CN113392425A - Data desensitization processing method and device, edge computing node and server - Google Patents

Data desensitization processing method and device, edge computing node and server Download PDF

Info

Publication number
CN113392425A
CN113392425A CN202010169766.8A CN202010169766A CN113392425A CN 113392425 A CN113392425 A CN 113392425A CN 202010169766 A CN202010169766 A CN 202010169766A CN 113392425 A CN113392425 A CN 113392425A
Authority
CN
China
Prior art keywords
desensitization
data
target
access request
rule
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010169766.8A
Other languages
Chinese (zh)
Inventor
刘源
龚国成
方绍波
马力
冯诗正
孙震
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile IoT Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile IoT Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile IoT Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202010169766.8A priority Critical patent/CN113392425A/en
Publication of CN113392425A publication Critical patent/CN113392425A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The embodiment of the invention provides a data desensitization processing method and device, an edge computing node and a server. The method comprises the following steps: receiving a data access request sent by a client; obtaining target desensitization data according to the data access request; and sending the target desensitization data to a client. The scheme of the invention has the advantages of high data desensitization processing efficiency, flexibility and strong universality.

Description

Data desensitization processing method and device, edge computing node and server
Technical Field
The invention relates to the technical field of data security, in particular to a data desensitization processing method, a data desensitization processing device, an edge computing node and a server.
Background
With the advent of the 5G and big data era, more data are generated by mobile applications, and more data are used for scientific research and business purposes, but the data often include privacy information of users, and if the data are directly released without privacy protection processing, the privacy of the users is likely to be exposed.
At present, the data desensitization technology is mainly applied to dynamic desensitization of data in a way of middleware agent, plug-in and the like when a user accesses a database, and then the desensitized data is fed back to the user, but the method is not completely applicable to a 5G cache service scene.
And (3) data desensitization, namely desensitization algorithms such as deformation, shielding, replacement, randomization, encryption and the like are mainly adopted for sensitive data, the sensitive data are converted into fictional data, and real privacy information is hidden. Data desensitization is divided into static desensitization and dynamic desensitization. And static desensitization, namely extracting data out of a generating environment for desensitization treatment, and storing a result set after desensitization to a target environment for testing and analysis. Accessing the static desensitized target source has no effect on the production environment.
Dynamic desensitization is realized, the generation environment is not separated, desensitization is carried out on the query and playback results of sensitive data in real time, and the queried data is based on the generation environment in real time.
In the prior art, a desensitization method for data is low in efficiency and low in universality.
Disclosure of Invention
The invention aims to provide a data desensitization processing method, a device, an edge computing node and a server, and solve the problems of low efficiency, flexibility and low universality of a dynamic data desensitization processing method in the prior art.
In order to solve the technical problems, the technical scheme of the invention is as follows:
in one aspect of the present invention, a data desensitization processing method is provided, including:
a data desensitization processing method is applied to an edge computing node, and comprises the following steps:
receiving a data access request sent by a client;
obtaining target desensitization data according to the data access request;
and sending the target desensitization data to a client.
Optionally, obtaining target desensitization data according to the data access request includes:
if the data access request is a Structured Query Language (SQL) statement and the requested edge computing node caches target data, obtaining the target desensitization data through a preset desensitization rule and a desensitization algorithm, wherein the desensitization rule and the desensitization algorithm are issued by a server; alternatively, the first and second electrodes may be,
if the data access request is an SQL statement and the requested edge computing node does not cache the target data, obtaining target desensitization data through a server; alternatively, the first and second electrodes may be,
and if the data access request is not an SQL statement, obtaining the target desensitization data through the server.
Optionally, the obtaining of the target desensitization data through a preset desensitization rule and a desensitization algorithm includes:
determining a target desensitization rule matched with the data access request and a target desensitization algorithm corresponding to the target desensitization rule in preset desensitization rules and desensitization algorithms;
according to the target desensitization rule, converting the data access request into an SQL statement carrying the desensitization rule;
desensitizing the SQL statement carrying the desensitization rule according to the target desensitization algorithm to obtain a target SQL statement;
and executing the target SQL statement to obtain target desensitization data.
Optionally, according to the target desensitization algorithm, desensitizing the SQL statement carrying the desensitization rule to obtain a target SQL statement, including:
and according to the fields related to the SQL statements and the desensitization rules corresponding to the fields, converting the fields into the desensitization rules to obtain converted SQL statements, and executing the target desensitization algorithm according to the pre-loaded desensitization function to obtain the target SQL statements.
Optionally, the obtaining, by the server, target desensitization data includes:
sending the data access request to a server;
receiving target desensitization data returned by the server;
the target desensitization data is: the server carries out desensitization processing on the query result set according to the configured desensitization rule and desensitization algorithm to obtain a new query result set or the new query result set is the query result set; and the result set is data obtained by the server according to the data access request.
Optionally, the desensitization processing is performed on the query result set by the server according to the configured desensitization rule and desensitization algorithm, and the desensitization processing includes:
obtaining a query result set, the query result set comprising: querying returned metadata and query records;
matching the metadata with the configured desensitization rule, if the metadata is matched with the configured desensitization rule, sequentially processing desensitization functions according to the desensitization rule on the returned query records, and repackaging the desensitized records into a new query result set; and if the matching does not exist, directly sending the query result set to the edge computing node.
The embodiment of the invention also provides a data desensitization processing device, which is applied to the edge computing node and comprises:
the receiving module is used for receiving a data access request sent by a client;
the processing module is used for obtaining target desensitization data according to the data access request;
and the sending module is used for sending the target desensitization data to the client.
Optionally, the processing module is specifically configured to:
if the data access request is a Structured Query Language (SQL) statement and the requested edge computing node caches target data, obtaining the target desensitization data through a preset desensitization rule and a desensitization algorithm, wherein the desensitization rule and the desensitization algorithm are issued by a server; alternatively, the first and second electrodes may be,
if the data access request is an SQL statement and the requested edge computing node does not cache the target data, obtaining target desensitization data through a server; alternatively, the first and second electrodes may be,
and if the data access request is not an SQL statement, obtaining the target desensitization data through the server.
Optionally, the obtaining of the target desensitization data through a preset desensitization rule and a preset desensitization algorithm includes:
determining a target desensitization rule matched with the data access request and a target desensitization algorithm corresponding to the target desensitization rule in preset desensitization rules and desensitization algorithms;
according to the target desensitization rule, converting the data access request into an SQL statement carrying the desensitization rule;
desensitizing the SQL statement carrying the desensitization rule according to the target desensitization algorithm to obtain a target SQL statement;
and executing the target SQL statement to obtain target desensitization data.
Optionally, according to the target desensitization algorithm, desensitizing the SQL statement carrying the desensitization rule to obtain a target SQL statement, including:
and according to the fields related to the SQL statements and the desensitization rules corresponding to the fields, converting the fields into the desensitization rules to obtain converted SQL statements, and executing the target desensitization algorithm according to the pre-loaded desensitization function to obtain the target SQL statements.
Optionally, obtaining, by the server, target desensitization data includes:
sending the data access request to a server;
receiving target desensitization data returned by the server;
the target desensitization data is: the server carries out desensitization processing on the query result set according to the configured desensitization rule and desensitization algorithm to obtain a new query result set or the new query result set is the query result set; and the result set is data obtained by the server according to the data access request.
An embodiment of the invention provides an edge computing node comprising a data desensitization processing apparatus as described above.
The embodiment of the invention provides a data desensitization processing method, which is applied to a server and comprises the following steps: receiving a data access request sent by an edge computing node;
obtaining target desensitization data according to the data access request;
returning the target desensitization data to the edge compute node.
Optionally, obtaining target desensitization data according to the data access request includes:
if the data access request is an SQL statement and the edge computing node does not cache target data, obtaining target desensitization data according to a query result set; alternatively, the first and second electrodes may be,
and if the data access request is not an SQL statement, taking the obtained query result set as target desensitization data.
Optionally, obtaining target desensitization data according to the query result set includes:
obtaining a query result set, the query result set comprising: querying returned metadata and query records;
matching the metadata with the configured desensitization rule, if the metadata is matched with the configured desensitization rule, sequentially processing desensitization functions according to the desensitization rule on the returned query records, and repackaging the desensitized records into a new query result set; and if no match exists, directly taking the query result set as the target desensitization data.
The embodiment of the invention provides a data desensitization processing device, which is applied to a server and comprises: the receiving module is used for receiving a data access request sent by an edge computing node;
the processing module is used for obtaining target desensitization data according to the data access request;
and the sending module is used for returning the target desensitization data to the edge computing node.
An embodiment of the present invention provides a server including the data desensitization processing apparatus as described above.
The scheme of the invention at least comprises the following beneficial effects:
according to the scheme of the invention, when the data access request is an SQL statement and the requested edge computing node caches the target data, desensitization processing on the target data can be realized nearby through a preset desensitization rule and a desensitization algorithm issued by a server, so that the method has the advantages of high data desensitization processing efficiency, flexibility and strong universality, and the problems of low processing efficiency, flexibility and low universality of the dynamic data desensitization processing method in the prior art can be solved.
Drawings
FIG. 1 is a schematic flow diagram of a data desensitization processing method according to an embodiment of the invention;
FIG. 2 is an architectural diagram of a data desensitization processing system according to an embodiment of the invention;
fig. 3 is a schematic structural diagram of a data desensitization processing apparatus according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As shown in fig. 1, an embodiment of the present invention provides a data desensitization processing method, which is applicable to an edge computing node, and includes:
and step 11, receiving a data access request sent by the client. For example, an edge compute node in a 5G network receives a data access request sent by a client. The data access request is often largely related to accessing 5G network user data such as edge computing nodes and server side.
Step 12, obtaining target desensitization data according to the data access request;
in a specific implementation manner of this step 12, if the data access request is an SQL statement and the requested edge computing node caches target data, target desensitization data is obtained through a preset desensitization rule and a desensitization algorithm; and the desensitization rule and the desensitization algorithm are issued by the server. For example, when the requested edge computing node determines that the data access request is an SQL (structured query language) statement and the cache data of the requested edge computing node contains target data, the target desensitization data is obtained after being queried according to a preset desensitization rule and a desensitization algorithm. Here, the target data may be a database, a field, table data, or the like, which the data access request accesses. The step can realize that the client side obtains the query result nearby, thereby improving the task request processing efficiency. Moreover, because the desensitization rule and the desensitization algorithm are issued by the server side, a large number of complex desensitization functions for realizing the desensitization algorithm do not need to be written or rewritten, and the data desensitization service is more flexible and universal.
In another specific implementation manner of this step 12, "if the data access request is an SQL statement and the requested edge computing node does not cache the target data", or "if the data access request is not an SQL statement", the target desensitization data is obtained through a server (e.g., a service provider or a cloud node). Namely, the complex data access request can be sent to the server side for processing, so that the data processing amount is reduced, the data desensitization processing efficiency is improved, and the requirement of protecting the user privacy data in the big data era can be met.
The data desensitization processing method according to this embodiment can implement a function of performing desensitization processing on target data and sending the target data to a client when the data access request is an SQL statement and the requested edge computing node caches the target data, and can also implement a function of performing desensitization processing on the target data and sending the target data to the client through a server when the data access request is an SQL statement and the requested edge computing node caches the target data, so that the method has the advantages of higher efficiency, flexibility, and higher versatility of dynamic data desensitization processing.
And step 13, sending the target desensitization data to a client. For example, the requested edge compute node returns the target desensitization data obtained to the client. Because the data received by the client is desensitized data, it can be ensured that the privacy information in the user data is not revealed.
The data desensitization processing method in this embodiment may implement desensitization processing on target data nearby through a preset desensitization rule and desensitization algorithm issued by a server when the data access request is an SQL statement and the requested edge computing node caches the target data, so that the method has the advantages of high data desensitization processing efficiency, flexibility and strong generality, and can solve the problems of low processing efficiency, flexibility and low generality of the dynamic data desensitization processing method in the prior art.
In another embodiment of the present invention, in the step 12, obtaining corresponding desensitization data through a preset desensitization rule algorithm may specifically include the following steps:
step 1201, in the preset desensitization rules and desensitization algorithms, determining the target desensitization rules matched with the data access request and the target desensitization algorithms corresponding to the target desensitization rules. That is, for the data access request, the desensitization rule algorithm corresponding to the data access request is matched first. Here, the desensitization rule algorithm may be configured and issued by the server side. Here, the data access request is the SQL statement that does not contain desensitization rules.
Step 1202, according to the target desensitization rule, the data access request is converted into an SQL statement carrying the desensitization rule.
And 1203, performing desensitization processing on the SQL statement carrying the desensitization rule according to the target desensitization algorithm to obtain a target SQL statement.
Specifically, according to the field related to the SQL statement and the desensitization rule corresponding to the configured field, conversion from the field to the desensitization rule is performed to obtain a converted SQL statement, and the target desensitization algorithm is executed according to the pre-loaded desensitization function to obtain the target SQL statement
And step 1204, executing the target SQL statement to obtain target desensitization data. For example, the computing module of the requested edge computing node executes the target SQL statement, and queries the cache data of the requested edge computing node to obtain target desensitization data, i.e., a desensitized query result.
After the requested edge computing node obtains the corresponding desensitization data, the desensitization data can be sent to the client, so that the purpose of protecting the privacy information in the user data is achieved.
In another embodiment of the present invention, in the step 12, obtaining the target desensitization data through the server side may include the following steps:
step 1211, sending the data access request to a server. For example, the requested edge compute node sends the access request to the server side.
And step 1212, receiving the target desensitization data returned by the server. For example, the requested edge compute node receives the target desensitization data returned by the server side. The target desensitization data is: the server carries out desensitization processing on the query result set according to the configured desensitization rule and desensitization algorithm to obtain a new query result set or the new query result set is the query result set; the result set is data obtained by the server according to the data access request
Here, the desensitization processing is performed on the query result set by the server according to the configured desensitization rule and desensitization algorithm, and the desensitization processing includes:
obtaining a query result set, the query result set comprising: querying returned metadata and query records;
matching the metadata with the configured desensitization rule, if the metadata is matched with the configured desensitization rule, sequentially processing desensitization functions according to the desensitization rule on the returned query records, and repackaging the desensitized records into a new query result set; and if the matching does not exist, directly sending the query result set to the edge computing node.
Step 1211 and step 1212 in this embodiment are explained below by way of an example:
1) and the cloud end node receives a data access request sent by the edge computing node. This step corresponds to step 1211.
2) And the cloud node queries through a query module to obtain a result set. Here, the result set includes metadata and query records returned by the query, among other things.
3) The cloud end node matches the returned metadata with a preset desensitization rule, and if the returned metadata is matched with the preset desensitization rule, an execution module of the cloud end node performs desensitization processing on the metadata according to the matched desensitization rule and a preset corresponding desensitization algorithm to obtain target desensitization data; and if no match exists, determining the inquired result set as the target desensitization data.
4) And the cloud end node returns the target desensitization data to the edge computing node. This step corresponds to step 1212.
Here, the edge calculation node in this example refers to the requested edge calculation node in the above-described embodiment.
As shown in fig. 2, taking the server as a cloud node as an example, the following describes in detail an implementation manner of the data desensitization processing method in a specific application in the foregoing embodiment:
1) and the edge computing node receives a data access request sent by a client.
In a 5G network, mobile caching enables clients, such as users, to obtain requested content from a base station, edge computing node, or other device, enabling local availability of content without having to obtain the content from a cloud node over a mobile or wired network. Data access requests of clients can be pre-processed by the edge compute nodes.
2) And a receiving module of the edge computing node receives the data access request, judges the type of the data access request and executes different data desensitization strategies.
The data of the access request required by the client is likely to relate to user privacy information, such as account information, position information, track data, telephone numbers, credit card consumption information and the like, and therefore the data of the access request needs to be desensitized and then transmitted. Because the storage resources and the computing resources of the edge computing nodes are limited, and the data storage type is single, desensitization processing can be carried out on the data by adopting a plug-in based SQL statement rewriting mode.
The specific process comprises the following steps:
and judging whether the data access request is an SQL statement or not and whether target data needing to be accessed is cached in the edge computing node or not by a computing module of the edge computing node.
If the target data is not cached by the edge computing node in the SQL statement, the edge computing node sends the data access request to the cloud end node for processing.
And if the data access request is not the SQL statement, the edge computing node directly sends the data access request to the cloud end node for processing.
If the data access request is the SQL statement and the target data is cached in the edge computing node, firstly, the data access request is rewritten into the SQL statement carrying the desensitization rule by matching the desensitization rule and the desensitization algorithm, the SQL statement carrying the desensitization rule is executed by a computing module of the edge computing node to obtain a desensitized query result, and the desensitized query result is sent to the client by the edge computing node.
For example, the following steps are carried out: first, determine if the current statement is a select query statement (a type of SQL statement), if yes, trigger dynamic desensitization conversion. When dynamic desensitization conversion is triggered, the calculation module of the edge calculation node can realize conversion from the field to the desensitization rule according to the field related to the select statement and the configured corresponding desensitization rule, form a converted select statement, execute a desensitization algorithm on the converted select statement according to a pre-loaded desensitization function to obtain a target select statement, and then execute the target select statement to obtain a desensitization query result (namely target desensitization data).
In addition, because the storage content of the storage module of the edge computing node is light, the desensitization rule configuration management is relatively simple, and the specific steps of configuring the module comprise:
desensitization algorithm and desensitization rule configuration.
The edge computing node is internally provided with desensitization algorithms such as replacement, masking, obfuscation, encryption and the like. The algorithm can be configured and issued to the edge computing nodes by the cloud end nodes so as to realize algorithm updating.
Desensitization rule configuration, according to the service scene, configuring sensitive rules (which can be configured and issued by cloud nodes) such as identity cards, bank card numbers, address information, mailboxes, names, telephone numbers and the like.
And configuring a data source, wherein the data source is a storage module of the edge computing node.
The edge computing node sends the data access request to the cloud end node for processing, and the specific process is as follows:
firstly, a cloud node receives a data access request sent by an edge computing node;
obtaining a query result set (including metadata and query records returned by query) through a query module of the cloud node;
and thirdly, matching the returned metadata with the configured desensitization rule. For example, matching is performed according to the database name and the column name and the database name and the column name in the desensitization rule.
If the data is matched with the data, the execution module of the cloud node completes data desensitization processing according to desensitization rules, namely, sequentially processes desensitization functions on each record of returned query results according to the column sequence number, repackages the desensitized records into a desensitized result set, returns the desensitized result set, namely, the target desensitization data, and sends the desensitized result set to the edge computing node.
And if no match exists, directly sending the result set, namely the target desensitization data, to the edge computing node.
The cloud node processes the data access request in a result set desensitization mode, so that the data processing amount is reduced, and the data desensitization processing efficiency is improved. And moreover, the computing resources of the cloud node can meet the requirement of data desensitization.
3) And the sending module of the edge computing node returns the desensitized query result, namely the target desensitized data, to the client.
The edge computing node sends a desensitized query result formed by self processing to the client;
or the desensitized query result formed by the cloud node processing is forwarded to the client through the edge computing node.
The implementation mode adopts different dynamic data desensitization modes in combination with the characteristics of the edge computing node and the cloud node, so that the problems of the application of a traditional middleware agent mode and a plug-in mode oriented to various database types are solved, the task processing efficiency is improved, and the method is suitable for the user privacy data protection requirement in the big data era.
As shown in fig. 3, another embodiment of the present invention provides a data desensitization processing apparatus. Applied to an edge computing node, the apparatus comprising:
a receiving module 31, configured to receive a data access request sent by a client;
the processing module 32 is used for obtaining target desensitization data according to the data access request;
a sending module 33, configured to send the target desensitization data to the client.
Optionally, the processing module 32 is specifically configured to: if the data access request is a Structured Query Language (SQL) statement and the requested edge computing node caches target data, obtaining the target desensitization data through a preset desensitization rule and a desensitization algorithm, wherein the desensitization rule and the desensitization algorithm are issued by a server; alternatively, the first and second electrodes may be,
if the data access request is an SQL statement and the requested edge computing node does not cache the target data, obtaining target desensitization data through a server; alternatively, the first and second electrodes may be,
and if the data access request is not an SQL statement, obtaining the target desensitization data through the server.
Optionally, the obtaining of the target desensitization data through a preset desensitization rule and a preset desensitization algorithm includes:
determining a target desensitization rule matched with the data access request and a target desensitization algorithm corresponding to the target desensitization rule in preset desensitization rules and desensitization algorithms;
according to the target desensitization rule, converting the data access request into an SQL statement carrying the desensitization rule;
desensitizing the SQL statement carrying the desensitization rule according to the target desensitization algorithm to obtain a target SQL statement;
and executing the target SQL statement to obtain target desensitization data.
Optionally, according to the target desensitization algorithm, desensitizing the SQL statement carrying the desensitization rule to obtain a target SQL statement, including:
and according to the fields related to the SQL statements and the desensitization rules corresponding to the fields, converting the fields into the desensitization rules to obtain converted SQL statements, and executing the target desensitization algorithm according to the pre-loaded desensitization function to obtain the target SQL statements.
Optionally, obtaining, by the server, target desensitization data includes:
sending the data access request to a server;
receiving target desensitization data returned by the server;
the target desensitization data is: the server carries out desensitization processing on the query result set according to the configured desensitization rule and desensitization algorithm to obtain a new query result set or the new query result set is the query result set; and the result set is data obtained by the server according to the data access request.
Optionally, the desensitization processing is performed on the query result set by the server according to the configured desensitization rule and desensitization algorithm, and the desensitization processing includes:
obtaining a query result set, the query result set comprising: querying returned metadata and query records;
matching the metadata with the configured desensitization rule, if the metadata is matched with the configured desensitization rule, sequentially processing desensitization functions according to the desensitization rule on the returned query records, and repackaging the desensitized records into a new query result set; and if the matching does not exist, directly sending the query result set to the edge computing node.
Since the data desensitization processing apparatus described in the above embodiment is an apparatus corresponding to the above data desensitization processing method, it has the same functions and advantages as the above data desensitization processing method, and details are not described here.
Another embodiment of the present invention provides an edge computing node. The edge compute node includes the data desensitization processing apparatus described above. In a specific application, the edge computing node may further include:
the storage module is used for caching data;
and the configuration module is used for receiving the desensitization rule and the desensitization algorithm issued by the server side, and correlating and configuring the received desensitization rule and the desensitization algorithm.
Since the edge calculation node in this embodiment is a node corresponding to the data desensitization processing apparatus, the edge calculation node has the same functions and advantages as those of the data desensitization processing apparatus, and details are not described here.
Another embodiment of the present invention provides a client, which may include: an access request sending module and a desensitization data receiving module.
The access request sending module is used for sending a data access request to the edge computing node;
and the desensitization data receiving module is used for receiving desensitization data which is returned by the edge computing node and corresponds to the data access request.
Another embodiment of the present invention provides a data desensitization processing method, which is applied to a server, and the method includes:
step 41, receiving a data access request sent by an edge computing node;
step 42, obtaining target desensitization data according to the data access request;
step 43, returning the target desensitization data to the edge compute node.
Optionally, step 42 may include:
step 421, if the data access request is an SQL statement and the edge computing node does not cache the target data, obtaining target desensitization data according to the query result set; alternatively, the first and second electrodes may be,
step 422, if the data access request is not an SQL statement, the obtained query result set is used as the target desensitization data.
Optionally, in step 421, obtaining target desensitization data according to the query result set includes:
step 4211, obtaining a query result set, wherein the query result set comprises: querying returned metadata and query records;
step 4212, matching the metadata with the configured desensitization rule, if matching exists, sequentially processing desensitization functions on returned query records according to the desensitization rule, and repackaging the desensitized records into a new query result set; and if no match exists, directly taking the query result set as the target desensitization data.
It should be noted that all the implementation manners of the method on the edge computing node side are applicable to this embodiment, and the same technical effect can be achieved.
The embodiment of the invention also provides a data desensitization processing device, which is applied to a server and comprises:
the receiving module is used for receiving a data access request sent by an edge computing node;
the processing module is used for obtaining target desensitization data according to the data access request;
and the sending module is used for returning the target desensitization data to the edge computing node.
Optionally, the processing module is specifically configured to: if the data access request is an SQL statement and the edge computing node does not cache target data, obtaining target desensitization data according to a query result set; or, if the data access request is not an SQL statement, the obtained query result set is used as the target desensitization data.
Optionally, obtaining target desensitization data according to the query result set includes:
obtaining a query result set, the query result set comprising: querying returned metadata and query records;
matching the metadata with the configured desensitization rule, if the metadata is matched with the configured desensitization rule, sequentially processing desensitization functions according to the desensitization rule on the returned query records, and repackaging the desensitized records into a new query result set; and if no match exists, directly taking the query result set as the target desensitization data.
It should be noted that the apparatus is an apparatus corresponding to the data desensitization method on the server side, and all the implementations in the above method embodiment are applicable to the embodiment of the apparatus, and the same technical effect can be achieved.
An embodiment of the present invention further provides a server, including the data desensitization processing apparatus described above.
Further, the server may further include: the configuration module is used for configuring desensitization rules and desensitization algorithms;
the sending module is further configured to send the desensitization rule and the desensitization algorithm to the edge computing node.
It should be noted that all the implementations in fig. 2 are applicable to this embodiment, and the same technical effects can be achieved.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (17)

1. A data desensitization processing method, applied to an edge compute node, the method comprising:
receiving a data access request sent by a client;
obtaining target desensitization data according to the data access request;
and sending the target desensitization data to a client.
2. The data desensitization processing method according to claim 1, wherein obtaining target desensitization data according to said data access requests comprises:
if the data access request is a Structured Query Language (SQL) statement and the requested edge computing node caches target data, obtaining the target desensitization data through a preset desensitization rule and a desensitization algorithm, wherein the desensitization rule and the desensitization algorithm are issued by a server; alternatively, the first and second electrodes may be,
if the data access request is an SQL statement and the requested edge computing node does not cache the target data, obtaining target desensitization data through a server; alternatively, the first and second electrodes may be,
and if the data access request is not an SQL statement, obtaining the target desensitization data through the server.
3. The data desensitization processing method according to claim 2, wherein said obtaining target desensitization data by a preset desensitization rule and desensitization algorithm comprises:
determining a target desensitization rule matched with the data access request and a target desensitization algorithm corresponding to the target desensitization rule in preset desensitization rules and desensitization algorithms;
according to the target desensitization rule, converting the data access request into an SQL statement carrying the desensitization rule;
desensitizing the SQL statement carrying the desensitization rule according to the target desensitization algorithm to obtain a target SQL statement;
and executing the target SQL statement to obtain target desensitization data.
4. The data desensitization processing method according to claim 3, wherein according to the target desensitization algorithm, desensitization processing is performed on the SQL statement carrying the desensitization rule to obtain a target SQL statement, and the method comprises:
and according to the fields related to the SQL statements and the desensitization rules corresponding to the fields, converting the fields into the desensitization rules to obtain converted SQL statements, and executing the target desensitization algorithm according to the pre-loaded desensitization function to obtain the target SQL statements.
5. The data desensitization processing method according to claim 2, wherein said obtaining target desensitization data by a server comprises:
sending the data access request to a server;
receiving target desensitization data returned by the server;
the target desensitization data is: the server carries out desensitization processing on the query result set according to the configured desensitization rule and desensitization algorithm to obtain a new query result set or the new query result set is the query result set; and the result set is data obtained by the server according to the data access request.
6. The data desensitization processing method according to claim 5, wherein the server performs desensitization processing on the query result set according to configured desensitization rules and desensitization algorithms, comprising:
obtaining a query result set, the query result set comprising: querying returned metadata and query records;
matching the metadata with the configured desensitization rule, if the metadata is matched with the configured desensitization rule, sequentially processing desensitization functions according to the desensitization rule on the returned query records, and repackaging the desensitized records into a new query result set; and if the matching does not exist, directly sending the query result set to the edge computing node.
7. A data desensitization processing apparatus, for application to edge compute nodes, the apparatus comprising:
the receiving module is used for receiving a data access request sent by a client;
the processing module is used for obtaining target desensitization data according to the data access request;
and the sending module is used for sending the target desensitization data to the client.
8. The data desensitization processing device according to claim 7, wherein said processing module is specifically configured to:
if the data access request is a Structured Query Language (SQL) statement and the requested edge computing node caches target data, obtaining the target desensitization data through a preset desensitization rule and a desensitization algorithm, wherein the desensitization rule and the desensitization algorithm are issued by a server; alternatively, the first and second electrodes may be,
if the data access request is an SQL statement and the requested edge computing node does not cache the target data, obtaining target desensitization data through a server; alternatively, the first and second electrodes may be,
and if the data access request is not an SQL statement, obtaining the target desensitization data through the server.
9. The data desensitization processing device according to claim 8, wherein said obtaining target desensitization data by a preset desensitization rule and desensitization algorithm comprises:
determining a target desensitization rule matched with the data access request and a target desensitization algorithm corresponding to the target desensitization rule in preset desensitization rules and desensitization algorithms;
according to the target desensitization rule, converting the data access request into an SQL statement carrying the desensitization rule;
desensitizing the SQL statement carrying the desensitization rule according to the target desensitization algorithm to obtain a target SQL statement;
and executing the target SQL statement to obtain target desensitization data.
10. The data desensitization processing device according to claim 9, wherein according to the target desensitization algorithm, desensitization processing is performed on the SQL statement carrying the desensitization rule to obtain a target SQL statement, including:
and according to the fields related to the SQL statements and the desensitization rules corresponding to the fields, converting the fields into the desensitization rules to obtain converted SQL statements, and executing the target desensitization algorithm according to the pre-loaded desensitization function to obtain the target SQL statements.
11. Data desensitization processing apparatus according to claim 8, wherein obtaining target desensitization data by a server comprises:
sending the data access request to a server;
receiving target desensitization data returned by the server;
the target desensitization data is: the server carries out desensitization processing on the query result set according to the configured desensitization rule and desensitization algorithm to obtain a new query result set or the new query result set is the query result set; and the result set is data obtained by the server according to the data access request.
12. An edge compute node comprising a data desensitization processing apparatus according to any of claims 7 to 11.
13. A data desensitization processing method, applied to a server, the method comprising:
receiving a data access request sent by an edge computing node;
obtaining target desensitization data according to the data access request;
returning the target desensitization data to the edge compute node.
14. The data desensitization processing method according to claim 13, wherein obtaining target desensitization data based on said data access requests comprises:
if the data access request is an SQL statement and the edge computing node does not cache target data, obtaining target desensitization data according to a query result set; alternatively, the first and second electrodes may be,
and if the data access request is not an SQL statement, taking the obtained query result set as target desensitization data.
15. A data desensitization processing method according to claim 14, wherein obtaining target desensitization data from the query result set comprises:
obtaining a query result set, the query result set comprising: querying returned metadata and query records;
and matching the metadata with the configured desensitization rule, if the metadata is matched with the configured desensitization rule, sequentially processing the returned query records according to the desensitization rule, processing a desensitization function according to the column sequence number, and repackaging the desensitized records into a new query result set.
16. A data desensitization processing apparatus, applied to a server, the apparatus comprising:
the receiving module is used for receiving a data access request sent by an edge computing node;
the processing module is used for obtaining target desensitization data according to the data access request;
and the sending module is used for returning the target desensitization data to the edge computing node.
17. A server comprising a data desensitization processing apparatus according to claim 16.
CN202010169766.8A 2020-03-12 2020-03-12 Data desensitization processing method and device, edge computing node and server Pending CN113392425A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010169766.8A CN113392425A (en) 2020-03-12 2020-03-12 Data desensitization processing method and device, edge computing node and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010169766.8A CN113392425A (en) 2020-03-12 2020-03-12 Data desensitization processing method and device, edge computing node and server

Publications (1)

Publication Number Publication Date
CN113392425A true CN113392425A (en) 2021-09-14

Family

ID=77615710

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010169766.8A Pending CN113392425A (en) 2020-03-12 2020-03-12 Data desensitization processing method and device, edge computing node and server

Country Status (1)

Country Link
CN (1) CN113392425A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106407843A (en) * 2016-10-17 2017-02-15 深圳中兴网信科技有限公司 Data desensitization method and data desensitization device
CN106778288A (en) * 2015-11-24 2017-05-31 阿里巴巴集团控股有限公司 A kind of method and system of data desensitization
CN107392051A (en) * 2017-07-28 2017-11-24 北京明朝万达科技股份有限公司 A kind of big data processing method and system
CN107885876A (en) * 2017-11-29 2018-04-06 北京安华金和科技有限公司 A kind of dynamic desensitization method rewritten based on SQL statement
CN109858277A (en) * 2019-01-11 2019-06-07 广州大学 A kind of big data construction storage method and system based on data desensitization
CN110532797A (en) * 2019-07-24 2019-12-03 方盈金泰科技(北京)有限公司 The desensitization method and system of big data
CN110781515A (en) * 2019-10-25 2020-02-11 上海凯馨信息科技有限公司 Static data desensitization method and desensitization device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106778288A (en) * 2015-11-24 2017-05-31 阿里巴巴集团控股有限公司 A kind of method and system of data desensitization
CN106407843A (en) * 2016-10-17 2017-02-15 深圳中兴网信科技有限公司 Data desensitization method and data desensitization device
CN107392051A (en) * 2017-07-28 2017-11-24 北京明朝万达科技股份有限公司 A kind of big data processing method and system
CN107885876A (en) * 2017-11-29 2018-04-06 北京安华金和科技有限公司 A kind of dynamic desensitization method rewritten based on SQL statement
CN109858277A (en) * 2019-01-11 2019-06-07 广州大学 A kind of big data construction storage method and system based on data desensitization
CN110532797A (en) * 2019-07-24 2019-12-03 方盈金泰科技(北京)有限公司 The desensitization method and system of big data
CN110781515A (en) * 2019-10-25 2020-02-11 上海凯馨信息科技有限公司 Static data desensitization method and desensitization device

Similar Documents

Publication Publication Date Title
JP5419886B2 (en) Information processing apparatus, document search system, document search method, and program
US8484480B2 (en) Transmitting information using virtual input layout
CN107948203A (en) A kind of container login method, application server, system and storage medium
US20190042786A1 (en) Query Processing with Adaptive Risk Decisioning
CN112989412A (en) Data desensitization method and device based on SQL statement analysis
CN108449187B (en) Token refreshing method and device
CN109067936B (en) Domain name resolution method and device
US9928178B1 (en) Memory-efficient management of computer network resources
CN112818325A (en) Method for realizing API gateway independent authentication based on application
CN105915621A (en) Data access method and pretreatment server
CN112818371A (en) Resource access control method, system, device, equipment and medium
CN108734023B (en) System and method for accessing and integrating ciphertext database system
CN113900907B (en) Mapping construction method and system
US10326833B1 (en) Systems and method for processing request for network resources
CN112818038A (en) Data management method based on combination of block chain and IPFS (Internet protocol file system) and related equipment
JP6585192B2 (en) Retrieval and retrieval of keyed data maintained using a keyed database
CN116821461A (en) Resource query method and device
CN113392425A (en) Data desensitization processing method and device, edge computing node and server
Prasadreddy et al. A threat free architecture for privacy assurance in cloud computing
CN111245944A (en) Domain name resolution method and device, electronic equipment and storage medium
CN115270180A (en) Log storage and packaging method and device
CN108804502A (en) Big data inquiry system, method, computer equipment and storage medium
CN111090675B (en) Multi-entry data caching method and storage medium
US20210173729A1 (en) Systems and methods of application program interface (api) parameter monitoring
JP2014524210A (en) Generate variable length nonce

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210914