CN117454425A - Data desensitization method and device and electronic equipment - Google Patents
Data desensitization method and device and electronic equipment Download PDFInfo
- Publication number
- CN117454425A CN117454425A CN202311527187.6A CN202311527187A CN117454425A CN 117454425 A CN117454425 A CN 117454425A CN 202311527187 A CN202311527187 A CN 202311527187A CN 117454425 A CN117454425 A CN 117454425A
- Authority
- CN
- China
- Prior art keywords
- data
- desensitization
- target
- rule
- sensitive field
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000586 desensitisation Methods 0.000 title claims abstract description 150
- 238000000034 method Methods 0.000 title claims abstract description 59
- 238000012545 processing Methods 0.000 claims description 12
- 238000005516 engineering process Methods 0.000 abstract description 5
- 230000008569 process Effects 0.000 description 8
- 230000008859 change Effects 0.000 description 3
- 230000003044 adaptive effect Effects 0.000 description 2
- 238000009960 carding Methods 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 230000000873 masking effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013503 de-identification Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 230000026676 system process Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6254—Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a data desensitizing method, a data desensitizing device and electronic equipment. Wherein the method comprises the following steps: acquiring data to be processed sent based on a target account; invoking a sensitive field rule base, wherein the sensitive field rule base comprises a plurality of sensitive field rules, and the plurality of sensitive field rules correspond to different sensitive field types; traversing rules in a matching sensitive field rule base until a target matching rule matched with the data to be processed is determined; determining a target desensitization rule corresponding to the target matching rule; and desensitizing the data to be processed according to the target desensitizing rule to obtain target desensitizing data. The invention solves the technical problem of low desensitization efficiency caused by inputting data into corresponding desensitization rules for desensitization when the data are desensitized in the related technology.
Description
Technical Field
The invention relates to the field of data desensitization, in particular to a data desensitization method, a data desensitization device and electronic equipment.
Background
In the related art, the data desensitization is performed according to the authority of a user and the type of the data, and the requirements of a service system, namely, the desensitization logic is realized independently by almost every code block needing to use the data, namely, the related data is required to be input into the corresponding desensitization rule for desensitization. However, the service system consumes a plurality of interfaces and code logics, is transformed after full-disc carding, and has lower desensitization efficiency and huge cost. And, the service system becomes a thing that needs long-term internal operation in continuous update iteration.
In view of the above problems, no effective solution has been proposed at present.
Disclosure of Invention
The embodiment of the invention provides a data desensitizing method, a data desensitizing device and electronic equipment, which are used for at least solving the technical problem of low desensitizing efficiency caused by inputting data into corresponding desensitizing rules for desensitizing when the data are desensitized in the related technology.
According to an aspect of an embodiment of the present invention, there is provided a data desensitizing method including: acquiring data to be processed sent based on a target account; invoking a sensitive field rule base, wherein the sensitive field rule base comprises a plurality of sensitive field rules, and the plurality of sensitive field rules correspond to different sensitive field types; traversing rules in a matching sensitive field rule base until a target matching rule matched with the data to be processed is determined; determining a target desensitization rule corresponding to the target matching rule; and desensitizing the data to be processed according to the target desensitizing rule to obtain target desensitizing data.
Optionally, obtaining the data to be processed sent based on the target account includes: creating an initial section class; defining a traversal matching sub-class and a data desensitization sub-class in the initial section class to obtain a target section class, wherein a plurality of sensitive field rules are arranged in the traversal matching sub-class, and desensitization rules respectively corresponding to the plurality of sensitive field rules are arranged in the data desensitization sub-class; and acquiring the data to be processed sent based on the target account through the target section class.
Optionally, before the sensitive field rule base is invoked, the method further comprises: determining whether the data type of the data to be processed is a character string type; and calling the sensitive field rule base under the condition that the data type of the data to be processed is a character string type.
Optionally, invoking the sensitive field rule base includes: and under the condition that the data to be processed carries the service type, calling a sensitive field rule base corresponding to the service type.
Optionally, before determining the target desensitization rule corresponding to the target matching rule, the method further includes: and under the condition that the data to be processed carries the account identity, a plurality of desensitization rules corresponding to the account identity are called, wherein the plurality of desensitization rules are in one-to-one correspondence with the plurality of sensitive field rules.
Optionally, desensitizing the data to be processed according to a target desensitizing rule to obtain target desensitized data, including: and returning the target desensitization data to the terminal equipment corresponding to the target account.
Optionally, the target desensitization rule comprises at least one of: replacing the character desensitization rule, deleting the character desensitization rule, and exchanging the character position desensitization rule.
According to an aspect of an embodiment of the present invention, there is provided a data desensitizing apparatus including: the acquisition module is used for acquiring data to be processed sent based on the target account; the retrieval module is used for retrieving a sensitive field rule base, wherein the sensitive field rule base comprises a plurality of sensitive field rules, and the plurality of sensitive field rules correspond to different sensitive field types; the matching module is used for traversing rules in the matching sensitive field rule base until a target matching rule matched with the data to be processed is determined; the determining module is used for determining a target desensitization rule corresponding to the target matching rule; and the desensitization module is used for carrying out desensitization treatment on the data to be treated according to the target desensitization rule to obtain target desensitization data.
According to an aspect of an embodiment of the present invention, there is provided an electronic apparatus including: a processor; a memory for storing processor-executable instructions; wherein the processor is configured to execute instructions to implement a data desensitization method as in any of the above.
According to an aspect of embodiments of the present invention, there is provided a computer readable storage medium, which when executed by a processor of an electronic device, causes the electronic device to perform a data desensitization method as any one of the above.
In the embodiment of the invention, the data to be processed sent based on the target account is obtained, and the sensitive field rule base is called, wherein the sensitive field rule base comprises a plurality of sensitive field rules, and the plurality of sensitive field rules correspond to different sensitive field types. Traversing rules in the rule base of the matching sensitive fields until a target matching rule matched with the data to be processed is determined. And determining a target desensitization rule corresponding to the target matching rule, and desensitizing the data to be processed according to the target desensitization rule to obtain target desensitization data so as to achieve the aim of desensitizing the data. Because the sensitive field rule library comprising a plurality of sensitive field rules is directly called in the implementation process of the method, the rules corresponding to various data can be identified to be subjected to corresponding desensitization treatment, so that high-efficiency desensitization is realized, and the technical problem of low desensitization efficiency caused by inputting the data into the corresponding desensitization rules when the data are subjected to desensitization in the related technology is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiments of the invention and together with the description serve to explain the invention and do not constitute a limitation on the invention. In the drawings:
FIG. 1 is a flow chart of a data desensitization method according to an embodiment of the invention;
fig. 2 is a block diagram of a data desensitizing apparatus according to an embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
First, partial terms or terminology appearing in describing embodiments of the present application are applicable to the following explanation:
custom notes (Custom Annotations): in the Java programming language, custom annotations (Custom Annotations) are a form of metadata that can add additional information to the code so that compilers, tools, and other frameworks can recognize and process the information. Custom annotations allow developers to insert metadata in code and can be used for compile-time checking, runtime processing, and code generation. Custom annotations are defined by the developer and can be attached to program elements such as classes, methods, fields, etc. Custom annotations themselves are written similar to ordinary Java interfaces, but are defined using the @ interface key instead of interface. The annotations may contain elements that may provide values when using the annotations. The elements of the custom annotations may be basic data types, strings, enumerations, annotations, or array types.
Desensitization (Data Masking): also known as data de-identification or data masking, is a data protection technique used to protect the privacy of sensitive data. The main purpose of desensitization is to reduce exposure to sensitive information during data use, storage or sharing, thereby reducing the risk of data disclosure and privacy violations. Desensitization preserves the format and structure of data by replacing sensitive data with virtual data or generic data, but deletes or modifies critical information so that the data cannot be easily identified or restored back to the original state. By doing so, the privacy of the data can be protected to a certain extent, so that even if the data is leaked in the data processing process, the exposure of sensitive information is not caused.
Example 1
In accordance with an embodiment of the present invention, there is provided an embodiment of a data desensitization method, it being noted that the steps shown in the flowcharts of the figures may be performed in a computer system such as a set of computer executable instructions, and although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order other than that shown or described herein.
FIG. 1 is a flow chart of a method of desensitizing data according to an embodiment of the invention, as shown in FIG. 1, the method comprising the steps of:
step S102, obtaining data to be processed sent based on a target account;
in the providing step S102, the data to be processed sent based on the target account is obtained, where the data to be processed may be data with a desensitization requirement, such as identity information, mailbox information, etc. of the user corresponding to the account. Since the data to be processed may be various data, the required desensitization rule is different for different data, for example, three data of name, telephone and mailbox, and the corresponding desensitization rule should not be the same. Therefore, the method provided by the application can solve the problem of realizing desensitization of different data in one interface.
Step S104, a sensitive field rule base is called, wherein the sensitive field rule base comprises a plurality of sensitive field rules, and the plurality of sensitive field rules correspond to different sensitive field types;
in the step S104, the rule base for sensitive fields includes a plurality of rules for sensitive fields, where the plurality of rules for sensitive fields correspond to different types of sensitive fields, and the plurality of rules for sensitive fields are used to identify different sensitive fields, for example, when 2-4 Chinese characters are identified, the rule base may be considered as a name, or an additional condition is added, if the first word is a surname, the data to be processed may be considered as a name. For example, when @ and @ com are identified, the data to be processed may be considered a mailbox, and so on. The identification rules of other sensitive fields are not described in detail herein.
It is known that the sensitive field rule is a rule capable of identifying different field types. It should be noted that, since some fields are easily confused, an anti-confusion mechanism may be added in this step, and for similar fields, more strict judgment conditions or more precise judgment conditions may be set to accurately analyze what field is.
Step S106, traversing rules in the matching sensitive field rule base until a target matching rule matched with the data to be processed is determined;
in the providing step S106, since the rule base of the sensitive field includes a plurality of rules, the identification may be traversed one by one according to a certain sequence until the target matching rule matching the data to be processed is determined. The time consumption problem caused by matching all rules is avoided.
It should be noted that if the data type of the data to be processed is identified as a, but there is a data type B that is easily confused with a, and the data type B is not identified by traversal in the process of traversal identification, a rule corresponding to B may be extracted to identify, and if not, the data type B may be determined as the data type a.
Step S108, determining a target desensitization rule corresponding to the target matching rule;
in the providing step S108, the target desensitization rule corresponding to the target matching rule is directly determined, that is, when the data type is a, the rule corresponding to a is determined, and when the data type is B, the rule corresponding to B is determined. For example, when the data type is a name, the corresponding desensitization rule may be a reserved last name, and the first name is hidden, when the data type is a number, the corresponding desensitization rule may be a hidden middle number, and the corresponding desensitization rule may also omit numbers of last digits, which is not limited herein, and may be set in a user-defined manner according to actual applications and scenes.
In performing data desensitization, the goal is to encrypt the data to ensure the privacy of sensitive information. The degree of desensitization generally requires that the data be processed such that it cannot be restored to the original information to avoid information leakage. However, it should be noted that excessive modification during desensitization may result in the data losing its original characteristics. Thus, in practice, the appropriate desensitization rule is selected according to the specific scenario.
And step S110, desensitizing the data to be processed according to the target desensitizing rule to obtain target desensitized data.
In the providing step S110, the data to be processed is desensitized according to the target desensitization rule, so as to achieve the purpose of obtaining the target desensitized data.
Through the steps S102-S110, the data to be processed sent based on the target account is obtained, and the sensitive field rule base is called, wherein the sensitive field rule base includes a plurality of sensitive field rules, and the plurality of sensitive field rules correspond to different sensitive field types. Traversing rules in the rule base of the matching sensitive fields until a target matching rule matched with the data to be processed is determined. And determining a target desensitization rule corresponding to the target matching rule, and desensitizing the data to be processed according to the target desensitization rule to obtain target desensitization data so as to achieve the aim of desensitizing the data. Because the sensitive field rule library comprising a plurality of sensitive field rules is directly called in the implementation process of the method, the rules corresponding to various data can be identified to be subjected to corresponding desensitization treatment, so that high-efficiency desensitization is realized, and the technical problem of low desensitization efficiency caused by inputting the data into the corresponding desensitization rules when the data are subjected to desensitization in the related technology is solved.
As an optional embodiment, obtaining the data to be processed sent based on the target account includes: creating an initial section class; defining a traversal matching sub-class and a data desensitization sub-class in the initial section class to obtain a target section class, wherein a plurality of sensitive field rules are arranged in the traversal matching sub-class, and desensitization rules respectively corresponding to the plurality of sensitive field rules are arranged in the data desensitization sub-class; and acquiring the data to be processed sent based on the target account through the target section class.
In this embodiment, an initial facet class is created, i.e., a method that automatically enters a facet-oriented programming AOP facet processing center by annotation. It will be appreciated that a class is marked as a section class using the @ Aspect' annotation, and then the specific logic of the section is defined using the @ Around @ Befor @ After @ et al annotation. Thus, when the method being cut into is called, the logic in the section class is automatically executed. Therefore, the method can be set as a flexible middleware, is convenient to change and call, and is beneficial to the execution of the method provided by the application.
And defining traversal matching subclasses and data desensitizing subclasses in the initial tangent plane class to obtain the target tangent plane class. Namely, a plurality of methods are set in the section class, wherein a plurality of sensitive field rules are set in the traversal matching subclass, and desensitization rules respectively corresponding to the plurality of sensitive field rules are set in the data desensitization subclass. So as to realize the matching of sensitive fields, determine the desensitization rule and achieve the aim of desensitizing according to the desensitization rule.
And acquiring the data to be processed sent based on the target account through the target section class, and accessing the data to be processed into the target section class for processing. The traversal matching subclass and the data desensitizing subclass in the subclasses can be flexibly called, rules can be flexibly and adaptively modified, and the flexibility of the method provided by the application is improved.
As an alternative embodiment, before the sensitive field rule base is invoked, the method further comprises: determining whether the data type of the data to be processed is a character string type; and calling the sensitive field rule base under the condition that the data type of the data to be processed is a character string type.
In this embodiment, the steps preceding the retrieval of the sensitive field rule base are described, before which it can be determined whether the data type of the data to be processed is a character string type, and in the case where the data type of the data to be processed is not a character string type, it is generally considered that it does not need to be desensitized and therefore it is not processed. In the case that the data type of the data to be processed is a character string type, the data is considered to have the possible requirement of desensitization, so that a sensitive field rule base needs to be called for rule matching. By the step, the resource occupation and consumption caused by repeated matching when the data to be processed does not need to be desensitized are avoided.
As an alternative embodiment, invoking the sensitive field rule base includes: and under the condition that the data to be processed carries the service type, calling a sensitive field rule base corresponding to the service type.
In this embodiment, a case is described in which a service type is carried in a service to be processed, and in this case, a sensitive field rule base corresponding to the service type is called. Because the received data is different in different traffic type scenarios, the required matching rules are different, and because the received data may be different, the bias of the data is also different, because these differences may cause differences in the matching fields. Thus, different sensitive field rule libraries can be set for different traffic types for adaptive processing. And calling a sensitive field rule base corresponding to the service type, so as to carry out targeted processing.
As an alternative embodiment, before determining the target desensitization rule corresponding to the target matching rule, the method further includes: and under the condition that the data to be processed carries the account identity, a plurality of desensitization rules corresponding to the account identity are called, wherein the plurality of desensitization rules are in one-to-one correspondence with the plurality of sensitive field rules.
In this embodiment, a case is described in which the data to be processed carries an account identifier, and in this case, a plurality of desensitization rules corresponding to the account identifier are invoked, where the plurality of desensitization rules are in one-to-one correspondence with the plurality of sensitive field rules. Because the required desensitization strength may be different due to account differences, the desensitization rules may be different due to these differences. Thus, different sensitive field rule libraries can be set for different traffic types for adaptive processing. And calling a sensitive field rule base corresponding to the service type, so as to carry out targeted processing.
As an alternative embodiment, the desensitizing treatment is performed on the data to be treated according to the target desensitizing rule, so as to obtain target desensitized data, including: and returning the target desensitization data to the terminal equipment corresponding to the target account.
In this embodiment, after the desensitization processing is performed, desensitization data can be obtained, and the target desensitization data is returned to the terminal device corresponding to the target account, so that the desensitization data is displayed on the terminal device, a user corresponding to the target account can see the desensitization data, check whether the desensitization data is suitable, and give feedback when unsuitable, and the system processes according to the feedback, so that the use experience of the user is improved, and the privacy of the user is ensured.
As an alternative embodiment, the target desensitization rule comprises at least one of: replacing the character desensitization rule, deleting the character desensitization rule, and exchanging the character position desensitization rule.
In this embodiment, it is illustrated what type of rule the target desensitization rule may comprise, in the method provided in the present application, the target desensitization rule comprises at least one of: replacing the character desensitization rule, deleting the character desensitization rule, and exchanging the character position desensitization rule. The character desensitization rule is that several characters are replaced by other characters, or special symbols, such as a sign, etc. Deleting the character desensitization rule is to delete several characters. The character position change desensitization rule is to change the positions of a certain character and other characters in the characters. This embodiment provides different desensitization rules, which promotes the flexibility of the present application in the desensitization process.
Based on the foregoing embodiments and optional embodiments, an optional implementation is provided, and is specifically described below.
In the related art, the data desensitization is performed according to the user authority and the data type and the service system requirement, and the desensitization logic is realized independently almost by each code block needing to use the data. The service system consumes a plurality of interfaces and code logics of data, and the service system needs to be modified after full-disc carding, so that the cost is huge. The service system is subject to continuous updating iteration, and desensitization becomes a matter needing long-term internal operation.
In view of this, an alternative embodiment of the present invention provides a data desensitizing method, which can directly retrieve a sensitive field rule library including a plurality of sensitive field rules, so that rules corresponding to various data can be identified to perform corresponding desensitizing processing on the rules, thereby implementing efficient desensitization, and further solving the technical problem of low desensitizing efficiency caused by inputting data into corresponding desensitizing rules when desensitizing the data in the related art.
S1, creating an initial section class;
s2, defining a traversal matching sub-class and a data desensitization sub-class in the initial section class to obtain a target section class, wherein a plurality of sensitive field rules are arranged in the traversal matching sub-class, and desensitization rules respectively corresponding to the plurality of sensitive field rules are arranged in the data desensitization sub-class;
that is, the processing of the interface logic is performed.
S3, obtaining the data to be processed sent based on the target account through the target section class.
Namely, after the interface logic is processed, the method automatically enters the AOP section processing center in an annotation mode.
S4, determining whether the data type of the data to be processed is a character string type;
that is, the object attribute may be returned through a loop, judging whether the attribute is String type.
S5, under the condition that the data type of the data to be processed is a character string type, a sensitive field rule base is called, wherein the sensitive field rule base comprises a plurality of sensitive field rules, and the plurality of sensitive field rules correspond to different sensitive field types;
s6, traversing rules in a matching sensitive field rule base until a target matching rule matched with the data to be processed is determined;
namely, after confirming that the character type is adopted, traversing the hit attribute sensitive type, then carrying out corresponding automatic desensitization according to the rule, and returning the result object attribute.
S7, determining a target desensitization rule corresponding to the target matching rule;
and S8, desensitizing the data to be processed according to the target desensitizing rule to obtain target desensitized data.
By the alternative embodiments, at least the following advantages can be achieved:
(1) The unified maintenance system unifies the desensitization recognition and the desensitization rule of sensitive fields, thereby being convenient for unified management;
(2) Development workload is reduced, sensitive field recognition work is directly reduced by research and development, and automatic recognition is realized;
(3) The method solves the technical problem of low desensitization efficiency caused by inputting data into corresponding desensitization rules for desensitization when the data are desensitized in the related art.
It should be noted that, for simplicity of description, the foregoing method embodiments are all described as a series of acts, but it should be understood by those skilled in the art that the present invention is not limited by the order of acts described, as some steps may be performed in other orders or concurrently in accordance with the present invention. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily required for the present invention.
From the description of the above embodiments, it will be clear to a person skilled in the art that the method according to the above embodiments may be implemented by means of software plus the necessary general hardware platform, but of course also by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising several instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method of the various embodiments of the present invention.
Example 2
According to an embodiment of the present invention, there is also provided an apparatus for implementing the above data desensitizing method, and fig. 2 is a block diagram of a data desensitizing apparatus according to an embodiment of the present invention, as shown in fig. 2, including: the means for obtaining 202, retrieving 204, matching 206, determining 208 and desensitizing 210 are described in more detail below.
An obtaining module 202, configured to obtain data to be processed sent based on a target account; the retrieving module 204 is connected to the acquiring module 202, and is configured to retrieve a sensitive field rule library, where the sensitive field rule library includes a plurality of sensitive field rules, and the plurality of sensitive field rules correspond to different sensitive field types; the matching module 206 is connected to the retrieving module 204, and is configured to traverse rules in the matching sensitive field rule base until a target matching rule matching the data to be processed is determined; a determining module 208, coupled to the matching module 206, for determining a target desensitization rule corresponding to the target matching rule; the desensitization module 210 is connected to the determination module 208, and is configured to desensitize the data to be processed according to the target desensitization rule, so as to obtain target desensitized data.
The obtaining module 202 is further configured to create an initial section class; defining a traversal matching sub-class and a data desensitization sub-class in the initial section class to obtain a target section class, wherein a plurality of sensitive field rules are arranged in the traversal matching sub-class, and desensitization rules respectively corresponding to the plurality of sensitive field rules are arranged in the data desensitization sub-class; and acquiring the data to be processed sent based on the target account through the target section class.
The retrieving module 204 is further configured to determine whether a data type of the data to be processed is a string type; and calling the sensitive field rule base under the condition that the data type of the data to be processed is a character string type.
The retrieving module 204 is further configured to, in case the data to be processed carries a service type, retrieve a sensitive field rule base corresponding to the service type.
The determining module 208 is further configured to invoke a plurality of desensitization rules corresponding to the account identifier if the data to be processed carries the account identifier, where the plurality of desensitization rules are in one-to-one correspondence with the plurality of sensitive field rules.
The desensitizing module 210 is further configured to return target desensitizing data to a terminal device corresponding to the target account.
It should be noted that the above-mentioned obtaining module 202, the retrieving module 204, the matching module 206, the determining module 208 and the desensitizing module 210 correspond to the steps S102 to S110 in implementing the data desensitizing method, and the plurality of modules are the same as the examples and application scenarios implemented by the corresponding steps, but are not limited to those disclosed in the above-mentioned embodiment 1.
Example 3
According to another aspect of the embodiment of the present invention, there is also provided an electronic device including: a processor; a memory for storing processor-executable instructions, wherein the processor is configured to execute the instructions to implement the data desensitization method of any of the above.
Example 4
According to another aspect of embodiments of the present invention, there is also provided a computer-readable storage medium, which when executed by a processor of an electronic device, causes the electronic device to perform the data desensitization method of any one of the above.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
In the foregoing embodiments of the present invention, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed technology content may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of units may be a logic function division, and there may be another division manner in actual implementation, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server or a network device, etc.) to perform all or part of the steps of the method of the various embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely a preferred embodiment of the present invention and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present invention, which are intended to be comprehended within the scope of the present invention.
Claims (10)
1. A method of desensitizing data, comprising:
acquiring data to be processed sent based on a target account;
invoking a sensitive field rule base, wherein the sensitive field rule base comprises a plurality of sensitive field rules, and the plurality of sensitive field rules correspond to different sensitive field types;
traversing rules in the rule base of the sensitive fields until a target matching rule matched with the data to be processed is determined;
determining a target desensitization rule corresponding to the target matching rule;
and performing desensitization treatment on the data to be treated according to the target desensitization rule to obtain target desensitization data.
2. The method of claim 1, wherein the obtaining the data to be processed sent based on the target account comprises:
creating an initial section class;
defining a traversal matching sub-class and a data desensitization sub-class in the initial section class to obtain a target section class, wherein the traversal matching sub-class is provided with a plurality of sensitive field rules, and the data desensitization sub-class is provided with desensitization rules respectively corresponding to the plurality of sensitive field rules;
and acquiring the data to be processed sent based on the target account through the target section class.
3. The method of claim 1, further comprising, prior to said retrieving the sensitive field rule base:
determining whether the data type of the data to be processed is a character string type;
and calling the sensitive field rule base under the condition that the data type of the data to be processed is a character string type.
4. The method of claim 1, wherein the call-sensitive field rule base comprises:
and under the condition that the data to be processed carries the service type, calling a sensitive field rule base corresponding to the service type.
5. The method of claim 1, wherein prior to determining the target desensitization rule corresponding to the target matching rule, further comprising:
and under the condition that the data to be processed carries the account identity, a plurality of desensitization rules corresponding to the account identity are called, wherein the plurality of desensitization rules are in one-to-one correspondence with the plurality of sensitive field rules.
6. The method of claim 1, wherein the desensitizing the data to be processed according to the target desensitizing rule, after obtaining target desensitized data, further comprises:
and returning the target desensitization data to the terminal equipment corresponding to the target account.
7. The method according to any one of claims 1 to 6, characterized in that the target desensitization rule comprises at least one of: replacing the character desensitization rule, deleting the character desensitization rule, and exchanging the character position desensitization rule.
8. A data desensitizing apparatus, comprising:
the acquisition module is used for acquiring data to be processed sent based on the target account;
the system comprises a calling module, a calling module and a judging module, wherein the calling module is used for calling a sensitive field rule base, the sensitive field rule base comprises a plurality of sensitive field rules, and the plurality of sensitive field rules correspond to different sensitive field types;
the matching module is used for traversing and matching rules in the sensitive field rule base until a target matching rule matched with the data to be processed is determined;
the determining module is used for determining a target desensitization rule corresponding to the target matching rule;
and the desensitization module is used for carrying out desensitization processing on the data to be processed according to the target desensitization rule to obtain target desensitization data.
9. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to execute instructions to implement a data desensitization method according to any one of claims 1-7.
10. A computer readable storage medium, characterized in that instructions in the computer readable storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the data desensitization method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311527187.6A CN117454425A (en) | 2023-11-15 | 2023-11-15 | Data desensitization method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311527187.6A CN117454425A (en) | 2023-11-15 | 2023-11-15 | Data desensitization method and device and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117454425A true CN117454425A (en) | 2024-01-26 |
Family
ID=89581698
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311527187.6A Pending CN117454425A (en) | 2023-11-15 | 2023-11-15 | Data desensitization method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117454425A (en) |
-
2023
- 2023-11-15 CN CN202311527187.6A patent/CN117454425A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110414261B (en) | Data desensitization method, device, equipment and readable storage medium | |
| CN109032825B (en) | Fault injection method, device and equipment | |
| US9697058B2 (en) | Method, computer program and apparatus for controlling access to a computer resource and obtaining a baseline therefor | |
| CN105787366A (en) | Android software visualization safety analysis method based on module relations | |
| CN110489310B (en) | Method and device for recording user operation, storage medium and computer equipment | |
| CN110032568B (en) | Data structure reading and updating method and device, and electronic equipment | |
| CN112597762B (en) | Blockchain system with intelligent contract data supervision function and supervision method | |
| CN111861465A (en) | Detection method and device based on intelligent contract, storage medium and electronic device | |
| CN111881471A (en) | Non-intrusive log data desensitization method, device and system | |
| CN111240772B (en) | Block chain-based data processing method, device and storage medium | |
| CN113366474A (en) | System, method and storage medium for obfuscating a computer program by representing control flow of the computer program as data | |
| CN108255967A (en) | Call method, device, storage medium and the terminal of storing process | |
| CN113254470B (en) | Data modification method, device, computer equipment and storage medium | |
| CN112069052A (en) | Abnormal object detection method, device, equipment and storage medium | |
| US20220019687A1 (en) | Systems for and methods of data obfuscation | |
| CN112364022A (en) | Information derivation management method and device, computer equipment and readable storage medium | |
| CN117454425A (en) | Data desensitization method and device and electronic equipment | |
| CN116340989A (en) | Data desensitization method and device, electronic equipment and storage medium | |
| US20210326411A1 (en) | Systems and methods for a governance engine | |
| CN113297622A (en) | Log desensitization method, system, electronic equipment and storage medium | |
| CN114625372A (en) | Automatic component compiling method and device, computer equipment and storage medium | |
| CN110221952B (en) | Service data processing method and device and service data processing system | |
| Kaiya et al. | Eliciting security requirements for an information system using asset flows and processor deployment | |
| Yee et al. | Automated threat identification for UML | |
| CN109740338B (en) | Method and device for creating permission space and computer-readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |