CN117371018A - Desensitizing method, device and system for transaction data - Google Patents
Desensitizing method, device and system for transaction data Download PDFInfo
- Publication number
- CN117371018A CN117371018A CN202210759634.XA CN202210759634A CN117371018A CN 117371018 A CN117371018 A CN 117371018A CN 202210759634 A CN202210759634 A CN 202210759634A CN 117371018 A CN117371018 A CN 117371018A
- Authority
- CN
- China
- Prior art keywords
- transaction data
- transaction
- log
- desensitized
- real
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000000586 desensitisation Methods 0.000 claims abstract description 80
- 238000012544 monitoring process Methods 0.000 claims abstract description 22
- 230000007246 mechanism Effects 0.000 claims description 16
- 238000012545 processing Methods 0.000 claims description 10
- 230000008569 process Effects 0.000 abstract description 8
- 238000012546 transfer Methods 0.000 description 12
- 238000004891 communication Methods 0.000 description 5
- 238000004590 computer program Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/23—Updating
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Bioethics (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention provides a method, a device and a system for desensitizing transaction data, wherein the method comprises the following steps: by monitoring the log of the real-time transaction system, analyzing transaction related information from the log, acquiring corresponding transaction data in a database based on the transaction related information, and desensitizing the transaction data under the condition that sensitive information exists in the transaction data is determined, the desensitization task is stripped from the real-time transaction system, and the desensitized transaction data is rewritten in the database in a real-time and asynchronous mode, so that the risk of directly carrying out desensitization on the transaction data in the real-time transaction system is avoided, and the stability of the transaction process is improved.
Description
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a method, an apparatus, and a system for desensitizing transaction data.
Background
With the development of electronic information technology, transaction institutions such as banking systems and electronic commerce platforms store various transactions in the form of transaction data, which is a common data processing mode.
Because transaction data often contains relatively sensitive data such as account information, user information and the like, in order to avoid the risk of information leakage, the sensitive data in the transaction data should be stored after desensitization.
In the prior art, the acquisition and desensitization of transaction data is generally performed directly in a real-time transaction system of a transaction system or platform. Because the volume of transaction data processed by the transaction system or platform is larger, the transaction data is directly adjusted in the real-time transaction system, and great change risks exist.
Disclosure of Invention
The invention provides a method, a device and a system for desensitizing transaction data, which are used for solving the defect that the prior art directly desensitizes the transaction data in a real-time transaction system, so as to realize the effect of real-time and asynchronous desensitization of the transaction data.
In a first aspect, the invention provides a method of desensitising transaction data comprising:
monitoring logs of a real-time transaction system;
analyzing transaction related information from the log, and acquiring corresponding transaction data from a database according to the transaction related information;
under the condition that sensitive information exists in the transaction data, desensitizing the transaction data, and updating corresponding transaction data in the database according to the desensitized transaction data.
According to the desensitization method of transaction data provided by the invention, the log of a real-time transaction system is monitored, and the method comprises the following steps:
monitoring a message queue of a log acquisition component; the log acquisition component is used for acquiring the log of the real-time transaction system and outputting the acquired log to the message queue.
According to the method for desensitizing transaction data provided by the invention, the transaction data is desensitized, and the method comprises the following steps:
invoking an encryption service to desensitize the transaction data based on a desensitization rule matched with the type of the transaction data, wherein the encryption service is preset with at least one desensitization rule.
According to the method for desensitizing transaction data provided by the invention, the transaction data is desensitized, and the corresponding transaction data in the database is updated according to the desensitized transaction data, which comprises the following steps:
determining a field to be desensitized in the transaction data;
generating a replacement field of the field to be desensitized based on the desensitization rule; the desensitization rule comprises a corresponding relation between a field to be desensitized and a replacement field;
and replacing the field to be desensitized with the replacement field, generating desensitized transaction data, writing the desensitized transaction data into the database, and deleting the transaction data before desensitization.
In a second aspect, the present invention provides a transaction data desensitising apparatus comprising:
the real-time processing module is used for monitoring the log of the real-time transaction system;
the offline searching module is used for analyzing transaction association information from the log and acquiring corresponding transaction data from a database according to the transaction association information;
and the off-line desensitization module is used for desensitizing the transaction data under the condition that sensitive information exists in the transaction data, and updating the corresponding transaction data in the database according to the desensitized transaction data.
According to the desensitizing device for transaction data provided by the invention, the real-time processing module is specifically used for:
monitoring a message queue of a log acquisition component; the log acquisition component is used for acquiring the log of the real-time transaction system and outputting the acquired log to the message queue.
According to the desensitizing device for transaction data provided by the invention, the offline desensitizing module is specifically used for:
invoking an encryption service to desensitize the transaction data based on a desensitization rule matched with the type of the transaction data, wherein the encryption service is preset with at least one desensitization rule.
According to the desensitizing device for transaction data provided by the invention, the offline desensitizing module is specifically used for:
determining a field to be desensitized in the transaction data;
generating a replacement field of the field to be desensitized based on the desensitization rule; the desensitization rule comprises a corresponding relation between a field to be desensitized and a replacement field;
and replacing the field to be desensitized with the replacement field, generating desensitized transaction data, writing the desensitized transaction data into the database, and deleting the transaction data before desensitization.
In a third aspect, the present invention also provides a transaction data desensitization system, including a transaction data desensitization device, a log generation module and a log acquisition component according to any one of the second aspects;
the log generation module is used for acquiring transaction data and transaction related information thereof, writing the transaction data and the transaction related information thereof into a database, and writing the transaction related information into a log of a real-time transaction system;
the log acquisition component is used for acquiring logs of the real-time transaction system and outputting the logs to the message queue of the log acquisition component.
According to the desensitization system of transaction data provided by the invention, the log generation module is specifically used for: and checking the transaction mechanism in the transaction data based on a preset white list, and writing the transaction related information into a log of a real-time transaction system after the transaction mechanism passes the checking.
According to the method, the device and the system for desensitizing the transaction data, the log of the real-time transaction system is monitored, the transaction related information is analyzed from the log, the corresponding transaction data in the database is obtained based on the transaction related information, and the desensitization is carried out under the condition that the sensitive information exists in the transaction data is determined, so that the desensitization task is stripped from the real-time transaction system, the desensitized transaction data are rewritten into the database in a real-time and asynchronous mode, the risk of directly carrying out the desensitization of the transaction data in the real-time transaction system is avoided, and the stability of the transaction process is improved.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a method for desensitizing transaction data according to an embodiment of the present invention;
FIG. 2 is a second flow chart of a method for desensitizing transaction data according to an embodiment of the present invention;
FIG. 3 is a third flow chart of a method for desensitizing transaction data according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a device for desensitizing transaction data according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of the architecture of a transaction data desensitizing system provided by an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to specific embodiments of the present invention and corresponding drawings. It will be apparent that the described embodiments are only some, but not all, embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The following describes in detail the technical solutions provided by the embodiments of the present invention with reference to the accompanying drawings.
The embodiment of the invention discloses a desensitization method of transaction data, which is shown in fig. 1 and comprises the following steps 101-103:
and 101, monitoring logs of a real-time transaction system.
In particular, a listening time interval may be set for the real-time transaction system, for example 1 minute, and the log of the real-time transaction system is listened to every 1 minute of the interval.
The real-time transaction system can generate transaction data and transaction related information during operation, and can acquire the transaction data and the transaction related information thereof in advance, write the transaction data and the transaction related information thereof into a database and write the transaction related information into a log of the real-time transaction system.
Optionally, the transaction mechanism in the transaction data may be checked based on a preset white list, and after the verification is passed, the transaction related information is written into the log of the real-time transaction system.
It should be explained that the transaction data may include a plurality of fields for describing detailed information of the transaction process. For example, one piece of transaction data includes a user ID: thirdly, stretching; transfer account: 111111111111; transfer amount: 10000 yuan; target account: 222222222222; payment channel: the mobile phone bank pays fast; a transaction mechanism: mechanism a, etc.
The transaction association information is used as descriptive information of transaction data and comprises a positioning identification of the transaction data, the length of the transaction data, the number of fields and the like. Each transaction data has corresponding transaction association information to facilitate location finding.
In the process of writing the transaction association information into the log system, the corresponding log file generated by the corresponding field is extracted according to the log format.
In the embodiment, the log of the real-time transaction system is monitored, so that real-time and asynchronous monitoring is realized on the real-time transaction system, the monitoring and the real-time transaction are mutually independent and are carried out separately, and the transaction data corresponding to the log is conveniently desensitized in the database according to the transaction associated information analyzed by the log.
Step 102, analyzing transaction association information from the log, and acquiring corresponding transaction data from a database according to the transaction association information.
In addition, through monitoring the log of the real-time transaction system, when the newly added log information is monitored, the log information is analyzed from the log to obtain corresponding transaction related information, and corresponding transaction data is obtained from the database according to the transaction related information.
In the embodiment, the transaction data corresponding to the transaction related information is desensitized through real-time and asynchronous monitoring and analysis, so that the asynchronous side-branch non-core function is supplemented to the real-time transaction system, the unknown risk brought by changing the real-time transaction system is reduced, and the stability of the real-time transaction system is ensured.
Step 103, under the condition that sensitive information exists in the transaction data, desensitizing the transaction data, and updating the corresponding transaction data in the database according to the desensitized transaction data.
When the transaction data is desensitized, a predefined desensitization rule can be adopted, and the corresponding transaction data in the database is updated by the desensitized transaction data. Where desensitization of transaction data is required, the transaction data is desensitized.
Further, desensitizing the transaction data may include:
invoking an encryption service to desensitize the transaction data based on a desensitization rule matched with the type of the transaction data, wherein the encryption service is preset with at least one desensitization rule.
Specifically, at least one desensitization rule is preset in the encryption service, the type of the transaction data is determined under the condition of acquiring the transaction data, the corresponding desensitization rule is matched in the encryption service according to the type, and the transaction data is desensitized according to the corresponding desensitization rule. A determination may be made as to whether the transaction data contains sensitive information and its corresponding transaction data type by making a determination of the fields that the transaction data contains.
For example, the transaction data includes the mobile phone number 13811112222 of the user, and the information is sensitive information, and then the mobile phone number is desensitized based on the desensitization rule, so as to obtain the desensitized mobile phone number 138.
For another example, the transaction data includes the user's transfer account 111111111111, where the information is sensitive information, and then the transfer account is desensitized based on a desensitization rule, so as to obtain a desensitized transfer account of 1.
According to the method for desensitizing the transaction data, provided by the embodiment of the invention, the log of the real-time transaction system is monitored, the transaction related information is analyzed from the log, the corresponding transaction data in the database is acquired based on the transaction related information, and the desensitization is performed under the condition that the sensitive information exists in the transaction data is determined, so that the desensitization task is stripped from the real-time transaction system, the desensitized transaction data is rewritten in the database in a real-time and asynchronous mode, the risk of directly desensitizing the transaction data in the real-time transaction system is avoided, and the stability of the transaction process is improved.
Further, based on the above embodiment, step 101 may specifically be:
monitoring a message queue of a log acquisition component; the log acquisition component is used for acquiring the log of the real-time transaction system and outputting the acquired log to the message queue.
In this embodiment, the log collection of the real-time transaction system may be implemented by the log collection component Flume.
The jume component is a highly available, highly reliable, distributed, mass log collection, aggregation, and transmission component that can enable the movement of large amounts of log data from many different sources to a centralized data store.
In this embodiment, the log of the real-time transaction system is implemented by kafka. kafka is a high throughput distributed publish-subscribe messaging system that can be used for web/nginx logs, access logs, messaging services, and the like.
The log of the real-time transaction system is acquired through the log acquisition component, and the acquired log is output to a message queue of the log acquisition component, so that subsequent reading and analysis are facilitated.
Further, based on the above embodiment, referring to fig. 2, step 103 includes:
step 201, determining a field to be desensitized in the transaction data.
Step 202, generating a replacement field of the field to be desensitized based on the desensitization rule; wherein the desensitization rule comprises the correspondence between the fields to be desensitized and the replacement fields.
Step 203, replacing the field to be desensitized with the replacement field, generating desensitized transaction data, writing the desensitized transaction data into a database, and deleting the transaction data before desensitization.
Through steps 201-203, updating of transaction data containing sensitive information can be achieved, thereby enabling desensitization of the transaction data.
The embodiment of the invention discloses a method for desensitizing transaction data, which is shown in fig. 3, and comprises the following steps 301-309:
step 301, acquiring transaction data and transaction related information thereof through a real-time transaction system, and writing the transaction data and the transaction related information thereof into a database.
For the explanation of the transaction data and the transaction related information, refer to the foregoing embodiments, and are not described herein again.
Step 302, checking the transaction mechanism in the transaction data based on a preset white list.
The white list is preset and can be updated according to the requirement.
Wherein, the transaction data all carry the fields of the transaction mechanism. For example, if the transaction mechanism carried in one transaction data is the mechanism A4 and the mechanisms in the white list are the mechanisms A1 to A3, the transaction data is illegal transaction data, no subsequent steps are executed, and alarm information can be further generated to prompt the user and the background personnel of the transaction system.
And 303, after the verification is passed, writing the transaction related information into a log of a real-time transaction system.
Step 304, collecting logs of the real-time transaction system through a log collecting component, and outputting the collected logs to a message queue of the log collecting component to realize monitoring of the real-time transaction system.
Step 305, analyzing the log to obtain corresponding transaction association information, and obtaining corresponding transaction data in a database according to the transaction association information.
Step 306, calling, and calling a desensitization rule in the encryption service under the condition that sensitive information exists in the transaction data.
Wherein said encryption service stores at least one of said desensitization rules.
Step 307, determining a field to be desensitized in the transaction data.
Step 308, generating a replacement field of the field to be desensitized based on the desensitization rule; wherein the desensitization rule comprises the correspondence between the fields to be desensitized and the replacement fields.
Step 309, replacing the field to be desensitized with a replacement field, generating transaction data after desensitization, writing the transaction data after desensitization into the database, and deleting the transaction data before desensitization.
For example, a user name is included in one piece of transaction data: and thirdly, transferring accounts: 12345678, target account: 87654321, transfer amount 1000 yuan, determines the fields to be desensitized as user name, transfer account and target account.
In the desensitization rule, the user name only keeps surname, the account for transferring only keeps first and last digits, and the account for target only keeps first and last digits. Based on the above desensitization rule, the transfer account 12345678 is replaced with the transfer account 12345678 with the transfer account 1, and the target account 87654321 is replaced with the transfer account 8 with the transfer account 1.
And writing the desensitized sheet, 1, 8 and 8, 1 respectively into a database, and deleting transaction data before desensitization.
According to the method for desensitizing the transaction data, the transaction data and the transaction related information thereof are acquired through the real-time transaction system, the transaction data and the transaction related information thereof are written into the database, the transaction related information is written into the log, then the log is analyzed through monitoring the log of the real-time transaction system, and the corresponding transaction data in the database is acquired based on the analyzed transaction related information to desensitize, so that the desensitized task is stripped from the real-time transaction system, the desensitized transaction data are rewritten into the database through the offline system, the risk of directly carrying out desensitization on the transaction data in the real-time transaction system is avoided, and the stability of the transaction process is improved.
The following describes a desensitizing device for transaction data provided by the present invention, and the desensitizing device for transaction data described below and the desensitizing method for transaction data described above can be referred to correspondingly.
The embodiment of the invention discloses a desensitizing device for transaction data, which is shown in fig. 4 and comprises the following components:
a real-time processing module 401, configured to monitor a log of the real-time transaction system;
the offline searching module 402 is configured to parse transaction association information from the log, and obtain corresponding transaction data in a database according to the transaction association information;
and the offline desensitization module 403 is configured to desensitize the transaction data when it is determined that sensitive information exists in the transaction data, and update corresponding transaction data in the database according to the desensitized transaction data.
Optionally, the apparatus further comprises:
the log generation module is used for acquiring transaction data and transaction related information thereof, writing the transaction data and the transaction related information thereof into a database, and writing the transaction related information into a log of the real-time transaction system;
the log acquisition component is used for acquiring logs of the real-time transaction system and outputting the logs to the message queue of the log acquisition component.
Optionally, the log collection component is specifically configured to verify the transaction mechanism in the transaction data based on a preset whitelist, and write the transaction related information into a log of the real-time transaction system after the verification is passed.
Optionally, the real-time processing module 401 is specifically configured to:
monitoring a message queue of a log acquisition component; the log acquisition component is used for acquiring the log of the real-time transaction system and outputting the acquired log to the message queue.
Optionally, the offline desensitization module 403 is specifically configured to:
invoking an encryption service to desensitize the transaction data based on a desensitization rule matched with the type of the transaction data, wherein the encryption service is preset with at least one desensitization rule.
Optionally, the offline desensitization module 403 is specifically configured to:
determining a field to be desensitized in the transaction data;
generating a replacement field of the field to be desensitized based on the desensitization rule; the desensitization rule comprises a corresponding relation between a field to be desensitized and a replacement field;
and replacing the field to be desensitized with the replacement field, generating desensitized transaction data, writing the desensitized transaction data into the database, and deleting the transaction data before desensitization.
According to the desensitization device for the transaction data, provided by the embodiment of the invention, the log of the real-time transaction system is monitored, the transaction related information is analyzed from the log, the corresponding transaction data in the database is obtained based on the transaction related information, and the desensitization is performed under the condition that the sensitive information exists in the transaction data is determined, so that the desensitization task is stripped from the real-time transaction system, the desensitized transaction data is rewritten in the database in a real-time and asynchronous mode, the risk of directly carrying out the desensitization of the transaction data in the real-time transaction system is avoided, and the stability of the transaction process is improved.
It can be understood that the above-mentioned desensitizing device for transaction data can implement the steps of the desensitizing method for transaction data provided in the foregoing embodiments, and the relevant explanation about the desensitizing method for transaction data is applicable to the desensitizing device for transaction data, which is not described herein.
The following describes a transaction data desensitizing system provided by the invention, and the transaction data desensitizing system described below and the transaction data desensitizing method and the transaction data desensitizing device described above can be referred to correspondingly.
The embodiment of the invention discloses a desensitization system of transaction data, referring to fig. 5, comprising: the desensitizing device for any transaction data specifically comprises a real-time processing module 501, an offline searching module 502, an offline desensitizing module 503, a log generating module 504 and a log collecting module 505;
a real-time processing module 501, configured to monitor a log of the real-time transaction system;
the offline searching module 502 is configured to parse transaction related information from the log, and obtain corresponding transaction data in a database according to the transaction related information;
an offline desensitization module 503, configured to desensitize the transaction data when it is determined that sensitive information exists in the transaction data, and update corresponding transaction data in the database according to the desensitized transaction data;
the log generation module 504 is configured to obtain transaction data and transaction related information thereof, write the transaction data and the transaction related information thereof into a database, and write the transaction related information into a log of a real-time transaction system;
the log collection component 505 is configured to collect a log of the real-time transaction system, and output the log to a message queue of the log collection component.
Further, the log generation module 504 is specifically configured to: and checking the transaction mechanism in the transaction data based on a preset white list, and writing the transaction related information into a log of a real-time transaction system after the transaction mechanism passes the checking.
According to the transaction data desensitization system provided by the embodiment of the invention, the transaction data and the transaction related information thereof are acquired through the log generation module, the transaction data and the transaction related information thereof are written into the database, and the transaction related information is written into the log of the real-time transaction system. And acquiring a log of the real-time transaction system through a log acquisition component, and outputting the log to a message queue of the log acquisition component. By monitoring the log of the real-time transaction system, analyzing transaction related information from the log, acquiring corresponding transaction data in a database based on the transaction related information, and performing desensitization under the condition that sensitive information exists in the transaction data is determined, so that the desensitization task is stripped from the real-time transaction system, and the desensitized transaction data is rewritten in the database in a real-time and asynchronous mode, the risk of directly performing desensitization on the transaction data in the real-time transaction system is avoided, and the stability of the transaction process is improved.
Fig. 6 illustrates a physical schematic diagram of an electronic device, as shown in fig. 6, which may include: processor 610, communication interface (Communications Interface) 620, memory 630, and communication bus 640, wherein processor 610, communication interface 620, and memory 630 communicate with each other via communication bus 640. The processor 610 may invoke logic instructions in the memory 630 to perform a method of desensitizing transaction data, including:
monitoring logs of a real-time transaction system;
analyzing transaction related information from the log, and acquiring corresponding transaction data from a database according to the transaction related information;
under the condition that sensitive information exists in the transaction data, desensitizing the transaction data, and updating corresponding transaction data in the database according to the desensitized transaction data.
Further, the logic instructions in the memory 630 may be implemented in the form of software functional units and stored in a computer-readable storage medium when sold or used as a stand-alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform a method of desensitizing transaction data provided by the methods described above, comprising:
monitoring logs of a real-time transaction system;
analyzing transaction related information from the log, and acquiring corresponding transaction data from a database according to the transaction related information;
under the condition that sensitive information exists in the transaction data, desensitizing the transaction data, and updating corresponding transaction data in the database according to the desensitized transaction data.
In yet another aspect, the present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, is implemented to perform the method of desensitizing transaction data provided above, comprising:
monitoring logs of a real-time transaction system;
analyzing transaction related information from the log, and acquiring corresponding transaction data from a database according to the transaction related information;
under the condition that sensitive information exists in the transaction data, desensitizing the transaction data, and updating corresponding transaction data in the database according to the desensitized transaction data.
The apparatus embodiments described above are merely illustrative, wherein the modules illustrated as separate components may or may not be physically separate, and the components shown as modules may or may not be physical, i.e., may be located in one place, or may be distributed over a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. A method of desensitizing transaction data, comprising:
monitoring logs of a real-time transaction system;
analyzing transaction related information from the log, and acquiring corresponding transaction data from a database according to the transaction related information;
under the condition that sensitive information exists in the transaction data, desensitizing the transaction data, and updating corresponding transaction data in the database according to the desensitized transaction data.
2. The method of desensitizing transaction data according to claim 1, wherein listening to logs of real-time transaction systems comprises:
monitoring a message queue of a log acquisition component; the log acquisition component is used for acquiring the log of the real-time transaction system and outputting the acquired log to the message queue.
3. A method of desensitizing transaction data according to claim 1, wherein desensitizing said transaction data comprises:
invoking an encryption service to desensitize the transaction data based on a desensitization rule matched with the type of the transaction data, wherein the encryption service is preset with at least one desensitization rule.
4. A method of desensitizing transaction data according to claim 3, wherein said transaction data is desensitized and corresponding transaction data in said database is updated based on said desensitized transaction data, comprising:
determining a field to be desensitized in the transaction data;
generating a replacement field of the field to be desensitized based on the desensitization rule; the desensitization rule comprises a corresponding relation between a field to be desensitized and a replacement field;
and replacing the field to be desensitized with the replacement field, generating desensitized transaction data, writing the desensitized transaction data into the database, and deleting the transaction data before desensitization.
5. A transaction data desensitizing device, comprising:
the real-time processing module is used for monitoring the log of the real-time transaction system;
the offline searching module is used for analyzing transaction association information from the log and acquiring corresponding transaction data from a database according to the transaction association information;
and the off-line desensitization module is used for desensitizing the transaction data under the condition that sensitive information exists in the transaction data, and updating the corresponding transaction data in the database according to the desensitized transaction data.
6. The transaction data desensitizing apparatus according to claim 5, wherein said real-time processing module is specifically configured to:
monitoring a message queue of a log acquisition component; the log acquisition component is used for acquiring the log of the real-time transaction system and outputting the acquired log to the message queue.
7. The transaction data desensitizing apparatus according to claim 5, wherein said offline desensitizing module is specifically configured to:
invoking an encryption service to desensitize the transaction data based on a desensitization rule matched with the type of the transaction data, wherein the encryption service is preset with at least one desensitization rule.
8. The transaction data desensitizing apparatus according to claim 7, wherein said offline desensitizing module is specifically configured to:
determining a field to be desensitized in the transaction data;
generating a replacement field of the field to be desensitized based on the desensitization rule; the desensitization rule comprises a corresponding relation between a field to be desensitized and a replacement field;
and replacing the field to be desensitized with the replacement field, generating desensitized transaction data, writing the desensitized transaction data into the database, and deleting the transaction data before desensitization.
9. A system for desensitizing transaction data, comprising: a desensitising apparatus for transaction data, a log generation module and a log collection component according to any one of claims 5 to 8;
the log generation module is used for acquiring transaction data and transaction related information thereof, writing the transaction data and the transaction related information thereof into a database, and writing the transaction related information into a log of a real-time transaction system;
the log acquisition component is used for acquiring logs of the real-time transaction system and outputting the logs to the message queue of the log acquisition component.
10. The transaction data desensitization system according to claim 9, wherein said log generation module is specifically configured to: and checking the transaction mechanism in the transaction data based on a preset white list, and writing the transaction related information into a log of a real-time transaction system after the transaction mechanism passes the checking.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210759634.XA CN117371018A (en) | 2022-06-29 | 2022-06-29 | Desensitizing method, device and system for transaction data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210759634.XA CN117371018A (en) | 2022-06-29 | 2022-06-29 | Desensitizing method, device and system for transaction data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117371018A true CN117371018A (en) | 2024-01-09 |
Family
ID=89404586
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210759634.XA Pending CN117371018A (en) | 2022-06-29 | 2022-06-29 | Desensitizing method, device and system for transaction data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117371018A (en) |
-
2022
- 2022-06-29 CN CN202210759634.XA patent/CN117371018A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106020948B (en) | A kind of process dispatch method and device | |
| CN107391359B (en) | Service testing method and device | |
| CN110598008A (en) | Data quality inspection method and device for recorded data and storage medium | |
| US11886818B2 (en) | Method and apparatus for detecting anomalies in mission critical environments | |
| CN111061696A (en) | Method and device for analyzing transaction message log | |
| CN111783415B (en) | Template configuration method and device | |
| CN110046086B (en) | Expected data generation method and device for test and electronic equipment | |
| CN107016613B (en) | Data modification method and device | |
| CN111506455B (en) | Checking method and device for service release result | |
| CN117371018A (en) | Desensitizing method, device and system for transaction data | |
| CN110727759A (en) | Method and device for determining theme of voice information | |
| CN113569879B (en) | Training method of abnormal recognition model, abnormal account recognition method and related device | |
| CN109726550A (en) | Abnormal operation behavioral value method, apparatus and computer readable storage medium | |
| CN112948341A (en) | Method and apparatus for identifying abnormal network device logs | |
| CN109685662A (en) | Investment data processing method, device, computer equipment and its storage medium | |
| CN111752847A (en) | Interface comparison method, micro server, computer readable storage medium and electronic device | |
| CN111683128A (en) | Information sending method, device, prejudgment server and storage medium | |
| CN110414186B (en) | Data asset segmentation verification method and device | |
| US20240185196A1 (en) | Reduced memory resources for proactive monitoring of electronic transactions | |
| CN114971643B (en) | Abnormal transaction identification method, device, equipment and storage medium | |
| CN112449062B (en) | Malicious fee deduction identification method and device, electronic equipment and storage medium | |
| CN117762674A (en) | Abnormal data processing method and device, storage medium and electronic equipment | |
| CN115099202A (en) | Report file processing method and device, intelligent device and storage medium | |
| CN117035794A (en) | Analysis method and system for illegal funds transfer risk transaction | |
| CN117149165A (en) | Service code generation method, device and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |