CN109977690A - A kind of data processing method, device and medium - Google Patents
A kind of data processing method, device and medium Download PDFInfo
- Publication number
- CN109977690A CN109977690A CN201711465717.3A CN201711465717A CN109977690A CN 109977690 A CN109977690 A CN 109977690A CN 201711465717 A CN201711465717 A CN 201711465717A CN 109977690 A CN109977690 A CN 109977690A
- Authority
- CN
- China
- Prior art keywords
- data
- sensitive data
- file
- sensitive
- desensitization
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/11—File system administration, e.g. details of archiving or snapshots
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Abstract
The invention discloses a kind of data processing method, device and media, to improve the safety of the storage of the data under big data technological accumulation and inheritance and access.The data processing method, comprising: receive data file read requests, carry user identifier and accessed file identification in the data file read requests;If determined according to the user identifier and preset sensitive data access rule without sensitive data access authority, according to the accessed file identification from sensitive data is searched in pre-stored sensitive data mark information in the location information being accessed in file;It desensitizes from preset user identifier and data and searches the corresponding data desensitization strategy of the user identifier in tactful corresponding relationship;According to the location information of sensitive data, desensitization process is carried out using the data desensitization strategy found to the sensitive data of corresponding position.
Description
Technical field
The present invention relates to technical field of data processing more particularly to a kind of data processing methods, device and medium.
Background technique
Background that this section is intended to provide an explanation of the embodiments of the present invention set forth in the claims or context.Herein
Description recognizes it is the prior art not because not being included in this section.
With the rise of " internet+" concept, the application of cloud computing and big data technology, data are by more and more companies
Paid attention to enterprise.Change traditional business, driving service management and mining data by digitization, digitized mode
Value is explored and arrives reasonable business model, and the Main way of following " internet+" is become, and " data " are the cores of everything,
How to ensure that the safety of data also just becomes enterprise and cannot be neglected matter of utmost importance.
There are mainly two types of modes for the data safety preventive means of industry mainstream at present.One is the safety for being directed to data itself
Protection;Another kind is the security protection for preventing leaking data.For the security protection of data itself, it is primarily referred to as using modern close
Code algorithm carries out active protection to data, such as data encryption, two-way strong identity authentication guarantee the confidentiality of data;And pass through
The means such as disk array, data backup, long-distance disaster guarantee that the abnormal of data is lost, damages.Prevent the safety of leaking data anti-
Shield, it is other mainly on company's core network to hang the leakage-preventing equipment of data, or DLP (Data Loss is installed at the terminal
Prevention, leakage prevention) client, monitoring and the outgoing movement for managing data, it prevents data Misuse and lets out
Dew.
In above two method, although all data, which are carried out encryption storage, can guarantee data confidentiality, also make to pacify
Full administrator lacks the consciousness of focused protection or even safety officer to the company's core sensitive data for really needing focused protection
The data which is company's core needs to lay special stress on protecting are not known, so that key protection measure can not be taken it.And due to net
Terminal in network is always changing, it is difficult to carry out the comprehensive data outgoing monitoring without dead angle, affect the safety of data.Thus
As it can be seen that the Information Security how improved under big data technological accumulation and inheritance becomes prior art one of the technical problems that are urgent to solve.
Summary of the invention
The embodiment of the present invention provides a kind of data processing method, device and medium, to improve under big data technological accumulation and inheritance
Data storage and access safety.
In a first aspect, providing a kind of data processing method, comprising:
Data file read requests are received, carry user identifier and accessed file in the data file read requests
Mark;
If determining that not having sensitive data visits according to the user identifier and preset sensitive data access rule
When asking permission, then sensitive data is searched from pre-stored sensitive data mark information according to the accessed file identification and existed
Location information in accessed file;
Desensitizing from preset user identifier and data, it is de- that the corresponding data of the user identifier are searched in tactful corresponding relationship
Quick strategy;
According to the location information of sensitive data, the data desensitization strategy found is utilized to the sensitive data of corresponding position
Carry out desensitization process.
Optionally, position of the sensitive data for including in pre-stored sensitive data mark information in accessed file
Information obtains in the following way:
Receive data file write request;
Parse data file to be written;
Data file after scanning parsing, if determining the number after parsing according to preset sensitive data recognition rule
According in file, there are sensitive datas, then record the location information of sensitive data and storage.
Optionally, after receiving data file write request, further includes:
Determine the size of data file to be written;
If the size of data file to be written is more than preset memory analysis threshold value, it is determined that creation mapping reduction MR appoints
Business is scanned, if the size of data file to be written is no more than the memory analysis threshold value, it is determined that carry out in memory
Scanning.
Optionally, the data desensitization strategy includes any one of following: full dose is fuzzy, On Local Fuzzy, original meaning are obscured and added
Close processing.
Second aspect provides a kind of data processing equipment, comprising:
First receiving unit, for receiving data file read request carry in the data file read requests useful
Family mark and accessed file identification;
First searching unit, if for being determined according to the user identifier and preset sensitive data access rule
When without sensitive data access authority, then according to the accessed file identification from pre-stored sensitive data mark information
The middle location information for searching sensitive data in accessed file;
Second searching unit, for searching the user from preset user identifier and the tactful corresponding relationship of data desensitization
Identify corresponding data desensitization strategy;
Data desensitization unit utilizes the sensitive data of corresponding position and looks into for the location information according to sensitive data
The data desensitization strategy found carries out desensitization process.
Optionally, the data processing equipment, further includes:
Second receiving unit, for receiving data file write request;
Resolution unit, for parsing data file to be written;
Scanning element, for scanning the data file after parsing;
Storage unit, if for being determined in the data file after parsing according to preset sensitive data recognition rule
There are sensitive datas, then record the location information of sensitive data and storage.
Optionally, the data processing equipment, further includes:
First determination unit, for after second receiving unit receives data file write request, determine to
The size of the data file of write-in;
Second determination unit, if the size of data file to be written is more than preset memory analysis threshold value, it is determined that wound
It builds mapping reduction MR task to be scanned, if the size of data file to be written is no more than the memory analysis threshold value, really
It is fixed to be scanned in memory.
Optionally, the data desensitization strategy includes any one of following: full dose is fuzzy, On Local Fuzzy, original meaning are obscured and added
Close processing.
The third aspect provides a kind of computing device, including at least one processing unit and at least one storage unit,
Wherein, the storage unit is stored with computer program, when described program is executed by the processing unit, so that the processing
Unit executes step described in any of the above-described method.
Fourth aspect provides a kind of computer-readable medium, is stored with the computer program that can be executed by computing device,
When described program is run on the computing device, so that the computing device executes step described in any of the above-described method.
Data processing method, device and medium provided in an embodiment of the present invention, preassign user or application system is visited
It asks sensitive data access authority and data desensitization strategy, and desensitization data is carried out to sensitive data accordingly, in the above process, in number
It desensitizes in real time according in access process, the access of sensitive data is controlled from source, to improve under big data technological accumulation and inheritance
The safety of data storage and access.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification
It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention can be by written explanation
Specifically noted structure is achieved and obtained in book, claims and attached drawing.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes a part of the invention, this hair
Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is the application scenarios schematic diagram of data processing method in the embodiment of the present invention;
Fig. 2 is in the embodiment of the present invention, using different sensitive datas desensitization strategy to the schematic diagram of sensitive data processing;
Fig. 3 is to find and mark the flow diagram of sensitive data in the embodiment of the present invention;
Fig. 4 is in the embodiment of the present invention, and HDFS acts on behalf of flow diagram;
Fig. 5 is in the embodiment of the present invention, and Hive acts on behalf of flow diagram;
Fig. 6 is in the embodiment of the present invention, and HBase acts on behalf of flow diagram;
Fig. 7 a is the implementation process diagram according to the data processing method of embodiment of the present invention;
Fig. 7 b is the implementation process diagram according to the data processing method of another embodiment of the present invention;
In Fig. 8 embodiment of the present invention, the structural schematic diagram of data processing equipment;
Fig. 9 is the structural schematic diagram according to the computing device of embodiment of the present invention.
Specific embodiment
In order to improve the safety of the storage of the data under big data technological accumulation and inheritance and access, the embodiment of the invention provides one
Kind data processing method, device and medium.
Below in conjunction with Figure of description, preferred embodiment of the present invention will be described, it should be understood that described herein
Preferred embodiment only for the purpose of illustrating and explaining the present invention and is not intended to limit the present invention, and in the absence of conflict, this hair
The feature in embodiment and embodiment in bright can be combined with each other.
Data processing method provided in an embodiment of the present invention can be applied to the Resource Server of network side, and user is to money
When data file being written in source server, sensitive data therein can be scanned, find and mark, user is reading resource service
When the data file stored in device, then it can judge whether user has sensitive data according to the sensitive data access rule of setting
Access authority, if having sensitive data access authority, further according to the data of setting desensitization strategy in data file
The sensitive data for including carries out desensitization process.When it is implemented, data processing method provided in an embodiment of the present invention can be with clothes
The mode of business agency is deployed in Resource Server, intercepts data file write-in/reading that user submits to Resource Server
It requests and analyzes.Using agency service to the quick of big data platform (for example, resource manager involved in the embodiment of the present invention)
Sense data access operation desensitizes.User and application system carry out the access operation of big data platform by agency service,
The sensitive data control point of big data platform is concentrated on into agency service.Agency service passes through sensitive data access authority and desensitization
Rule identifies sensitive data access, is authenticated and desensitization process, and lack of competence user and application system is avoided to obtain sensitive number
According to reduction leaking data risk.When it is implemented, service broker can be the dress of data processing involved in the embodiment of the present invention
It sets.
As shown in Figure 1, its be data processing method provided in an embodiment of the present invention application scenarios schematic diagram, user or
Application system submits access request by the client 11 installed in terminal device, and data processing equipment 12 intercepts client 11 and mentions
The access request of friendship is simultaneously sent to Resource Server 13 after being analyzed and processed.It wherein, include fort in data processing equipment 12
Build component, data exchange component, desensitization data discovery serviced component and desensitization serviced component etc. various components.
In order to improve the safety of the sensitive data for including in data file access, in the embodiment of the present invention, for sensitivity
Data can specify sensitive data recognition rule in sensitive data discovery serviced component by administrator, and rule is issued to data
Exchange component.Data exchange component and data manipulation of the fort linkage surveillance client to Resource Server, according to sensitive data
It was found that the sensitive data recognition rule that service is formulated sweeps the sensitive data access process in client access request in real time
It retouches, find sensitive data and marks.Administrator formulates sensitive data access rule in desensitization serviced component, i.e., those users can
Access the sensitive data and configuration data desensitization strategy of plaintext.
Wherein, sensitive data desensitization strategy includes any one of following:
1, full dose is fuzzy: as the positive China's desensitization of name Ouyang becomes * * * *;
2, On Local Fuzzy: as the positive China's desensitization of name Ouyang becomes Ouyang * *;
3, be ready to obscure: as the positive China's desensitization of name Ouyang become Zhuge tiltedly I;
4, encryption: as the positive China's desensitization of name Ouyang becomes!# $@%@%.
Desensitization process carries out Fuzzy processing, output blurring result to sensitive data using any of the above-described strategy.Such as
Shown in Fig. 2, to desensitize strategy to the schematic diagram after sensitive data progress Fuzzy processing using different sensitive datas.
The sensitive data access rule and sensitive data that data exchange component is formulated according to desensitization serviced component desensitize tactful
Client is monitored by sensitive data access process of the fort to Resource Server.Monitoring sensitive data operation
Afterwards, determine whether data are sensitive datas, if sensitive data, then judge whether user and application system have sensitive data access
Permission, if carrying out desensitization process according to desensitization strategy without sensitive data access authority.
As shown in figure 3, it is the flow diagram for finding and marking sensitive data, may comprise steps of:
S31, data file write request is received.
In this step, user or application system are acted on behalf of to Resource Server by data processing service and data, clothes are written
Business agent intercepts data file write request.
S32, parsing data file to be written.
In this step, service broker judges the type of data file to be written, if it is structural data, then calls structure
Change data analytics engine to be parsed, if it is unstructured data, then unstructured data analytics engine is called to be parsed.
Data file after S33, scanning parsing.
When it is implemented, can determine the size of data file first, such as after receiving data file to be written
The size of fruit data file to be written is more than preset memory analysis threshold value, it is determined that creation mapping reduction MR (Mapreduce,
Mapping reduction) task is scanned, if the size of data file to be written is no more than the memory analysis threshold value, it is determined that
It is scanned in memory.
S34, sensitive data is judged whether there is, if so, step S35 is executed, if not, process terminates.
In this step, there is sensitivity in the data file after can identifying according to preset sensitive data recognition rule
Data, wherein sensitive data recognition rule can be some customized keywords etc..
S35, the location information for recording sensitive data and storage.
When it is implemented, can also further be defined in library according to sensitive data rank if identifying sensitive data
The corresponding rank of current sensitive data is obtained, for the sensitive data of different stage, different desensitization strategies can be formulated.
For the sensitive data identified, location information of the sensitive data in data file to be written is determined, for example,
Catalogue, file and row/column where the sensitive data of files classes is tagged to, HBASE class data markers to column.Sensitive data finds energy
So that safety officer is apparent from the quantity and distributing position of protected data, is also mentioned for data desensitization and other preventive means
For foundation.Sensitive data is being determined after the location information in data file to be written, by file identification, that identifies is quick
The location information of sense data and sensitive data is stored as sensitive data mark information.Preferably, in view of data are de-
The matched efficiency of sensitive data during quick, in the embodiment of the present invention, sensitive data mark information be can store in Solr
In (Solr is an independent enterprise-level search application server).When it is implemented, judgement of collecting money is known before Solr is written
Not Chu sensitive data whether there is in Solr, do not do any operation if having existed, if it does not exist, then write-in
In Solr.
When it is implemented, if be abnormal in sensitive data identification process, this is by data file or the information of data
It is recorded in table.
Based on this, the embodiment of the invention provides the agent data desensitization methods under a kind of big data environment, wherein desensitizing
Agency includes following several:
One, HDFS (distributed file system) is acted on behalf of.
The basic operation that HDFS agency supports mainly includes the management of file and the management of file, in which:
[MKDIRS]: one specified path of creation;
[GETFILESTATUS]: the attribute information of specified file destination is obtained;
[LISTSTATUS]: the file or folder attribute information under specified destination folder is listed;
[CREATE]: file is created under specified path;
[OPEN]: the content of specified file is shown;
[RENAME]: renaming (movement) specified file and file;
The file appending content of [APPEND]: Xiang Zhiding;
[DELETE]: the file or catalogue of a formulation are deleted.
As shown in figure 4, it acts on behalf of process for HDFS, may comprise steps of:
S41, user and application system send HDFS operation requests;
Wherein, in Fig. 4, it can be user and application system that portal/otherSys, which indicates portal/other systems,;
Webhdfs-agent:webhdfs indicates to act on behalf of, the service that webhdfs:hdfs opens for built-in, default, hdfs:
Hadoop distributed file system.
S42, HDFS agency receive request, call Service Component;
S43, Service Component forwarding request;
In this step, webhdfs-agent calls the restful interface of webhdfs, and webhdfs calls the api of hdfs.
S44, returning response data.
In this step, hdfs returns to call result to webhdfs, and webhdfs is returned to webhdfs-agent and called knot
Fruit, webhdfs-agent is to portal/otherSys returning response solicited message.
Two, Hive is acted on behalf of
Hive is a Tool for Data Warehouse based on Hadoop, the data file of structuring can be mapped as a number
According to library table.Hive agency support basic operation have Hive inquiry and order and some DDL operation, in which:
[QUERY]: one hive inquiry of operation or Hive order;
[LISTDB]: all Database Lists are shown;
[DESCDB]: one database of description;
[CRTDB]: one database of creation;
[DELDB]: a database is deleted;
[LISTTABLE]: all tables in display database;
[DESCTABLE]: one table of description;
[CRTTABLE]: one table of creation;
[DELTABLE]: a table is deleted;
[CRTTABLELIKE]: a table is created using already present table;
[LISTPARTITION]: all partition informations are shown;
[CRTPARTITION]: one subregion of creation;
[DESCPARTITION]: description specified partition;
[DELPARTITION]: specified partition is deleted;
[LISTCOLUMN]: all column informations in one table of display;
[CRTCOLUMN]: creation column;
[DESCCOLUMN]: specified column are described.
As shown in figure 5, it acts on behalf of process for Hive, may comprise steps of:
S51, user and application system send Hive operation requests;
Wherein, Portal indicates that portal, otherSys indicate other systems, and webhcat-agent indicates webhcat generation
Reason, webhcat are the rest services of hive, and hcatalog indicates that the unified for table and bottom data management of apache open source takes
Business platform
S52, Hive agency receive request, call Service Component;
S53, Service Component forwarding request;
In this step, webhcat-agent calls webhcat interface, and webhcat calls the api of hcatalog.
S54, returning response data.
In this step, hcatalog returns to call result to webhcat, and webhcat is returned to webhcat-agent and called
As a result, webhcat-agent is to portal/otherSys returning response solicited message.
Three, HBase is acted on behalf of
HBase is a PostgreSQL database distributed, towards column, and HBase is acted on behalf of primarily directed to some of Hbase
The proxy interface for the encapsulation that basic function operation carries out.Major function is as follows:
[CLUSTERSTATUS]: display cluster information;
[CREATETABLE]: creation table;
[DELETETABLE]: table is deleted;
[LISTTABLE]: all table lists are shown;
[VERSION]: display cluster version;
[DESCTABLE]: one table of description
[PUT]: data insertion;
[GET]: inquiry;
[DELETE]: data are deleted
[CRTSCANNER]: creation Scanner;
[GETNEXTSCANNER]: next Scanner is obtained;
[DELSCANNER]: Scanner is deleted;
As shown in fig. 6, it acts on behalf of process for HBase, may include following:
S61, user and application system send HBase operation requests;
Wherein, Portal indicates that portal, otherSys indicate other systems, and webhbase-agent indicates webhbase generation
Reason, hbase-restful indicate the rest service of hbase, and hbase indicates PostgreSQL databases distributed, towards column.
S62, HBase agency receive request, call Service Component;
S63, Service Component forwarding request;
In this step, webhbase-agent calls the restful interface of hbase, and hbase-restful calls hbase
Api.
S64, returning response data.
In this step, hbase returns to call result to hbase-restful, and hbase-restful is to webhbase-
Agent returns to call result, and webhbase-agent is to portal/otherSys returning response solicited message.
It is the implementation process diagram of data processing method provided in an embodiment of the present invention as shown in Figure 7a based on this,
It may comprise steps of:
S701, data file read requests are received, user identifier is carried in the data file read requests and be interviewed
Ask file identification.
If S702, determining do not have sensitive number according to the user identifier and preset sensitive data access rule
When according to access authority, then sensitive number is searched from pre-stored sensitive data mark information according to the accessed file identification
According to the location information in accessed file.
The corresponding number of the user identifier is searched in S703, the tactful corresponding relationship that desensitizes from preset user identifier and data
According to desensitization strategy.
S704, the location information according to sensitive data, it is de- using the data found to the sensitive data of corresponding position
Quick strategy carries out desensitization process.
For a better understanding of the present invention, below in conjunction with data acquisition request process flow to the specific of the embodiment of the present invention
Implementation process is illustrated, and as shown in Figure 7b, may comprise steps of:
S71, data file read requests are received.
Wherein, user identifier and accessed file identification are carried in the data file read requests.
When it is implemented, user or application system are to service broker (data processing equipment i.e. in the embodiment of the present invention)
Data access request is submitted, the data access request that proxy resolution user and application system are submitted judges whether it is data file
Acquisition request, such as data file write request, then according to flow implementation shown in Fig. 3, if it is data acquisition request, according to
Flow implementation shown in Fig. 7.
S72, to judge whether the user has according to the user identifier and preset sensitive data access rule quick
Data access authority is felt, if so, step S78 is executed, if not, executing step S73.
S73, it searches whether to store from pre-stored sensitive data mark information according to the accessed file identification
There is sensitive data mark information, if so, step S74 is executed, if not, executing step S78.
In this step, it can search whether that there are corresponding sensitive data labels from Solr according to accessed file identification
Information illustrates that in accessed file include sensitive data, sensitive number if finding corresponding sensitive data mark information
There are sensitive data and its location information hereof according to record in mark information.If according to accessed file identification from Solr
In do not find corresponding sensitive data mark information, then illustrate not including sensitive data in accessed file, then can be straight
It connects and executes step S78.
S 74, the location information for obtaining sensitive data.
The corresponding number of the user identifier is searched in S75, the tactful corresponding relationship that desensitizes from preset user identifier and data
According to desensitization strategy.
S76, the location information according to sensitive data desensitize to the sensitive data of corresponding position using the data found
Strategy carries out desensitization process.
Wherein, data desensitization strategy includes any one of following: full dose is fuzzy, On Local Fuzzy, original meaning obscure and encryption,
Desensitization process is carried out to the sensitive data for including in accessed file according to user identifier corresponding data desensitization strategy.If it is
The overall situation/On Local Fuzzy then starts the overall situation/localized mode and is gelatinized thread progress Fuzzy processing, and fuzzy if it is encryption, then starting adds
Close fuzzy thread carries out Fuzzy processing, obscures if it is original meaning fuzzy, then starts original meaning and obscure blurring thread and obscured
Change processing.
S77, the accessed file after desensitization process is returned to requesting party, process terminates.
Accessed file in this step, after returning to desensitization process to user or application system.
S78, accessed file is returned to requesting party.
The embodiment of the invention provides the real-time desensitization methods in sensitive data access process under a kind of big data environment, lead to
The discovery of sensitive data, the formulation of sensitive data access rule and data desensitization strategy are crossed, using service broker to sensitive data
It desensitizes.It solves extensive current data safety prevention measure granularity, control point dispersion, exist and protect dead angle and measure endless
Kind problem improves the Information Security under big data technological accumulation and inheritance.
Data processing method provided in an embodiment of the present invention solves the security management and control problem of company's core sensitive data, makes
With the real-time desensitization process of sensitive data access process, the access of sensitive data is controlled from source.Found, identified by data,
The control thinking of detection, desensitization, controls the access and use of sensitive data, so that sensitive data is distributed very clear, sensitive number
According to access strict control, the responsibility sharpening of user and application system, the compliance of sensitive data access are realized.
In data processing method provided in an embodiment of the present invention, for the reality of sensitive data access process under big data environment
When desensitize, discovery is scanned to Resource Server sensitive data, concentrates the sensitive data access for formulating user and application system
Permission and data desensitization rule, the sensitive data accessed lack of competence user and application system carry out desensitization process.This method solution
Jue Liao enterprise disperses unmanageable problem being distributed unintelligible, leaking data path in face of sensitive data, not only realizes pair
The difference management of different rights user and the access of application system sensitive data, while the clear distribution of sensitive data, for sensitivity
The subsequent reinforcement of data management means lays the foundation, and method effectively reduces intra-company legitimate user and reveals sensitive data
Risk improves Information Security, has stronger feasibility.
Based on the same inventive concept, a kind of data processing is additionally provided in the embodiment of the present invention, since above-mentioned apparatus solves
The principle of problem is similar to data processing method, therefore the implementation of above-mentioned apparatus may refer to the implementation of method, repeats place not
It repeats again.
As shown in figure 8, it is the structural schematic diagram of data processing equipment provided in an embodiment of the present invention, comprising:
First receiving unit 81, for receiving data file read request carry in the data file read requests
User identifier and accessed file identification;
First searching unit 82, if for true according to the user identifier and preset sensitive data access rule
When not having sensitive data access authority surely, is then marked and believed from pre-stored sensitive data according to the accessed file identification
Location information of the sensitive data in accessed file is searched in breath;
Second searching unit 83, for searching the use from preset user identifier and the tactful corresponding relationship of data desensitization
Family identifies corresponding data desensitization strategy;
Data desensitization unit 84 utilizes the sensitive data of corresponding position for the location information according to sensitive data
The data desensitization strategy found carries out desensitization process.
Optionally, the data processing equipment, further includes:
Second receiving unit, for receiving data file write request;
Resolution unit, for parsing data file to be written;
Scanning element, for scanning the data file after parsing;
Storage unit, if for being determined in the data file after parsing according to preset sensitive data recognition rule
There are sensitive datas, then record the location information of sensitive data and storage.
Optionally, the data processing equipment, further includes:
First determination unit, for after second receiving unit receives data file write request, determine to
The size of the data file of write-in;
Second determination unit, if the size of data file to be written is more than preset memory analysis threshold value, it is determined that wound
It builds mapping reduction MR task to be scanned, if the size of data file to be written is no more than the memory analysis threshold value, really
It is fixed to be scanned in memory.
Optionally, the data desensitization strategy includes any one of following: full dose is fuzzy, On Local Fuzzy, original meaning are obscured and added
Close processing.
For convenience of description, above each section is divided by function describes respectively for each module (or unit).Certainly, exist
Implement to realize the function of each module (or unit) in same or multiple softwares or hardware when the present invention.
After describing the data processing method and device of exemplary embodiment of the invention, next, introducing basis
The computing device of another exemplary embodiment of the invention.
Person of ordinary skill in the field it is understood that various aspects of the invention can be implemented as system, method or
Program product.Therefore, various aspects of the invention can be embodied in the following forms, it may be assumed that complete hardware embodiment, complete
The embodiment combined in terms of full Software Implementation (including firmware, microcode etc.) or hardware and software, can unite here
Referred to as circuit, " module " or " system ".
In some possible embodiments, it is single can to include at least at least one processing for computing device according to the present invention
Member and at least one storage unit.Wherein, the storage unit is stored with program code, when said program code is described
When processing unit executes, so that the processing unit executes the exemplary implementations various according to the present invention of this specification foregoing description
Step in the data processing method of mode.For example, the processing unit can execute step S701 as shown in Figure 7 a, connect
Data file read requests are received, carry user identifier and accessed file identification, step in the data file read requests
If S702, determining do not have sensitive data access right according to the user identifier and preset sensitive data access rule
In limited time, then sensitive data is searched from pre-stored sensitive data mark information according to the accessed file identification interviewed
Ask the location information in file;Step S703, described in being searched from preset user identifier and the tactful corresponding relationship of data desensitization
The corresponding data desensitization strategy of user identifier;And step S704, the location information according to sensitive data, to corresponding position
Sensitive data carries out desensitization process using the data desensitization strategy found.
The computing device 90 of this embodiment according to the present invention is described referring to Fig. 9.The calculating dress that Fig. 9 is shown
Setting 90 is only an example, should not function to the embodiment of the present invention and use scope bring any restrictions.
As shown in figure 9, computing device 90 is showed in the form of universal computing device.The component of computing device 90 may include
But be not limited to: at least one above-mentioned processing unit 91, at least one above-mentioned storage unit 92, the different system components of connection (including
Storage unit 92 and processing unit 91) bus 93.
Bus 93 indicates one of a few class bus structures or a variety of, including memory bus or Memory Controller,
Peripheral bus, processor or the local bus using any bus structures in a variety of bus structures.
Storage unit 92 may include the readable medium of form of volatile memory, such as random access memory (RAM)
921 and/or cache memory 922, it can further include read-only memory (ROM) 923.
Storage unit 92 can also include program/utility 925 with one group of (at least one) program module 924,
Such program module 924 includes but is not limited to: operating system, one or more application program, other program modules and
It may include the realization of network environment in program data, each of these examples or certain combination.
Computing device 90 can also be communicated with one or more external equipments 94 (such as keyboard, sensing equipment etc.), may be used also
Enable a user to the equipment interacted with computing device 90 communication with one or more, and/or with enable the computing device 90
Any equipment (such as router, modem etc.) communicated with one or more of the other calculating equipment communicates.This
Kind communication can be carried out by input/output (I/O) interface 95.Also, computing device 90 can also pass through network adapter 96
With one or more network (such as local area network (LAN), wide area network (WAN) and/or public network, such as internet) communication.
As shown, network adapter 96 is communicated by bus 93 with other modules for computing device 90.It will be appreciated that though figure
In be not shown, can in conjunction with computing device 90 use other hardware and/or software module, including but not limited to: microcode, equipment
Driver, redundant processing unit, external disk drive array, RAID system, tape drive and data backup storage system
Deng.
In some possible embodiments, the various aspects of data processing method provided by the invention are also implemented as
A kind of form of program product comprising program code, when described program product is run on a computing device, described program
The illustrative embodiments various according to the present invention that code is used to that the computer equipment to be made to execute this specification foregoing description
Step in data processing method, for example, the computer equipment can execute step S701 as shown in Figure 7 a, receive number
According to file read request, user identifier and accessed file identification are carried in the data file read requests, step S702,
If determined according to the user identifier and preset sensitive data access rule without sensitive data access authority,
Sensitive data is then searched from pre-stored sensitive data mark information according to the accessed file identification in accessed text
Location information in part;Step S703, the user is searched from preset user identifier and the tactful corresponding relationship of data desensitization
Identify corresponding data desensitization strategy;And step S704, the location information according to sensitive data, to the sensitivity of corresponding position
Data carry out desensitization process using the data desensitization strategy found.
Described program product can be using any combination of one or more readable mediums.Readable medium can be readable letter
Number medium or readable storage medium storing program for executing.Readable storage medium storing program for executing for example may be-but not limited to-electricity, magnetic, optical, electromagnetic, red
The system of outside line or semiconductor, device or device, or any above combination.The more specific example of readable storage medium storing program for executing
(non exhaustive list) includes: the electrical connection with one or more conducting wires, portable disc, hard disk, random access memory
(RAM), read-only memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc
Read memory (CD-ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.
The program product for data processing of embodiments of the present invention can use the read-only storage of portable compact disc
Device (CD-ROM) and including program code, and can run on the computing device.However, program product of the invention is not limited to
This, in this document, readable storage medium storing program for executing can be any tangible medium for including or store program, which can be commanded
Execution system, device or device use or in connection.
Readable signal medium may include in a base band or as the data-signal that carrier wave a part is propagated, wherein carrying
Readable program code.The data-signal of this propagation can take various forms, including --- but being not limited to --- electromagnetism letter
Number, optical signal or above-mentioned any appropriate combination.Readable signal medium can also be other than readable storage medium storing program for executing it is any can
Read medium, the readable medium can send, propagate or transmit for by instruction execution system, device or device use or
Program in connection.
The program code for including on readable medium can transmit with any suitable medium, including --- but being not limited to ---
Wirelessly, wired, optical cable, RF etc. or above-mentioned any appropriate combination.
The program for executing operation of the present invention can be write with any combination of one or more programming languages
Code, described program design language include object oriented program language-Java, C++ etc., further include conventional
Procedural programming language-such as " C " language or similar programming language.Program code can be fully in user
It calculates and executes in equipment, partly executes on a user device, being executed as an independent software package, partially in user's calculating
Upper side point is executed on a remote computing or is executed in remote computing device or server completely.It is being related to far
Journey calculates in the situation of equipment, and remote computing device can pass through the network of any kind --- including local area network (LAN) or extensively
Domain net (WAN)-be connected to user calculating equipment, or, it may be connected to external computing device (such as utilize Internet service
Provider is connected by internet).
It should be noted that although being referred to several unit or sub-units of device in the above detailed description, this stroke
It point is only exemplary not enforceable.In fact, embodiment according to the present invention, it is above-described two or more
The feature and function of unit can embody in a unit.Conversely, the feature and function of an above-described unit can
It is to be embodied by multiple units with further division.
In addition, although describing the operation of the method for the present invention in the accompanying drawings with particular order, this do not require that or
Hint must execute these operations in this particular order, or have to carry out shown in whole operation be just able to achieve it is desired
As a result.Additionally or alternatively, it is convenient to omit multiple steps are merged into a step and executed by certain steps, and/or by one
Step is decomposed into execution of multiple steps.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although preferred embodiments of the present invention have been described, it is created once a person skilled in the art knows basic
Property concept, then additional changes and modifications can be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as
It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art
Mind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to include these modifications and variations.
Claims (10)
1. a kind of data processing method characterized by comprising
Data file read requests are received, carry user identifier and accessed files-designated in the data file read requests
Know;
If determining do not have sensitive data access right according to the user identifier and preset sensitive data access rule
In limited time, then sensitive data is searched from pre-stored sensitive data mark information according to the accessed file identification interviewed
Ask the location information in file;
It desensitizes from preset user identifier and data and searches the corresponding data desensitization plan of the user identifier in tactful corresponding relationship
Slightly;
According to the location information of sensitive data, the sensitive data of corresponding position is carried out using the data desensitization strategy found
Desensitization process.
2. the method as described in claim 1, which is characterized in that the sensitivity for including in pre-stored sensitive data mark information
Location information of the data in accessed file obtains in the following way:
Receive data file write request;
Parse data file to be written;
Data file after scanning parsing, if determining the data text after parsing according to preset sensitive data recognition rule
There are sensitive datas in part, then record the location information of sensitive data and storage.
3. method according to claim 2, which is characterized in that after receiving data file write request, further includes:
Determine the size of data file to be written;
If the size of data file to be written be more than preset memory analysis threshold value, it is determined that creation mapping reduction MR task into
Row scanning, if the size of data file to be written is no more than the memory analysis threshold value, it is determined that be scanned in memory.
4. method as claimed in claim 1,2 or 3, which is characterized in that the data desensitization strategy includes any one of following: complete
Amount is fuzzy, On Local Fuzzy, original meaning obscure and encryption.
5. a kind of data processing equipment characterized by comprising
First receiving unit, for receiving data file read request carry user's mark in the data file read requests
Knowledge and accessed file identification;
First searching unit, if for not had according to the user identifier and the determination of preset sensitive data access rule
When having sensitive data access authority, then looked into from pre-stored sensitive data mark information according to the accessed file identification
Look for location information of the sensitive data in accessed file;
Second searching unit, for searching the user identifier from preset user identifier and the tactful corresponding relationship of data desensitization
Corresponding data desensitization strategy;
Data desensitization unit utilizes the sensitive data of corresponding position and finds for the location information according to sensitive data
Data desensitization strategy carry out desensitization process.
6. device as claimed in claim 5, which is characterized in that further include:
Second receiving unit, for receiving data file write request;
Resolution unit, for parsing data file to be written;
Scanning element, for scanning the data file after parsing;
Storage unit, if existed for being determined in the data file after parsing according to preset sensitive data recognition rule
Sensitive data then records the location information of sensitive data and storage.
7. device as claimed in claim 6, which is characterized in that further include:
First determination unit, for determining to be written after second receiving unit receives data file write request
Data file size;
Second determination unit, if the size of data file to be written is more than preset memory analysis threshold value, it is determined that creation is reflected
It penetrates reduction MR task to be scanned, if the size of data file to be written is no more than the memory analysis threshold value, it is determined that
It is scanned in memory.
8. the device as described in claim 5,6 or 7, which is characterized in that the data desensitization strategy includes any one of following: complete
Amount is fuzzy, On Local Fuzzy, original meaning obscure and encryption.
9. a kind of computing device, which is characterized in that including at least one processing unit and at least one storage unit, wherein
The storage unit is stored with computer program, when described program is executed by the processing unit, so that the processing unit
Perform claim requires the step of 1~4 any claim the method.
10. a kind of computer-readable medium, which is characterized in that it is stored with the computer program that can be executed by computing device, when
When described program is run on the computing device, so that the computing device perform claim requires the step of 1~4 any the method
Suddenly.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711465717.3A CN109977690A (en) | 2017-12-28 | 2017-12-28 | A kind of data processing method, device and medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711465717.3A CN109977690A (en) | 2017-12-28 | 2017-12-28 | A kind of data processing method, device and medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109977690A true CN109977690A (en) | 2019-07-05 |
Family
ID=67075315
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711465717.3A Pending CN109977690A (en) | 2017-12-28 | 2017-12-28 | A kind of data processing method, device and medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109977690A (en) |
Cited By (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110472036A (en) * | 2019-08-21 | 2019-11-19 | 恩亿科(北京)数据科技有限公司 | A kind of sensitive data based on big data determines method and device |
CN110704853A (en) * | 2019-09-28 | 2020-01-17 | 咪付(深圳)网络技术有限公司 | Desensitization method and system for sensitive data based on desensitization strategy |
CN110826105A (en) * | 2019-11-15 | 2020-02-21 | 江苏苏宁银行股份有限公司 | Distributed bank data desensitization method and system |
CN110958218A (en) * | 2019-10-16 | 2020-04-03 | 平安国际智慧城市科技股份有限公司 | Data transmission method based on multi-network communication and related equipment |
CN111046405A (en) * | 2019-12-12 | 2020-04-21 | 国家电网有限公司大数据中心 | Data processing method, device, equipment and storage medium |
CN111143177A (en) * | 2019-12-04 | 2020-05-12 | 中国建设银行股份有限公司 | Method, system, device and storage medium for collecting RMF III data of IBM host |
CN111209589A (en) * | 2019-12-31 | 2020-05-29 | 航天信息股份有限公司 | Method and system for dynamic data desensitization based on regional chain |
CN111291044A (en) * | 2020-01-14 | 2020-06-16 | 中移(杭州)信息技术有限公司 | Sensitive data identification method and device, electronic equipment and storage medium |
CN111488604A (en) * | 2020-04-07 | 2020-08-04 | 杭州迪普科技股份有限公司 | Data desensitization system and data desensitization method |
CN112069536A (en) * | 2020-08-31 | 2020-12-11 | 上海上讯信息技术股份有限公司 | Method and equipment for realizing desensitization access of database data |
CN112307515A (en) * | 2020-11-27 | 2021-02-02 | 北京锐安科技有限公司 | Database-based data processing method and device, electronic equipment and medium |
CN112506481A (en) * | 2020-12-01 | 2021-03-16 | 数字广东网络建设有限公司 | Service data interaction method and device, computer equipment and storage medium |
CN112765655A (en) * | 2021-01-07 | 2021-05-07 | 支付宝(杭州)信息技术有限公司 | Control method and device based on private data outgoing |
CN112788146A (en) * | 2021-01-22 | 2021-05-11 | 中信银行股份有限公司 | Sensitive information identification and automatic blocking file transmission method and system |
CN113010904A (en) * | 2021-03-17 | 2021-06-22 | 腾讯科技(深圳)有限公司 | Data processing method and device and electronic equipment |
CN113032388A (en) * | 2019-12-25 | 2021-06-25 | 航天信息股份有限公司 | Information processing method, related device, equipment and storage medium |
CN113051601A (en) * | 2019-12-27 | 2021-06-29 | 中移动信息技术有限公司 | Sensitive data identification method, device, equipment and medium |
CN113378225A (en) * | 2021-06-24 | 2021-09-10 | 平安普惠企业管理有限公司 | Online sensitive data acquisition method and device, electronic equipment and storage medium |
CN113626847A (en) * | 2021-08-24 | 2021-11-09 | 北京京东乾石科技有限公司 | Data processing method and device |
CN113836173A (en) * | 2021-10-11 | 2021-12-24 | 百度在线网络技术(北京)有限公司 | Data processing method and device, electronic equipment and storage medium |
CN114417287A (en) * | 2022-03-25 | 2022-04-29 | 阿里云计算有限公司 | Data processing method, system, device and storage medium |
CN114816749A (en) * | 2022-04-22 | 2022-07-29 | 江苏华存电子科技有限公司 | Intelligent management method and system for memory |
CN114866532A (en) * | 2022-04-25 | 2022-08-05 | 安天科技集团股份有限公司 | Method, device, equipment and medium for uploading security check result information of endpoint file |
CN115080987A (en) * | 2021-03-11 | 2022-09-20 | 中国移动通信集团山东有限公司 | Password management method, device, system, storage medium and computer equipment |
CN115203750A (en) * | 2022-09-19 | 2022-10-18 | 杭州比智科技有限公司 | Hive data authority control and security audit method and system based on Hive plug-in |
CN116739742A (en) * | 2023-06-02 | 2023-09-12 | 北京百度网讯科技有限公司 | Monitoring method, device, equipment and storage medium of credit wind control model |
US11822684B1 (en) * | 2018-04-05 | 2023-11-21 | Veritas Technologies Llc | Systems and methods for identifying possible leakage paths of sensitive information |
CN117171800A (en) * | 2023-10-23 | 2023-12-05 | 深圳竹云科技股份有限公司 | Sensitive data identification method and device based on zero trust protection system |
CN117195297A (en) * | 2023-09-18 | 2023-12-08 | 陕西众维信息科技有限公司 | ERP-based data security and privacy protection system and method |
CN117556447A (en) * | 2023-11-29 | 2024-02-13 | 金网络(北京)数字科技有限公司 | Data encryption method and device based on classification recognition and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130167192A1 (en) * | 2011-12-27 | 2013-06-27 | Wellpoint, Inc. | Method and system for data pattern matching, masking and removal of sensitive data |
CN106203170A (en) * | 2016-07-19 | 2016-12-07 | 北京同余科技有限公司 | The Database Dynamic desensitization method of servicing of based role and system |
CN106407843A (en) * | 2016-10-17 | 2017-02-15 | 深圳中兴网信科技有限公司 | Data desensitization method and data desensitization device |
CN107026825A (en) * | 2016-02-02 | 2017-08-08 | 中国移动通信集团陕西有限公司 | A kind of method and system for accessing big data system |
CN107392051A (en) * | 2017-07-28 | 2017-11-24 | 北京明朝万达科技股份有限公司 | A kind of big data processing method and system |
-
2017
- 2017-12-28 CN CN201711465717.3A patent/CN109977690A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130167192A1 (en) * | 2011-12-27 | 2013-06-27 | Wellpoint, Inc. | Method and system for data pattern matching, masking and removal of sensitive data |
CN107026825A (en) * | 2016-02-02 | 2017-08-08 | 中国移动通信集团陕西有限公司 | A kind of method and system for accessing big data system |
CN106203170A (en) * | 2016-07-19 | 2016-12-07 | 北京同余科技有限公司 | The Database Dynamic desensitization method of servicing of based role and system |
CN106407843A (en) * | 2016-10-17 | 2017-02-15 | 深圳中兴网信科技有限公司 | Data desensitization method and data desensitization device |
CN107392051A (en) * | 2017-07-28 | 2017-11-24 | 北京明朝万达科技股份有限公司 | A kind of big data processing method and system |
Cited By (37)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11822684B1 (en) * | 2018-04-05 | 2023-11-21 | Veritas Technologies Llc | Systems and methods for identifying possible leakage paths of sensitive information |
CN110472036A (en) * | 2019-08-21 | 2019-11-19 | 恩亿科(北京)数据科技有限公司 | A kind of sensitive data based on big data determines method and device |
CN110704853A (en) * | 2019-09-28 | 2020-01-17 | 咪付(深圳)网络技术有限公司 | Desensitization method and system for sensitive data based on desensitization strategy |
CN110958218A (en) * | 2019-10-16 | 2020-04-03 | 平安国际智慧城市科技股份有限公司 | Data transmission method based on multi-network communication and related equipment |
CN110826105A (en) * | 2019-11-15 | 2020-02-21 | 江苏苏宁银行股份有限公司 | Distributed bank data desensitization method and system |
CN111143177A (en) * | 2019-12-04 | 2020-05-12 | 中国建设银行股份有限公司 | Method, system, device and storage medium for collecting RMF III data of IBM host |
CN111143177B (en) * | 2019-12-04 | 2023-08-11 | 中国建设银行股份有限公司 | Method, system, device and storage medium for collecting RMF III data of IBM host |
CN111046405A (en) * | 2019-12-12 | 2020-04-21 | 国家电网有限公司大数据中心 | Data processing method, device, equipment and storage medium |
CN111046405B (en) * | 2019-12-12 | 2023-07-07 | 国家电网有限公司大数据中心 | Data processing method, device, equipment and storage medium |
CN113032388A (en) * | 2019-12-25 | 2021-06-25 | 航天信息股份有限公司 | Information processing method, related device, equipment and storage medium |
CN113051601B (en) * | 2019-12-27 | 2024-05-03 | 中移动信息技术有限公司 | Sensitive data identification method, device, equipment and medium |
CN113051601A (en) * | 2019-12-27 | 2021-06-29 | 中移动信息技术有限公司 | Sensitive data identification method, device, equipment and medium |
CN111209589A (en) * | 2019-12-31 | 2020-05-29 | 航天信息股份有限公司 | Method and system for dynamic data desensitization based on regional chain |
CN111291044A (en) * | 2020-01-14 | 2020-06-16 | 中移(杭州)信息技术有限公司 | Sensitive data identification method and device, electronic equipment and storage medium |
CN111488604A (en) * | 2020-04-07 | 2020-08-04 | 杭州迪普科技股份有限公司 | Data desensitization system and data desensitization method |
CN112069536A (en) * | 2020-08-31 | 2020-12-11 | 上海上讯信息技术股份有限公司 | Method and equipment for realizing desensitization access of database data |
CN112307515A (en) * | 2020-11-27 | 2021-02-02 | 北京锐安科技有限公司 | Database-based data processing method and device, electronic equipment and medium |
CN112506481A (en) * | 2020-12-01 | 2021-03-16 | 数字广东网络建设有限公司 | Service data interaction method and device, computer equipment and storage medium |
CN112765655A (en) * | 2021-01-07 | 2021-05-07 | 支付宝(杭州)信息技术有限公司 | Control method and device based on private data outgoing |
CN112788146A (en) * | 2021-01-22 | 2021-05-11 | 中信银行股份有限公司 | Sensitive information identification and automatic blocking file transmission method and system |
CN115080987A (en) * | 2021-03-11 | 2022-09-20 | 中国移动通信集团山东有限公司 | Password management method, device, system, storage medium and computer equipment |
CN113010904A (en) * | 2021-03-17 | 2021-06-22 | 腾讯科技(深圳)有限公司 | Data processing method and device and electronic equipment |
CN113378225A (en) * | 2021-06-24 | 2021-09-10 | 平安普惠企业管理有限公司 | Online sensitive data acquisition method and device, electronic equipment and storage medium |
CN113626847A (en) * | 2021-08-24 | 2021-11-09 | 北京京东乾石科技有限公司 | Data processing method and device |
CN113836173A (en) * | 2021-10-11 | 2021-12-24 | 百度在线网络技术(北京)有限公司 | Data processing method and device, electronic equipment and storage medium |
CN114417287A (en) * | 2022-03-25 | 2022-04-29 | 阿里云计算有限公司 | Data processing method, system, device and storage medium |
CN114417287B (en) * | 2022-03-25 | 2022-09-06 | 阿里云计算有限公司 | Data processing method, system, device and storage medium |
CN114816749A (en) * | 2022-04-22 | 2022-07-29 | 江苏华存电子科技有限公司 | Intelligent management method and system for memory |
CN114866532B (en) * | 2022-04-25 | 2023-11-10 | 安天科技集团股份有限公司 | Method, device, equipment and medium for uploading security check result information of endpoint file |
CN114866532A (en) * | 2022-04-25 | 2022-08-05 | 安天科技集团股份有限公司 | Method, device, equipment and medium for uploading security check result information of endpoint file |
CN115203750A (en) * | 2022-09-19 | 2022-10-18 | 杭州比智科技有限公司 | Hive data authority control and security audit method and system based on Hive plug-in |
CN116739742A (en) * | 2023-06-02 | 2023-09-12 | 北京百度网讯科技有限公司 | Monitoring method, device, equipment and storage medium of credit wind control model |
CN117195297A (en) * | 2023-09-18 | 2023-12-08 | 陕西众维信息科技有限公司 | ERP-based data security and privacy protection system and method |
CN117195297B (en) * | 2023-09-18 | 2024-04-30 | 陕西众维信息科技有限公司 | ERP-based data security and privacy protection system and method |
CN117171800A (en) * | 2023-10-23 | 2023-12-05 | 深圳竹云科技股份有限公司 | Sensitive data identification method and device based on zero trust protection system |
CN117171800B (en) * | 2023-10-23 | 2024-02-06 | 深圳竹云科技股份有限公司 | Sensitive data identification method and device based on zero trust protection system |
CN117556447A (en) * | 2023-11-29 | 2024-02-13 | 金网络(北京)数字科技有限公司 | Data encryption method and device based on classification recognition and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109977690A (en) | A kind of data processing method, device and medium | |
US20210081567A1 (en) | Monitoring data sharing and privacy policy compliance | |
US10762213B2 (en) | Database system threat detection | |
IL275042A (en) | Self-adaptive application programming interface level security monitoring | |
KR101588932B1 (en) | Security through metadata orchestrators | |
CN109818937A (en) | For the control method of Android permission, device and storage medium, electronic device | |
US10223329B2 (en) | Policy based data collection, processing, and negotiation for analytics | |
US11113126B2 (en) | Verifying transfer of detected sensitive data | |
CN109063138A (en) | For in block chain, that is, service platform search data method, equipment and storage medium | |
US10891357B2 (en) | Managing the display of hidden proprietary software code to authorized licensed users | |
US10057275B2 (en) | Restricted content publishing with search engine registry | |
CN109598140A (en) | A kind of guard method of webpage information and device | |
KR101977624B1 (en) | Method and apparatus for providing authentication information on a web page | |
US10929491B2 (en) | Social sharing path user interface insights | |
US10282461B2 (en) | Structure-based entity analysis | |
US10587652B2 (en) | Generating false data for suspicious users | |
CN108809913A (en) | The method, apparatus and equipment of data desensitization | |
CN108989369A (en) | The method and its system of progress current limliting are requested user | |
US20180349983A9 (en) | A system for periodically updating backings for resource requests | |
US11416631B2 (en) | Dynamic monitoring of movement of data | |
CN110069911A (en) | Access control method, device, system, electronic equipment and readable storage medium storing program for executing | |
JP2022094938A (en) | Method for monitoring and controlling data access, computer program, and security system agent equipment | |
CN109493046A (en) | Business opportunity information sharing method, electronic device and readable storage medium storing program for executing based on block chain | |
CN114969832B (en) | Private data management method and system based on server-free architecture | |
US10083246B2 (en) | Apparatus and method for universal personal data portability |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190705 |