CN114254390A - Sensitive data desensitization processing method and device - Google Patents
Sensitive data desensitization processing method and device Download PDFInfo
- Publication number
- CN114254390A CN114254390A CN202111590717.2A CN202111590717A CN114254390A CN 114254390 A CN114254390 A CN 114254390A CN 202111590717 A CN202111590717 A CN 202111590717A CN 114254390 A CN114254390 A CN 114254390A
- Authority
- CN
- China
- Prior art keywords
- sensitive data
- encrypted
- desensitization processing
- server
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000586 desensitisation Methods 0.000 title claims abstract description 73
- 238000003672 processing method Methods 0.000 title claims abstract description 28
- 238000012545 processing Methods 0.000 claims abstract description 40
- 238000000034 method Methods 0.000 claims abstract description 21
- 238000004590 computer program Methods 0.000 claims description 15
- 230000009471 action Effects 0.000 claims description 4
- 230000001960 triggered effect Effects 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 abstract description 7
- 238000010586 diagram Methods 0.000 description 12
- 230000006870 function Effects 0.000 description 5
- 239000000463 material Substances 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 239000000969 carrier Substances 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a sensitive data desensitization processing method and device, relates to the technical field of data security, and can be used in the financial field or other technical fields. The method comprises the following steps: acquiring a sensitive data identifier for distinguishing sensitive data, and separating the sensitive data according to the sensitive data identifier; encrypting the sensitive data and sending the encrypted sensitive data to a server; and if the encrypted sensitive data returned by the server are received, decrypting the encrypted sensitive data and desensitizing the decrypted sensitive data. The device performs the above method. The desensitization processing method and the desensitization processing device for the sensitive data provided by the embodiment of the invention not only can further improve the safety of the desensitization data in the data transmission process and ensure the data safety, but also can save the labor cost and the time cost by performing desensitization processing on the separated sensitive data which are independent from each other at the client.
Description
Technical Field
The invention relates to the technical field of data security, in particular to a sensitive data desensitization processing method and device.
Background
With the development of internet technology, higher requirements are put on user data security, and sensitive data desensitization gradually becomes a normal state. In the prior art, desensitization data interaction is realized between a server and a client, transmitted data is plaintext transmission, the security is to be further improved, the nesting relationship between sensitive data is complex, desensitization processing on the sensitive data with complex nesting relationship can be realized only by using a very complex desensitization algorithm when desensitization is performed on the server, and annotation, enumeration and the like are required by using manpower, so that the labor cost and the time cost are high.
Disclosure of Invention
In view of the problems in the prior art, embodiments of the present invention provide a method and an apparatus for desensitizing sensitive data, which can at least partially solve the problems in the prior art.
On one hand, the invention provides a sensitive data desensitization processing method, which comprises the following steps:
acquiring a sensitive data identifier for distinguishing sensitive data, and separating the sensitive data according to the sensitive data identifier;
encrypting the sensitive data and sending the encrypted sensitive data to a server; wherein, the encryption mode and the encryption key used for encryption are deployed in the server in advance;
and if the encrypted sensitive data returned after passing the validity check after the server decrypts the encrypted sensitive data according to the encryption mode and the encryption key and receives the encrypted sensitive data, decrypting the encrypted sensitive data and desensitizing the decrypted sensitive data.
Wherein the decrypting the encrypted sensitive data comprises:
and acquiring an encryption mode and an encryption key which are adopted when the sensitive data are encrypted, and decrypting the encrypted sensitive data according to the encryption mode and the encryption key.
Wherein, the desensitizing treatment of the decrypted sensitive data comprises:
and acquiring data capable of reflecting the user personalized private information in the decrypted sensitive data, and desensitizing the data capable of reflecting the user personalized private information.
After the step of decrypting the encrypted sensitive data and performing desensitization processing, the sensitive data desensitization processing method further includes:
and displaying the desensitized sensitive data locally, if a trigger action for viewing complete information triggered by the desensitized sensitive data is detected, performing desensitization relieving treatment on the desensitized sensitive data, and displaying the desensitized sensitive data locally.
The sensitive data desensitization processing method further comprises the following steps:
and if an error message returned after the server decrypts the encrypted sensitive data according to the encryption mode and the encryption key and the validity check fails is received, generating a prompt message for prompting the client user to re-edit the sensitive information according to the error message.
After the step of encrypting the sensitive data and before the step of sending the encrypted sensitive data to the server, the sensitive data desensitization processing method further includes:
the encrypted sensitive data is stored locally.
In one aspect, the present invention provides a sensitive data desensitization processing apparatus, including:
the device comprises an acquisition unit, a judgment unit and a processing unit, wherein the acquisition unit is used for acquiring a sensitive data identifier for distinguishing sensitive data and separating the sensitive data according to the sensitive data identifier;
the encryption unit is used for encrypting the sensitive data and sending the encrypted sensitive data to the server; wherein, the encryption mode and the encryption key used for encryption are deployed in the server in advance;
and the desensitization processing unit is used for decrypting the encrypted sensitive data and desensitizing the decrypted sensitive data if the encrypted sensitive data returned by the server after passing the validity check is received and decrypted according to the encryption mode and the encryption key.
Wherein the desensitization processing unit is specifically configured to:
and acquiring an encryption mode and an encryption key which are adopted when the sensitive data are encrypted, and decrypting the encrypted sensitive data according to the encryption mode and the encryption key.
In another aspect, an embodiment of the present invention provides an electronic device, including: a processor, a memory, and a bus, wherein,
the processor and the memory are communicated with each other through the bus;
the memory stores program instructions executable by the processor, the processor invoking the program instructions to perform a method comprising:
acquiring a sensitive data identifier for distinguishing sensitive data, and separating the sensitive data according to the sensitive data identifier;
encrypting the sensitive data and sending the encrypted sensitive data to a server; wherein, the encryption mode and the encryption key used for encryption are deployed in the server in advance;
and if the encrypted sensitive data returned after passing the validity check after the server decrypts the encrypted sensitive data according to the encryption mode and the encryption key and receives the encrypted sensitive data, decrypting the encrypted sensitive data and desensitizing the decrypted sensitive data.
An embodiment of the present invention provides a non-transitory computer-readable storage medium, including:
the non-transitory computer readable storage medium stores computer instructions that cause the computer to perform a method comprising:
acquiring a sensitive data identifier for distinguishing sensitive data, and separating the sensitive data according to the sensitive data identifier;
encrypting the sensitive data and sending the encrypted sensitive data to a server; wherein, the encryption mode and the encryption key used for encryption are deployed in the server in advance;
and if the encrypted sensitive data returned after passing the validity check after the server decrypts the encrypted sensitive data according to the encryption mode and the encryption key and receives the encrypted sensitive data, decrypting the encrypted sensitive data and desensitizing the decrypted sensitive data.
The sensitive data desensitization processing method and the device provided by the embodiment of the invention are used for acquiring sensitive data identifications used for distinguishing sensitive data and separating the sensitive data according to the sensitive data identifications; encrypting the sensitive data and sending the encrypted sensitive data to a server; if the encrypted sensitive data returned by the server after the encrypted sensitive data is decrypted according to the encryption mode and the encryption key and the validity check is passed are received, the encrypted sensitive data is decrypted and desensitization processing is carried out on the decrypted sensitive data, so that the safety of the desensitization data in the data transmission process can be further improved, the data safety is ensured, and the desensitization processing is carried out on the separated sensitive data which are independent of each other at the client side, so that the labor cost and the time cost are saved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts. In the drawings:
fig. 1 is a schematic flow chart of a sensitive data desensitization processing method according to an embodiment of the present invention.
Fig. 2 is a schematic flow chart of a desensitization processing method for sensitive data according to another embodiment of the present invention.
Fig. 3 is a schematic flow chart of a desensitization processing method for sensitive data according to another embodiment of the present invention.
Fig. 4 is a schematic structural diagram of a sensitive data desensitization processing apparatus according to an embodiment of the present invention.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention are further described in detail below with reference to the accompanying drawings. The exemplary embodiments and descriptions of the present invention are provided to explain the present invention, but not to limit the present invention. It should be noted that the embodiments and features of the embodiments in the present application may be arbitrarily combined with each other without conflict.
Fig. 1 is a schematic flow chart of a sensitive data desensitization processing method according to an embodiment of the present invention, and as shown in fig. 1, the sensitive data desensitization processing method according to the embodiment of the present invention includes:
step S1: and acquiring a sensitive data identifier for distinguishing sensitive data, and separating the sensitive data according to the sensitive data identifier.
Step S2: encrypting the sensitive data and sending the encrypted sensitive data to a server; wherein, the encryption mode and the encryption key used for encryption are pre-deployed in the server.
Step S3: and if the encrypted sensitive data returned after passing the validity check after the server decrypts the encrypted sensitive data according to the encryption mode and the encryption key and receives the encrypted sensitive data, decrypting the encrypted sensitive data and desensitizing the decrypted sensitive data.
In the above step S1, the apparatus obtains the sensitive data identifier for distinguishing the sensitive data, and separates the sensitive data according to the sensitive data identifier. The apparatus may be a computer device for executing the method, and may include a client, specifically, a mobile phone or a tablet computer, for example. It should be noted that the acquisition and analysis of the sensitive data related to the user privacy of the embodiment of the present invention are authorized by the user. The sensitive data identification may include a sensitive data name, etc., such as an identification card, a cell phone, and a bank card. Sensitive data may include data relating to user privacy, such as identification numbers, cell phone numbers, bank card numbers, and the like. The identity card, the mobile phone and the bank card can distinguish whether the sensitive data is the identity card number, the mobile phone number or the bank card number.
Because the sensitive data are usually stored in the data form, the sensitive data in the data form can have correlation relationships such as mutual nesting, and the like, the sensitive data required by the embodiment of the invention are mutually independent and do not contain correlation relationships such as mutual nesting and the like. Namely, a string of numbers corresponding to the identity card, a string of numbers corresponding to the mobile phone and a string of numbers corresponding to the bank card are independent of each other and do not contain any association relationship, so that desensitization processing can be respectively realized on the independent sensitive data only by a simple desensitization method at the client.
It is to be understood that separating out sensitive data according to the sensitive data identification may include: and separating the sensitive data from the data form according to the sensitive data identification. The subsequent sensitive data in the embodiment of the invention are mutually independent and separated sensitive data.
In the step S2, the device encrypts the sensitive data and sends the encrypted sensitive data to the server; wherein, the encryption mode and the encryption key used for encryption are pre-deployed in the server. The encryption mode and the encryption key adopted by encryption are deployed in the server in advance, so that the server can conveniently decrypt the encrypted sensitive data.
Taking the example of the sensitive data as the mobile phone number, the sensitive data refers to the complete information of the mobile phone number, namely the mobile phone number consisting of 11 digits, and does not include any desensitization processing.
And encrypting the mobile phone number consisting of 11 digits to obtain the encrypted sensitive data 2c325c28e801a57062c383185ccaa 711. And sending the encrypted sensitive data to a server, wherein in the data transmission process, ciphertext is transmitted instead of desensitized sensitive data, for example, desensitized sensitive data 135 × 7852 not corresponding to the mobile phone number composed of 11-bit numbers.
It can be understood that the security of the encrypted sensitive data is higher than that of the desensitized sensitive data, and the encrypted sensitive data cannot be decoded even if being hijacked.
After the step of encrypting the sensitive data and before the step of sending the encrypted sensitive data to the server, the sensitive data desensitization processing method further includes:
the encrypted sensitive data is stored locally. Referring to the above example, the storage and data transmission processes are encrypted sensitive data, so that the security of the sensitive data is greatly improved.
In step S3, if the device receives the encrypted sensitive data returned by the server after decrypting the encrypted sensitive data according to the encryption mode and the encryption key and passing the validity check, the device decrypts the encrypted sensitive data and desensitizes the decrypted sensitive data. As shown in fig. 2, the server in fig. 2 corresponds to the server, and the server decrypts the encrypted sensitive data, and performs validity check, that is, checks whether the information is correctly filled, if the information is correctly filled, the validity check is passed, and if the information is incorrectly filled, the validity check is not passed.
And if the validity check is passed, the encrypted sensitive data is subjected to database storage, namely, the encrypted sensitive data is stored in a database in the server. As shown in fig. 3, the server returns the encrypted sensitive data to the client. And decrypting the encrypted sensitive data by the client and desensitizing the decrypted sensitive data.
Further, the sensitive data desensitization processing method further comprises the following steps:
and if an error message returned after the server decrypts the encrypted sensitive data according to the encryption mode and the encryption key and the validity check fails is received, generating a prompt message for prompting the client user to re-edit the sensitive information according to the error message. As shown in fig. 2, if the validity check fails, the server returns an error message to the client, and the client generates a prompt message prompting the client user to edit the sensitive information again according to the error message, further, the error message may carry an error type, such as a mobile phone number operator sector digit error, or a mobile phone number digit error, so as to facilitate quick location of the prompt message in the form of a misplaced type. The client user re-edits the sensitive information, i.e. the sensitive information is filled in corresponding fig. 2.
Further, the decrypting the encrypted sensitive data includes:
and acquiring an encryption mode and an encryption key which are adopted when the sensitive data are encrypted, and decrypting the encrypted sensitive data according to the encryption mode and the encryption key. The encryption mode and the encryption key used for encryption can be stored locally at the client in advance, and the encryption mode and the encryption key used for encrypting the sensitive data can be obtained locally at the client.
Further, the desensitizing the decrypted sensitive data includes:
and acquiring data capable of reflecting the user personalized private information in the decrypted sensitive data, and desensitizing the data capable of reflecting the user personalized private information.
Referring to the above-mentioned mobile phone number consisting of 11 digits: the first 3 bits, i.e. the network identification number (belonging to a certain operator); for example, in a telephone number, the mobile, internet and telecommunications carriers have their own network identification number, and looking at the first 3 digits of the mobile phone number can roughly identify which carrier the number is.
Bits 4-7, namely, region code (the home is a city); representing the region number, each city, district and town has a different region number.
Bits 8-11, i.e., the user number (randomly assigned). These digital variables are also large and irregular.
It can be understood that the data capable of reflecting the personalized private information of the user is the 4 th-7 th mobile phone number, and the data capable of reflecting the personalized private information of the user is desensitized, that is, 135 × 7852 can be obtained.
Further, after the step of decrypting the encrypted sensitive data and performing desensitization processing, the sensitive data desensitization processing method further includes:
and displaying the desensitized sensitive data locally, if a trigger action for viewing complete information triggered by the desensitized sensitive data is detected, performing desensitization relieving treatment on the desensitized sensitive data, and displaying the desensitized sensitive data locally. Referring to the above example, in the local display 135 × × 7852, the triggered trigger action of viewing the complete information may be implemented by the client user clicking a button corresponding to the view complete information, and the desensitization processing is removed to obtain the mobile phone number composed of 11 digits.
The sensitive data desensitization processing method provided by the embodiment of the invention obtains the sensitive data identification for distinguishing the sensitive data, and separates the sensitive data according to the sensitive data identification; encrypting the sensitive data and sending the encrypted sensitive data to a server; if the encrypted sensitive data returned by the server after the encrypted sensitive data is decrypted according to the encryption mode and the encryption key and the validity check is passed are received, the encrypted sensitive data is decrypted and desensitization processing is carried out on the decrypted sensitive data, so that the safety of the desensitization data in the data transmission process can be further improved, the data safety is ensured, and the desensitization processing is carried out on the separated sensitive data which are independent of each other at the client side, so that the labor cost and the time cost are saved.
It should be noted that the sensitive data desensitization processing method provided by the embodiment of the present invention may be used in the financial field, and may also be used in any technical field other than the financial field.
Fig. 4 is a schematic structural diagram of a sensitive data desensitization processing apparatus according to an embodiment of the present invention, and as shown in fig. 4, the sensitive data desensitization processing apparatus according to the embodiment of the present invention includes an obtaining unit 401, an encrypting unit 402, and a desensitization processing unit 403, where:
the acquiring unit 401 is configured to acquire a sensitive data identifier for distinguishing sensitive data, and separate the sensitive data according to the sensitive data identifier; the encryption unit 402 is configured to encrypt the sensitive data and send the encrypted sensitive data to the server; wherein, the encryption mode and the encryption key used for encryption are deployed in the server in advance; the desensitization processing unit 403 is configured to, if the encrypted sensitive data returned by the server after passing the validity check and decrypting the encrypted sensitive data according to the encryption mode and the encryption key are received, decrypt the encrypted sensitive data, and perform desensitization processing on the decrypted sensitive data.
Specifically, an obtaining unit 401 in the device is configured to obtain a sensitive data identifier for distinguishing sensitive data, and separate the sensitive data according to the sensitive data identifier; the encryption unit 402 is configured to encrypt the sensitive data and send the encrypted sensitive data to the server; wherein, the encryption mode and the encryption key used for encryption are deployed in the server in advance; the desensitization processing unit 403 is configured to, if the encrypted sensitive data returned by the server after passing the validity check and decrypting the encrypted sensitive data according to the encryption mode and the encryption key are received, decrypt the encrypted sensitive data, and perform desensitization processing on the decrypted sensitive data.
The sensitive data desensitization processing device provided by the embodiment of the invention obtains the sensitive data identification for distinguishing the sensitive data, and separates the sensitive data according to the sensitive data identification; encrypting the sensitive data and sending the encrypted sensitive data to a server; if the encrypted sensitive data returned by the server after the encrypted sensitive data is decrypted according to the encryption mode and the encryption key and the validity check is passed are received, the encrypted sensitive data is decrypted and desensitization processing is carried out on the decrypted sensitive data, so that the safety of the desensitization data in the data transmission process can be further improved, the data safety is ensured, and the desensitization processing is carried out on the separated sensitive data which are independent of each other at the client side, so that the labor cost and the time cost are saved.
The desensitization processing unit 403 is specifically configured to:
and acquiring an encryption mode and an encryption key which are adopted when the sensitive data are encrypted, and decrypting the encrypted sensitive data according to the encryption mode and the encryption key.
The embodiment of the sensitive data desensitization processing apparatus provided in the embodiment of the present invention may be specifically used to execute the processing flows of the above method embodiments, and the functions of the apparatus are not described herein again, and reference may be made to the detailed description of the above method embodiments.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 5, the electronic device includes: a processor (processor)501, a memory (memory)502, and a bus 503;
the processor 501 and the memory 502 complete communication with each other through a bus 503;
the processor 501 is configured to call program instructions in the memory 502 to perform the methods provided by the above-mentioned method embodiments, for example, including:
acquiring a sensitive data identifier for distinguishing sensitive data, and separating the sensitive data according to the sensitive data identifier; encrypting the sensitive data and sending the encrypted sensitive data to a server; wherein, the encryption mode and the encryption key used for encryption are deployed in the server in advance; and if the encrypted sensitive data returned after passing the validity check after the server decrypts the encrypted sensitive data according to the encryption mode and the encryption key and receives the encrypted sensitive data, decrypting the encrypted sensitive data and desensitizing the decrypted sensitive data.
The present embodiment discloses a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the method provided by the above-mentioned method embodiments, for example, comprising:
acquiring a sensitive data identifier for distinguishing sensitive data, and separating the sensitive data according to the sensitive data identifier; encrypting the sensitive data and sending the encrypted sensitive data to a server; wherein, the encryption mode and the encryption key used for encryption are deployed in the server in advance; and if the encrypted sensitive data returned after passing the validity check after the server decrypts the encrypted sensitive data according to the encryption mode and the encryption key and receives the encrypted sensitive data, decrypting the encrypted sensitive data and desensitizing the decrypted sensitive data.
The present embodiment provides a computer-readable storage medium, which stores a computer program, where the computer program causes the computer to execute the method provided by the above method embodiments, for example, the method includes:
acquiring a sensitive data identifier for distinguishing sensitive data, and separating the sensitive data according to the sensitive data identifier; encrypting the sensitive data and sending the encrypted sensitive data to a server; wherein, the encryption mode and the encryption key used for encryption are deployed in the server in advance; and if the encrypted sensitive data returned after passing the validity check after the server decrypts the encrypted sensitive data according to the encryption mode and the encryption key and receives the encrypted sensitive data, decrypting the encrypted sensitive data and desensitizing the decrypted sensitive data.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In the description herein, reference to the description of the terms "one embodiment," "a particular embodiment," "some embodiments," "for example," "an example," "a particular example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (10)
1. A sensitive data desensitization processing method, comprising:
acquiring a sensitive data identifier for distinguishing sensitive data, and separating the sensitive data according to the sensitive data identifier;
encrypting the sensitive data and sending the encrypted sensitive data to a server; wherein, the encryption mode and the encryption key used for encryption are deployed in the server in advance;
and if the encrypted sensitive data returned after passing the validity check after the server decrypts the encrypted sensitive data according to the encryption mode and the encryption key and receives the encrypted sensitive data, decrypting the encrypted sensitive data and desensitizing the decrypted sensitive data.
2. The sensitive data desensitization processing method according to claim 1, wherein said decrypting the encrypted sensitive data includes:
and acquiring an encryption mode and an encryption key which are adopted when the sensitive data are encrypted, and decrypting the encrypted sensitive data according to the encryption mode and the encryption key.
3. The sensitive data desensitization processing method according to claim 2, wherein said desensitizing the decrypted sensitive data includes:
and acquiring data capable of reflecting the user personalized private information in the decrypted sensitive data, and desensitizing the data capable of reflecting the user personalized private information.
4. The sensitive data desensitization processing method according to any one of claims 1 to 3, wherein after said step of decrypting the encrypted sensitive data and performing desensitization processing, the sensitive data desensitization processing method further comprises:
and displaying the desensitized sensitive data locally, if a trigger action for viewing complete information triggered by the desensitized sensitive data is detected, performing desensitization relieving treatment on the desensitized sensitive data, and displaying the desensitized sensitive data locally.
5. The sensitive data desensitization processing method according to any of claims 1 to 3, characterized in that it further comprises:
and if an error message returned after the server decrypts the encrypted sensitive data according to the encryption mode and the encryption key and the validity check fails is received, generating a prompt message for prompting the client user to re-edit the sensitive information according to the error message.
6. The sensitive data desensitization processing method according to any one of claims 1 to 3, wherein after said step of encrypting the sensitive data and before said step of sending the encrypted sensitive data to the server, the sensitive data desensitization processing method further comprises:
the encrypted sensitive data is stored locally.
7. A sensitive data desensitization processing apparatus, comprising:
the device comprises an acquisition unit, a judgment unit and a processing unit, wherein the acquisition unit is used for acquiring a sensitive data identifier for distinguishing sensitive data and separating the sensitive data according to the sensitive data identifier;
the encryption unit is used for encrypting the sensitive data and sending the encrypted sensitive data to the server; wherein, the encryption mode and the encryption key used for encryption are deployed in the server in advance;
and the desensitization processing unit is used for decrypting the encrypted sensitive data and desensitizing the decrypted sensitive data if the encrypted sensitive data returned by the server after passing the validity check is received and decrypted according to the encryption mode and the encryption key.
8. The sensitive data desensitization processing apparatus according to claim 7, wherein said desensitization processing unit is specifically configured to:
and acquiring an encryption mode and an encryption key which are adopted when the sensitive data are encrypted, and decrypting the encrypted sensitive data according to the encryption mode and the encryption key.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of the method of any of claims 1 to 6 are implemented when the computer program is executed by the processor.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111590717.2A CN114254390A (en) | 2021-12-23 | 2021-12-23 | Sensitive data desensitization processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111590717.2A CN114254390A (en) | 2021-12-23 | 2021-12-23 | Sensitive data desensitization processing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114254390A true CN114254390A (en) | 2022-03-29 |
Family
ID=80797226
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111590717.2A Pending CN114254390A (en) | 2021-12-23 | 2021-12-23 | Sensitive data desensitization processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114254390A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114826729A (en) * | 2022-04-22 | 2022-07-29 | 马上消费金融股份有限公司 | Data processing method, page updating method and related hardware |
| CN116933287A (en) * | 2023-07-28 | 2023-10-24 | 南京维拓科技股份有限公司 | Method for desensitizing and encrypting sensitive information in industrial software |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106302328A (en) * | 2015-05-20 | 2017-01-04 | 腾讯科技(深圳)有限公司 | Sensitive user data processing system and method |
| CN108289095A (en) * | 2018-01-02 | 2018-07-17 | 诚壹泰合(北京)科技有限公司 | A kind of sensitive data storage method, apparatus and system |
| CN111104691A (en) * | 2019-11-28 | 2020-05-05 | 贝壳技术有限公司 | Sensitive information processing method and device, storage medium and equipment |
-
2021
- 2021-12-23 CN CN202111590717.2A patent/CN114254390A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106302328A (en) * | 2015-05-20 | 2017-01-04 | 腾讯科技(深圳)有限公司 | Sensitive user data processing system and method |
| CN108289095A (en) * | 2018-01-02 | 2018-07-17 | 诚壹泰合(北京)科技有限公司 | A kind of sensitive data storage method, apparatus and system |
| CN111104691A (en) * | 2019-11-28 | 2020-05-05 | 贝壳技术有限公司 | Sensitive information processing method and device, storage medium and equipment |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114826729A (en) * | 2022-04-22 | 2022-07-29 | 马上消费金融股份有限公司 | Data processing method, page updating method and related hardware |
| CN114826729B (en) * | 2022-04-22 | 2024-05-28 | 马上消费金融股份有限公司 | Data processing method, page updating method and related hardware |
| CN116933287A (en) * | 2023-07-28 | 2023-10-24 | 南京维拓科技股份有限公司 | Method for desensitizing and encrypting sensitive information in industrial software |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110688662A (en) | Sensitive data desensitization and inverse desensitization method and electronic equipment | |
| CN110661748B (en) | Log encryption method, log decryption method and log encryption device | |
| CN106487659B (en) | Information encryption method, information encryption device and terminal | |
| CN114254390A (en) | Sensitive data desensitization processing method and device | |
| CN111385084A (en) | Key management method and device for digital assets and computer readable storage medium | |
| CN111131416A (en) | Business service providing method and device, storage medium and electronic device | |
| CN107040520B (en) | Cloud computing data sharing system and method | |
| CN111628863B (en) | Data signature method and device, electronic equipment and storage medium | |
| CN114499875A (en) | Service data processing method and device, computer equipment and storage medium | |
| CN107729760B (en) | CSP implementation method based on Android system and intelligent terminal | |
| CN112231309A (en) | Method, device, terminal equipment and medium for removing duplicate of longitudinal federal data statistics | |
| CN113609147B (en) | Data sharing method and device and electronic equipment | |
| CN111008400A (en) | Data processing method, device and system | |
| CN113946862A (en) | Data processing method, device and equipment and readable storage medium | |
| CN112287371B (en) | Method and device for storing industrial data and computer equipment | |
| CN116455572B (en) | Data encryption method, device and equipment | |
| CN112199730A (en) | Method and device for processing application data on terminal and electronic equipment | |
| CN115208630B (en) | Block chain-based data acquisition method and system and block chain system | |
| CN115567200B (en) | Http interface anti-brushing method, system and related equipment | |
| CN115022012B (en) | Data transmission method, device, system, equipment and storage medium | |
| CN115150193A (en) | Method and system for encrypting sensitive information in data transmission and readable storage medium | |
| CN116233847A (en) | Login method, login device, computer equipment and storage medium | |
| CN114978541B (en) | Transaction data processing method, device, equipment and storage medium | |
| CN110830252A (en) | Data encryption method, device, equipment and storage medium | |
| CN112449143B (en) | Implementation method and implementation system of secure video |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |