CN114884742A - Business data sharing method and system based on privacy computing technology - Google Patents
Business data sharing method and system based on privacy computing technology Download PDFInfo
- Publication number
- CN114884742A CN114884742A CN202210628481.5A CN202210628481A CN114884742A CN 114884742 A CN114884742 A CN 114884742A CN 202210628481 A CN202210628481 A CN 202210628481A CN 114884742 A CN114884742 A CN 114884742A
- Authority
- CN
- China
- Prior art keywords
- data
- sensitive
- service data
- service
- preset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 238000000586 desensitisation Methods 0.000 claims description 18
- 230000035945 sensitivity Effects 0.000 claims description 13
- 230000005540 biological transmission Effects 0.000 description 3
- 230000002441 reversible effect Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a business data sharing method and a business data sharing system based on a privacy computing technology, which are applied to the technical field of data sharing; acquiring sensitive data of service data; judging whether the sensitive data has a preset encryption format or not; if not, setting a sensitive sub-threshold value for the service data; acquiring a data type corresponding to the sensitive data; setting different scores for different sensitive data according to the data types; judging whether all scores corresponding to sensitive data in the business data are larger than the sensitive score threshold value or not; if not, sharing the service data; the method comprises the steps of setting a sensitive score threshold value for sensitive data in the service data, and judging whether the service data needs to be shared according to whether a score corresponding to the sensitive data in the service data is larger than the sensitive score threshold value; important sensitive data in the service data are effectively prevented from flowing out.
Description
Technical Field
The invention relates to the technical field of data sharing, in particular to a business data sharing method and system based on a privacy computing technology.
Background
The integrated service system generally has the service capability of providing various types of services such as mobile streaming media service, downloading service, color ring service and the like. In the integrated service system, the same section of video can realize stream media on demand and can be downloaded by a user; the same section of audio can be downloaded by the user, and can also be used as ring tone by the color ring back tone service, and the like; in the existing integrated service system, the services of the mobile streaming media service, the download service, the color ring service and the like have independent service capabilities respectively.
For example, application No. CN200710179477.0 discloses a method for implementing service data sharing, in which a database server and a service data server are provided in an integrated service system, the method includes a service data uploading process and a service data experiencing process, and the uploading process includes: A. the portal server registers the service data information corresponding to the service data uploaded by the content provider in the database server; B. and the database server sends a service data transmission request to the service data server, and after receiving the transmission request, the service data server acquires and stores the service data according to the physical path of the service data contained in the transmission request.
However, when the business data is shared, the sensitive data is too much, and after being peeped by a lawless person, important business data flows out.
Disclosure of Invention
The invention aims to solve the problem that important business data flows out easily due to the fact that sensitive data are too much when business data are shared and are peeped by lawbreakers, and provides a business data sharing method and a business data sharing system based on a privacy computing technology.
The invention adopts the following technical means for solving the technical problems:
the invention provides a business data sharing method based on a privacy computing technology, which comprises the following steps:
acquiring sensitive data of service data;
judging whether the sensitive data has a preset encryption format or not;
if not, setting a sensitive sub-threshold value for the service data;
acquiring a data type corresponding to the sensitive data;
setting different scores for different sensitive data according to the data types;
judging whether all scores corresponding to sensitive data in the business data are larger than the sensitive score threshold value or not;
and if not, sharing the service data.
Further, the step of obtaining the sensitive data of the service data includes:
acquiring a keyword in the service data;
judging whether the keywords are matched with preset sensitive features or not;
and if so, acquiring sensitive data with the keyword in the service data.
Further, the step of determining whether the sensitive data has a preset encryption format includes:
acquiring a suffix in the sensitive data;
judging whether the suffix is matched with a preset suffix name or not;
if yes, judging that the sensitive data is provided with an encryption format corresponding to the preset suffix name;
and if not, judging that a new encryption format needs to be added to the sensitive data.
Further, the step of setting a sensitivity threshold for the service data includes:
acquiring the proportion of the service data and the sensitive data;
a sensitivity score threshold is set based on the ratio.
Further, the step of obtaining the data type corresponding to the sensitive data includes:
acquiring sensitive content in the sensitive data;
judging whether the sensitive content has preset domain words or not;
and if so, judging the corresponding sensitive data type according to the preset domain words.
Further, the step of setting different scores for different sensitive data according to the data types includes:
acquiring a data set in the sensitive data;
obtaining the proportion of sensitive content to non-sensitive content according to the data set;
and setting a corresponding score for the sensitive content according to a preset score form and the proportion of the sensitive content to the non-sensitive content.
Further, before the step of sharing the service data, the method includes:
and if so, encrypting the sensitive data in the service data by adopting desensitization processing, and correspondingly adopting different desensitization data processing according to different sensitive data types.
The invention also provides a business data sharing system based on the privacy computing technology, which comprises the following steps:
the first acquisition module is used for acquiring sensitive data of the service data;
the first judgment module is used for judging whether the sensitive data has a preset encryption format or not;
the first execution module is used for setting a sensitivity score threshold value for the service data if the service data is not the same as the service data;
the second acquisition module is used for acquiring the data type corresponding to the sensitive data;
the first setting module is used for setting different scores for different sensitive data according to the data types;
the second judging module is used for judging whether all scores corresponding to the sensitive data in the business data are larger than the sensitive score threshold value or not;
and the second execution module is used for sharing the service data if the service data is not shared.
Further, the first obtaining module further comprises:
a first obtaining unit, configured to obtain a keyword in the service data;
the first judgment unit is used for judging whether the keyword is matched with a preset sensitive feature or not;
and the first execution unit is used for acquiring the sensitive data with the keyword in the service data if the keyword is contained in the service data.
Further, the first determining module further includes:
the second acquisition unit is used for acquiring a suffix in the sensitive data;
a second judging unit configured to judge whether the suffix matches a preset suffix name;
the second execution unit is used for judging that the sensitive data is provided with an encryption format corresponding to the preset suffix name;
and the third execution unit is used for judging that a new encryption format needs to be added to the sensitive data if the sensitive data does not have the new encryption format.
The invention provides a business data sharing method and a business data sharing system based on a privacy computing technology, which have the following beneficial effects:
the method comprises the steps of setting a sensitive score threshold value for sensitive data in the service data, and judging whether the service data needs to be shared according to whether a score corresponding to the sensitive data in the service data is larger than the sensitive score threshold value; important sensitive data in the service data are effectively prevented from flowing out.
Drawings
FIG. 1 is a flowchart illustrating a business data sharing method based on a privacy computing technology according to an embodiment of the present invention;
fig. 2 is a block diagram of an embodiment of a service data sharing system based on a privacy computing technology according to the present invention.
Detailed Description
It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not to be considered as limiting thereof, since the objects, features and advantages thereof will be further described with reference to the accompanying drawings.
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, a method for sharing service data based on a privacy computing technology in an embodiment of the present invention includes the following steps:
s1: acquiring sensitive data of service data;
s2: judging whether the sensitive data has a preset encryption format or not;
s3: if not, setting a sensitive sub-threshold value for the service data;
s4: acquiring a data type corresponding to the sensitive data;
s5: setting different scores for different sensitive data according to the data types;
s6: judging whether all scores corresponding to sensitive data in the business data are larger than the sensitive score threshold value or not;
s7: and if not, sharing the service data.
In this embodiment, the system determines whether the service data can be disclosed by acquiring the sensitive data in the service data according to whether a data format in the sensitive data has a preset encryption format; if a preset encryption format exists in the sensitive data, for example, the mobile phone number 1583 of a person after desensitization operation, that is, the business data can be shared; if the sensitive data does not have a preset encryption format, such as the number 113 of the Happy village Happy road of a certain person, the business data is judged to need to be encrypted; the system sets a sensitive sub-threshold value for the unencrypted service data, and then judges whether the service data needs to be encrypted; the system acquires data types corresponding to sensitive data in the business data, such as identity card numbers and telephone numbers of sensitive numbers, enterprise secrets and business secrets of sensitive characters, personal accounts and personal passwords of sensitive information; the system correspondingly sets different scores for the sensitive numbers, the sensitive characters and the sensitive information, and confirms whether the service data can be shared according to whether all the scores of the sensitive numbers, the sensitive characters and the sensitive information in the current sensitive data are greater than a sensitive score threshold set by the system; for example, the system acquires that the sensitive numerical score in the sensitive data is 24 points, the sensitive character score is 12 points, the sensitive information score is 13 points, the preset sensitive score of the system is 100 points, and the sensitive score threshold is 60 points, that is, the total score of the sensitive data is 49 points and does not exceed the sensitive score threshold set by the system, that is, the service data can be shared; for example, when the system acquires that the sensitive numerical score in the sensitive data is 25 points, the sensitive character score is 25 points, and the sensitive information score is 25 points, and the preset sensitive score of the known system is 100 points and the sensitive score threshold is 60 points, that is, the total score of the sensitive data is 75 points, and exceeds the sensitive score threshold set by the system, it is determined that the service data cannot be shared at this time.
In this embodiment, the step S1 of acquiring the sensitive data of the service data includes:
s11: acquiring a keyword in the service data;
s12: judging whether the keywords are matched with preset sensitive features or not;
s13: and if so, acquiring sensitive data with the keyword in the service data.
In this embodiment, the system can obtain the sensitive data with the related key words in the service data according to the preset sensitive characteristics by obtaining the key words in the service data; for example, the system acquires a keyword 'identity card number' in the service data, and the preset sensitive features of the system include 'identity card number', 'contact address' and 'personal information', that is, it can be determined that the keyword in the service data conforms to the preset sensitive features, that is, the service data has sensitive data; for example, the system acquires a keyword "military secret" in the service data, and in a case that the preset sensitive features of the system are known to include "identity number", "contact address" and "personal information", the system determines that the keyword in the service data does not conform to the preset sensitive features, that is, the service data does not contain sensitive data.
In this embodiment, the step S2 of determining whether the sensitive data has the preset encryption format includes:
s21: acquiring a suffix in the sensitive data;
s22: judging whether the suffix is matched with a preset suffix name or not;
s23: if yes, judging that the sensitive data is provided with an encryption format corresponding to the preset suffix name;
s24: and if not, judging that a new encryption format needs to be added to the sensitive data.
In this embodiment, the system determines whether the sensitive data is set with a corresponding encryption format by acquiring the sensitive data and determining whether a suffix carried in the sensitive data matches a preset suffix name; for example, the suffixes obtained by the system into the sensitive data are cnf and dnf, and the suffix name preset by the system is xnf, that is, the encryption format corresponding to the preset suffix name can be determined, wherein the encryption format of cnf is Base64 bit encryption (encryption and decryption), and the encryption format of dnf is MD5 encryption (encryption and non-reversible); for example, when the suffix in the sensitive data acquired by the system is ldf, and the suffix preset by the system is known to be nf, it can be determined that the suffix in the sensitive data does not conform to the preset suffix, that is, the encryption format cannot be identified in the system, and no encryption format exists for the sensitive data, at this time, a new encryption format needs to be added to the sensitive data, and desensitization processing needs to be performed on the sensitive content in the sensitive data.
In this embodiment, the step S3 of setting a sensitivity score threshold for the service data includes:
s31: acquiring the proportion of the service data and the sensitive data;
s32: a sensitivity score threshold is set based on the ratio.
In this embodiment, the system sets a sensitivity score threshold for the sensitive data according to a ratio between a data value of the service data and a data value of the sensitive data obtained by the system; for example, the data value of the service data obtained by the system is 100kb, the data value of the sensitive data is 60kb, and the ratio of the data value of the service data to the data value of the sensitive data is 1: 0.6, that is, the system sets the sensitive score threshold value for the sensitive data to be 60 scores according to the ratio; for example, the data value of the service data obtained by the system is 200kb, the data value of the sensitive data is 70kb, and the ratio of the data value of the service data to the data value of the sensitive data is 1: 0.35, that is, the system sets the sensitive score threshold value for the sensitive data to be 35 scores according to the ratio.
In this embodiment, the step S4 of acquiring the data type corresponding to the sensitive data includes:
s41: acquiring sensitive content in the sensitive data;
s42: judging whether the sensitive content has preset domain words or not;
s43: and if so, judging the corresponding sensitive data type according to the preset domain words.
In this embodiment, the system confirms the sensitive data types corresponding to the sensitive contents according to preset domain words by acquiring the sensitive contents in the sensitive data; for example, the system acquires that the sensitive content in the sensitive data is the identification number, and confirms that the sensitive content of the identification number belongs to the sensitive data type of the sensitive number according to the preset field words; for example, the system acquires that the sensitive content in the sensitive data is a contact address, and confirms that the sensitive content of the contact address belongs to the sensitive data type of the sensitive text according to a preset domain word; for example, the system acquires that the sensitive content in the sensitive data is the personal information, and confirms that the sensitive content of the personal information corresponds to the sensitive data type of the sensitive information according to the preset domain word.
In this embodiment, the step S5 of setting different scores for different sensitive data according to the data type includes:
s51: acquiring a data set in the sensitive data;
s52: obtaining the proportion of sensitive content to non-sensitive content according to the data set;
s53: and setting a corresponding score for the sensitive content according to a preset score form and the proportion of the sensitive content to the non-sensitive content.
In this embodiment, the system can obtain the ratio of the sensitive content to the non-sensitive content according to the data set by acquiring the data set in the sensitive data, and set a score for the sensitive content corresponding to the sensitive data according to the ratio; for example, the system acquires that the data set of the sensitive data is 100 text contents, the number of the text contents of the sensitive contents is 40, and the number of the text contents of the non-sensitive contents is 60, that is, the score of the sensitive contents is set to be 40; for example, the system acquires 200 text contents as a data set of the sensitive data, wherein the text contents of the sensitive contents are 50 text contents, and the text contents of the non-sensitive contents are 150 text contents, that is, the score of the sensitive contents is set to be 25.
In this embodiment, before the step S7 of sharing the service data, the method includes:
s701: and if so, encrypting the sensitive data in the service data by adopting desensitization processing, and correspondingly adopting different desensitization data processing according to different sensitive data types.
In this embodiment, the system needs to encrypt different data types corresponding to the sensitive data in the service data by adopting a desensitization method by judging that all scores corresponding to the sensitive data in the service data are greater than a set sensitive score threshold; for example, when the data type corresponding to the sensitive data is a sensitive number, desensitizing the sensitive number by a desensitizing method, for example, when the identification number is 45678912345678223X, desensitizing is performed to obtain a sensitive number 456789 × 223X; for example, when the data type corresponding to the sensitive data is a sensitive character, desensitizing the sensitive character by adopting a desensitization method, and if the contact address is the happy village happy road 113 number, desensitizing the sensitive character to obtain the sensitive character as the material village material road 113 number; for example, the data type corresponding to the sensitive data is sensitive information, and if the personal information is mr. chen, the sensitive information obtained after desensitization is old material.
Referring to fig. 2, a service data sharing system based on a privacy computing technology in an embodiment of the present invention includes:
the first obtaining module 10 is configured to obtain sensitive data of the service data;
the first judging module 20 is configured to judge whether the sensitive data has a preset encryption format;
the first execution module 30 is configured to, if not, set a sensitivity score threshold for the service data;
the second obtaining module 40 is configured to obtain a data type corresponding to the sensitive data;
a first setting module 50, configured to set different scores for different sensitive data according to the data type;
a second determining module 60, configured to determine whether all scores corresponding to sensitive data in the service data are greater than the sensitive score threshold;
a second executing module 70, configured to share the service data if the service data is not shared by the second executing module.
In this embodiment, the first obtaining module 10 obtains the sensitive data in the service data, and the first determining module 20 determines whether the service data can be disclosed according to whether the data format in the sensitive data has the preset encryption format; if a preset encryption format exists in the sensitive data, such as the mobile phone number 1583 material of a person after desensitization operation, it is judged that the business data can be shared; if the sensitive data does not have a preset encryption format, such as the number 113 of the Happy village Happy road of a certain person, the business data is judged to need to be encrypted; the first execution module 30 sets a sensitivity score threshold for the unencrypted service data, and further determines whether the service data needs to be encrypted; the second obtaining module 40 obtains the data type corresponding to the sensitive data in the service data, such as the identity card number and the telephone number of the sensitive number, the enterprise secret and the business secret of the sensitive text, the personal account and the personal password of the sensitive information; the first setting module 50 sets different scores correspondingly for the sensitive numbers, the sensitive words and the sensitive information, and the second judging module 60 determines whether the service data can be shared according to whether all the scores of the sensitive numbers, the sensitive words and the sensitive information in the current sensitive data are greater than a sensitive score threshold set by the system; for example, the system obtains that the sensitive numerical score in the sensitive data is 24 points, the sensitive character score is 12 points, the sensitive information score is 13 points, the preset sensitive score of the system is 100 points, and the sensitive score threshold is 60 points, that is, the total score of the sensitive data is 49 points and does not exceed the sensitive score threshold set by the system, that is, the second execution module 70 determines that the service data can be shared at this time; for example, when the system acquires that the sensitive numerical score in the sensitive data is 25 points, the sensitive character score is 25 points, and the sensitive information score is 25 points, and the preset sensitive score of the known system is 100 points and the sensitive score threshold is 60 points, that is, the total score of the sensitive data is 75 points, and exceeds the sensitive score threshold set by the system, it is determined that the service data cannot be shared at this time.
In this embodiment, the first obtaining module further includes:
a first obtaining unit, configured to obtain a keyword in the service data;
the first judgment unit is used for judging whether the keyword is matched with a preset sensitive feature or not;
and the first execution unit is used for acquiring the sensitive data with the keyword in the service data if the keyword is contained in the service data.
In this embodiment, the system can obtain the sensitive data with the related key words in the service data according to the preset sensitive characteristics by obtaining the key words in the service data; for example, the system acquires a keyword 'identity card number' in the service data, and the preset sensitive features of the system include 'identity card number', 'contact address' and 'personal information', that is, it can be determined that the keyword in the service data conforms to the preset sensitive features, that is, the service data has sensitive data; for example, the system acquires a keyword "military secret" in the service data, and in a case that the preset sensitive features of the system are known to include "identity number", "contact address" and "personal information", the system determines that the keyword in the service data does not conform to the preset sensitive features, that is, the service data does not contain sensitive data.
In this embodiment, the first determining module further includes:
the second acquisition unit is used for acquiring suffixes in the sensitive data;
a second judging unit configured to judge whether the suffix matches a preset suffix name;
the second execution unit is used for judging that the sensitive data is provided with an encryption format corresponding to the preset suffix name;
and the third execution unit is used for judging that a new encryption format needs to be added to the sensitive data if the sensitive data does not have the new encryption format.
In this embodiment, the system determines whether the sensitive data is set with a corresponding encryption format by acquiring the sensitive data and determining whether a suffix carried in the sensitive data matches a preset suffix name; for example, the suffixes obtained by the system into the sensitive data are cnf and dnf, and the suffix name preset by the system is xnf, that is, the encryption format corresponding to the preset suffix name can be determined, wherein the encryption format of cnf is Base64 bit encryption (encryption and decryption), and the encryption format of dnf is MD5 encryption (encryption and non-reversible); for example, when the suffix in the sensitive data acquired by the system is ldf, and the suffix preset by the system is known to be nf, it can be determined that the suffix in the sensitive data does not conform to the preset suffix, that is, the encryption format cannot be identified in the system, and no encryption format exists for the sensitive data, at this time, a new encryption format needs to be added to the sensitive data, and desensitization processing needs to be performed on the sensitive content in the sensitive data.
In this embodiment, the first execution module further includes:
the third acquisition unit is used for acquiring the proportion of the service data and the sensitive data;
and the first setting unit is used for setting a sensitivity score threshold value according to the proportion.
In this embodiment, the system sets a sensitivity score threshold for the sensitive data according to a ratio between a data value of the service data and a data value of the sensitive data obtained by the system; for example, the data value of the service data obtained by the system is 100kb, the data value of the sensitive data is 60kb, and the ratio of the data value of the service data to the data value of the sensitive data is 1: 0.6, that is, the system sets the sensitive score threshold value for the sensitive data to be 60 scores according to the ratio; for example, the data value of the service data obtained by the system is 200kb, the data value of the sensitive data is 70kb, and the ratio of the data value of the service data to the data value of the sensitive data is 1: 0.35, that is, the system sets the sensitive score threshold value for the sensitive data to be 35 scores according to the ratio.
In this embodiment, the second obtaining module further includes:
the fourth acquisition unit is used for acquiring the sensitive content in the sensitive data;
the third judging unit is used for judging whether the sensitive content has preset domain words or not;
and the fourth execution unit is used for judging the corresponding sensitive data type according to the preset field words if the sensitive data type is the preset field word.
In this embodiment, the system confirms the sensitive data types corresponding to the sensitive contents according to preset domain words by acquiring the sensitive contents in the sensitive data; for example, the system acquires that the sensitive content in the sensitive data is the identification number, and confirms that the sensitive content of the identification number belongs to the sensitive data type of the sensitive number according to the preset field words; for example, the system acquires that the sensitive content in the sensitive data is a contact address, and confirms that the sensitive content of the contact address belongs to the sensitive data type of the sensitive text according to a preset domain word; for example, the system acquires that the sensitive content in the sensitive data is the personal information, and confirms that the sensitive content of the personal information corresponds to the sensitive data type of the sensitive information according to the preset domain word.
In this embodiment, the first setting module further includes:
a fifth acquiring unit, configured to acquire a data set in the sensitive data;
the first obtaining unit is used for obtaining the proportion of sensitive content to non-sensitive content according to the data set;
and the second setting unit is used for setting a corresponding score for the sensitive content according to a preset score form and the proportion of the sensitive content to the non-sensitive content.
In this embodiment, the system can obtain the ratio of the sensitive content to the non-sensitive content according to the data set by acquiring the data set in the sensitive data, and set a score for the sensitive content corresponding to the sensitive data according to the ratio; for example, the system acquires that the data set of the sensitive data is 100 text contents, the number of the text contents of the sensitive contents is 40, and the number of the text contents of the non-sensitive contents is 60, that is, the score of the sensitive contents is set to be 40; for example, the system acquires 200 text contents as a data set of the sensitive data, wherein the text contents of the sensitive contents are 50 text contents, and the text contents of the non-sensitive contents are 150 text contents, that is, the score of the sensitive contents is set to be 25.
In this embodiment, the method further includes:
and the first processing module is used for encrypting the sensitive data in the service data by adopting desensitization processing if the sensitive data in the service data is the same as the sensitive data, and correspondingly adopting different desensitization data processing according to different sensitive data types.
In this embodiment, the system needs to encrypt different data types corresponding to the sensitive data in the service data by adopting a desensitization method by judging that all scores corresponding to the sensitive data in the service data are greater than a set sensitive score threshold; for example, when the data type corresponding to the sensitive data is a sensitive number, desensitizing the sensitive number by a desensitizing method, for example, when the identification number is 45678912345678223X, desensitizing the sensitive number to obtain a sensitive number of 456789X 223X; for example, when the data type corresponding to the sensitive data is a sensitive character, desensitizing the sensitive character by adopting a desensitization method, and if the contact address is the happy village happy road 113 number, desensitizing the sensitive character to obtain the sensitive character as the material village material road 113 number; for example, the data type corresponding to the sensitive data is sensitive information, and if the personal information is mr. chen, the sensitive information obtained after desensitization is old material.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (10)
1. A business data sharing method based on a privacy computing technology is characterized by comprising the following steps:
acquiring sensitive data of service data;
judging whether the sensitive data has a preset encryption format or not;
if not, setting a sensitive sub-threshold value for the service data;
acquiring a data type corresponding to the sensitive data;
setting different scores for different sensitive data according to the data types;
judging whether all scores corresponding to sensitive data in the business data are larger than the sensitive score threshold value or not;
and if not, sharing the service data.
2. The business data sharing method based on the private computing technology as claimed in claim 1, wherein the step of obtaining the sensitive data of the business data comprises:
acquiring a keyword in the service data;
judging whether the keywords are matched with preset sensitive features or not;
and if so, acquiring sensitive data with the keyword in the service data.
3. The business data sharing method based on the privacy computing technology as claimed in claim 1, wherein the step of determining whether the sensitive data has a preset encryption format includes:
acquiring a suffix in the sensitive data;
judging whether the suffix is matched with a preset suffix name or not;
if yes, judging that the sensitive data is provided with an encryption format corresponding to the preset suffix name;
and if not, judging that a new encryption format needs to be added to the sensitive data.
4. The method for sharing service data based on the privacy computing technology as claimed in claim 1, wherein the step of setting a sensitivity threshold for the service data includes:
acquiring the proportion of the service data and the sensitive data;
a sensitivity score threshold is set based on the ratio.
5. The business data sharing method based on the private computing technology as claimed in claim 1, wherein the step of obtaining the data type corresponding to the sensitive data includes:
acquiring sensitive content in the sensitive data;
judging whether the sensitive content has preset domain words or not;
and if so, judging the corresponding sensitive data type according to the preset domain words.
6. The business data sharing method based on the privacy computing technology as claimed in claim 1, wherein the step of setting different scores for different sensitive data according to the data types comprises:
acquiring a data set in the sensitive data;
obtaining the proportion of sensitive content to non-sensitive content according to the data set;
and setting a corresponding score for the sensitive content according to a preset score form and the proportion of the sensitive content to the non-sensitive content.
7. The business data sharing method based on the privacy computing technology as claimed in claim 1, wherein before the step of sharing the business data, the method comprises:
and if so, encrypting the sensitive data in the service data by adopting desensitization processing, and correspondingly adopting different desensitization data processing according to different sensitive data types.
8. A business data sharing system based on privacy computing technology is characterized by comprising:
the first acquisition module is used for acquiring sensitive data of the service data;
the first judgment module is used for judging whether the sensitive data has a preset encryption format or not;
the first execution module is used for setting a sensitivity score threshold value for the service data if the service data is not the same as the service data;
the second acquisition module is used for acquiring the data type corresponding to the sensitive data;
the first setting module is used for setting different scores for different sensitive data according to the data types;
the second judging module is used for judging whether all scores corresponding to the sensitive data in the business data are larger than the sensitive score threshold value or not;
and the second execution module is used for sharing the service data if the service data is not shared.
9. The business data sharing system based on the private computing technology as claimed in claim 8, wherein the first obtaining module further comprises:
a first obtaining unit, configured to obtain a keyword in the service data;
the first judgment unit is used for judging whether the keyword is matched with a preset sensitive feature or not;
and the first execution unit is used for acquiring the sensitive data with the keyword in the service data if the keyword is contained in the service data.
10. The business data sharing system based on the private computing technology as claimed in claim 8, wherein the first determining module further comprises:
the second acquisition unit is used for acquiring a suffix in the sensitive data;
a second judging unit configured to judge whether the suffix matches a preset suffix name;
the second execution unit is used for judging that the sensitive data is provided with an encryption format corresponding to the preset suffix name;
and the third execution unit is used for judging that a new encryption format needs to be added to the sensitive data if the sensitive data does not have the new encryption format.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210628481.5A CN114884742B (en) | 2022-06-02 | 2022-06-02 | Service data sharing method and system based on privacy computing technology |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210628481.5A CN114884742B (en) | 2022-06-02 | 2022-06-02 | Service data sharing method and system based on privacy computing technology |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114884742A true CN114884742A (en) | 2022-08-09 |
CN114884742B CN114884742B (en) | 2024-03-29 |
Family
ID=82679063
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210628481.5A Active CN114884742B (en) | 2022-06-02 | 2022-06-02 | Service data sharing method and system based on privacy computing technology |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114884742B (en) |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150324606A1 (en) * | 2014-05-10 | 2015-11-12 | Informatica Corporation | Identifying and Securing Sensitive Data at its Source |
CN110188565A (en) * | 2019-04-17 | 2019-08-30 | 平安科技(深圳)有限公司 | Data desensitization method, device, computer equipment and storage medium |
CN110928931A (en) * | 2020-02-17 | 2020-03-27 | 深圳市琦迹技术服务有限公司 | Sensitive data processing method and device, electronic equipment and storage medium |
CN111143880A (en) * | 2019-12-27 | 2020-05-12 | 中电长城网际系统应用有限公司 | Data processing method and device, electronic equipment and readable medium |
CN111783138A (en) * | 2020-06-24 | 2020-10-16 | 中国平安财产保险股份有限公司 | Sensitive data detection method and device, computer equipment and storage medium |
CN112685711A (en) * | 2021-02-02 | 2021-04-20 | 杭州宁达科技有限公司 | Novel information security access control system and method based on user risk assessment |
CN113132297A (en) * | 2019-12-30 | 2021-07-16 | 北京国双科技有限公司 | Data leakage detection method and device |
CN113836558A (en) * | 2021-09-27 | 2021-12-24 | 西安万像电子科技有限公司 | File encryption method, device and file decryption method |
CN114372286A (en) * | 2021-12-17 | 2022-04-19 | 刘维炜 | Data security management method and device, computer equipment and storage medium |
CN114416843A (en) * | 2022-01-18 | 2022-04-29 | 深圳红途科技有限公司 | Sensitive data sharing detection method and device, computer equipment and storage medium |
-
2022
- 2022-06-02 CN CN202210628481.5A patent/CN114884742B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150324606A1 (en) * | 2014-05-10 | 2015-11-12 | Informatica Corporation | Identifying and Securing Sensitive Data at its Source |
CN110188565A (en) * | 2019-04-17 | 2019-08-30 | 平安科技(深圳)有限公司 | Data desensitization method, device, computer equipment and storage medium |
CN111143880A (en) * | 2019-12-27 | 2020-05-12 | 中电长城网际系统应用有限公司 | Data processing method and device, electronic equipment and readable medium |
CN113132297A (en) * | 2019-12-30 | 2021-07-16 | 北京国双科技有限公司 | Data leakage detection method and device |
CN110928931A (en) * | 2020-02-17 | 2020-03-27 | 深圳市琦迹技术服务有限公司 | Sensitive data processing method and device, electronic equipment and storage medium |
CN111783138A (en) * | 2020-06-24 | 2020-10-16 | 中国平安财产保险股份有限公司 | Sensitive data detection method and device, computer equipment and storage medium |
CN112685711A (en) * | 2021-02-02 | 2021-04-20 | 杭州宁达科技有限公司 | Novel information security access control system and method based on user risk assessment |
CN113836558A (en) * | 2021-09-27 | 2021-12-24 | 西安万像电子科技有限公司 | File encryption method, device and file decryption method |
CN114372286A (en) * | 2021-12-17 | 2022-04-19 | 刘维炜 | Data security management method and device, computer equipment and storage medium |
CN114416843A (en) * | 2022-01-18 | 2022-04-29 | 深圳红途科技有限公司 | Sensitive data sharing detection method and device, computer equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN114884742B (en) | 2024-03-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4874288B2 (en) | Data storage and access to mobile devices and user modules | |
JP5383830B2 (en) | Methods for protecting user privacy | |
US20210377258A1 (en) | Attributed network enabled by search and retreival of privity data from a registry and packaging of the privity data into a digital registration certificate for attributing the data of the attributed network | |
US20140164766A1 (en) | Privacy management for tracked devices | |
CN112287372B (en) | Method and apparatus for protecting clipboard privacy | |
KR20010039387A (en) | Method protecting data stored in lost mobile terminal and recording medium therefor | |
CN113472774B (en) | Account login-free method, system, device and computer readable storage medium | |
US12063311B2 (en) | System and method for internet access age-verification | |
Rottermanner et al. | Privacy and data protection in smartphone messengers | |
KR102131976B1 (en) | User terminal apparatus and method for providing personal information thereby | |
CN112887427B (en) | Cloud platform encryption system and method | |
JP2010199997A (en) | Access authentication system, information processing apparatus, access authentication method, program, and recording medium | |
CN112995413B (en) | Number information tracing method and device and server | |
CN113282959A (en) | Service data processing method and device and electronic equipment | |
CN110955909B (en) | Personal data protection method and block link point | |
CN117375986A (en) | Application access method, device and server | |
JP2002269047A (en) | Sound user authentication system | |
CN114884742A (en) | Business data sharing method and system based on privacy computing technology | |
CN111182010A (en) | Local service providing method and device | |
KR20150065441A (en) | System and Method for log in based on server easily | |
CN110598426B (en) | Data communication method, device, equipment and storage medium based on information security | |
CN115080987A (en) | Password management method, device, system, storage medium and computer equipment | |
KR102383050B1 (en) | Device for changing caller indentification using encryption algorithm | |
KR101587156B1 (en) | Message processing apparatus and user terminal capable of deferentiating between normal message and abnormal message and method thereof | |
CN115408542A (en) | Electronic document processing method, device, equipment and medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |