CN112417406A - Data desensitization method and device, readable storage medium and electronic equipment - Google Patents
Data desensitization method and device, readable storage medium and electronic equipment Download PDFInfo
- Publication number
- CN112417406A CN112417406A CN202011409469.2A CN202011409469A CN112417406A CN 112417406 A CN112417406 A CN 112417406A CN 202011409469 A CN202011409469 A CN 202011409469A CN 112417406 A CN112417406 A CN 112417406A
- Authority
- CN
- China
- Prior art keywords
- data
- desensitization
- user
- user request
- desensitizing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000586 desensitisation Methods 0.000 title claims abstract description 174
- 238000000034 method Methods 0.000 title claims abstract description 67
- 238000012795 verification Methods 0.000 claims description 36
- 238000012545 processing Methods 0.000 claims description 27
- 230000008569 process Effects 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 5
- 238000010606 normalization Methods 0.000 claims description 5
- 238000012790 confirmation Methods 0.000 claims description 4
- 238000007781 pre-processing Methods 0.000 claims description 4
- 230000006872 improvement Effects 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 8
- 201000010099 disease Diseases 0.000 description 6
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 description 6
- 230000014759 maintenance of location Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000005065 mining Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Abstract
The embodiment of the application provides a data desensitization method, a data desensitization device, a readable storage medium and electronic equipment. Therefore, the type of the user request data can be determined according to the user request data, different desensitization strategies can be further determined according to different data types, data desensitization is carried out on the user request data, and improvement of accuracy of desensitization on the user request data is facilitated.
Description
Technical Field
The present application relates to the field of data desensitization technologies, and in particular, to a data desensitization method and apparatus, a readable storage medium, and an electronic device.
Background
With the advent of the big data era and the mining of the business value of the big data, the huge business value hidden in the big data is gradually mined, but simultaneously, huge challenges such as the protection of personal private data information are brought. Personal information and personal behaviors are privacy of people and sensitive information concerned by people, and how to protect the privacy information of people on the basis of large data value mining is also a difficult problem to be solved for data desensitization.
At present, in the process of desensitizing data, a preset desensitization strategy is generally adopted to desensitize the data, and the situation that the data and the desensitization strategy are not matched exists in the process of desensitizing the data by using the same desensitization strategy, so that the desensitized data is inaccurate.
Disclosure of Invention
In view of this, embodiments of the present application provide at least a data desensitization method, an apparatus, a readable storage medium, and an electronic device, which can determine a data type to which user request data belongs according to user request data, and select a corresponding data type desensitization policy according to the data type of the user request data for desensitization, thereby improving accuracy of desensitization of the user request data.
The application mainly comprises the following aspects:
in a first aspect, an embodiment of the present application provides a data desensitization method, where the data desensitization method includes:
determining the data type of the user request data based on the acquired user request data;
determining a desensitization strategy for desensitizing the user requested data based on the data type;
desensitizing the user request data based on the desensitization strategy to obtain desensitized target data.
In some embodiments, before the determining the data type of the user request data based on the acquired user request data, the desensitization method further comprises:
acquiring login information and user identity information of a user;
detecting whether the login information is matched with verification information prestored in a verification database by the user identity information;
and if the login information is matched with the verification information, determining that the user request meets the request authentication standard.
In some embodiments, after the determining the data type of the user request data and determining a desensitization policy for desensitizing the user request data based on the data type, the desensitization method further includes:
based on the data type, carrying out normalization processing on the user request data;
and writing the user request data into a corresponding intermediate result library based on the data type.
In some embodiments, the data type includes one of a structured data type and an unstructured data type, and desensitizing the user requested data based on the desensitization policy to obtain desensitized target data includes:
if the data type is a structured data type, desensitizing the user request data based on a desensitization strategy of the structured data type;
and if the data type is an unstructured data type, desensitizing the user request data based on an unstructured data type desensitization strategy.
In some embodiments, after desensitizing the user-requested data based on the desensitization policy to obtain desensitized target data, the desensitization method further includes:
and storing the desensitized target data into a corresponding intermediate result library based on the data type of the user request data.
In some embodiments, the data is requested based on the obtained user; after determining the data type of the user requested data, the desensitization method further comprises:
detecting whether historical request data matched with the user request data exists in an intermediate result library corresponding to the data type or not based on the data type;
and if the history request data matched with the user request data exists in the intermediate result library corresponding to the data type, determining the history desensitization data corresponding to the history request data as the target data after the user request data is desensitized.
In some embodiments, after the desensitizing the user-requested data based on the desensitization policy to obtain desensitized target data, the desensitization method further includes:
and sending a reminding message to prompt that the desensitization process of the user request data is finished.
In a second aspect, embodiments of the present application further provide a data desensitization apparatus, including:
a confirmation module: the data type of the user request data is determined based on the acquired user request data;
a preprocessing module: determining a desensitization policy for desensitizing the user requested data based on the data type;
desensitization processing module: and the desensitization strategy is used for desensitizing the user request data based on the desensitization strategy to obtain desensitized target data.
In a third aspect, an embodiment of the present application further provides an electronic device, including: a processor, a memory and a bus, the memory storing machine-readable instructions executable by the processor, the processor and the memory communicating via the bus when the electronic device is operated, the machine-readable instructions being executable by the processor to perform the steps of the method of desensitizing data according to the first aspect or any one of the possible embodiments of the first aspect.
In a fourth aspect, this embodiment further provides a computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, performs the steps of the method for desensitizing data described in the first aspect or any one of the possible implementation manners of the first aspect.
The embodiment of the application provides a data desensitization method, a data desensitization device, a readable storage medium and electronic equipment, wherein the data type of user request data is determined based on the acquired user request data; determining a desensitization strategy for desensitizing the user requested data based on the data type; desensitizing the user request data based on the desensitization strategy to obtain desensitized target data.
In this way, the data type of the received user request data is determined, the desensitization strategy corresponding to the data type is selected according to the determined user request data type, and desensitization processing is performed on the user request data according to the desensitization strategy, so that the accuracy of the user request data is improved.
In order to make the aforementioned and other objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
FIG. 1 is a flow chart of a method of desensitizing data provided by an embodiment of the present application;
FIG. 2 is a flow chart of another method of desensitizing data provided by an embodiment of the present application;
FIG. 3 is a schematic structural diagram of a data desensitizing apparatus according to an embodiment of the present disclosure;
fig. 4 is a second schematic structural diagram of a data desensitizing apparatus according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
To make the purpose, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it should be understood that the drawings in the present application are for illustrative and descriptive purposes only and are not used to limit the scope of protection of the present application. Additionally, it should be understood that the schematic drawings are not necessarily drawn to scale. The flowcharts used in this application illustrate operations implemented according to some embodiments of the present application. It should be understood that the operations of the flow diagrams may be performed out of order, and that steps without logical context may be performed in reverse order or concurrently. One skilled in the art, under the guidance of this application, may add one or more other operations to, or remove one or more operations from, the flowchart.
In addition, the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present application without making any creative effort, shall fall within the protection scope of the present application.
To enable those skilled in the art to utilize the present disclosure in connection with certain application scenarios "determining a requested data type from user requested data, desensitizing the user requested data based on the requested data type," the following embodiments are presented, and it will be apparent to those skilled in the art that the general principles defined herein may be applied to other embodiments and application scenarios without departing from the spirit and scope of the present application.
The following method, apparatus, electronic device or computer-readable storage medium in the embodiments of the present application may be applied to any scenario that needs to perform data desensitization, and the embodiments of the present application do not limit specific application scenarios.
It is worth noting that, in the present stage, in the process of desensitizing data, a desensitization strategy is generally adopted to desensitize data, and data and the desensitization strategy do not match in the process of desensitizing data by the same desensitization strategy, which may cause inaccuracy of desensitized data.
In view of the above, one aspect of the present application provides a data desensitization method, which can determine a desensitization policy that matches a user request data type for the user request data type, and desensitize the user request data according to the matched desensitization policy, and is helpful for improving accuracy of desensitization of the user request data.
For the convenience of understanding of the present application, the technical solutions provided in the present application will be described in detail below with reference to specific embodiments.
Fig. 1 is a flowchart of a data desensitization method according to an embodiment of the present disclosure. As shown in fig. 1, the desensitization method comprises:
s101: and determining the data type of the user request data based on the acquired user request data.
In the step, after receiving a request data input instruction of a user, the data type to which the request data input by the user belongs is determined, so that the data type to which the request data of the user belongs is determined.
The user request data is data that the user needs to request to view, and may include electronic documents, mails, reports, audios, graphic images, and the like.
Here, the data types are divided into two types, one is structured data and the other is unstructured data. Structured data, also quantitative data, is information that can be represented by data or a uniform structure, is highly organized and well-formatted data, and may include credit card numbers, dates, telephone numbers, addresses, product names, and the like. Unstructured data is essentially all data outside structured data, and data with variable fields can include text documents, websites, emails, short messages, and the like. When the user request data is acquired, the data type to which the user request data belongs can be determined.
Here, the user request data in the embodiment of the present application is generally a type of data that contains sensitive information and needs to be desensitized to ensure data security.
S102: based on the data type, a desensitization policy is determined for desensitizing the user requested data.
In this step, after the data type is determined according to step S102, a desensitization policy matching the data type of the user requested data is determined according to the type of the user requested data, so as to desensitize the user requested data in a targeted manner.
Here, for different data types, desensitization needs to be performed according to different desensitization policies, that is, when a requested data type of a user is structured data, a desensitization rule corresponding to the structured data is determined, and when the requested data type of the user is unstructured data, a desensitization rule corresponding to the unstructured data is determined.
The desensitization policy corresponding to the Structured data may be a Structured Query Language Mask field processing rule (SQL statement field Mask processing rule), and the SQL statement field Mask processing rule is (1) Mask (field, start character, replacement character length, and Mask replacement character), for example: the field includes the number of segments in which the word to be masked is located, the start character includes the location of the word to be masked, the replacement character length is the number of words to be masked, and the mask replacement character includes other forms of characters to be replaced, such as "some" or "a", etc. (2) REPLACE (field, real character, replacement character length, post-replacement character), which may be used herein to process other information including information about address, age, date, etc. (3) ROUND (field, precision format) can be used to process other information including geographical location coordinates, such as precision including "00.00" and the like. The desensitization strategy corresponding to the unstructured data is a file content desensitization rule which is (1) MASK (field, starting character, replacing character length, shielding replacing character) and (2) REPLACE (field, real character, replacing character length, character after replacement).
In specific implementation, when the type of the requested data of the user is determined to be structured data, the SQL statement field Mask processing rule corresponding to the structured data is determined, and when the type of the requested data of the user is determined to be unstructured data, the file content desensitization rule corresponding to the unstructured data is determined.
For example, when a user requests to view a credit card number, the credit card number requested to be viewed by the user is judged to be structured data, and a desensitization policy corresponding to the structured data is determined to be an SQL statement field Mask processing rule according to the structured data. When a user requests to view a text document, the text document requested to be viewed by the user is judged to be unstructured data, and a desensitization strategy corresponding to the structured data is determined to be a file content desensitization rule according to the unstructured data.
S103: desensitizing the user request data based on the desensitization strategy to obtain desensitized target data.
If the data type is a structured data type, desensitizing the user request data based on a desensitization strategy of the structured data type; and if the data type is an unstructured data type, desensitizing the user request data based on an unstructured data type desensitization strategy.
In the step, desensitization is carried out according to a desensitization strategy corresponding to the user request data, and desensitized target data are obtained. Specifically, in some implementations, when the requested data of the user is structured data, desensitization processing is performed according to the desensitization policy corresponding to the structured data as SQL statement field Mask processing rules, for example, the requested data of the user is ID information, for example, ID number "123456789", and result obtained by SQL statement field Mask processing (ID, 2, 5, ") is" 1 ×) 6789 ". When the user requests data as date information, "2015-6-1", REPLACE (date, 5, 4, "1-1"), the result is "2015-1-1". When the user request data is a geographical position coordinate such as P (39.13589781, -77.158941), the ROUND (geographical position coordinate, "00.00") result is P (39.14, -77.16). And when the request data of the user is unstructured data, desensitizing the file content according to a desensitizing strategy corresponding to the unstructured data. For example, the requested data of the user is disease statistical information, and is processed by using a file content desensitization rule Mask (field, start character, replacement character length, and Mask character).
Here, the target data is data in which the user request data is desensitized.
The embodiment of the application provides a data desensitization method, which comprises the steps of determining a data type of user request data based on the acquired user request data, determining a desensitization strategy for desensitizing the user request data based on the data type, and desensitizing the user request data based on the desensitization strategy to obtain desensitized target data.
Therefore, the data type to which the user request data belongs can be judged according to the request data of the user, and the corresponding data type desensitization strategy is selected for desensitization according to the data type of the user request data, so that the accuracy of desensitization of the user request data is improved.
Fig. 2 is a flowchart of another data desensitization method provided in an embodiment of the present application, and as shown in fig. 2, the desensitization method includes:
s201: and acquiring login information and user identity information of the user.
The user login information comprises login information including a database/file library which is required to be checked by a user, and the user identity information comprises account and password information of the user.
Here, the system receives login information and user identity information from the database/file repository to be viewed by the client user.
S202: and detecting whether the login information is matched with verification information prestored in a verification database by the user identity information.
The verification database stores login information of a large number of users, and accurate login information, registration information and other information about the users can be checked in the verification database.
Here, the pre-stored verification information includes an account number, password information, and secret information preset in the database by the user.
Here, the user login information and the identity information sent by the client are acquired, and the user login information and the user identity information are matched with the verification information, which may be performed by matching the length and the position of the character string of the user login information and the user identity information with the length and the position of the character string of the verification information, so as to verify whether the login information matches with the verification information pre-stored in the verification database by the user identity information.
S203: and if the login information is matched with the verification information, determining that the user request meets the request authentication standard.
In the step, the login information and the user identity information of the user are acquired, and the login information of the user needs to be confirmed so as to prevent the illegal user from logging in and stealing important information. In the process of confirming the user login information, the user login information is matched with the verification information prestored in the database by the user, specifically, the user inputs the login information, the database matches whether the login information input by the user is consistent with the verification information prestored in the user, and when the login information input by the user is consistent with the verification information in the database, the user meets the requirement of requesting to check data so as to prevent lawbreakers from logging in an account to steal private information.
In specific implementation, when the user inputs login information and user identity information, the user identity information is verified, the login information input by the user is matched with verification information in a verification database in terms of the length and the position relation of character strings, and when the length, the position and other information of the character strings of the login information and the verification information are consistent, the user has access right. When the character string length, the position and other information of the login information of the user are inconsistent with those of the verification information, the user does not have access authority, the number of times of inputting the login information by the user can be set, for example, each user has 5 chances of re-inputting the login information, so that the user login information and the verification information are matched again each time, and if the 5 times of inputting the login information and the verification information are not matched successfully, the login information of the user is set to be in a locked state. It is also possible to set the time when the user is locked, for example when 1 hour later access can be continued by entering the correct login information. When the user forgets the login password, the password can be retrieved by using the secret protection question set in the verification information, correct identity information of the user is required to be input on the premise of retrieving the password, and the correct secret protection question is answered to acquire the login password, so that the user login information is prevented from being stolen by other people, and the safety of the user login information is protected.
S204: and determining the data type of the user request data based on the acquired user request data.
S205: based on the data type, a desensitization policy is determined for desensitizing the user requested data.
S206: desensitizing the user request data based on the desensitization strategy to obtain desensitized target data.
The descriptions of S204 to S206 may refer to the descriptions of S101 to S103, and the same technical effects can be achieved, which are not described in detail.
Further, after step S205, the desensitization method further includes: based on the data type, carrying out normalization processing on the user request data; and writing the user request data into a corresponding intermediate result library based on the data type.
The normalization processing is to unify the user request data into an expression form so as to store the user request data in a corresponding intermediate result library conveniently, and when the intermediate result library is requested to check the data, the user request data can be called through the unified expression form. The expression form of the acquired information in the database is as follows: select from, the information obtained from the corpus is expressed in the form: request from. And unifying the expression forms of the acquired information in the database/file library into get mask from. For example, the user request data is that the number of the identity document is acquired from the staff table as follows: (select ID from personnel table) is unified into get Mask (ID card number) from database/file table. When the user requests data to obtain the disease statistical information in the file library as (request disease statistical information from file library), unifying the (request disease statistical information from file library) into get Mask (disease statistical information) from database/file list.
The intermediate result library is used for storing the user request data and the desensitized target data, and is divided into a structured intermediate result library and an unstructured intermediate result library according to the classification of data types, each user request data carries the time written into the intermediate result library in the process of writing the user request data into the corresponding intermediate result library, and the retention time of the user request data in the intermediate result library can also be set.
The data types are normalized, so that the user request data can be conveniently called in the database/file library, the user request data are written into the corresponding intermediate result library, and the request data sent by the user can be checked in effective time.
In specific implementation, when the type of the user request data is structured data, the user request data is written into the structured intermediate result library in real time, and the retention time of the user request data in the structured intermediate result library is set. And when the type of the user request data is unstructured data, writing the user request data into the unstructured intermediate result library in real time, and setting the retention time of the user request data in the unstructured intermediate result library.
The retention time period may include 3 hours, 5 hours, or 12 hours, which is not limited in this section.
Further, the data type includes one of a structured data type and an unstructured data type, and step S206 includes: if the data type is a structured data type, desensitizing the user request data based on a desensitization strategy of the structured data type; and if the data type is an unstructured data type, desensitizing the user request data based on an unstructured data type desensitization strategy.
Specifically, in some implementations, when the requested data of the user is structured data, desensitization processing is performed according to the desensitization policy corresponding to the structured data as SQL statement field Mask processing rules, for example, the requested data of the user is ID information, for example, ID number "123456789", and result obtained by SQL statement field Mask processing (ID, 2, 5, ") is" 1 ×) 6789 ". When the user requests data as date information, "2015-6-1", REPLACE (date, 5, 4, "1-1"), the result is "2015-1-1". When the user request data is a geographical position coordinate such as P (39.13589781, -77.158941), the ROUND (geographical position coordinate, "00.00") result is P (39.14, -77.16). And when the request data of the user is unstructured data, desensitizing the file content according to a desensitizing strategy corresponding to the unstructured data. For example, the requested data of the user is disease statistical information, and is processed by using a file content desensitization rule Mask (field, start character, replacement character length, and Mask character).
Further, after step S206, the desensitization method further includes: and storing the desensitized target data into a corresponding intermediate result library based on the data type of the user request data.
The target data after the structural user request data is desensitized is stored in the structural intermediate result library, and the target data after the unstructured user request data is desensitized is stored in the unstructured intermediate result library, so that a user can conveniently and directly check through the intermediate result library.
In particular, in some implementations, the different data types correspond to different intermediate result libraries, and when the target desensitization data is structured data, the structured intermediate result libraries are stored with storage time, and the storage time of the structured target desensitization data in the structured intermediate result libraries can be set. When the target desensitization data is unstructured data, the unstructured data is stored in an unstructured intermediate result library, and the unstructured intermediate result library is stored with storage time, and the storage time of the unstructured target desensitization data in the unstructured intermediate result library can be set.
The retention time period may include 3 hours, 5 hours, or 12 hours, which is not limited in this section.
Further, after step S204, the desensitization method further includes: detecting whether historical request data matched with the user request data exists in an intermediate result library corresponding to the data type or not based on the data type; and if the history request data matched with the user request data exists in the intermediate result library corresponding to the data type, determining the history desensitization data corresponding to the history request data as the target data after the user request data is desensitized.
The history request data is previous user request data, the history desensitization data is target data after previous user request data is desensitized, and the history request data and the history desensitization data are in one-to-one correspondence.
Here, when the character string length, the content, and the position information of the user request data match the character string length, the content, and the position information of the history request data in the intermediate result base of the user request data type, the history desensitization data corresponding to the history request data is determined as the desensitized target data of the user request data.
In specific implementation, historical request data of a user is stored in a corresponding intermediate result library, the storage of the historical request data in the corresponding result library is limited by time, whether historical request data corresponding to the user request data exist in the intermediate result library corresponding to the user request data or not is judged, and if the historical request data exist, historical desensitization data corresponding to the historical request data are determined to be target data after the user request data are desensitized. And if the desensitized target data exists in the unstructured intermediate result library, providing the desensitized target data through a file access interface. And desensitization data of data requested by a user is directly acquired through historical data, so that desensitization efficiency is improved, and the load of a desensitization device is reduced.
Further, after step S206, the desensitization method further includes: and sending a reminding message to prompt that the desensitization process of the user request data is finished.
The message reminding comprises sending desensitized target data to a mobile phone of the user in a mode of sending a short message, and the content in the short message carries the time for the user to request data desensitization and the specific content of the desensitized target data to remind the user to check the desensitized target data in time.
The embodiment of the application provides a data desensitization method, which comprises the steps of obtaining login information and user identity information of a user, detecting whether the login information is matched with verification information prestored in a verification database by the user identity information, and determining that a user request meets a request verification standard if the login information is matched with the verification information. Determining the data type of the user request data based on the acquired user request data; and determining a desensitization strategy for desensitizing the user request data based on the data type, and desensitizing the user request data based on the desensitization strategy to obtain desensitized target data.
In this way, through the verification of the user identity, the user request data is obtained after the verification is successful, the type of the user request data is determined, the determined data type is desensitized according to a corresponding desensitization strategy, the desensitized target data is stored, and the completion of desensitization of the user is reminded in a message sending mode, so that the improvement of the accuracy of desensitization of the user request data is facilitated.
Based on the same application concept, the embodiment of the present application further provides a data desensitization apparatus corresponding to the data desensitization method provided by the foregoing embodiment, and as the principle of the apparatus in the embodiment of the present application for solving the problem is similar to the data desensitization method in the foregoing embodiment of the present application, the method can be referred to for implementation of the apparatus, and repeated details are omitted.
Referring to fig. 3 and 4, fig. 3 is a schematic structural diagram of a data desensitization apparatus according to an embodiment of the present disclosure, and fig. 4 is a second schematic structural diagram of a data desensitization apparatus according to an embodiment of the present disclosure. As shown in fig. 3, the desensitizing apparatus 300 includes:
referring to fig. 3, fig. 3 is a functional block diagram of a data desensitization apparatus according to an embodiment of the present application. As shown in fig. 3, the desensitizing apparatus 300 includes:
the confirmation module 301: and determining the data type of the user request data based on the acquired user request data.
The preprocessing module 302: based on the data type, a desensitization policy is determined for desensitizing the user requested data.
Desensitization processing module 303: desensitizing the user request data based on the desensitization strategy to obtain desensitized target data.
Optionally, the data type includes one of a structured data type and an unstructured data type, the desensitization processing module 303 is configured to desensitize the user requested data based on the desensitization policy to obtain desensitized target data, and the desensitization processing module 303 is configured to:
the desensitization processing module is used for desensitizing the user request data based on a desensitization strategy of the structured data type if the data type is the structured data type;
and if the data type is an unstructured data type, desensitizing the user request data based on an unstructured data type desensitization strategy.
Further, as shown in fig. 4, the desensitization apparatus 300 further includes a request verification module 304, where the request verification module 304 is configured to:
acquiring login information and user identity information of a user;
detecting whether the login information is matched with check information prestored in a verification database or not;
and if the login information is matched with the verification information, determining that the user request meets the request authentication standard.
Further, as shown in fig. 4, the desensitization apparatus 300 further includes a data processing module 305, and the data processing module 305 is configured to:
based on the data type, carrying out normalization processing on the user request data;
and writing the user request data into a corresponding intermediate result library based on the data type.
Further, as shown in fig. 4, the desensitization apparatus 300 further includes a storage module 306, the storage module 306 is configured to:
and storing the desensitized target data into a corresponding intermediate result library based on the data type of the user request data.
Further, as shown in fig. 4, the desensitizing apparatus 300 further includes a detecting module 307, wherein the detecting module 307 is configured to:
detecting whether historical request data matched with the user request data exists in an intermediate result library corresponding to the data type or not based on the data type;
and if the history request data matched with the user request data exists in the intermediate result library corresponding to the data type, determining the history desensitization data corresponding to the history request data as the target data after the user request data is desensitized.
Further, as shown in fig. 4, the desensitization apparatus 300 further includes a reminder module 308, the reminder module 308 is configured to:
and sending a reminding message to prompt that the desensitization process of the user request data is finished.
The embodiment of the application provides a desensitization device of data, and a confirmation module is used for determining the data type of user request data based on acquired user request data, a preprocessing module is used for determining a desensitization strategy for desensitizing the user request data based on the data type, and a desensitization processing module is used for desensitizing the user request data based on the desensitization strategy to obtain desensitized target data.
Therefore, the type of the user request data can be determined according to the user request data, different data types correspond to different desensitization strategies, data desensitization can be carried out according to the desensitization strategies corresponding to the user request data types, and improvement of accuracy of desensitization of the user request data is facilitated.
Referring to fig. 5, fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure. As shown in fig. 5, the electronic device 500 includes a processor 510, a memory 520, and a bus 530.
The memory 520 stores machine-readable instructions executable by the processor 510, when the electronic device 500 runs, the processor 510 and the memory 520 communicate through the bus 530, and when the machine-readable instructions are executed by the processor 510, the steps of the data desensitization method in the method embodiment shown in fig. 1 and fig. 2 may be performed.
An embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the data desensitization method in the embodiments shown in fig. 1 and fig. 2 may be executed.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the system and the apparatus described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a non-volatile computer-readable storage medium executable by a processor. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A method of desensitizing data, said desensitizing method comprising:
determining the data type of the user request data based on the acquired user request data;
determining a desensitization strategy for desensitizing the user requested data based on the data type;
desensitizing the user request data based on the desensitization strategy to obtain desensitized target data.
2. The desensitization method according to claim 1, wherein prior to said determining a data type of the user requested data based on the obtained user requested data, the desensitization method further comprises:
acquiring login information and user identity information of a user;
detecting whether the login information is matched with verification information prestored in a verification database by the user identity information;
and if the login information is matched with the verification information, determining that the user request meets the request authentication standard.
3. The desensitization method according to claim 1, wherein after said determining a data type of the user requested data, determining a desensitization policy for desensitizing the user requested data based on the data type, the desensitization method further comprises:
based on the data type, carrying out normalization processing on the user request data;
and writing the user request data into a corresponding intermediate result library based on the data type.
4. A desensitization method according to claim 1, wherein said data types comprise one of structured data types and unstructured data types, said desensitizing said user requested data based on said desensitization policy to obtain desensitized target data comprising:
if the data type is a structured data type, desensitizing the user request data based on a desensitization strategy of the structured data type;
and if the data type is an unstructured data type, desensitizing the user request data based on an unstructured data type desensitization strategy.
5. The desensitization method according to claim 1, wherein after said desensitizing the user-requested data based on the desensitization policy to obtain desensitized target data, the desensitization method further comprises:
and storing the desensitized target data into a corresponding intermediate result library based on the data type of the user request data.
6. The desensitization method according to claim 1, wherein after said determining a data type of the user requested data based on the obtained user requested data, the desensitization method further comprises:
detecting whether historical request data matched with the user request data exists in an intermediate result library corresponding to the data type or not based on the data type;
and if the history request data matched with the user request data exists in the intermediate result library corresponding to the data type, determining the history desensitization data corresponding to the history request data as the target data after the user request data is desensitized.
7. The desensitization method according to claim 1, wherein after said desensitizing the user-requested data based on the desensitization policy to obtain desensitized target data, the desensitization method further comprises:
and sending a reminding message to prompt that the desensitization process of the user request data is finished.
8. A data desensitization apparatus, said desensitization apparatus comprising:
a confirmation module: the data type of the user request data is determined based on the acquired user request data;
a preprocessing module: determining a desensitization policy for desensitizing the user requested data based on the data type;
desensitization processing module: and the desensitization strategy is used for desensitizing the user request data based on the desensitization strategy to obtain desensitized target data.
9. An electronic device, comprising: a processor, a memory and a bus, the memory storing machine-readable instructions executable by the processor, the processor and the memory communicating over the bus when the electronic device is operated, the machine-readable instructions when executed by the processor performing the steps of the method of desensitizing data according to any of claims 1 to 7.
10. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, performs the steps of the method for desensitizing data according to any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011409469.2A CN112417406A (en) | 2020-12-04 | 2020-12-04 | Data desensitization method and device, readable storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011409469.2A CN112417406A (en) | 2020-12-04 | 2020-12-04 | Data desensitization method and device, readable storage medium and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112417406A true CN112417406A (en) | 2021-02-26 |
Family
ID=74830296
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011409469.2A Pending CN112417406A (en) | 2020-12-04 | 2020-12-04 | Data desensitization method and device, readable storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112417406A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113297623A (en) * | 2021-06-23 | 2021-08-24 | 天道金科股份有限公司 | Sensitive data desensitization system based on database |
| US20220321605A1 (en) * | 2021-04-01 | 2022-10-06 | Cisco Technology, Inc. | Verifying trust postures of heterogeneous confidential computing clusters |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109325326A (en) * | 2018-08-16 | 2019-02-12 | 深圳云安宝科技有限公司 | Data desensitization method, device, equipment and medium when unstructured data accesses |
| CN109583226A (en) * | 2018-10-26 | 2019-04-05 | 平安科技(深圳)有限公司 | Data desensitization process method, apparatus and electronic equipment |
| CN109840424A (en) * | 2018-12-18 | 2019-06-04 | 合肥天源迪科信息技术有限公司 | A kind of data base encryption and the system that desensitizes |
| CN110502924A (en) * | 2019-08-23 | 2019-11-26 | 恩亿科(北京)数据科技有限公司 | A kind of data desensitization method, data desensitization device and readable storage medium storing program for executing |
| CN110795756A (en) * | 2019-09-25 | 2020-02-14 | 江苏满运软件科技有限公司 | Data desensitization method and device, computer equipment and computer readable storage medium |
-
2020
- 2020-12-04 CN CN202011409469.2A patent/CN112417406A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109325326A (en) * | 2018-08-16 | 2019-02-12 | 深圳云安宝科技有限公司 | Data desensitization method, device, equipment and medium when unstructured data accesses |
| CN109583226A (en) * | 2018-10-26 | 2019-04-05 | 平安科技(深圳)有限公司 | Data desensitization process method, apparatus and electronic equipment |
| CN109840424A (en) * | 2018-12-18 | 2019-06-04 | 合肥天源迪科信息技术有限公司 | A kind of data base encryption and the system that desensitizes |
| CN110502924A (en) * | 2019-08-23 | 2019-11-26 | 恩亿科(北京)数据科技有限公司 | A kind of data desensitization method, data desensitization device and readable storage medium storing program for executing |
| CN110795756A (en) * | 2019-09-25 | 2020-02-14 | 江苏满运软件科技有限公司 | Data desensitization method and device, computer equipment and computer readable storage medium |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20220321605A1 (en) * | 2021-04-01 | 2022-10-06 | Cisco Technology, Inc. | Verifying trust postures of heterogeneous confidential computing clusters |
| CN113297623A (en) * | 2021-06-23 | 2021-08-24 | 天道金科股份有限公司 | Sensitive data desensitization system based on database |
| CN113297623B (en) * | 2021-06-23 | 2022-05-10 | 天道金科股份有限公司 | Sensitive data desensitization system based on database |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6044349A (en) | Secure and convenient information storage and retrieval method and apparatus | |
| CN109815742B (en) | Data desensitization method and device | |
| WO2020134657A1 (en) | System log desensitization method, desensitization system, computer device, and storage medium | |
| CN110727954B (en) | Data authorization desensitization automation method, device and storage medium | |
| US7249261B2 (en) | Method for securely supporting password change | |
| US11899816B2 (en) | Batch tokenization service | |
| US10069831B2 (en) | Using third party information to improve predictive strength for authentications | |
| CN112883405B (en) | Data desensitization method, device, equipment and storage medium | |
| CN112417406A (en) | Data desensitization method and device, readable storage medium and electronic equipment | |
| WO2020190309A1 (en) | Method and system for managing personal digital identifiers of a user in a plurality of data elements | |
| CN110336786B (en) | Message sending method, device, computer equipment and storage medium | |
| CN116484437B (en) | Asset information management method and device and computer equipment | |
| CN106161095B (en) | Early warning method and device for data leakage | |
| CN112163214A (en) | Data access method and device | |
| CN115795538A (en) | Desensitization document anti-desensitization method, apparatus, computer device and storage medium | |
| CN110750765A (en) | Service system, front-end page control method thereof, computer device, and storage medium | |
| US20210256149A1 (en) | De-tokenization patterns and solutions | |
| JP2001117661A (en) | Portable information terminal equipment and program recording medium for the same | |
| CN116644473A (en) | Data desensitization method and device | |
| KR20160028952A (en) | an apparatus for protecting private information, a method of protecting private information, and a storage medium for storing a program protecting private information | |
| CN112950154A (en) | Flow information matching method, device, equipment and storage medium | |
| CN108734814B (en) | Visitor information processing method and device | |
| JP4718131B2 (en) | Personal information management system | |
| US20220377082A1 (en) | Virtual id and methods of use thereof | |
| KR20190019607A (en) | User terminal, method for managing personal data, and computer readable recording medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |