WO2021190017A1 - Private data access method and apparatus, and electronic device - Google Patents

Private data access method and apparatus, and electronic device Download PDF

Info

Publication number
WO2021190017A1
WO2021190017A1 PCT/CN2020/139720 CN2020139720W WO2021190017A1 WO 2021190017 A1 WO2021190017 A1 WO 2021190017A1 CN 2020139720 W CN2020139720 W CN 2020139720W WO 2021190017 A1 WO2021190017 A1 WO 2021190017A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
target
metadata
target user
user
Prior art date
Application number
PCT/CN2020/139720
Other languages
French (fr)
Chinese (zh)
Inventor
郑鹏
吴迪
贾茜
刘洋
张谦
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2021190017A1 publication Critical patent/WO2021190017A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Definitions

  • This document relates to the field of computer software technology, in particular to a method, device and electronic equipment for accessing private data.
  • the identification of users’ personal privacy data is usually done by manually marking the corresponding labels on the data tables.
  • the number of data tables involving users’ personal privacy data is often very large, relying on manual labeling of private data. Marking is less efficient, and it is easy to miss some private data marks, which may easily cause the leakage of user privacy data.
  • a data visitor accesses the user's personal privacy data, it is difficult to ensure that the data visitor will not conduct illegal operations on the user's personal privacy data. Therefore, how to effectively protect users' personal privacy data still needs to provide an effective solution.
  • the purpose of the embodiments of this specification is to provide a method, device, and electronic equipment for accessing private data, which are used to prevent data related to the user's personal privacy from being viewed by data visitors wantonly, causing the problem of leakage of the user's personal private data.
  • a method for accessing private data including: monitoring a target user’s access request to a target data platform, the target user’s access request carrying the target user’s account information and the target user’s request for access The target data; based on the preset mapping relationship between the user account information and the sensitive permission level, determine the sensitive permission level that matches the target user’s account information; based on the target user’s sensitive permission level and the target data correspondence
  • a device for accessing private data including a request monitoring unit that monitors a target user’s access request to a target data platform, and the target user’s access request carries the target user’s account information and the target data platform.
  • the target data that the target user requests to access the level determining unit, based on the preset mapping relationship between the user account information and the sensitive authority level, determines the sensitive authority level that matches the account information of the target user; the authority determining unit is based on the The sensitivity level of the target user and the sensitivity level corresponding to the target data determine whether the target user has the permission to access the target data; a data feedback unit, if the target user does not have the privacy in accessing the target data Data authority, then desensitize the queried target data and feed it back to the target user.
  • an electronic device including: a processor; and a memory arranged to store computer-executable instructions, which when executed, cause the processor to perform the following operations: monitor target user interaction
  • the access request of the target data platform the access request of the target user carries the account information of the target user and the target data that the target user requests to access; based on the preset mapping relationship between the user account information and the sensitive authority level, it is determined A sensitive permission level matching the account information of the target user; based on the sensitive permission level of the target user and the sensitivity level corresponding to the target data, determine whether the target user has the permission to access the target data; if If the target user does not have the authority to access the private data in the target data, the queried target data is desensitized and fed back to the target user.
  • a computer-readable storage medium stores one or more programs.
  • the The electronic device performs the following operations: monitors a target user's access request to a target data platform, and the target user's access request carries the target user's account information and the target data requested by the target user; based on a preset user
  • the mapping relationship between the account information and the sensitive authority level determines the sensitive authority level that matches the account information of the target user; based on the sensitive authority level of the target user and the sensitivity level corresponding to the target data, the target user is determined Whether it has the authority to access the target data; if the target user does not have the authority to access the private data in the target data, desensitize the queried target data and feed it back to the target user.
  • one or more embodiments provided in this specification can monitor the target user’s access request to the target data platform.
  • the target user’s access request carries the target user’s account information and the target data that the target user requests to access; and based on the preset mapping relationship between the user account information and the sensitive permission level, the sensitive permission that matches the target user’s account information can be determined Level; and based on the sensitivity level of the target user and the sensitivity level corresponding to the target data, determine whether the target user has the permission to access the target data; when the target user does not have the permission to access the private data in the target data, the query target data Feedback to target users after desensitization treatment.
  • the mapping relationship between the preset user account information and the sensitive permission level of the data it is determined whether the data visitor has the permission to access certain data, and when it is determined that the data visitor does not have the permission to access certain data, The desensitized data is fed back to the data visitor, which effectively protects the personal privacy data of the user and avoids the user's personal privacy data from being viewed at will.
  • Fig. 1 is a schematic diagram of an implementation process of a method for accessing private data provided by an embodiment of this specification.
  • Fig. 2 is a schematic diagram of a deployment environment of a method for accessing private data provided by an embodiment of this specification.
  • FIG. 3 is a schematic diagram of an interface of a matching rule of a configured private data in a method for accessing private data provided by an embodiment of this specification.
  • FIG. 4 is a schematic diagram of an interface for testing another configured identification rule of private data in the method for accessing private data provided by an embodiment of this specification.
  • FIG. 5 is a schematic diagram of identifying and marking certain metadata as private data in the method for accessing private data provided by an embodiment of this specification.
  • FIG. 6 is a schematic diagram of desensitizing and feeding back the identified private data in the method for accessing private data provided by an embodiment of the present specification.
  • Fig. 7 is a schematic structural diagram of a device for accessing private data provided by an embodiment of this specification.
  • FIG. 8 is a schematic structural diagram of an electronic device provided by an embodiment of this specification.
  • an embodiment of this specification provides a method for accessing private data, which can monitor the target user's access to the target data platform Request, the target user’s access request carries the target user’s account information and the target data the target user requests to access; and based on the preset mapping relationship between user account information and sensitive authority levels, it can be determined to match the target user’s account information
  • the sensitive permission level of the target user and based on the sensitive permission level of the target user and the sensitivity level corresponding to the target data, determine whether the target user has the permission to access the target data; when the target user does not have the permission to access the private data in the target data, the query
  • the target data is desensitized and fed back to the target user.
  • the desensitized data is fed back to the data visitor, which effectively protects the personal privacy data of the user and prevents the personal privacy data of the user from being viewed at will.
  • Fig. 1 is a schematic diagram of an implementation process of a method for accessing private data provided by an embodiment of this specification.
  • the method in FIG. 1 may include step S110 to step S140.
  • S110 Monitoring the access request of the target user to the target data platform, where the access request of the target user carries the account information of the target user and the target data that the target user requests to access.
  • the target data platform refers to the platform used for data storage, including relational databases and data warehouses.
  • the data stored in the target data platform may include metadata and stored data corresponding to the metadata.
  • metadata is used to describe the structural information of the data stored in the data platform, and specifically refers to information such as libraries, tables, and columns in a database or data warehouse.
  • the metadata itself does not store data.
  • table names, column names, field types, field lengths, etc. are all table metadata.
  • the stored data corresponding to the metadata is the data stored in the table corresponding to the table name, and the data stored in the column corresponding to the column name.
  • a personnel table includes name, age, height, weight, education, position, salary, etc.
  • the names of persons stored in the name column are the stored data corresponding to the metadata (name column).
  • the method for identifying private data in the embodiments of this specification It can also be classified into two categories: one is to determine which data of the target data platform is private data based on metadata; the other is to determine which data in the target data platform is private data based on the stored data corresponding to the metadata .
  • the embodiment of this specification combines these two ways of determining private data.
  • the method provided in the embodiment of this specification also includes: obtaining Multiple metadata information in the target data platform; based on multiple metadata information and preset metadata privacy matching rules, identify and mark privacy-related target metadata from multiple metadata; In the data, select a specified number of metadata; based on the privacy data recognition model, identify and mark the private data in the stored data corresponding to the specified number of metadata; among them, the sample data used for the training of the privacy data recognition model is the specified metadata The stored data corresponding to the data.
  • the information of multiple metadata in the target data platform can be obtained, in fact, the full amount of metadata in the target data platform can also be obtained.
  • the privacy matching rules of preset metadata used to identify privacy-related metadata can also be obtained by training an artificial intelligence model, which can be specifically based on multiple metadata The information training is obtained.
  • the embodiment of this specification can randomly select a specified number of metadata from multiple metadata, and whether the selected specified number of metadata matches these metadata The privacy matching rules of the preset metadata are irrelevant.
  • FIG. 2 it is a schematic diagram of an actual deployment environment of the method provided in the embodiment of this specification.
  • the target data platform is interacted by deploying an independent application.
  • the target data platform includes relational data blocks, file storage, and distributed cache.
  • the independent application includes data recognition engine, configuration, classification and hierarchical display, User access records, risk identification engine, sensitivity level display and desensitization .jar, and plug-ins (including metadata reading, sampling data reading, classification and classification data write-back, user access data acquisition, and desensitization integration).
  • the independent application can provide a configurable page for the data security administrator to configure matching rules for private data.
  • the matching rules for identifying private data can act on metadata or on the corresponding metadata. Storing data. Once the matching rule for identifying private data is configured, it can be stored in the database of the independent application for identifying private data in other data platforms.
  • FIG. 3 is a schematic diagram of an interface of a matching rule of a configured private data in a method for accessing private data provided in an embodiment of this specification.
  • the user can input text content containing private data and click "Submit" to test whether the configured matching rule of private data can identify the private data in the text content entered by the user.
  • FIG. 4 in the method for accessing private data provided in the embodiment of this specification, another interface diagram for testing the configured identification rule of private data.
  • the user can enter a link and click "test link” to identify the private data in the page corresponding to the link and the metadata related to the private data.
  • the "content scanning” shown in FIG. 4 is to match the data content in the link through a pre-configured matching rule of private data to identify the private data in the link.
  • the “field scanning” shown in FIG. 4 is to match the metadata in the link through a pre-configured matching rule of private data, and to identify the metadata in the link that involves private data.
  • the configured privacy data matching rules if it is found that the configured privacy data matching rules omit privacy-related metadata or privacy data in the data content, the configured privacy data can also be tested.
  • the data matching rules are modified.
  • the sensitivity levels of metadata related to privacy that they can view are often different, in order to facilitate the distinction between the sensitive permission levels of different data visitors, and for data access with different sensitivity levels
  • the person matches the metadata that they can view.
  • the preset metadata privacy matching rules in the embodiments of this specification also include matching rules involving the sensitivity level of privacy metadata.
  • Identify and mark the target metadata related to privacy from multiple metadata including: based on the information of multiple metadata and the privacy matching rules of preset metadata, determine the target metadata related to privacy from the multiple metadata; The information of the target metadata and the matching rules of the sensitivity level of the privacy related metadata in the preset metadata matching rules determine the sensitivity level of the target metadata; based on the sensitivity level of the target metadata, the target metadata mark.
  • the privacy data identification model can also identify the privacy data and the corresponding sensitivity levels in the data stored in the metadata. Specifically, based on the privacy data identification model, identify and mark the specified number
  • the private data in the stored data corresponding to the metadata includes: identifying the private data in the stored data corresponding to the specified amount of metadata and the corresponding sensitivity level based on the private data recognition model; corresponding to the specified amount of metadata
  • the sensitivity level corresponding to the private data in the stored data is marked with the private data in the stored data corresponding to the specified amount of metadata.
  • FIG. 5 a schematic diagram of identifying and marking certain metadata as private data in the method for accessing private data provided in this embodiment of this specification.
  • the stored data corresponding to the metadata hits the matching rule of "ID card number” in the matching rule of private data, which is marked as "level8" Sensitivity level.
  • the method provided in the embodiment of this specification further includes: if the target metadata has first metadata, the first metadata is the specified number of metadata
  • the corresponding stored data in includes the metadata of the privacy data, and the privacy protection priority is obtained from the sensitivity level of the first metadata in the target metadata and the sensitivity level of the first metadata in the specified number of metadata Higher sensitivity level; based on the higher sensitivity level of privacy protection priority, the first metadata is marked.
  • S120 based on a preset mapping relationship between user account information and sensitive permission levels, determine a sensitive permission level that matches the account information of the target user.
  • the data visitor of the target data platform can be assigned corresponding sensitive authority based on the account registration information of the data visitor in advance. grade. And maintain the preset mapping relationship between user account information and sensitive permission levels in the target data platform and/or the aforementioned independent applications.
  • the target user After receiving the target user's access request to the target data platform, the target user can be determined based on the target user account information carried in the target user's access request and the mapping relationship between the preset user account information and the sensitive authority level The sensitive permission level.
  • the sensitivity level of the target data can be obtained based on the mark of the target data, and then based on the matching degree of the sensitivity level of the target data and the sensitivity level of the target user to determine the target user Do you have the appropriate access rights.
  • the target user based on the sensitivity level of the target user and the sensitivity level corresponding to the target data, determine whether the target user has the permission to access the target data, including: obtaining the sensitivity level of the target data based on the mark of the target data; and based on the sensitivity permission of the target user
  • the degree of matching between the level and the sensitivity level corresponding to the target data determines whether the target user has the authority to access the target data.
  • the target user When the sensitivity level of the target user is not less than the sensitivity level corresponding to the target data, it can be determined that the target user has the permission to access the target data; and when the sensitivity level of the target user is less than the sensitivity level corresponding to the target data, the target can be determined The user does not have permission to access the target data.
  • the target data may not have a sensitivity level mark, but there may be a sensitivity level mark in the metadata corresponding to the target data.
  • obtaining the sensitivity level of the target data based on the mark of the target data includes:
  • the target data does not have a sensitivity level mark, obtain whether the metadata corresponding to the target data has a sensitivity level mark;
  • the sensitivity level of the target data is acquired based on the sensitivity level mark of the metadata corresponding to the target data.
  • S140 If the target user does not have the authority to access the private data in the target data, desensitize the queried target data and feed it back to the target user.
  • desensitizing the queried target data and feeding it back to the target user includes: if the target data is stored data corresponding to one or more metadata, then desensitize the stored data corresponding to one or more metadata. After sensitive processing, it is fed back to the target user; if the target data is target storage data corresponding to one metadata, the target storage data is desensitized and fed back to the target user.
  • desensitize the queried target data and feed it back to the target user including: desensitizing all data of the target data and then feeding it back to the target user; or desensitizing part of the target data and feeding back to the target user To target users.
  • all data of the target data can be desensitized.
  • hash desensitization can be used. That is, all the data of the target data is hashed to obtain a hash value, and the hash value of the target data is fed back to the target user.
  • some data of the target data can be desensitized.
  • part of the target data can be hidden. For example, for the ID number, the middle digits of the ID number can be hidden, for example, to the target user Feedback "310521********1234".
  • FIG. 6 a schematic diagram of identifying certain metadata as private data in the method for accessing private data provided in this embodiment of this specification.
  • the matching rule based on the configured privacy data identifies the MAC address "ab:cd:11:a3:a0:50" that the target user requests to access, and the target user does not have the sensitive authority to access the MAC address. Then, in order to avoid leakage of the MAC address, part of the data in the MAC address can be desensitized and fed back to the target user. For example, the desensitized MAC address "**:cd:11" can be fed back to the target user. :a3:a0:50".
  • the one or more embodiments provided in this specification can monitor the target user’s access request to the target data platform, and the target user’s access request carries the target user’s account information and the target data requested by the target user; and can be based on predictions.
  • Set the mapping relationship between the user account information and the sensitive authority level determine the sensitive authority level that matches the target user’s account information; and determine whether the target user has the access target based on the target user’s sensitive authority level and the sensitivity level corresponding to the target data Data authority; when the target user does not have the authority to access the private data in the target data, the queried target data is desensitized and fed back to the target user.
  • the mapping relationship between the preset user account information and the sensitive permission level of the data it is determined whether the data visitor has the permission to access certain data, and when it is determined that the data visitor does not have the permission to access certain data, The desensitized data is fed back to the data visitor, which effectively protects the personal privacy data of the user and avoids the user's personal privacy data from being viewed at will.
  • FIG. 7 is a schematic structural diagram of an apparatus 700 for accessing private data provided by an embodiment of this specification, which includes: a request monitoring unit 701, a level determination unit 702, a permission determination unit 703, and a data feedback unit 704.
  • the request monitoring unit 701 monitors the access request of the target user to the target data platform, and the access request of the target user carries the account information of the target user and the target data that the target user requests to access.
  • the level determining unit 702 determines the sensitive authority level that matches the target user's account information based on the preset mapping relationship between the user account information and the sensitive authority level.
  • the authority determining unit 703 determines whether the target user has the authority to access the target data based on the sensitive authority level of the target user and the sensitivity level corresponding to the target data.
  • the data feedback unit 704 if the target user does not have the authority to access the private data in the target data, desensitize the queried target data and feed it back to the target user.
  • the device before the request detection unit 701 monitors the target user's access request to the target data platform, the device further includes: a first acquiring unit that acquires multiple elements in the target data platform Data information; a first marking unit, based on the information of the multiple metadata and preset privacy matching rules for metadata, determine and mark target metadata related to privacy from the multiple metadata; metadata selection A unit for selecting a specified number of metadata from the plurality of metadata; a second marking unit, based on a privacy data identification model, identifying and marking the private data in the stored data corresponding to the specified number of metadata; wherein , The sample data used for the training of the private data recognition model is the stored data corresponding to the specified metadata.
  • the preset metadata privacy matching rule further includes a matching rule of the sensitivity level of the metadata related to privacy
  • the first marking unit is configured to: The privacy matching rule of the multiple metadata information and the preset metadata, and the target metadata related to privacy is determined from the multiple metadata; the information based on the target metadata and the preset
  • the privacy matching rule of the metadata involves the matching rule of the sensitivity level of the privacy metadata to determine the sensitivity level of the target metadata; based on the sensitivity level of the target metadata, the target metadata is marked.
  • the second marking unit is configured to: based on a private data identification model, identify the private data in the stored data corresponding to the specified amount of metadata and the corresponding sensitivity level; Based on the sensitivity level corresponding to the privacy data in the storage data corresponding to the specified number of metadata, mark the privacy data in the storage data corresponding to the specified number of metadata.
  • the apparatus further includes: a second acquiring unit, If there is first metadata in the target metadata, and the first metadata is metadata in which the stored data corresponding to the specified number of metadata includes private data, then the first metadata is stored in the The sensitivity level in the target metadata, and the sensitivity level of the first metadata in the specified number of metadata, obtain a sensitivity level with a higher privacy protection priority; the third marking unit is based on the privacy protection The higher priority sensitivity level marks the first metadata.
  • the authority determining unit 703 is configured to: obtain the sensitivity level of the target data based on the mark of the target data; based on the sensitivity level of the target user and the The matching degree of the sensitivity level corresponding to the target data determines whether the target user has the permission to access the target data.
  • the authority determining unit 703 is configured to: based on the mark of the target data, determine whether the target data has a sensitivity level mark; if the target data does not have a sensitivity level If the metadata corresponding to the target data has a sensitivity level mark, it is obtained whether the metadata corresponding to the target data has a sensitivity level mark, then based on the metadata corresponding to the target data, there is a sensitivity level mark To obtain the sensitivity level of the target data.
  • the data feedback unit 704 is configured to: if the target data is stored data corresponding to one or more metadata, store data corresponding to the one or more metadata The data is desensitized and fed back to the target user; if the target data is target storage data corresponding to more than one metadata, the target storage data is desensitized and fed back to the target user.
  • the data feedback unit 704 is configured to: desensitize all the data of the target data and then feed it back to the target user; or desensitize part of the target data. Feedback to the target user after sensitive processing.
  • the device 700 for accessing private data can implement the methods of the method embodiments shown in FIGS. 1 to 6. For details, reference may be made to the method for accessing private data in the embodiments shown in FIGS. 1 to 6, which will not be repeated here.
  • FIG. 8 is a schematic diagram of the structure of an electronic device according to an embodiment of the present specification.
  • the electronic device includes a processor, and optionally an internal bus, a network interface, and a memory.
  • the memory may include memory, such as high-speed random access memory (Random-Access Memory, RAM), or may also include non-volatile memory (non-volatile memory), such as at least one disk storage.
  • RAM random access memory
  • non-volatile memory such as at least one disk storage.
  • the electronic device may also include hardware required by other services.
  • the processor, network interface, and memory can be connected to each other through an internal bus.
  • the internal bus can be an ISA (Industry Standard Architecture) bus, a PCI (Peripheral Component Interconnect, peripheral component interconnection standard) bus, or an EISA (Extended) bus. Industry Standard Architecture, extended industry standard structure) bus, etc.
  • the bus can be divided into an address bus, a data bus, a control bus, and so on. For ease of presentation, only one bidirectional arrow is used in FIG. 8, but it does not mean that there is only one bus or one type of bus.
  • the program may include program code, and the program code includes computer operation instructions.
  • the memory may include memory and non-volatile memory, and provide instructions and data to the processor.
  • the processor reads the corresponding computer program from the non-volatile memory to the memory and then runs it, forming a private data access device at the logical level.
  • the processor executes the program stored in the memory, and is specifically configured to perform the following operations: monitoring the access request of the target user to the target data platform, and the access request of the target user carries the account information of the target user and the target user The target data requested to be accessed; based on the preset mapping relationship between the user account information and the sensitive permission level, the sensitive permission level that matches the target user’s account information is determined; based on the sensitive permission level of the target user and the target The sensitivity level corresponding to the data determines whether the target user has the permission to access the target data; if the target user does not have the permission to access the private data in the target data, the target data that is queried is disconnected Feedback to the target user after sensitive processing.
  • the mapping relationship between the preset user account information and the sensitive permission level of the data it is determined whether the data visitor has the permission to access certain data, and when it is determined that the data visitor does not have the permission to access certain data, The desensitized data is fed back to the data visitor, which effectively protects the personal privacy data of the user and avoids the user's personal privacy data from being viewed at will.
  • the method performed by the device for accessing private data disclosed in the embodiment shown in FIG. 1 of this specification can be applied to a processor or implemented by the processor.
  • the processor may be an integrated circuit chip with signal processing capabilities.
  • each step of the above method can be completed by an integrated logic circuit of hardware in the processor or instructions in the form of software.
  • the above-mentioned processor may be a general-purpose processor, including a central processing unit (CPU), a network processor (Network Processor, NP), etc.; it may also be a digital signal processor (DSP), a dedicated integrated Circuit (Application Specific Integrated Circuit, ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components.
  • CPU central processing unit
  • NP Network Processor
  • DSP digital signal processor
  • ASIC Application Specific Integrated Circuit
  • FPGA Field-Programmable Gate Array
  • the methods, steps, and logical block diagrams disclosed in the embodiments of this specification can be implemented or executed.
  • the general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like.
  • the steps of the method disclosed in the embodiments of this specification can be directly embodied as being executed and completed by a hardware decoding processor, or executed and completed by a combination of hardware and software modules in the decoding processor.
  • the software module can be located in a mature storage medium in the field, such as random access memory, flash memory, read-only memory, programmable read-only memory, or electrically erasable programmable memory, registers.
  • the storage medium is located in the memory, and the processor reads the information in the memory and completes the steps of the above method in combination with its hardware.
  • the electronic device can also execute the method in FIG. 1 and realize the functions of the embodiment shown in FIG. 1 of the device for accessing private data, which will not be repeated here.
  • the embodiment of the present specification also proposes a computer-readable storage medium that stores one or more programs, the one or more programs include instructions, and the instructions are used in a portable electronic device that includes multiple application programs. When executed, the portable electronic device can execute the method of the embodiment shown in FIG.
  • the target user's access request carries the target The user’s account information and the target data that the target user requests to access; based on the preset mapping relationship between the user account information and the sensitive permission level, the sensitive permission level that matches the target user’s account information is determined; based on the target The sensitivity level of the user and the sensitivity level corresponding to the target data are used to determine whether the target user has the permission to access the target data; if the target user does not have the permission to access the private data in the target data, then Desensitizing the queried target data is fed back to the target user.
  • a typical implementation device is a computer.
  • the computer may be, for example, a personal computer, a laptop computer, a cell phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or Any combination of these devices.
  • Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology.
  • the information can be computer-readable instructions, data structures, program modules, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

A private data access method and apparatus, and an electronic device. The method comprises: monitoring an access request of a target user for a target data platform, the access request of the target user carrying account information of the target user and target data requested to be accessed by the target user (S110); determining a sensitive permission level matching the account information of the target user on the basis of a preset mapping relationship between the user account information and the sensitive permission level (S120); on the basis of the sensitive permission level of the target user and a sensitive level corresponding to the target data, determining whether the target user has permission to access the target data (S130); if the target user does not have the permission to access private data in the target data, performing desensitization processing on the queried target data, and feeding back the desensitized target data to the target user (S140).

Description

一种隐私数据的访问方法、装置及电子设备Method, device and electronic equipment for accessing private data 技术领域Technical field
本文件涉及计算机软件技术领域,尤其涉及一种隐私数据的访问方法、装置及电子设备。This document relates to the field of computer software technology, in particular to a method, device and electronic equipment for accessing private data.
背景技术Background technique
随着信息技术的快速发展,用户个人隐私数据每天都存在通过各种不同的途径被暴露的可能。为加强用户个人隐私数据的保护,监管部门对于用户个人隐私数据的保护也越来越重视,并出具了相关的法律法规,要求相关企业对用户个人隐私数据的保护尽到职责。With the rapid development of information technology, users' personal privacy data may be exposed through various channels every day. In order to strengthen the protection of users' personal privacy data, the regulatory authorities are paying more and more attention to the protection of users' personal privacy data, and have issued relevant laws and regulations, requiring relevant enterprises to do their responsibilities for the protection of users' personal privacy data.
目前,用户个人隐私数据的识别通常是通过人工在数据表上打上相应的标签,然而,在实际应用中,涉及用户个人隐私数据的数据表的数量往往很庞大,依赖于人工标记对隐私数据进行打标,效率较低,且容易漏掉一些隐私数据的标记,容易造成用户隐私数据的泄露。此外,数据访问者对涉及用户个人隐私数据进行访问时,难以保证数据访问者不会对用户个人隐私数据进行违规操作。因此,如何对用户个人隐私数据进行有效保护仍然需要提供一种有效的方案。At present, the identification of users’ personal privacy data is usually done by manually marking the corresponding labels on the data tables. However, in practical applications, the number of data tables involving users’ personal privacy data is often very large, relying on manual labeling of private data. Marking is less efficient, and it is easy to miss some private data marks, which may easily cause the leakage of user privacy data. In addition, when a data visitor accesses the user's personal privacy data, it is difficult to ensure that the data visitor will not conduct illegal operations on the user's personal privacy data. Therefore, how to effectively protect users' personal privacy data still needs to provide an effective solution.
发明内容Summary of the invention
本说明书实施例的目的是提供一种隐私数据的访问方法、装置及电子设备,用于避免涉及用户个人隐私的数据被数据访问者肆意查看,造成用户个人隐私数据的泄露的问题。The purpose of the embodiments of this specification is to provide a method, device, and electronic equipment for accessing private data, which are used to prevent data related to the user's personal privacy from being viewed by data visitors wantonly, causing the problem of leakage of the user's personal private data.
为解决上述技术问题,本说明书实施例是这样实现的。In order to solve the above technical problems, the embodiments of this specification are implemented in this way.
第一方面,提出了一种隐私数据的访问方法,包括:监测目标用户对目标数据平台的访问请求,所述目标用户的访问请求中携带所述目标用户的账号信息和所述目标用户请求访问的目标数据;基于预设的用户账号信息与敏感权限等级的映射关系,确定与所述目标用户的账号信息相匹配的敏感权限等级;基于所述目标用户的敏感权限等级和所述目标数据对应的敏感等级,确定所述目标用户是否具备访问所述目标数据的权限;若所述目标用户不具备访问所述目标数据中的隐私数据的权限,则对查询的所述目标数 据进行脱敏处理后反馈给所述目标用户。In the first aspect, a method for accessing private data is proposed, including: monitoring a target user’s access request to a target data platform, the target user’s access request carrying the target user’s account information and the target user’s request for access The target data; based on the preset mapping relationship between the user account information and the sensitive permission level, determine the sensitive permission level that matches the target user’s account information; based on the target user’s sensitive permission level and the target data correspondence The sensitivity level of to determine whether the target user has the permission to access the target data; if the target user does not have the permission to access the private data in the target data, desensitize the queried target data Then feedback to the target user.
第二方面,提出了一种隐私数据的访问装置,包括:请求监测单元,监测目标用户对目标数据平台的访问请求,所述目标用户的访问请求中携带所述目标用户的账号信息和所述目标用户请求访问的目标数据;等级确定单元,基于预设的用户账号信息与敏感权限等级的映射关系,确定与所述目标用户的账号信息相匹配的敏感权限等级;权限确定单元,基于所述目标用户的敏感权限等级和所述目标数据对应的敏感等级,确定所述目标用户是否具备访问所述目标数据的权限;数据反馈单元,若所述目标用户不具备访问所述目标数据中的隐私数据的权限,则对查询的所述目标数据进行脱敏处理后反馈给所述目标用户。In a second aspect, a device for accessing private data is proposed, including a request monitoring unit that monitors a target user’s access request to a target data platform, and the target user’s access request carries the target user’s account information and the target data platform. The target data that the target user requests to access; the level determining unit, based on the preset mapping relationship between the user account information and the sensitive authority level, determines the sensitive authority level that matches the account information of the target user; the authority determining unit is based on the The sensitivity level of the target user and the sensitivity level corresponding to the target data determine whether the target user has the permission to access the target data; a data feedback unit, if the target user does not have the privacy in accessing the target data Data authority, then desensitize the queried target data and feed it back to the target user.
第三方面,提出了一种电子设备,包括:处理器;以及被安排成存储计算机可执行指令的存储器,所述可执行指令在被执行时使所述处理器执行以下操作:监测目标用户对目标数据平台的访问请求,所述目标用户的访问请求中携带所述目标用户的账号信息和所述目标用户请求访问的目标数据;基于预设的用户账号信息与敏感权限等级的映射关系,确定与所述目标用户的账号信息相匹配的敏感权限等级;基于所述目标用户的敏感权限等级和所述目标数据对应的敏感等级,确定所述目标用户是否具备访问所述目标数据的权限;若所述目标用户不具备访问所述目标数据中的隐私数据的权限,则对查询的所述目标数据进行脱敏处理后反馈给所述目标用户。In a third aspect, an electronic device is proposed, including: a processor; and a memory arranged to store computer-executable instructions, which when executed, cause the processor to perform the following operations: monitor target user interaction The access request of the target data platform, the access request of the target user carries the account information of the target user and the target data that the target user requests to access; based on the preset mapping relationship between the user account information and the sensitive authority level, it is determined A sensitive permission level matching the account information of the target user; based on the sensitive permission level of the target user and the sensitivity level corresponding to the target data, determine whether the target user has the permission to access the target data; if If the target user does not have the authority to access the private data in the target data, the queried target data is desensitized and fed back to the target user.
第四方面,提出了一种计算机可读存储介质,所述计算机可读存储介质存储一个或多个程序,所述一个或多个程序当被包括多个应用程序的电子设备执行时,使得所述电子设备执行以下操作:监测目标用户对目标数据平台的访问请求,所述目标用户的访问请求中携带所述目标用户的账号信息和所述目标用户请求访问的目标数据;基于预设的用户账号信息与敏感权限等级的映射关系,确定与所述目标用户的账号信息相匹配的敏感权限等级;基于所述目标用户的敏感权限等级和所述目标数据对应的敏感等级,确定所述目标用户是否具备访问所述目标数据的权限;若所述目标用户不具备访问所述目标数据中的隐私数据的权限,则对查询的所述目标数据进行脱敏处理后反馈给所述目标用户。In a fourth aspect, a computer-readable storage medium is proposed. The computer-readable storage medium stores one or more programs. When the one or more programs are executed by an electronic device that includes multiple application programs, the The electronic device performs the following operations: monitors a target user's access request to a target data platform, and the target user's access request carries the target user's account information and the target data requested by the target user; based on a preset user The mapping relationship between the account information and the sensitive authority level determines the sensitive authority level that matches the account information of the target user; based on the sensitive authority level of the target user and the sensitivity level corresponding to the target data, the target user is determined Whether it has the authority to access the target data; if the target user does not have the authority to access the private data in the target data, desensitize the queried target data and feed it back to the target user.
由以上本说明书实施例提供的技术方案可见,本说明书实施例方案至少具备如下一种技术效果:本说明书提供的一种或多个实施例,能够监测目标用户对目标数据平台的访问请求,该目标用户的访问请求中携带目标用户的账号信息和目标用户请求访问的目标数据;并能基于预设的用户账号信息与敏感权限等级的映射关系,确定与目标用户 的账号信息相匹配的敏感权限等级;以及基于目标用户的敏感权限等级和目标数据对应的敏感等级,确定目标用户是否具备访问目标数据的权限;在目标用户不具备访问目标数据中的隐私数据的权限时,对查询的目标数据进行脱敏处理后反馈给目标用户。通过预先设置好的用户账号信息与数据的敏感权限等级之间的映射关系,来确定数据访问者是否有访问某些数据的权限,并在确定数据访问者不具备访问某些数据的权限时,将脱敏处理后的数据反馈给数据访问者,有效保护了涉及用户个人的隐私数据,避免用户个人的隐私数据被随意查看。As can be seen from the technical solutions provided in the above embodiments of this specification, the embodiments of this specification have at least one of the following technical effects: one or more embodiments provided in this specification can monitor the target user’s access request to the target data platform. The target user’s access request carries the target user’s account information and the target data that the target user requests to access; and based on the preset mapping relationship between the user account information and the sensitive permission level, the sensitive permission that matches the target user’s account information can be determined Level; and based on the sensitivity level of the target user and the sensitivity level corresponding to the target data, determine whether the target user has the permission to access the target data; when the target user does not have the permission to access the private data in the target data, the query target data Feedback to target users after desensitization treatment. Through the mapping relationship between the preset user account information and the sensitive permission level of the data, it is determined whether the data visitor has the permission to access certain data, and when it is determined that the data visitor does not have the permission to access certain data, The desensitized data is fed back to the data visitor, which effectively protects the personal privacy data of the user and avoids the user's personal privacy data from being viewed at will.
附图说明Description of the drawings
为了更清楚地说明本说明书实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本说明书中记载的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly describe the technical solutions in the embodiments of this specification, the following will briefly introduce the drawings needed in the description of the embodiments. Obviously, the drawings in the following description are only some of the implementations recorded in this specification. For example, for those of ordinary skill in the art, without creative work, other drawings can be obtained from these drawings.
图1是本说明书的一个实施例提供的一种隐私数据的访问方法的实施流程示意图。Fig. 1 is a schematic diagram of an implementation process of a method for accessing private data provided by an embodiment of this specification.
图2是本说明书的一个实施例提供的隐私数据的访问方法的一种部署环境的示意图。Fig. 2 is a schematic diagram of a deployment environment of a method for accessing private data provided by an embodiment of this specification.
图3是本说明书的一个实施例提供的隐私数据的访问方法中一种测试的所配置的隐私数据的匹配规则的界面示意图。FIG. 3 is a schematic diagram of an interface of a matching rule of a configured private data in a method for accessing private data provided by an embodiment of this specification.
图4是本说明书的一个实施例提供的隐私数据的访问方法中另一种测试所配置的隐私数据的识别规则的界面示意图。FIG. 4 is a schematic diagram of an interface for testing another configured identification rule of private data in the method for accessing private data provided by an embodiment of this specification.
图5是本说明书的一个实施例提供的隐私数据的访问方法中识别并标记某元数据为隐私数据的示意图。FIG. 5 is a schematic diagram of identifying and marking certain metadata as private data in the method for accessing private data provided by an embodiment of this specification.
图6是本说明书的一个实施例提供的隐私数据的访问方法中对识别到的隐私数据进行脱敏处理并反馈的示意图。FIG. 6 is a schematic diagram of desensitizing and feeding back the identified private data in the method for accessing private data provided by an embodiment of the present specification.
图7是本说明书的一个实施例提供的一种隐私数据的访问装置的结构示意图。Fig. 7 is a schematic structural diagram of a device for accessing private data provided by an embodiment of this specification.
图8是本说明书的一个实施例提供的一种电子设备的结构示意图。FIG. 8 is a schematic structural diagram of an electronic device provided by an embodiment of this specification.
具体实施方式Detailed ways
为使本说明书的目的、技术方案和优点更加清楚,下面将结合本说明书具体实施例及相应的附图对本说明书中的技术方案进行清楚、完整地描述。显然,所描述的实施例仅是本文件一部分实施例,而不是全部的实施例。基于本文件中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本文件保护的范围。In order to make the purpose, technical solutions and advantages of this specification clearer, the technical solutions in this specification will be clearly and completely described below in conjunction with specific embodiments of this specification and the corresponding drawings. Obviously, the described embodiments are only a part of the embodiments of this document, rather than all the embodiments. Based on the embodiments in this document, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of this document.
以下结合附图,详细说明本说明书各实施例提供的技术方案。The technical solutions provided by the embodiments of this specification will be described in detail below with reference to the accompanying drawings.
为避免涉及用户个人隐私的数据被数据访问者肆意查看,造成用户个人隐私数据的泄露的问题,本说明书的一个实施例提供一种隐私数据的访问方法,能够监测目标用户对目标数据平台的访问请求,该目标用户的访问请求中携带目标用户的账号信息和目标用户请求访问的目标数据;并能基于预设的用户账号信息与敏感权限等级的映射关系,确定与目标用户的账号信息相匹配的敏感权限等级;以及基于目标用户的敏感权限等级和目标数据对应的敏感等级,确定目标用户是否具备访问目标数据的权限;在目标用户不具备访问目标数据中的隐私数据的权限时,对查询的目标数据进行脱敏处理后反馈给目标用户。In order to prevent data related to the user's personal privacy from being viewed by data visitors wantonly, causing the leakage of the user's personal privacy data, an embodiment of this specification provides a method for accessing private data, which can monitor the target user's access to the target data platform Request, the target user’s access request carries the target user’s account information and the target data the target user requests to access; and based on the preset mapping relationship between user account information and sensitive authority levels, it can be determined to match the target user’s account information The sensitive permission level of the target user; and based on the sensitive permission level of the target user and the sensitivity level corresponding to the target data, determine whether the target user has the permission to access the target data; when the target user does not have the permission to access the private data in the target data, the query The target data is desensitized and fed back to the target user.
由于能够通过预先设置好的用户账号信息与数据的敏感权限等级之间的映射关系,来确定数据访问者是否有访问某些数据的权限,并在确定数据访问者不具备访问某些数据的权限时,将脱敏处理后的数据反馈给数据访问者,有效保护了涉及用户个人的隐私数据,避免用户个人的隐私数据被随意查看。Since it is possible to determine whether the data visitor has the permission to access certain data through the mapping relationship between the preset user account information and the sensitive permission level of the data, and to determine whether the data visitor does not have the permission to access certain data At the time, the desensitized data is fed back to the data visitor, which effectively protects the personal privacy data of the user and prevents the personal privacy data of the user from being viewed at will.
图1是本说明书的一个实施例提供的一种隐私数据的访问方法的实施流程示意图。图1的方法可包括步骤S110~步骤S140。Fig. 1 is a schematic diagram of an implementation process of a method for accessing private data provided by an embodiment of this specification. The method in FIG. 1 may include step S110 to step S140.
S110,监测目标用户对目标数据平台的访问请求,该目标用户的访问请求中携带目标用户的账号信息和目标用户请求访问的目标数据。S110: Monitoring the access request of the target user to the target data platform, where the access request of the target user carries the account information of the target user and the target data that the target user requests to access.
其中,目标数据平台是指用于数据存储的平台,包括关系型数据库和数据仓库等等。存储在目标数据平台中的数据可包括元数据和元数据所对应的存储数据。其中,元数据用于描述数据平台里存储的数据的结构信息,特指数据库或数仓内的库、表、列等信息,元数据本身不存储数据。比如,表名称、列名称、字段类型、字段长度等都是表的元数据。而元数据所对应的存储数据则是表名称对应的表格中存储的数据、列名称对应的列中存储的数据,比如一个人员表中包括姓名、年龄、身高、体重、学历、职位、 工资等列名称(这些即为元数据),姓名列中存储的人员姓名(如张三、李四等),则是元数据(姓名列)所对应的存储数据。Among them, the target data platform refers to the platform used for data storage, including relational databases and data warehouses. The data stored in the target data platform may include metadata and stored data corresponding to the metadata. Among them, metadata is used to describe the structural information of the data stored in the data platform, and specifically refers to information such as libraries, tables, and columns in a database or data warehouse. The metadata itself does not store data. For example, table names, column names, field types, field lengths, etc. are all table metadata. The stored data corresponding to the metadata is the data stored in the table corresponding to the table name, and the data stored in the column corresponding to the column name. For example, a personnel table includes name, age, height, weight, education, position, salary, etc. Column names (these are metadata), and the names of persons stored in the name column (such as Zhang San, Li Si, etc.) are the stored data corresponding to the metadata (name column).
可选地,由于存储在目标数据平台中的数据可大致分为元数据和元数据多对应的存储数据,为了提高隐私数据的识别效率和准确率,本说明书实施例中的隐私数据的识别方法也可以归为两类:一类是根据元数据确定目标数据平台的哪些数据为隐私数据;另一类则是根据元数据所对应的存储数据来确定目标数据平台中的哪些数据是否为隐私数据。Optionally, since the data stored in the target data platform can be roughly divided into metadata and stored data corresponding to metadata, in order to improve the identification efficiency and accuracy of private data, the method for identifying private data in the embodiments of this specification It can also be classified into two categories: one is to determine which data of the target data platform is private data based on metadata; the other is to determine which data in the target data platform is private data based on the stored data corresponding to the metadata .
应理解,如果只根据元数据来确定目标数据平台的哪些数据为隐私数据,虽然在隐私数据的识别效率上有很大提升,但由于某些元数据的命名方式问题,可能会漏掉某些实际上存储了隐私数据的元数据;而如果只根据元数据所对应的存储数据来确定目标数据平台中的哪些数据是否为隐私数据,则会耗费较大的工作量去逐个分析目标数据平台中存储的全量数据。本说明书实施例为了避免这两种问题,将这两种隐私数据的确定方式结合起来,具体地,在监测目标用户对目标数据平台的访问请求之前,本说明书实施例提供的方法还包括:获取目标数据平台中的多个元数据的信息;基于多个元数据的信息和预设的元数据的隐私匹配规则,从多个元数据中确定并标记涉及隐私的目标元数据;从多个元数据中,选取指定数量的元数据;基于隐私数据识别模型,识别并标记指定数量的元数据所对应的存储数据中的隐私数据;其中,用于隐私数据识别模型训练的样本数据是指定的元数据所对应的存储数据。It should be understood that if only the metadata is used to determine which data of the target data platform is private data, although the efficiency of identifying private data is greatly improved, some metadata may be missed due to the naming method of certain metadata. In fact, the metadata of the private data is stored; and if only the stored data corresponding to the metadata is used to determine which data in the target data platform is private data, it will consume a lot of work to analyze the target data platform one by one The full amount of data stored. In order to avoid these two problems, the embodiment of this specification combines these two ways of determining private data. Specifically, before monitoring the access request of the target user to the target data platform, the method provided in the embodiment of this specification also includes: obtaining Multiple metadata information in the target data platform; based on multiple metadata information and preset metadata privacy matching rules, identify and mark privacy-related target metadata from multiple metadata; In the data, select a specified number of metadata; based on the privacy data recognition model, identify and mark the private data in the stored data corresponding to the specified number of metadata; among them, the sample data used for the training of the privacy data recognition model is the specified metadata The stored data corresponding to the data.
应理解,为了避免漏掉对目标数据平台中涉及隐私的元数据的识别,本说明书实施例中获取目标数据平台中的多个元数据的信息,实质上也可以获取目标数据平台中的全量元数据的信息。为提高识别涉及隐私的元数据的识别效率和准确率,用于识别涉及隐私的元数据的预设的元数据的隐私匹配规则,也可以通过训练人工智能模型得到,具体可以基于多个元数据的信息训练得到。It should be understood that, in order to avoid missing the identification of metadata related to privacy in the target data platform, in the embodiment of this specification, the information of multiple metadata in the target data platform can be obtained, in fact, the full amount of metadata in the target data platform can also be obtained. Data information. In order to improve the recognition efficiency and accuracy of identifying privacy-related metadata, the privacy matching rules of preset metadata used to identify privacy-related metadata can also be obtained by training an artificial intelligence model, which can be specifically based on multiple metadata The information training is obtained.
为了减少对目标数据平台中的隐私数据的识别工作量,本说明书实施例可以从多个元数据中,随机抽样选取指定数量的元数据,所选取的指定数量的元数据与这些元数据是否匹配预设的元数据的隐私匹配规则无关。In order to reduce the workload of identifying private data in the target data platform, the embodiment of this specification can randomly select a specified number of metadata from multiple metadata, and whether the selected specified number of metadata matches these metadata The privacy matching rules of the preset metadata are irrelevant.
如图2所示,为本说明书实施例提供的方法的一种实际的部署环境的示意图。图2中,通过部署一个独立的应用对目标数据平台进行交互,其中,目标数据平台包括关系型数据块、文件存储和分布式缓存,该独立的应用包括数据识别引擎、配置、分类分级展示、用户访问记录、风险识别引擎、敏感等级展示和脱敏.jar、以及插件(包括元数 据读取、抽样数据读取、分类分级数据回写、获取用户访问数据和脱敏集成)。As shown in FIG. 2, it is a schematic diagram of an actual deployment environment of the method provided in the embodiment of this specification. In Figure 2, the target data platform is interacted by deploying an independent application. The target data platform includes relational data blocks, file storage, and distributed cache. The independent application includes data recognition engine, configuration, classification and hierarchical display, User access records, risk identification engine, sensitivity level display and desensitization .jar, and plug-ins (including metadata reading, sampling data reading, classification and classification data write-back, user access data acquisition, and desensitization integration).
其中,该独立的应用可提供给数据安全管理员一个可配置的页面,用于配置隐私数据的匹配规则,该识别隐私数据的匹配规则可作用于元数据,也可作用于元数据所对应的存储数据。该识别隐私数据的匹配规则一旦配置完成之后,便可以存储在该独立的应用的数据库中,用于对其他数据平台中的隐私数据进行识别。如图3所示为本说明书实施例提供的隐私数据的访问方法中,一种测试的所配置的隐私数据的匹配规则的界面示意图。在图3中,用户可输入包含隐私数据的文本内容,点击“提交”,测试所配置的隐私数据的匹配规则是否能够识别用户输入的文本内容中的隐私数据。Among them, the independent application can provide a configurable page for the data security administrator to configure matching rules for private data. The matching rules for identifying private data can act on metadata or on the corresponding metadata. Storing data. Once the matching rule for identifying private data is configured, it can be stored in the database of the independent application for identifying private data in other data platforms. FIG. 3 is a schematic diagram of an interface of a matching rule of a configured private data in a method for accessing private data provided in an embodiment of this specification. In Figure 3, the user can input text content containing private data and click "Submit" to test whether the configured matching rule of private data can identify the private data in the text content entered by the user.
如图4所述为本说明书实施例提供的隐私数据的访问方法中,另一种测试所配置的隐私数据的识别规则的界面示意图。在图4中,用户可输入一个链接,点击“测试链接”,对该链接对应的页面中的隐私数据以及涉及隐私数据的元数据进行识别。其中,图4所示的“内容扫描”为通过预先配置的隐私数据的匹配规则对链接中的数据内容进行匹配,识别该链接中的隐私数据。图4所示的“字段扫描”为通过预先配置的隐私数据的匹配规则对链接中的元数据进行匹配,识别该链接中涉及隐私数据的元数据。As shown in FIG. 4, in the method for accessing private data provided in the embodiment of this specification, another interface diagram for testing the configured identification rule of private data. In Fig. 4, the user can enter a link and click "test link" to identify the private data in the page corresponding to the link and the metadata related to the private data. Among them, the "content scanning" shown in FIG. 4 is to match the data content in the link through a pre-configured matching rule of private data to identify the private data in the link. The "field scanning" shown in FIG. 4 is to match the metadata in the link through a pre-configured matching rule of private data, and to identify the metadata in the link that involves private data.
此外,在对所配置的隐私数据的匹配规则的测试过程中,若发现所配置的隐私数据的匹配规则漏掉了涉及隐私的元数据或数据内容中的隐私数据,还可对所配置的隐私数据的匹配规则进行修改。In addition, in the process of testing the configured privacy data matching rules, if it is found that the configured privacy data matching rules omit privacy-related metadata or privacy data in the data content, the configured privacy data can also be tested. The data matching rules are modified.
可选地,对于不同的数据访问者,其能查看的涉及隐私的元数据的敏感等级往往也有所差异,为便于区分不同数据访问者的敏感权限等级,以及为具备不同敏感权限等级的数据访问者匹配其能查看的元数据。本说明书实施例中的预设的元数据的隐私匹配规则中还包括涉及隐私的元数据的敏感等级的匹配规则,则基于多个元数据的信息和预设的元数据的隐私匹配规则,从多个元数据中确定并标记涉及隐私的目标元数据,包括:基于多个元数据的信息和预设的元数据的隐私匹配规则,从多个元数据中确定涉及隐私的目标元数据;基于目标元数据的信息、以及预设的元数据的隐私匹配规则中涉及隐私的元数据的敏感等级的匹配规则,确定目标元数据的敏感等级;基于目标元数据的敏感等级,对目标元数据进行标记。Optionally, for different data visitors, the sensitivity levels of metadata related to privacy that they can view are often different, in order to facilitate the distinction between the sensitive permission levels of different data visitors, and for data access with different sensitivity levels The person matches the metadata that they can view. The preset metadata privacy matching rules in the embodiments of this specification also include matching rules involving the sensitivity level of privacy metadata. Then, based on the information of multiple metadata and the preset metadata privacy matching rules, Identify and mark the target metadata related to privacy from multiple metadata, including: based on the information of multiple metadata and the privacy matching rules of preset metadata, determine the target metadata related to privacy from the multiple metadata; The information of the target metadata and the matching rules of the sensitivity level of the privacy related metadata in the preset metadata matching rules determine the sensitivity level of the target metadata; based on the sensitivity level of the target metadata, the target metadata mark.
可选地,为便于区分不同隐私数据的敏感等级,隐私数据识别模型还可识别元数据存储的数据中的隐私数据以及对应的敏感等级,具体地,基于隐私数据识别模型,识别并标记指定数量的元数据所对应的存储数据中的隐私数据,包括:基于隐私数据识别模型,识别指定数量的元数据所对应的存储数据中的隐私数据以及对应的敏感等级;基 于指定数量的元数据所对应的存储数据中的隐私数据对应的敏感等级,对指定数量的元数据所对应的存储数据中的隐私数据进行标记。Optionally, in order to distinguish the sensitivity levels of different privacy data, the privacy data identification model can also identify the privacy data and the corresponding sensitivity levels in the data stored in the metadata. Specifically, based on the privacy data identification model, identify and mark the specified number The private data in the stored data corresponding to the metadata includes: identifying the private data in the stored data corresponding to the specified amount of metadata and the corresponding sensitivity level based on the private data recognition model; corresponding to the specified amount of metadata The sensitivity level corresponding to the private data in the stored data is marked with the private data in the stored data corresponding to the specified amount of metadata.
如图5所示,为本说明书实施例提供的隐私数据的访问方法中识别并标记某元数据为隐私数据的示意图。在图5中,在表“yixi_test_1210”中的“cert_no”字段中,识别到该元数据所对应的存储数据命中隐私数据的匹配规则中的“身份证号”匹配规则,被标记为“level8”的敏感等级。As shown in FIG. 5, a schematic diagram of identifying and marking certain metadata as private data in the method for accessing private data provided in this embodiment of this specification. In Figure 5, in the "cert_no" field in the table "yixi_test_1210", it is recognized that the stored data corresponding to the metadata hits the matching rule of "ID card number" in the matching rule of private data, which is marked as "level8" Sensitivity level.
应理解,在对涉及隐私的元数据进行识别和标记后,再从多个元数据中随机抽取指定数量的元数据时,有可能会重复选取被识别和标记为涉及隐私的元数据。在这种情况下,如果依据隐私数据识别模型识别到该重复选取的元数据所对应的存储数据中存在隐私数据,则该元数据中会存在两个隐私数据的敏感等级的标记,本说明书实施例对于这种情况,优先选择隐私保护优先级更高的敏感等级对元数据进行标记。在对指定数量的元数据所对应的存储数据中的隐私数据进行标记之后,本说明书实施例提供的方法还包括:若目标元数据存在第一元数据,第一元数据为指定数量的元数据中所对应的存储数据包括隐私数据的元数据,则从第一元数据在目标元数据中的敏感等级、以及第一元数据在指定数量的元数据中的敏感等级中,获取隐私保护优先级更高的敏感等级;基于隐私保护优先级更高的敏感等级,对第一元数据进行标记。It should be understood that after identifying and marking metadata related to privacy, when a specified amount of metadata is randomly selected from multiple metadata, it is possible to repeatedly select metadata that has been identified and marked as involving privacy. In this case, if it is recognized that the stored data corresponding to the repeatedly selected metadata contains private data according to the private data recognition model, there will be two sensitive levels of privacy data in the metadata, and this specification implements For example, in this case, priority is given to selecting a sensitivity level with a higher privacy protection priority to mark metadata. After marking the private data in the stored data corresponding to the specified number of metadata, the method provided in the embodiment of this specification further includes: if the target metadata has first metadata, the first metadata is the specified number of metadata The corresponding stored data in includes the metadata of the privacy data, and the privacy protection priority is obtained from the sensitivity level of the first metadata in the target metadata and the sensitivity level of the first metadata in the specified number of metadata Higher sensitivity level; based on the higher sensitivity level of privacy protection priority, the first metadata is marked.
S120,基于预设的用户账号信息与敏感权限等级的映射关系,确定与目标用户的账号信息相匹配的敏感权限等级。S120, based on a preset mapping relationship between user account information and sensitive permission levels, determine a sensitive permission level that matches the account information of the target user.
应理解,为便于确认目标数据平台的数据访问者是否具备访问目标数据平台中的隐私数据的权限,可预先基于数据访问者的账号注册信息,为目标数据平台的数据访问者分配对应的敏感权限等级。并在目标数据平台和/或上述独立的应用中维护预设的用户账号信息与敏感权限等级的映射关系。在接收到目标用户对目标数据平台的访问请求后,便可基于该目标用户的访问请求中携带的目标用户账号信息、以及该预设的用户账号信息与敏感权限等级的映射关系,确定目标用户的敏感权限等级。It should be understood that in order to facilitate the confirmation of whether the data visitor of the target data platform has the authority to access the private data in the target data platform, the data visitor of the target data platform can be assigned corresponding sensitive authority based on the account registration information of the data visitor in advance. grade. And maintain the preset mapping relationship between user account information and sensitive permission levels in the target data platform and/or the aforementioned independent applications. After receiving the target user's access request to the target data platform, the target user can be determined based on the target user account information carried in the target user's access request and the mapping relationship between the preset user account information and the sensitive authority level The sensitive permission level.
S130,基于目标用户的敏感权限等级和目标数据对应的敏感等级,确定目标用户是否具备访问目标数据的权限。S130, based on the sensitivity level of the target user and the sensitivity level corresponding to the target data, determine whether the target user has the permission to access the target data.
应理解,由于在监测目标用户对目标数据平台的访问请求之前,对目标数据平台中涉及隐私数据的元数据、以及元数据所对应的存储数据中的隐私数据的敏感等级进行了标记,因此,在确定目标用户是否具备访问目标数据的权限时,可基于目标数据的标 记,获取目标数据的敏感等级,再基于该目标数据的敏感等级和目标用户的敏感权限等级的匹配度,来确定目标用户是否具备相应的访问权限。具体地,基于目标用户的敏感权限等级和目标数据对应的敏感等级,确定目标用户是否具备访问目标数据的权限,包括:基于目标数据的标记,获取目标数据的敏感等级;基于目标用户的敏感权限等级和目标数据对应的敏感等级的匹配度,确定目标用户是否具备访问目标数据的权限。It should be understood that, before monitoring the target user's access request to the target data platform, the metadata related to the private data in the target data platform and the sensitivity level of the private data in the stored data corresponding to the metadata are marked, therefore, When determining whether the target user has the permission to access the target data, the sensitivity level of the target data can be obtained based on the mark of the target data, and then based on the matching degree of the sensitivity level of the target data and the sensitivity level of the target user to determine the target user Do you have the appropriate access rights. Specifically, based on the sensitivity level of the target user and the sensitivity level corresponding to the target data, determine whether the target user has the permission to access the target data, including: obtaining the sensitivity level of the target data based on the mark of the target data; and based on the sensitivity permission of the target user The degree of matching between the level and the sensitivity level corresponding to the target data determines whether the target user has the authority to access the target data.
当目标用户的敏感权限等级不小于目标数据对应的敏感等级时,则可以确定目标用户具备访问目标数据的权限;而当目标用户的敏感权限等级小于目标数据对应的敏感等级时,则可以确定目标用户不具备访问目标数据的权限。When the sensitivity level of the target user is not less than the sensitivity level corresponding to the target data, it can be determined that the target user has the permission to access the target data; and when the sensitivity level of the target user is less than the sensitivity level corresponding to the target data, the target can be determined The user does not have permission to access the target data.
应理解,在确定目标数据的敏感等级时,该目标数据可能不存在敏感等级的标记,而在该目标数据对应的元数据中则可能存在敏感等级的标记。具体地,基于目标数据的标记,获取目标数据的敏感等级,包括:It should be understood that when determining the sensitivity level of the target data, the target data may not have a sensitivity level mark, but there may be a sensitivity level mark in the metadata corresponding to the target data. Specifically, obtaining the sensitivity level of the target data based on the mark of the target data includes:
基于目标数据的标记,确定目标数据是否存在敏感等级的标记;Based on the mark of the target data, determine whether the target data has a mark of sensitivity level;
若目标数据不存在敏感等级的标记,则获取目标数据对应的元数据是否存在敏感等级的标记;If the target data does not have a sensitivity level mark, obtain whether the metadata corresponding to the target data has a sensitivity level mark;
若目标数据对应的元数据存在敏感等级的标记,则基于目标数据对应的元数据存在敏感等级的标记,获取目标数据的敏感等级。If the metadata corresponding to the target data has a sensitivity level mark, the sensitivity level of the target data is acquired based on the sensitivity level mark of the metadata corresponding to the target data.
S140,若目标用户不具备访问目标数据中的隐私数据的权限,则对查询的目标数据进行脱敏处理后反馈给目标用户。S140: If the target user does not have the authority to access the private data in the target data, desensitize the queried target data and feed it back to the target user.
应理解,为避免不具备访问目标数据中的隐私数据的权限的用户肆意查看并转发该目标数据,本说明书实施例可以将目标数据进行脱敏处理后反馈给目标用户,避免造成目标数据中的隐私数据泄露。具体地,对查询的目标数据进行脱敏处理后反馈给目标用户,包括:若目标数据为一个或多个元数据所对应的存储数据,则对一个或多个元数据对应的存储数据进行脱敏处理后反馈给目标用户;若目标数据为一个元数据多对应的目标存储数据,则对目标存储数据进行脱敏处理后反馈给目标用户。It should be understood that, in order to avoid users who do not have the right to access the private data in the target data to wantonly view and forward the target data, the embodiment of this specification can desensitize the target data and feed it back to the target user, so as to avoid causing any problems in the target data. Privacy data leakage. Specifically, desensitizing the queried target data and feeding it back to the target user includes: if the target data is stored data corresponding to one or more metadata, then desensitize the stored data corresponding to one or more metadata. After sensitive processing, it is fed back to the target user; if the target data is target storage data corresponding to one metadata, the target storage data is desensitized and fed back to the target user.
应理解,本说明书实施例中的隐私数据的确定方式有两种,一种是根据元数据确定,一种是根据元数据对应的存储数据确定的。那么对目标数据进行脱敏处理也可包括两种方式,一种是将一个或多个元数据对应的存储数据均进行脱敏处理,例如,工资一列对大部分人是保密的,需要脱敏处理,这个属于根据元数据脱敏处理;另一种是将一个元数据中的目标存储数据进行脱敏处理,比如,职位为总经理的,需要脱敏处理,这 个属于根据某个元数据对应的某个存储数据脱敏处理。It should be understood that there are two methods for determining private data in the embodiments of this specification, one is determined based on metadata, and the other is determined based on stored data corresponding to the metadata. Then there are two ways to desensitize the target data. One is to desensitize the stored data corresponding to one or more metadata. For example, the salary column is confidential to most people and needs to be desensitized. Processing, this belongs to desensitization processing based on metadata; the other is to desensitize the target storage data in a metadata. For example, if the position is general manager, it needs to be desensitized. This is based on a certain metadata. Desensitization processing of a certain stored data.
可选地,对查询的目标数据进行脱敏处理后反馈给目标用户,包括:对目标数据的全部数据进行脱敏处理后反馈给目标用户;或者对目标数据的部分数据进行脱敏处理后反馈给目标用户。Optionally, desensitize the queried target data and feed it back to the target user, including: desensitizing all data of the target data and then feeding it back to the target user; or desensitizing part of the target data and feeding back to the target user To target users.
其中,对目标数据的全部数据进行脱敏处理,具体可以采用哈希脱敏处理,即将目标数据的全部数据进行哈希得到哈希值,将该目标数据的哈希值反馈给目标用户,此外,还可采用密钥加密进行脱敏处理。或者,对目标数据的部分数据进行脱敏处理,具体可以对目标数据的部分数据进行隐藏,比如对身份证号来说,可以将身份证号的中间几位数字进行隐藏,比如可以向目标用户反馈“310521********1234”。Among them, all data of the target data can be desensitized. Specifically, hash desensitization can be used. That is, all the data of the target data is hashed to obtain a hash value, and the hash value of the target data is fed back to the target user. , Can also use key encryption for desensitization. Or, some data of the target data can be desensitized. Specifically, part of the target data can be hidden. For example, for the ID number, the middle digits of the ID number can be hidden, for example, to the target user Feedback "310521********1234".
如图6所示,为本说明书实施例提供的隐私数据的访问方法中识别到某元数据为隐私数据的示意图。在图6中,基于配置的隐私数据的匹配规则识别到目标用户请求访问的MAC地址“ab:cd:11:a3:a0:50”,且该目标用户不具备访问该MAC地址的敏感权限。那么,为避免对该MAC地址造成泄漏,可以对该MAC地址中的部分数据进行脱敏处理后反馈给目标用户,比如可以向目标用户反馈脱敏处理后的MAC地址“**:cd:11:a3:a0:50”。As shown in FIG. 6, a schematic diagram of identifying certain metadata as private data in the method for accessing private data provided in this embodiment of this specification. In Figure 6, the matching rule based on the configured privacy data identifies the MAC address "ab:cd:11:a3:a0:50" that the target user requests to access, and the target user does not have the sensitive authority to access the MAC address. Then, in order to avoid leakage of the MAC address, part of the data in the MAC address can be desensitized and fed back to the target user. For example, the desensitized MAC address "**:cd:11" can be fed back to the target user. :a3:a0:50".
本说明书提供的一种或多个实施例,能够监测目标用户对目标数据平台的访问请求,该目标用户的访问请求中携带目标用户的账号信息和目标用户请求访问的目标数据;并能基于预设的用户账号信息与敏感权限等级的映射关系,确定与目标用户的账号信息相匹配的敏感权限等级;以及基于目标用户的敏感权限等级和目标数据对应的敏感等级,确定目标用户是否具备访问目标数据的权限;在目标用户不具备访问目标数据中的隐私数据的权限时,对查询的目标数据进行脱敏处理后反馈给目标用户。通过预先设置好的用户账号信息与数据的敏感权限等级之间的映射关系,来确定数据访问者是否有访问某些数据的权限,并在确定数据访问者不具备访问某些数据的权限时,将脱敏处理后的数据反馈给数据访问者,有效保护了涉及用户个人的隐私数据,避免用户个人的隐私数据被随意查看。The one or more embodiments provided in this specification can monitor the target user’s access request to the target data platform, and the target user’s access request carries the target user’s account information and the target data requested by the target user; and can be based on predictions. Set the mapping relationship between the user account information and the sensitive authority level, determine the sensitive authority level that matches the target user’s account information; and determine whether the target user has the access target based on the target user’s sensitive authority level and the sensitivity level corresponding to the target data Data authority; when the target user does not have the authority to access the private data in the target data, the queried target data is desensitized and fed back to the target user. Through the mapping relationship between the preset user account information and the sensitive permission level of the data, it is determined whether the data visitor has the permission to access certain data, and when it is determined that the data visitor does not have the permission to access certain data, The desensitized data is fed back to the data visitor, which effectively protects the personal privacy data of the user and avoids the user's personal privacy data from being viewed at will.
图7是本说明书的一个实施例提供的一种隐私数据的访问装置700的结构示意图,包括:请求监测单元701、等级确定单元702、权限确定单元703、数据反馈单元704。FIG. 7 is a schematic structural diagram of an apparatus 700 for accessing private data provided by an embodiment of this specification, which includes: a request monitoring unit 701, a level determination unit 702, a permission determination unit 703, and a data feedback unit 704.
请求监测单元701,监测目标用户对目标数据平台的访问请求,所述目标用户的访问请求中携带所述目标用户的账号信息和所述目标用户请求访问的目标数据。The request monitoring unit 701 monitors the access request of the target user to the target data platform, and the access request of the target user carries the account information of the target user and the target data that the target user requests to access.
等级确定单元702,基于预设的用户账号信息与敏感权限等级的映射关系,确定与所述目标用户的账号信息相匹配的敏感权限等级。The level determining unit 702 determines the sensitive authority level that matches the target user's account information based on the preset mapping relationship between the user account information and the sensitive authority level.
权限确定单元703,基于所述目标用户的敏感权限等级和所述目标数据对应的敏感等级,确定所述目标用户是否具备访问所述目标数据的权限。The authority determining unit 703 determines whether the target user has the authority to access the target data based on the sensitive authority level of the target user and the sensitivity level corresponding to the target data.
数据反馈单元704,若所述目标用户不具备访问所述目标数据中的隐私数据的权限,则对查询的所述目标数据进行脱敏处理后反馈给所述目标用户。The data feedback unit 704, if the target user does not have the authority to access the private data in the target data, desensitize the queried target data and feed it back to the target user.
可选地,在一种实施方式中,在所述请求检测单元701监测目标用户对目标数据平台的访问请求之前,所述装置还包括:第一获取单元,获取目标数据平台中的多个元数据的信息;第一标记单元,基于所述多个元数据的信息和预设的元数据的隐私匹配规则,从所述多个元数据中确定并标记涉及隐私的目标元数据;元数据选取单元,从所述多个元数据中,选取指定数量的元数据;第二标记单元,基于隐私数据识别模型,识别并标记所述指定数量的元数据所对应的存储数据中的隐私数据;其中,用于所述隐私数据识别模型训练的样本数据是指定的元数据所对应的存储数据。Optionally, in an implementation manner, before the request detection unit 701 monitors the target user's access request to the target data platform, the device further includes: a first acquiring unit that acquires multiple elements in the target data platform Data information; a first marking unit, based on the information of the multiple metadata and preset privacy matching rules for metadata, determine and mark target metadata related to privacy from the multiple metadata; metadata selection A unit for selecting a specified number of metadata from the plurality of metadata; a second marking unit, based on a privacy data identification model, identifying and marking the private data in the stored data corresponding to the specified number of metadata; wherein , The sample data used for the training of the private data recognition model is the stored data corresponding to the specified metadata.
可选地,在一种实施方式中,所述预设的元数据的隐私匹配规则中还包括涉及隐私的元数据的敏感等级的匹配规则,则所述第一标记单元,用于:基于所述多个元数据的信息和所述预设的元数据的隐私匹配规则,从所述多个元数据中确定涉及隐私的目标元数据;基于所述目标元数据的信息、以及所述预设的元数据的隐私匹配规则中涉及隐私的元数据的敏感等级的匹配规则,确定所述目标元数据的敏感等级;基于所述目标元数据的敏感等级,对所述目标元数据进行标记。Optionally, in an implementation manner, the preset metadata privacy matching rule further includes a matching rule of the sensitivity level of the metadata related to privacy, and the first marking unit is configured to: The privacy matching rule of the multiple metadata information and the preset metadata, and the target metadata related to privacy is determined from the multiple metadata; the information based on the target metadata and the preset The privacy matching rule of the metadata involves the matching rule of the sensitivity level of the privacy metadata to determine the sensitivity level of the target metadata; based on the sensitivity level of the target metadata, the target metadata is marked.
可选地,在一种实施方式中,所述第二标记单元,用于:基于隐私数据识别模型,识别所述指定数量的元数据所对应的存储数据中的隐私数据以及对应的敏感等级;基于所述指定数量的元数据所对应的存储数据中的隐私数据对应的敏感等级,对所述指定数量的元数据所对应的存储数据中的隐私数据进行标记。Optionally, in an embodiment, the second marking unit is configured to: based on a private data identification model, identify the private data in the stored data corresponding to the specified amount of metadata and the corresponding sensitivity level; Based on the sensitivity level corresponding to the privacy data in the storage data corresponding to the specified number of metadata, mark the privacy data in the storage data corresponding to the specified number of metadata.
可选地,在一种实施方式中,在所述第二标记单元对所述指定数量的元数据所对应的存储数据中的隐私数据进行标记之后,所述装置还包括:第二获取单元,若所述目标元数据存在第一元数据,所述第一元数据为所述指定数量的元数据中所对应的存储数据包括隐私数据的元数据,则从所述第一元数据在所述目标元数据中的敏感等级、以及所述第一元数据在所述指定数量的元数据中的敏感等级中,获取隐私保护优先级更高的敏感等级;第三标记单元,基于所述隐私保护优先级更高的敏感等级,对所述第一元数 据进行标记。Optionally, in an embodiment, after the second marking unit marks the privacy data in the stored data corresponding to the specified amount of metadata, the apparatus further includes: a second acquiring unit, If there is first metadata in the target metadata, and the first metadata is metadata in which the stored data corresponding to the specified number of metadata includes private data, then the first metadata is stored in the The sensitivity level in the target metadata, and the sensitivity level of the first metadata in the specified number of metadata, obtain a sensitivity level with a higher privacy protection priority; the third marking unit is based on the privacy protection The higher priority sensitivity level marks the first metadata.
可选地,在一种实施方式中,所述权限确定单元703,用于:基于所述目标数据的标记,获取所述目标数据的敏感等级;基于所述目标用户的敏感权限等级和所述目标数据对应的敏感等级的匹配度,确定所述目标用户是否具备访问所述目标数据的权限。Optionally, in an implementation manner, the authority determining unit 703 is configured to: obtain the sensitivity level of the target data based on the mark of the target data; based on the sensitivity level of the target user and the The matching degree of the sensitivity level corresponding to the target data determines whether the target user has the permission to access the target data.
可选地,在一种实施方式中,所述权限确定单元703,用于:基于所述目标数据的标记,确定所述目标数据是否存在敏感等级的标记;若所述目标数据不存在敏感等级的标记,则获取所述目标数据对应的元数据是否存在敏感等级的标记;若所述目标数据对应的元数据存在敏感等级的标记,则基于所述目标数据对应的元数据存在敏感等级的标记,获取所述目标数据的敏感等级。Optionally, in an embodiment, the authority determining unit 703 is configured to: based on the mark of the target data, determine whether the target data has a sensitivity level mark; if the target data does not have a sensitivity level If the metadata corresponding to the target data has a sensitivity level mark, it is obtained whether the metadata corresponding to the target data has a sensitivity level mark, then based on the metadata corresponding to the target data, there is a sensitivity level mark To obtain the sensitivity level of the target data.
可选地,在一种实施方式中,数据反馈单元704,用于:若所述目标数据为一个或多个元数据所对应的存储数据,则对所述一个或多个元数据对应的存储数据进行脱敏处理后反馈给所述目标用户;若所述目标数据为一个元数据多对应的目标存储数据,则对所述目标存储数据进行脱敏处理后反馈给所述目标用户。Optionally, in an embodiment, the data feedback unit 704 is configured to: if the target data is stored data corresponding to one or more metadata, store data corresponding to the one or more metadata The data is desensitized and fed back to the target user; if the target data is target storage data corresponding to more than one metadata, the target storage data is desensitized and fed back to the target user.
可选地,在一种实施方式中,数据反馈单元704,用于:对所述目标数据的全部数据进行脱敏处理后反馈给所述目标用户;或者对所述目标数据的部分数据进行脱敏处理后反馈给所述目标用户。Optionally, in an embodiment, the data feedback unit 704 is configured to: desensitize all the data of the target data and then feed it back to the target user; or desensitize part of the target data. Feedback to the target user after sensitive processing.
隐私数据的访问装置700能够实现图1~图6的方法实施例的方法,具体可参考图1~图6所示实施例的隐私数据的访问方法,不再赘述。The device 700 for accessing private data can implement the methods of the method embodiments shown in FIGS. 1 to 6. For details, reference may be made to the method for accessing private data in the embodiments shown in FIGS. 1 to 6, which will not be repeated here.
图8是本说明书的一个实施例电子设备的结构示意图。请参考图8,在硬件层面,该电子设备包括处理器,可选地还包括内部总线、网络接口、存储器。其中,存储器可能包含内存,例如高速随机存取存储器(Random-Access Memory,RAM),也可能还包括非易失性存储器(non-volatile memory),例如至少1个磁盘存储器等。当然,该电子设备还可能包括其他业务所需要的硬件。FIG. 8 is a schematic diagram of the structure of an electronic device according to an embodiment of the present specification. Please refer to FIG. 8. At the hardware level, the electronic device includes a processor, and optionally an internal bus, a network interface, and a memory. Among them, the memory may include memory, such as high-speed random access memory (Random-Access Memory, RAM), or may also include non-volatile memory (non-volatile memory), such as at least one disk storage. Of course, the electronic device may also include hardware required by other services.
处理器、网络接口和存储器可以通过内部总线相互连接,该内部总线可以是ISA(Industry Standard Architecture,工业标准体系结构)总线、PCI(Peripheral Component Interconnect,外设部件互连标准)总线或EISA(Extended Industry Standard Architecture,扩展工业标准结构)总线等。所述总线可以分为地址总线、数据总线、控制总线等。为便于表示,图8中仅用一个双向箭头表示,但并不表示仅有一根总线或一种类型的总线。The processor, network interface, and memory can be connected to each other through an internal bus. The internal bus can be an ISA (Industry Standard Architecture) bus, a PCI (Peripheral Component Interconnect, peripheral component interconnection standard) bus, or an EISA (Extended) bus. Industry Standard Architecture, extended industry standard structure) bus, etc. The bus can be divided into an address bus, a data bus, a control bus, and so on. For ease of presentation, only one bidirectional arrow is used in FIG. 8, but it does not mean that there is only one bus or one type of bus.
存储器,用于存放程序。具体地,程序可以包括程序代码,所述程序代码包括计 算机操作指令。存储器可以包括内存和非易失性存储器,并向处理器提供指令和数据。Memory, used to store programs. Specifically, the program may include program code, and the program code includes computer operation instructions. The memory may include memory and non-volatile memory, and provide instructions and data to the processor.
处理器从非易失性存储器中读取对应的计算机程序到内存中然后运行,在逻辑层面上形成隐私数据的访问装置。处理器,执行存储器所存放的程序,并具体用于执行以下操作:监测目标用户对目标数据平台的访问请求,所述目标用户的访问请求中携带所述目标用户的账号信息和所述目标用户请求访问的目标数据;基于预设的用户账号信息与敏感权限等级的映射关系,确定与所述目标用户的账号信息相匹配的敏感权限等级;基于所述目标用户的敏感权限等级和所述目标数据对应的敏感等级,确定所述目标用户是否具备访问所述目标数据的权限;若所述目标用户不具备访问所述目标数据中的隐私数据的权限,则对查询的所述目标数据进行脱敏处理后反馈给所述目标用户。The processor reads the corresponding computer program from the non-volatile memory to the memory and then runs it, forming a private data access device at the logical level. The processor executes the program stored in the memory, and is specifically configured to perform the following operations: monitoring the access request of the target user to the target data platform, and the access request of the target user carries the account information of the target user and the target user The target data requested to be accessed; based on the preset mapping relationship between the user account information and the sensitive permission level, the sensitive permission level that matches the target user’s account information is determined; based on the sensitive permission level of the target user and the target The sensitivity level corresponding to the data determines whether the target user has the permission to access the target data; if the target user does not have the permission to access the private data in the target data, the target data that is queried is disconnected Feedback to the target user after sensitive processing.
通过预先设置好的用户账号信息与数据的敏感权限等级之间的映射关系,来确定数据访问者是否有访问某些数据的权限,并在确定数据访问者不具备访问某些数据的权限时,将脱敏处理后的数据反馈给数据访问者,有效保护了涉及用户个人的隐私数据,避免用户个人的隐私数据被随意查看。Through the mapping relationship between the preset user account information and the sensitive permission level of the data, it is determined whether the data visitor has the permission to access certain data, and when it is determined that the data visitor does not have the permission to access certain data, The desensitized data is fed back to the data visitor, which effectively protects the personal privacy data of the user and avoids the user's personal privacy data from being viewed at will.
上述如本说明书图1所示实施例揭示的隐私数据的访问装置执行的方法可以应用于处理器中,或者由处理器实现。处理器可能是一种集成电路芯片,具有信号的处理能力。在实现过程中,上述方法的各步骤可以通过处理器中的硬件的集成逻辑电路或者软件形式的指令完成。上述的处理器可以是通用处理器,包括中央处理器(Central Processing Unit,CPU)、网络处理器(Network Processor,NP)等;还可以是数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。可以实现或者执行本说明书实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。结合本说明书实施例所公开的方法的步骤可以直接体现为硬件译码处理器执行完成,或者用译码处理器中的硬件及软件模块组合执行完成。软件模块可以位于随机存储器,闪存、只读存储器,可编程只读存储器或者电可擦写可编程存储器、寄存器等本领域成熟的存储介质中。该存储介质位于存储器,处理器读取存储器中的信息,结合其硬件完成上述方法的步骤。The method performed by the device for accessing private data disclosed in the embodiment shown in FIG. 1 of this specification can be applied to a processor or implemented by the processor. The processor may be an integrated circuit chip with signal processing capabilities. In the implementation process, each step of the above method can be completed by an integrated logic circuit of hardware in the processor or instructions in the form of software. The above-mentioned processor may be a general-purpose processor, including a central processing unit (CPU), a network processor (Network Processor, NP), etc.; it may also be a digital signal processor (DSP), a dedicated integrated Circuit (Application Specific Integrated Circuit, ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components. The methods, steps, and logical block diagrams disclosed in the embodiments of this specification can be implemented or executed. The general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like. The steps of the method disclosed in the embodiments of this specification can be directly embodied as being executed and completed by a hardware decoding processor, or executed and completed by a combination of hardware and software modules in the decoding processor. The software module can be located in a mature storage medium in the field, such as random access memory, flash memory, read-only memory, programmable read-only memory, or electrically erasable programmable memory, registers. The storage medium is located in the memory, and the processor reads the information in the memory and completes the steps of the above method in combination with its hardware.
该电子设备还可执行图1的方法,并实现隐私数据的访问装置在图1所示实施例的功能,本说明书实施例在此不再赘述。The electronic device can also execute the method in FIG. 1 and realize the functions of the embodiment shown in FIG. 1 of the device for accessing private data, which will not be repeated here.
本说明书实施例还提出了一种计算机可读存储介质,该计算机可读存储介质存储 一个或多个程序,该一个或多个程序包括指令,该指令当被包括多个应用程序的便携式电子设备执行时,能够使该便携式电子设备执行图1所示实施例的方法,并具体用于执行以下操作:监测目标用户对目标数据平台的访问请求,所述目标用户的访问请求中携带所述目标用户的账号信息和所述目标用户请求访问的目标数据;基于预设的用户账号信息与敏感权限等级的映射关系,确定与所述目标用户的账号信息相匹配的敏感权限等级;基于所述目标用户的敏感权限等级和所述目标数据对应的敏感等级,确定所述目标用户是否具备访问所述目标数据的权限;若所述目标用户不具备访问所述目标数据中的隐私数据的权限,则对查询的所述目标数据进行脱敏处理后反馈给所述目标用户。The embodiment of the present specification also proposes a computer-readable storage medium that stores one or more programs, the one or more programs include instructions, and the instructions are used in a portable electronic device that includes multiple application programs. When executed, the portable electronic device can execute the method of the embodiment shown in FIG. 1, and is specifically used to perform the following operations: monitor the target user's access request to the target data platform, and the target user's access request carries the target The user’s account information and the target data that the target user requests to access; based on the preset mapping relationship between the user account information and the sensitive permission level, the sensitive permission level that matches the target user’s account information is determined; based on the target The sensitivity level of the user and the sensitivity level corresponding to the target data are used to determine whether the target user has the permission to access the target data; if the target user does not have the permission to access the private data in the target data, then Desensitizing the queried target data is fed back to the target user.
上述对本说明书特定实施例进行了描述。其它实施例在所附权利要求书的范围内。在一些情况下,在权利要求书中记载的动作或步骤可以按照不同于实施例中的顺序来执行并且仍然可以实现期望的结果。另外,在附图中描绘的过程不一定要求示出的特定顺序或者连续顺序才能实现期望的结果。在某些实施方式中,多任务处理和并行处理也是可以的或者可能是有利的。The foregoing describes specific embodiments of this specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps described in the claims can be performed in a different order than in the embodiments and still achieve desired results. In addition, the processes depicted in the drawings do not necessarily require the specific order or sequential order shown in order to achieve the desired results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
总之,以上所述仅为本说明书的较佳实施例而已,并非用于限定本说明书的保护范围。凡在本说明书的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本说明书的保护范围之内。In short, the above descriptions are only preferred embodiments of this specification, and are not intended to limit the protection scope of this specification. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of this specification shall be included in the protection scope of this specification.
上述实施例阐明的系统、装置、模块或单元,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为计算机。具体的,计算机例如可以为个人计算机、膝上型计算机、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任何设备的组合。The systems, devices, modules, or units illustrated in the above embodiments may be specifically implemented by computer chips or entities, or implemented by products with certain functions. A typical implementation device is a computer. Specifically, the computer may be, for example, a personal computer, a laptop computer, a cell phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or Any combination of these devices.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology. The information can be computer-readable instructions, data structures, program modules, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, commodity or equipment including a series of elements not only includes those elements, but also includes Other elements that are not explicitly listed, or also include elements inherent to such processes, methods, commodities, or equipment. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, method, commodity, or equipment that includes the element.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于系统实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。The various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the difference from other embodiments. In particular, as for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for related parts, please refer to the part of the description of the method embodiment.

Claims (11)

  1. 一种隐私数据的访问方法,包括:A method for accessing private data, including:
    监测目标用户对目标数据平台的访问请求,所述目标用户的访问请求中携带所述目标用户的账号信息和所述目标用户请求访问的目标数据;Monitoring the access request of the target user to the target data platform, the access request of the target user carries the account information of the target user and the target data that the target user requests to access;
    基于预设的用户账号信息与敏感权限等级的映射关系,确定与所述目标用户的账号信息相匹配的敏感权限等级;Based on the preset mapping relationship between the user account information and the sensitive permission level, determine the sensitive permission level that matches the target user's account information;
    基于所述目标用户的敏感权限等级和所述目标数据对应的敏感等级,确定所述目标用户是否具备访问所述目标数据的权限;Determining whether the target user has the permission to access the target data based on the sensitivity level of the target user and the sensitivity level corresponding to the target data;
    若所述目标用户不具备访问所述目标数据中的隐私数据的权限,则对查询的所述目标数据进行脱敏处理后反馈给所述目标用户。If the target user does not have the authority to access the private data in the target data, the queried target data is desensitized and fed back to the target user.
  2. 如权利要求1所述的方法,在所述监测目标用户对目标数据平台的访问请求之前,所述方法还包括:The method according to claim 1, before the monitoring the access request of the target user to the target data platform, the method further comprises:
    获取目标数据平台中的多个元数据的信息;Obtain multiple metadata information in the target data platform;
    基于所述多个元数据的信息和预设的元数据的隐私匹配规则,从所述多个元数据中确定并标记涉及隐私的目标元数据;Based on the information of the plurality of metadata and preset privacy matching rules for the metadata, determine and mark the target metadata related to privacy from the plurality of metadata;
    从所述多个元数据中,选取指定数量的元数据;Select a specified number of metadata from the plurality of metadata;
    基于隐私数据识别模型,识别并标记所述指定数量的元数据所对应的存储数据中的隐私数据;Based on the private data identification model, identify and mark the private data in the stored data corresponding to the specified amount of metadata;
    其中,用于所述隐私数据识别模型训练的样本数据是指定的元数据所对应的存储数据。Wherein, the sample data used for the training of the private data recognition model is the stored data corresponding to the specified metadata.
  3. 如权利要求2所述的方法,所述预设的元数据的隐私匹配规则中还包括涉及隐私的元数据的敏感等级的匹配规则,则基于所述多个元数据的信息和预设的元数据的隐私匹配规则,从所述多个元数据中确定并标记涉及隐私的目标元数据,包括:The method according to claim 2, wherein the preset metadata privacy matching rule further includes a matching rule of the sensitivity level of the metadata related to privacy, based on the information of the multiple metadata and the preset metadata. Data privacy matching rules, which determine and mark target metadata related to privacy from the multiple metadata, include:
    基于所述多个元数据的信息和所述预设的元数据的隐私匹配规则,从所述多个元数据中确定涉及隐私的目标元数据;Based on the information of the plurality of metadata and the preset privacy matching rule of the metadata, determining the target metadata related to privacy from the plurality of metadata;
    基于所述目标元数据的信息、以及所述预设的元数据的隐私匹配规则中涉及隐私的元数据的敏感等级的匹配规则,确定所述目标元数据的敏感等级;Determine the sensitivity level of the target metadata based on the information of the target metadata and the matching rule of the sensitivity level of the privacy-related metadata in the preset privacy matching rules of the metadata;
    基于所述目标元数据的敏感等级,对所述目标元数据进行标记。Mark the target metadata based on the sensitivity level of the target metadata.
  4. 如权利要求3所述的方法,基于隐私数据识别模型,识别并标记所述指定数量的元数据所对应的存储数据中的隐私数据,包括:The method according to claim 3, based on the private data identification model, identifying and marking the private data in the stored data corresponding to the specified amount of metadata, comprising:
    基于隐私数据识别模型,识别所述指定数量的元数据所对应的存储数据中的隐私数 据以及对应的敏感等级;Based on the privacy data identification model, identify the privacy data and the corresponding sensitivity level in the stored data corresponding to the specified amount of metadata;
    基于所述指定数量的元数据所对应的存储数据中的隐私数据对应的敏感等级,对所述指定数量的元数据所对应的存储数据中的隐私数据进行标记。Based on the sensitivity level corresponding to the privacy data in the storage data corresponding to the specified number of metadata, mark the privacy data in the storage data corresponding to the specified number of metadata.
  5. 如权利要求4所述的方法,在对所述指定数量的元数据所对应的存储数据中的隐私数据进行标记之后,所述方法还包括:5. The method according to claim 4, after marking the private data in the stored data corresponding to the specified amount of metadata, the method further comprises:
    若所述目标元数据存在第一元数据,所述第一元数据为所述指定数量的元数据中所对应的存储数据包括隐私数据的元数据,则从所述第一元数据在所述目标元数据中的敏感等级、以及所述第一元数据在所述指定数量的元数据中的敏感等级中,获取隐私保护优先级更高的敏感等级;If there is first metadata in the target metadata, and the first metadata is metadata in which the stored data corresponding to the specified number of metadata includes private data, then the first metadata is stored in the The sensitivity level in the target metadata and the sensitivity level of the first metadata in the specified number of metadata, obtaining a sensitivity level with a higher privacy protection priority;
    基于所述隐私保护优先级更高的敏感等级,对所述第一元数据进行标记。Mark the first metadata based on the higher sensitivity level of the privacy protection priority.
  6. 如权利要求5所述的方法,基于所述目标用户的敏感权限等级和所述目标数据对应的敏感等级,确定所述目标用户是否具备访问所述目标数据的权限,包括:The method according to claim 5, determining whether the target user has the permission to access the target data based on the sensitivity level of the target user and the sensitivity level corresponding to the target data, comprising:
    基于所述目标数据的标记,获取所述目标数据的敏感等级;Obtaining the sensitivity level of the target data based on the mark of the target data;
    基于所述目标用户的敏感权限等级和所述目标数据对应的敏感等级的匹配度,确定所述目标用户是否具备访问所述目标数据的权限。Based on the degree of matching between the sensitivity level of the target user and the sensitivity level corresponding to the target data, it is determined whether the target user has the permission to access the target data.
  7. 如权利要求6所述的方法,基于所述目标数据的标记,获取所述目标数据的敏感等级,包括:8. The method of claim 6, obtaining the sensitivity level of the target data based on the mark of the target data, comprising:
    基于所述目标数据的标记,确定所述目标数据是否存在敏感等级的标记;Based on the mark of the target data, determine whether the target data has a mark of sensitivity level;
    若所述目标数据不存在敏感等级的标记,则获取所述目标数据对应的元数据是否存在敏感等级的标记;If the target data does not have a sensitivity level mark, acquiring whether the metadata corresponding to the target data has a sensitivity level mark;
    若所述目标数据对应的元数据存在敏感等级的标记,则基于所述目标数据对应的元数据存在敏感等级的标记,获取所述目标数据的敏感等级。If the metadata corresponding to the target data has a sensitivity level mark, the sensitivity level of the target data is acquired based on the sensitivity level mark of the metadata corresponding to the target data.
  8. 如权利要求1~7中任一项所述的方法,对查询的所述目标数据进行脱敏处理后反馈给所述目标用户,包括:7. The method according to any one of claims 1 to 7, performing desensitization processing on the target data inquired and feeding back to the target user, comprising:
    若所述目标数据为一个或多个元数据所对应的存储数据,则对所述一个或多个元数据对应的存储数据进行脱敏处理后反馈给所述目标用户;If the target data is stored data corresponding to one or more metadata, desensitize the stored data corresponding to the one or more metadata and feed it back to the target user;
    若所述目标数据为一个元数据多对应的目标存储数据,则对所述目标存储数据进行脱敏处理后反馈给所述目标用户。If the target data is target storage data corresponding to more than one metadata, the target storage data is desensitized and fed back to the target user.
  9. 一种隐私数据的访问装置,包括:A device for accessing private data includes:
    请求监测单元,监测目标用户对目标数据平台的访问请求,所述目标用户的访问请求中携带所述目标用户的账号信息和所述目标用户请求访问的目标数据;A request monitoring unit that monitors a target user's access request to a target data platform, where the target user's access request carries the target user's account information and the target data that the target user requests to access;
    等级确定单元,基于预设的用户账号信息与敏感权限等级的映射关系,确定与所述目标用户的账号信息相匹配的敏感权限等级;The level determining unit, based on the preset mapping relationship between the user account information and the sensitive authority level, determines the sensitive authority level that matches the target user's account information;
    权限确定单元,基于所述目标用户的敏感权限等级和所述目标数据对应的敏感等级,确定所述目标用户是否具备访问所述目标数据的权限;An authority determining unit, based on the sensitive authority level of the target user and the sensitivity level corresponding to the target data, determining whether the target user has the authority to access the target data;
    数据反馈单元,若所述目标用户不具备访问所述目标数据中的隐私数据的权限,则对查询的所述目标数据进行脱敏处理后反馈给所述目标用户。The data feedback unit, if the target user does not have the authority to access the private data in the target data, desensitize the queried target data and feed it back to the target user.
  10. 一种电子设备,包括:An electronic device including:
    处理器;以及Processor; and
    被安排成存储计算机可执行指令的存储器,所述可执行指令在被执行时使所述处理器执行以下操作:A memory arranged to store computer-executable instructions that, when executed, cause the processor to perform the following operations:
    监测目标用户对目标数据平台的访问请求,所述目标用户的访问请求中携带所述目标用户的账号信息和所述目标用户请求访问的目标数据;Monitoring the access request of the target user to the target data platform, the access request of the target user carries the account information of the target user and the target data that the target user requests to access;
    基于预设的用户账号信息与敏感权限等级的映射关系,确定与所述目标用户的账号信息相匹配的敏感权限等级;Based on the preset mapping relationship between the user account information and the sensitive permission level, determine the sensitive permission level that matches the target user's account information;
    基于所述目标用户的敏感权限等级和所述目标数据对应的敏感等级,确定所述目标用户是否具备访问所述目标数据的权限;Determining whether the target user has the permission to access the target data based on the sensitivity level of the target user and the sensitivity level corresponding to the target data;
    若所述目标用户不具备访问所述目标数据中的隐私数据的权限,则对查询的所述目标数据进行脱敏处理后反馈给所述目标用户。If the target user does not have the authority to access the private data in the target data, the queried target data is desensitized and fed back to the target user.
  11. 一种计算机可读存储介质,所述计算机可读存储介质存储一个或多个程序,所述一个或多个程序当被包括多个应用程序的电子设备执行时,使得所述电子设备执行以下操作:A computer-readable storage medium that stores one or more programs that, when executed by an electronic device including multiple application programs, cause the electronic device to perform the following operations :
    监测目标用户对目标数据平台的访问请求,所述目标用户的访问请求中携带所述目标用户的账号信息和所述目标用户请求访问的目标数据;Monitoring the access request of the target user to the target data platform, the access request of the target user carries the account information of the target user and the target data that the target user requests to access;
    基于预设的用户账号信息与敏感权限等级的映射关系,确定与所述目标用户的账号信息相匹配的敏感权限等级;Based on the preset mapping relationship between the user account information and the sensitive permission level, determine the sensitive permission level that matches the target user's account information;
    基于所述目标用户的敏感权限等级和所述目标数据对应的敏感等级,确定所述目标用户是否具备访问所述目标数据的权限;Determining whether the target user has the permission to access the target data based on the sensitivity level of the target user and the sensitivity level corresponding to the target data;
    若所述目标用户不具备访问所述目标数据中的隐私数据的权限,则对查询的所述目标数据进行脱敏处理后反馈给所述目标用户。If the target user does not have the authority to access the private data in the target data, the queried target data is desensitized and fed back to the target user.
PCT/CN2020/139720 2020-03-25 2020-12-26 Private data access method and apparatus, and electronic device WO2021190017A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010216759.9 2020-03-25
CN202010216759.9A CN111400765B (en) 2020-03-25 2020-03-25 Private data access method and device and electronic equipment

Publications (1)

Publication Number Publication Date
WO2021190017A1 true WO2021190017A1 (en) 2021-09-30

Family

ID=71434595

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/139720 WO2021190017A1 (en) 2020-03-25 2020-12-26 Private data access method and apparatus, and electronic device

Country Status (2)

Country Link
CN (1) CN111400765B (en)
WO (1) WO2021190017A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114491585A (en) * 2021-12-31 2022-05-13 上海柯林布瑞信息技术有限公司 Dynamic desensitization encryption method, apparatus, device and medium for medical data
CN114785611A (en) * 2022-05-10 2022-07-22 山东高速信息集团有限公司 Communication protocol configuration method, equipment and medium for intelligent monitoring terminal
CN115880826A (en) * 2023-02-22 2023-03-31 肯特智能技术(深圳)股份有限公司 Park access method and system based on access data
CN116664326A (en) * 2023-08-01 2023-08-29 北京清众神州大数据有限公司 Enterprise financial data management method and device, electronic equipment and storage medium
CN117270785A (en) * 2023-10-13 2023-12-22 北京泓鹏网络科技有限公司 Data security storage method and system based on big data platform
CN117725611A (en) * 2023-11-30 2024-03-19 国网青海省电力公司信息通信公司 Data sharing method and device
CN118504037A (en) * 2024-07-17 2024-08-16 南京米特科技股份有限公司 Block chain-based electric energy meter data security management method

Families Citing this family (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111400765B (en) * 2020-03-25 2021-11-02 支付宝(杭州)信息技术有限公司 Private data access method and device and electronic equipment
CN113901508A (en) * 2020-07-06 2022-01-07 北京罗克维尔斯科技有限公司 Privacy data protection method and device
CN112099997B (en) * 2020-09-23 2024-06-11 维沃移动通信有限公司 File storage method and electronic equipment
CN112182606A (en) * 2020-09-24 2021-01-05 建信金融科技有限责任公司 Access request processing method and device, electronic equipment and readable storage medium
CN114499901A (en) * 2020-10-26 2022-05-13 中国移动通信有限公司研究院 Information processing method and device, server, terminal and data platform
CN112380552A (en) * 2020-11-20 2021-02-19 惠州Tcl移动通信有限公司 Data processing method and device, storage medium and computer equipment
CN112417505A (en) * 2020-11-23 2021-02-26 平安普惠企业管理有限公司 Data processing method, device, equipment and medium
CN112527812A (en) * 2020-12-04 2021-03-19 北京顺达同行科技有限公司 Data permission processing method and device based on multiple dimensions and computer equipment
CN113010919A (en) * 2021-03-22 2021-06-22 北京神州数字科技有限公司 Protection method for sensitive data and private data
CN112926089B (en) * 2021-03-25 2023-03-17 支付宝(杭州)信息技术有限公司 Data risk prevention and control method, device and equipment based on privacy protection
CN113051614B (en) * 2021-03-26 2022-07-05 支付宝(杭州)信息技术有限公司 Information access processing method, device, equipment and system
CN113515564B (en) * 2021-05-18 2024-09-13 深圳赛安特技术服务有限公司 J2 EE-based data access method, device, equipment and storage medium
CN113223683A (en) * 2021-05-22 2021-08-06 杭州医康慧联科技股份有限公司 Privacy permission configuration system and method suitable for medical model data
CN113378225A (en) * 2021-06-24 2021-09-10 平安普惠企业管理有限公司 Online sensitive data acquisition method and device, electronic equipment and storage medium
CN113626865A (en) * 2021-08-11 2021-11-09 南京莱斯网信技术研究院有限公司 Data sharing opening method and system for preventing sensitive information from being leaked
CN114048511B (en) * 2022-01-12 2022-05-24 树根互联股份有限公司 Cross-data-center data desensitization method and device and electronic equipment
CN114726605A (en) * 2022-03-30 2022-07-08 医渡云(北京)技术有限公司 Sensitive data filtering method, device and system and computer equipment
CN115080827B (en) * 2022-07-01 2024-05-24 中银金融科技有限公司 Sensitive data processing method and device
CN115114557B (en) * 2022-08-30 2023-03-31 平安银行股份有限公司 Page data acquisition method and device based on block chain
CN116436711B (en) * 2023-06-15 2023-09-08 深圳开鸿数字产业发展有限公司 Data security processing method, device, system and storage medium
CN117521159B (en) * 2024-01-05 2024-05-07 浙江大华技术股份有限公司 Sensitive data protection method, device and storage medium
CN118378300B (en) * 2024-06-21 2024-08-30 日照云控大数据科技有限公司 Privacy protection management method and system for cloud computing big data

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180083975A1 (en) * 2016-09-22 2018-03-22 International Business Machines Corporation Method to allow for question and answer system to dynamically return different responses based on roles
CN108197453A (en) * 2018-01-19 2018-06-22 中国科学院信息工程研究所 A kind of image method for secret protection and system
CN108537037A (en) * 2018-03-29 2018-09-14 广东欧珀移动通信有限公司 Privacy control method and device, computer readable storage medium, terminal
CN109033846A (en) * 2018-06-08 2018-12-18 浙江捷尚人工智能研究发展有限公司 Privacy of user guard method and system
CN110287720A (en) * 2019-07-01 2019-09-27 国网内蒙古东部电力有限公司 A kind of access control method based on image recognition and user gradation
CN110427775A (en) * 2019-07-25 2019-11-08 北京明略软件系统有限公司 Data query authority control method and device
CN111400765A (en) * 2020-03-25 2020-07-10 支付宝(杭州)信息技术有限公司 Private data access method and device and electronic equipment

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107292183B (en) * 2017-06-29 2019-08-23 国信优易数据有限公司 A kind of data processing method and equipment
CN108418676A (en) * 2018-01-26 2018-08-17 山东超越数控电子股份有限公司 A kind of data desensitization method based on permission
CN108520183B (en) * 2018-04-13 2020-03-24 杭州橙鹰数据技术有限公司 Data storage method and device
CN110784433B (en) * 2018-07-31 2022-08-23 阿里巴巴集团控股有限公司 User access processing method, device and equipment
CN109409121B (en) * 2018-09-07 2022-10-11 创新先进技术有限公司 Desensitization processing method and device and server
CN109492423B (en) * 2018-09-26 2024-09-13 中国平安人寿保险股份有限公司 Method, device, computer equipment and storage medium for filtering sensitive information
CN109472159A (en) * 2018-11-15 2019-03-15 泰康保险集团股份有限公司 Access control method, device, medium and electronic equipment
CN110008747A (en) * 2019-04-01 2019-07-12 北京柏链基石科技有限公司 A kind of guard method, device and the electronic equipment of the private data based on block chain

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180083975A1 (en) * 2016-09-22 2018-03-22 International Business Machines Corporation Method to allow for question and answer system to dynamically return different responses based on roles
CN108197453A (en) * 2018-01-19 2018-06-22 中国科学院信息工程研究所 A kind of image method for secret protection and system
CN108537037A (en) * 2018-03-29 2018-09-14 广东欧珀移动通信有限公司 Privacy control method and device, computer readable storage medium, terminal
CN109033846A (en) * 2018-06-08 2018-12-18 浙江捷尚人工智能研究发展有限公司 Privacy of user guard method and system
CN110287720A (en) * 2019-07-01 2019-09-27 国网内蒙古东部电力有限公司 A kind of access control method based on image recognition and user gradation
CN110427775A (en) * 2019-07-25 2019-11-08 北京明略软件系统有限公司 Data query authority control method and device
CN111400765A (en) * 2020-03-25 2020-07-10 支付宝(杭州)信息技术有限公司 Private data access method and device and electronic equipment

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114491585A (en) * 2021-12-31 2022-05-13 上海柯林布瑞信息技术有限公司 Dynamic desensitization encryption method, apparatus, device and medium for medical data
CN114785611A (en) * 2022-05-10 2022-07-22 山东高速信息集团有限公司 Communication protocol configuration method, equipment and medium for intelligent monitoring terminal
CN114785611B (en) * 2022-05-10 2024-05-07 山东高速信息集团有限公司 Communication protocol configuration method, equipment and medium for intelligent monitoring terminal
CN115880826A (en) * 2023-02-22 2023-03-31 肯特智能技术(深圳)股份有限公司 Park access method and system based on access data
CN116664326A (en) * 2023-08-01 2023-08-29 北京清众神州大数据有限公司 Enterprise financial data management method and device, electronic equipment and storage medium
CN117270785A (en) * 2023-10-13 2023-12-22 北京泓鹏网络科技有限公司 Data security storage method and system based on big data platform
CN117270785B (en) * 2023-10-13 2024-05-28 周思华 Data security storage method and system based on big data platform
CN117725611A (en) * 2023-11-30 2024-03-19 国网青海省电力公司信息通信公司 Data sharing method and device
CN118504037A (en) * 2024-07-17 2024-08-16 南京米特科技股份有限公司 Block chain-based electric energy meter data security management method

Also Published As

Publication number Publication date
CN111400765A (en) 2020-07-10
CN111400765B (en) 2021-11-02

Similar Documents

Publication Publication Date Title
WO2021190017A1 (en) Private data access method and apparatus, and electronic device
TWI743773B (en) Method and device for identifying abnormal collection behavior based on privacy data protection
US20200279053A1 (en) Facilitating entity resolution via secure entity resolution database
US20140090085A1 (en) Database access control
WO2023016192A1 (en) Data sharing and opening method and system capable of avoiding leakage of sensitive information
US8904551B2 (en) Control of access to files
JP5382599B2 (en) Confidential address matching processing system
WO2019201076A1 (en) Method, apparatus, and system for adding watermark to secret file, and medium
JP2010530566A (en) Query statistics provider
US20200202014A1 (en) Blockchain-based content management system, method, apparatus, and electronic device
CN106033461A (en) Sensitive information query method and apparatus
US11295027B2 (en) System and method for protecting electronic documents containing confidential information from unauthorized access
CN115380288A (en) System and method for contextual data desensitization of private and secure data links
US8365247B1 (en) Identifying whether electronic data under test includes particular information from a database
WO2020108113A1 (en) Evidence collection and recording method and apparatus, and electronic device
CN113364753A (en) Anti-crawler method and device, electronic equipment and computer readable storage medium
CN114297719A (en) Data desensitization method and device, storage medium and electronic equipment
CN112559871A (en) Information query method and system and server equipment
Penrose et al. Fast contraband detection in large capacity disk drives
CN112187719B (en) Information acquisition method and device of attacked server and electronic equipment
CN105354506B (en) The method and apparatus of hidden file
CN117272308A (en) Software security test method, device, equipment, storage medium and program product
WO2023045575A1 (en) Permission management and control in blockchain
US20160350318A1 (en) Method, system for classifying comment record and webpage management device
CN115878671A (en) Sensitive data analysis method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20927523

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20927523

Country of ref document: EP

Kind code of ref document: A1