CN116028971A - Method, system, equipment and storage medium for desensitizing enterprise credit investigation data - Google Patents
Method, system, equipment and storage medium for desensitizing enterprise credit investigation data Download PDFInfo
- Publication number
- CN116028971A CN116028971A CN202211681567.0A CN202211681567A CN116028971A CN 116028971 A CN116028971 A CN 116028971A CN 202211681567 A CN202211681567 A CN 202211681567A CN 116028971 A CN116028971 A CN 116028971A
- Authority
- CN
- China
- Prior art keywords
- data
- final
- desensitization
- encrypted
- desensitizing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method, a system, equipment and a storage medium for desensitizing enterprise credit investigation data, which belong to the technical field of data processing and input data to be encrypted; performing preliminary data desensitization on the data to be encrypted by using a summary algorithm to generate preliminary encrypted data; creating an API interface service, and creating a correlation table of primary encrypted data and final desensitized data; inputting primary encrypted data; inquiring a data association table to generate final desensitization data; the interface service configures access authority, sets user name and password for the user of each access system, and records the access times and frequency of each user interface. The method effectively prevents a decipherer from deciphering in a mode of a password dictionary table, and enhances the safety protection of desensitized data.
Description
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a method, a system, an apparatus, and a storage medium for desensitizing enterprise credit data.
Background
The data desensitization is also called data privacy removal, and under the condition of given desensitization rules and strategies, the technical means for converting or modifying the sensitive data prevents the sensitive data from being directly used in an unreliable environment, thereby realizing the reliable protection of the sensitive privacy data. In enterprise credit investigation business, the information of the enterprises at the upstream and downstream of the main enterprise belongs to sensitive information, and along with the enhancement of the data security consciousness of people, a safe and effective data desensitization method is established.
In the process of realizing the invention, the inventor finds the following technical problems: in the prior art, the sensitive information protection mainly adopts mainstream abstract algorithms such as Md5, SHA and the like. Because the enterprise name and the tax payer unified identification number are public information and the number is limited, a dictionary table is generated by a decryptor through a summarization algorithm on the total information, and the enterprise information is easy to decrypt, so that the safety coefficient of the existing data desensitization method is not high.
Disclosure of Invention
In order to solve the problems in the prior art, the invention provides a method, a system, equipment and a storage medium for desensitizing enterprise credit investigation data.
In a first aspect, an embodiment of the present invention provides a method for desensitizing enterprise credit data, including the following steps:
s1, inputting data to be encrypted;
s2, performing preliminary data desensitization on the data to be encrypted by using a summary algorithm to generate preliminary encrypted data;
s3, creating an API interface service, and creating a correlation table of primary encrypted data and final desensitized data;
s4, inputting primary encrypted data;
s5, inquiring a data association table to generate final desensitization data;
s6, the interface service configures access authority, a user name and a password are set for a user of each access system, and the access times and the access frequency of each user interface are recorded.
In a second aspect, an embodiment of the present invention further provides a system for desensitizing enterprise credit data, including:
the first input module is used for inputting data to be encrypted;
the first desensitization module is used for carrying out preliminary data desensitization on the data to be encrypted by utilizing a summary algorithm to generate preliminary encrypted data;
the creation module is used for creating an API interface service and creating a correlation table of the primary encryption data and the final desensitization data;
the second input module is used for inputting primary encryption data;
the second desensitization module is used for inquiring the data association table and generating final desensitization data;
the recording module is used for configuring access rights for the interface service, setting a user name and a password for a user of each access system, and recording the access times and the access frequency of each user interface.
In a third aspect, an embodiment of the present invention further provides an electronic device, including:
one or more processors;
storage means for storing one or more programs,
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of desensitizing enterprise credit data as provided by the embodiments described above.
In a fourth aspect, embodiments of the present invention also provide a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform a method of desensitizing enterprise credit data as provided by the above embodiments.
Compared with the prior art, the invention has the following beneficial technical effects:
the original data is protected from being output in a plaintext, and meanwhile, the encrypted data generated by the same original data through a desensitization algorithm is unique, so that the desensitized data can be subjected to subsequent service as usual, a claimant is effectively prevented from carrying out the claimation through a password dictionary, and the safety protection of the desensitized data being claimated is enhanced.
Drawings
Other features, objects and advantages of the present invention will become more apparent upon reading of the detailed description of non-limiting embodiments, made with reference to the accompanying drawings in which:
FIG. 1 is a flow chart of a method for desensitizing enterprise credit data provided in accordance with an embodiment of the invention;
FIG. 2 is a flow chart of a method for desensitizing enterprise credit data provided in accordance with a second embodiment of the invention;
FIG. 3 is a block diagram of a system for desensitizing corporate credit data provided by a third embodiment of the present invention;
fig. 4 is a block diagram of an electronic device according to a fourth embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting thereof. It should be further noted that, for convenience of description, only some, but not all of the structures related to the present invention are shown in the drawings.
Example 1
Fig. 1 is a flowchart of a method for desensitizing enterprise credit data according to an embodiment of the present invention, where the embodiment is applicable to the case of sensitive information processing, the method may be performed by a system for desensitizing enterprise credit data, and specifically includes the following steps:
the data to be encrypted are enterprise names, tax payer unified identification numbers and the like.
And 102, performing preliminary data desensitization on the data to be encrypted by using a summary algorithm to generate preliminary encrypted data.
The digest algorithm can select MD5 and SHA-256 digest algorithms, and the MD5 and SHA-256 digest algorithms are realized by using an open source code class library in order to ensure that encrypted data generated by the same original data are consistent.
Packaging a method, wherein the input parameters of the method are data to be encrypted and a primary encryption mode MD5/SHA-256; introducing a JAVA open source Util tool class jar package in a JAVA development environment, and carrying out a digest algorithm on data to be encrypted by using an MD5/SHA digest algorithm example; and outputting the primary encrypted data.
And 103, creating an API interface service and creating a table for associating the primary encrypted data with the final desensitized data.
The interface service provides data desensitization interface service for a plurality of systems of the credit company, when the system is implemented, when primary encrypted data is generated by the same system, the abstract algorithm is required to be uniformly designated as MD5 or SHA-256, and the data consistency is ensured when the desensitized data is output to a partner.
The association table can use main stream relational databases Mysql and Oracle, and the data items of the association table are self-increment main key id, primary encryption data, primary encryption mode, final desensitization data, creation time and latest inquiry time.
The method comprises the steps of carrying out unique constraint on a data item 'primary encryption data', and acquiring unique 'final desensitization data' by inquiring the data item 'primary encryption data'; the unique "primary encrypted data" can be obtained by querying the data item "final desensitized data".
104, inputting primary encrypted data;
and 105, inquiring the data association table to generate final desensitization data.
The interface service follows RESTful specification, the communication mode is http, the data format is json, primary encrypted data and the encryption mode are input in json request message, and final desensitized data are returned in interface return message.
And 106, configuring access rights by the interface service, setting a user name and a password for a user of each access system, and recording the access times and the access frequency of each user interface.
The embodiment desensitizes the data to be encrypted to generate primary encrypted data through a summary algorithm, creates an interface service and an association table, outputs the primary encrypted data as final desensitized data, and simultaneously configures access rights to record the access times and frequency of each user interface. In the enterprise credit investigation business, the enterprise name and the tax payer unified identification number are safely protected, the problems that a translator breaks enterprise information and the like in a password dictionary form are solved, and anonymous users and external addresses are effectively prevented from directly accessing interface services.
Example two
Fig. 2 is a flowchart of a method for desensitizing enterprise credit data according to a second embodiment of the present invention, where the optimization is performed based on the foregoing embodiment, and specifically includes:
Further, a Java open source UUID generation tool class associated with a machine MAC address, a time stamp and a random number for generating the desensitized data is adopted, the UUID length is 32 bits, a connector '-' is removed, the final desensitized data is saved in an association table, and the final desensitized data is returned.
The system set value is reported and uploaded when the user opens the account, and the system is set, for example, the access times per day are set to be within 5000 times.
In the embodiment, the data to be encrypted is desensitized to generate primary encrypted data through a summary algorithm, an interface service and an associated table are created, the primary encrypted data is input, the associated table is subjected to full-table scanning description inquiry, whether a record of final desensitized data exists or not is inquired, the record is output as the final desensitized data, meanwhile, access authority records of each user interface are configured, the access times and the access frequency of each user interface are configured, and offline abnormality reason communication is carried out on access abnormal users. The original data is protected from being output in a plaintext, so that the encrypted data generated by the same original data through a desensitization algorithm is unique, the desensitized data is subjected to subsequent service as usual, meanwhile, a decryptor is prevented from decoding in a mode of a password dictionary table, and the security protection of decoding the desensitized data is enhanced.
Example III
Fig. 3 is a block diagram of a system for desensitizing enterprise credit data according to a third embodiment of the invention, as shown in fig. 3, where the system includes:
a first input module 301, configured to input data to be encrypted;
the first desensitization module 302 is configured to perform preliminary data desensitization on the data to be encrypted by using a summary algorithm, so as to generate preliminary encrypted data;
the creating module 303 is configured to create an API interface service, and create a table associated with primary encrypted data and final desensitized data;
a second input module 304 for inputting primary encrypted data;
a second desensitizing module 305, configured to query the data association table to generate final desensitized data;
the recording module 306 is configured to configure access rights for the interface service, set a user name and a password for the user of each access system, and record the access times and the access frequency of each user interface.
The system for desensitizing enterprise credit data provided by the embodiment can execute the method for desensitizing enterprise credit data provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
Example IV
Fig. 4 is a schematic structural diagram of an electronic device according to a fourth embodiment of the present invention. Fig. 4 illustrates a block diagram of an exemplary electronic device 12 suitable for use in implementing embodiments of the present invention. The electronic device 12 shown in fig. 4 is merely an example and should not be construed as limiting the functionality and scope of use of embodiments of the present invention.
As shown in fig. 4, the electronic device 12 is in the form of a general purpose computing device. Components of the electronic device 12 may include, but are not limited to: one or more processors or processing units 16, a system memory 28, a bus 18 that connects the various system components, including the system memory 28 and the processing units 16.
The system memory 28 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM) 30 and/or cache memory 32. The electronic device 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from or write to non-removable, nonvolatile magnetic media (not shown in FIG. 4, commonly referred to as a "hard disk drive"). Although not shown in fig. 4, a magnetic disk drive for reading from and writing to a removable non-volatile magnetic disk (e.g., a "floppy disk"), and an optical disk drive for reading from or writing to a removable non-volatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In such cases, each drive may be coupled to bus 18 through one or more data medium interfaces. The system memory 28 may include at least one program product having a set (e.g., at least one) of program modules configured to carry out the functions of the embodiments of the invention.
A program/utility 40 having a set (at least one) of program modules 42 may be stored in, for example, system memory 28, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment. Program modules 42 generally perform the functions and/or methods of the embodiments described herein.
The electronic device 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, etc.), one or more devices that enable a user to interact with the electronic device 12, and/or any devices (e.g., network card, modem, etc.) that enable the electronic device 12 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 22. Also, the electronic device 12 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet, through a network adapter 20. As shown, the network adapter 20 communicates with other modules of the electronic device 12 over the bus 18. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 12, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
The processing unit 16 executes various functional applications and data processing by running programs stored in the system memory 28, such as implementing the method for desensitizing enterprise credit data provided by embodiments of the present invention.
Example five
A fifth embodiment of the present invention also provides a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform a method for desensitizing enterprise credit data as provided in any of the above embodiments.
The computer storage media of embodiments of the invention may take the form of any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
Note that the above is only a preferred embodiment of the present invention and the technical principle applied. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, while the invention has been described in connection with the above embodiments, the invention is not limited to the embodiments, but may be embodied in many other equivalent forms without departing from the spirit or scope of the invention, which is set forth in the following claims.
Claims (8)
1. A method for desensitizing credit data for an enterprise, comprising the steps of:
s1, inputting data to be encrypted;
s2, performing preliminary data desensitization on the data to be encrypted by using a summary algorithm to generate preliminary encrypted data;
s3, creating an API interface service, and creating a correlation table of primary encrypted data and final desensitized data;
s4, inputting primary encrypted data;
s5, inquiring a data association table to generate final desensitization data;
s6, the interface service configures access authority, a user name and a password are set for a user of each access system, and the access times and the access frequency of each user interface are recorded.
2. The method of claim 1, further comprising, after S6:
when the access times and the frequency of the user interface exceed the system set values, the abnormal access users are judged, and on-line abnormality cause communication is carried out on the abnormal access users.
3. The method of desensitizing enterprise credit data according to claim 1, wherein said association table comprises:
the data items of the association table are self-increment primary key id, primary encryption data, a primary encryption mode, final desensitization data, creation time and latest inquiry time;
the method comprises the steps of carrying out unique constraint on a data item 'primary encryption data', and acquiring unique 'final desensitization data' by inquiring the data item 'primary encryption data'; the unique "primary encrypted data" can be obtained by querying the data item "final desensitized data".
4. The method for desensitizing corporate credit data according to claim 1, wherein said S5 comprises:
performing full-table scanning description inquiry on the association table, and if a record of final desensitization data exists in the association table, returning the final desensitization data; if there is no record of final desensitization data, final desensitization data is generated.
5. The method of desensitizing against corporate credit data according to claim 4, wherein said generating final desensitized data comprises:
and generating tool classes by adopting Java open source UUIDs associated with the machine MAC addresses, the time stamps and the random numbers for generating the desensitized data, wherein the UUIDs are 32 bits in length, removing the connector '-', storing the final desensitized data into an association table, and returning the final desensitized data.
6. A system for desensitizing credit data for an enterprise, comprising:
the first input module is used for inputting data to be encrypted;
the first desensitization module is used for carrying out preliminary data desensitization on the data to be encrypted by utilizing a summary algorithm to generate preliminary encrypted data;
the creation module is used for creating an API interface service and creating a correlation table of the primary encryption data and the final desensitization data;
the second input module is used for inputting primary encryption data;
the second desensitization module is used for inquiring the data association table and generating final desensitization data;
the recording module is used for configuring access rights for the interface service, setting a user name and a password for a user of each access system, and recording the access times and the access frequency of each user interface.
7. An electronic device, the electronic device comprising:
one or more processors;
storage means for storing one or more programs,
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of desensitizing enterprise credit data according to any of claims 1-5.
8. A storage medium containing computer-executable instructions which, when executed by a computer processor, are for performing the method of desensitizing to corporate credit data as claimed in any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211681567.0A CN116028971A (en) | 2022-12-27 | 2022-12-27 | Method, system, equipment and storage medium for desensitizing enterprise credit investigation data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211681567.0A CN116028971A (en) | 2022-12-27 | 2022-12-27 | Method, system, equipment and storage medium for desensitizing enterprise credit investigation data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116028971A true CN116028971A (en) | 2023-04-28 |
Family
ID=86073531
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211681567.0A Pending CN116028971A (en) | 2022-12-27 | 2022-12-27 | Method, system, equipment and storage medium for desensitizing enterprise credit investigation data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116028971A (en) |
-
2022
- 2022-12-27 CN CN202211681567.0A patent/CN116028971A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110414268B (en) | Access control method, device, equipment and storage medium | |
| CN106971121B (en) | Data processing method, device, server and storage medium | |
| US8166313B2 (en) | Method and apparatus for dump and log anonymization (DALA) | |
| US7693849B2 (en) | Masking object data based on user authorization | |
| US9542563B2 (en) | Accessing protected content for archiving | |
| US9081978B1 (en) | Storing tokenized information in untrusted environments | |
| US9069986B2 (en) | Providing access control for public and private document fields | |
| US10666647B2 (en) | Access to data stored in a cloud | |
| US10482277B2 (en) | Security application for data security formatting, tagging and control | |
| US20080077806A1 (en) | Encrypting and decrypting database records | |
| US20220198052A1 (en) | Data storage method, device, and storage medium | |
| US10169600B2 (en) | Encryption policies for various nodes of a file | |
| CN103051600A (en) | File access control method and system | |
| CN109657492B (en) | Database management method, medium, and electronic device | |
| US20130238581A1 (en) | Transparent real-time access to encrypted non-relational data | |
| CN110889130A (en) | Database-based fine-grained data encryption method, system and device | |
| CN104834835A (en) | Universal digital rights protection method under Windows platform | |
| CN112307515A (en) | Database-based data processing method and device, electronic equipment and medium | |
| CN112150113A (en) | Method, device and system for borrowing file data and method for borrowing data | |
| CN111046405B (en) | Data processing method, device, equipment and storage medium | |
| CN116522358A (en) | Data encryption method, device, computing equipment and storage medium | |
| US9853817B2 (en) | Generating enhanced digital signatures for artifacts | |
| CN109325360B (en) | Information management method and device | |
| CN114978605A (en) | Page access method and device, electronic equipment and storage medium | |
| CN113282959A (en) | Service data processing method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |