 to 3, wherein the electronic terminal device pre-starts a function of prompting a dangerous document, and the method further comprises:

when the target file is judged to be a dangerous file, prompting by adopting one or more of the following combinations: audio prompts, text message prompts, video prompts, vibration prompts.

5. The method of claim 4, wherein the text message prompt comprises a combination of one or more of:

and prompting to receive the dangerous file in a notification bar of the electronic terminal equipment, prompting to receive the dangerous file through a dialog box, and sending and receiving a dangerous file prompt through an application program of the electronic terminal equipment.

6. The method according to any one of claims 1 to 3, wherein the electronic terminal device is provided with a trash box for storing the dangerous document and has a function of pre-opening a dangerous document prompting, and the method further comprises:

and when the target file is judged to be a dangerous file, intercepting the target file and putting the intercepted target file into the garbage can.

7. A method according to any of claims 1-3, wherein the electronic terminal device is provided with a trash bin for storing hazardous files, the method further comprising:

and when the target file is judged to be a dangerous file, intercepting the target file and putting the intercepted target file into the garbage bin or deleting the intercepted target file.

8. The method of claim 7, wherein after placing the intercepted target file into the trash, the method further comprises:

and when the target file viewing instruction in the garbage box is received, prompting by adopting one or more of the following combinations: and prompting to receive the dangerous file in a notification bar of the electronic terminal equipment, prompting to receive the dangerous file through a dialog box, and sending and receiving a dangerous file prompt through an application program of the electronic terminal equipment.

9. An electronic terminal device characterized by comprising:

the receiving module is used for receiving file information, and the file information comprises a target file and file header information for identifying file attributes;

and the processing module is used for identifying whether the received target file is a dangerous file or not according to the file header information.

10. The electronic terminal device according to claim 9, wherein the file information received by the receiving module includes a file extension of the target file, and the processing module is specifically configured to determine whether a file type indicated by the file header information is consistent with a file type indicated by the file extension, and if not, the processing module determines that the target file is a dangerous file.

11. The electronic terminal device according to claim 9, wherein the device further comprises a storage module, the storage module comprises a dangerous file type library, and the dangerous file type library stores header information of dangerous files in advance; the processing module is specifically configured to match the file header information with file header information of a pre-stored dangerous file, and if the matching is achieved, the processing module determines that the target file is a dangerous file.

12. The electronic terminal device according to any one of claims 9-11, further comprising a setting module, wherein the setting module is configured to set whether to start a function of prompting a dangerous file;

when the processing module judges that the target file is a dangerous file, the processing module is further configured to send an instruction for prompting by using a combination of one or more of the following: audio prompts, text message prompts, video prompts, vibration prompts.

13. The electronic terminal device according to claim 12, wherein the storage module further comprises a trash box, and when the processing module is further configured to determine that the target file is a dangerous file, the processing module intercepts the target file and puts the intercepted target file into the trash box or deletes the target file after the interception.

14. The electronic terminal device according to claim 12, wherein the processing module is further configured to, upon receiving a viewing instruction of the target file in the trash box of the storage module, issue an instruction to prompt with a combination of one or more of the following: and prompting to receive the dangerous file in a notification bar of the electronic terminal equipment, prompting to receive the dangerous file through a dialog box, and sending and receiving a dangerous file prompt through an application program of the electronic terminal equipment.

15. A non-transitory computer-readable storage medium storing computer instructions that cause a computer to perform the method of any one of claims 1 to 8.

16. An electronic terminal device characterized by comprising: at least one processor, at least one memory communicatively coupled to the processor, wherein:

the memory stores program instructions executable by the processor, the processor invoking the program instructions to perform the method of any of claims 1 to 8.

[ technical field ] A method for producing a semiconductor device

The present invention relates to the field of communications technologies, and in particular, to a file identification method and an electronic terminal device.

[ background of the invention ]

The importance of data is undoubted in the modern times, and malicious files and viruses can destroy and steal data, so that loss is brought to users. Malicious files and viruses are easily transmitted through various communication means.

Some communication modes have the characteristic of passive receiving, such as multimedia messages, and the multimedia messages can be sent to the opposite party as long as the mobile phone number of the opposite party is known. In the current network environment, the privacy and personal information leakage risk is large, and the personal mobile phone number is easily acquired by people.

Lawbreakers can send dangerous files to users by sending multimedia messages, so that the users can be infringed on user equipment, privacy and even property. The file is sent to users with leaked mobile phone numbers in a multimedia message mode in a large quantity, and then the receivers are induced to use the disguised dangerous files through means of telephone or short message induction and the like, so that user equipment, privacy and even property can be damaged.

Therefore, how to identify the information with dangerous documents and take reasonable measures to deal with the information is an important problem to be solved at present.

[ summary of the invention ]

One object of an embodiment of the present invention is: the file identification method applied to the electronic terminal equipment and the electronic terminal equipment are provided, so that dangerous files can be effectively identified, the risk of infringement of a user is reduced, and the safety of user data is improved.

In a first aspect, an embodiment of the present invention provides a file identification method, which is applied to an electronic terminal device, and includes receiving file information, where the file information includes a target file and file header information that identifies a file attribute, and identifying whether the received target file is a dangerous file according to the file header information.

The file header information is easy to receive and extract, and dangerous files can be identified simply, conveniently and efficiently according to the judgment of the file header.

In one possible design, the file information further includes a file extension, and the identifying whether the received target file is a dangerous file according to the file header information includes: and judging whether the file type represented by the file header information is consistent with the file type represented by the file extension name or not, and if not, judging that the target file is a dangerous file.

Generally, the file type of the dangerous file is determined, the file extension is easy to be tampered by lawbreakers, and the modified file extension is difficult to identify the file type. And the file header is not easy to change, so that whether the file type represented by the file header information is consistent with the file type represented by the file extension or not is judged, and the tampered file can be identified simply, conveniently and efficiently.

In one possible design, identifying whether the received target file is a dangerous file according to the file header information includes: and matching the file header information with file header information of a pre-stored dangerous file, and if the file header information is matched with the file header information of the pre-stored dangerous file, judging that the target file is a dangerous file.

The design can more directly find the type of the target file through matching.

In a possible design, the electronic terminal device pre-starts a function of prompting a dangerous file, and the method further includes: when the target file is judged to be a dangerous file, prompting by adopting one or more of the following combinations: audio prompts, text message prompts, video prompts, vibration prompts.

The design reduces the possibility of hazardous documents being effective by alerting the customer through a variety of prompts.

In one possible design, the text message prompt includes a combination of one or more of: and prompting to receive the dangerous file in a notification bar of the electronic terminal equipment, prompting to receive the dangerous file through a dialog box, and sending and receiving a dangerous file prompt through an application program of the electronic terminal equipment.

The design informs the client of the risk of the target document in a more direct manner, thereby further reducing the possibility of the hazardous document being effective.

In one possible design, the electronic terminal device is provided with a garbage can for storing the dangerous file and has a function of pre-opening a dangerous file prompt, and the method further comprises the following steps: and when the target file is judged to be a dangerous file, intercepting the target file and putting the intercepted target file into the garbage can.

The design isolates the hazardous documents through the trash bin, thereby further reducing the possibility of the hazardous documents being effective.

In one possible design, the electronic terminal device is provided with a trash box for storing dangerous files, and the method further includes: and when the target file is judged to be a dangerous file, intercepting the target file and putting the intercepted target file into the garbage bin or deleting the intercepted target file.

The design omits the function of pre-starting the dangerous file prompting, and directly isolates the dangerous file through the dustbin, so that the flow is simpler and more efficient.

In one possible design, after the placing the intercepted target document into the trash, the method further includes: and when the target file viewing instruction in the garbage box is received, prompting by adopting one or more of the following combinations: and prompting to receive the dangerous file in a notification bar of the electronic terminal equipment, prompting to receive the dangerous file through a dialog box, and sending and receiving a dangerous file prompt through an application program of the electronic terminal equipment.

The design prompts in the garbage bin to inform the client of the dangerousness of the target file, thereby further reducing the possibility of the dangerous file being effective.

In a second aspect, an embodiment of the present invention provides an electronic terminal device, including: the receiving module is used for receiving file information, and the file information comprises a target file and file header information for identifying file attributes; and the processing module is used for identifying whether the received target file is a dangerous file or not according to the file header information.

In a possible design, the receiving module is configured to receive file information including a file extension of the target file, and the processing module is specifically configured to determine whether a file type indicated by the file header information is consistent with a file type indicated by the file extension, and if not, the processing module determines that the target file is a dangerous file.

In one possible design, the device further comprises a storage module, wherein the storage module comprises a dangerous file type library, and the dangerous file type library stores file header information of dangerous files in advance; the processing module is specifically configured to match the file header information with file header information of a pre-stored dangerous file, and if the matching is achieved, the processing module determines that the target file is a dangerous file.

In one possible design, the system further comprises a setting module, wherein the setting module is used for setting whether to start a function of prompting the dangerous file; when the processing module judges that the target file is a dangerous file, the processing module is further configured to send an instruction for prompting by using a combination of one or more of the following: audio prompts, text message prompts, video prompts, vibration prompts.

In a possible design, the storage module further includes a garbage bin, and when the processing module is further configured to determine that the target file is a dangerous file, the processing module intercepts the target file and puts the intercepted target file into the garbage bin or deletes the target file after interception.

In one possible design, the processing module is further configured to, when receiving a viewing instruction of the target file in the trash box of the storage module, issue an instruction to prompt with a combination of one or more of the following: and prompting to receive the dangerous file in a notification bar of the electronic terminal equipment, prompting to receive the dangerous file through a dialog box, and sending and receiving a dangerous file prompt through an application program of the electronic terminal equipment.

In a third aspect, an embodiment of the present invention provides an electronic terminal device, including: at least one processor, at least one memory communicatively coupled to the processor, wherein: the memory stores program instructions executable by the processor, the processor calling the program instructions to be able to perform the method provided by the first aspect.

In a fourth aspect, an embodiment of the present invention provides a computer storage medium, where computer-executable instructions are stored, and the computer-executable instructions are used in the method provided in the first aspect.

It should be understood that the second to fourth aspects of the embodiment of the present invention are consistent with the technical solution of the first aspect of the embodiment of the present invention, and the beneficial effects obtained by the aspects and the corresponding possible implementation manners are similar, and are not described herein again.

[ description of the drawings ]

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the embodiments will be briefly described below, and the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.

FIG. 1 is a schematic diagram of a propagation of a threat file according to an embodiment of the present invention;

FIG. 2 is a flowchart of a file identification process according to an embodiment of the present invention;

FIG. 3 is a flowchart of a file identification process according to an embodiment of the present invention;

FIG. 4 is a schematic view of an interception switch arrangement according to an embodiment of the present invention;

fig. 5 is a schematic diagram of a multimedia message identification processing flow according to an embodiment of the present invention;

fig. 6 is a schematic diagram of a dangerous document information prompt according to an embodiment of the present invention;

FIG. 7 is a block diagram of an electronic device according to an embodiment of the invention;

fig. 8 is a schematic structural diagram of an electronic device implementing a file identification method according to an embodiment of the present invention;

fig. 9 is a schematic diagram of a software structure for implementing a file identification method according to an embodiment of the present invention.

[ detailed description ] embodiments

For better understanding of the technical solutions of the present invention, the following detailed descriptions of the embodiments of the present invention are provided with reference to the accompanying drawings. The described embodiments are only some embodiments of the invention, not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without any inventive step, are within the scope of the present invention.

Hereinafter, some terms in the present invention will be explained so as to be understood by those skilled in the art.

Short message application: the system is provided with a short message receiving and sending application.

Multimedia message: the multimedia information service can transmit contents and information with comprehensive functions, wherein the information comprises information in various multimedia formats such as characters, images, sound, data and the like.

A file header: the header is a piece of data directly in the file, is a part of the file, generally at the beginning, and contains information of the file type.

File Extension (Filename Extension): also known as the suffix name of a file, is one mechanism that operating systems use to mark file types.

In addition, it should be understood that the terms first, second, etc. in the description of the embodiments of the invention are used for distinguishing between the descriptions and are not intended to indicate or imply relative importance or order to be construed. "plurality" means two or more.

In a communication network, a user can receive information from the network through a terminal in which the user may store important information. The received information may be transmitted by another terminal. The sending end may be a terminal utilized by a lawbreaker, and the sent information may be a dangerous file, which may have a function of stealing data of the user terminal, may also damage data of the user terminal, and may also have other risks of damaging the user. Referring to fig. 1, a lawbreaker sends a dangerous document to a terminal of a user through a network, thereby stealing the privacy of the user, such as important information like a password.

For the terminal user, the received information can be one or more files, or information with text and attachments, or information with pictures and attachments; the number of the accessories may be one or more. Any of the received files or attachments may be a dangerous file.

In general, the file type of the dangerous file is determined, and the judgment of the file type of the target file can be obtained from the information of the file header. The embodiment of the invention provides a file identification method, which is applied to electronic terminal equipment, receives file information, wherein the file information comprises a target file and file header information for identifying file attributes, and identifies whether the received target file is a dangerous file or not according to the file header information.

If a piece of information, such as multimedia message and mail, has an attachment, if the attachment is judged to be a dangerous file according to the file header of the attachment, the piece of information is judged to be unsafe information. For example, the header indicates that the attachment is an executable file and can be easily run directly by the device.

The flow chart of the file identification method provided by the embodiment of the invention is shown in FIG. 2:

s201, receiving information;

s202, analyzing the file type represented by the information of the file header;

s203, judging whether the information of the file header represents dangerous file types: if not, executing step S204; if yes, go to step S205;

s204, receiving normally;

s205 determines that the information is unsafe information.

The process utilizes the information of the file header, the information is easy to receive and extract, and the dangerous files are identified simply, conveniently and efficiently according to the judgment of the file header.

Judging the information of the file header in a matching manner is a specific method which is easy to implement. In one possible design, identifying whether the received target file is a dangerous file according to the file header information includes: and matching the file header information with file header information of a pre-stored dangerous file, and if the file header information is matched with the file header information of the pre-stored dangerous file, judging that the target file is a dangerous file.

The headers of the pre-stored hazardous files may be aggregated in a library. Thus, in one possible design, the document identification method further includes a dangerous document type library; the dangerous file type library stores file header information of dangerous files in advance; the processing module is used for matching the file header information with file header information of a pre-stored dangerous file, and if the file header information is matched with the file header information of the pre-stored dangerous file, the processing module judges that the target file is a dangerous file.

For example, for the android system, the threat file type library includes bak files, as bak files are easily detected and run directly by the system. Because of software update iterations, the dangerous file type library may need to be updated with the system, because when the system is updated, the corresponding dangerous file type may change, for example, a bak file before the update, and another file after the update. So in one embodiment, the dangerous file type library has an updated function.

Generally, the file extension of a file is also related to the file type, and can be used as an important judgment method. Although the file type of the dangerous file is determined, the file extension is easy to be tampered by lawless persons, and the file type is difficult to identify by the modified file extension. And the file header is not easy to change, so that whether the file type represented by the file header information is consistent with the file type represented by the file extension or not is judged, and the tampered file can be identified simply, conveniently and efficiently.

In a possible design, the file information further includes a file extension, and the identifying whether the received target file is a dangerous file according to the file header information includes: and judging whether the file type represented by the file header information is consistent with the file type represented by the file extension name or not, and if not, judging that the target file is a dangerous file. For information with a plurality of attachments, whether the file header of each received attachment is consistent with the file extension of the attachment is checked one by one.

If the file header is not consistent with the file extension of the file or the attachment, the file extension of the file or the attachment is modified, and the file extension is possibly a dangerous file. For example, the header of a file indicates that the file is a file that can be recognized by the system to run, such as apk, and the file extension of the file is a seemingly harmless file type such as png, jpg, etc. When the user actively or passively changes the file extension of the file, the file is operated by the system, which brings risks.

A flow chart of an embodiment of the invention is shown in fig. 3:

s301, receiving the information;

s302, analyzing the file type represented by the information of the file header;

s303, analyzing the file type represented by the file extension of the file;

s304, judging whether the file type represented by the file header is consistent with the file type represented by the file extension name of the file: if not, go to step S305; if yes, go to step S306;

s305, receiving normally;

s306 determines that the information is unsafe information.

The core of the flow shown in fig. 3 is to compare the file header and the file extension. Although the file extension of the file is easy to change, the file header is not easy to change, so that whether the file type represented by the file header information is consistent with the file type represented by the file extension or not is judged, and the tampered file can be identified simply and efficiently. The embodiment of the invention can accurately judge the file risk of the received file or the attachment, and has small workload and small algorithm complexity. The modification of the bottom chip and the module is not involved, and the intelligent device can be adapted to various intelligent devices.

After the dangerous file is judged, certain measures are needed to reduce the risk, such as reminding a user. Different from the prompt of receiving the ordinary information, in one possible design, the electronic terminal device starts the function of prompting the dangerous file in advance, and the method further includes: when the target file is judged to be a dangerous file, prompting by adopting one or more of the following combinations: audio prompts, text message prompts, video prompts, vibration prompts. The user can start the function of prompting the dangerous file in advance on the electronic terminal equipment, and once the dangerous file is received, the user can be prompted. The user can close the function of prompting the dangerous file in advance at the electronic terminal equipment, and once the dangerous file is received, the prompt is not given, the disturbance is avoided, and the dangerous file is directly processed, for example, the dangerous file directly enters a dustbin or is permanently deleted.

The text message prompt can be various, can be a default one of the system, and can be further set by the user. For example, for an android phone, the notification bar prompt, the pop-up dialog prompt and the direct mark-up display in the application picture can be used. Thus, in one possible design, the text message prompt includes a combination of one or more of: the notification bar of the electronic terminal equipment prompts the receiving of the dangerous files, prompts the receiving of the dangerous files through a dialog box, and sends and receives the dangerous file prompt through an Application program (APP) of the electronic terminal equipment.

For received spam or dangerous information, it can be placed in a trash bin to be separated from normal information. In a possible design, the electronic terminal device is provided with a trash box for storing the dangerous file, and may have a function of pre-opening a dangerous file prompt, and the method further includes: and when the target file is judged to be a dangerous file, intercepting the target file and putting the intercepted target file into the garbage can.

The function of pre-starting the dangerous file prompting is unnecessary, and under the condition that the function is not available, the system defaults that the dangerous file is received without prompting and disturbance, and the dangerous file is directly processed, such as being directly put into a garbage can or being permanently deleted. In one possible embodiment, the electronic terminal is provided with a trash bin for storing dangerous documents, and the method further comprises: and when the target file is judged to be a dangerous file, intercepting the target file and putting the intercepted target file into the garbage bin or deleting the intercepted target file.

It can be understood that after the dangerous file enters the trash bin, if the user needs to view the file in the trash bin, the user can restore the dangerous file without knowing the dangerous file, which may cause danger, and therefore the user should be reminded. In one possible design, after the placing the intercepted target file into the trash, the method further includes: and when the target file viewing instruction in the garbage box is received, prompting by adopting one or more of the following combinations: and prompting to receive the dangerous file in a notification bar of the electronic terminal equipment, prompting to receive the dangerous file through a dialog box, and sending and receiving a dangerous file prompt through an application program of the electronic terminal equipment.

The user may have different settings for the handling of spam. Such as direct interception, no interception, warning. The direct interception may be permanent deletion or placement into a trash bin. The trash can may be a trash of an application program that receives the information or a trash of a system security application where the user may revert to displaying in the application. The non-interception may be received exactly as normal information. The warning may be a special warning while receiving the information, while allowing the user to view the information content.

Thus, in one possible design, the file identification method has the function of settings, including settings of the interception switch. The setting of the interception switch comprises the following 2 or 3 combinations: no interception, direct interception and warning. For example, the setting includes no interception, direct interception; or the setting includes no interception, warning; or the setting comprises direct interception, warning; or the setting includes direct interception, no interception, warning.

Different fields can be provided with different setting combinations, a dustbin is not needed in some fields, and a dustbin is needed in some fields; for example, the direct interception mode is that the setting of putting in the dustbin requires the dustbin, and the direct interception mode is that the setting of permanently deleting does not require the dustbin. For example, in the field of short messages and multimedia messages, the unsafe files are files with malicious disguised and artificially modified file extensions, so that the unsafe files can be directly and permanently deleted without a garbage can. For the field of mailboxes, the unsafe file appearing in the attachment in the mail can be a file header or a file extension modified for special reasons such as encryption and the like, so that permanent deletion is an unreasonable processing mode, and the file can be placed into a garbage can for a user to retrieve, and even can be received as a normal file.

For the settings of direct interception, no interception, and warning, an exemplary flowchart after confirming receiving the unsafe information is shown in fig. 4:

s401, determining that the information is unsafe information;

s402, judging the setting of an interception switch: if not, executing step S403; if yes, executing step S404; if yes, go to step S405;

s403, normally receiving the information;

s404, information enters a garbage can;

s405 displays the information as unsafe information.

The flow shown in fig. 4 may be applied at the application framework layer. Meanwhile, the application program layer can participate. In one possible design, the file identification method is performed by an application framework layer. For example, for an android system, the method is applied to the original multimedia message receiving flow of the framework layer. Due to the small workload and the small algorithm complexity, the method is easy to implement at the framework layer.

The method of an embodiment of the present invention may also be implemented by an application program instead of the application framework layer, and in an embodiment, is used by an application program to perform any one of the above methods. The file identification method is equivalent to the application program layer, does not directly relate to modification of more basic layers such as an application program framework layer and the like, and is better adapted to various intelligent devices. The APP can be set to automatically operate or automatically start when the user is started, and the APP can always operate without being actively opened by the user. Due to small workload and algorithm complexity, the method occupies small storage space and runs the memory, thereby being convenient for long-term running.

In an embodiment of short message application, a short message application of a user receives a multimedia message, and if the multimedia message contains dangerous files, warning measures are taken to warn the user that the multimedia message has risks while the short message application displays the multimedia message. The warning measure can be defaulted by the system, or can be further set by the user, such as a notification bar prompt, a Dialog prompt or a prompt in a short message application directly in the current information session.

The flowchart of the present example is shown in fig. 5, where S501-S508 are executed in frames, and S509-S511 are executed in an application:

s501, multimedia messages are received by Frameworks;

s502 whether the file header mark is consistent with the file extension name; if yes, go to step S503; if not, executing step S504;

s503, the multimedia message content is sent to the short message application, and the step S509 is executed;

s504 disguising multimedia message user interception switch setting; if yes, executing step S511; if not, executing step S503; if yes, go to step S505;

s505 disguising multimedia message user warning switch setting; if yes, executing step S506; if yes, executing step S507; if yes, execute step S508;

s506, the notification bar prompts that the risk multimedia message is received, and step S509 is executed;

s507, prompting that a risk multimedia message is received by a Dialog box, and executing the step S509;

s508, sending the warning information and the multimedia message content to a short message application, and executing the step S510;

s509, the short message application displays the multimedia message content, and the process is ended;

s510, displaying multimedia message content and warning message by short message application, and ending the process;

and S511, the information enters a garbage can, and the process is ended.

If the user clicks to view the information after it enters the trash, the user may also want to know why a piece of information will be marked as unsafe, and thus, in one possible design, the user is provided with a reason for the insecurity when viewing the unsafe information. For example, fig. 6, when the user opens unsafe information in the trash, a Dialog prompt pops up: "this information contains an unsecured file" and has buttons "view reason", "exit", "restore to inbox". When a user clicks 'view reason' in a garbage box, a file type represented by information of a file header of an attachment is displayed to be inconsistent with a file extension name of the attachment, a file such as a virus may be disguised, and the file can be run by modifying the file extension name of the file and the like, so that data leakage or damage is caused.

The flow shown in fig. 5 may also be solely participated by the application layer. In one possible design, the file identification method is executed by an application program itself, such as a short message application and a mailbox APP. The method does not directly relate to modification of more basic levels such as an application framework layer and the like, and is better suitable for various intelligent devices.

Embodiments of the present invention may be applied to an electronic device for receiving information, such as a computer, a tablet computer, a notebook computer, a smart phone, and the electronic device may include, but is not limited to, a central processing unit, a storage medium, and the like.

The application fields of the embodiment of the invention include but are not limited to: the method comprises the following steps of short message and multimedia message field, e-mail field, social APP field or other types of information communication field. The embodiment of the invention can be applied to information interception and information warning reminding, but not limited to the field of information communication.

In one embodiment, an electronic terminal device implementing the file identification method of the present invention includes a receiving module, configured to receive file information, where the file information includes a target file and file header information identifying file attributes; and the processing module is used for identifying whether the received target file is a dangerous file or not according to the file header information. In one configuration example, as shown in fig. 7, a receiving module M101 is connected to a processing module M102.

Judging the information of the file header in a matching manner is an easy-to-implement method. And matching the file header information with file header information of a pre-stored dangerous file, and if the file header information is matched with the file header information of the pre-stored dangerous file, judging that the target file is a dangerous file. The file headers of the pre-stored dangerous files can be collected in a library and are realized by a storage module. In one possible design, the device further comprises a storage module, wherein the storage module comprises a dangerous file type library, and the dangerous file type library stores file header information of dangerous files in advance; the processing module is specifically configured to match the file header information with file header information of a pre-stored dangerous file, and if the matching is achieved, the processing module determines that the target file is a dangerous file. In one configuration example, as shown in fig. 7, a storage module M103 is connected to a processing module M102.

The file extension of the file is also related to the file type, and can be realized by the processing module as an important judgment method. In a possible design, the receiving module is configured to receive file information including a file extension of the target file, and the processing module is specifically configured to determine whether a file type indicated by the file header information is consistent with a file type indicated by the file extension, and if not, the processing module determines that the target file is a dangerous file.

After the dangerous file is judged, certain measures are needed to reduce the risk, such as reminding a user. The user receives the prompt of the information of the dangerous document, which is different from the prompt of receiving the ordinary information. In one possible design, the user may set the notification of the receipt of the danger file to be implemented by a setting module, and the device further includes a setting module, one example of which is shown in fig. 7, and the setting module M104 is connected to the processing module M102. The setting module is used for setting whether to start a function of prompting a dangerous file; when the processing module judges that the target file is a dangerous file, the processing module is further configured to send an instruction for prompting by using a combination of one or more of the following: audio prompts, text message prompts, video prompts, vibration prompts. The cues may include a combination of one or more of the following: and prompting to receive the dangerous file in a notification bar of the electronic terminal equipment, prompting to receive the dangerous file through a dialog box, and sending and receiving a dangerous file prompt through an application program of the electronic terminal equipment.

For received spam or dangerous information, it can be placed in a trash bin to be separated from normal information. Therefore, in a possible design, the storage module further includes a trash box, and when the processing module is further configured to determine that the target file is a dangerous file, the processing module intercepts the target file and puts the intercepted target file into the trash box or deletes the target file after interception.

The user may need to view the files in the trash. After the dangerous file enters the garbage can, the user can restore the file without knowing the dangerous file, which may cause danger, so that the user should be reminded. In one possible design, the processing module is further configured to, when receiving a viewing instruction of the target file in the trash box of the storage module, issue an instruction to prompt with a combination of one or more of the following: and prompting to receive the dangerous file in a notification bar of the electronic terminal equipment, prompting to receive the dangerous file through a dialog box, and sending and receiving a dangerous file prompt through an application program of the electronic terminal equipment.

In one embodiment, a computer storage medium is used to implement the file identification method of the embodiment of the present invention, and the computer-readable storage medium stores computer-executable instructions for causing the computer to execute the method provided by the present invention.

In one embodiment, an electronic device is used for implementing the file identification method of the embodiment of the present invention, and the apparatus includes a processor and a memory, where the memory is used for storing a software program, and the processor is used for reading the software program stored in the memory and implementing the method provided by the present invention. The terminal may be a mobile terminal, a computer, etc.

Exemplarily, fig. 8 shows a schematic structural diagram of the electronic device 100.

The electronic device 100 may include a processor 110, an external memory interface 120, an internal memory 121, a Universal Serial Bus (USB) interface 130, a battery module 140, an antenna 1, an antenna 2, a mobile communication module 150, a wireless communication module 160, an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, a sensor module 180, a button 190, a motor 191, a display screen 194, a Subscriber Identification Module (SIM) card interface 195, and the like. Wherein the sensor module 180 may include a touch sensor, etc.

It is to be understood that the illustrated structure of the embodiment of the present invention does not specifically limit the electronic device 100. In other embodiments of the invention, electronic device 100 may include more or fewer components than shown, or some components may be combined, some components may be split, or a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.

Processor 110 may include one or more processing units, such as: the processor 110 may include an Application Processor (AP), a modem processor, a Graphics Processing Unit (GPU), an Image Signal Processor (ISP), a controller, a video codec, a Digital Signal Processor (DSP), a baseband processor, and/or a neural-Network Processing Unit (NPU), etc. The different processing units may be separate devices or may be integrated into one or more processors.

The controller can generate an operation control signal according to the instruction operation code and the timing signal to complete the control of instruction fetching and instruction execution.

A memory may also be provided in processor 110 for storing instructions and data. In some embodiments, the memory in the processor 110 is a cache memory. The memory may hold instructions or data that have just been used or recycled by the processor 110. If the processor 110 needs to reuse the instruction or data, it can be called directly from the memory. Avoiding repeated accesses reduces the latency of the processor 110, thereby increasing the efficiency of the system.

In some embodiments, processor 110 may include one or more interfaces. The interface may include an integrated circuit (I2C) interface, an integrated circuit built-in audio (I2S) interface, a general-purpose input/output (GPIO) interface, a Subscriber Identity Module (SIM) interface, and/or a Universal Serial Bus (USB) interface, etc.

The I2C interface is a bi-directional synchronous serial bus that includes a serial data line (SDA) and a Serial Clock Line (SCL). In some embodiments, processor 110 may include multiple sets of I2C buses. The processor 110 may be coupled to the touch sensor 180K, the charger, etc., via different I2C bus interfaces, respectively. For example: the processor 110 may be coupled to the touch sensor 180K via an I2C interface, such that the processor 110 and the touch sensor 180K communicate via an I2C bus interface to implement the touch functionality of the electronic device 100.

The I2S interface may be used for audio communication. In some embodiments, processor 110 may include multiple sets of I2S buses. The processor 110 may be coupled to the audio module 170 via an I2S bus to enable communication between the processor 110 and the audio module 170. In some embodiments, the audio module 170 may communicate audio signals to the wireless communication module 160 via the I2S interface to enable answering messages via a bluetooth headset.

The GPIO interface may be configured by software. The GPIO interface may be configured as a control signal and may also be configured as a data signal. In some embodiments, a GPIO interface may be used to connect the processor 110 with the camera 193, the display 194, the wireless communication module 160, the audio module 170, the sensor module 180, and the like. The GPIO interface may also be configured as an I2C interface, an I2S interface, a UART interface, a MIPI interface, and the like.

The USB interface 130 is an interface conforming to the USB standard specification, and may specifically be a Mini USB interface, a Micro USB interface, a USB Type C interface, or the like. The USB interface 130 may be used to connect a charger to charge the electronic device 100, and may also be used to transmit data between the electronic device 100 and a peripheral device.

It should be understood that the connection relationship between the modules according to the embodiment of the present invention is only illustrative, and is not limited to the structure of the electronic device 100. In other embodiments of the present invention, the electronic device 100 may also adopt different interface connection manners or a combination of multiple interface connection manners in the above embodiments.

The battery module 140 is used to provide power, receive charging input from the charger.

The wireless communication function of the electronic device 100 may be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, a modem processor, a baseband processor, and the like.

The antennas 1 and 2 are used for transmitting and receiving electromagnetic wave signals. Each antenna in the electronic device 100 may be used to cover a single or multiple communication bands. Different antennas can also be multiplexed to improve the utilization of the antennas.

The mobile communication module 150 may provide a solution including 2G/3G/4G/5G wireless communication applied to the electronic device 100.

The modem processor may include a modulator and a demodulator. The modulator is used for modulating a low-frequency baseband signal to be transmitted into a medium-high frequency signal. The demodulator is used for demodulating the received electromagnetic wave signal into a low-frequency baseband signal. The demodulator then passes the demodulated low frequency baseband signal to a baseband processor for processing. The low frequency baseband signal is processed by the baseband processor and then transferred to the application processor. The application processor outputs a sound signal through an audio device (not limited to the speaker 170A, the receiver 170B, etc.) or displays an image or video through the display screen 194. In some embodiments, the modem processor may be a stand-alone device. In other embodiments, the modem processor may be provided in the same device as the mobile communication module 150 or other functional modules, independent of the processor 110.

The wireless communication module 160 may provide a solution for wireless communication applied to the electronic device 100, including Wireless Local Area Networks (WLANs) such as wireless fidelity (Wi-Fi) networks, Bluetooth (BT), Global Navigation Satellite System (GNSS), Frequency Modulation (FM), Near Field Communication (NFC), Infrared (IR), and the like. The wireless communication module 160 may be one or more devices integrating at least one communication processing module. The wireless communication module 160 receives electromagnetic waves via the antenna 2, performs frequency modulation and filtering processing on electromagnetic wave signals, and transmits the processed signals to the processor 110. The wireless communication module 160 may also receive a signal to be transmitted from the processor 110, perform frequency modulation and amplification on the signal, and convert the signal into electromagnetic waves through the antenna 2 to radiate the electromagnetic waves.

In some embodiments, antenna 1 of electronic device 100 is coupled to mobile communication module 150 and antenna 2 is coupled to wireless communication module 160 so that electronic device 100 can communicate with networks and other devices through wireless communication techniques. The wireless communication technology may include global system for mobile communications (GSM), General Packet Radio Service (GPRS), code division multiple access (code division multiple access, CDMA), Wideband Code Division Multiple Access (WCDMA), time-division code division multiple access (time-division code division multiple access, TD-SCDMA), Long Term Evolution (LTE), LTE, BT, GNSS, WLAN, NFC, FM, and/or IR technologies, etc. The GNSS may include a Global Positioning System (GPS), a global navigation satellite system (GLONASS), a beidou navigation satellite system (BDS), a quasi-zenith satellite system (QZSS), and/or a Satellite Based Augmentation System (SBAS).

The electronic device 100 implements display functions via the GPU, the display screen 194, and the application processor. The GPU is a microprocessor for image processing, and is connected to the display screen 194 and an application processor. The GPU is used to perform mathematical and geometric calculations for graphics rendering. The processor 110 may include one or more GPUs that execute program instructions to generate or alter display information.

The display screen 194 is used to display images, video, and the like. The display screen 194 includes a display panel. In some embodiments, the electronic device 100 may include 1 or N display screens 194, with N being a positive integer greater than 1.

The software system of the electronic device 100 may employ a layered architecture, an event-driven architecture, a micro-core architecture, a micro-service architecture, or a cloud architecture. The embodiment of the present invention uses an Android system with a layered architecture as an example to exemplarily illustrate a software structure of the electronic device 100.

The software system of the electronic device 100 may employ a layered architecture, an event-driven architecture, a micro-core architecture, a micro-service architecture, or a cloud architecture. The embodiment of the present invention uses an Android system with a layered architecture as an example to exemplarily illustrate a software structure of the electronic device 100.

Fig. 9 is a block diagram of the software configuration of the electronic apparatus 100 according to the embodiment of the present invention.

The layered architecture divides the software into several layers, each layer having a clear role and division of labor. The layers communicate with each other through a software interface. In some embodiments, the Android system is divided into four layers, an application layer, an application framework layer, an Android runtime (Android runtime) and system library, and a kernel layer from top to bottom.

The application layer may include a series of application packages.

As shown in fig. 9, the application package may include short message, call, mailbox, WLAN, bluetooth, social app, browser, in-file manager, settings, and the like.

The application framework layer provides an Application Programming Interface (API) and a programming framework for the application program of the application layer. The application framework layer includes a number of predefined functions.

As shown in FIG. 9, the application framework layers may include a window manager, content provider, view system, phone manager, resource manager, notification manager, and the like.

The window manager is used for managing window programs; the window manager can obtain the size of the display screen, judge whether a status bar exists, lock the screen, intercept the screen and the like. The content provider is used for storing and acquiring data and making the data accessible to the application program; the data may include video, images, audio, phone calls made and received, phone books, etc. The view system comprises visual controls, such as controls for displaying characters, controls for displaying pictures and the like; the view system may be used to build applications. The display interface may be composed of one or more views, for example, a display interface including a short message notification icon, which may include a view displaying text and a view displaying pictures. The phone manager is used to provide communication functions of the electronic device 100, such as management of call states including connection, disconnection, and the like. The resource manager provides various resources, such as localized strings, icons, pictures, video files, etc., to the application.

The notification manager enables the application to display notification information in the status bar, can be used to convey notification-type messages, can disappear automatically after a short dwell, and does not require user interaction. Such as a notification manager used to inform download completion, message alerts, etc. The notification manager may also be a notification that appears in the form of a chart or scroll bar text at the top status bar of the system, such as a notification of a background running application, or a notification that appears on the screen in the form of a dialog window. For example, prompting text information in the status bar, sounding a prompt tone, vibrating the electronic device, flashing an indicator light, etc.

The Android Runtime comprises a core library and a virtual machine. The Android runtime is responsible for scheduling and managing an Android system.

The core library comprises two parts: one part is a function which needs to be called by java language, and the other part is a core library of android.

The application layer and the application framework layer run in a virtual machine. And executing java files of the application program layer and the application program framework layer into a binary file by the virtual machine. The virtual machine is used for performing the functions of object life cycle management, stack management, thread management, safety and exception management, garbage collection and the like.

The system library may include a plurality of functional modules, such as: surface 1 manager (surface manager), Media Libraries (Media Libraries), three-dimensional graphics processing Libraries, 2D graphics engines, and the like.

The surface manager is used to manage the display subsystem and provide fusion of 2D and 3D layers for multiple applications. The media library supports a variety of commonly used audio, video format playback and recording, and still image files, among others. The media library may support a variety of audiovisual coding formats, such as MP3, AAC, PNG, and the like. The three-dimensional graphic processing library is used for realizing image rendering, layer processing and the like. The 2D graphics engine is a drawing engine for 2D drawing. The kernel layer is a layer between hardware and software. The kernel layer at least comprises a display driver and an audio driver.

The following describes the workflow of the software and hardware of the electronic device 100 in conjunction with an exemplary scenario of unsafe information identification.

The information carrying the dangerous file is received through the mobile communication module 150, and the processor 110 identifies and judges the information as unsafe information through the method provided by the present invention, and stores the unsafe information in the trash box portion of the internal memory 121. And when the user touches the clicking operation, the control corresponding to the clicking operation is the control of the unsafe information icon in the dustbin. The touch sensor 180K receives the touch operation and a corresponding hardware interrupt is issued to the kernel layer. The kernel layer processes the touch operation into an original input event, which includes information such as touch coordinates and a time stamp of the touch operation. The raw input events are stored at the kernel layer. And the application program framework layer acquires the original input event from the kernel layer and identifies the control corresponding to the input event. The corresponding hardware interrupt is display driven, the display screen 194 displays the information and pops up a dialog box: "this information contains the insecure file [ view reason ] [ exit ] [ restore to inbox ]".

As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. In the several embodiments provided in this specification, the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described device embodiments are merely illustrative, and for example, the division of the units is only one logical functional division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

Each functional unit in the embodiments of the present description may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.

The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute some steps of the methods described in the embodiments of the present disclosure. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a Read Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.

The present invention has not been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus, systems, and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

As mentioned above, the above embodiments are only used to illustrate the technical solutions of the embodiments of the present invention, and not to limit the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.