CN107563218B - A kind of data desensitization method and Hbase desensitization process system based on big data - Google Patents

A kind of data desensitization method and Hbase desensitization process system based on big data Download PDF

Info

Publication number
CN107563218B
CN107563218B CN201710731649.4A CN201710731649A CN107563218B CN 107563218 B CN107563218 B CN 107563218B CN 201710731649 A CN201710731649 A CN 201710731649A CN 107563218 B CN107563218 B CN 107563218B
Authority
CN
China
Prior art keywords
hbase
desensitization
data
user
processing system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710731649.4A
Other languages
Chinese (zh)
Other versions
CN107563218A (en
Inventor
张晓东
喻波
王志海
袁灿
王志华
秦凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Wondersoft Technology Co Ltd
Original Assignee
Beijing Wondersoft Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Wondersoft Technology Co Ltd filed Critical Beijing Wondersoft Technology Co Ltd
Priority to CN201710731649.4A priority Critical patent/CN107563218B/en
Publication of CN107563218A publication Critical patent/CN107563218A/en
Application granted granted Critical
Publication of CN107563218B publication Critical patent/CN107563218B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The present invention provides a kind of data desensitization method and system based on big data, applied to Hbase desensitization process system, Hbase desensitization process system includes Hbase association processing system, this method comprises: Hbase association processing system intercepts and captures service-user to the data access request of Hbase;Hbase association processing system determines the identification information and target operation object of service-user according to data access request;Hbase assists processing system according at least one desensitization policy information of identification information acquisition service-user;Hbase assists processing system to search whether exist and the matched at least one target desensitization policy information of target operation object at least one desensitization policy information;If it exists, then Hbase assists processing system to obtain the corresponding target data of target operation object from Hbase;Hbase assists processing system to carry out dynamic desensitization process to target data according at least one target desensitization rule at least one target desensitization policy information;Target data after Hbase assists processing system that dynamic desensitizes is back to service-user.

Description

A kind of data desensitization method and Hbase desensitization process system based on big data
Technical field
The present invention relates to big data desensitization process technical fields, more particularly to a kind of data desensitization side based on big data Method and a kind of Hbase desensitization process system.
Background technique
With the arrival of big data era, the immense value contained in big data is excavated, while also bringing privacy Problem in terms of information protection protects sensitive information not to be leaked, also will be how while realizing that big data is efficiently shared The problem that data desensitization must solve.
Hbase is a PostgreSQL database distributed, towards column, and for big data access in Hbase database Dynamic desensitize problem, currently no effective solution has been proposed.
Summary of the invention
The data desensitization method and a kind of Hbase desensitization process system that the present invention provides a kind of based on big data, with solution Certainly the problem of dynamic desensitizes can not be carried out to the access data in Hbase database in the prior art.
To solve the above-mentioned problems, according to an aspect of the present invention, the invention discloses a kind of numbers based on big data According to desensitization method, it is applied to Hbase desensitization process system, the Hbase desensitization process system includes Hbase association processing system, The described method includes:
Hbase association processing system intercepts and captures service-user to the data access request of Hbase;
Hbase association processing system determines the identification information and mesh of the service-user according to the data access request Mark operation object;
Hbase association's processing system obtains at least one desensitization strategy of the service-user according to the identification information Information, the desensitization policy information include identification information, operation object and at least one desensitization rule of user;
Hbase association's processing system searches whether exist and the target in at least one desensitization policy information The matched at least one target desensitization policy information of operation object;
If it exists, then the Hbase assists processing system to obtain the corresponding target of the target operation object from the Hbase Data;
Hbase association's processing system is de- according at least one target at least one target desensitization policy information Quick rule carries out dynamic desensitization process to the target data;
Target data after Hbase association's processing system desensitizes dynamic is back to the service-user.
According to another aspect of the present invention, the invention also discloses a kind of Hbase desensitization process systems, comprising:
Hbase assists processing system;
The Hbase assists processing system, for intercepting and capturing service-user to the data access request of Hbase;
The Hbase assists processing system, for determining that the mark of the service-user is believed according to the data access request Breath and target operation object;
The Hbase assists processing system, takes off for obtaining at least one of the service-user according to the identification information Quick policy information, the desensitization policy information include identification information, operation object and at least one desensitization rule of user;
The Hbase assists processing system, for searching whether exist and institute in at least one desensitization policy information State the matched at least one target desensitization policy information of target operation object;
The Hbase assists processing system, if be also used to find in at least one desensitization policy information with it is described The matched at least one target desensitization policy information of target operation object, then obtain the target operation object from the Hbase Corresponding target data;
The Hbase assists processing system, at least one in the policy information that is also used to be desensitized according at least one target A target desensitization rule carries out dynamic desensitization process to the target data;
The Hbase assists processing system, and the target data after being also used to desensitize dynamic is back to the service-user.
Compared with prior art, the present invention includes the following advantages:
The present invention is intercepted the data access request for accessing Hbase by means of Hbase association processing system, to determine industry Then the identification information and target operation object of business user is searched in the desensitization policy information pre-established and is believed with the mark Target desensitization policy information corresponding with target operation object is ceased, and using the target desensitization rule in target desensitization policy information To carry out desensitization process to target data to be visited, the data after desensitization process are finally back to service-user, are realized Dynamic desensitization to the access data of Hbase database, ensure that the data safety of Hbase database.
Detailed description of the invention
Fig. 1 is a kind of step flow chart of data desensitization method embodiment based on big data of the invention;
Fig. 2 is a kind of structural block diagram of Hbase desensitization process system embodiment of the invention.
Specific embodiment
In order to make the foregoing objectives, features and advantages of the present invention clearer and more comprehensible, with reference to the accompanying drawing and specific real Applying mode, the present invention is described in further detail.
Referring to Fig.1, a kind of step flow chart of data desensitization method embodiment based on big data of the invention is shown, Applied to Hbase desensitization process system, the Hbase desensitization process system includes Hbase association processing system, be can specifically include Following steps:
Step 101, Hbase association processing system intercepts and captures service-user to the data access request of Hbase;
Wherein, which assists processing system to realize coprocessor interface and data desensitization function.It is specific real at one In example, Hbase association processing system be can be set on Hbase coprocessor.
When service-user wants access to the big data in Hbase database, the Hbase of the embodiment of the present invention assists processing system The data access request of system meeting interception service user.
Wherein, client used in service-user is equipped with (SuSE) Linux OS and Hbase client, when business is used After family logs in the Hbase client with the user name of oneself, so that it may access Hbase cluster to obtain data, wherein Hbase Cluster includes multiple RegionServer nodes, the information sharing between multiple RegionServer nodes.
Step 102, Hbase association processing system determines the mark of the service-user according to the data access request Information and target operation object;
Wherein, which may include the identification information and target operation object of the service-user.
Wherein, the identification information of the service-user can be the identification informations such as the user name of service-user, User ID.
The target operation object can be in the Hbase database that the service-user wants access to pointed by target metadata Datum target.
Such as: the b column that target metadata is tables of data A in Hbase database A, then target operation object is then Hbase number According to the data in the b column of tables of data A in the A of library.
Step 103, Hbase association processing system obtains at least one of the service-user according to the identification information Desensitize policy information;
Wherein, the embodiment of the present invention can pre-establish desensitization policy information;
The policy information that desensitizes includes the identification information (people acted on) of user, operation object (datum target acted on) Regular (i.e. the mode of action) is desensitized at least one;
Wherein, in a desensitization policy information, need some operation object for accessing can be with for some service-user It is related to multiple desensitization rules.
Wherein, it when executing step 103, can be realized by following sub-step:
S11, Hbase association's processing system obtain at least one desensitization of the service-user according to the identification information Policy information;
Wherein, the embodiment of the present invention is directed to different service-users in advance and has formulated respective desensitization policy information, wherein The desensitization policy information of one service-user is not limited to one, can be it is a plurality of, and involved in a desensitization policy information take off Quick rule is also not necessarily limited to one, can be multiple.In addition, a plurality of desensitization policy information of a service-user can store one In a file, to accelerate the retrieval rate of strategy.
For example, the policy information of a service-user can store in an XML file, the service-user it is every Item desensitization policy information is exactly an xml node in the XML file.Addition new content can all be calculated to XML file every time One new cryptographic Hash allows Hbase association processing system that can know whether this XML file is modified by judging hash value It crosses.
Wherein, it may include desensitization policy resolution component that Hbase, which assists processing system, which can root According to the identification information for the service-user for currently needing to access data, to obtain at least one desensitization strategy of the corresponding identification information Information.
For example, which is identified as C, then can be in pre-stored many desensitization policy informations The desensitization policy information for searching the C service-user may have a plurality of desensitization policy information, including desensitization policy information 1, desensitization plan Slightly information 2 and desensitization policy information 3.
S12, Hbase association processing system parse every desensitization policy information of the service-user, determine The identification information of included user, operation object and at least one desensitization rule in every desensitization policy information.
Wherein, which can also be to desensitization policy information 1, desensitization policy information 2 and desensitization strategy Information 3 is parsed respectively, to determine identification information, the operation object of service-user included in every desensitization policy information And at least one desensitization rule.
Step 104, Hbase association's processing system search whether to exist in at least one desensitization policy information with The matched at least one target desensitization policy information of target operation object;
For example, in 3 desensitization policy informations of the service-user found, desensitization policy information 1 includes mark Know the data, desensitization rule 1 and desensitization rule 2 of the b column of tables of data A in C, Hbase database A;The policy information 2 that desensitizes includes mark Know the data, desensitization rule 3 and desensitization rule 4 of the b column of tables of data B in C, Hbase database A;The policy information 3 that desensitizes includes mark Know the data, desensitization rule 5 and desensitization rule 6 of the c column of tables of data A in C, Hbase database A.
And referring to above-mentioned steps 102, in the b column that target operation object is tables of data A in Hbase database A in citing Data, therefore, here only desensitization policy information 1 match with the target operation object.
Step 105, and if it exists, then the Hbase assists processing system to obtain the target operation object pair from the Hbase The target data answered;
Wherein, it desensitizes policy information due to existing in 3 desensitization policy informations with the matched target of target operation object, because This, needs the control that accesses to the corresponding target data of the target operation object.Here, it first to be counted from Hbase database A According to Table A b column in obtain target data.
Step 106, Hbase association's processing system is according at least one at least one target desensitization policy information A target desensitization rule carries out dynamic desensitization process to the target data;
Wherein, it may include data desensitization process component that Hbase, which assists processing system, the data desensitization process component Dynamic desensitization process is carried out to the target data got according to desensitization rule 1, desensitization rule 2 respectively.
Wherein, desensitization rule is the rule formulated when desensitizing for data, including replacement, rearrangement, encryption, truncation, mask The methods of rounding is deviated with the date.
Step 107, the target data after Hbase association's processing system desensitizes dynamic is back to the service-user.
By means of the technical solution of the above embodiment of the present invention, the present invention will be accessed by means of Hbase association processing system The data access request of Hbase is intercepted, to determine the identification information and target operation object of service-user, then preparatory Target desensitization policy information corresponding with the identification information and target operation object is searched in the desensitization policy information of formulation, and Desensitization process is carried out to target data to be visited using the target desensitization rule in target desensitization policy information, will finally be taken off Quick treated that data are back to service-user, realizes the dynamic desensitization to the access data of Hbase database, ensure that The data safety of Hbase database.
Optionally, in one embodiment, the Hbase desensitization process system further includes Hbase desensitization operation system, Before step 101, according to the method for the embodiment of the present invention further include:
The metadata information of each tables of data and storage in the Hbase desensitization operation system acquisition Hbase;
The Hbase desensitization operation system determines operation object according to the metadata information of each tables of data, described Operation object includes the metadata information of data that stores in the tables of data of the Hbase;
The identification information of the Hbase desensitization operation system taken at regular intervals service-user;
The Hbase desensitization operation system formulates at least one desensitization rule to the operation object;
Described Hbase desensitization operation system at least one desensitization according to the operation object, formulation is regular and fixed The identification information of the service-user of phase acquisition generates at least one desensitization policy information for each service-user;
The Hbase desensitization operation system will be issued at least one desensitization policy information of each service-user HDFS system.
Wherein, in a specific example, Hbase desensitization operation system can be desensitization system server.
In a specific example, Hbase desensitization operation system may include user management component, desensitize regular group Part, metadata acquisition component, desensitization policy components and service-user Synchronization Component;
Wherein, user management component is distributed for user management and role.
The metadata acquisition component can acquire the metadata information of each tables of data and storage in Hbase, such as often The metadata information of each tables of data in a Hbase database;
The desensitization policy components can be according to the collected each tables of data of the metadata acquisition component Metadata information determines and (specifies in other words) operation object.
Wherein, the operation object include the Hbase tables of data in store data metadata information (such as certain Certain row of some tables of data in a Hbase database);
In addition, the service-user Synchronization Component can be with the identification information of taken at regular intervals service-user;
Such as the identification information of three service-users has been collected, respectively with service-user 1, service-user 2, service-user 3 indicate.
The desensitization rule components can then formulate the specified operation object at least one desensitization rule, wherein The desensitization rule components are mainly used for definition and management to desensitization rule;
For example, formulating desensitization rule 1 to operation object 1, desensitization rule 2 is formulated to operation object 2, operation object 31 is made Fixed desensitization rule 3.
The desensitization policy components can be formulated at least according to above-mentioned specified operation object, for the operation object The identification information of the service-user of one desensitization rule and taken at regular intervals, to generate for each service-user at least One desensitization policy information;
For example, desensitization policy information 1 includes: service-user 1, operation object 1 and desensitization rule 1;The policy information 2 that desensitizes wraps It includes: service-user 2, operation object 2 and desensitization rule 2;Desensitization policy information 3 includes: service-user 3, operation object 3 and desensitization Rule 3.
Finally, the desensitization policy components can will desensitize under policy information for at least one of each service-user It is sent to HDFS system.
Wherein, at least one desensitization policy information obtained in step 103 is exactly to get from HDFS system.
Optionally, in another embodiment, before step 101, may also include that according to the method for the embodiment of the present invention
Whether the metadata information of tables of data changes in the Hbase association processing system monitoring Hbase;
If monitoring to change, Hbase association processing system notifies the Hbase desensitization operation system pair It is synchronous to carry out data for the metadata information of tables of data in Hbase;
There is the metadata information of the tables of data of variation in the Hbase desensitization operation system acquisition Hbase, and according to institute The metadata information stated in the presence of the tables of data of variation synchronizes the metadata information progress data of the corresponding data table of storage.
Specifically, Hbase association processing system may include metadata monitor component.
The metadata monitor component is a kind of trigger mechanism, for monitor tables of data in Hbase metadata information whether It changes, when monitoring to change, so that it may notify the metadata acquisition component in the Hbase desensitization operation system It carries out data to synchronize, in this way, metadata acquisition component can acquire the metadata letter for the tables of data that there is variation in Hbase Breath, and the metadata information of the corresponding data table of storage is counted according to the metadata information of the tables of data that there is variation It (is updated) according to synchronization.
In this manner it is possible to make in the desensitization policy information of the embodiment of the present invention specified operation object all and be and Hbase What the metadata information of the tables of data in database was synchronised, avoid the mistake desensitization to data.
It should be noted that for simple description, therefore, it is stated as a series of action groups for embodiment of the method It closes, but those skilled in the art should understand that, embodiment of that present invention are not limited by the describe sequence of actions, because according to According to the embodiment of the present invention, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art also should Know, the embodiments described in the specification are all preferred embodiments, and the related movement not necessarily present invention is implemented Necessary to example.
It is corresponding with method provided by the embodiments of the present invention, referring to Fig. 2, it is de- to show a kind of Hbase of the present invention The structural block diagram of quick 200 embodiment of processing system, can specifically include Hbase association processing system 21 optionally can also be into one Step includes Hbase desensitization operation system 22;
The Hbase assists processing system 21, for intercepting and capturing service-user to the data access request of Hbase;
The Hbase assists processing system 21, for determining the mark of the service-user according to the data access request Information and target operation object;
The Hbase assists processing system 21, for obtaining at least one of the service-user according to the identification information Desensitize policy information, and the desensitization policy information includes identification information, operation object and at least one desensitization rule of user;
The Hbase assists processing system 21, for search whether to exist in at least one desensitization policy information with The matched at least one target desensitization policy information of target operation object;
The Hbase assists processing system 21, if being also used to find in at least one desensitization policy information and institute The matched at least one target desensitization policy information of target operation object is stated, then obtains the object run pair from the Hbase As corresponding target data;
The Hbase assists processing system 21, in the policy information that is also used to be desensitized according at least one target at least One target desensitization rule carries out dynamic desensitization process to the target data;
The Hbase assists processing system 21, and the target data after being also used to desensitize dynamic is back to the service-user.
Optionally,
The Hbase desensitization operation system 22, for acquiring the metadata information of each tables of data and storage in Hbase;
The Hbase desensitization operation system 22, is also used to determine operation according to the metadata information of each tables of data Object, the operation object include the metadata information of data that stores in the tables of data of the Hbase;
The Hbase desensitization operation system 22, is also used to the identification information of taken at regular intervals service-user;
The Hbase desensitization operation system 22 is also used to formulate the operation object at least one desensitization rule;
The Hbase desensitization operation system 22 is also used at least one desensitization according to the operation object, formulation The identification information of the service-user of rule and taken at regular intervals generates at least one desensitization strategy for each service-user Information;
The Hbase desensitization operation system 22, being also used to will be at least one desensitization strategy letter of each service-user Breath is issued to HDFS system.
Optionally,
The Hbase assists processing system 21, and whether the metadata information for being also used to monitor tables of data in Hbase becomes Change;
The Hbase assists processing system 21, if being also used to monitor, the metadata information of tables of data in Hbase becomes Change, then it is synchronous to notify that the Hbase desensitization operation system 22 carries out data to the metadata information of tables of data in Hbase;
The Hbase desensitization operation system 22 is also used to acquire the metadata letter for the tables of data that there is variation in Hbase Breath, and the metadata information of the corresponding data table of storage is counted according to the metadata information of the tables of data that there is variation According to synchronization.
Optionally,
The Hbase assists processing system 21, is also used to obtain at least the one of the service-user according to the identification information Item desensitization policy information;
The Hbase assists processing system 21, is also used to parse every desensitization policy information of the service-user, Determine identification information, operation object and at least one desensitization rule of user included in every desensitization policy information.
For system embodiments, since it is basically similar to the method embodiment, related so being described relatively simple Place illustrates referring to the part of embodiment of the method.
All the embodiments in this specification are described in a progressive manner, the highlights of each of the examples are with The difference of other embodiments, the same or similar parts between the embodiments can be referred to each other.
It should be understood by those skilled in the art that, the embodiment of the embodiment of the present invention can provide as method, apparatus or calculate Machine program product.Therefore, the embodiment of the present invention can be used complete hardware embodiment, complete software embodiment or combine software and The form of the embodiment of hardware aspect.Moreover, the embodiment of the present invention can be used one or more wherein include computer can With in the computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) of program code The form of the computer program product of implementation.
The embodiment of the present invention be referring to according to the method for the embodiment of the present invention, terminal device (system) and computer program The flowchart and/or the block diagram of product describes.It should be understood that flowchart and/or the block diagram can be realized by computer program instructions In each flow and/or block and flowchart and/or the block diagram in process and/or box combination.It can provide these Computer program instructions are set to general purpose computer, special purpose computer, Embedded Processor or other programmable data processing terminals Standby processor is to generate a machine, so that being held by the processor of computer or other programmable data processing terminal devices Capable instruction generates for realizing in one or more flows of the flowchart and/or one or more blocks of the block diagram The device of specified function.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing terminal devices In computer-readable memory operate in a specific manner, so that instruction stored in the computer readable memory generates packet The manufacture of command device is included, which realizes in one side of one or more flows of the flowchart and/or block diagram The function of being specified in frame or multiple boxes.
These computer program instructions can also be loaded into computer or other programmable data processing terminal devices, so that Series of operation steps are executed on computer or other programmable terminal equipments to generate computer implemented processing, thus The instruction executed on computer or other programmable terminal equipments is provided for realizing in one or more flows of the flowchart And/or in one or more blocks of the block diagram specify function the step of.
Although the preferred embodiment of the embodiment of the present invention has been described, once a person skilled in the art knows bases This creative concept, then additional changes and modifications can be made to these embodiments.So the following claims are intended to be interpreted as Including preferred embodiment and fall into all change and modification of range of embodiment of the invention.
Finally, it is to be noted that, herein, relational terms such as first and second and the like be used merely to by One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning Covering non-exclusive inclusion, so that process, method, article or terminal device including a series of elements not only wrap Those elements are included, but also including other elements that are not explicitly listed, or further includes for this process, method, article Or the element that terminal device is intrinsic.In the absence of more restrictions, being wanted by what sentence "including a ..." limited Element, it is not excluded that there is also other identical elements in process, method, article or the terminal device for including the element.
Above to a kind of data desensitization method and a kind of Hbase desensitization process system based on big data provided by the present invention System, is described in detail, and used herein a specific example illustrates the principle and implementation of the invention, above The explanation of embodiment is merely used to help understand method and its core concept of the invention;Meanwhile for the general skill of this field Art personnel, according to the thought of the present invention, there will be changes in the specific implementation manner and application range, in conclusion this Description should not be construed as limiting the invention.

Claims (6)

1. a kind of data desensitization method based on big data, which is characterized in that it is applied to Hbase desensitization process system, it is described Hbase desensitization process system includes Hbase association processing system, which comprises
Hbase association processing system intercepts and captures service-user to the data access request of Hbase;
Hbase association's processing system determines that the identification information of the service-user and target are grasped according to the data access request Make object;
Hbase association's processing system obtains at least one desensitization strategy letter of the service-user according to the identification information Breath, the desensitization policy information include identification information, operation object and at least one desensitization rule of user;
Hbase association's processing system searches whether exist and the object run in at least one desensitization policy information At least one target desensitization policy information of object matching;
If it exists, then the Hbase assists processing system to obtain the corresponding number of targets of the target operation object from the Hbase According to;
Hbase association's processing system desensitizes according at least one target at least one target desensitization policy information and advises Dynamic desensitization process then is carried out to the target data;
Target data after Hbase association's processing system desensitizes dynamic is back to the service-user;
Wherein, the Hbase desensitization process system further includes Hbase desensitization operation system, and Hbase association processing system is intercepted and captured Before service-user is to the data access request of Hbase, the method also includes:
The metadata information of each tables of data and storage in the Hbase desensitization operation system acquisition Hbase;
The Hbase desensitization operation system determines operation object, the operation according to the metadata information of each tables of data Object includes the metadata information of data that stores in the tables of data of the Hbase;
The identification information of the Hbase desensitization operation system taken at regular intervals service-user;
The Hbase desensitization operation system formulates at least one desensitization rule to the operation object;
The Hbase desensitization operation system at least one desensitization according to the operation object, formulation is regular and periodically adopts The identification information of the service-user of collection generates at least one desensitization policy information for each service-user;
The Hbase desensitization operation system will be issued to HDFS system at least one desensitization policy information of each service-user System.
2. the method according to claim 1, wherein Hbase association processing system intercepts and captures service-user pair Before the data access request of Hbase, the method also includes:
Whether the metadata information of tables of data changes in the Hbase association processing system monitoring Hbase;
If monitoring to change, Hbase association processing system notifies the Hbase desensitization operation system in Hbase It is synchronous that the metadata information of tables of data carries out data;
There is the metadata information of the tables of data of variation in the Hbase desensitization operation system acquisition Hbase, and is deposited according to described It is synchronous that data are carried out to the metadata information of the corresponding data table of storage in the metadata information of the tables of data of variation.
3. the method according to claim 1, wherein the Hbase assists processing system according to the identification information Obtain at least one desensitization policy information of the service-user, comprising:
Hbase association's processing system obtains at least one desensitization strategy letter of the service-user according to the identification information Breath;
Hbase association processing system parses every desensitization policy information of the service-user, determines every desensitization The identification information of included user, operation object and at least one desensitization rule in policy information.
4. a kind of Hbase desensitization process system characterized by comprising
Hbase assists processing system;
The Hbase assists processing system, for intercepting and capturing service-user to the data access request of Hbase;
The Hbase assists processing system, for determined according to the data access request service-user identification information and Target operation object;
The Hbase assists processing system, for obtaining at least one desensitization plan of the service-user according to the identification information Slightly information, the desensitization policy information include identification information, operation object and at least one desensitization rule of user;
The Hbase assists processing system, for searching whether exist and the mesh in at least one desensitization policy information Mark the matched at least one target desensitization policy information of operation object;
The Hbase assists processing system, if being also used to find and the target in at least one desensitization policy information It is corresponding then to obtain the target operation object from the Hbase for the matched at least one target desensitization policy information of operation object Target data;
The Hbase assists processing system, at least one mesh in the policy information that is also used to be desensitized according at least one target Mark desensitization rule carries out dynamic desensitization process to the target data;
The Hbase assists processing system, and the target data after being also used to desensitize dynamic is back to the service-user;
Wherein, the Hbase desensitization process system further include: Hbase desensitization operation system;
The Hbase desensitization operation system, for acquiring the metadata information of each tables of data and storage in Hbase;
The Hbase desensitization operation system, is also used to determine operation object according to the metadata information of each tables of data, institute State the metadata information of the data stored in the tables of data that operation object includes the Hbase;
The Hbase desensitization operation system, is also used to the identification information of taken at regular intervals service-user;
The Hbase desensitization operation system is also used to formulate the operation object at least one desensitization rule;
The Hbase desensitizes operation system, be also used to according to the operation object, formulate described at least one desensitization rule and The identification information of the service-user of taken at regular intervals generates at least one desensitization policy information for each service-user;
The Hbase desensitization operation system is also used to issue at least one desensitization policy information of each service-user To HDFS system.
5. Hbase desensitization process system according to claim 4, which is characterized in that
The Hbase assists processing system, and whether the metadata information for being also used to monitor tables of data in Hbase changes;
The Hbase assists processing system, if being also used to monitor, the metadata information of tables of data in Hbase changes, and leads to It is synchronous to know that the Hbase desensitization operation system carries out data to the metadata information of tables of data in Hbase;
The Hbase desensitization operation system is also used to acquire the metadata information that there is the tables of data of variation in Hbase, and root It is synchronous that data are carried out to the metadata information of the corresponding data table of storage according to the metadata information of the tables of data that there is variation.
6. Hbase desensitization process system according to claim 4, which is characterized in that
The Hbase assists processing system, is also used to obtain at least one desensitization of the service-user according to the identification information Policy information;
The Hbase assists processing system, is also used to parse every desensitization policy information of the service-user, determines every The identification information of included user, operation object and at least one desensitization rule in item desensitization policy information.
CN201710731649.4A 2017-08-23 2017-08-23 A kind of data desensitization method and Hbase desensitization process system based on big data Active CN107563218B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710731649.4A CN107563218B (en) 2017-08-23 2017-08-23 A kind of data desensitization method and Hbase desensitization process system based on big data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710731649.4A CN107563218B (en) 2017-08-23 2017-08-23 A kind of data desensitization method and Hbase desensitization process system based on big data

Publications (2)

Publication Number Publication Date
CN107563218A CN107563218A (en) 2018-01-09
CN107563218B true CN107563218B (en) 2019-01-15

Family

ID=60975637

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710731649.4A Active CN107563218B (en) 2017-08-23 2017-08-23 A kind of data desensitization method and Hbase desensitization process system based on big data

Country Status (1)

Country Link
CN (1) CN107563218B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108418676A (en) * 2018-01-26 2018-08-17 山东超越数控电子股份有限公司 A kind of data desensitization method based on permission
CN110210241B (en) * 2018-02-28 2023-11-21 中兴通讯股份有限公司 Data desensitization method and device
CN115935428A (en) * 2018-05-14 2023-04-07 创新先进技术有限公司 Information desensitization method, device and system
CN109409121B (en) * 2018-09-07 2022-10-11 创新先进技术有限公司 Desensitization processing method and device and server
CN111143875B (en) * 2019-12-17 2024-03-08 航天信息股份有限公司 Data information desensitization method and system based on big data

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106407843A (en) * 2016-10-17 2017-02-15 深圳中兴网信科技有限公司 Data desensitization method and data desensitization device
CN106529329A (en) * 2016-10-11 2017-03-22 中国电子科技网络信息安全有限公司 Desensitization system and desensitization method used for big data
CN106599713A (en) * 2016-11-11 2017-04-26 中国电子科技网络信息安全有限公司 Database masking system and method based on big data

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106778351B (en) * 2016-12-30 2020-04-21 中国民航信息网络股份有限公司 Data desensitization method and device
CN107403111A (en) * 2017-08-10 2017-11-28 中国民航信息网络股份有限公司 HIVE data desensitization method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106529329A (en) * 2016-10-11 2017-03-22 中国电子科技网络信息安全有限公司 Desensitization system and desensitization method used for big data
CN106407843A (en) * 2016-10-17 2017-02-15 深圳中兴网信科技有限公司 Data desensitization method and data desensitization device
CN106599713A (en) * 2016-11-11 2017-04-26 中国电子科技网络信息安全有限公司 Database masking system and method based on big data

Also Published As

Publication number Publication date
CN107563218A (en) 2018-01-09

Similar Documents

Publication Publication Date Title
CN107563218B (en) A kind of data desensitization method and Hbase desensitization process system based on big data
US11895143B2 (en) Providing action recommendations based on action effectiveness across information technology environments
JP6334009B2 (en) Handling mutations for remote databases
AU2015369780B2 (en) Auto discovery of configuration items
US20160034311A1 (en) Tracking large numbers of moving objects in an event processing system
CN107391735A (en) Business datum source tracing method, device, system and storage device based on block chain
US20130218837A1 (en) Cloud data synchronization with local data
EP3794487B1 (en) Obfuscation and deletion of personal data in a loosely-coupled distributed system
CN106570097B (en) Sequence generation method and device
EP3804269B1 (en) Detect duplicates with exact and fuzzy matching on encrypted match indexes
US20150234883A1 (en) Method and system for retrieving real-time information
US9026493B1 (en) Multi-master RDBMS improvements for distributed computing environment
US20180232452A1 (en) Data retrieval method and system
TW201735589A (en) Method, device, and system for processing data in webpage
CN109408286A (en) Data processing method, device, system, computer readable storage medium
EP3093789B1 (en) Storing structured information
CN107491463B (en) Optimization method and system for data query
EP3296980B1 (en) Database system and database processing method
CN112347192A (en) Data synchronization method, device, platform and readable medium
CN107885634B (en) Method and device for processing abnormal information in monitoring
US9323634B2 (en) Generating a configuration file based upon an application registry
WO2016095716A1 (en) Fault information processing method and related device
CN109525586B (en) Security policy configuration method and device based on URL
WO2014051071A1 (en) Distributed storage apparatus, storage node, data provision method and program
US10387887B2 (en) Bloom filter driven data synchronization

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant