CN117034345A - Data desensitization method, device, computer equipment and storage medium - Google Patents
Data desensitization method, device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN117034345A CN117034345A CN202311029385.XA CN202311029385A CN117034345A CN 117034345 A CN117034345 A CN 117034345A CN 202311029385 A CN202311029385 A CN 202311029385A CN 117034345 A CN117034345 A CN 117034345A
- Authority
- CN
- China
- Prior art keywords
- desensitized
- file
- desensitization
- sensitive data
- determining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000586 desensitisation Methods 0.000 title claims abstract description 202
- 238000000034 method Methods 0.000 title claims abstract description 43
- 230000000873 masking effect Effects 0.000 claims description 55
- 238000004590 computer program Methods 0.000 claims description 43
- 238000012795 verification Methods 0.000 claims description 35
- 238000013473 artificial intelligence Methods 0.000 abstract description 2
- 238000012545 processing Methods 0.000 description 10
- 238000003062 neural network model Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 238000004422 calculation algorithm Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 238000007405 data analysis Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 206010020751 Hypersensitivity Diseases 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 208000026935 allergic disease Diseases 0.000 description 1
- 230000007815 allergy Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Abstract
The application relates to a data desensitization method, a data desensitization device, computer equipment and a storage medium. Belongs to the technical field of artificial intelligence, and the method comprises the following steps: determining the importance level of the file to be desensitized according to the file application of the file to be desensitized, and determining the desensitization mode of the file to be desensitized according to the relation between the importance level of the file to be desensitized and the level threshold; wherein the desensitization mode comprises encryption desensitization and replacement desensitization; according to the desensitization mode of the document to be desensitized, target sensitive data in the document to be desensitized are desensitized, when the document to be desensitized is desensitized, not only is the document use and the importance level of the document to be desensitized considered, but also the corresponding desensitization mode can be flexibly selected according to the importance level of the document to be desensitized, the application scene is more abundant, and the desensitization modes are more various.
Description
Technical Field
The present application relates to the field of artificial intelligence technology, and in particular, to a data desensitizing method, apparatus, computer device and storage medium.
Background
With the rapid development of internet technology, more and more traces are left on the internet by users, and more contents are left, if an internet enterprise does not pay attention to the protection of target sensitive data and privacy data of the users, the image of the internet enterprise can be affected, and legal problems can be related sometimes.
Most internet enterprises accumulate a large number of user data files, and at present, the form of desensitizing the user data files by the internet enterprises is single, and sensitive or private data in the data files is usually replaced by special characters (such as x numbers), so that the desensitizing form is poor in selectivity.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a data desensitizing method, apparatus, computer device, and storage medium that can flexibly select a desensitizing form.
In a first aspect, the application provides a method of desensitizing data. The method comprises the following steps:
determining the importance level of the file to be desensitized according to the file application of the file to be desensitized;
determining a desensitization mode of the file to be desensitized according to the relation between the importance level and the level threshold value of the file to be desensitized; wherein the desensitization mode comprises encryption desensitization and replacement desensitization;
and according to the desensitization mode of the file to be desensitized, carrying out desensitization treatment on the target sensitive data in the file to be desensitized.
In one embodiment, determining the desensitization mode of the document to be desensitized according to the relation between the importance level and the level threshold value of the document to be desensitized comprises:
if the importance level of the file to be desensitized is smaller than or equal to the level threshold value, determining that the desensitization mode of the file to be desensitized is replacement desensitization;
If the importance level of the file to be desensitized is larger than the level threshold, determining that the desensitization mode of the file to be desensitized is encryption desensitization.
In one embodiment, according to a desensitization mode of a document to be desensitized, desensitizing target sensitive data in the document to be desensitized includes:
if the desensitization mode is encryption desensitization, determining a masking mark corresponding to sensitive data of each target in the file to be desensitized;
and encrypting and desensitizing the sensitive data of each target in the file to be desensitized based on the masking identification of the sensitive data of each target.
In one embodiment, determining a mask identifier corresponding to each target sensitive data in the file to be desensitized includes:
and determining the masking identification of each target sensitive data according to the data type of each target sensitive data in the file to be desensitized.
In one embodiment, based on the mask identifier of each target sensitive data, performing encryption and desensitization processing on each target sensitive data in the file to be desensitized, including:
according to the masking identification of each target sensitive data, masking each target sensitive data in the file to be desensitized to obtain the file to be desensitized containing the masking area;
and (5) encrypting and desensitizing the masked area in the file to be desensitized.
In one embodiment, determining the importance level of the document to be desensitized according to the document usage of the document to be desensitized includes:
determining an initial score of the file to be desensitized according to the file application of the file to be desensitized;
according to the data type of the target sensitive data in the file to be desensitized, adjusting the initial score to obtain a target score;
and determining the importance level of the file to be desensitized from the candidate levels according to the target scores and the score ranges corresponding to the candidate levels.
In one embodiment, the method further comprises:
extracting candidate sensitive data from a file to be desensitized;
and carrying out validity verification on the candidate sensitive data, and taking the candidate sensitive data which passes the validity verification as target sensitive data.
In a second aspect, the application also provides a data desensitizing device. The device comprises:
the first determining module is used for determining the importance level of the file to be desensitized according to the file application of the file to be desensitized;
the second determining module is used for determining the desensitization mode of the document to be desensitized according to the relation between the importance level and the level threshold value of the document to be desensitized; wherein the desensitization mode comprises encryption desensitization and replacement desensitization;
The desensitization module is used for carrying out desensitization treatment on the target sensitive data in the file to be desensitized according to the desensitization mode of the file to be desensitized.
In a third aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor which when executing the computer program performs the steps of:
determining the importance level of the file to be desensitized according to the file application of the file to be desensitized;
determining a desensitization mode of the file to be desensitized according to the relation between the importance level and the level threshold value of the file to be desensitized; wherein the desensitization mode comprises encryption desensitization and replacement desensitization;
and according to the desensitization mode of the file to be desensitized, carrying out desensitization treatment on the target sensitive data in the file to be desensitized.
In a fourth aspect, the present application also provides a computer-readable storage medium. A computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:
determining the importance level of the file to be desensitized according to the file application of the file to be desensitized;
determining a desensitization mode of the file to be desensitized according to the relation between the importance level and the level threshold value of the file to be desensitized; wherein the desensitization mode comprises encryption desensitization and replacement desensitization;
And according to the desensitization mode of the file to be desensitized, carrying out desensitization treatment on the target sensitive data in the file to be desensitized.
In a fifth aspect, the present application also provides a computer program product. Computer program product comprising a computer program which, when executed by a processor, realizes the steps of:
determining the importance level of the file to be desensitized according to the file application of the file to be desensitized;
determining a desensitization mode of the file to be desensitized according to the relation between the importance level and the level threshold value of the file to be desensitized; wherein the desensitization mode comprises encryption desensitization and replacement desensitization;
and according to the desensitization mode of the file to be desensitized, carrying out desensitization treatment on the target sensitive data in the file to be desensitized.
The data desensitization method, the data desensitization device, the computer equipment and the storage medium are used for determining the importance level of the file to be desensitized according to the file application of the file to be desensitized and determining the desensitization mode of the file to be desensitized according to the relation between the importance level of the file to be desensitized and the level threshold; wherein the desensitization mode comprises encryption desensitization and replacement desensitization; according to the desensitization mode of the document to be desensitized, target sensitive data in the document to be desensitized are desensitized, when the document to be desensitized is desensitized, not only is the document use and the importance level of the document to be desensitized considered, but also the corresponding desensitization mode can be flexibly selected according to the importance level of the document to be desensitized, the application scene is more abundant, and the desensitization modes are more various.
Drawings
Fig. 1 is an application environment diagram of a data desensitizing method provided in the present embodiment;
FIG. 2 is a flow chart of a first data desensitizing method according to the present embodiment;
fig. 3 is a schematic flow chart of encryption and desensitization processing for sensitive data of each target in a file to be desensitized according to the embodiment;
fig. 4 is a schematic flow chart of determining importance levels of a document to be desensitized according to the present embodiment;
FIG. 5 is a schematic flow chart of determining target sensitive data according to the present embodiment;
FIG. 6 is a flow chart showing a part of a second exemplary data desensitizing method according to the present embodiment;
fig. 7 is a block diagram of a first data desensitizing apparatus according to the present embodiment;
FIG. 8 is a block diagram showing the construction of a second data desensitizing apparatus according to the present embodiment;
fig. 9 is an internal structural diagram of the computer device provided in the present embodiment.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in FIG. 1. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used for storing acquired data of the abnormal data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method of data desensitization.
In one embodiment, a method of desensitizing data is provided, as shown in FIG. 2, comprising the steps of:
s201, determining the importance level of the document to be desensitized according to the document application of the document to be desensitized.
The file to be desensitized refers to a file which needs to desensitize target sensitive data in the file. Document usage refers to the subsequent application of the document, such as for data analysis or creation of user representations. The importance level refers to the level of the obtained file to be desensitized according to the file application of the file to be desensitized.
An alternative implementation manner of this embodiment is as follows: and determining the importance level of the file to be desensitized according to the file application and the level list of the file to be desensitized. The corresponding relation between the file purpose and the importance level is recorded in the level list.
The file uses and the corresponding importance levels in the level list are the importance levels of the obtained files to be desensitized according to the importance of the target sensitive data in the files to be desensitized to the use results in advance. For example, if the file application of the file to be desensitized is applied to data analysis, the sensitive data of the file to be desensitized has little influence on the data analysis result, and the corresponding importance level is lower. If the document is used for forming the user portrait, the target sensitive data of the document to be desensitized has larger influence on the accuracy of the user portrait, and the corresponding importance level is higher.
Another alternative implementation of this embodiment is: inputting the file to be desensitized into a neural network model, and outputting the importance level of the file to be desensitized by the neural network model.
S202, determining a desensitization mode of the document to be desensitized according to the relation between the importance level of the document to be desensitized and the level threshold. Wherein the desensitization mode comprises encryption desensitization and replacement desensitization.
The encryption and desensitization means that the target sensitive data in the file to be desensitized is encrypted by adopting an encryption method so as to achieve the aim of desensitizing the target sensitive data, and the target sensitive data can be restored by a decryption key in the follow-up process so as to facilitate the follow-up application of the target sensitive data. The replacement decryption refers to replacing the target sensitive data in the file to be desensitized by using other characters, for example, replacing the target sensitive data by using an 'x' character, wherein the target sensitive data in the file after the replacement desensitization is desensitized is unreducable, cannot be used later, and has higher replacement desensitization efficiency.
Optionally, in this embodiment, if the importance level of the document to be desensitized is less than or equal to the level threshold, determining that the desensitization mode of the document to be desensitized is replacement desensitization; if the importance level of the file to be desensitized is larger than the level threshold, determining that the desensitization mode of the file to be desensitized is encryption desensitization.
S203, according to the desensitization mode of the document to be desensitized, desensitizing the target sensitive data in the document to be desensitized.
An alternative implementation manner of this embodiment is as follows: and determining a replacement character aiming at the file to be desensitized with the importance level smaller than or equal to the level threshold, and performing desensitization treatment by adopting a replacement desensitization mode according to the target sensitive data in the file to be desensitized with the replacement character.
Another alternative implementation of this embodiment is: and determining an encryption algorithm aiming at the file to be desensitized with the importance level being greater than the level threshold, and carrying out desensitization treatment on the target sensitive data in the file to be desensitized by adopting an encryption desensitization mode according to the encryption algorithm.
According to the embodiment, the importance level of the file to be desensitized is determined according to the file application of the file to be desensitized, and the desensitization mode of the file to be desensitized is determined according to the relation between the importance level of the file to be desensitized and the level threshold; wherein the desensitization mode comprises encryption desensitization and replacement desensitization; according to the desensitization mode of the document to be desensitized, target sensitive data in the document to be desensitized are desensitized, when the document to be desensitized is desensitized, not only is the document use and the importance level of the document to be desensitized considered, but also the corresponding desensitization mode can be flexibly selected according to the importance level of the document to be desensitized, the application scene is more abundant, and the desensitization modes are more various.
In one embodiment, if the desensitization mode is encryption desensitization, as shown in fig. 3, an alternative implementation of S203 includes:
s301, if the desensitization mode is encryption desensitization, determining a masking mark corresponding to sensitive data of each target in the file to be desensitized.
The target sensitive data is the sensitive data after validity verification. Target sensitive data includes, but is not limited to: name, age, phone number, card number, address, email, browsing trace, shopping information, transaction information, etc.
An alternative implementation manner of this embodiment is as follows: if the desensitization mode is encryption desensitization, determining a masking mark corresponding to sensitive data of each target in the file to be desensitized in a self-defining mode. For example, the identification with advertisement meaning can be customized according to enterprise abbreviations, enterprise codes and the like and used as a masking identification corresponding to each target sensitive data in the file to be desensitized.
Another alternative implementation of this embodiment is: if the desensitization mode is encryption allergy, determining a masking mark of each target sensitive data according to the data type of each target sensitive data in the file to be desensitized. Specifically, the data type of each target sensitive data in the file to be desensitized can be used as a covering mark of each target sensitive data. For example, if the data type of a certain target sensitive data in the file to be desensitized is shopping information, the shopping information is used as a masking identifier of the target sensitive data, and the target sensitive data is masked. In this embodiment, the data type of the masked target sensitive data may be identified based on the mask identifier, so that it is convenient to determine whether decryption is necessary when the method is used later.
S302, encryption desensitization processing is carried out on each target sensitive data in the file to be desensitized based on the covering identification of each target sensitive data.
Optionally, in this embodiment, according to the mask identifier of each target sensitive data, masking processing is performed on each target sensitive data in the file to be desensitized, so as to obtain the file to be desensitized that includes the mask region, and encryption and desensitization processing is performed on the mask region in the file to be desensitized.
In this embodiment, if the desensitization mode is encryption desensitization, a masking identifier corresponding to each target sensitive data in the file to be desensitized is determined, and encryption desensitization processing can be implemented on each target sensitive data in the file to be desensitized based on the masking identifier of each target sensitive data.
In this embodiment, encryption and desensitization are performed on each target sensitive data in the file to be desensitized based on the mask identifier of each target sensitive data. The method not only realizes the desensitization processing of the target sensitive data, but also is convenient for the subsequent restoration of the target sensitive data, protects the privacy of the user, and simultaneously is convenient for the data restoration in the subsequent application. In order to facilitate data restoration, a permission verification area can be added in the file to be desensitized, permission verification is carried out in the permission verification area, after the permission verification is passed, a decryption key is displayed, and the masked area is decrypted through the decryption key to obtain corresponding target sensitive data. The method comprises the steps of adding a permission verification area in a file to be desensitized, wherein an optional implementation mode for performing permission verification in the permission verification area is as follows: and a verification link can be added in the authority verification area, a corresponding verification website is opened based on the verification link, and the authority verification is performed on the operator based on the verification website.
In one embodiment, in order to more accurately determine the importance level of the document to be desensitized, as shown in fig. 4, an alternative implementation manner in S201 includes:
s401, determining initial scores of the files to be desensitized according to file purposes of the files to be desensitized.
The initial score refers to a score of the obtained file to be desensitized, which is determined based on the file purpose of the file to be desensitized.
An alternative implementation manner of this embodiment is as follows: the file application of the file to be desensitized is input into a neural network model, and the neural network model outputs the initial score of the file to be desensitized.
Another alternative implementation of this embodiment is: and determining the initial score of the file to be desensitized according to the file application and the score list of the file to be desensitized. The scoring list records the purposes of the file and scores corresponding to the purposes of the file. The scores corresponding to the file uses are obtained according to the evaluation of the dependence of the file uses on the target data.
And S402, adjusting the initial score according to the data type of the target sensitive data in the file to be desensitized to obtain the target score.
Optionally, in this embodiment, the initial score is adjusted according to the importance of the data type of the target sensitive data in the file to be desensitized, so as to obtain the target score. Specifically, corresponding weights are given to different data types in advance according to importance of file usage, all data types in the file to be desensitized are obtained, then summation calculation is carried out on the weights corresponding to all data types, comprehensive weights are obtained, initial scores are adjusted according to the comprehensive weights, and target scores are obtained. The method comprises the following steps of adjusting initial scores according to comprehensive weights, wherein the optional implementation modes for obtaining target scores are as follows: and calculating the product of the comprehensive weight and the initial score, and taking the product result as a target score.
S403, determining the importance level of the file to be desensitized from the candidate levels according to the target scores and the score ranges corresponding to the candidate levels.
Optionally, in this embodiment, a scoring range corresponding to the candidate level is preset, a scoring range to which the target score belongs is determined according to the target score, and the candidate level corresponding to the scoring range is used as the importance level of the document to be desensitized.
According to the file application of the file to be desensitized, the initial score of the file to be desensitized is determined, the initial score is adjusted according to the data type of the target sensitive data in the file to be desensitized, the target score is obtained, the importance level of the file to be desensitized is determined from the candidate level according to the target score and the score range corresponding to the candidate level, and the accuracy of the importance level is improved.
In one embodiment, to determine target sensitive data, as shown in fig. 5, an alternative implementation of a data desensitizing method includes:
and S501, extracting candidate sensitive data from the file to be desensitized.
The candidate sensitive data is the sensitive data subjected to validity verification.
An alternative implementation manner of this embodiment is as follows: inputting the file to be desensitized into a neural network model, and extracting candidate sensitive data from the file to be desensitized by the neural network model.
Another alternative implementation of this embodiment is: and extracting candidate sensitive data from the file to be desensitized by using sensitive data identification software.
S502, carrying out validity verification on the candidate sensitive data, and taking the candidate sensitive data with the validity verification passed as target sensitive data.
An alternative implementation manner of this embodiment is as follows: and carrying out validity verification on the candidate sensitive data by using a regular matching algorithm, and taking the candidate sensitive data with the validity verification as target sensitive data.
Another alternative implementation of this embodiment is: matching the candidate sensitive data with the sensitive data in the sensitive database, and if the matching is successful, indicating that the candidate sensitive data is target sensitive data; if the matching fails, the candidate sensitive data is not the target sensitive data, the effectiveness verification of the candidate sensitive data is realized, and the candidate sensitive data with the effectiveness verification passed is taken as the target sensitive data.
In the embodiment, candidate sensitive data is advanced from the file to be desensitized, the candidate sensitive data is validated, the candidate sensitive data with the validated validity is used as target sensitive data, and the accuracy of determining the target sensitive data is improved.
In one embodiment, as shown in FIG. 6, an alternative implementation of a data desensitization method includes:
and S601, extracting candidate sensitive data from the file to be desensitized.
S602, carrying out validity verification on the candidate sensitive data, and taking the candidate sensitive data with the validity verification passed as target sensitive data.
S603, determining the initial score of the file to be desensitized according to the file application of the file to be desensitized.
S604, adjusting the initial score according to the data type of the target sensitive data in the file to be desensitized to obtain the target score.
S605, determining the importance level of the file to be desensitized from the candidate levels according to the target scores and the score ranges corresponding to the candidate levels.
S606, judging whether the importance level of the file to be desensitized is larger than a level threshold. If not, executing S607; if yes, S608 is executed.
S607, determining the desensitization mode of the document to be desensitized as replacement desensitization.
And S608, performing replacement desensitization processing on the file to be desensitized.
S609, determining the masking identification of each target sensitive data according to the data type of each target sensitive data in the file to be desensitized.
And S6010, performing masking treatment on each target sensitive data in the file to be desensitized according to the masking identification of each target sensitive data to obtain the file to be desensitized containing the masking area.
And S6011, encrypting and desensitizing the covered area in the file to be desensitized.
According to the embodiment, the importance level of the file to be desensitized is determined according to the file application of the file to be desensitized, and the desensitization mode of the file to be desensitized is determined according to the relation between the importance level of the file to be desensitized and the level threshold; wherein the desensitization mode comprises encryption desensitization and replacement desensitization; according to the desensitization mode of the document to be desensitized, target sensitive data in the document to be desensitized are desensitized, when the document to be desensitized is desensitized, not only is the document use and the importance level of the document to be desensitized considered, but also the corresponding desensitization mode can be flexibly selected according to the importance level of the document to be desensitized, the application scene is more abundant, and the desensitization modes are more various.
It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.
Based on the same inventive concept, the embodiment of the application also provides a data desensitizing device for realizing the above related data desensitizing method. The implementation of the solution provided by the device is similar to that described in the above method, so specific limitations in one or more embodiments of the data desensitizing device provided below may be referred to above for limitations of the data desensitizing method, and will not be described herein.
In one embodiment, as shown in fig. 7, there is provided a data desensitizing apparatus 1, comprising: a first determination module 10, a second determination module 20, and a desensitization module 30, wherein:
a first determining module 10, configured to determine an importance level of a document to be desensitized according to a document use of the document to be desensitized;
a second determining module 20, configured to determine a desensitization mode of the document to be desensitized according to a relationship between an importance level and a level threshold of the document to be desensitized; wherein the desensitization mode comprises encryption desensitization and replacement desensitization;
the desensitization module 30 is used for desensitizing the target sensitive data in the document to be desensitized according to the desensitization mode of the document to be desensitized.
The data desensitizing device in the embodiment determines the importance level of the file to be desensitized according to the file application of the file to be desensitized, and determines the desensitizing mode of the file to be desensitized according to the relation between the importance level of the file to be desensitized and the level threshold; wherein the desensitization mode comprises encryption desensitization and replacement desensitization; according to the desensitization mode of the document to be desensitized, target sensitive data in the document to be desensitized are desensitized, when the document to be desensitized is desensitized, not only is the document use and the importance level of the document to be desensitized considered, but also the corresponding desensitization mode can be flexibly selected according to the importance level of the document to be desensitized, the application scene is more abundant, and the desensitization modes are more various.
In one embodiment, the second determining module 20 in fig. 7 above, further includes:
the first determining unit is used for determining that the desensitization mode of the document to be desensitized is replacement desensitization if the importance level of the document to be desensitized is smaller than or equal to the level threshold value;
and the second determining unit is used for determining that the desensitization mode of the document to be desensitized is encryption desensitization if the importance level of the document to be desensitized is greater than the level threshold value.
In one embodiment, the desensitizing module 30 of fig. 7 above, further comprises:
and the third determining unit is used for determining the masking mark corresponding to each target sensitive data in the file to be desensitized if the desensitization mode is encryption desensitization.
And the desensitization unit is used for encrypting and desensitizing the sensitive data of each target in the file to be desensitized based on the covering identification of the sensitive data of each target.
In one embodiment, the third determining unit is further specifically configured to: and determining the masking identification of each target sensitive data according to the data type of each target sensitive data in the file to be desensitized.
In one embodiment, the desensitizing unit is further specifically configured to: according to the masking identification of each target sensitive data, masking each target sensitive data in the file to be desensitized to obtain the file to be desensitized containing the masking area; and (5) encrypting and desensitizing the masked area in the file to be desensitized.
In one embodiment, the first determining module 10 in fig. 7 above further includes:
and the fourth determining unit is used for determining the initial score of the file to be desensitized according to the file application of the file to be desensitized.
A fifth determining unit, configured to adjust the initial score according to a data type of the target sensitive data in the file to be desensitized, so as to obtain a target score;
and the grade determining unit is used for determining the importance grade of the file to be desensitized from the candidate grades according to the target grade and the grade range corresponding to the candidate grades.
In one embodiment, as shown in fig. 8, the data desensitizing apparatus in fig. 7 above further includes:
an extracting module 40, configured to extract candidate sensitive data from the file to be desensitized.
And the verification module 50 is used for verifying the validity of the candidate sensitive data and taking the candidate sensitive data which passes the validity verification as target sensitive data.
The various modules in the data desensitizing apparatus described above may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a server, and the internal structure of which may be as shown in fig. 9. The computer device includes a processor, a memory, an Input/Output interface (I/O) and a communication interface. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface is connected to the system bus through the input/output interface. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used to store data related to the scanning tool. The input/output interface of the computer device is used to exchange information between the processor and the external device. The communication interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method of data desensitization.
It will be appreciated by persons skilled in the art that the architecture shown in fig. 9 is merely a block diagram of some of the architecture relevant to the present inventive arrangements and is not limiting as to the computer device to which the present inventive arrangements are applicable, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
In one embodiment, a computer device is provided comprising a memory and a processor, the memory having stored therein a computer program, the processor when executing the computer program performing the steps of:
determining the importance level of the file to be desensitized according to the file application of the file to be desensitized;
determining a desensitization mode of the file to be desensitized according to the relation between the importance level and the level threshold value of the file to be desensitized; wherein the desensitization mode comprises encryption desensitization and replacement desensitization;
and according to the desensitization mode of the file to be desensitized, carrying out desensitization treatment on the target sensitive data in the file to be desensitized.
In one embodiment, the processor when executing the computer program further performs the steps of: determining a desensitization mode of the document to be desensitized according to the relation between the importance level and the level threshold value of the document to be desensitized, comprising:
If the importance level of the file to be desensitized is smaller than or equal to the level threshold value, determining that the desensitization mode of the file to be desensitized is replacement desensitization;
if the importance level of the file to be desensitized is larger than the level threshold, determining that the desensitization mode of the file to be desensitized is encryption desensitization.
In one embodiment, the processor when executing the computer program further performs the steps of: according to the desensitization mode of the document to be desensitized, carrying out desensitization treatment on the target sensitive data in the document to be desensitized, wherein the desensitization treatment comprises the following steps:
if the desensitization mode is encryption desensitization, determining a masking mark corresponding to sensitive data of each target in the file to be desensitized;
and encrypting and desensitizing the sensitive data of each target in the file to be desensitized based on the masking identification of the sensitive data of each target.
In one embodiment, the processor when executing the computer program further performs the steps of: determining a masking identifier corresponding to sensitive data of each target in a file to be desensitized, wherein the masking identifier comprises the following steps:
and determining the masking identification of each target sensitive data according to the data type of each target sensitive data in the file to be desensitized.
In one embodiment, the processor when executing the computer program further performs the steps of: based on the masking identification of each target sensitive data, encrypting and desensitizing each target sensitive data in the file to be desensitized, which comprises the following steps:
According to the masking identification of each target sensitive data, masking each target sensitive data in the file to be desensitized to obtain the file to be desensitized containing the masking area;
and (5) encrypting and desensitizing the masked area in the file to be desensitized.
In one embodiment, the processor when executing the computer program further performs the steps of: according to the file application of the file to be desensitized, determining the importance level of the file to be desensitized comprises the following steps:
determining an initial score of the file to be desensitized according to the file application of the file to be desensitized;
according to the data type of the target sensitive data in the file to be desensitized, adjusting the initial score to obtain a target score;
and determining the importance level of the file to be desensitized from the candidate levels according to the target scores and the score ranges corresponding to the candidate levels.
In one embodiment, the processor when executing the computer program further performs the steps of: the method further comprises the following steps:
extracting candidate sensitive data from a file to be desensitized;
and carrying out validity verification on the candidate sensitive data, and taking the candidate sensitive data which passes the validity verification as target sensitive data.
In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor, performs the steps of:
Determining the importance level of the file to be desensitized according to the file application of the file to be desensitized;
determining a desensitization mode of the file to be desensitized according to the relation between the importance level and the level threshold value of the file to be desensitized; wherein the desensitization mode comprises encryption desensitization and replacement desensitization;
and according to the desensitization mode of the file to be desensitized, carrying out desensitization treatment on the target sensitive data in the file to be desensitized.
In one embodiment, the computer program when executed by the processor further performs the steps of: determining a desensitization mode of the document to be desensitized according to the relation between the importance level and the level threshold value of the document to be desensitized, comprising:
if the importance level of the file to be desensitized is smaller than or equal to the level threshold value, determining that the desensitization mode of the file to be desensitized is replacement desensitization;
if the importance level of the file to be desensitized is larger than the level threshold, determining that the desensitization mode of the file to be desensitized is encryption desensitization.
In one embodiment, the computer program when executed by the processor further performs the steps of: according to the desensitization mode of the document to be desensitized, carrying out desensitization treatment on the target sensitive data in the document to be desensitized, wherein the desensitization treatment comprises the following steps:
if the desensitization mode is encryption desensitization, determining a masking mark corresponding to sensitive data of each target in the file to be desensitized;
And encrypting and desensitizing the sensitive data of each target in the file to be desensitized based on the masking identification of the sensitive data of each target.
In one embodiment, the computer program when executed by the processor further performs the steps of: determining a masking identifier corresponding to sensitive data of each target in a file to be desensitized, wherein the masking identifier comprises the following steps:
and determining the masking identification of each target sensitive data according to the data type of each target sensitive data in the file to be desensitized.
In one embodiment, the computer program when executed by the processor further performs the steps of: based on the masking identification of each target sensitive data, encrypting and desensitizing each target sensitive data in the file to be desensitized, which comprises the following steps:
according to the masking identification of each target sensitive data, masking each target sensitive data in the file to be desensitized to obtain the file to be desensitized containing the masking area;
and (5) encrypting and desensitizing the masked area in the file to be desensitized.
In one embodiment, the computer program when executed by the processor further performs the steps of: according to the file application of the file to be desensitized, determining the importance level of the file to be desensitized comprises the following steps:
determining an initial score of the file to be desensitized according to the file application of the file to be desensitized;
According to the data type of the target sensitive data in the file to be desensitized, adjusting the initial score to obtain a target score;
and determining the importance level of the file to be desensitized from the candidate levels according to the target scores and the score ranges corresponding to the candidate levels.
In one embodiment, the computer program when executed by the processor further performs the steps of: the method further comprises the following steps:
extracting candidate sensitive data from a file to be desensitized;
and carrying out validity verification on the candidate sensitive data, and taking the candidate sensitive data which passes the validity verification as target sensitive data.
In one embodiment, a computer program product is provided comprising a computer program which, when executed by a processor, performs the steps of:
determining the importance level of the file to be desensitized according to the file application of the file to be desensitized;
determining a desensitization mode of the file to be desensitized according to the relation between the importance level and the level threshold value of the file to be desensitized; wherein the desensitization mode comprises encryption desensitization and replacement desensitization;
and according to the desensitization mode of the file to be desensitized, carrying out desensitization treatment on the target sensitive data in the file to be desensitized.
In one embodiment, the computer program when executed by the processor further performs the steps of: determining a desensitization mode of the document to be desensitized according to the relation between the importance level and the level threshold value of the document to be desensitized, comprising:
If the importance level of the file to be desensitized is smaller than or equal to the level threshold value, determining that the desensitization mode of the file to be desensitized is replacement desensitization;
if the importance level of the file to be desensitized is larger than the level threshold, determining that the desensitization mode of the file to be desensitized is encryption desensitization.
In one embodiment, the computer program when executed by the processor further performs the steps of: according to the desensitization mode of the document to be desensitized, carrying out desensitization treatment on the target sensitive data in the document to be desensitized, wherein the desensitization treatment comprises the following steps:
if the desensitization mode is encryption desensitization, determining a masking mark corresponding to sensitive data of each target in the file to be desensitized;
and encrypting and desensitizing the sensitive data of each target in the file to be desensitized based on the masking identification of the sensitive data of each target.
In one embodiment, the computer program when executed by the processor further performs the steps of: determining a masking identifier corresponding to sensitive data of each target in a file to be desensitized, wherein the masking identifier comprises the following steps:
and determining the masking identification of each target sensitive data according to the data type of each target sensitive data in the file to be desensitized.
In one embodiment, the computer program when executed by the processor further performs the steps of: based on the masking identification of each target sensitive data, encrypting and desensitizing each target sensitive data in the file to be desensitized, which comprises the following steps:
According to the masking identification of each target sensitive data, masking each target sensitive data in the file to be desensitized to obtain the file to be desensitized containing the masking area;
and (5) encrypting and desensitizing the masked area in the file to be desensitized.
In one embodiment, the computer program when executed by the processor further performs the steps of: according to the file application of the file to be desensitized, determining the importance level of the file to be desensitized comprises the following steps:
determining an initial score of the file to be desensitized according to the file application of the file to be desensitized;
according to the data type of the target sensitive data in the file to be desensitized, adjusting the initial score to obtain a target score;
and determining the importance level of the file to be desensitized from the candidate levels according to the target scores and the score ranges corresponding to the candidate levels.
In one embodiment, the computer program when executed by the processor further performs the steps of: the method further comprises the following steps:
extracting candidate sensitive data from a file to be desensitized;
and carrying out validity verification on the candidate sensitive data, and taking the candidate sensitive data which passes the validity verification as target sensitive data.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.
Claims (11)
1. A method of desensitizing data, the method comprising:
determining the importance level of the file to be desensitized according to the file application of the file to be desensitized;
determining a desensitization mode of the file to be desensitized according to the relation between the importance level and the level threshold value of the file to be desensitized; wherein the desensitization mode comprises encryption desensitization and replacement desensitization;
and according to the desensitization mode of the file to be desensitized, carrying out desensitization treatment on the target sensitive data in the file to be desensitized.
2. The method according to claim 1, wherein determining the desensitization mode of the document to be desensitized according to the relation between the importance level and the level threshold value of the document to be desensitized comprises:
if the importance level of the file to be desensitized is smaller than or equal to the level threshold value, determining that the desensitization mode of the file to be desensitized is replacement desensitization;
and if the importance level of the file to be desensitized is greater than the level threshold, determining that the desensitization mode of the file to be desensitized is encryption desensitization.
3. The method according to claim 1, wherein the desensitizing the target sensitive data in the document to be desensitized according to the desensitizing mode of the document to be desensitized comprises:
if the desensitization mode is encryption desensitization, determining a masking mark corresponding to sensitive data of each target in the file to be desensitized;
and encrypting and desensitizing the sensitive data of each target in the file to be desensitized based on the covering identification of the sensitive data of each target.
4. A method according to claim 3, wherein the determining the mask identifier corresponding to each target sensitive data in the document to be desensitized comprises:
and determining the masking identification of each target sensitive data according to the data type of each target sensitive data in the file to be desensitized.
5. A method according to claim 3, wherein said encrypting and desensitizing each object sensitive data in the document to be desensitized based on the masked identification of each object sensitive data comprises:
according to the masking identification of each target sensitive data, masking each target sensitive data in the file to be desensitized to obtain the file to be desensitized containing the masking area;
and encrypting and desensitizing the covered area in the file to be desensitized.
6. The method according to claim 1, wherein determining the importance level of the document to be desensitized according to the document use of the document to be desensitized comprises:
determining an initial score of the file to be desensitized according to the file application of the file to be desensitized;
according to the data type of the target sensitive data in the file to be desensitized, adjusting the initial score to obtain a target score;
and determining the importance level of the file to be desensitized from the candidate levels according to the target scores and the score ranges corresponding to the candidate levels.
7. The method according to any one of claims 1-6, further comprising:
extracting candidate sensitive data from a file to be desensitized;
And carrying out validity verification on the candidate sensitive data, and taking the candidate sensitive data which passes the validity verification as target sensitive data.
8. A data desensitizing apparatus, comprising:
the first determining module is used for determining the importance level of the file to be desensitized according to the file application of the file to be desensitized;
the second determining module is used for determining the desensitization mode of the document to be desensitized according to the relation between the importance level and the level threshold value of the document to be desensitized; wherein the desensitization mode comprises encryption desensitization and replacement desensitization;
and the desensitization module is used for carrying out desensitization treatment on the target sensitive data in the file to be desensitized according to the desensitization mode of the file to be desensitized.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the data desensitization method according to any one of claims 1-7 when executing the computer program.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the data desensitization method according to any one of claims 1-7.
11. A computer program product comprising a computer program, characterized in that the computer program, when executed by a processor, implements the steps of the data desensitization method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311029385.XA CN117034345A (en) | 2023-08-15 | 2023-08-15 | Data desensitization method, device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311029385.XA CN117034345A (en) | 2023-08-15 | 2023-08-15 | Data desensitization method, device, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117034345A true CN117034345A (en) | 2023-11-10 |
Family
ID=88626031
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311029385.XA Pending CN117034345A (en) | 2023-08-15 | 2023-08-15 | Data desensitization method, device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117034345A (en) |
-
2023
- 2023-08-15 CN CN202311029385.XA patent/CN117034345A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9858426B2 (en) | Computer-implemented system and method for automatically identifying attributes for anonymization | |
| CN110602248B (en) | Abnormal behavior information identification method, system, device, equipment and medium | |
| US10878126B1 (en) | Batch tokenization service | |
| US11270227B2 (en) | Method for managing a machine learning model | |
| US20210133742A1 (en) | Detection of security threats in a network environment | |
| CN116089620B (en) | Electronic archive data management method and system | |
| US11816224B2 (en) | Assessing and managing computational risk involved with integrating third party computing functionality within a computing system | |
| US20230098507A1 (en) | De-tokenization patterns and solutions | |
| CN114186275A (en) | Privacy protection method and device, computer equipment and storage medium | |
| CN114693192A (en) | Wind control decision method and device, computer equipment and storage medium | |
| CN117275138A (en) | Identity authentication method, device, equipment and storage medium based on automatic teller machine | |
| CN117034345A (en) | Data desensitization method, device, computer equipment and storage medium | |
| US20240119178A1 (en) | Anonymizing personal information for use in assessing fraud risk | |
| US11675817B1 (en) | Synthetic data generation | |
| CN117391701A (en) | Method and device for detecting theft and brushing behaviors, computer equipment and storage medium | |
| US20240070534A1 (en) | Individualized classification thresholds for machine learning models | |
| CN116127503A (en) | Private data processing method, apparatus, computer device and storage medium | |
| CN115936830A (en) | Enterprise credit risk assessment method and device | |
| CN114329581A (en) | Data protection method, device and equipment | |
| CN116861405A (en) | Password detection method, device, apparatus, storage medium, and program product | |
| CN117436048A (en) | Security authentication method and device, computer equipment and storage medium | |
| CN116827630A (en) | Searchable encryption method, device, equipment and storage medium for card service information | |
| CN115034873A (en) | Loss report type identification method, loss report type identification device, loss report type identification equipment, storage medium and program product | |
| CN117541193A (en) | Business auditing method, device, computer equipment and storage medium | |
| CN115952554A (en) | Electronic signature data processing method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |