CN115840964A - Data processing method and device, electronic equipment and computer storage medium - Google Patents
Data processing method and device, electronic equipment and computer storage medium Download PDFInfo
- Publication number
- CN115840964A CN115840964A CN202211579587.7A CN202211579587A CN115840964A CN 115840964 A CN115840964 A CN 115840964A CN 202211579587 A CN202211579587 A CN 202211579587A CN 115840964 A CN115840964 A CN 115840964A
- Authority
- CN
- China
- Prior art keywords
- data
- user
- desensitization
- user access
- privacy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The embodiment of the invention provides a data processing method, a data processing device, electronic equipment and a computer storage medium. And acquiring a privacy protection policy table, wherein the privacy protection policy table indicates the mapping relation between the user access role and the privacy protection policy. And searching a privacy protection strategy table, and determining a privacy protection strategy matched with the user access role, wherein the privacy protection strategy comprises a privacy data identification algorithm and a privacy data desensitization algorithm. And based on a private data identification algorithm, identifying the target access data to obtain the data to be desensitized. Desensitization processing is carried out on the data to be desensitized based on a privacy data desensitization algorithm to obtain desensitization data. The scheme of the invention realizes the data desensitization of the newly added data in real time, and selects different privacy protection strategies to perform data desensitization according to different access roles of the user, thereby improving the accuracy of the data desensitization.
Description
Technical Field
The embodiment of the invention relates to the technical field of computers, in particular to a data processing method and device, electronic equipment and a computer storage medium.
Background
With the development of big data applications, the value of data is continuously improved, and private data of users contained in the data is easy to suffer from network attacks, so that the data is leaked. In order to avoid the disclosure of the private data, the private data needs to be desensitized, and then applied to a development and test environment after being desensitized.
In the prior art, a static desensitization method is usually adopted, privacy data is extracted for desensitization according to requirements of development testing, operation and maintenance and the like for stock data, namely data held by a system before a certain time node, and the desensitized privacy data is inserted into a target environment for application. However, for a system with a new subscriber or new service at any time, the real-time performance is important, so that it is also necessary to desensitize incremental data, i.e. privacy data newly added in the system for a certain period of time. The static desensitization method needs to desensitize incremental data, and needs to perform another round of processes of data extraction, desensitization and target environment insertion, so that the requirement of real-time desensitization cannot be met.
Disclosure of Invention
Embodiments of the present invention provide an authentication connection method, system, electronic device and computer storage medium to at least solve the above problems.
According to a first aspect of embodiments of the present invention, a data processing method is provided, where the data processing method includes parsing a received user access request to obtain a user access role and target access data. And acquiring a privacy protection policy table, wherein the privacy protection policy table indicates the mapping relation between the user access role and the privacy protection policy. And searching a privacy protection strategy table, and determining a privacy protection strategy matched with the user access role, wherein the privacy protection strategy comprises a privacy data identification algorithm and a privacy data desensitization algorithm. And based on a private data identification algorithm, identifying the target access data to obtain the data to be desensitized. Desensitization processing is carried out on the data to be desensitized based on a privacy data desensitization algorithm to obtain desensitization data.
In one implementation, the data processing method further includes determining a target business system for the user access request. And judging whether the user access request passes the verification or not according to an access control information table of the target service system, wherein the access control information table comprises an access address, a user account and a user password. And if the user access request passes the audit, receiving the user access request.
In another implementation, whether the user access request passes the audit is judged according to the access control information table of the target service system, including whether the access address, the user name and the user password of the user access request are matched with the access control information table. And if the access address, the user name and the user password of the user access request are matched with the access control information table, the user access request passes the verification.
In another implementation, the data processing method further includes setting a plurality of private data identification algorithms corresponding to the user authority levels. And analyzing the pre-stored sensitive data to obtain the data type and the security level of the sensitive data. And setting a plurality of privacy data desensitization algorithms corresponding to the data types, the security levels and the user permission levels.
In another implementation manner, the data processing method further includes obtaining a pre-stored user information table, where the user information table indicates a mapping relationship between a user access role and a user permission level. And determining a privacy data identification algorithm and a privacy data desensitization algorithm matched with the user access role from the multiple privacy data identification algorithms and the multiple privacy data desensitization algorithms based on the mapping relation between the user access role and the user permission level. And combining the private data identification algorithm and the private data desensitization algorithm to generate a privacy protection strategy matched with the user access role.
In another implementation, the plurality of private data recognition algorithms includes at least two of sensitive data semantic analysis, sensitive data keyword recognition, sensitive field canonical matching.
In another implementation, the plurality of privacy data desensitization algorithms includes at least two of fixed value desensitization, randomization, lookup and replace, differential privacy, pseudonymization.
According to a second aspect of the embodiments of the present invention, there is provided a data processing apparatus, including an analysis module, configured to analyze a received user access request to obtain a user access role and target access data. The obtaining module is used for obtaining a privacy protection policy table, and the privacy protection policy table indicates the mapping relation between the user access role and the privacy protection policy. And the searching module is used for searching the privacy protection strategy table and determining the privacy protection strategy matched with the user access role, wherein the privacy protection strategy comprises a privacy data identification algorithm and a privacy data desensitization algorithm. And the identification module is used for identifying the target access data based on a private data identification algorithm to obtain the data to be desensitized. And the desensitization module is used for desensitizing the data to be desensitized based on the privacy data desensitization algorithm to obtain desensitization data.
According to a third aspect of embodiments of the present invention, there is provided an electronic device comprising a processor, a memory storing a program. Wherein the program comprises instructions which, when executed by a processor, cause the processor to perform the method according to the first aspect.
According to a fourth aspect of embodiments of the present invention, there is provided a computer storage medium having stored thereon a computer program which, when executed by a processor, performs the method of the first aspect.
In the scheme of the embodiment of the invention, the data processing method is provided, the privacy protection strategy matched with the user access role is determined to process the target access data by receiving and analyzing the user access request in real time, the data desensitization of the newly added target access data is realized in real time, different privacy protection strategies are selected for data desensitization according to different user access roles, and the accuracy of the data desensitization is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the embodiments of the present invention, and it is also possible for a person skilled in the art to obtain other drawings based on the drawings.
FIG. 1 is a flowchart illustrating steps of a data processing method according to an embodiment of the present invention.
Fig. 2 is a block diagram of a data processing apparatus corresponding to the embodiment of fig. 1.
Fig. 3 is a schematic structural diagram of an electronic device according to another embodiment of the invention.
Description of the reference numerals:
210. an analysis module; 220. an acquisition module; 230. a searching module; 240. an identification module; 250. a desensitization module; 300. an electronic device; 302. a processor; 304. a communication interface; 306. a memory; 308. a bus; 310. and (5) carrying out a procedure.
Detailed Description
In order to more clearly understand technical features, objects, and effects of embodiments of the present invention, specific embodiments of the present invention will now be described with reference to the accompanying drawings.
"exemplary" means "serving as an example, instance, or illustration" herein, and any illustration, embodiment, or steps described as "exemplary" herein should not be construed as a preferred or advantageous alternative.
For the sake of simplicity, the drawings only schematically show the parts relevant to the present invention, and they do not represent the actual structure as a product. In addition, for simplicity and clarity of understanding, elements having the same structure or function may be shown in some figures only as a schematic representation of one or more of the elements, or may be labeled only as one or more of the elements.
In order to make those skilled in the art better understand the technical solutions in the embodiments of the present invention, the technical solutions in the embodiments of the present invention will be described clearly and completely with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments of the present invention shall fall within the scope of the protection of the embodiments of the present invention.
The following further describes specific implementation of the embodiments of the present invention with reference to the drawings.
According to a first aspect of embodiments of the present invention, a data processing method is provided. Referring to fig. 1, fig. 1 is a flowchart illustrating steps of a data processing method according to an embodiment of the present invention.
As shown in fig. 1, the present embodiment mainly includes the following steps:
step S110, analyzing the received user access request to obtain the user access role and the target access data.
Illustratively, a user access request initiated by a user is received, the user access request includes user access role information and target access data information, the user access role and the target access data are obtained by analyzing the user access request, the user access role may include developers, testers and operation and maintenance personnel, and the target access data may be business data stored in a business system of an enterprise.
Step S120, a privacy protection policy table is obtained, and the privacy protection policy table indicates the mapping relation between the user access role and the privacy protection policy.
Illustratively, a privacy protection policy table is obtained, where the privacy protection policy table is a table pre-stored in an enterprise business system in advance and used for indicating a mapping relationship between a user access role and privacy protection policies, the privacy protection policy table includes a plurality of privacy protection policies, and each privacy protection policy in the plurality of privacy protection policies corresponds to a different user access role.
The mapping relation between the user access role and the privacy protection strategy is obtained by obtaining the privacy protection strategy table, so that the subsequent searching operation is carried out through the privacy protection strategy table and the mapping relation, and the data searching efficiency is improved.
Step S130, a privacy protection strategy table is searched, and a privacy protection strategy matched with the user access role is determined, wherein the privacy protection strategy comprises a privacy data identification algorithm and a privacy data desensitization algorithm.
It should be understood that the privacy protection policy table is searched, the privacy protection policy matching the user access role is determined, the privacy protection policy is determined from a plurality of privacy protection policies in the privacy protection policy table, and the privacy protection policy is matched with the user access role.
It should also be understood that the privacy protection policy that matches the user access role includes a private data recognition algorithm and a private data desensitization algorithm that also completely match the user access role.
The privacy protection strategy matched with the user access role is determined through different user access roles, different privacy protection strategies exist in different user access roles, the privacy protection strategy at the user level is provided, and the accuracy of data processing is improved.
And step S140, based on the private data identification algorithm, identifying the target access data to obtain the data to be desensitized.
Illustratively, the target access data is identified based on a private data identification algorithm that is also matched to the user access role, with different user roles having correspondingly different private data identification algorithms.
It should be understood that the data to be desensitized, i.e. the sensitive data, is private information such as identification number, home address, work unit, bank card number, etc. for an individual. For enterprises, company core information such as customer information, financial information, technical information, and major decisions is sensitive data. In the embodiment of the present invention, the sensitive data refers to data such as user data, financial information, technical data, and significant decision for an enterprise. Therefore, desensitization needs to be performed on data to be desensitized, namely sensitive data, so that privacy protection is realized and data leakage is avoided.
Data to be desensitized is obtained through a private data identification algorithm, so that desensitization is carried out on the data to be desensitized subsequently, and data leakage is avoided.
And S150, desensitizing the data to be desensitized based on the privacy data desensitizing algorithm to obtain desensitized data.
It should be understood that desensitization processing, namely data desensitization, is a technology for processing sensitive information in data by replacing the sensitive information in the data or deforming the sensitive information in the data, and is characterized in that the processed data is seemingly real, but does not expose any sensitive information, and has no use value for people who want to abuse the data.
It should also be understood that, when desensitization processing is performed on the data to be desensitized, other data not to be desensitized, that is, other non-sensitive data, in the target access data may not be modified, and thus it may be ensured that other data not to be desensitized in the target access data requested to be accessed is not affected, data security is ensured, and data leakage is avoided.
In summary, in the scheme of the embodiment of the present invention, a data processing method is provided, in which a user access request is received and analyzed in real time, and a privacy protection policy matched with a user access role is determined to process target access data, so that data desensitization is performed on newly added target access data in real time, and different privacy protection policies are selected for data desensitization according to different user access roles, so that accuracy of data desensitization is improved.
In one implementation, the data processing method further includes determining a target business system for the user access request. And judging whether the user access request passes the verification or not according to an access control information table of the target service system, wherein the access control information table comprises an access address, a user account and a user password. And if the user access request passes the audit, receiving the user access request.
It should be understood that, for different user access requests, service systems are different, the data processing method of the embodiment of the present invention is not only suitable for a large data platform, but also suitable for an independent service system, and can determine a target service system for a user access request through a user access request, and perform subsequent data processing in real time through the target service system, thereby meeting the requirement of performing real-time desensitization on data.
Illustratively, before receiving the user access request, whether the user access request passes the audit is judged according to an access control information table of the target business system, if the user access request passes the audit, the user access request is received, and the access control information table comprises an access address, a user account and a user password.
Whether the user access request is received or not is determined by auditing the user access request, so that malicious network attack can be effectively prevented, a legal source of the user access request is ensured, and data leakage is avoided.
In another implementation, whether the user access request passes the audit is judged according to the access control information table of the target service system, including whether the access address, the user name and the user password of the user access request are matched with the access control information table. And if the access address, the user name and the user password of the user access request are matched with the access control information table, the user access request passes the verification.
Whether the user access request is received or not is determined by auditing the user access request, if the access address, the user name and the user password of the user access request are matched with the access control information table, the user access request passes the audit, malicious network attack can be effectively prevented through an audit mechanism, the legal source of the user access request is ensured, and data leakage is avoided.
In another implementation, the data processing method further includes setting a plurality of private data identification algorithms corresponding to the user authority levels. And analyzing the pre-stored sensitive data to obtain the data type and the security level of the sensitive data. And setting a plurality of privacy data desensitization algorithms corresponding to the data types, the security levels and the user authority levels.
Illustratively, the user permission level may include a primary user permission and a secondary user permission, and two privacy data identification algorithms corresponding to the primary user permission and the secondary user permission are set. The data type of the sensitive data can comprise structured data and unstructured data, the security level of the sensitive data is divided into a first security level and a second security level, the first security level corresponds to the structured data, the second security level corresponds to the unstructured data, and two privacy data desensitization algorithms corresponding to the data type, the security level and the user permission level are set. The two private data identification algorithms and the two private data desensitization algorithms mentioned in the embodiments of the present invention are only examples, and are not limiting on the number of private data identification algorithms and private data desensitization algorithms.
As another example, the data type of the sensitive data may also include numbers, characters, text data, image data, sound data, video data, and the like.
By setting a plurality of private data identification algorithms and private data desensitization algorithms, the data desensitization requirements of different data types and different user authority levels and different security levels are met, and the accuracy of data desensitization is improved.
In another implementation, the data processing method further includes obtaining a pre-stored user information table, where the user information table indicates a mapping relationship between a user access role and a user permission level. And determining a privacy data identification algorithm and a privacy data desensitization algorithm matched with the user access role from the multiple privacy data identification algorithms and the multiple privacy data desensitization algorithms based on the mapping relation between the user access role and the user permission level. And combining the private data identification algorithm and the private data desensitization algorithm to generate a privacy protection strategy matched with the user access role.
It should be understood that different user roles have different user permission levels, and that different user permission levels correspond to different private data identification algorithms and private data desensitization algorithms.
And determining a private data identification algorithm and a private data desensitization algorithm matched with the user access role from a plurality of private data identification algorithms and a plurality of private data desensitization algorithms by acquiring a pre-stored user information table. The method realizes the private data identification algorithm and the private data desensitization algorithm aiming at different user roles and user permission levels, and improves the flexibility and the accuracy of data processing.
In another implementation, the plurality of private data recognition algorithms includes at least two of sensitive data semantic analysis, sensitive data keyword recognition, sensitive field canonical matching.
For example, the sensitive data keyword recognition may first analyze field information of target access data in a received user access request, compare a preset keyword field with the field information of the target access data, screen out target access field data completely consistent with a field length and a field type of the preset keyword field from the field information of the target access data, and determine the target access field data as data to be desensitized.
As another example, when it is determined that the data type of the sensitive data is text data, a private data recognition algorithm of sensitive data semantic analysis is used for word segmentation, a fingerprint model of a preset sensitive data text to be learned and trained is extracted, then fingerprint capture is performed on the detected text data by using the same method, the obtained fingerprint is compared with the trained fingerprint, and whether the detected text data is to-be-desensitized data or not is determined according to a preset similarity threshold.
Different privacy data identification algorithms are determined according to different data types, different user permission levels and different security levels, and data to be desensitized are determined according to the different privacy data identification algorithms, so that the flexibility and the accuracy of data processing are improved.
In another implementation, the plurality of privacy data desensitization algorithms includes at least two of fixed value desensitization, randomization, lookup and replace, differential privacy, pseudonymization.
Illustratively, if the data type of the sensitive data is confirmed to be text data, a search and replacement privacy data desensitization algorithm is adopted to search the field position of the data to be desensitized in the target access data and replace the field position with a symbol or a letter.
Different privacy data desensitization algorithms are determined according to different data types, different user permission levels and different security levels, desensitization processing is carried out on desensitization data according to the different privacy data desensitization algorithms, desensitization data are obtained, and flexibility and accuracy of data processing are improved.
In another implementation mode, a quantity threshold of a private data identification algorithm is set, a plurality of sensitive data are selected from a preset sensitive database to serve as data samples, a plurality of data to be desensitized, which are obtained according to identification of the plurality of private data identification algorithms, are compared with the plurality of selected sensitive data to obtain the quantity of data to be desensitized, which is completely consistent with the plurality of selected sensitive data, in the plurality of data to be desensitized, whether the quantity is the set quantity threshold of the private data identification algorithm is judged, and if the quantity does not exceed the quantity threshold, the corresponding relation among the plurality of private data identification algorithms, a user access role, the data types and the security levels of the sensitive data is adjusted until the quantity of the data to be desensitized, which is completely consistent with the plurality of selected sensitive data, in the plurality of data to be desensitized exceeds the set quantity threshold of the private data identification algorithms.
The accuracy of the identification of the plurality of privacy data identification algorithms is judged by setting the quantity threshold of the privacy data identification algorithms and the quantity threshold, and the accuracy of data processing is improved by adjusting the corresponding relation between the plurality of privacy data identification algorithms and the user access role, the data type and the security level of the sensitive data.
According to a second aspect of the embodiment of the present invention, a data processing apparatus is provided, and referring to fig. 2, fig. 2 is a block diagram of a data processing apparatus corresponding to the embodiment of fig. 1. The data processing apparatus of the present embodiment includes:
the parsing module 210 is configured to parse the received user access request to obtain a user access role and target access data.
The obtaining module 220 is configured to obtain a privacy protection policy table, where the privacy protection policy table indicates a mapping relationship between a user access role and a privacy protection policy.
The searching module 230 is configured to search the privacy protection policy table, and determine a privacy protection policy that matches the user access role, where the privacy protection policy includes a privacy data identification algorithm and a privacy data desensitization algorithm.
And the identification module 240 is configured to perform identification processing on the target access data based on a private data identification algorithm to obtain data to be desensitized.
And the desensitization module 250 is used for performing desensitization processing on the data to be desensitized based on the privacy data desensitization algorithm to obtain desensitization data.
In another implementation manner, the data processing apparatus of this embodiment further includes:
and an access control module 260 for determining a target business system for the user access request. And judging whether the user access request passes the verification or not according to an access control information table of the target service system, wherein the access control information table comprises an access address, a user account and a user password. And if the user access request passes the audit, receiving the user access request.
The access control module 260 is further configured to determine whether the access address, the user name, and the user password of the user access request match the access control information table. And if the access address, the user name and the user password of the user access request are matched with the access control information table, the user access request passes the verification.
In the scheme of the embodiment of the invention, the data processing method is provided, the privacy protection strategy matched with the user access role is determined to process the target access data by receiving and analyzing the user access request in real time, the data desensitization of the newly added target access data is realized in real time, different privacy protection strategies are selected for data desensitization according to different user access roles, and the accuracy of the data desensitization is improved.
The device of the embodiment is used for realizing the corresponding method in the plurality of method embodiments and has the advantages of the corresponding method embodiments. In addition, the functional implementation of each module in the apparatus of the present embodiment can refer to the description of the corresponding part in the foregoing method embodiments.
According to a third aspect of the embodiments of the present invention, there is provided an electronic device, and referring to fig. 3, a block diagram of a structure of an electronic device 300 that can be a server or a client of the present invention will now be described, which is an example of a hardware device that can be applied to aspects of the present invention. Electronic device is intended to represent various forms of digital electronic computer devices, such as laptops, desktops, workstations, user digital assistants, servers, blade servers, mainframes, and other suitable computers. The electronic device may also represent various forms of mobile devices, such as user digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
The electronic device 300 may include: a processor (processor) 302, a communication Interface 304, a memory 306, and a communication bus 308.
The processor 302, communication interface 304, and memory 306 communicate with each other via a communication bus 308. A communication interface 304 for communicating with other electronic devices or servers.
The processor 302 is configured to execute the program 310, and may specifically perform the relevant steps in the above method embodiments.
In particular, program 310 may include program code comprising computer operating instructions.
The processor 302 may be a processor CPU, or an Application Specific Integrated Circuit ASIC (Application Specific Integrated Circuit), or one or more Integrated circuits configured to implement embodiments of the present invention. The intelligent device comprises one or more processors which can be the same type of processor, such as one or more CPUs; or may be different types of processors such as one or more CPUs and one or more ASICs.
And a memory 306 for storing a program 310. Memory 306 may comprise high-speed RAM memory and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The program 310 may specifically be configured to cause the processor 302 to perform the following operations: and analyzing the received user access request to obtain a user access role and target access data. And acquiring a privacy protection policy table, wherein the privacy protection policy table indicates the mapping relation between the user access role and the privacy protection policy. And searching a privacy protection strategy table, and determining a privacy protection strategy matched with the user access role, wherein the privacy protection strategy comprises a privacy data identification algorithm and a privacy data desensitization algorithm. And based on a private data identification algorithm, identifying the target access data to obtain the data to be desensitized. Desensitization processing is carried out on the data to be desensitized based on a privacy data desensitization algorithm, so that desensitization data are obtained.
In addition, for specific implementation of each step in the program 310, reference may be made to corresponding steps and corresponding descriptions in units in the foregoing method embodiments, which are not described herein again. It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described devices and modules may refer to the corresponding process descriptions in the foregoing method embodiments, and are not described herein again.
It should be noted that, according to the implementation requirement, each component/step described in the embodiment of the present invention may be divided into more components/steps, and two or more components/steps or partial operations of the components/steps may also be combined into a new component/step to achieve the purpose of the embodiment of the present invention.
The above-described methods according to embodiments of the present invention may be implemented in hardware, firmware, or as software or computer code that may be stored in a recording medium such as a CD ROM, RAM, floppy disk, hard disk, or magneto-optical disk, or as computer code downloaded through a network, originally stored in a remote recording medium or a non-transitory machine-readable medium, and to be stored in a local recording medium, so that the methods described herein may be stored in such software processes on a recording medium using a general purpose computer, a processor, or programmable or hardware such as an ASIC or FPGA. It will be appreciated that a computer, processor, microprocessor controller, or programmable hardware includes memory components (e.g., RAM, ROM, flash memory, etc.) that can store or receive software or computer code that, when accessed and executed by a computer, processor, or hardware, implements the methods described herein. Further, when a general-purpose computer accesses code for implementing the methods illustrated herein, execution of the code transforms the general-purpose computer into a special-purpose computer for performing the methods illustrated herein.
So far, specific embodiments of the present invention have been described. Other embodiments are within the scope of the following claims. In some cases, the actions recited in the claims can be performed in a different order and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may be advantageous.
It should be noted that all directional indicators (such as up, down, left, right, rear \8230;) in the embodiments of the present invention are only used to explain the relative positional relationship between the components, the motion situation, etc. in a specific posture (as shown in the attached drawings), and if the specific posture is changed, the directional indicator is changed accordingly.
In the description of the present invention, the terms "first" and "second" are used merely for convenience in describing different components or names, and are not to be construed as indicating or implying a sequential relationship, relative importance, or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention.
It should be understood that although the present description has been described in terms of various embodiments, not every embodiment includes only a single embodiment, and such description is for clarity purposes only, and those skilled in the art will recognize that the embodiments described herein may be combined as suitable to form other embodiments, as will be appreciated by those skilled in the art.
The examples of the embodiments of the present invention are intended to briefly describe the technical features of the embodiments of the present invention, so that those skilled in the art can intuitively understand the technical features of the embodiments of the present invention, and the embodiments of the present invention are not unduly limited.
Finally, it should be noted that: the above embodiments are only for illustrating the embodiments of the present invention and not for limiting the embodiments of the present invention, and those skilled in the art can make various changes and modifications without departing from the spirit and scope of the embodiments of the present invention, so that all equivalent technical solutions also belong to the scope of the embodiments of the present invention, and the scope of patent protection of the embodiments of the present invention should be defined by the claims.
Claims (10)
1. A data processing method, comprising:
analyzing the received user access request to obtain a user access role and target access data;
the method comprises the steps of obtaining a privacy protection policy table, wherein the privacy protection policy table indicates the mapping relation between a user access role and a privacy protection policy;
searching the privacy protection strategy table, and determining a privacy protection strategy matched with the user access role, wherein the privacy protection strategy comprises a privacy data identification algorithm and a privacy data desensitization algorithm;
based on the private data identification algorithm, carrying out identification processing on the target access data to obtain data to be desensitized;
and desensitizing the data to be desensitized based on the private data desensitization algorithm to obtain desensitized data.
2. The method of claim 1, further comprising:
determining a target business system for the user access request;
judging whether the user access request passes the verification or not according to an access control information table of the target service system, wherein the access control information table comprises an access address, a user account and a user password;
and if the user access request passes the audit, receiving the user access request.
3. The method according to claim 2, wherein said determining whether the user access request is approved according to the access control information table of the target service system comprises:
judging whether the access address, the user name and the user password of the user access request are matched with the access control information table or not;
and if the access address, the user name and the user password of the user access request are matched with the access control information table, the user access request passes the verification.
4. The method of claim 1, further comprising:
setting a plurality of private data identification algorithms corresponding to the user permission levels;
analyzing pre-stored sensitive data to obtain the data type and the security level of the sensitive data;
and setting a plurality of privacy data desensitization algorithms corresponding to the data types, the security levels and the user permission levels.
5. The method of claim 4, further comprising:
acquiring a pre-stored user information table, wherein the user information table indicates the mapping relation between a user access role and a user authority level;
based on the mapping relation between the user access role and the user permission level, determining a private data identification algorithm and a private data desensitization algorithm which are matched with the user access role from the multiple private data identification algorithms and the multiple private data desensitization algorithms;
and combining the private data identification algorithm and the private data desensitization algorithm to generate a privacy protection strategy matched with the user access role.
6. The method of claim 5, wherein the plurality of private data recognition algorithms comprises at least two of sensitive data semantic analysis, sensitive data keyword recognition, and sensitive field canonical matching.
7. The method of claim 5, wherein the plurality of privacy data desensitization algorithms comprise at least two of fixed value desensitization, randomization, lookup and replace, differential privacy, pseudonymization.
8. A data processing apparatus, comprising:
the analysis module is used for analyzing the received user access request to obtain a user access role and target access data;
the system comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for acquiring a privacy protection policy table which indicates the mapping relation between a user access role and a privacy protection policy;
the searching module is used for searching the privacy protection strategy table and determining a privacy protection strategy matched with the user access role, wherein the privacy protection strategy comprises a privacy data identification algorithm and a privacy data desensitization algorithm;
the identification module is used for identifying the target access data based on the private data identification algorithm to obtain data to be desensitized;
and the desensitization module is used for desensitizing the data to be desensitized based on the private data desensitization algorithm to obtain desensitization data.
9. An electronic device, comprising:
a processor;
a memory storing a program;
wherein the program comprises instructions which, when executed by the processor, cause the processor to carry out the method according to any one of claims 1-7.
10. A computer storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211579587.7A CN115840964A (en) | 2022-12-08 | 2022-12-08 | Data processing method and device, electronic equipment and computer storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211579587.7A CN115840964A (en) | 2022-12-08 | 2022-12-08 | Data processing method and device, electronic equipment and computer storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115840964A true CN115840964A (en) | 2023-03-24 |
Family
ID=85578359
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211579587.7A Pending CN115840964A (en) | 2022-12-08 | 2022-12-08 | Data processing method and device, electronic equipment and computer storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115840964A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116132198A (en) * | 2023-04-07 | 2023-05-16 | 杭州海康威视数字技术股份有限公司 | Internet of things privacy behavior sensing method and device based on lightweight context semantics |
| CN116383884A (en) * | 2023-04-14 | 2023-07-04 | 武汉浪科鑫炫网络科技有限公司 | Data security protection method and system based on artificial intelligence |
| CN117171800A (en) * | 2023-10-23 | 2023-12-05 | 深圳竹云科技股份有限公司 | Sensitive data identification method and device based on zero trust protection system |
-
2022
- 2022-12-08 CN CN202211579587.7A patent/CN115840964A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116132198A (en) * | 2023-04-07 | 2023-05-16 | 杭州海康威视数字技术股份有限公司 | Internet of things privacy behavior sensing method and device based on lightweight context semantics |
| CN116383884A (en) * | 2023-04-14 | 2023-07-04 | 武汉浪科鑫炫网络科技有限公司 | Data security protection method and system based on artificial intelligence |
| CN116383884B (en) * | 2023-04-14 | 2024-02-23 | 天翼安全科技有限公司 | Data security protection method and system based on artificial intelligence |
| CN117171800A (en) * | 2023-10-23 | 2023-12-05 | 深圳竹云科技股份有限公司 | Sensitive data identification method and device based on zero trust protection system |
| CN117171800B (en) * | 2023-10-23 | 2024-02-06 | 深圳竹云科技股份有限公司 | Sensitive data identification method and device based on zero trust protection system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110399925B (en) | Account risk identification method, device and storage medium | |
| CN105590055B (en) | Method and device for identifying user credible behaviors in network interaction system | |
| CN115840964A (en) | Data processing method and device, electronic equipment and computer storage medium | |
| US11956272B2 (en) | Identifying legitimate websites to remove false positives from domain discovery analysis | |
| CN112738102B (en) | Asset identification method, device, equipment and storage medium | |
| CN111625809B (en) | Data authorization method and device, electronic equipment and storage medium | |
| CN112837069B (en) | Block chain and big data based secure payment method and cloud platform system | |
| CN112118249B (en) | Security protection method and device based on log and firewall | |
| CN114760149B (en) | Data cross-border compliance management and control method and device, computer equipment and storage medium | |
| WO2019153589A1 (en) | Message data processing method and apparatus, and computer device and storage medium | |
| CN116366338B (en) | Risk website identification method and device, computer equipment and storage medium | |
| CN109460653B (en) | Rule engine based verification method, verification device, storage medium and apparatus | |
| CN113472803A (en) | Vulnerability attack state detection method and device, computer equipment and storage medium | |
| CN110210307B (en) | Face sample library deployment method, face-recognition-based service processing method and device | |
| CN111125748A (en) | Judgment method and device for unauthorized query, computer equipment and storage medium | |
| CN113065748A (en) | Business risk assessment method, device, equipment and storage medium | |
| CN115643044A (en) | Data processing method, device, server and storage medium | |
| CN114297735A (en) | Data processing method and related device | |
| CN113409051B (en) | Risk identification method and device for target service | |
| CN115809466B (en) | Security requirement generation method and device based on STRIDE model, electronic equipment and medium | |
| CN111949363A (en) | Service access management method, computer equipment, storage medium and system | |
| CN115695054B (en) | WAF interception page identification method and device based on machine learning and related components | |
| CN117081727B (en) | Weak password detection method and device | |
| US7827287B2 (en) | Interim execution context identifier | |
| CN114611122A (en) | Data processing method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |