CN107403108A - A kind of method and system of data processing - Google Patents
A kind of method and system of data processing Download PDFInfo
- Publication number
- CN107403108A CN107403108A CN201710666590.5A CN201710666590A CN107403108A CN 107403108 A CN107403108 A CN 107403108A CN 201710666590 A CN201710666590 A CN 201710666590A CN 107403108 A CN107403108 A CN 107403108A
- Authority
- CN
- China
- Prior art keywords
- data
- rdp
- text data
- desensitization
- text
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
The purpose of the application is to provide a kind of method and system of data processing, the application is by introducing RDP agreements, using RDP agreements as proxy service device, the operation data carried out by RDP agreements from user equipment end acquisition user to the user equipment is simultaneously transmitted to the network equipment;The RDP data that the network equipment is returned based on the operation data are received, and parsing identification is carried out to the RDP data, obtain text data corresponding with the RDP data;Judge whether the text data belongs to default sensitive data, if, corresponding desensitization operation is then carried out to the text data, obtain the data that desensitize corresponding with the text data, the desensitization to RDP data by RDP protocol realizations, the security control of data transfer is not only solved, user is also facilitated and carries out the operation management of equipment, and then improves the efficiency of management in data desensitization management.
Description
Technical field
The application is related to field of computer technology, more particularly to a kind of method and system of data processing.
Background technology
In the prior art, can be to RDP by RDP (Remote Desktop Protocol, RDP) technology
Operation/maintenance data is recorded and analyzed, and passes through OCR (Optical Character Recognition, optical character identification)
The title of client or the full content at interface are scanned and recorded etc. mode.By the technology of desensitizing to database or
File imports, the management of export or the machine to sensitive data in application program, to ensure the security of data.
In current existing operation management system, title or full screen data are parsed after only supporting RDP O&Ms.Due to making
Following both sides weak point while O&M and audit work afterwards can be realized in this way be present:On the one hand, endanger
Danger operation, can only find afterwards, it is impossible to terminate in real time;On the other hand, sensitive data is shown in the client, can use
The mode such as take pictures preserves.Based on above-mentioned weak point, data are caused safety issue and the efficiency of management in transmitting procedure to be present
The problem of low.
The content of the invention
The purpose of the application is to provide a kind of method and system of data processing, solves the number in data desensitization management
The problem of according to safety issue and the low efficiency of management.
According to the one side of the application, there is provided a kind of method of data processing, wherein, methods described includes:
The operation data that is carried out to the user equipment of user is obtained from user equipment end by RDP agreements and is transmitted to net
Network equipment;
The RDP data that the network equipment is returned based on the operation data are received, and the RDP data are parsed
Identification, obtains text data corresponding with the RDP data;
Judge whether the text data belongs to default sensitive data,
If so, then carrying out corresponding desensitization operation to the text data, desensitization corresponding with the text data is obtained
Data.
Further, in the above method, parsing identification is carried out to the RDP data, obtained corresponding with the RDP data
Text data, including:
The RDP data are parsed, obtain remote desktop image corresponding with the RDP data;
Text data is extracted from the remote desktop image based on default optical character identification model, obtain with it is described
Text data corresponding to RDP data.
Further, in the above method, judge whether the text data belongs to default sensitive data, including:
The preset default sensitive data;
The text data is compared with the default sensitive data.
Further, in the above method, corresponding desensitization operation is carried out to the text data, is obtained and the textual data
According to corresponding desensitization data, including:
Based on the sensitivity of the text data, corresponding desensitization operation is carried out to the text data, is obtained and institute
Desensitization data corresponding to text data are stated, wherein, the sensitivity includes degree of danger and warning degree.
Further, in the above method, if the sensitivity is degree of danger, the text data is carried out corresponding
Desensitization operation, after obtaining desensitization data corresponding with the text data, in addition to:
End operation instruction is sent to the user equipment, terminates the current operation to the user equipment.
Further, in the above method, if the sensitivity is warning degree, the text data is carried out corresponding
Desensitization operation, obtains the data that desensitize corresponding with the text data, including:
Corresponding desensitization operation is carried out to the text data based on default desensitization rule, obtained and the text data
Corresponding desensitization data;
It is described that corresponding desensitization operation is carried out to the text data, obtain the data that desensitize corresponding with the text data
Afterwards, in addition to:
Sensitive prompt message is sent to the user equipment.
Further, it is described that corresponding desensitization operation is carried out to the text data in the above method, obtain and the text
After desensitization data corresponding to notebook data, in addition to:
Based on access privilege, the desensitization data are sent to corresponding user equipment.
Further, in the above method, the default desensitization rule includes:
Space management is carried out to the text data;Or,
Fuzzy Processing is carried out to the text data.
According to the another aspect of the application, a kind of method of data processing is additionally provided, wherein, methods described includes:
Accessed and applied by remote desktop, the operation data carried out from user equipment end acquisition user to the user equipment
And it is transmitted to the network equipment;
The RDP data that the network equipment is returned based on the operation data are received, and the RDP data are parsed
Identification, obtains text data corresponding with the RDP data;
Judge whether the text data belongs to default sensitive data,
If so, then carrying out corresponding desensitization operation to the text data, desensitization corresponding with the text data is obtained
Data.
According to the another aspect of the application, a kind of computer-readable medium is additionally provided, is stored thereon with computer-readable
Instruction, the computer-readable instruction can be executed by processor to realize the method such as above-mentioned data processing.
According to the another aspect of the application, a kind of proxy service device for data processing is additionally provided, wherein, the generation
Reason service equipment includes:
One or more processors;And
The memory of computer-readable instruction is stored with, the computer-readable instruction makes the processor when executed
Perform the operation of the method such as above-mentioned data processing.
According to the another aspect of the application, a kind of system of data processing is additionally provided, the system includes user equipment, generation
Service equipment and the network equipment are managed, wherein,
The user equipment is used for:Obtain the operation data that user is carried out to the user equipment and be sent to agency service
Equipment;For receiving and showing desensitization data.
The network equipment is used for:The operation data of proxy service device forwarding based on reception, to the agency
RDP data corresponding to service equipment transmission;
The proxy service device is used for:
Operation data and the forwarding that user is carried out to the user equipment are obtained from user equipment end by the RDP agreements
To the network equipment;
The RDP data that the network equipment is returned based on the operation data are received, and the RDP data are parsed
Identification, obtains text data corresponding with the RDP data;
Judge whether the text data belongs to default sensitive data,
If so, then carrying out corresponding desensitization operation to the text data, desensitization corresponding with the text data is obtained
Data.
Compared with prior art, the application, using RDP agreements as proxy service device, is passed through by introducing RDP agreements
RDP agreements obtain the operation data that is carried out to the user equipment of user from user equipment end and are transmitted to the network equipment;Receive
RDP data that the network equipment is returned based on the operation data, and parsing identification is carried out to the RDP data, obtain with
Text data corresponding to the RDP data;Judge whether the text data belongs to default sensitive data, if so, then to institute
State text data and carry out corresponding desensitization operation, obtain the data that desensitize corresponding with the text data, pass through RDP protocol realizations
Desensitization to RDP data, the security control of data transfer is not only solved, also facilitates the O&M pipe that user carries out equipment
Reason, and then improve the efficiency of management in data desensitization management.
Brief description of the drawings
By reading the detailed description made to non-limiting example made with reference to the following drawings, the application's is other
Feature, objects and advantages will become more apparent upon:
Fig. 1 shows a kind of flow chart of the method for data processing according to the application one side;
Fig. 2 shows the RDP in the proxy service device in the system according to a kind of data processing of the application one side
Agreement desensitization functional diagram.
Same or analogous reference represents same or analogous part in accompanying drawing.
Embodiment
The application is described in further detail below in conjunction with the accompanying drawings.
In one typical configuration of the application, terminal, the equipment of service network and trusted party include one or more
Processor (CPU), input/output interface, network interface and internal memory.
Internal memory may include computer-readable medium in volatile memory, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only storage (ROM) or flash memory (flash RAM).Internal memory is computer-readable medium
Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer-readable instruction, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), moved
State random access memory (DRAM), other kinds of random access memory (RAM), read-only storage (ROM), electric erasable
Programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, read-only optical disc read-only storage (CD-ROM),
Digital versatile disc (DVD) or other optical storages, magnetic cassette tape, magnetic disk storage or other magnetic storage apparatus or
Any other non-transmission medium, the information that can be accessed by a computing device available for storage.Defined according to herein, computer
Computer-readable recording medium does not include non-temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
Fig. 1 shows a kind of flow chart of the method for data processing of the application one side, applied to operation management system
In, the proxy server end of playing the part of middle bridge, use RDP agreements at the end;This method includes:
Step S11, the operation data that is carried out to the user equipment of user is obtained simultaneously from user equipment end by RDP agreements
It is transmitted to the network equipment;
The step S12, the RDP data that the network equipment is returned based on the operation data are received, and to the RDP
Data carry out parsing identification, obtain text data corresponding with the RDP data;
The step S13, judges whether the text data belongs to default sensitive data, if it is not, then directly by described in
Text data corresponding to RDP is sent to corresponding user equipment;If so, corresponding desensitization behaviour is then carried out to the text data
Make, obtain the data that desensitize corresponding with the text data, by RDP protocol realizations to O&M and the RDP data in audit
Desensitization, be effectively combined RDP agreements with desensitization operate, not only in the situation for the normal operation for not influenceing operation management system
Under, solve the security of the data transfer in operation management system, improve the security of operation management system, also facilitate
User carries out the operation management of equipment, and then improves the efficiency of management in data desensitization management.
Here, the operation data can include but is not limited to be the mouse that is carried out of user to user equipment click on, mouse
The Action Events such as mark selection and input through keyboard.Then the RDP data can include being that network equipment end is sent out according to user equipment end
The operation data sent carries out the corresponding data that simulated operation obtains to user equipment, for example, entering to the file of remote desktop
After row mouse is clicked on, corresponding file desktop that network equipment end simulates etc., in another example, the interface of remote desktop is entered
After the operation of edlin, remote desktop of corresponding renewal that network equipment end simulates etc..Wherein, the RDP data from
Application and remote desktop in RDP title functions, in the full frame functions of RDP, in the lockable window size of RDP O&Ms access
Using being acquired in (remoteapp) O&M program.
In the embodiment of the application one, the step S12 carries out parsing identification to the RDP data, obtains and the RDP numbers
According to corresponding text data, including:
The RDP data are parsed, obtain remote desktop image corresponding with the RDP data;
Text data is extracted from the remote desktop image based on default optical character identification model, obtain with it is described
Text data corresponding to RDP data.
For example, as the middle bridge between user equipment end and network equipment end, proxy service device performs the step
Rapid S12, the RDP data are parsed first, obtain remote desktop image corresponding with the RDP data, such as in electricity
My file is opened on brain desktop, the remote desktop image that parsing now obtains is exactly the current window of file just in table
On face, and the remote desktop image that the file that can be opened of some icons of the desktop blocks;Then the step S12 is based on
Default OCR (Optical Character Recognition, optical character identification)) model is from the remote desktop image
In extract the text data of text formatting, obtain text data corresponding with the RDP data, i.e., by remote desktop heading
The text data that word and full frame word etc. include text message is locked in data, screen to extract, and is realized to RDP data
Parsing and OCR identify, the text data progress legitimacy corresponding with the RDP and sensitiveness are sentenced so as to follow-up
It is disconnected.
In the embodiment of the application one, judge whether the text data belongs to default sensitive number in the step S13
According to, including:
The preset default sensitive data;
The text data is compared with the default sensitive data.
For example, in order to realize to the title data in RDP data, screen locking region, the full frame region of desktop and long-range table
Interview asks that the text data in application is desensitized in real time, then needs carrying out legitimacy to text data corresponding to RDP data
, it is necessary to which preset default sensitive data, the default sensitive data can include threat data and police before judging with sensitiveness
Accuse data, when judging whether the text data belongs to default sensitive data, by the text data with it is described default
Sensitive data is compared, if comparing unanimously, this article notebook data is sensitive data, if comparison is inconsistent, this article notebook data
It is not sensitive data, realizes the sensitiveness judgement to text data.Further, in order to be different from the quick of different sensitivitys
Feel data, it is corresponding to be operated using different desensitizations, corresponding desensitization behaviour is carried out to the text data in the step S13
Make, obtain the data that desensitize corresponding with the text data, including:Based on the sensitivity of the text data, to the text
Notebook data carries out corresponding desensitization operation, obtains the data that desensitize corresponding with the text data, wherein, the sensitivity bag
Include degree of danger and warning degree.If for example, the sensitive data is threat data, the sensitivity of the sensitive data is danger
Dangerous degree, if the sensitive data is alarm data, the sensitivity of the sensitive data is warning degree.The step S13
According to the sensitivity of different text datas, desensitization corresponding with its sensitivity is carried out to this article notebook data and is operated, to realize
To the corresponding desensitization of the sensitive data of different sensitivitys operation be present.
In the embodiment of the application one, if the sensitivity is degree of danger, to the text data in the step S13
Corresponding desensitization operation is carried out, after obtaining desensitization data corresponding with the text data, in addition to:To the user equipment
End operation instruction is sent, terminates the current operation to the user equipment.If for example, by the RDP in the step S13
After text data corresponding to data is contrasted with default sensitive data, if this article notebook data belongs to default sensitive data
And the sensitivity is degree of danger, then end operation instruction is sent to user equipment, be immediately finished to the user equipment
Current operation, wherein, current operation can include current O&M operation etc., using realize when find text data sensitivity as
The operation of corresponding triggering during degree of danger.
In the embodiment of the application one, if the sensitivity is warning degree, in the step S13 to the textual data
According to corresponding desensitization operation is carried out, the data that desensitize corresponding with the text data are obtained, including:Based on default desensitization rule
Corresponding desensitization operation is carried out to the text data, obtains the data that desensitize corresponding with the text data;It is here, described pre-
If desensitization rule can include but is not limited to be to include:Space management is carried out to the text data;Or, to the textual data
According to progress Fuzzy Processing.For example, finding sensitive text data when in O&M, then blank space is carried out to the text data of sensitivity
Reason, wherein space management can be (to flood the text of sensitivity by text data space or white edge or colored color box
Information) substitute;Or, Fuzzy Processing is carried out to text data, obscure the text data of sensitivity, this is quick so that user does not see Chu
Particular content corresponding to the text data of sense, and then realize corresponding based on text data progress of the default desensitization rule to sensitivity
Desensitization operation.Then the step S13 carries out corresponding desensitization operation to the text data, obtains and the text data
After corresponding desensitization data, in addition to:Sensitive prompt message is sent to the user equipment, enabling at user equipment end
The sensitive prompt message can be ejected on remote access interface, to prompt and inform that the user can not check this text data pair
File, file or current accessed interface for answering etc., to ensure the security of the sensitive text data of transmission.
In the embodiment of the application one, corresponding desensitization operation is carried out to the text data in the step S13, is obtained
After desensitization data corresponding with the text data, in addition to:Based on access privilege, the desensitization data are sent to
Corresponding user equipment.If for example, the access privilege is generic access authority user, the desensitization data are sent
After the user equipment, the data that desensitize will not be presented to the use operated to the user equipment by the user equipment
Family, to ensure to security of the text data of sensitivity by the desensitization data after desensitization process;If user's access right
It is limited to highest authority and accesses user, then the desensitization data is sent to corresponding user equipment, so that the user equipment base
The desensitization data after passing through desensitization process to the text data of sensitivity are shown from high access rights to user in this, realization is based on
The corresponding user equipment not in the same direction of the access privilege of active user sends and shows that different desensitization data or sensitivity carry
Show information etc..
According to the another aspect of the application, a kind of method of data processing is additionally provided, applied in operation management system
, the proxy server end for playing the part of middle bridge, use RDP agreements at the end;Wherein, methods described includes:
Accessed and applied by remote desktop, the operation data carried out from user equipment end acquisition user to the user equipment
And it is transmitted to the network equipment;
The RDP data that the network equipment is returned based on the operation data are received, and the RDP data are parsed
Identification, obtains text data corresponding with the RDP data;
Judge whether the text data belongs to default sensitive data,
If so, then carrying out corresponding desensitization operation to the text data, desensitization corresponding with the text data is obtained
Data.
Here, the proxy service device can be accessed by the remote desktop directly invokes net using (remoteapp)
The operation program of network equipment end to the local of the proxy service device is performed, and accessing application by the remote desktop is presented
Operation program operationally, obtain operation data (such as the user that user carries out to the user equipment from user equipment end
Operation data operated to the wicket on corresponding remote desktop interface etc.) and it is transmitted to the network equipment;Described in reception
The RDP data that the network equipment is returned based on the operation data, and parsing identification is carried out (for example with pre- to the RDP data
If OCR models the data obtained afterwards parsed to the RDP data be identified), obtain corresponding with the RDP data
Text data;And sensitive data is carried out to the text data based on agreement sensitive datas such as local default sensitive databases
Judgement, and based on judge obtained result make corresponding to response operation.If for example, judge that obtaining the text data belongs to
Default sensitive data in default sensitive database, then triggering carry out corresponding desensitization operation to the text data, with
The data that desensitize corresponding with the text data are obtained, accessed by remote desktop realizes to RDP numbers using (remoteapp)
According to desensitization, not only solve data transfer security control, also facilitate user carry out equipment operation management, Jin Erti
The efficiency of management in high data desensitization management.
In addition, in another embodiment of the application, a kind of computer-readable medium is additionally provided, is stored thereon with computer
Readable instruction, the computer-readable instruction can be executed by processor to realize the method such as above-mentioned data processing.
In another embodiment of the application, a kind of proxy service device for data processing is additionally provided, wherein, the generation
Reason service equipment includes:
One or more processors;And
The memory of computer-readable instruction is stored with, the computer-readable instruction makes the processor when executed
Perform the operation of the method such as above-mentioned data processing.
According to the another aspect of the application, a kind of system of data processing is additionally provided, applied in operation management system,
The system includes user equipment, proxy service device and the network equipment, wherein,
The user equipment is used for:Obtain the operation data that user is carried out to the user equipment and be sent to agency service
Equipment;For receiving and showing desensitization data.
The network equipment is used for:The operation data of proxy service device forwarding based on reception, to the agency
RDP data corresponding to service equipment transmission;
The proxy service device is used for:
Operation data and the forwarding that user is carried out to the user equipment are obtained from user equipment end by the RDP agreements
To the network equipment;
The RDP data that the network equipment is returned based on the operation data are received, and the RDP data are parsed
Identification, obtains text data corresponding with the RDP data;
Judge whether the text data belongs to default sensitive data,
If so, then carrying out corresponding desensitization operation to the text data, desensitization corresponding with the text data is obtained
Data.
For example, the user equipment obtains the operation data that user is carried out to the user equipment and is sent to agency service
Equipment;So that the operation data of proxy service device forwarding of the network equipment based on reception, to the agency service
RDP data corresponding to equipment transmission;Then as shown in Fig. 2 by RDP agreements to the O&M in operation management system and audit
The proxy service device end that RDP data are desensitized, the proxy service device is by the RDP agreements from user equipment end
Obtain the operation data that user is carried out to the user equipment and be transmitted to the network equipment;The network equipment is received based on described
The RDP data that operation data returns, and parsing identification is carried out to the RDP data, obtain text corresponding with the RDP data
Data;Judge whether the text data belongs to default sensitive data, if so, then being taken off accordingly to the text data
Quick operation, the data that desensitize corresponding with the text data are obtained, and be based on access privilege, the desensitization data are sent
To corresponding user equipment so that user equipment according to corresponding to current accessed user access privilege to the sensitive data
Carry out showing or prompting the processing such as user's inaccessible accordingly, realize and the RDP data in operation management system are desensitized
Processing.
In the embodiment of the application one, to user to the screen in the user equipment so that user is O&M person or auditor as an example
The operation for the data that curtain ' locked ' zone needs to present illustrates.Screen locking function corresponding to the screen locking region is user
When carrying MSTSC programs (Remote desk process program) O&M using windows systems, auditor or itself it can be drawn in screen
The red frame region for going out a rectangle especially judges sensitive data.When O&M person itself open RDP windows in mark one it is red
During frame region, system can capture the sensitive data in red frame region in real time, and after there is sensitive data, only highest authority accesses audit
Member can inquire.The session window currently just in O&M can be marked by auditor, occur sensitive data in indicia framing
Afterwards, corresponding processing can be carried out.Realize the processing to the sensitive data in the screen locking region in O&M and audit process.
In summary, the application, using RDP agreements as proxy service device, passes through RDP agreements by introducing RDP agreements
The operation data that is carried out to the user equipment of user is obtained from user equipment end and is transmitted to the network equipment;Receive the network
The RDP data that equipment is returned based on the operation data, and parsing identification is carried out to the RDP data, obtain and the RDP numbers
According to corresponding text data;Judge whether the text data belongs to default sensitive data, if so, then to the text data
Corresponding desensitization operation is carried out, obtain the data that desensitize corresponding with the text data, by RDP protocol realizations to RDP numbers
According to desensitization, not only solve data transfer security control, also facilitate user carry out equipment operation management, Jin Erti
The efficiency of management in high data desensitization management
Obviously, those skilled in the art can carry out the essence of various changes and modification without departing from the application to the application
God and scope.So, if these modifications and variations of the application belong to the scope of the application claim and its equivalent technologies
Within, then the application is also intended to comprising including these changes and modification.
It should be noted that the application can be carried out in the assembly of software and/or software and hardware, for example, can adopt
With application specific integrated circuit (ASIC), general purpose computer or any other realized similar to hardware device.In one embodiment
In, the software program of the application can realize steps described above or function by computing device.Similarly, the application
Software program (including related data structure) can be stored in computer readable recording medium storing program for performing, for example, RAM memory,
Magnetically or optically driver or floppy disc and similar devices.In addition, some steps or function of the application can employ hardware to realize, example
Such as, coordinate as with processor so as to perform the circuit of each step or function.
In addition, the part of the application can be applied to computer program product, such as computer program instructions, when its quilt
When computer performs, by the operation of the computer, it can call or provide according to the present processes and/or technical scheme.
And the programmed instruction of the present processes is called, it is possibly stored in fixed or moveable recording medium, and/or pass through
Broadcast or the data flow in other signal bearing medias and be transmitted, and/or be stored according to described program instruction operation
In the working storage of computer equipment.Here, including a device according to one embodiment of the application, the device includes using
Memory in storage computer program instructions and processor for execute program instructions, wherein, when the computer program refers to
When order is by the computing device, method and/or skill of the plant running based on foregoing multiple embodiments according to the application are triggered
Art scheme.
It is obvious to a person skilled in the art that the application is not limited to the details of above-mentioned one exemplary embodiment, Er Qie
In the case of without departing substantially from spirit herein or essential characteristic, the application can be realized in other specific forms.Therefore, no matter
From the point of view of which point, embodiment all should be regarded as exemplary, and be nonrestrictive, scope of the present application is by appended power
Profit requires rather than described above limits, it is intended that all in the implication and scope of the equivalency of claim by falling
Change is included in the application.Any reference in claim should not be considered as to the involved claim of limitation.This
Outside, it is clear that the word of " comprising " one is not excluded for other units or step, and odd number is not excluded for plural number.That is stated in device claim is multiple
Unit or device can also be realized by a unit or device by software or hardware.The first, the second grade word is used for table
Show title, and be not offered as any specific order.
Claims (12)
1. a kind of method of data processing, wherein, methods described includes:
Obtain the operation data that is carried out to the user equipment of user from user equipment end by RDP agreements and be transmitted to network and set
It is standby;
The RDP data that the network equipment is returned based on the operation data are received, and parsing knowledge is carried out to the RDP data
Not, text data corresponding with the RDP data is obtained;
Judge whether the text data belongs to default sensitive data,
If so, then carrying out corresponding desensitization operation to the text data, the data that desensitize corresponding with the text data are obtained.
2. according to the method for claim 1, wherein, it is described that parsing identification is carried out to the RDP data, obtain with it is described
Text data corresponding to RDP data, including:
The RDP data are parsed, obtain remote desktop image corresponding with the RDP data;
Text data is extracted from the remote desktop image based on default optical character identification model, obtained and the RDP
Text data corresponding to data.
3. the method according to claim 11, wherein, it is described to judge whether the text data belongs to default sensitive number
According to, including:
The preset default sensitive data;
The text data is compared with the default sensitive data.
4. according to the method for claim 3, wherein, the operation of desensitizing corresponding to text data progress, obtain
The data that desensitize corresponding with the text data, including:
Based on the sensitivity of the text data, corresponding desensitization operation is carried out to the text data, is obtained and the text
Desensitization data corresponding to notebook data, wherein, the sensitivity includes degree of danger and warning degree.
5. the method according to claim 11, wherein, it is described to judge the text if the sensitivity is degree of danger
Whether data belong to default sensitive data, if so, then carry out corresponding desensitization operation to the text data, obtain with it is described
After desensitization data corresponding to text data, in addition to:
End operation instruction is sent to the user equipment, terminates the current operation to the user equipment.
6. according to the method for claim 4, wherein, if the sensitivity is warning degree, institute is to the text data
Corresponding desensitization operation is carried out, obtains the data that desensitize corresponding with the text data, including:
Corresponding desensitization operation is carried out to the text data based on default desensitization rule, obtained corresponding with the text data
Desensitization data;
It is described to judge whether the text data belongs to default sensitive data, if so, then being carried out to the text data corresponding
Desensitization operation, obtain it is corresponding with the text data desensitization data after, in addition to:
Sensitive prompt message is sent to the user equipment.
7. the method according to claim 11, wherein, it is described to judge whether the text data belongs to default sensitive number
According to, if so, then carry out corresponding desensitization operation to the text data, obtain desensitization data corresponding with the text data it
Afterwards, in addition to:
Based on access privilege, the desensitization data are sent to corresponding user equipment.
8. the method according to claim 6 or 7, wherein, the default desensitization rule includes:
Space management is carried out to the text data;Or,
Fuzzy Processing is carried out to the text data.
9. a kind of method of data processing, wherein, methods described includes:
Accessed and applied by remote desktop, the operation data carried out from user equipment end acquisition user to the user equipment simultaneously turns
Issue the network equipment;
The RDP data that the network equipment is returned based on the operation data are received, and parsing knowledge is carried out to the RDP data
Not, text data corresponding with the RDP data is obtained;
Judge whether the text data belongs to default sensitive data,
If so, then carrying out corresponding desensitization operation to the text data, the data that desensitize corresponding with the text data are obtained.
10. a kind of computer-readable medium, is stored thereon with computer-readable instruction, the computer-readable instruction can be processed
Device is performed to realize the method as any one of claim 1 to 8.
11. a kind of proxy service device for data processing, wherein, the proxy service device includes:
One or more processors;And
The memory of computer-readable instruction is stored with, the computer-readable instruction makes the computing device when executed
The operation of method as any one of claim 1 to 8.
12. a kind of system of data processing, the system includes user equipment, proxy service device and the network equipment, wherein,
The user equipment is used for:Obtain the operation data that user is carried out to the user equipment and be sent to agency service and set
It is standby;For receiving and showing desensitization data.
The network equipment is used for:The operation data of proxy service device forwarding based on reception, to the agency service
RDP data corresponding to equipment transmission;
The proxy service device is used for:
The operation data that is carried out to the user equipment of user is obtained from user equipment end by the RDP agreements and is transmitted to net
Network equipment;
The RDP data that the network equipment is returned based on the operation data are received, and parsing knowledge is carried out to the RDP data
Not, text data corresponding with the RDP data is obtained;
Judge whether the text data belongs to default sensitive data,
If so, then carrying out corresponding desensitization operation to the text data, the data that desensitize corresponding with the text data are obtained.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710666590.5A CN107403108A (en) | 2017-08-07 | 2017-08-07 | A kind of method and system of data processing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710666590.5A CN107403108A (en) | 2017-08-07 | 2017-08-07 | A kind of method and system of data processing |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107403108A true CN107403108A (en) | 2017-11-28 |
Family
ID=60401673
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710666590.5A Pending CN107403108A (en) | 2017-08-07 | 2017-08-07 | A kind of method and system of data processing |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107403108A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108418676A (en) * | 2018-01-26 | 2018-08-17 | 山东超越数控电子股份有限公司 | A kind of data desensitization method based on permission |
CN109472847A (en) * | 2018-10-16 | 2019-03-15 | 平安普惠企业管理有限公司 | A kind of image processing method, system and terminal device |
CN110858837A (en) * | 2018-08-24 | 2020-03-03 | 阿里巴巴集团控股有限公司 | Network management and control method and device and electronic equipment |
CN111914513A (en) * | 2019-05-08 | 2020-11-10 | 亿阳安全技术有限公司 | RDP window title character recognition method and device |
CN112000984A (en) * | 2020-08-24 | 2020-11-27 | 杭州安恒信息技术股份有限公司 | Data leakage detection method, device, equipment and readable storage medium |
CN113806808A (en) * | 2021-09-24 | 2021-12-17 | 四川新网银行股份有限公司 | Non-invasive data desensitization method and system in distributed environment |
CN114390355A (en) * | 2021-12-10 | 2022-04-22 | 阿里巴巴(中国)有限公司 | Playback method of protocol data and electronic equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103973488A (en) * | 2014-04-29 | 2014-08-06 | 上海上讯信息技术股份有限公司 | Operation and maintenance management system and method based on RDP protocol |
CN104484612A (en) * | 2014-11-19 | 2015-04-01 | 中电长城(长沙)信息技术有限公司 | Sensitive information shielding method and system for remote desktop applications |
CN105843916A (en) * | 2016-03-24 | 2016-08-10 | 上海上讯信息技术股份有限公司 | Sensitive data detection method and equipment based on file merging |
CN106295388A (en) * | 2015-06-04 | 2017-01-04 | 中国移动通信集团山东有限公司 | A kind of data desensitization method and device |
-
2017
- 2017-08-07 CN CN201710666590.5A patent/CN107403108A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103973488A (en) * | 2014-04-29 | 2014-08-06 | 上海上讯信息技术股份有限公司 | Operation and maintenance management system and method based on RDP protocol |
CN104484612A (en) * | 2014-11-19 | 2015-04-01 | 中电长城(长沙)信息技术有限公司 | Sensitive information shielding method and system for remote desktop applications |
CN106295388A (en) * | 2015-06-04 | 2017-01-04 | 中国移动通信集团山东有限公司 | A kind of data desensitization method and device |
CN105843916A (en) * | 2016-03-24 | 2016-08-10 | 上海上讯信息技术股份有限公司 | Sensitive data detection method and equipment based on file merging |
Non-Patent Citations (1)
Title |
---|
小憨: "基于MitM的RDP降级攻击", 《HTTPS://XZ.ALIYUN.COM/T/217》 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108418676A (en) * | 2018-01-26 | 2018-08-17 | 山东超越数控电子股份有限公司 | A kind of data desensitization method based on permission |
CN110858837A (en) * | 2018-08-24 | 2020-03-03 | 阿里巴巴集团控股有限公司 | Network management and control method and device and electronic equipment |
CN110858837B (en) * | 2018-08-24 | 2022-09-06 | 阿里巴巴集团控股有限公司 | Network management and control method and device and electronic equipment |
CN109472847A (en) * | 2018-10-16 | 2019-03-15 | 平安普惠企业管理有限公司 | A kind of image processing method, system and terminal device |
CN111914513A (en) * | 2019-05-08 | 2020-11-10 | 亿阳安全技术有限公司 | RDP window title character recognition method and device |
CN112000984A (en) * | 2020-08-24 | 2020-11-27 | 杭州安恒信息技术股份有限公司 | Data leakage detection method, device, equipment and readable storage medium |
CN113806808A (en) * | 2021-09-24 | 2021-12-17 | 四川新网银行股份有限公司 | Non-invasive data desensitization method and system in distributed environment |
CN113806808B (en) * | 2021-09-24 | 2023-06-23 | 四川新网银行股份有限公司 | Non-invasive data desensitization method and system in distributed environment |
CN114390355A (en) * | 2021-12-10 | 2022-04-22 | 阿里巴巴(中国)有限公司 | Playback method of protocol data and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107403108A (en) | A kind of method and system of data processing | |
CN113098870B (en) | Phishing detection method and device, electronic equipment and storage medium | |
JP7018920B2 (en) | Confidential information processing methods, devices, servers, and security decision systems | |
US11113412B2 (en) | System and method for monitoring and verifying software behavior | |
CN103888490B (en) | A kind of man-machine knowledge method for distinguishing of full automatic WEB client side | |
CN104965691B (en) | The method, apparatus and system of the page elements of the configuration webpage page | |
US20170142143A1 (en) | Identifying notable events based on execution of correlation searches | |
CN111401416B (en) | Abnormal website identification method and device and abnormal countermeasure identification method | |
US9934310B2 (en) | Determining repeat website users via browser uniqueness tracking | |
CN107085549B (en) | Method and device for generating fault information | |
KR20180082504A (en) | Methods and equipment for application information risk management | |
CN104866770B (en) | Sensitive data scanning method and system | |
CN107092535B (en) | Method and apparatus for data storage of test interface | |
US20180150639A1 (en) | Security vulnerability detection | |
CN111404937B (en) | Method and device for detecting server vulnerability | |
CN111767573A (en) | Database security management method and device, electronic equipment and readable storage medium | |
CN112287270A (en) | Content auditing method and device | |
CN106294317A (en) | The form information method of calibration at a kind of cloud platform interface and system | |
CN106330846A (en) | Cross-platform object recommendation method and device | |
CN109684863B (en) | Data leakage prevention method, device, equipment and storage medium | |
CN105868290A (en) | Search result presentation method and apparatus | |
CN116522197A (en) | Identity authentication and access control system based on security management | |
CN113434588B (en) | Data mining analysis method and device based on mobile communication ticket | |
CN112257037A (en) | Process watermarking method and system and electronic equipment | |
CN105354506B (en) | The method and apparatus of hidden file |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171128 |