CN103778380A - Data desensitization method and device and data anti-desensitization method and device - Google Patents
Data desensitization method and device and data anti-desensitization method and device Download PDFInfo
- Publication number
- CN103778380A CN103778380A CN201310750335.0A CN201310750335A CN103778380A CN 103778380 A CN103778380 A CN 103778380A CN 201310750335 A CN201310750335 A CN 201310750335A CN 103778380 A CN103778380 A CN 103778380A
- Authority
- CN
- China
- Prior art keywords
- data
- desensitization
- mobile terminal
- sensitive information
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a data desensitization method and device which can be executed on a mobile terminal. The data desensitization method comprises the steps that data writing operation conducted on the mobile terminal is detected, desensitization is conducted on data needing to be written into the mobile terminal, the desensitized data are verified, and the desensitized data are written into the mobile terminal if the desensitized data meet predefined desensitization requirements. The invention further provides a data anti-desensitization method and device which can be executed on a mobile terminal.
Description
Technical field
Present invention relates in general to moving communicating field, relate more specifically to the data desensitization method of carrying out on a kind of mobile terminal and the equipment of realizing the method, and the anti-desensitization method of data of carrying out on a kind of mobile terminal and the equipment of realizing the method.
Background technology
In current moving communicating field, mobile terminal is worldwide widely used.The example of mobile terminal includes, but is not limited to: mobile phone, personal digital assistant (PDA), handheld computer, laptop computer, panel computer etc.
Along with popularizing rapidly of mobile terminal, incident safety issue becomes increasingly conspicuous, the safety issue that especially the various data of access are brought on mobile terminal.Application, service and system based on mobile terminal at present, (for example passing through cordless communication network, WIFI, GPRS (GPRS) etc.), storage card or USB interface etc. be while carrying out the read-write operation of data, operated data object can not pass through any processing conventionally, and takes the mode of direct access to read and write (or being only to carry out storing after rough handling).These read-write operations can not carry out special processing to the sensitive information in data conventionally.For example, for a Bank application on mobile terminal, sensitive information can be the personal account information of mobile phone users or impersonal sensitive information that some is important.
The full storage of this data adopts clear-text way to store conventionally.If the safeguard procedures that safe class is higher need to be provided, conventionally need to be undertaken by means such as encryptions.This means can be from avoiding the unauthorized access behavior of unauthorized user to his personal data to a great extent.
But because the processing power of mobile terminal is generally all more limited, thereby this encryption may cause system overhead, causes user to experience decline.In this case, may need to abandon encipherment scheme, and get back to stored in clear mode.Like this, still can face data by the risk of unauthorized access.
Summary of the invention
In order to address the above problem, the present invention proposes a kind of desensitization and anti-desensitization method of facing moving terminal data, specifically the sensitive information in the data of stored in clear (or key message) is carried out to data transformation by the rule that desensitizes, can shield unauthorized user thereby realize sensitive information.
According to a first aspect of the invention, provide the data desensitization method of carrying out on a kind of mobile terminal.The method comprises the following steps: detect the data write operation to mobile terminal; Carry out desensitization operation to writing the data of mobile terminal; Data after desensitization are verified; And if desensitization after the predefined desensitization requirement of data fit, by desensitization after data be written in mobile terminal.
In certain embodiments, the data execution desensitization operation that write mobile terminal is comprised: detect the sensitive information in data; And utilize predefined transformation rule to convert the sensitive information detecting.
In certain embodiments, predefined transformation rule comprises following at least one or more: with the sensitive information in special character replacement data; Sensitive information in data is shifted; And fill special character in sensitive information in data.
In certain embodiments, sensitive information comprises following at least one or more: personally identifiable information; Personal account information; Contact associated information; Production debugging key message; Product operation action message; And communication process data message.
According to a second aspect of the invention, provide the data of carrying out on a kind of mobile terminal anti-desensitization method, the anti-desensitization of data producing for described according to a first aspect of the invention method is desensitized to raw data.The method comprises the following steps: detect the data reading operation to mobile terminal; The data that will read out from mobile terminal are carried out to anti-desensitization operation; Data after anti-desensitization are verified; And if the predefined anti-desensitization requirement of data fit after anti-desensitization, read out the data after anti-desensitization.
In certain embodiments, the data that will read out from mobile terminal are to obtain after utilizing predefined transformation rule to convert the sensitive information raw data, and the anti-desensitization operation of the data execution that will read out from mobile terminal is comprised: utilize described predefined transformation rule to carry out inverse transformation to the data that will read out from mobile terminal, to recover the sensitive information in raw data.
In certain embodiments, predefined transformation rule comprises following at least one or more: with the sensitive information in special character replacement raw data; Sensitive information in raw data is shifted; And fill special character in sensitive information in raw data.
In certain embodiments, sensitive information comprises following at least one or more: personally identifiable information; Personal account information; Contact associated information; Production debugging key message; Product operation action message; And communication process data message.
According to a third aspect of the invention we, provide the data desensitization equipment on a kind of mobile terminal.This data desensitization equipment comprises detecting unit, for detection of the data write operation to mobile terminal; Desensitization operation execution unit, carries out desensitization operation for the data to writing mobile terminal; Authentication unit, for verifying the data after desensitization; And writing unit, requiring for the predefined desensitization of the data fit after desensitization, the data after desensitization are written to mobile terminal.
In certain embodiments, this desensitization operation execution unit also for: detect the sensitive information of data; And utilize predefined transformation rule to convert the sensitive information detecting.
In certain embodiments, predefined transformation rule comprises following at least one or more: with the sensitive information in special character replacement data; Sensitive information in data is shifted; And fill special character in sensitive information in data.
In certain embodiments, sensitive information comprises following at least one or more: personally identifiable information; Personal account information; Contact associated information; Production debugging key message; Product operation action message; And communication process data message.
According to a forth aspect of the invention, provide the data on a kind of mobile terminal the anti-equipment that desensitizes, the anti-desensitization of data producing for described according to a first aspect of the invention method is desensitized to raw data.These data anti-desensitization equipment comprise: detecting unit, for detection of the data reading operation to mobile terminal; Anti-desensitization operation execution unit, carries out anti-desensitization operation for the data to reading out from mobile terminal; Authentication unit, for verifying the data after anti-desensitization; And reading unit, requiring for the predefined anti-desensitization of the data fit after anti-desensitization, read out the data after anti-desensitization.
In certain embodiments, the data that will read out from mobile terminal are to obtain after utilizing predefined transformation rule to convert the sensitive information raw data, and described anti-desensitization operation execution unit also for: utilize described predefined transformation rule to carry out inverse transformation to the data that will read out from mobile terminal, to recover the sensitive information in raw data.
In certain embodiments, predefined transformation rule comprises following at least one or more: with the sensitive information in special character replacement raw data; Sensitive information in raw data is shifted; And fill special character in sensitive information in raw data.
In certain embodiments, sensitive information comprises following at least one or more: personally identifiable information; Personal account information; Contact associated information; Production debugging key message; Product operation action message; And communication process data message.
Use method and apparatus of the present invention, can carry out data-switching and distortion to the sensitive information in original plaintext data by predefined transformation rule, to realize the reliably protecting to responsive private data.Particularly, the present invention can guarantee mobile terminal local security use the True Data collection after desensitization, and realize sensitive information and can shield unauthorized user.Further, because making the information of shielding, the present invention retains its raw data format and attribute, so can guarantee that application program can normally operation in the exploitation of use desensitization data and test process.
Accompanying drawing explanation
By lower and accompanying drawings the preferred embodiments of the present invention, will make above-mentioned and other target of the present invention, feature and advantage clearer, wherein:
Fig. 1 shows according to the block diagram of the example network protocol stack in the mobile terminal 100 of some embodiments of the present invention.
Fig. 2 shows according to the schematic block diagram of the desensitization in the reading and writing data process of some embodiments of the present invention and anti-desensitization flow process 200.
Fig. 3 shows according to the process flow diagram of the data desensitization method 300 of the embodiment of the present invention.
Fig. 4 shows according to the block diagram of the data desensitization equipment 400 of the embodiment of the present invention.
Fig. 5 shows according to the process flow diagram of the anti-desensitization method 500 of the data of the embodiment of the present invention.
Fig. 6 shows according to the block diagram of the anti-equipment 600 that desensitizes of the data of the embodiment of the present invention.
In institute of the present invention drawings attached, same or analogous structure is all with same or analogous designated.
Embodiment
To a preferred embodiment of the present invention will be described in detail, in description process, having omitted is unnecessary details and function for the present invention with reference to the accompanying drawings, obscures to prevent that the understanding of the present invention from causing.Below, the scene that is applied to mobile radio system take the present invention is example, and the present invention be have been described in detail.But the present invention is not limited thereto, the present invention also can be applied to fixed communications, wired communication system, or is applied to any mixed structure of mobile radio system, fixed communications, wired communication system etc.With regard to mobile communication system, the present invention is not limited to the concrete communication protocol of each related mobile communication terminal, can include, but is not limited to 2G, 3G, 4G, 5G network, WCDMA, CDMA2000, TD-SCDMA system etc., different mobile terminals can adopt identical communication protocol, also can adopt different communication protocol.The present invention is not limited to the specific operating system of mobile terminal, can include, but is not limited to iOS, Windows Mobile, Symbian, Android (Android) etc., different mobile terminals can adopt identical operating system, also can adopt different operating system.
First, illustrate according to the block diagram of the example network protocol stack in the mobile terminal 100 of some example embodiments of the present invention with reference to figure 1.As shown in Figure 1, in mobile terminal 100, there is the network protocol stack 110 for the treatment of data message.At open system interconnection (Open System Interconnection, hereafter is OSI) under 7 layers of reference model, this protocol stack 110 also correspondingly comprises 7 protocol layers, that is: Physical layer 111, data link layer 112, network layer 113, transport layer 114, session layer 115, presentation layer 116 and application layer 117.
In the present embodiment, suppose that mobile terminal 100 is based on Android platform exploitation, and Android platform is class linux system, it can be divided into kernel spacing (kernel space) and user's space (user space) conventionally.The operation of the layers such as data link layer 112, network layer 113, transport layer 114, session layer 115 mainly realizes in kernel spacing, user calls the function interface in kernel spacing by system call (system calls), and then process the affairs of these layers, and the operation of presentation layer 116 and application layer 117 is realized by user oneself substantially in user's space, user need to write voluntarily processing function and process the affairs in these two layers.Certainly, in other embodiments, can adopt for other kernel spacing/user's space distribution mode of processing operation, the invention is not restricted to above-mentioned distribution mode.For example, the relevant treatment of session layer 115 can be called voluntarily and realizes by calling the first floor system of Android system at user's space by user.What in the present invention, we mainly paid close attention to is application layer 117.
Application layer 117 is corresponding to the 7th layer of OSI Reference Model.Application layer 117 directly and the local process of application program alternately and common network application service is provided.Application layer 117 is also sent request to presentation layer 116.Application layer 117 is the top of OSI Reference Model, and it is directly for application process provides service.Its effect is in realizing multiple system applies processes and intercoming mutually, completes the required service of a series of business processing.
Main thought of the present invention is, by realize desensitization and the anti-desensitization of the data to facing moving terminal at application layer (example application layer 117 as shown in Figure 1) Working Group on Operioatns's part (, mixing privacy (MP)).For example, MP can design realization by backstage Service mode, can use for example C++ and NDK (Native Development Kit) to develop, and be operated in the application layer of Android system.MP can enable respectively write data desensitizations unit (WMU) and the anti-unit that desensitizes of read data (RRMU) to read data, write the operations such as data and monitor and data-switching.
WMU, take the rule that desensitizes as basis, realizes data desensitization by principles such as such as Alphabetic Shift and special character fillings.For example, WMU can put in order by upsetting original characters after character is moved according to specific mode, then supplement at assigned address with special character, realize the desensitization to legacy data (the legacy data here can be for example clear data).RRMU operates based on anti-desensitization rule.In certain embodiments, desensitization rule and anti-desensitization rule can be same rules, and the unified predefined semantic conversion rule list (GCT) that uses characterizes.Desensitization rule and anti-desensitization rule can be stored in safety digital storage card (SD card) by privacy file (PF), adopt for example des encryption mode to deposit, to guarantee that desensitization rule and anti-desensitization rule be not by unauthorized access.Like this, though third party can unauthorized access desensitization data, but because cannot obtain desensitization rule, so still cannot restoring data, thereby sensitive data is effectively protected.
Fig. 2 shows according to the schematic block diagram of the desensitization in the reading and writing data process of some embodiments of the present invention and anti-desensitization flow process 200.
This flow process 200 comprises that MP starts and WMU/RRMU initialization procedure.As shown in Figure 2, MP startup and WMU/RRMU initialization procedure comprise:
● it is complete that system starts initialization, starts MP;
● MP initialization unit reads PF, by the key of for example DES algorithm and agreement, this file is decrypted to processing, then resolves this file;
● according to desensitization and anti-desensitization rule, in internal memory, form desensitization regulation linked (can be called and mix privacy chained list (MPL)) and anti-desensitization regulation linked (can be called reverse mixing privacy chained list (RMPL));
● MP calling interface is enabled WMU and RRMU, enables desensitization and anti-desensitization monitoring function.
This process 200 also comprises writes data desensitization and the anti-desensitization of read data.
Writing data desensitization can comprise:
● after WMU enables, WIFI, GPRS, storage card, USB peripheral hardware etc. are carried out to data write operation monitoring;
● when monitoring arbitrary data passage and writing action (, write operation), WMU will take over the write operation of these data;
● read after the each node rule (be called and mix privacy node (MPN)) in MPL by sequential system, require (desensitization rule) according to the desensitization defining in MPN, step by step to the processing of desensitizing of the data object in write operation;
● after desensitization is disposed, WMU calls the desensitization verification scheme (being called hybrid verification (MV)) in MP, integrality and the legitimacy of checking desensitization;
● to desensitizing, data after treatment complete subsequent write operation.
For example, desensitization rule can be made up of three parts: responsive key word, key word type (Chinese, English or special character), take action (desensitization or do not desensitize).In this case, an example of desensitization verification scheme can comprise: take data bit as unit, the content before desensitization is calculated in advance, to obtain the length VL (also can be described as checking length) of the content before desensitization, for integrality and the legitimacy of checking desensitization; When this content being desensitized after operation, the content after desensitization is carried out to length computation and obtain another length VL '; Then VL and VL ' are compared.If length is inconsistent, show to have occurred mistake at this moment needing to re-start desensitization operation in desensitization.If length is consistent, show that desensitization operation is correct, can proceed follow-up write operation.
The anti-desensitization of read data comprises:
● after RRMU enables, WIFI, GPRS, storage card, USB peripheral hardware etc. are carried out to data reading operation monitoring;
● monitor any channel data and read action when (, read operation), RRMU will take over the read operation of these data;
● read after each node rule in RMPL (being called reverse mixing privacy node (RMPN)) by sequential system, require (anti-desensitization rule) according to the anti-desensitization defining in RMPN, step by step the data object in read operation is carried out to anti-desensitization and process;
● after anti-desensitization is disposed, RRMU calls the anti-desensitization verification scheme (being called reverse hybrid verification (RMV)) in MP, verifies integrality and the legitimacy of anti-desensitization;
● anti-desensitization data after treatment are completed to subsequent read operation.
For example, the anti-rule that desensitizes can be made up of three parts: the anti-key word that desensitizes, key word type (Chinese, English or special character).In this case, an example of anti-desensitization verification scheme can comprise: the predictive encoding table by polling character (can be English, Chinese or special character) (for example, UTF-8 coding schedule) determine in coding schedule, whether comprise with anti-desensitization after the content that matches of content, to judge whether the content after anti-desensitization is legal character-coded.If so, show that anti-desensitization operation is correct, can proceed follow-up read operation.If without any matching content, show that the information that anti-desensitization produces exists abnormal in coding schedule.Now, follow-up read operation cannot continue.
According to some embodiments of the present invention, MP, WMU and RRMU can be integrated into SDK (Software Development Kit, SDK (Software Development Kit)), and offer service end or third party in the mode of SDK.Like this, can be by desensitization processing, anti-desensitization processing, checking treatment etc. by API (Application Program Interface, application programming interfaces) mode opens to the outside world, desensitization and anti-desensitization rule is integrated in SDK by cipher mode simultaneously.Profit in this way, receive desensitization data or be ready for sending the service end of data or third party can complete smoothly the anti-desensitization of desensitization data is processed and to the raw data processing of desensitizing, thereby realize data desensitization/anti-desensitization mechanism complete between terminal and service end or third party;
Fig. 3 shows according to the process flow diagram of the data desensitization method 300 of the embodiment of the present invention.As shown in Figure 3, data desensitization method 300 can comprise step S310, S320, S330 and S340, and wherein, execution can be carried out separately or combine to part steps, and can executed in parallel or order carry out, be not limited to the concrete operations order shown in Fig. 3.In certain embodiments, data desensitization method 300 can be carried out by data desensitization equipment 400 as shown in Figure 4.In certain embodiments, data desensitization method 300 can be carried out at mobile terminal 100 places shown in Fig. 1.
Fig. 4 shows according to the block diagram of the data desensitization equipment 400 of the embodiment of the present invention.As shown in Figure 4, data desensitization equipment 400 can comprise: detecting unit 410, desensitization operation execution unit 420, authentication unit 430 and writing unit 440.In certain embodiments, data desensitization equipment 400 can be realized at mobile terminal 100 places shown in Fig. 1.
Detecting unit 410 is for detection of the data write operation to mobile terminal.The data write operation here can be by the operation of mode from mobile terminal outside to mobile terminal data writing such as wireline communication network, cordless communication network, storage card or USB peripheral hardwares.In certain embodiments, detecting unit 410 can be CPU (central processing unit) (CPU), digital signal processor (DSP), microprocessor, microcontroller of data desensitizations equipment 400 etc., it can match with the desensitize communication interface of the transceiver of equipment 400 or USB interface and so on of data, to detect the data write operation to mobile terminal.
Desensitization operation execution unit 420 is carried out desensitization operation for the data to writing mobile terminal.In certain embodiments, desensitization operation execution unit 420 can also be for detection of the sensitive information in data; And utilize predefined transformation rule to convert the sensitive information detecting.For example, predefined transformation rule comprises following at least one or more: with the sensitive information in special character replacement data; Sensitive information in data is shifted; And fill special character in sensitive information in data.In addition, sensitive information can comprise for example following at least one or more: personally identifiable information; Personal account information; Contact associated information; Production debugging key message; Product operation action message; And communication process data message etc.In certain embodiments, desensitization operation execution unit 420 can be CPU (central processing unit) (CPU), digital signal processor (DSP), microprocessor, microcontroller of data desensitizations equipment 400 etc., its can with data desensitize equipment 400 storer (for example, hard disk, floppy disk, CD, RAM, flash memory etc.) match, carry out desensitization operation with the data to writing mobile terminal.
It should be noted that the two or more different units in this data desensitization equipment 400 can logically or physically combine.For example, detecting unit 410 and desensitization operation execution unit 420 can be combined into a unit, and unification is enabled WRU by MP and realized.
Below with reference to Fig. 3 and Fig. 4, to being described in detail according to the data desensitization method 300 of the embodiment of the present invention and data desensitization equipment 400.
At step S310, can detect the data write operation to mobile terminal by the desensitize detecting unit 410 of equipment 400 of data.The data write operation here can be by the operation of mode from mobile terminal outside to mobile terminal data writing such as wireline communication network, cordless communication network, storage card or USB peripheral hardwares.
At step S320, can carry out desensitization operation to the data that will write mobile terminal by the desensitize desensitization operation execution unit 420 of equipment 400 of data.
At step S330, can by data desensitize equipment 400 authentication unit 430 to desensitization after data verify.
At step S340, can the data after desensitization be written in mobile terminal requiring by the data writing unit 440 of the equipment 400 predefined desensitization of data fit after desensitization of desensitizing.
In certain embodiments, step S320 can comprise: detect the sensitive information in data; And utilize predefined transformation rule to convert the sensitive information detecting.
In certain embodiments, predefined transformation rule comprises following at least one or more: with the sensitive information in special character replacement data; Sensitive information in data is shifted; And fill special character in sensitive information in data.
In certain embodiments, sensitive information comprises following at least one or more: personally identifiable information; Personal account information; Contact associated information; Production debugging key message; Product operation action message; And communication process data message.
Fig. 5 shows according to the process flow diagram of the anti-desensitization method 500 of the data of the embodiment of the present invention.The anti-desensitization method 500 of these data can for to according to the method 300 described in Fig. 3 to raw data anti-desensitization of data producing of desensitizing.As shown in Figure 5, the anti-desensitization method 500 of data can comprise step S510, S520, S530 and S540, and wherein, execution can be carried out separately or combine to part steps, and can executed in parallel or order carry out, be not limited to the concrete operations order shown in Fig. 5.In certain embodiments, the anti-desensitization method 500 of data can be carried out by the anti-equipment 600 that desensitizes of data as shown in Figure 6.In certain embodiments, the anti-desensitization method 500 of data can be carried out at mobile terminal 100 places shown in Fig. 1.
Fig. 6 shows according to the block diagram of the anti-equipment 600 that desensitizes of the data of the embodiment of the present invention.Data are counter desensitize equipment 600 can for to according to the method 300 described in Fig. 3 to raw data anti-desensitization of data producing of desensitizing.As shown in Figure 6, the anti-equipment 600 that desensitizes of data can comprise: detecting unit 610, the anti-operation execution unit 620 that desensitizes, authentication unit 630 and reading unit 640.In certain embodiments, the anti-equipment 600 that desensitizes of data can be realized at mobile terminal 100 places shown in Fig. 1.
Detecting unit 610 is for detection of the data reading operation to mobile terminal.The data reading operation here can be the operation that reads out data by modes such as wireline communication network, cordless communication network, storage card or USB peripheral hardwares from mobile terminal to mobile device outside.In certain embodiments, detecting unit 610 can be CPU (central processing unit) (CPU), digital signal processor (DSP), microprocessor, microcontroller of the anti-equipment 600 that desensitizes of data etc., it can match with the communication interface of the transceiver of the anti-equipment 600 that desensitizes of data or USB interface and so on, to detect the data reading operation to mobile terminal.
Anti-desensitization operation execution unit 620 is carried out anti-desensitization operation for the data to reading out from mobile terminal.In certain embodiments, the data that will read out from mobile terminal are to obtain after utilizing predefined transformation rule to convert the sensitive information raw data, and the anti-operation execution unit 620 that desensitizes can also be used for: utilize described predefined transformation rule to carry out inverse transformation to the data that will read out from mobile terminal, to recover the sensitive information in raw data.For example, predefined transformation rule comprises following at least one or more: with the sensitive information in special character replacement data; Sensitive information in data is shifted; And fill special character in sensitive information in data.In addition, sensitive information can comprise for example following at least one or more: personally identifiable information; Personal account information; Contact associated information; Production debugging key message; Product operation action message; And communication process data message.In certain embodiments, CPU (central processing unit) (CPU) that anti-desensitization operation execution unit 620 can be the anti-equipment 600 that desensitizes of data, digital signal processor (DSP), microprocessor, microcontroller etc., its can with the storer of the anti-equipment 600 that desensitizes of data (for example, hard disk, floppy disk, CD, RAM, flash memory etc.) match, carry out anti-desensitization operation with the data to reading out from mobile terminal.
Reading unit 640 reads out the data after anti-desensitization requiring for the predefined anti-desensitization of the data fit after anti-desensitization.For example, predefined anti-desensitization requirement can be that the content after anti-desensitization is legal character-coded.In certain embodiments, reading unit 640 can be CPU (central processing unit) (CPU), digital signal processor (DSP), microprocessor, microcontroller of the anti-equipment 600 that desensitizes of data etc., its can with the storer of the anti-equipment 600 that desensitizes of data (for example, hard disk, floppy disk, CD, RAM, flash memory etc.) match, requiring with the predefined anti-desensitization of the data fit after anti-desensitization, read out the data after anti-desensitization.
It should be noted that the anti-two or more different units that desensitize in equipment 600 of these data can logically or physically combine.For example, detecting unit 610 and anti-desensitization operation execution unit 620 can be combined into a unit, and unification is enabled RRMU by MP and realized.
Below with reference to Fig. 5 and Fig. 6, to being described in detail according to the anti-desensitization method 500 of the data of the embodiment of the present invention and the anti-equipment 600 that desensitizes of data.
At step S510, can detect the data reading operation to mobile terminal by the detecting unit 610 of the anti-equipment 600 that desensitizes of data.The data reading operation here can be the operation that reads out data by modes such as wireline communication network, cordless communication network, storage card or USB peripheral hardwares from mobile terminal to mobile device outside.
At step S520, can carry out anti-desensitization operation to the data that will read out from mobile terminal by the anti-desensitization operation execution unit 620 of the anti-equipment 600 that desensitizes of data.
At step S530, can the data after to anti-desensitization be verified by the authentication unit 630 of the anti-equipment 600 that desensitizes of data.
At step S540, can the predefined anti-desensitization of data fit after anti-desensitization read out the data after anti-desensitization requiring by the reading unit 640 of the anti-equipment 600 that desensitizes of data.
In certain embodiments, the data that will read out from mobile terminal are to obtain after utilizing predefined transformation rule to convert the sensitive information raw data, and step S520 can comprise: utilize described predefined transformation rule to carry out inverse transformation to the data that will read out from mobile terminal, to recover the sensitive information in raw data.
In certain embodiments, predefined transformation rule comprises following at least one or more: with the sensitive information in special character replacement raw data; Sensitive information in raw data is shifted; And fill special character in sensitive information in raw data.
In certain embodiments, sensitive information comprises following at least one or more: personally identifiable information; Personal account information; Contact associated information; Production debugging key message; Product operation action message; And communication process data message.
The present invention can carry out data-switching and distortion to the sensitive information in original plaintext data by predefined transformation rule, to realize the reliably protecting to responsive private data.Particularly, the present invention can guarantee mobile terminal local security use the True Data collection after desensitization, and realize sensitive information and can shield unauthorized user.Further, because making the information of shielding, the present invention retains its raw data format and attribute, so can guarantee that application program can normally operation in the exploitation of use desensitization data and test process.
So far invention has been described in conjunction with the preferred embodiments.Should be appreciated that, those skilled in the art without departing from the spirit and scope of the present invention, can carry out various other change, replacement and interpolations.Therefore, scope of the present invention is not limited to above-mentioned specific embodiment, and should be limited by claims.
Claims (16)
1. a data desensitization method of carrying out on mobile terminal, comprises the following steps:
Detect the data write operation to mobile terminal;
Carry out desensitization operation to writing the data of mobile terminal;
Data after desensitization are verified; And
If the predefined desensitization requirement of data fit after desensitization, is written to the data after desensitization in mobile terminal.
2. method according to claim 1, wherein, comprises the data execution desensitization operation that will write mobile terminal:
Detect the sensitive information in data; And
Utilize predefined transformation rule to convert the sensitive information detecting.
3. method according to claim 2, wherein, described predefined transformation rule comprises following at least one or more:
With the sensitive information in special character replacement data;
Sensitive information in data is shifted; And
In sensitive information in data, fill special character.
4. according to the method in claim 2 or 3, wherein, described sensitive information comprises following at least one or more:
Personally identifiable information;
Personal account information; And
Contact associated information.
5. the anti-desensitization method of data of carrying out on mobile terminal, the anti-desensitization of data producing for method according to claim 1 is desensitized to raw data, comprises the following steps:
Detect the data reading operation to mobile terminal;
The data that will read out from mobile terminal are carried out to anti-desensitization operation;
Data after anti-desensitization are verified; And
If the predefined anti-desensitization requirement of data fit after anti-desensitization, reads out the data after anti-desensitization.
6. method according to claim 5, wherein, the data that will read out from mobile terminal are to obtain after utilizing predefined transformation rule to convert the sensitive information raw data, and the anti-desensitization operation of the data execution that will read out from mobile terminal is comprised:
Utilize described predefined transformation rule to carry out inverse transformation to the data that will read out from mobile terminal, to recover the sensitive information in raw data.
7. method according to claim 6, wherein, described predefined transformation rule comprises following at least one or more:
With the sensitive information in special character replacement raw data;
Sensitive information in raw data is shifted; And
In sensitive information in raw data, fill special character.
8. according to the method described in claim 6 or 7, wherein, described sensitive information comprises following at least one or more:
Personally identifiable information;
Personal account information; And
Contact associated information.
9. the desensitization of the data on a mobile terminal equipment, comprising:
Detecting unit, for detection of the data write operation to mobile terminal;
Desensitization operation execution unit, carries out desensitization operation for the data to writing mobile terminal;
Authentication unit, for verifying the data after desensitization; And
Writing unit, by data desensitization after is written to mobile terminal requiring for the predefined desensitization of the data fit after desensitization.
10. data according to claim 9 desensitization equipment, wherein, described desensitization operation execution unit also for:
Detect the sensitive information in data; And
Utilize predefined transformation rule to convert the sensitive information detecting.
11. data desensitization equipment according to claim 10, wherein, described predefined transformation rule comprises following at least one or more:
With the sensitive information in special character replacement data;
Sensitive information in data is shifted; And
In sensitive information in data, fill special character.
12. according to the data desensitization equipment described in claim 10 or 11, and wherein, described sensitive information comprises following at least one or more:
Personally identifiable information;
Personal account information; And
Contact associated information.
The anti-equipment that desensitizes of data on 13. 1 kinds of mobile terminals, the anti-desensitization of data producing for method according to claim 1 is desensitized to raw data, comprising:
Detecting unit, for detection of the data reading operation to mobile terminal;
Anti-desensitization operation execution unit, carries out anti-desensitization operation for the data to reading out from mobile terminal;
Authentication unit, for verifying the data after anti-desensitization; And
Reading unit, reads out data anti-desensitization after requiring for the predefined anti-desensitization of the data fit after anti-desensitization.
The anti-equipment that desensitizes of 14. data according to claim 13, wherein, the data that will read out from mobile terminal are to obtain after utilizing predefined transformation rule to convert the sensitive information raw data, and described anti-desensitization operation execution unit also for:
Utilize described predefined transformation rule to carry out inverse transformation to the data that will read out from mobile terminal, to recover the sensitive information in raw data.
The anti-equipment that desensitizes of 15. data according to claim 14, wherein, described predefined transformation rule comprises following at least one or more:
With the sensitive information in special character replacement raw data;
Sensitive information in raw data is shifted; And
In sensitive information in raw data, fill special character.
16. according to the anti-equipment that desensitizes of the data described in claims 14 or 15, and wherein, described sensitive information comprises following at least one or more:
Personally identifiable information;
Personal account information; And
Contact associated information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310750335.0A CN103778380A (en) | 2013-12-31 | 2013-12-31 | Data desensitization method and device and data anti-desensitization method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310750335.0A CN103778380A (en) | 2013-12-31 | 2013-12-31 | Data desensitization method and device and data anti-desensitization method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103778380A true CN103778380A (en) | 2014-05-07 |
Family
ID=50570601
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310750335.0A Pending CN103778380A (en) | 2013-12-31 | 2013-12-31 | Data desensitization method and device and data anti-desensitization method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103778380A (en) |
Cited By (31)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104219304A (en) * | 2014-09-01 | 2014-12-17 | 北京优特捷信息技术有限公司 | Device and method for protecting privacy information of users |
| CN104301118A (en) * | 2014-10-23 | 2015-01-21 | 成都双奥阳科技有限公司 | Protection device used for bank hardware code |
| CN105426445A (en) * | 2015-11-06 | 2016-03-23 | 天津佳宁坤祥科技有限公司 | Format-preserving data desensitization method |
| CN105468990A (en) * | 2014-09-04 | 2016-04-06 | 中国移动通信集团安徽有限公司 | Sensitive information management control method and apparatus |
| CN105512020A (en) * | 2014-09-24 | 2016-04-20 | 阿里巴巴集团控股有限公司 | Method and device for test |
| CN105610818A (en) * | 2015-12-25 | 2016-05-25 | 亿阳安全技术有限公司 | Fuzzification device and method of sensitive data |
| CN105809042A (en) * | 2014-12-31 | 2016-07-27 | 中兴通讯股份有限公司 | Information protection method and device, information display method and device, and terminal |
| CN106203145A (en) * | 2016-08-04 | 2016-12-07 | 北京网智天元科技股份有限公司 | Data desensitization method and relevant device |
| CN106203170A (en) * | 2016-07-19 | 2016-12-07 | 北京同余科技有限公司 | The Database Dynamic desensitization method of servicing of based role and system |
| CN106295388A (en) * | 2015-06-04 | 2017-01-04 | 中国移动通信集团山东有限公司 | A kind of data desensitization method and device |
| CN106295400A (en) * | 2016-08-04 | 2017-01-04 | 北京网智天元科技股份有限公司 | Masking type data desensitization method and relevant device |
| CN106407843A (en) * | 2016-10-17 | 2017-02-15 | 深圳中兴网信科技有限公司 | Data desensitization method and data desensitization device |
| WO2017024957A1 (en) * | 2015-08-10 | 2017-02-16 | 阿里巴巴集团控股有限公司 | Method and device for data processing |
| CN106778288A (en) * | 2015-11-24 | 2017-05-31 | 阿里巴巴集团控股有限公司 | A kind of method and system of data desensitization |
| CN107480549A (en) * | 2017-06-28 | 2017-12-15 | 银江股份有限公司 | A kind of shared sensitive information desensitization method of data-oriented and system |
| CN107515939A (en) * | 2017-08-30 | 2017-12-26 | 安徽天达网络科技有限公司 | A kind of message breakpoint divides deposit system |
| CN107609418A (en) * | 2017-08-31 | 2018-01-19 | 深圳市牛鼎丰科技有限公司 | Desensitization method, device, storage device and the computer equipment of text data |
| CN107766365A (en) * | 2016-08-18 | 2018-03-06 | 北京京东尚科信息技术有限公司 | webpage generating method and device |
| CN108009435A (en) * | 2017-12-18 | 2018-05-08 | 网智天元科技集团股份有限公司 | Data desensitization method, device and storage medium |
| CN108073821A (en) * | 2016-11-09 | 2018-05-25 | 中国移动通信有限公司研究院 | Data safety processing method and device |
| CN108154047A (en) * | 2017-12-25 | 2018-06-12 | 网智天元科技集团股份有限公司 | A kind of data desensitization method and device |
| WO2019071967A1 (en) * | 2017-10-13 | 2019-04-18 | 平安科技(深圳)有限公司 | Method and program for masking sensitive information, application server, and computer readable storage medium |
| CN109960938A (en) * | 2017-12-22 | 2019-07-02 | 北京三快在线科技有限公司 | Processing method, device, medium and the electronic equipment of sensitive information |
| CN110610072A (en) * | 2019-09-06 | 2019-12-24 | 武汉达梦数据库有限公司 | Data authentication method and device |
| CN112434095A (en) * | 2020-11-24 | 2021-03-02 | 医渡云(北京)技术有限公司 | Data acquisition system, method, electronic device and computer readable medium |
| CN112528331A (en) * | 2020-12-15 | 2021-03-19 | 杭州默安科技有限公司 | Privacy disclosure risk detection method, device and system |
| CN113420328A (en) * | 2021-06-23 | 2021-09-21 | 鹤壁国立光电科技股份有限公司 | Big data batch sharing exchange system |
| CN113794735A (en) * | 2021-09-29 | 2021-12-14 | 北京雅丁信息技术有限公司 | Sensitive data security protection method under SAAS system scene |
| CN113987591A (en) * | 2021-12-28 | 2022-01-28 | 北京安华金和科技有限公司 | Data desensitization processing method and system based on tree structure |
| CN115880826A (en) * | 2023-02-22 | 2023-03-31 | 肯特智能技术(深圳)股份有限公司 | Park access method and system based on access data |
| CN116756777A (en) * | 2023-08-14 | 2023-09-15 | 上海观安信息技术股份有限公司 | Data desensitizing method and device, computer equipment and readable storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101268470A (en) * | 2006-01-10 | 2008-09-17 | 富士通株式会社 | Portable terminal device, address book transmitter, information displaying method in portable terminal device, address book transmitting method, and computer program |
| CN103106372A (en) * | 2013-01-17 | 2013-05-15 | 上海交通大学 | Lightweight class privacy data encryption method and system for Android system |
| WO2013101723A1 (en) * | 2011-12-27 | 2013-07-04 | Wellpoint, Inc. | Method and system for data pattern matching, masking and removal of sensitive data |
| CN103345606A (en) * | 2013-05-31 | 2013-10-09 | 东莞宇龙通信科技有限公司 | Method and device for protecting mobile terminal address list contact person information |
-
2013
- 2013-12-31 CN CN201310750335.0A patent/CN103778380A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101268470A (en) * | 2006-01-10 | 2008-09-17 | 富士通株式会社 | Portable terminal device, address book transmitter, information displaying method in portable terminal device, address book transmitting method, and computer program |
| WO2013101723A1 (en) * | 2011-12-27 | 2013-07-04 | Wellpoint, Inc. | Method and system for data pattern matching, masking and removal of sensitive data |
| CN103106372A (en) * | 2013-01-17 | 2013-05-15 | 上海交通大学 | Lightweight class privacy data encryption method and system for Android system |
| CN103345606A (en) * | 2013-05-31 | 2013-10-09 | 东莞宇龙通信科技有限公司 | Method and device for protecting mobile terminal address list contact person information |
Cited By (38)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104219304A (en) * | 2014-09-01 | 2014-12-17 | 北京优特捷信息技术有限公司 | Device and method for protecting privacy information of users |
| CN105468990A (en) * | 2014-09-04 | 2016-04-06 | 中国移动通信集团安徽有限公司 | Sensitive information management control method and apparatus |
| CN105512020A (en) * | 2014-09-24 | 2016-04-20 | 阿里巴巴集团控股有限公司 | Method and device for test |
| CN104301118A (en) * | 2014-10-23 | 2015-01-21 | 成都双奥阳科技有限公司 | Protection device used for bank hardware code |
| CN105809042A (en) * | 2014-12-31 | 2016-07-27 | 中兴通讯股份有限公司 | Information protection method and device, information display method and device, and terminal |
| CN106295388A (en) * | 2015-06-04 | 2017-01-04 | 中国移动通信集团山东有限公司 | A kind of data desensitization method and device |
| CN106295388B (en) * | 2015-06-04 | 2019-09-10 | 中国移动通信集团山东有限公司 | A kind of data desensitization method and device |
| WO2017024957A1 (en) * | 2015-08-10 | 2017-02-16 | 阿里巴巴集团控股有限公司 | Method and device for data processing |
| CN105426445A (en) * | 2015-11-06 | 2016-03-23 | 天津佳宁坤祥科技有限公司 | Format-preserving data desensitization method |
| CN106778288A (en) * | 2015-11-24 | 2017-05-31 | 阿里巴巴集团控股有限公司 | A kind of method and system of data desensitization |
| WO2017088683A1 (en) * | 2015-11-24 | 2017-06-01 | 阿里巴巴集团控股有限公司 | Data desensitization method and system |
| CN106778288B (en) * | 2015-11-24 | 2019-08-09 | 阿里巴巴集团控股有限公司 | A kind of method and system of data desensitization |
| CN105610818A (en) * | 2015-12-25 | 2016-05-25 | 亿阳安全技术有限公司 | Fuzzification device and method of sensitive data |
| CN106203170A (en) * | 2016-07-19 | 2016-12-07 | 北京同余科技有限公司 | The Database Dynamic desensitization method of servicing of based role and system |
| CN106203145A (en) * | 2016-08-04 | 2016-12-07 | 北京网智天元科技股份有限公司 | Data desensitization method and relevant device |
| CN106295400A (en) * | 2016-08-04 | 2017-01-04 | 北京网智天元科技股份有限公司 | Masking type data desensitization method and relevant device |
| CN107766365A (en) * | 2016-08-18 | 2018-03-06 | 北京京东尚科信息技术有限公司 | webpage generating method and device |
| CN106407843A (en) * | 2016-10-17 | 2017-02-15 | 深圳中兴网信科技有限公司 | Data desensitization method and data desensitization device |
| CN108073821A (en) * | 2016-11-09 | 2018-05-25 | 中国移动通信有限公司研究院 | Data safety processing method and device |
| CN107480549B (en) * | 2017-06-28 | 2019-08-02 | 银江股份有限公司 | A kind of sensitive information desensitization method and system that data-oriented is shared |
| CN107480549A (en) * | 2017-06-28 | 2017-12-15 | 银江股份有限公司 | A kind of shared sensitive information desensitization method of data-oriented and system |
| CN107515939A (en) * | 2017-08-30 | 2017-12-26 | 安徽天达网络科技有限公司 | A kind of message breakpoint divides deposit system |
| CN107609418B (en) * | 2017-08-31 | 2019-12-10 | 深圳市牛鼎丰科技有限公司 | Desensitization method and device of text data, storage device and computer device |
| CN107609418A (en) * | 2017-08-31 | 2018-01-19 | 深圳市牛鼎丰科技有限公司 | Desensitization method, device, storage device and the computer equipment of text data |
| WO2019071967A1 (en) * | 2017-10-13 | 2019-04-18 | 平安科技(深圳)有限公司 | Method and program for masking sensitive information, application server, and computer readable storage medium |
| CN108009435A (en) * | 2017-12-18 | 2018-05-08 | 网智天元科技集团股份有限公司 | Data desensitization method, device and storage medium |
| CN109960938A (en) * | 2017-12-22 | 2019-07-02 | 北京三快在线科技有限公司 | Processing method, device, medium and the electronic equipment of sensitive information |
| CN108154047A (en) * | 2017-12-25 | 2018-06-12 | 网智天元科技集团股份有限公司 | A kind of data desensitization method and device |
| CN110610072A (en) * | 2019-09-06 | 2019-12-24 | 武汉达梦数据库有限公司 | Data authentication method and device |
| CN112434095A (en) * | 2020-11-24 | 2021-03-02 | 医渡云(北京)技术有限公司 | Data acquisition system, method, electronic device and computer readable medium |
| CN112528331A (en) * | 2020-12-15 | 2021-03-19 | 杭州默安科技有限公司 | Privacy disclosure risk detection method, device and system |
| CN113420328A (en) * | 2021-06-23 | 2021-09-21 | 鹤壁国立光电科技股份有限公司 | Big data batch sharing exchange system |
| CN113420328B (en) * | 2021-06-23 | 2023-04-28 | 鹤壁国立光电科技股份有限公司 | Big data batch sharing exchange system |
| CN113794735A (en) * | 2021-09-29 | 2021-12-14 | 北京雅丁信息技术有限公司 | Sensitive data security protection method under SAAS system scene |
| CN113987591A (en) * | 2021-12-28 | 2022-01-28 | 北京安华金和科技有限公司 | Data desensitization processing method and system based on tree structure |
| CN115880826A (en) * | 2023-02-22 | 2023-03-31 | 肯特智能技术(深圳)股份有限公司 | Park access method and system based on access data |
| CN116756777A (en) * | 2023-08-14 | 2023-09-15 | 上海观安信息技术股份有限公司 | Data desensitizing method and device, computer equipment and readable storage medium |
| CN116756777B (en) * | 2023-08-14 | 2023-11-03 | 上海观安信息技术股份有限公司 | Data desensitizing method and device, computer equipment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103778380A (en) | Data desensitization method and device and data anti-desensitization method and device | |
| CN101340281B (en) | Method and system for safe login input on network | |
| CN104182662B (en) | Hiding and deployment method, system and the mobile terminal of hide application program | |
| JP6239788B2 (en) | Fingerprint authentication method, apparatus, intelligent terminal, and computer storage medium | |
| CN108769027B (en) | Secure communication method, device, mobile terminal and storage medium | |
| AU2022204797B2 (en) | Raw sensor input encryption for passcode entry security | |
| CN110515678B (en) | Information processing method, equipment and computer storage medium | |
| CN112287372B (en) | Method and apparatus for protecting clipboard privacy | |
| CN107004080A (en) | Environment sensing security token | |
| CN101529366A (en) | Identification and visualization of trusted user interface objects | |
| CN104239804A (en) | Data protecting method and device | |
| CN102799803A (en) | Secure removable media and method for managing the same | |
| CN103984904A (en) | Method and device for preventing screen locking code of mobile terminal from being cracked | |
| CN104346550A (en) | Information processing method and electronic equipment | |
| CN103532960A (en) | Text encryption interaction method, encryption method and device, decryption method and device | |
| CN103379483A (en) | Method, device and mobile terminal for mobile terminal information security management | |
| CN102831335A (en) | Safety protecting method and safety protecting system of Windows operating system | |
| CN101383833B (en) | Apparatus and method for enhancing PIN code input security of intelligent cipher key apparatus | |
| CN103930894A (en) | Storage device reader having security function and security method using same | |
| CN101820593A (en) | Intelligent SIM card and method for realizing transmission and processing of data short message through same | |
| CN112636914B (en) | Identity verification method, identity verification device and smart card | |
| CN102646107A (en) | Digital key with functions of security and webpage guidance | |
| CN110990848A (en) | Sensitive word encryption method and device based on hive data warehouse and storage medium | |
| CN108171085A (en) | A kind of guard method, terminal device and computer-readable medium for solving confidential information | |
| CN101227682A (en) | Method and apparatus for protecting data safety in terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140507 |
|
| WD01 | Invention patent application deemed withdrawn after publication |