CN116127478A - Desensitizing method and device for log, electronic equipment and storage medium - Google Patents
Desensitizing method and device for log, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN116127478A CN116127478A CN202211087625.7A CN202211087625A CN116127478A CN 116127478 A CN116127478 A CN 116127478A CN 202211087625 A CN202211087625 A CN 202211087625A CN 116127478 A CN116127478 A CN 116127478A
- Authority
- CN
- China
- Prior art keywords
- log
- target object
- encrypted
- public key
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/1805—Append-only file systems, e.g. using logs or journals to store data
- G06F16/1815—Journaling file systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6254—Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Data Mining & Analysis (AREA)
- Storage Device Security (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a method, a device, electronic equipment and a storage medium for desensitizing a log, which are used for determining a target object for receiving the log to be encrypted and a target field corresponding to the target object in the log to be encrypted; obtaining a public key ciphertext of the target object, decrypting the public key ciphertext of the target object, and obtaining an encrypted public key corresponding to the target object; encrypting the target field in the log to be encrypted according to the encryption public key to obtain an encrypted log; sending the encrypted log to the target object; according to the method and the system for encrypting the target object, the corresponding target fields in the log are encrypted according to the encryption public key corresponding to the target object of the received log, and the target fields corresponding to different objects are encrypted by adopting different encryption public keys, so that the whole log is sent to the target object, and the target object cannot check the related content of other objects in the log, thereby effectively preventing information leakage and guaranteeing data safety.
Description
Technical Field
The present invention relates to the field of data encryption technologies, and in particular, to a method and apparatus for desensitizing a log, an electronic device, and a storage medium.
Background
The log of the business system often contains object sensitive information such as name, cell phone number, mailbox, home address, office address, etc. If the sensitive information is not subjected to desensitization, some other people can illegally collect the sensitive information and sell the sensitive information, so that the object information is leaked, and meanwhile, the reputation of a company is influenced, so that the sensitive information needs to be subjected to desensitization when the log is checked.
The log in the service system may contain sensitive information of different objects, and the current desensitization method mainly adopts a unified encryption mode to encrypt the sensitive information of different objects, and the desensitization mode is single, which may cause information leakage.
Disclosure of Invention
The embodiment of the invention provides a method, a device, electronic equipment and a storage medium for desensitizing a log, which are used for solving the problem of information leakage caused by single existing desensitizing mode.
In one aspect, an embodiment of the present invention provides a method for desensitizing a log, the method including:
determining a target object for receiving a log to be encrypted, and determining a target field corresponding to the target object in the log to be encrypted;
obtaining a public key ciphertext of the target object, decrypting the public key ciphertext of the target object, and obtaining an encrypted public key corresponding to the target object;
Encrypting the target field in the log to be encrypted according to the encryption public key to obtain an encrypted log;
and sending the encrypted log to the target object.
In another aspect, an embodiment of the present invention provides a device for desensitizing a log, including:
the acquisition module is used for determining a target object for receiving the log to be encrypted and a target field corresponding to the target object in the log to be encrypted;
the key module is used for acquiring the public key ciphertext of the target object, decrypting the public key ciphertext of the target object and obtaining an encrypted public key corresponding to the target object;
the encryption module is used for carrying out encryption processing on the target field in the log to be encrypted according to the encryption public key to obtain an encrypted log;
and the output module is used for sending the encryption log to the target object.
In another aspect, an embodiment of the present invention provides an electronic device, including a memory and a processor; the memory stores an application program, and the processor is configured to run the application program in the memory to perform operations in the desensitizing method of the log.
In another aspect, embodiments of the present invention provide a storage medium storing a plurality of instructions adapted to be loaded by a processor to perform steps in a method of desensitizing a log as described.
The embodiment of the invention determines to receive the target object of the log to be encrypted and the target field corresponding to the target object in the log to be encrypted; obtaining a public key ciphertext of the target object, decrypting the public key ciphertext of the target object, and obtaining an encrypted public key corresponding to the target object; encrypting the target field in the log to be encrypted according to the encryption public key to obtain an encrypted log; sending the encrypted log to the target object; according to the embodiment of the invention, the corresponding target fields in the log are encrypted according to the encryption public key corresponding to the target object of the received log, and the target fields corresponding to different objects are encrypted by adopting different encryption public keys, so that the whole log is sent to the target object, and the target object cannot check the related content of other objects in the log, thereby effectively preventing information leakage and guaranteeing data security.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is an application scenario schematic diagram of a method for desensitizing logs provided by an embodiment of the present invention;
FIG. 2 is a schematic flow chart of a method for desensitizing logs provided by an embodiment of the present invention;
FIG. 3 is a diagram showing an example of the construction of a desensitizing apparatus for logs provided by an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to fall within the scope of the invention.
It should be understood that the terms "comprises" and "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
As described in the background art, the log of the service system may include sensitive information of a plurality of objects, and the same log needs to be sent to different objects in the log, if in the process of desensitizing the log, the log content is encrypted in a unified encryption manner to obtain an encrypted log, then the object receiving the encrypted log may acquire related information of other objects in the encrypted log through a decryption method, which causes leakage of sensitive information of the objects in the log, and reduces data security of the service system.
Based on the above, the embodiment of the invention provides a method for desensitizing a log, which encrypts corresponding target fields in the log according to an encryption public key corresponding to a target object of the received log, encrypts target fields corresponding to different objects by adopting different encryption public keys, and thus, sends the whole log to the target object, and the target object cannot check related contents of other objects in the log, thereby effectively preventing information leakage and guaranteeing data security.
As shown in fig. 1, fig. 1 is an application scenario schematic diagram of a log desensitizing method provided by an embodiment of the present invention, where the application scenario includes a terminal 101 and an electronic device 102.
The electronic device 102 responds to the log viewing request of the terminal 101, determines to receive a target object of the log to be encrypted, and determines a target field corresponding to the target object in the log to be encrypted; obtaining a public key ciphertext of the target object, decrypting the public key ciphertext of the target object, and obtaining an encrypted public key corresponding to the target object; encrypting the target field in the log to be encrypted according to the encryption public key to obtain an encrypted log; and transmits the encrypted log to the terminal 101 where the target object is located.
In some embodiments of the present invention, the terminal 101 and the electronic device 102 are connected by a network, and the network 102 may be the internet, or any network, including but not limited to a wide area network, a metropolitan area network, a regional network, a third generation partnership project (3rd Generation Partnership Project,3GPP), a long term evolution (Long Term Evolution LTE), a global interoperability microwave access (Worldwide Interoperability for Microwave Access WiMAX), or a computer network based on the TCP/IP protocol family (TCP/IPProtocol Suite TCP/IP), a user datagram protocol (User Datagram Protocol UDP), and so on.
The terminal 101 may be various electronic devices having a display function to present logs to a user, a worker's wisdom person, including but not limited to a computer, a PC-side, a portable computer, a tablet computer, a smart phone, etc.
The electronic device 102 may be a server or a terminal device that provides various services.
It should be understood that the number and connection of the terminals 101 and the electronic devices 102 shown in fig. 1 are merely illustrative, and any number of terminals 101 and electronic devices 102 may be provided according to the actual application scenario.
Referring to fig. 2, fig. 2 is a schematic flow chart of a log desensitizing method according to an embodiment of the present invention, where the log desensitizing method includes steps 201 to 204:
And 201, determining a target object for receiving the log to be encrypted and a target field corresponding to the target object in the log to be encrypted.
The log refers to a program log or a system log, which contains time, running code, business information, error information and the like, and can assist IT technicians and operators in analyzing and positioning system problems. The target object may be a user, IT technician, operator that receives the log to be desensitized. The target field refers to a field requiring desensitization processing in the log to be desensitized, such as a name class field, a mobile phone number class field, an address class field, and the like.
Considering that the logs comprise various fields needing desensitization, and the information required to be acquired from the logs by different target objects is different, for example, the logs need to be acquired by an IT technician from running codes, error information and the like, the business information is the fields needing desensitization, the business information needs to be acquired from the logs by an operator, the running codes, the error information and the like are the fields needing desensitization, when the same logs need to be sent to the IT technician and the operator at the same time, if the running codes, the business information, the error information and the like in the logs are encrypted by adopting a unified encryption mode, the logs after the desensitization are acquired, and after the logs after the desensitization are received by the IT technician and the operator, the logs after the desensitization are decrypted by the decryption method, the logs after the desensitization are acquired by the decryption method, so that the running codes, the business information, the error information and the like in the logs can be seen by the IT technician and the operator, thereby causing data leakage, and reducing the data security of the business system. Based on the above, the embodiment of the invention determines the target field corresponding to the target object in the log to be encrypted, encrypts the target field corresponding to the target object, and further ensures that different target objects can only acquire the target field corresponding to the target object from the decrypted log after receiving the log subjected to desensitization. For example, when the same log needs to be sent to an IT technician and an operator at the same time, the operation code and the error information in the log are encrypted by adopting an encryption mode corresponding to the IT technician, the business information in the log is encrypted by adopting an encryption mode corresponding to the operator, the log after the desensitization is obtained, and when the IT technician and the operator receive the log after the desensitization, the IT technician has the decryption mode of the operation code and the error information and does not know the decryption mode of the business information in the log, so that the IT technician can only check the operation code and the error information in the log after the desensitization, further, different fields which can be checked by different target objects are ensured, and the data security is ensured.
202, obtaining the public key ciphertext of the target object, and decrypting the public key ciphertext of the target object to obtain the encrypted public key corresponding to the target object.
In some embodiments of the present invention, the public key ciphertext refers to a ciphertext returned by the terminal where the target object is located after the encryption processing of the encrypted public key. The encryption public key is used for encrypting a target field corresponding to a target object in the log to be encrypted.
In some embodiments of the application, step 202 comprises: the method comprises the steps that a terminal where a target object is located obtains a prestored encryption public key, a prestored secret key is obtained, the encryption public key is symmetrically encrypted through the prestored secret key to obtain an initial ciphertext, the initial ciphertext and the secret key are asymmetrically encrypted through a private key to obtain a public key ciphertext, the public key ciphertext is sent to electronic equipment, after the electronic equipment receives the public key ciphertext, the public key ciphertext corresponding to the target object is obtained through obtaining the prestored public key ciphertext of the public key degree, the initial ciphertext and the secret key are obtained, and the encryption public key corresponding to the target object is obtained through decrypting the initial ciphertext through the secret key. It will be appreciated that asymmetric encryption comprises a set of private keys, which may be stored in the terminal where the target object is located, and public keys, which are stored in the electronic device.
In some embodiments of the present invention, to facilitate key management and improve the decryption efficiency of the encrypted public key, step 202 includes: the electronic equipment sends the first public key to the terminal where the target object is located, the terminal encrypts the encrypted public key according to the received first public key to obtain a public key ciphertext, the terminal where the target object is located sends the public key ciphertext to the electronic equipment, and the electronic equipment decrypts the public key ciphertext through the first public key to obtain the encrypted public key corresponding to the target object.
And 203, encrypting the target field in the log to be encrypted according to the encryption public key to obtain an encrypted log.
In some embodiments of the present invention, there are various ways to encrypt the target field in the encrypted log, including, illustratively:
and encrypting the target field in the encrypted log according to the encryption public key corresponding to the target object to obtain a ciphertext, and replacing the target field in the encrypted log with the ciphertext to obtain the encrypted log.
The word length of the target field can be obtained, target characters needing encryption processing in the target field are determined according to the word length of the target field, the target characters are encrypted according to the encryption public key corresponding to the target object, a character ciphertext is obtained, and the character ciphertext is used for replacing the corresponding target characters in the target field, so that an encryption log is obtained. In some embodiments of the present invention, the word length of the target field may be compared to a preset word length threshold; if the word length of the target character is smaller than the preset word length threshold value, encrypting the target field in the encrypted log according to the encryption public key corresponding to the target object to obtain a ciphertext, and replacing the target field in the encrypted log with the ciphertext to obtain the encrypted log; if the word length of the target field is greater than or equal to a preset word length threshold value, determining the word length of the target field, determining target characters needing encryption processing in the target field, carrying out encryption processing on the target characters according to an encryption public key corresponding to the target object to obtain character ciphertext, and replacing the corresponding target characters in the target field with the character ciphertext to obtain an encryption log. When the target field is a mobile phone number field, the middle four-bit character in the mobile phone number field can be used as a target character needing encryption processing, and the target character is encrypted according to an encryption public key corresponding to the target object to obtain a character ciphertext; for example, when the target field is a name field, the second character to the last character in the name field can be used as target characters needing to be encrypted, and the target characters are encrypted according to the encryption public key corresponding to the target object, so as to obtain the character ciphertext.
The target field in the log to be encrypted can be replaced by a preset mask to obtain an encrypted log, the target field in the log to be encrypted is encrypted through an encryption public key to obtain a ciphertext field, the ciphertext field and the encrypted log are sent to a terminal where the target object is located, so that the terminal where the target object is located decrypts the ciphertext field to obtain a decryption field, the mask in the encrypted log is replaced by the decryption field, and the encrypted log is recovered. In some embodiments of the present invention, the predetermined mask may be a character or a number. In some embodiments of the present invention, all characters in the target field may be replaced with a predetermined mask, for example, all characters in the name field may be replaced with "+", for example, the target field may be replaced with "+", or characters in a predetermined position in the target field may be replaced with a predetermined mask, for example, the last eight bits in the mobile phone number field may be replaced with "+", for example, the target field "13340003422" may be replaced with "133".
It should be noted that, the above manner of encrypting the target field in the encrypted log is merely illustrative, and does not limit the desensitization method of the log provided in the embodiment of the present invention, and the manner of encrypting the target field in the encrypted log may be selected according to the actual application scenario.
In some embodiments of the present invention, when the number of the target objects is one, the target field may be encrypted according to the encryption public key corresponding to the target object, so as to obtain the encrypted log.
In some embodiments of the present invention, in order to ensure data security and prevent data leakage, when the number of target objects is one, the target fields may be encrypted according to an encryption public key corresponding to the target objects to obtain an initial encrypted log, a desensitization field requiring desensitization processing in the initial encrypted log is determined, hash calculation is performed on the desensitization field requiring desensitization processing in the initial encrypted log to obtain a hash value of the desensitization field, and the hash value of the desensitization field is substituted for the desensitization field requiring desensitization processing in the initial encrypted log to obtain the encrypted log. Thus, the target object can only acquire the information of the target field through decryption processing after receiving the encrypted log. In some embodiments of the present invention, the desensitization field may be a pre-marked field in the log to be encrypted that requires desensitization processing. In some embodiments of the present invention, the desensitization field may be a desensitization field that needs desensitization processing corresponding to the target object, for example, when the target object is an IT technician, the desensitization field may be service information.
In some embodiments of the present invention, when the number of target objects includes at least two, the target field corresponding to each target object in the log to be encrypted may be sequentially encrypted according to the encryption public key corresponding to each target object, so as to obtain an encrypted log. The encryption log is obtained by carrying out encryption processing on each target field in the log to be encrypted.
In some embodiments of the present invention, when the number of target objects includes at least two, the logs to be encrypted may be copied according to the number of target objects to obtain a number of logs to be encrypted of the target objects, each log to be encrypted corresponds to one target object, and for each log to be encrypted, the encryption processing is performed on a target field corresponding to the target object corresponding to the log to be encrypted in the log to be encrypted according to an encryption public key corresponding to the target object corresponding to the log to be encrypted, so as to obtain an encryption log corresponding to each target object.
And 204, sending the encrypted log to the target object.
In some embodiments of the present invention, when the number of target objects is one, the encrypted log may be sent to the terminal where the target object is located.
In some embodiments of the present invention, when the number of target objects is at least two, the encrypted log may be sent to the terminal where each target object is located, respectively.
In some embodiments of the present invention, when the number of target objects is at least two, the encrypted log corresponding to each target object may be sent to the terminal where the target object is located.
According to the embodiment of the invention, the corresponding target fields in the log are encrypted according to the encryption public key corresponding to the target object of the received log, and the target fields corresponding to different objects are encrypted by adopting different encryption public keys, so that the whole log is sent to the target object, and the target object cannot check the related content of other objects in the log, thereby effectively preventing information leakage and guaranteeing data security.
In some embodiments of the present invention, a terminal where a target object is located may send a log request to an electronic device, where the electronic device responds to the log request, and determines, according to an object identifier in the log request, the target object that receives the log to be encrypted and a target field corresponding to the target object.
In some embodiments of the present invention, the log request may be a log view request or a log print request.
In some embodiments of the present invention, in order to further secure data and prevent data leakage, authority verification may be performed when responding to a log request, and when having log viewing authority, a target object is determined, and specifically, the authority verification method includes steps a1 to a3:
Step a1, responding to the log request, and acquiring an object identifier in the log request.
In some embodiments of the invention, the object identification has uniqueness, which may be one or more of a character, a number, a letter.
And a step a2, determining log viewing rights of the object identification.
In some embodiments of the invention, step a2 comprises: whether preset identifiers consistent with the object identifiers exist in the pre-stored identification data or not can be inquired; if the preset identification consistent with the object identification exists in the pre-stored identification data, determining that the object identification has log viewing authority; if the preset identification consistent with the object identification does not exist in the pre-stored identification data, determining that the object identification does not have log viewing authority. The identification data comprises a plurality of preset identifications.
In some embodiments of the present invention, if the preset identifier consistent with the object identifier does not exist in the pre-stored identifier data, a prompt message without log-view permission is output to the terminal where the target object is located.
In some embodiments of the invention, step a2 comprises: inquiring whether preset identifiers consistent with the object identifiers exist in the pre-stored authority data or not; if the pre-stored authority data has the target preset identifier consistent with the object identifier, acquiring an authority level corresponding to the target preset identifier, and determining the log checking authority of the object identifier according to the authority level corresponding to the target preset identifier; if the target preset identification consistent with the object identification does not exist in the pre-stored authority data, determining that the object identification does not have log viewing authority. The permission data comprises a plurality of preset identifiers and permission levels corresponding to the preset identifiers.
In some embodiments of the present invention, determining log viewing permissions of an object identifier according to permission levels corresponding to a target preset identifier includes: if the authority level corresponding to the target preset identifier meets the preset authority requirement, determining that the object identifier has log checking authority; if the authority level corresponding to the target preset identifier does not meet the preset authority requirement, determining that the object identifier does not have log viewing authority. The preset permission requirement characterizes log viewing permission. In some embodiments of the present invention, the preset permission requirement may be that the permission level is greater than or equal to the preset permission level, and the preset permission requirement may also be a viewing permission level of the log to be encrypted.
And a step a3, if the object identification has log viewing authority, determining a target object for receiving the log to be encrypted according to the object identification.
In some embodiments of the present invention, if the object identifier has log viewing authority, the pre-stored object data is queried, the object corresponding to the object identifier is obtained, and the object matched with the object identifier is set as a target object for receiving the log to be encrypted. The object data comprises a plurality of preset identifiers and object information corresponding to each preset identifier, and the object information comprises an object and a verification public key corresponding to the object.
In some embodiments of the present invention, in order to ensure data security and ensure that a log request is not tampered, when it is determined that an object identifier has a log viewing right, identity verification may be performed according to a digital signature in the log request, and when the identity verification passes, a target object that receives a log to be encrypted is determined, and specifically, the identity verification method includes:
(1) And carrying out digital signature on the verification public key corresponding to the object identifier, and carrying out identity verification according to the digital signature.
(2) And if the identity verification is passed, determining a target object for receiving the log to be encrypted according to the object identification.
In some embodiments of the present invention, the electronic device may generate the verification public key and the verification private key through an asymmetric encryption method, and store the verification public key in a database of the electronic device, where the verification private key is stored by the terminal in which the object is located. The asymmetric encryption method can be RSA, elliptic encryption algorithm, etc.
In some embodiments of the present invention, the electronic device may generate the verification public key and the verification private key through an asymmetric encryption method, and send the verification public key to the terminal where the object is located.
In some embodiments of the present invention, when a terminal sends a log request, the terminal encrypts the log request by a preset encryption method to generate a request digest, then encrypts the request digest by using a verification private key to generate a digital signature, and sends the digital signature and the log request to an electronic device. In some embodiments of the present invention, the preset encryption method may be a cryptographic hash function or hash calculation.
In some embodiments of the present invention, an electronic device responds to a log request, determines that an object identifier has log viewing authority, encrypts the log request by a pre-stored encryption method to generate a verification digest, and decrypts a digital signature according to a verification public key corresponding to the object identifier to obtain a decryption digest; comparing the verification digest with the decryption digest; if the verification abstract and the decryption abstract are consistent, indicating that the log request is not tampered, determining that the identity verification is passed; if the verification digest and the decryption digest are inconsistent, indicating that the log request has been tampered with, determining that the identity verification fails.
In some embodiments of the present invention, the electronic device sends an authentication request to a terminal where the target object is located, and the terminal responds to the authentication request and sends an authentication public key to the electronic device. In some embodiments of the present invention, when the electronic device can respond to the log request, the electronic device sends a verification request to the terminal that sends the log request; the electronic device may also send a verification request to the terminal where the target object is located when it is determined that the object identification has log view rights.
In some embodiments of the present invention, when determining that the object identifier has the log viewing right, the electronic device queries pre-stored object data according to the object identifier, and obtains a verification public key corresponding to the object identifier.
In some embodiments of the present invention, if the authentication fails, a prompt message indicating that the authentication information fails is returned to the terminal where the target object is located.
In some embodiments of the present invention, if the authentication fails, hash calculation is performed on all fields in the log to be encrypted to obtain a ciphertext log, and the ciphertext log is sent to the terminal where the target object is located.
In some embodiments of the present invention, if the authentication passes, the pre-stored object data is queried, the object corresponding to the object identifier is obtained, and the object matched with the object identifier is set as the target object for receiving the log to be encrypted.
In some embodiments of the present invention, if the object identifier does not have log viewing authority, hash calculation is performed on all fields in the log to be encrypted to obtain a ciphertext log, and the ciphertext log is sent to a terminal where the target object is located.
In some embodiments of the present invention, in determining a target field corresponding to a target object in a log to be encrypted, determining a log viewing authority level corresponding to the target object according to an object identifier, determining a field to be desensitized corresponding to the target object according to the log viewing authority level, and querying whether a field matched with the field to be desensitized exists in the log to be encrypted; if the target field does not exist in the log to be encrypted, or the log to be encrypted is the log subjected to desensitization, the log to be encrypted is sent to a terminal where the target object is located; if so, the field matching the field to be desensitized is set as the target field. Specifically, the method for determining the target field includes:
(1) And acquiring the log view permission level of the target object.
(2) Inquiring pre-stored desensitization data according to the log view authority level of the target object, and determining a field to be desensitized corresponding to the log view authority level of the target object; the desensitization data comprises a plurality of log viewing authority levels and to-be-desensitized fields corresponding to each log viewing authority level.
(3) And inquiring whether fields matched with the fields to be desensitized exist in the log to be encrypted.
(4) And if the field matched with the field to be desensitized exists in the log to be encrypted, setting the field matched with the field to be desensitized in the log to be encrypted as a target field corresponding to the target object.
In some embodiments of the present invention, the log view permission level of the target object may be obtained by querying pre-stored permission data according to the object identifier.
In some embodiments of the present invention, considering that the fields to be desensitized that need to be desensitized by different log viewing authorities are different, in order to enhance data management and prevent data leakage, pre-stored desensitized data can be queried according to the log viewing authority level of the target object, and the fields to be desensitized corresponding to the log viewing authority level of the target object can be determined.
In some embodiments of the present invention, when determining the field to be desensitized corresponding to the log view authority level of the target object, it may be determined whether the log view authority of the target object accords with the preset authority, and if the log view authority of the target object accords with the preset authority, all the fields in the log to be encrypted are set as target fields; if the log viewing authority of the target object is not met, inquiring pre-stored desensitization data according to the log viewing authority level of the target object, and determining a field to be desensitized corresponding to the log viewing authority level of the target object. When the log request is a log view request, if the log view authority of the target object is "root", that is, the target object can view all data in the service system, so that the target object can view all information of the log to be encrypted, in order to prevent data leakage in data transmission, all fields in the log to be encrypted can be set as target fields, the log to be encrypted is encrypted through an encryption public key corresponding to the target object, an encryption log is obtained, and the encryption log is sent to a terminal where the target object is located; if the log viewing authority of the target object is not root, namely the target object can view partial data in the service system as much as possible, so that the target object can view partial information in the log to be encrypted, determining a field to be desensitized corresponding to the target object according to the log viewing authority level of the target object, and determining a target field corresponding to the target object in the log to be encrypted according to the field to be desensitized corresponding to the target object.
In some embodiments of the present invention, after determining a target field corresponding to a target object in a log to be encrypted, a public key ciphertext of the target object may be obtained according to step 202, the public key ciphertext of the target object may be decrypted to obtain an encrypted public key corresponding to the target object, and the target field in the log to be encrypted may be encrypted according to the encrypted public key according to step 203, to obtain an encrypted log.
In some embodiments of the present invention, in the obtaining public key secret, the electronic device may send a public key request to the terminal where the target object is located, obtain a public key ciphertext returned by the terminal where the target object is located based on the public key request, and decrypt the public key ciphertext to obtain an encrypted public key corresponding to the target object. The public key request is used for requesting a public key ciphertext corresponding to the target object from a terminal where the target object is located. Specifically, the method for determining the encrypted public key includes steps b1 to b3:
and b1, generating a public key request, and sending the public key request to the terminal where the target object is located. The public key request is used for requesting a public key ciphertext corresponding to the target object from a terminal where the target object is located.
In some embodiments of the invention, an electronic device generates a set of public-private key pairs: the system comprises a first public key and a first private key, wherein the first public key is used for encryption, and the first private key is used for decryption. In some embodiments of the present invention, after the electronic device determines the target object in response to the log request, the electronic device obtains the first public key, generates a public key request, and sends the public key request to the terminal where the target object is located. After receiving the public key request, the terminal responds to the public key request, acquires a first public key in the public key request, acquires a prestored encrypted public key, encrypts the encrypted public key through the first public key to obtain a public key ciphertext, and sends the public key ciphertext to the electronic equipment.
In some embodiments of the present invention, in order to improve security of data transmission, a terminal responds to a public key request, obtains a first public key, a pre-stored encryption public key and a pre-stored secret key, encrypts the encryption public key through the secret key to obtain an initial public key ciphertext, combines the initial public key ciphertext and the secret key to generate an intermediate ciphertext, encrypts the intermediate ciphertext through the first public key to obtain a public key ciphertext, and sends the public key ciphertext to an electronic device.
And b2, acquiring a public key ciphertext returned by the terminal where the target object is located based on the public key request.
And b3, acquiring a first private key, and decrypting the public key ciphertext corresponding to the target object according to the first private key to obtain the encrypted public key corresponding to the target object.
In some embodiments of the present invention, the electronic device obtains a first private key, decrypts a public key ciphertext corresponding to the target object by using the first private key, and obtains an encrypted public key corresponding to the target object.
In some embodiments of the present invention, the electronic device obtains a first private key, decrypts a public key ciphertext corresponding to the target object through the first private key, obtains an intermediate ciphertext, performs character segmentation on the intermediate ciphertext, obtains an initial ciphertext and a key, and decrypts the initial ciphertext through the key, thereby obtaining an encrypted public key corresponding to the target object.
In some embodiments of the present invention, in order to further ensure data security and ensure that the received encrypted public key is not tampered, the embodiment of the present invention performs security verification on the public key ciphertext after receiving the public key ciphertext, determines the encrypted public key corresponding to the target object when the security verification is passed, and discards the public key ciphertext when the security verification is not passed, where the specific step b3 includes:
(1) And acquiring a public key ciphertext returned by the terminal where the target object is located based on the public key request and verifying the signature.
(2) And decrypting the public key ciphertext corresponding to the target object according to the first private key to obtain an initial encrypted public key corresponding to the target object.
(3) And decrypting the verification signature according to the initial encryption public key to obtain first abstract information.
(4) And encrypting the public key ciphertext through a password hash function to obtain second abstract information.
(5) And comparing the first abstract information with the second abstract information.
(6) And if the first abstract information and the second abstract information are consistent, setting the initial encryption public key as the encryption public key corresponding to the target object.
In some embodiments of the present invention, similar to the generation manner of the digital signature, after obtaining the public key ciphertext, the terminal device where the target object is located encrypts the public key ciphertext through a cryptographic hash function to generate original digest information, encrypts the original digest information through an encrypted private key corresponding to the encrypted public key to generate a verification signature, and sends the public key ciphertext and the verification signature to the electronic device.
In some embodiments of the present invention, after receiving the public key ciphertext and the verification signature, the electronic device decrypts the public key ciphertext according to the first private key to obtain an initial encrypted public key, decrypts the verification signature by using the initial encrypted public key, and generates the first digest information. Wherein the security of the initial encryption public key is verified. In some embodiments of the present invention, when decrypting the public key ciphertext with the first private key, if the obtained initial encrypted public key is empty, which indicates that the public key ciphertext may be tampered with, it is determined that the security verification is not passed; if the obtained initial encryption public key is not null, decrypting the verification signature by the initial encryption public key; if the obtained first abstract information is empty, indicating that the public key ciphertext may be tampered, determining that the security verification is not passed; and if the obtained first abstract information is not null, encrypting the public key ciphertext through a password hash function to obtain second abstract information.
In some embodiments of the present invention, the first digest information and the second digest information are compared, if the first digest information and the second digest information are consistent, which indicates that the public key ciphertext is not tampered, the security verification is determined to pass, and the initial encrypted public key is set as the encrypted public key corresponding to the target object; if the first abstract information and the second abstract information are inconsistent, the public key ciphertext is possibly tampered, and the security verification is determined not to pass.
In some embodiments of the present invention, if the security verification is not passed, regenerating a new first public key and a new first private key, generating a new public key request according to the new first public key, sending the new public key request to the terminal where the m target object is located, receiving a new public key ciphertext and a new verification signature returned by the terminal based on the new public key request, and recording the repetition number of the security verification; if the repetition number of the security verification is greater than or equal to a preset number threshold, discarding the new public key ciphertext and the new verification signature, and closing the log checking authority of the target object; and if the repetition number of the security verification is smaller than the preset number threshold, performing the security verification based on the new verification signature.
In some embodiments of the present invention, when the number of the target objects is multiple, after the encryption public key is obtained, the target field in the log to be encrypted may be encrypted according to the encryption public key corresponding to the target object, so as to obtain the encrypted log.
In some embodiments of the present invention, considering that the encrypted public key may be intercepted by other objects during transmission, so as to cause disclosure of the encrypted public key or the encrypted private key corresponding to the encrypted public key, if encryption of the target field is performed only by the encrypted public key, in the case that the other objects know the encrypted public key or the encrypted private key corresponding to the encrypted public key, or in the case that the other objects know the encrypted public key or the encrypted private key corresponding to the encrypted public key of the other target objects, the target object may acquire the complete log content through decryption, which may cause data disclosure, so in order to improve data security, the target field corresponding to each target object in the log to be encrypted may be subjected to encoding processing by the target encoding mode of each target object, and the encoded target field may be encrypted by the encrypted public key, so that the complete log content may not be acquired even in the case that the encrypted public key or the encrypted private key corresponding to the encrypted public key is known. Specifically, the method for acquiring the encrypted log includes steps c1 to c4:
Step c1, obtaining a target coding mode corresponding to each target object.
In some embodiments of the present invention, preset object data may be queried according to an object identifier of each target object, to obtain a coding manner associated with each object identifier, and the coding manner associated with each object identifier is set as a target coding manner corresponding to a target object corresponding to each object identifier.
In some embodiments of the present invention, a terminal where each object is located sends a preset identifier, a coding manner and a verification public key corresponding to each object to an electronic device, the electronic device sets the coding manner and the verification public key of each object as object information of each object, and the object information of each object is associated with the preset identifier of the object to store and generate object data.
And c2, carrying out coding processing on the target field corresponding to each target object in the log to be encrypted in a target coding mode to obtain the coded target field corresponding to each target object.
And c3, carrying out encryption processing on the coded target field corresponding to each target object through the encryption public key corresponding to each target object to obtain the ciphertext of the coded target field corresponding to each target object.
And c4, replacing the target field corresponding to each target object in the log to be encrypted according to the ciphertext of the target field after the encoding processing corresponding to each target object, and obtaining the encrypted log.
In some embodiments of the present invention, after each target field is encoded and encrypted to obtain an encrypted log, the encrypted log is sent to a terminal where each target object is located.
In some embodiments of the present invention, after obtaining the encrypted log corresponding to each target object, the encrypted log corresponding to each target object is sent to the terminal where the target object is located.
In some embodiments of the present invention, after receiving the encrypted log, the terminal where the target object is located may decrypt the encrypted log by using the encrypted public key to obtain a recovery log, and obtain the content of the target field corresponding to the target object in the recovery log.
In some embodiments of the present invention, after receiving the encrypted log, the terminal where the target object is located may decrypt the encrypted log through an encrypted private key corresponding to the encrypted public key to obtain a recovery log, and obtain the content of the target field corresponding to the target object in the recovery log.
In some embodiments of the present invention, after receiving the encrypted log, the terminal where the target object is located may decrypt the encrypted log through an encrypted private key corresponding to the encrypted public key to obtain an intermediate log, and decode the intermediate log through a pre-stored target decryption mode to obtain a recovery log, so as to obtain the content of the target field corresponding to the target object in the recovery log. The target field corresponding to the object in the intermediate log is encoded and processed by the target encoding mode, so that the encoded and processed target field needs to be decoded by the target decoding mode.
According to the embodiment of the invention, the corresponding target fields in the log are encrypted according to the encryption public key corresponding to the target object of the received log, and the target fields corresponding to different objects are encrypted by adopting different encryption public keys, so that the whole log is sent to the target object, and the target object cannot check the related content of other objects in the log, thereby effectively preventing information leakage and guaranteeing data security.
In order to better embodiment the method for desensitizing a log provided by the embodiment of the present invention, based on the method for desensitizing a log, the embodiment of the present invention provides a device for desensitizing a log, as shown in fig. 3, fig. 3 is a structural example diagram of the device for desensitizing a log provided by the embodiment of the present invention, where the device for desensitizing a log includes:
the obtaining module 301 is configured to determine a target object that receives a log to be encrypted and a target field in the log to be encrypted, where the target field corresponds to the target object;
the key module 302 is configured to obtain a public key ciphertext of the target object, decrypt the public key ciphertext of the target object, and obtain an encrypted public key corresponding to the target object;
an encryption module 303, configured to encrypt a target field in a log to be encrypted according to an encryption public key to obtain an encrypted log;
And the output module 304 is configured to send the encrypted log to the target object.
In some embodiments of the invention, key module 302 is configured to:
generating a public key request, and sending the public key request to a terminal where a target object is located; the public key request is used for requesting a public key ciphertext corresponding to the target object from a terminal where the target object is located;
acquiring a public key ciphertext returned by a terminal where a target object is located based on a public key request;
and obtaining a first private key, and decrypting the public key ciphertext corresponding to the target object according to the first private key to obtain an encrypted public key corresponding to the target object.
In some embodiments of the invention, key module 302 is configured to:
acquiring public key ciphertext, verification information and verification signature returned by a terminal where a target object is located based on a public key request;
decrypting the public key ciphertext corresponding to the target object according to the first private key to obtain an initial encrypted public key corresponding to the target object;
decrypting the verification signature according to the initial encryption public key to obtain first abstract information;
encrypting the verification information through a password hash function to obtain second abstract information;
comparing the first abstract information with the second abstract information;
and if the first abstract information and the second abstract information are consistent, setting the initial encryption public key as the encryption public key corresponding to the target object.
In some embodiments of the present invention, the encryption module 303 is configured to:
obtaining a target coding mode corresponding to each target object;
performing coding processing on a target field corresponding to each target object in the log to be encrypted in a target coding mode to obtain a coded target field corresponding to each target object;
encrypting the target field after the encoding process corresponding to each target object through the encryption public key corresponding to each target object to obtain the ciphertext of the target field after the encoding process corresponding to each target object;
and replacing the target field corresponding to each target object in the log to be encrypted according to the ciphertext of the target field after the encoding processing corresponding to each target object, so as to obtain the encrypted log.
In some embodiments of the present invention, the obtaining module 301 is configured to:
responding to the log request, and acquiring an object identifier in the log request;
determining log viewing rights of the object identification;
if the object identification has log viewing authority, determining a target object for receiving the log to be encrypted according to the object identification.
In some embodiments of the present invention, the obtaining module 301 is configured to:
carrying out digital signature on the verification public key corresponding to the object identifier, and carrying out identity verification according to the digital signature;
And if the identity verification is passed, determining a target object for receiving the log to be encrypted according to the object identification.
In some embodiments of the present invention, the obtaining module 301 is configured to:
acquiring a log view permission level of a target object;
inquiring pre-stored desensitization data according to the log view authority level of the target object, and determining a field to be desensitized corresponding to the log view authority level of the target object; the desensitization data comprise a plurality of log viewing authority levels and to-be-desensitized fields corresponding to each log viewing authority level;
inquiring whether fields matched with the fields to be desensitized exist in the log to be encrypted;
and if the field matched with the field to be desensitized exists in the log to be encrypted, setting the field matched with the field to be desensitized in the log to be encrypted as a target field corresponding to the target object.
According to the desensitizing device of the log, corresponding target fields in the log are encrypted according to the encryption public keys corresponding to the target objects of the received log, and the target fields corresponding to different objects are encrypted by adopting different encryption public keys, so that the whole log is sent to the target objects, the target objects cannot check the related content of other objects in the log, information leakage is effectively prevented, and data safety is guaranteed.
The embodiment of the invention also provides an electronic device, as shown in fig. 4, which shows a schematic structural diagram of the electronic device according to the embodiment of the invention, specifically:
the electronic device may include one or more processing cores 'processors 401, one or more computer-readable storage media's memory 402, power supply 403, and input unit 404, among other components. Those skilled in the art will appreciate that the electronic device structure shown in fig. 4 is not limiting of the electronic device and may include more or fewer components than shown, or may combine certain components, or may be arranged in different components. Wherein:
the processor 401 is a control center of the electronic device, connects various parts of the entire electronic device using various interfaces and lines, and performs various functions of the electronic device and processes data by running or executing software programs and/or modules stored in the memory 402, and calling data stored in the memory 402, thereby performing overall monitoring of the electronic device. Optionally, processor 401 may include one or more processing cores; preferably, the processor 401 may integrate an application processor and a modem processor, wherein the application processor mainly processes an operating system, a user interface, an application program, etc., and the modem processor mainly processes wireless communication. It will be appreciated that the modem processor described above may not be integrated into the processor 401.
The memory 402 may be used to store software programs and modules, and the processor 401 executes various functional applications and data processing by executing the software programs and modules stored in the memory 402. The memory 402 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program (such as a sound playing function, an image playing function, etc.) required for at least one function, and the like; the storage data area may store data created according to the use of the electronic device, etc. In addition, memory 402 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device. Accordingly, the memory 402 may also include a memory controller to provide the processor 401 with access to the memory 402.
The electronic device further comprises a power supply 403 for supplying power to the various components, preferably the power supply 403 may be logically connected to the processor 401 by a power management system, so that functions of managing charging, discharging, and power consumption are performed by the power management system. The power supply 403 may also include one or more of any of a direct current or alternating current power supply, a recharging system, a power failure detection circuit, a power converter or inverter, a power status indicator, and the like.
The electronic device may further comprise an input unit 404, which input unit 404 may be used for receiving input digital or character information and generating keyboard, mouse, joystick, optical or trackball signal inputs in connection with user settings and function control.
Although not shown, the electronic device may further include a display unit or the like, which is not described herein. In particular, in this embodiment, the processor 401 in the electronic device loads executable files corresponding to the processes of one or more application programs into the memory 402 according to the following instructions, and the processor 401 executes the application programs stored in the memory 402, so as to implement various functions as follows:
determining a target object for receiving the log to be encrypted and a target field corresponding to the target object in the log to be encrypted;
obtaining a public key ciphertext of the target object, decrypting the public key ciphertext of the target object, and obtaining an encrypted public key corresponding to the target object;
encrypting the target field in the log to be encrypted according to the encryption public key to obtain an encrypted log;
and sending the encrypted log to the target object.
Those of ordinary skill in the art will appreciate that all or a portion of the steps of the various methods of the above embodiments may be performed by instructions, or by instructions controlling associated hardware, which may be stored in a computer-readable storage medium and loaded and executed by a processor.
To this end, embodiments of the present invention provide a storage medium having stored therein a plurality of instructions capable of being loaded by a processor to perform steps in any of the log desensitization methods provided by embodiments of the present invention. For example, the instructions may perform the steps of:
determining a target object for receiving the log to be encrypted and a target field corresponding to the target object in the log to be encrypted;
obtaining a public key ciphertext of the target object, decrypting the public key ciphertext of the target object, and obtaining an encrypted public key corresponding to the target object;
encrypting the target field in the log to be encrypted according to the encryption public key to obtain an encrypted log;
and sending the encrypted log to the target object.
The specific implementation of each operation above may be referred to the previous embodiments, and will not be described herein.
Wherein the storage medium may include: read Only Memory (ROM), random access Memory (RAM, random Access Memory), magnetic or optical disk, and the like.
The instructions stored in the storage medium can execute the steps in any log desensitizing method provided by the embodiment of the present invention, so that the beneficial effects that any log desensitizing method provided by the embodiment of the present invention can be realized, and detailed descriptions of the previous embodiments are omitted.
The above describes in detail a method, apparatus, electronic device and storage medium for desensitizing logs provided by the embodiments of the present invention, and specific examples are applied herein to illustrate the principles and embodiments of the present invention, where the above description of the embodiments is only for helping to understand the method and core ideas of the present invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in light of the ideas of the present invention, the present description should not be construed as limiting the present invention.
Claims (10)
1. A method of desensitizing a log, the method comprising:
determining a target object for receiving a log to be encrypted, and determining a target field corresponding to the target object in the log to be encrypted;
obtaining a public key ciphertext of the target object, decrypting the public key ciphertext of the target object, and obtaining an encrypted public key corresponding to the target object;
encrypting the target field in the log to be encrypted according to the encryption public key to obtain an encrypted log;
and sending the encrypted log to the target object.
2. The method for desensitizing a log according to claim 1, wherein said obtaining a public key ciphertext of said target object, decrypting said public key ciphertext of said target object, and before obtaining an encrypted public key corresponding to said target object, said method comprises:
Generating a public key request, and sending the public key request to a terminal where the target object is located; the public key request is used for requesting a public key ciphertext corresponding to the target object from a terminal where the target object is located;
the obtaining the public key ciphertext of the target object, decrypting the public key ciphertext of the target object, and obtaining the encrypted public key corresponding to the target object includes:
acquiring a public key ciphertext returned by a terminal where the target object is located based on the public key request;
and obtaining a first private key, and decrypting the public key ciphertext corresponding to the target object according to the first private key to obtain an encrypted public key corresponding to the target object.
3. The method for desensitizing a log according to claim 2, wherein said decrypting the public key ciphertext corresponding to the target object according to the first private key to obtain the encrypted public key corresponding to the target object comprises:
acquiring a public key ciphertext, verification information and a verification signature returned by a terminal where the target object is located based on the public key request;
decrypting the public key ciphertext corresponding to the target object according to the first private key to obtain an initial encrypted public key corresponding to the target object;
Decrypting the verification signature according to the initial encryption public key to obtain first abstract information;
encrypting the verification information through a password hash function to obtain second abstract information;
comparing the first abstract information with the second abstract information;
and if the first abstract information is consistent with the second abstract information, setting the initial encryption public key as the encryption public key corresponding to the target object.
4. The method for desensitizing a log according to claim 1, wherein said encrypting a target field in said log to be encrypted according to said encryption public key to obtain an encrypted log comprises:
obtaining a target coding mode corresponding to each target object;
performing coding processing on a target field corresponding to each target object in the log to be encrypted in the target coding mode to obtain a coded target field corresponding to each target object;
encrypting the target field after the encoding processing corresponding to each target object through the encryption public key corresponding to each target object to obtain the ciphertext of the target field after the encoding processing corresponding to each target object;
And replacing the target field corresponding to each target object in the log to be encrypted according to the ciphertext of the target field after the encoding processing corresponding to each target object, so as to obtain an encrypted log.
5. The method of desensitizing a log according to claim 1, wherein said determining a target object that receives a log to be encrypted comprises:
responding to a log request, and acquiring an object identifier in the log request;
determining log viewing rights of the object identification;
and if the object identifier has log viewing authority, determining a target object for receiving the log to be encrypted according to the object identifier.
6. The method of desensitizing a log according to claim 5, wherein said determining a target object receiving a log to be encrypted based on said object identification comprises:
performing digital signature on the verification public key corresponding to the object identifier, and performing identity verification according to the digital signature;
and if the identity verification is passed, determining a target object for receiving the log to be encrypted according to the object identification.
7. The method of desensitizing a log according to any one of claims 1 to 6, wherein said determining a target field in said log to be encrypted corresponding to said target object comprises:
Acquiring a log view permission level of the target object;
inquiring pre-stored desensitization data according to the log view authority level of the target object, and determining a field to be desensitized corresponding to the log view authority level of the target object; the desensitization data comprise a plurality of log viewing authority levels and to-be-desensitized fields corresponding to each log viewing authority level;
inquiring whether a field matched with the field to be desensitized exists in the log to be encrypted;
and if the field matched with the field to be desensitized exists in the log to be encrypted, setting the field matched with the field to be desensitized in the log to be encrypted as a target field corresponding to the target object.
8. A log desensitizing apparatus, said apparatus comprising:
the acquisition module is used for determining a target object for receiving the log to be encrypted and a target field corresponding to the target object in the log to be encrypted;
the key module is used for acquiring the public key ciphertext of the target object, decrypting the public key ciphertext of the target object and obtaining an encrypted public key corresponding to the target object;
the encryption module is used for carrying out encryption processing on the target field in the log to be encrypted according to the encryption public key to obtain an encrypted log;
And the output module is used for sending the encryption log to the target object.
9. An electronic device comprising a memory and a processor; the memory stores an application program, and the processor is configured to execute the application program in the memory to perform the operations in the desensitizing method of the log according to any one of claims 1 to 7.
10. A storage medium storing a plurality of instructions adapted to be loaded by a processor to perform the steps in the method of desensitizing a log according to any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211087625.7A CN116127478A (en) | 2022-09-07 | 2022-09-07 | Desensitizing method and device for log, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211087625.7A CN116127478A (en) | 2022-09-07 | 2022-09-07 | Desensitizing method and device for log, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116127478A true CN116127478A (en) | 2023-05-16 |
Family
ID=86305119
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211087625.7A Pending CN116127478A (en) | 2022-09-07 | 2022-09-07 | Desensitizing method and device for log, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116127478A (en) |
-
2022
- 2022-09-07 CN CN202211087625.7A patent/CN116127478A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110493197B (en) | Login processing method and related equipment | |
| CN112202754B (en) | Data encryption method and device, electronic equipment and storage medium | |
| CN115242553B (en) | Data exchange method and system supporting safe multi-party calculation | |
| CN112257093B (en) | Authentication method, terminal and storage medium for data object | |
| CN112738024A (en) | Encryption authentication method, system, storage medium and device | |
| CN111404892B (en) | Data supervision method and device and server | |
| CN111241492A (en) | Product multi-tenant secure credit granting method, system and electronic equipment | |
| CN117240625A (en) | Tamper-resistant data processing method and device and electronic equipment | |
| TWI817002B (en) | Method and device for uploading and downloading file, computer device and medium | |
| CN113395406A (en) | Encryption authentication method and system based on power equipment fingerprints | |
| CN112926101B (en) | Disk partition encryption method, system, device and computer readable medium | |
| CN116127478A (en) | Desensitizing method and device for log, electronic equipment and storage medium | |
| CN114692097A (en) | Off-line software use authorization method | |
| CN114244620A (en) | Board card network access verification method and device and board card control center | |
| CN113794568A (en) | Interface security verification method, interface access method, device, equipment and medium | |
| US20220035924A1 (en) | Service trust status | |
| CN113572717A (en) | Communication connection establishing method, washing and protecting equipment and server | |
| CN113572599B (en) | Power data transmission method, data source equipment and data access equipment | |
| CN114650175B (en) | Verification method and device | |
| CN112231724B (en) | Public number data processing method, device, server and storage medium | |
| CN110460566B (en) | Industrial network data tamper-proofing method and system based on token | |
| CN110972141B (en) | Information verification method and device, electronic equipment and readable storage medium | |
| CN115941342A (en) | Information data transmission method and device | |
| CN114491420A (en) | Firmware encryption method and device, electronic equipment and storage medium | |
| CN116744298A (en) | Identity recognition method, identification system and related equipment of card equipment of Internet of things |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |