CN107563218B - A kind of data desensitization method and Hbase desensitization process system based on big data - Google Patents
A kind of data desensitization method and Hbase desensitization process system based on big data Download PDFInfo
- Publication number
- CN107563218B CN107563218B CN201710731649.4A CN201710731649A CN107563218B CN 107563218 B CN107563218 B CN 107563218B CN 201710731649 A CN201710731649 A CN 201710731649A CN 107563218 B CN107563218 B CN 107563218B
- Authority
- CN
- China
- Prior art keywords
- hbase
- desensitization
- data
- user
- processing system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention provides a kind of data desensitization method and system based on big data, applied to Hbase desensitization process system, Hbase desensitization process system includes Hbase association processing system, this method comprises: Hbase association processing system intercepts and captures service-user to the data access request of Hbase;Hbase association processing system determines the identification information and target operation object of service-user according to data access request;Hbase assists processing system according at least one desensitization policy information of identification information acquisition service-user;Hbase assists processing system to search whether exist and the matched at least one target desensitization policy information of target operation object at least one desensitization policy information;If it exists, then Hbase assists processing system to obtain the corresponding target data of target operation object from Hbase;Hbase assists processing system to carry out dynamic desensitization process to target data according at least one target desensitization rule at least one target desensitization policy information;Target data after Hbase assists processing system that dynamic desensitizes is back to service-user.
Description
Technical field
The present invention relates to big data desensitization process technical fields, more particularly to a kind of data desensitization side based on big data
Method and a kind of Hbase desensitization process system.
Background technique
With the arrival of big data era, the immense value contained in big data is excavated, while also bringing privacy
Problem in terms of information protection protects sensitive information not to be leaked, also will be how while realizing that big data is efficiently shared
The problem that data desensitization must solve.
Hbase is a PostgreSQL database distributed, towards column, and for big data access in Hbase database
Dynamic desensitize problem, currently no effective solution has been proposed.
Summary of the invention
The data desensitization method and a kind of Hbase desensitization process system that the present invention provides a kind of based on big data, with solution
Certainly the problem of dynamic desensitizes can not be carried out to the access data in Hbase database in the prior art.
To solve the above-mentioned problems, according to an aspect of the present invention, the invention discloses a kind of numbers based on big data
According to desensitization method, it is applied to Hbase desensitization process system, the Hbase desensitization process system includes Hbase association processing system,
The described method includes:
Hbase association processing system intercepts and captures service-user to the data access request of Hbase;
Hbase association processing system determines the identification information and mesh of the service-user according to the data access request
Mark operation object;
Hbase association's processing system obtains at least one desensitization strategy of the service-user according to the identification information
Information, the desensitization policy information include identification information, operation object and at least one desensitization rule of user;
Hbase association's processing system searches whether exist and the target in at least one desensitization policy information
The matched at least one target desensitization policy information of operation object;
If it exists, then the Hbase assists processing system to obtain the corresponding target of the target operation object from the Hbase
Data;
Hbase association's processing system is de- according at least one target at least one target desensitization policy information
Quick rule carries out dynamic desensitization process to the target data;
Target data after Hbase association's processing system desensitizes dynamic is back to the service-user.
According to another aspect of the present invention, the invention also discloses a kind of Hbase desensitization process systems, comprising:
Hbase assists processing system;
The Hbase assists processing system, for intercepting and capturing service-user to the data access request of Hbase;
The Hbase assists processing system, for determining that the mark of the service-user is believed according to the data access request
Breath and target operation object;
The Hbase assists processing system, takes off for obtaining at least one of the service-user according to the identification information
Quick policy information, the desensitization policy information include identification information, operation object and at least one desensitization rule of user;
The Hbase assists processing system, for searching whether exist and institute in at least one desensitization policy information
State the matched at least one target desensitization policy information of target operation object;
The Hbase assists processing system, if be also used to find in at least one desensitization policy information with it is described
The matched at least one target desensitization policy information of target operation object, then obtain the target operation object from the Hbase
Corresponding target data;
The Hbase assists processing system, at least one in the policy information that is also used to be desensitized according at least one target
A target desensitization rule carries out dynamic desensitization process to the target data;
The Hbase assists processing system, and the target data after being also used to desensitize dynamic is back to the service-user.
Compared with prior art, the present invention includes the following advantages:
The present invention is intercepted the data access request for accessing Hbase by means of Hbase association processing system, to determine industry
Then the identification information and target operation object of business user is searched in the desensitization policy information pre-established and is believed with the mark
Target desensitization policy information corresponding with target operation object is ceased, and using the target desensitization rule in target desensitization policy information
To carry out desensitization process to target data to be visited, the data after desensitization process are finally back to service-user, are realized
Dynamic desensitization to the access data of Hbase database, ensure that the data safety of Hbase database.
Detailed description of the invention
Fig. 1 is a kind of step flow chart of data desensitization method embodiment based on big data of the invention;
Fig. 2 is a kind of structural block diagram of Hbase desensitization process system embodiment of the invention.
Specific embodiment
In order to make the foregoing objectives, features and advantages of the present invention clearer and more comprehensible, with reference to the accompanying drawing and specific real
Applying mode, the present invention is described in further detail.
Referring to Fig.1, a kind of step flow chart of data desensitization method embodiment based on big data of the invention is shown,
Applied to Hbase desensitization process system, the Hbase desensitization process system includes Hbase association processing system, be can specifically include
Following steps:
Step 101, Hbase association processing system intercepts and captures service-user to the data access request of Hbase;
Wherein, which assists processing system to realize coprocessor interface and data desensitization function.It is specific real at one
In example, Hbase association processing system be can be set on Hbase coprocessor.
When service-user wants access to the big data in Hbase database, the Hbase of the embodiment of the present invention assists processing system
The data access request of system meeting interception service user.
Wherein, client used in service-user is equipped with (SuSE) Linux OS and Hbase client, when business is used
After family logs in the Hbase client with the user name of oneself, so that it may access Hbase cluster to obtain data, wherein Hbase
Cluster includes multiple RegionServer nodes, the information sharing between multiple RegionServer nodes.
Step 102, Hbase association processing system determines the mark of the service-user according to the data access request
Information and target operation object;
Wherein, which may include the identification information and target operation object of the service-user.
Wherein, the identification information of the service-user can be the identification informations such as the user name of service-user, User ID.
The target operation object can be in the Hbase database that the service-user wants access to pointed by target metadata
Datum target.
Such as: the b column that target metadata is tables of data A in Hbase database A, then target operation object is then Hbase number
According to the data in the b column of tables of data A in the A of library.
Step 103, Hbase association processing system obtains at least one of the service-user according to the identification information
Desensitize policy information;
Wherein, the embodiment of the present invention can pre-establish desensitization policy information;
The policy information that desensitizes includes the identification information (people acted on) of user, operation object (datum target acted on)
Regular (i.e. the mode of action) is desensitized at least one;
Wherein, in a desensitization policy information, need some operation object for accessing can be with for some service-user
It is related to multiple desensitization rules.
Wherein, it when executing step 103, can be realized by following sub-step:
S11, Hbase association's processing system obtain at least one desensitization of the service-user according to the identification information
Policy information;
Wherein, the embodiment of the present invention is directed to different service-users in advance and has formulated respective desensitization policy information, wherein
The desensitization policy information of one service-user is not limited to one, can be it is a plurality of, and involved in a desensitization policy information take off
Quick rule is also not necessarily limited to one, can be multiple.In addition, a plurality of desensitization policy information of a service-user can store one
In a file, to accelerate the retrieval rate of strategy.
For example, the policy information of a service-user can store in an XML file, the service-user it is every
Item desensitization policy information is exactly an xml node in the XML file.Addition new content can all be calculated to XML file every time
One new cryptographic Hash allows Hbase association processing system that can know whether this XML file is modified by judging hash value
It crosses.
Wherein, it may include desensitization policy resolution component that Hbase, which assists processing system, which can root
According to the identification information for the service-user for currently needing to access data, to obtain at least one desensitization strategy of the corresponding identification information
Information.
For example, which is identified as C, then can be in pre-stored many desensitization policy informations
The desensitization policy information for searching the C service-user may have a plurality of desensitization policy information, including desensitization policy information 1, desensitization plan
Slightly information 2 and desensitization policy information 3.
S12, Hbase association processing system parse every desensitization policy information of the service-user, determine
The identification information of included user, operation object and at least one desensitization rule in every desensitization policy information.
Wherein, which can also be to desensitization policy information 1, desensitization policy information 2 and desensitization strategy
Information 3 is parsed respectively, to determine identification information, the operation object of service-user included in every desensitization policy information
And at least one desensitization rule.
Step 104, Hbase association's processing system search whether to exist in at least one desensitization policy information with
The matched at least one target desensitization policy information of target operation object;
For example, in 3 desensitization policy informations of the service-user found, desensitization policy information 1 includes mark
Know the data, desensitization rule 1 and desensitization rule 2 of the b column of tables of data A in C, Hbase database A;The policy information 2 that desensitizes includes mark
Know the data, desensitization rule 3 and desensitization rule 4 of the b column of tables of data B in C, Hbase database A;The policy information 3 that desensitizes includes mark
Know the data, desensitization rule 5 and desensitization rule 6 of the c column of tables of data A in C, Hbase database A.
And referring to above-mentioned steps 102, in the b column that target operation object is tables of data A in Hbase database A in citing
Data, therefore, here only desensitization policy information 1 match with the target operation object.
Step 105, and if it exists, then the Hbase assists processing system to obtain the target operation object pair from the Hbase
The target data answered;
Wherein, it desensitizes policy information due to existing in 3 desensitization policy informations with the matched target of target operation object, because
This, needs the control that accesses to the corresponding target data of the target operation object.Here, it first to be counted from Hbase database A
According to Table A b column in obtain target data.
Step 106, Hbase association's processing system is according at least one at least one target desensitization policy information
A target desensitization rule carries out dynamic desensitization process to the target data;
Wherein, it may include data desensitization process component that Hbase, which assists processing system, the data desensitization process component
Dynamic desensitization process is carried out to the target data got according to desensitization rule 1, desensitization rule 2 respectively.
Wherein, desensitization rule is the rule formulated when desensitizing for data, including replacement, rearrangement, encryption, truncation, mask
The methods of rounding is deviated with the date.
Step 107, the target data after Hbase association's processing system desensitizes dynamic is back to the service-user.
By means of the technical solution of the above embodiment of the present invention, the present invention will be accessed by means of Hbase association processing system
The data access request of Hbase is intercepted, to determine the identification information and target operation object of service-user, then preparatory
Target desensitization policy information corresponding with the identification information and target operation object is searched in the desensitization policy information of formulation, and
Desensitization process is carried out to target data to be visited using the target desensitization rule in target desensitization policy information, will finally be taken off
Quick treated that data are back to service-user, realizes the dynamic desensitization to the access data of Hbase database, ensure that
The data safety of Hbase database.
Optionally, in one embodiment, the Hbase desensitization process system further includes Hbase desensitization operation system,
Before step 101, according to the method for the embodiment of the present invention further include:
The metadata information of each tables of data and storage in the Hbase desensitization operation system acquisition Hbase;
The Hbase desensitization operation system determines operation object according to the metadata information of each tables of data, described
Operation object includes the metadata information of data that stores in the tables of data of the Hbase;
The identification information of the Hbase desensitization operation system taken at regular intervals service-user;
The Hbase desensitization operation system formulates at least one desensitization rule to the operation object;
Described Hbase desensitization operation system at least one desensitization according to the operation object, formulation is regular and fixed
The identification information of the service-user of phase acquisition generates at least one desensitization policy information for each service-user;
The Hbase desensitization operation system will be issued at least one desensitization policy information of each service-user
HDFS system.
Wherein, in a specific example, Hbase desensitization operation system can be desensitization system server.
In a specific example, Hbase desensitization operation system may include user management component, desensitize regular group
Part, metadata acquisition component, desensitization policy components and service-user Synchronization Component;
Wherein, user management component is distributed for user management and role.
The metadata acquisition component can acquire the metadata information of each tables of data and storage in Hbase, such as often
The metadata information of each tables of data in a Hbase database;
The desensitization policy components can be according to the collected each tables of data of the metadata acquisition component
Metadata information determines and (specifies in other words) operation object.
Wherein, the operation object include the Hbase tables of data in store data metadata information (such as certain
Certain row of some tables of data in a Hbase database);
In addition, the service-user Synchronization Component can be with the identification information of taken at regular intervals service-user;
Such as the identification information of three service-users has been collected, respectively with service-user 1, service-user 2, service-user
3 indicate.
The desensitization rule components can then formulate the specified operation object at least one desensitization rule, wherein
The desensitization rule components are mainly used for definition and management to desensitization rule;
For example, formulating desensitization rule 1 to operation object 1, desensitization rule 2 is formulated to operation object 2, operation object 31 is made
Fixed desensitization rule 3.
The desensitization policy components can be formulated at least according to above-mentioned specified operation object, for the operation object
The identification information of the service-user of one desensitization rule and taken at regular intervals, to generate for each service-user at least
One desensitization policy information;
For example, desensitization policy information 1 includes: service-user 1, operation object 1 and desensitization rule 1;The policy information 2 that desensitizes wraps
It includes: service-user 2, operation object 2 and desensitization rule 2;Desensitization policy information 3 includes: service-user 3, operation object 3 and desensitization
Rule 3.
Finally, the desensitization policy components can will desensitize under policy information for at least one of each service-user
It is sent to HDFS system.
Wherein, at least one desensitization policy information obtained in step 103 is exactly to get from HDFS system.
Optionally, in another embodiment, before step 101, may also include that according to the method for the embodiment of the present invention
Whether the metadata information of tables of data changes in the Hbase association processing system monitoring Hbase;
If monitoring to change, Hbase association processing system notifies the Hbase desensitization operation system pair
It is synchronous to carry out data for the metadata information of tables of data in Hbase;
There is the metadata information of the tables of data of variation in the Hbase desensitization operation system acquisition Hbase, and according to institute
The metadata information stated in the presence of the tables of data of variation synchronizes the metadata information progress data of the corresponding data table of storage.
Specifically, Hbase association processing system may include metadata monitor component.
The metadata monitor component is a kind of trigger mechanism, for monitor tables of data in Hbase metadata information whether
It changes, when monitoring to change, so that it may notify the metadata acquisition component in the Hbase desensitization operation system
It carries out data to synchronize, in this way, metadata acquisition component can acquire the metadata letter for the tables of data that there is variation in Hbase
Breath, and the metadata information of the corresponding data table of storage is counted according to the metadata information of the tables of data that there is variation
It (is updated) according to synchronization.
In this manner it is possible to make in the desensitization policy information of the embodiment of the present invention specified operation object all and be and Hbase
What the metadata information of the tables of data in database was synchronised, avoid the mistake desensitization to data.
It should be noted that for simple description, therefore, it is stated as a series of action groups for embodiment of the method
It closes, but those skilled in the art should understand that, embodiment of that present invention are not limited by the describe sequence of actions, because according to
According to the embodiment of the present invention, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art also should
Know, the embodiments described in the specification are all preferred embodiments, and the related movement not necessarily present invention is implemented
Necessary to example.
It is corresponding with method provided by the embodiments of the present invention, referring to Fig. 2, it is de- to show a kind of Hbase of the present invention
The structural block diagram of quick 200 embodiment of processing system, can specifically include Hbase association processing system 21 optionally can also be into one
Step includes Hbase desensitization operation system 22;
The Hbase assists processing system 21, for intercepting and capturing service-user to the data access request of Hbase;
The Hbase assists processing system 21, for determining the mark of the service-user according to the data access request
Information and target operation object;
The Hbase assists processing system 21, for obtaining at least one of the service-user according to the identification information
Desensitize policy information, and the desensitization policy information includes identification information, operation object and at least one desensitization rule of user;
The Hbase assists processing system 21, for search whether to exist in at least one desensitization policy information with
The matched at least one target desensitization policy information of target operation object;
The Hbase assists processing system 21, if being also used to find in at least one desensitization policy information and institute
The matched at least one target desensitization policy information of target operation object is stated, then obtains the object run pair from the Hbase
As corresponding target data;
The Hbase assists processing system 21, in the policy information that is also used to be desensitized according at least one target at least
One target desensitization rule carries out dynamic desensitization process to the target data;
The Hbase assists processing system 21, and the target data after being also used to desensitize dynamic is back to the service-user.
Optionally,
The Hbase desensitization operation system 22, for acquiring the metadata information of each tables of data and storage in Hbase;
The Hbase desensitization operation system 22, is also used to determine operation according to the metadata information of each tables of data
Object, the operation object include the metadata information of data that stores in the tables of data of the Hbase;
The Hbase desensitization operation system 22, is also used to the identification information of taken at regular intervals service-user;
The Hbase desensitization operation system 22 is also used to formulate the operation object at least one desensitization rule;
The Hbase desensitization operation system 22 is also used at least one desensitization according to the operation object, formulation
The identification information of the service-user of rule and taken at regular intervals generates at least one desensitization strategy for each service-user
Information;
The Hbase desensitization operation system 22, being also used to will be at least one desensitization strategy letter of each service-user
Breath is issued to HDFS system.
Optionally,
The Hbase assists processing system 21, and whether the metadata information for being also used to monitor tables of data in Hbase becomes
Change;
The Hbase assists processing system 21, if being also used to monitor, the metadata information of tables of data in Hbase becomes
Change, then it is synchronous to notify that the Hbase desensitization operation system 22 carries out data to the metadata information of tables of data in Hbase;
The Hbase desensitization operation system 22 is also used to acquire the metadata letter for the tables of data that there is variation in Hbase
Breath, and the metadata information of the corresponding data table of storage is counted according to the metadata information of the tables of data that there is variation
According to synchronization.
Optionally,
The Hbase assists processing system 21, is also used to obtain at least the one of the service-user according to the identification information
Item desensitization policy information;
The Hbase assists processing system 21, is also used to parse every desensitization policy information of the service-user,
Determine identification information, operation object and at least one desensitization rule of user included in every desensitization policy information.
For system embodiments, since it is basically similar to the method embodiment, related so being described relatively simple
Place illustrates referring to the part of embodiment of the method.
All the embodiments in this specification are described in a progressive manner, the highlights of each of the examples are with
The difference of other embodiments, the same or similar parts between the embodiments can be referred to each other.
It should be understood by those skilled in the art that, the embodiment of the embodiment of the present invention can provide as method, apparatus or calculate
Machine program product.Therefore, the embodiment of the present invention can be used complete hardware embodiment, complete software embodiment or combine software and
The form of the embodiment of hardware aspect.Moreover, the embodiment of the present invention can be used one or more wherein include computer can
With in the computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) of program code
The form of the computer program product of implementation.
The embodiment of the present invention be referring to according to the method for the embodiment of the present invention, terminal device (system) and computer program
The flowchart and/or the block diagram of product describes.It should be understood that flowchart and/or the block diagram can be realized by computer program instructions
In each flow and/or block and flowchart and/or the block diagram in process and/or box combination.It can provide these
Computer program instructions are set to general purpose computer, special purpose computer, Embedded Processor or other programmable data processing terminals
Standby processor is to generate a machine, so that being held by the processor of computer or other programmable data processing terminal devices
Capable instruction generates for realizing in one or more flows of the flowchart and/or one or more blocks of the block diagram
The device of specified function.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing terminal devices
In computer-readable memory operate in a specific manner, so that instruction stored in the computer readable memory generates packet
The manufacture of command device is included, which realizes in one side of one or more flows of the flowchart and/or block diagram
The function of being specified in frame or multiple boxes.
These computer program instructions can also be loaded into computer or other programmable data processing terminal devices, so that
Series of operation steps are executed on computer or other programmable terminal equipments to generate computer implemented processing, thus
The instruction executed on computer or other programmable terminal equipments is provided for realizing in one or more flows of the flowchart
And/or in one or more blocks of the block diagram specify function the step of.
Although the preferred embodiment of the embodiment of the present invention has been described, once a person skilled in the art knows bases
This creative concept, then additional changes and modifications can be made to these embodiments.So the following claims are intended to be interpreted as
Including preferred embodiment and fall into all change and modification of range of embodiment of the invention.
Finally, it is to be noted that, herein, relational terms such as first and second and the like be used merely to by
One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation
Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning
Covering non-exclusive inclusion, so that process, method, article or terminal device including a series of elements not only wrap
Those elements are included, but also including other elements that are not explicitly listed, or further includes for this process, method, article
Or the element that terminal device is intrinsic.In the absence of more restrictions, being wanted by what sentence "including a ..." limited
Element, it is not excluded that there is also other identical elements in process, method, article or the terminal device for including the element.
Above to a kind of data desensitization method and a kind of Hbase desensitization process system based on big data provided by the present invention
System, is described in detail, and used herein a specific example illustrates the principle and implementation of the invention, above
The explanation of embodiment is merely used to help understand method and its core concept of the invention;Meanwhile for the general skill of this field
Art personnel, according to the thought of the present invention, there will be changes in the specific implementation manner and application range, in conclusion this
Description should not be construed as limiting the invention.
Claims (6)
1. a kind of data desensitization method based on big data, which is characterized in that it is applied to Hbase desensitization process system, it is described
Hbase desensitization process system includes Hbase association processing system, which comprises
Hbase association processing system intercepts and captures service-user to the data access request of Hbase;
Hbase association's processing system determines that the identification information of the service-user and target are grasped according to the data access request
Make object;
Hbase association's processing system obtains at least one desensitization strategy letter of the service-user according to the identification information
Breath, the desensitization policy information include identification information, operation object and at least one desensitization rule of user;
Hbase association's processing system searches whether exist and the object run in at least one desensitization policy information
At least one target desensitization policy information of object matching;
If it exists, then the Hbase assists processing system to obtain the corresponding number of targets of the target operation object from the Hbase
According to;
Hbase association's processing system desensitizes according at least one target at least one target desensitization policy information and advises
Dynamic desensitization process then is carried out to the target data;
Target data after Hbase association's processing system desensitizes dynamic is back to the service-user;
Wherein, the Hbase desensitization process system further includes Hbase desensitization operation system, and Hbase association processing system is intercepted and captured
Before service-user is to the data access request of Hbase, the method also includes:
The metadata information of each tables of data and storage in the Hbase desensitization operation system acquisition Hbase;
The Hbase desensitization operation system determines operation object, the operation according to the metadata information of each tables of data
Object includes the metadata information of data that stores in the tables of data of the Hbase;
The identification information of the Hbase desensitization operation system taken at regular intervals service-user;
The Hbase desensitization operation system formulates at least one desensitization rule to the operation object;
The Hbase desensitization operation system at least one desensitization according to the operation object, formulation is regular and periodically adopts
The identification information of the service-user of collection generates at least one desensitization policy information for each service-user;
The Hbase desensitization operation system will be issued to HDFS system at least one desensitization policy information of each service-user
System.
2. the method according to claim 1, wherein Hbase association processing system intercepts and captures service-user pair
Before the data access request of Hbase, the method also includes:
Whether the metadata information of tables of data changes in the Hbase association processing system monitoring Hbase;
If monitoring to change, Hbase association processing system notifies the Hbase desensitization operation system in Hbase
It is synchronous that the metadata information of tables of data carries out data;
There is the metadata information of the tables of data of variation in the Hbase desensitization operation system acquisition Hbase, and is deposited according to described
It is synchronous that data are carried out to the metadata information of the corresponding data table of storage in the metadata information of the tables of data of variation.
3. the method according to claim 1, wherein the Hbase assists processing system according to the identification information
Obtain at least one desensitization policy information of the service-user, comprising:
Hbase association's processing system obtains at least one desensitization strategy letter of the service-user according to the identification information
Breath;
Hbase association processing system parses every desensitization policy information of the service-user, determines every desensitization
The identification information of included user, operation object and at least one desensitization rule in policy information.
4. a kind of Hbase desensitization process system characterized by comprising
Hbase assists processing system;
The Hbase assists processing system, for intercepting and capturing service-user to the data access request of Hbase;
The Hbase assists processing system, for determined according to the data access request service-user identification information and
Target operation object;
The Hbase assists processing system, for obtaining at least one desensitization plan of the service-user according to the identification information
Slightly information, the desensitization policy information include identification information, operation object and at least one desensitization rule of user;
The Hbase assists processing system, for searching whether exist and the mesh in at least one desensitization policy information
Mark the matched at least one target desensitization policy information of operation object;
The Hbase assists processing system, if being also used to find and the target in at least one desensitization policy information
It is corresponding then to obtain the target operation object from the Hbase for the matched at least one target desensitization policy information of operation object
Target data;
The Hbase assists processing system, at least one mesh in the policy information that is also used to be desensitized according at least one target
Mark desensitization rule carries out dynamic desensitization process to the target data;
The Hbase assists processing system, and the target data after being also used to desensitize dynamic is back to the service-user;
Wherein, the Hbase desensitization process system further include: Hbase desensitization operation system;
The Hbase desensitization operation system, for acquiring the metadata information of each tables of data and storage in Hbase;
The Hbase desensitization operation system, is also used to determine operation object according to the metadata information of each tables of data, institute
State the metadata information of the data stored in the tables of data that operation object includes the Hbase;
The Hbase desensitization operation system, is also used to the identification information of taken at regular intervals service-user;
The Hbase desensitization operation system is also used to formulate the operation object at least one desensitization rule;
The Hbase desensitizes operation system, be also used to according to the operation object, formulate described at least one desensitization rule and
The identification information of the service-user of taken at regular intervals generates at least one desensitization policy information for each service-user;
The Hbase desensitization operation system is also used to issue at least one desensitization policy information of each service-user
To HDFS system.
5. Hbase desensitization process system according to claim 4, which is characterized in that
The Hbase assists processing system, and whether the metadata information for being also used to monitor tables of data in Hbase changes;
The Hbase assists processing system, if being also used to monitor, the metadata information of tables of data in Hbase changes, and leads to
It is synchronous to know that the Hbase desensitization operation system carries out data to the metadata information of tables of data in Hbase;
The Hbase desensitization operation system is also used to acquire the metadata information that there is the tables of data of variation in Hbase, and root
It is synchronous that data are carried out to the metadata information of the corresponding data table of storage according to the metadata information of the tables of data that there is variation.
6. Hbase desensitization process system according to claim 4, which is characterized in that
The Hbase assists processing system, is also used to obtain at least one desensitization of the service-user according to the identification information
Policy information;
The Hbase assists processing system, is also used to parse every desensitization policy information of the service-user, determines every
The identification information of included user, operation object and at least one desensitization rule in item desensitization policy information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710731649.4A CN107563218B (en) | 2017-08-23 | 2017-08-23 | A kind of data desensitization method and Hbase desensitization process system based on big data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710731649.4A CN107563218B (en) | 2017-08-23 | 2017-08-23 | A kind of data desensitization method and Hbase desensitization process system based on big data |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107563218A CN107563218A (en) | 2018-01-09 |
CN107563218B true CN107563218B (en) | 2019-01-15 |
Family
ID=60975637
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710731649.4A Active CN107563218B (en) | 2017-08-23 | 2017-08-23 | A kind of data desensitization method and Hbase desensitization process system based on big data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107563218B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108418676A (en) * | 2018-01-26 | 2018-08-17 | 山东超越数控电子股份有限公司 | A kind of data desensitization method based on permission |
CN110210241B (en) * | 2018-02-28 | 2023-11-21 | 中兴通讯股份有限公司 | Data desensitization method and device |
CN115935428A (en) * | 2018-05-14 | 2023-04-07 | 创新先进技术有限公司 | Information desensitization method, device and system |
CN109409121B (en) * | 2018-09-07 | 2022-10-11 | 创新先进技术有限公司 | Desensitization processing method and device and server |
CN111143875B (en) * | 2019-12-17 | 2024-03-08 | 航天信息股份有限公司 | Data information desensitization method and system based on big data |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106407843A (en) * | 2016-10-17 | 2017-02-15 | 深圳中兴网信科技有限公司 | Data desensitization method and data desensitization device |
CN106529329A (en) * | 2016-10-11 | 2017-03-22 | 中国电子科技网络信息安全有限公司 | Desensitization system and desensitization method used for big data |
CN106599713A (en) * | 2016-11-11 | 2017-04-26 | 中国电子科技网络信息安全有限公司 | Database masking system and method based on big data |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106778351B (en) * | 2016-12-30 | 2020-04-21 | 中国民航信息网络股份有限公司 | Data desensitization method and device |
CN107403111A (en) * | 2017-08-10 | 2017-11-28 | 中国民航信息网络股份有限公司 | HIVE data desensitization method and device |
-
2017
- 2017-08-23 CN CN201710731649.4A patent/CN107563218B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106529329A (en) * | 2016-10-11 | 2017-03-22 | 中国电子科技网络信息安全有限公司 | Desensitization system and desensitization method used for big data |
CN106407843A (en) * | 2016-10-17 | 2017-02-15 | 深圳中兴网信科技有限公司 | Data desensitization method and data desensitization device |
CN106599713A (en) * | 2016-11-11 | 2017-04-26 | 中国电子科技网络信息安全有限公司 | Database masking system and method based on big data |
Also Published As
Publication number | Publication date |
---|---|
CN107563218A (en) | 2018-01-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107563218B (en) | A kind of data desensitization method and Hbase desensitization process system based on big data | |
US11895143B2 (en) | Providing action recommendations based on action effectiveness across information technology environments | |
JP6334009B2 (en) | Handling mutations for remote databases | |
AU2015369780B2 (en) | Auto discovery of configuration items | |
US20160034311A1 (en) | Tracking large numbers of moving objects in an event processing system | |
CN107391735A (en) | Business datum source tracing method, device, system and storage device based on block chain | |
US20130218837A1 (en) | Cloud data synchronization with local data | |
EP3794487B1 (en) | Obfuscation and deletion of personal data in a loosely-coupled distributed system | |
CN106570097B (en) | Sequence generation method and device | |
EP3804269B1 (en) | Detect duplicates with exact and fuzzy matching on encrypted match indexes | |
US20150234883A1 (en) | Method and system for retrieving real-time information | |
US9026493B1 (en) | Multi-master RDBMS improvements for distributed computing environment | |
US20180232452A1 (en) | Data retrieval method and system | |
TW201735589A (en) | Method, device, and system for processing data in webpage | |
CN109408286A (en) | Data processing method, device, system, computer readable storage medium | |
EP3093789B1 (en) | Storing structured information | |
CN107491463B (en) | Optimization method and system for data query | |
EP3296980B1 (en) | Database system and database processing method | |
CN112347192A (en) | Data synchronization method, device, platform and readable medium | |
CN107885634B (en) | Method and device for processing abnormal information in monitoring | |
US9323634B2 (en) | Generating a configuration file based upon an application registry | |
WO2016095716A1 (en) | Fault information processing method and related device | |
CN109525586B (en) | Security policy configuration method and device based on URL | |
WO2014051071A1 (en) | Distributed storage apparatus, storage node, data provision method and program | |
US10387887B2 (en) | Bloom filter driven data synchronization |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |