CN107403108A - A kind of method and system of data processing - Google Patents

A kind of method and system of data processing Download PDF

Info

Publication number
CN107403108A
CN107403108A CN201710666590.5A CN201710666590A CN107403108A CN 107403108 A CN107403108 A CN 107403108A CN 201710666590 A CN201710666590 A CN 201710666590A CN 107403108 A CN107403108 A CN 107403108A
Authority
CN
China
Prior art keywords
data
rdp
text data
desensitization
text
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710666590.5A
Other languages
Chinese (zh)
Inventor
李森
刘帆
刘炳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Upper Marine Infotech Share Co Ltd Of Interrogating
Original Assignee
Upper Marine Infotech Share Co Ltd Of Interrogating
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Upper Marine Infotech Share Co Ltd Of Interrogating filed Critical Upper Marine Infotech Share Co Ltd Of Interrogating
Priority to CN201710666590.5A priority Critical patent/CN107403108A/en
Publication of CN107403108A publication Critical patent/CN107403108A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computer And Data Communications (AREA)

Abstract

The purpose of the application is to provide a kind of method and system of data processing, the application is by introducing RDP agreements, using RDP agreements as proxy service device, the operation data carried out by RDP agreements from user equipment end acquisition user to the user equipment is simultaneously transmitted to the network equipment;The RDP data that the network equipment is returned based on the operation data are received, and parsing identification is carried out to the RDP data, obtain text data corresponding with the RDP data;Judge whether the text data belongs to default sensitive data, if, corresponding desensitization operation is then carried out to the text data, obtain the data that desensitize corresponding with the text data, the desensitization to RDP data by RDP protocol realizations, the security control of data transfer is not only solved, user is also facilitated and carries out the operation management of equipment, and then improves the efficiency of management in data desensitization management.

Description

A kind of method and system of data processing
Technical field
The application is related to field of computer technology, more particularly to a kind of method and system of data processing.
Background technology
In the prior art, can be to RDP by RDP (Remote Desktop Protocol, RDP) technology Operation/maintenance data is recorded and analyzed, and passes through OCR (Optical Character Recognition, optical character identification) The title of client or the full content at interface are scanned and recorded etc. mode.By the technology of desensitizing to database or File imports, the management of export or the machine to sensitive data in application program, to ensure the security of data.
In current existing operation management system, title or full screen data are parsed after only supporting RDP O&Ms.Due to making Following both sides weak point while O&M and audit work afterwards can be realized in this way be present:On the one hand, endanger Danger operation, can only find afterwards, it is impossible to terminate in real time;On the other hand, sensitive data is shown in the client, can use The mode such as take pictures preserves.Based on above-mentioned weak point, data are caused safety issue and the efficiency of management in transmitting procedure to be present The problem of low.
The content of the invention
The purpose of the application is to provide a kind of method and system of data processing, solves the number in data desensitization management The problem of according to safety issue and the low efficiency of management.
According to the one side of the application, there is provided a kind of method of data processing, wherein, methods described includes:
The operation data that is carried out to the user equipment of user is obtained from user equipment end by RDP agreements and is transmitted to net Network equipment;
The RDP data that the network equipment is returned based on the operation data are received, and the RDP data are parsed Identification, obtains text data corresponding with the RDP data;
Judge whether the text data belongs to default sensitive data,
If so, then carrying out corresponding desensitization operation to the text data, desensitization corresponding with the text data is obtained Data.
Further, in the above method, parsing identification is carried out to the RDP data, obtained corresponding with the RDP data Text data, including:
The RDP data are parsed, obtain remote desktop image corresponding with the RDP data;
Text data is extracted from the remote desktop image based on default optical character identification model, obtain with it is described Text data corresponding to RDP data.
Further, in the above method, judge whether the text data belongs to default sensitive data, including:
The preset default sensitive data;
The text data is compared with the default sensitive data.
Further, in the above method, corresponding desensitization operation is carried out to the text data, is obtained and the textual data According to corresponding desensitization data, including:
Based on the sensitivity of the text data, corresponding desensitization operation is carried out to the text data, is obtained and institute Desensitization data corresponding to text data are stated, wherein, the sensitivity includes degree of danger and warning degree.
Further, in the above method, if the sensitivity is degree of danger, the text data is carried out corresponding Desensitization operation, after obtaining desensitization data corresponding with the text data, in addition to:
End operation instruction is sent to the user equipment, terminates the current operation to the user equipment.
Further, in the above method, if the sensitivity is warning degree, the text data is carried out corresponding Desensitization operation, obtains the data that desensitize corresponding with the text data, including:
Corresponding desensitization operation is carried out to the text data based on default desensitization rule, obtained and the text data Corresponding desensitization data;
It is described that corresponding desensitization operation is carried out to the text data, obtain the data that desensitize corresponding with the text data Afterwards, in addition to:
Sensitive prompt message is sent to the user equipment.
Further, it is described that corresponding desensitization operation is carried out to the text data in the above method, obtain and the text After desensitization data corresponding to notebook data, in addition to:
Based on access privilege, the desensitization data are sent to corresponding user equipment.
Further, in the above method, the default desensitization rule includes:
Space management is carried out to the text data;Or,
Fuzzy Processing is carried out to the text data.
According to the another aspect of the application, a kind of method of data processing is additionally provided, wherein, methods described includes:
Accessed and applied by remote desktop, the operation data carried out from user equipment end acquisition user to the user equipment And it is transmitted to the network equipment;
The RDP data that the network equipment is returned based on the operation data are received, and the RDP data are parsed Identification, obtains text data corresponding with the RDP data;
Judge whether the text data belongs to default sensitive data,
If so, then carrying out corresponding desensitization operation to the text data, desensitization corresponding with the text data is obtained Data.
According to the another aspect of the application, a kind of computer-readable medium is additionally provided, is stored thereon with computer-readable Instruction, the computer-readable instruction can be executed by processor to realize the method such as above-mentioned data processing.
According to the another aspect of the application, a kind of proxy service device for data processing is additionally provided, wherein, the generation Reason service equipment includes:
One or more processors;And
The memory of computer-readable instruction is stored with, the computer-readable instruction makes the processor when executed Perform the operation of the method such as above-mentioned data processing.
According to the another aspect of the application, a kind of system of data processing is additionally provided, the system includes user equipment, generation Service equipment and the network equipment are managed, wherein,
The user equipment is used for:Obtain the operation data that user is carried out to the user equipment and be sent to agency service Equipment;For receiving and showing desensitization data.
The network equipment is used for:The operation data of proxy service device forwarding based on reception, to the agency RDP data corresponding to service equipment transmission;
The proxy service device is used for:
Operation data and the forwarding that user is carried out to the user equipment are obtained from user equipment end by the RDP agreements To the network equipment;
The RDP data that the network equipment is returned based on the operation data are received, and the RDP data are parsed Identification, obtains text data corresponding with the RDP data;
Judge whether the text data belongs to default sensitive data,
If so, then carrying out corresponding desensitization operation to the text data, desensitization corresponding with the text data is obtained Data.
Compared with prior art, the application, using RDP agreements as proxy service device, is passed through by introducing RDP agreements RDP agreements obtain the operation data that is carried out to the user equipment of user from user equipment end and are transmitted to the network equipment;Receive RDP data that the network equipment is returned based on the operation data, and parsing identification is carried out to the RDP data, obtain with Text data corresponding to the RDP data;Judge whether the text data belongs to default sensitive data, if so, then to institute State text data and carry out corresponding desensitization operation, obtain the data that desensitize corresponding with the text data, pass through RDP protocol realizations Desensitization to RDP data, the security control of data transfer is not only solved, also facilitates the O&M pipe that user carries out equipment Reason, and then improve the efficiency of management in data desensitization management.
Brief description of the drawings
By reading the detailed description made to non-limiting example made with reference to the following drawings, the application's is other Feature, objects and advantages will become more apparent upon:
Fig. 1 shows a kind of flow chart of the method for data processing according to the application one side;
Fig. 2 shows the RDP in the proxy service device in the system according to a kind of data processing of the application one side Agreement desensitization functional diagram.
Same or analogous reference represents same or analogous part in accompanying drawing.
Embodiment
The application is described in further detail below in conjunction with the accompanying drawings.
In one typical configuration of the application, terminal, the equipment of service network and trusted party include one or more Processor (CPU), input/output interface, network interface and internal memory.
Internal memory may include computer-readable medium in volatile memory, random access memory (RAM) and/or The forms such as Nonvolatile memory, such as read-only storage (ROM) or flash memory (flash RAM).Internal memory is computer-readable medium Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method Or technology come realize information store.Information can be computer-readable instruction, data structure, the module of program or other data. The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), moved State random access memory (DRAM), other kinds of random access memory (RAM), read-only storage (ROM), electric erasable Programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, read-only optical disc read-only storage (CD-ROM), Digital versatile disc (DVD) or other optical storages, magnetic cassette tape, magnetic disk storage or other magnetic storage apparatus or Any other non-transmission medium, the information that can be accessed by a computing device available for storage.Defined according to herein, computer Computer-readable recording medium does not include non-temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
Fig. 1 shows a kind of flow chart of the method for data processing of the application one side, applied to operation management system In, the proxy server end of playing the part of middle bridge, use RDP agreements at the end;This method includes:
Step S11, the operation data that is carried out to the user equipment of user is obtained simultaneously from user equipment end by RDP agreements It is transmitted to the network equipment;
The step S12, the RDP data that the network equipment is returned based on the operation data are received, and to the RDP Data carry out parsing identification, obtain text data corresponding with the RDP data;
The step S13, judges whether the text data belongs to default sensitive data, if it is not, then directly by described in Text data corresponding to RDP is sent to corresponding user equipment;If so, corresponding desensitization behaviour is then carried out to the text data Make, obtain the data that desensitize corresponding with the text data, by RDP protocol realizations to O&M and the RDP data in audit Desensitization, be effectively combined RDP agreements with desensitization operate, not only in the situation for the normal operation for not influenceing operation management system Under, solve the security of the data transfer in operation management system, improve the security of operation management system, also facilitate User carries out the operation management of equipment, and then improves the efficiency of management in data desensitization management.
Here, the operation data can include but is not limited to be the mouse that is carried out of user to user equipment click on, mouse The Action Events such as mark selection and input through keyboard.Then the RDP data can include being that network equipment end is sent out according to user equipment end The operation data sent carries out the corresponding data that simulated operation obtains to user equipment, for example, entering to the file of remote desktop After row mouse is clicked on, corresponding file desktop that network equipment end simulates etc., in another example, the interface of remote desktop is entered After the operation of edlin, remote desktop of corresponding renewal that network equipment end simulates etc..Wherein, the RDP data from Application and remote desktop in RDP title functions, in the full frame functions of RDP, in the lockable window size of RDP O&Ms access Using being acquired in (remoteapp) O&M program.
In the embodiment of the application one, the step S12 carries out parsing identification to the RDP data, obtains and the RDP numbers According to corresponding text data, including:
The RDP data are parsed, obtain remote desktop image corresponding with the RDP data;
Text data is extracted from the remote desktop image based on default optical character identification model, obtain with it is described Text data corresponding to RDP data.
For example, as the middle bridge between user equipment end and network equipment end, proxy service device performs the step Rapid S12, the RDP data are parsed first, obtain remote desktop image corresponding with the RDP data, such as in electricity My file is opened on brain desktop, the remote desktop image that parsing now obtains is exactly the current window of file just in table On face, and the remote desktop image that the file that can be opened of some icons of the desktop blocks;Then the step S12 is based on Default OCR (Optical Character Recognition, optical character identification)) model is from the remote desktop image In extract the text data of text formatting, obtain text data corresponding with the RDP data, i.e., by remote desktop heading The text data that word and full frame word etc. include text message is locked in data, screen to extract, and is realized to RDP data Parsing and OCR identify, the text data progress legitimacy corresponding with the RDP and sensitiveness are sentenced so as to follow-up It is disconnected.
In the embodiment of the application one, judge whether the text data belongs to default sensitive number in the step S13 According to, including:
The preset default sensitive data;
The text data is compared with the default sensitive data.
For example, in order to realize to the title data in RDP data, screen locking region, the full frame region of desktop and long-range table Interview asks that the text data in application is desensitized in real time, then needs carrying out legitimacy to text data corresponding to RDP data , it is necessary to which preset default sensitive data, the default sensitive data can include threat data and police before judging with sensitiveness Accuse data, when judging whether the text data belongs to default sensitive data, by the text data with it is described default Sensitive data is compared, if comparing unanimously, this article notebook data is sensitive data, if comparison is inconsistent, this article notebook data It is not sensitive data, realizes the sensitiveness judgement to text data.Further, in order to be different from the quick of different sensitivitys Feel data, it is corresponding to be operated using different desensitizations, corresponding desensitization behaviour is carried out to the text data in the step S13 Make, obtain the data that desensitize corresponding with the text data, including:Based on the sensitivity of the text data, to the text Notebook data carries out corresponding desensitization operation, obtains the data that desensitize corresponding with the text data, wherein, the sensitivity bag Include degree of danger and warning degree.If for example, the sensitive data is threat data, the sensitivity of the sensitive data is danger Dangerous degree, if the sensitive data is alarm data, the sensitivity of the sensitive data is warning degree.The step S13 According to the sensitivity of different text datas, desensitization corresponding with its sensitivity is carried out to this article notebook data and is operated, to realize To the corresponding desensitization of the sensitive data of different sensitivitys operation be present.
In the embodiment of the application one, if the sensitivity is degree of danger, to the text data in the step S13 Corresponding desensitization operation is carried out, after obtaining desensitization data corresponding with the text data, in addition to:To the user equipment End operation instruction is sent, terminates the current operation to the user equipment.If for example, by the RDP in the step S13 After text data corresponding to data is contrasted with default sensitive data, if this article notebook data belongs to default sensitive data And the sensitivity is degree of danger, then end operation instruction is sent to user equipment, be immediately finished to the user equipment Current operation, wherein, current operation can include current O&M operation etc., using realize when find text data sensitivity as The operation of corresponding triggering during degree of danger.
In the embodiment of the application one, if the sensitivity is warning degree, in the step S13 to the textual data According to corresponding desensitization operation is carried out, the data that desensitize corresponding with the text data are obtained, including:Based on default desensitization rule Corresponding desensitization operation is carried out to the text data, obtains the data that desensitize corresponding with the text data;It is here, described pre- If desensitization rule can include but is not limited to be to include:Space management is carried out to the text data;Or, to the textual data According to progress Fuzzy Processing.For example, finding sensitive text data when in O&M, then blank space is carried out to the text data of sensitivity Reason, wherein space management can be (to flood the text of sensitivity by text data space or white edge or colored color box Information) substitute;Or, Fuzzy Processing is carried out to text data, obscure the text data of sensitivity, this is quick so that user does not see Chu Particular content corresponding to the text data of sense, and then realize corresponding based on text data progress of the default desensitization rule to sensitivity Desensitization operation.Then the step S13 carries out corresponding desensitization operation to the text data, obtains and the text data After corresponding desensitization data, in addition to:Sensitive prompt message is sent to the user equipment, enabling at user equipment end The sensitive prompt message can be ejected on remote access interface, to prompt and inform that the user can not check this text data pair File, file or current accessed interface for answering etc., to ensure the security of the sensitive text data of transmission.
In the embodiment of the application one, corresponding desensitization operation is carried out to the text data in the step S13, is obtained After desensitization data corresponding with the text data, in addition to:Based on access privilege, the desensitization data are sent to Corresponding user equipment.If for example, the access privilege is generic access authority user, the desensitization data are sent After the user equipment, the data that desensitize will not be presented to the use operated to the user equipment by the user equipment Family, to ensure to security of the text data of sensitivity by the desensitization data after desensitization process;If user's access right It is limited to highest authority and accesses user, then the desensitization data is sent to corresponding user equipment, so that the user equipment base The desensitization data after passing through desensitization process to the text data of sensitivity are shown from high access rights to user in this, realization is based on The corresponding user equipment not in the same direction of the access privilege of active user sends and shows that different desensitization data or sensitivity carry Show information etc..
According to the another aspect of the application, a kind of method of data processing is additionally provided, applied in operation management system , the proxy server end for playing the part of middle bridge, use RDP agreements at the end;Wherein, methods described includes:
Accessed and applied by remote desktop, the operation data carried out from user equipment end acquisition user to the user equipment And it is transmitted to the network equipment;
The RDP data that the network equipment is returned based on the operation data are received, and the RDP data are parsed Identification, obtains text data corresponding with the RDP data;
Judge whether the text data belongs to default sensitive data,
If so, then carrying out corresponding desensitization operation to the text data, desensitization corresponding with the text data is obtained Data.
Here, the proxy service device can be accessed by the remote desktop directly invokes net using (remoteapp) The operation program of network equipment end to the local of the proxy service device is performed, and accessing application by the remote desktop is presented Operation program operationally, obtain operation data (such as the user that user carries out to the user equipment from user equipment end Operation data operated to the wicket on corresponding remote desktop interface etc.) and it is transmitted to the network equipment;Described in reception The RDP data that the network equipment is returned based on the operation data, and parsing identification is carried out (for example with pre- to the RDP data If OCR models the data obtained afterwards parsed to the RDP data be identified), obtain corresponding with the RDP data Text data;And sensitive data is carried out to the text data based on agreement sensitive datas such as local default sensitive databases Judgement, and based on judge obtained result make corresponding to response operation.If for example, judge that obtaining the text data belongs to Default sensitive data in default sensitive database, then triggering carry out corresponding desensitization operation to the text data, with The data that desensitize corresponding with the text data are obtained, accessed by remote desktop realizes to RDP numbers using (remoteapp) According to desensitization, not only solve data transfer security control, also facilitate user carry out equipment operation management, Jin Erti The efficiency of management in high data desensitization management.
In addition, in another embodiment of the application, a kind of computer-readable medium is additionally provided, is stored thereon with computer Readable instruction, the computer-readable instruction can be executed by processor to realize the method such as above-mentioned data processing.
In another embodiment of the application, a kind of proxy service device for data processing is additionally provided, wherein, the generation Reason service equipment includes:
One or more processors;And
The memory of computer-readable instruction is stored with, the computer-readable instruction makes the processor when executed Perform the operation of the method such as above-mentioned data processing.
According to the another aspect of the application, a kind of system of data processing is additionally provided, applied in operation management system, The system includes user equipment, proxy service device and the network equipment, wherein,
The user equipment is used for:Obtain the operation data that user is carried out to the user equipment and be sent to agency service Equipment;For receiving and showing desensitization data.
The network equipment is used for:The operation data of proxy service device forwarding based on reception, to the agency RDP data corresponding to service equipment transmission;
The proxy service device is used for:
Operation data and the forwarding that user is carried out to the user equipment are obtained from user equipment end by the RDP agreements To the network equipment;
The RDP data that the network equipment is returned based on the operation data are received, and the RDP data are parsed Identification, obtains text data corresponding with the RDP data;
Judge whether the text data belongs to default sensitive data,
If so, then carrying out corresponding desensitization operation to the text data, desensitization corresponding with the text data is obtained Data.
For example, the user equipment obtains the operation data that user is carried out to the user equipment and is sent to agency service Equipment;So that the operation data of proxy service device forwarding of the network equipment based on reception, to the agency service RDP data corresponding to equipment transmission;Then as shown in Fig. 2 by RDP agreements to the O&M in operation management system and audit The proxy service device end that RDP data are desensitized, the proxy service device is by the RDP agreements from user equipment end Obtain the operation data that user is carried out to the user equipment and be transmitted to the network equipment;The network equipment is received based on described The RDP data that operation data returns, and parsing identification is carried out to the RDP data, obtain text corresponding with the RDP data Data;Judge whether the text data belongs to default sensitive data, if so, then being taken off accordingly to the text data Quick operation, the data that desensitize corresponding with the text data are obtained, and be based on access privilege, the desensitization data are sent To corresponding user equipment so that user equipment according to corresponding to current accessed user access privilege to the sensitive data Carry out showing or prompting the processing such as user's inaccessible accordingly, realize and the RDP data in operation management system are desensitized Processing.
In the embodiment of the application one, to user to the screen in the user equipment so that user is O&M person or auditor as an example The operation for the data that curtain ' locked ' zone needs to present illustrates.Screen locking function corresponding to the screen locking region is user When carrying MSTSC programs (Remote desk process program) O&M using windows systems, auditor or itself it can be drawn in screen The red frame region for going out a rectangle especially judges sensitive data.When O&M person itself open RDP windows in mark one it is red During frame region, system can capture the sensitive data in red frame region in real time, and after there is sensitive data, only highest authority accesses audit Member can inquire.The session window currently just in O&M can be marked by auditor, occur sensitive data in indicia framing Afterwards, corresponding processing can be carried out.Realize the processing to the sensitive data in the screen locking region in O&M and audit process.
In summary, the application, using RDP agreements as proxy service device, passes through RDP agreements by introducing RDP agreements The operation data that is carried out to the user equipment of user is obtained from user equipment end and is transmitted to the network equipment;Receive the network The RDP data that equipment is returned based on the operation data, and parsing identification is carried out to the RDP data, obtain and the RDP numbers According to corresponding text data;Judge whether the text data belongs to default sensitive data, if so, then to the text data Corresponding desensitization operation is carried out, obtain the data that desensitize corresponding with the text data, by RDP protocol realizations to RDP numbers According to desensitization, not only solve data transfer security control, also facilitate user carry out equipment operation management, Jin Erti The efficiency of management in high data desensitization management
Obviously, those skilled in the art can carry out the essence of various changes and modification without departing from the application to the application God and scope.So, if these modifications and variations of the application belong to the scope of the application claim and its equivalent technologies Within, then the application is also intended to comprising including these changes and modification.
It should be noted that the application can be carried out in the assembly of software and/or software and hardware, for example, can adopt With application specific integrated circuit (ASIC), general purpose computer or any other realized similar to hardware device.In one embodiment In, the software program of the application can realize steps described above or function by computing device.Similarly, the application Software program (including related data structure) can be stored in computer readable recording medium storing program for performing, for example, RAM memory, Magnetically or optically driver or floppy disc and similar devices.In addition, some steps or function of the application can employ hardware to realize, example Such as, coordinate as with processor so as to perform the circuit of each step or function.
In addition, the part of the application can be applied to computer program product, such as computer program instructions, when its quilt When computer performs, by the operation of the computer, it can call or provide according to the present processes and/or technical scheme. And the programmed instruction of the present processes is called, it is possibly stored in fixed or moveable recording medium, and/or pass through Broadcast or the data flow in other signal bearing medias and be transmitted, and/or be stored according to described program instruction operation In the working storage of computer equipment.Here, including a device according to one embodiment of the application, the device includes using Memory in storage computer program instructions and processor for execute program instructions, wherein, when the computer program refers to When order is by the computing device, method and/or skill of the plant running based on foregoing multiple embodiments according to the application are triggered Art scheme.
It is obvious to a person skilled in the art that the application is not limited to the details of above-mentioned one exemplary embodiment, Er Qie In the case of without departing substantially from spirit herein or essential characteristic, the application can be realized in other specific forms.Therefore, no matter From the point of view of which point, embodiment all should be regarded as exemplary, and be nonrestrictive, scope of the present application is by appended power Profit requires rather than described above limits, it is intended that all in the implication and scope of the equivalency of claim by falling Change is included in the application.Any reference in claim should not be considered as to the involved claim of limitation.This Outside, it is clear that the word of " comprising " one is not excluded for other units or step, and odd number is not excluded for plural number.That is stated in device claim is multiple Unit or device can also be realized by a unit or device by software or hardware.The first, the second grade word is used for table Show title, and be not offered as any specific order.

Claims (12)

1. a kind of method of data processing, wherein, methods described includes:
Obtain the operation data that is carried out to the user equipment of user from user equipment end by RDP agreements and be transmitted to network and set It is standby;
The RDP data that the network equipment is returned based on the operation data are received, and parsing knowledge is carried out to the RDP data Not, text data corresponding with the RDP data is obtained;
Judge whether the text data belongs to default sensitive data,
If so, then carrying out corresponding desensitization operation to the text data, the data that desensitize corresponding with the text data are obtained.
2. according to the method for claim 1, wherein, it is described that parsing identification is carried out to the RDP data, obtain with it is described Text data corresponding to RDP data, including:
The RDP data are parsed, obtain remote desktop image corresponding with the RDP data;
Text data is extracted from the remote desktop image based on default optical character identification model, obtained and the RDP Text data corresponding to data.
3. the method according to claim 11, wherein, it is described to judge whether the text data belongs to default sensitive number According to, including:
The preset default sensitive data;
The text data is compared with the default sensitive data.
4. according to the method for claim 3, wherein, the operation of desensitizing corresponding to text data progress, obtain The data that desensitize corresponding with the text data, including:
Based on the sensitivity of the text data, corresponding desensitization operation is carried out to the text data, is obtained and the text Desensitization data corresponding to notebook data, wherein, the sensitivity includes degree of danger and warning degree.
5. the method according to claim 11, wherein, it is described to judge the text if the sensitivity is degree of danger Whether data belong to default sensitive data, if so, then carry out corresponding desensitization operation to the text data, obtain with it is described After desensitization data corresponding to text data, in addition to:
End operation instruction is sent to the user equipment, terminates the current operation to the user equipment.
6. according to the method for claim 4, wherein, if the sensitivity is warning degree, institute is to the text data Corresponding desensitization operation is carried out, obtains the data that desensitize corresponding with the text data, including:
Corresponding desensitization operation is carried out to the text data based on default desensitization rule, obtained corresponding with the text data Desensitization data;
It is described to judge whether the text data belongs to default sensitive data, if so, then being carried out to the text data corresponding Desensitization operation, obtain it is corresponding with the text data desensitization data after, in addition to:
Sensitive prompt message is sent to the user equipment.
7. the method according to claim 11, wherein, it is described to judge whether the text data belongs to default sensitive number According to, if so, then carry out corresponding desensitization operation to the text data, obtain desensitization data corresponding with the text data it Afterwards, in addition to:
Based on access privilege, the desensitization data are sent to corresponding user equipment.
8. the method according to claim 6 or 7, wherein, the default desensitization rule includes:
Space management is carried out to the text data;Or,
Fuzzy Processing is carried out to the text data.
9. a kind of method of data processing, wherein, methods described includes:
Accessed and applied by remote desktop, the operation data carried out from user equipment end acquisition user to the user equipment simultaneously turns Issue the network equipment;
The RDP data that the network equipment is returned based on the operation data are received, and parsing knowledge is carried out to the RDP data Not, text data corresponding with the RDP data is obtained;
Judge whether the text data belongs to default sensitive data,
If so, then carrying out corresponding desensitization operation to the text data, the data that desensitize corresponding with the text data are obtained.
10. a kind of computer-readable medium, is stored thereon with computer-readable instruction, the computer-readable instruction can be processed Device is performed to realize the method as any one of claim 1 to 8.
11. a kind of proxy service device for data processing, wherein, the proxy service device includes:
One or more processors;And
The memory of computer-readable instruction is stored with, the computer-readable instruction makes the computing device when executed The operation of method as any one of claim 1 to 8.
12. a kind of system of data processing, the system includes user equipment, proxy service device and the network equipment, wherein,
The user equipment is used for:Obtain the operation data that user is carried out to the user equipment and be sent to agency service and set It is standby;For receiving and showing desensitization data.
The network equipment is used for:The operation data of proxy service device forwarding based on reception, to the agency service RDP data corresponding to equipment transmission;
The proxy service device is used for:
The operation data that is carried out to the user equipment of user is obtained from user equipment end by the RDP agreements and is transmitted to net Network equipment;
The RDP data that the network equipment is returned based on the operation data are received, and parsing knowledge is carried out to the RDP data Not, text data corresponding with the RDP data is obtained;
Judge whether the text data belongs to default sensitive data,
If so, then carrying out corresponding desensitization operation to the text data, the data that desensitize corresponding with the text data are obtained.
CN201710666590.5A 2017-08-07 2017-08-07 A kind of method and system of data processing Pending CN107403108A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710666590.5A CN107403108A (en) 2017-08-07 2017-08-07 A kind of method and system of data processing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710666590.5A CN107403108A (en) 2017-08-07 2017-08-07 A kind of method and system of data processing

Publications (1)

Publication Number Publication Date
CN107403108A true CN107403108A (en) 2017-11-28

Family

ID=60401673

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710666590.5A Pending CN107403108A (en) 2017-08-07 2017-08-07 A kind of method and system of data processing

Country Status (1)

Country Link
CN (1) CN107403108A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108418676A (en) * 2018-01-26 2018-08-17 山东超越数控电子股份有限公司 A kind of data desensitization method based on permission
CN109472847A (en) * 2018-10-16 2019-03-15 平安普惠企业管理有限公司 A kind of image processing method, system and terminal device
CN110858837A (en) * 2018-08-24 2020-03-03 阿里巴巴集团控股有限公司 Network management and control method and device and electronic equipment
CN111914513A (en) * 2019-05-08 2020-11-10 亿阳安全技术有限公司 RDP window title character recognition method and device
CN112000984A (en) * 2020-08-24 2020-11-27 杭州安恒信息技术股份有限公司 Data leakage detection method, device, equipment and readable storage medium
CN113806808A (en) * 2021-09-24 2021-12-17 四川新网银行股份有限公司 Non-invasive data desensitization method and system in distributed environment
CN114390355A (en) * 2021-12-10 2022-04-22 阿里巴巴(中国)有限公司 Playback method of protocol data and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103973488A (en) * 2014-04-29 2014-08-06 上海上讯信息技术股份有限公司 Operation and maintenance management system and method based on RDP protocol
CN104484612A (en) * 2014-11-19 2015-04-01 中电长城(长沙)信息技术有限公司 Sensitive information shielding method and system for remote desktop applications
CN105843916A (en) * 2016-03-24 2016-08-10 上海上讯信息技术股份有限公司 Sensitive data detection method and equipment based on file merging
CN106295388A (en) * 2015-06-04 2017-01-04 中国移动通信集团山东有限公司 A kind of data desensitization method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103973488A (en) * 2014-04-29 2014-08-06 上海上讯信息技术股份有限公司 Operation and maintenance management system and method based on RDP protocol
CN104484612A (en) * 2014-11-19 2015-04-01 中电长城(长沙)信息技术有限公司 Sensitive information shielding method and system for remote desktop applications
CN106295388A (en) * 2015-06-04 2017-01-04 中国移动通信集团山东有限公司 A kind of data desensitization method and device
CN105843916A (en) * 2016-03-24 2016-08-10 上海上讯信息技术股份有限公司 Sensitive data detection method and equipment based on file merging

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
小憨: "基于MitM的RDP降级攻击", 《HTTPS://XZ.ALIYUN.COM/T/217》 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108418676A (en) * 2018-01-26 2018-08-17 山东超越数控电子股份有限公司 A kind of data desensitization method based on permission
CN110858837A (en) * 2018-08-24 2020-03-03 阿里巴巴集团控股有限公司 Network management and control method and device and electronic equipment
CN110858837B (en) * 2018-08-24 2022-09-06 阿里巴巴集团控股有限公司 Network management and control method and device and electronic equipment
CN109472847A (en) * 2018-10-16 2019-03-15 平安普惠企业管理有限公司 A kind of image processing method, system and terminal device
CN111914513A (en) * 2019-05-08 2020-11-10 亿阳安全技术有限公司 RDP window title character recognition method and device
CN112000984A (en) * 2020-08-24 2020-11-27 杭州安恒信息技术股份有限公司 Data leakage detection method, device, equipment and readable storage medium
CN113806808A (en) * 2021-09-24 2021-12-17 四川新网银行股份有限公司 Non-invasive data desensitization method and system in distributed environment
CN113806808B (en) * 2021-09-24 2023-06-23 四川新网银行股份有限公司 Non-invasive data desensitization method and system in distributed environment
CN114390355A (en) * 2021-12-10 2022-04-22 阿里巴巴(中国)有限公司 Playback method of protocol data and electronic equipment

Similar Documents

Publication Publication Date Title
CN107403108A (en) A kind of method and system of data processing
CN113098870B (en) Phishing detection method and device, electronic equipment and storage medium
JP7018920B2 (en) Confidential information processing methods, devices, servers, and security decision systems
US11113412B2 (en) System and method for monitoring and verifying software behavior
CN103888490B (en) A kind of man-machine knowledge method for distinguishing of full automatic WEB client side
CN104965691B (en) The method, apparatus and system of the page elements of the configuration webpage page
US20170142143A1 (en) Identifying notable events based on execution of correlation searches
CN111401416B (en) Abnormal website identification method and device and abnormal countermeasure identification method
US9934310B2 (en) Determining repeat website users via browser uniqueness tracking
CN107085549B (en) Method and device for generating fault information
KR20180082504A (en) Methods and equipment for application information risk management
CN104866770B (en) Sensitive data scanning method and system
CN107092535B (en) Method and apparatus for data storage of test interface
US20180150639A1 (en) Security vulnerability detection
CN111404937B (en) Method and device for detecting server vulnerability
CN111767573A (en) Database security management method and device, electronic equipment and readable storage medium
CN112287270A (en) Content auditing method and device
CN106294317A (en) The form information method of calibration at a kind of cloud platform interface and system
CN106330846A (en) Cross-platform object recommendation method and device
CN109684863B (en) Data leakage prevention method, device, equipment and storage medium
CN105868290A (en) Search result presentation method and apparatus
CN116522197A (en) Identity authentication and access control system based on security management
CN113434588B (en) Data mining analysis method and device based on mobile communication ticket
CN112257037A (en) Process watermarking method and system and electronic equipment
CN105354506B (en) The method and apparatus of hidden file

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171128