CN115185534A - Data desensitization method and device, readable storage medium and electronic equipment - Google Patents

Data desensitization method and device, readable storage medium and electronic equipment Download PDF

Info

Publication number
CN115185534A
CN115185534A CN202210845211.XA CN202210845211A CN115185534A CN 115185534 A CN115185534 A CN 115185534A CN 202210845211 A CN202210845211 A CN 202210845211A CN 115185534 A CN115185534 A CN 115185534A
Authority
CN
China
Prior art keywords
desensitization
program
service
tangent plane
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210845211.XA
Other languages
Chinese (zh)
Inventor
张锐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202210845211.XA priority Critical patent/CN115185534A/en
Publication of CN115185534A publication Critical patent/CN115185534A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation
    • G06F8/44Encoding
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation
    • G06F8/43Checking; Contextual analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The specification discloses a data desensitization method, a data desensitization device, a readable storage medium and electronic equipment, wherein according to a received desensitization request, a desensitization tangent plane program and a tangent point corresponding to the desensitization tangent plane program are determined, the desensitization tangent plane program is deployed at the tangent point in a service application program through a preconfigured tangent plane base, when the service application program executes a service, service data matched with sensitive characteristics are determined through the desensitization tangent plane program, desensitization processing is performed, wherein the service data matched with the sensitive characteristics at least contain personal data, and the sensitive characteristics can be obtained at least through a machine learning mode. According to the method, personalized code modification is not needed for each service application program, but a universal section desensitization program is injected into the service application program through the section base, so that service data meeting sensitive characteristics are desensitized, information safety is guaranteed, and efficiency and flexibility of data desensitization are improved.

Description

Data desensitization method and device, readable storage medium and electronic equipment
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a data desensitization method, an apparatus, a readable storage medium, and an electronic device.
Background
Data desensitization refers to the deformation of data for some sensitive information through desensitization rules, so as to realize reliable protection for privacy. At present, users pay more attention to their privacy, and with the development of internet technology and the need of deep service integration, a large amount of service data is stored in the internet, and the service data often contains sensitive data and important data, and once the sensitive data and the important data are leaked or illegally utilized, irreparable loss is caused, wherein the sensitive data can be determined in a machine learning manner.
In this regard, the present specification provides a method of data desensitization based on a safe profile.
Disclosure of Invention
The present specification provides a data desensitization method, apparatus, readable storage medium and electronic device to solve, in part, the above problems in the prior art.
The technical scheme adopted by the specification is as follows:
the present specification provides a method of data desensitization comprising:
determining a desensitization tangent plane program and a tangent point corresponding to the desensitization tangent plane program according to the received desensitization request, wherein the desensitization tangent plane program is used for desensitizing data meeting sensitive characteristics;
deploying the desensitization tangent plane program at a tangent point in a service application program corresponding to an application container through a pre-deployed tangent plane base;
when the service application program executes the service, the desensitization tangent plane program deployed at the tangent point is used for determining the service data matched with the sensitive characteristics in the service execution process, and desensitizing the matched service data so as to continuously execute the service according to the desensitized service data.
The present specification provides a data desensitization device, applied to an application container in a business system, comprising:
the determination module is used for determining a desensitization tangent plane program and a tangent point corresponding to the desensitization tangent plane program according to the received desensitization request, wherein the desensitization tangent plane program is used for desensitizing data meeting sensitive characteristics;
the deployment module is used for deploying the desensitization tangent plane program at a tangent point in the service application program corresponding to the application container through a pre-deployed tangent plane base;
and the desensitization module is used for determining the service data matched with the sensitive characteristics in the service execution process through the desensitization tangent plane program deployed at the tangent point when the service application program executes the service, and performing desensitization processing on the matched service data so as to continuously execute the service according to the desensitized service data.
The present specification provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the above-described data desensitization method.
The present specification provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the above data desensitization method when executing the program.
The technical scheme adopted by the specification can achieve the following beneficial effects:
determining a desensitization tangent plane program and a tangent point corresponding to the desensitization tangent plane program according to the received desensitization request, deploying the desensitization tangent plane program at the tangent point in the service application program through a preconfigured tangent plane base, determining service data matched with the sensitive characteristics in the service execution process through the desensitization tangent plane program when the service application program executes services, and desensitizing the matched service data.
According to the method, personalized code transformation is carried out on each service application program without the need of carrying out desensitization on classes, objects and the like in each service application program, but a general section desensitization program is injected into the service application program through a section base, so that service data conforming to the sensitive characteristics are desensitized, information safety is guaranteed, and efficiency and flexibility of data desensitization are improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the specification and are incorporated in and constitute a part of this specification, illustrate embodiments of the specification and together with the description serve to explain the specification and not to limit the specification in a non-limiting sense. In the drawings:
FIG. 1 is a schematic flow diagram of a data desensitization method provided herein;
FIG. 2 is a schematic flow diagram of a data desensitization method provided herein;
FIG. 3 is a data desensitization apparatus provided herein;
fig. 4 is a schematic diagram of an electronic device corresponding to fig. 1 provided in the present specification.
Detailed Description
In order to make the objects, technical solutions and advantages of the present disclosure more clear, the technical solutions of the present disclosure will be clearly and completely described below with reference to the specific embodiments of the present disclosure and the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of the present disclosure, and not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present specification without any creative effort belong to the protection scope of the present specification.
Currently, in a distributed cloud computing scenario, in order to ensure high utilization of resources, multiple application containers are generally deployed, and different services are executed by the application containers. Wherein the application container may be a container created inside the server that contains an environment isolated from the server in which the application runs and computing resources allocated to the application to perform the service. Of course, the application container may also be a unit in the micro service architecture, and the classification and how to set the application container may be set according to needs, which is not limited in this specification.
For each application container, the service data generated by the application container in the service execution process usually contains sensitive information and/or important information, and in order to avoid the sensitive information and/or important information from being leaked or illegally utilized, desensitization processing can be performed on the service data in the application container execution process. The sensitive data and/or important data are data which may cause serious harm to the society and/or individuals after leakage. Including private data of an individual (e.g., name, identification number, address, bank card account, mailbox, password, etc.), and data that is not suitable for publication by a business or society (e.g., business status of a business, network structure of a business, trade secrets, etc.). Of course, the type of data included in the sensitive data and/or the important data may also be set according to needs, and this specification does not limit this.
In the field of data desensitization, a common data desensitization method is implemented based on an application program corresponding to an application container. Specifically, for each application container, a developer of the business application program in the application container may determine data such as a class and an object included in the business application program, and determine the class and/or the object that needs desensitization processing according to the determined data. For example, each object in the string class and the math class is determined to be data which needs desensitization processing. Based on the determined class and/or object needing desensitization, the developer can modify the codes of the service application program of the application container, add the codes for desensitization of the class and/or object needing desensitization, and perform desensitization on the service data by the service application program after code modification.
However, the business application program corresponding to the application container is updated due to the addition and deletion function, and the class and/or object that needs desensitization processing in the business application program of each version are not completely the same, so if the updated business application program directly adopts a part of code for desensitization processing in the business application program before updating to perform desensitization processing on the business data, program exception, no desensitization, or incomplete desensitization may occur, that is, the business data after desensitization processing on the business data still have sensitive data and/or important data. Therefore, the efficiency and flexibility are lower when desensitization is carried out on the service data at present.
In addition, for each application container in the same cloud computing scene, the application containers may belong to different business systems, and developers of different business systems are different, so that partial codes for desensitizing the business data in the business application program obtained by modification are different. For different application containers in the same service system, because the service application programs corresponding to the application containers respectively have uniqueness, even in the same service system, part of codes for desensitizing the service data in the service application programs obtained by code modification are different. That is, the part of the service application program corresponding to each application container for desensitizing the service data is not reusable, which obviously imposes a requirement on development cost. After the code transformation is completed, the transformed service application program needs to be tested, and the requirement on the test cost is high.
Based on this, this specification provides a data desensitization method based on a secure tangent plane, in which a desensitization tangent plane program capable of desensitizing data conforming to sensitive characteristics is deployed in a secure tangent plane manner in a business application program, and in a business execution process of the business application program, the desensitization tangent plane program determines business data matched with the sensitive characteristics, and performs desensitization processing on the matched business data. The service application program does not need to be subjected to code modification aiming at the classes and/or objects which need to be subjected to desensitization processing in the service application program respectively corresponding to each application container. The cost required for development and testing is reduced, and the flexibility of data desensitization is improved. Wherein, the desensitization section procedure is a section procedure for desensitizing data.
The above-mentioned security profile refers to a method for dynamically adding or modifying a profile program for implementing a security profile service in the operation logic of a service application program without modifying the service application program by using an Aspect-oriented Programming (AOP) mode. The method and the system enable the program for realizing the safe tangent plane service to be decoupled with the service application program while realizing the safe tangent plane service, thereby avoiding the development iteration problem caused by high coupling.
The tangent plane program is an enhanced program for realizing the safe tangent plane service based on the service operation logic. The method can inject the tangent plane program into the corresponding tangent point of the service application program by adopting a tangent plane-oriented programming mode, and the tangent plane program is triggered and executed in the process of executing the service application program, so that the required safe tangent plane service function is realized.
When a service application executes a service, the service application generally performs service execution through calls between methods. Therefore, any method in the business application program can be used as an entry point of the tangent program, namely the tangent point, and the tangent program is injected into the corresponding tangent point. When the service application program is executed to the tangent point, namely the method of the service application program corresponding to the tangent point is called, the tangent plane program injected at the tangent point is executed.
Generally, there is high reusability of the code responsible for injecting the tangent program into the tangent point, and therefore, the program implementing the process is generally abstracted into one service module, i.e., the tangent base. The tangent plane base can obtain tangent plane programs needing to be deployed and tangent points in the service application programs from a third party providing safe tangent plane services, and the corresponding tangent plane programs are injected into the tangent points of the service application programs by the environment after the application containers are started.
The business application may be a business application that provides business services in a server of the business platform. The service may be a service provided by a server of the service platform to a user, such as an inquiry service, a payment service, and the like. The business service may also be a business service provided by a certain server of the business platform to other servers, such as a settlement service.
Of course, as can be seen from the above description, in order to decouple the program of the secure cut-plane service from the service application, the present specification makes the program of the secure cut-plane service and the service application be interleaved during service execution by using a cut-plane-oriented programming method, but are parallel to each other and can be maintained independently. Therefore, unlike the service provider of the service application program, a third party providing the security tangent plane service may manage the content related to the security tangent plane service through the management and control platform, for example, configuration of a security tangent plane service management and control policy, version iteration of the tangent plane program, configuration of a deployment rule of the tangent plane program, and the like. Of course, the service providing the security profile may be a third party or a service provider.
When managing the content related to the security tangent plane service, the management and control platform may record various configuration information, such as configuration of various policies, configuration of deployment rules of tangent plane programs, and the like, through the configuration file. The section base can complete the deployment of the section program according to the configuration file, or the control platform can realize the safe section service according to the configuration file.
In practical applications, a service provider usually has a computer room including several physical machines or physical servers, and provides physical resources required by service applications through the physical machines. Of course, a business application may not need all the physical resources of the entire physical machine, and thus, multiple virtual hosts (virtual hosting) are generally run on one physical machine through virtualization technology. The virtual hosts are independent of each other and share part of physical resources of the physical machine. An application container can then be deployed in the virtual host and the business application can be run through the application container. An application container typically contains physical resources, such as CPU, memory, etc., allocated to the application container, and a runtime environment, such as an Operating System (OS) or other runtime environment data, provided to the application container, such as Serial Number (SN) Number of the container, allocated IP (infinitial Property), application name, tenant, environment variable, etc. Business applications can be deployed in application containers to execute business.
In a scene of executing a service based on a safe tangent plane, a service provider or a server of a third party providing the safe tangent plane service can provide a control platform, manage the content related to the safe tangent plane service through the control platform, deploy a tangent plane base in an application container, and inject a tangent plane program into a service application program in the service application container through the tangent plane base to provide support of the safe tangent plane service for the application container of the service provider.
The tangent plane base can then be deployed beforehand in the application container of the service provider. Generally, when the application container is started, an operating system provided for the application container can be invoked, a pre-deployed section base is operated, a section program and a tangent point of a service application program are obtained from the management and control platform through the section base, and the section program is injected into the tangent point of the service application program in the application container. In addition, the tangent plane base can also obtain tangent points of the tangent plane program and the service application program from the management and control platform in the execution process of the service application program, and inject the tangent plane program into the tangent points of the service application program in the application container.
Of course, how the tangent plane base obtains the information required for deploying the tangent plane program from the control platform can be set according to the requirement. For example, the required information may be actively pulled from the management and control platform according to the configuration file, or the management and control platform may actively issue the information required for the tangent plane base to receive.
After the tangent plane program is injected into the tangent point of the service application program, the service application program can trigger the tangent plane program in the execution process so as to realize the corresponding safe tangent plane service function.
The technical solutions provided by the embodiments of the present description are described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic flow chart of a data desensitization method provided in the present specification, specifically including the following steps:
s100: and determining a desensitization tangent plane program and a tangent point corresponding to the desensitization tangent plane program according to the received desensitization request, wherein the desensitization tangent plane program is used for desensitizing data meeting the sensitivity characteristics.
Different from the prior art, for each application container, a developer of the application container performs code transformation on a business application program based on a class and/or an object which needs desensitization processing in the business application program corresponding to the application container, so that the prior art has high cost and low efficiency when performing desensitization processing. The present specification provides a new data desensitization method, which may be implemented by deploying a desensitization tangent plane program capable of performing desensitization processing on data conforming to a sensitive feature in the service application program based on a tangent plane base pre-deployed in an application container, and in a process of executing a service by the service application program, determining, by the desensitization tangent plane program, service data matched with the sensitive feature, and performing desensitization processing on the matched service data. The service application program does not need to be subjected to code modification aiming at the classes and/or objects which need to be subjected to desensitization processing in the service application programs respectively corresponding to the application containers. The cost required for development and testing is reduced, and the flexibility of data desensitization is improved.
Based on the above brief description of the data desensitization method provided in this specification, the data desensitization method provided in this specification can be applied to a distributed computing scenario, where a service is executed in a service system, and service data generated in the process of executing the service needs to be executed by an application container that is desensitized. The application container may be deployed in a server or an electronic device, such as a notebook computer, a mobile phone, and the like.
Of course, the data desensitization method may also be executed by a desensitization system for performing desensitization processing on the service data of the application container, which is deployed in a separate server or electronic device. The desensitization system may of course also be deployed in the server where the business system is located. Besides the service system, any application container of which service data needs desensitization processing can be used as an execution main body of the method.
For convenience of description, the data desensitization method provided in this specification is only performed by taking an application container for which service data needs to be desensitized as an example.
Based on this, the application container can determine the desensitization section procedure and the tangent point corresponding to the desensitization section procedure according to the desensitization request.
Specifically, the application container may receive a desensitization request, where the desensitization request may carry a desensitization tangent plane procedure and a tangent point.
Then, the application container may parse the received desensitization request, and determine, from the parsing result, a desensitization section program and a position where the desensitization section program is to be deployed as a tangent point.
Wherein the desensitization section procedure is a series of procedure codes for desensitizing data conforming to the sensitivity characteristics.
The sensitive feature may be a type of sensitive data, such as different types of sensitive information, e.g., identification number, name, mobile phone number, etc. But also the data structure of the sensitive data, such as integer data with a length of 18, character data with a length of 15 and a last character, etc. The sensitive characteristic can be determined manually or obtained by machine learning modes such as deep learning, supervised learning, semi-supervised learning and the like. The specific form and type of the sensitive feature and how to determine and the like can be set as required, and the specification is not limited thereto.
Of course, the desensitization request may also only carry metadata of the desensitization section program, and the application container parses the desensitization request, and the obtained parsing result includes the metadata. The application container may obtain the desensitization profile program based on the metadata.
Furthermore, in order to facilitate the management and control of the desensitization section program, a section management and control platform can be further arranged. Desensitization tangent plane programs are stored in the tangent plane control platform, and desensitization requests are issued by users through the tangent plane control platform.
Therefore, the application container can determine the identifier corresponding to the desensitization tangent plane program from the analysis result of the desensitization request, and acquire the desensitization tangent plane program from the tangent plane management and control platform according to the identifier.
In addition, the desensitization request may be issued by the user through the tangent plane control platform, may also be issued by the tangent plane control platform when monitoring that the service system starts to execute, and may also be actively acquired by the desensitization system when the application container is started. And the desensitization request may be received for the application container or for the application container via a tangent plane base pre-deployed on the application container. How to determine the desensitization request and how to receive the desensitization request can be set according to needs, which is not limited in this specification.
S104: and deploying the desensitization tangent plane program at a tangent point in the service application program corresponding to the application container through a pre-deployed tangent plane base.
In one or more embodiments provided in the present specification, as described above, the data desensitization method provided in the present specification has the core idea that: the desensitization tangent plane program which can desensitize the data which accord with the sensitive characteristics can be deployed in the service application program based on the tangent plane base which is pre-deployed in the application container, the desensitization tangent plane program which is deployed in the service application program can be started along with the service application program in the service application program service execution process, and when the service application program is executed to the desensitization tangent plane program, the desensitization tangent plane program determines the service data which are matched with the sensitive characteristics in the service data which are generated in the service execution process, and desensitizes the matched service data. Code transformation does not need to be carried out on the service application programs respectively corresponding to the application containers, so that the cost required by development and testing is reduced, and the flexibility and the efficiency of data desensitization are improved.
Based on this, after determining the desensitization tangent plane program and the tangent point corresponding to the desensitization tangent plane program, the application container may deploy the desensitization tangent plane program in the business application program through the tangent plane base.
Wherein the tangent plane base is similar to an injection framework and can be started together with a service application program. The service application program is composed of different service modules, and the service application program can comprise a plurality of tangent points, so that the tangent plane base can inject the tangent plane program into the service application program at different tangent points.
Specifically, the application container may determine the tangent point corresponding to the desensitization tangent program from a prestored tangent point list, and at the tangent point, inject the desensitization tangent program into the service application program. The tangent point list may be a set of tangent points in the service application program corresponding to the application container.
Further, for each tangent point included in the service application program, a tangent plane base corresponding to the tangent point may be determined, so that, after receiving the desensitization request, the application container may determine, according to the tangent point in the desensitization request, a tangent plane base corresponding to the tangent point, and inject the desensitization tangent plane program into the service application program of the application container through the tangent plane base.
Furthermore, in general, when the tangent plane base deploys the tangent plane program, the corresponding deployment mode should be carried. Likewise, the desensitization request may carry the deployment of the desensitization cut plane program.
Therefore, the application container can analyze the received desensitization request, determine the deployment mode of the desensitization application program from the analysis result of the desensitization request, and deploy the desensitization section request in the service application program according to the deployment mode. The deployment mode may be a static agent or a dynamic agent.
Therefore, when the deployment mode is a dynamic proxy, the application container can deploy the desensitization tangent plane program at the tangent point of the service application program through the tangent plane base in the execution process of the service application program, and when the service application program is executed to the tangent point, the desensitization tangent plane program can be directly executed. That is to say, the desensitization tangent plane program is deployed in the service application program execution process, and the service execution efficiency of the service application program is not affected. Therefore, in actual operation, a dynamic agent is usually used as a main deployment mode.
When the deployment mode is static agent, the application container may stop running the service application program first, and deploy the desensitization tangent plane program at the tangent point in the service application program corresponding to the application container through the tangent plane base. After the deployment is finished, the service application program after the desensitization tangent plane program is deployed can be tested by the staff, improvement is carried out based on the test result, and the service application program is restarted to execute the service after the test is passed.
It should be noted that, in this specification, the service application is deployed in the application container, and the tangent plane base is also deployed in the application container.
S106: when the service application program executes the service, the desensitization tangent plane program deployed at the tangent point is used for determining the service data matched with the sensitive characteristics in the service execution process, and desensitizing the matched service data so as to continuously execute the service according to the desensitized service data.
In one or more embodiments provided in the present specification, when a business application in an application container executes a business, a large amount of business data including some sensitive data and/or important data may be generated due to data interaction and the like. In order to ensure the information security of the sensitive data and/or the important data, before the service data is stored, desensitization processing needs to be performed on the service data, and the service data after the desensitization processing needs to be stored. The data desensitization method provided by the specification can perform desensitization processing on the service data matched with the sensitive features in the service data based on a desensitization tangent plane program pre-deployed in an application container, so that the problems of high cost and low flexibility caused by code modification on the service application program are solved.
Based on this, when the service application executes the service, the application container can determine the service data matching the sensitive feature in the service data through the desensitization section program.
In particular, the application container may determine that desensitization processing is required for business data when the business application execution executes at the tangent point. The application container may then obtain business data during execution of the business application.
Then, the application container can call the desensitization section program, input the acquired service data into the desensitization section program, and the desensitization section program determines the service data matched with the sensitive characteristics according to the sensitive characteristics.
Finally, the application container can perform desensitization processing on the determined service data matched with the sensitive characteristics through the desensitization section program, and update the service data of the application container according to the service data after the desensitization processing.
It should be noted that the desensitization treatment provided in the present specification is an irreversible desensitization treatment.
Further, the desensitization section program can be directly configured in the section management and control platform, so that the application container can acquire the service data corresponding to the application container when the service application program is executed to the tangent point, and send the service data to the section management and control platform.
The desensitization tangent plane program can be called in the tangent plane control platform, the service data matched with the sensitive characteristics in the service data is determined, the desensitization processing is carried out on the matched service data, and the service data after the desensitization processing is returned to the application container.
The application container may perform subsequent services based on the received desensitized processed service data.
Furthermore, the desensitization request carries a desensitization mode, so that the application container can desensitize the sensitive data according to the desensitization mode through a desensitization section program, and stores a desensitization result into the application container. The desensitization mode can be a plurality of modes such as shielding desensitization, generalization desensitization, format preserving desensitization and the like, and the means adopted for desensitizing data are mature technical means at present, and are not described in the specification.
Therefore, after desensitization is performed on the service data, the application container can store the desensitized service data as a log file in the target application container, so that only the desensitized service data can be printed when logs need to be printed subsequently, thereby ensuring information security.
In addition, the application container can also continue to execute the service based on the service data after desensitization processing.
As shown in fig. 1, in the data desensitization method, according to a received desensitization request, a desensitization tangent plane program and a tangent point corresponding to the desensitization tangent plane program are determined, the desensitization tangent plane program is deployed at the tangent point in a service application program through a preconfigured tangent plane base, when the service application program executes a service, service data matched with the sensitive feature in a service execution process is determined through the desensitization tangent plane program, and the matched service data is desensitized. According to the method, personalized code transformation is carried out on each service application program without the need of carrying out desensitization on classes, objects and the like in each service application program, but a universal section desensitization program is injected into the service application program through a section base, so that service data conforming to sensitive characteristics are desensitized, information safety is guaranteed, and efficiency and flexibility of data desensitization are improved.
Furthermore, for practical application scenarios, in some special cases, the preset desensitization profile procedure is not applicable. For example, a test scenario, a scenario in which the operating pressure of the application container is high, an abnormal scenario for troubleshooting, and the like. In order to avoid desensitization processing of service data which does not need desensitization processing by the desensitization tangent plane program, a configuration switch program can be set for the desensitization tangent plane program.
Specifically, the application container may receive an open command for the desensitised section program.
The application container can switch the state corresponding to the desensitization section procedure to be opened through the section base. Then the desensitisation tangent plane program may be executed when the service application executes a service.
Of course, the application container may also receive a close command for a desensitization profile procedure. The application container can switch the state corresponding to the desensitization tangent plane program to be closed, and the desensitization tangent plane program is not executed when the service application program executes the service.
In addition, more than one sensitive data may exist in the service application program, and the desensitization processing can also be performed on the data corresponding to more than one sensitive feature in the desensitization section program. And the desensitization section program may not be applicable any more due to the influence of factors such as version update and the like. Therefore, the desensitization tangent procedure can also adopt a modular design.
Specifically, the desensitization section program comprises a plurality of desensitization subprograms, wherein the desensitization subprograms are used for desensitizing data conforming to the sensitivity characteristics, and the sensitivity characteristics corresponding to the desensitization subprograms are not completely the same.
Then, the application container can also receive an opening instruction aiming at the desensitization subprogram, and determine the desensitization subprogram corresponding to the opening instruction from all the desensitization subprograms contained in the desensitization section program through the section base according to the subprogram identification in the opening instruction.
The application container may switch the state corresponding to the desensitization sub-routine to on. That is, when the desensitization tangent plane procedure is executed, the desensitization subroutine is executed.
Of course, the application container may also receive a close command for the desensitization sub-routine. The application container can determine the desensitization subprogram corresponding to the closing instruction from the desensitization subprograms contained in the desensitization sectional program, and switch the state corresponding to the desensitization subprogram to close. That is, when the desensitization cut-plane procedure is performed, the desensitization subroutine is not performed.
Based on the same concept, the present specification provides a schematic flow diagram of the desensitization treatment method shown in fig. 2. And the desensitization tangent plane program can be deployed at the tangent point in the service application program through the deployment mode in the desensitization request. And then, in the service execution process, desensitizing the data matched with the sensitive characteristics in the service data through a desensitizing section program. The section control platform stores desensitization section programs of various versions and desensitization instructions for issuing opening instructions or closing instructions.
It should be noted that all actions of acquiring signals, information or data in this specification are performed under the premise of complying with the corresponding data protection regulation policy of the country of the location and obtaining the authorization given by the owner of the corresponding device.
Based on the same idea, the present specification also provides a data desensitization device, as shown in fig. 3.
Fig. 3 is a data desensitization apparatus provided in the present specification, applied to an application container in a business system, including:
a determining module 200, configured to determine, according to the received desensitization request, a desensitization tangent plane program and a tangent point corresponding to the desensitization tangent plane program, where the desensitization tangent plane program is configured to perform desensitization processing on data that conforms to a sensitive feature.
And the deployment module 202 is configured to deploy the desensitization tangent plane program at a tangent point in the service application program corresponding to the application container through a pre-deployed tangent plane base.
A desensitization module 204, configured to determine, through the desensitization tangent plane program deployed at the tangent point, service data matched with the sensitive feature in the service execution process when the service application program executes a service, and perform desensitization processing on the matched service data, so as to continue to execute the service according to the desensitized service data.
Optionally, the deployment module 202 is configured to determine a deployment manner of the desensitization tangent plane program according to the received desensitization request, where the deployment manner includes at least one of a static agent and a dynamic agent, and when the deployment manner is the dynamic agent, deploy the desensitization tangent plane program at a tangent point in a service application program corresponding to an application container through a preconfigured tangent plane base, so that when the service application program executes a service, the desensitization tangent plane program is executed, when the deployment manner is the static agent, the service application program is stopped from being executed, and through the tangent plane base, the desensitization tangent plane program is deployed at a tangent point in a service application program corresponding to the application container, and the service application program after deploying the desensitization tangent plane program is tested, and after the test is passed, the service application program is executed by the service application program.
Optionally, the deployment module 202 is configured to receive an opening instruction for the desensitization tangent plane program, switch a state corresponding to the desensitization tangent plane program to open through the tangent plane base, and execute the desensitization tangent plane program when the service application executes a service; or, receiving a closing instruction for the desensitization tangent plane program, switching the state corresponding to the desensitization tangent plane program to be closed, and when the service application program executes the service, not executing the desensitization tangent plane program.
Optionally, the desensitization tangent plane program includes a plurality of desensitization subroutines, where the desensitization subroutines are used to desensitize data conforming to sensitive features, and the sensitive features corresponding to the desensitization subroutines are not identical, and the deployment module 202 is configured to receive an opening instruction for the desensitization subroutines, determine, through the tangent plane base and according to a subroutine identifier in the opening instruction, the desensitization subroutine corresponding to the opening instruction in the desensitization tangent plane program, switch the state corresponding to the desensitization subroutine to open, and execute the desensitization subroutine when the desensitization tangent plane program is executed; or, receiving a closing instruction for the desensitization subprogram, determining the desensitization subprogram corresponding to the closing instruction, switching the state corresponding to the desensitization subprogram to closing, and when executing the desensitization tangent plane program, not executing the desensitization subprogram.
Optionally, the desensitization tangent plane program is stored in a tangent plane control platform, one or more desensitization tangent plane programs exist in the tangent plane control platform, each desensitization tangent plane program corresponds to an incompletely same sensitive feature, the determining module 200 is configured to receive a desensitization request, determine a program identifier carried in the desensitization request, and determine, according to the program identifier, a desensitization tangent plane program matched with the program identifier from among the desensitization tangent plane programs stored in the tangent plane control platform.
Optionally, the desensitization module 204 is configured to update the service data of the service application according to the desensitized service data, and determine a log file of the service application executing the service according to the updated service data.
Optionally, the desensitization tangent plane program is configured on a tangent plane control platform, and the desensitization module 204 is configured to determine a tangent point corresponding to the desensitization tangent plane program according to a received desensitization request, where the tangent point is located in the service application program, and when the service application program executes the tangent point, service data in a service execution process is acquired through the tangent plane base, and the service data is sent to the tangent plane control platform, so that the tangent plane control platform calls the desensitization tangent plane program to determine service data matched with the sensitive feature, and performs desensitization processing on the matched service data.
The present specification also provides a computer readable storage medium having stored thereon a computer program operable to perform the data desensitization method provided in fig. 1 above.
This specification also provides a schematic block diagram of the electronic device shown in fig. 4. As shown in fig. 4, at the hardware level, the electronic device includes a processor, an internal bus, a network interface, a memory, and a non-volatile memory, and may also include hardware required by other services. The processor reads the corresponding computer program from the non-volatile memory into the memory and then runs it to implement the data desensitization method described above with respect to fig. 1. Of course, besides the software implementation, the present specification does not exclude other implementations, such as logic devices or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit application container, and may also be hardware or logic devices.
In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD) (e.g., a Field Programmable Gate Array (FPGA)) is an integrated circuit whose Logic functions are determined by a user programming the Device. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually manufacturing an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development, but the original code before compiling is also written in a specific Programming Language, which is called Hardware Description Language (HDL), and the HDL is not only one kind but many kinds, such as abll (Advanced boot Expression Language), AHDL (alternate hard Description Language), traffic, CUPL (computer universal Programming Language), HDCal (Java hard Description Language), lava, lola, HDL, PALASM, software, rhydl (Hardware Description Language), and vhul-Language (vhyg-Language), which is currently used in the field. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functions of the various elements may be implemented in the same one or more software and/or hardware implementations of the present description.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, the description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
The description has been presented with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the description. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, the description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
This description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only an example of the present specification, and is not intended to limit the present specification. Various modifications and alterations to this description will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present specification should be included in the scope of the claims of the present specification.

Claims (10)

1. A method of data desensitization, the method comprising:
determining a desensitization tangent plane program and a tangent point corresponding to the desensitization tangent plane program according to the received desensitization request, wherein the desensitization tangent plane program is used for desensitizing data meeting the sensitivity characteristics;
deploying the desensitization tangent plane program at a tangent point in a service application program corresponding to an application container through a pre-deployed tangent plane base;
when the service application program executes the service, the desensitization tangent plane program deployed at the tangent point is used for determining the service data matched with the sensitive characteristics in the service execution process, and desensitizing the matched service data so as to continuously execute the service according to the desensitized service data.
2. The method according to claim 1, wherein the deploying of the desensitization section program at a section in the service application program corresponding to the application container through a pre-deployed section base specifically comprises:
determining a deployment mode of the desensitization tangent plane program according to the received desensitization request, wherein the deployment mode comprises at least one of a static agent and a dynamic agent;
when the deployment mode is dynamic proxy, deploying the desensitization tangent plane program at a tangent point in a service application program corresponding to an application container through a pre-deployed tangent plane base, so that when the service application program executes a service, the desensitization tangent plane program is executed;
and when the deployment mode is static agent, stopping executing the service application program, deploying the desensitization tangent plane program at a tangent point in the service application program corresponding to the application container through the tangent plane base, testing the service application program after the desensitization tangent plane program is deployed, and executing the service through the service application program after the test is passed.
3. The method of claim 1, further comprising:
receiving an opening instruction aiming at the desensitization tangent plane program, switching the state corresponding to the desensitization tangent plane program into opening through the tangent plane base, and executing the desensitization tangent plane program when the service application program executes a service; or the like, or a combination thereof,
and receiving a closing instruction aiming at the desensitization tangent plane program, switching the state corresponding to the desensitization tangent plane program to be closed, and not executing the desensitization tangent plane program when the service application program executes the service.
4. The method of claim 1, wherein the desensitization section procedure comprises a plurality of desensitization subroutines, wherein the desensitization subroutines are used for desensitizing data conforming to the sensitivity characteristics, and the sensitivity characteristics corresponding to each desensitization subroutine are not identical;
the method further comprises the following steps:
receiving an opening instruction aiming at the desensitization subprogram, determining the desensitization subprogram corresponding to the opening instruction in the desensitization section program according to the subprogram identifier in the opening instruction through the section base, switching the state corresponding to the desensitization subprogram to be opened, and executing the desensitization subprogram when the desensitization section program is executed; or the like, or, alternatively,
receiving a closing instruction aiming at the desensitization subprogram, determining the desensitization subprogram corresponding to the closing instruction, switching the state corresponding to the desensitization subprogram to be closed, and not executing the desensitization subprogram when executing the desensitization section program.
5. The method of claim 1, wherein the desensitization section programs are stored in a section management and control platform, wherein one or more desensitization section programs exist in the section management and control platform, and each desensitization section program corresponds to a sensitive feature which is not identical;
according to the received desensitization request, determining a desensitization section program, which specifically comprises the following steps:
receiving a desensitization request, and determining a program identifier carried in the desensitization request;
and determining desensitization tangent plane programs matched with the program identifiers from all desensitization tangent plane programs stored in the tangent plane control platform according to the program identifiers.
6. The method according to claim 1, wherein continuing to execute the service according to the desensitized service data specifically comprises:
updating the service data of the service application program according to the desensitized service data;
and determining a log file of the service application program executing the service according to the updated service data.
7. The method of claim 1, wherein the desensitization cut plane procedure is configured in a cut plane management and control platform;
the method further comprises the following steps:
determining a tangent point corresponding to a desensitization tangent plane program according to the received desensitization request, wherein the tangent point is positioned in the service application program;
when the service application program executes the tangent point, acquiring service data in a service execution process through the tangent plane base;
and sending the service data to the tangent plane control platform so that the tangent plane control platform calls the desensitization tangent plane program to determine the service data matched with the sensitive characteristics, and desensitizes the matched service data.
8. A data desensitization apparatus, the apparatus comprising:
the determination module is used for determining a desensitization tangent plane program and a tangent point corresponding to the desensitization tangent plane program according to the received desensitization request, wherein the desensitization tangent plane program is used for desensitizing data conforming to the desensitization characteristics;
the deployment module is used for deploying the desensitization tangent plane program at a tangent point in the service application program corresponding to the application container through a pre-deployed tangent plane base;
and the desensitization module is used for determining the service data matched with the sensitive characteristics in the service execution process through the desensitization tangent plane program deployed at the tangent point when the service application program executes the service, and performing desensitization processing on the matched service data so as to continuously execute the service according to the desensitized service data.
9. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method of any one of the preceding claims 1 to 7.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of any of the preceding claims 1 to 7 when executing the program.
CN202210845211.XA 2022-07-18 2022-07-18 Data desensitization method and device, readable storage medium and electronic equipment Pending CN115185534A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210845211.XA CN115185534A (en) 2022-07-18 2022-07-18 Data desensitization method and device, readable storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210845211.XA CN115185534A (en) 2022-07-18 2022-07-18 Data desensitization method and device, readable storage medium and electronic equipment

Publications (1)

Publication Number Publication Date
CN115185534A true CN115185534A (en) 2022-10-14

Family

ID=83519106

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210845211.XA Pending CN115185534A (en) 2022-07-18 2022-07-18 Data desensitization method and device, readable storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN115185534A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115357940A (en) * 2022-10-19 2022-11-18 支付宝(杭州)信息技术有限公司 Data processing method and device, storage medium and electronic equipment
CN115378735A (en) * 2022-10-19 2022-11-22 支付宝(杭州)信息技术有限公司 Data processing method and device, storage medium and electronic equipment
CN115374481A (en) * 2022-10-19 2022-11-22 支付宝(杭州)信息技术有限公司 Data desensitization processing method and device, storage medium and electronic equipment
CN115859368A (en) * 2023-02-07 2023-03-28 支付宝(杭州)信息技术有限公司 Data desensitization method, device, equipment and readable storage medium
CN115904365A (en) * 2023-02-14 2023-04-04 支付宝(杭州)信息技术有限公司 Interface resource identification method, device, equipment and readable storage medium
WO2024125108A1 (en) * 2022-12-14 2024-06-20 支付宝(杭州)信息技术有限公司 On-demand enabling method and apparatus for security aspect of mobile terminal

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115357940A (en) * 2022-10-19 2022-11-18 支付宝(杭州)信息技术有限公司 Data processing method and device, storage medium and electronic equipment
CN115378735A (en) * 2022-10-19 2022-11-22 支付宝(杭州)信息技术有限公司 Data processing method and device, storage medium and electronic equipment
CN115374481A (en) * 2022-10-19 2022-11-22 支付宝(杭州)信息技术有限公司 Data desensitization processing method and device, storage medium and electronic equipment
WO2024125108A1 (en) * 2022-12-14 2024-06-20 支付宝(杭州)信息技术有限公司 On-demand enabling method and apparatus for security aspect of mobile terminal
CN115859368A (en) * 2023-02-07 2023-03-28 支付宝(杭州)信息技术有限公司 Data desensitization method, device, equipment and readable storage medium
CN115904365A (en) * 2023-02-14 2023-04-04 支付宝(杭州)信息技术有限公司 Interface resource identification method, device, equipment and readable storage medium
CN115904365B (en) * 2023-02-14 2023-05-23 支付宝(杭州)信息技术有限公司 Interface resource identification method, device, equipment and readable storage medium

Similar Documents

Publication Publication Date Title
CN115185534A (en) Data desensitization method and device, readable storage medium and electronic equipment
US20200250302A1 (en) Security control method and computer system
CN115378735B (en) Data processing method and device, storage medium and electronic equipment
US8893222B2 (en) Security system and method for the android operating system
KR101970744B1 (en) Trust level activation
CN109032825B (en) Fault injection method, device and equipment
US10305962B1 (en) Unit testing clients of web services
CN109542506B (en) System capable of flexibly configuring interface and rapidly delivering service
CN115374481B (en) Data desensitization processing method and device, storage medium and electronic equipment
US11861364B2 (en) Circular shadow stack in audit mode
CN115357940A (en) Data processing method and device, storage medium and electronic equipment
CN115277142A (en) Safety protection method and device, storage medium and electronic equipment
CN115186270A (en) Vulnerability repairing method and device, storage medium and electronic equipment
CN111190692A (en) Monitoring method and system based on Roc processor and readable medium
CN115186269A (en) Vulnerability mining method and device, storage medium and electronic equipment
WO2024164707A1 (en) Data desensitization method and apparatus, device and readable storage medium
WO2018023368A1 (en) Enhanced security using scripting language-based hypervisor
CN115659340B (en) Counterfeit applet identification method and device, storage medium and electronic equipment
CN115495343A (en) Safety maintenance method and device, storage medium and electronic equipment
CN115357762A (en) Data verification method and device, storage medium and electronic equipment
CN115185847A (en) Fault testing method and device, storage medium and electronic equipment
CN115617471A (en) Service calling method and device, storage medium and electronic equipment
KR101862382B1 (en) Method and device for managing application data in Android
CN115495777A (en) Data protection method and device, storage medium and electronic equipment
US11733974B2 (en) Method and system for automatically creating instances of containerized servers

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination