CN113836173B - Data processing method and device, electronic equipment and storage medium - Google Patents
Data processing method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN113836173B CN113836173B CN202111183677.XA CN202111183677A CN113836173B CN 113836173 B CN113836173 B CN 113836173B CN 202111183677 A CN202111183677 A CN 202111183677A CN 113836173 B CN113836173 B CN 113836173B
- Authority
- CN
- China
- Prior art keywords
- data
- sensitive data
- display control
- identifier
- sensitive
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 23
- 238000012545 processing Methods 0.000 claims abstract description 31
- 238000000034 method Methods 0.000 claims description 27
- 230000001960 triggered effect Effects 0.000 claims description 5
- 238000004590 computer program Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 8
- 230000006399 behavior Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000004044 response Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000013507 mapping Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 239000003795 chemical substances by application Substances 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000000007 visual effect Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000000586 desensitisation Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
- G06F16/2428—Query predicate definition using graphical user interfaces, including menus and forms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/23—Updating
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2457—Query processing with adaptation to user needs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/248—Presentation of query results
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Computational Linguistics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Mathematical Physics (AREA)
- Human Computer Interaction (AREA)
- Medical Informatics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The disclosure provides a data processing method, a device, electronic equipment and a storage medium, and relates to the technical field of computers, in particular to the technical fields of information security and data processing. The data processing method comprises the following steps: receiving a sensitive data query request, wherein the sensitive data query request comprises a display control identifier and a client identifier where the display control is located; acquiring sensitive data associated with the display control identifier; returning the sensitive data to the client corresponding to the client identifier; and updating a sensitive data query record library based on the client identifier and the display control identifier. Therefore, on one hand, the query requirement of a user on sensitive data is met, and on the other hand, the record of the behavior of the user for querying the sensitive data is realized, so that the abuse of the data is prevented.
Description
Technical Field
The disclosure relates to the technical field of computers, in particular to the technical fields of information security and data processing, and specifically relates to a data processing method, a device, electronic equipment and a storage medium.
Background
With the rapid development of digitization and informatization technologies, data has become a very important asset. Currently, data is usually stored in an information system, and when a user accesses related data of the information system, the information system can desensitize and display sensitive information in the data in order to ensure the security of the data. However, in some cases, users have a need to view sensitive information based on business needs. Therefore, research on how to meet the requirement of users for checking sensitive information on the premise of preventing data abuse is a problem to be solved.
Disclosure of Invention
The disclosure provides a data processing method, a data processing device, electronic equipment and a storage medium.
According to a first aspect of the present disclosure, there is provided a data processing method, including:
Receiving a sensitive data query request, wherein the sensitive data query request comprises a display control identifier and a client identifier where the display control is located;
acquiring sensitive data associated with the display control identifier;
returning the sensitive data to the client corresponding to the client identifier;
and updating a sensitive data query record library based on the client identifier and the display control identifier.
According to a second aspect of the present disclosure, there is provided a data processing apparatus comprising:
The first receiving module is used for receiving a sensitive data query request, wherein the sensitive data query request comprises a display control identifier and a client identifier where the display control is located;
the first acquisition module is used for acquiring sensitive data associated with the display control identifier;
The first return module is used for returning the sensitive data to the client corresponding to the client identifier;
And the updating module is used for updating the sensitive data query record library based on the client identifier and the display control identifier.
According to a third aspect of the present disclosure, there is provided an electronic device comprising:
At least one processor; and
A memory communicatively coupled to the at least one processor; wherein,
The memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of the first aspect.
According to a fourth aspect of the present disclosure, there is provided a non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method of the first aspect.
According to a fifth aspect of the present disclosure, there is provided a computer program product comprising computer instructions which, when executed by a processor, implement the method as described in the first aspect.
The data processing method, the device, the electronic equipment and the storage medium provided by the disclosure have the following beneficial effects:
Firstly, receiving a sensitive data query request, wherein the sensitive data query request comprises a display control identifier and a client identifier where the display control is located; then, sensitive data associated with the display control identifier is obtained, and the sensitive data is returned to the client corresponding to the client identifier; and finally updating the sensitive data query record library based on the client identifier and the display control identifier. Therefore, on one hand, the query requirement of a user on sensitive data is met, and on the other hand, the record of the behavior of the user for querying the sensitive data is realized, so that the abuse of the data is prevented.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the disclosure, nor is it intended to be used to limit the scope of the disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The drawings are for a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:
FIG. 1 is a flow chart of a method for processing data according to an embodiment of the present disclosure;
FIG. 2 is a flow chart of a method of processing data provided in accordance with yet another embodiment of the present disclosure;
FIG. 3 is a flow chart of a method of processing data provided in accordance with yet another embodiment of the present disclosure;
FIG. 4 is a schematic diagram of a data processing apparatus according to an embodiment of the present disclosure;
fig. 5 is a block diagram of an electronic device for implementing a data processing method of an embodiment of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure are described below in conjunction with the accompanying drawings, which include various details of the embodiments of the present disclosure to facilitate understanding, and should be considered as merely exemplary. Accordingly, one of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
The embodiment of the disclosure relates to the technical fields of information security, data processing and the like.
Information security is a technical, administrative security protection established and employed for data processing systems in order to protect computer hardware, software, data from being destroyed, altered, and compromised by accidental and malicious causes.
With the rapid development of digitization and informatization technologies, data has become a very important asset. Core confidential data such as user information, contract information, agent information, supply chain information, etc. are stored in the information system, and employees, users, etc. can inquire about the related data by accessing the information system.
On the one hand, sensitive information should be displayed desensitized in order to avoid data leakage as much as possible. On the other hand, in order to make the data fully applicable, the information system also has the necessity of displaying the data. Therefore, the method and the device not only meet the data query requirement, but also prevent the data abuse by providing the sensitive data query channel for the user and recording the behavior of the user for querying the sensitive data.
The data processing method, apparatus, electronic device and storage medium of the present disclosure are described below with reference to the accompanying drawings.
Fig. 1 is a flow chart of a method of processing data according to an embodiment of the present disclosure.
It should be noted that, the execution body of the data processing method in this embodiment is a data processing apparatus, and the apparatus may be implemented in a software and/or hardware manner, and the apparatus may be configured in an electronic device, where the electronic device may include, but is not limited to, a terminal, a server, and the like.
As shown in fig. 1, the data processing method may include the following steps:
Step S101, receiving a sensitive data query request, wherein the sensitive data query request comprises a display control identifier and a client identifier where the display control is located.
Wherein the sensitive data may be any type of data that has value. For example, the mobile phone number, the identity card number and the like can be adopted. Or may be experimental data, operating parameters, etc., and the comparison of the present disclosure is not limited.
It should be noted that, the client terminal sending the sensitive data query request may be any type of terminal device, such as a mobile phone, a tablet computer, a computer, and so on.
The display control can be any form of control capable of displaying and managing interface sensitive information on the terminal device. For example, the display control may be any type of icon button. The display control identification may be any type of identification that can uniquely characterize the control. For example, the display control identifier may be a segment of a character or the like.
Accordingly, the client identification may be any type of identification capable of uniquely characterizing the identity of the user or device. For example, the client identification may be a user name for logging in to system query information, or may be a device IP address, etc., which is not limited by this disclosure.
In one possible implementation manner of the embodiment of the disclosure, the receiving of the sensitive data query request may be determined under the condition that the triggering of the display control corresponding to the display control identifier is detected.
It will be appreciated that querying the sensitive data is an act that the user initiates actively to the information system as desired by himself, since the sensitive data is typically confidential. For convenient operation, a user can initiate a sensitive data query request by triggering a display control of the client.
And the electronic equipment at the terminal or the server receives the sensitive data query request by detecting the trigger condition of the display control.
For example, the display control may be an eye icon, and the user triggers the display control by clicking the icon, so that the client generates a sensitive data query request to interact with the information system of the electronic device.
In the embodiment of the disclosure, the sensitive data query request is generated in a form that the display control is triggered, so that the query operation of a user is facilitated.
It should be noted that the foregoing examples are merely illustrative, and are not meant to be limiting of the sensitive data, display control identifiers, client identifiers, etc. in the embodiments of the present disclosure.
Step S102, sensitive data associated with the display control identification is acquired.
It can be appreciated that, in order to obtain corresponding sensitive data according to the display control identifier, the display control identifier needs to be associated with the corresponding sensitive data in advance.
For example, a mapping relationship between display control identifiers and sensitive data can be established, so that when a sensitive data query request is received, corresponding sensitive data can be searched and called according to the display control identifiers, which is not limited in the disclosure.
Step S103, sensitive data is returned to the client corresponding to the client identifier.
Sensitive data associated with the display control can be stored locally at the client or at the server.
For example, when sensitive data is stored locally at the client, a user may log into the client's information system via a user name, password, or the like. At this time, the client identifier may be a user name, and the information system displays corresponding sensitive data to the login interface of the client.
Or when the sensitive data is stored in the server, the user can send a request to the server through the client, so that the server responds according to the request. At this time, the client identifier may be an IP address of the device, and the server may return sensitive data to the client according to the IP address.
And step S104, updating the sensitive data query record library based on the client identifier and the display control identifier.
It will be appreciated that in order to prevent abuse of sensitive data, the user's act of viewing the sensitive data needs to be recorded in order to trace back after the data has been revealed.
The sensitive data query record library can be formed and updated according to the client identification of the user for querying the sensitive data and the display control identification associated with the sensitive data.
For example, when the client identifier is a user name, a mapping relationship can be established between the user name and the display control identifier associated with the sensitive data, so as to form a sensitive data query record.
Or when the client side identifier is the equipment IP address, the mapping relation between the equipment IP address and the display control identifier associated with the sensitive data can be established, so that a sensitive data query record is formed.
It will be appreciated that a user or a device may query for multiple pieces of sensitive data. Accordingly, a piece of sensitive data may be queried by multiple users or multiple devices. Thus, the sensitive data query record library can be updated in real time according to the query behavior.
It should be noted that the above examples are only illustrative, and should not be taken as limiting the update of the sensitive data query record library in the embodiments of the present disclosure.
The data processing method of the embodiment of the disclosure includes the steps of firstly, receiving a sensitive data query request, wherein the sensitive data query request comprises a display control identifier and a client identifier where the display control is located; then, sensitive data associated with the display control identifier is obtained, and the sensitive data is returned to the client corresponding to the client identifier; and finally updating the sensitive data query record library based on the client identifier and the display control identifier. Therefore, on one hand, the query requirement of a user on sensitive data is met, and on the other hand, the record of the behavior of the user for querying the sensitive data is realized, so that the abuse of the data is prevented.
Fig. 2 is a flow chart of a method of processing data according to another embodiment of the present disclosure.
It should be noted that, the sensitive data is usually a part of the data to be queried. When a user inquires related data, in order to avoid sensitive data leakage, sensitive data in the data to be inquired can be subjected to desensitization processing, and an associated display control is generated for the sensitive data, so that the user can continuously inquire the sensitive data based on the display control as required after receiving the desensitized data. The above process is further described below in conjunction with fig. 2.
As shown in fig. 2, the processing method of the data may include the following steps:
step S201, a data query request is received, where the data query request includes a storage address corresponding to the data to be queried.
The data to be queried may be any data stored in the information system. For example, the data to be queried may be user information related to a service, contract information, agent information, supply chain information, etc. Or the data to be queried may be device information, operating information, etc. related to the technology.
It should be noted that, the client side sending the data query request may be any type of terminal device, such as a mobile phone, a tablet computer, a computer, and so on. The data to be queried can be stored locally at the client side or can be stored at the server side.
Correspondingly, the storage address corresponding to the data to be queried can be the storage address of the data local to the client or the storage address on the target server.
For example, when the data to be queried is stored locally on the client, the storage address may be a corresponding file name or a file storage path, which is not limited in this disclosure.
Or when the data to be queried is stored at the server side, the storage address may be a URL address (Uniform Resource Locator ), and the user may send an HTTP (Hyper Text Transfer Protocol ) request, or an HTTPs (Hyper Text Transfer Protocol over SecureSocket Layer, hypertext transfer security protocol) request, etc. through the client browser, to send the URL address of the data to be queried to the WEB server.
It should be noted that the foregoing examples are only illustrative, and should not be taken as limiting the data to be queried and the corresponding storage addresses in the embodiments of the disclosure.
Step S202, obtaining the data to be queried according to the storage address.
The storage address is a storage position of the data to be queried. According to the storage address, corresponding data to be queried can be obtained.
For example, when the storage address is a file name local to the client, the file may be recalled from the corresponding storage location according to the file name.
Or when the storage address is a URL address, a target server storing the resource can be searched according to the host address in the URL address, and then the corresponding resource file can be searched according to the port, the path, the parameters and the like in the URL address.
Step S203, sensitive data and non-sensitive data are generated according to the data to be queried.
The non-sensitive data may be data that can be viewed without limitation, such as a customer name, a sex, etc., and the sensitive data may be data that is not suitable for unconditional disclosure, such as a mobile phone number, an identity card number, etc.
It will be appreciated that the data to be queried may include non-sensitive data, and may also include sensitive data. The method comprises the steps of generating non-sensitive data and sensitive data according to data to be queried, pre-setting sensitive information judging rules, then desensitizing sensitive information in the data to be queried according to the sensitive information judging rules to generate the non-sensitive data, and storing the sensitive information in the data to be queried to generate the sensitive data.
The sensitive information determination rule may be set according to the information type, for example, the mobile phone number, the identity card number, and the like are divided into sensitive information.
Or may set sensitive information decision rules based on the information content, such as dividing text containing specific words, symbols into sensitive information.
In addition, the sensitive information in the data to be queried is desensitized, the generated non-sensitive data can be the data from which the sensitive information is deleted, and can also be the data from which part of the sensitive information is coded, and the disclosure is not limited to this.
For example, when the sensitive information in the data to be queried is a mobile phone number, the position of the mobile phone number in the generated non-sensitive data can be null or the mobile phone number after coding the middle four bits.
It should be noted that the above examples are only illustrative, and should not be taken as limiting the division of the embodiments of the present disclosure into sensitive data and non-sensitive data.
Step S204, generating sensitive data associated display control.
It will be appreciated that in order to enable a user, such as a customer, user, or the like, to query the sensitive data as desired, an associated display control may be generated for the sensitive data to find the corresponding sensitive data based on the display control.
The display control can be any form of control capable of displaying and managing interface sensitive information on the terminal device. For example, the display control may be any type of icon button.
Specifically, the generation of the display control associated with the sensitive data may be implemented by implanting control code. The client can render and generate the display control by running the control code.
For example, after the WEB server generates the response WEB page according to the URL address, javaScript (JS) or Visual Basic Script (VBS) script language may be used to generate a control code associated with the sensitive information in the response WEB page, and the control code is implanted into the response WEB page. After the WEB server returns the response webpage implanted with the control code to the client, the client can generate a corresponding display control on the display interface by running the control code. Furthermore, when the user needs to inquire the corresponding sensitive information, the sensitive data inquiry request can be triggered by clicking the display control.
That is, the display control may be presented in the form of a control code at the terminal or server side, and the display control may be presented in the form of an icon button visible to the human eye at the client side.
Step S205, a target data set is generated according to the non-sensitive data and the display control associated with the sensitive data.
It should be noted that, when the user queries the data, the user may first check the non-sensitive data, and then further select whether to check the sensitive data according to the need.
In the embodiment of the disclosure, the target data set is generated by the non-sensitive data and the display control associated with the sensitive data, so that the response to the data query request is realized, and the direct display of the sensitive data is avoided, thereby reducing the possibility of data leakage. Meanwhile, a way for inquiring the sensitive data is provided for a user through a display control related to the sensitive data in the target data set, so that the demand of the user on inquiring the sensitive data is met.
Step S206, returning the target data set.
The mode of returning the target data set can be determined according to the storage position of the data to be queried.
For example, when the data to be queried is stored locally at the client, the user may log into the information system of the client through a user name, password, or the like. At this time, the information system displays the corresponding target data set to the login interface of the client.
Or when the data to be queried is stored in the server, the user can send a request to the server through the client, and the server responds according to the data query request. At this point, the server may return the target data set to the corresponding client.
It should be noted that, when the client receives the target data set, the corresponding control code may be executed to display the display control associated with the sensitive data in the target data set on the display interface. When a user needs to view the sensitive data, the client can generate a sensitive data query request by triggering the display control. Furthermore, the terminal or the server side can return the sensitive data according to the sensitive data query request, and update the query record of the sensitive data. The specific process may include the steps of:
Step S207, a sensitive data query request is received, wherein the sensitive data query request comprises a display control identifier and a client identifier where the display control is located.
Step S208, sensitive data associated with the display control identification is acquired.
Step S209, sensitive data is returned to the client corresponding to the client identifier.
Step S210, based on the client identification and the display control identification, updating the sensitive data query record library.
The specific implementation manner of steps S207 to S210 may refer to the detailed descriptions of other embodiments of the present disclosure, and will not be repeated here.
In the embodiment of the disclosure, firstly, data to be queried is acquired according to a storage address in a data query request, then sensitive data and non-sensitive data are generated based on the data to be queried, a display control associated with the sensitive data is generated, then a target data set is generated based on the non-sensitive data and the display control associated with the sensitive data, and finally the target data set is returned. Furthermore, when a user needs to view the sensitive data, the client can generate a sensitive data query request by triggering the display control. When the terminal or the server receives the sensitive data query request, corresponding sensitive data can be returned, and meanwhile, the sensitive data query record is updated. Therefore, not only is data abuse prevented, but also a query way of sensitive data is provided, and the requirements of users are met.
Fig. 3 is a flow chart of a method of processing data according to another embodiment of the present disclosure.
It should be noted that, at present, core data of most enterprises or institutions are stored in an information system, and staff, users and the like can access the data in the information system through web pages. When the information system responds to the data query request according to the data processing method of the embodiment of the disclosure, the original WEB server needs to be modified, a large amount of time cost and economic cost are possibly consumed, and the modification difficulty is high.
In one possible implementation, a proxy server may be employed as the execution body of the data processing method. When the proxy server receives the data query request, the request may be forwarded to the target server, so that the target server returns the data to be queried to the proxy server according to the request. The proxy server may perform data processing based on the received data to be queried. The above process is further described below in conjunction with fig. 3.
As shown in fig. 3, the processing method of the data may include the following steps:
in step S301, a data query request is received, where the data query request includes a storage address corresponding to the data to be queried.
The specific implementation manner of step S301 may refer to the detailed descriptions of other embodiments of the present disclosure, which are not described herein.
Step S302, the storage address is resolved to determine the target server identification and the storage location identification.
It will be appreciated that when the data to be queried is stored on another server, the storage address may include an identifier of the target server on which the data to be queried is located, and an identifier of a storage location of the data to be queried on the target server.
The proxy server can determine the target server where the data to be queried is located and the specific storage position on the target server by analyzing the storage address.
For example, the storage address may be a URL address, the destination server identification may be a host domain name in the URL address, and the storage location identification may be a port, path, parameter, etc. in the URL address.
Further, the proxy server may search for a target server storing the resource according to the host domain name in the URL address, and then search for a corresponding resource file according to the port, path, parameter, etc. in the URL address.
It should be noted that the foregoing examples are only illustrative, and are not intended to limit the destination server identifier, the storage location identifier, and the like in the embodiments of the present disclosure.
Step S303, a storage location identifier is sent to a target server corresponding to the target server identifier, so that the target server determines data to be queried according to the storage location identifier.
After determining the target server storing the data to be queried, the data query request can be forwarded to the target server, so that the target server determines the corresponding data to be queried according to the storage position identification in the request.
For example, the target server may retrieve data from the corresponding storage location based on the storage path or file name of the data to be queried.
Or the target server can search and acquire corresponding data according to ports, paths, parameters and the like in the URL address.
Step S304, receiving the data to be queried returned by the target server.
The data to be queried returned by the target server can be in any form. For example, it may be a document, a web page, etc.
After receiving the data to be queried, the proxy server can generate sensitive data and non-sensitive data based on the data to be queried, generate a display control associated with the sensitive data, then generate a target data set based on the non-sensitive data and the display control associated with the sensitive data, and finally return to the target data set. Furthermore, when a user needs to view the sensitive data, the client can generate a sensitive data query request by triggering the display control. When the proxy server receives the sensitive data query request, the corresponding sensitive data can be returned, and meanwhile, the sensitive data query record is updated. The specific process may include the steps of:
Step S305, sensitive data and non-sensitive data are generated according to the data to be queried.
Step S306, generating sensitive data associated display control.
Step S307, a target data set is generated according to the non-sensitive data and the display control associated with the sensitive data.
Step S308, returning the target data set.
Step S309, a sensitive data query request is received, wherein the sensitive data query request includes a display control identifier and a client identifier where the display control is located.
Step S310, sensitive data associated with the display control identification is acquired.
Step S311, sensitive data is returned to the client corresponding to the client identifier.
Step S312, based on the client identification and the display control identification, the sensitive data query record library is updated.
The specific implementation manner of steps S305 to S312 may refer to the detailed descriptions of other embodiments of the present disclosure, and will not be repeated here.
According to the data processing method, firstly, a data query request is received through a proxy server, then, a target server storing data to be queried is determined by the proxy server, and the request is forwarded to the target server, so that the target server returns the data to be queried to the proxy server according to the request. And finally, the proxy server performs data processing based on the received data to be queried. Therefore, the transformation of a target server for storing data is avoided, and the labor cost, the time cost and the economic cost are effectively saved.
According to an embodiment of the disclosure, the disclosure further provides a data processing device.
Fig. 4 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present disclosure. As shown in fig. 4, the data processing apparatus 400 may include: the first receiving module 410, the first obtaining module 420, the first returning module 430 and the updating module 440.
The first receiving module 410 is configured to receive a sensitive data query request, where the sensitive data query request includes a display control identifier and a client identifier where the display control is located.
A first acquisition module 420 is configured to acquire sensitive data associated with the display control identification.
The first return module 430 is configured to return sensitive data to the client corresponding to the client identifier.
The updating module 440 is configured to update the sensitive data query record repository based on the client identifier and the display control identifier.
In one possible implementation manner of the embodiment of the present disclosure, the first receiving module 410 is specifically configured to:
and under the condition that the display control corresponding to the display control identifier is triggered, determining that a sensitive data query request is received.
In one possible implementation of the embodiment of the present disclosure, the data processing apparatus 400 may further include:
the second receiving module is used for receiving a data query request, wherein the data query request comprises a storage address corresponding to data to be queried.
And the second acquisition module is used for acquiring a target data set according to the storage address, wherein the target data set comprises non-sensitive data and display controls associated with the sensitive data.
And the second return module is used for returning the target data set.
In one possible implementation manner of the embodiment of the present disclosure, the second obtaining module may include:
and the acquisition unit is used for acquiring the data to be queried according to the storage address.
The first generation unit is used for generating sensitive data and non-sensitive data according to the data to be queried.
And the second generation unit is used for generating a display control associated with the sensitive data.
And the determining unit is used for determining the target data set according to the non-sensitive data and the display control associated with the sensitive data.
In one possible implementation manner of the embodiment of the present disclosure, the obtaining unit may specifically be configured to:
And resolving the storage address to determine the target server identification and the storage location identification.
And sending the storage location identification to the target server corresponding to the target server identification, so that the target server determines the data to be queried according to the storage location identification.
And receiving the data to be queried returned by the target server.
It should be noted that the foregoing explanation of the embodiment of the data processing method is also applicable to the data processing apparatus of this embodiment, and the implementation principle is similar, and will not be repeated here.
The data processing device of the embodiment of the disclosure firstly receives a sensitive data query request, wherein the sensitive data query request comprises a display control identifier and a client identifier where the display control is located; then, sensitive data associated with the display control identifier is obtained, and the sensitive data is returned to the client corresponding to the client identifier; and finally updating the sensitive data query record library based on the client identifier and the display control identifier. Therefore, on one hand, the query requirement of a user on sensitive data is met, and on the other hand, the record of the behavior of the user for querying the sensitive data is realized, so that the abuse of the data is prevented.
According to embodiments of the present disclosure, the present disclosure also provides an electronic device, a readable storage medium and a computer program product.
Fig. 5 illustrates a schematic block diagram of an example electronic device 500 that may be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 5, the apparatus 500 includes a computing unit 501 that can perform various suitable actions and processes according to a computer program stored in a Read Only Memory (ROM) 502 or a computer program loaded from a storage unit 508 into a Random Access Memory (RAM) 503. In the RAM 503, various programs and data required for the operation of the device 500 can also be stored. The computing unit 501, ROM 502, and RAM 503 are connected to each other by a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
Various components in the device 500 are connected to the I/O interface 505, including: an input unit 506 such as a keyboard, a mouse, etc.; an output unit 507 such as various types of displays, speakers, and the like; a storage unit 508 such as a magnetic disk, an optical disk, or the like; and a communication unit 509 such as a network card, modem, wireless communication transceiver, etc. The communication unit 509 allows the device 500 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
The computing unit 501 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of computing unit 501 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, etc. The computing unit 501 performs the respective methods and processes described above, for example, a processing method of data. For example, in some embodiments, the method of processing data may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as storage unit 508. In some embodiments, part or all of the computer program may be loaded and/or installed onto the device 500 via the ROM 502 and/or the communication unit 509. When a computer program is loaded into RAM 503 and executed by computing unit 501, one or more steps of the data processing method described above may be performed. Alternatively, in other embodiments, the computing unit 501 may be configured to perform the processing method of the data in any other suitable way (e.g. by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus such that the program code, when executed by the processor or controller, causes the functions/operations specified in the flowchart and/or block diagram to be implemented. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and pointing device (e.g., a mouse or trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), the internet, and blockchain networks.
The computer system may include a client and a server. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical hosts and VPS service ("Virtual PRIVATE SERVER" or simply "VPS") are overcome. The server may also be a server of a distributed system or a server that incorporates a blockchain.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps recited in the present disclosure may be performed in parallel or sequentially or in a different order, provided that the desired results of the technical solutions of the present disclosure are achieved, and are not limited herein.
The above detailed description should not be taken as limiting the scope of the present disclosure. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present disclosure are intended to be included within the scope of the present disclosure.
Claims (6)
1. A data processing method is applied to a proxy server and comprises the following steps:
Receiving a sensitive data query request, wherein the sensitive data query request comprises a display control identifier and a client identifier where the display control is located, and the sensitive data query request is generated by triggering the display control;
acquiring sensitive data associated with the display control identifier;
returning the sensitive data to the client corresponding to the client identifier;
updating a sensitive data query record library based on the client identifier and the display control identifier;
before the receiving the sensitive data query request, the method further comprises:
Receiving a data query request, wherein the data query request comprises a storage address corresponding to data to be queried;
Acquiring a target data set according to the storage address, wherein the target data set comprises non-sensitive data and a display control associated with the sensitive data;
returning the target data set to the client;
the obtaining the target data set according to the storage address includes:
Acquiring the data to be queried according to the storage address;
Generating sensitive data and non-sensitive data according to the data to be queried;
generating a display control associated with the sensitive data;
determining the target data set according to the non-sensitive data and a display control associated with the sensitive data;
the obtaining of the data to be queried comprises the following steps:
analyzing the storage address to determine a target server identifier and a storage location identifier;
The storage position identification is sent to a target server corresponding to the target server identification, so that the target server determines the data to be queried according to the storage position identification;
And receiving the data to be queried returned by the target server.
2. The method of claim 1, wherein the receiving a sensitive data query request comprises:
And under the condition that the display control corresponding to the display control identifier is triggered, determining that the sensitive data query request is received.
3. A data processing device, applied to a proxy server, comprising:
The first receiving module is used for receiving a sensitive data query request, wherein the sensitive data query request comprises a display control identifier and a client identifier where the display control is located, and the sensitive data query request is generated by triggering a display component;
the first acquisition module is used for acquiring sensitive data associated with the display control identifier;
The first return module is used for returning the sensitive data to the client corresponding to the client identifier;
The updating module is used for updating the sensitive data query record library based on the client identifier and the display control identifier;
The second receiving module is used for receiving a data query request, wherein the data query request comprises a storage address corresponding to data to be queried;
The second acquisition module is used for acquiring a target data set according to the storage address, wherein the target data set comprises non-sensitive data and display controls associated with the sensitive data;
the second return module is used for returning the target data set to the client;
The second acquisition module includes:
the acquisition unit is used for acquiring the data to be queried according to the storage address;
the first generation unit is used for generating sensitive data and non-sensitive data by the proxy server according to the data to be queried;
a second generation unit, configured to generate a display control associated with the sensitive data;
The determining unit is used for determining the target data set according to the non-sensitive data and the display control associated with the sensitive data;
The acquisition unit is specifically configured to:
analyzing the storage address to determine a target server identifier and a storage location identifier;
The storage position identification is sent to a target server corresponding to the target server identification, so that the target server determines the data to be queried according to the storage position identification;
And receiving the data to be queried returned by the target server.
4. The apparatus of claim 3, wherein the first receiving module is specifically configured to:
And under the condition that the display control corresponding to the display control identifier is triggered, determining that the sensitive data query request is received.
5. An electronic device, comprising:
At least one processor; and
A memory communicatively coupled to the at least one processor; wherein,
The memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-2.
6. A non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method of any one of claims 1-2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111183677.XA CN113836173B (en) | 2021-10-11 | 2021-10-11 | Data processing method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111183677.XA CN113836173B (en) | 2021-10-11 | 2021-10-11 | Data processing method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113836173A CN113836173A (en) | 2021-12-24 |
| CN113836173B true CN113836173B (en) | 2024-05-31 |
Family
ID=78968564
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111183677.XA Active CN113836173B (en) | 2021-10-11 | 2021-10-11 | Data processing method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113836173B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114969840A (en) * | 2022-06-09 | 2022-08-30 | 北京百度网讯科技有限公司 | Data leakage prevention method and device |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107040540A (en) * | 2017-04-20 | 2017-08-11 | 北京奇虎科技有限公司 | A kind of cloud private data display methods and device, server and mobile terminal |
| CN107665313A (en) * | 2017-05-19 | 2018-02-06 | 平安科技(深圳)有限公司 | Sensitive information methods of exhibiting, device, storage medium and computer equipment |
| US9898610B1 (en) * | 2014-10-22 | 2018-02-20 | State Farm Mutual Automobile Insurance Company | System and method for concealing sensitive data on a computing device |
| CN109977690A (en) * | 2017-12-28 | 2019-07-05 | 中国移动通信集团陕西有限公司 | A kind of data processing method, device and medium |
| CN110414271A (en) * | 2019-08-02 | 2019-11-05 | Oppo(重庆)智能科技有限公司 | A kind of private data guard method, device and computer readable storage medium |
| CN111290721A (en) * | 2020-01-20 | 2020-06-16 | 北京大米未来科技有限公司 | Online interaction control method, system, electronic device and storage medium |
| CN112270594A (en) * | 2020-11-25 | 2021-01-26 | 平安数字信息科技(深圳)有限公司 | Salary data display method and device, computer equipment and storage medium |
| CN113378228A (en) * | 2021-06-29 | 2021-09-10 | 招商局金融科技有限公司 | Private information retrieval method, device, equipment and storage medium |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150040237A1 (en) * | 2013-08-05 | 2015-02-05 | Xerox Corporation | Systems and methods for interactive creation of privacy safe documents |
| IN2013MU03724A (en) * | 2013-11-27 | 2015-07-31 | Tata Consultancy Services Ltd | |
| US20180114033A1 (en) * | 2016-10-20 | 2018-04-26 | Salesforce.Com, Inc. | Controlled execution of queries for protecting sensitive data in query responses in an on-demand services environment |
-
2021
- 2021-10-11 CN CN202111183677.XA patent/CN113836173B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9898610B1 (en) * | 2014-10-22 | 2018-02-20 | State Farm Mutual Automobile Insurance Company | System and method for concealing sensitive data on a computing device |
| CN107040540A (en) * | 2017-04-20 | 2017-08-11 | 北京奇虎科技有限公司 | A kind of cloud private data display methods and device, server and mobile terminal |
| CN107665313A (en) * | 2017-05-19 | 2018-02-06 | 平安科技(深圳)有限公司 | Sensitive information methods of exhibiting, device, storage medium and computer equipment |
| CN109977690A (en) * | 2017-12-28 | 2019-07-05 | 中国移动通信集团陕西有限公司 | A kind of data processing method, device and medium |
| CN110414271A (en) * | 2019-08-02 | 2019-11-05 | Oppo(重庆)智能科技有限公司 | A kind of private data guard method, device and computer readable storage medium |
| CN111290721A (en) * | 2020-01-20 | 2020-06-16 | 北京大米未来科技有限公司 | Online interaction control method, system, electronic device and storage medium |
| CN112270594A (en) * | 2020-11-25 | 2021-01-26 | 平安数字信息科技(深圳)有限公司 | Salary data display method and device, computer equipment and storage medium |
| CN113378228A (en) * | 2021-06-29 | 2021-09-10 | 招商局金融科技有限公司 | Private information retrieval method, device, equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 图书馆大数据平台多维度敏感数据保护研究;马晓亭;;图书馆;20170215(第02期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113836173A (en) | 2021-12-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10666694B1 (en) | Markup language for incorporating social networking system information by an external web site | |
| US10862907B1 (en) | Techniques for detecting domain threats | |
| US10614208B1 (en) | Management of login information affected by a data breach | |
| US11089024B2 (en) | System and method for restricting access to web resources | |
| CN111711617A (en) | Method and device for detecting web crawler, electronic equipment and storage medium | |
| CN110297995B (en) | Method and device for collecting information | |
| US9432401B2 (en) | Providing consistent security information | |
| CN113836173B (en) | Data processing method and device, electronic equipment and storage medium | |
| CN115470432A (en) | Page rendering method and device, electronic equipment and computer readable medium | |
| CN113839944B (en) | Method, device, electronic equipment and medium for coping with network attack | |
| US11356481B1 (en) | Preventing phishing attempts of one-time passwords | |
| US11210453B2 (en) | Host pair detection | |
| CN109145182B (en) | Data acquisition method and device, computer equipment and system | |
| US11704364B2 (en) | Evaluation of security policies in real-time for entities using graph as datastore | |
| CN114741158A (en) | Page switching method, device, equipment and storage medium | |
| CN114329149A (en) | Detection method and device for automatically capturing page information, electronic equipment and readable storage medium | |
| US9760624B1 (en) | Automatic selection of an input language | |
| US11157571B2 (en) | External network system for extracting external website data using generated polymorphic data | |
| CN112214743A (en) | Method, device, equipment and storage medium for simulating account login | |
| CN111984893B (en) | System log configuration conflict reminding method, device and system | |
| CN114598524B (en) | Method, device, equipment and storage medium for detecting agent tool | |
| CN115859349B (en) | Data desensitization method and device, electronic equipment and storage medium | |
| US20240205265A1 (en) | Multi-layer browser-based context emulation detection | |
| US11086990B2 (en) | Security module for mobile devices | |
| CN117792704A (en) | Website access method and device, electronic equipment and computer readable medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |