CN109871708A - Data transmission method, device, electronic equipment and storage medium - Google Patents

Data transmission method, device, electronic equipment and storage medium Download PDF

Info

Publication number
CN109871708A
CN109871708A CN201811537695.1A CN201811537695A CN109871708A CN 109871708 A CN109871708 A CN 109871708A CN 201811537695 A CN201811537695 A CN 201811537695A CN 109871708 A CN109871708 A CN 109871708A
Authority
CN
China
Prior art keywords
data
cluster
desensitization
importing
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811537695.1A
Other languages
Chinese (zh)
Inventor
郑海瑛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201811537695.1A priority Critical patent/CN109871708A/en
Publication of CN109871708A publication Critical patent/CN109871708A/en
Pending legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of data transmission method, device, electronic equipment and storage medium.The data transmission method includes: to be desensitized using configuration rule to the data imported in cluster when receiving data desensitization instruction;When receiving data importing instruction, the importing permission for importing cluster is verified;After the importing cluster is by verifying, the data after desensitization are imported into network attached storage NAS;When receiving data access request, the access authority of authentication-access cluster;After the access cluster is by verifying, according to the data access request, target data is determined from the NAS;The target data is imported into the access cluster.The present invention can make data execute safe transmission automatically between each cluster, it is synchronous to realize data, while avoiding invading, information security is effectively ensured.

Description

Data transmission method, device, electronic equipment and storage medium
Technical field
The present invention relates to big data technical field more particularly to a kind of data transmission method, device, electronic equipment and storages Medium.
Background technique
A large amount of emulation data are needed in the project development of big data platform to come as test data to ETL (Extract Transform Load, data warehouse technology) program is tested, and it is all that tester provides access script, operation hand at present It moves after the data of production environment desensitize, then executes export, be then sent to test colleague, further by testing same manually import To test environment, whole process complex steps are not very intelligent, and take time and effort.
Summary of the invention
In view of the foregoing, it is necessary to a kind of data transmission method, device, electronic equipment and storage medium are provided, can be made Data execute safe transmission between each cluster automatically, avoid invading, information security is effectively ensured.
A kind of data transmission method, which comprises
When receiving data desensitization instruction, desensitized using configuration rule to the data imported in cluster;
When receiving data importing instruction, the importing permission for importing cluster is verified;
After the importing cluster is by verifying, the data after desensitization are imported into network attached storage NAS;
When receiving data access request, the access authority of authentication-access cluster;
After the access cluster is by verifying, according to the data access request, number of targets is determined from the NAS According to;
The target data is imported into the access cluster.
Preferred embodiment according to the present invention, the importing cluster include production cluster, and the access cluster includes test set Group.
Preferred embodiment according to the present invention, the data desensitization instruction include the combination of following one or more:
The data of the start by set date received, which desensitize, to be instructed;And/or
The data desensitization instruction of the user triggering received.
Preferred embodiment according to the present invention, it is described using configuration rule to import cluster in data carry out desensitization include:
Identify the sensitive data in the importing cluster;
Determine the attribute data for importing cluster;
According to the attribute data, target desensitization rule is determined from the desensitization list of rules of configuration, wherein the desensitization Store the attribute data of all clusters and the corresponding relationship of desensitization rule in list of rules;
It is desensitized with target desensitization rule to the sensitive data.
Preferred embodiment according to the present invention determines mesh according to the attribute data from the desensitization list of rules of configuration Before mark desensitization rule, the method also includes:
Using web crawlers technology, all clusters, and desensitization corresponding with all clusters rule are obtained, it is described de- to configure Quick list of rules;Or
The related personnel of each cluster in all clusters is prompted to input desensitization rule corresponding with each cluster, to configure State desensitization list of rules.
Preferred embodiment according to the present invention, the verifying importing permission for importing cluster include:
Receive the title and key for importing cluster;
According to the title and key, the importing permission for importing cluster is verified.
Preferred embodiment according to the present invention, it is described according to the data access request, target data is determined from the NAS Include:
Access title and/or access address are obtained from the data access request;
According to the access title and/or access address, target data is determined from the NAS.
A kind of data transmission device, described device include:
Desensitization unit, for when receive data desensitization instruction when, using configuration rule to import cluster in data into Row desensitization;
Authentication unit, for verifying the importing permission for importing cluster when receiving data importing instruction;
Import unit, for after the importing cluster is by verifying, the data after desensitization to be imported into network attached deposit It stores up in NAS;
The authentication unit is also used to when receiving data access request, the access authority of authentication-access cluster;
Determination unit is used for after the access cluster is by verifying, according to the data access request, from the NAS Middle determining target data;
The import unit is also used to imported into the target data in the access cluster.
Preferred embodiment according to the present invention, the importing cluster include production cluster, and the access cluster includes test set Group.
Preferred embodiment according to the present invention, the data desensitization instruction include the combination of following one or more:
The data of the start by set date received, which desensitize, to be instructed;And/or
The data desensitization instruction of the user triggering received.
Preferred embodiment according to the present invention, the desensitization unit are specifically used for:
Identify the sensitive data in the importing cluster;
Determine the attribute data for importing cluster;
According to the attribute data, target desensitization rule is determined from the desensitization list of rules of configuration, wherein the desensitization Store the attribute data of all clusters and the corresponding relationship of desensitization rule in list of rules;
It is desensitized with target desensitization rule to the sensitive data.
Preferred embodiment according to the present invention, described device further include:
Acquiring unit, for according to the attribute data, determining target desensitization rule from the desensitization list of rules of configuration Before then, using web crawlers technology, all clusters, and desensitization corresponding with all clusters rule are obtained, to configure the desensitization List of rules;Or
Prompt unit, for prompting the related personnel of each cluster in all clusters to input desensitization corresponding with each cluster Rule, to configure the desensitization list of rules.
Preferred embodiment according to the present invention, the authentication unit verify the importing permission for importing cluster and include:
Receive the title and key for importing cluster;
According to the title and key, the importing permission for importing cluster is verified.
Preferred embodiment according to the present invention, the determination unit are specifically used for:
Access title and/or access address are obtained from the data access request;
According to the access title and/or access address, target data is determined from the NAS.
A kind of electronic equipment, the electronic equipment include:
Memory stores at least one instruction;And
Processor executes the instruction stored in the memory to realize the data transmission method.
A kind of computer readable storage medium is stored at least one instruction, institute in the computer readable storage medium At least one instruction is stated to be executed by the processor in electronic equipment to realize the data transmission method.
As can be seen from the above technical solutions, the present invention can be when receiving data desensitization instruction, using configuration rule To import cluster in data desensitize, thus to sensitive data carry out effective protection, avoid leakage user privacy, and When receiving data importing instruction, the importing permission for importing cluster is verified, to avoid data are maliciously written, in the importing After cluster is by verifying, the data after desensitization are imported into NAS, when receiving data access request, authentication-access cluster Access authority, to avoid malice altered data, and the access cluster by verifying after, asked according to the data access It asks, determines that target data directly skips the fire prevention between cluster to establish data connection by the NAS from the NAS The target data is further imported into the access cluster by wall, so that data is executed safety automatically between each cluster and is passed It is defeated, it avoids invading, information security is effectively ensured.
Detailed description of the invention
Fig. 1 is the flow chart of the preferred embodiment of data transmission method of the present invention.
Fig. 2 is the functional block diagram of the preferred embodiment of data transmission device of the present invention.
Fig. 3 is the structural schematic diagram of the electronic equipment for the preferred embodiment that the present invention realizes data transmission method.
Main element symbol description
Electronic equipment 1
Memory 12
Processor 13
Data transmission device 11
Desensitization unit 110
Authentication unit 111
Import unit 112
Determination unit 113
Acquiring unit 114
Prompt unit 115
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, right in the following with reference to the drawings and specific embodiments The present invention is described in detail.
As shown in Figure 1, being the flow chart of the preferred embodiment of data transmission method of the present invention.According to different requirements, should The sequence of step can change in flow chart, and certain steps can be omitted.
The data transmission method is applied in one or more electronic equipment, and the electronic equipment is that one kind can be by According to the instruction for being previously set or storing, the equipment of progress numerical value calculating and/or information processing, hardware include but is not limited to automatically Microprocessor, specific integrated circuit (Application Specific Integrated Circuit, ASIC), programmable gate Array (Field-Programmable Gate Array, FPGA), digital processing unit (Digital Signal Processor, DSP), embedded device etc..
The electronic equipment can be any electronic product that human-computer interaction can be carried out with user, for example, personal meter Calculation machine, tablet computer, smart phone, personal digital assistant (PersonalDigital Assistant, PDA), game machine, friendship Mutual formula Web TV (Internet Protocol Television, IPTV), intellectual wearable device etc..
The electronic equipment can also include the network equipment and/or user equipment.Wherein, the network equipment includes, but It is not limited to single network server, the server group of multiple network servers composition or based on cloud computing (Cloud Computing the cloud being made of a large amount of hosts or network server).
Network locating for the electronic equipment include but is not limited to internet, wide area network, Metropolitan Area Network (MAN), local area network, it is virtual specially With network (Virtual Private Network, VPN) etc..
S10, when receiving data desensitization instruction, the electronic equipment is using configuration rule to the data imported in cluster It desensitizes.
It for big data platform, generally requires system operation personnel and a large amount of emulation data is provided, using as testing process In test data, to be tested ETL (Extract Transform Load, data warehouse technology) program.Existing Have in technical solution, usually provides access script by tester, and by system operation personnel manually by the data of production environment It desensitizes, further according to the data after the access script export desensitization, the data after the desensitization is further sent to institute Tester is stated, the tester manually imports the data after the desensitization in test environment, for the tester Member is tested.The above process is not only not smart enough, but also takes time and effort, and user experience is bad.
But in order to guarantee the safety of data transmission, test cluster and production cluster can not be communicated directly, with Prevent that the original creation data in the production cluster is accidentally distorted, or by the malicious attack of bogusware, therefore, uses The technical program can effectively solve the above problems, and data is made to execute safe transmission automatically between each cluster.
Preferably, the importing cluster includes production cluster, and the access cluster includes test cluster.
Preferably, the data desensitization instruction includes, but are not limited to the combination of following one or more:
(1) data for the start by set date that the electronic equipment receives, which desensitize, instructs.
Specifically, the electronic equipment, which can be set, is timed desensitization to the data in the importing cluster, to reduce Manual operation executes the electronic equipment automatically.
Further, the electronic equipment can be set every prefixed time interval to it is described importing cluster in data into The default date in every month can be set to the data in the importing cluster in row timing desensitization or the electronic equipment It is timed desensitization etc., the present invention does not limit.
(2) data for the user triggering that the electronic equipment receives, which desensitize, to be instructed.
Specifically, the electronic equipment is subject to the triggering command of the user, needs to carry out data in the user When desensitization, desensitization operation is executed.
Further, the user can trigger the triggering command by clicking trigger key, and the triggering key can To be virtual key or physical button etc..The user can also input corresponding phonetic order, using as the data Desensitization instruction, the present invention do not limit.
In at least one embodiment of the present invention, the configuration rule is the desensitization rule of electronic equipment configuration, The desensitization rule can be desensitization mode general in the industry, alternatively, the desensitization rule is also possible to user according to practical need The customized desensitization mode to be carried out.
Specifically, the desensitization rule may include, but be not limited to any one following mode:
K-Anonymity algorithm, L-Diversity algorithm, T-Closeness algorithm etc..
Preferably, the electronic equipment desensitize to the data imported in cluster using configuration rule includes:
The electronic equipment identifies the sensitive data in the importing cluster, determines the attribute data for importing cluster, And according to the attribute data, target desensitization rule is determined from the desensitization list of rules of configuration, wherein the desensitization rules column Store the attribute data of all clusters and the corresponding relationship of desensitization rule in table, the electronic equipment is desensitized with the target and advised Then desensitize to the sensitive data.
In at least one embodiment of the present invention, the sensitive data include it is described importing cluster in tables of data or Field etc., therefore, for different importing clusters, the definition of the sensitive data is also different, for example, collecting for production Group, the sensitive data may include, but be not limited to the combination of following one or more: passport NO., user name, account, Password etc..
In at least one embodiment of the present invention, the electronic equipment determines sensitive data according to the importing cluster Justice identifies the keyword or attribute for importing the data in cluster, with the determination sensitive data imported in cluster.
In at least one embodiment of the present invention, the attribute data includes the function attribute and application neck of each cluster Domain etc., such as: the attribute data of the production cluster is and to belong to development field for producing, the attribute of the test cluster Data are and to belong to testing field for testing.
Further, mesh is determined from the desensitization list of rules of configuration according to the attribute data in the electronic equipment Before mark desensitization rule, the method also includes:
(1) electronic equipment uses web crawlers technology, obtains all clusters, and desensitization corresponding with all clusters rule Then, to configure the desensitization list of rules.
By above embodiment, the electronic equipment configures the desensitization list of rules using mass data as foundation More comprehensively.
(2) related personnel's input of each cluster is corresponding with each cluster de- in all clusters of the electronic device prompts Quick rule, to configure the desensitization list of rules.
By above embodiment, the electronic equipment is with the object (collection connecting with the NAS of active service Group, and the cluster etc. that will connect with the NAS) provided by desensitization rule subject to, with configure be more in line with actual use feelings The desensitization list of rules of condition.
S11, when receiving data importing instruction, the electronic equipment verifies the importing permission for importing cluster.
In at least one embodiment of the present invention, the data import instruction and can be triggered by the user, It can be triggered by the electronic equipment according to process settings, the present invention does not limit.
Such as: when the electronic equipment, which receives user's trigger data, imports the signal of key, the electronics is set It is standby to determine that receiving the data imports instruction.
Either, when the electronic equipment is according to preset flow arrangement situation, the number in having executed the importing cluster According to desensitization task after, the electronic equipment can directly trigger the data and import instruction.
Specifically, the electronic equipment verify it is described import cluster importing permission include:
The electronic equipment receives the title and key for importing cluster, and according to the title and key, verifies institute State the importing permission for importing cluster.
In at least one embodiment of the present invention, in order to guarantee the safety of data transmission, the electronic equipment needs The importing permission for importing cluster is verified, is occurred the case where data to avoid being maliciously written, bringing to user need not The trouble or economic loss wanted.
Therefore, the electronic equipment can be pre-configured with key each to have permission cluster, and the electronic equipment record is every The title and key of a cluster having permission, for verifying.
Specifically, the electronic equipment can carry out the title received and key and preconfigured title and key Matching, when the title received and key and the success of preconfigured title and cipher key match, the electronic equipment is true The fixed importing cluster, which has, imports permission;When the title received and key and preconfigured title and cipher key match When failure, the electronic equipment determines that the importing cluster does not have and imports permission.
S12, after the importing cluster is by verifying, the data after desensitization imported into network attached by the electronic equipment It stores in NAS.
In at least one embodiment of the present invention, the NAS (Network Attached Storage, it is network attached Storage) it is to be connected on network, have the device of data storage function, it is data-centered, storage equipment and server is thorough Bottom separation, manages data concentratedly, to discharge bandwidth, improve performance, reduce totle drilling cost, protection investment.The NAS includes storage Device (such as disk array, CD/DVD driver, tape drive or moveable storage medium) and embedded systems software, can Cross-platform file-sharing function is provided.
Therefore, the NAS can be used as the intermediary of two clusters of connection, to avoid being directly connected to for two clusters.
On the one hand, due to can not be usually directly connected between two clusters, by the NAS, it is equivalent to and has skipped two Firewall between a cluster.
On the other hand, using the NAS as intermediary, can to avoid due to two clusters be directly connected to cause data Distort, the safety of effective protection data.
S13, when receiving data access request, the access authority of the electronic equipment authentication-access cluster.
In at least one embodiment of the present invention, the data access request can be triggered by the user, It can be triggered by the electronic equipment according to process settings, the present invention does not limit.
Such as: when the electronic equipment receives the signal of user's trigger data access request, the electronics is set Standby determination receives the data access request.
Either, when the electronic equipment is according to preset flow arrangement situation, after having executed data and having imported, the electricity Sub- equipment can directly trigger the data access request.
Specifically, the electronic equipment verify it is described access cluster access authority include:
The electronic equipment receives the title and key of the access cluster, and according to the title and key, verifies institute State the access authority of access cluster.
In at least one embodiment of the present invention, in order to guarantee the safety of data transmission, the electronic equipment needs The access authority of the access cluster is verified, is occurred the case where data to avoid maliciously reading, bringing to user need not The trouble or economic loss wanted.
Therefore, the electronic equipment can be pre-configured with key each to have permission cluster, and the electronic equipment record is every The title and key of a cluster having permission, for verifying.
Specifically, the electronic equipment can carry out the title received and key and preconfigured title and key Matching, when the title received and key and the success of preconfigured title and cipher key match, the electronic equipment is true The fixed access cluster has access authority;When the title received and key and preconfigured title and cipher key match When failure, the electronic equipment determines that the access cluster does not have access authority.
S14, after the access cluster is by verifying, the electronic equipment is according to the data access request, from described Target data is determined in NAS.
It at least one embodiment of the present invention, include the access name of the target data in the data access request Title or access address.
Further, the electronic equipment determines target packet according to the data access request from the NAS It includes:
The electronic equipment obtains access title and/or access address from the data access request, and according to described Title and/or access address are accessed, target data is determined from the NAS.
By matching the access title or access address, described in the electronic equipment can be determined from the NAS Target data.
The target data is imported into the access cluster by S15, the electronic equipment.
In at least one embodiment of the present invention, the target data is imported into the access and collected by the electronic equipment In group, for subsequent use.
Such as: when the access cluster is test cluster, the target data can be for using data, report, model Data, program, user's portrait etc., the electronic equipment can test the target data.
In conclusion the present invention can be when receiving data desensitization instruction, using configuration rule in importing cluster Data desensitize, to carry out effective protection to sensitive data, avoid the privacy of leakage user, and import receiving data When instruction, verifies the importing permission for importing cluster and pass through verifying in the importing cluster to avoid data are maliciously written Afterwards, the data after desensitization are imported into NAS, when receiving data access request, the access authority of authentication-access cluster, with Malice altered data is avoided, and after the access cluster is by verifying, according to the data access request, from the NAS It determines target data, to establish data connection by the NAS, directly skips the firewall between cluster, it further will be described Target data is imported into the access cluster, so that data is executed safe transmission automatically between each cluster, is avoided invading, effectively It ensures information security.
As shown in Fig. 2, being the functional block diagram of the preferred embodiment of data transmission device of the present invention.The data transmission dress Setting 11 includes desensitization unit 110, authentication unit 111, import unit 112, determination unit 113, acquiring unit 114 and prompt unit 115.So-called module/the unit of the present invention refers to that one kind can be performed by processor 13, and can complete fixed function Series of computation machine program segment, storage is in memory 12.It in the present embodiment, will be about the function of each module/unit It is described in detail in subsequent embodiment.
When receiving data desensitization instruction, desensitization unit 110 carries out the data imported in cluster using configuration rule Desensitization.
It for big data platform, generally requires system operation personnel and a large amount of emulation data is provided, using as testing process In test data, to be tested ETL (Extract Transform Load, data warehouse technology) program.Existing Have in technical solution, usually provides access script by tester, and by system operation personnel manually by the data of production environment It desensitizes, further according to the data after the access script export desensitization, the data after the desensitization is further sent to institute Tester is stated, the tester manually imports the data after the desensitization in test environment, for the tester Member is tested.The above process is not only not smart enough, but also takes time and effort, and user experience is bad.
But in order to guarantee the safety of data transmission, test cluster and production cluster can not be communicated directly, with Prevent that the original creation data in the production cluster is accidentally distorted, or by the malicious attack of bogusware, therefore, uses The technical program can effectively solve the above problems, and data is made to execute safe transmission automatically between each cluster.
Preferably, the importing cluster includes production cluster, and the access cluster includes test cluster.
Preferably, the data desensitization instruction includes, but are not limited to the combination of following one or more:
(1) data for the start by set date that the electronic equipment receives, which desensitize, instructs.
Specifically, the electronic equipment, which can be set, is timed desensitization to the data in the importing cluster, to reduce Manual operation executes the electronic equipment automatically.
Further, the electronic equipment can be set every prefixed time interval to it is described importing cluster in data into The default date in every month can be set to the data in the importing cluster in row timing desensitization or the electronic equipment It is timed desensitization etc., the present invention does not limit.
(2) data for the user triggering that the electronic equipment receives, which desensitize, to be instructed.
Specifically, the electronic equipment is subject to the triggering command of the user, needs to carry out data in the user When desensitization, desensitization operation is executed.
Further, the user can trigger the triggering command by clicking trigger key, and the triggering key can To be virtual key or physical button etc..The user can also input corresponding phonetic order, using as the data Desensitization instruction, the present invention do not limit.
In at least one embodiment of the present invention, the configuration rule is the desensitization rule of the desensitization unit 110 configuration Then, the desensitization rule can be desensitization mode general in the industry, alternatively, the desensitization rule is also possible to user according to reality The customized desensitization mode for needing to carry out.
Specifically, the desensitization rule may include, but be not limited to any one following mode:
K-Anonymity algorithm, L-Diversity algorithm, T-Closeness algorithm etc..
Preferably, the desensitization unit 110 desensitize to the data imported in cluster using configuration rule includes:
The desensitization unit 110 identifies the sensitive data in the importing cluster, and determines the attribute for importing cluster Data, and according to the attribute data, target desensitization rule is determined from the desensitization list of rules of configuration, wherein the desensitization Store the attribute data of all clusters and the corresponding relationship of desensitization rule in list of rules, the desensitization unit 110 is with described Target desensitization rule desensitizes to the sensitive data.
In at least one embodiment of the present invention, the sensitive data include it is described importing cluster in tables of data or Field etc., therefore, for different importing clusters, the definition of the sensitive data is also different, for example, collecting for production Group, the sensitive data may include, but be not limited to the combination of following one or more: passport NO., user name, account, Password etc..
In at least one embodiment of the present invention, the desensitization unit 110 is according to the importing cluster to sensitive data Definition, identify it is described import cluster in data keyword or attribute, with determination it is described import cluster in sensitive number According to.
In at least one embodiment of the present invention, the attribute data includes the function attribute and application neck of each cluster Domain etc., such as: the attribute data of the production cluster is and to belong to development field for producing, the attribute of the test cluster Data are and to belong to testing field for testing.
Further, it is determined from the desensitization list of rules of configuration in the desensitization unit 110 according to the attribute data Before target desensitization rule, the method also includes:
(1) acquiring unit 114 uses web crawlers technology, obtains all clusters, and desensitization corresponding with all clusters rule Then, to configure the desensitization list of rules.
By above embodiment, the acquiring unit 114 matches the desensitization list of rules using mass data as foundation That sets is more comprehensive.
(2) prompt unit 115 prompts the related personnel of each cluster in all clusters to input corresponding with each cluster de- Quick rule, to configure the desensitization list of rules.
By above embodiment, the prompt unit 115 (was connect with the NAS with the object of active service Cluster, and the cluster etc. that will be connect with the NAS) provided by desensitization rule subject to, with configuration be more in line with actual use The desensitization list of rules of situation.
When receiving data importing instruction, authentication unit 111 verifies the importing permission for importing cluster.
In at least one embodiment of the present invention, the data import instruction and can be triggered by the user, It can be triggered by the authentication unit 111 according to process settings, the present invention does not limit.
Such as: when the authentication unit 111, which receives user's trigger data, imports the signal of key, the verifying Unit 111 determines that receiving the data imports instruction.
Either, when the authentication unit 111 is according to preset flow arrangement situation, in having executed the importing cluster After the desensitization task of data, the authentication unit 111 can directly trigger the data and import instruction.
Specifically, the authentication unit 111 verify it is described import cluster importing permission include:
The authentication unit 111 receives the title and key for importing cluster, and according to the title and key, verifying The importing permission for importing cluster.
In at least one embodiment of the present invention, in order to guarantee the safety of data transmission, the authentication unit 111 is needed The importing permission for importing cluster is verified, occur the case where data to avoid being maliciously written, brought not to user Necessary trouble or economic loss.
Therefore, the authentication unit 111 can be for each having permission cluster is pre-configured with key, the authentication unit 111 The title and key for the cluster each having permission are recorded, for verifying.
Specifically, the authentication unit 111 can be by the title received and key and preconfigured title and key It is matched, when the title received and key and the success of preconfigured title and cipher key match, the verifying is single Member 111 determines that the importing cluster has and imports permission;When the title received and key and preconfigured title and When cipher key match fails, the authentication unit 111 determines that the importing cluster does not have and imports permission.
After the importing cluster is by verifying, the data after desensitization are imported into network attached storage by import unit 112 In NAS.
In at least one embodiment of the present invention, the NAS is connected on network, has the dress of data storage function It sets, it is data-centered, storage equipment is completely separated with server, manages data concentratedly, to discharge bandwidth, raising property It can, reduce totle drilling cost, protection investment.The NAS includes memory device (such as disk array, CD/DVD driver, magnetic tape drive Device or moveable storage medium) and embedded systems software, it is possible to provide cross-platform file-sharing function.
Therefore, the NAS can be used as the intermediary of two clusters of connection, to avoid being directly connected to for two clusters.
On the one hand, due to can not be usually directly connected between two clusters, by the NAS, it is equivalent to and has skipped two Firewall between a cluster.
On the other hand, using the NAS as intermediary, can to avoid due to two clusters be directly connected to cause data Distort, the safety of effective protection data.
When receiving data access request, the access authority of the 111 authentication-access cluster of authentication unit.
In at least one embodiment of the present invention, the data access request can be triggered by the user, It can be triggered by the authentication unit 111 according to process settings, the present invention does not limit.
Such as: when the authentication unit 111 receives the signal of user's trigger data access request, the verifying The determination of unit 111 receives the data access request.
Either, when the authentication unit 111 is according to preset flow arrangement situation, after having executed data and having imported, institute The data access request can directly be triggered by stating authentication unit 111.
Specifically, the authentication unit 111 verify it is described access cluster access authority include:
The authentication unit 111 receives the title and key of the access cluster, and according to the title and key, verifying The access authority of the access cluster.
In at least one embodiment of the present invention, in order to guarantee the safety of data transmission, the authentication unit 111 is needed The access authority of the access cluster is verified, occur the case where data to avoid maliciously reading, brought not to user Necessary trouble or economic loss.
Therefore, the authentication unit 111 can be for each having permission cluster is pre-configured with key, the authentication unit 111 The title and key for the cluster each having permission are recorded, for verifying.
Specifically, the authentication unit 111 can be by the title received and key and preconfigured title and key It is matched, when the title received and key and the success of preconfigured title and cipher key match, the verifying is single Member 111 determines that the access cluster has access authority;When the title received and key and preconfigured title and When cipher key match fails, the authentication unit 111 determines that the access cluster does not have access authority.
After the access cluster is by verifying, determination unit 113 is according to the data access request, from the NAS Determine target data.
It at least one embodiment of the present invention, include the access name of the target data in the data access request Title or access address.
Further, the determination unit 113 determines target data according to the data access request from the NAS Include:
The determination unit 113 obtains access title and/or access address from the data access request, and according to institute Access title and/or access address are stated, target data is determined from the NAS.
Institute can be determined from the NAS by matching the access title or access address, the determination unit 113 State target data.
The target data is imported into the access cluster by the import unit 112.
In at least one embodiment of the present invention, the target data is imported into the visit by the import unit 112 It asks in cluster, for subsequent use.
Such as: when the access cluster is test cluster, the target data can be for using data, report, model Data, program, user's portrait etc., the electronic equipment can test the target data.
In conclusion the present invention can be when receiving data desensitization instruction, using configuration rule in importing cluster Data desensitize, to carry out effective protection to sensitive data, avoid the privacy of leakage user, and import receiving data When instruction, verifies the importing permission for importing cluster and pass through verifying in the importing cluster to avoid data are maliciously written Afterwards, the data after desensitization are imported into NAS, when receiving data access request, the access authority of authentication-access cluster, with Malice altered data is avoided, and after the access cluster is by verifying, according to the data access request, from the NAS It determines target data, to establish data connection by the NAS, directly skips the firewall between cluster, it further will be described Target data is imported into the access cluster, so that data is executed safe transmission automatically between each cluster, is avoided invading, effectively It ensures information security.
As shown in figure 3, being the structural schematic diagram of the electronic equipment for the preferred embodiment that the present invention realizes data transmission method.
The electronic equipment 1 be it is a kind of can according to the instruction for being previously set or store, automatic progress numerical value calculating and/or The equipment of information processing, hardware include but is not limited to microprocessor, specific integrated circuit (Application Specific Integrated Circuit, ASIC), programmable gate array (Field-Programmable Gate Array, FPGA), number Word processing device (Digital Signal Processor, DSP), embedded device etc..
The electronic equipment 1, which can also be but not limited to any one, to pass through keyboard, mouse, remote controler, touching with user The modes such as template or voice-operated device carry out the electronic product of human-computer interaction, for example, personal computer, tablet computer, smart phone, Personal digital assistant (Personal Digital Assistant, PDA), game machine, Interactive Internet TV (Internet Protocol Television, IPTV), intellectual wearable device etc..
The electronic equipment 1 can also be that the calculating such as desktop PC, notebook, palm PC and cloud server are set It is standby.
Network locating for the electronic equipment 1 include but is not limited to internet, wide area network, Metropolitan Area Network (MAN), local area network, it is virtual specially With network (Virtual Private Network, VPN) etc..
In one embodiment of the invention, the electronic equipment 1 includes, but are not limited to memory 12, processor 13, And it is stored in the computer program that can be run in the memory 12 and on the processor 13, such as data transmit journey Sequence.
It will be understood by those skilled in the art that the schematic diagram is only the example of electronic equipment 1, not structure paired electrons The restriction of equipment 1 may include perhaps combining certain components or different components, example than illustrating more or fewer components Such as described electronic equipment 1 can also include input-output equipment, network access equipment, bus.
Alleged processor 13 can be central processing unit (Central Processing Unit, CPU), can also be Other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field- Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic, Discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processor Deng the processor 13 is arithmetic core and the control centre of the electronic equipment 1, entire using various interfaces and connection The various pieces of electronic equipment 1, and execute the operating system of the electronic equipment 1 and types of applications program, the program of installation Code etc..
The processor 13 executes the operating system of the electronic equipment 1 and the types of applications program of installation.The place Reason device 13 executes the application program to realize the step in above-mentioned each data transmission method embodiment, such as shown in FIG. 1 Step S10, S11, S12, S13, S14, S15.
Alternatively, the processor 13 realizes each module in above-mentioned each Installation practice/mono- when executing the computer program The function of member, such as: when receiving data desensitization instruction, desensitized using configuration rule to the data imported in cluster; When receiving data importing instruction, the importing permission for importing cluster is verified;It, will after the importing cluster is by verifying Data after desensitization are imported into network attached storage NAS;When receiving data access request, the access of authentication-access cluster Permission;After the access cluster is by verifying, according to the data access request, target data is determined from the NAS;It will The target data is imported into the access cluster.
Illustratively, the computer program can be divided into one or more module/units, one or more A module/unit is stored in the memory 12, and is executed by the processor 13, to complete the present invention.It is one Or multiple module/units can be the series of computation machine program instruction section that can complete specific function, the instruction segment is for retouching State implementation procedure of the computer program in the electronic equipment 1.For example, the computer program can be divided into it is de- Quick unit 110, authentication unit 111, import unit 112, determination unit 113, acquiring unit 114 and prompt unit 115.
The memory 12 can be used for storing the computer program and/or module, the processor 13 by operation or The computer program and/or module being stored in the memory 12 are executed, and calls the data being stored in memory 12, Realize the various functions of the electronic equipment 1.The memory 12 can mainly include storing program area and storage data area, In, storing program area can application program needed for storage program area, at least one function (such as sound-playing function, image Playing function etc.) etc.;Storage data area, which can be stored, uses created data (such as audio data, phone directory according to mobile phone Deng) etc..In addition, memory 12 may include high-speed random access memory, it can also include nonvolatile memory, such as firmly Disk, memory, plug-in type hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) block, flash card (Flash Card), at least one disk memory, flush memory device or other volatile solid-states Part.
The memory 12 can be the external memory and/or internal storage of electronic equipment 1.Further, described Memory 12 can be the circuit with store function for not having physical form in integrated circuit, such as RAM (Random-Access Memory, random access memory), FIFO (First In First Out) etc..Alternatively, the memory 12 is also possible to Memory with physical form, such as memory bar, TF card (Trans-flash Card).
If the integrated module/unit of the electronic equipment 1 is realized in the form of SFU software functional unit and as independent Product when selling or using, can store in a computer readable storage medium.Based on this understanding, the present invention is real All or part of the process in existing above-described embodiment method, can also instruct relevant hardware come complete by computer program At the computer program can be stored in a computer readable storage medium, which is being executed by processor When, it can be achieved that the step of above-mentioned each embodiment of the method.
Wherein, the computer program includes computer program code, and the computer program code can be source code Form, object identification code form, executable file or certain intermediate forms etc..The computer-readable medium may include: can Carry any entity or device, recording medium, USB flash disk, mobile hard disk, magnetic disk, CD, computer of the computer program code Memory, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It should be noted that the computer-readable medium The content for including can carry out increase and decrease appropriate according to the requirement made laws in jurisdiction with patent practice, such as in certain departments Method administrative area does not include electric carrier signal and telecommunication signal according to legislation and patent practice, computer-readable medium.
In conjunction with Fig. 1, the memory 12 in the electronic equipment 1 stores multiple instruction to realize a kind of transmission side data The multiple instruction can be performed to realize in method, the processor 13: when receiving data desensitization instruction, using configuration rule It desensitizes to the data imported in cluster;When receiving data importing instruction, the importing permission for importing cluster is verified; After the importing cluster is by verifying, the data after desensitization are imported into network attached storage NAS;It is visited when receiving data When asking request, the access authority of authentication-access cluster;After the access cluster is by verifying, asked according to the data access It asks, target data is determined from the NAS;The target data is imported into the access cluster.
Preferred embodiment according to the present invention, the importing cluster include production cluster, and the access cluster includes test set Group.
Preferred embodiment according to the present invention, the data desensitization instruction include the combination of following one or more:
The data of the start by set date received, which desensitize, to be instructed;And/or
The data desensitization instruction of the user triggering received.
Preferred embodiment according to the present invention, the processor 13 also execute multiple instruction and include:
Identify the sensitive data in the importing cluster;
Determine the attribute data for importing cluster;
According to the attribute data, target desensitization rule is determined from the desensitization list of rules of configuration, wherein the desensitization Store the attribute data of all clusters and the corresponding relationship of desensitization rule in list of rules;
It is desensitized with target desensitization rule to the sensitive data.
Preferred embodiment according to the present invention, the processor 13 also execute multiple instruction and include:
Using web crawlers technology, all clusters, and desensitization corresponding with all clusters rule are obtained, it is described de- to configure Quick list of rules;Or
The related personnel of each cluster in all clusters is prompted to input desensitization rule corresponding with each cluster, to configure State desensitization list of rules.
Preferred embodiment according to the present invention, the processor 13 also execute multiple instruction and include:
Receive the title and key for importing cluster;
According to the title and key, the importing permission for importing cluster is verified.
Preferred embodiment according to the present invention, the processor 13 also execute multiple instruction and include:
Access title and/or access address are obtained from the data access request;
According to the access title and/or access address, target data is determined from the NAS.
Specifically, the processor 13 can refer to the concrete methods of realizing of above-metioned instruction related in Fig. 1 corresponding embodiment The description of step, this will not be repeated here.
In several embodiments provided by the present invention, it should be understood that disclosed system, device and method can be with It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the module It divides, only a kind of logical function partition, there may be another division manner in actual implementation.
The module as illustrated by the separation member may or may not be physically separated, aobvious as module The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.Some or all of the modules therein can be selected to realize the mesh of this embodiment scheme according to the actual needs 's.
It, can also be in addition, each functional module in each embodiment of the present invention can integrate in one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of hardware adds software function module.
It is obvious to a person skilled in the art that invention is not limited to the details of the above exemplary embodiments, Er Qie In the case where without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.
Therefore, in all respects, the present embodiments are to be considered as illustrative and not restrictive, this The range of invention is indicated by the appended claims rather than the foregoing description, it is intended that the equivalent requirements of the claims will be fallen in All changes in meaning and scope are included in the present invention.Any attached associated diagram label in claim should not be considered as limit Claim involved in making.
Furthermore, it is to be understood that one word of " comprising " does not exclude other units or steps, odd number is not excluded for plural number.In system claims The multiple units or device of statement can also be implemented through software or hardware by a unit or device.Second equal words are used It indicates title, and does not indicate any particular order.
Finally it should be noted that the above examples are only used to illustrate the technical scheme of the present invention and are not limiting, although reference Preferred embodiment describes the invention in detail, those skilled in the art should understand that, it can be to of the invention Technical solution is modified or equivalent replacement, without departing from the spirit and scope of the technical solution of the present invention.

Claims (10)

1. a kind of data transmission method, which is characterized in that the described method includes:
When receiving data desensitization instruction, desensitized using configuration rule to the data imported in cluster;
When receiving data importing instruction, the importing permission for importing cluster is verified;
After the importing cluster is by verifying, the data after desensitization are imported into network attached storage NAS;
When receiving data access request, the access authority of authentication-access cluster;
After the access cluster is by verifying, according to the data access request, target data is determined from the NAS;
The target data is imported into the access cluster.
2. data transmission method as described in claim 1, which is characterized in that the importing cluster includes production cluster, described Accessing cluster includes test cluster.
3. data transmission method as described in claim 1, which is characterized in that data desensitization instruction include it is following a kind of or The a variety of combination of person:
The data of the start by set date received, which desensitize, to be instructed;And/or
The data desensitization instruction of the user triggering received.
4. data transmission method as described in claim 1, which is characterized in that it is described using configuration rule to import cluster in Data carry out desensitization
Identify the sensitive data in the importing cluster;
Determine the attribute data for importing cluster;
According to the attribute data, target desensitization rule is determined from the desensitization list of rules of configuration, wherein the desensitization rule Store the attribute data of all clusters and the corresponding relationship of desensitization rule in list;
It is desensitized with target desensitization rule to the sensitive data.
5. data transmission method as claimed in claim 4, which is characterized in that according to the attribute data, from the de- of configuration Before determining target desensitization rule in quick list of rules, the method also includes:
Using web crawlers technology, all clusters, and desensitization corresponding with all clusters rule are obtained, to configure the desensitization rule Then list;Or
The related personnel of each cluster in all clusters is prompted to input desensitization rule corresponding with each cluster, it is described de- to configure Quick list of rules.
6. data transmission method as described in claim 1, which is characterized in that the verifying importing permission for importing cluster Include:
Receive the title and key for importing cluster;
According to the title and key, the importing permission for importing cluster is verified.
7. data transmission method as described in claim 1, which is characterized in that it is described according to the data access request, from institute It states and determines that target data includes in NAS:
Access title and/or access address are obtained from the data access request;
According to the access title and/or access address, target data is determined from the NAS.
8. a kind of data transmission device, which is characterized in that described device includes:
Desensitization unit, for being taken off to the data imported in cluster using configuration rule when receiving data desensitization instruction It is quick;
Authentication unit, for verifying the importing permission for importing cluster when receiving data importing instruction;
Import unit, for after the importing cluster is by verifying, the data after desensitization to be imported into network attached storage NAS In;
The authentication unit is also used to when receiving data access request, the access authority of authentication-access cluster;
Determination unit is used for after the access cluster is by verifying, according to the data access request, from the NAS really Set the goal data;
The import unit is also used to imported into the target data in the access cluster.
9. a kind of electronic equipment, which is characterized in that the electronic equipment includes:
Memory stores at least one instruction;And
Processor executes the instruction stored in the memory to realize data as claimed in any of claims 1 to 7 in one of claims Transmission method.
10. a kind of computer readable storage medium, it is characterised in that: be stored at least one in the computer readable storage medium A instruction, at least one described instruction are executed by the processor in electronic equipment to realize such as any one of claim 1 to 7 The data transmission method.
CN201811537695.1A 2018-12-15 2018-12-15 Data transmission method, device, electronic equipment and storage medium Pending CN109871708A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811537695.1A CN109871708A (en) 2018-12-15 2018-12-15 Data transmission method, device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811537695.1A CN109871708A (en) 2018-12-15 2018-12-15 Data transmission method, device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN109871708A true CN109871708A (en) 2019-06-11

Family

ID=66917100

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811537695.1A Pending CN109871708A (en) 2018-12-15 2018-12-15 Data transmission method, device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN109871708A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110519217A (en) * 2019-07-05 2019-11-29 中国平安人寿保险股份有限公司 Across company-data transmission method, device, computer equipment and storage medium
CN117786732A (en) * 2023-05-05 2024-03-29 中国标准化研究院 Intelligent institution data storage system based on big data information desensitization method

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070022138A1 (en) * 2005-07-22 2007-01-25 Pranoop Erasani Client failure fencing mechanism for fencing network file system data in a host-cluster environment
US20090132419A1 (en) * 2007-11-15 2009-05-21 Garland Grammer Obfuscating sensitive data while preserving data usability
CN106295388A (en) * 2015-06-04 2017-01-04 中国移动通信集团山东有限公司 A kind of data desensitization method and device
CN107679418A (en) * 2017-09-30 2018-02-09 武汉汉思信息技术有限责任公司 Data desensitization method, server and storage medium
CN207489017U (en) * 2017-10-23 2018-06-12 中恒华瑞(北京)信息技术有限公司 Data desensitization system
CN108573171A (en) * 2018-04-13 2018-09-25 中国民航信息网络股份有限公司 Greenplum data desensitization method, device, equipment and medium
CN108762917A (en) * 2018-05-04 2018-11-06 平安科技(深圳)有限公司 Access request processing method, device, system, computer equipment and storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070022138A1 (en) * 2005-07-22 2007-01-25 Pranoop Erasani Client failure fencing mechanism for fencing network file system data in a host-cluster environment
US20090132419A1 (en) * 2007-11-15 2009-05-21 Garland Grammer Obfuscating sensitive data while preserving data usability
CN106295388A (en) * 2015-06-04 2017-01-04 中国移动通信集团山东有限公司 A kind of data desensitization method and device
CN107679418A (en) * 2017-09-30 2018-02-09 武汉汉思信息技术有限责任公司 Data desensitization method, server and storage medium
CN207489017U (en) * 2017-10-23 2018-06-12 中恒华瑞(北京)信息技术有限公司 Data desensitization system
CN108573171A (en) * 2018-04-13 2018-09-25 中国民航信息网络股份有限公司 Greenplum data desensitization method, device, equipment and medium
CN108762917A (en) * 2018-05-04 2018-11-06 平安科技(深圳)有限公司 Access request processing method, device, system, computer equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
胡坤等: "电信运营商应用数据的安全管控与隐私保护研究", 《信息通信技术》, pages 63 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110519217A (en) * 2019-07-05 2019-11-29 中国平安人寿保险股份有限公司 Across company-data transmission method, device, computer equipment and storage medium
CN117786732A (en) * 2023-05-05 2024-03-29 中国标准化研究院 Intelligent institution data storage system based on big data information desensitization method
CN117786732B (en) * 2023-05-05 2024-05-31 中国标准化研究院 Intelligent institution data storage system based on big data information desensitization method

Similar Documents

Publication Publication Date Title
JP6680840B2 (en) Automatic detection of fraudulent digital certificates
US10079842B1 (en) Transparent volume based intrusion detection
EP3149583B1 (en) Method and apparatus for automating the building of threat models for the public cloud
US10740411B2 (en) Determining repeat website users via browser uniqueness tracking
CN108734028B (en) Data management method based on block chain, block chain link point and storage medium
US10972475B1 (en) Account access security using a distributed ledger and/or a distributed file system
CN109376078B (en) Mobile application testing method, terminal equipment and medium
US10333962B1 (en) Correlating threat information across sources of distributed computing systems
US10769045B1 (en) Measuring effectiveness of intrusion detection systems using cloned computing resources
CN106341381A (en) Method and system of key management for rack server system
CN104753677B (en) Password hierarchical control method and system
RU2697950C2 (en) System and method of detecting latent behaviour of browser extension
CN106911770A (en) A kind of data sharing method and system based on many cloud storages
US11290322B2 (en) Honeypot asset cloning
US11750652B2 (en) Generating false data for suspicious users
CN104866770B (en) Sensitive data scanning method and system
CN108073351A (en) The date storage method and credible chip of nonvolatile storage space in chip
CN109657492A (en) Data base management method, medium and electronic equipment
US9965624B2 (en) Log analysis device, unauthorized access auditing system, computer readable medium storing log analysis program, and log analysis method
CN112150113A (en) Method, device and system for borrowing file data and method for borrowing data
CN109871708A (en) Data transmission method, device, electronic equipment and storage medium
CN109522683A (en) Software source tracing method, system, computer equipment and storage medium
CN109697371A (en) Data base management method, device, medium and electronic equipment
CN110222508A (en) Extort virus defense method, electronic equipment, system and medium
CN115604103A (en) Configuration method and device of cloud computing system, storage medium and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination