CN118350033A - Data desensitization processing method, apparatus, and computer-readable storage medium - Google Patents

Data desensitization processing method, apparatus, and computer-readable storage medium Download PDF

Info

Publication number
CN118350033A
CN118350033A CN202410435896.XA CN202410435896A CN118350033A CN 118350033 A CN118350033 A CN 118350033A CN 202410435896 A CN202410435896 A CN 202410435896A CN 118350033 A CN118350033 A CN 118350033A
Authority
CN
China
Prior art keywords
data
desensitization
view
target
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410435896.XA
Other languages
Chinese (zh)
Inventor
王春龙
杨波
杨丰
胡微微
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Qixun Xinyou Technology Co ltd
Original Assignee
Shenzhen Qixun Xinyou Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Qixun Xinyou Technology Co ltd filed Critical Shenzhen Qixun Xinyou Technology Co ltd
Priority to CN202410435896.XA priority Critical patent/CN118350033A/en
Publication of CN118350033A publication Critical patent/CN118350033A/en
Pending legal-status Critical Current

Links

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a data desensitization processing method, equipment and a computer readable storage medium, wherein the method comprises the following steps: acquiring an original data table to be desensitized; generating a view table corresponding to the original data table, wherein the view table comprises partial data or all data in the original data table; and performing desensitization treatment on the target data in the view table according to a desensitization strategy. The invention avoids the difference of application of the data desensitization technology on different database systems due to the fact that different database systems possibly have different data structures and operation modes by desensitizing the data of the view chart, adapts to different database systems, and improves the compatibility and expandability of the data desensitization technology.

Description

Data desensitization processing method, apparatus, and computer-readable storage medium
Technical Field
The present invention relates to the field of computer technology, and in particular, to a data desensitization processing method, apparatus, and computer readable storage medium.
Background
With the expansion of the application range of data and the increase of the risk of data leakage, protecting the privacy of data has become an important challenge. Data desensitization techniques have been developed to reduce the sensitivity of data, thereby meeting the need for privacy protection. The data desensitization technology can achieve the aim of hiding the original data information by carrying out encryption, replacement, blurring and other treatments on the data, and simultaneously reserves the format and structure of the data to ensure that the data is not easy to identify and utilize under unauthorized access. However, different database systems may adopt different desensitization strategies and algorithms, so that the desensitization results of the same sensitive data in different systems are inconsistent, the desensitization rules become complicated, difficult to manage and maintain, and security holes are easy to generate.
Disclosure of Invention
The invention mainly aims to provide a data desensitization processing method, equipment and a computer readable storage medium, and aims to solve the problems that the desensitization rule becomes complicated, difficult to manage and maintain and easy to generate security holes due to inconsistent desensitization results of the same piece of sensitive data in different systems.
In order to achieve the above object, the present invention provides a data desensitization processing method, which includes the following steps:
acquiring an original data table to be desensitized;
Generating a view table corresponding to the original data table, wherein the view table comprises partial data or all data in the original data table;
and performing desensitization treatment on the target data in the view table according to a desensitization strategy.
Optionally, after the step of desensitizing the target data in the view table according to the desensitizing policy, the method further includes:
acquiring a query request input by a user for the view chart;
and acquiring and outputting the desensitized data corresponding to the query request based on the view chart.
Optionally, after the step of desensitizing the target data in the view table according to the desensitizing policy, the method further includes:
acquiring other data tables associated with the original data table;
and merging and outputting the view table and the other data tables.
Optionally, the step of obtaining other data tables associated with the original data table includes:
determining other data tables associated with the view table based on a selection operation of a candidate data table by a user; and/or the number of the groups of groups,
Determining other data tables associated with the view table according to historical operation information of a user on the candidate data tables; and/or the number of the groups of groups,
And determining other data tables associated with the view table according to the service requirements of the user.
Optionally, before the step of desensitizing the target data in the view table according to the desensitizing policy, the method further includes:
Determining a desensitization level corresponding to the target data according to an application scene and/or user permission and/or data type;
and determining a desensitization strategy corresponding to the target data according to the desensitization level.
Optionally, the step of generating the view table corresponding to the original data table includes:
When the number of the original data tables is at least two, generating a view chart according to at least two original data tables;
Before the step of desensitizing the target data in the view table according to the desensitizing strategy, the method further comprises the following steps:
And determining the desensitization strategy according to the data sources corresponding to at least two original data tables.
Optionally, the step of generating a view table from at least two of the original data tables includes:
acquiring dimension information of at least two original data tables;
determining multiple groups of target dimensions according to the dimension information of at least two original data tables;
determining a target line head of the view table based on a plurality of groups of the target dimensions;
and generating the view chart based on the target line head and the data corresponding to the target line head.
Optionally, after the step of desensitizing the target data in the view table according to the desensitizing policy, the method further includes:
Returning to execute the step of generating the view chart corresponding to the original data table when the preset recovery condition is met; or updating a data plaintext policy corresponding to the desensitization policy, and processing target data in the view table according to the data plaintext policy;
acquiring target data which are not desensitized;
Wherein the preset recovery condition includes at least one of:
receiving a query request of a preset user for the view chart, wherein the authority of the preset user is greater than a preset authority level;
the storage time of the target data in the view table is larger than a preset time threshold;
the desensitization level of the target data in the view table is smaller than a preset level threshold.
In order to achieve the above object, the present invention also provides a data desensitization processing apparatus including a memory, a processor, and a data desensitization processing program stored in the memory and executable on the processor, which when executed by the processor, implements the respective steps of the data desensitization processing method as described above.
To achieve the above object, the present invention also provides a computer-readable storage medium storing a data desensitization processing program which, when executed by a processor, implements the respective steps of the data desensitization processing method described above.
The invention provides a data desensitization processing method, equipment and a computer readable storage medium, which are used for acquiring an original data table to be desensitized; generating a view table corresponding to the original data table, wherein the view table comprises partial data or all data in the original data table; and performing desensitization treatment on the target data in the view chart according to the desensitization strategy. By adopting the data replacement and mask shielding modes, the data desensitization efficiency and accuracy are improved, and the desensitized data are ensured to meet the safety and confidentiality requirements. By desensitizing the data of the view chart, the situation that different database systems possibly have different data structures and operation modes, so that the application of the data desensitizing technology on the different database systems is different is avoided, the data desensitizing technology is suitable for the different database systems, the compatibility and the expandability of the data desensitizing technology are improved, the data desensitization is realized on the premise of not changing the data in the data table, and the influence on the data table is reduced.
Drawings
FIG. 1 is a schematic diagram of a hardware configuration of a data desensitizing processing apparatus according to an embodiment of the present invention;
FIG. 2 is a flow chart of a first embodiment of a data desensitizing method according to the present invention;
FIG. 3 is a flow chart of a second embodiment of the data desensitizing method of the present invention;
FIG. 4 is a flow chart of a third embodiment of the data desensitizing method of the present invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The main solutions of the embodiments of the present invention are: acquiring an original data table to be desensitized; generating a view table corresponding to the original data table, wherein the view table comprises partial data or all data in the original data table; and performing desensitization treatment on the target data in the view chart according to the desensitization strategy. By adopting the data replacement and mask shielding modes, the data desensitization efficiency and accuracy are improved, and the desensitized data are ensured to meet the safety and confidentiality requirements. By desensitizing the data of the view chart, the situation that different database systems possibly have different data structures and operation modes, so that the application of the data desensitizing technology on the different database systems is different is avoided, the data desensitizing technology is suitable for the different database systems, the compatibility and the expandability of the data desensitizing technology are improved, the data desensitization is realized on the premise of not changing the data in the data table, and the influence on the data table is reduced.
As an implementation, the data desensitization processing apparatus may be as shown in fig. 1.
The embodiment of the invention relates to data desensitization processing equipment, which comprises: a processor 101, such as a CPU, a memory 102, and a communication bus 103. Wherein the communication bus 103 is used to enable connected communication among the components.
The memory 102 may be a high-speed RAM memory or a stable memory (non-volatilememory), such as a disk memory. As shown in fig. 1, a data desensitization processing program may be included in a memory 102 as a computer-readable storage medium; and processor 101 may be configured to invoke the data desensitization handler stored in memory 102 and perform the following operations:
acquiring an original data table to be desensitized;
Generating a view table corresponding to the original data table, wherein the view table comprises partial data or all data in the original data table;
and performing desensitization treatment on the target data in the view table according to a desensitization strategy.
Alternatively, the processor 101 may be configured to call a data desensitization handler stored in the memory 102 and perform the following operations:
acquiring a query request input by a user for the view chart;
and acquiring and outputting the desensitized data corresponding to the query request based on the view chart.
Alternatively, the processor 101 may be configured to call a data desensitization handler stored in the memory 102 and perform the following operations:
acquiring other data tables associated with the original data table;
and merging and outputting the view table and the other data tables.
Alternatively, the processor 101 may be configured to call a data desensitization handler stored in the memory 102 and perform the following operations:
determining other data tables associated with the view table based on a selection operation of a candidate data table by a user; and/or the number of the groups of groups,
Determining other data tables associated with the view table according to historical operation information of a user on the candidate data tables; and/or the number of the groups of groups,
And determining other data tables associated with the view table according to the service requirements of the user.
Alternatively, the processor 101 may be configured to call a data desensitization handler stored in the memory 102 and perform the following operations:
Determining a desensitization level corresponding to the target data according to an application scene and/or user permission and/or data type;
and determining a desensitization strategy corresponding to the target data according to the desensitization level.
Alternatively, the processor 101 may be configured to call a data desensitization handler stored in the memory 102 and perform the following operations:
When the number of the original data tables is at least two, generating a view chart according to at least two original data tables;
Before the step of desensitizing the target data in the view table according to the desensitizing strategy, the method further comprises the following steps:
And determining the desensitization strategy according to the data sources corresponding to at least two original data tables.
Alternatively, the processor 101 may be configured to call a data desensitization handler stored in the memory 102 and perform the following operations:
acquiring dimension information of at least two original data tables;
determining multiple groups of target dimensions according to the dimension information of at least two original data tables;
determining a target line head of the view table based on a plurality of groups of the target dimensions;
and generating the view chart based on the target line head and the data corresponding to the target line head.
Alternatively, the processor 101 may be configured to call a data desensitization handler stored in the memory 102 and perform the following operations:
Returning to execute the step of generating the view chart corresponding to the original data table when the preset recovery condition is met; or updating a data plaintext policy corresponding to the desensitization policy, and processing target data in the view table according to the data plaintext policy;
acquiring target data which are not desensitized;
Wherein the preset recovery condition includes at least one of:
receiving a query request of a preset user for the view chart, wherein the authority of the preset user is greater than a preset authority level;
the storage time of the target data in the view table is larger than a preset time threshold;
the desensitization level of the target data in the view table is smaller than a preset level threshold.
Based on the hardware architecture of the data desensitization processing device, the embodiment of the data desensitization processing method is provided.
Referring to fig. 2, fig. 2 is a first embodiment of the data desensitizing method according to the present invention, the data desensitizing method includes the steps of:
step S10, acquiring an original data table to be desensitized.
In this embodiment, the number of the original data tables to be desensitized may be one, or the number of the original data tables to be desensitized may be at least two. The original data tables may be from different data sources or databases. Illustratively, the original data table includes game data, game order data, game user information, and the like.
Optionally, the raw data table includes a plurality of fields, such as a user table (users), including the following fields: a user ID (user_id) for uniquely identifying each user; user name (username), i.e., the name of the user; electronic mail (email), i.e., the email address of the user; registration date (registration_date), i.e., the date on which the user was registered; address, i.e. user address information; account, etc.
Step S20, generating a view table corresponding to the original data table, wherein the view table comprises part of data or all of data in the original data table.
In this embodiment, the view table is a virtual table, which includes some or all of the columns in the original data table, but does not actually store data. The data source of the view chart is an original data table, and the data in the original data table can be desensitized by creating the view chart, and meanwhile, the integrity and consistency of the data can be maintained.
Optionally, step S20 further includes: when the number of the original data tables is at least two, generating a view chart according to the at least two original data tables; before step S30, the method further includes: and determining a desensitization strategy according to the data sources corresponding to the at least two original data tables. Optionally, when the data sources corresponding to at least two original data tables are different, acquiring a desensitization strategy corresponding to the data sources to desensitize the original data tables respectively.
Optionally, when the number of the original data tables is at least two, the step of generating the view table according to the at least two original data tables includes: acquiring dimension information of at least two original data tables, wherein the dimension information comprises a user name, a client name, order time, order amount and the like; determining multiple groups of target dimensions according to dimension information of at least two original data tables, wherein the target dimensions are dimensions after duplication removal, for example, user names and customer names are repeated, so duplication removal is performed, and the target dimensions comprise customer names, order time, order amount and the like; determining target row-column heads of the view chart, namely row data heads and column data heads of the data table, based on multiple groups of target dimensions; and generating a view chart based on the target line head and the data corresponding to the target line head, and improving the efficiency of generating the view chart.
And step S30, performing desensitization processing on the target data in the view table according to a desensitization strategy.
In this embodiment, the target data is data to be desensitized, alternatively, the target data may be row data or column data. Based on the view chart, the conversion of the custom function can be added to the target data, wherein the custom function is a desensitization function, and the functions can be defined according to specific requirements, for example, the personal information such as names, identification card numbers and the like in the sensitive column can be subjected to desensitization treatment. The desensitization processing of sensitive data can be realized through a custom function, and the readability and usability of the data are maintained.
Optionally, the desensitization function includes a substitution function, an encryption function, a hash function, a desensitization rule function, a data perturbation function, and the like. The substitution function is to substitute the original data with the blurred data, for example, to substitute the name with a randomly generated character string, to substitute the telephone number with a universal format, and the like. The encryption function is to encrypt the data by using an encryption algorithm, so that only an authorized user can decrypt and view the original data. The hash function is to process the data through the hash function to generate a hash value with a fixed length to replace the original data, thereby hiding the real value of the data. The desensitization rule function processes the data according to a specific desensitization rule, such as rounding, cutting off the digital data, blurring the date data, and the like. The data disturbance function is to introduce noise or disturbance into the data, so that the original data cannot be directly identified, and the safety of the data is improved.
Optionally, the desensitization strategy includes an algorithm of differential privacy, which introduces controlled noise in the data processing process to confuse the contribution of individual data, so as to prevent disclosure of personal sensitive information when publishing or analyzing the data, ensure that even if an attacker has all other information except single individual data, the data of any specific individual cannot be accurately inferred, and the differential privacy can provide high privacy protection while analyzing the data, so that the relationship between the usability of the data and the privacy protection is effectively balanced.
Optionally, the desensitization strategy includes reducing the risk of identification of individuals by generalization and sampling during data desensitization. Generalization reduces the accuracy of data by converting specific data into a more generalized form, such as converting age from specific years to age groups, reducing the risk of individuals being identified. The sampling is to randomly select a part of samples from the original data for analysis, and not all individual data are used, so as to reduce the identification risk of specific individuals. The methods can effectively protect privacy, and simultaneously maintain the usability of data and the validity of analysis results to a certain extent.
Optionally, the desensitization strategy includes encryption desensitization and replacement desensitization; and according to the desensitization strategy of the file to be desensitized, carrying out desensitization treatment on the target data, and flexibly selecting a corresponding desensitization strategy according to the original data table to be desensitized.
Optionally, the desensitization policy includes data substitution and/or masking, where data substitution is a method of substituting sensitive information in the original data with false or ambiguous information. By data replacement, sensitive information can be protected from leakage while maintaining the format and structure of the data. For example, the substitution of a real name for a fictitious name, the substitution of a telephone number for a randomly generated number, etc. Data replacement is often used in testing, development environments, or at the time of data sharing to reduce risk exposure of sensitive information. Masking is a method of protecting sensitive information by hiding portions of data. In masking, masking characters or algorithms may be used to hide certain portions of data from view by unauthorized visitors to sensitive information. For example, when the card number is displayed, only a portion of the digits are displayed, the remainder replaced with symbols, such as xxxxx1234, the masking mask may effectively protect the data privacy while maintaining the availability and format of the data.
Optionally, after step S30, the method further includes: acquiring a query request input by a user for the view chart; and acquiring and outputting the desensitized data corresponding to the query request based on the view chart. At the application level, the desensitized data is accessed by querying the view data. Since the view data has already undergone the desensitization process, it can be ensured that sensitive information is not revealed. By querying the view data, a data set subjected to desensitization treatment can be obtained, so that subsequent business operation and treatment can be performed.
Optionally, after step S30, the method further includes: returning to execute the step of generating the view chart corresponding to the original data table; or updating a data plaintext policy corresponding to the desensitization policy, and processing target data in the view table according to the data plaintext policy; acquiring target data which are not desensitized; wherein the preset recovery condition includes at least one of: receiving a query request of a preset user for the view chart, wherein the authority of the preset user is greater than a preset authority level; the storage time of the target data in the view table is larger than a preset time threshold; the desensitization level of the target data in the view table is smaller than a preset level threshold. Illustratively, the view graphs are automatically decrypted under certain conditions, such as expiration of a data storage time and expiration of a set time, and after a specific event node, the decryption level is lowered, so that the view graphs are decrypted, and management of the view graphs is more intelligent.
Optionally, the current situation of weakening the protection force of the target data is urgent to strengthen and perfect the security protection measures to improve the data security guarantee period and effect. More effective strategies and technical means can be adopted to enhance the protection intensity and durability, and after the more effective desensitization strategies are determined, the desensitization treatment is carried out through reconstructing the view or according to the custom functions corresponding to the more effective desensitization strategies.
The existing data desensitization technology may have the problems of low efficiency or insufficient accuracy, so that the data desensitization process takes longer time or sensitive information still exists in the desensitized data. In the embodiment of the application, the data desensitization efficiency and accuracy are improved by adopting the data substitution and mask shielding modes, and the desensitized data is ensured to meet the requirements of safety and confidentiality.
Different database systems may have different data structures and modes of operation, resulting in differences in the application of data desensitization techniques to the different database systems. In the embodiment of the application, the universal view and the custom function are adopted, so that the method can be suitable for different database systems, and the compatibility and the expandability of the data desensitization technology are improved.
Conventional data desensitization methods may require code intrusion or the like at the traffic level, which may have some impact on traffic. In the embodiment of the application, the data desensitization is realized by adopting the view mode, so that the influence on the service is reduced on the premise of not changing the service code.
Data desensitization techniques need to ensure that the desensitized data is not compromised or tampered with. In the embodiment of the application, the data query authorities of different users or roles can be controlled by adopting the authorization mechanism of the view, so that sensitive information is ensured not to be revealed. Meanwhile, in the embodiment of the application, means such as encryption technology and the like are also adopted, so that the security of data desensitization is further enhanced.
In the technical scheme of the embodiment, an original data table to be desensitized is obtained; generating a view table corresponding to the original data table, wherein the view table comprises partial data or all data in the original data table; and performing desensitization treatment on the target data in the view chart according to the desensitization strategy. By adopting the data replacement and mask shielding modes, the data desensitization efficiency and accuracy are improved, and the desensitized data are ensured to meet the safety and confidentiality requirements. By desensitizing the data of the view chart, the situation that different database systems possibly have different data structures and operation modes, so that the application of the data desensitizing technology on the different database systems is different is avoided, the data desensitizing technology is suitable for the different database systems, the compatibility and the expandability of the data desensitizing technology are improved, the data desensitization is realized on the premise of not changing the data in the data table, and the influence on the data table is reduced.
Referring to fig. 3, fig. 3 is a second embodiment of the data desensitizing method according to the present invention, based on the first embodiment, after the step S30, further includes:
step S40, acquiring other data tables related to the original data table;
and S50, merging and outputting the view table and the other data tables.
In this embodiment, other data tables are associated with the original data table, such as a business association. Optionally, the other data table is determined according to a selection operation of the candidate data table by the user, wherein the candidate data table can be displayed or previewed in the user interface, and the user inputs the selection operation based on the displayed candidate data table, so as to determine the other data table associated with the original data table.
Optionally, the other data table is determined based on historical operation information of the candidate data table by the user. Wherein the history operation information includes a selection operation, a deletion operation, a replacement operation, and the like of the candidate data table by the user.
Optionally, the other data table is determined according to the business needs of the user, for example, the business needs of the user include querying a business order, querying user information, querying financial information of a company and B company, and the like.
Optionally, the other data tables are determined according to a selection operation of the user on the candidate data table and historical operation information of the user on the candidate data table, that is, the first data table is determined according to a selection operation of the user on the candidate data table, the second data table is determined according to a historical operation information of the user on the candidate data table, and the other data tables are determined according to the first data table and the second data table, for example, the first data table and the second data table are combined to generate the other data tables.
Optionally, the other data tables are determined according to a selection operation of the user on the candidate data table and a service requirement of the user, that is, the first data table is determined according to a selection operation of the user on the candidate data table, the third data table is determined according to a service requirement of the user, and the other data tables are determined according to the first data table and the third data table, for example, the first data table and the third data table are combined to generate the other data tables.
Optionally, the other data tables are determined according to the historical operation information of the user on the candidate data tables and the service requirement of the user, that is, the second data table is determined according to the historical operation information of the user on the candidate data tables, the third data table is determined according to the service requirement of the user, and the other data tables are determined according to the second data table and the third data table, for example, the second data table and the third data table are combined to generate the other data tables.
In this embodiment, other data tables associated with the view table are obtained, and exemplary other data table order tables, order tables (orders) include the following: order ID (order_id) for uniquely identifying each order; a user ID (user_id) associated with a user ID of the user table; order date (order_date); total of order (total_amount); order status (order_status), e.g., submitted, shipped, completed, etc.
Optionally, the original data table, for example, a user table (users), includes the following: a user ID (user_id) for uniquely identifying each user; user name (username), i.e., the name of the user; electronic mail (email), i.e., the email address of the user; registration date (registration_date), i.e., the date on which the user was registered; address, i.e. user address information; account, etc.
Optionally, a view table (view_users) of the user table users includes the following: a user ID (user_id) for uniquely identifying each user; user name (username), i.e., the name of the user; an electronic mail (email), wherein the email address of the user, i.e. the sensitive information, is displayed as a @123.Com after desensitization, wherein the middle few bits are denoted by a @; registration date (registration_date), i.e., the date on which the user was registered; address (address), user address information, i.e. sensitive information, is displayed as a-city xxxxx after desensitization; account, etc.
Optionally, other data tables and view charts are combined and output, wherein corresponding fields in the other data tables and view charts can be arranged according to a preset sequence or a random sequence. Illustratively, the user information is output along with the order information, i.e., the order form and view sheets corresponding to the user form are output.
As another embodiment, after the target data in the view chart is desensitized according to the desensitization strategy, a desensitized view chart is obtained, other data tables to be associated are obtained, and the desensitized view chart and the other data tables are combined and output, alternatively, the combined output may be ordered according to a preset order, for example, according to the alphabetical order, or according to the importance degree of the data. Illustratively, after generating the view table A1 after the desensitization processing based on the original data table a, the view table A1 is combined with other data tables B to be output, where the data in the view table A1 and the other data tables B may be ordered according to the importance degree of the data, so as to generate a new data table.
In the technical scheme of the embodiment, other data tables related to the original data table are acquired; and merging and outputting the video graph and other data tables, and acquiring a complete service data set after desensitization treatment by associating other data tables, so that subsequent service operation and treatment are performed, and the data desensitization treatment efficiency is improved.
Referring to fig. 4, fig. 4 is a third embodiment of the data desensitizing method according to the present invention, based on the first or second embodiment, before the step S30, further includes:
step S60, determining a desensitization level corresponding to the target data according to an application scene and/or user authority and/or data type;
And step S70, determining a desensitization strategy corresponding to the target data according to the desensitization level.
Alternatively, different raw data tables correspond to different levels of desensitization. Optionally, the target data is different in the same original data table, and the corresponding desensitization level is also different.
In this embodiment, after creating the view chart, the desensitization policy corresponding to the view chart is determined based on different desensitization levels.
Optionally, the desensitization levels corresponding to different application scenarios are different. The application scenario includes a business scenario, e.g., the business scenario is an internal data analysis, or involves external sharing or public publishing. The application scenario may also include data sharing and distribution, data analysis and mining, software development and testing, medical health fields, financial fields, scientific research and academic, and the like. And determining the desensitization level according to the application scene. Corresponding desensitization strategies are determined according to different desensitization levels. By way of example, if the data is used for internal analysis purposes only, a lower level desensitization strategy may be employed; whereas if the data involves external sharing or public publishing, a higher level of desensitization policy is required.
Optionally, the desensitization levels corresponding to different user rights are different. And determining a desensitization level according to the user authority, and determining a corresponding desensitization strategy according to the desensitization level of the user. For users with high rights, more detailed data can be provided; whereas for low-rights users, a more stringent desensitization process is required to protect the privacy of sensitive information. Illustratively, the identity types of the visitors are grouped to obtain multiple access rights; the desensitization rule of the data table under different access rights is set through SQL sentences.
Optionally, the data type includes data that needs to be kept secret or data that does not need to be kept secret. Optionally, the data types include personal privacy information and business privacy data and other data that does not need to be kept secret. Determining a desensitization level according to the data type, selecting a corresponding desensitization strategy according to the desensitization level, wherein for an identification card number, a partial desensitization mode, such as a mode of hiding a later bit, or a complete desensitization mode, such as a mode of replacing a random character string, can be adopted by way of example; for text data, rule desensitization, such as replacing specific keywords, or generalized processing, etc., may be employed, such as converting all text into a similar format.
Optionally, the desensitization level is determined according to the application scenario and the user authority. Optionally, a first level is determined according to the application scenario, a second level is determined according to the user rights, a desensitization level is determined according to the first level and the second level, for example, the desensitization level is determined according to the first level, the second level and their respectively corresponding weight values.
Optionally, the desensitization level is determined according to the application scenario and the data type. Optionally, the first level is determined according to the application scenario, the third level is determined according to the data type, the desensitization level is determined according to the first level and the third level, for example, the desensitization level is determined according to the first level, the third level and the weight values corresponding to the first level, the third level and the third level respectively.
Optionally, the desensitization level is determined according to the application scenario, the user rights and the data type. Optionally, the first level is determined according to the application scene, the second level is determined according to the user authority, the third level is determined according to the data type, the desensitization level is determined according to the first level, the second level and the third level, for example, the desensitization level is determined according to the first level, the second level, the third level and the weight values corresponding to the first level, the second level and the third level respectively.
Optionally, the corresponding desensitization level is determined based on the value and risk of the target data, e.g., for high value or high risk data, a more stringent desensitization strategy needs to be employed to reduce the risk of data leakage and abuse.
Optionally, when creating the view chart, a new view chart is created for each type of desensitization strategy separately for the same target view chart needing desensitization, and the statement of the new view chart realizes the dynamic desensitization of the specific data field required by the desensitization strategy so as to realize the flexible dynamic desensitization requirement.
In the technical scheme of the embodiment, the desensitization level corresponding to the target data is determined according to the application scene and/or the user authority and/or the data type; and determining a desensitization strategy corresponding to the target data according to the desensitization level, so that dynamic desensitization of the data is realized, and the desensitization efficiency of the data is improved.
The present invention also provides a data desensitization processing apparatus including a memory, a processor, and a data desensitization processing program stored in the memory and executable on the processor, which when executed by the processor, implements the respective steps of the data desensitization processing method described in the above embodiments.
The present invention also provides a computer-readable storage medium storing a data desensitization processing program which, when executed by a processor, implements the steps of the data desensitization processing method described in the above embodiments.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, system, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, system, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, system, article, or apparatus that comprises the element.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment system may be implemented by means of software plus necessary general purpose hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a computer readable storage medium (e.g. ROM/RAM, magnetic disk, optical disk) as described above, comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a parking management device, an air conditioner, or a network device, etc.) to execute the system according to the embodiments of the present invention.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.

Claims (10)

1. A data desensitization processing method, characterized in that the data desensitization processing method comprises:
acquiring an original data table to be desensitized;
Generating a view table corresponding to the original data table, wherein the view table comprises partial data or all data in the original data table;
and performing desensitization treatment on the target data in the view table according to a desensitization strategy.
2. The data desensitization processing method according to claim 1, wherein after said step of desensitizing target data in said view table according to a desensitization policy, further comprising:
acquiring a query request input by a user for the view chart;
and acquiring and outputting the desensitized data corresponding to the query request based on the view chart.
3. The data desensitization processing method according to claim 1, wherein after said step of desensitizing target data in said view table according to a desensitization policy, further comprising:
acquiring other data tables associated with the original data table;
and merging and outputting the view table and the other data tables.
4. A data desensitization processing method according to claim 3, wherein said step of acquiring other data tables associated with said original data table comprises:
determining other data tables associated with the view table based on a selection operation of a candidate data table by a user; and/or the number of the groups of groups,
Determining other data tables associated with the view table according to historical operation information of a user on the candidate data tables; and/or the number of the groups of groups,
And determining other data tables associated with the view table according to the service requirements of the user.
5. The data desensitization processing method according to claim 1, wherein before said step of desensitizing target data in said view table according to a desensitization policy, further comprising:
Determining a desensitization level corresponding to the target data according to an application scene and/or user permission and/or data type;
and determining a desensitization strategy corresponding to the target data according to the desensitization level.
6. The data desensitization processing method according to claim 1, wherein said generating a view table corresponding to said original data table comprises:
When the number of the original data tables is at least two, generating a view chart according to at least two original data tables;
Before the step of desensitizing the target data in the view table according to the desensitizing strategy, the method further comprises the following steps:
And determining the desensitization strategy according to the data sources corresponding to at least two original data tables.
7. The data desensitization processing method according to claim 6, wherein said generating a view chart from at least two of said original data tables comprises:
acquiring dimension information of at least two original data tables;
determining multiple groups of target dimensions according to the dimension information of at least two original data tables;
determining a target line head of the view table based on a plurality of groups of the target dimensions;
and generating the view chart based on the target line head and the data corresponding to the target line head.
8. The data desensitization processing method according to claim 1, wherein after said step of desensitizing target data in said view table according to a desensitization policy, further comprising:
Returning to execute the step of generating the view chart corresponding to the original data table when the preset recovery condition is met; or updating a data plaintext policy corresponding to the desensitization policy, and processing target data in the view table according to the data plaintext policy;
acquiring target data which are not desensitized;
Wherein the preset recovery condition includes at least one of:
receiving a query request of a preset user for the view chart, wherein the authority of the preset user is greater than a preset authority level;
the storage time of the target data in the view table is larger than a preset time threshold;
the desensitization level of the target data in the view table is smaller than a preset level threshold.
9. A data desensitization processing apparatus, characterized in that it comprises a memory, a processor and a data desensitization processing program stored in the memory and executable on the processor, which data desensitization processing program, when executed by the processor, implements the respective steps of the data desensitization processing method according to any one of claims 1-8.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a data desensitization processing program, which when executed by a processor, implements the respective steps of the data desensitization processing method according to any one of claims 1-8.
CN202410435896.XA 2024-04-11 2024-04-11 Data desensitization processing method, apparatus, and computer-readable storage medium Pending CN118350033A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410435896.XA CN118350033A (en) 2024-04-11 2024-04-11 Data desensitization processing method, apparatus, and computer-readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410435896.XA CN118350033A (en) 2024-04-11 2024-04-11 Data desensitization processing method, apparatus, and computer-readable storage medium

Publications (1)

Publication Number Publication Date
CN118350033A true CN118350033A (en) 2024-07-16

Family

ID=91813030

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410435896.XA Pending CN118350033A (en) 2024-04-11 2024-04-11 Data desensitization processing method, apparatus, and computer-readable storage medium

Country Status (1)

Country Link
CN (1) CN118350033A (en)

Similar Documents

Publication Publication Date Title
US11468192B2 (en) Runtime control of automation accuracy using adjustable thresholds
US11652608B2 (en) System and method to protect sensitive information via distributed trust
US9514330B2 (en) Meta-complete data storage
US20220343017A1 (en) Provision of risk information associated with compromised accounts
US9208491B2 (en) Format-preserving cryptographic systems
US20090044282A1 (en) System and Method for Generating and Displaying a Keyboard Comprising a Random Layout of Keys
JP2017091515A (en) Computer-implemented system and method for automatically identifying attributes for anonymization
CN106228084A (en) Data guard method that the sensitive field of based role dynamically adjusts and system
KR20040053103A (en) Data management system and method
US20200074104A1 (en) Controlling access to data in a database based on density of sensitive data in the database
CN116049884A (en) Data desensitization method, system and medium based on role access control
CN112417443A (en) Database protection method and device, firewall and computer readable storage medium
CN113836578A (en) Method and system for maintaining security of sensitive data of big data
CN117459327B (en) Cloud data transparent encryption protection method, system and device
CN117592108A (en) Interface data desensitization processing method and device
CN116467731A (en) Sensitive information processing method, device, equipment and storage medium
CN118350033A (en) Data desensitization processing method, apparatus, and computer-readable storage medium
CN115080987A (en) Password management method, device, system, storage medium and computer equipment
EP3582133B1 (en) Method for de-identifying data
Fajar et al. Web Login Authentication System Using QR-Code Scanner with Sha-1 Encryption Method
CN112084528B (en) Customer privacy data identification and protection method based on data model
CN113111365B (en) Online psychological consultation privacy data protection method, storage medium and system based on envelope encryption
CN117235814B (en) Data processing method and device containing time sequence associated confusion data
CN118643522A (en) Sensitive data management method, device and computer readable storage medium
Pandilakshmi Continuous Auditing Approach to the Cloud Service Addressing Attributes of Security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination