CN106548085A - A kind of processing method and processing device of data - Google Patents

A kind of processing method and processing device of data Download PDF

Info

Publication number
CN106548085A
CN106548085A CN201510593673.7A CN201510593673A CN106548085A CN 106548085 A CN106548085 A CN 106548085A CN 201510593673 A CN201510593673 A CN 201510593673A CN 106548085 A CN106548085 A CN 106548085A
Authority
CN
China
Prior art keywords
data
access request
desensitization
sensitive
source
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510593673.7A
Other languages
Chinese (zh)
Inventor
蒋宝成
豆晓瑜
张文祺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Group Gansu Co Ltd
Original Assignee
China Mobile Group Gansu Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Group Gansu Co Ltd filed Critical China Mobile Group Gansu Co Ltd
Priority to CN201510593673.7A priority Critical patent/CN106548085A/en
Publication of CN106548085A publication Critical patent/CN106548085A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The present invention provides a kind of processing method and processing device of data, and its processing method includes:Source data access request is received and parsed through, determines that this access is related to sensitive data;Modification source data access request obtains the data access request that desensitizes, and desensitization data access request is sent to data base so that the sensitive data that data base can be obtained Query Result data and be replaced in Query Result data using the first presupposed information according to desensitization data access request inquiry obtains the data that desensitize;The desensitization data that receiving data storehouse returns, output desensitization data.The embodiment of the present invention is analyzed by the data access operation to user in the case where source data is not changed, and carries out data desensitization process in data output by the way of replacing according to analysis result;Can not only flexible control data desensitization, and avoid excessive occupancy systematic function while not affecting other application to the use of data, effectively ensured the availability of business support system data.

Description

A kind of processing method and processing device of data
Technical field
The present invention relates to the data safety management technical field of business support technological system, more particularly to a kind of number According to processing method and processing device.
Background technology
Data desensitization protection refers to the deformation for carrying out data to some sensitive informations by the rule that desensitizes, and realizes quick The reliably protecting of sense private data.At present, mainly included using more data desensitization guard method " sensitive Information data replacement " and " sensitive information encipherment protection " two ways, its detailed content are as follows:
Sensitive information data are replaced and are referred to according to certain obfuscation rule (for example:Substituted with similar character Some fields, use shielding character (for example, ' X ') substitute character, substitute real surname with virtual surname Deng) sensitive information in institute's data storage is replaced, the user for possessing any authority afterwards is either led to The data crossed after the data accessed by the direct-connected mode in foreground program or backstage are desensitization.Due to the method Reversibility it is poor, it is much more general using in terms of the safeguard protection of test data.
Sensitive information encipherment protection refer to using encryption by the way of to institute's data storage in the text containing sensitive information Part or database table are encrypted, after the under normal conditions sensitive data accessed by user is all encryption Data.Need to call data after key pair encryption if needing under special circumstances to check non-encrypted data It is decrypted process.It is as the encryption and decryption operation in the method relies on larger to the performance of equipment, general to make more In terms of the less core data safeguard protection of data volume.
With the development of business support system, the safeguard protection of its service operation data is also important all the more, therefore The desensitization protection of data also becomes the most important thing of current safety work.At present, traditional " sensitive information number According to replacing " and " sensitive information encipherment protection " two kinds of data protected modes that desensitize be both needed to the data to being stored (data obfuscation or encryption) is processed itself, the equal Shortcomings in terms of motility and efficiency, it is impossible to full The current guarantee business of foot strengthens the demand for security of data safety management and control while smoothly operation.Current data take off The deficiency of quick guard method mainly has the following aspects:
Sensitive information data substitute mode is using being replaced to the sensitive information in institute's data storage in system Mode carries out data desensitization protection, and the reversibility of the method is poor, it is impossible to flexibly carry out data desensitization sum According to the handover operation between reduction, therefore the method is typically used in terms of the safeguard protection of test data more, nothing Method is used in production environment.
Sensitive information encipherment protection mode is using predefined AES to believing containing sensitive in institute's data storage The file or database table of breath is encrypted, if needing under special circumstances to check unencrypted plaintext After data then need to call key pair encryption, data are decrypted process.Although the method can realize that data take off The quick handover operation and data convert between, but the loss system performance that data encrypting and deciphering operation can be larger, Cannot accomplish that system effectiveness and data safety are taken into account.Simultaneously using the method carry out data security protecting extremely according to Rely the safety management to key, bigger security risk may be caused if Key Exposure.
The content of the invention
It is an object of the invention to provide a kind of processing method and processing device of data, solves number in prior art It is poorly reversible or the problem of system effectiveness and data safety cannot be taken into account according to desensitization guard method.
In order to achieve the above object, the embodiment of the present invention provides a kind of processing method of data, including:
Source data access request is received and parsed through, determines that this access is related to sensitive data;
Change the source data access request and obtain the data access request that desensitizes, and by the desensitization data access Request is sent to data base so that the data base can be obtained according to the desensitization data access request inquiry Query Result data are simultaneously taken off using the sensitive data in the first presupposed information replacement Query Result data Quick data;
The desensitization data that the data base returns are received, the desensitization data are exported.
Wherein, source data access request is received and parsed through, determines that this access is wrapped the step of being related to sensitive data Include:
Source data access request is received, the source data access request includes SQL SQL statement;
The SQL statement is changed into into the sentence of preset algorithm;
The sentence of the preset algorithm is analyzed with list of sensitive data set in advance and is compared, obtain institute The sensitive data in source data access request is stated, determines that this access is related to sensitive data.
Wherein, change the source data access request and obtain the data access request that desensitizes, and by the desensitization number Send to data base according to access request so that the data base can be looked into according to the desensitization data access request Inquiry obtains Query Result data and replaces the sensitive data in the Query Result data using the first presupposed information The step of obtaining desensitization data includes:
Modification obtains corresponding with the desensitization data access request with the corresponding SQL statement of source data access request SQL statement;
SQL statement corresponding with the desensitization data access request is sent to data base so that the data Storehouse obtains Query Result data and utilizes according to SQL statement inquiry corresponding with the desensitization data access request First presupposed information is replaced the sensitive data in the Query Result data and obtains the data that desensitize.
The embodiment of the present invention also provides a kind of processing method of data, including:
Source data access request is received and parsed through, determines that this access is related to sensitive data;
The source data access request is sent to data base, and the database root is received according to the source data The Query Result data that access request is returned;
Sensitive data in the Query Result data is replaced with into the second presupposed information, the data that desensitize are obtained, Export the desensitization data.
Wherein, source data access request is received and parsed through, determines that this access is wrapped the step of being related to sensitive data Include:
Source data access request is received, the source data access request includes SQL SQL statement;
The SQL statement is changed into into the sentence of preset algorithm;
The sentence of the preset algorithm is analyzed with list of sensitive data set in advance and is compared, obtain institute The sensitive data in source data access request is stated, determines that this access is related to sensitive data.
Wherein, the source data access request is sent to data base, and the database root is received according to described The step of Query Result data that source data access request is returned, includes:
SQL statement corresponding with the source data access request is sent to data base;
The database root is received according to looking into that the SQL statement corresponding with the source data access request is returned Ask result data.
The embodiment of the present invention also provides a kind of processing meanss of data, including:
First sensitive determining module, for receiving and parsing through source data access request, determines that this access is related to Sensitive data;
Desensitization module, obtains the data access request that desensitizes for changing the source data access request, and by institute State desensitization data access request to send to data base so that the data base can be visited according to the desensitization data Ask that requesting query obtains Query Result data and replaces in the Query Result data using the first presupposed information Sensitive data obtains the data that desensitize;
First desensitization output module, for receiving the desensitization data that the data base returns, exports the desensitization Data.
Wherein, the described first sensitive determining module includes:
First receiving submodule, for receiving source data access request, the source data access request includes knot Structure query language SQL statement;
First transition module, for the SQL statement to be changed into the sentence of preset algorithm;
First comparing module, for the sentence of the preset algorithm is entered with list of sensitive data set in advance Row is analysed and compared, and obtains the sensitive data in the source data access request, determines that this access is related to sensitivity Data.
Wherein, the desensitization module includes:
First replacement module, obtains de- with described for changing SQL statement corresponding with source data access request The corresponding SQL statement of quick data access request;
First sending module, for SQL statement corresponding with the desensitization data access request is sent to number According to storehouse so that the database root is obtained according to SQL statement inquiry corresponding with the desensitization data access request Query Result data are simultaneously taken off using the sensitive data in the first presupposed information replacement Query Result data Quick data.
The embodiment of the present invention also provides a kind of processing meanss of data, including:
Second sensitive determining module, for receiving and parsing through source data access request, determines that this access is related to Sensitive data;
Second sending module, for the source data access request is sent to data base, and receives the number According to the Query Result data that storehouse is returned according to the source data access request;
Second desensitization output module, it is pre- for the sensitive data in the Query Result data is replaced with second If information, the data that desensitize are obtained, export the desensitization data.
Wherein, the second sensitive determining module includes:
Second receiving submodule, for receiving source data access request, the source data access request includes knot Structure query language SQL statement;
Second transition module, for the SQL statement to be changed into the sentence of preset algorithm;
Second comparing module, for the sentence of the preset algorithm is entered with list of sensitive data set in advance Row is analysed and compared, and obtains the sensitive data in the source data access request, determines that this access is related to sensitivity Data.
Wherein, second sending module includes:
First sending submodule, for SQL statement corresponding with the source data access request is sent to number According to storehouse;
3rd receiving submodule, for receiving the database root according to described with the source data access request pair The Query Result data that the SQL statement answered is returned.
The above-mentioned technical proposal of the present invention at least has the advantages that:
In the processing method and processing device of the data of the embodiment of the present invention, only exist in the case where source data is not changed Desensitization control is carried out in data output process, is analyzed by the data access operation to user, and according to Analysis result carries out data desensitization process in data output by the way of replacing;Flexibly can not only control The desensitization of data, and excessive occupancy is avoided while not affecting other application to the use of data Systematic function, has effectively ensured the availability of business support system data.
Description of the drawings
Fig. 1 represents the basic step flow chart one of the processing method of data provided in an embodiment of the present invention;
Fig. 2 represents the resolution flow of source data access request in the processing method of data provided in an embodiment of the present invention Journey schematic diagram;
Fig. 3 represents that " SQL replacements " mode provided in an embodiment of the present invention carries out the tool of the processing method of data Body flow chart;
The flow chart that Fig. 4 is accessed in representing the processing method of data provided in an embodiment of the present invention in plain text;
Fig. 5 represents the basic step flowchart 2 of the processing method of data provided in an embodiment of the present invention;
Fig. 6 represents that " downlink data replacement " mode provided in an embodiment of the present invention carries out the processing method of data Particular flow sheet;
Fig. 7 represents the composition structural representation one of the processing meanss of data provided in an embodiment of the present invention;
Fig. 8 represents the composition structural representation two of the processing meanss of data provided in an embodiment of the present invention.
Specific embodiment
To make the technical problem to be solved in the present invention, technical scheme and advantage clearer, below in conjunction with attached Figure and specific embodiment are described in detail.
The present invention is in prior art, data desensitization guard method is poorly reversible or cannot take into account system effectiveness With the problem of data safety, there is provided a kind of processing method and processing device of data, in the situation for not changing source data Under desensitization control is carried out only in data output process, be analyzed by the data access operation to user, And data desensitization process is carried out in data output by the way of replacing according to analysis result;Can not only spirit The desensitization of control data living, and avoid while not affecting other application to the use of data excessive Occupancy systematic function, effectively ensured the availability of business support system data.
As shown in figure 1, a kind of processing method of data provided in an embodiment of the present invention, including:
Step 11, receives and parses through source data access request, obtains sensitive data;User is by unified access Door conducts interviews to data, and system does not temporarily conduct interviews after receiving user access request the issuing of instruction Operate (being issued to data base), but the very first time carries out dissection process to source data access request, the parsing Result can determine whether this access is related to sensitive data;If being related to sensitive data, obtain described quick Sense data;If being not related to sensitive data, directly to access instruction below data base, and the structure that will be fed back User is exposed directly to without any process.It should be noted that, if this access is related to sensitive data, use Family voluntarily can select to access in plain text or desensitize to access, and the process which accesses in plain text is content of the prior art, No further details to be given herein;Its desensitization accesses the main contents for the embodiment of the present invention, and following steps acquiescence is used Family selects desensitization to carry out in the case of accessing.
Step 12, changes the source data access request and obtains the data access request that desensitizes, and by the desensitization Data access request is sent to data base so that the data base can be according to the desensitization data access request Inquiry obtains Query Result data and replaces the sensitive number in the Query Result data using the first presupposed information According to obtain desensitize data;Wherein, the step is the mode that upstream request is replaced, i.e., directly access source data The desensitization data access request comprising " sensitive data is replaced with the first presupposed information " is revised as in request, So that database root obtains a Query Result data according to desensitization data access request inquiry, the data then Sensitive data in Query Result data is replaced with the first presupposed information according to the desensitization request of data by storehouse. Such as the first presupposed information is " * * * ", and source data access request is the " paying out wages of requesting query user A Time and number ", amended desensitization data access request is " the paying out wages time of requesting query user A And number, utilize " * * * " to replace wage number ", then the Query Result that data base returns is inquired about first and is obtained The paying out wages time of user A and number, obtain the data that desensitize after utilizing " * * * " to replace wage number, That is " user A paid wages in 25 days 2 months, and wage is * * * ";So process and can not change source data In the case of reach dynamic desensitization protection purpose.
Step 13, receives the desensitization data that the data base returns, and exports the desensitization data.Due to number Replaced with the first presupposed information according to sensitive data in the Query Result that storehouse returns, i.e., the data that system is received For the data that desensitize, then directly the desensitization data are exported to user, reach the purpose of desensitization protection.
In the above embodiment of the present invention, by way of upstream request is replaced, in not change data storehouse Zhong Yuan In the case of data, the sensitive data in source data access request is modified obtain desensitize data access please Ask, after so processing, the sensitive data in Query Result can be replaced by the first presupposed information, then system is obtained Data be desensitization data, and then the desensitization data are directly output to into user, reach the purpose of desensitization protection.
Specifically, source data access request is generally SQL SQL statement, then the present invention is based on The specific implementation of SQL statement is as follows:
First, step 11 is specifically included:
Step 111, receives source data access request, and the source data access request includes SQL SQL statement;The concrete manifestation form of the source data access request is SQL statement.
The SQL statement is changed into the sentence of preset algorithm by step 112;The SQL statement is carried out Dissection process, realizes the deep analysis to up SQL statement in this step, and the grammer of SQL is changed For the specific business algorithm (i.e. preset algorithm) of program, the storehouse table and field of this access are extracted;The step Not only support to parse the data manipulation of single table, also achieve to multilist, the complicated SQL statement of multi-field Parsing, has greatly agreed with the practical business demand of business support system.Its specific transformation flow process such as Fig. 2 Shown, which mainly through the parsing to SQL statement, separation, association and combines.By as shown in Figure 2 Service logic realizes the deep analysis to up SQL statement, and the grammer of SQL statement is transformed into program Specific business algorithm, such as one query statement is:
SELECT e.last_name AS name,
e.commission_pct comm,
e.salary*12"Annual Salary"
FROM scott.employees AS e
WHERE e.salary>1000
ORDER BY
e.first_name,
e.last_name;
After the deep analysis transformation as shown in Figure 2 of the embodiment of the present invention, it is changed into following information:
Select statement:
Column:e.last_name,Alias:name
Column:e.commission_pct,Alias:comm
Column:e.salary*12,Alias:"Annual Salary"
table:
scott.employees,alias:e
where clause:
e.salary>1000
order by:
e.first_name
e.last_name
Step 113, the sentence of the preset algorithm is analyzed with list of sensitive data set in advance and is compared, The sensitive data in the source data access request is obtained, determines that this access is related to sensitive data.Specifically, The analysis result of step 112 is analyzed with list of sensitive data set in advance and is compared, analyzed current Access operation whether be related to sensitive data.If sensitive data is included in current source data access request, Then determine that this access is related to sensitive data;Otherwise this access is not related to sensitive data.
In the embodiment of the present invention, SQL statement is converted to into preset algorithm by the deep analysis to SQL statement Sentence, be easy to follow-up comparison to operate, improve comparison efficiency;And can be accurate by comparison result Determine whether this access is related to sensitive data, improve the judging efficiency of sensitive data.Wherein, default settings List of sensitive data can be by user's sets itself, it is also possible to set according to the experience of system long-term accumulated, Here is not especially limited.
Further, based on SQL statement, 12 include the step of the embodiment of the present invention:
Step 121, is changed SQL statement corresponding with source data access request and obtains being visited with the desensitization data Ask request corresponding SQL statement;
Step 122, SQL statement corresponding with the desensitization data access request is sent to data base, is made Obtain the database root Query Result is obtained according to SQL statement inquiry corresponding with the desensitization data access request Data simultaneously obtain the data that desensitize using the sensitive data in the first presupposed information replacement Query Result data.
Specifically, the mode that the upstream request is replaced is also referred to as " SQL replacements ", and which passes through SQL parsings Device changes SQL statement so that database root is obtained after Query Result according to the inquiry of amended SQL statement, with First presupposed information replaces sensitive field to return desensitization data, after being desensitization so as to the data that system is received Data, have reached the purpose of dynamic desensitization.
The data desensitization guard method of " the SQL replacements " that the embodiment of the present invention be supplied to reference to Fig. 3 It is described in detail:
Step 31, user are conducted interviews to data by the unified door that accesses, and system receives user's access please The operation that issues of the rear instruction that temporarily do not conduct interviews, but the very first time is asked to parse to accessing SQL statement Process.The deep analysis to up SQL statement are realized in this step, and the grammer of SQL is transformed into journey The specific business algorithm of sequence;
Step 32, analysis result is analyzed with pre-set sensitive data Asset List and is compared, point Separate out whether current access operation is related to sensitive data.If current access operation is related to sensitive data Step 33 is carried out, this instruction for accessing is carried out down if current access operation is not related to sensitive data Send out, and the result to feeding back is exposed directly to user without any process;
Step 33, ejects the current access operation of prompting frame prompting user and is related to sensitive data, and allow user to select It is to access in plain text or desensitize to access to select this.Step 34 is entered if user selects to access in plain text, if User selects desensitization to access, then into step 35;
Step 34, user are selected to access in plain text and then trigger approval process, and the plaintext of user is accessed by system automatically Request is sent to responsible person concerned's (supporting electronic flow and note two ways), after person liable's examination & approval, is This instruction for accessing is issued by system side, and the result to feeding back is exposed directly to without any process User;The concrete operation flow which accesses in plain text is as shown in Figure 4;
Step 35, user select desensitization to access, and after the parsing of step 31 and step 21, system is Jing knows which sensitive field this database manipulation can access, and SQL resolvers can change the SQL languages of access Sentence, it is therefore an objective to make query resultses with the returned content of the sensitive field of " * * * * * " replacement, subsequently transmitted To data base;For example, original access SQL statement is:
Select t.main_acct_id,t.login_name,t.login_pwd from main_acct t
By the amended SQL statement of SQL resolvers it is:
Select t.main_acct_id,t.login_name,'******'as login_pwd from main_acct t
I.e. " t.login_pwd " field in original SQL is changed to " ' * * * * * * ' as by resolver Login_pwd ", after so processing, concentrates the value of " login_pwd " field to replace with Query Result " * * * * * * ", reaches the purpose of dynamic desensitization protection.
Step 36, by the data output after desensitization to user, and completes this access operation.
The embodiment of the present invention provides a kind of output element in the case where source data is not changed only in data and carries out Desensitization control method, by parsing to up SQL statement, and analyzes this visit for analysis result After asking the sensitive data of presence, to the sensitive data that accessed according to certain rule in the output procedure of data Operation is replaced, so as to realize that the desensitization to this sensitive data information for accessing is controlled.The motion takes into account Traditional " replacement of sensitive information data " and " sensitive information encipherment protection " two kinds of data desensitize protection sides The advantage of formula, turn avoid to excessive occupancy system while not affecting other application to the use of data Performance, has effectively ensured the availability of business support system data.
And the data desensitization control method disclosed in the embodiment of the present invention, it is to avoid traditional desensitization method application Face is narrow, flexibility ratio is poor, the deficiency such as larger to system performance loss, can be widely used in business support system The data security protecting of system various aspects.
In order to preferably realize above-mentioned purpose, as shown in figure 5, the embodiment of the present invention also provides a kind of data Processing method, including:
Step 51, receives and parses through source data access request, determines that this access is related to sensitive data;User Data are conducted interviews by the unified door that accesses, system is not temporarily visited after receiving user access request That asks instruction issues operation (being issued to data base), but the very first time is parsed to source data access request Process, the result of the parsing can determine whether this access is related to sensitive data;If being related to sensitive data, The sensitive data is obtained then;If being not related to sensitive data, directly to access instruction below data base, and The structure of feedback is exposed directly to into user without any process.It should be noted that, if this access is related to Sensitive data, user voluntarily can select to access in plain text or desensitize to access, and the process which accesses in plain text is existing skill Content in art, no further details to be given herein;Its desensitization accesses the main contents for the embodiment of the present invention, with Lower step default user selects desensitization to carry out in the case of accessing.
Step 52, the source data access request is sent to data base, and receives the database root according to institute State the Query Result data of source data access request return;Specifically, system is directly by source data access request Data base is transferred to, database root obtains Query Result data according to the source data access request inquiry data, and Query structure data are returned to into system.
Sensitive data in the Query Result data is replaced with the second presupposed information, is taken off by step 53 Quick data, export the desensitization data.Wherein, the mode that the step is replaced for downlink data, i.e. system exist Desensitization process is carried out when receiving the downlink data of Database Feedback, sensitive data that will be in Query Result data The second presupposed information is replaced with, and the substitute mode supported includes some fields being substituted, being used with similar character Shielding character (for example, ' * ') substitutes character, User Defined etc..So as to again by data output to during user only Desensitization data after output desensitization, reach the purpose of desensitization protection.
In the above embodiment of the present invention, by the substitute mode of downlink data, in not change data storehouse Zhong Yuan Sensitive number in the case of data, in the query structure data that database root is fed back according to source data access request According to the second presupposed information is replaced with, then system is reached de- by the desensitization data output obtained after replacement to user The purpose of quick protection.The embodiment of the present invention propose it is a kind of in the case where source data is not changed only in the defeated of data Going out link carries out desensitization control method, has taken into account traditional " replacement of sensitive information data " and " sensitive information The advantage of two kinds of data desensitization protected modes of encipherment protection ", has not only accomplished the flexible control to data desensitization, Turn avoid while not affecting other application to the use of data to excessive occupancy systematic function, effectively The availability for having ensured business support system data.
Specifically, source data access request is generally SQL SQL statement, then the present invention is based on The specific implementation of SQL statement is as follows:
First, step 51 is specifically included:
Step 511, receives source data access request, and the source data access request includes SQL SQL statement;The concrete manifestation form of the source data access request is SQL statement.
The SQL statement is changed into the sentence of preset algorithm by step 512;The SQL statement is carried out Dissection process, realizes the deep analysis to up SQL statement in this step, and the grammer of SQL is changed For the specific business algorithm (i.e. preset algorithm) of program, the storehouse table and field of this access are extracted;The step Not only support to parse the data manipulation of single table, also achieve to multilist, the complicated SQL statement of multi-field Parsing, has greatly agreed with the practical business demand of business support system.Its specific transformation flow process such as Fig. 2 Shown, which mainly through the parsing to SQL statement, separation, association and combines.By as shown in Figure 2 Service logic realizes the deep analysis to up SQL statement, and the grammer of SQL statement is transformed into program Specific business algorithm, such as one query statement is:
SELECT e.last_name AS name,
e.commission_pct comm,
e.salary*12"Annual Salary"
FROM scott.employees AS e
WHERE e.salary>1000
ORDER BY
e.first_name,
e.last_name;
After the deep analysis transformation as shown in Figure 2 of the embodiment of the present invention, it is changed into following information:
Select statement:
Column:e.last_name,Alias:name
Column:e.commission_pct,Alias:comm
Column:e.salary*12,Alias:"Annual Salary"
table:
scott.employees,alias:e
where clause:
e.salary>1000
order by:
e.first_name
e.last_name
Step 513, the sentence of the preset algorithm is analyzed with list of sensitive data set in advance and is compared, The sensitive data in the source data access request is obtained, determines that this access is related to sensitive data.Specifically, The analysis result of step 512 is analyzed with list of sensitive data set in advance and is compared, analyzed current Access operation whether be related to sensitive data.If sensitive data is included in current source data access request, Then determine that this access is related to sensitive data;Otherwise this access is not related to sensitive data.
In the embodiment of the present invention, SQL statement is converted to into preset algorithm by the deep analysis to SQL statement Sentence, be easy to follow-up comparison to operate, improve comparison efficiency;And can be accurate by comparison result Determine whether this access is related to sensitive data, improve the judging efficiency of sensitive data.Wherein, default settings List of sensitive data can be by user's sets itself, it is also possible to set according to the experience of system long-term accumulated, Here is not especially limited.
Further, based on SQL statement, 52 include the step of the embodiment of the present invention:
Step 521, SQL statement corresponding with the source data access request is sent to data base;
Step 522, receives the database root according to the SQL languages corresponding with the source data access request The Query Result data that sentence is returned.
With reference to data desensitization protection sides of the Fig. 6 to " downlink data replacement " provided in an embodiment of the present invention Method is described in detail:
Step 61, user are conducted interviews to data by the unified door that accesses, and system receives user's access please The operation that issues of the rear instruction that temporarily do not conduct interviews, but the very first time is asked to parse to accessing SQL statement Process.The deep analysis to up SQL statement are realized in this step, and the grammer of SQL is transformed into journey The specific business algorithm of sequence;
Step 62, analysis result is analyzed with pre-set sensitive data Asset List and is compared, point Separate out whether current access operation is related to sensitive data.If current access operation is related to sensitive data Step 63 is carried out, this instruction for accessing is carried out down if current access operation is not related to sensitive data Send out, and the result to feeding back is exposed directly to user without any process;
Step 63, ejects the current access operation of prompting frame prompting user and is related to sensitive data, and allow user to select It is to access in plain text or desensitize to access to select this.Step 34 is entered if user selects to access in plain text, if User selects desensitization to access, then into step 65;
Step 64, user are selected to access in plain text and then trigger approval process, and the plaintext of user is accessed by system automatically Request is sent to responsible person concerned's (supporting electronic flow and note two ways), after person liable's examination & approval, is This instruction for accessing is issued by system side, and the result to feeding back is exposed directly to without any process User;The concrete operation flow which accesses in plain text is as shown in Figure 4;
Step 65, user select desensitization to access, and SQL is directly transferred to data base by resolver, and system is being received Desensitization process is carried out during to the downlink data for feeding back:According to the analysis result of step 62, in downlink data Sensitive content is identified and replacement is processed, and the substitute mode supported includes being substituted with similar character Field, use shielding character (for example, ' * ') substitute character, User Defined etc..
Step 66, by the data output after desensitization to user, and completes this access operation.
To sum up, traditional data desensitization protected mode is both needed to process the source data of accumulation layer, it is impossible to full Foot strengthens the demand for security of data safety management and control while currently ensureing service operation efficiency.The embodiment of the present invention Disclosing a kind of output element in the case where source data is not changed only in data carries out desensitization control method, Its advantage is as follows:
1) by up SQL statement is intercepted and parsed, this is analyzed for analysis result and access what is existed After sensitive data, the desensitization to this sensitive data information for accessing is realized after a series of automatic business processings Control, this motion propose two kinds of desensitization protection methods:" SQL replacements " and " downlink data replacement ", it is described Two methods only carry out desensitization control during data transfer, are not directed to any process behaviour to source data Make, so that it is guaranteed that business support system in creation data safety and availability;
2) embodiment of the present invention flexibly realizes the control switching for accessing that accesses in plain text and desensitize, and supports It is to access in plain text or desensitize to access that user voluntarily selects this operation, is then triggered when user selects to access in plain text The plaintext access request of user is sent to responsible person concerned and (supports electronic flow by approval process, system automatically With note two ways), after person liable's examination & approval, this instruction for accessing is issued by system side, and right The result of feedback is exposed directly to user without any process.
3) embodiment of the present invention contains the definition strategy to sensitive data simultaneously, and user can be according to access originator The continuous evolution of application system and definition of the synchronization control to sensitive data, it is ensured that desensitization will not be left and appoint What sensitive data.
4) method provided in an embodiment of the present invention, need not access the accessories rebuilding of side application system, it is only necessary to repair Change data base's connection.
In order to preferably realize above-mentioned purpose, as shown in fig. 7, the embodiment of the present invention also provides a kind of data Processing meanss, including:
First sensitive determining module 71, for receiving and parsing through source data access request, determines that this access is related to And sensitive data;
Desensitization module 72, obtains the data access request that desensitizes for changing the source data access request, and will The desensitization data access request is sent to data base so that the data base can be according to the desensitization data Access request inquiry is obtained Query Result data and is replaced in the Query Result data using the first presupposed information Sensitive data obtain desensitize data;
First desensitization output module 73, for receiving the desensitization data that the data base returns, exports described de- Quick data.
Specifically, in the above embodiment of the present invention, the described first sensitive determining module 71 includes:
First receiving submodule, for receiving source data access request, the source data access request includes knot Structure query language SQL statement;
First transition module, for the SQL statement to be changed into the sentence of preset algorithm;
First comparing module, for the sentence of the preset algorithm is entered with list of sensitive data set in advance Row is analysed and compared, and obtains the sensitive data in the source data access request, determines that this access is related to sensitivity Data.
Specifically, in the above embodiment of the present invention, the desensitization module 72 includes:
First replacement module, obtains de- with described for changing SQL statement corresponding with source data access request The corresponding SQL statement of quick data access request;
First sending module, for SQL statement corresponding with the desensitization data access request is sent to number According to storehouse so that the database root is obtained according to SQL statement inquiry corresponding with the desensitization data access request Query Result data are simultaneously taken off using the sensitive data in the first presupposed information replacement Query Result data Quick data.
It should be noted that the place of the above-mentioned data of the application of the processing meanss of data provided in an embodiment of the present invention The device of reason method, then all embodiments of the processing method of above-mentioned data be applied to the data processing equipment, And can reach same or analogous beneficial effect.
In order to preferably realize above-mentioned purpose, as shown in figure 8, the embodiment of the present invention also provides a kind of data Processing meanss, including:
Second sensitive determining module 81, for receiving and parsing through source data access request, determines that this access is related to And sensitive data;
Second sending module 82, for the source data access request is sent to data base, and receives described The Query Result data that database root is returned according to the source data access request;
Second desensitization output module 83, for the sensitive data in the Query Result data is replaced with second Presupposed information, obtains the data that desensitize, and exports the desensitization data.
Specifically, in the above embodiment of the present invention, the second sensitive determining module 81 includes:
Second receiving submodule, for receiving source data access request, the source data access request includes knot Structure query language SQL statement;
Second transition module, for the SQL statement to be changed into the sentence of preset algorithm;
Second comparing module, for the sentence of the preset algorithm is entered with list of sensitive data set in advance Row is analysed and compared, and obtains the sensitive data in the source data access request, determines that this access is related to sensitivity Data.
Specifically, described in the above embodiment of the present invention, the second sending module 82 includes:
First sending submodule, for SQL statement corresponding with the source data access request is sent to number According to storehouse;
3rd receiving submodule, for receiving the database root according to described with the source data access request pair The Query Result data that the SQL statement answered is returned.
It should be noted that the place of the above-mentioned data of the application of the processing meanss of data provided in an embodiment of the present invention The device of reason method, then all embodiments of the processing method of above-mentioned data be applied to the data processing equipment, And can reach same or analogous beneficial effect.
The above is the preferred embodiment of the present invention, it is noted that for the common skill of the art For art personnel, on the premise of without departing from principle of the present invention, some improvements and modifications can also be made, These improvements and modifications also should be regarded as protection scope of the present invention.

Claims (12)

1. a kind of processing method of data, it is characterised in that include:
Source data access request is received and parsed through, determines that this access is related to sensitive data;
Change the source data access request and obtain the data access request that desensitizes, and by the desensitization data access Request is sent to data base so that the data base can be obtained according to the desensitization data access request inquiry Query Result data are simultaneously taken off using the sensitive data in the first presupposed information replacement Query Result data Quick data;
The desensitization data that the data base returns are received, the desensitization data are exported.
2. the processing method of data according to claim 1, it is characterised in that receive and parse through source number According to access request, determine that this access includes the step of being related to sensitive data:
Source data access request is received, the source data access request includes SQL SQL statement;
The SQL statement is changed into into the sentence of preset algorithm;
The sentence of the preset algorithm is analyzed with list of sensitive data set in advance and is compared, obtain institute The sensitive data in source data access request is stated, determines that this access is related to sensitive data.
3. the processing method of data according to claim 2, it is characterised in that the modification source data Access request obtains the data access request that desensitizes, and the desensitization data access request is sent to data base, The data base is enabled to obtain Query Result data and utilize according to the desensitization data access request inquiry First presupposed information is replaced the step of the sensitive data in the Query Result data obtains desensitization data to be included:
Modification obtains corresponding with the desensitization data access request with the corresponding SQL statement of source data access request SQL statement;
SQL statement corresponding with the desensitization data access request is sent to data base so that the data Storehouse obtains Query Result data and utilizes according to SQL statement inquiry corresponding with the desensitization data access request First presupposed information is replaced the sensitive data in the Query Result data and obtains the data that desensitize.
4. a kind of processing method of data, it is characterised in that include:
Source data access request is received and parsed through, determines that this access is related to sensitive data;
The source data access request is sent to data base, and the database root is received according to the source data The Query Result data that access request is returned;
Sensitive data in the Query Result data is replaced with into the second presupposed information, the data that desensitize are obtained, Export the desensitization data.
5. the desensitization method of data according to claim 4, it is characterised in that receive and parse through source number According to access request, determine that this access includes the step of being related to sensitive data:
Source data access request is received, the source data access request includes SQL SQL statement;
The SQL statement is changed into into the sentence of preset algorithm;
The sentence of the preset algorithm is analyzed with list of sensitive data set in advance and is compared, obtain institute The sensitive data in source data access request is stated, determines that this access is related to sensitive data.
6. the processing method of data according to claim 5, it is characterised in that the source data is visited Ask that request is sent to data base, and receive the inquiry that the database root is returned according to the source data access request The step of result data, includes:
SQL statement corresponding with the source data access request is sent to data base;
The database root is received according to looking into that the SQL statement corresponding with the source data access request is returned Ask result data.
7. a kind of processing meanss of data, it is characterised in that include:
First sensitive determining module, for receiving and parsing through source data access request, determines that this access is related to Sensitive data;
Desensitization module, obtains the data access request that desensitizes for changing the source data access request, and by institute State desensitization data access request to send to data base so that the data base can be visited according to the desensitization data Ask that requesting query obtains Query Result data and replaces in the Query Result data using the first presupposed information Sensitive data obtains the data that desensitize;
First desensitization output module, for receiving the desensitization data that the data base returns, exports the desensitization Data.
8. processing meanss of data according to claim 7, it is characterised in that described first it is sensitive really Cover half block includes:
First receiving submodule, for receiving source data access request, the source data access request includes knot Structure query language SQL statement;
First transition module, for the SQL statement to be changed into the sentence of preset algorithm;
First comparing module, for the sentence of the preset algorithm is entered with list of sensitive data set in advance Row is analysed and compared, and obtains the sensitive data in the source data access request, determines that this access is related to sensitivity Data.
9. processing meanss of data according to claim 8, it is characterised in that the desensitization module bag Include:
First replacement module, obtains de- with described for changing SQL statement corresponding with source data access request The corresponding SQL statement of quick data access request;
First sending module, for SQL statement corresponding with the desensitization data access request is sent to number According to storehouse so that the database root is obtained according to SQL statement inquiry corresponding with the desensitization data access request Query Result data are simultaneously taken off using the sensitive data in the first presupposed information replacement Query Result data Quick data.
10. a kind of processing meanss of data, it is characterised in that include:
Second sensitive determining module, for receiving and parsing through source data access request, determines that this access is related to Sensitive data;
Second sending module, for the source data access request is sent to data base, and receives the number According to the Query Result data that storehouse is returned according to the source data access request;
Second desensitization output module, it is pre- for the sensitive data in the Query Result data is replaced with second If information, the data that desensitize are obtained, export the desensitization data.
The processing meanss of 11. data according to claim 10, it is characterised in that the second sensitive determination Module includes:
Second receiving submodule, for receiving source data access request, the source data access request includes knot Structure query language SQL statement;
Second transition module, for the SQL statement to be changed into the sentence of preset algorithm;
Second comparing module, for the sentence of the preset algorithm is entered with list of sensitive data set in advance Row is analysed and compared, and obtains the sensitive data in the source data access request, determines that this access is related to sensitivity Data.
The processing method of 12. data according to claim 11, it is characterised in that described second sends Module includes:
First sending submodule, for SQL statement corresponding with the source data access request is sent to number According to storehouse;
3rd receiving submodule, for receiving the database root according to described with the source data access request pair The Query Result data that the SQL statement answered is returned.
CN201510593673.7A 2015-09-17 2015-09-17 A kind of processing method and processing device of data Pending CN106548085A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510593673.7A CN106548085A (en) 2015-09-17 2015-09-17 A kind of processing method and processing device of data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510593673.7A CN106548085A (en) 2015-09-17 2015-09-17 A kind of processing method and processing device of data

Publications (1)

Publication Number Publication Date
CN106548085A true CN106548085A (en) 2017-03-29

Family

ID=58362833

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510593673.7A Pending CN106548085A (en) 2015-09-17 2015-09-17 A kind of processing method and processing device of data

Country Status (1)

Country Link
CN (1) CN106548085A (en)

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107958158A (en) * 2017-10-27 2018-04-24 国网辽宁省电力有限公司 The dynamic data desensitization method and system of a kind of big data platform
CN107992771A (en) * 2017-12-20 2018-05-04 北京明朝万达科技股份有限公司 A kind of data desensitization method and device
CN108509805A (en) * 2018-03-21 2018-09-07 深圳天源迪科信息技术股份有限公司 Data encrypting and deciphering and desensitization runtime engine and its working method
CN109271807A (en) * 2018-08-20 2019-01-25 深圳萨摩耶互联网金融服务有限公司 The data safety processing method and system of database
CN109299616A (en) * 2018-09-07 2019-02-01 北明软件有限公司 A kind of data safety managing and control system and method based on connection pool
CN110019377A (en) * 2017-12-14 2019-07-16 中国移动通信集团山西有限公司 Dynamic desensitization method, device, equipment and medium
CN110196861A (en) * 2018-02-24 2019-09-03 中兴通讯股份有限公司 A kind of data desensitization method and device
CN110365468A (en) * 2018-04-11 2019-10-22 华为技术有限公司 Anonymization processing method, device, equipment and storage medium
CN110443059A (en) * 2018-05-02 2019-11-12 中兴通讯股份有限公司 Data guard method and device
CN110516466A (en) * 2019-07-12 2019-11-29 苏州浪潮智能科技有限公司 A kind of data desensitization method and device
CN111597173A (en) * 2020-04-02 2020-08-28 上海瀚之友信息技术服务有限公司 Data warehouse system
CN111767300A (en) * 2020-05-11 2020-10-13 全球能源互联网研究院有限公司 Dynamic desensitization method and device for penetration of internal and external networks of electric power data
CN112052478A (en) * 2020-09-01 2020-12-08 上海观安信息技术股份有限公司 Multi-table subset extraction desensitization method
CN112069203A (en) * 2020-09-22 2020-12-11 北京百家科技集团有限公司 Data query method and device
CN112528339A (en) * 2020-12-25 2021-03-19 深圳昂楷科技有限公司 Data desensitization method based on Cach é database and electronic equipment
CN112749408A (en) * 2020-12-29 2021-05-04 拉卡拉支付股份有限公司 Data acquisition method, data acquisition device, electronic equipment, storage medium and program product
CN112839077A (en) * 2020-12-29 2021-05-25 北京安华金和科技有限公司 Sensitive data determination method and device
CN112906024A (en) * 2021-03-03 2021-06-04 江苏保旺达软件技术有限公司 Data desensitization method, device, storage medium and server
CN112948877A (en) * 2021-03-03 2021-06-11 北京中安星云软件技术有限公司 Dynamic database desensitization method and system based on TCP (Transmission control protocol) proxy
CN113157902A (en) * 2020-12-24 2021-07-23 中国能源建设股份有限公司 Inquiry mode for completing information desensitization examination and approval by utilizing multiple information means
CN113886880A (en) * 2021-10-09 2022-01-04 京东科技信息技术有限公司 Data protection method, system, device and storage medium
WO2022252880A1 (en) * 2021-06-01 2022-12-08 中兴通讯股份有限公司 Data processing method, apparatus and system, and storage medium
CN117195275A (en) * 2023-11-08 2023-12-08 成方金融科技有限公司 Data access method, device, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102844756A (en) * 2010-03-15 2012-12-26 迪纳米科普斯公司 Computer relational database method and system having role based access control
CN103870480A (en) * 2012-12-12 2014-06-18 财团法人资讯工业策进会 Dynamic data masking method and database system
CN104008349A (en) * 2014-04-28 2014-08-27 国家电网公司 Database security access control method and system
CN104077284A (en) * 2013-03-26 2014-10-01 中国移动通信集团湖北有限公司 Data security access method and data security access system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102844756A (en) * 2010-03-15 2012-12-26 迪纳米科普斯公司 Computer relational database method and system having role based access control
CN103870480A (en) * 2012-12-12 2014-06-18 财团法人资讯工业策进会 Dynamic data masking method and database system
CN104077284A (en) * 2013-03-26 2014-10-01 中国移动通信集团湖北有限公司 Data security access method and data security access system
CN104008349A (en) * 2014-04-28 2014-08-27 国家电网公司 Database security access control method and system

Cited By (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107958158A (en) * 2017-10-27 2018-04-24 国网辽宁省电力有限公司 The dynamic data desensitization method and system of a kind of big data platform
CN110019377B (en) * 2017-12-14 2021-10-26 中国移动通信集团山西有限公司 Dynamic desensitization method, device, equipment and medium
CN110019377A (en) * 2017-12-14 2019-07-16 中国移动通信集团山西有限公司 Dynamic desensitization method, device, equipment and medium
CN107992771A (en) * 2017-12-20 2018-05-04 北京明朝万达科技股份有限公司 A kind of data desensitization method and device
CN110196861A (en) * 2018-02-24 2019-09-03 中兴通讯股份有限公司 A kind of data desensitization method and device
CN110196861B (en) * 2018-02-24 2023-12-29 中兴通讯股份有限公司 Data desensitization method and device
CN108509805A (en) * 2018-03-21 2018-09-07 深圳天源迪科信息技术股份有限公司 Data encrypting and deciphering and desensitization runtime engine and its working method
US11695740B2 (en) 2018-04-11 2023-07-04 Huawei Cloud Computing Technologies Co., Ltd. Anonymization method and apparatus, device, and storage medium
CN110365468A (en) * 2018-04-11 2019-10-22 华为技术有限公司 Anonymization processing method, device, equipment and storage medium
CN110365468B (en) * 2018-04-11 2021-09-14 华为技术有限公司 Anonymization processing method, device, equipment and storage medium
CN110443059A (en) * 2018-05-02 2019-11-12 中兴通讯股份有限公司 Data guard method and device
CN109271807A (en) * 2018-08-20 2019-01-25 深圳萨摩耶互联网金融服务有限公司 The data safety processing method and system of database
CN109299616A (en) * 2018-09-07 2019-02-01 北明软件有限公司 A kind of data safety managing and control system and method based on connection pool
CN110516466A (en) * 2019-07-12 2019-11-29 苏州浪潮智能科技有限公司 A kind of data desensitization method and device
CN111597173A (en) * 2020-04-02 2020-08-28 上海瀚之友信息技术服务有限公司 Data warehouse system
CN111767300A (en) * 2020-05-11 2020-10-13 全球能源互联网研究院有限公司 Dynamic desensitization method and device for penetration of internal and external networks of electric power data
CN112052478A (en) * 2020-09-01 2020-12-08 上海观安信息技术股份有限公司 Multi-table subset extraction desensitization method
CN112069203A (en) * 2020-09-22 2020-12-11 北京百家科技集团有限公司 Data query method and device
CN113157902A (en) * 2020-12-24 2021-07-23 中国能源建设股份有限公司 Inquiry mode for completing information desensitization examination and approval by utilizing multiple information means
CN112528339A (en) * 2020-12-25 2021-03-19 深圳昂楷科技有限公司 Data desensitization method based on Cach é database and electronic equipment
CN112839077A (en) * 2020-12-29 2021-05-25 北京安华金和科技有限公司 Sensitive data determination method and device
CN112749408A (en) * 2020-12-29 2021-05-04 拉卡拉支付股份有限公司 Data acquisition method, data acquisition device, electronic equipment, storage medium and program product
CN112906024A (en) * 2021-03-03 2021-06-04 江苏保旺达软件技术有限公司 Data desensitization method, device, storage medium and server
CN112948877A (en) * 2021-03-03 2021-06-11 北京中安星云软件技术有限公司 Dynamic database desensitization method and system based on TCP (Transmission control protocol) proxy
WO2022252880A1 (en) * 2021-06-01 2022-12-08 中兴通讯股份有限公司 Data processing method, apparatus and system, and storage medium
CN113886880A (en) * 2021-10-09 2022-01-04 京东科技信息技术有限公司 Data protection method, system, device and storage medium
CN117195275A (en) * 2023-11-08 2023-12-08 成方金融科技有限公司 Data access method, device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN106548085A (en) A kind of processing method and processing device of data
US9866375B2 (en) Multi-level key management
CN106295388B (en) A kind of data desensitization method and device
US20190268340A1 (en) Method and apparatus generating and applying security labels to sensitive data
US10666647B2 (en) Access to data stored in a cloud
US10409965B2 (en) Hybrid digital rights management system and related document access authorization method
US8458208B2 (en) Automated data source assurance in distributed databases
Kirrane et al. A scalable consent, transparency and compliance architecture
KR20090068242A (en) Ranged lookups
AU2009259948A1 (en) Information rights management
JP5135636B2 (en) Data security method and apparatus using characteristic maintaining encryption
CN106610995A (en) Ciphertext index creating method, device and system
US20030172073A1 (en) Method and system for information management and distribution
CN107294955B (en) Electronic file encryption middleware control system and method
GB2495599A (en) Database management system
CN105160272B (en) A kind of safe encryption method and system based on autonomous controlled data library
CN112016104A (en) Encryption method, device and system for financial sensitive data
US9853817B2 (en) Generating enhanced digital signatures for artifacts
KR20200033961A (en) How to authorize an authorization operator on the system
CN104537317B (en) Control method that tenant is accessed self-defining data storehouse, device and system
CN110941628A (en) Data isolation implementation method based on SQL statement interception and analysis technology
CN107944288A (en) A kind of data access control method and device
CN109840250A (en) Access authority management method, device, equipment and the storage medium of middle field
CN106471510A (en) Compound document accesses
KR20180126853A (en) System and Method for automatic generation and execution of encryption SQL statements using meta-information and enterprise framework

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170329