CN114547664A - Data processing method and device - Google Patents
Data processing method and device Download PDFInfo
- Publication number
- CN114547664A CN114547664A CN202011295921.7A CN202011295921A CN114547664A CN 114547664 A CN114547664 A CN 114547664A CN 202011295921 A CN202011295921 A CN 202011295921A CN 114547664 A CN114547664 A CN 114547664A
- Authority
- CN
- China
- Prior art keywords
- desensitization
- data
- node
- strategy
- management node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 33
- 238000000586 desensitisation Methods 0.000 claims abstract description 458
- 238000007726 management method Methods 0.000 claims abstract description 154
- 238000012545 processing Methods 0.000 claims abstract description 35
- 238000013523 data management Methods 0.000 claims abstract description 30
- 230000001360 synchronised effect Effects 0.000 claims description 26
- 238000000034 method Methods 0.000 claims description 9
- 238000004891 communication Methods 0.000 abstract description 8
- 238000010586 diagram Methods 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 230000003993 interaction Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- Computing Systems (AREA)
- Medical Informatics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a data processing method and device, and belongs to the technical field of communication. The data processing method comprises the following steps: performing secondary desensitization on the primary desensitization data based on a preset desensitization strategy to obtain desensitization data; desensitization data are sent to the central management node, so that the central management node synchronizes the desensitization data to the area management node, and when the data management system receives a data access request, the data access request is preferentially guided to the area management node, so that the data processing pressure of the data management system is relieved, the access time delay is reduced, and the data access efficiency is improved.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a data processing method and apparatus.
Background
Data desensitization is a commonly used method of data processing. Data desensitization refers to special processing of secret or private information contained in data to achieve the effect of data deformation, so that an attacker cannot directly obtain sensitive information from the desensitized data. For some applications, there is a large amount of sensitive data that needs to be desensitized. Under the existing centralized desensitization mode, if the data to be desensitized are more, the data processing system is easy to generate larger data processing pressure. Moreover, desensitized data is generally stored in a centralized manner, and when data access is frequent and the processing capacity of a data processing system cannot meet access requirements, access delay is increased, so that access efficiency is low. Therefore, how to reduce the data processing pressure and efficiently manage data to reduce the access delay and improve the data access efficiency becomes an urgent problem to be solved in the field.
Disclosure of Invention
Therefore, the invention provides a data processing method and a data processing device, which aim to solve the problems of higher data processing pressure, higher access time delay and lower data access efficiency in a centralized desensitization and storage mode.
In order to achieve the above object, a first aspect of the present invention provides a data processing method applied to a central desensitization node, including:
performing secondary desensitization on the primary desensitization data based on a preset desensitization strategy to obtain desensitization data; the initial desensitization data is data obtained by performing initial desensitization on to-be-desensitized data by using a region desensitization node;
and sending the desensitization data to a central management node, so that the central management node synchronizes the desensitization data to area management nodes, and leading a data access request to the area management nodes preferentially when a data management system receives the data access request.
Further, the second desensitization is performed on the primary desensitization data based on a preset desensitization strategy, and before obtaining the desensitization data, the method further includes:
setting the desensitization strategy and sending the desensitization strategy to the regional desensitization node;
and receiving the preliminary desensitization data returned by the regional desensitization node.
Further, the setting the desensitization policy and sending the desensitization policy to the regional desensitization node includes:
setting the desensitization strategy according to the service type, the service flow and the desensitization node type of the data to be desensitized; the desensitization strategy comprises a first desensitization strategy and a second desensitization strategy, wherein the first desensitization strategy is a desensitization strategy corresponding to the desensitization node type as a center desensitization node, and the second desensitization strategy is a desensitization strategy corresponding to the desensitization node type as the area desensitization node;
and issuing the second desensitization strategy to the regional desensitization node.
Further, the preliminary desensitization data is data obtained by the regional desensitization node after preliminary desensitization is performed on the data to be desensitized according to the second desensitization strategy.
Further, performing secondary desensitization on the primary desensitization data based on a preset desensitization strategy to obtain desensitization data, including;
determining the service type and the service flow of the preliminary desensitization data;
matching the first desensitization strategy for the preliminary desensitization data according to the service type and the service flow of the preliminary desensitization data;
and carrying out secondary desensitization on the primary desensitization data according to the matched first desensitization strategy to obtain the desensitization data.
In order to achieve the above object, a second aspect of the present invention provides a data processing method applied to a central management node, the data processing method including:
desensitization data sent by the central desensitization node are received and stored; the desensitization data are obtained by performing secondary desensitization on primary desensitization data by the central desensitization node based on a preset desensitization strategy, and the primary desensitization data are obtained by performing primary desensitization on to-be-desensitized data by the regional desensitization node;
synchronizing the desensitization data to the area management nodes so that the data access request is preferentially directed to the area management nodes when the data access request is received by the data management system.
Further, the synchronizing the desensitization data to a zone management node includes:
determining desensitization data of a region to be synchronized from the desensitization data according to the jurisdiction range and the authority range of the region management node;
and sending the desensitization data of the areas to be synchronized to the area management node, so that the area management node stores the desensitization data of the areas to be synchronized to the area management node.
Further, after synchronizing the desensitization data to the area management node, the method further includes:
receiving the data access request forwarded by the data management system; wherein the data access request is a request forwarded to the central management node when the regional management node cannot satisfy the data access request;
responding to the data access request and returning corresponding data to the data management system.
In order to achieve the above object, a third aspect of the present invention provides a data processing apparatus applied to a central desensitization node, the data processing apparatus comprising:
the desensitization module is used for carrying out secondary desensitization on the primary desensitization data based on a preset desensitization strategy to obtain desensitization data; the initial desensitization data is data obtained by performing initial desensitization on to-be-desensitized data by using a region desensitization node;
and the desensitization node sending module is used for sending the desensitization data to a central management node so that the central management node synchronizes the desensitization data to the area management node, and a data management system preferentially guides the data access request to the area management node when receiving the data access request.
In order to achieve the above object, a fourth aspect of the present invention provides a data processing apparatus applied to a central management node, the data processing apparatus comprising:
the receiving module is used for receiving desensitization data sent by the central desensitization node; the desensitization data are obtained by performing secondary desensitization on primary desensitization data by the central desensitization node based on a preset desensitization strategy, and the primary desensitization data are obtained by performing primary desensitization on to-be-desensitized data by the regional desensitization node;
a storage module for storing the desensitization data;
and the management node sending module is used for synchronizing the desensitization data to the area management nodes so that the data management system preferentially guides the data access request to the area management nodes when receiving the data access request.
The invention has the following advantages:
according to the data processing method provided by the invention, secondary desensitization is carried out on the primary desensitization data based on a preset desensitization strategy, so that desensitization data are obtained; desensitization data are sent to the central management node, so that the central management node synchronizes the desensitization data to the area management node, and when the data management system receives a data access request, the data access request is preferentially guided to the area management node, so that the data processing pressure of the data management system is relieved, the access time delay is reduced, and the data access efficiency is improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention.
Fig. 1 is a flowchart of a data processing method according to a first embodiment of the present invention;
fig. 2 is a flowchart of a data processing method according to a second embodiment of the present invention;
fig. 3 is a flowchart of a data processing method according to a third embodiment of the present invention;
fig. 4 is a flowchart of a data processing method according to a fourth embodiment of the present invention;
fig. 5 is a schematic block diagram of a data processing apparatus according to a fifth embodiment of the present invention;
fig. 6 is a schematic block diagram of a data processing apparatus according to a sixth embodiment of the present invention.
In the drawings:
501: the desensitization module 502: desensitization node sending module
601: the receiving module 602: memory module
603: management node sending module
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present invention, are given by way of illustration and explanation only, not limitation.
The data processing method and the data processing device provided by the invention have the advantages that the problem that the access time delay is increased and the access efficiency is low due to the fact that the data processing pressure is high in the existing centralized desensitization and centralized storage modes is solved, and therefore, the novel data processing method and the novel data processing device are provided.
Fig. 1 is a flowchart of a data processing method according to a first embodiment of the present invention, where the data processing method is applicable to a central desensitization node. As shown in fig. 1, the data processing method may include the steps of:
and S101, carrying out secondary desensitization on the primary desensitization data based on a preset desensitization strategy to obtain desensitization data.
The initial desensitization data is data obtained by performing initial desensitization on the data to be desensitized by the regional desensitization node. Partial sensitive information also exists in the preliminary desensitization data, and the central desensitization node needs to perform further desensitization operation on the partial sensitive information, so that desensitization data without sensitive information is obtained.
With the advent of the big data age, data has become a special form of important asset. However, while creating value using data, importance must be attached to the information security of the data. Especially for some industries and some application scenarios, it is desirable to perform desensitization operations on data to avoid leakage of important or sensitive information. Data desensitization specifically refers to data deformation of some sensitive information through desensitization rules, so that reliable protection of sensitive private data is realized. In most current desensitization operations, desensitization is performed on data to be desensitized in a centralized manner to obtain desensitization data, and this desensitization manner causes a data processing pressure of the system to be large. Moreover, centralized access is also often employed when accessing desensitized data, which exacerbates the data processing pressure of the system. In view of the above, the present invention provides a new data processing method, which sets a central desensitization node, a regional desensitization node, a central management node, and a regional management node on the basis of original centralized data desensitization and data access, and disperses part of data desensitization pressure from the central desensitization node to the regional desensitization node for desensitization operation, and disperses data access pressure from the central management node to different regional management nodes for access operation, thereby reducing data processing pressure of the central desensitization node and the central management node, relieving data processing pressure, reducing access delay, and improving data access efficiency.
In one embodiment, the service terminal enters original data to be desensitized (the data to be desensitized includes service data in an initial state such as original data of a client), and forwards the data to be desensitized to the regional desensitization node. The regional desensitization node receives the data to be desensitized, performs initial desensitization on the data to be desensitized, obtains initial desensitization data, and then sends the initial desensitization data to the central desensitization node. And the central desensitization node receives the primary desensitization data and carries out secondary desensitization on the primary desensitization data according to a preset desensitization strategy to obtain desensitization data. Specifically, the central desensitization node firstly determines the service type and the service flow of the primary desensitization data, matches a first desensitization strategy for the primary desensitization data according to the service type and the service flow of the primary desensitization data, and then carries out secondary desensitization on the primary desensitization data according to the matched first desensitization strategy to obtain desensitization data. The first desensitization strategy is a desensitization strategy preset by a central desensitization node; the number of regional desensitization nodes can be set according to desensitization pressure, for example, if desensitization pressure is great, can set up the desensitization pressure that central desensitization node was dispersed effectively to the regional desensitization node of a greater number, if desensitization pressure is less, can set up few regional desensitization nodes in order to moderate degree alleviate the desensitization pressure of central desensitization node.
It should be noted that, considering that the 5G communication network has the characteristics of low delay, high rate, and the like, in some embodiments, the 5G communication network may be relied on when information interaction is performed between the regional desensitization node and the central desensitization node. It can be understood that the regional desensitization node and the central desensitization node may also implement information interaction by relying on other communication networks or through other communication modes.
Step S102, desensitization data are sent to the central management node, so that the central management node synchronizes the desensitization data to the area management node, and when receiving a data access request, the data management system preferentially guides the data access request to the area management node.
In general, desensitization data obtained through desensitization operation is centrally stored, and when a data access request is received by a data management system, a response is given based on the centrally stored desensitization data and corresponding data is returned. Since the data volume of desensitized data is generally large, data processing pressure is relatively large when data access requests are frequent. Therefore, in the embodiment, the plurality of regional management nodes are arranged to disperse part of data access pressure of the central management node, so that data access delay is reduced, and data access efficiency is improved.
In one embodiment, after the central desensitization node obtains desensitization data, the desensitization data is sent to the central management node. And the central management node receives the desensitization data, determines desensitization data of the region to be synchronized corresponding to the region management node from the desensitization data according to the administration range and the authority range of each region management node, and sends the desensitization data of the region to be synchronized to the corresponding region management node. And the area management node receives desensitization data of the area to be synchronized and stores the desensitization data of the area to be synchronized, so that data synchronization with the central management node is realized. When the data management system receives the data access request, the data access request is preferentially guided to the corresponding regional management node, and the regional management node responds to the data access request, so that part of the data access request is filtered for the central management node, and the data access pressure is relieved.
It can be understood that, when the area management node cannot satisfy the data access request, the data management system may forward the data access request to the central management node, and the central management node responds to the data access request and returns response data.
Fig. 2 is a flowchart of a data processing method according to a second embodiment of the present invention, which is applicable to a central desensitization node, and is substantially the same as the first embodiment of the present invention except that: before receiving the initial desensitization data sent by the regional desensitization center, a desensitization strategy is set first, and the desensitization strategy is sent to the regional desensitization nodes. As shown in fig. 2, the data processing method may include the steps of:
step S201, a desensitization strategy is set and issued to the regional desensitization node.
The desensitization strategy is a set of contents such as methods and rules used for desensitization operation on data. The desensitization strategies of different types of data, data in different service flows and different desensitization nodes may not be the same. Therefore, in some embodiments, the desensitization policy may be set according to the service type of the data to be desensitized, the service flow to which the data belongs, and the type of the desensitization node. However, no matter what desensitization strategy is adopted, the desensitized data still has usability, namely, when the desensitization strategy is used for carrying out deformation processing on the data, the use characteristics of the type, format, meaning, distribution and the like of the original data are ensured, so that the desensitized data can be normally used.
In one embodiment, a central desensitization node sets desensitization strategies according to the service type, the service flow and the desensitization node type of data to be desensitized, wherein the desensitization strategies comprise a first desensitization strategy and a second desensitization strategy, the first desensitization strategy is a desensitization strategy applicable to the central desensitization node and set according to the service type and the service flow of the data to be desensitized, and the second desensitization strategy is a desensitization strategy applicable to a regional desensitization node and set according to the service type and the service flow of the data to be desensitized. After the central desensitization node sets the desensitization strategy, the second desensitization strategy is sent to the regional desensitization node so that the regional desensitization node can execute preliminary desensitization operation on the data to be desensitized according to the second desensitization strategy. If the service types or the service flows of the data to be desensitized processed by the regional desensitization nodes are different, the second desensitization strategies corresponding to the desensitization nodes in different regions are different.
It should be noted that the desensitization operation performed by the central desensitization node and the regional desensitization node may be set according to actual requirements. For example, the central desensitization node may perform gap-filling desensitization on incomplete desensitization data of the regional desensitization node, may perform secondary desensitization on preliminary desensitization data based on different desensitization levels or desensitization modes, or may be a combination of the two. It can be understood that, for the difference of desensitization operations of the central desensitization node and the regional desensitization node, the specific contents of the corresponding first desensitization strategy and second desensitization strategy are correspondingly different.
And step S202, receiving the initial desensitization data returned by the regional desensitization node.
In one embodiment, after the regional desensitization node receives the second desensitization strategy issued by the central desensitization node, the regional desensitization node performs a primary desensitization operation on the data to be desensitized according to the content of the second desensitization strategy to obtain primary desensitization data, and returns the primary desensitization data to the central desensitization node, so that the central desensitization node performs a secondary desensitization operation on the primary desensitization data according to the preset first desensitization strategy.
And S203, carrying out secondary desensitization on the primary desensitization data based on a preset desensitization strategy to obtain desensitization data.
Step S203 in this embodiment is the same as step S101 in the first embodiment of the present invention, and is not described herein again.
Step S204, desensitization data is sent to the central management node, so that the central management node synchronizes the desensitization data to the area management node, and when receiving a data access request, the data management system preferentially guides the data access request to the area management node.
Step S204 in this embodiment is the same as step S102 in the first embodiment of the present invention, and is not described herein again.
Fig. 3 is a flowchart of a data processing method that can be applied to a central management node according to a third embodiment of the present invention. As shown in fig. 3, the data processing method may include the steps of:
and step S301, desensitization data sent by the central desensitization node is received and stored.
The desensitization data are data obtained by performing secondary desensitization on primary desensitization data by the central desensitization node based on a preset desensitization strategy, and the primary desensitization data are data obtained by performing primary desensitization on to-be-desensitized data by the regional desensitization node.
In order to relieve data access pressure, desensitization data are stored in the central management node, and are also stored in the regional management node in a scattered manner, so that part of unnecessary access requests can be filtered for the central management node, the data processing pressure of the central management node is reduced, meanwhile, the access delay can be reduced, and the access efficiency is improved.
In one embodiment, the central desensitization node performs secondary desensitization on the primary desensitization data, and after desensitization data are obtained, the desensitization data are sent to the central management node. And the central management node receives and stores desensitization data sent by the central desensitization node.
It should be noted that information interaction between the central desensitization node and the central management node may be performed through a 5G network, or may be performed through other communication networks or in other communication manners.
Step S302, synchronize the desensitization data to the area management node, so that the data management system preferentially directs the data access request to the area management node when receiving the data access request.
The number of the area management nodes can be set according to the data volume of desensitized data and the response requirement of data access. Considering that the administration ranges of the management nodes in different areas are different and the authority ranges are also different, when the central management node performs the synchronization operation of the desensitization data, firstly, the desensitization data of the areas to be synchronized corresponding to the area management center needs to be determined according to the administration ranges and the authority ranges of the area management nodes, and then the desensitization data of the areas to be synchronized are sent to the area management nodes to perform the synchronization operation.
In one embodiment, a central management node firstly determines desensitization data of a region to be synchronized corresponding to a region management node from the desensitization data according to the jurisdiction range and the authority range of the region management node, and sends the desensitization data of the region to be synchronized to the region management node. And the area management node receives desensitization data of the area to be synchronized and stores the desensitization data of the area to be synchronized to the area management node, so that data synchronization between the area management node and the central management node is realized.
It should be noted that in some special application scenarios, all desensitization data of the central management node may also be synchronized to the regional management nodes. The application does not limit the range of desensitization data for synchronization between regional management nodes and central management nodes.
Fig. 4 is a flowchart of a data processing method provided in a fourth embodiment of the present invention, which is applicable to a central management node, and is basically the same as the third embodiment of the present invention except that: and when the regional management center cannot meet the data access request, responding the data access request by the central management node. As shown in fig. 4, the data processing method may include the steps of:
and step S401, receiving and storing desensitization data sent by the central desensitization node.
Step S401 in this embodiment is the same as step S301 in the first embodiment of the present invention, and is not described herein again.
Step S402, the desensitization data is synchronized to the area management node, so that the data management system preferentially guides the data access request to the area management node when receiving the data access request.
Step S402 in this embodiment is the same as step S302 in the first embodiment of the present invention, and is not described herein again.
Step S403, receiving the data access request forwarded by the data management system.
The data access request is a request forwarded to the central management node when the regional management node cannot meet the data access request. Specifically, due to the limited administration range and authority range of the regional management node, the data of the regional management node may not be completely complete than the data stored by the central management node, and therefore, the regional management node may not be able to satisfy some data access requests, which are responded by the central management node.
In one embodiment, when the regional management node fails to satisfy the data access request, the data management system forwards the data access request to the central management node, and the central management node receives the data access request.
And S404, responding to the data access request and returning corresponding data to the data management system.
In one embodiment, after receiving the data access request, the central management node queries corresponding access data in response to the data access request, and returns the data to the data management system.
The steps of the above methods are divided for clarity, and the implementation may be combined into one step or split some steps, and the steps are divided into multiple steps, so long as the same logical relationship is included, which are all within the protection scope of the present patent; it is within the scope of the patent to add insignificant modifications to the algorithms or processes or to introduce insignificant design changes to the core design without changing the algorithms or processes.
Fig. 5 is a schematic block diagram of a data processing apparatus according to a fifth embodiment of the present invention, which is applicable to a central desensitization node. As shown in fig. 5, the data processing apparatus includes: desensitization module 501 and desensitization node sending module 502.
And the desensitization module 501 is configured to perform secondary desensitization on the primary desensitization data based on a preset desensitization strategy to obtain desensitization data.
In one embodiment, the service terminal enters original data to be desensitized and forwards the data to be desensitized to the regional desensitization node. The regional desensitization node receives the data to be desensitized, performs initial desensitization on the data to be desensitized, obtains initial desensitization data, and then sends the initial desensitization data to the central desensitization node. The central desensitization node receives the primary desensitization data, and performs secondary desensitization on the primary desensitization data according to a preset desensitization strategy through the desensitization module 501 to obtain desensitization data. Specifically, the central desensitization node firstly determines the service type and the service flow of the primary desensitization data, matches a first desensitization strategy for the primary desensitization data according to the service type and the service flow of the primary desensitization data, and then carries out secondary desensitization on the primary desensitization data according to the matched first desensitization strategy to obtain desensitization data. The first desensitization strategy is a desensitization strategy with a central desensitization node preset by the central desensitization node, and the number of regional desensitization nodes can be set according to desensitization pressure.
The desensitization node sending module 502 is configured to send desensitization data to the central management node, so that the central management node synchronizes the desensitization data to the area management node, and when receiving a data access request, the data management system preferentially directs the data access request to the area management node.
In one embodiment, after the central desensitization node obtains desensitization data, the desensitization data is sent to the central management node through the desensitization node sending module 502. And the central management node receives the desensitization data, determines desensitization data of the region to be synchronized corresponding to the region management node from the desensitization data according to the administration range and the authority range of each region management node, and sends the desensitization data of the region to be synchronized to the corresponding region management node. And the area management node receives desensitization data of the area to be synchronized and stores the desensitization data of the area to be synchronized, so that data synchronization with the central management node is realized. When the data management system receives the data access request, the data access request is preferentially guided to the corresponding regional management node, and the regional management node responds to the data access request, so that part of the data access request is filtered for the central management node, and the data access pressure is relieved.
Fig. 6 is a schematic block diagram of a data processing apparatus according to a sixth embodiment of the present invention, where the data processing apparatus is applicable to a central management node. As shown in fig. 6, the data processing apparatus includes: a receiving module 601, a storing module 602 and a management node sending module 603.
A receiving module 601, configured to receive desensitization data sent by a central desensitization node.
In one embodiment, the central desensitization node performs secondary desensitization on the primary desensitization data, and after desensitization data are obtained, the desensitization data are sent to the central management node. The central management node receives desensitization data sent by the central desensitization node through the receiving module 601.
A storage module 602 for storing desensitization data.
After receiving the desensitization data, the area management node stores the desensitization data at a preset address for standby through the storage module 602.
The management node sending module 603 is configured to synchronize desensitization data to the area management node, so that when the data management system receives a data access request, the data access request is preferentially guided to the area management node.
In one embodiment, the central management node first determines desensitization data of the area to be synchronized corresponding to the area management node from the desensitization data according to the jurisdiction range and the authority range of the area management node, and sends the desensitization data of the area to be synchronized to the area management node through the management node sending module 603. And the area management node receives desensitization data of the area to be synchronized and stores the desensitization data of the area to be synchronized to the area management node, so that data synchronization between the area management node and the central management node is realized.
It should be noted that each module referred to in this embodiment is a logical module, and in practical applications, one logical unit may be one physical unit, may be a part of one physical unit, and may be implemented by a combination of multiple physical units. In addition, in order to highlight the innovative part of the present invention, elements that are not so closely related to solving the technical problems proposed by the present invention are not introduced in the present embodiment, but this does not indicate that other elements are not present in the present embodiment.
It will be understood that the above embodiments are merely exemplary embodiments taken to illustrate the principles of the present invention, which is not limited thereto. It will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the spirit and substance of the invention, and these modifications and improvements are also considered to be within the scope of the invention.
Claims (10)
1. A method of data processing, comprising:
performing secondary desensitization on the primary desensitization data based on a preset desensitization strategy to obtain desensitization data; the initial desensitization data is data obtained by performing initial desensitization on to-be-desensitized data by using a region desensitization node;
and sending the desensitization data to a central management node, so that the central management node synchronizes the desensitization data to area management nodes, and leading a data access request to the area management nodes preferentially when a data management system receives the data access request.
2. The data processing method according to claim 1, wherein before performing secondary desensitization on the preliminary desensitization data based on a preset desensitization strategy and obtaining desensitization data, the method further comprises:
setting the desensitization strategy and sending the desensitization strategy to the regional desensitization node;
and receiving the preliminary desensitization data returned by the regional desensitization node.
3. The data processing method according to claim 2, wherein the setting the desensitization policy and issuing the desensitization policy to the regional desensitization node comprises:
setting the desensitization strategy according to the service type, the service flow and the desensitization node type of the data to be desensitized; the desensitization strategy comprises a first desensitization strategy and a second desensitization strategy, wherein the first desensitization strategy is a desensitization strategy corresponding to the desensitization node type as a center desensitization node, and the second desensitization strategy is a desensitization strategy corresponding to the desensitization node type as the area desensitization node;
and issuing the second desensitization strategy to the regional desensitization node.
4. The data processing method according to claim 3, wherein the preliminary desensitization data is data obtained by the regional desensitization node after preliminary desensitization is performed on the data to be desensitized according to the second desensitization strategy.
5. The data processing method according to claim 3, wherein the secondary desensitization is performed on the primary desensitization data based on a preset desensitization strategy to obtain desensitization data, including;
determining the service type and the service flow of the preliminary desensitization data;
matching the first desensitization strategy for the preliminary desensitization data according to the service type and the service flow of the preliminary desensitization data;
and carrying out secondary desensitization on the primary desensitization data according to the matched first desensitization strategy to obtain the desensitization data.
6. A data processing method, comprising:
desensitization data sent by the central desensitization node are received and stored; the desensitization data is obtained by performing secondary desensitization on primary desensitization data by the central desensitization node based on a preset desensitization strategy, and the primary desensitization data is obtained by performing primary desensitization on to-be-desensitized data by the regional desensitization node;
synchronizing the desensitization data to the area management nodes so that the data access request is preferentially directed to the area management nodes when the data access request is received by the data management system.
7. The data processing method of claim 6, wherein the synchronizing the desensitization data to a zone management node comprises:
determining desensitization data of a region to be synchronized from the desensitization data according to the jurisdiction range and the authority range of the region management node;
and sending the desensitization data of the area to be synchronized to the area management node, so that the area management node stores the desensitization data of the area to be synchronized to the area management node.
8. The data processing method of claim 6, wherein after synchronizing the desensitization data to a zone management node, further comprising:
receiving the data access request forwarded by the data management system; wherein the data access request is a request forwarded to the central management node when the regional management node cannot satisfy the data access request;
responding to the data access request and returning corresponding data to the data management system.
9. A data processing apparatus, comprising:
the desensitization module is used for carrying out secondary desensitization on the primary desensitization data based on a preset desensitization strategy to obtain desensitization data; the initial desensitization data is data obtained by performing initial desensitization on to-be-desensitized data by using a region desensitization node;
and the desensitization node sending module is used for sending the desensitization data to a central management node so that the central management node synchronizes the desensitization data to the area management node, and a data management system preferentially guides the data access request to the area management node when receiving the data access request.
10. A data processing apparatus, comprising:
the receiving module is used for receiving desensitization data sent by the central desensitization node; the desensitization data are obtained by performing secondary desensitization on primary desensitization data by the central desensitization node based on a preset desensitization strategy, and the primary desensitization data are obtained by performing primary desensitization on to-be-desensitized data by the regional desensitization node;
a storage module for storing the desensitization data;
and the management node sending module is used for synchronizing the desensitization data to the area management nodes so that the data management system preferentially guides the data access request to the area management nodes when receiving the data access request.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011295921.7A CN114547664B (en) | 2020-11-18 | 2020-11-18 | Data processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011295921.7A CN114547664B (en) | 2020-11-18 | 2020-11-18 | Data processing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114547664A true CN114547664A (en) | 2022-05-27 |
| CN114547664B CN114547664B (en) | 2024-07-23 |
Family
ID=81660015
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011295921.7A Active CN114547664B (en) | 2020-11-18 | 2020-11-18 | Data processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114547664B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100228783A1 (en) * | 2009-03-06 | 2010-09-09 | Castellanos Maria G | Desensitizing Character Strings |
| CN106407843A (en) * | 2016-10-17 | 2017-02-15 | 深圳中兴网信科技有限公司 | Data desensitization method and data desensitization device |
| CN110069932A (en) * | 2019-05-08 | 2019-07-30 | 济南浪潮高新科技投资发展有限公司 | A kind of data lake fused data safety analytical method based on intelligent contract |
| US20190273620A1 (en) * | 2017-07-18 | 2019-09-05 | Zhongan Information Technology Service Co., Ltd. | Data sharing method and data sharing system |
| CN110443059A (en) * | 2018-05-02 | 2019-11-12 | 中兴通讯股份有限公司 | Data guard method and device |
| CN110532797A (en) * | 2019-07-24 | 2019-12-03 | 方盈金泰科技(北京)有限公司 | The desensitization method and system of big data |
| CN111143880A (en) * | 2019-12-27 | 2020-05-12 | 中电长城网际系统应用有限公司 | Data processing method and device, electronic equipment and readable medium |
| CN111177788A (en) * | 2020-01-07 | 2020-05-19 | 北京启明星辰信息安全技术有限公司 | Hive dynamic desensitization method and dynamic desensitization system |
| CN111538786A (en) * | 2020-04-24 | 2020-08-14 | 上海简苏网络科技有限公司 | Block chain data desensitization and tracing storage method and device |
-
2020
- 2020-11-18 CN CN202011295921.7A patent/CN114547664B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100228783A1 (en) * | 2009-03-06 | 2010-09-09 | Castellanos Maria G | Desensitizing Character Strings |
| CN106407843A (en) * | 2016-10-17 | 2017-02-15 | 深圳中兴网信科技有限公司 | Data desensitization method and data desensitization device |
| US20190273620A1 (en) * | 2017-07-18 | 2019-09-05 | Zhongan Information Technology Service Co., Ltd. | Data sharing method and data sharing system |
| CN110443059A (en) * | 2018-05-02 | 2019-11-12 | 中兴通讯股份有限公司 | Data guard method and device |
| CN110069932A (en) * | 2019-05-08 | 2019-07-30 | 济南浪潮高新科技投资发展有限公司 | A kind of data lake fused data safety analytical method based on intelligent contract |
| CN110532797A (en) * | 2019-07-24 | 2019-12-03 | 方盈金泰科技(北京)有限公司 | The desensitization method and system of big data |
| CN111143880A (en) * | 2019-12-27 | 2020-05-12 | 中电长城网际系统应用有限公司 | Data processing method and device, electronic equipment and readable medium |
| CN111177788A (en) * | 2020-01-07 | 2020-05-19 | 北京启明星辰信息安全技术有限公司 | Hive dynamic desensitization method and dynamic desensitization system |
| CN111538786A (en) * | 2020-04-24 | 2020-08-14 | 上海简苏网络科技有限公司 | Block chain data desensitization and tracing storage method and device |
Non-Patent Citations (2)
| Title |
|---|
| YUNLI: "Research on a Data Desensitization Algorithm of Blockchain Distributed Energy Transaction Based on Differential Privacy", pages 1 - 6, Retrieved from the Internet <URL:《网页在线公开:https://ieeexplore.ieee.org/abstract/document/9224935》> * |
| 包小源等: "基于数据空间的电子病历数据融合与应用平台", 《大数据》, 16 January 2020 (2020-01-16), pages 47 - 61 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114547664B (en) | 2024-07-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10419531B2 (en) | Method for setting gateway device identity, and management gateway device | |
| WO2021120374A1 (en) | Message processing method, processing unit, and a virtual private network server | |
| CN111600965A (en) | Consensus method and system in block chain | |
| EP4084415A1 (en) | Data management method and system, associated subsystem and computer readable medium | |
| EP2503762B1 (en) | Method, apparatus and system for cache collaboration | |
| CN114938508A (en) | 5G private network control method and device, electronic equipment and storage medium | |
| CN102932269A (en) | Method and device for balancing load | |
| CN110909030B (en) | Information processing method and server cluster | |
| WO2020119699A1 (en) | Resource publishing method and apparatus in internet of things, device, and storage medium | |
| KR20130130295A (en) | System and method for assigining server to terminal and efficiently delivering messages to the terminal | |
| CN115209378A (en) | Service resource dynamic allocation method, system, management server and medium for vehicle | |
| CN111147468A (en) | User access method, device, electronic equipment and storage medium | |
| CN112491951B (en) | Request processing method, server and storage medium in peer-to-peer network | |
| US10268532B2 (en) | Application message processing system, method, and application device | |
| CN114547664A (en) | Data processing method and device | |
| CN106535112B (en) | Method, device and system for realizing terminal access | |
| CN116954863A (en) | Database scheduling method, device, equipment and storage medium | |
| CN115495288A (en) | Data backup method, device and equipment and computer readable storage medium | |
| CN106385688B (en) | A kind of base-band resource distribution method and system and controller | |
| CN112616143B (en) | Method and device for distributing communication numbers, electronic equipment and storage medium | |
| CN108848156B (en) | Access gateway processing method, device and storage medium | |
| CN110866066B (en) | Service processing method and device | |
| CN116800675A (en) | Flow control method, device, equipment and computer readable storage medium | |
| CN115048667A (en) | Data management method, terminal, desensitization center server and data management center | |
| CN112217715B (en) | Intelligent dynamic gateway system with repeated interaction of complex data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |