CN109871708A - Data transmission method, device, electronic equipment and storage medium - Google Patents
Data transmission method, device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN109871708A CN109871708A CN201811537695.1A CN201811537695A CN109871708A CN 109871708 A CN109871708 A CN 109871708A CN 201811537695 A CN201811537695 A CN 201811537695A CN 109871708 A CN109871708 A CN 109871708A
- Authority
- CN
- China
- Prior art keywords
- data
- cluster
- desensitization
- importing
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of data transmission method, device, electronic equipment and storage medium.The data transmission method includes: to be desensitized using configuration rule to the data imported in cluster when receiving data desensitization instruction;When receiving data importing instruction, the importing permission for importing cluster is verified;After the importing cluster is by verifying, the data after desensitization are imported into network attached storage NAS;When receiving data access request, the access authority of authentication-access cluster;After the access cluster is by verifying, according to the data access request, target data is determined from the NAS;The target data is imported into the access cluster.The present invention can make data execute safe transmission automatically between each cluster, it is synchronous to realize data, while avoiding invading, information security is effectively ensured.
Description
Technical field
The present invention relates to big data technical field more particularly to a kind of data transmission method, device, electronic equipment and storages
Medium.
Background technique
A large amount of emulation data are needed in the project development of big data platform to come as test data to ETL (Extract
Transform Load, data warehouse technology) program is tested, and it is all that tester provides access script, operation hand at present
It moves after the data of production environment desensitize, then executes export, be then sent to test colleague, further by testing same manually import
To test environment, whole process complex steps are not very intelligent, and take time and effort.
Summary of the invention
In view of the foregoing, it is necessary to a kind of data transmission method, device, electronic equipment and storage medium are provided, can be made
Data execute safe transmission between each cluster automatically, avoid invading, information security is effectively ensured.
A kind of data transmission method, which comprises
When receiving data desensitization instruction, desensitized using configuration rule to the data imported in cluster;
When receiving data importing instruction, the importing permission for importing cluster is verified;
After the importing cluster is by verifying, the data after desensitization are imported into network attached storage NAS;
When receiving data access request, the access authority of authentication-access cluster;
After the access cluster is by verifying, according to the data access request, number of targets is determined from the NAS
According to;
The target data is imported into the access cluster.
Preferred embodiment according to the present invention, the importing cluster include production cluster, and the access cluster includes test set
Group.
Preferred embodiment according to the present invention, the data desensitization instruction include the combination of following one or more:
The data of the start by set date received, which desensitize, to be instructed;And/or
The data desensitization instruction of the user triggering received.
Preferred embodiment according to the present invention, it is described using configuration rule to import cluster in data carry out desensitization include:
Identify the sensitive data in the importing cluster;
Determine the attribute data for importing cluster;
According to the attribute data, target desensitization rule is determined from the desensitization list of rules of configuration, wherein the desensitization
Store the attribute data of all clusters and the corresponding relationship of desensitization rule in list of rules;
It is desensitized with target desensitization rule to the sensitive data.
Preferred embodiment according to the present invention determines mesh according to the attribute data from the desensitization list of rules of configuration
Before mark desensitization rule, the method also includes:
Using web crawlers technology, all clusters, and desensitization corresponding with all clusters rule are obtained, it is described de- to configure
Quick list of rules;Or
The related personnel of each cluster in all clusters is prompted to input desensitization rule corresponding with each cluster, to configure
State desensitization list of rules.
Preferred embodiment according to the present invention, the verifying importing permission for importing cluster include:
Receive the title and key for importing cluster;
According to the title and key, the importing permission for importing cluster is verified.
Preferred embodiment according to the present invention, it is described according to the data access request, target data is determined from the NAS
Include:
Access title and/or access address are obtained from the data access request;
According to the access title and/or access address, target data is determined from the NAS.
A kind of data transmission device, described device include:
Desensitization unit, for when receive data desensitization instruction when, using configuration rule to import cluster in data into
Row desensitization;
Authentication unit, for verifying the importing permission for importing cluster when receiving data importing instruction;
Import unit, for after the importing cluster is by verifying, the data after desensitization to be imported into network attached deposit
It stores up in NAS;
The authentication unit is also used to when receiving data access request, the access authority of authentication-access cluster;
Determination unit is used for after the access cluster is by verifying, according to the data access request, from the NAS
Middle determining target data;
The import unit is also used to imported into the target data in the access cluster.
Preferred embodiment according to the present invention, the importing cluster include production cluster, and the access cluster includes test set
Group.
Preferred embodiment according to the present invention, the data desensitization instruction include the combination of following one or more:
The data of the start by set date received, which desensitize, to be instructed;And/or
The data desensitization instruction of the user triggering received.
Preferred embodiment according to the present invention, the desensitization unit are specifically used for:
Identify the sensitive data in the importing cluster;
Determine the attribute data for importing cluster;
According to the attribute data, target desensitization rule is determined from the desensitization list of rules of configuration, wherein the desensitization
Store the attribute data of all clusters and the corresponding relationship of desensitization rule in list of rules;
It is desensitized with target desensitization rule to the sensitive data.
Preferred embodiment according to the present invention, described device further include:
Acquiring unit, for according to the attribute data, determining target desensitization rule from the desensitization list of rules of configuration
Before then, using web crawlers technology, all clusters, and desensitization corresponding with all clusters rule are obtained, to configure the desensitization
List of rules;Or
Prompt unit, for prompting the related personnel of each cluster in all clusters to input desensitization corresponding with each cluster
Rule, to configure the desensitization list of rules.
Preferred embodiment according to the present invention, the authentication unit verify the importing permission for importing cluster and include:
Receive the title and key for importing cluster;
According to the title and key, the importing permission for importing cluster is verified.
Preferred embodiment according to the present invention, the determination unit are specifically used for:
Access title and/or access address are obtained from the data access request;
According to the access title and/or access address, target data is determined from the NAS.
A kind of electronic equipment, the electronic equipment include:
Memory stores at least one instruction;And
Processor executes the instruction stored in the memory to realize the data transmission method.
A kind of computer readable storage medium is stored at least one instruction, institute in the computer readable storage medium
At least one instruction is stated to be executed by the processor in electronic equipment to realize the data transmission method.
As can be seen from the above technical solutions, the present invention can be when receiving data desensitization instruction, using configuration rule
To import cluster in data desensitize, thus to sensitive data carry out effective protection, avoid leakage user privacy, and
When receiving data importing instruction, the importing permission for importing cluster is verified, to avoid data are maliciously written, in the importing
After cluster is by verifying, the data after desensitization are imported into NAS, when receiving data access request, authentication-access cluster
Access authority, to avoid malice altered data, and the access cluster by verifying after, asked according to the data access
It asks, determines that target data directly skips the fire prevention between cluster to establish data connection by the NAS from the NAS
The target data is further imported into the access cluster by wall, so that data is executed safety automatically between each cluster and is passed
It is defeated, it avoids invading, information security is effectively ensured.
Detailed description of the invention
Fig. 1 is the flow chart of the preferred embodiment of data transmission method of the present invention.
Fig. 2 is the functional block diagram of the preferred embodiment of data transmission device of the present invention.
Fig. 3 is the structural schematic diagram of the electronic equipment for the preferred embodiment that the present invention realizes data transmission method.
Main element symbol description
Electronic equipment | 1 |
Memory | 12 |
Processor | 13 |
Data transmission device | 11 |
Desensitization unit | 110 |
Authentication unit | 111 |
Import unit | 112 |
Determination unit | 113 |
Acquiring unit | 114 |
Prompt unit | 115 |
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, right in the following with reference to the drawings and specific embodiments
The present invention is described in detail.
As shown in Figure 1, being the flow chart of the preferred embodiment of data transmission method of the present invention.According to different requirements, should
The sequence of step can change in flow chart, and certain steps can be omitted.
The data transmission method is applied in one or more electronic equipment, and the electronic equipment is that one kind can be by
According to the instruction for being previously set or storing, the equipment of progress numerical value calculating and/or information processing, hardware include but is not limited to automatically
Microprocessor, specific integrated circuit (Application Specific Integrated Circuit, ASIC), programmable gate
Array (Field-Programmable Gate Array, FPGA), digital processing unit (Digital Signal
Processor, DSP), embedded device etc..
The electronic equipment can be any electronic product that human-computer interaction can be carried out with user, for example, personal meter
Calculation machine, tablet computer, smart phone, personal digital assistant (PersonalDigital Assistant, PDA), game machine, friendship
Mutual formula Web TV (Internet Protocol Television, IPTV), intellectual wearable device etc..
The electronic equipment can also include the network equipment and/or user equipment.Wherein, the network equipment includes, but
It is not limited to single network server, the server group of multiple network servers composition or based on cloud computing (Cloud
Computing the cloud being made of a large amount of hosts or network server).
Network locating for the electronic equipment include but is not limited to internet, wide area network, Metropolitan Area Network (MAN), local area network, it is virtual specially
With network (Virtual Private Network, VPN) etc..
S10, when receiving data desensitization instruction, the electronic equipment is using configuration rule to the data imported in cluster
It desensitizes.
It for big data platform, generally requires system operation personnel and a large amount of emulation data is provided, using as testing process
In test data, to be tested ETL (Extract Transform Load, data warehouse technology) program.Existing
Have in technical solution, usually provides access script by tester, and by system operation personnel manually by the data of production environment
It desensitizes, further according to the data after the access script export desensitization, the data after the desensitization is further sent to institute
Tester is stated, the tester manually imports the data after the desensitization in test environment, for the tester
Member is tested.The above process is not only not smart enough, but also takes time and effort, and user experience is bad.
But in order to guarantee the safety of data transmission, test cluster and production cluster can not be communicated directly, with
Prevent that the original creation data in the production cluster is accidentally distorted, or by the malicious attack of bogusware, therefore, uses
The technical program can effectively solve the above problems, and data is made to execute safe transmission automatically between each cluster.
Preferably, the importing cluster includes production cluster, and the access cluster includes test cluster.
Preferably, the data desensitization instruction includes, but are not limited to the combination of following one or more:
(1) data for the start by set date that the electronic equipment receives, which desensitize, instructs.
Specifically, the electronic equipment, which can be set, is timed desensitization to the data in the importing cluster, to reduce
Manual operation executes the electronic equipment automatically.
Further, the electronic equipment can be set every prefixed time interval to it is described importing cluster in data into
The default date in every month can be set to the data in the importing cluster in row timing desensitization or the electronic equipment
It is timed desensitization etc., the present invention does not limit.
(2) data for the user triggering that the electronic equipment receives, which desensitize, to be instructed.
Specifically, the electronic equipment is subject to the triggering command of the user, needs to carry out data in the user
When desensitization, desensitization operation is executed.
Further, the user can trigger the triggering command by clicking trigger key, and the triggering key can
To be virtual key or physical button etc..The user can also input corresponding phonetic order, using as the data
Desensitization instruction, the present invention do not limit.
In at least one embodiment of the present invention, the configuration rule is the desensitization rule of electronic equipment configuration,
The desensitization rule can be desensitization mode general in the industry, alternatively, the desensitization rule is also possible to user according to practical need
The customized desensitization mode to be carried out.
Specifically, the desensitization rule may include, but be not limited to any one following mode:
K-Anonymity algorithm, L-Diversity algorithm, T-Closeness algorithm etc..
Preferably, the electronic equipment desensitize to the data imported in cluster using configuration rule includes:
The electronic equipment identifies the sensitive data in the importing cluster, determines the attribute data for importing cluster,
And according to the attribute data, target desensitization rule is determined from the desensitization list of rules of configuration, wherein the desensitization rules column
Store the attribute data of all clusters and the corresponding relationship of desensitization rule in table, the electronic equipment is desensitized with the target and advised
Then desensitize to the sensitive data.
In at least one embodiment of the present invention, the sensitive data include it is described importing cluster in tables of data or
Field etc., therefore, for different importing clusters, the definition of the sensitive data is also different, for example, collecting for production
Group, the sensitive data may include, but be not limited to the combination of following one or more: passport NO., user name, account,
Password etc..
In at least one embodiment of the present invention, the electronic equipment determines sensitive data according to the importing cluster
Justice identifies the keyword or attribute for importing the data in cluster, with the determination sensitive data imported in cluster.
In at least one embodiment of the present invention, the attribute data includes the function attribute and application neck of each cluster
Domain etc., such as: the attribute data of the production cluster is and to belong to development field for producing, the attribute of the test cluster
Data are and to belong to testing field for testing.
Further, mesh is determined from the desensitization list of rules of configuration according to the attribute data in the electronic equipment
Before mark desensitization rule, the method also includes:
(1) electronic equipment uses web crawlers technology, obtains all clusters, and desensitization corresponding with all clusters rule
Then, to configure the desensitization list of rules.
By above embodiment, the electronic equipment configures the desensitization list of rules using mass data as foundation
More comprehensively.
(2) related personnel's input of each cluster is corresponding with each cluster de- in all clusters of the electronic device prompts
Quick rule, to configure the desensitization list of rules.
By above embodiment, the electronic equipment is with the object (collection connecting with the NAS of active service
Group, and the cluster etc. that will connect with the NAS) provided by desensitization rule subject to, with configure be more in line with actual use feelings
The desensitization list of rules of condition.
S11, when receiving data importing instruction, the electronic equipment verifies the importing permission for importing cluster.
In at least one embodiment of the present invention, the data import instruction and can be triggered by the user,
It can be triggered by the electronic equipment according to process settings, the present invention does not limit.
Such as: when the electronic equipment, which receives user's trigger data, imports the signal of key, the electronics is set
It is standby to determine that receiving the data imports instruction.
Either, when the electronic equipment is according to preset flow arrangement situation, the number in having executed the importing cluster
According to desensitization task after, the electronic equipment can directly trigger the data and import instruction.
Specifically, the electronic equipment verify it is described import cluster importing permission include:
The electronic equipment receives the title and key for importing cluster, and according to the title and key, verifies institute
State the importing permission for importing cluster.
In at least one embodiment of the present invention, in order to guarantee the safety of data transmission, the electronic equipment needs
The importing permission for importing cluster is verified, is occurred the case where data to avoid being maliciously written, bringing to user need not
The trouble or economic loss wanted.
Therefore, the electronic equipment can be pre-configured with key each to have permission cluster, and the electronic equipment record is every
The title and key of a cluster having permission, for verifying.
Specifically, the electronic equipment can carry out the title received and key and preconfigured title and key
Matching, when the title received and key and the success of preconfigured title and cipher key match, the electronic equipment is true
The fixed importing cluster, which has, imports permission;When the title received and key and preconfigured title and cipher key match
When failure, the electronic equipment determines that the importing cluster does not have and imports permission.
S12, after the importing cluster is by verifying, the data after desensitization imported into network attached by the electronic equipment
It stores in NAS.
In at least one embodiment of the present invention, the NAS (Network Attached Storage, it is network attached
Storage) it is to be connected on network, have the device of data storage function, it is data-centered, storage equipment and server is thorough
Bottom separation, manages data concentratedly, to discharge bandwidth, improve performance, reduce totle drilling cost, protection investment.The NAS includes storage
Device (such as disk array, CD/DVD driver, tape drive or moveable storage medium) and embedded systems software, can
Cross-platform file-sharing function is provided.
Therefore, the NAS can be used as the intermediary of two clusters of connection, to avoid being directly connected to for two clusters.
On the one hand, due to can not be usually directly connected between two clusters, by the NAS, it is equivalent to and has skipped two
Firewall between a cluster.
On the other hand, using the NAS as intermediary, can to avoid due to two clusters be directly connected to cause data
Distort, the safety of effective protection data.
S13, when receiving data access request, the access authority of the electronic equipment authentication-access cluster.
In at least one embodiment of the present invention, the data access request can be triggered by the user,
It can be triggered by the electronic equipment according to process settings, the present invention does not limit.
Such as: when the electronic equipment receives the signal of user's trigger data access request, the electronics is set
Standby determination receives the data access request.
Either, when the electronic equipment is according to preset flow arrangement situation, after having executed data and having imported, the electricity
Sub- equipment can directly trigger the data access request.
Specifically, the electronic equipment verify it is described access cluster access authority include:
The electronic equipment receives the title and key of the access cluster, and according to the title and key, verifies institute
State the access authority of access cluster.
In at least one embodiment of the present invention, in order to guarantee the safety of data transmission, the electronic equipment needs
The access authority of the access cluster is verified, is occurred the case where data to avoid maliciously reading, bringing to user need not
The trouble or economic loss wanted.
Therefore, the electronic equipment can be pre-configured with key each to have permission cluster, and the electronic equipment record is every
The title and key of a cluster having permission, for verifying.
Specifically, the electronic equipment can carry out the title received and key and preconfigured title and key
Matching, when the title received and key and the success of preconfigured title and cipher key match, the electronic equipment is true
The fixed access cluster has access authority;When the title received and key and preconfigured title and cipher key match
When failure, the electronic equipment determines that the access cluster does not have access authority.
S14, after the access cluster is by verifying, the electronic equipment is according to the data access request, from described
Target data is determined in NAS.
It at least one embodiment of the present invention, include the access name of the target data in the data access request
Title or access address.
Further, the electronic equipment determines target packet according to the data access request from the NAS
It includes:
The electronic equipment obtains access title and/or access address from the data access request, and according to described
Title and/or access address are accessed, target data is determined from the NAS.
By matching the access title or access address, described in the electronic equipment can be determined from the NAS
Target data.
The target data is imported into the access cluster by S15, the electronic equipment.
In at least one embodiment of the present invention, the target data is imported into the access and collected by the electronic equipment
In group, for subsequent use.
Such as: when the access cluster is test cluster, the target data can be for using data, report, model
Data, program, user's portrait etc., the electronic equipment can test the target data.
In conclusion the present invention can be when receiving data desensitization instruction, using configuration rule in importing cluster
Data desensitize, to carry out effective protection to sensitive data, avoid the privacy of leakage user, and import receiving data
When instruction, verifies the importing permission for importing cluster and pass through verifying in the importing cluster to avoid data are maliciously written
Afterwards, the data after desensitization are imported into NAS, when receiving data access request, the access authority of authentication-access cluster, with
Malice altered data is avoided, and after the access cluster is by verifying, according to the data access request, from the NAS
It determines target data, to establish data connection by the NAS, directly skips the firewall between cluster, it further will be described
Target data is imported into the access cluster, so that data is executed safe transmission automatically between each cluster, is avoided invading, effectively
It ensures information security.
As shown in Fig. 2, being the functional block diagram of the preferred embodiment of data transmission device of the present invention.The data transmission dress
Setting 11 includes desensitization unit 110, authentication unit 111, import unit 112, determination unit 113, acquiring unit 114 and prompt unit
115.So-called module/the unit of the present invention refers to that one kind can be performed by processor 13, and can complete fixed function
Series of computation machine program segment, storage is in memory 12.It in the present embodiment, will be about the function of each module/unit
It is described in detail in subsequent embodiment.
When receiving data desensitization instruction, desensitization unit 110 carries out the data imported in cluster using configuration rule
Desensitization.
It for big data platform, generally requires system operation personnel and a large amount of emulation data is provided, using as testing process
In test data, to be tested ETL (Extract Transform Load, data warehouse technology) program.Existing
Have in technical solution, usually provides access script by tester, and by system operation personnel manually by the data of production environment
It desensitizes, further according to the data after the access script export desensitization, the data after the desensitization is further sent to institute
Tester is stated, the tester manually imports the data after the desensitization in test environment, for the tester
Member is tested.The above process is not only not smart enough, but also takes time and effort, and user experience is bad.
But in order to guarantee the safety of data transmission, test cluster and production cluster can not be communicated directly, with
Prevent that the original creation data in the production cluster is accidentally distorted, or by the malicious attack of bogusware, therefore, uses
The technical program can effectively solve the above problems, and data is made to execute safe transmission automatically between each cluster.
Preferably, the importing cluster includes production cluster, and the access cluster includes test cluster.
Preferably, the data desensitization instruction includes, but are not limited to the combination of following one or more:
(1) data for the start by set date that the electronic equipment receives, which desensitize, instructs.
Specifically, the electronic equipment, which can be set, is timed desensitization to the data in the importing cluster, to reduce
Manual operation executes the electronic equipment automatically.
Further, the electronic equipment can be set every prefixed time interval to it is described importing cluster in data into
The default date in every month can be set to the data in the importing cluster in row timing desensitization or the electronic equipment
It is timed desensitization etc., the present invention does not limit.
(2) data for the user triggering that the electronic equipment receives, which desensitize, to be instructed.
Specifically, the electronic equipment is subject to the triggering command of the user, needs to carry out data in the user
When desensitization, desensitization operation is executed.
Further, the user can trigger the triggering command by clicking trigger key, and the triggering key can
To be virtual key or physical button etc..The user can also input corresponding phonetic order, using as the data
Desensitization instruction, the present invention do not limit.
In at least one embodiment of the present invention, the configuration rule is the desensitization rule of the desensitization unit 110 configuration
Then, the desensitization rule can be desensitization mode general in the industry, alternatively, the desensitization rule is also possible to user according to reality
The customized desensitization mode for needing to carry out.
Specifically, the desensitization rule may include, but be not limited to any one following mode:
K-Anonymity algorithm, L-Diversity algorithm, T-Closeness algorithm etc..
Preferably, the desensitization unit 110 desensitize to the data imported in cluster using configuration rule includes:
The desensitization unit 110 identifies the sensitive data in the importing cluster, and determines the attribute for importing cluster
Data, and according to the attribute data, target desensitization rule is determined from the desensitization list of rules of configuration, wherein the desensitization
Store the attribute data of all clusters and the corresponding relationship of desensitization rule in list of rules, the desensitization unit 110 is with described
Target desensitization rule desensitizes to the sensitive data.
In at least one embodiment of the present invention, the sensitive data include it is described importing cluster in tables of data or
Field etc., therefore, for different importing clusters, the definition of the sensitive data is also different, for example, collecting for production
Group, the sensitive data may include, but be not limited to the combination of following one or more: passport NO., user name, account,
Password etc..
In at least one embodiment of the present invention, the desensitization unit 110 is according to the importing cluster to sensitive data
Definition, identify it is described import cluster in data keyword or attribute, with determination it is described import cluster in sensitive number
According to.
In at least one embodiment of the present invention, the attribute data includes the function attribute and application neck of each cluster
Domain etc., such as: the attribute data of the production cluster is and to belong to development field for producing, the attribute of the test cluster
Data are and to belong to testing field for testing.
Further, it is determined from the desensitization list of rules of configuration in the desensitization unit 110 according to the attribute data
Before target desensitization rule, the method also includes:
(1) acquiring unit 114 uses web crawlers technology, obtains all clusters, and desensitization corresponding with all clusters rule
Then, to configure the desensitization list of rules.
By above embodiment, the acquiring unit 114 matches the desensitization list of rules using mass data as foundation
That sets is more comprehensive.
(2) prompt unit 115 prompts the related personnel of each cluster in all clusters to input corresponding with each cluster de-
Quick rule, to configure the desensitization list of rules.
By above embodiment, the prompt unit 115 (was connect with the NAS with the object of active service
Cluster, and the cluster etc. that will be connect with the NAS) provided by desensitization rule subject to, with configuration be more in line with actual use
The desensitization list of rules of situation.
When receiving data importing instruction, authentication unit 111 verifies the importing permission for importing cluster.
In at least one embodiment of the present invention, the data import instruction and can be triggered by the user,
It can be triggered by the authentication unit 111 according to process settings, the present invention does not limit.
Such as: when the authentication unit 111, which receives user's trigger data, imports the signal of key, the verifying
Unit 111 determines that receiving the data imports instruction.
Either, when the authentication unit 111 is according to preset flow arrangement situation, in having executed the importing cluster
After the desensitization task of data, the authentication unit 111 can directly trigger the data and import instruction.
Specifically, the authentication unit 111 verify it is described import cluster importing permission include:
The authentication unit 111 receives the title and key for importing cluster, and according to the title and key, verifying
The importing permission for importing cluster.
In at least one embodiment of the present invention, in order to guarantee the safety of data transmission, the authentication unit 111 is needed
The importing permission for importing cluster is verified, occur the case where data to avoid being maliciously written, brought not to user
Necessary trouble or economic loss.
Therefore, the authentication unit 111 can be for each having permission cluster is pre-configured with key, the authentication unit 111
The title and key for the cluster each having permission are recorded, for verifying.
Specifically, the authentication unit 111 can be by the title received and key and preconfigured title and key
It is matched, when the title received and key and the success of preconfigured title and cipher key match, the verifying is single
Member 111 determines that the importing cluster has and imports permission;When the title received and key and preconfigured title and
When cipher key match fails, the authentication unit 111 determines that the importing cluster does not have and imports permission.
After the importing cluster is by verifying, the data after desensitization are imported into network attached storage by import unit 112
In NAS.
In at least one embodiment of the present invention, the NAS is connected on network, has the dress of data storage function
It sets, it is data-centered, storage equipment is completely separated with server, manages data concentratedly, to discharge bandwidth, raising property
It can, reduce totle drilling cost, protection investment.The NAS includes memory device (such as disk array, CD/DVD driver, magnetic tape drive
Device or moveable storage medium) and embedded systems software, it is possible to provide cross-platform file-sharing function.
Therefore, the NAS can be used as the intermediary of two clusters of connection, to avoid being directly connected to for two clusters.
On the one hand, due to can not be usually directly connected between two clusters, by the NAS, it is equivalent to and has skipped two
Firewall between a cluster.
On the other hand, using the NAS as intermediary, can to avoid due to two clusters be directly connected to cause data
Distort, the safety of effective protection data.
When receiving data access request, the access authority of the 111 authentication-access cluster of authentication unit.
In at least one embodiment of the present invention, the data access request can be triggered by the user,
It can be triggered by the authentication unit 111 according to process settings, the present invention does not limit.
Such as: when the authentication unit 111 receives the signal of user's trigger data access request, the verifying
The determination of unit 111 receives the data access request.
Either, when the authentication unit 111 is according to preset flow arrangement situation, after having executed data and having imported, institute
The data access request can directly be triggered by stating authentication unit 111.
Specifically, the authentication unit 111 verify it is described access cluster access authority include:
The authentication unit 111 receives the title and key of the access cluster, and according to the title and key, verifying
The access authority of the access cluster.
In at least one embodiment of the present invention, in order to guarantee the safety of data transmission, the authentication unit 111 is needed
The access authority of the access cluster is verified, occur the case where data to avoid maliciously reading, brought not to user
Necessary trouble or economic loss.
Therefore, the authentication unit 111 can be for each having permission cluster is pre-configured with key, the authentication unit 111
The title and key for the cluster each having permission are recorded, for verifying.
Specifically, the authentication unit 111 can be by the title received and key and preconfigured title and key
It is matched, when the title received and key and the success of preconfigured title and cipher key match, the verifying is single
Member 111 determines that the access cluster has access authority;When the title received and key and preconfigured title and
When cipher key match fails, the authentication unit 111 determines that the access cluster does not have access authority.
After the access cluster is by verifying, determination unit 113 is according to the data access request, from the NAS
Determine target data.
It at least one embodiment of the present invention, include the access name of the target data in the data access request
Title or access address.
Further, the determination unit 113 determines target data according to the data access request from the NAS
Include:
The determination unit 113 obtains access title and/or access address from the data access request, and according to institute
Access title and/or access address are stated, target data is determined from the NAS.
Institute can be determined from the NAS by matching the access title or access address, the determination unit 113
State target data.
The target data is imported into the access cluster by the import unit 112.
In at least one embodiment of the present invention, the target data is imported into the visit by the import unit 112
It asks in cluster, for subsequent use.
Such as: when the access cluster is test cluster, the target data can be for using data, report, model
Data, program, user's portrait etc., the electronic equipment can test the target data.
In conclusion the present invention can be when receiving data desensitization instruction, using configuration rule in importing cluster
Data desensitize, to carry out effective protection to sensitive data, avoid the privacy of leakage user, and import receiving data
When instruction, verifies the importing permission for importing cluster and pass through verifying in the importing cluster to avoid data are maliciously written
Afterwards, the data after desensitization are imported into NAS, when receiving data access request, the access authority of authentication-access cluster, with
Malice altered data is avoided, and after the access cluster is by verifying, according to the data access request, from the NAS
It determines target data, to establish data connection by the NAS, directly skips the firewall between cluster, it further will be described
Target data is imported into the access cluster, so that data is executed safe transmission automatically between each cluster, is avoided invading, effectively
It ensures information security.
As shown in figure 3, being the structural schematic diagram of the electronic equipment for the preferred embodiment that the present invention realizes data transmission method.
The electronic equipment 1 be it is a kind of can according to the instruction for being previously set or store, automatic progress numerical value calculating and/or
The equipment of information processing, hardware include but is not limited to microprocessor, specific integrated circuit (Application Specific
Integrated Circuit, ASIC), programmable gate array (Field-Programmable Gate Array, FPGA), number
Word processing device (Digital Signal Processor, DSP), embedded device etc..
The electronic equipment 1, which can also be but not limited to any one, to pass through keyboard, mouse, remote controler, touching with user
The modes such as template or voice-operated device carry out the electronic product of human-computer interaction, for example, personal computer, tablet computer, smart phone,
Personal digital assistant (Personal Digital Assistant, PDA), game machine, Interactive Internet TV (Internet
Protocol Television, IPTV), intellectual wearable device etc..
The electronic equipment 1 can also be that the calculating such as desktop PC, notebook, palm PC and cloud server are set
It is standby.
Network locating for the electronic equipment 1 include but is not limited to internet, wide area network, Metropolitan Area Network (MAN), local area network, it is virtual specially
With network (Virtual Private Network, VPN) etc..
In one embodiment of the invention, the electronic equipment 1 includes, but are not limited to memory 12, processor 13,
And it is stored in the computer program that can be run in the memory 12 and on the processor 13, such as data transmit journey
Sequence.
It will be understood by those skilled in the art that the schematic diagram is only the example of electronic equipment 1, not structure paired electrons
The restriction of equipment 1 may include perhaps combining certain components or different components, example than illustrating more or fewer components
Such as described electronic equipment 1 can also include input-output equipment, network access equipment, bus.
Alleged processor 13 can be central processing unit (Central Processing Unit, CPU), can also be
Other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit
(Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processor
Deng the processor 13 is arithmetic core and the control centre of the electronic equipment 1, entire using various interfaces and connection
The various pieces of electronic equipment 1, and execute the operating system of the electronic equipment 1 and types of applications program, the program of installation
Code etc..
The processor 13 executes the operating system of the electronic equipment 1 and the types of applications program of installation.The place
Reason device 13 executes the application program to realize the step in above-mentioned each data transmission method embodiment, such as shown in FIG. 1
Step S10, S11, S12, S13, S14, S15.
Alternatively, the processor 13 realizes each module in above-mentioned each Installation practice/mono- when executing the computer program
The function of member, such as: when receiving data desensitization instruction, desensitized using configuration rule to the data imported in cluster;
When receiving data importing instruction, the importing permission for importing cluster is verified;It, will after the importing cluster is by verifying
Data after desensitization are imported into network attached storage NAS;When receiving data access request, the access of authentication-access cluster
Permission;After the access cluster is by verifying, according to the data access request, target data is determined from the NAS;It will
The target data is imported into the access cluster.
Illustratively, the computer program can be divided into one or more module/units, one or more
A module/unit is stored in the memory 12, and is executed by the processor 13, to complete the present invention.It is one
Or multiple module/units can be the series of computation machine program instruction section that can complete specific function, the instruction segment is for retouching
State implementation procedure of the computer program in the electronic equipment 1.For example, the computer program can be divided into it is de-
Quick unit 110, authentication unit 111, import unit 112, determination unit 113, acquiring unit 114 and prompt unit 115.
The memory 12 can be used for storing the computer program and/or module, the processor 13 by operation or
The computer program and/or module being stored in the memory 12 are executed, and calls the data being stored in memory 12,
Realize the various functions of the electronic equipment 1.The memory 12 can mainly include storing program area and storage data area,
In, storing program area can application program needed for storage program area, at least one function (such as sound-playing function, image
Playing function etc.) etc.;Storage data area, which can be stored, uses created data (such as audio data, phone directory according to mobile phone
Deng) etc..In addition, memory 12 may include high-speed random access memory, it can also include nonvolatile memory, such as firmly
Disk, memory, plug-in type hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital,
SD) block, flash card (Flash Card), at least one disk memory, flush memory device or other volatile solid-states
Part.
The memory 12 can be the external memory and/or internal storage of electronic equipment 1.Further, described
Memory 12 can be the circuit with store function for not having physical form in integrated circuit, such as RAM (Random-Access
Memory, random access memory), FIFO (First In First Out) etc..Alternatively, the memory 12 is also possible to
Memory with physical form, such as memory bar, TF card (Trans-flash Card).
If the integrated module/unit of the electronic equipment 1 is realized in the form of SFU software functional unit and as independent
Product when selling or using, can store in a computer readable storage medium.Based on this understanding, the present invention is real
All or part of the process in existing above-described embodiment method, can also instruct relevant hardware come complete by computer program
At the computer program can be stored in a computer readable storage medium, which is being executed by processor
When, it can be achieved that the step of above-mentioned each embodiment of the method.
Wherein, the computer program includes computer program code, and the computer program code can be source code
Form, object identification code form, executable file or certain intermediate forms etc..The computer-readable medium may include: can
Carry any entity or device, recording medium, USB flash disk, mobile hard disk, magnetic disk, CD, computer of the computer program code
Memory, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access
Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It should be noted that the computer-readable medium
The content for including can carry out increase and decrease appropriate according to the requirement made laws in jurisdiction with patent practice, such as in certain departments
Method administrative area does not include electric carrier signal and telecommunication signal according to legislation and patent practice, computer-readable medium.
In conjunction with Fig. 1, the memory 12 in the electronic equipment 1 stores multiple instruction to realize a kind of transmission side data
The multiple instruction can be performed to realize in method, the processor 13: when receiving data desensitization instruction, using configuration rule
It desensitizes to the data imported in cluster;When receiving data importing instruction, the importing permission for importing cluster is verified;
After the importing cluster is by verifying, the data after desensitization are imported into network attached storage NAS;It is visited when receiving data
When asking request, the access authority of authentication-access cluster;After the access cluster is by verifying, asked according to the data access
It asks, target data is determined from the NAS;The target data is imported into the access cluster.
Preferred embodiment according to the present invention, the importing cluster include production cluster, and the access cluster includes test set
Group.
Preferred embodiment according to the present invention, the data desensitization instruction include the combination of following one or more:
The data of the start by set date received, which desensitize, to be instructed;And/or
The data desensitization instruction of the user triggering received.
Preferred embodiment according to the present invention, the processor 13 also execute multiple instruction and include:
Identify the sensitive data in the importing cluster;
Determine the attribute data for importing cluster;
According to the attribute data, target desensitization rule is determined from the desensitization list of rules of configuration, wherein the desensitization
Store the attribute data of all clusters and the corresponding relationship of desensitization rule in list of rules;
It is desensitized with target desensitization rule to the sensitive data.
Preferred embodiment according to the present invention, the processor 13 also execute multiple instruction and include:
Using web crawlers technology, all clusters, and desensitization corresponding with all clusters rule are obtained, it is described de- to configure
Quick list of rules;Or
The related personnel of each cluster in all clusters is prompted to input desensitization rule corresponding with each cluster, to configure
State desensitization list of rules.
Preferred embodiment according to the present invention, the processor 13 also execute multiple instruction and include:
Receive the title and key for importing cluster;
According to the title and key, the importing permission for importing cluster is verified.
Preferred embodiment according to the present invention, the processor 13 also execute multiple instruction and include:
Access title and/or access address are obtained from the data access request;
According to the access title and/or access address, target data is determined from the NAS.
Specifically, the processor 13 can refer to the concrete methods of realizing of above-metioned instruction related in Fig. 1 corresponding embodiment
The description of step, this will not be repeated here.
In several embodiments provided by the present invention, it should be understood that disclosed system, device and method can be with
It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the module
It divides, only a kind of logical function partition, there may be another division manner in actual implementation.
The module as illustrated by the separation member may or may not be physically separated, aobvious as module
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.Some or all of the modules therein can be selected to realize the mesh of this embodiment scheme according to the actual needs
's.
It, can also be in addition, each functional module in each embodiment of the present invention can integrate in one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of hardware adds software function module.
It is obvious to a person skilled in the art that invention is not limited to the details of the above exemplary embodiments, Er Qie
In the case where without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.
Therefore, in all respects, the present embodiments are to be considered as illustrative and not restrictive, this
The range of invention is indicated by the appended claims rather than the foregoing description, it is intended that the equivalent requirements of the claims will be fallen in
All changes in meaning and scope are included in the present invention.Any attached associated diagram label in claim should not be considered as limit
Claim involved in making.
Furthermore, it is to be understood that one word of " comprising " does not exclude other units or steps, odd number is not excluded for plural number.In system claims
The multiple units or device of statement can also be implemented through software or hardware by a unit or device.Second equal words are used
It indicates title, and does not indicate any particular order.
Finally it should be noted that the above examples are only used to illustrate the technical scheme of the present invention and are not limiting, although reference
Preferred embodiment describes the invention in detail, those skilled in the art should understand that, it can be to of the invention
Technical solution is modified or equivalent replacement, without departing from the spirit and scope of the technical solution of the present invention.
Claims (10)
1. a kind of data transmission method, which is characterized in that the described method includes:
When receiving data desensitization instruction, desensitized using configuration rule to the data imported in cluster;
When receiving data importing instruction, the importing permission for importing cluster is verified;
After the importing cluster is by verifying, the data after desensitization are imported into network attached storage NAS;
When receiving data access request, the access authority of authentication-access cluster;
After the access cluster is by verifying, according to the data access request, target data is determined from the NAS;
The target data is imported into the access cluster.
2. data transmission method as described in claim 1, which is characterized in that the importing cluster includes production cluster, described
Accessing cluster includes test cluster.
3. data transmission method as described in claim 1, which is characterized in that data desensitization instruction include it is following a kind of or
The a variety of combination of person:
The data of the start by set date received, which desensitize, to be instructed;And/or
The data desensitization instruction of the user triggering received.
4. data transmission method as described in claim 1, which is characterized in that it is described using configuration rule to import cluster in
Data carry out desensitization
Identify the sensitive data in the importing cluster;
Determine the attribute data for importing cluster;
According to the attribute data, target desensitization rule is determined from the desensitization list of rules of configuration, wherein the desensitization rule
Store the attribute data of all clusters and the corresponding relationship of desensitization rule in list;
It is desensitized with target desensitization rule to the sensitive data.
5. data transmission method as claimed in claim 4, which is characterized in that according to the attribute data, from the de- of configuration
Before determining target desensitization rule in quick list of rules, the method also includes:
Using web crawlers technology, all clusters, and desensitization corresponding with all clusters rule are obtained, to configure the desensitization rule
Then list;Or
The related personnel of each cluster in all clusters is prompted to input desensitization rule corresponding with each cluster, it is described de- to configure
Quick list of rules.
6. data transmission method as described in claim 1, which is characterized in that the verifying importing permission for importing cluster
Include:
Receive the title and key for importing cluster;
According to the title and key, the importing permission for importing cluster is verified.
7. data transmission method as described in claim 1, which is characterized in that it is described according to the data access request, from institute
It states and determines that target data includes in NAS:
Access title and/or access address are obtained from the data access request;
According to the access title and/or access address, target data is determined from the NAS.
8. a kind of data transmission device, which is characterized in that described device includes:
Desensitization unit, for being taken off to the data imported in cluster using configuration rule when receiving data desensitization instruction
It is quick;
Authentication unit, for verifying the importing permission for importing cluster when receiving data importing instruction;
Import unit, for after the importing cluster is by verifying, the data after desensitization to be imported into network attached storage NAS
In;
The authentication unit is also used to when receiving data access request, the access authority of authentication-access cluster;
Determination unit is used for after the access cluster is by verifying, according to the data access request, from the NAS really
Set the goal data;
The import unit is also used to imported into the target data in the access cluster.
9. a kind of electronic equipment, which is characterized in that the electronic equipment includes:
Memory stores at least one instruction;And
Processor executes the instruction stored in the memory to realize data as claimed in any of claims 1 to 7 in one of claims
Transmission method.
10. a kind of computer readable storage medium, it is characterised in that: be stored at least one in the computer readable storage medium
A instruction, at least one described instruction are executed by the processor in electronic equipment to realize such as any one of claim 1 to 7
The data transmission method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811537695.1A CN109871708A (en) | 2018-12-15 | 2018-12-15 | Data transmission method, device, electronic equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811537695.1A CN109871708A (en) | 2018-12-15 | 2018-12-15 | Data transmission method, device, electronic equipment and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109871708A true CN109871708A (en) | 2019-06-11 |
Family
ID=66917100
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811537695.1A Pending CN109871708A (en) | 2018-12-15 | 2018-12-15 | Data transmission method, device, electronic equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109871708A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110519217A (en) * | 2019-07-05 | 2019-11-29 | 中国平安人寿保险股份有限公司 | Across company-data transmission method, device, computer equipment and storage medium |
CN117786732A (en) * | 2023-05-05 | 2024-03-29 | 中国标准化研究院 | Intelligent institution data storage system based on big data information desensitization method |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070022138A1 (en) * | 2005-07-22 | 2007-01-25 | Pranoop Erasani | Client failure fencing mechanism for fencing network file system data in a host-cluster environment |
US20090132419A1 (en) * | 2007-11-15 | 2009-05-21 | Garland Grammer | Obfuscating sensitive data while preserving data usability |
CN106295388A (en) * | 2015-06-04 | 2017-01-04 | 中国移动通信集团山东有限公司 | A kind of data desensitization method and device |
CN107679418A (en) * | 2017-09-30 | 2018-02-09 | 武汉汉思信息技术有限责任公司 | Data desensitization method, server and storage medium |
CN207489017U (en) * | 2017-10-23 | 2018-06-12 | 中恒华瑞(北京)信息技术有限公司 | Data desensitization system |
CN108573171A (en) * | 2018-04-13 | 2018-09-25 | 中国民航信息网络股份有限公司 | Greenplum data desensitization method, device, equipment and medium |
CN108762917A (en) * | 2018-05-04 | 2018-11-06 | 平安科技(深圳)有限公司 | Access request processing method, device, system, computer equipment and storage medium |
-
2018
- 2018-12-15 CN CN201811537695.1A patent/CN109871708A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070022138A1 (en) * | 2005-07-22 | 2007-01-25 | Pranoop Erasani | Client failure fencing mechanism for fencing network file system data in a host-cluster environment |
US20090132419A1 (en) * | 2007-11-15 | 2009-05-21 | Garland Grammer | Obfuscating sensitive data while preserving data usability |
CN106295388A (en) * | 2015-06-04 | 2017-01-04 | 中国移动通信集团山东有限公司 | A kind of data desensitization method and device |
CN107679418A (en) * | 2017-09-30 | 2018-02-09 | 武汉汉思信息技术有限责任公司 | Data desensitization method, server and storage medium |
CN207489017U (en) * | 2017-10-23 | 2018-06-12 | 中恒华瑞(北京)信息技术有限公司 | Data desensitization system |
CN108573171A (en) * | 2018-04-13 | 2018-09-25 | 中国民航信息网络股份有限公司 | Greenplum data desensitization method, device, equipment and medium |
CN108762917A (en) * | 2018-05-04 | 2018-11-06 | 平安科技(深圳)有限公司 | Access request processing method, device, system, computer equipment and storage medium |
Non-Patent Citations (1)
Title |
---|
胡坤等: "电信运营商应用数据的安全管控与隐私保护研究", 《信息通信技术》, pages 63 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110519217A (en) * | 2019-07-05 | 2019-11-29 | 中国平安人寿保险股份有限公司 | Across company-data transmission method, device, computer equipment and storage medium |
CN117786732A (en) * | 2023-05-05 | 2024-03-29 | 中国标准化研究院 | Intelligent institution data storage system based on big data information desensitization method |
CN117786732B (en) * | 2023-05-05 | 2024-05-31 | 中国标准化研究院 | Intelligent institution data storage system based on big data information desensitization method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6680840B2 (en) | Automatic detection of fraudulent digital certificates | |
US10079842B1 (en) | Transparent volume based intrusion detection | |
EP3149583B1 (en) | Method and apparatus for automating the building of threat models for the public cloud | |
US10740411B2 (en) | Determining repeat website users via browser uniqueness tracking | |
CN108734028B (en) | Data management method based on block chain, block chain link point and storage medium | |
US10972475B1 (en) | Account access security using a distributed ledger and/or a distributed file system | |
CN109376078B (en) | Mobile application testing method, terminal equipment and medium | |
US10333962B1 (en) | Correlating threat information across sources of distributed computing systems | |
US10769045B1 (en) | Measuring effectiveness of intrusion detection systems using cloned computing resources | |
CN106341381A (en) | Method and system of key management for rack server system | |
CN104753677B (en) | Password hierarchical control method and system | |
RU2697950C2 (en) | System and method of detecting latent behaviour of browser extension | |
CN106911770A (en) | A kind of data sharing method and system based on many cloud storages | |
US11290322B2 (en) | Honeypot asset cloning | |
US11750652B2 (en) | Generating false data for suspicious users | |
CN104866770B (en) | Sensitive data scanning method and system | |
CN108073351A (en) | The date storage method and credible chip of nonvolatile storage space in chip | |
CN109657492A (en) | Data base management method, medium and electronic equipment | |
US9965624B2 (en) | Log analysis device, unauthorized access auditing system, computer readable medium storing log analysis program, and log analysis method | |
CN112150113A (en) | Method, device and system for borrowing file data and method for borrowing data | |
CN109871708A (en) | Data transmission method, device, electronic equipment and storage medium | |
CN109522683A (en) | Software source tracing method, system, computer equipment and storage medium | |
CN109697371A (en) | Data base management method, device, medium and electronic equipment | |
CN110222508A (en) | Extort virus defense method, electronic equipment, system and medium | |
CN115604103A (en) | Configuration method and device of cloud computing system, storage medium and electronic equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |