CN114218608B - API registration type-based data privacy protection method, storage medium and system - Google Patents
API registration type-based data privacy protection method, storage medium and system Download PDFInfo
- Publication number
- CN114218608B CN114218608B CN202111678814.7A CN202111678814A CN114218608B CN 114218608 B CN114218608 B CN 114218608B CN 202111678814 A CN202111678814 A CN 202111678814A CN 114218608 B CN114218608 B CN 114218608B
- Authority
- CN
- China
- Prior art keywords
- event
- data
- registration
- privacy protection
- format
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6254—Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Abstract
The invention discloses a data privacy protection method, a storage medium and a system based on an API registration type, wherein the method comprises the following steps: s100, configuring privacy protection rules; s200, registering and storing the registration events according to an event format, and matching each registration event with a corresponding privacy protection rule; s300, according to the privacy protection rule, data request and feedback are carried out on the registration event. According to the data privacy protection method based on the API registration, event registration is carried out on a registration platform according to people, events, time, places and objects, privacy granularity, role authority, agent identifiers and the like are set for data processing and data privacy protection, role division is further achieved for requesters with different identities, different control authorities are provided for different roles, and the effective data presentation effect is provided while privacy is considered.
Description
Technical Field
The invention relates to the technical field of data privacy protection of the Internet, in particular to a data privacy protection method, a storage medium and a system based on an API registration type.
Background
With the rapid development of internet technology, the fundamental strategic resource attributes of data are further highlighted. Data has become a supporting resource and tool for the national government and various commercial institutions, and the application of data has also fully penetrated our lives. And various comprehensive information enters different storage positions to be applied. Meanwhile, overuse and leakage of the sensitive data and the private data of the individual are getting more and more serious, and thus protection of the private data and the sensitive data is becoming a focus.
The registration service of each platform registers and stores server parameters, server return parameters, gateway logs and the like requested by the gateway, and the registration service comprises requester information, node information, operation logs and the like; if a large amount of data is not properly processed, the privacy is greatly damaged, and privacy protection measures need to be refined according to different protected contents.
Aiming at the problems, the invention provides a data privacy protection method based on an API (Application Programming Interface) registration type, which protects the data privacy of the data of a registration platform, for example, the data is processed anonymously, so that manual interference is avoided; privacy protection during data analysis and presentation; the method realizes role division for requesters with different identities, provides different authority control for different roles, and the like.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide a method, a storage medium, and a system for protecting data privacy based on API registration in view of the above-mentioned defects in the prior art.
The technical scheme adopted by the invention for solving the technical problems is as follows: according to one aspect of the present invention, an API registration-based data privacy protection method is provided, in which an intelligent data protection device is used to perform service registration, authority control, and log writing, and the method includes the following steps:
s100, configuring privacy protection rules, wherein the privacy protection rules comprise resource permission rules, role authority rules and agent identifier rules;
s200, registering and storing the registration events according to an event format, and matching each registration event with the corresponding privacy protection rule; registering the registration event on a GUI page, including: capturing a data source, registering events according to pedestrians, events, time, places and objects, filling a path or a regular expression or a node name of a field analyzed by the corresponding data source into a field of each registered event, setting the privacy protection rule for the field of each registered event, and setting a role type for each registered event;
s300, according to the privacy protection rule, data request and feedback are carried out on the registration event.
Preferably, the event format includes an event definition, an attendee, an event time, an event source, and an attendee; the event definition comprises an event name, an event type, an operation type, occurrence time, an occurrence result and an event purpose; the participants comprise participant names, participant types, security role types, requester identities, agent identifiers, whether requesters, networks sent, policy plans, media types and usage purposes; the event source comprises an event occurrence place, a source identifier and a source type; the participant includes a participant name, a participant instance, a participant type, a role code, a life cycle code, a security identification, query parameters, and detailed information.
Preferably, the S200 includes the steps of:
s210, determining a data source format of the registration event, wherein the data source format comprises a json format, a text format or an xml format;
s220, registering and storing the registration event according to the event format according to different data source formats;
s230, matching the corresponding privacy protection rule for each registration event, and particularly refining to match the corresponding privacy protection rule for each data in the event format.
Preferably, if the data source format of the registration event is the JSON format, after data analysis, the list of the registration event displays each field and a PATH position corresponding to a JSON-PATH field corresponding to each field;
if the data source format of the registration event is the text format, after data analysis is carried out, each field and a regular expression corresponding to each field are displayed in the list of the registration event;
if the data source format of the registration event is the xml format, after data analysis is performed, each field and the node name corresponding to each field are displayed in the list of the registration event.
Preferably, the role division of the registration event, the field of the page role type of the requester identifier, and the field of the agent identifier are respectively set corresponding to different data source formats.
Preferably, the S300 includes the steps of:
s301, a requester sends a data request to a gateway;
s302, checking the ID of the requester, and judging whether the requester is in a white list or a black list; if the white list is included, executing S303; if the data request is in the blacklist, intercepting the data request and ending;
s303, requesting data and judging whether the authority exists; if yes, executing S304; if not, the data is not checked, and the process is finished;
s304, judging whether the authority accords with the authority granularity rule, if so, executing S305; if not, feeding back to the requester;
s305, reading the privacy protection rule, converting the data and feeding back the data to the requester.
Preferably, the privacy protection rules may be queried, added, edited, maintained and/or stored in terms, subsets, mappings and publications.
Preferably, the permission granularity rule can utilize a k-anonymization algorithm to carry out anonymization processing on the data.
According to the second aspect of the present invention, there is also provided a computer-readable storage medium, on which a computer program is stored, which, when executed, implements the API registration-based data privacy protection method described above.
According to a third aspect of the present invention, there is also provided an API registration based data privacy protection system, including a processor and a memory; the memory is configured to store a computer program, and the processor is configured to execute the computer program stored by the memory to cause the processor to perform the API registration based data privacy protection method as described above.
The technical scheme of the data privacy protection method and system based on the API registration has the following advantages or beneficial effects: the data privacy protection method based on the API registration carries out event registration on a registration platform according to people, events, time, places and objects, sets privacy granularity, role authority, agent identifiers and the like to carry out data processing and data privacy protection, further realizes role division on requesters with different identities, provides different control authorities for different roles and the like, and provides an effective data presentation effect while giving consideration to privacy.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without inventive efforts, wherein:
FIG. 1 is a schematic overall flow chart of a data privacy protection method based on an API registration form according to an embodiment of the present invention;
FIG. 2 is a system architecture diagram of a data privacy protection method based on API registration in an embodiment of the present invention;
FIG. 3 is a schematic diagram of event registration of a data privacy protection method based on an API registration form according to an embodiment of the present invention;
FIG. 4 is a flowchart illustrating the step S300 of the API registration-based data privacy protection method according to the embodiment of the present invention;
FIG. 5 is a schematic diagram illustrating event definition of a data privacy protection method based on API registration according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of time definition of a data privacy protection method based on an API registration type according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of participant registration of an API registration-based data privacy protection method according to an embodiment of the present invention;
FIG. 8 is a schematic diagram of event source registration of an API registration based data privacy protection method according to an embodiment of the present invention;
FIG. 9 is a schematic diagram of participant registration of an API registration based data privacy protection method according to an embodiment of the present invention;
FIG. 10a is a schematic diagram illustrating an encoding attribute definition of a data privacy protection method based on an API registration type according to an embodiment of the present invention;
FIG. 10b is a schematic diagram of an encoding attribute definition of the data privacy protection method based on the API registration type according to the embodiment of the present invention;
fig. 11 is a schematic diagram of an event format structure of the API registration based data privacy protection method according to the embodiment of the present invention.
Detailed Description
In order that the objects, aspects and advantages of the present invention will become more apparent, various exemplary embodiments will be described below with reference to the accompanying drawings, which form a part hereof, and in which are shown by way of illustration various exemplary embodiments in which the invention may be practiced, unless otherwise indicated, and in which like numerals in different drawings represent the same or similar elements. The implementations described in the exemplary embodiments below do not represent all implementations consistent with the present disclosure. It is to be understood that they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims, and that other embodiments may be used, or structural and functional modifications may be made to the embodiments set forth herein, without departing from the scope and spirit of the present disclosure. In other instances, detailed descriptions of well-known storage media, systems and methods are omitted so as not to obscure the description of the present invention with unnecessary detail.
In the description of the present invention, it is to be understood that the terms "first", "second" and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implying any number of technical features indicated. Thus, the features defined as "first" and "second" may explicitly or implicitly include one or more of the described features. In the description of the present invention, "a plurality" means two or more unless specifically defined otherwise. It should be noted that the terms "mounted," "connected," and "connected" are to be construed broadly unless otherwise specifically indicated and limited. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
The first embodiment is as follows:
the event registration service of the invention registers each behavior data through the gateway API, such as request parameters, server return parameters, the log of the gateway and the like, and converts the log format generated by the behavior into the event format according to the event format, so that the log format corresponds to the event format. When the actual event registration behavior occurs, the event registration obtains a log in the actual situation, then the log is written in by converting the registration behavior into an event format, and the whole event registration service is designed by converting each actual behavior after log tracking into the behavior of the event format. According to the data privacy protection method based on the API registration, event registration is carried out on a registration platform according to people, events, time, places and objects, privacy granularity, role authority, agent identifiers and the like are set for data processing and data privacy protection, role division is further achieved for requesters with different identities, different control authorities are provided for different roles, and the effective data presentation effect is provided while privacy is considered.
As shown in fig. 1, the present invention provides an embodiment of a data privacy protection method based on API registration, including the following steps:
s100, configuring privacy protection rules, wherein the privacy protection rules comprise resource permission rules, role authority rules and agent identifier rules; specifically, a corresponding privacy protection rule is configured for each registration event in the data source format; more specifically, the privacy protection rules can be defined according to actual requirements, for example, a hidden code rule can be set when a certain piece of data is not seen by others; alternatively, read-only rules, etc. may be set without being modified by others.
S200, registering and storing the registered events according to the event format, and matching each registered event with the corresponding privacy protection rule.
Specifically, the event format comprises an event definition, participants, an event time, an event source and participants; specifically, the event definition includes an event name, an event type, an operation type, an occurrence time, an occurrence result, and an event purpose; the participants comprise participant names, participant types, security role types, requester identities, agent identifiers, whether requesters, networks sent, policy plans, media types and usage purposes; the event source comprises an event occurrence place, a source identifier and a source type; the participant includes a participant name, a participant instance, a participant type (code), a role code, a life cycle code (code), a security identification, query parameters, and detailed information. A more detailed event format is shown in fig. 11 and table 1.
S300, according to the privacy protection rule, data request and feedback are carried out on the registration event.
Fig. 2 is a system architecture diagram, in which the event registration service registers each behavior data through the gateway API, for example, the behavior data includes request parameters, server return parameters, a log of the gateway, and the like, and converts a log format generated by a behavior into an event format according to a format of a registered event, so that the log format corresponds to the event format. When the actual behavior occurs, the event registration service obtains the log in the actual situation, and then the log is written in by converting the registration behavior into the event format, and the whole event registration service is designed by tracking the behavior of each actual behavior converted into the event format by the log. The event format is shown in fig. 11 and table 1.
Table 1 table of format structure of registration event
Specifically, an element number field '0..1' in the table indicates that the number of elements may be 0 or at most one; '0.' indicates that the number of elements may be 0 or may be plural; 1..1' indicates that the number of elements is 1 and only 1; '1.. Indicates that the number of elements is at least 1 or may be more.
Fig. 3 is a diagram showing event registration activities, where the event registration activity flow is on a registration GUI page, and can capture an external data source, then perform event registration according to people, events, time, places, and things, set privacy granularity, role authority, and agent identifier to further perform data privacy protection, and after the setting is completed, register the event as the above-mentioned event format for storage, and the event format structure is shown in fig. 11 and table 1.
In this embodiment, the S200 includes the following steps:
s210, determining a data source format of the registration event, wherein the data source format comprises a json format, a text format or an xml format; of course, other data source formats may be included, and are not specifically limited herein;
s220, registering and storing the registered event according to the event format according to different data source formats;
s230, matching the corresponding privacy protection rule for each registered event, especially refining to match the corresponding privacy protection rule for each data in the event format.
In the present embodiment, the specific event registration process/function is as shown in the GUI screens of fig. 5 to 9 for the registered event, and the setting of people, events, time, places, and objects is performed for the registered event. The GUI page of the registration event captures an external data source, such as data in JSON, TEXT, XML, and the like (certainly, the GUI page may also be in other data source formats, and is not specifically limited herein), after the data is parsed, the page displays a list, the list displays the data field and JSON-PATH corresponding to the JSON field, or takes a regular expression of the field value of TEXT, or a node name of XML, and the field of each registration event is filled in the PATH of the field after the parsing of the corresponding data source, or takes a regular expression or a node name of the field, and the like. Meanwhile, privacy granularity is set for each field, a drop-down box reads the privacy protection rule maintained in the intelligent coding system, then privacy granularity setting is carried out, and the privacy protection rule of the data is determined. Fig. 7 is a page that sets a role type (audio event identity) for each registration event, and a drop-down box reads the role type maintained in the intelligent coding system, assigns roles to requesters, associates the roles to an authority set, implements authorization of the requesters, and controls the authority of the requesters accessing related data from different organizations or departments and with different identities and purposes; and setting an agent identifier (audioevent identity) and reading the agent identifier maintained in the intelligent coding system by a drop-down box, setting the agent identifier for a requester, and associating the identifier to a black list and a white list for preventing the system from being attacked maliciously.
Specifically, the data source format of the registration event may be a json format, a text format, or an xml format, and the data displayed after the different data sources are analyzed may be different. As shown in fig. 5, if the data source format of the registration event is the Json format, after data parsing is performed, the list of the registration event may show each field and a PATH position corresponding to a Json-PATH field corresponding to each field. As shown in fig. 6, if the data source format of the registration event is the text format, after data parsing is performed, the list of the registration event may show each field and a regular expression corresponding to each field. As shown in fig. 7, if the data source format of the registration event is the xml format, after data parsing is performed, the list of the registration event may show each field and a node name corresponding to each field.
Specifically, the role division of the registration event, the field of the page role type of the requester identifier, and the field of the proxy identifier are respectively set corresponding to different DATA source formats, and may be selected from a DATA-PATH drop-down box. Namely: a page role type field and a proxy identifier field selectable in a DATA-PATH drop-down box for setting a role division of a registration event and a requester Identifier (ID); the role rights and identifier encoding are maintained in the intelligent encoding system as shown in fig. 10 (a, b).
Fig. 4 is a flowchart illustrating a back-reference control process, when a requester requests data through a gateway, the ID of the requester is checked according to the agent identifier (audioevent identity) field in fig. 6, if the requester is in a white list, the requester continues to request access, otherwise, the requester is intercepted; dividing the role of each registered event according to the role type (audio event identity) field in fig. 6, and judging whether the requester has the right to view data, if not, the requester cannot view data; if the data is the private data, whether the data is the private data or not is judged according to the permission granularity, if not, the data is returned to the requester, if the data is the private data, the privacy protection rule managed by the intelligent coding system is read, the data is processed according to the privacy protection rule, and the data is fed back to the requester, so that personalized data service is provided for the requesters with different roles when the requesters access the data through the gateway.
For example: the method is characterized in that a requester requests to view role authority rules of an intelligent coding system, the authority granularity of data is set as an anonymous protection technology, data can be processed anonymously by using a k-anonymization (k-anonymity) algorithm, sensitive data mainly replace and summarize role authority rule data by using asterisks (#), the requester can only view data for counting role authority rules, such as the number of the role authority rules, but can not view a single specific role authority rule data, and an effective data presentation effect can be provided while privacy is considered.
The privacy preserving rules can be queried, added, edited, maintained and stored according to value domain terms/terms, subsets, mappings and publications. More specifically, the intelligent coding system establishes an authority granularity rule (code), a role authority rule (code), an agent identifier (code) and the like, and a user can manage the authority granularity rule, the role authority rule and the agent identifier rule system according to the value domain terms/terms, subsets, mapping, issuing and the like, inquire required rule code information and can add, edit and maintain rule codes. As shown in fig. 10, the specific steps are as follows: (1) the method comprises the steps of (1) clicking new value domain term attribute definition, (2) inputting name, description and version number, (3) clicking data preview, and (4) clicking submitted and stored data, so that the user-defined permission granularity rule, role permission rule and proxy identifier rule can be realized.
As shown in fig. 4, in the present embodiment, the S300 includes the following steps:
s301, a requester sends a data request to a gateway;
s302, checking the ID of the requester, and judging whether the requester is in a white list or a black list; if the white list is included, executing S303; if the data request is in the blacklist, intercepting the data request and ending;
s303, requesting data and judging whether the authority exists; if yes, executing S304; if not, the data is not checked, and the process is finished;
s304, judging whether the authority accords with privacy granularity (the privacy granularity can also be called privacy rules, authority granularity rules and the like), if so, executing S305; if not, feeding back to the requester; specifically, the privacy granularity is another call of the privacy rule and the authority granularity rule; more specifically, the privacy granularity may be implemented by an algorithm, which may be a k-anonymization algorithm (of course, other algorithms may be used, and no specific limitation is made herein), that is, anonymizing the data by using the k-anonymization algorithm. For example: the privacy rule is a hidden code, which can be implemented by the algorithm, or by other algorithms. The privacy protection rules are various and the implemented algorithms are different, and therefore, the algorithm is only one means for implementing the privacy protection rules.
S305, reading the privacy protection rule, converting the data and feeding back the data to the requester.
The invention relates to a method for protecting data privacy based on an API registration mode, which is used for protecting the data privacy of a registration platform; the role division is realized for requesters with different identities, different authority control is provided for different roles, and the like, the requesters can check data within the rule limit according to the privacy protection rule, such as the number of role authority rules, and the like, but the requesters cannot check a single specific role authority rule data, so that the effective data presentation effect can be provided while the privacy is considered.
Example two:
it will be understood by those skilled in the art that all or part of the steps for implementing the above-described method embodiments may be performed by hardware associated with a computer program. The foregoing computer program may be stored in a computer-readable storage medium, where the computer program is stored, and when executed (e.g., by a processor), the computer program performs the steps of the foregoing API registration-based data privacy protection method embodiment, where the foregoing storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Example three:
the invention also provides a data privacy protection system based on the API registration type, which comprises a processor and a memory; specifically, the memory is configured to store a computer program, and the processor is configured to execute the computer program stored in the memory, so that the processor executes the steps of the embodiment of the API registration based data privacy protection method.
After reading the above description, it will be apparent to a person skilled in the art that various features described herein can be implemented by a method, a data processing apparatus or a computer program product. Accordingly, these features may be embodied in hardware, in software in their entirety, or in a combination of hardware and software. Furthermore, the above-described features may also be embodied in the form of a computer program product stored on one or more computer-readable storage media having computer-readable program code segments or instructions embodied in the storage medium. The readable storage medium is configured to store various types of data to support operations at the device. The readable storage medium may be implemented by any type of volatile or non-volatile storage device or combination thereof. Such as a static hard disk, a random access memory (SRAM), an electrically erasable programmable read-only memory (EEPROM), an erasable programmable read-only memory (EPROM), a programmable read-only memory (PROM), a read-only memory (ROM), an optical storage device, a magnetic storage device, a flash memory, a magnetic or optical disk, and/or combinations thereof.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted for elements thereof without departing from the spirit and scope of the invention. In addition, many modifications may be made to adapt a particular situation or material to the teachings of the invention without departing from the essential scope thereof. Therefore, it is intended that the invention not be limited to the particular embodiment disclosed, but that the invention will include all embodiments falling within the scope of the appended claims.
Claims (10)
1. A data privacy protection method based on API registration is characterized in that intelligent data protection equipment is adopted for service registration, authority control and log writing, and the method comprises the following steps:
s100, configuring privacy protection rules, wherein the privacy protection rules comprise resource permission rules, role authority rules and agent identifier rules;
s200, registering and storing the registered events according to an event format, and matching each registered event with the corresponding privacy protection rule; registering the registration event on a GUI page, including: capturing a data source, registering events according to pedestrians, events, time, places and objects, filling a path or a regular expression or a node name of a field analyzed by the corresponding data source into a field of each registered event, setting the privacy protection rule for the field of each registered event, and setting a role type for each registered event;
s300, according to the privacy protection rule, data request and feedback are carried out on the registration event.
2. The API-registration-based data privacy protection method of claim 1, wherein the event format comprises an event definition, a participant, an event time, an event source, and a participant; the event definition comprises an event name, an event type, an operation type, occurrence time, an occurrence result and an event purpose; the participants comprise participant names, participant types, security role types, requester identities, agent identifiers, whether the participants are requesters, networks sent, policy plans, media types and usage purposes; the event source comprises an event occurrence place, a source identifier and a source type; the participant includes a participant name, a participant instance, a participant type, a role code, a life cycle code, a security identification, query parameters, and detailed information.
3. The API-registration-based data privacy protection method of claim 2, wherein the S200 comprises the steps of:
s210, determining a data source format of the registration event, wherein the data source format comprises a json format, a text format or an xml format;
s220, registering and storing the registration event according to the event format according to different data source formats;
s230, matching each registered event with the corresponding privacy protection rule, and refining each item of data in the event format to match the corresponding privacy protection rule.
4. The API registration-based data privacy protection method of claim 3, wherein if the data source format of the registration event is the JSON format, after data parsing is performed, the list of the registration event displays each field and a PATH position corresponding to a JSON-PATH field corresponding to each field;
if the data source format of the registration event is the text format, after data analysis is carried out, each field and a regular expression corresponding to each field are displayed in the list of the registration event;
if the data source format of the registration event is the xml format, after data analysis is performed, each field and the node name corresponding to each field are displayed in the list of the registration event.
5. The API registration-based data privacy protection method of claim 4, wherein the role division of the registration event, the field of the page role type of the requester id, and the field of the proxy id are set for different data source formats.
6. The API registered type-based data privacy protection method according to claim 2, wherein the S300 comprises the steps of:
s301, the requester sends the data request to the gateway;
s302, checking the ID of the requester, and judging whether the requester is in a white list or a black list; if the white list is included, executing S303; if the data request is in the blacklist, intercepting the data request and ending;
s303, requesting data and judging whether the authority exists; if yes, executing S304; if not, the data is not checked, and the process is finished;
s304, judging whether the authority accords with the authority granularity rule, if so, executing S305; if not, feeding back to the requester;
s305, reading the privacy protection rule, converting the data and feeding back the data to the requester.
7. The API registration-based data privacy protection method of claim 6, wherein the privacy protection rules can be queried, added, edited, maintained and/or stored according to terms, subsets, mappings and releases.
8. The API registration-based data privacy protection method of claim 6, wherein the permission granularity rule is operable to anonymize the data using a k-anonymization algorithm.
9. A computer-readable storage medium, having stored thereon a computer program which, when executed, implements the API registration-based data privacy protection method of any one of claims 1-8.
10. A data privacy protection system based on API registration is characterized by comprising a processor and a memory;
the memory is configured to store a computer program and the processor is configured to execute the computer program stored by the memory to cause the processor to perform the API registration-based data privacy protection method of any one of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111678814.7A CN114218608B (en) | 2021-12-31 | 2021-12-31 | API registration type-based data privacy protection method, storage medium and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111678814.7A CN114218608B (en) | 2021-12-31 | 2021-12-31 | API registration type-based data privacy protection method, storage medium and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114218608A CN114218608A (en) | 2022-03-22 |
| CN114218608B true CN114218608B (en) | 2023-02-14 |
Family
ID=80707542
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111678814.7A Active CN114218608B (en) | 2021-12-31 | 2021-12-31 | API registration type-based data privacy protection method, storage medium and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114218608B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA2250608A1 (en) * | 1997-10-31 | 1999-04-30 | Sun Microsystems, Inc. | Distributed system and method for controlling access control to network resources and event notifications |
| US8346807B1 (en) * | 2004-12-15 | 2013-01-01 | Nvidia Corporation | Method and system for registering and activating content |
| CN111597584A (en) * | 2020-05-26 | 2020-08-28 | 牛津(海南)区块链研究院有限公司 | Privacy protection and data sharing method, device and equipment based on block chain |
| CN112653618A (en) * | 2020-12-07 | 2021-04-13 | 深圳市远行科技股份有限公司 | Gateway registration method and device of micro-service application API endpoint |
| CN113010919A (en) * | 2021-03-22 | 2021-06-22 | 北京神州数字科技有限公司 | Protection method for sensitive data and private data |
| CN113055359A (en) * | 2021-02-25 | 2021-06-29 | 国网信息通信产业集团有限公司 | IPv6 domain name data privacy protection method based on block chain and related equipment |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102075937B (en) * | 2011-01-06 | 2013-04-03 | 西安电子科技大学 | Method for realizing mobile node identity anonymity during mobile internet protocol (IP) registration |
| WO2016042359A1 (en) * | 2014-09-16 | 2016-03-24 | Nokia Technologies Oy | Method and apparatus for anonymous access and control of a service node |
| WO2016081715A1 (en) * | 2014-11-19 | 2016-05-26 | rocket-fueled, Inc. | Systems and methods for maintaining user privacy and security over a compouter network and/or within a related database |
| CN113612803B (en) * | 2021-10-08 | 2021-12-31 | 国网电子商务有限公司 | Data privacy protection method and device, storage medium and electronic equipment |
-
2021
- 2021-12-31 CN CN202111678814.7A patent/CN114218608B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA2250608A1 (en) * | 1997-10-31 | 1999-04-30 | Sun Microsystems, Inc. | Distributed system and method for controlling access control to network resources and event notifications |
| US8346807B1 (en) * | 2004-12-15 | 2013-01-01 | Nvidia Corporation | Method and system for registering and activating content |
| CN111597584A (en) * | 2020-05-26 | 2020-08-28 | 牛津(海南)区块链研究院有限公司 | Privacy protection and data sharing method, device and equipment based on block chain |
| CN112653618A (en) * | 2020-12-07 | 2021-04-13 | 深圳市远行科技股份有限公司 | Gateway registration method and device of micro-service application API endpoint |
| CN113055359A (en) * | 2021-02-25 | 2021-06-29 | 国网信息通信产业集团有限公司 | IPv6 domain name data privacy protection method based on block chain and related equipment |
| CN113010919A (en) * | 2021-03-22 | 2021-06-22 | 北京神州数字科技有限公司 | Protection method for sensitive data and private data |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114218608A (en) | 2022-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8572023B2 (en) | Data services framework workflow processing | |
| US10614248B2 (en) | Privacy preserving cross-organizational data sharing with anonymization filters | |
| US20170154188A1 (en) | Context-sensitive copy and paste block | |
| US7890530B2 (en) | Method and system for controlling access to data via a data-centric security model | |
| US11126743B2 (en) | Sensitive data service access | |
| CN114611140A (en) | Dynamic management of data with context-based processing | |
| EP2521066A1 (en) | Fine-grained relational database access-control policy enforcement using reverse queries | |
| US20210286890A1 (en) | Systems and methods for dynamically applying information rights management policies to documents | |
| US11366912B2 (en) | Context-aware consent management | |
| JP2006503344A (en) | Method and system for protecting data from unauthorized disclosure | |
| JP2012009027A (en) | Generation of policy using dynamic access control | |
| WO2022012669A1 (en) | Data access method and device, and storage medium and electronic device | |
| US11258826B2 (en) | Policy separation | |
| EP3196798A1 (en) | Context-sensitive copy and paste block | |
| US11750619B2 (en) | Modify assigned privilege levels and limit access to resources | |
| CN111464487A (en) | Access control method, device and system | |
| US20210007012A1 (en) | Method and apparatus for handling sensitive data in machine to machine system | |
| CN114218608B (en) | API registration type-based data privacy protection method, storage medium and system | |
| US11936655B2 (en) | Identification of permutations of permission groups having lowest scores | |
| US8601551B2 (en) | System and method for a business data provisioning for a pre-emptive security audit | |
| CN108304731B (en) | Method and system for managing enterprise data call and information processing platform | |
| US11797702B2 (en) | Access control rights assignment capabilities utilizing a new context-based hierarchy of data based on new forms of metadata | |
| US20120216240A1 (en) | Providing data security through declarative modeling of queries | |
| CN113220762A (en) | Method, device, processor and storage medium for realizing general record processing of key service field change in big data application | |
| US9811669B1 (en) | Method and apparatus for privacy audit support via provenance-aware systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 518000 1303, Dashi building, No. 28, Keji South 1st Road, high tech Zone, Yuehai street, Nanshan District, Shenzhen, Guangdong Applicant after: Shenzhen Dashi Qiyun Health Technology Co.,Ltd. Address before: 518000 1303, Dashi building, No. 28, Keji South 1st Road, high tech Zone, Yuehai street, Nanshan District, Shenzhen, Guangdong Applicant before: Shenzhen Dashi Qiyun Intelligent Medical Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Data privacy protection methods, storage media, and systems based on API registration Effective date of registration: 20230728 Granted publication date: 20230214 Pledgee: Bank of Communications Limited Shenzhen Branch Pledgor: Shenzhen Dashi Qiyun Health Technology Co.,Ltd. Registration number: Y2023980050279 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |