CN113794735B - Sensitive data security protection method in SAAS system scene - Google Patents
Sensitive data security protection method in SAAS system scene Download PDFInfo
- Publication number
- CN113794735B CN113794735B CN202111149942.2A CN202111149942A CN113794735B CN 113794735 B CN113794735 B CN 113794735B CN 202111149942 A CN202111149942 A CN 202111149942A CN 113794735 B CN113794735 B CN 113794735B
- Authority
- CN
- China
- Prior art keywords
- data
- browser
- sensitive
- saas system
- saas
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1448—Management of the data involved in backup or backup restore
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Quality & Reliability (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a sensitive data security protection method under SAAS system scene, comprising the following steps: the browser receives request information input by a user, and judges whether the request information contains sensitive data or not according to preset configuration conditions; data desensitization is carried out on the request information, and then the desensitized data is sent to an SAAS system; step S3, the request data is sent to an SAAS system, the SAAS system stores the data without sensitivity, and then the step S4 is executed; and S4, the SAAS system sends the return data to the browser, the browser judges whether the return data need to be backfilled, sensitive data is backfilled into the return data if the return data need to be backfilled, then the backfilled data is displayed, and otherwise, the return data is directly displayed.
Description
Technical Field
The invention relates to the technical field of data security, in particular to a sensitive data security protection method in an SAAS system scene.
Background
Along with the higher requirements of the national level on the data security level, the legal and legal construction is more comprehensive, and the original modes of data informatization, transmission and the like in the medical industry have the security risk. By taking hospital HQMS data reporting as an example, a hospital quality monitoring system (HQMS for short) is a medical service supervision information network direct reporting work developed by medical companies in the Ministry of health, and requires a hospital to report data regularly and check the hospital according to the quality of the data, and the checked data is too complex and huge to be assisted by a third party informatization system, while part of the checked data is sensitive and cannot be leaked. It is a challenge to use a third party system while protecting data security, although similar requirements exist in other industries.
The existing information systems are mainly divided into two types according to data security and deployment modes:
local area network deployment: the data and the system are deployed in the local area network of the hospital, the system data in the mode is not revealed generally, but the updating and maintenance cost is high, and most of the systems are signed functional protocols and cannot be updated along with policy updating and cannot be used gradually. And part of service capability needs to collect a plurality of data in the industry to analyze and decide, and the simple local area network deployment cannot achieve the decision goal.
And (3) Internet deployment: the data and systems are deployed on the internet, also known as SAAS services. The system deployed in this way can be updated conveniently along with policy updating, and although the SAAS system can adopt an encrypted transmission protocol such as HTTPS, users often don't care that HTTPS is attacked, and sensitive data has a risk of leakage during transmission.
In order to prevent sensitive data leakage, normal SAAS users firstly carry out manual desensitization operation on sensitive information parts in the data, wherein common sensitive information comprises names, mobile phone numbers, detailed addresses, identity card numbers, bank card numbers and the like, if the names are randomly replaced by other words in the desensitization operation, an identity card number generator is found on the Internet to generate an identity card number to replace, and the like, and then the manually desensitized data is uploaded to an SAAS system for subsequent service functions. However, the name or the identification card number generated on the internet which is replaced randomly may be information of another real person, and even may be information of a certain high officer, which brings a series of trouble.
After the SAAS system is used to report the data to a system requiring original information, such as the HQMS system, the original data needs to be manually merged by backfilling. The manual backfilling is generally carried out in two ways, one is to inquire the original system for generating information, which is time-consuming and labor-consuming; another is to record what is replaced by what at the time of manual desensitization, which is cumbersome and error-prone, and there is a risk of leakage and loss of locally stored data.
Fig. 5 is a schematic diagram of data transmission of a conventional internet and SAAS system. As shown in fig. 5, information transmitted through the internet at (1) may be intercepted by a hacker before the present technology is not used; the SAAS service at (2) may be compromised by hackers or maliciously compromised by SAAS service providers. In both cases, there is a possibility that data may leak.
Disclosure of Invention
The object of the present invention is to solve at least one of the technical drawbacks.
Therefore, the invention aims to provide a sensitive data security protection method in SAAS system scene.
In order to achieve the above objective, an embodiment of the present invention provides a method for protecting sensitive data security in a SAAS system scenario, including the following steps:
step S1, a browser receives request information input by a user, judges whether the request information contains sensitive data according to preset configuration conditions, if so, executes step S2, and if not, executes step S3;
step S2, data desensitization is carried out on the request information, then the desensitized data is sent to the SAAS system, and step S3 is executed; wherein desensitizing the request information includes: for each sensitive data field, generating a meaningless and non-repeatable number with obvious technical characteristics as the substitute data to be replaced in the request information according to the time and the identity information of the current user as seeds, and then sending the replaced data to the SAAS system;
step S3, the request data is sent to an SAAS system, the SAAS system stores the data without sensitivity, and then step S4 is executed;
and S4, the SAAS system sends return data to the browser, the browser judges whether the return data need to be backfilled, if so, sensitive data is backfilled into the return data, then the backfilled data is displayed, and if not, the return data is directly displayed.
Further, in the step S1, determining whether the configuration condition of the sensitive data is included includes:
network request identification information;
a pre-configured sensitivity field or a sensitivity value.
Further, the network request identification information includes: in the HTTP/HTTPs protocol, a predicate Method and the URL of the request are used to uniquely identify a network request, or are directly configured as a wild card, in the format of x, that matches any network request.
Further, the preconfigured sensitive fields or sensitive values are pattern recognition based on regular expressions:
(1) For field matching, full field name matching or fuzzy matching is adopted;
(2) Value matching complements field matching.
Further, in the step S3, the substitution data and the original data are stored in the built-in database by the key encryption generated by the identity information of the current user while the data is transmitted to the SAAS system.
Further, the format of the storage in the built-in database is: substitute data, field name, version number, and original data.
Further, in the step S4, in the backhaul environment where the SAAS system sends backhaul data to the browser, the browser detects the backhaul data, and if the format of the data generated in the step S2 is met, the built-in database is queried to obtain the original data for backfilling replacement.
According to the security protection method for the sensitive data in the SAAS system scene, the user does not sense the own identity information of the user to perform data desensitization processing, the encrypted data after desensitization does not need to be transmitted to an external network of the SAAS system, and the sensitive information can not be touched in the transmission, storage and processing of the external network. The local user stores the data encryption based on the identity information, the data is not worried about leakage or loss, and the original data is completely in the management range of the user owner.
According to the invention, by modifying the browser kernel, the sensitive data is automatically stored locally and desensitized when the SAAS system is used and then sent to the SAAS system, and the original data is backfilled in a browser display page or other places needing the original data, so that the data can be ensured not to be leaked in transmission or by hacking of the SAAS system, and the risks of data loss and errors caused by manual operation of hands can be avoided. In addition, the locally stored data is encrypted by an automated key generated by using the identity information of the variable user as a seed, so that the data can be prevented from being copied away by an other person through a USB flash disk or other means. In the process of using the technology, the modification of the data can form a version record, and the data deleted or corrected by misoperation can be retrieved through a version function. The user can also carry out data backup through the USB flash disk, the FTP or other equipment with confidence, and the data security can be further protected. The present invention is non-inductive, non-invasive to SAAS systems, and does not require modification of SAAS systems. For a direct user, the data seen on the interface is complete, but the data transmitted on the network is desensitized, so that complicated and error-prone manual cutting of spliced data is avoided.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
The foregoing and/or additional aspects and advantages of the invention will become apparent and may be better understood from the following description of embodiments taken in conjunction with the accompanying drawings in which:
FIG. 1 is a flow chart of a security protection method for sensitive data in SAAS system scenario according to an embodiment of the present invention
FIG. 2 is a schematic diagram of a security protection method for sensitive data in SAAS system scenario according to an embodiment of the present invention;
FIG. 3 is a schematic diagram illustrating data interaction of a security protection method for sensitive data in SAAS system scenario according to an embodiment of the present invention;
FIG. 4 is a data flow diagram of a method for security protection of sensitive data in SAAS system scenarios according to an embodiment of the present invention;
fig. 5 is a schematic diagram of data transmission of a conventional internet and SAAS system.
Detailed Description
Embodiments of the present invention are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative and intended to explain the present invention and should not be construed as limiting the invention.
As shown in fig. 1, in the security protection method for sensitive data in the SAAS system scenario of the embodiment of the present invention, it needs to be described that the following operations are performed for each issued network request:
step S1, the browser receives request information input by a user, judges whether the request information contains sensitive data according to preset configuration conditions, if yes, executes step S2, and if no, executes step S3.
The invention supports HTTP/HTTPS request protocol and data transmission without extra encryption, and the data transmitted by HTTP/HTTPS protocol can be analyzed and modified according to the disclosed technical standard. If the file is transmitted, the file in the Excel format is supported by default and can not be encrypted, and the file in the Excel format can be read and modified in a lossless manner theoretically.
The data formats transmitted by the HTTP/HTTPs protocol are generally two, namely a Form format and a JSON format, wherein the Form may be provided with a file. The field names of the non-file fields of the JSON format and Form are available in plain text, and for an Excel file, the invention identifies the first behavior field name in the file, and basically can obtain unique identity information (such as userId) of the user due to the universality of the HTTP/HTTPs protocol.
Because the definition of the sensitive information by each user is different, the invention needs to configure the sensitive information in advance, then judge whether the field of the current request contains the sensitive information according to the previous configuration, if not, the SAAS service is directly released and ended, if yes, the step S2 is carried out.
Specifically, referring to fig. 3 and 4, determining whether the configuration condition of the sensitive data is included includes:
(1) Network request identification information
The network request identification information includes: in the HTTP/HTTPs protocol, a predicate Method and the URL of the request are used to uniquely identify a network request, or are directly configured as a wild card, in the format of x, that matches any network request.
(2) A pre-configured sensitivity field or a sensitivity value. The configuration of sensitive information for identifying sensitive fields supports configuration of fields or configuration of values, whether field names or values are based on pattern recognition of regular expressions.
a) For field matching, full field name matching or fuzzy matching is adopted
Specifically, for fields, fuzzy matching is not usually used, and full field names are needed. For example, the "SFZH" field corresponds to an identification card number field in the SAAS system, and if fuzzy matching is required, the "SFZH" field may be configured to match a field name containing 4 letters of "SFZH";
b) Value matching complements field matching
Specifically, the value matching is a complement to the field matching, so that fish missing are avoided, for example, configuration "[0-9] {17} [0-9xX ]" matches the value of X with the first 17 digits being numbers and the last digit being numbers or cases, and the field in the format is usually an identity card number.
And step S2, data desensitization is carried out on the request information, then the desensitized data is sent to the SAAS system, and step S3 is executed. Wherein desensitizing the request information includes: for each sensitive data field, generating a nonsensical and non-repeatable number with obvious technical characteristics as the substitute data to be substituted into the request information according to the time and the identity information of the current user, and then sending the substituted data to the SAAS system.
Specifically, for each sensitive data field, the technology can generate a meaningless figure which is not repeated and has obvious technical characteristics according to time and the identity information of the current user as seeds, the figure is used as the substitution data to be substituted into the request data, the substituted data is sent to SAAS service, and the functions of the 3 characteristics of the substitution items are as follows:
(1) Nonsensical: even if a hacker steals the data by attacking the SAAS service or monitoring sniffing, any point information of the original value cannot be restored or tracked;
(2) Not repeating: when the data needs to be restored, the original value can be quickly retrieved locally;
(3) The obvious characteristics are as follows: in the data reduction scene, the method can identify that the data is a desensitization field according to the characteristics, and for the field with the SAAS non-checking format, the format of the substitution value is A#8 bit characters, wherein the last 1 bit character is a check bit; a check format such as a cell phone number would result in a number that would not normally be assigned to a person by the band 110, with bit 4 being the check bit. Different check fields require different coping strategies and are not described in detail here.
It should be noted that, the algorithm for generating the non-repeated data specifically according to the identity information as the seed is selected according to the need, and will not be described here again.
And step S3, the request data is sent to the SAAS system, the SAAS system stores the insensitive data, and then the step S4 is executed.
The browser stores the substitute data and the original data in the built-in database by key encryption generated by the identity information of the current user while transmitting the data to the SAAS system, as shown with reference to FIG. 2.
In an embodiment of the present invention, the format of the storage in the built-in database is: substitute data, field name, version number, and original data.
In the embodiment of the invention, the version number adopted by the invention is a timestamp, and the version number can be used for being overturned when data is lost or deleted carelessly later. The dual key mechanism can ensure that the desensitized data can only be restored on the current machine by the current logged-in user, and the data leakage caused by unintentional leakage or malicious theft of the data file is avoided.
And S4, the SAAS system sends the return data to the browser, the browser judges whether the return data need to be backfilled, sensitive data is backfilled into the return data if the return data need to be backfilled, then the backfilled data is displayed, and otherwise, the return data is directly displayed.
And in a return environment in which the SAAS system sends return data to the browser, the browser detects the return data, and if the format of the data generated in the step S2 is met, the built-in database is queried to obtain the original data for backfilling replacement.
In the backhaul environment of the network data, the data desensitization module detects the backhaul data, and if the format of the data generated in the step S2 is met, the built-in database is queried to obtain the original data for backfilling replacement, so that the user can see the complete data. A user can check the interface of the SAAS system by using a common browser and compare the interface with the interface of the browser in the technology, so that the user can see that the data displayed by the interface of the common browser are all the data generated in the step S2, the characteristics are obvious, the data displayed by the interface of the browser in the technology are the original data, and if a computer is replaced or a user with the same SAAS is replaced, the data cannot be restored even if the browser in the technology is used, so that the sensitive data are ensured not to be transmitted outwards.
The storage of the built-in database is a single file, and if a user can conveniently upload the database file to other file storage services such as a cloud disk or an FTP, the file can be retrieved even if the hard disk is damaged and the file is lost.
By adopting the sensitive data security protection method under the SAAS system scene provided by the embodiment of the invention, no matter what browser is, the browser kernel is modified to perform network request identification and desensitization, the data desensitization processing is performed based on the user freely variable identity information, and meanwhile, the security protection with low perception and high level which is visible in the cloud security is realized. When the browser realized by the common browser and the technology accesses the same page, the data displayed on the interface is not completely the same under the condition that the non-SAAS system is deliberately rendered. It should be noted that the present invention is applicable to most SAAS systems of HTTP/HTTPS protocol.
According to the security protection method for the sensitive data in the SAAS system scene, the user does not sense the own identity information of the user to perform data desensitization processing, the encrypted data after desensitization does not need to be transmitted to an external network of the SAAS system, and the sensitive information can not be touched in the transmission, storage and processing of the external network. The local user stores the data encryption based on the identity information, the data is not worried about leakage or loss, and the original data is completely in the management range of the user owner.
According to the invention, by modifying the browser kernel, the sensitive data is automatically stored locally and desensitized when the SAAS system is used and then sent to the SAAS system, and the original data is backfilled in a browser display page or other places needing the original data, so that the data can be ensured not to be leaked in transmission or by hacking of the SAAS system, and the risks of data loss and errors caused by manual operation of hands can be avoided. In addition, the locally stored data is encrypted by an automated key generated by using the identity information of the variable user as a seed, so that the data can be prevented from being copied away by an other person through a USB flash disk or other means. In the process of using the technology, the modification of the data can form a version record, and the data deleted or corrected by misoperation can be retrieved through a version function. The user can also carry out data backup through the USB flash disk, the FTP or other equipment with confidence, and the data security can be further protected. The present invention is non-inductive, non-invasive to SAAS systems, and does not require modification of SAAS systems. For a direct user, the data seen on the interface is complete, but the data transmitted on the network is desensitized, so that complicated and error-prone manual cutting of spliced data is avoided.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present invention have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the invention, and that variations, modifications, alternatives, and variations may be made in the above embodiments by those skilled in the art without departing from the spirit and principles of the invention. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (2)
1. The sensitive data security protection method in SAAS system scene is characterized by comprising the following steps:
step S1, a browser receives request information input by a user, judges whether the request information contains sensitive data according to preset configuration conditions, if so, executes step S2, and if not, executes step S3; in the step S1, the determining whether the configuration condition of the sensitive data is included includes:
network request identification information; the network request identification information includes: in the HTTP/HTTPS protocol, a predicate Method and the URL of the request are utilized to uniquely identify a network request, or the network request is directly configured as a wild card, the wild card format is in the form of a mark, and the matching of any network request is indicated;
a pre-configured sensitive field or sensitive value;
step S2, data desensitization is carried out on the request information, then the desensitized data is sent to the SAAS system, and step S3 is executed; wherein desensitizing the request information comprises: for each sensitive data field, generating a meaningless and non-repeatable number with obvious technical characteristics as the substitute data to be replaced in the request information according to the time and the identity information of the current user as seeds, and then sending the replaced data to the SAAS system;
step S3, the request data is sent to an SAAS system, the SAAS system stores the data without sensitivity, and then step S4 is executed; in the step S3, the data is sent to the SAAS system, and the substitute data and the original data are stored in the built-in database through the encryption of the key generated by the identity information of the current user; wherein the format of the storage in the built-in database is: substitute data, field name, version number, and original data; the version number is a time stamp, and is used for returning data when the data is lost or deleted carelessly in the future; the dual key mechanism ensures that the desensitized data can only be restored on the current machine by the current logged-in user, and the data leakage caused by unintentional leakage or malicious theft of the data file is avoided;
step S4, the SAAS system sends return data to the browser, the browser judges whether the return data need to be backfilled, if so, sensitive data are backfilled into the return data, then the backfilled data are displayed, and if not, the return data are directly displayed; in the step S4, in the backhaul environment in which the SAAS system sends backhaul data to the browser, the browser detects the backhaul data, and if the format of the data generated in the step S2 is met, the built-in database is queried to obtain original data for backfilling replacement;
in the return environment of network data, the data desensitization module detects the return data, and if the format of the data generated in the step S2 is met, the built-in database is queried to obtain original data for backfill replacement, so that the user sees complete data; the user uses the common browser to check the interface of the SAAS system, and compares the interface with the interface of the browser in the method, the data displayed by the interface of the common browser is the data generated in the step S2, the characteristics are obvious, the data displayed by the interface of the browser in the method is the original data, and if a computer is replaced or a user with the same SAAS is replaced, the data cannot be restored even if the browser in the method is used, so that the sensitive data is ensured not to be transmitted outwards;
the storage of the built-in database is a single file, and if a user can conveniently upload the database file to a cloud disk or file storage service of FTP, the file can be retrieved even if the hard disk is damaged and the file is lost.
2. The method for protecting sensitive data security in a SAAS system scenario as claimed in claim 1, wherein the pre-configured sensitive fields or sensitive values are pattern recognition based on regular expressions:
(1) For field matching, full field name matching or fuzzy matching is adopted;
(2) Value matching complements field matching.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111149942.2A CN113794735B (en) | 2021-09-29 | 2021-09-29 | Sensitive data security protection method in SAAS system scene |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111149942.2A CN113794735B (en) | 2021-09-29 | 2021-09-29 | Sensitive data security protection method in SAAS system scene |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113794735A CN113794735A (en) | 2021-12-14 |
| CN113794735B true CN113794735B (en) | 2023-05-30 |
Family
ID=78877660
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111149942.2A Active CN113794735B (en) | 2021-09-29 | 2021-09-29 | Sensitive data security protection method in SAAS system scene |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113794735B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116861463B (en) * | 2023-07-25 | 2024-01-23 | 江苏中卫信软件科技有限公司 | Processing method for SaaS transformation of general information system |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103812982A (en) * | 2014-02-24 | 2014-05-21 | 中国移动(深圳)有限公司 | Method and system for monitoring and testing cell phone client side by computer through cross-operating system |
| CN106203145A (en) * | 2016-08-04 | 2016-12-07 | 北京网智天元科技股份有限公司 | Data desensitization method and relevant device |
| CN107358693A (en) * | 2017-07-04 | 2017-11-17 | 安徽工程大学 | A kind of smart lock and method for unlocking |
| CN107579954A (en) * | 2012-09-25 | 2018-01-12 | 阿里巴巴集团控股有限公司 | The generation method and system of identification information |
| CN108418676A (en) * | 2018-01-26 | 2018-08-17 | 山东超越数控电子股份有限公司 | A kind of data desensitization method based on permission |
| CN108537056A (en) * | 2018-03-07 | 2018-09-14 | 新博卓畅技术(北京)有限公司 | A kind of the data desensitization method and system of Double-layer filter type |
| CN111125690A (en) * | 2019-11-29 | 2020-05-08 | 苏州浪潮智能科技有限公司 | Method and device for reinforcing host and storage medium |
| WO2020170225A2 (en) * | 2019-02-24 | 2020-08-27 | Nili Philipp | System and method for securing data |
| WO2021102753A1 (en) * | 2019-11-27 | 2021-06-03 | 深圳市欢太科技有限公司 | Flash packet encryption method and apparatus, electronic device, and computer storage medium |
| CN113343298A (en) * | 2021-06-18 | 2021-09-03 | 浪潮云信息技术股份公司 | Data desensitization system based on data simulation algorithm |
| CN113343299A (en) * | 2021-06-18 | 2021-09-03 | 浪潮云信息技术股份公司 | Hive database dynamic desensitization system and implementation method |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070055893A1 (en) * | 2005-08-24 | 2007-03-08 | Mci, Inc. | Method and system for providing data field encryption and storage |
| CA2639023A1 (en) * | 2008-09-23 | 2010-03-23 | Gerard Voon | Bioscience iii |
| CN103778380A (en) * | 2013-12-31 | 2014-05-07 | 网秦(北京)科技有限公司 | Data desensitization method and device and data anti-desensitization method and device |
| CN109344370A (en) * | 2018-08-23 | 2019-02-15 | 阿里巴巴集团控股有限公司 | Sensitive content desensitization, restoring method, device and equipment |
| CN110532797A (en) * | 2019-07-24 | 2019-12-03 | 方盈金泰科技(北京)有限公司 | The desensitization method and system of big data |
| US11593312B2 (en) * | 2019-07-31 | 2023-02-28 | EMC IP Holding Company LLC | File layer to block layer communication for selective data reduction |
| CN111107066A (en) * | 2019-12-06 | 2020-05-05 | 中国联合网络通信集团有限公司 | Sensitive data transmission method and system, electronic equipment and storage medium |
| CN111083132B (en) * | 2019-12-11 | 2022-02-18 | 北京明朝万达科技股份有限公司 | Safe access method and system for web application with sensitive data |
| CN112839083B (en) * | 2020-12-30 | 2022-07-12 | 北京天融信网络安全技术有限公司 | Data transmission method and device and readable storage medium |
-
2021
- 2021-09-29 CN CN202111149942.2A patent/CN113794735B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107579954A (en) * | 2012-09-25 | 2018-01-12 | 阿里巴巴集团控股有限公司 | The generation method and system of identification information |
| CN103812982A (en) * | 2014-02-24 | 2014-05-21 | 中国移动(深圳)有限公司 | Method and system for monitoring and testing cell phone client side by computer through cross-operating system |
| CN106203145A (en) * | 2016-08-04 | 2016-12-07 | 北京网智天元科技股份有限公司 | Data desensitization method and relevant device |
| CN107358693A (en) * | 2017-07-04 | 2017-11-17 | 安徽工程大学 | A kind of smart lock and method for unlocking |
| CN108418676A (en) * | 2018-01-26 | 2018-08-17 | 山东超越数控电子股份有限公司 | A kind of data desensitization method based on permission |
| CN108537056A (en) * | 2018-03-07 | 2018-09-14 | 新博卓畅技术(北京)有限公司 | A kind of the data desensitization method and system of Double-layer filter type |
| WO2020170225A2 (en) * | 2019-02-24 | 2020-08-27 | Nili Philipp | System and method for securing data |
| WO2021102753A1 (en) * | 2019-11-27 | 2021-06-03 | 深圳市欢太科技有限公司 | Flash packet encryption method and apparatus, electronic device, and computer storage medium |
| CN111125690A (en) * | 2019-11-29 | 2020-05-08 | 苏州浪潮智能科技有限公司 | Method and device for reinforcing host and storage medium |
| CN113343298A (en) * | 2021-06-18 | 2021-09-03 | 浪潮云信息技术股份公司 | Data desensitization system based on data simulation algorithm |
| CN113343299A (en) * | 2021-06-18 | 2021-09-03 | 浪潮云信息技术股份公司 | Hive database dynamic desensitization system and implementation method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113794735A (en) | 2021-12-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11778059B1 (en) | Systems and methods for recognizing a device | |
| CN112217835B (en) | Message data processing method and device, server and terminal equipment | |
| US9569471B2 (en) | Asset model import connector | |
| CN109672657B (en) | Data management method, device, equipment and storage medium | |
| US8959624B2 (en) | Executable download tracking system | |
| KR20130129184A (en) | System and method for server-coupled malware prevention | |
| US11777961B2 (en) | Asset remediation trend map generation and utilization for threat mitigation | |
| CN113489713A (en) | Network attack detection method, device, equipment and storage medium | |
| US11762991B2 (en) | Attack kill chain generation and utilization for threat analysis | |
| CN110138731B (en) | Network anti-attack method based on big data | |
| CN113794735B (en) | Sensitive data security protection method in SAAS system scene | |
| CN110958239A (en) | Method and device for verifying access request, storage medium and electronic device | |
| CN117459327B (en) | Cloud data transparent encryption protection method, system and device | |
| CN109284608B (en) | Method, device and equipment for identifying Legionella software and safety processing method | |
| CN113010904A (en) | Data processing method and device and electronic equipment | |
| CN115145941B (en) | Information management method, system and computer readable storage medium | |
| CN116860764A (en) | Data change processing method and system, electronic equipment and storage medium | |
| US20240163264A1 (en) | Real-time data encryption/decryption security system and method for network-based storage | |
| CN116112228A (en) | HTTPS data packet sending method and device, electronic equipment and readable medium | |
| KR101612893B1 (en) | Privacy information scanning system and scanning method | |
| JP7078562B2 (en) | Computer system, analysis method of impact of incident on business system, and analysis equipment | |
| CN114257404A (en) | Abnormal external connection statistic alarm method and device, computer equipment and storage medium | |
| CN116933323B (en) | Code auditing method, system and computer equipment based on privacy protection | |
| CN111242770B (en) | Risk equipment identification method and device, electronic equipment and readable storage medium | |
| CN116846601A (en) | Log encryption method and device, electronic equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |