CN117077196A - Method, device, computer equipment and storage medium for data desensitization - Google Patents

Method, device, computer equipment and storage medium for data desensitization Download PDF

Info

Publication number
CN117077196A
CN117077196A CN202311023537.5A CN202311023537A CN117077196A CN 117077196 A CN117077196 A CN 117077196A CN 202311023537 A CN202311023537 A CN 202311023537A CN 117077196 A CN117077196 A CN 117077196A
Authority
CN
China
Prior art keywords
data
desensitized
index
original data
sensitive
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311023537.5A
Other languages
Chinese (zh)
Inventor
谈敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Bank Co Ltd
Original Assignee
Ping An Bank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Bank Co Ltd filed Critical Ping An Bank Co Ltd
Priority to CN202311023537.5A priority Critical patent/CN117077196A/en
Publication of CN117077196A publication Critical patent/CN117077196A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to the field of financial science and technology, and discloses a data desensitizing method, a device, computer equipment and a storage medium, wherein the method comprises the following steps: identifying and extracting non-sensitive data in the original data to be desensitized; obtaining an index of the original data to be desensitized according to the extracted non-sensitive data; encrypting the original data to be desensitized to obtain encrypted data; and generating desensitized data of the original data to be desensitized according to the index of the original data to be desensitized and the encrypted data. The application realizes data desensitization by encrypting the original data without customizing complex desensitization rules for the data of each different structure type or different storage modes, realizes quick, efficient and simple data desensitization, and greatly reduces the complexity of data desensitization and the missed desensitization rate.

Description

Method, device, computer equipment and storage medium for data desensitization
Technical Field
The present application relates to the field of financial science and technology and the internet technology, and in particular, to a data desensitizing method, apparatus, computer device and storage medium.
Background
In the prior art, the production data derivative flow is required to be subjected to strict security audit and complicated desensitization procedures, and if conditions of inconsistent desensitization parameters or variable data types, unstructured storage and the like are met in the process, the desensitization process is more complicated, the problems of missing of sensitive elements or incomplete desensitization and the like are easily caused, the rework of the desensitization flow is caused, the desensitization time cost is increased, and the production data derivative efficiency is greatly reduced.
Disclosure of Invention
The application mainly aims to provide a data desensitizing method, a data desensitizing device, computer equipment and a storage medium, which can solve the technical problems of low desensitizing efficiency and incomplete desensitizing in the prior art.
To achieve the above object, a first aspect of the present application provides a method of desensitizing data, the method comprising:
identifying and extracting non-sensitive data in the original data to be desensitized;
obtaining an index of the original data according to the extracted non-sensitive data;
encrypting the original data to obtain encrypted data;
and generating desensitized data of the original data according to the index of the original data and the encrypted data.
To achieve the above object, a second aspect of the present application provides an apparatus for desensitizing data, the apparatus comprising:
the data identification module is used for identifying and extracting non-sensitive data in the original data to be desensitized;
the index determining module is used for obtaining the index of the original data to be desensitized according to the extracted non-sensitive data;
the encryption module is used for encrypting the original data to be desensitized to obtain encrypted data;
the desensitization data generation module is used for generating desensitized data of the original data to be desensitized according to the index of the original data to be desensitized and the encrypted data.
To achieve the above object, a third aspect of the present application provides a computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of:
identifying and extracting non-sensitive data in the original data to be desensitized;
obtaining an index of original data to be desensitized according to the extracted non-sensitive data;
encrypting the original data to be desensitized to obtain encrypted data;
and generating desensitized data of the original data to be desensitized according to the index of the original data to be desensitized and the encrypted data.
To achieve the above object, a fourth aspect of the present application provides a computer apparatus including a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps of:
identifying and extracting non-sensitive data in the original data to be desensitized;
obtaining an index of original data to be desensitized according to the extracted non-sensitive data;
encrypting the original data to be desensitized to obtain encrypted data;
and generating desensitized data of the original data to be desensitized according to the index of the original data to be desensitized and the encrypted data.
The embodiment of the application has the following beneficial effects:
according to the application, the data desensitization is realized by encrypting the original data, and complex desensitization rules are not required to be customized for the data of each different structure type or different storage modes, so that the quick, efficient and simple data desensitization is realized; the encryption mode does not need to consider the storage mode and the structure type of the original data, is applicable to data in any storage mode or structure type, realizes the universality and wide applicability of data desensitization, and particularly reduces the complexity and the leakage desensitization rate of data desensitization for unstructured or non-standardized stored data. Meanwhile, the rapid desensitization of the data is suitable for various application scenes with high requirements on the freshness of the data, improves the use efficiency of the data, and is particularly suitable for testing scenes, development scenes and outsourcing scenes of banks, insurance industries and the like with frequent iterative updating of product versions of systems, applications and the like in the field of financial science and technology.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Wherein:
FIG. 1 is a diagram of an application environment for a method of desensitizing data in an embodiment of the application;
FIG. 2 is a flow chart of a method of desensitizing data in an embodiment of the application;
FIG. 3 is a block diagram of an apparatus for desensitizing data in an embodiment of the application;
fig. 4 is a block diagram of a computer device in an embodiment of the application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
FIG. 1 is a diagram of an application environment for a method of desensitizing data in one embodiment. Referring to fig. 1, the data desensitization method is applied to a data desensitization system. The data desensitization system includes a terminal 110 and a server 120. The terminal 110 and the server 120 are connected through a network, and the terminal 110 may be a desktop terminal or a mobile terminal, and the mobile terminal may be at least one of a mobile phone, a tablet computer, a notebook computer, and the like. The server 120 may be implemented as a stand-alone server or as a server cluster composed of a plurality of servers. The terminal 110 is configured to issue a desensitization rule to the server 120 according to a user instruction, and the server 120 is configured to identify and extract non-sensitive data in the original data to be desensitized according to the desensitization rule; obtaining an index of original data to be desensitized according to the extracted non-sensitive data; encrypting the original data to be desensitized to obtain encrypted data; and generating desensitized data of the original data to be desensitized according to the index of the original data to be desensitized and the encrypted data.
Data desensitization (Data mapping), also known as Data bleaching, data de-privacy or Data deformation, refers to Data deformation or anonymization of certain sensitive information through a desensitization rule under the condition that client security Data or some commercial sensitive Data are involved, so that the sensitive Data in a production library are prevented from being displayed in a plaintext form under the scene of disallowing plaintext display, data leakage is caused, and reliable protection of the sensitive privacy Data is realized. By means of data desensitization, abuse of private data can be effectively prevented, and the private data is prevented from flowing out without desensitization. The method meets the requirements of protecting private data, keeping supervision compliance and meeting enterprise compliance.
In one embodiment, as shown in FIG. 2, a method of data desensitization is provided. The method is applied to a computer device. The data desensitization method specifically comprises the following steps:
s100: and identifying and extracting non-sensitive data in the original data to be desensitized.
Specifically, the raw data to be desensitized is data containing sensitive information. The sensitive data is data containing sensitive information, such as an identification card number, a telephone number, a cell phone number, an address, a bank card number or account number, an account balance, a mailbox address, a password, a business license number, etc. Non-sensitive data is data that does not contain sensitive information, such as age, user nickname, date of birth, and the like.
Of course, the definition of the sensitive data and the non-sensitive data can be customized according to the actual application scene, and the application is not limited to this.
More specifically, a sensitive database is predefined. The sensitive database stores sensitive fields and sensitive data. For example, the sensitive fields include various sensitive fields such as an identification card number, a bank card number, a cell phone number, a password, a mailbox, and the like. Sensitive data includes: * Province and city are shown, and there is a series of lines, streets, C \\d \ @ com, @ cn, etc.
The sensitive data of sensitive fields, values of the sensitive fields and other non-sensitive fields in the original data to be desensitized can be identified according to the sensitive database, so that the non-sensitive data can be identified.
And extracting the non-sensitive data after the non-sensitive data are identified. If the original data to be desensitized does not contain non-sensitive fields or does not contain fields, the non-sensitive data may be one or more truncated strings of partially discontinuous data in the original data to be desensitized.
For example, the raw data to be desensitized are:
“file:///C:/Program%11files/Java/jdk1.2.0.54/rt.jar”。
one or more discrete strings are truncated from the string of characters as non-sensitive data. Or randomly shielding part of characters, and taking the non-shielded characters as non-sensitive data.
If the original data to be desensitized contains non-sensitive fields, identifying sensitive fields and non-sensitive fields in the target data to be desensitized; the non-sensitive data may be a field value of a non-sensitive field and a non-sensitive field.
For example: the raw data to be desensitized are requests { "custNo": "abc", "acctNo": "123", "mobileNo": "13131313131" }. "custNo" is a non-sensitive field, and "abc" is a field value of the non-sensitive field; both the acctNo and the mobileNo are sensitive fields, and the 123 and the 13131313131 are field values of the two sensitive fields respectively. "custNo" is "abc" as non-sensitive data.
S200: and obtaining an index of the original data to be desensitized according to the extracted non-sensitive data.
Specifically, if the non-sensitive data is a non-sensitive field and a field value, the identified at least one non-sensitive field and a corresponding field value are used as an index of the original data to be desensitized.
For example, one or more non-sensitive fields and field values of the non-sensitive fields are selected as indexes. Or selecting all non-sensitive fields and field values of the non-sensitive fields as indexes.
For example, the above "custNo" is referred to as "abc" as an index.
If the non-sensitive data is non-field data, the intercepted character string is taken as an index or a plurality of discontinuous character strings are spliced into an index. Or, the non-occluded characters are spliced into indexes, etc., the application does not limit the acquisition of the indexes.
S300: and encrypting the original data to be desensitized to obtain encrypted data.
Specifically, after the original data is encrypted, sensitive information of the original data is hidden and becomes invisible, and then the original data becomes insensitive data.
Wherein encryption may be performed by one of DES, TDEA, blowfish, RC, MD5, SHA1, etc., which is not limited in the present application.
S400: and generating desensitized data of the original data to be desensitized according to the index of the original data to be desensitized and the encrypted data.
Specifically, the desensitized data includes an index and encrypted data. The indexing of the original data to be desensitized is established to facilitate later indexing to the original data of the encrypted data. After the data is desensitized, the desensitized data can be safely used in various application scenes such as development, testing, other non-production environments, outsourcing environments, data analysis and the like.
The embodiment can be applied to various application scenes such as the production of desensitization derivatives. Taking the production desensitization derivative scenario as an example, the existing production data derivative flow needs to be subjected to strict security audit and complex desensitization procedures, and if the types of the produced data are various, the desensitization rules in the prior art may not be applicable to all types of data, so that the desensitization is incomplete or omitted. The embodiment realizes data protection by using an encryption mode, which is equivalent to realizing data desensitization, and the data encryption does not need to be subjected to a safety desensitization process in the prior art, only needs to be subjected to safety audit, and the derivative time is greatly shortened. The encryption mode is suitable for any type of production data, has wide application range, and reduces or eliminates data omission in the desensitization process. The production data of a mysql database in the prior art takes more than 1 week on average to desensitize to a test environment. If the data freshness requirement is high, such as when the version of the system and the data change frequently, the time consumption of 1 week greatly limits the data use efficiency. The use of the scheme of this embodiment can greatly reduce the time consumption in desensitization.
According to the embodiment, the data desensitization is realized by encrypting the original data, complex desensitization rules are not required to be customized for the data of each different structure type or different storage modes, and the quick, efficient and simple data desensitization is realized; the encryption mode does not need to consider the storage mode and the structure type of the original data, is applicable to data in any storage mode or structure type, realizes the universality and wide applicability of data desensitization, and particularly reduces the complexity and the leakage desensitization rate of data desensitization for unstructured or non-standardized stored data. Meanwhile, the rapid desensitization of the data is suitable for various application scenes with high requirements on the freshness of the data, improves the use efficiency of the data, and is particularly suitable for testing scenes, development scenes and outsourcing scenes of banks, insurance industries and the like with frequent iterative updating of product versions of systems, applications and the like in the field of financial science and technology.
In one embodiment, step S200 specifically includes:
if the extracted non-sensitive data does not have repeated conflict with the existing index, the extracted non-sensitive data is used as the index of the original data to be desensitized,
if the extracted non-sensitive data and the existing index have repeated conflict, the extracted non-sensitive data is deformed, and the obtained deformed data which does not have repeated conflict with the existing index is used as the index of the original data to be desensitized;
or,
the step S200 specifically includes: and taking the part of non-sensitive data which does not have repeated conflict with the existing index in the extracted non-sensitive data as the index of the original data to be desensitized.
In particular, the purpose of the index is to correlate the desensitized data with the original data before desensitization by the index. Thus, the index needs to be unique when storing the original data, i.e., neither index can be the same or repeated. Repetition conflict means that the two indices are identical.
Based on this, in this embodiment, it is required to determine whether the extracted non-sensitive data is an index of other original data; if not, the extracted non-sensitive data is used as an index of the original data to be desensitized.
If the existing history index is the same as or duplicates the extracted non-sensitive data, then the extracted non-sensitive data needs to be morphed into an index that does not have duplication conflicts with the existing index. The morphing process includes, but is not limited to, implementation using one or more combinations of pruning some characters in the non-sensitive data, adding characters, altering field values, character reorganization, character partial occlusion reorganization, and the like.
In another embodiment, only a portion of the extracted non-sensitive data is used as an index, and there is no duplication conflict between the portion of the non-sensitive data and the existing index. For example, a plurality of non-sensitive fields and field values are extracted, and only one or some of the non-sensitive fields and field values are used as an index. If the two indexes contain the same field, but the values of the fields are different, the two indexes are different indexes. If the first index contains all the fields of the second index and the first index contains other fields not in the second index, the two indices belong to different indices even if the field values are the same.
In another embodiment, all non-sensitive fields and field values may also be used as an index, and there is no duplication conflict between the index and the existing index.
In the embodiment, a unique index is created for each original data in a repeated conflict check mode, and the unique index is obtained through deformation under the condition that repeated conflicts exist, so that the corresponding relation between the original data and the desensitized data is ensured.
In another embodiment, if the same original data has been subjected to desensitization processing in the history desensitization, the index of the desensitized original data is used as the index of the original data to be desensitized, namely the shared index, and the same original data does not need to be repeatedly stored, so that the storage space is saved.
In one embodiment, after the index is obtained, the method further comprises: storing the index in association with the original data to be desensitized;
the method further comprises the steps of: and in the target application scene, searching the original data stored in association with the target index according to the target index in the target desensitized data to obtain target original data before target desensitization of the target desensitized data.
Specifically, the desensitized data includes corresponding index and encrypted data. The encrypted data is displayed in a non-plaintext form. If the original data of the target desensitized data is required to be obtained, extracting a target index in the target desensitized data, searching the original data stored in association with the target index according to the target index, and obtaining the searched original data as the target original data of the target desensitized data before desensitization.
The target application scenario of the present embodiment may include, but is not limited to, a test scenario, a development scenario, and the like.
Taking a test scene as an example, when the code test is performed by using the flow playback of the test environment, searching the index as a keyword, so that the real data of the encrypted data of the data to be used in the test can be obtained, and further, the flow playback application is performed.
In one embodiment, searching the original data stored in association with the target index according to the target index in the target desensitized data comprises:
verifying the data restoration authority of the target application scene by using the data of the user;
if the data use user has the data restoration authority, searching the original data stored in association with the target index according to the target index in the target desensitized data.
Specifically, whether the target application scene has the data restoration authority is judged. The data restoration authority refers to the authority to obtain the original data of the data after desensitization before desensitization. More specifically, authority verification is performed on the user identity of the data to be used for target desensitization in the target application scene, if the user has data restoration authority, the target original data stored in association is searched according to the target index, and the target original data is provided for the data use user. Thus, the security and confidentiality of the data can be further ensured, and the data leakage is prevented.
In one embodiment, generating desensitized data of the original data to be desensitized from the index of the original data to be desensitized and the encrypted data, comprises:
and splicing the index of the original data to be desensitized with the encrypted data to generate desensitized data of the original data to be desensitized.
In particular, the concatenation may be indexing the preceding encrypted data after, or the preceding encrypted data indexing after.
Taking the example of indexing the preceding encrypted data, for example: the raw data to be desensitized are requests { "custNo": "abc", "acctNo": "123", "mobileNo": "13131313131" }. The data after desensitization are: bestNo: abc; request:, or, data after desensitization thereof are: the bestNo abc-request is not limited thereto. Where, custNo: abc is an index, "/is a value after encryption of the request field.
Of course, the above is merely exemplary, and the present application is not limited to splicing the index and the encrypted data.
The embodiment is particularly suitable for application scenes such as desensitization of production data derivative or production flow, and the like, original data is encrypted to be non-sensitive data, so that the existing safe desensitization process is not required to be passed, or the existing safe desensitization process can be skipped, or the encryption scheme of the application can be used for replacing the desensitization process of the production data derivative process in the prior art, only the safety audit is required, and the time for producing the desensitization derivative is greatly shortened.
For example, in past historical desensitization procedures, a set of mysql database production data was desensitized to the test environment, taking an average of more than 1 week. If the data freshness requirement is high, such as when the version of the system and the data change frequently, the time consumption of 1 week greatly limits the data use efficiency. By using the scheme of the application, another rapid data desensitization mode can be realized, and the freshness and the use efficiency of the data are ensured.
In one embodiment, the encryption process uses an irreversible encryption scheme;
the step S300 specifically includes: and encrypting the original data to be desensitized in an irreversible encryption mode to obtain encrypted data.
Specifically, if the original data to be desensitized includes a plurality of independent fields and a field value of each independent field, each independent field can be reserved, and the field value of the independent field can be encrypted in an irreversible encryption manner to obtain encrypted data. The obtained encrypted data is specifically, for example: field 1: an encrypted field value of 1; field 2: an encrypted field value of 2; .. field n: the encrypted field value n. If the field value also contains a sub-field, the field value is encrypted in whole.
If the original data to be desensitized is non-field data, the whole original data is encrypted, or a small character (such as the first few characters) in the original data is reserved, and other characters are encrypted.
Of course, the foregoing merely illustrates how encryption is performed, and the present application is not limited to encryption rules.
The irreversible encryption algorithm is characterized in that a secret key is not needed in the encryption process, a plaintext is input and then is directly processed into a ciphertext through the encryption algorithm by a system, and the encrypted data cannot be decrypted.
The irreversible encryption method includes, but is not limited to, MD5 (Message-Digest algoritm 5) encryption method, HMAC (Hash-based Message Authentication Code) encryption method, SHA encryption method (i.e., secure Hash Algorithm (Secure Hash Algorithm)), MD5 plus "salt" encryption method, and the like.
The data after desensitization can be prevented from being illegally decrypted and acquired or restored by the irreversible encryption algorithm, and the safety and confidentiality of the data are further ensured.
In one embodiment, the method further comprises:
if the non-sensitive data does not exist in the original data to be desensitized or the non-sensitive data cannot be determined, an index which does not have repeated conflict with the existing index is created for the original data to be desensitized.
Specifically, if there are no non-sensitive fields in the original data or it is not possible to distinguish which data in the original data are non-sensitive data and which data are sensitive data, an index may be created for the original data to be desensitized.
The step of creating the index may include, but is not limited to, randomly shielding characters in the original data, and splicing non-shielded data to obtain the index; or randomly extracting a plurality of not all adjacent character fragments from the original data, and splicing the character fragments to obtain the index. The splicing mode is to splice the obtained data in sequence according to the positions of the data in the original data; or, the obtained data are sequentially connected according to the positions of the original data, and adjacent character fragments are used; "or" - "or", "etc.
In addition, to ensure that the new index created is non-sensitive data, it may be verified whether the new index is sensitive data, and the new index is determined to be available if the new index is non-sensitive data.
According to the embodiment, the original data is deformed or extracted under the condition that the non-sensitive data cannot be determined, so that the non-repeated index is automatically created, and the smooth process of desensitizing the data by using an encryption mode is ensured.
The desensitization link in the prior art is complex, the desensitization time is long, the period is long, the desensitization frequency is limited, the data cannot be desensitized frequently, for example, the desensitization can be carried out only once in a quarter. By using the technical scheme of the application, the data can be rapidly desensitized without being limited by the data type, so that the desensitization frequency can be increased, the data can be more frequently and rapidly desensitized, for example, the original desensitization time in one quarter is shortened to 1 time in each month, the production flow freshness requirement in the daily version test process of an application system can be met, and the quality confidence of a production version is greatly improved.
Referring to fig. 3, the present application also provides an apparatus for desensitizing data, the apparatus comprising:
the data identification module 100 is used for identifying and extracting non-sensitive data in the original data to be desensitized;
the index determining module 200 is configured to obtain an index of the original data to be desensitized according to the extracted non-sensitive data;
the encryption module 300 is used for encrypting the original data to be desensitized to obtain encrypted data;
the desensitization data generation module 400 is configured to generate desensitized data of the original data to be desensitized according to the index of the original data to be desensitized and the encrypted data.
In one embodiment, the index determination module 200 specifically includes:
a first index determining module, configured to, if the extracted non-sensitive data does not have repeated collision with the existing index, take the extracted non-sensitive data as an index of the original data to be desensitized,
the second index determining module is used for deforming the extracted non-sensitive data if repeated conflict exists between the extracted non-sensitive data and the existing index, and taking the deformed data which does not exist repeated conflict with the existing index as the index of the original data to be desensitized;
or,
the index determining module 200 is specifically configured to obtain, according to the extracted non-sensitive data, an index of original data to be desensitized, where the index determining module includes: and taking the part of non-sensitive data which does not have repeated conflict with the existing index in the extracted non-sensitive data as the index of the original data to be desensitized.
In one embodiment, the apparatus further comprises:
the associated storage module is used for storing the index and the original data to be desensitized in an associated manner;
and the searching and matching module is used for searching the original data stored in association with the target index according to the target index in the target application scene after the target desensitization, so as to obtain the target original data before the target desensitization.
In one embodiment, the searching matching module specifically includes:
the permission verification module is used for verifying the data restoration permission of the data use user of the target application scene;
and the searching module is used for searching the original data stored in association with the target index according to the target index in the target desensitized data if the data use user has the data restoration authority.
In one embodiment, the desensitization data generating module 400 is specifically configured to splice the index of the original data to be desensitized with the encrypted data to generate desensitized data of the original data to be desensitized.
In one embodiment, the encryption process uses an irreversible encryption scheme;
the encryption module 300 is specifically configured to encrypt the original data to be desensitized in an irreversible encryption manner, so as to obtain encrypted data.
In one embodiment, the apparatus further comprises:
and the index creation module is used for creating an index which does not have repeated conflict with the existing index for the original data to be desensitized if the original data to be desensitized does not have the non-sensitive data or the non-sensitive data cannot be determined.
FIG. 4 illustrates an internal block diagram of a computer device in one embodiment. The computer device may specifically be a terminal or a server. As shown in fig. 4, the computer device includes a processor, a memory, and a network interface connected by a system bus. The memory includes a nonvolatile storage medium and an internal memory. The non-volatile storage medium of the computer device stores an operating system, and may also store a computer program which, when executed by a processor, causes the processor to implement the steps of the method embodiments described above. The internal memory may also have stored therein a computer program which, when executed by a processor, causes the processor to perform the steps of the method embodiments described above. It will be appreciated by persons skilled in the art that the architecture shown in fig. 4 is merely a block diagram of some of the architecture relevant to the present inventive arrangements and is not limiting as to the computer device to which the present inventive arrangements are applicable, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
In one embodiment, a computer device is provided comprising a memory and a processor, the memory storing a computer program that, when executed by the processor, causes the processor to perform the steps of:
identifying and extracting non-sensitive data in the original data to be desensitized;
obtaining an index of original data to be desensitized according to the extracted non-sensitive data;
encrypting the original data to be desensitized to obtain encrypted data;
and generating desensitized data of the original data to be desensitized according to the index of the original data to be desensitized and the encrypted data.
In one embodiment, a computer readable storage medium is provided, storing a computer program which, when executed by a processor, causes the processor to perform the steps of:
identifying and extracting non-sensitive data in the original data to be desensitized;
obtaining an index of original data to be desensitized according to the extracted non-sensitive data;
encrypting the original data to be desensitized to obtain encrypted data;
and generating desensitized data of the original data to be desensitized according to the index of the original data to be desensitized and the encrypted data.
Those skilled in the art will appreciate that the processes implementing all or part of the methods of the above embodiments may be implemented by a computer program for instructing relevant hardware, and the program may be stored in a non-volatile computer readable storage medium, and the program may include the processes of the embodiments of the methods as above when executed. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.

Claims (10)

1. A method of desensitizing data, the method comprising:
identifying and extracting non-sensitive data in the original data to be desensitized;
obtaining an index of the original data to be desensitized according to the extracted non-sensitive data;
encrypting the original data to be desensitized to obtain encrypted data;
and generating desensitized data of the original data to be desensitized according to the index of the original data to be desensitized and the encrypted data.
2. The method of claim 1, wherein the indexing of the raw data to be desensitized from the extracted non-sensitive data comprises: if the extracted non-sensitive data does not have repeated conflict with the existing index, the extracted non-sensitive data is used as the index of the original data to be desensitized,
if the extracted non-sensitive data and the existing index have repeated conflict, the extracted non-sensitive data is deformed, and the obtained deformed data which does not have repeated conflict with the existing index is used as the index of the original data to be desensitized;
or,
the obtaining the index of the original data to be desensitized according to the extracted non-sensitive data comprises the following steps: and taking the part of non-sensitive data which does not have repeated conflict with the existing index in the extracted non-sensitive data as the index of the original data to be desensitized.
3. The method of claim 2, wherein after obtaining the index, the method further comprises: storing the index in association with the original data to be desensitized;
the method further comprises the steps of: and in a target application scene, searching original data stored in association with the target index according to the target index in the target desensitized data to obtain target original data before the target desensitized data are desensitized.
4. A method according to claim 3, wherein the searching the original data stored in association with the target index according to the target index in the target desensitized data comprises:
verifying the data of the target application scene by using the data restoration authority of the user;
if the data use user has the data restoration authority, searching the original data stored in association with the target index according to the target index in the target desensitized data.
5. The method of claim 1, wherein generating the desensitized data of the original data to be desensitized from the index of the original data to be desensitized and the encrypted data comprises:
and splicing the index of the original data to be desensitized with the encrypted data to generate desensitized data of the original data to be desensitized.
6. The method of claim 1, wherein the encryption process uses an irreversible encryption scheme;
the encrypting processing is carried out on the original data to be desensitized to obtain encrypted data, which comprises the following steps:
and encrypting the original data to be desensitized in an irreversible encryption mode to obtain encrypted data.
7. The method according to claim 1, wherein the method further comprises:
if the original data to be desensitized does not contain non-sensitive data or the non-sensitive data cannot be determined, an index which does not have repeated conflict with the existing index is created for the original data to be desensitized.
8. An apparatus for desensitizing data, said apparatus comprising:
the data identification module is used for identifying and extracting non-sensitive data in the original data to be desensitized;
the index determining module is used for obtaining the index of the original data to be desensitized according to the extracted non-sensitive data;
the encryption module is used for carrying out encryption processing on the original data to be desensitized to obtain encrypted data;
the desensitization data generation module is used for generating desensitized data of the original data to be desensitized according to the index of the original data to be desensitized and the encrypted data.
9. A computer readable storage medium storing a computer program, which when executed by a processor causes the processor to perform the steps of the method according to any one of claims 1 to 7.
10. A computer device comprising a memory and a processor, wherein the memory stores a computer program which, when executed by the processor, causes the processor to perform the steps of the method of any of claims 1 to 7.
CN202311023537.5A 2023-08-14 2023-08-14 Method, device, computer equipment and storage medium for data desensitization Pending CN117077196A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311023537.5A CN117077196A (en) 2023-08-14 2023-08-14 Method, device, computer equipment and storage medium for data desensitization

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311023537.5A CN117077196A (en) 2023-08-14 2023-08-14 Method, device, computer equipment and storage medium for data desensitization

Publications (1)

Publication Number Publication Date
CN117077196A true CN117077196A (en) 2023-11-17

Family

ID=88716435

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311023537.5A Pending CN117077196A (en) 2023-08-14 2023-08-14 Method, device, computer equipment and storage medium for data desensitization

Country Status (1)

Country Link
CN (1) CN117077196A (en)

Similar Documents

Publication Publication Date Title
EP3610606B1 (en) Managing sensitive data elements in a blockchain network
CN110457945B (en) List query method, query party device, service party device and storage medium
CN110750810A (en) Data desensitization method and device, computer equipment and storage medium
US10885516B2 (en) Secure validation using hardware security modules
CN111563365B (en) Method and device for processing modification information of test standard worksheet and computer equipment
US11663595B1 (en) Blockchain transactional identity verification
CN110442654A (en) Promise breaking information query method, device, computer equipment and storage medium
CN114238874A (en) Digital signature verification method and device, computer equipment and storage medium
CN112506481A (en) Service data interaction method and device, computer equipment and storage medium
CN115795538A (en) Desensitization document anti-desensitization method, apparatus, computer device and storage medium
CN117077196A (en) Method, device, computer equipment and storage medium for data desensitization
CN113515726B (en) Method and device for preventing enterprise product authorization file from leaking
CN112788021B (en) Cloud data-based digital city management data sharing system for identity verification method
CN115361198A (en) Decryption method, encryption method, device, computer equipment and storage medium
CN115114657A (en) Data protection method, electronic device and computer storage medium
CN114745173A (en) Login verification method, login verification device, computer equipment, storage medium and program product
CN111143399B (en) Data processing method, device, storage medium and computer equipment
CN114222288A (en) Equipment identifier generation method, equipment identifier verification method and device
US20160092886A1 (en) Methods of authorizing a computer license
Shekar et al. Security Threats and Privacy Issues in Cloud Data
CN116450745B (en) Multi-device-based note file operation method, system and readable storage medium
CN114928551B (en) System configuration method, device and storage medium
CN112667730B (en) External data verification method, system, equipment and storage medium
CN111143395B (en) Identity verification method, device, computer equipment and storage medium
CN117714099A (en) Anticreeper method, anticreeper device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination