CN111241577A - Method for desensitizing displayed data - Google Patents
Method for desensitizing displayed data Download PDFInfo
- Publication number
- CN111241577A CN111241577A CN202010009482.2A CN202010009482A CN111241577A CN 111241577 A CN111241577 A CN 111241577A CN 202010009482 A CN202010009482 A CN 202010009482A CN 111241577 A CN111241577 A CN 111241577A
- Authority
- CN
- China
- Prior art keywords
- data
- desensitization
- desensitizer
- desensitized
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Medical Informatics (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to the technical field of data security, in particular to a method for desensitizing displayed data. A method for desensitizing displayed data comprises the following specific steps: a client sends a data request; intercepting a data request by a filter; judging whether the data request is a request requiring data desensitization; judging whether the logged-in user needs data desensitization treatment or not; calling a request interface to obtain data to be desensitized; desensitization data and desensitization policies are obtained from a configuration center, and desensitizer objects are constructed; calling a desensitization method of a desensitizer and inputting data to be desensitized; and after the desensitization data processing is finished, the interface outputs the desensitized data to the client. Compared with the prior art, the method can safely and effectively ensure the privacy of the sensitive data of the user, can configure different desensitization strategies to desensitize the sensitive information of the appointed request, can configure the post role without desensitization, and has flexible expansibility.
Description
Technical Field
The invention relates to the technical field of data security, in particular to a method for desensitizing displayed data.
Background
With the popularization of big data application in the information age, huge business values of the big data are gradually mined, and a big data platform fully analyzes and mines the intrinsic values of the data by integrating all data, so that data statistics, analysis, data products and data services are provided for decision makers.
The access data of the large data platform may include privacy and sensitive information of many users, such as mobile phone numbers, addresses and the like of the users, and the data may be leaked at risk. The large data platform generally guarantees data security through technologies such as user authentication, authority management and data encryption, but the data security cannot be guaranteed technically completely. On the other hand, personnel without access to the user data authority may also have the requirement of analyzing and mining the data, and the access restriction of the data greatly limits the range of fully mining the data value. In the actual production process, the application scene is more complicated, the actual requirement cannot be met only by controlling the data access authority, and other means are required to be combined.
Disclosure of Invention
The invention provides a method for desensitizing the display data to overcome the defects of the prior art, which can safely and effectively ensure the privacy of the sensitive data of the user, can be configured with different desensitization strategies to desensitize the sensitive information of the appointed request, can be configured with the post role which does not need desensitization, and has flexible expansibility.
In order to achieve the purpose, a method for desensitizing displayed data is designed, and is characterized in that: the specific method comprises the following steps:
(1) a client sends a data request;
(2) intercepting a data request by a filter;
(3) judging whether the data request is a request requiring data desensitization, if so, continuously judging whether the logged-in user requires data desensitization treatment, otherwise, normally outputting the client;
(4) judging whether the logged-in user needs data desensitization processing, if so, calling a request interface to obtain data to be desensitized, otherwise, normally outputting the client;
(5) calling a request interface to obtain data to be desensitized;
(6) desensitization data and desensitization policies are obtained from a configuration center, and desensitizer objects are constructed;
(7) calling a desensitization method of a desensitizer and inputting data to be desensitized;
(8) and after the desensitization data processing is finished, the interface outputs the desensitized data to the client.
The request interface is a Filter interface.
The desensitizer is a virtual desensitizer and can be configured according to a user-defined defaultMasker.
A data desensitizer, comprising: the data desensitizer comprises:
the main desensitizer is used for inputting data to be desensitized and outputting the desensitized data;
the desensitization finder is used for finding data items needing desensitization;
and the secondary desensitizer is used for performing data desensitization treatment according to a desensitization strategy.
The work flow of the data desensitizer is as follows:
(1) after data to be desensitized are input into the main desensitizer, the data are transmitted to the desensitization finder by the main desensitizer;
(2) the desensitization finder searches for data items needing desensitization, and after the data items needing desensitization are found, the items are input into the sub-desensitization finder;
(3) the sub-desensitizer carries out data desensitization treatment according to a desensitization strategy and presents desensitized data items;
(4) the secondary desensitizer replaces the original data entry with the desensitized data entry and transmits the desensitized data entry to the main desensitizer;
(5) and the main desensitizer outputs and displays the desensitized data items.
Compared with the prior art, the invention provides the method for desensitizing the display data, which can safely and effectively ensure the privacy of the sensitive data of the user, can configure different desensitization strategies to desensitize the sensitive information required by designation, can configure the post role without desensitization, and has flexible expansibility.
Drawings
FIG. 1 is a flow chart of the present invention.
FIG. 2 is a schematic diagram of the framework structure of the present invention.
Fig. 3 is a schematic diagram of an embodiment.
Detailed Description
The invention is further illustrated below with reference to the accompanying drawings.
Data is reformed in the situation of 'relating to client security data or some business sensitive data', which indicates that the data to be reformed relates to the security of user or enterprise data, and data desensitization is to encrypt the data to prevent leakage. For the desensitization degree, generally, the original information can not be inferred, the information cannot be leaked, and if the original characteristics of the data are modified too much, the original characteristics of the data are easily lost. Therefore, in actual practice, it is necessary to select an appropriate desensitization rule according to the actual scenario.
As shown in fig. 1, a method for desensitizing display data includes the following steps:
(1) a client sends a data request;
(2) intercepting a data request by a filter;
(3) judging whether the data request is a request requiring data desensitization, if so, continuously judging whether the logged-in user requires data desensitization treatment, otherwise, normally outputting the client;
(4) judging whether the logged-in user needs data desensitization processing, if so, calling a request interface to obtain data to be desensitized, otherwise, normally outputting the client;
(5) calling a request interface to obtain data to be desensitized;
(6) desensitization data and desensitization policies are obtained from a configuration center, and desensitizer objects are constructed;
(7) calling a desensitization method of a desensitizer and inputting data to be desensitized;
(8) and after the desensitization data processing is finished, the interface outputs the desensitized data to the client.
The request interface is a Filter interface.
The desensitizer is a virtual desensitizer and can be configured according to a user-defined defaultMasker.
As shown in fig. 2, a data desensitizer, comprising:
the main desensitizer is used for inputting data to be desensitized and outputting the desensitized data;
the desensitization finder is used for finding data items needing desensitization;
and the secondary desensitizer is used for performing data desensitization treatment according to a desensitization strategy.
The workflow of the data desensitizer is as follows:
(1) after data to be desensitized are input into the main desensitizer, the data are transmitted to the desensitization finder by the main desensitizer;
(2) the desensitization finder searches for data items needing desensitization, and after the data items needing desensitization are found, the items are input into the sub-desensitization finder;
(3) the sub-desensitizer carries out data desensitization treatment according to a desensitization strategy and presents desensitized data items;
(4) the secondary desensitizer replaces the original data entry with the desensitized data entry and transmits the desensitized data entry to the main desensitizer;
(5) and the main desensitizer outputs and displays the desensitized data items.
First, desensitization strategy:
desensitizing the input character sequence, an "X" or "X" can be used to replace the data in the original character sequence that needs to be hidden. Different strategies can be used as required, and desensitization strategies can also be customized.
II, desensitization configuration rule:
yml configuration files of defaultMasker are provided by default, desensitized fields and modes are configured, and the desensitized fields are converted into objects by reading the configuration files. Yml configuration can be custom built to replace default configuration if there are no desensitized fields in the default configuration or wants to change desensitization rules.
Thirdly, desensitizer:
an abstract data desensitizer interface is created, a desensitization abstract method is defined inside, and desensitizer processing classes all realize the interface to realize own desensitization logic.
1. Universal static (fixed) offset based desensitizer
And acquiring the length content needing desensitization according to the data field content and the desensitization character offset bit, replacing the data length needing desensitization in the original data by the desensitized character, and obtaining the data which is the data content needing desensitization.
2. Regular expression desensitizer
Yml configuration, and then according to the data field content, carrying out de-matching to obtain a matched object.
The matching content is divided into a plurality of groups, each group omits replacement according to desensitization strategies, and the content after final replacement is desensitized data.
Fourthly, a desensitizer construction factory:
the factory class is initialized and a global desensitizer is constructed according to a desensitization strategy. Traversing desensitization configuration objects, constructing a desensitizer for each desensitization field, and constructing rules of the desensitizer:
1. a desensitizer based on bit offset is used by default to construct a fixed desensitization offset object (comprising two attribute starting offsets and ending offsets), if an 'exclusion starting character' is configured, an offset starting bit is calculated by taking an index where the character appears for the first time as a start, and a universal desensitization strategy object based on the fixed offset is constructed according to a default desensitization strategy and the desensitization offset object.
2. Yml configuration if custom masser is used instead of default configuration. And the desensitization rule of the regular expression is set, the regular expression desensitizer is preferentially used.
Then a Map object is created, all fields requiring desensitization and corresponding desensitizers are saved, the key is the desensitization field, and the value is the corresponding desensitizer.
Fifthly, desensitization process:
using a desensitization finder to recursively traverse data to be desensitized, finding an entry needing data desensitization, judging whether desensitization processing is needed according to each field key value, and directly returning original data if desensitization is not needed; and if desensitization is required, acquiring a key value uniformly processed by a corresponding desensitizer according to a key value of interface return data, acquiring the corresponding desensitizer from the Map object according to the key value, executing a desensitization strategy configured in the desensitizer for desensitization, and finally outputting the desensitized data to the client.
Example one
As shown in fig. 3, the first step: and newly building a Filter class to realize a Filter interface and realizing the doFilter method again.
The method comprises the steps of obtaining a Json file of a request path and a desensitization field which are configured by a configuration center, wherein key is the request path, value is a Json character string of the desensitization field, the key value of the Json character string is an attribute name returned by an interface, value is an attribute name which can be processed by a desensitizer, and the attribute name of the interface is mapped into the attribute name which can be processed by the desensitizer in a unified mode. And converts the Json file to a Map object.
The second step is that: if the user request path exists in desensitization configuration, the fact that the user request data contain sensitive information needs desensitization is shown, and desensitization field objects are obtained according to the key values. For those roles that do not require desensitization, the role that does not require desensitization can be configured at the configuration center, and the data seen by the user owning that role is not desensitized.
The third step: and constructing a desensitizer according to the desensitization attribute and the desensitization strategy, transmitting the data needing desensitization into a desensitization method, and returning a result obtained by executing the desensitization method to the client.
Claims (5)
1. A method of desensitizing display data, comprising: the specific method comprises the following steps:
(1) a client sends a data request;
(2) intercepting a data request by a filter;
(3) judging whether the data request is a request requiring data desensitization, if so, continuously judging whether the logged-in user requires data desensitization treatment, otherwise, normally outputting the client;
(4) judging whether the logged-in user needs data desensitization processing, if so, calling a request interface to obtain data to be desensitized, otherwise, normally outputting the client;
(5) calling a request interface to obtain data to be desensitized;
(6) desensitization data and desensitization policies are obtained from a configuration center, and desensitizer objects are constructed;
(7) calling a desensitization method of a desensitizer and inputting data to be desensitized;
(8) and after the desensitization data processing is finished, the interface outputs the desensitized data to the client.
2. A method of desensitizing presentation data according to claim 1, wherein: the request interface is a Filter interface.
3. A method of desensitizing presentation data according to claim 1, wherein: the desensitizer is a virtual desensitizer and can be configured according to a user-defined defaultMasker.
4. A data desensitizer, comprising: the data desensitizer comprises:
the main desensitizer is used for inputting data to be desensitized and outputting the desensitized data;
the desensitization finder is used for finding data items needing desensitization;
and the secondary desensitizer is used for performing data desensitization treatment according to a desensitization strategy.
5. A data desensitizer, according to claim 3, wherein: the work flow of the data desensitizer is as follows:
(1) after data to be desensitized are input into the main desensitizer, the data are transmitted to the desensitization finder by the main desensitizer;
(2) the desensitization finder searches for data items needing desensitization, and after the data items needing desensitization are found, the items are input into the sub-desensitization finder;
(3) the sub-desensitizer carries out data desensitization treatment according to a desensitization strategy and presents desensitized data items;
(4) the secondary desensitizer replaces the original data entry with the desensitized data entry and transmits the desensitized data entry to the main desensitizer;
(5) and the main desensitizer outputs and displays the desensitized data items.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010009482.2A CN111241577A (en) | 2020-01-06 | 2020-01-06 | Method for desensitizing displayed data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010009482.2A CN111241577A (en) | 2020-01-06 | 2020-01-06 | Method for desensitizing displayed data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111241577A true CN111241577A (en) | 2020-06-05 |
Family
ID=70864009
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010009482.2A Pending CN111241577A (en) | 2020-01-06 | 2020-01-06 | Method for desensitizing displayed data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111241577A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112000727A (en) * | 2020-10-27 | 2020-11-27 | 绿漫科技有限公司 | Desensitization display method for dynamically configured service data |
| CN112714128A (en) * | 2020-12-29 | 2021-04-27 | 北京安华金和科技有限公司 | Data desensitization processing method and device |
| CN112966299A (en) * | 2021-03-03 | 2021-06-15 | 北京中安星云软件技术有限公司 | Data desensitization system and method based on JSON analysis |
| CN113360947A (en) * | 2021-06-30 | 2021-09-07 | 杭州网易再顾科技有限公司 | Data desensitization method and device, computer readable storage medium and electronic equipment |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106407843A (en) * | 2016-10-17 | 2017-02-15 | 深圳中兴网信科技有限公司 | Data desensitization method and data desensitization device |
| CN106599713A (en) * | 2016-11-11 | 2017-04-26 | 中国电子科技网络信息安全有限公司 | Database masking system and method based on big data |
| US20170337382A1 (en) * | 2016-05-18 | 2017-11-23 | International Business Machines Corporation | Privacy enabled runtime |
| CN108418676A (en) * | 2018-01-26 | 2018-08-17 | 山东超越数控电子股份有限公司 | A kind of data desensitization method based on permission |
| CN109426725A (en) * | 2017-08-22 | 2019-03-05 | 中兴通讯股份有限公司 | Data desensitization method, equipment and computer readable storage medium |
| CN109960944A (en) * | 2017-12-14 | 2019-07-02 | 中兴通讯股份有限公司 | A kind of data desensitization method, server, terminal and computer readable storage medium |
| CN109981619A (en) * | 2019-03-13 | 2019-07-05 | 泰康保险集团股份有限公司 | Data capture method, device, medium and electronic equipment |
| CN110232290A (en) * | 2018-03-05 | 2019-09-13 | 中兴通讯股份有限公司 | Log desensitization method, server and storage medium |
| CN110532797A (en) * | 2019-07-24 | 2019-12-03 | 方盈金泰科技(北京)有限公司 | The desensitization method and system of big data |
-
2020
- 2020-01-06 CN CN202010009482.2A patent/CN111241577A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170337382A1 (en) * | 2016-05-18 | 2017-11-23 | International Business Machines Corporation | Privacy enabled runtime |
| CN106407843A (en) * | 2016-10-17 | 2017-02-15 | 深圳中兴网信科技有限公司 | Data desensitization method and data desensitization device |
| CN106599713A (en) * | 2016-11-11 | 2017-04-26 | 中国电子科技网络信息安全有限公司 | Database masking system and method based on big data |
| CN109426725A (en) * | 2017-08-22 | 2019-03-05 | 中兴通讯股份有限公司 | Data desensitization method, equipment and computer readable storage medium |
| CN109960944A (en) * | 2017-12-14 | 2019-07-02 | 中兴通讯股份有限公司 | A kind of data desensitization method, server, terminal and computer readable storage medium |
| CN108418676A (en) * | 2018-01-26 | 2018-08-17 | 山东超越数控电子股份有限公司 | A kind of data desensitization method based on permission |
| CN110232290A (en) * | 2018-03-05 | 2019-09-13 | 中兴通讯股份有限公司 | Log desensitization method, server and storage medium |
| CN109981619A (en) * | 2019-03-13 | 2019-07-05 | 泰康保险集团股份有限公司 | Data capture method, device, medium and electronic equipment |
| CN110532797A (en) * | 2019-07-24 | 2019-12-03 | 方盈金泰科技(北京)有限公司 | The desensitization method and system of big data |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112000727A (en) * | 2020-10-27 | 2020-11-27 | 绿漫科技有限公司 | Desensitization display method for dynamically configured service data |
| CN112714128A (en) * | 2020-12-29 | 2021-04-27 | 北京安华金和科技有限公司 | Data desensitization processing method and device |
| CN112966299A (en) * | 2021-03-03 | 2021-06-15 | 北京中安星云软件技术有限公司 | Data desensitization system and method based on JSON analysis |
| CN113360947A (en) * | 2021-06-30 | 2021-09-07 | 杭州网易再顾科技有限公司 | Data desensitization method and device, computer readable storage medium and electronic equipment |
| CN113360947B (en) * | 2021-06-30 | 2022-07-26 | 杭州网易再顾科技有限公司 | Data desensitization method and device, computer readable storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111241577A (en) | Method for desensitizing displayed data | |
| US10025952B1 (en) | Obfuscation of sensitive human-perceptual output | |
| US9501657B2 (en) | Sensitive data protection during user interface automation testing systems and methods | |
| EP3337209B1 (en) | Method, apparatus and computer readable storage medium for secure context-aware password management | |
| US9131374B1 (en) | Knowledge-based authentication for restricting access to mobile devices | |
| CN110020545B (en) | Cognitive component and user interface assembly for privacy and security protection | |
| US20090077640A1 (en) | System and method for validating user identification | |
| US10055600B2 (en) | Analysis and specification creation for web documents | |
| CN103823831A (en) | Context-based security screening system and method for accessing data | |
| US10824751B1 (en) | Zoned data storage and control security system | |
| WO2020233014A1 (en) | Message sending method and apparatus, and computer device and storage medium | |
| CN106648583A (en) | Information processing method and terminal | |
| CN114861201A (en) | Data desensitization method, data desensitization server and data desensitization system | |
| US10929556B1 (en) | Discrete data masking security system | |
| KR102580881B1 (en) | Electronic device and method of providing personal information, and computer-readable recording medium recording the same | |
| CN106295423A (en) | A kind of method for exhibiting data and client | |
| KR20220014804A (en) | Data security system and method therefor | |
| US9014634B2 (en) | Social network based Wi-Fi connectivity | |
| CN109977692B (en) | Data processing method and device, storage medium and electronic equipment | |
| CN114493901A (en) | Data access application processing method and device, computer equipment and storage medium | |
| US10171486B2 (en) | Security and authentication daisy chain analysis and warning system | |
| CN114238273A (en) | Database management method, device, equipment and storage medium | |
| CN110647767A (en) | Data viewing method, electronic device and computer-readable storage medium | |
| US11328235B1 (en) | Professional-team-builder system | |
| CN115333877B (en) | Information processing method, device, terminal and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 201900 room 502A, building 2, No. 439, Shitai Road, Baoshan District, Shanghai Applicant after: Shanghai Fuli Technology Co.,Ltd. Address before: 201900 room 502A, building 2, No. 439, Shitai Road, Baoshan District, Shanghai Applicant before: SHANGHAI FULI FINANCIAL INFORMATION SERVICE Co.,Ltd. |
|
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20200605 |