CN113055159B - Data desensitization method and device - Google Patents
Data desensitization method and device Download PDFInfo
- Publication number
- CN113055159B CN113055159B CN202110097383.9A CN202110097383A CN113055159B CN 113055159 B CN113055159 B CN 113055159B CN 202110097383 A CN202110097383 A CN 202110097383A CN 113055159 B CN113055159 B CN 113055159B
- Authority
- CN
- China
- Prior art keywords
- data
- key
- trend
- dynamic
- acquiring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000000586 desensitisation Methods 0.000 title claims abstract description 35
- 238000012545 processing Methods 0.000 claims abstract description 34
- 230000008859 change Effects 0.000 claims abstract description 9
- 238000004891 communication Methods 0.000 claims description 11
- 238000003860 storage Methods 0.000 claims description 10
- 238000011282 treatment Methods 0.000 claims description 10
- 230000008569 process Effects 0.000 claims description 9
- 230000004048 modification Effects 0.000 claims description 7
- 238000012986 modification Methods 0.000 claims description 7
- 238000003672 processing method Methods 0.000 claims description 6
- 238000012360 testing method Methods 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 7
- 238000004590 computer program Methods 0.000 description 6
- 238000004422 calculation algorithm Methods 0.000 description 5
- 238000004519 manufacturing process Methods 0.000 description 5
- 238000005336 cracking Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000035945 sensitivity Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000004088 simulation Methods 0.000 description 2
- 238000011981 development test Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011946 reduction process Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
- H04L9/0833—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
In order to realize the data desensitization of safely and effectively shielding securities trade trend information, the inventor proposes a data desensitization method: acquiring data to be desensitized; establishing first trend data and second trend data according to the data to be desensitized; acquiring a user password, and acquiring a dynamic key according to the user password and a preset dynamic key scheme; according to the user password and the dynamic key, changing the first trend data to obtain new first trend data; and establishing new second trend data through the new first trend data, and carrying out change processing on the second trend data according to the new second trend data, the user password and the dynamic key. According to the scheme, the high-value information of the securities trade streamline trend is finally shielded and covered by dividing the data units and disturbing the two-stage data units, so that the safety of the data in a plurality of scenes such as sharing, transferring and testing environments is ensured, and leakage is avoided.
Description
Technical Field
The invention relates to the field of computer software, in particular to a desensitization method and device for sensitive data in securities industry.
Background
With the rapid development of information technology, enterprise business systems have been precipitated for many years, and a large amount of personal privacy data and enterprise high-value information have been accumulated. Besides internal circulation, the massive data also needs to be shared externally, which is also a requirement and a precondition for national big data development strategy planning. How to ensure the safety and availability of data in the scenes of generation, exchange, sharing, development test and the like becomes a key problem which needs to be solved by the current clients. Data desensitization is also one of the important means for solving the above problems.
The data desensitization is to deform sensitive data, so as to protect the security of private data and other information, such as personal identity information, mobile phone number, bank card information and other sensitive data collected by institutions and enterprises. Data desensitization techniques are typically applied in data-out scenarios, such as where production data needs to be directed to a developer, tester, analyst, etc.
The existing static desensitization products and techniques are more based on general personal privacy data, such as identity card numbers, mobile phone numbers, electronic mailboxes and the like, for carrying out desensitization processing of shielding or simulation algorithms. The shielding mode is mainly used for carrying out partial information on high-sensitivity data, and the aim of reducing the sensitivity of the data is achieved by replacing invalid characters. The simulation is to produce new data with a data format meeting the requirements through an algorithm meeting the data format requirements, but the content is meaningless, for example, the digital replacement meeting the format requirements is carried out on the identification card number, so as to obtain another simulation identification card number.
However, the prior art mainly aims at the general personal privacy information to perform desensitization treatment, and lacks specific support of a desensitization algorithm for high value and high sensitivity data or data trend of special characteristics of the securities industry, so that special high sensitivity data of the securities industry lacks protection means.
Of particular importance, current desensitization techniques are more directed to corresponding desensitization treatments for individual data or correlations of the same piece of data. For example, an identification card number, a mobile phone number, or a desensitization process that maintains the association of an identification card number and a birthday in a piece of data, but lacks the ability to desensitize and mask trending high value information that can be represented by continuous data. Since the sensitive data related to the securities trade can always expose a certain trend of the securities trade market through the securities trade trend of a large-scale user, the securities trade trend is very high-value information in the securities trade. At present, the security protection treatment of the high-sensitivity information cannot be carried out by the desensitization technology and the product.
Disclosure of Invention
Accordingly, the inventors have recognized that it is necessary to devise a data desensitization scheme that can safely and effectively mask security trade trend information.
Based on this, the inventors propose a data desensitization method comprising the steps of:
acquiring data to be desensitized;
establishing first trend data and second trend data according to the data to be desensitized;
acquiring a user password, and acquiring a dynamic key according to the user password and a preset dynamic key scheme;
according to the user password and the dynamic key, changing the first trend data to obtain new first trend data;
and establishing new second trend data through the new first trend data, and carrying out change processing on the second trend data according to the new second trend data, the user password and the dynamic key.
Further, in the data desensitization method, the step of acquiring the dynamic key according to the user password and a preset dynamic key scheme specifically includes: acquiring a dynamic factor according to the unique serial number of the equipment and the random number based on time;
generating a key queue according to the dynamic factor, wherein the key queue length is larger than 102400;
performing encryption processing on the key queue, wherein the encryption processing method comprises DES or SHA;
obtaining a key factor according to the user password;
and generating a dynamic key according to the key factor.
Further, in the data desensitization method, the step of generating a dynamic key according to the key factor specifically includes:
acquiring a dynamic key definition block from the key queue through the key factor and decrypting the dynamic key definition block;
acquiring a type definition of a dynamic key;
generating a dynamic key through the type definition of the dynamic key and the key factor.
Further, in the data desensitization method, the number of the data to be desensitized is 3*N, wherein N is 10 times of the minimum number of items formulated by the user; the first trend data has N pieces of data to be desensitized as a baseline.
Further, in the data desensitization method, after the modification treatment of the data to be desensitized, the data desensitization method further comprises a data restoration process, and specifically comprises the following steps:
acquiring data to be restored from the data subjected to desensitization treatment, wherein the number of the data to be restored is 3*N, and N is 10 times of the minimum number of items prepared by a user;
acquiring a user password, and acquiring a decryption key according to the user password;
carrying out first restoration processing on the data to be restored according to the user key and the decryption key, and splitting the data into 3 parts to obtain first restored data;
and carrying out second restoration processing on the first restoration data according to the user key and the decryption key to obtain second restoration data.
The inventor simultaneously provides a data desensitizing device which comprises a communication unit, a storage unit, a trend model acquisition unit, a dynamic key acquisition unit and an encryption unit;
the communication unit is used for acquiring data to be desensitized and storing the data in the storage unit;
the trend model acquisition unit is used for establishing first trend data and second trend data according to the data to be desensitized;
the communication unit is also used for acquiring a user password, and the dynamic key acquisition unit is used for acquiring a dynamic key according to the user password and a preset dynamic key scheme;
the encryption unit is used for carrying out change processing on the first trend data according to the user password and the dynamic key to obtain new first trend data;
the encryption unit is also used for establishing new second trend data through the new first trend data, and carrying out change processing on the second trend data according to the new second trend data, the user password and the dynamic key.
Further, in the data desensitizing device, the dynamic key obtaining unit "obtains a dynamic key according to the user password and a preset dynamic key scheme" specifically includes:
acquiring a dynamic factor according to the unique serial number of the equipment and the random number based on time;
generating a key queue according to the dynamic factor, wherein the key queue length is larger than 102400;
performing encryption processing on the key queue, wherein the encryption processing method comprises DES or SHA;
obtaining a key factor according to the user password;
and generating a dynamic key according to the key factor.
Further, in the data desensitizing apparatus, the dynamic key obtaining unit "generates a dynamic key according to the key factor" specifically includes:
acquiring a dynamic key definition block from the key queue through the key factor and decrypting the dynamic key definition block;
acquiring a type definition of a dynamic key;
generating a dynamic key through the type definition of the dynamic key and the key factor.
Further, in the data desensitizing device, the number of the data to be desensitized is 3*N, wherein N is 10 times of the minimum number of items formulated by the user; the first trend data has N pieces of data to be desensitized as a baseline.
Further, the data desensitizing device further includes a restoring unit, where the restoring unit is configured to restore the data after the modification processing of the data to be desensitized, and specifically includes:
acquiring data to be restored from the data subjected to desensitization treatment, wherein the number of the data to be restored is 3*N, and N is 10 times of the minimum number of items prepared by a user;
acquiring a user password, and acquiring a decryption key according to the user password;
carrying out first restoration processing on the data to be restored according to the user key and the decryption key, and splitting the data into 3 parts to obtain first restored data;
and carrying out second restoration processing on the first restoration data according to the user key and the decryption key to obtain second restoration data.
According to the technical scheme, the trend situation of the security transaction flow is carried out through the multi-level dynamic factors and the double factors (the user key is combined with the dynamic key), the high-value information of the security transaction flow trend is finally shielded and covered in a mode of dividing the data units and disturbing the two-level data units, so that the safety of data in a plurality of scenes such as sharing, transferring and testing environments is ensured, and leakage is avoided. Meanwhile, the algorithm supports a restorable mode, so that the capability of convenient, safe and reusable data after being authorized is ensured. Because of the unpredictable and guessing conditions of the dynamic multifactor, the difficulty of cracking the data after desensitization is greatly improved, and the safety of the data is greatly improved.
Drawings
FIG. 1 is a flow chart of a data desensitization method according to an embodiment of the invention;
fig. 2 is a schematic structural diagram of a data desensitizing apparatus according to an embodiment of the invention.
Reference numerals illustrate:
1-communication unit
2-memory cell
3-trend model acquisition unit
4-a dynamic key acquisition unit; 41-a dynamic factor acquisition module; 42-a key queue acquisition module;
43-Key factor acquisition Module
5-encryption unit
6-reduction unit
Detailed Description
In order to describe the technical content, constructional features, achieved objects and effects of the technical solution in detail, the following description is made in connection with the specific embodiments in conjunction with the accompanying drawings.
Referring to fig. 1, a flowchart of a data desensitizing method according to an embodiment of the invention is shown; the method comprises the following steps:
s1, acquiring data to be desensitized;
s2, establishing first trend data and second trend data according to the data to be desensitized;
s3, acquiring a user password, and acquiring a dynamic key according to the user password and a preset dynamic key scheme;
s4, changing the first trend data according to the user password and the dynamic key to obtain new first trend data;
s5, establishing new second trend data through the new first trend data, and carrying out change processing on the second trend data according to the new second trend data, the user password and the dynamic key.
In some embodiments, the step S3 of "obtaining the dynamic key according to the user password and the preset dynamic key scheme" specifically includes:
s31, acquiring dynamic factors according to the unique serial number of the equipment and the random number based on time;
s32, generating a key queue according to the dynamic factor, wherein the key queue length is larger than 102400;
s33, carrying out encryption processing on the key queue, wherein the encryption processing method comprises DES or SHA; the encryption processing is to encrypt each field of the key queue one by one;
s34, acquiring a key factor according to the user password;
s35, generating a dynamic key according to the key factor.
Further, in some other embodiments, the "generating a dynamic key according to the key factor" in step S35 further specifically includes:
acquiring a dynamic key definition block from the key queue through the key factor and decrypting the dynamic key definition block;
acquiring a type definition of a dynamic key;
generating a dynamic key through the type definition of the dynamic key and the key factor.
That is, in the acquisition of the dynamic key, the type definition of the dynamic key is of random nature, so that the specific definition composition of the dynamic key is ensured to be dynamic and random, wherein no component is involved, and the difficulty of key cracking can be ensured to a great extent. Encryption of the key queue ensures that the key queue decrypts the dynamic key definition block only after the definition block is acquired, thereby ensuring the safety of dynamic key production to a greater extent.
In addition, the "acquire data to be desensitized" described in step S1 directly acquires the data to be desensitized in an amount of 3*N in some embodiments. In other embodiments, it is also possible to randomly or as desired select the 3*N number of data to be desensitized from the acquired large number of data (3*N pieces of data are consecutive). Wherein N is 10 times the minimum number of entries M formulated by the user; m is a positive integer greater than or equal to 1 configured by the user. Then, N pieces of data to be desensitized are taken as a base line according to the first trend data.
Further, in the data desensitizing method, after the modification processing of the data to be desensitized, the method further includes step S6: the data reduction process specifically comprises the following steps:
s61, acquiring data to be restored from the data subjected to the desensitization treatment, wherein the number of the data to be restored is 3*N, and N is 10 times of the minimum number of items prepared by a user;
s62, acquiring a user password, and acquiring a decryption key according to the user password;
s63, carrying out first restoration processing on the data to be restored according to the user key and the decryption key, and splitting the data into 3 parts to obtain first restored data;
s64, performing second restoration processing on the first restoration data according to the user key and the decryption key to obtain second restoration data.
The inventor simultaneously provides a data desensitizing device which comprises a communication unit 1, a storage unit 2, a trend model acquisition unit 3, a dynamic key acquisition unit 4 and an encryption unit 5;
the communication unit 1 is used for acquiring data to be desensitized and storing the data in the storage unit 2;
the trend model obtaining unit 3 is used for establishing first trend data and second trend data according to the data to be desensitized;
the communication unit 1 is further configured to obtain a user password, and the dynamic key obtaining unit 4 is configured to obtain a dynamic key according to the user password and a preset dynamic key scheme;
the encryption unit 5 is configured to change the first trend data according to the user password and the dynamic key, so as to obtain new first trend data;
the encryption unit 5 is further configured to establish new second trend data according to the new first trend data, and perform modification processing on the second trend data according to the new second trend data, the user password and the dynamic key.
Further, in some embodiments, in the data desensitizing apparatus, the dynamic key obtaining unit 4 "obtains a dynamic key according to the user password and a preset dynamic key scheme" further specifically includes:
the dynamic key obtaining unit 4 further includes a dynamic factor obtaining module 41, a key queue obtaining module 42, and a key factor obtaining module 43; the dynamic key obtaining unit 4 obtains the dynamic key specifically by:
s31, a dynamic factor obtaining module 41 obtains a dynamic factor according to the unique serial number of the equipment and a random number based on time;
s32, a key queue obtaining module 42 generates a key queue according to the dynamic factor, wherein the length of the key queue is larger than 102400;
s33, the encryption unit 5 carries out encryption processing on the key queue, wherein the encryption processing method comprises DES or SHA; the encryption processing is to encrypt each field of the key queue one by one;
s34, a key factor obtaining module 43 obtains a key factor according to the user password;
s35, the dynamic key obtaining unit 4 generates a dynamic key according to the key factor.
Further, in some other embodiments, the dynamic key obtaining unit 4 "generates a dynamic key according to the key factor" further specifically includes:
acquiring a dynamic key definition block from the key queue through the key factor and decrypting the dynamic key definition block;
acquiring a type definition of a dynamic key;
generating a dynamic key through the type definition of the dynamic key and the key factor.
That is, in the acquisition of the dynamic key, the type definition of the dynamic key is of random nature, so that the specific definition composition of the dynamic key is ensured to be dynamic and random, wherein no component is involved, and the difficulty of key cracking can be ensured to a great extent. Encryption of the key queue ensures that the key queue decrypts the dynamic key definition block only after the definition block is acquired, thereby ensuring the safety of dynamic key production to a greater extent.
Further, in the data desensitizing apparatus, the communication unit 1 "acquires data to be desensitized" directly acquires the data to be desensitized with the number of 3*N in some embodiments, and may also be the data to be desensitized with the number of 3*N selected randomly or according to need from the acquired data. Wherein N is 10 times the minimum number of entries M formulated by the user; m is a positive integer greater than or equal to 1 configured by the user. Then, N pieces of data to be desensitized are taken as a base line according to the first trend data.
Further, the data desensitizing device further includes a restoring unit 6, where the restoring unit 6 is configured to restore the data after the changing process of the data to be desensitized, and specifically includes:
acquiring data to be restored from the data subjected to desensitization treatment, wherein the number of the data to be restored is 3*N, and N is 10 times of the minimum number of items prepared by a user;
acquiring a user password, and acquiring a decryption key according to the user password;
carrying out first restoration processing on the data to be restored according to the user key and the decryption key, and splitting the data into 3 parts to obtain first restored data;
and carrying out second restoration processing on the first restoration data according to the user key and the decryption key to obtain second restoration data.
According to the technical scheme, aiming at unique characteristics of trend information formed by financial transaction data, the trend situation of the ticket transaction flow is innovatively carried out through a multi-stage dynamic factor and a double factor (a user key is combined with a dynamic key), the high-value information of the ticket transaction flow trend is finally shielded and covered in a mode of disturbing two-stage data units by dividing the data units, and in addition, the production mode of the dynamic factor also has the characteristic of high discreteness, so that the safety of the data in multiple scenes such as sharing, transferring, testing environments and the like is ensured, and leakage is avoided. Meanwhile, the algorithm supports a restorable mode, so that the capability of convenient, safe and reusable data after being authorized is ensured. Because of the unpredictable and guessing conditions of the dynamic multifactor, the difficulty of cracking the data after desensitization is greatly improved, and the safety of the data is greatly improved.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the statement "comprising … …" or "comprising … …" does not exclude the presence of additional elements in a process, method, article or terminal device comprising the element. Further, herein, "greater than," "less than," "exceeding," and the like are understood to not include the present number; "above", "below", "within" and the like are understood to include this number.
It will be appreciated by those skilled in the art that the various embodiments described above may be provided as methods, apparatus, or computer program products. These embodiments may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. All or part of the steps in the methods according to the above embodiments may be implemented by a program for instructing related hardware, and the program may be stored in a storage medium readable by a computer device, for performing all or part of the steps in the methods according to the above embodiments. The computer device includes, but is not limited to: personal computers, servers, general purpose computers, special purpose computers, network devices, embedded devices, programmable devices, intelligent mobile terminals, intelligent home devices, wearable intelligent devices, vehicle-mounted intelligent devices and the like; the storage medium includes, but is not limited to: RAM, ROM, magnetic disk, magnetic tape, optical disk, flash memory, usb disk, removable hard disk, memory card, memory stick, web server storage, web cloud storage, etc.
The embodiments described above are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a computer device to produce a machine, such that the instructions, which execute via the processor of the computer device, create means for implementing the functions specified in the flowchart block or blocks and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer device-readable memory that can direct a computer device to function in a particular manner, such that the instructions stored in the computer device-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer apparatus to cause a series of operational steps to be performed on the computer apparatus to produce a computer implemented process such that the instructions which execute on the computer apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While the embodiments have been described above, other variations and modifications will occur to those skilled in the art once the basic inventive concepts are known, and it is therefore intended that the foregoing description and drawings illustrate only embodiments of the invention and not limit the scope of the invention, and it is therefore intended that the invention not be limited to the specific embodiments described, but that the invention may be practiced with their equivalent structures or with their equivalent processes or with their use directly or indirectly in other related fields.
Claims (6)
1. A method of desensitizing data comprising the steps of:
acquiring data to be desensitized;
establishing first trend data and second trend data according to the data to be desensitized;
the method for obtaining the user password comprises the steps of obtaining a dynamic key according to the user password and a preset dynamic key scheme, and specifically comprises the following steps: acquiring a dynamic factor according to the unique serial number of the equipment and the random number based on time; generating a key queue according to the dynamic factor, wherein the key queue length is larger than 102400; performing encryption processing on the key queue, wherein the encryption processing method comprises DES or SHA; obtaining a key factor according to the user password; generating a dynamic key according to the key factor, specifically including: acquiring a dynamic key definition block from the key queue through the key factor and decrypting the dynamic key definition block; acquiring a type definition of a dynamic key; generating a dynamic key through the type definition of the dynamic key and the key factor;
according to the user password and the dynamic key, changing the first trend data to obtain new first trend data;
and establishing new second trend data through the new first trend data, and carrying out change processing on the second trend data according to the new second trend data, the user password and the dynamic key.
2. The data desensitization method according to claim 1, wherein the number of data to be desensitized is 3*N, where N is 10 times the minimum number of entries formulated by the user; the first trend data has N pieces of data to be desensitized as a baseline.
3. The data desensitization method according to claim 1, further comprising a data restoration process after the modification processing of the data to be desensitized, specifically comprising the steps of:
acquiring data to be restored from the data subjected to desensitization treatment, wherein the number of the data to be restored is 3*N, and N is 10 times of the minimum number of items prepared by a user;
acquiring a user password, and acquiring a decryption key according to the user password;
carrying out first restoration processing on the data to be restored according to the user key and the decryption key, and splitting the data into 3 parts to obtain first restored data;
and carrying out second restoration processing on the first restoration data according to the user key and the decryption key to obtain second restoration data.
4. The data desensitization device is characterized by comprising a communication unit, a storage unit, a trend model acquisition unit, a dynamic key acquisition unit and an encryption unit;
the communication unit is used for acquiring data to be desensitized and storing the data in the storage unit;
the trend model acquisition unit is used for establishing first trend data and second trend data according to the data to be desensitized;
the communication unit is further configured to obtain a user password, and the dynamic key obtaining unit is configured to obtain a dynamic key according to the user password and a preset dynamic key scheme, and specifically includes: acquiring a dynamic factor according to the unique serial number of the equipment and the random number based on time; generating a key queue according to the dynamic factor, wherein the key queue length is larger than 102400; performing encryption processing on the key queue, wherein the encryption processing method comprises DES or SHA; obtaining a key factor according to the user password; generating a dynamic key according to the key factor, specifically including: acquiring a dynamic key definition block from the key queue through the key factor and decrypting the dynamic key definition block; acquiring a type definition of a dynamic key; generating a dynamic key through the type definition of the dynamic key and the key factor;
the encryption unit is used for carrying out change processing on the first trend data according to the user password and the dynamic key to obtain new first trend data;
the encryption unit is also used for establishing new second trend data through the new first trend data, and carrying out change processing on the second trend data according to the new second trend data, the user password and the dynamic key.
5. The data desensitizing apparatus according to claim 4, wherein the number of data to be desensitized is 3*N, where N is 10 times the minimum number of items formulated by the user; the first trend data has N pieces of data to be desensitized as a baseline.
6. The data desensitizing apparatus according to claim 4, further comprising a restoring unit for restoring the data after the modification processing of the data to be desensitized, specifically comprising:
acquiring data to be restored from the data subjected to desensitization treatment, wherein the number of the data to be restored is 3*N, and N is 10 times of the minimum number of items prepared by a user;
acquiring a user password, and acquiring a decryption key according to the user password;
carrying out first restoration processing on the data to be restored according to the user key and the decryption key, and splitting the data into 3 parts to obtain first restored data;
and carrying out second restoration processing on the first restoration data according to the user key and the decryption key to obtain second restoration data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110097383.9A CN113055159B (en) | 2021-01-25 | 2021-01-25 | Data desensitization method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110097383.9A CN113055159B (en) | 2021-01-25 | 2021-01-25 | Data desensitization method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113055159A CN113055159A (en) | 2021-06-29 |
CN113055159B true CN113055159B (en) | 2023-11-21 |
Family
ID=76508659
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110097383.9A Active CN113055159B (en) | 2021-01-25 | 2021-01-25 | Data desensitization method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113055159B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117874556B (en) * | 2024-03-12 | 2024-06-04 | 国网河南省电力公司经济技术研究院 | Block chain-based power big data secure sharing method |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015104629A1 (en) * | 2014-01-10 | 2015-07-16 | パナソニックIpマネジメント株式会社 | Key information control device, key information updating device, program and recording medium, key information updating method, and key information updating system |
CN106203139A (en) * | 2016-07-13 | 2016-12-07 | 成都知道创宇信息技术有限公司 | A kind of data local desensitization method |
CN108470127A (en) * | 2017-02-23 | 2018-08-31 | 全球能源互联网研究院 | A kind of offline desensitization method and device of power load data |
CN109714160A (en) * | 2018-12-25 | 2019-05-03 | 孝感天创信息科技有限公司 | High flexibility ciphertext encryption method |
CN111680307A (en) * | 2020-04-23 | 2020-09-18 | 平安科技(深圳)有限公司 | Distributed data encryption method and device, cloud storage server and storage medium |
CN111935486A (en) * | 2020-07-29 | 2020-11-13 | Oppo广东移动通信有限公司 | Image processing method and device, computer readable storage medium and electronic device |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9331852B2 (en) * | 2011-04-07 | 2016-05-03 | Infosys Technologies, Ltd. | System and method for securing data transaction |
-
2021
- 2021-01-25 CN CN202110097383.9A patent/CN113055159B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015104629A1 (en) * | 2014-01-10 | 2015-07-16 | パナソニックIpマネジメント株式会社 | Key information control device, key information updating device, program and recording medium, key information updating method, and key information updating system |
CN106203139A (en) * | 2016-07-13 | 2016-12-07 | 成都知道创宇信息技术有限公司 | A kind of data local desensitization method |
CN108470127A (en) * | 2017-02-23 | 2018-08-31 | 全球能源互联网研究院 | A kind of offline desensitization method and device of power load data |
CN109714160A (en) * | 2018-12-25 | 2019-05-03 | 孝感天创信息科技有限公司 | High flexibility ciphertext encryption method |
CN111680307A (en) * | 2020-04-23 | 2020-09-18 | 平安科技(深圳)有限公司 | Distributed data encryption method and device, cloud storage server and storage medium |
CN111935486A (en) * | 2020-07-29 | 2020-11-13 | Oppo广东移动通信有限公司 | Image processing method and device, computer readable storage medium and electronic device |
Also Published As
Publication number | Publication date |
---|---|
CN113055159A (en) | 2021-06-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Volety et al. | Cracking Bitcoin wallets: I want what you have in the wallets | |
CN111324911B (en) | Privacy data protection method, system and device | |
CN110457912B (en) | Data processing method and device and electronic equipment | |
CN111079174A (en) | Power consumption data desensitization method and system based on anonymization and differential privacy technology | |
CN109740363B (en) | Document grading desensitization encryption method | |
Mandal et al. | Symmetric key image encryption using chaotic Rossler system | |
CN110688662A (en) | Sensitive data desensitization and inverse desensitization method and electronic equipment | |
CN113689213A (en) | Block chain data processing method, device and system | |
CN108881230B (en) | Secure transmission method and device for government affair big data | |
CN108075888A (en) | Dynamic URL generation methods and device | |
Verma et al. | A survey on data leakage detection and prevention | |
CN113836578A (en) | Method and system for maintaining security of sensitive data of big data | |
CN113055159B (en) | Data desensitization method and device | |
CN116070267A (en) | Data security protection method, device, equipment and machine-readable storage medium | |
Narayanan et al. | A light weight encryption over big data in information stockpiling on cloud | |
Velliangiri et al. | Unsupervised blockchain for safeguarding confidential information in vehicle assets transfer | |
Yadav et al. | Big data hadoop: Security and privacy | |
US11133926B2 (en) | Attribute-based key management system | |
CN115442164B (en) | Multi-user log encryption and decryption method, device, equipment and storage medium | |
CN111475690A (en) | Character string matching method and device, data detection method and server | |
CN115208611A (en) | Identity authentication method, identity authentication device, computer equipment, storage medium and program product | |
Yakubu et al. | A chaos based image encryption algorithm using ShimizuMorioka system | |
CN115186876A (en) | Method and device for protecting data privacy of two-party joint training service prediction model | |
Ajayi et al. | Application of data masking in achieving information privacy | |
Hsiao et al. | An implementation of efficient hierarchical access control method for VR/AR platform |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |