CN111125767A - Dynamic desensitization method, apparatus, electronic device and computer-readable storage medium - Google Patents
Dynamic desensitization method, apparatus, electronic device and computer-readable storage medium Download PDFInfo
- Publication number
- CN111125767A CN111125767A CN201911367161.3A CN201911367161A CN111125767A CN 111125767 A CN111125767 A CN 111125767A CN 201911367161 A CN201911367161 A CN 201911367161A CN 111125767 A CN111125767 A CN 111125767A
- Authority
- CN
- China
- Prior art keywords
- desensitization
- target
- rule
- information
- rules
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000586 desensitisation Methods 0.000 title claims abstract description 243
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000013507 mapping Methods 0.000 claims abstract description 25
- 230000000873 masking effect Effects 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 6
- 238000012545 processing Methods 0.000 description 20
- 238000010586 diagram Methods 0.000 description 10
- 238000004891 communication Methods 0.000 description 6
- 230000004048 modification Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 206010020751 Hypersensitivity Diseases 0.000 description 1
- 208000026935 allergic disease Diseases 0.000 description 1
- 230000007815 allergy Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000013503 de-identification Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the application provides a dynamic desensitization method, a dynamic desensitization device, electronic equipment and a computer-readable storage medium, and relates to the technical field of data desensitization. The method comprises the following steps: receiving target authority information and data to be desensitized; selecting a target desensitization rule from a plurality of preset desensitization rules according to the target authority information and a preset relational mapping table; the relational mapping table is used for representing the corresponding relation between a plurality of authority information and a plurality of desensitization rules, and each desensitization rule adopts different rules; and desensitizing the data to be desensitized according to a target desensitizing rule. The method can make different desensitization rules for different users, and meet the desensitization requirements of different users.
Description
Technical Field
The present application relates to the field of data desensitization technologies, and in particular, to a dynamic desensitization method, apparatus, electronic device, and computer-readable storage medium.
Background
The desensitization mode in the prior art generally uses a uniform desensitization rule to desensitize all sensitive data, cannot perform targeted desensitization according to an actual scene, cannot completely meet user requirements, and is not flexible.
Disclosure of Invention
The application aims to provide a dynamic desensitization method, a dynamic desensitization device, an electronic device and a computer-readable storage medium, which can make different desensitization rules for different users to meet desensitization requirements of different users.
In order to achieve the above purpose, the embodiments of the present application employ the following technical solutions:
in a first aspect, an embodiment of the present application provides a dynamic desensitization method, including:
receiving target authority information and data to be desensitized;
selecting a target desensitization rule from a plurality of preset desensitization rules according to the target authority information and a preset relational mapping table; the relational mapping table is used for representing the corresponding relation between a plurality of authority information and a plurality of desensitization rules, and each desensitization rule adopts different rules;
and desensitizing the data to be desensitized according to the target desensitizing rule.
In a second aspect, embodiments of the present application provide a dynamic desensitizing apparatus, the apparatus comprising:
the receiving module is used for receiving the target authority information and the data to be desensitized;
the selection module is used for selecting a target desensitization rule from a plurality of preset desensitization rules according to the target authority information and a preset relational mapping table; the relational mapping table is used for representing the corresponding relation between a plurality of authority information and a plurality of desensitization rules, and each desensitization rule adopts different rules;
and the desensitization module is used for desensitizing the data to be desensitized according to the target desensitization rule.
In a third aspect, embodiments of the present application provide an electronic device, including a processor and a memory, where the memory stores machine executable instructions that are executable by the processor to implement the above-mentioned dynamic desensitization method.
In a fourth aspect, the present application provides a computer-readable storage medium, on which a computer program is stored, and the computer program is executed by a processor to implement the above dynamic desensitization method.
Compared with the prior art, the dynamic desensitization method, the device, the electronic equipment and the computer-readable storage medium provided by the embodiment of the application receive the target authority information and the data to be desensitized; selecting a target desensitization rule from a plurality of preset desensitization rules according to the target authority information and a preset relational mapping table; desensitization processing is carried out on data to be desensitized according to a target desensitization rule, and because the relation mapping table is used for representing the corresponding relation between the plurality of authority information and the plurality of desensitization rules, each desensitization rule adopts different rules. Therefore, according to the relation mapping table of the pre-equipment and the multiple desensitization rules, the corresponding target desensitization rules can be selected according to different target authority information to perform desensitization treatment on the data to be desensitized, and different desensitization rules can be set for different data to be desensitized according to different user service requirements more flexibly so as to meet different user service requirements.
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and it will be apparent to those skilled in the art that other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure;
fig. 2 is a schematic flow chart of a dynamic desensitization method according to an embodiment of the present disclosure;
fig. 3 is a schematic flow chart of another dynamic desensitization method according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a dynamic desensitization apparatus according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of another dynamic desensitization apparatus according to an embodiment of the present application.
In the figure: 100-an electronic device; 110-a memory; 120-a processor; 130-a communication module; 140-display interface; 150-a dynamic desensitizing device; 151-a receiving module; 152-a selection module; 153-desensitization module; 154-modifying the module.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
In the description of the present application, it should be noted that the terms "upper", "lower", "inner", "outer", and the like indicate orientations or positional relationships based on orientations or positional relationships shown in the drawings or orientations or positional relationships conventionally found in use of products of the application, and are used only for convenience in describing the present application and for simplification of description, but do not indicate or imply that the referred devices or elements must have a specific orientation, be constructed in a specific orientation, and be operated, and thus should not be construed as limiting the present application.
In the description of the present application, it is also to be noted that, unless otherwise explicitly specified or limited, the terms "disposed" and "connected" are to be interpreted broadly, e.g., as being either fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present application can be understood in a specific case by those of ordinary skill in the art.
Some embodiments of the present application will be described in detail below with reference to the accompanying drawings. The embodiments described below and the features of the embodiments can be combined with each other without conflict.
Referring to fig. 1, fig. 1 is a schematic structural diagram of an electronic device 100 according to an embodiment of the present disclosure. The electronic device 100 includes a memory 110, a processor 120, a communication module 130, and a display interface 140. The memory 110, the processor 120, the communication module 130, and the display interface 140 are electrically connected to each other, directly or indirectly, to enable data transmission or interaction. For example, the components may be electrically connected to each other via one or more communication buses or signal lines.
In the embodiment, the memory 110 may be used to store software programs and modules, such as program instructions/modules corresponding to the dynamic desensitization method provided in the embodiment of the present application, and the processor 120 executes the software programs and modules stored in the memory 110 to perform various functional applications and data processing. The communication module 130 may be used for communicating signaling or data with other node devices. The electronic device 100 may have a plurality of communication modules 130 in the present application. The display interface 140 provides both an output and an input interface between the electronic device 100 and a user.
The Memory 110 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like.
The processor 120 may be an integrated circuit chip having signal processing capabilities. The processor 120 may be a general-purpose processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc.
The display interface 140 is capable of sensing a touch or mouse click from a location on the display interface 140 and processing the sensed touch or mouse click by the processor 120.
The electronic device 100 may implement any of the dynamic desensitization methods provided herein. The electronic device 100 may be, but is not limited to, a cell phone, a tablet computer, a notebook computer, a server, or other electronic devices 100 with processing capabilities.
The present embodiment provides a computer readable storage medium, on which a computer program is stored, and the computer program, when executed by the processor 120, implements the dynamic desensitization method according to any one of the foregoing embodiments. The computer readable storage medium may be, but is not limited to, various media that can store program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a PROM, an EPROM, an EEPROM, a magnetic or optical disk, etc.
Fig. 2 is a schematic flow chart of a dynamic desensitization method according to an embodiment of the present invention. It should be noted that the dynamic desensitization method provided by the embodiment of the present invention is not limited by fig. 2 and the following specific sequence, and it should be understood that, in other embodiments, the sequence of some steps in the dynamic desensitization method provided by the embodiment of the present invention may be interchanged according to actual needs, or some steps may be omitted or deleted. The dynamic desensitization method can be applied to the electronic device 100 shown in fig. 1, and the specific flow shown in fig. 2 will be described in detail below.
Step S201, receiving the target authority information and the data to be desensitized.
In the embodiment, the authority information is generated by a preset authority management component according to the user type; wherein, different authority information corresponds to different user types.
It can be understood that the user may apply for obtaining the target permission information according to the permission management component, and then input the target permission information and the data to be desensitized through the display interface 140, and the display interface 140 responds to the user operation to provide the target permission information and the data to be desensitized to the processor 120.
The authority management component can adopt an Apache Range open source component, different users can be respectively authorized through the Apache Range open source component, and authority information of different authority types is generated according to application types of the different users. For example, if the user is an administrator, the Apache Ranger open source component generates administrator permission information; and if the user is a common user, generating common authority information by the Apache Range open source component. Since the common users are divided into personal users, enterprise users, government users and the like, the Apache Range open source component generates common permission information with different permission types according to different common user types; that is, the common authority information applied by the individual user type is the individual common authority information, the common authority information applied by the enterprise user type is the enterprise common authority information, and the common authority information applied by the government user type is the government common authority information.
Step S202, selecting a target desensitization rule from a plurality of preset desensitization rules according to the target authority information and a preset relational mapping table.
In this embodiment, the relationship mapping table is used to represent the corresponding relationship between a plurality of right information and a plurality of desensitization rules, and each desensitization rule adopts a different rule.
It is to be understood that the desensitization rules may include individual user desensitization rules, enterprise user desensitization rules, government user desensitization rules, etc., which are not limited herein and may be set according to actual situations. The rules between individual user desensitization rules, enterprise user desensitization rules, and government user desensitization rules are different, i.e., the desensitization criteria for government user allergy rules are stringent to enterprise user desensitization rules, and the desensitization criteria for enterprise user desensitization rules are stringent to individual user desensitization rules. Because the plurality of authority information are authority information corresponding to different user types, the plurality of authority information are different authority types, and the plurality of authority information can correspond to administrator authority information, personal common authority information, enterprise common authority information, government common authority information and the like. The relational mapping table is used for representing the corresponding relation between the individual user desensitization rule and the individual common authority information, the corresponding relation between the enterprise user desensitization rule and the enterprise common authority information, the corresponding relation between the government user desensitization rule and the government common authority information and the like.
In this embodiment, the authority information includes a user account, and the processor 120 can obtain an authority type corresponding to the user account according to the user account. Correspondingly, the target authority information also includes a target user account, the processor 120 can obtain a target authority type corresponding to the target user account according to the target user account, and the processor 120 can select a target desensitization rule from a plurality of desensitization rules according to the target authority type and the relationship mapping table.
For example, if the target permission information is the personal common permission information, the processor 120 learns that the permission type corresponding to the target permission information is the personal common permission information according to the target user account, and according to the corresponding relationship between the personal common permission information and the personal user desensitization rule in the relationship mapping table, the processor 120 can select the personal user desensitization rule from the personal user desensitization rule, the enterprise user desensitization rule and the government user desensitization rule as the target desensitization rule.
And step S203, desensitizing the data to be desensitized according to the target desensitizing rule.
In this embodiment, if the target desensitization rule is the individual user desensitization rule, the processor 120 performs desensitization processing on the data to be desensitized according to the individual user desensitization rule; if the target desensitization rule is the enterprise user desensitization rule, the processor 120 performs desensitization processing on the data to be desensitized according to the enterprise user desensitization rule; the target desensitization rule is a government user desensitization rule, and the processor 120 performs desensitization processing on the data to be desensitized according to the government user desensitization rule.
In this embodiment, the desensitization rule includes a sensitive data type, a sensitive data name, and a desensitization policy; wherein the different desensitization rules comprise different at least one of sensitive data type, sensitive data name and desensitization policy.
It is to be appreciated that the sensitive data type includes at least one of personal information, business information, and government information. The sensitive data name comprises at least one of name information, mailbox information, a private plane number, a mobile phone number, a license plate number, an IP address, mac address information, a postal code, an identification card number, a bank card number and a company name. The desensitization policy includes at least one of a pseudonymization policy, a hashing policy, and a masking policy. Pseudonymization (Pseudonymization) is one of the de-identification technologies, and is used to replace an identifier (or a group of identifiers) of a data body with a pseudonym to hide the identity of the data body; the hash strategy adopts a hash algorithm to replace an identifier (or a group of identifiers) of a data body with a new identifier (or a group of new identifiers) generated by the hash algorithm, wherein the new identifier (or the group of new identifiers) generated by the hash algorithm is different; the masking strategy is to use special symbols such as a star mark and a mosaic to mask partial information so as to achieve the effect of desensitization.
In this embodiment, the at least one of the sensitive data type, the sensitive data name and the desensitization policy included in the different desensitization rules may be understood as follows: if the desensitization rule is an individual user desensitization rule, the sensitive data type of the individual desensitization rule can be individual information, the sensitive data name of the individual desensitization rule can include name information, mailbox information, a mobile phone number, a license plate number, address information, a postal code, an identity card number and a bank card number, and the desensitization strategy of the individual desensitization rule can adopt a masking strategy. If the desensitization rule is an enterprise user desensitization rule, the sensitive data type of the enterprise desensitization rule can be enterprise information, the sensitive data name of the enterprise desensitization rule can include name information, mailbox information, a landline number, a mobile phone number, address information, a postal code and a company name, and the desensitization policy of the enterprise desensitization rule can adopt a pseudonymous policy. If the desensitization rule is a government user desensitization rule, the sensitive data type of the government desensitization rule can be government information, the sensitive data name of the government desensitization rule can comprise mailbox information, a landline number, address information, a postal code, an IP address and mac address information, and the desensitization policy of the enterprise desensitization rule can adopt a hash policy. It can be seen that the sensitive data types, the sensitive data names and the desensitization policies included in the individual user desensitization rules, the enterprise user desensitization rules and the government user desensitization rules may be different, and certainly, the sensitive data names and the desensitization policies of the individual user desensitization rules, the enterprise user desensitization rules and the government user desensitization rules may be the same, and are not limited herein, and may be set according to actual situations.
In this embodiment, when making desensitization rule customization, the user may make the selection of sensitive data types according to preset type templates, which may include personal information, business information, and government information. If the preset type template does not have the sensitive data type required by the user, the user can select self-defined addition and fill in the sensitive data type by himself.
In this embodiment, when the desensitization rule is made, the user selects the sensitive data name according to a preset name template, where the preset name template may include name information, mailbox information, a landline number, a mobile phone number, a license plate number, an IP address, mac address information, a zip code, an identification number, a bank card number, and a company name. If the preset name template does not have the sensitive data name required by the user, the user can select custom addition and fill in the sensitive data name by himself, but the rule name of the custom sensitive data name needs to be unique.
In this embodiment, when the desensitization rule is customized, the desensitization policy is generally set in a custom desensitization manner.
In this embodiment, the specific working principle of the dynamic desensitization method is as follows: the user can obtain the target permission information according to the permission management component, and then input the target permission information and the data to be desensitized through the display interface 140, and the display interface 140 responds to the user operation to provide the target permission information and the data to be desensitized to the processor 120. The processor 120 obtains the corresponding target authority type according to the target authority information, and selects a target desensitization rule from the multiple desensitization rules according to the target authority type and the relational mapping table. The processor 120 performs desensitization processing on the data to be desensitized according to the target desensitization rule, if the target desensitization rule is the personal user desensitization rule, and the sensitive data name of the personal user desensitization rule comprises name information, mailbox information, a mobile phone number, a license plate number, address information, a postal code, an identity card number and a bank card number, and the desensitization strategy of the personal desensitization rule adopts a masking strategy; then the processor 120 performs desensitization processing on the name information, the mailbox information, the mobile phone number, the license plate number, the address information, the zip code, the identification number and the bank card number in the data to be desensitized by adopting a masking strategy. If the target desensitization rule is an enterprise desensitization rule, the sensitive data name of the enterprise desensitization rule comprises name information, mailbox information, a fixed-line number, a mobile phone number, address information, a postal code and a company name, and the desensitization strategy of the enterprise desensitization rule adopts a pseudonymization strategy; then the processor 120 performs desensitization processing on the name information, mailbox information, landline number, mobile phone number, address information, postal code and company name in the data to be desensitized by using a pseudonymization policy. If the target desensitization rule is a government desensitization rule, the sensitive data name of the government desensitization rule comprises mailbox information, a landline number, address information, a postal code, an IP address and mac address information, and the desensitization strategy of the enterprise desensitization rule adopts a Hash strategy; then the processor 120 performs desensitization processing on the mailbox information, the landline number, the address information, the zip code, the IP address and the mac address information in the data to be desensitized by using a hash strategy.
The desensitization strategy of the individual desensitization rule adopts a masking strategy and a pseudonym strategy, mailbox information, a mobile phone number, a license plate number, address information, a postal code, an identity card number and a bank card number are preset, and desensitization processing is carried out by adopting the masking strategy, and desensitization processing is carried out on name information by adopting the pseudonym strategy. Then the processor 120 performs desensitization processing on the mailbox information, the mobile phone number, the license plate number, the address information, the postal code, the identification number and the bank card number in the data to be desensitized by adopting a masking strategy according to the individual user desensitization rule, and performs desensitization processing on the name information in the data to be desensitized by adopting a pseudonym strategy.
In practice, since the demands of different users are different, even users of the same type have different demands for desensitization due to individual differences, the preset desensitization rule is not necessarily able to satisfy the demands of all users. Based on this, the embodiment of the present application provides another dynamic desensitization method to solve the above problem, please refer to fig. 3, which is a schematic flow chart of another dynamic desensitization method that can be implemented, and the dynamic desensitization method shown in fig. 3 further includes the following steps based on the dynamic desensitization method shown in fig. 2:
step 301, setting a target desensitization rule in response to a user operation to obtain a user-defined desensitization rule.
In this embodiment, after the processor 120 selects a target desensitization rule from a plurality of preset desensitization rules according to the target permission information and the relationship mapping table, the target desensitization rule is sent to the display interface 140 for display, and a user performs touch operation or mouse click operation on the display interface 140 to change the setting of the target desensitization rule, so as to obtain a user-defined desensitization rule.
For example, the target desensitization rule selected by the processor 120 from the multiple desensitization rules is an individual user desensitization rule, and the sensitive data name of the individual user desensitization rule includes name information, mailbox information, a mobile phone number, a license plate number, address information, a zip code, an identification number, and a bank card number, and the desensitization policy of the individual desensitization rule adopts a masking policy. If the personal desensitization rule cannot meet the requirements of the user, the user may perform a touch operation or a mouse click operation on the display interface 140 to change the content of the sensitive data name of the personal desensitization rule into: the desensitization strategy is changed into a masking strategy and a pseudonym strategy, so that the obtained sensitive data type of the customized desensitization rule is personal information, the sensitive data name comprises name information, mailbox information, a mobile phone number, address information, an identity card number and a bank card number, and the desensitization strategy adopts the masking strategy and the pseudonym strategy. The processor 120 performs desensitization processing on the name information, the mailbox information, the mobile phone number, the address information, the identification number and the bank card number in the data to be desensitized according to the custom rule by adopting a masking strategy and a pseudonymization strategy.
In order to perform the corresponding steps in the above-described embodiments and various possible approaches, an implementation of the dynamic desensitization apparatus 150 is given below. Further, referring to fig. 4, fig. 4 is a functional block diagram of a dynamic desensitization apparatus 150 according to an embodiment of the present application. It should be noted that the basic principle and the technical effects of the dynamic desensitization device 150 provided in this embodiment are the same as those of the above embodiments, and for the sake of brief description, no part of this embodiment is mentioned, and reference may be made to the corresponding contents in the above embodiments. The dynamic desensitization device 150 apparatus includes: a receiving module 151, a selecting module 152, and a desensitization module 153.
The receiving module 151 is configured to receive target permission information and data to be desensitized.
It is understood that the receiving module 151 is used for executing the content in the step S201.
The selecting module 152 is configured to select a target desensitization rule from a plurality of preset desensitization rules according to the target permission information and a preset relationship mapping table; the relational mapping table is used for representing the corresponding relation between the plurality of authority information and the plurality of desensitization rules, and each desensitization rule adopts different rules.
It is understood that the selection module 152 is used for executing the content in the step S202.
The desensitization module 153 is used for performing desensitization processing on the data to be desensitized according to the target desensitization rule.
It is understood that the desensitization module 153 is configured to perform the above-mentioned operation in step S203.
Further, as shown in fig. 5, the present application also provides another structural schematic diagram for implementing the dynamic desensitization apparatus 150, and the dynamic desensitization apparatus 150 shown in fig. 5 further includes a modification module 154 on the basis of the dynamic desensitization apparatus 150 shown in fig. 4.
The modification module 154 is configured to set the target desensitization rule in response to a user operation, so as to obtain a custom desensitization rule.
It is understood that the modification module 154 may execute the contents of step S301 described above.
Alternatively, the modules may be stored in the memory 110 shown in fig. 1 in the form of software or Firmware (Firmware) or be fixed in an Operating System (OS) of the electronic device 100, and may be executed by the processor 120 in fig. 1. Meanwhile, data, codes of programs, and the like required to execute the above-described modules may be stored in the memory 110.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
To sum up, the dynamic desensitization method, apparatus, electronic device and computer-readable storage medium provided in the embodiments of the present application receive target permission information and data to be desensitized; selecting a target desensitization rule from a plurality of preset desensitization rules according to the target authority information and a preset relational mapping table; desensitization processing is carried out on data to be desensitized according to a target desensitization rule, and because the relation mapping table is used for representing the corresponding relation between the plurality of authority information and the plurality of desensitization rules, each desensitization rule adopts different rules. Therefore, according to the relation mapping table of the pre-equipment and the multiple desensitization rules, the corresponding target desensitization rules can be selected according to different target authority information to perform desensitization treatment on the data to be desensitized, and different desensitization rules can be set for different data to be desensitized according to different user service requirements more flexibly so as to meet different user service requirements.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
It will be evident to those skilled in the art that the present application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Claims (10)
1. A method of dynamic desensitization, said method comprising:
receiving target authority information and data to be desensitized;
selecting a target desensitization rule from a plurality of preset desensitization rules according to the target authority information and a preset relational mapping table; the relational mapping table is used for representing the corresponding relation between a plurality of authority information and a plurality of desensitization rules, and each desensitization rule adopts different rules;
and desensitizing the data to be desensitized according to the target desensitizing rule.
2. A method of dynamic desensitization according to claim 1, characterized in that said rights information is generated by preset rights management components according to the user type; wherein, different authority information corresponds to different user types.
3. The dynamic desensitization method according to claim 1, wherein after said step of selecting a target desensitization rule from a plurality of preset desensitization rules according to said target permission information and a preset remapping relation table, said method further comprises:
responding to user operation to set the target desensitization rule to obtain a user-defined desensitization rule;
the step of desensitizing the data to be desensitized according to the target desensitizing rule comprises the following steps:
and desensitizing the data to be desensitized according to the self-defined desensitizing rule.
4. The dynamic desensitization method according to claim 1, wherein said desensitization rules include sensitive data type, sensitive data name, and desensitization policy; wherein at least one of the sensitive data type, the sensitive data name, and the desensitization policy included in different desensitization rules is different.
5. The method of dynamic desensitization according to claim 4, wherein said sensitive data types include at least one of personal, business, and government information.
6. The method of claim 4, wherein the sensitive data name comprises at least one of name information, mailbox information, landline number, mobile phone number, license plate number, IP (Internet protocol) address, mac (media Access control Address) address information, zip code, identification number, bank card number, and company name.
7. Dynamic desensitization method according to claim 4, wherein said desensitization policies comprise at least one of pseudonymization policies, hashing policies and masking policies.
8. A dynamic desensitizing apparatus, comprising:
the receiving module is used for receiving the target authority information and the data to be desensitized;
the selection module is used for selecting a target desensitization rule from a plurality of preset desensitization rules according to the target authority information and a preset relational mapping table; the relational mapping table is used for representing the corresponding relation between a plurality of authority information and a plurality of desensitization rules, and each desensitization rule adopts different rules;
and the desensitization module is used for desensitizing the data to be desensitized according to the target desensitization rule.
9. An electronic device comprising a processor and a memory, the memory storing machine executable instructions executable by the processor to perform the method of any one of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911367161.3A CN111125767A (en) | 2019-12-26 | 2019-12-26 | Dynamic desensitization method, apparatus, electronic device and computer-readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911367161.3A CN111125767A (en) | 2019-12-26 | 2019-12-26 | Dynamic desensitization method, apparatus, electronic device and computer-readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111125767A true CN111125767A (en) | 2020-05-08 |
Family
ID=70503180
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911367161.3A Pending CN111125767A (en) | 2019-12-26 | 2019-12-26 | Dynamic desensitization method, apparatus, electronic device and computer-readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111125767A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112000727A (en) * | 2020-10-27 | 2020-11-27 | 绿漫科技有限公司 | Desensitization display method for dynamically configured service data |
| CN112668052A (en) * | 2020-12-30 | 2021-04-16 | 北京天融信网络安全技术有限公司 | Data desensitization method and device, storage medium and electronic equipment |
| CN112768036A (en) * | 2021-01-14 | 2021-05-07 | 武汉联影医疗科技有限公司 | DICOM file information desensitization method, apparatus, server and readable storage medium |
| CN113838070A (en) * | 2021-09-28 | 2021-12-24 | 北京地平线信息技术有限公司 | Data desensitization method and apparatus |
| CN114025358A (en) * | 2020-07-15 | 2022-02-08 | 成都鼎桥通信技术有限公司 | Data desensitization method, device, equipment and storage medium |
| CN114722064A (en) * | 2022-02-23 | 2022-07-08 | 南方电网数字电网研究院有限公司 | Sensitive data identification and desensitization method based on presto engine |
| WO2022217953A1 (en) * | 2021-04-16 | 2022-10-20 | 华为云计算技术有限公司 | Data desensitization method and device |
| CN117235781A (en) * | 2023-08-21 | 2023-12-15 | 广州市玄武无线科技股份有限公司 | Data desensitization method, system, device and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107871083A (en) * | 2017-11-07 | 2018-04-03 | 平安科技(深圳)有限公司 | Desensitize regular collocation method, application server and computer-readable recording medium |
| CN108418676A (en) * | 2018-01-26 | 2018-08-17 | 山东超越数控电子股份有限公司 | A kind of data desensitization method based on permission |
| CN110188573A (en) * | 2019-05-27 | 2019-08-30 | 深圳前海微众银行股份有限公司 | Subregion authorization method, device, equipment and computer readable storage medium |
| CN110245470A (en) * | 2019-04-25 | 2019-09-17 | 深圳壹账通智能科技有限公司 | Intelligent data desensitization method, device, computer equipment and storage medium |
-
2019
- 2019-12-26 CN CN201911367161.3A patent/CN111125767A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107871083A (en) * | 2017-11-07 | 2018-04-03 | 平安科技(深圳)有限公司 | Desensitize regular collocation method, application server and computer-readable recording medium |
| CN108418676A (en) * | 2018-01-26 | 2018-08-17 | 山东超越数控电子股份有限公司 | A kind of data desensitization method based on permission |
| CN110245470A (en) * | 2019-04-25 | 2019-09-17 | 深圳壹账通智能科技有限公司 | Intelligent data desensitization method, device, computer equipment and storage medium |
| CN110188573A (en) * | 2019-05-27 | 2019-08-30 | 深圳前海微众银行股份有限公司 | Subregion authorization method, device, equipment and computer readable storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 九次方大数据研究院等: "《从土地财政到数据财政》", 31 May 2019, 国家行政学院出版社 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114025358A (en) * | 2020-07-15 | 2022-02-08 | 成都鼎桥通信技术有限公司 | Data desensitization method, device, equipment and storage medium |
| CN114025358B (en) * | 2020-07-15 | 2024-02-13 | 成都鼎桥通信技术有限公司 | Data desensitization method, device, equipment and storage medium |
| CN112000727A (en) * | 2020-10-27 | 2020-11-27 | 绿漫科技有限公司 | Desensitization display method for dynamically configured service data |
| CN112668052A (en) * | 2020-12-30 | 2021-04-16 | 北京天融信网络安全技术有限公司 | Data desensitization method and device, storage medium and electronic equipment |
| CN112768036A (en) * | 2021-01-14 | 2021-05-07 | 武汉联影医疗科技有限公司 | DICOM file information desensitization method, apparatus, server and readable storage medium |
| WO2022152255A1 (en) * | 2021-01-14 | 2022-07-21 | Wuhan United Imaging Healthcare Co., Ltd. | Systems and methods for data masking |
| WO2022217953A1 (en) * | 2021-04-16 | 2022-10-20 | 华为云计算技术有限公司 | Data desensitization method and device |
| CN113838070A (en) * | 2021-09-28 | 2021-12-24 | 北京地平线信息技术有限公司 | Data desensitization method and apparatus |
| CN113838070B (en) * | 2021-09-28 | 2024-06-04 | 北京地平线信息技术有限公司 | Data desensitization method and device |
| CN114722064A (en) * | 2022-02-23 | 2022-07-08 | 南方电网数字电网研究院有限公司 | Sensitive data identification and desensitization method based on presto engine |
| CN117235781A (en) * | 2023-08-21 | 2023-12-15 | 广州市玄武无线科技股份有限公司 | Data desensitization method, system, device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111125767A (en) | Dynamic desensitization method, apparatus, electronic device and computer-readable storage medium | |
| JP6626095B2 (en) | Confidential information processing method, apparatus, server, and security determination system | |
| CN108563958B (en) | Role permission updating method and device, computer equipment and storage medium | |
| EP3080741A2 (en) | Systems and methods for cloud security monitoring and threat intelligence | |
| CN112380294B (en) | Block chain cross-chain access method and device | |
| US9661065B2 (en) | Determination of data object exposure in cloud computing environments | |
| US8981902B2 (en) | Controlling location information | |
| US10594735B2 (en) | Tag-based security policy creation in a distributed computing environment | |
| WO2018208490A1 (en) | Systems and methods for regional data storage and data anonymization | |
| CN106878367B (en) | Method and device for realizing asynchronous call of service interface | |
| US20200125753A1 (en) | Secure data analysis | |
| Malik et al. | From conventional to state-of-the-art IoT access control models | |
| US9721118B2 (en) | Securing access to distributed data in an unsecure data network | |
| CN114598671B (en) | Session message processing method, device, storage medium and electronic equipment | |
| US10721236B1 (en) | Method, apparatus and computer program product for providing security via user clustering | |
| US20230145130A1 (en) | Method and apparatus for control of data access | |
| US10175968B2 (en) | Software catalog information management | |
| US10397193B2 (en) | Blind cloud data leak protection | |
| US10681031B2 (en) | Federating devices to improve user experience with adaptive security | |
| WO2022250913A1 (en) | Bootstrapping trust in decentralized identifiers | |
| JP2020077256A (en) | Anonymization system and anonymization method | |
| US10116701B2 (en) | Device-type based content management | |
| US20150264054A1 (en) | Collaboration space with event-trigger configuration views | |
| CN110266696A (en) | A kind of evaluation data cochain method and its equipment applied to block chain | |
| CN110247921A (en) | A kind of polled data cochain method and its equipment for applying intelligent contract |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200508 |