JP2010152459A - Data masking system, method therefor, program, recording medium and data masking device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a system and a method, capable of data masking and data masking release. <P>SOLUTION: This data masking system for masking an data item and registering it includes: a reception means receiving input information from an input terminal; a masking means applying the masking to the received information; a data registration means registering data after the masking into a storage device; a data storage means storing the already masked data; and a transmission means transmitting a data registration result to an output terminal. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a system, a method, a program, and a recording medium for masking important information such as personal information in application development of a computer system and creation of test data and survey data in data survey.

  In the development of computer system applications, a development environment (test environment) is prepared separately from the production environment, and the application produced in the production environment is released after checking the operation in the development environment.

  In order to confirm that the manufactured system operates correctly, it is desirable to check the operation by transferring the data of the production environment to the development environment and using it as test data in the sense of preventing problems in the production environment.

  Further, in order to investigate a failure that has occurred in the production environment, it is generally performed after the production environment data is transferred to the development environment.

  However, data in the production environment often includes personal information such as addresses and telephone numbers, etc., and information that develops into social problems if leaked. It is not possible to use these data as test data in the development environment as they are. The risk of information leakage increases.

  For this reason, data in the production environment is generally changed (masked) by some method and used as test data in the development environment.

  At this time, if all the items (information) are changed, the operation check itself in the development environment will not be meaningful, so the purpose of the operation check can be achieved and the minimum required items such as personal information are limited. Most of them are masked.

  Patent document 1 and patent document 2 are known as data changing methods for the purpose of preventing information leakage in application development of computer systems.

  The data masking method according to Patent Document 1 performs data masking when data is extracted from the production environment, and the data masking method according to Patent Document 2 uses the masking program to extract the data extracted from the production environment. Conversion is performed.

  In other words, as shown in FIG. 1, data from the production environment is extracted as a method of performing data conversion for the purpose of preventing information leakage when data is migrated from the production environment for the purpose of confirming operation in the development environment. There are known a method of performing conversion at the time, and a method of performing modification after extracting data from the production environment as shown in FIG.

  FIG. 1 is a process flow diagram for performing migration by performing masking from the production environment to the development environment. In the data extraction masking process in step S101, data is extracted from the production environment DB 101, which is a database (hereinafter referred to as DB) provided in the production environment, and the important item data is masked and extracted. Data (after processing) 102 (for example, a file temporarily created for registration in a DB such as an intermediate file. Hereinafter, extraction data (before processing) and extraction data (after processing) are the same) are generated. In the data registration process in step S102, the extracted data (after processing) 102 is taken into the development environment DB 103, which is a DB provided in the development environment. As a result, masked data is registered in the development environment DB 103, and information leakage from the development environment can be prevented.

  As a specific example of masking, if the DB manages personal information such as the production environment DB 104, the masking process (address / phone number) masks the data representing the address / phone number. Extracted data (after processing) 105 is output. In the example of FIG. 1, a masking process is performed in which an address (prefecture) is replaced with another prefecture under a certain rule, and a phone number is subjected to a masking process in which each digit is incremented by one.

  In FIG. 2, in the data extraction process in step S201, data is extracted from the production environment DB 201, which is a DB provided in the production environment, and extracted data (before processing) 202 is created, and then extracted in the masking process in step S202. Masking is performed on data that is an important item in the data (after processing) 202 to create extracted data (after processing) 203. In the data registration process in step S203, the extracted data (after processing) 203 is taken into the development environment DB 204, which is a DB provided in the development environment.

Specifically, necessary data is extracted from the production environment DB 201, and extracted data (before processing) 205 is created. Then, in the masking process (address / phone number), masking is performed on the data representing the address / phone number of the created extracted data (before processing) 205 to create extracted data (after processing) 206. As in the example of FIG. 1, in the masking example of FIG. 2, a masking process is performed in which the address (prefecture) is replaced with another prefecture under a certain rule, and the phone number is masked to increment each digit by one. Processing is in progress.
JP 2005-165737 A JP 2008-33411 A

  However, with the current database system, it is possible to extract data directly, and there is no problem when creating test data in the development environment using the conventional technology correctly, but it does not follow the prescribed procedure When extracting data in the production environment and storing the extracted data in an intermediate file or the like temporarily created, there is a possibility that important information such as personal information is leaked as unmasked data.

  The present invention has been made in order to solve the above-mentioned problems. By masking the production environment data on the production environment, the data masked on the production environment is converted into a value before masking and output. An object of the present invention is to provide a data masking system, a method, a program, and a recording medium that can prevent leakage of important information such as personal information.

  The data masking system according to claim 1, wherein the client terminal and the server are connected via a network, and the server instructs the data registration or update from the client terminal. Receiving the update request information indicating the data display request and the data display request information indicating the data display instruction, and when receiving the update request information by the receiving means, masking the update request information based on a predetermined rule. When receiving the data display request data by the masking means to be performed, the registration updating means for registering and updating data in the storage medium in correspondence with the update request information after masking by the masking means, and the receiving means , Corresponding to the data display request data Extraction means for extracting data stored in the medium, masking release means for releasing masking based on the predetermined rule for the data extracted by the extraction means, and data after releasing masking by the masking release means Transmitting means for transmitting to the client terminal.

  The data masking system according to claim 2 of the present invention is the data masking system according to claim 1, wherein the predetermined rule includes determination information for determining whether or not masking is necessary for each environment. It is characterized by being configured.

  The data masking system according to claim 3 of the present invention is the data masking system according to claim 1 or 2, wherein the predetermined rule determines a masking and masking canceling method for each data item. Is possible.

  The data masking system according to claim 4 of the present invention is the data masking system according to any one of claims 1 to 3, wherein the predetermined rule is masking and masking cancellation for each data item. It is possible to determine whether or not it is necessary.

  The data masking system control method according to claim 5 of the present invention is a data masking system in which a client terminal and a server are connected via a network, and the server registers or updates data from the client terminal. A receiving process for receiving update request information indicating an instruction and a data display request information indicating a data display instruction, and when the update request information is received in the receiving process, the update request information is masked based on a predetermined rule. A masking step for performing data registration, a registration updating step for registering and updating data in a storage medium in correspondence with the update request information after masking in the masking step, and data display request data received in the receiving step Corresponding to the data display request data An extraction step for extracting data stored in the storage medium, a masking release step for releasing masking based on the predetermined rule for the data extracted in the extraction step, and after masking release in the masking release step And a transmission step of transmitting data to the client terminal.

  According to a sixth aspect of the present invention, there is provided a computer-readable program for causing a computer to execute the data masking system control method according to the fifth aspect.

  A recording medium according to a seventh aspect of the present invention is a computer-readable recording medium on which the program according to the sixth aspect is recorded.

  Furthermore, the data masking device according to claim 8 of the present invention is a receiving means for receiving update request information indicating a data registration or update instruction and data display request information indicating a data display instruction, and is updated by the receiving means. When request information is received, masking means for masking the update request information based on a predetermined rule, and after masking by the masking means, registration of data in a storage medium corresponding to the update request information And registration update means for updating, extraction means for extracting data stored in the storage medium corresponding to the data display request data when data display request data is received by the receiving means, and data extracted by the extracting means To cancel masking based on the predetermined rule And the step, after releasing the masking by the masking releasing means, characterized by comprising display means for displaying data.

  According to the present invention, data can be masked in the production environment, and the masked data can be converted into a value before masking and output. Even in the case of using, it is possible to easily perform data migration without being conscious of the migration procedure and the like, and it is possible to suppress leakage of important information and the like.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  FIG. 3 is a schematic configuration diagram showing a schematic configuration of the data masking system according to the embodiment of the present invention.

  Note that the configuration of various terminals connected to the network 303 in FIG. 3 is an example, and it goes without saying that there are various configuration examples depending on the application and purpose.

  The production terminal 301 is a terminal for connecting to the production environment server 304, and is an environment used for normal business or the like. The development terminal 302 is a terminal for connecting to the development environment server 307, and is an environment for developing and testing application software for use in a production environment. Application software created in the development environment is stored in the development terminal 302. By shifting to the production environment, it is possible to use application software created in normal business or the like.

  Each terminal is connected via the network 303, and input information from the terminal is registered in the production environment DB 306 or the development environment DB 309 through the application 305 or the application 308.

  In addition, the production terminal 301 and the development terminal 302 display data to the production environment server 304 or the development environment server 307 in order to request each terminal to display data registered in the production environment DB 306 or the development environment DB 309. The request information is transmitted, data corresponding to the data display request information is extracted and processed from the production environment DB 306 or the development environment DB 309 through the application 305 or the application 308, and the extraction result is displayed on each terminal.

  Note that the application 305 and the application 308 are basically the same application software, but some application software currently under development may be installed only in the application 308.

  In addition, the production environment DB 306 and the development environment DB 309 represent DBs for storing data, and have the same data configuration.

  Next, the hardware configurations of the production terminal 301, the development terminal 302, the production environment server 304, and the development environment server 307 in FIG. 3 will be described with reference to FIG.

  FIG. 4 is a block diagram showing the hardware configuration of the production environment server 304.

  The CPU 401 controls the entire computer using programs and data stored in the RAM 402 and the ROM 403 and executes various processes described later.

  The RAM 402 has an area for temporarily storing programs and data loaded from an HDD (Hard Disk Drive) 404 and a work area used by the CPU 401 to perform various processes.

  The ROM 403 stores various programs such as a computer boot program and BIOS.

  The HDD 404 stores an OS (Operating System) and programs for causing the CPU 401 to execute processing described below, various data, various files, DBs, and the like, and these are read out to the RAM 402 under the control of the CPU 401 as necessary. Executed.

  A network I / F (Interface) 405 is an interface for connecting to the network 303. Data communication with an external device can be performed via the network I / F 405. The pointing device 406 and the keyboard 407 can input various instructions to the CPU 401 in accordance with a user operation input.

  The video I / F 408 is connected to the display device 409 and has a function of displaying information such as characters and images on the display device 409 based on a signal transmitted via the video I / F 408.

  The system bus 410 functions as a bus that interconnects the various components described above.

  A masking processing program and a masking cancellation processing program for realizing the present invention are recorded in the HDD 404 and executed by the CPU 401 by being loaded into the RAM 402 as necessary.

  In the embodiment of the present invention, the hardware configuration of the production environment server 304 has been described. However, the hardware configurations of the production terminal 301, the development terminal 302, and the development environment server 307 have the same configuration. Description of each hardware configuration is omitted.

  Next, basic processing of the data masking system will be described with reference to FIG.

  FIG. 5 is a basic functional block diagram of the data masking system according to the embodiment of the present invention.

  The production environment server 304 includes a reception unit 501, a masking unit 502, a data registration unit 503, a data storage unit 504, a data extraction unit 505, a masking release unit 506, and a transmission unit 507.

  The receiving unit 501 is connected to the masking unit 502, and the update request information indicating the registration or update instruction of data in the production environment DB 306 transmitted from the production terminal 301 is received by the reception unit 501 of the production environment server 304. Then, the received update request information is input to the masking unit 502, and masking processing is performed on the input update request information in accordance with information in a predetermined setting file.

  The masking unit 502 is connected to the data registration unit 503, and the update request information subjected to the masking process by the masking unit 502 is input to the data registration unit 503.

  The data registration unit 503 is connected to the data storage unit 504, and the data storage unit 504 stores the update request information input from the data registration unit 503 and input to the production environment DB 306.

  The data storage unit 504 is connected to the transmission unit 507, and the result of storing data in the production environment DB 306 by the data storage unit 504, that is, the updated result is input to the transmission unit 507 and the transmission unit 507. Returns the input updated result to the production terminal 301.

  The data extraction unit 505 is connected to the reception unit 501 and the data storage unit 504. Reference request information indicating a reference instruction for data stored in the production environment DB 306 transmitted from the production terminal 301 is received by the reception unit 501 of the production environment server 304, and the received reference request information is received from the reception unit 501. Input to the extraction means 505.

  The data extraction unit 505 extracts data corresponding to the input reference request information from the data storage unit 504.

Further, the data extraction unit 505 is connected to the masking cancellation unit 506, and the masking cancellation unit 506 is connected to the transmission unit 507, and the data extracted from the data storage unit 504 is input to the masking cancellation unit 506. To do. Thereafter, the masking cancellation unit 506 converts the input data into values before masking, outputs the converted data to the transmission unit 507, and the transmission unit 507 returns the converted data to the production terminal 301.

Next, masking processing and masking cancellation processing will be described.

  FIG. 6 is a flowchart showing a masking process in the data masking system according to the embodiment of the present invention, and is executed under the control of the CPU 401.

  First, in step S 601, the setting file stored in the HDD 404 of the production environment server 304 or the development environment server 307 is read and stored in the RAM 402. Details of the setting file will be described later with reference to FIG. 8. The setting file describes a flag indicating whether the server is the production environment server 304 or the development environment server 307, items to be masked, and a masking method.

  In step S602, the operating environment is determined. Based on the information of the setting file stored in the RAM 402 in step S601, it is determined whether the operating environment is the production environment server 304 or the development environment server 307, and in the next step S603, if the development environment server 307 is determined, The masking process ends.

  If it is determined in step S603 that the server is the production environment server 304, masking target item determination processing in step S604 is executed.

  The masking target item determination process in step S604 is to determine whether or not the data item to be registered in the production environment DB 306 of the production environment server 304 exists in the setting file stored in the RAM 402 in step S601. Say.

  That is, the receiving unit 501 receives the update request information indicating the registration or update instruction of data in the production environment DB 306 transmitted from the production terminal 301, and the received update request information is input to the masking unit 502 and input. By determining whether or not the update request information exists in the information of the setting file stored in the RAM 402 in step S601, it is determined whether or not it is a masking target item.

  If it is determined in the next step S605 that it does not exist, the masking process ends.

  If it is determined in step S605 that the item is a masking target item, that is, if it is determined that it exists, the masking method determination process in step S606 is executed.

  This masking method determination process is executed by the masking means 502, and is realized by acquiring information related to the masking method recorded in the setting file stored in the RAM 402 in step S601.

  Thereafter, in step S607, masking processing is executed using the information related to the masking method acquired in step S606. This masking process is executed in the masking means 502, and the masked update request information is stored in the data storage means 504 (for example, a storage device such as the production environment DB 306) by the data registration means 503.

  This masking method is a method of conversion according to a specific rule, and the content of the masking method is not limited as long as the reverse of the rule is executed and the original value is restored. FIG. 7 is a flowchart showing the masking release processing of the data masking system according to the embodiment of the present invention, and is executed under the control of the CPU 401.

  First, in step S701, the setting file is read and stored in the RAM 402. The setting file is the same as that used in the masking process (see FIG. 6).

  In step S702, the operating environment is determined. Based on the information of the setting file stored in the RAM 402 in step S701, it is determined whether the operating environment is the production environment server 304 or the development environment server 307. If it is determined in step S703 that the operation environment is the development environment server 307, Then, the masking release processing is finished.

  If it is determined in step S703 that the server is the production environment server 304, masking target item determination processing in step S704 is executed.

  The masking target item determination process in step S704 refers to determining whether or not the item to be displayed on the display device 409 in the production terminal 301 exists in the setting file stored in the RAM 402 in step S701.

  That is, the reference request information indicating the reference instruction of the data stored in the production environment DB 306 transmitted from the production terminal 301 is received by the reception unit 501 of the production environment server 304, and the received reference request information is received by the reception unit 501. To the data extraction means 505.

  The data extraction unit 505 extracts data corresponding to the input reference request information from the data storage unit 504 (for example, a storage device such as the production environment DB 306).

  Further, the data extraction unit 505 inputs the data extracted from the data storage unit 504 to the masking release unit 506. Thereafter, the masking cancellation unit 506 determines whether or not the input data is a masking target item by determining whether or not the input data exists in the setting file information stored in the RAM 402 in step S701. .

  Then, if it is determined in the next step S705 that it does not exist, the masking cancellation processing ends.

  If it is determined in step S705 that the item is a masking target item, that is, if it is determined that the item exists, the masking cancellation method determination process in step S706 is executed.

  This masking cancellation method determination process is executed by the masking cancellation unit 506, and is realized by acquiring information related to the masking method stored in the setting file stored in the RAM 402 in step S701.

  Thereafter, in step S707, masking cancellation processing is executed using the information related to the masking method acquired in step S706. This masking canceling process is executed by the masking canceling means 506, and the data extraction means 505 performs inverse transformation on the data extracted from the data storage means 504, as performed in the masking processing (see FIG. 6). .

  Then, the data subjected to the inverse transformation is transmitted to the production terminal 301 via the transmission unit 507.

  FIG. 8 shows an example of the setting file.

  The operating environment flag 801 stored in the setting file is a flag for determining the operating environment. In this example, the production environment server 304 is 1, and the development environment server 307 is 2. The determination of the operating environment in step S602 and step S702 is performed based on the operating environment flag.

  The masking target item 802 stored in the setting file defines an item to be masked and a rule for masking this item, and is described by associating two pieces of information with each other separated by a comma. ing.

  Items existing here are items to be masked or unmasked, and items not existing in the setting file are determined as non-masking items.

  Also, as a rule for masking, it is expressed and set as a numerical value such as 1, 2, etc. For example, if 1 is set, the character is shifted to the left by 1 character. If 2 is set, the character is 2 characters. A method for masking is determined in advance so as to shift to the left, and the masking process and the masking canceling process in steps S607 and S707 in FIGS. 6 and 7 are performed using this rule.

  It should be noted that the setting file to be placed in the production environment server 304 and the setting file to be placed in the development environment need to have the same information other than the environment determination flag 801 stored in the setting file.

  By placing this setting file in each environment, the same program can be used in the production environment or the development environment.

  With the data masking system described above, the data stored in the production environment is always masked for items that require masking. Also, when referring to the data in the production environment, The value before masking can be referred to (displayed) by the masking cancellation processing.

  Therefore, as shown in FIG. 9, data is extracted from the data registered in the production environment DB 901, which is the DB of the production environment, and the extracted data is temporarily written to a storage medium such as an intermediate file (S901). Since the data written in step S901 can be registered in the development environment DB 903, which is a DB included in the development environment (S902), the data stored in the production environment can be transferred without special consideration to the development environment. Can do.

  In the data masking system according to the embodiment of the present invention, specific examples of masking processing and masking cancellation processing will be described below.

  FIG. 10 shows an example of screen transition after data registered in the production environment DB 306 of the production environment server 304 is transferred to the development environment DB 309 of the development environment server 307.

  On the customer information registration screen 1001 displayed on the display device 409 of the production terminal 301, information (customer number, gender, address, telephone number, etc.) input by the user is stored in the customer table shown in the production environment database 1002. It is registered in the production environment DB 306 according to the configuration.

  At this time, if an address and a telephone number are designated in advance in the masking target item 802 of the setting file, the address 1003 and the telephone number 1004 are registered in the production environment DB 306 after masking processing.

  When the user refers to the information (address 1003, telephone number 1004) shown in the production environment database 1002 using the customer information display screen 1005 displayed on the display device 409 of the production terminal 301, this information is included in this information. On the other hand, since the masking cancellation processing is performed, the same information as the information input on the customer information registration screen 1001 is displayed on the customer information display screen 1005.

  On the other hand, when the information shown in the production environment database 1002, that is, the information registered in the production environment DB 306 is transferred to the development environment DB 309 as it is, as shown in the development environment database 1006, the address 1003 and the telephone number 1004 are Data registered in the production environment DB 306 is migrated as it is.

  When the information transferred to the development environment DB 309 is referred to using the display device 409 of the development environment terminal 302, the masking cancellation processing is performed by setting the setting file as illustrated in the customer information display screen 1007. The address 1003 and the telephone number 1004 are displayed as they are without being performed.

  FIG. 11 shows an example of screen transition when data is registered in the development environment server 307 using the development terminal 302 and the registered data is referred to by the development terminal.

  The information input by the user on the customer information registration screen 1101 displayed on the display device 409 of the development terminal 302 is not subjected to masking processing by setting of the setting file, and the customer table illustrated in the development environment database 1102 With this configuration, it is registered in the development environment DB 309.

  Furthermore, when referring to the data registered in the development environment DB 309 using the customer information display screen 1103 displayed on the display device 409 of the development terminal 302, the masking release processing is not performed by the setting file setting, and the development is performed. Information registered in the environment DB 309 is displayed as it is.

  Therefore, the information input on the customer information registration screen 1101 and the information displayed on the customer information display screen 1103 are the same, and the operation can be confirmed correctly.

  Further, by applying this process, the same data masking can be performed not only in the online update process but also in the batch update process.

  As mentioned above, although the example of embodiment was explained in full detail, this invention can take the embodiment as a system, an apparatus, a method, a program, a storage medium, etc., for example, Specifically, from several apparatus. You may apply to the system comprised, and may apply to the apparatus which consists of one apparatus.

  In the above embodiment, it is possible to perform data masking in the production environment, and the masked data can be converted into a value before masking and output. Even if it is used, it is possible to easily perform data migration without being aware of the migration procedure and the like, and it is possible to suppress leakage of important information and the like.

It is a flowchart for demonstrating the prior art which transfers by implementing masking from a production environment to a development environment. It is a flowchart for demonstrating the prior art which transfers by implementing masking from a production environment to a development environment. It is a lineblock diagram showing a schematic structure of a data masking system concerning an embodiment of the present invention. It is a block diagram which shows the hardware constitutions of the production environment server 304 which concerns on embodiment of this invention. It is a functional block diagram which shows the basic processing function of the production environment server 304 which concerns on embodiment of this invention. It is a flowchart which shows the masking process in the data masking system which concerns on embodiment of this invention. It is a flowchart which shows the masking cancellation | release process in the data masking system which concerns on embodiment of this invention. It is a figure which shows an example of the setting file used by the masking process and masking cancellation | release process which concern on embodiment of this invention. It is explanatory drawing for demonstrating the data transfer method in the data masking system which concerns on embodiment of this invention. In the data masking system which concerns on embodiment of this invention, it is a block diagram which shows an example of the screen display at the time of transfering the data registered in production environment to the development environment. It is a block diagram which shows an example of the screen display at the time of referring the data registered in the development environment in the data masking system which concerns on embodiment of this invention with a development terminal.

Explanation of symbols

101 Production environment DB
102 Extracted data (after processing) file 103 Development environment DB
104 Example of production environment DB 105 Example of development environment DB 201 Production environment DB
202 Extracted data (before processing) file 203 Extracted data (after processing) file 204 Development environment DB
205 Example of production environment DB 206 Example of development environment DB 301 Production terminal 302 Development terminal 303 Network 304 Production environment server 305 Production environment application 306 Production environment DB
307 Development environment server 308 Development environment application 309 Development environment DB
401 CPU
402 RAM
403 ROM
404 HDD
405 Network I / F
406 Pointing device 407 Keyboard 408 Video I / F
409 Display device 410 System bus 501 Reception unit 502 Masking unit 503 Data registration unit 504 Data storage unit 505 Data extraction unit 506 Masking release unit 507 Transmission unit 801 Setting file first line 802 Setting file second line and later 901 Production environment DB
902 Extracted data file 903 Development environment DB

Claims (8)

In a data masking system in which a client terminal and a server are connected via a network,
The server
Receiving means for receiving update request information indicating data registration or update instruction and data display request information indicating data display instruction from the client terminal;
When the update request information is received by the receiving means, masking means for masking the update request information based on a predetermined rule;
After performing masking by the masking means, registration update means for registering and updating data in a storage medium in correspondence with the update request information;
An extraction means for extracting data stored in the storage medium corresponding to the data display request data when the data display request data is received by the receiving means;
A masking cancellation unit that cancels masking based on the predetermined rule for the data extracted by the extraction unit;
Transmitting means for transmitting data to the client terminal after canceling masking by the masking canceling means;
A data masking system characterized by comprising: The data masking system according to claim 1, wherein the predetermined rule includes determination information for determining whether masking is necessary for each environment. The data masking system according to claim 1, wherein the predetermined rule is capable of determining a masking and unmasking method for each data item. The data masking system according to any one of claims 1 to 3, wherein the predetermined rule can determine whether masking and masking cancellation are required for each data item. In a control method of a data masking system in which a client terminal and a server are connected via a network,
The server
Receiving step of receiving update request information indicating data registration or update instruction and data display request information indicating data display instruction from the client terminal;
When receiving the update request information in the receiving step, a masking step of masking the update request information based on a predetermined rule;
After performing masking in the masking step, a registration update step for registering and updating data in a storage medium in response to the update request information;
When receiving data display request data in the receiving step, an extraction step of extracting data stored in the storage medium corresponding to the data display request data;
For the data extracted in the extraction step, a masking release step for releasing masking based on the predetermined rule,
A transmission step of transmitting data to the client terminal after releasing the masking in the masking release step;
A method for controlling a data masking system, comprising:   6. A computer-readable program for causing a computer to execute the data masking system control method according to claim 5.   A computer-readable recording medium on which the program according to claim 6 is recorded. Receiving means for receiving update request information representing data registration or update instructions, and data display request information representing data display instructions;
When the update request information is received by the receiving means, masking means for masking the update request information based on a predetermined rule;
After performing masking by the masking means, registration update means for registering and updating data in a storage medium in correspondence with the update request information;
An extraction means for extracting data stored in the storage medium corresponding to the data display request data when the data display request data is received by the receiving means;
A masking cancellation unit that cancels masking based on the predetermined rule for the data extracted by the extraction unit;
Display means for displaying data after releasing masking by the masking releasing means;
A data masking device comprising: