CN106548085A - A kind of processing method and processing device of data - Google Patents
A kind of processing method and processing device of data Download PDFInfo
- Publication number
- CN106548085A CN106548085A CN201510593673.7A CN201510593673A CN106548085A CN 106548085 A CN106548085 A CN 106548085A CN 201510593673 A CN201510593673 A CN 201510593673A CN 106548085 A CN106548085 A CN 106548085A
- Authority
- CN
- China
- Prior art keywords
- data
- access request
- desensitization
- sensitive
- source
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The present invention provides a kind of processing method and processing device of data, and its processing method includes:Source data access request is received and parsed through, determines that this access is related to sensitive data;Modification source data access request obtains the data access request that desensitizes, and desensitization data access request is sent to data base so that the sensitive data that data base can be obtained Query Result data and be replaced in Query Result data using the first presupposed information according to desensitization data access request inquiry obtains the data that desensitize;The desensitization data that receiving data storehouse returns, output desensitization data.The embodiment of the present invention is analyzed by the data access operation to user in the case where source data is not changed, and carries out data desensitization process in data output by the way of replacing according to analysis result;Can not only flexible control data desensitization, and avoid excessive occupancy systematic function while not affecting other application to the use of data, effectively ensured the availability of business support system data.
Description
Technical field
The present invention relates to the data safety management technical field of business support technological system, more particularly to a kind of number
According to processing method and processing device.
Background technology
Data desensitization protection refers to the deformation for carrying out data to some sensitive informations by the rule that desensitizes, and realizes quick
The reliably protecting of sense private data.At present, mainly included using more data desensitization guard method " sensitive
Information data replacement " and " sensitive information encipherment protection " two ways, its detailed content are as follows:
Sensitive information data are replaced and are referred to according to certain obfuscation rule (for example:Substituted with similar character
Some fields, use shielding character (for example, ' X ') substitute character, substitute real surname with virtual surname
Deng) sensitive information in institute's data storage is replaced, the user for possessing any authority afterwards is either led to
The data crossed after the data accessed by the direct-connected mode in foreground program or backstage are desensitization.Due to the method
Reversibility it is poor, it is much more general using in terms of the safeguard protection of test data.
Sensitive information encipherment protection refer to using encryption by the way of to institute's data storage in the text containing sensitive information
Part or database table are encrypted, after the under normal conditions sensitive data accessed by user is all encryption
Data.Need to call data after key pair encryption if needing under special circumstances to check non-encrypted data
It is decrypted process.It is as the encryption and decryption operation in the method relies on larger to the performance of equipment, general to make more
In terms of the less core data safeguard protection of data volume.
With the development of business support system, the safeguard protection of its service operation data is also important all the more, therefore
The desensitization protection of data also becomes the most important thing of current safety work.At present, traditional " sensitive information number
According to replacing " and " sensitive information encipherment protection " two kinds of data protected modes that desensitize be both needed to the data to being stored
(data obfuscation or encryption) is processed itself, the equal Shortcomings in terms of motility and efficiency, it is impossible to full
The current guarantee business of foot strengthens the demand for security of data safety management and control while smoothly operation.Current data take off
The deficiency of quick guard method mainly has the following aspects:
Sensitive information data substitute mode is using being replaced to the sensitive information in institute's data storage in system
Mode carries out data desensitization protection, and the reversibility of the method is poor, it is impossible to flexibly carry out data desensitization sum
According to the handover operation between reduction, therefore the method is typically used in terms of the safeguard protection of test data more, nothing
Method is used in production environment.
Sensitive information encipherment protection mode is using predefined AES to believing containing sensitive in institute's data storage
The file or database table of breath is encrypted, if needing under special circumstances to check unencrypted plaintext
After data then need to call key pair encryption, data are decrypted process.Although the method can realize that data take off
The quick handover operation and data convert between, but the loss system performance that data encrypting and deciphering operation can be larger,
Cannot accomplish that system effectiveness and data safety are taken into account.Simultaneously using the method carry out data security protecting extremely according to
Rely the safety management to key, bigger security risk may be caused if Key Exposure.
The content of the invention
It is an object of the invention to provide a kind of processing method and processing device of data, solves number in prior art
It is poorly reversible or the problem of system effectiveness and data safety cannot be taken into account according to desensitization guard method.
In order to achieve the above object, the embodiment of the present invention provides a kind of processing method of data, including:
Source data access request is received and parsed through, determines that this access is related to sensitive data;
Change the source data access request and obtain the data access request that desensitizes, and by the desensitization data access
Request is sent to data base so that the data base can be obtained according to the desensitization data access request inquiry
Query Result data are simultaneously taken off using the sensitive data in the first presupposed information replacement Query Result data
Quick data;
The desensitization data that the data base returns are received, the desensitization data are exported.
Wherein, source data access request is received and parsed through, determines that this access is wrapped the step of being related to sensitive data
Include:
Source data access request is received, the source data access request includes SQL SQL statement;
The SQL statement is changed into into the sentence of preset algorithm;
The sentence of the preset algorithm is analyzed with list of sensitive data set in advance and is compared, obtain institute
The sensitive data in source data access request is stated, determines that this access is related to sensitive data.
Wherein, change the source data access request and obtain the data access request that desensitizes, and by the desensitization number
Send to data base according to access request so that the data base can be looked into according to the desensitization data access request
Inquiry obtains Query Result data and replaces the sensitive data in the Query Result data using the first presupposed information
The step of obtaining desensitization data includes:
Modification obtains corresponding with the desensitization data access request with the corresponding SQL statement of source data access request
SQL statement;
SQL statement corresponding with the desensitization data access request is sent to data base so that the data
Storehouse obtains Query Result data and utilizes according to SQL statement inquiry corresponding with the desensitization data access request
First presupposed information is replaced the sensitive data in the Query Result data and obtains the data that desensitize.
The embodiment of the present invention also provides a kind of processing method of data, including:
Source data access request is received and parsed through, determines that this access is related to sensitive data;
The source data access request is sent to data base, and the database root is received according to the source data
The Query Result data that access request is returned;
Sensitive data in the Query Result data is replaced with into the second presupposed information, the data that desensitize are obtained,
Export the desensitization data.
Wherein, source data access request is received and parsed through, determines that this access is wrapped the step of being related to sensitive data
Include:
Source data access request is received, the source data access request includes SQL SQL statement;
The SQL statement is changed into into the sentence of preset algorithm;
The sentence of the preset algorithm is analyzed with list of sensitive data set in advance and is compared, obtain institute
The sensitive data in source data access request is stated, determines that this access is related to sensitive data.
Wherein, the source data access request is sent to data base, and the database root is received according to described
The step of Query Result data that source data access request is returned, includes:
SQL statement corresponding with the source data access request is sent to data base;
The database root is received according to looking into that the SQL statement corresponding with the source data access request is returned
Ask result data.
The embodiment of the present invention also provides a kind of processing meanss of data, including:
First sensitive determining module, for receiving and parsing through source data access request, determines that this access is related to
Sensitive data;
Desensitization module, obtains the data access request that desensitizes for changing the source data access request, and by institute
State desensitization data access request to send to data base so that the data base can be visited according to the desensitization data
Ask that requesting query obtains Query Result data and replaces in the Query Result data using the first presupposed information
Sensitive data obtains the data that desensitize;
First desensitization output module, for receiving the desensitization data that the data base returns, exports the desensitization
Data.
Wherein, the described first sensitive determining module includes:
First receiving submodule, for receiving source data access request, the source data access request includes knot
Structure query language SQL statement;
First transition module, for the SQL statement to be changed into the sentence of preset algorithm;
First comparing module, for the sentence of the preset algorithm is entered with list of sensitive data set in advance
Row is analysed and compared, and obtains the sensitive data in the source data access request, determines that this access is related to sensitivity
Data.
Wherein, the desensitization module includes:
First replacement module, obtains de- with described for changing SQL statement corresponding with source data access request
The corresponding SQL statement of quick data access request;
First sending module, for SQL statement corresponding with the desensitization data access request is sent to number
According to storehouse so that the database root is obtained according to SQL statement inquiry corresponding with the desensitization data access request
Query Result data are simultaneously taken off using the sensitive data in the first presupposed information replacement Query Result data
Quick data.
The embodiment of the present invention also provides a kind of processing meanss of data, including:
Second sensitive determining module, for receiving and parsing through source data access request, determines that this access is related to
Sensitive data;
Second sending module, for the source data access request is sent to data base, and receives the number
According to the Query Result data that storehouse is returned according to the source data access request;
Second desensitization output module, it is pre- for the sensitive data in the Query Result data is replaced with second
If information, the data that desensitize are obtained, export the desensitization data.
Wherein, the second sensitive determining module includes:
Second receiving submodule, for receiving source data access request, the source data access request includes knot
Structure query language SQL statement;
Second transition module, for the SQL statement to be changed into the sentence of preset algorithm;
Second comparing module, for the sentence of the preset algorithm is entered with list of sensitive data set in advance
Row is analysed and compared, and obtains the sensitive data in the source data access request, determines that this access is related to sensitivity
Data.
Wherein, second sending module includes:
First sending submodule, for SQL statement corresponding with the source data access request is sent to number
According to storehouse;
3rd receiving submodule, for receiving the database root according to described with the source data access request pair
The Query Result data that the SQL statement answered is returned.
The above-mentioned technical proposal of the present invention at least has the advantages that:
In the processing method and processing device of the data of the embodiment of the present invention, only exist in the case where source data is not changed
Desensitization control is carried out in data output process, is analyzed by the data access operation to user, and according to
Analysis result carries out data desensitization process in data output by the way of replacing;Flexibly can not only control
The desensitization of data, and excessive occupancy is avoided while not affecting other application to the use of data
Systematic function, has effectively ensured the availability of business support system data.
Description of the drawings
Fig. 1 represents the basic step flow chart one of the processing method of data provided in an embodiment of the present invention;
Fig. 2 represents the resolution flow of source data access request in the processing method of data provided in an embodiment of the present invention
Journey schematic diagram;
Fig. 3 represents that " SQL replacements " mode provided in an embodiment of the present invention carries out the tool of the processing method of data
Body flow chart;
The flow chart that Fig. 4 is accessed in representing the processing method of data provided in an embodiment of the present invention in plain text;
Fig. 5 represents the basic step flowchart 2 of the processing method of data provided in an embodiment of the present invention;
Fig. 6 represents that " downlink data replacement " mode provided in an embodiment of the present invention carries out the processing method of data
Particular flow sheet;
Fig. 7 represents the composition structural representation one of the processing meanss of data provided in an embodiment of the present invention;
Fig. 8 represents the composition structural representation two of the processing meanss of data provided in an embodiment of the present invention.
Specific embodiment
To make the technical problem to be solved in the present invention, technical scheme and advantage clearer, below in conjunction with attached
Figure and specific embodiment are described in detail.
The present invention is in prior art, data desensitization guard method is poorly reversible or cannot take into account system effectiveness
With the problem of data safety, there is provided a kind of processing method and processing device of data, in the situation for not changing source data
Under desensitization control is carried out only in data output process, be analyzed by the data access operation to user,
And data desensitization process is carried out in data output by the way of replacing according to analysis result;Can not only spirit
The desensitization of control data living, and avoid while not affecting other application to the use of data excessive
Occupancy systematic function, effectively ensured the availability of business support system data.
As shown in figure 1, a kind of processing method of data provided in an embodiment of the present invention, including:
Step 11, receives and parses through source data access request, obtains sensitive data;User is by unified access
Door conducts interviews to data, and system does not temporarily conduct interviews after receiving user access request the issuing of instruction
Operate (being issued to data base), but the very first time carries out dissection process to source data access request, the parsing
Result can determine whether this access is related to sensitive data;If being related to sensitive data, obtain described quick
Sense data;If being not related to sensitive data, directly to access instruction below data base, and the structure that will be fed back
User is exposed directly to without any process.It should be noted that, if this access is related to sensitive data, use
Family voluntarily can select to access in plain text or desensitize to access, and the process which accesses in plain text is content of the prior art,
No further details to be given herein;Its desensitization accesses the main contents for the embodiment of the present invention, and following steps acquiescence is used
Family selects desensitization to carry out in the case of accessing.
Step 12, changes the source data access request and obtains the data access request that desensitizes, and by the desensitization
Data access request is sent to data base so that the data base can be according to the desensitization data access request
Inquiry obtains Query Result data and replaces the sensitive number in the Query Result data using the first presupposed information
According to obtain desensitize data;Wherein, the step is the mode that upstream request is replaced, i.e., directly access source data
The desensitization data access request comprising " sensitive data is replaced with the first presupposed information " is revised as in request,
So that database root obtains a Query Result data according to desensitization data access request inquiry, the data then
Sensitive data in Query Result data is replaced with the first presupposed information according to the desensitization request of data by storehouse.
Such as the first presupposed information is " * * * ", and source data access request is the " paying out wages of requesting query user A
Time and number ", amended desensitization data access request is " the paying out wages time of requesting query user A
And number, utilize " * * * " to replace wage number ", then the Query Result that data base returns is inquired about first and is obtained
The paying out wages time of user A and number, obtain the data that desensitize after utilizing " * * * " to replace wage number,
That is " user A paid wages in 25 days 2 months, and wage is * * * ";So process and can not change source data
In the case of reach dynamic desensitization protection purpose.
Step 13, receives the desensitization data that the data base returns, and exports the desensitization data.Due to number
Replaced with the first presupposed information according to sensitive data in the Query Result that storehouse returns, i.e., the data that system is received
For the data that desensitize, then directly the desensitization data are exported to user, reach the purpose of desensitization protection.
In the above embodiment of the present invention, by way of upstream request is replaced, in not change data storehouse Zhong Yuan
In the case of data, the sensitive data in source data access request is modified obtain desensitize data access please
Ask, after so processing, the sensitive data in Query Result can be replaced by the first presupposed information, then system is obtained
Data be desensitization data, and then the desensitization data are directly output to into user, reach the purpose of desensitization protection.
Specifically, source data access request is generally SQL SQL statement, then the present invention is based on
The specific implementation of SQL statement is as follows:
First, step 11 is specifically included:
Step 111, receives source data access request, and the source data access request includes SQL
SQL statement;The concrete manifestation form of the source data access request is SQL statement.
The SQL statement is changed into the sentence of preset algorithm by step 112;The SQL statement is carried out
Dissection process, realizes the deep analysis to up SQL statement in this step, and the grammer of SQL is changed
For the specific business algorithm (i.e. preset algorithm) of program, the storehouse table and field of this access are extracted;The step
Not only support to parse the data manipulation of single table, also achieve to multilist, the complicated SQL statement of multi-field
Parsing, has greatly agreed with the practical business demand of business support system.Its specific transformation flow process such as Fig. 2
Shown, which mainly through the parsing to SQL statement, separation, association and combines.By as shown in Figure 2
Service logic realizes the deep analysis to up SQL statement, and the grammer of SQL statement is transformed into program
Specific business algorithm, such as one query statement is:
SELECT e.last_name AS name,
e.commission_pct comm,
e.salary*12"Annual Salary"
FROM scott.employees AS e
WHERE e.salary>1000
ORDER BY
e.first_name,
e.last_name;
After the deep analysis transformation as shown in Figure 2 of the embodiment of the present invention, it is changed into following information:
Select statement:
Column:e.last_name,Alias:name
Column:e.commission_pct,Alias:comm
Column:e.salary*12,Alias:"Annual Salary"
table:
scott.employees,alias:e
where clause:
e.salary>1000
order by:
e.first_name
e.last_name
Step 113, the sentence of the preset algorithm is analyzed with list of sensitive data set in advance and is compared,
The sensitive data in the source data access request is obtained, determines that this access is related to sensitive data.Specifically,
The analysis result of step 112 is analyzed with list of sensitive data set in advance and is compared, analyzed current
Access operation whether be related to sensitive data.If sensitive data is included in current source data access request,
Then determine that this access is related to sensitive data;Otherwise this access is not related to sensitive data.
In the embodiment of the present invention, SQL statement is converted to into preset algorithm by the deep analysis to SQL statement
Sentence, be easy to follow-up comparison to operate, improve comparison efficiency;And can be accurate by comparison result
Determine whether this access is related to sensitive data, improve the judging efficiency of sensitive data.Wherein, default settings
List of sensitive data can be by user's sets itself, it is also possible to set according to the experience of system long-term accumulated,
Here is not especially limited.
Further, based on SQL statement, 12 include the step of the embodiment of the present invention:
Step 121, is changed SQL statement corresponding with source data access request and obtains being visited with the desensitization data
Ask request corresponding SQL statement;
Step 122, SQL statement corresponding with the desensitization data access request is sent to data base, is made
Obtain the database root Query Result is obtained according to SQL statement inquiry corresponding with the desensitization data access request
Data simultaneously obtain the data that desensitize using the sensitive data in the first presupposed information replacement Query Result data.
Specifically, the mode that the upstream request is replaced is also referred to as " SQL replacements ", and which passes through SQL parsings
Device changes SQL statement so that database root is obtained after Query Result according to the inquiry of amended SQL statement, with
First presupposed information replaces sensitive field to return desensitization data, after being desensitization so as to the data that system is received
Data, have reached the purpose of dynamic desensitization.
The data desensitization guard method of " the SQL replacements " that the embodiment of the present invention be supplied to reference to Fig. 3
It is described in detail:
Step 31, user are conducted interviews to data by the unified door that accesses, and system receives user's access please
The operation that issues of the rear instruction that temporarily do not conduct interviews, but the very first time is asked to parse to accessing SQL statement
Process.The deep analysis to up SQL statement are realized in this step, and the grammer of SQL is transformed into journey
The specific business algorithm of sequence;
Step 32, analysis result is analyzed with pre-set sensitive data Asset List and is compared, point
Separate out whether current access operation is related to sensitive data.If current access operation is related to sensitive data
Step 33 is carried out, this instruction for accessing is carried out down if current access operation is not related to sensitive data
Send out, and the result to feeding back is exposed directly to user without any process;
Step 33, ejects the current access operation of prompting frame prompting user and is related to sensitive data, and allow user to select
It is to access in plain text or desensitize to access to select this.Step 34 is entered if user selects to access in plain text, if
User selects desensitization to access, then into step 35;
Step 34, user are selected to access in plain text and then trigger approval process, and the plaintext of user is accessed by system automatically
Request is sent to responsible person concerned's (supporting electronic flow and note two ways), after person liable's examination & approval, is
This instruction for accessing is issued by system side, and the result to feeding back is exposed directly to without any process
User;The concrete operation flow which accesses in plain text is as shown in Figure 4;
Step 35, user select desensitization to access, and after the parsing of step 31 and step 21, system is
Jing knows which sensitive field this database manipulation can access, and SQL resolvers can change the SQL languages of access
Sentence, it is therefore an objective to make query resultses with the returned content of the sensitive field of " * * * * * " replacement, subsequently transmitted
To data base;For example, original access SQL statement is:
Select t.main_acct_id,t.login_name,t.login_pwd from main_acct t
By the amended SQL statement of SQL resolvers it is:
Select t.main_acct_id,t.login_name,'******'as login_pwd from main_acct t
I.e. " t.login_pwd " field in original SQL is changed to " ' * * * * * * ' as by resolver
Login_pwd ", after so processing, concentrates the value of " login_pwd " field to replace with Query Result
" * * * * * * ", reaches the purpose of dynamic desensitization protection.
Step 36, by the data output after desensitization to user, and completes this access operation.
The embodiment of the present invention provides a kind of output element in the case where source data is not changed only in data and carries out
Desensitization control method, by parsing to up SQL statement, and analyzes this visit for analysis result
After asking the sensitive data of presence, to the sensitive data that accessed according to certain rule in the output procedure of data
Operation is replaced, so as to realize that the desensitization to this sensitive data information for accessing is controlled.The motion takes into account
Traditional " replacement of sensitive information data " and " sensitive information encipherment protection " two kinds of data desensitize protection sides
The advantage of formula, turn avoid to excessive occupancy system while not affecting other application to the use of data
Performance, has effectively ensured the availability of business support system data.
And the data desensitization control method disclosed in the embodiment of the present invention, it is to avoid traditional desensitization method application
Face is narrow, flexibility ratio is poor, the deficiency such as larger to system performance loss, can be widely used in business support system
The data security protecting of system various aspects.
In order to preferably realize above-mentioned purpose, as shown in figure 5, the embodiment of the present invention also provides a kind of data
Processing method, including:
Step 51, receives and parses through source data access request, determines that this access is related to sensitive data;User
Data are conducted interviews by the unified door that accesses, system is not temporarily visited after receiving user access request
That asks instruction issues operation (being issued to data base), but the very first time is parsed to source data access request
Process, the result of the parsing can determine whether this access is related to sensitive data;If being related to sensitive data,
The sensitive data is obtained then;If being not related to sensitive data, directly to access instruction below data base, and
The structure of feedback is exposed directly to into user without any process.It should be noted that, if this access is related to
Sensitive data, user voluntarily can select to access in plain text or desensitize to access, and the process which accesses in plain text is existing skill
Content in art, no further details to be given herein;Its desensitization accesses the main contents for the embodiment of the present invention, with
Lower step default user selects desensitization to carry out in the case of accessing.
Step 52, the source data access request is sent to data base, and receives the database root according to institute
State the Query Result data of source data access request return;Specifically, system is directly by source data access request
Data base is transferred to, database root obtains Query Result data according to the source data access request inquiry data, and
Query structure data are returned to into system.
Sensitive data in the Query Result data is replaced with the second presupposed information, is taken off by step 53
Quick data, export the desensitization data.Wherein, the mode that the step is replaced for downlink data, i.e. system exist
Desensitization process is carried out when receiving the downlink data of Database Feedback, sensitive data that will be in Query Result data
The second presupposed information is replaced with, and the substitute mode supported includes some fields being substituted, being used with similar character
Shielding character (for example, ' * ') substitutes character, User Defined etc..So as to again by data output to during user only
Desensitization data after output desensitization, reach the purpose of desensitization protection.
In the above embodiment of the present invention, by the substitute mode of downlink data, in not change data storehouse Zhong Yuan
Sensitive number in the case of data, in the query structure data that database root is fed back according to source data access request
According to the second presupposed information is replaced with, then system is reached de- by the desensitization data output obtained after replacement to user
The purpose of quick protection.The embodiment of the present invention propose it is a kind of in the case where source data is not changed only in the defeated of data
Going out link carries out desensitization control method, has taken into account traditional " replacement of sensitive information data " and " sensitive information
The advantage of two kinds of data desensitization protected modes of encipherment protection ", has not only accomplished the flexible control to data desensitization,
Turn avoid while not affecting other application to the use of data to excessive occupancy systematic function, effectively
The availability for having ensured business support system data.
Specifically, source data access request is generally SQL SQL statement, then the present invention is based on
The specific implementation of SQL statement is as follows:
First, step 51 is specifically included:
Step 511, receives source data access request, and the source data access request includes SQL
SQL statement;The concrete manifestation form of the source data access request is SQL statement.
The SQL statement is changed into the sentence of preset algorithm by step 512;The SQL statement is carried out
Dissection process, realizes the deep analysis to up SQL statement in this step, and the grammer of SQL is changed
For the specific business algorithm (i.e. preset algorithm) of program, the storehouse table and field of this access are extracted;The step
Not only support to parse the data manipulation of single table, also achieve to multilist, the complicated SQL statement of multi-field
Parsing, has greatly agreed with the practical business demand of business support system.Its specific transformation flow process such as Fig. 2
Shown, which mainly through the parsing to SQL statement, separation, association and combines.By as shown in Figure 2
Service logic realizes the deep analysis to up SQL statement, and the grammer of SQL statement is transformed into program
Specific business algorithm, such as one query statement is:
SELECT e.last_name AS name,
e.commission_pct comm,
e.salary*12"Annual Salary"
FROM scott.employees AS e
WHERE e.salary>1000
ORDER BY
e.first_name,
e.last_name;
After the deep analysis transformation as shown in Figure 2 of the embodiment of the present invention, it is changed into following information:
Select statement:
Column:e.last_name,Alias:name
Column:e.commission_pct,Alias:comm
Column:e.salary*12,Alias:"Annual Salary"
table:
scott.employees,alias:e
where clause:
e.salary>1000
order by:
e.first_name
e.last_name
Step 513, the sentence of the preset algorithm is analyzed with list of sensitive data set in advance and is compared,
The sensitive data in the source data access request is obtained, determines that this access is related to sensitive data.Specifically,
The analysis result of step 512 is analyzed with list of sensitive data set in advance and is compared, analyzed current
Access operation whether be related to sensitive data.If sensitive data is included in current source data access request,
Then determine that this access is related to sensitive data;Otherwise this access is not related to sensitive data.
In the embodiment of the present invention, SQL statement is converted to into preset algorithm by the deep analysis to SQL statement
Sentence, be easy to follow-up comparison to operate, improve comparison efficiency;And can be accurate by comparison result
Determine whether this access is related to sensitive data, improve the judging efficiency of sensitive data.Wherein, default settings
List of sensitive data can be by user's sets itself, it is also possible to set according to the experience of system long-term accumulated,
Here is not especially limited.
Further, based on SQL statement, 52 include the step of the embodiment of the present invention:
Step 521, SQL statement corresponding with the source data access request is sent to data base;
Step 522, receives the database root according to the SQL languages corresponding with the source data access request
The Query Result data that sentence is returned.
With reference to data desensitization protection sides of the Fig. 6 to " downlink data replacement " provided in an embodiment of the present invention
Method is described in detail:
Step 61, user are conducted interviews to data by the unified door that accesses, and system receives user's access please
The operation that issues of the rear instruction that temporarily do not conduct interviews, but the very first time is asked to parse to accessing SQL statement
Process.The deep analysis to up SQL statement are realized in this step, and the grammer of SQL is transformed into journey
The specific business algorithm of sequence;
Step 62, analysis result is analyzed with pre-set sensitive data Asset List and is compared, point
Separate out whether current access operation is related to sensitive data.If current access operation is related to sensitive data
Step 63 is carried out, this instruction for accessing is carried out down if current access operation is not related to sensitive data
Send out, and the result to feeding back is exposed directly to user without any process;
Step 63, ejects the current access operation of prompting frame prompting user and is related to sensitive data, and allow user to select
It is to access in plain text or desensitize to access to select this.Step 34 is entered if user selects to access in plain text, if
User selects desensitization to access, then into step 65;
Step 64, user are selected to access in plain text and then trigger approval process, and the plaintext of user is accessed by system automatically
Request is sent to responsible person concerned's (supporting electronic flow and note two ways), after person liable's examination & approval, is
This instruction for accessing is issued by system side, and the result to feeding back is exposed directly to without any process
User;The concrete operation flow which accesses in plain text is as shown in Figure 4;
Step 65, user select desensitization to access, and SQL is directly transferred to data base by resolver, and system is being received
Desensitization process is carried out during to the downlink data for feeding back:According to the analysis result of step 62, in downlink data
Sensitive content is identified and replacement is processed, and the substitute mode supported includes being substituted with similar character
Field, use shielding character (for example, ' * ') substitute character, User Defined etc..
Step 66, by the data output after desensitization to user, and completes this access operation.
To sum up, traditional data desensitization protected mode is both needed to process the source data of accumulation layer, it is impossible to full
Foot strengthens the demand for security of data safety management and control while currently ensureing service operation efficiency.The embodiment of the present invention
Disclosing a kind of output element in the case where source data is not changed only in data carries out desensitization control method,
Its advantage is as follows:
1) by up SQL statement is intercepted and parsed, this is analyzed for analysis result and access what is existed
After sensitive data, the desensitization to this sensitive data information for accessing is realized after a series of automatic business processings
Control, this motion propose two kinds of desensitization protection methods:" SQL replacements " and " downlink data replacement ", it is described
Two methods only carry out desensitization control during data transfer, are not directed to any process behaviour to source data
Make, so that it is guaranteed that business support system in creation data safety and availability;
2) embodiment of the present invention flexibly realizes the control switching for accessing that accesses in plain text and desensitize, and supports
It is to access in plain text or desensitize to access that user voluntarily selects this operation, is then triggered when user selects to access in plain text
The plaintext access request of user is sent to responsible person concerned and (supports electronic flow by approval process, system automatically
With note two ways), after person liable's examination & approval, this instruction for accessing is issued by system side, and right
The result of feedback is exposed directly to user without any process.
3) embodiment of the present invention contains the definition strategy to sensitive data simultaneously, and user can be according to access originator
The continuous evolution of application system and definition of the synchronization control to sensitive data, it is ensured that desensitization will not be left and appoint
What sensitive data.
4) method provided in an embodiment of the present invention, need not access the accessories rebuilding of side application system, it is only necessary to repair
Change data base's connection.
In order to preferably realize above-mentioned purpose, as shown in fig. 7, the embodiment of the present invention also provides a kind of data
Processing meanss, including:
First sensitive determining module 71, for receiving and parsing through source data access request, determines that this access is related to
And sensitive data;
Desensitization module 72, obtains the data access request that desensitizes for changing the source data access request, and will
The desensitization data access request is sent to data base so that the data base can be according to the desensitization data
Access request inquiry is obtained Query Result data and is replaced in the Query Result data using the first presupposed information
Sensitive data obtain desensitize data;
First desensitization output module 73, for receiving the desensitization data that the data base returns, exports described de-
Quick data.
Specifically, in the above embodiment of the present invention, the described first sensitive determining module 71 includes:
First receiving submodule, for receiving source data access request, the source data access request includes knot
Structure query language SQL statement;
First transition module, for the SQL statement to be changed into the sentence of preset algorithm;
First comparing module, for the sentence of the preset algorithm is entered with list of sensitive data set in advance
Row is analysed and compared, and obtains the sensitive data in the source data access request, determines that this access is related to sensitivity
Data.
Specifically, in the above embodiment of the present invention, the desensitization module 72 includes:
First replacement module, obtains de- with described for changing SQL statement corresponding with source data access request
The corresponding SQL statement of quick data access request;
First sending module, for SQL statement corresponding with the desensitization data access request is sent to number
According to storehouse so that the database root is obtained according to SQL statement inquiry corresponding with the desensitization data access request
Query Result data are simultaneously taken off using the sensitive data in the first presupposed information replacement Query Result data
Quick data.
It should be noted that the place of the above-mentioned data of the application of the processing meanss of data provided in an embodiment of the present invention
The device of reason method, then all embodiments of the processing method of above-mentioned data be applied to the data processing equipment,
And can reach same or analogous beneficial effect.
In order to preferably realize above-mentioned purpose, as shown in figure 8, the embodiment of the present invention also provides a kind of data
Processing meanss, including:
Second sensitive determining module 81, for receiving and parsing through source data access request, determines that this access is related to
And sensitive data;
Second sending module 82, for the source data access request is sent to data base, and receives described
The Query Result data that database root is returned according to the source data access request;
Second desensitization output module 83, for the sensitive data in the Query Result data is replaced with second
Presupposed information, obtains the data that desensitize, and exports the desensitization data.
Specifically, in the above embodiment of the present invention, the second sensitive determining module 81 includes:
Second receiving submodule, for receiving source data access request, the source data access request includes knot
Structure query language SQL statement;
Second transition module, for the SQL statement to be changed into the sentence of preset algorithm;
Second comparing module, for the sentence of the preset algorithm is entered with list of sensitive data set in advance
Row is analysed and compared, and obtains the sensitive data in the source data access request, determines that this access is related to sensitivity
Data.
Specifically, described in the above embodiment of the present invention, the second sending module 82 includes:
First sending submodule, for SQL statement corresponding with the source data access request is sent to number
According to storehouse;
3rd receiving submodule, for receiving the database root according to described with the source data access request pair
The Query Result data that the SQL statement answered is returned.
It should be noted that the place of the above-mentioned data of the application of the processing meanss of data provided in an embodiment of the present invention
The device of reason method, then all embodiments of the processing method of above-mentioned data be applied to the data processing equipment,
And can reach same or analogous beneficial effect.
The above is the preferred embodiment of the present invention, it is noted that for the common skill of the art
For art personnel, on the premise of without departing from principle of the present invention, some improvements and modifications can also be made,
These improvements and modifications also should be regarded as protection scope of the present invention.
Claims (12)
1. a kind of processing method of data, it is characterised in that include:
Source data access request is received and parsed through, determines that this access is related to sensitive data;
Change the source data access request and obtain the data access request that desensitizes, and by the desensitization data access
Request is sent to data base so that the data base can be obtained according to the desensitization data access request inquiry
Query Result data are simultaneously taken off using the sensitive data in the first presupposed information replacement Query Result data
Quick data;
The desensitization data that the data base returns are received, the desensitization data are exported.
2. the processing method of data according to claim 1, it is characterised in that receive and parse through source number
According to access request, determine that this access includes the step of being related to sensitive data:
Source data access request is received, the source data access request includes SQL SQL statement;
The SQL statement is changed into into the sentence of preset algorithm;
The sentence of the preset algorithm is analyzed with list of sensitive data set in advance and is compared, obtain institute
The sensitive data in source data access request is stated, determines that this access is related to sensitive data.
3. the processing method of data according to claim 2, it is characterised in that the modification source data
Access request obtains the data access request that desensitizes, and the desensitization data access request is sent to data base,
The data base is enabled to obtain Query Result data and utilize according to the desensitization data access request inquiry
First presupposed information is replaced the step of the sensitive data in the Query Result data obtains desensitization data to be included:
Modification obtains corresponding with the desensitization data access request with the corresponding SQL statement of source data access request
SQL statement;
SQL statement corresponding with the desensitization data access request is sent to data base so that the data
Storehouse obtains Query Result data and utilizes according to SQL statement inquiry corresponding with the desensitization data access request
First presupposed information is replaced the sensitive data in the Query Result data and obtains the data that desensitize.
4. a kind of processing method of data, it is characterised in that include:
Source data access request is received and parsed through, determines that this access is related to sensitive data;
The source data access request is sent to data base, and the database root is received according to the source data
The Query Result data that access request is returned;
Sensitive data in the Query Result data is replaced with into the second presupposed information, the data that desensitize are obtained,
Export the desensitization data.
5. the desensitization method of data according to claim 4, it is characterised in that receive and parse through source number
According to access request, determine that this access includes the step of being related to sensitive data:
Source data access request is received, the source data access request includes SQL SQL statement;
The SQL statement is changed into into the sentence of preset algorithm;
The sentence of the preset algorithm is analyzed with list of sensitive data set in advance and is compared, obtain institute
The sensitive data in source data access request is stated, determines that this access is related to sensitive data.
6. the processing method of data according to claim 5, it is characterised in that the source data is visited
Ask that request is sent to data base, and receive the inquiry that the database root is returned according to the source data access request
The step of result data, includes:
SQL statement corresponding with the source data access request is sent to data base;
The database root is received according to looking into that the SQL statement corresponding with the source data access request is returned
Ask result data.
7. a kind of processing meanss of data, it is characterised in that include:
First sensitive determining module, for receiving and parsing through source data access request, determines that this access is related to
Sensitive data;
Desensitization module, obtains the data access request that desensitizes for changing the source data access request, and by institute
State desensitization data access request to send to data base so that the data base can be visited according to the desensitization data
Ask that requesting query obtains Query Result data and replaces in the Query Result data using the first presupposed information
Sensitive data obtains the data that desensitize;
First desensitization output module, for receiving the desensitization data that the data base returns, exports the desensitization
Data.
8. processing meanss of data according to claim 7, it is characterised in that described first it is sensitive really
Cover half block includes:
First receiving submodule, for receiving source data access request, the source data access request includes knot
Structure query language SQL statement;
First transition module, for the SQL statement to be changed into the sentence of preset algorithm;
First comparing module, for the sentence of the preset algorithm is entered with list of sensitive data set in advance
Row is analysed and compared, and obtains the sensitive data in the source data access request, determines that this access is related to sensitivity
Data.
9. processing meanss of data according to claim 8, it is characterised in that the desensitization module bag
Include:
First replacement module, obtains de- with described for changing SQL statement corresponding with source data access request
The corresponding SQL statement of quick data access request;
First sending module, for SQL statement corresponding with the desensitization data access request is sent to number
According to storehouse so that the database root is obtained according to SQL statement inquiry corresponding with the desensitization data access request
Query Result data are simultaneously taken off using the sensitive data in the first presupposed information replacement Query Result data
Quick data.
10. a kind of processing meanss of data, it is characterised in that include:
Second sensitive determining module, for receiving and parsing through source data access request, determines that this access is related to
Sensitive data;
Second sending module, for the source data access request is sent to data base, and receives the number
According to the Query Result data that storehouse is returned according to the source data access request;
Second desensitization output module, it is pre- for the sensitive data in the Query Result data is replaced with second
If information, the data that desensitize are obtained, export the desensitization data.
The processing meanss of 11. data according to claim 10, it is characterised in that the second sensitive determination
Module includes:
Second receiving submodule, for receiving source data access request, the source data access request includes knot
Structure query language SQL statement;
Second transition module, for the SQL statement to be changed into the sentence of preset algorithm;
Second comparing module, for the sentence of the preset algorithm is entered with list of sensitive data set in advance
Row is analysed and compared, and obtains the sensitive data in the source data access request, determines that this access is related to sensitivity
Data.
The processing method of 12. data according to claim 11, it is characterised in that described second sends
Module includes:
First sending submodule, for SQL statement corresponding with the source data access request is sent to number
According to storehouse;
3rd receiving submodule, for receiving the database root according to described with the source data access request pair
The Query Result data that the SQL statement answered is returned.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510593673.7A CN106548085A (en) | 2015-09-17 | 2015-09-17 | A kind of processing method and processing device of data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510593673.7A CN106548085A (en) | 2015-09-17 | 2015-09-17 | A kind of processing method and processing device of data |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106548085A true CN106548085A (en) | 2017-03-29 |
Family
ID=58362833
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510593673.7A Pending CN106548085A (en) | 2015-09-17 | 2015-09-17 | A kind of processing method and processing device of data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106548085A (en) |
Cited By (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107958158A (en) * | 2017-10-27 | 2018-04-24 | 国网辽宁省电力有限公司 | The dynamic data desensitization method and system of a kind of big data platform |
CN107992771A (en) * | 2017-12-20 | 2018-05-04 | 北京明朝万达科技股份有限公司 | A kind of data desensitization method and device |
CN108509805A (en) * | 2018-03-21 | 2018-09-07 | 深圳天源迪科信息技术股份有限公司 | Data encrypting and deciphering and desensitization runtime engine and its working method |
CN109271807A (en) * | 2018-08-20 | 2019-01-25 | 深圳萨摩耶互联网金融服务有限公司 | The data safety processing method and system of database |
CN109299616A (en) * | 2018-09-07 | 2019-02-01 | 北明软件有限公司 | A kind of data safety managing and control system and method based on connection pool |
CN110019377A (en) * | 2017-12-14 | 2019-07-16 | 中国移动通信集团山西有限公司 | Dynamic desensitization method, device, equipment and medium |
CN110196861A (en) * | 2018-02-24 | 2019-09-03 | 中兴通讯股份有限公司 | A kind of data desensitization method and device |
CN110365468A (en) * | 2018-04-11 | 2019-10-22 | 华为技术有限公司 | Anonymization processing method, device, equipment and storage medium |
CN110443059A (en) * | 2018-05-02 | 2019-11-12 | 中兴通讯股份有限公司 | Data guard method and device |
CN110516466A (en) * | 2019-07-12 | 2019-11-29 | 苏州浪潮智能科技有限公司 | A kind of data desensitization method and device |
CN111597173A (en) * | 2020-04-02 | 2020-08-28 | 上海瀚之友信息技术服务有限公司 | Data warehouse system |
CN111767300A (en) * | 2020-05-11 | 2020-10-13 | 全球能源互联网研究院有限公司 | Dynamic desensitization method and device for penetration of internal and external networks of electric power data |
CN112052478A (en) * | 2020-09-01 | 2020-12-08 | 上海观安信息技术股份有限公司 | Multi-table subset extraction desensitization method |
CN112069203A (en) * | 2020-09-22 | 2020-12-11 | 北京百家科技集团有限公司 | Data query method and device |
CN112528339A (en) * | 2020-12-25 | 2021-03-19 | 深圳昂楷科技有限公司 | Data desensitization method based on Cach é database and electronic equipment |
CN112749408A (en) * | 2020-12-29 | 2021-05-04 | 拉卡拉支付股份有限公司 | Data acquisition method, data acquisition device, electronic equipment, storage medium and program product |
CN112839077A (en) * | 2020-12-29 | 2021-05-25 | 北京安华金和科技有限公司 | Sensitive data determination method and device |
CN112906024A (en) * | 2021-03-03 | 2021-06-04 | 江苏保旺达软件技术有限公司 | Data desensitization method, device, storage medium and server |
CN112948877A (en) * | 2021-03-03 | 2021-06-11 | 北京中安星云软件技术有限公司 | Dynamic database desensitization method and system based on TCP (Transmission control protocol) proxy |
CN113157902A (en) * | 2020-12-24 | 2021-07-23 | 中国能源建设股份有限公司 | Inquiry mode for completing information desensitization examination and approval by utilizing multiple information means |
CN113886880A (en) * | 2021-10-09 | 2022-01-04 | 京东科技信息技术有限公司 | Data protection method, system, device and storage medium |
WO2022252880A1 (en) * | 2021-06-01 | 2022-12-08 | 中兴通讯股份有限公司 | Data processing method, apparatus and system, and storage medium |
CN117195275A (en) * | 2023-11-08 | 2023-12-08 | 成方金融科技有限公司 | Data access method, device, electronic equipment and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102844756A (en) * | 2010-03-15 | 2012-12-26 | 迪纳米科普斯公司 | Computer relational database method and system having role based access control |
CN103870480A (en) * | 2012-12-12 | 2014-06-18 | 财团法人资讯工业策进会 | Dynamic data masking method and database system |
CN104008349A (en) * | 2014-04-28 | 2014-08-27 | 国家电网公司 | Database security access control method and system |
CN104077284A (en) * | 2013-03-26 | 2014-10-01 | 中国移动通信集团湖北有限公司 | Data security access method and data security access system |
-
2015
- 2015-09-17 CN CN201510593673.7A patent/CN106548085A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102844756A (en) * | 2010-03-15 | 2012-12-26 | 迪纳米科普斯公司 | Computer relational database method and system having role based access control |
CN103870480A (en) * | 2012-12-12 | 2014-06-18 | 财团法人资讯工业策进会 | Dynamic data masking method and database system |
CN104077284A (en) * | 2013-03-26 | 2014-10-01 | 中国移动通信集团湖北有限公司 | Data security access method and data security access system |
CN104008349A (en) * | 2014-04-28 | 2014-08-27 | 国家电网公司 | Database security access control method and system |
Cited By (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107958158A (en) * | 2017-10-27 | 2018-04-24 | 国网辽宁省电力有限公司 | The dynamic data desensitization method and system of a kind of big data platform |
CN110019377B (en) * | 2017-12-14 | 2021-10-26 | 中国移动通信集团山西有限公司 | Dynamic desensitization method, device, equipment and medium |
CN110019377A (en) * | 2017-12-14 | 2019-07-16 | 中国移动通信集团山西有限公司 | Dynamic desensitization method, device, equipment and medium |
CN107992771A (en) * | 2017-12-20 | 2018-05-04 | 北京明朝万达科技股份有限公司 | A kind of data desensitization method and device |
CN110196861A (en) * | 2018-02-24 | 2019-09-03 | 中兴通讯股份有限公司 | A kind of data desensitization method and device |
CN110196861B (en) * | 2018-02-24 | 2023-12-29 | 中兴通讯股份有限公司 | Data desensitization method and device |
CN108509805A (en) * | 2018-03-21 | 2018-09-07 | 深圳天源迪科信息技术股份有限公司 | Data encrypting and deciphering and desensitization runtime engine and its working method |
US11695740B2 (en) | 2018-04-11 | 2023-07-04 | Huawei Cloud Computing Technologies Co., Ltd. | Anonymization method and apparatus, device, and storage medium |
CN110365468A (en) * | 2018-04-11 | 2019-10-22 | 华为技术有限公司 | Anonymization processing method, device, equipment and storage medium |
CN110365468B (en) * | 2018-04-11 | 2021-09-14 | 华为技术有限公司 | Anonymization processing method, device, equipment and storage medium |
CN110443059A (en) * | 2018-05-02 | 2019-11-12 | 中兴通讯股份有限公司 | Data guard method and device |
CN109271807A (en) * | 2018-08-20 | 2019-01-25 | 深圳萨摩耶互联网金融服务有限公司 | The data safety processing method and system of database |
CN109299616A (en) * | 2018-09-07 | 2019-02-01 | 北明软件有限公司 | A kind of data safety managing and control system and method based on connection pool |
CN110516466A (en) * | 2019-07-12 | 2019-11-29 | 苏州浪潮智能科技有限公司 | A kind of data desensitization method and device |
CN111597173A (en) * | 2020-04-02 | 2020-08-28 | 上海瀚之友信息技术服务有限公司 | Data warehouse system |
CN111767300A (en) * | 2020-05-11 | 2020-10-13 | 全球能源互联网研究院有限公司 | Dynamic desensitization method and device for penetration of internal and external networks of electric power data |
CN112052478A (en) * | 2020-09-01 | 2020-12-08 | 上海观安信息技术股份有限公司 | Multi-table subset extraction desensitization method |
CN112069203A (en) * | 2020-09-22 | 2020-12-11 | 北京百家科技集团有限公司 | Data query method and device |
CN113157902A (en) * | 2020-12-24 | 2021-07-23 | 中国能源建设股份有限公司 | Inquiry mode for completing information desensitization examination and approval by utilizing multiple information means |
CN112528339A (en) * | 2020-12-25 | 2021-03-19 | 深圳昂楷科技有限公司 | Data desensitization method based on Cach é database and electronic equipment |
CN112839077A (en) * | 2020-12-29 | 2021-05-25 | 北京安华金和科技有限公司 | Sensitive data determination method and device |
CN112749408A (en) * | 2020-12-29 | 2021-05-04 | 拉卡拉支付股份有限公司 | Data acquisition method, data acquisition device, electronic equipment, storage medium and program product |
CN112906024A (en) * | 2021-03-03 | 2021-06-04 | 江苏保旺达软件技术有限公司 | Data desensitization method, device, storage medium and server |
CN112948877A (en) * | 2021-03-03 | 2021-06-11 | 北京中安星云软件技术有限公司 | Dynamic database desensitization method and system based on TCP (Transmission control protocol) proxy |
WO2022252880A1 (en) * | 2021-06-01 | 2022-12-08 | 中兴通讯股份有限公司 | Data processing method, apparatus and system, and storage medium |
CN113886880A (en) * | 2021-10-09 | 2022-01-04 | 京东科技信息技术有限公司 | Data protection method, system, device and storage medium |
CN117195275A (en) * | 2023-11-08 | 2023-12-08 | 成方金融科技有限公司 | Data access method, device, electronic equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106548085A (en) | A kind of processing method and processing device of data | |
US9866375B2 (en) | Multi-level key management | |
CN106295388B (en) | A kind of data desensitization method and device | |
US20190268340A1 (en) | Method and apparatus generating and applying security labels to sensitive data | |
US10666647B2 (en) | Access to data stored in a cloud | |
US10409965B2 (en) | Hybrid digital rights management system and related document access authorization method | |
US8458208B2 (en) | Automated data source assurance in distributed databases | |
Kirrane et al. | A scalable consent, transparency and compliance architecture | |
KR20090068242A (en) | Ranged lookups | |
AU2009259948A1 (en) | Information rights management | |
JP5135636B2 (en) | Data security method and apparatus using characteristic maintaining encryption | |
CN106610995A (en) | Ciphertext index creating method, device and system | |
US20030172073A1 (en) | Method and system for information management and distribution | |
CN107294955B (en) | Electronic file encryption middleware control system and method | |
GB2495599A (en) | Database management system | |
CN105160272B (en) | A kind of safe encryption method and system based on autonomous controlled data library | |
CN112016104A (en) | Encryption method, device and system for financial sensitive data | |
US9853817B2 (en) | Generating enhanced digital signatures for artifacts | |
KR20200033961A (en) | How to authorize an authorization operator on the system | |
CN104537317B (en) | Control method that tenant is accessed self-defining data storehouse, device and system | |
CN110941628A (en) | Data isolation implementation method based on SQL statement interception and analysis technology | |
CN107944288A (en) | A kind of data access control method and device | |
CN109840250A (en) | Access authority management method, device, equipment and the storage medium of middle field | |
CN106471510A (en) | Compound document accesses | |
KR20180126853A (en) | System and Method for automatic generation and execution of encryption SQL statements using meta-information and enterprise framework |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170329 |