CN107766741A - Data desensitization system and method - Google Patents
Data desensitization system and method Download PDFInfo
- Publication number
- CN107766741A CN107766741A CN201710995533.1A CN201710995533A CN107766741A CN 107766741 A CN107766741 A CN 107766741A CN 201710995533 A CN201710995533 A CN 201710995533A CN 107766741 A CN107766741 A CN 107766741A
- Authority
- CN
- China
- Prior art keywords
- desensitization
- data
- server
- information
- execute server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000586 desensitisation Methods 0.000 title claims abstract description 398
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000012545 processing Methods 0.000 claims description 19
- 238000004891 communication Methods 0.000 claims description 9
- 238000013459 approach Methods 0.000 claims description 8
- 230000007246 mechanism Effects 0.000 claims description 8
- 230000011514 reflex Effects 0.000 claims description 7
- 239000000284 extract Substances 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 5
- 230000035945 sensitivity Effects 0.000 claims description 3
- 230000008569 process Effects 0.000 description 12
- 238000003860 storage Methods 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 7
- 238000012360 testing method Methods 0.000 description 5
- 238000013500 data storage Methods 0.000 description 4
- 238000007726 management method Methods 0.000 description 4
- 238000011161 development Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000000717 retained effect Effects 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000009415 formwork Methods 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000004083 survival effect Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a kind of data desensitization system and method, system therein includes:Data source server, destination server and desensitization execute server, the execute server that desensitizes receives the data desensitization instruction that client device is sent, initial data is read from data source server according to data desensitization instruction to be put into internal memory, desensitization operation generation desensitization data are performed in internal memory, and desensitization data are sent to destination server and stored.The data desensitization system and method for the present invention, can carry out " not landing data desensitization ", can ensure that client's creation data is used safely in nonproductive environment, prevent sensitive information leakage, data safety is ensured, the efficiency of lifting desensitization operation, meets requirement of the enterprise for information security.
Description
Technical field
The present invention relates to field of information security technology, more particularly to a kind of data desensitization system and method.
Background technology
With market growth and business development, the customer data stored in enterprise database is more and more, once let out
Dew, it will huge trust crisis and economic loss are brought to enterprise, the desensitization process for sensitive data is that prevention data is let out
Positive, the effective means of leakage.Data desensitization refers to the deformation that some sensitive informations are carried out with data by the rule that desensitizes, and realizes quick
Feel the reliably protecting of private data.By data desensitization technology, sensitive information is shielded, and the information of shielding is retained its original number
According to form and attribute, with ensure system or application program can in using the exploitation for the data that desensitize and test process normal operation.
The every profession and trade user such as government, finance, telecommunications, bank, public institution, individual enterprise recognizes data and provided as the core of enterprise
The sensitive informations such as production, business data, human resource data, financial data, will directly affect the survival and development of enterprise, to core
Data assets are paid much attention to, and query is produced to the implementation that data in desensitization are landed, and worry that landing data have leakage
Risk.
In the prior art, common desensitization system carries out the flow of desensitization process as shown in figure 1, according to test, exploitation
Demand extracts core data into the extracted file of compressed format, and the sensitive field (customer information relevant field) in extraction is entered
Row desensitization, using the object definition DDL retained in the extracted file that desensitizes, primary data ring is changed or created in development environment
Border, the data after desensitization are inserted into target environment, including exploitation, test environment.But existing desensitization system in data access and
Without secrecy provision is used in transmitting procedure, data all there is a possibility that to divulge a secret in the process, and de- based on file
Quick method, temporary file must be generated in desensitization, there is also the possibility divulged a secret in the process for data.
The content of the invention
In view of this, the embodiment of the present invention provides a kind of data desensitization system and method, can carry out " not landing data to take off
It is quick " processing.
One side according to embodiments of the present invention, there is provided a kind of data desensitization system, including:Data source server, use
In storage initial data;Destination server, for storing the data that desensitize;Desensitize execute server, for receiving client device
The data desensitization instruction of transmission, read according to data desensitization instruction from the data source server in initial data is put into
In depositing, desensitization operation generation desensitization data are performed in internal memory, and the desensitization data are sent to the destination server and deposited
Storage;Wherein, the desensitization operation includes:Rule is desensitized to the sensitive information progress in the initial data based on default data
Position and generate replacement information corresponding with sensitive information, the sensitive information in the initial data is replaced with into corresponding replacement
Information generates the desensitization data.
According to another aspect of the present invention, there is provided a kind of data desensitization method, including:The execute server that desensitizes receives client
The data desensitization instruction that end equipment is sent, initial data is read from data source server according to data desensitization instruction and is put into
In internal memory;The desensitization execute server is in internal memory based on default data desensitization rule to the sensitivity in the initial data
Information is positioned and generates replacement information corresponding with sensitive information, and the sensitive information in the initial data is replaced with pair
The replacement information answered generates the desensitization data;The desensitization data are sent to the target and taken by the desensitization execute server
Business device storage.
The data desensitization system and method for the present invention, desensitization execute server read original number from data source server
According to, by the sensitive information in initial data replace with corresponding to replacement information generation desensitization Data Concurrent deliver to destination server and deposit
Storage, initial data and storage target data are obtained using the mode such as JDBC, ODBC and pipeline stream, need not be given birth in desensitization
Into any temporary file, and the execute server that desensitizes uses encrypted transmission mode with client communication, can carry out " not landing
Data desensitize ", it can ensure that client's creation data is used safely in nonproductive environment, prevent sensitive information leakage, ensure number
According to safety, the efficiency of lifting desensitization operation.
The additional aspect of the embodiment of the present invention and advantage will be set forth in part in the description, and these will be retouched from following
Become obvious in stating, or recognized by the practice of the present invention.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only
Some embodiments of the present invention, for those of ordinary skill in the art, without having to pay creative labor, also
Other accompanying drawings can be obtained according to these accompanying drawings:
Fig. 1 is the schematic flow sheet that desensitization system carries out desensitization process in the prior art;
Fig. 2 is the schematic diagram according to one embodiment of the data desensitization system of the present invention;
Fig. 3 is the module diagram of the client device in one embodiment according to the data desensitization system of the present invention;
Fig. 4 is that the module of the desensitization execute server in one embodiment according to the data desensitization system of the present invention is illustrated
Figure;
Fig. 5 is the schematic flow sheet that desensitization process is carried out according to one embodiment of the data desensitization system of the present invention;
Fig. 6 is the schematic flow sheet according to one embodiment of the data desensitization method of the present invention.
Embodiment
The various exemplary embodiments of the present invention are described in detail now with reference to accompanying drawing.It should be noted that:Unless have in addition
Body illustrates that the unlimited system of part and the positioned opposite of step, numerical expression and the numerical value otherwise illustrated in these embodiments is originally
The scope of invention.
Simultaneously, it should be appreciated that for the ease of description, the size of the various pieces shown in accompanying drawing is not according to reality
Proportionate relationship draw.
The description only actually at least one exemplary embodiment is illustrative to be never used as to the present invention below
And its application or any restrictions that use.
It may be not discussed in detail for technology, method and apparatus known to person of ordinary skill in the relevant, but suitable
In the case of, the technology, method and apparatus should be considered as part for specification.
It should be noted that:Similar label and letter represents similar terms in following accompanying drawing, therefore, once a certain Xiang Yi
It is defined, then it need not be further discussed in subsequent accompanying drawing in individual accompanying drawing.
The embodiment of the present invention can apply to computer system/server, and it can be with numerous other universal or special calculating
System environments or configuration operate together.Suitable for be used together with computer system/server well-known computing system, ring
The example of border and/or configuration includes but is not limited to:Personal computer system, server computer system, thin client, thick client
Machine, hand-held or laptop devices, the system based on microprocessor, set top box, programmable consumer electronics, NetPC Network PC,
Little types Ji calculates machine Xi Tong ﹑ large computer systems and the distributed cloud computing technology environment including any of the above described system, etc..
Computer system/server can be in computer system executable instruction (such as journey performed by computer system
Sequence module) general linguistic context under describe.Generally, program module can include routine, program, target program, component, logic, number
According to structure etc., they perform specific task or realize specific abstract data type.Computer system/server can be with
Implement in distributed cloud computing environment, in distributed cloud computing environment, task is by by the long-range of communication network links
Manage what equipment performed.In distributed cloud computing environment, program module can be located at the Local or Remote meter for including storage device
In calculation system storage medium.
The present invention provides a kind of data desensitization system, as shown in Fig. 2 data desensitization system includes:Desensitize execute server
1st, data source server 2, destination server 3 and client device 4.Client device 4 can be PC, mobile terminal etc..Data
Source server 2 stores initial data, the storage desensitization data of destination server 3.
The data desensitization instruction that the execute server 1 that desensitizes reception client device 4 is sent, is instructed from number according to data desensitization
It is put into according to initial data is read in source server 2 in internal memory, desensitization operation generation desensitization data is performed in internal memory, and will desensitization
Data send to destination server 2 and stored.
Desensitization execute server 1 perform desensitization operation have it is a variety of, such as:Based on default data desensitization rule to original
Sensitive information in data positioned and generates replacement information corresponding with sensitive information, by the sensitive information in initial data
Replacement information generation desensitization data etc. corresponding to replacing with.
Desensitization execute server 1 performs desensitization operation in internal memory, and any temporary file is not generated in desensitization,
Desensitization data are sent directly to store in destination server 3, realizes that the data in desensitization are not landed, improves to data
Safeguard protection.
" do not land data desensitization " in the present invention refers to being related to individual privacy or other need to protect in production environment
The sensitive traffic data of shield need not generate any face when needing to enter nonproductive environment or test environment in desensitization
When file, the target data after desensitization is directly entered nonproductive environment or test environment.
Sensitive data generally comprises client's individual privacy data and some crucial sensitive traffic data, for example, name:
Customer name, customer name etc.;Address:Home address, CompanyAddress etc.;Mailbox:Corporate mailbox, conventional mailbox etc.;Phone:Hand
Machine, landline telephone etc.;Certificate:Identity card, passport, officer's identity card etc.;Account number:Bank card, customer ID, the tax registration number, tissue machine
Structure code, business license number etc.;Postcode:Company's postcode, home zip code etc.;Date:Birthday etc..
As shown in figure 3, client device 4 includes:Connection establishment module 41, the first encryption/decryption module 41 and instruction send mould
Block 42.As shown in figure 4, desensitization execute server 1 includes:Certificate management module 11, the second encryption/decryption module 12, desensitization rule are built
Formwork erection block 13, desensitization data processing module 14, source data acquisition module 15 and target data memory module 16.
Connection establishment module 41 is established HTTPs and is connected with desensitization execute server 1, by https agreements come encryption information,
In order to avoid sensitive information is obtained by third party.Client device 4 can set browser, be performed by inputting desensitization in browser
The https network address of server 1, it is connected to 443 ports of desensitization execute server 1.
First encryption/decryption module 42 sends digital certificate request to desensitization execute server 1.Certificate management module 11 will be with
For the corresponding digital certificate of client device 4 by HTTPs linkup transmits to client device 4, it is public that digital certificate includes encryption
Key.A set of digital certificate must have using the server of HTTPS agreements, oneself can make, can also apply to tissue.From
Oneself, which makes certificate, needs client validation by can just continue to access, and do not use the certificate that the company of trust applies then not
The prompting page can be ejected.Digital certificate corresponds to a pair of encrypted public keys and encryption key, and the numeral for including encrypted public key is demonstrate,proved
Book is sent to client device 4.
First encryption/decryption module 42 is based on tls protocol parsing digital certificate and verifies whether encrypted public key is effective, for example issues
Send out mechanism, expired time etc..If it is determined that encrypted public key is effective, the first encryption/decryption module 42 generates one group of random number, using adding
Migong key encrypted random number, and the encrypted result of random number is sent to desensitization execute server.If the first encryption/decryption module
42 checking encrypted public keys note abnormalities, then can eject an alert box, prompt certificate problem to be present.
Encrypted result is decrypted using encryption key for second encryption/decryption module 12, obtains random number.Client device 4
Communication is encrypted using random number as shared key with desensitization execute server 1.For example, the first encryption/decryption module 42 uses
For random number as key, instruction of being desensitized based on default symmetric encipherment algorithm to data carries out symmetric cryptography, and by after encryption
Data desensitization instruction is sent to desensitization execute server 1.Second encryption/decryption module 12 is calculated using random number and based on symmetric cryptography
Data desensitization instruction after encryption is decrypted method, obtains data desensitization instruction.Carry out symmetric cryptography, the method that decryption uses
Including:DES algorithms, 3DES algorithms etc., carry out asymmetric encryption, the method that decryption uses includes:RSA Algorithm, knapsack algorithm etc..
In one embodiment, in data desensitization instruction the information that carries have it is a variety of, such as type of sensitive data, with it is sensitive
Desensitization algorithm etc. corresponding to data type.Desensitization rule is established module 13 and taken based on data desensitization Rule Information configuration with data source
Be engaged in device corresponding to data desensitization rule template, data desensitization rule template in data desensitization rule include:Type of sensitive data
And the desensitization algorithm of desensitization use is carried out to it etc..For example, a data desensitization rule in data desensitization rule template is
How to determine sensitive data is ID card No., and is determined when type of sensitive data is ID card No. for ID card No.
Carry out the desensitization algorithm of desensitization use.
Data processing module 14 desensitize when performing desensitization task, obtains the data desensitization rule in data desensitization rule template
Then initial data is analyzed, positions the sensitive information in initial data, determine the type of sensitive data of this sensitive information with
And corresponding desensitization algorithm, call the desensitization algorithm of determination to generate replacement information corresponding with this sensitive information and be replaced.
Can by database preserve data desensitize rule template, when being desensitized, by data desensitize rule template with
And desensitization algorithm bag is carried in internal memory, the rule template that can be desensitized by client device 4 to data is dynamically changed
And setting, it is determined that some type of desensitization data are carried out with the desensitization algorithm of desensitization use etc..It can be adjusted by reflection mode dynamic
With desensitization algorithm, it is actually to call the program function corresponding with desensitization algorithm to call desensitization algorithm, such as the phase in jar bags
Close the method corresponding with desensitization algorithm in class.
JAVA reflex mechanisms be in running status, for any one class can know this class all properties and
Method, for any one object, its any means and attribute can be called, this dynamic access information and dynamic are adjusted
It is referred to as the reflex mechanism of java language with the function of object method.Desensitization algorithm renewal is wrapped and passes to desensitization by client device 4
Execute server.The data processing module 14 that desensitizes obtains desensitization algorithm renewal bag according to default desensitization algorithm bag name, and de-
Target class corresponding with desensitization algorithm is searched in quick algorithm renewal bag.The data processing module 14 that desensitizes utilizes java reflex mechanisms,
New desensitization corresponding with desensitization algorithm is obtained in target class and calculates goal approach and attribute, calls new desensitization to calculate target side
Method and attribute generate replacement information corresponding with this sensitive information and are replaced.
The information that data desensitization instruction carries includes:The link information and authentication information of source database, target database
Link information and authentication information etc..Link information is the IP address and port information of database, authentication information can be user name,
Password.Link information and authentication information of the source data acquisition module 15 according to source database and the source number in data source server 2
Source database connection is established according to storehouse.
Sql query statements can be used, is connected by source database and obtains data record to be read in source database
Total number, paging is set based on total number, generate paging query sentence, include starting number to be read in paging query sentence
According to Major key, read data quantity.Source data acquisition module 15 sends paging query sentence, paging to source database successively
The data in source database are extracted, obtain paged data.
Desensitization data processing module 14, which is performed desensitization operation to paged data based on data desensitization rule and generates paging, to be taken off
Quick data.In link information and authentication information and destination server 3 of the data memory module 16 according to target database that desensitize
Target database establishes target database connection, is sent paging desensitization data to target database by target database connection
Stored.Source database connection connected with target database including:Jdbc connections, ODBC connections etc..
As shown in figure 5, desensitization execute server can be from the source database or source data file in data source server
Initial data is obtained, desensitization data are sent in target database or target data file into destination server and stored,
Perform " not landing desensitization ".Source database and target database can support multitype database, such as Oracle, IBM DB2, MS
SQl SERVER, Mysql, Informix, Teradata, Sybase etc., other relation graphic data storehouses can also be supported.Source number
All it is formatted file according to file and target data file.
Source data acquisition module 15 takes out source data by JDBC, ODBC etc. from relevant database, can be according to difference
The corresponding batch reading manner of database.Source data acquisition module 15 goes to set according to the size line number of different database and table
Paging, partitioned mode are put, paging can be carried out according to the optimal mode of system default or piecemeal obtains data from database,
Paging or the partitioned mode of modification acquiescence according to specific implementation environment, can also be gone according to the service interface of offer simultaneously, flexibly
It is convenient.Desensitize data memory module 16 by target data by JDBC, ODBC etc., and according to the big of different database and table
It is small to carry out corresponding batch way of submission, target database is put into, data directly after database receives data desensitization request, are put
Enter target database, this process is not landed.
In one embodiment, source data acquisition module 15 establishes source data with the source database in data source server 2
Flow tube road, pipeline of data flow can be iostream, and source database can be data warehouse, distributed data base.Source data
Acquisition module 15 can establish source traffic pipeline according to corresponding database reading order, quickly obtain the source data of database
Stream, the process of frequently inquiry data is eliminated, effectively improve the efficiency of database reading.
The database command sent according to source data acquisition module 15 to source database, source database is from source data file
Initial data is extracted, this initial data is encapsulated as by former data object based on default pipeline data form, by former data object
Write source traffic pipeline.Source data acquisition module 15 reads former data object from source traffic pipeline.Desensitization data processing
Module 14 is based on data desensitization rule and the execution desensitization of former data object is operated and generates desensitization data.
Desensitization data memory module 16 establishes target data stream pipeline, data flow with the target database in destination server
Pipeline can be iostream, and target database is data warehouse, distributed data base etc..The desensitization meeting of data memory module 16
Target data stream pipeline is established according to corresponding database reading order, quickly can send data flow to database.Desensitize number
This desensitization data is encapsulated as the data object that desensitizes according to pipeline data form according to memory module 16, by desensitization data object write-in
Target data stream pipeline.The database command sent according to source data acquisition module 15 to source database, target database is from mesh
Mark and desensitization data object is obtained in pipeline of data flow, and by the desensitization data storage in the data object that desensitizes in target data file
In.
The source traffic that source database is extracted from source data file is encapsulated as former data object, by data processing of desensitizing
Process is encapsulated as the data object that desensitizes.Former data object can write data into pipeline, and desensitization data object is with pipeline stream side
Formula does not land deposit target database, and this pipeline stream mode is not consume internal memory, so saving memory headroom, and is realized
Data are not landed, continuous processing.This process is in a batch, it is not necessary to the process of inquiry insertion repeatedly, this
During there is no write magnetic disk.
Fig. 6 be according to the present invention data desensitization method one embodiment schematic flow sheet, as shown in Figure 6:
Step 601, the execute server that desensitizes receives the data desensitization instruction that client device is sent, and is referred to according to data desensitization
Order is read initial data from data source server and is put into internal memory.
Step 602, the execute server that desensitizes is in internal memory based on default data desensitization rule to quick in initial data
Sense information is positioned and generates replacement information corresponding with sensitive information.
Step 603, the sensitive information in initial data is replaced with corresponding replacement information generation by the execute server that desensitizes
Desensitize data.
Step 604, desensitization data are sent to destination server and stored by the execute server that desensitizes.
In one embodiment, client device is established HTTPs with desensitization execute server and is connected.Client device is to de-
Quick execute server sends digital certificate request, and desensitization execute server passes through the digital certificate corresponding with client device
HTTPs linkup transmits to client device, wherein, digital certificate includes encrypted public key.
Client device is based on tls protocol parsing digital certificate and verifies whether encrypted public key is effective, if it is, generation
One group of random number, desensitization execute server is sent to using encrypted public key encrypted random number, and by the encrypted result of random number.It is de-
Encrypted result is decrypted using encryption key for quick execute server, obtains random number.Client device and desensitization perform clothes
Communication is encrypted using random number as shared key for business device.
Client device uses random number, and as key, instruction of being desensitized based on default symmetric encipherment algorithm to data is carried out
Symmetric cryptography, and the data desensitization instruction after encryption is sent to desensitization execute server.The execute server that desensitizes uses random
Simultaneously the data desensitization instruction after encryption is decrypted based on symmetric encipherment algorithm for number, obtains data desensitization instruction.
In one embodiment, the information that data desensitization instruction carries includes:Type of sensitive data and type of sensitive data
Corresponding desensitization algorithm etc..The execute server that desensitizes is based on data desensitization Rule Information configuration number corresponding with data source server
According to desensitization rule template, the data desensitization rule in data desensitization rule template includes:Type of sensitive data and it is carried out
Desensitize the desensitization algorithm used.
Data processing module desensitize when performing desensitization task, obtains the data desensitization rule in data desensitization rule template
Initial data is analyzed, position initial data in sensitive information, determine this sensitive information type of sensitive data and
Corresponding desensitization algorithm, the desensitization algorithm of determination is called to generate replacement information corresponding with this sensitive information and be replaced.
Desensitization algorithm renewal is wrapped and passes to desensitization execute server by client device.The execute server that desensitizes is according to default
Desensitization algorithm bag name obtain desensitization algorithm renewal bag, and searched and the corresponding target of algorithm that desensitizes in desensitization algorithm renewal bag
Class.Desensitization execute server utilizes java reflex mechanisms, and new desensitization corresponding with desensitization algorithm is obtained in target class and calculates mesh
Mark method and attribute, new desensitization is called to calculate goal approach and attribute generation replacement information corresponding with this sensitive information simultaneously
It is replaced.
The information that data desensitization instruction carries includes:The link information and authentication information of source database, target database
Link information and authentication information.Link information and authentication information and data source service of the execute server that desensitizes according to source database
Source database in device establishes source database connection.Desensitization execute server is connected to obtain in source database by source database and treated
The total number of the data record of reading, paging is set based on total number, generate paging query sentence, included in paging query sentence
There is the Major key of initial data to be read, read the quantity of data.
The execute server that desensitizes sends paging query sentence to source database successively, and the number in source database is extracted in paging
According to, obtain paged data, based on data desensitize rule to paged data perform desensitization operate and generate paging desensitization data.Desensitization
Execute server establishes mesh according to the link information and authentication information of target database with the target database in destination server
Database connection is marked, paging desensitization data are sent to target database by target database connection and stored.
In one embodiment, the execute server that desensitizes establishes source data flow tube with the source database in data source server
Road.Source database extracts initial data from source data file, and source database is based on default pipeline data form, and this is original
Data are encapsulated as former data object, and former data object is write into source traffic pipeline.The execute server that desensitizes is from source data flow tube
Former data object is read in road, rule is desensitized to the execution desensitization operation of former data object based on data and generates desensitization data.
Desensitization execute server establishes target data stream pipeline with the target database in destination server, by this desensitization number
The data object that desensitizes is encapsulated as according to according to pipeline data form, by desensitization data object write-in target data stream pipeline.Number of targets
Desensitization data object is obtained from target data stream pipeline according to storehouse, and by the desensitization data storage in the data object that desensitizes in target
In data file.
Data desensitization system and method in above-described embodiment, desensitization execute server read original from data source server
Beginning data, the sensitive information in initial data is replaced with into corresponding replacement information generation desensitization Data Concurrent and delivers to destination service
Device stores, and obtains initial data and storage target data using the mode such as JDBC, ODBC and pipeline stream, is not required in desensitization
Any temporary file is generated, and the execute server that desensitizes uses encrypted transmission mode with client communication, can carry out " no
Land data desensitization ", it can ensure that client's creation data is used safely in nonproductive environment, prevent sensitive information leakage, protect
Hinder data safety, the efficiency of lifting desensitization operation, meet requirement of the enterprise for information security.
Methods and apparatus of the present invention, equipment may be achieved in many ways.For example, software, hardware, firmware can be passed through
Or any combinations of software, hardware, firmware realize methods and apparatus of the present invention, equipment.The step of for method
Order is stated merely to illustrate, order described in detail above is not limited to the step of method of the invention, unless with other
Mode illustrates.In addition, in certain embodiments, the present invention can be also embodied as recording program in the recording medium, this
A little programs include being used for the machine readable instructions for realizing the method according to the invention.Thus, the present invention also covering storage is used to hold
The recording medium of the program of row the method according to the invention.
Description of the invention provides for the sake of example and description, and is not exhaustively or by the present invention
It is limited to disclosed form.Many modifications and variations are obvious for the ordinary skill in the art.Select and retouch
State embodiment and be to more preferably illustrate the principle and practical application of the present invention, and one of ordinary skill in the art is managed
The present invention is solved so as to design the various embodiments with various modifications suitable for special-purpose.
The embodiment provides A1, a kind of data desensitization system, including:Data source server, for storing original
Beginning data;Destination server, for storing the data that desensitize;Desensitize execute server, for receiving the number of client device transmission
Instructing according to desensitization, initial data is read from the data source server according to data desensitization instruction is put into internal memory,
Desensitization operation generation desensitization data are performed in internal memory, and the desensitization data are sent to the destination server and stored;Wherein,
The desensitization operation includes:The sensitive information in the initial data is positioned and given birth to based on default data desensitization rule
Corresponding replacement information generation is replaced with into replacement information corresponding with sensitive information, by the sensitive information in the initial data
The desensitization data.
A2, the system as described in A1, wherein, the client device includes:Connection establishment module, the first encryption and decryption mould
Block;The desensitization execute server includes:Certificate management module and the second encryption/decryption module;The connection establishment module, is used for
HTTPs is established with the desensitization execute server to be connected;First encryption/decryption module, for the desensitization execute server
Send digital certificate request;The certificate management module, for the digital certificate corresponding with the client device to be passed through
The HTTPs linkup transmits give the client device, wherein, the digital certificate includes encrypted public key;Described first adds solution
Close module, it is additionally operable to parse the digital certificate based on tls protocol and verifies whether the encrypted public key is effective, if it is,
One group of random number is generated, encrypts the random number using the encrypted public key, and the encrypted result of the random number is sent to
The desensitization execute server;Second encryption/decryption module, for the encrypted result to be decrypted using encryption key,
Obtain the random number;Wherein, the client device and the desensitization execute server use the random number as shared
Communication is encrypted in key.
A3, the system as described in A2, wherein, the client device includes:Instruction sending module;First encryption and decryption
Module, be also used for the random number as key, data desensitization is instructed based on default symmetric encipherment algorithm into
Row symmetric cryptography;The instruction sending module, service is performed for the data desensitization instruction after encryption to be sent into the desensitization
Device;Second encryption/decryption module, it is also used for the random number and based on the symmetric encipherment algorithm to the number after encryption
It is decrypted according to desensitization instruction, obtains the data desensitization instruction.
A4, the system as described in A2, wherein, the data desensitization Rule Information that the data desensitization instruction carries includes:It is quick
Feel data type, desensitization algorithm corresponding with type of sensitive data;The desensitization execute server, including:Desensitization rule is established
Module, for configuring the regular mould of data desensitization corresponding with the data source server based on data desensitization Rule Information
Plate, wherein, the data desensitization rule in the data desensitization rule template includes:Type of sensitive data and it is desensitized
The desensitization algorithm of use;Desensitize data processing module, for when performing desensitization task, obtaining the data desensitization rule template
In data desensitization rule the initial data is analyzed, position the sensitive information in the initial data, determine that this is quick
Feel the type of sensitive data of information and corresponding desensitization algorithm, call the desensitization algorithm generation of determination corresponding with this sensitive information
Replacement information and be replaced.
A5, the system as described in A4, wherein, the client device by desensitize algorithm renewal wrap pass to it is described desensitization hold
Row server;The desensitization data processing module, it is additionally operable to obtain the desensitization algorithm more according to default desensitization algorithm bag name
New bag, and target class corresponding with the desensitization algorithm is searched in the desensitization algorithm renewal bag;Using java reflex mechanisms,
New desensitization corresponding with the desensitization algorithm is obtained in the target class and calculates goal approach and attribute, is called described new de-
Quick calculating goal approach and attribute generate replacement information corresponding with this sensitive information and are replaced.
A6, the system as described in A5, wherein, the information that the data desensitization instruction carries includes:The connection of source database
Information and authentication information, the link information of target database and authentication information;The desensitization execute server, including:Source data
Acquisition module, for the link information according to the source database and authentication information and the source data in the data source server
Source database connection is established in storehouse;The total of data record to be read in the source database is obtained by source database connection
Bar number;Paging is set based on the total number, generates paging query sentence, wherein, include and need in the paging query sentence
The Major key of the initial data of reading, the quantity for reading data;Successively paging query sentence, paging are sent to the source database
The data in the source database are extracted, obtain paged data;The desensitization data processing module, it is additionally operable to be based on the data
Desensitization rule performs desensitization to the paged data and operates and generate paging desensitization data;The desensitization execute server, including:
Desensitize data memory module, in the link information according to the target database and authentication information and the destination server
Target database establish target database connection, by the target database connection by the paging desensitization data send to
The target database is stored;Wherein, source database connection connected with the target database including:Jdbc connects
Connect, ODBC connections.
A7, the system as described in A6, wherein, the source data acquisition module, be additionally operable to in the data source server
Source database establishes source traffic pipeline, wherein, the source database extracts initial data, the source number from source data file
This initial data is encapsulated as by former data object based on default pipeline data form according to storehouse, the former data object is write into source
Pipeline of data flow;The source data acquisition module, it is additionally operable to read the former data object from the source traffic pipeline;Institute
Desensitization data processing module is stated, is additionally operable to operate the former data object execution desensitization based on data desensitization rule and raw
Into desensitization data;The desensitization data memory module, for establishing number of targets with the target database in the destination server
According to flow tube road, this desensitization data is encapsulated as the data object that desensitizes according to the pipeline data form, by the desensitization data pair
As writing target data stream pipeline;The target database obtains the desensitization data object from target data stream pipeline, and
By the desensitization data storage in the data object that desensitizes in target data file.
B8, a kind of data desensitization method, including:Desensitization execute server receives the data desensitization that client device is sent and referred to
Order, initial data is read from data source server according to data desensitization instruction and is put into internal memory;The desensitization performs clothes
Be engaged in device in internal memory based on default data desensitization rule the sensitive information in the initial data is positioned and generate with
Replacement information corresponding to sensitive information, the sensitive information in the initial data is replaced with described in corresponding replacement information generation
Desensitize data;The desensitization data are sent to the destination server and stored by the desensitization execute server.
B9, the method as described in B8, wherein, the client device establishes HTTPs companies with the desensitization execute server
Connect;The client device sends digital certificate request to the desensitization execute server;The desensitization execute server will be with
The corresponding digital certificate of the client device gives the client device by the HTTPs linkup transmits, wherein, it is described
Digital certificate includes encrypted public key;The client device is based on tls protocol and parses the digital certificate and verify the encryption
Whether public key is effective, if it is, one group of random number of generation, the random number is encrypted using the encrypted public key, and by described in
The encrypted result of random number is sent to the desensitization execute server;The desensitization execute server is using encryption key to described
Encrypted result is decrypted, and obtains the random number;The client device and the desensitization execute server use it is described with
Communication is encrypted as shared key in machine number.
B10, the method as described in B9, wherein, the client device uses the random number as key, based on default
Symmetric encipherment algorithm to the data desensitize instruction carry out symmetric cryptography, and by after encryption data desensitization instruction be sent to institute
State desensitization execute server;The desensitization execute server is using the random number and based on the symmetric encipherment algorithm to encryption
Data desensitization instruction afterwards is decrypted, and obtains the data desensitization instruction.
B11, the method as described in B9, wherein, the data desensitization Rule Information that the data desensitization instruction carries includes:It is quick
Feel data type, desensitization algorithm corresponding with type of sensitive data;The desensitization execute server is based on data desensitization rule
Then information configuration data desensitization rule template corresponding with the data source server, wherein, the data desensitization rule template
In data desensitization rule include:Type of sensitive data and the desensitization algorithm that desensitization use is carried out to it;The desensitization data
Processing module obtains the data desensitization rule in the data desensitization rule template to the original number when performing desensitization task
According to being analyzed, the sensitive information in the initial data is positioned, determines the type of sensitive data and correspondingly of this sensitive information
Desensitization algorithm, call the desensitization algorithm of determination to generate corresponding with this sensitive information replacement information and be replaced.
B12, the method as described in B11, wherein, desensitization algorithm renewal is wrapped and passes to the desensitization by the client device
Execute server;The desensitization execute server obtains the desensitization algorithm renewal bag according to default desensitization algorithm bag name, and
Target class corresponding with the desensitization algorithm is searched in the desensitization algorithm renewal bag;The desensitization execute server utilizes
Java reflex mechanisms, new desensitization corresponding with the desensitization algorithm is obtained in the target class and calculates goal approach and category
Property, call the new desensitization to calculate goal approach and attribute generation replacement information corresponding with this sensitive information and replaced
Change.
B13, the method as described in B12, wherein, the information that the data desensitization instruction carries includes:The company of source database
Connect information and authentication information, the link information of target database and authentication information;The desensitization execute server is according to the source
The link information and authentication information of database are established source database with the source database in the data source server and are connected;It is described
The execute server that desensitizes obtains the total number of data record to be read in the source database by source database connection;
Paging is set based on the total number, generates paging query sentence, wherein, include in the paging query sentence to be read
The Major key of initial data, the quantity for reading data;The desensitization execute server sends paging to the source database successively
Query statement, paging extract the data in the source database, obtain paged data, based on data desensitization rule to described
Paged data performs desensitization and operates and generate paging desensitization data;The desensitization execute server is according to the target database
Link information and authentication information are established target database with the target database in the destination server and are connected, and pass through the mesh
Paging desensitization data are sent to the target database and stored by the connection of mark database;Wherein, the source database
Connection connected with the target database including:Jdbc connections, ODBC connections.
B14, such as B13 methods describeds, wherein, the desensitization execute server and the source data in the data source server
Source traffic pipeline is established in storehouse;The source database extracts initial data from source data file, and the source database is based on pre-
If pipeline data form this initial data is encapsulated as former data object, the former data object is write into source data flow tube
Road;The desensitization execute server reads the former data object from the source traffic pipeline, is desensitized based on the data
Rule performs desensitization to the former data object and operates and generate desensitization data;The desensitization execute server takes with the target
Target database in business device establishes target data stream pipeline, and this desensitization data is encapsulated as taking off according to the pipeline data form
Quick data object, by the desensitization data object write-in target data stream pipeline;The target database is from target data flow tube
The desensitization data object is obtained in road, and by the desensitization data storage in the data object that desensitizes in target data file.
Claims (10)
- The system 1. a kind of data desensitize, it is characterised in that including:Data source server, for storing initial data;Destination server, for storing the data that desensitize;Desensitized execute server, and the data for receiving client device transmission, which desensitize, to be instructed, and is desensitized and instructed according to the data Initial data is read from the data source server to be put into internal memory, and desensitization operation generation desensitization data are performed in internal memory, And the desensitization data are sent to the destination server and stored;Wherein, the desensitization operation includes:Based on default data Desensitization rule is positioned to the sensitive information in the initial data and generates replacement information corresponding with sensitive information, by institute State the sensitive information in initial data and replace with the corresponding replacement information generation desensitization data.
- 2. the system as claimed in claim 1, it is characterised in thatThe client device includes:Connection establishment module, the first encryption/decryption module;The desensitization execute server includes:Card Book management module and the second encryption/decryption module;The connection establishment module, it is connected for establishing HTTPs with the desensitization execute server;First encryption/decryption module, for sending digital certificate request to the desensitization execute server;The certificate management module, for the digital certificate corresponding with the client device to be connected by the HTTPs The client device is sent to, wherein, the digital certificate includes encrypted public key;First encryption/decryption module, it is additionally operable to parse the digital certificate based on tls protocol and verifies that the encrypted public key is It is no that if it is, one group of random number of generation, the random number effectively is encrypted using the encrypted public key, and by the random number Encrypted result be sent to the desensitization execute server;Second encryption/decryption module, for the encrypted result to be decrypted using encryption key, obtain the random number;Wherein, the client device and the desensitization execute server are encrypted using the random number as shared key Communication.
- 3. system as claimed in claim 2, it is characterised in that the client device includes:Instruction sending module;First encryption/decryption module, the random number is also used for as key, based on default symmetric encipherment algorithm pair The data desensitization instruction carries out symmetric cryptography;The instruction sending module, for the data desensitization instruction after encryption to be sent into the desensitization execute server;Second encryption/decryption module, it is also used for the random number and based on the symmetric encipherment algorithm to the number after encryption It is decrypted according to desensitization instruction, obtains the data desensitization instruction.
- 4. system as claimed in claim 2, it is characterised in that the data desensitization Rule Information that the data desensitization instruction carries Including:Type of sensitive data, desensitization algorithm corresponding with type of sensitive data;The desensitization execute server, including:Desensitization rule establishes module, for corresponding with the data source server based on data desensitization Rule Information configuration Data desensitization rule template, wherein, the data desensitization rule in the data desensitization rule template includes:Type of sensitive data with And the desensitization algorithm of desensitization use is carried out to it;Desensitize data processing module, is taken off for when performing desensitization task, obtaining the data in the data desensitization rule template Quick rule is analyzed the initial data, is positioned the sensitive information in the initial data, is determined the quick of this sensitive information Feel data type and corresponding desensitization algorithm, call the desensitization algorithm of determination to generate replacement information corresponding with this sensitive information And it is replaced.
- 5. system as claimed in claim 4, it is characterised in thatDesensitization algorithm renewal is wrapped and passes to the desensitization execute server by the client device;The desensitization data processing module, it is additionally operable to obtain the desensitization algorithm renewal bag according to default desensitization algorithm bag name, And target class corresponding with the desensitization algorithm is searched in the desensitization algorithm renewal bag;Using java reflex mechanisms, in institute State and corresponding with the desensitization algorithm new desensitization calculating goal approach and attribute are obtained in target class, call the new desensitization meter Calculate goal approach and attribute generates replacement information corresponding with this sensitive information and is replaced.
- 6. system as claimed in claim 5, it is characterised in that the information that the data desensitization instruction carries includes:Source data The link information and authentication information in storehouse, the link information of target database and authentication information;The desensitization execute server, including:Source data acquisition module, for the link information according to the source database and authentication information and the data source server In source database establish source database connection;Number to be read in the source database is obtained by source database connection According to the total number of record;Paging is set based on the total number, generates paging query sentence, wherein, the paging query sentence In include initial data to be read Major key, read data quantity;Paging is sent to the source database successively to look into Sentence is ask, paging extracts the data in the source database, obtains paged data;The desensitization data processing module, it is additionally operable to perform the paged data desensitization operation based on data desensitization rule And generate paging desensitization data;The desensitization execute server, including:Desensitize data memory module, for the link information according to the target database and authentication information and the destination service Target database in device establishes target database connection, is sent out paging desensitization data by target database connection The target database is delivered to be stored;Wherein, source database connection connected with the target database including:Jdbc connections, ODBC connections.
- A kind of 7. data desensitization method, it is characterised in that including:The data desensitization instruction that the execute server that desensitizes reception client device is sent, is instructed from data according to data desensitization Initial data is read in source server to be put into internal memory;The desensitization execute server desensitizes rule to the sensitivity letter in the initial data in internal memory based on default data Breath is positioned and generates replacement information corresponding with sensitive information, and the sensitive information in the initial data is replaced with correspondingly Replacement information generate the desensitization data;The desensitization data are sent to the destination server and stored by the desensitization execute server.
- 8. method as claimed in claim 7, it is characterised in thatThe client device is established HTTPs with the desensitization execute server and is connected;The client device sends digital certificate request to the desensitization execute server;The digital certificate corresponding with the client device is passed through the HTTPs linkup transmits by the desensitization execute server To the client device, wherein, the digital certificate includes encrypted public key;The client device is based on tls protocol and parses the digital certificate and verify whether the encrypted public key is effective, if It is then to generate one group of random number, encrypts the random number using the encrypted public key, and the encrypted result of the random number is sent out Give the desensitization execute server;The encrypted result is decrypted using encryption key for the desensitization execute server, obtains the random number;Communication is encrypted using the random number as shared key for the client device and the desensitization execute server.
- 9. method as claimed in claim 8, it is characterised in thatThe client device uses the random number to be desensitized as key based on default symmetric encipherment algorithm to the data Instruction carries out symmetric cryptography, and the data desensitization instruction after encryption is sent into the desensitization execute server;The desensitization execute server is desensitized using the random number and based on the symmetric encipherment algorithm to the data after encryption Instruction is decrypted, and obtains the data desensitization instruction.
- 10. method as claimed in claim 8, it is characterised in that the data desensitization rule letter that the data desensitization instruction carries Breath includes:Type of sensitive data, desensitization algorithm corresponding with type of sensitive data;The desensitization execute server is based on data desensitization Rule Information configuration number corresponding with the data source server According to desensitization rule template, wherein, the data desensitization rule in the data desensitization rule template includes:Type of sensitive data and The desensitization algorithm of desensitization use is carried out to it;The desensitization data processing module obtains the data desensitization in the data desensitization rule template when performing desensitization task Rule is analyzed the initial data, is positioned the sensitive information in the initial data, is determined the sensitivity of this sensitive information Data type and corresponding desensitization algorithm, the desensitization algorithm of determination is called to generate replacement information corresponding with this sensitive information simultaneously It is replaced.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710995533.1A CN107766741A (en) | 2017-10-23 | 2017-10-23 | Data desensitization system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710995533.1A CN107766741A (en) | 2017-10-23 | 2017-10-23 | Data desensitization system and method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107766741A true CN107766741A (en) | 2018-03-06 |
Family
ID=61269182
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710995533.1A Pending CN107766741A (en) | 2017-10-23 | 2017-10-23 | Data desensitization system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107766741A (en) |
Cited By (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108664812A (en) * | 2018-05-14 | 2018-10-16 | 阿里巴巴集团控股有限公司 | Information desensitization method, apparatus and system |
CN109117672A (en) * | 2018-08-24 | 2019-01-01 | 青岛大学 | Carry out the hiding cloud storage Data Audit method of sensitive information |
CN109408534A (en) * | 2018-11-02 | 2019-03-01 | 上海新炬网络信息技术股份有限公司 | Method based on character string uniqueness and repeatability displacement output |
CN109558746A (en) * | 2018-11-06 | 2019-04-02 | 泰康保险集团股份有限公司 | Data desensitization method, device, electronic equipment and storage medium |
CN109584983A (en) * | 2018-12-07 | 2019-04-05 | 广东省人民医院(广东省医学科学院) | A kind of data processing method applied to medicine |
CN109614816A (en) * | 2018-11-19 | 2019-04-12 | 平安科技(深圳)有限公司 | Data desensitization method, device and storage medium |
CN109634836A (en) * | 2018-10-23 | 2019-04-16 | 平安科技(深圳)有限公司 | Test data packaging method, device, equipment and storage medium |
WO2019210758A1 (en) * | 2018-05-02 | 2019-11-07 | 中兴通讯股份有限公司 | Data protection method and device and storage medium |
CN110532747A (en) * | 2019-07-30 | 2019-12-03 | 国家计算机网络与信息安全管理中心 | A kind of data desensitization method based on certification with biological characteristic |
CN110601931A (en) * | 2019-09-10 | 2019-12-20 | 杭州行至云起科技有限公司 | Batch configuration method and system of intelligent home system |
CN110598442A (en) * | 2019-09-11 | 2019-12-20 | 国网浙江省电力有限公司信息通信分公司 | Sensitive data self-adaptive desensitization method and system |
CN110781515A (en) * | 2019-10-25 | 2020-02-11 | 上海凯馨信息科技有限公司 | Static data desensitization method and desensitization device |
CN110795764A (en) * | 2019-11-01 | 2020-02-14 | 中国银行股份有限公司 | Data desensitization method and system |
CN110851463A (en) * | 2019-11-08 | 2020-02-28 | 南京国图信息产业有限公司 | Real estate registration data desensitization and spatialization method based on internet map geocoding engine |
CN111177785A (en) * | 2019-12-31 | 2020-05-19 | 广东鸿数科技有限公司 | Desensitization processing method for private data of enterprise-based business system |
CN111291403A (en) * | 2020-01-15 | 2020-06-16 | 上海新炬网络信息技术股份有限公司 | Data desensitization device based on distributed cluster |
CN111625845A (en) * | 2020-04-17 | 2020-09-04 | 沈阳派客动力科技有限公司 | Security management method, device and equipment for big data |
CN111931214A (en) * | 2020-08-31 | 2020-11-13 | 平安国际智慧城市科技股份有限公司 | Data processing method, device, server and storage medium |
CN112163214A (en) * | 2020-09-22 | 2021-01-01 | 杭州数梦工场科技有限公司 | Data access method and device |
CN112199723A (en) * | 2020-10-16 | 2021-01-08 | 深圳无域科技技术有限公司 | PKI system, PKI control method, and data security system |
CN112329053A (en) * | 2020-10-28 | 2021-02-05 | 上海上讯信息技术股份有限公司 | Method and apparatus for desensitization of target file data |
CN112825096A (en) * | 2019-11-21 | 2021-05-21 | 北京沃东天骏信息技术有限公司 | Data desensitization method and device |
CN113544683A (en) * | 2019-03-11 | 2021-10-22 | 日本电信电话株式会社 | Data generalization device, data generalization method, and program |
CN113705211A (en) * | 2021-10-29 | 2021-11-26 | 云账户技术(天津)有限公司 | Automatic character size generation method and device, electronic equipment and readable storage medium |
CN113746791A (en) * | 2020-09-08 | 2021-12-03 | 好心泰(浙江)科技有限公司 | Data transmission encryption and desensitization system |
CN114500121A (en) * | 2022-04-18 | 2022-05-13 | 北京安华金和科技有限公司 | Data desensitization method and device based on security protocol |
CN114979281A (en) * | 2022-07-11 | 2022-08-30 | 成都信息工程大学 | Data interaction method applied to industrial internet cloud service platform |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080270370A1 (en) * | 2007-04-30 | 2008-10-30 | Castellanos Maria G | Desensitizing database information |
CN107145799A (en) * | 2017-05-04 | 2017-09-08 | 山东浪潮云服务信息科技有限公司 | A kind of data desensitization method and device |
-
2017
- 2017-10-23 CN CN201710995533.1A patent/CN107766741A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080270370A1 (en) * | 2007-04-30 | 2008-10-30 | Castellanos Maria G | Desensitizing database information |
CN107145799A (en) * | 2017-05-04 | 2017-09-08 | 山东浪潮云服务信息科技有限公司 | A kind of data desensitization method and device |
Cited By (37)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019210758A1 (en) * | 2018-05-02 | 2019-11-07 | 中兴通讯股份有限公司 | Data protection method and device and storage medium |
US11392586B2 (en) | 2018-05-02 | 2022-07-19 | Zte Corporation | Data protection method and device and storage medium |
CN110443059A (en) * | 2018-05-02 | 2019-11-12 | 中兴通讯股份有限公司 | Data guard method and device |
CN108664812B (en) * | 2018-05-14 | 2023-03-10 | 创新先进技术有限公司 | Information desensitization method, device and system |
CN108664812A (en) * | 2018-05-14 | 2018-10-16 | 阿里巴巴集团控股有限公司 | Information desensitization method, apparatus and system |
CN109117672A (en) * | 2018-08-24 | 2019-01-01 | 青岛大学 | Carry out the hiding cloud storage Data Audit method of sensitive information |
CN109634836A (en) * | 2018-10-23 | 2019-04-16 | 平安科技(深圳)有限公司 | Test data packaging method, device, equipment and storage medium |
CN109408534A (en) * | 2018-11-02 | 2019-03-01 | 上海新炬网络信息技术股份有限公司 | Method based on character string uniqueness and repeatability displacement output |
CN109558746B (en) * | 2018-11-06 | 2020-11-06 | 泰康保险集团股份有限公司 | Data desensitization method and device, electronic equipment and storage medium |
CN109558746A (en) * | 2018-11-06 | 2019-04-02 | 泰康保险集团股份有限公司 | Data desensitization method, device, electronic equipment and storage medium |
CN109614816A (en) * | 2018-11-19 | 2019-04-12 | 平安科技(深圳)有限公司 | Data desensitization method, device and storage medium |
CN109614816B (en) * | 2018-11-19 | 2024-05-07 | 平安科技(深圳)有限公司 | Data desensitizing method, device and storage medium |
CN109584983A (en) * | 2018-12-07 | 2019-04-05 | 广东省人民医院(广东省医学科学院) | A kind of data processing method applied to medicine |
CN113544683B (en) * | 2019-03-11 | 2023-09-29 | 日本电信电话株式会社 | Data generalization device, data generalization method, and program |
CN113544683A (en) * | 2019-03-11 | 2021-10-22 | 日本电信电话株式会社 | Data generalization device, data generalization method, and program |
CN110532747A (en) * | 2019-07-30 | 2019-12-03 | 国家计算机网络与信息安全管理中心 | A kind of data desensitization method based on certification with biological characteristic |
CN110601931A (en) * | 2019-09-10 | 2019-12-20 | 杭州行至云起科技有限公司 | Batch configuration method and system of intelligent home system |
CN110598442A (en) * | 2019-09-11 | 2019-12-20 | 国网浙江省电力有限公司信息通信分公司 | Sensitive data self-adaptive desensitization method and system |
CN110781515B (en) * | 2019-10-25 | 2023-09-26 | 上海凯馨信息科技有限公司 | Static data desensitizing method and device |
CN110781515A (en) * | 2019-10-25 | 2020-02-11 | 上海凯馨信息科技有限公司 | Static data desensitization method and desensitization device |
CN110795764A (en) * | 2019-11-01 | 2020-02-14 | 中国银行股份有限公司 | Data desensitization method and system |
CN110851463A (en) * | 2019-11-08 | 2020-02-28 | 南京国图信息产业有限公司 | Real estate registration data desensitization and spatialization method based on internet map geocoding engine |
CN112825096A (en) * | 2019-11-21 | 2021-05-21 | 北京沃东天骏信息技术有限公司 | Data desensitization method and device |
CN111177785A (en) * | 2019-12-31 | 2020-05-19 | 广东鸿数科技有限公司 | Desensitization processing method for private data of enterprise-based business system |
CN111291403A (en) * | 2020-01-15 | 2020-06-16 | 上海新炬网络信息技术股份有限公司 | Data desensitization device based on distributed cluster |
CN111291403B (en) * | 2020-01-15 | 2023-09-19 | 上海新炬网络信息技术股份有限公司 | Data desensitizing device based on distributed cluster |
CN111625845A (en) * | 2020-04-17 | 2020-09-04 | 沈阳派客动力科技有限公司 | Security management method, device and equipment for big data |
CN111931214A (en) * | 2020-08-31 | 2020-11-13 | 平安国际智慧城市科技股份有限公司 | Data processing method, device, server and storage medium |
CN113746791A (en) * | 2020-09-08 | 2021-12-03 | 好心泰(浙江)科技有限公司 | Data transmission encryption and desensitization system |
CN112163214A (en) * | 2020-09-22 | 2021-01-01 | 杭州数梦工场科技有限公司 | Data access method and device |
CN112199723A (en) * | 2020-10-16 | 2021-01-08 | 深圳无域科技技术有限公司 | PKI system, PKI control method, and data security system |
CN112329053A (en) * | 2020-10-28 | 2021-02-05 | 上海上讯信息技术股份有限公司 | Method and apparatus for desensitization of target file data |
CN113705211B (en) * | 2021-10-29 | 2022-01-18 | 云账户技术(天津)有限公司 | Method and device for automatically generating license character number and readable storage medium |
CN113705211A (en) * | 2021-10-29 | 2021-11-26 | 云账户技术(天津)有限公司 | Automatic character size generation method and device, electronic equipment and readable storage medium |
CN114500121B (en) * | 2022-04-18 | 2022-06-28 | 北京安华金和科技有限公司 | Data desensitization method and device based on security protocol |
CN114500121A (en) * | 2022-04-18 | 2022-05-13 | 北京安华金和科技有限公司 | Data desensitization method and device based on security protocol |
CN114979281A (en) * | 2022-07-11 | 2022-08-30 | 成都信息工程大学 | Data interaction method applied to industrial internet cloud service platform |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107766741A (en) | Data desensitization system and method | |
CN207489017U (en) | Data desensitization system | |
EP3400550B1 (en) | Methods and systems for securing data in the public cloud | |
CN112929172B (en) | System, method and device for dynamically encrypting data based on key bank | |
CN102402664B (en) | Data access control device and data access control method | |
CN110462658A (en) | For providing system and method for the digital identity record to verify the identity of user | |
US11025415B2 (en) | Cryptographic operation method, method for creating working key, cryptographic service platform, and cryptographic service device | |
CN107408135A (en) | For carrying out the database server and client of query processing to encryption data | |
WO2018133674A1 (en) | Method of verifying and feeding back bank payment permission authentication information | |
CN104462949B (en) | The call method and device of a kind of plug-in unit | |
CN112183765B (en) | Multi-source multi-modal data preprocessing method and system for shared learning | |
CN109271798A (en) | Sensitive data processing method and system | |
CN108537314A (en) | Product marketing system and method based on Quick Response Code | |
CN103942896A (en) | System for money withdrawing without card on ATM | |
KR101923943B1 (en) | System and method for remitting crypto currency with enhanced security | |
CN106992851A (en) | TrustZone-based database file password encryption and decryption method and device and terminal equipment | |
CN110135175A (en) | Information processing, acquisition methods, device, equipment and medium based on block chain | |
CN110166644A (en) | Data processing method, device, computer equipment and storage medium | |
CN102693597A (en) | Local printing method based on remote bill information and apparatus thereof | |
CN205901794U (en) | System for it encrypts to carry out selectivity to big data content | |
US20230327863A1 (en) | Data management and encryption in a distributed computing system | |
CN108920971A (en) | The method of data encryption, the method for verification, the device of encryption and verification device | |
CN107689867A (en) | A kind of cryptographic key protection method and system under open environment | |
JPWO2011058629A1 (en) | Information management system | |
US20210365593A1 (en) | Systems and methods for use in segregating data blocks to distributed storage |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |