CN113761565A - Data desensitization method and apparatus - Google Patents
Data desensitization method and apparatus Download PDFInfo
- Publication number
- CN113761565A CN113761565A CN202010778832.1A CN202010778832A CN113761565A CN 113761565 A CN113761565 A CN 113761565A CN 202010778832 A CN202010778832 A CN 202010778832A CN 113761565 A CN113761565 A CN 113761565A
- Authority
- CN
- China
- Prior art keywords
- data
- character
- desensitization
- desensitized
- characters
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000586 desensitisation Methods 0.000 title claims abstract description 206
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000013507 mapping Methods 0.000 claims abstract description 110
- 230000004044 response Effects 0.000 claims description 16
- 238000003860 storage Methods 0.000 claims description 12
- 230000001174 ascending effect Effects 0.000 claims description 11
- 238000012163 sequencing technique Methods 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 9
- 230000001186 cumulative effect Effects 0.000 claims description 7
- 238000012545 processing Methods 0.000 abstract description 20
- 238000004364 calculation method Methods 0.000 abstract description 6
- 238000010586 diagram Methods 0.000 description 14
- 230000008569 process Effects 0.000 description 9
- 238000004422 calculation algorithm Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000009826 distribution Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 4
- 239000000470 constituent Substances 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- PCTMTFRHKVHKIS-BMFZQQSSSA-N (1s,3r,4e,6e,8e,10e,12e,14e,16e,18s,19r,20r,21s,25r,27r,30r,31r,33s,35r,37s,38r)-3-[(2r,3s,4s,5s,6r)-4-amino-3,5-dihydroxy-6-methyloxan-2-yl]oxy-19,25,27,30,31,33,35,37-octahydroxy-18,20,21-trimethyl-23-oxo-22,39-dioxabicyclo[33.3.1]nonatriaconta-4,6,8,10 Chemical compound C1C=C2C[C@@H](OS(O)(=O)=O)CC[C@]2(C)[C@@H]2[C@@H]1[C@@H]1CC[C@H]([C@H](C)CCCC(C)C)[C@@]1(C)CC2.O[C@H]1[C@@H](N)[C@H](O)[C@@H](C)O[C@H]1O[C@H]1/C=C/C=C/C=C/C=C/C=C/C=C/C=C/[C@H](C)[C@@H](O)[C@@H](C)[C@H](C)OC(=O)C[C@H](O)C[C@H](O)CC[C@@H](O)[C@H](O)C[C@H](O)C[C@](O)(C[C@H](O)[C@H]2C(O)=O)O[C@H]2C1 PCTMTFRHKVHKIS-BMFZQQSSSA-N 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000012946 outsourcing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
- G06F16/9566—URL specific, e.g. using aliases, detecting broken or misspelled links
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/10—Text processing
- G06F40/12—Use of codes for handling textual entities
- G06F40/151—Transformation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/20—Natural language analysis
- G06F40/205—Parsing
- G06F40/216—Parsing using statistical methods
Abstract
The invention discloses a data desensitization method and device, and relates to the technical field of computers. The method comprises the following steps: acquiring data to be processed, and judging whether a data item needing desensitization exists in the data to be processed; under the condition that a data item needing desensitization exists in the data to be processed, inquiring a mapping table according to an original assignment character of the data item needing desensitization to obtain a desensitized character corresponding to the desensitized character; wherein the mapping table comprises a mapping relation between an original assignment character and a desensitized character; and replacing the original assigned characters of the data items needing desensitization in the data to be processed with desensitized characters to obtain desensitized data. Through the steps, data desensitization does not need to depend on a secret key, the safety of desensitization processing is improved, in addition, the calculation amount of desensitization processing can be reduced, the system performance is improved, and local desensitization is supported.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a data desensitization method and device.
Background
Data desensitization refers to the deformation of data of some sensitive information through desensitization rules, so that the reliable protection of sensitive private data is realized. This allows for safe use of the desensitized real data set in development, testing and other non-production environments as well as outsourcing environments.
In the prior art, there are mainly two data desensitization methods: firstly, desensitizing data of an encryption algorithm based on Chinese character internal codes and a digital adding transformation mapping encryption algorithm; and secondly, a data desensitization method based on a DES/RC2 encryption algorithm or a one-way hash value encryption algorithm.
In the process of implementing the invention, the inventor of the invention finds that the existing data desensitization method has at least the following defects: first, two existing data desensitization methods both rely on a key, and once the key leaks, desensitization data is restored; secondly, the two existing data desensitization methods have large calculated amount and poor performance; third, two existing data desensitization methods encrypt the whole returned data, and cannot implement local desensitization, and for some returned data that are unstructured, if full-area data desensitization is performed, the data structure is inevitably destroyed, so that the desensitized data cannot be used.
Disclosure of Invention
In view of this, the present invention provides a data desensitization method and apparatus, which do not depend on a secret key, improve the security of desensitization processing, reduce the calculation amount of desensitization processing, improve the system performance, and support local desensitization.
To achieve the above object, according to one aspect of the present invention, a data desensitization method is provided.
The data desensitization method of the present invention comprises: acquiring data to be processed, and judging whether a data item needing desensitization exists in the data to be processed; under the condition that a data item needing desensitization exists in the data to be processed, inquiring a mapping table according to an original assignment character of the data item needing desensitization to obtain a desensitized character corresponding to the desensitized character; wherein the mapping table comprises a mapping relation between an original assignment character and a desensitized character; and replacing the original assigned characters of the data items needing desensitization in the data to be processed with desensitized characters to obtain desensitized data.
Optionally, the acquiring the data to be processed and determining whether a data item requiring desensitization exists in the data to be processed includes: after receiving a data acquisition request, sending the data acquisition request to a target server to acquire corresponding response data from the target server, and taking the response data as data to be processed; inquiring desensitized metadata configuration information according to the identification of the data acquisition request; if the data item description information which corresponds to the identifier of the access request and needs desensitization is obtained, confirming that the data item which needs desensitization exists in the data to be processed; and if the data item description information which needs desensitization and corresponds to the identification of the access request is not obtained, confirming that the data item which needs desensitization does not exist in the data to be processed.
Optionally, the method further comprises: and before querying a mapping table according to the original assignment characters of the data items needing desensitization, acquiring the original assignment characters of the data items needing desensitization from the data to be processed according to the description information of the data items needing desensitization.
Optionally, the mapping table is generated or updated according to the following manner: extracting original assignment characters of data items needing desensitization from sample data; respectively performing ascending sorting and descending sorting on the original assignment characters according to a preset sorting index to obtain a first character sequence and a second character sequence; mapping the characters in the first character sequence and the characters in the second character sequence at the same sequencing position one by one, and using the obtained mapping relation as the mapping relation between the original assignment characters and the desensitized characters; and generating or updating the mapping table according to the mapping relation between the original assignment character and the desensitized character.
Optionally, the preset ranking index includes: the number of occurrences of the original assigned character; the step of respectively performing ascending sorting and descending sorting on the original assigned characters according to a preset sorting index to obtain a first character sequence and a second character sequence comprises the following steps: counting the occurrence times of the extracted original assignment characters; storing original assignment characters into a data container, and sequencing the original assignment characters in an ascending order according to the occurrence times through the data container; the data container comprises a key value pair which takes the occurrence times as a key and takes the original assigned character as a value; forward outputting the values of the key value pairs in the data container to obtain a first character sequence; and reversely outputting the values of the key value pairs in the data container to obtain a second character sequence.
Optionally, the counting the occurrence times of the extracted original assigned characters includes: dividing the extracted original assignment characters into a plurality of categories according to character types; for each original assignment character in the same category, calculating the occurrence times of the original assignment character in sample data, and acquiring the historical accumulated occurrence times of the original assignment character; if the historical cumulative occurrence number of the original assignment character is obtained, taking the sum of the occurrence number of the original assignment character in sample data and the historical cumulative occurrence number as the occurrence number of the original assignment character; and if the historical accumulated occurrence times of the original assignment character cannot be obtained, taking the occurrence times of the original assignment character in sample data as the occurrence times of the original assignment character.
Optionally, the method further comprises: after a mapping table is generated according to the mapping relation between the original assignment character and the desensitized character, the mapping table is stored in a memory database; and loading the mapping table in the memory database into a memory before querying the mapping table according to the original assigned characters of the data items to be desensitized.
To achieve the above object, according to another aspect of the present invention, there is provided a data desensitizing apparatus.
The data desensitization apparatus of the present invention comprises: the acquisition and judgment module is used for acquiring data to be processed and judging whether a data item needing desensitization exists in the data to be processed; the query module is used for querying a mapping table according to the original assigned characters of the data items to be desensitized to obtain desensitized characters corresponding to the desensitized characters under the condition that the data items to be desensitized exist in the data to be processed; wherein the mapping table comprises a mapping relation between an original assignment character and a desensitized character; and the desensitization module is used for replacing the original assigned characters of the data items needing desensitization in the data to be processed with desensitized characters to obtain desensitized data.
To achieve the above object, according to still another aspect of the present invention, there is provided an electronic apparatus.
The electronic device of the present invention includes: one or more processors; and storage means for storing one or more programs; when executed by the one or more processors, cause the one or more processors to implement the data desensitization methods of the invention.
To achieve the above object, according to still another aspect of the present invention, there is provided a computer-readable medium.
The computer-readable medium of the invention has stored thereon a computer program which, when executed by a processor, implements the data desensitization method of the invention.
One embodiment of the above invention has the following advantages or benefits: the processing steps of constructing a mapping table comprising a mapping relation between original assignment characters and desensitized characters in advance, acquiring data to be processed, judging whether data items needing desensitization exist in the data to be processed, inquiring the mapping table according to the original assignment characters of the data items needing desensitization to obtain desensitized characters corresponding to the desensitized characters under the condition that the data items needing desensitization exist in the data to be processed, and replacing the original assignment characters of the data items needing desensitization in the data to be processed with the desensitized characters to obtain the desensitized data are adopted, so that data desensitization does not need to depend on a secret key, the safety of desensitization is improved, in addition, the calculated amount of desensitization can be reduced, the system performance is improved, and local desensitization is supported.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
FIG. 1 is a schematic main flow diagram of a data desensitization method according to a first embodiment of the present invention;
FIG. 2 is a schematic main flow diagram of a data desensitization method according to a second embodiment of the present invention;
FIG. 3 is a schematic diagram of a main flow of generating or updating a mapping table according to a third embodiment of the present invention;
FIG. 4 is a schematic diagram of the main blocks of a data desensitization apparatus according to a fourth embodiment of the present invention;
FIG. 5 is an exemplary system architecture diagram in which embodiments of the present invention may be employed;
FIG. 6 is a schematic block diagram of a computer system suitable for use with the electronic device to implement an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
It should be noted that the embodiments and technical features of the embodiments of the present invention may be combined with each other without affecting the implementation of the present invention.
Fig. 1 is a main flow diagram of a data desensitization method according to a first embodiment of the present invention. As shown in fig. 1, the data desensitization method of the embodiment of the present invention includes:
step S101: acquiring data to be processed, and judging whether a data item needing desensitization exists in the data to be processed.
In an alternative embodiment, step S101 comprises: after receiving a data acquisition request, sending the data acquisition request to a target server to acquire corresponding response data from the target server, taking the response data as data to be processed, and then judging whether data items needing desensitization exist in the data to be processed. For example, in an application scenario involving a user terminal, a reverse proxy server, and a target server, after receiving a data acquisition request of the user terminal, the reverse proxy server may send the data acquisition request to the target server and receive response data returned by the target server.
Further, in the above-mentioned alternative embodiment, whether the data item requiring desensitization exists in the data to be processed may be determined according to the following manner: inquiring desensitized metadata configuration information according to the identification of the data acquisition request; if the data item description information needing desensitization corresponding to the identification of the access request is acquired from the desensitization metadata configuration information, confirming that the data item needing desensitization exists in the data to be processed; and if the data item description information which needs desensitization and corresponds to the identification of the access request is not obtained, confirming that the data item which needs desensitization does not exist in the data to be processed.
Wherein the desensitization metadata configuration information comprises: the method comprises the steps of presetting data acquisition request identification and presetting data item description information needing desensitization. Further, the identifier of the preconfigured data obtaining request may be a URL (uniform resource locator, also called network address) of the request, a path identifier in the URL, or other identifiers of the request, and the preconfigured data item description information that needs to be desensitized may be path information of the data item that needs to be desensitized, or other identifiers of the data item that needs to be desensitized. In specific implementation, the path information of the data item to be desensitized may have different forms according to different application scenarios. For example, when desensitizing JSON (JSON, which is a lightweight data exchange format) format data, the path information of the data item to be desensitized may adopt a jsonnpath expression (jsonnpath expression, which is an expression for describing a path where JSON format data is located); when desensitizing data in an XML (XML, the name of chinese is extensible markup language, which is a common data exchange format) format or data in an HTML (HTML, the name of chinese is hypertext markup language), path information of the data items to be desensitized may use an Xpath expression (Xpath expression, which is an expression for describing a path where data in an XML or HTML format is located).
In another alternative embodiment, step S101 includes: and acquiring data to be processed according to a preset data acquisition task, and judging whether a data item needing desensitization exists in the data to be processed. Further, in the above-mentioned alternative embodiment, whether the data item requiring desensitization exists in the data to be processed may be determined according to the following manner: comparing the data items in the data to be processed with the data items needing desensitization configured in the desensitization metadata configuration information; if at least one data item in the data to be processed exists in the desensitization metadata configuration information, confirming that a data item needing desensitization exists in the data to be processed; otherwise, confirming that no data item needing desensitization exists in the data to be processed. For example, suppose there are four data items of "order number", "contact phone" and "detailed address" in the data to be processed, three data items of "contact", "contact phone" and "detailed address" to be desensitized are configured in the desensitization metadata configuration information, and it can be confirmed through comparison that there is a data item to be desensitized in the data to be processed.
Step S102: and under the condition that the data items needing desensitization exist in the data to be processed, inquiring a mapping table according to the original assigned characters of the data items needing desensitization to obtain desensitized characters corresponding to the desensitized characters.
The original assigned characters of the data items can be understood as the constituent elements of the values of the data items. For example, if the data to be processed includes a data item "contact" and its value is "three", the original assigned characters of the data item are "three", "three"; assuming that the data item "contact phone" is included in the pending process and its value is "130 XXXX 0000", the original assigned characters of the data item are "1", "3", "0", "X", "0".
Wherein the mapping table includes: the mapping between the original assigned character (i.e., the character before desensitization) and the character after desensitization. In this step, the mapping relation in the mapping table can be queried according to the original assigned character of the data item to be desensitized, so as to obtain the desensitized character corresponding to the mapping relation. For example, assume that the following mapping relationships exist in the mapping table: the original assignment characters of 'open' and 'three' in the values of 'open-standby' and 'three-high' of the data item 'contact' needing desensitization are inquired to form a mapping table, and the desensitized characters corresponding to the mapping table are 'standby' and 'high'.
Step S103: and replacing the original assigned characters of the data items needing desensitization in the data to be processed with desensitized characters to obtain desensitized data.
Exemplarily, assuming that the value of the data item "contact" to be desensitized in the data to be processed is "zhang san", determining that the desensitized characters corresponding to "zhang san" and "san" are "standby" and "high" by querying the mapping table, and replacing "zhang san" with "standby high". And performing desensitization treatment on other data items needing desensitization in the data to be processed according to the mode, and not performing desensitization treatment on data items not needing desensitization, so that desensitized data can be obtained.
In the embodiment of the invention, the processing steps of constructing a mapping table comprising the mapping relation between original assignment characters and desensitized characters in advance, acquiring data to be processed, judging whether data items to be desensitized exist in the data to be processed, inquiring the mapping table according to the original assignment characters of the data items to be desensitized to obtain desensitized characters corresponding to the mapping table under the condition that the data items to be desensitized exist in the data to be processed, and replacing the original assignment characters of the data items to be desensitized in the data to be processed with the desensitized characters to obtain the desensitized data are adopted, so that the data desensitization does not need to depend on a key, the desensitization safety is improved, in addition, the calculation amount of the desensitization process can be reduced, and the system performance is improved; in addition, local desensitization can be realized through the steps, the problem of disordered formats caused by desensitization of all data is avoided, the execution efficiency of data desensitization is improved, and the applicable scene of data desensitization is expanded.
Fig. 2 is a schematic main flow diagram of a data desensitization method according to a second embodiment of the present invention. As shown in fig. 2, the data desensitization method of the embodiment of the present invention includes:
step S201: after receiving a data acquisition request, sending the data acquisition request to a target server to acquire corresponding response data from the target server, and taking the response data as data to be processed.
For example, in an application scenario involving a user terminal, a reverse proxy server, and a target server, after receiving a data acquisition request of the user terminal, the reverse proxy server may send the data acquisition request to the target server, and receive response data returned by the target server. Further, before the reverse proxy server sends the data acquisition request to the target server, domain name conversion processing can be performed on the data acquisition request. For example, assuming that the data acquisition request sent by the user terminal is http:// domain name 1/api/distribution/address/list, the reverse proxy server may convert the data acquisition request into http:// domain name 2/api/distribution/address/list according to a preset domain name mapping relationship.
It should be noted that, in addition to the above application scenarios involving the user terminal, the reverse proxy server, and the target server, the method of the embodiment of the present invention may also be applied to other application scenarios, such as an application scenario composed of multiple servers.
Step S202: and inquiring desensitized metadata configuration information according to the identification of the data acquisition request.
Wherein the desensitization metadata configuration information comprises: the method comprises the steps of presetting data acquisition request identification and presetting data item description information needing desensitization. Further, the identifier of the preconfigured data obtaining request may be a URL (uniform resource locator, also called network address) of the request, a path identifier in the URL, or other identifiers of the request, and the preconfigured data item description information that needs to be desensitized may be path information of the data item that needs to be desensitized, or other identifiers of the data item that needs to be desensitized. In specific implementation, the path information of the data item to be desensitized may have different forms according to different application scenarios. For example, when the JSON format data is desensitized, the path information of the data item to be desensitized may adopt a jsonnpath expression; when desensitizing the data in the XML format or the data in the HTML format, the path information of the data items needing desensitizing can adopt an Xpath expression.
In one optional example, the desensitization metadata configuration information includes: path identifier in URL, path information of the corresponding data item to be desensitized. In this optional example, desensitization metadata configuration information may be queried according to a path identifier in a URL of a currently received data acquisition request, and if the path information of a data item to be desensitized corresponding to the path identifier in the URL is acquired, it is determined that the data item to be desensitized exists in the to-be-processed data, and then step S203 is performed; if the path information of the data item to be desensitized corresponding to the path identifier in the URL is not acquired, it is determined that the data item to be desensitized does not exist in the data to be processed, and step S206 is performed.
Step S203: and acquiring the original assigned characters of the data items to be desensitized from the data to be processed according to the description information of the data items to be desensitized.
In an alternative example, the data item description information required to be desensitized is path information of the data item required to be desensitized. In this alternative example, the original assigned characters of the data items to be desensitized can be extracted from the data to be processed according to the path information of the data items. For example, assuming that the URL path identifier of the currently received data obtaining request is "http:// online domain name/api/distribution/address/list", if the path information of the data item to be desensitized, which is obtained according to the URL path identifier query desensitization metadata configuration information, corresponding to the URL path identifier, is specifically the path information of the data item 1, the path information of the data item 2, and the path information of the data item 3, the original assignment character of the data item 1, the original assignment character of the data item 2, and the original assignment character of the data item 3 may be obtained from the data to be processed according to this.
The original assigned characters of the data items can be understood as the constituent elements of the values of the data items. For example, if the data to be processed includes a data item "contact" and its value is "three", the original assigned characters of the data item are "three", "three"; assuming that the data item "contact phone" is included in the pending process and its value is "130 XXXX 0000", the original assigned characters of the data item are "1", "3", "0", "X", "0".
Step S204: and inquiring a mapping table according to the original assigned characters of the data items to be desensitized to obtain desensitized characters corresponding to the desensitized characters.
Wherein the mapping table includes: the mapping between the original assigned character (i.e., the character before desensitization) and the character after desensitization. In this step, the mapping relation in the mapping table can be queried according to the original assigned character of the data item to be desensitized, so as to obtain the desensitized character corresponding to the mapping relation. For example, assume that the following mapping relationships exist in the mapping table: the original assignment characters of 'open' and 'three' in the values of 'open-standby' and 'three-high' of the data item 'contact' needing desensitization are inquired to form a mapping table, and the desensitized characters corresponding to the mapping table are 'standby' and 'high'.
In specific implementation, a mapping table including a mapping relationship between the original assigned character and the desensitized character can be pre-constructed and stored in a memory database. The memory database may be a Redis or other memory database. Therefore, when the method of the embodiment of the invention is executed, the mapping table can be quickly loaded into the memory, so that the execution efficiency of data desensitization is improved. In addition, in order to improve the safety of data desensitization, the mapping table can be updated regularly.
Step S205: and replacing the original assigned characters of the data items needing desensitization in the data to be processed with desensitized characters to obtain desensitized data.
Exemplarily, assuming that the value of the data item "contact" to be desensitized in the data to be processed is "zhang san", determining that the desensitized characters corresponding to "zhang san" and "san" are "standby" and "high" by querying the mapping table, and replacing "zhang san" with "standby high". And performing desensitization treatment on other data items needing desensitization in the data to be processed according to the mode, and not performing desensitization treatment on data items not needing desensitization, so that desensitized data can be obtained.
Step S206: and performing desensitization treatment on the data to be processed.
In the embodiment of the invention, data desensitization does not need to depend on a secret key through the processing steps, so that the safety of desensitization processing is improved, in addition, the calculation amount of desensitization processing can be reduced, and the system performance is improved; in addition, local desensitization can be realized through the steps, the problem of disordered formats caused by desensitization of all data is avoided, the execution efficiency of data desensitization is improved, and the applicable scene of data desensitization is expanded.
Fig. 3 is a schematic main flow chart of generating or updating a mapping table according to a third embodiment of the present invention. As shown in fig. 3, the process of generating or updating the mapping table according to the embodiment of the present invention includes:
step S301: original assigned characters of the data item to be desensitized are extracted from the sample data.
The sample data may be data acquired by a user in a past period of time. For example, in a situation of desensitizing processing on logistics data, logistics data queried by a user in the last month can be used as sample data.
In step S301, the original assignment of the data item to be desensitized may be extracted from the sample data according to the pre-configured desensitization metadata configuration information. The desensitization metadata configuration information comprises pre-configured description information of each data item to be desensitized. Illustratively, the description information of the data item to be desensitized may be path information of the data item to be desensitized. The path information of the data item to be desensitized is used for describing the position of the data item. In specific implementation, the path information of the data item to be desensitized may have different forms according to different application scenarios. For example, when the JSON format data is desensitized, the path information of the data item to be desensitized may adopt a jsonnpath expression; when desensitizing the data in the XML format or the data in the HTML format, the path information of the data items needing desensitizing can adopt an Xpath expression.
Step S302: and respectively carrying out ascending sorting and descending sorting on the original assignment characters according to a preset sorting index so as to obtain a first character sequence and a second character sequence.
In an alternative example, the ranking indicator includes the number of occurrences of the original assigned character. In this alternative example, the number of occurrences of each original assigned character may be counted; then, sequencing original assignment characters extracted from sample data in an ascending order according to the sequence of the occurrence times from small to large to obtain a first character sequence; and sequencing the original assignment characters extracted from the sample data in a descending order according to the sequence of the occurrence times from more to less so as to obtain a second character sequence.
In the above optional example, the counting the occurrence times of the extracted original assigned characters may specifically include: dividing the extracted original assignment characters into a plurality of categories according to character types; for each original assignment character in the same category, calculating the occurrence times of the original assignment character in sample data, and acquiring the historical accumulated occurrence times of the original assignment character; if the historical cumulative occurrence number of the original assignment character is obtained, taking the sum of the occurrence number of the original assignment character in sample data and the historical cumulative occurrence number as the occurrence number of the original assignment character; and if the historical accumulated occurrence times of the original assignment character cannot be obtained, taking the occurrence times of the original assignment character in sample data as the occurrence times of the original assignment character.
For example, three character types of english digits, english alphabets and chinese characters may be set, and a data container for storing a key-value pair having the number of occurrences as a key and the original assigned character as a value is set for each character type; for each original assignment character extracted from sample data, judging character types one by one, and putting the character types into corresponding data containersIn the device. For example, when the data container adopts a map container, if the original assigned character is an English number, the assigned character is put into the map container of the English number, and the number of occurrences of the character is increased by 1; if the original assigned character is an English letter, putting the assigned character into a map container of the English letter, and adding 1 to the occurrence frequency of the character; and if the original assignment character is a Chinese character, putting the original assignment character into a map container of the Chinese character, and adding 1 to the occurrence frequency of the character until the classification summarization of each original assignment character extracted from the sample data is completed. Next, acquiring historical accumulated occurrence times of each original assignment character; if the historical cumulative occurrence number N of the original assignment character is obtained0Then add N to the number of occurrences of the character in the map container0And using the value as the occurrence frequency of the original assigned character; and if the historical accumulated occurrence times of the original assignment character cannot be obtained, directly taking the occurrence times of the original assignment character in sample data as the occurrence times of the original assignment character.
In the embodiment of the invention, when the occurrence frequency of the original character is counted, not only the classification and summarization result based on the currently adopted sample data is considered, but also the classification and summarization result in the history period is considered, for example, the summarization result of the previous month is considered in the current month, so that the total occurrence frequency of the original character is changed, and the mapping table constructed according to the change is continuously updated, thereby being beneficial to improving the safety of subsequent data desensitization.
Further, in the above alternative example, in order to improve the efficiency of the sorting process, the sorting may be performed using a data container, for example, a multimap container may be used for the sorting. multimap is a special map, a map data structure that allows key duplication. Specifically, after counting the occurrence times of the extracted original assignment characters, the original assignment characters can be stored in a multimap container, and the original assignment characters are sorted in ascending order according to the occurrence times through the multimap container; wherein the multimap container comprises key-value pairs with the number of occurrences as keys and the original assigned characters as values; forward outputting values of key-value pairs in the multimap container to obtain a first character sequence; and reversely outputting the values of the key value pairs in the multimap container to obtain a second character sequence. In addition, in specific implementation, in addition to the multimap container, other data structures can be used to store the original assignment characters, and the original assignment characters are sorted in an ascending order and in a descending order by combining a custom sorting algorithm or a third-party sorting algorithm.
In another alternative example, the ranking indicator includes a frequency of occurrence of the original assigned characters. In this alternative example, statistics may be made on the frequency of occurrence of each of the original assigned characters; then, sequencing original assignment characters extracted from sample data in an ascending order according to the sequence of the occurrence frequency from low to high to obtain a first character sequence; and sequencing the original assignment characters extracted from the sample data in a descending order according to the sequence of the occurrence frequency from high to low to obtain a second character sequence. In addition, in the implementation, in addition to the number of occurrences or the frequency of occurrences as the ranking index, other indexes may be considered as the ranking index. For example, the sum of the occurrence frequency of the original assigned character and the distance from the character to the head and tail characters of the value of the data item to be desensitized is used as the sequencing index. For example, assuming that the data item to be desensitized takes on the value "ABCD", the original assigned character C is at a distance D1 from the first character a and at a distance D2 from the last character D, the sum of the number of occurrences of the original assigned character and D1 and D2 is used as the ranking index value.
Step S303: and mapping the characters in the first character sequence and the characters in the second character sequence at the same sequencing position one by one, and using the obtained mapping relation as the mapping relation between the original assignment characters and the desensitized characters.
For example, the ith (i ═ 1,2, …, N is the total number of characters in the first character sequence) character in the first character sequence may be used as a key, and the ith character in the second character sequence may be used as a value, so that N key value pairs may be obtained. For example, when i is 1, a first character in the first character sequence is used as a key, and a first character in the second character sequence is used as a value to form a first key-value pair; and when i is 2, forming a second key value pair by taking the second character in the second character sequence as a key and the second character in the second character sequence as a value. The N key value pairs obtained through the processing are concrete representations of the mapping relation between the original assigned characters and the desensitized characters.
Step S304: and generating or updating a mapping table according to the mapping relation between the original assignment character and the desensitized character.
When the mapping table is generated for the first time, the mapping relationship between the original assigned character and the desensitized character obtained in step S304 may be used as the specific content of the mapping table, and stored in the memory database. When the mapping table is updated, the existing mapping table in the memory database may be updated according to the mapping relationship between the original assigned character and the desensitized character obtained in step S304.
In the embodiment of the invention, the data item description information needing desensitization is configured in advance, so that local desensitization is supported subsequently when data desensitization is carried out, the problem of format disorder caused by desensitization of all data is avoided, the execution efficiency of data desensitization is improved, and the applicable scene of data desensitization is expanded; the original assignment characters are sequenced by using multimap, so that the efficiency of character mapping conversion in generating or updating a mapping table is improved, and the implementation difficulty is reduced; when the mapping table is generated or updated, the occurrence frequency or the occurrence frequency of the original assignment characters is counted by using global historical data, the occurrence frequency or the occurrence frequency of the original assignment characters can be changed due to the fact that a sample space can be periodically changed, and data to be desensitized are usually a small part of a total sample space each time, so that the outside cannot reversely obtain global frequency distribution through local frequency distribution data, the purpose of reverse data restoration is achieved, and the safety of data desensitization is improved.
Fig. 4 is a schematic diagram of the main blocks of a data desensitization apparatus according to a fourth embodiment of the present invention. As shown in fig. 4, a data desensitization apparatus 400 of an embodiment of the present invention includes: an acquisition and judgment module 401, an inquiry module 402 and a desensitization module 403.
The acquiring and determining module 401 is configured to acquire data to be processed and determine whether a data item requiring desensitization exists in the data to be processed.
In an optional embodiment, the acquiring and determining module 401 acquires data to be processed, and determining whether a data item requiring desensitization exists in the data to be processed includes: after receiving a data acquisition request, sending the data acquisition request to a target server to acquire corresponding response data from the target server, taking the response data as data to be processed, and then judging whether data items needing desensitization exist in the data to be processed. For example, in an application scenario involving a user terminal, a reverse proxy server, and a target server, after receiving a data acquisition request of the user terminal, the reverse proxy server may send the data acquisition request to the target server and receive response data returned by the target server.
Further, in the above optional embodiment, the obtaining and determining module 401 may determine whether there is a data item requiring desensitization in the data to be processed according to the following manner: inquiring desensitized metadata configuration information according to the identification of the data acquisition request; if the data item description information needing desensitization corresponding to the identification of the access request is acquired from the desensitization metadata configuration information, confirming that the data item needing desensitization exists in the data to be processed; and if the data item description information which needs desensitization and corresponds to the identification of the access request is not obtained, confirming that the data item which needs desensitization does not exist in the data to be processed.
Wherein the desensitization metadata configuration information comprises: the method comprises the steps of presetting data acquisition request identification and presetting data item description information needing desensitization. Further, the identifier of the preconfigured data obtaining request may be a URL (uniform resource locator, also called network address) of the request, a path identifier in the URL, or other identifiers of the request, and the preconfigured data item description information that needs to be desensitized may be path information of the data item that needs to be desensitized, or other identifiers of the data item that needs to be desensitized. In specific implementation, the path information of the data item to be desensitized may have different forms according to different application scenarios. For example, when the JSON format data is desensitized, the path information of the data item to be desensitized may adopt a jsonnpath expression; when desensitizing the data in the XML format or the data in the HTML format, the path information of the data items needing desensitizing can adopt an Xpath expression.
In another optional implementation, the obtaining and determining module 401 obtains data to be processed, and determining whether there is a data item requiring desensitization in the data to be processed includes: and acquiring data to be processed according to a preset data acquisition task, and judging whether a data item needing desensitization exists in the data to be processed. Further, in the above optional embodiment, the obtaining and determining module 401 may determine whether there is a data item requiring desensitization in the data to be processed according to the following manner: comparing the data items in the data to be processed with the data items needing desensitization configured in the desensitization metadata configuration information; if at least one data item in the data to be processed exists in the desensitization metadata configuration information, confirming that a data item needing desensitization exists in the data to be processed; otherwise, confirming that no data item needing desensitization exists in the data to be processed. For example, suppose there are four data items of "order number", "contact phone" and "detailed address" in the data to be processed, three data items of "contact", "contact phone" and "detailed address" to be desensitized are configured in the desensitization metadata configuration information, and it can be confirmed through comparison that there is a data item to be desensitized in the data to be processed.
A query module 402, configured to query a mapping table according to an original assigned character of a data item to be desensitized when the data item to be processed exists, so as to obtain a desensitized character corresponding to the desensitized character.
The original assigned characters of the data items can be understood as the constituent elements of the values of the data items. For example, if the data to be processed includes a data item "contact" and its value is "three", the original assigned characters of the data item are "three", "three"; assuming that the data item "contact phone" is included in the pending process and its value is "130 XXXX 0000", the original assigned characters of the data item are "1", "3", "0", "X", "0".
Wherein the mapping table includes: the mapping between the original assigned character (i.e., the character before desensitization) and the character after desensitization. The query module 402 may query the mapping relationship in the mapping table according to the original assigned character of the data item to be desensitized, so as to obtain the desensitized character corresponding thereto. For example, assume that the following mapping relationships exist in the mapping table: the original assignment characters of 'open' and 'three' in the values of 'open-standby' and 'three-high' of the data item 'contact' needing desensitization are inquired to form a mapping table, and the desensitized characters corresponding to the mapping table are 'standby' and 'high'.
A desensitization module 403, configured to replace an original assigned character of a data item to be desensitized in the to-be-processed data with a desensitized character, so as to obtain desensitized data.
Exemplarily, assuming that the value of the data item "contact" to be desensitized in the data to be processed is "open three", and determining that the desensitized characters corresponding to "open" and "three" are "standby" and "high" by querying the mapping table, the desensitization module 403 replaces "open three" with "standby high". The desensitization module 403 performs desensitization processing on other data items to be desensitized in the to-be-processed data according to the above-mentioned manner, and does not perform desensitization processing on data items not to be desensitized, so as to obtain desensitized data.
In the device of the embodiment of the invention, a mapping table comprising a mapping relation between original assignment characters and desensitized characters is constructed in advance, data to be processed is obtained through an obtaining and judging module, whether data items needing desensitization exist in the data to be processed is judged, under the condition that the data items needing desensitization exist in the data to be processed, the mapping table is inquired through an inquiring module according to the original assignment characters of the data items needing desensitization to obtain desensitized characters corresponding to the mapping table, and the original assignment characters of the data items needing desensitization in the data to be processed are replaced by the desensitized characters through the desensitizing module to obtain desensitized data, so that the data desensitization does not need to depend on a key, the safety of desensitization is improved, the calculation amount of desensitization can be reduced, and the system performance is improved; in addition, local desensitization can be realized through the device, the problem of disordered format caused by desensitization of all data is avoided, the execution efficiency of data desensitization is improved, and the applicable scene of data desensitization is expanded.
Fig. 5 illustrates an exemplary system architecture 500 to which the data desensitization method or data desensitization apparatus of embodiments of the present invention may be applied.
As shown in fig. 5, the system architecture 500 may include terminal devices 501, 502, a reverse proxy server 503, and target servers 504, 505.
The user may use the terminal device 501, 502 to interact with the target server 504, 505 through the reverse proxy server 503 to receive or send messages, etc. The terminal devices 501 and 502 may have various communication client applications installed thereon, such as a shopping application, a web browser application, a search application, an instant messaging tool, a mailbox client, social platform software, and the like.
The terminal devices 501, 502 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The reverse proxy server 503 is configured to receive data acquisition requests sent by the terminal devices 501 and 502, forward the data acquisition requests to the target servers 504 and 505, acquire response data from the target servers, perform desensitization processing on the response data, and return the desensitized response data to the terminal devices.
The target servers 504, 505 may be servers that provide various services, such as a back-office management server that supports shopping-like websites browsed by users using the terminal devices 501, 502.
It should be noted that the data desensitization method provided by the embodiment of the present invention is executed by the reverse proxy server 503, and accordingly, the data desensitization apparatus is generally disposed in the reverse proxy server 503.
It should be understood that the number of terminal devices, reverse proxy servers, and target servers in fig. 5 are merely illustrative. There may be any number of terminal devices, reverse proxy servers, and target servers, as desired for implementation.
Referring now to FIG. 6, shown is a block diagram of a computer system 600 suitable for use with the electronic device implementing an embodiment of the present invention. The computer system illustrated in FIG. 6 is only one example and should not impose any limitations on the scope of use or functionality of embodiments of the invention.
As shown in fig. 6, the computer system 600 includes a Central Processing Unit (CPU)601 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data necessary for the operation of the system 600 are also stored. The CPU 601, ROM 602, and RAM 603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
The following components are connected to the I/O interface 605: an input portion 606 including a keyboard, a mouse, and the like; an output portion 607 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The driver 610 is also connected to the I/O interface 605 as needed. A removable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 610 as necessary, so that a computer program read out therefrom is mounted in the storage section 608 as necessary.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 609, and/or installed from the removable medium 611. The computer program performs the above-described functions defined in the system of the present invention when executed by the Central Processing Unit (CPU) 601.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules described in the embodiments of the present invention may be implemented by software or hardware. The described modules may also be provided in a processor, which may be described as: a processor comprises an acquisition and judgment module, an inquiry module and a desensitization module. The names of the modules do not limit the module itself in some cases, for example, the acquiring and determining module may also be described as a module for acquiring data to be processed and determining whether a data item requiring desensitization exists in the data to be processed.
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to perform the following: acquiring data to be processed, and judging whether a data item needing desensitization exists in the data to be processed; under the condition that a data item needing desensitization exists in the data to be processed, inquiring a mapping table according to an original assignment character of the data item needing desensitization to obtain a desensitized character corresponding to the desensitized character; wherein the mapping table comprises a mapping relation between an original assignment character and a desensitized character; and replacing the original assigned characters of the data items needing desensitization in the data to be processed with desensitized characters to obtain desensitized data.
According to the technical scheme of the embodiment of the invention, data desensitization does not need to depend on a secret key, so that the safety of desensitization processing is improved, the calculation amount of desensitization processing can be reduced, the system performance is improved, and local desensitization is supported.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A method of data desensitization, the method comprising:
acquiring data to be processed, and judging whether a data item needing desensitization exists in the data to be processed;
under the condition that a data item needing desensitization exists in the data to be processed, inquiring a mapping table according to an original assignment character of the data item needing desensitization to obtain a desensitized character corresponding to the desensitized character; wherein the mapping table comprises a mapping relation between an original assignment character and a desensitized character;
and replacing the original assigned characters of the data items needing desensitization in the data to be processed with desensitized characters to obtain desensitized data.
2. The method of claim 1, wherein the obtaining the data to be processed and determining whether the data item requiring desensitization exists in the data to be processed comprises:
after receiving a data acquisition request, sending the data acquisition request to a target server to acquire corresponding response data from the target server, and taking the response data as data to be processed; inquiring desensitized metadata configuration information according to the identification of the data acquisition request; if the data item description information which corresponds to the identifier of the access request and needs desensitization is obtained, confirming that the data item which needs desensitization exists in the data to be processed; and if the data item description information which needs desensitization and corresponds to the identification of the access request is not obtained, confirming that the data item which needs desensitization does not exist in the data to be processed.
3. The method of claim 2, further comprising:
and before querying a mapping table according to the original assignment characters of the data items needing desensitization, acquiring the original assignment characters of the data items needing desensitization from the data to be processed according to the description information of the data items needing desensitization.
4. The method of claim 1, wherein the mapping table is generated or updated according to the following:
extracting original assignment characters of data items needing desensitization from sample data; respectively performing ascending sorting and descending sorting on the original assignment characters according to a preset sorting index to obtain a first character sequence and a second character sequence; mapping the characters in the first character sequence and the characters in the second character sequence at the same sequencing position one by one, and using the obtained mapping relation as the mapping relation between the original assignment characters and the desensitized characters; and generating or updating the mapping table according to the mapping relation between the original assignment character and the desensitized character.
5. The method of claim 4, wherein the preset ranking index comprises: the number of occurrences of the original assigned character;
the step of respectively performing ascending sorting and descending sorting on the original assigned characters according to a preset sorting index to obtain a first character sequence and a second character sequence comprises the following steps:
counting the occurrence times of the extracted original assignment characters; storing original assignment characters into a data container, and sequencing the original assignment characters in an ascending order according to the occurrence times through the data container; the data container comprises a key value pair which takes the occurrence times as a key and takes the original assigned character as a value; forward outputting the values of the key value pairs in the data container to obtain a first character sequence; and reversely outputting the values of the key value pairs in the data container to obtain a second character sequence.
6. The method of claim 5, wherein counting the number of occurrences of the extracted original assigned character comprises:
dividing the extracted original assignment characters into a plurality of categories according to character types; for each original assignment character in the same category, calculating the occurrence times of the original assignment character in sample data, and acquiring the historical accumulated occurrence times of the original assignment character; if the historical cumulative occurrence number of the original assignment character is obtained, taking the sum of the occurrence number of the original assignment character in sample data and the historical cumulative occurrence number as the occurrence number of the original assignment character; and if the historical accumulated occurrence times of the original assignment character cannot be obtained, taking the occurrence times of the original assignment character in sample data as the occurrence times of the original assignment character.
7. The method of claim 4, further comprising:
after a mapping table is generated according to the mapping relation between the original assignment character and the desensitized character, the mapping table is stored in a memory database; and loading the mapping table in the memory database into a memory before querying the mapping table according to the original assigned characters of the data items to be desensitized.
8. A data desensitization apparatus, characterized in that the apparatus comprises:
the acquisition and judgment module is used for acquiring data to be processed and judging whether a data item needing desensitization exists in the data to be processed;
the query module is used for querying a mapping table according to the original assigned characters of the data items to be desensitized to obtain desensitized characters corresponding to the desensitized characters under the condition that the data items to be desensitized exist in the data to be processed; wherein the mapping table comprises a mapping relation between an original assignment character and a desensitized character;
and the desensitization module is used for replacing the original assigned characters of the data items needing desensitization in the data to be processed with desensitized characters to obtain desensitized data.
9. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-7.
10. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010778832.1A CN113761565B (en) | 2020-08-05 | 2020-08-05 | Data desensitization method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010778832.1A CN113761565B (en) | 2020-08-05 | 2020-08-05 | Data desensitization method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113761565A true CN113761565A (en) | 2021-12-07 |
| CN113761565B CN113761565B (en) | 2024-04-16 |
Family
ID=78785660
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010778832.1A Active CN113761565B (en) | 2020-08-05 | 2020-08-05 | Data desensitization method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113761565B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114666113A (en) * | 2022-03-14 | 2022-06-24 | 北京计算机技术及应用研究所 | Dynamic response data desensitization method based on API gateway |
| CN116484410A (en) * | 2023-06-16 | 2023-07-25 | 鱼快创领智能科技(南京)有限公司 | Non-invasive dynamic desensitization encryption method and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080270370A1 (en) * | 2007-04-30 | 2008-10-30 | Castellanos Maria G | Desensitizing database information |
| US20100198846A1 (en) * | 2009-01-30 | 2010-08-05 | International Business Machines Corporation | Method for order invariant correlated encrypting of data and sql queries for maintaining data privacy and securely resolving customer defects |
| CN110110543A (en) * | 2019-03-14 | 2019-08-09 | 深圳壹账通智能科技有限公司 | Data processing method, device, server and storage medium |
| CN110348239A (en) * | 2019-06-13 | 2019-10-18 | 平安普惠企业管理有限公司 | Desensitize regular configuration method and data desensitization method, system, computer equipment |
| CN111008399A (en) * | 2019-11-29 | 2020-04-14 | 卓尔智联(武汉)研究院有限公司 | Name data desensitization device, method and readable storage medium |
-
2020
- 2020-08-05 CN CN202010778832.1A patent/CN113761565B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080270370A1 (en) * | 2007-04-30 | 2008-10-30 | Castellanos Maria G | Desensitizing database information |
| US20100198846A1 (en) * | 2009-01-30 | 2010-08-05 | International Business Machines Corporation | Method for order invariant correlated encrypting of data and sql queries for maintaining data privacy and securely resolving customer defects |
| CN110110543A (en) * | 2019-03-14 | 2019-08-09 | 深圳壹账通智能科技有限公司 | Data processing method, device, server and storage medium |
| CN110348239A (en) * | 2019-06-13 | 2019-10-18 | 平安普惠企业管理有限公司 | Desensitize regular configuration method and data desensitization method, system, computer equipment |
| CN111008399A (en) * | 2019-11-29 | 2020-04-14 | 卓尔智联(武汉)研究院有限公司 | Name data desensitization device, method and readable storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114666113A (en) * | 2022-03-14 | 2022-06-24 | 北京计算机技术及应用研究所 | Dynamic response data desensitization method based on API gateway |
| CN116484410A (en) * | 2023-06-16 | 2023-07-25 | 鱼快创领智能科技(南京)有限公司 | Non-invasive dynamic desensitization encryption method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113761565B (en) | 2024-04-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20190166216A1 (en) | Information pushing method and device | |
| CN109614402B (en) | Multidimensional data query method and device | |
| CN110471848B (en) | Method and device for dynamically returning message | |
| CN110689268B (en) | Method and device for extracting indexes | |
| CN110795315A (en) | Method and device for monitoring service | |
| CN107844488B (en) | Data query method and device | |
| CN112884405A (en) | Inquiry system and scheduling method thereof | |
| CN112084179B (en) | Data processing method, device, equipment and storage medium | |
| CN113761565B (en) | Data desensitization method and device | |
| CN110909022A (en) | Data query method and device | |
| CN111368697A (en) | Information identification method and device | |
| CN111401684A (en) | Task processing method and device | |
| CN113590756A (en) | Information sequence generation method and device, terminal equipment and computer readable medium | |
| CN108985805B (en) | Method and device for selectively executing push task | |
| CN107918617B (en) | Data query method and device | |
| CN115423030A (en) | Equipment identification method and device | |
| CN112487765B (en) | Method and device for generating notification text | |
| CN111865576B (en) | Method and device for synchronizing URL classification data | |
| CN110705935B (en) | Logistics document processing method and device | |
| CN112579673A (en) | Multi-source data processing method and device | |
| CN113722193A (en) | Method and device for detecting page abnormity | |
| CN113704242A (en) | Data processing method and device | |
| CN113704222A (en) | Method and device for processing service request | |
| CN108733668B (en) | Method and device for querying data | |
| CN112988857A (en) | Service data processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |