CN112948877A - Dynamic database desensitization method and system based on TCP (Transmission control protocol) proxy - Google Patents
Dynamic database desensitization method and system based on TCP (Transmission control protocol) proxy Download PDFInfo
- Publication number
- CN112948877A CN112948877A CN202110236800.3A CN202110236800A CN112948877A CN 112948877 A CN112948877 A CN 112948877A CN 202110236800 A CN202110236800 A CN 202110236800A CN 112948877 A CN112948877 A CN 112948877A
- Authority
- CN
- China
- Prior art keywords
- database
- request
- desensitized
- data
- desensitization
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
Landscapes
- Engineering & Computer Science (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a dynamic database desensitization method and system based on a TCP (Transmission control protocol) agent, and relates to the technical field of information security. A dynamic database desensitization method based on a TCP agent comprises the following steps: establishing a TCP agent between a database client and a database server; intercepting the request of the database client and the response content of the database server through a TCP agent; and filtering and matching the request of the database client and the response content of the database server according to a preset strategy matching rule. The dynamic desensitization of the access to the sensitive data of the database can be realized by only modifying the configuration of the access address of the database without any code modification on the client side of the database, and meanwhile, the database is not configured or changed. In addition, the invention also provides a database dynamic desensitization system based on the TCP agent, which comprises: the system comprises an agent deployment module, a data interception module, a filtering matching module, a desensitization module and a data recombination module.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a dynamic database desensitization method and system based on a TCP (Transmission control protocol) proxy.
Background
The first type of the existing database dynamic desensitization system is that data requested back is explicitly judged at a database client, and fields are to be desensitized, then are processed by using corresponding desensitization interfaces, and then are handed to a final user; the second type is improved compared with the first type, and is also deployed between a client and a relational database server in a TCP proxy mode, and a corresponding desensitization function is added to an inquiry statement (simultaneously, the desensitization function needs to be defined on a database) by analyzing and reconstructing the inquiry statement of the database accessed by the client so as to realize the desensitization function on a sensitive field.
The disadvantages of the existing scheme are:
1. the first type needs to be modified on an application program, so that the applicable scenes are few, the multiplexing possibility is low, and the scene switching cost is high; 2. the actual desensitization operation of the second technology needs the support of a database; 3. the second technique desensitization operation consumes the operation resources of the database, that is, the actual desensitization process is completed on the database server; 4. the second category of techniques cannot be applied to database systems that do not support desensitization functions.
Disclosure of Invention
The invention aims to provide a dynamic desensitization method of a database based on a TCP (Transmission control protocol) proxy, which can realize dynamic desensitization of sensitive data access of the database by only modifying the configuration of access addresses of the database without modifying any codes at a database client, and simultaneously has no configuration and modification to the database and direct access, namely: the system is not accessed, and the influence on the database is the same. Meanwhile, if the dynamic desensitization cluster is in butt joint with proper load balancing equipment, the dynamic desensitization cluster can be easily realized, and the dynamic desensitization cluster has linear expansion capability of performance and extremely high usability.
Another object of the present invention is to provide a TCP proxy-based database dynamic desensitization system, which can operate a TCP proxy-based database dynamic desensitization method.
The embodiment of the invention is realized by the following steps:
in a first aspect, an embodiment of the present application provides a method for dynamic desensitization of a database based on a TCP proxy, which includes establishing a TCP proxy between a database client and a database server; intercepting the request of the database client and the response content of the database server through a TCP agent; filtering and matching the request of the database client and the response content of the database server according to a preset strategy matching rule to obtain field information to be desensitized; desensitizing the field information to be desensitized to obtain desensitized data; and acquiring and analyzing and recombining the desensitized data according to the corresponding database protocol to obtain recombined data, and sending the recombined data to the corresponding database client or database server.
In some embodiments of the present invention, the filtering and matching the request of the database client and the response content of the database server according to the preset policy matching rule to obtain the field information to be desensitized further includes the following steps: judging whether the request of the database client has a sensitive field according to a preset strategy matching rule, if so, recording the request containing the sensitive field, and then submitting the request to the database server without modification; if not, the request to the database client is directly sent to the database server.
In some embodiments of the present invention, the filtering and matching the request of the database client and the response content of the database server according to the preset policy matching rule to obtain the field information to be desensitized further includes the following steps: judging whether the response of the database server has a sensitive field according to a preset strategy matching rule, if so, desensitizing the response containing the sensitive field, organizing the data content according to the corresponding database protocol format again according to the desensitized result, and sending the modified response content to the database client; and if not, directly sending the response to the database client.
In some embodiments of the present invention, the filtering and matching the request of the database client and the response content of the database server according to the preset policy matching rule to obtain the field information to be desensitized further includes the following steps: filtering and matching the request field of the database client according to a preset strategy matching rule to obtain a storage request field to be desensitized; and filtering and matching the response content of the database server according to a preset strategy matching rule to obtain the storage response content to be desensitized.
In some embodiments of the present invention, the desensitizing processing on the field information to be desensitized to obtain desensitized data includes: and processing the acquired sensitive field information by using a preset desensitization algorithm to obtain a desensitized data packet.
In some embodiments of the present invention, the desensitizing processing on the field information to be desensitized to obtain desensitized data includes: analyzing according to a preset protocol format, desensitizing the content to be desensitized, and organizing the data content according to the corresponding database protocol format again according to the desensitized result.
In some embodiments of the present invention, the sending the restructuring data to the corresponding database client or database server includes: sending the request field in the recombined data to a database server; and sending the response content in the reorganization data to the database client.
In a second aspect, an embodiment of the present application provides a TCP proxy-based database dynamic desensitization system, which includes a proxy deployment module, configured to establish a TCP proxy between a database client and a database server; the data interception module is used for intercepting the request of the database client and the response content of the database server through a TCP agent; the filtering matching module is used for filtering and matching the request of the database client and the response content of the database server according to a preset strategy matching rule so as to obtain field information to be desensitized; the desensitization module is used for desensitizing the field information to be desensitized to obtain desensitized data; and the data recombination module is used for acquiring, analyzing and recombining the desensitized data according to the corresponding database protocol to obtain recombined data, and sending the recombined data to the corresponding database client or database server.
In some embodiments of the present invention, the foregoing further includes a request processing sub-module, which determines whether a request of the database client has a sensitive field according to a preset policy matching rule, and if so, records the request including the sensitive field, and then submits the request to the database server without modification; if not, the request to the database client is directly sent to the database server; the response processing submodule judges whether the response of the database server has a sensitive field according to a preset strategy matching rule, if so, desensitizes the response containing the sensitive field, organizes the data content according to the corresponding database protocol format again according to the desensitized result, and sends the modified response content to the database client; and if not, directly sending the response to the database client.
In some embodiments of the invention, the above includes: at least one memory for storing computer instructions; at least one processor in communication with the memory, wherein the at least one processor, when executing the computer instructions, causes the system to: the system comprises an agent deployment module, a data interception module, a filtering matching module, a desensitization module and a data recombination module.
Compared with the prior art, the embodiment of the invention has at least the following advantages or beneficial effects:
the dynamic desensitization of the access to the sensitive data of the database can be realized by only modifying the configuration of the access address of the database without any code modification on the client side of the database, and meanwhile, the database is not configured or modified and is directly accessed, namely: the system is not accessed, and the influence on the database is the same. Meanwhile, if the dynamic desensitization cluster is in butt joint with proper load balancing equipment, the dynamic desensitization cluster can be easily realized, and the dynamic desensitization cluster has linear expansion capability of performance and extremely high usability.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a schematic diagram illustrating steps of a dynamic database desensitization method based on a TCP proxy according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a database dynamic desensitization system module based on a TCP proxy according to an embodiment of the present invention.
Icon: 100-agent deployment module; 200-a data interception module; 300-a filtering matching module; 400-a desensitization module; 500-data reorganization module.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Some embodiments of the present application will be described in detail below with reference to the accompanying drawings. The embodiments described below and the individual features of the embodiments can be combined with one another without conflict.
Example 1
Referring to fig. 1, fig. 1 is a schematic diagram illustrating steps of a dynamic database desensitization method based on a TCP proxy according to an embodiment of the present invention, and the steps are as follows:
step S100, a TCP agent is established between a database client and a database server;
step S110, intercepting the request of the database client and the response content of the database server through a TCP agent;
step S120, filtering and matching the request of the database client and the response content of the database server according to a preset strategy matching rule to obtain field information to be desensitized;
step S130, desensitizing the field information to be desensitized to obtain desensitized data;
and step S140, acquiring and analyzing and recombining the desensitized data according to the corresponding database protocol to obtain recombined data, and sending the recombined data to the corresponding database client or database server.
In some embodiments, the function of dynamic desensitization of client access to the database is implemented by deploying TCP proxy software between the client and the database. The contents of the database client's request and the database server's response are intercepted by the proxy of the TCP connection between the database client and the database server. After the matching of the rules and the strategies, desensitization processing is carried out on the field request/response content to be desensitized, then data content is organized again according to the corresponding database protocol format, correspondingly, the modified and recombined request content is delivered to the database server, and the modified and recombined response content is sent to the database client. For a database client, dynamic desensitization to database sensitive data access can be realized by only modifying database access address configuration without any code modification, and meanwhile, the database is not configured or modified and is directly accessed, namely: the system is not accessed, and the influence on the database is the same. Meanwhile, if the dynamic desensitization cluster is in butt joint with proper load balancing equipment, the dynamic desensitization cluster can be easily realized, and the dynamic desensitization cluster has linear expansion capability of performance and extremely high usability.
According to the method, the TCP agent software is deployed between the client and the server, and combined with the TCP agent software, the loss of operation resources is reduced, and the function of dynamic desensitization of the client for accessing the database is realized.
In some embodiments, the method for filtering and matching the request of the database client and the response content of the database server according to the preset policy matching rule to obtain the storage information to be desensitized includes the following steps:
and intercepting the query request of the database through a proxy of TCP connection responded by the database client and the database server, recording the request containing the sensitive field through rule and strategy matching, and then submitting the request to the database server without modification.
And if the sensitive field is not contained in the query, directly replying the response content of the corresponding database server to the client. If the query contains the sensitive field, analyzing the response content of the request according to the corresponding protocol format, desensitizing the content to be desensitized, organizing the data content according to the corresponding database protocol format again according to the desensitized result, and sending the modified response content to the database client.
In some embodiments, the filtering and matching the request of the database client and the response content of the database server according to the preset policy matching rule to obtain the field information to be desensitized further includes the following steps:
judging whether the request of the database client has a sensitive field according to a preset strategy matching rule, if so, recording the request containing the sensitive field, and then submitting the request to the database server without modification; if not, the request to the database client is directly sent to the database server.
Judging whether the response of the database server has a sensitive field according to a preset strategy matching rule, if so, desensitizing the response containing the sensitive field, organizing the data content according to the corresponding database protocol format again according to the desensitized result, and sending the modified response content to the database client; and if not, directly sending the response to the database client.
Example 3
Referring to fig. 2, fig. 2 is a schematic diagram of a database dynamic desensitization system module based on a TCP proxy according to an embodiment of the present invention, which is shown as follows:
an agent deployment module 100, configured to establish a TCP agent between a database client and a database server;
a data interception module 200, configured to intercept, by using a TCP proxy, a request of a database client and response content of a database server;
the filtering matching module 300 is configured to filter and match the request of the database client and the response content of the database server according to a preset policy matching rule to obtain field information to be desensitized;
the desensitization module 400 is configured to perform desensitization processing on the field information to be desensitized to obtain desensitized data;
and the data restructuring module 500 is configured to acquire, analyze and restructure the desensitized data according to the corresponding database protocol to obtain restructured data, and send the restructured data to the corresponding database client or database server.
In some embodiments, the TCP proxy software is deployed between the database client and the database server through the proxy deployment module 100 to implement the function of dynamic desensitization of database client access to the database, the data interception module 200 intercepts the contents of the database client's request and the database server's response through the proxy of the TCP connection between the database client and the database server, then the data is filtered and matched through a filtering and matching module 300, the data to be desensitized is obtained through rule and strategy matching, desensitization is performed by the desensitization module 400 on the memory field/response content to be desensitized, then, the data restructuring module 500 reorganizes the data content according to the corresponding database protocol format, correspondingly, delivers the modified and restructured request content to the database server, and sends the modified and restructured response content to the database client. For a database client, dynamic desensitization to database sensitive data access can be realized by only modifying database access address configuration without any code modification, and meanwhile, the database is not configured or modified and is directly accessed, namely: the system is not accessed, and the influence on the database is the same. Meanwhile, if the dynamic desensitization cluster is in butt joint with proper load balancing equipment, the dynamic desensitization cluster can be easily realized, and the dynamic desensitization cluster has linear expansion capability of performance and extremely high usability.
Also included are a memory, a processor, and a communication interface, which are electrically connected, directly or indirectly, to each other to enable transmission or interaction of data. For example, the components may be electrically connected to each other via one or more communication buses or signal lines. The memory may be used to store software programs and modules, and the processor may execute various functional applications and data processing by executing the software programs and modules stored in the memory. The communication interface may be used for communicating signaling or data with other node devices.
The Memory may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like.
The processor may be an integrated circuit chip having signal processing capabilities. The Processor may be a general-purpose Processor including a Central Processing Unit (CPU), a Network Processor (NP), etc.; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
It will be appreciated that the configuration shown in fig. 2 is merely illustrative and may include more or fewer components than shown in fig. 2, or have a different configuration than shown in fig. 2. The components shown in fig. 2 may be implemented in hardware, software, or a combination thereof.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
To sum up, the dynamic desensitization method and system for a database based on a TCP proxy provided in the embodiments of the present application enable a database client to achieve dynamic desensitization of access to sensitive data of a database by only modifying a configuration of an access address of the database without any code modification, and simultaneously, the database is not configured or modified and directly accessed, that is: the system is not accessed, and the influence on the database is the same. Meanwhile, if the dynamic desensitization cluster is in butt joint with proper load balancing equipment, the dynamic desensitization cluster can be easily realized, and the dynamic desensitization cluster has linear expansion capability of performance and extremely high usability.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
It will be evident to those skilled in the art that the present application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Claims (10)
1. A dynamic database desensitization method based on a TCP agent is characterized by comprising the following steps:
establishing a TCP agent between a database client and a database server;
intercepting the request of the database client and the response content of the database server through a TCP agent;
filtering and matching the request of the database client and the response content of the database server according to a preset strategy matching rule to obtain field information to be desensitized;
desensitizing the field information to be desensitized to obtain desensitized data;
and acquiring and analyzing and recombining the desensitized data according to the corresponding database protocol to obtain recombined data, and sending the recombined data to the corresponding database client or database server.
2. The method for dynamically desensitizing a database based on a TCP proxy as claimed in claim 1, wherein said filtering and matching the request of the database client and the response content of the database server according to the preset policy matching rule to obtain the field information to be desensitized further comprises the following steps:
judging whether the request of the database client has a sensitive field according to a preset strategy matching rule, if so, recording the request containing the sensitive field, and then submitting the request to the database server without modification; if not, the request to the database client is directly sent to the database server.
3. The method for dynamically desensitizing a database based on a TCP proxy as claimed in claim 1, wherein said filtering and matching the request of the database client and the response content of the database server according to the preset policy matching rule to obtain the field information to be desensitized further comprises the following steps:
judging whether the response of the database server has a sensitive field according to a preset strategy matching rule, if so, desensitizing the response containing the sensitive field, organizing the data content according to the corresponding database protocol format again according to the desensitized result, and sending the modified response content to the database client; and if not, directly sending the response to the database client.
4. The method for dynamically desensitizing a database based on a TCP proxy as claimed in claim 1, wherein said filtering and matching the request of the database client and the response content of the database server according to the preset policy matching rule to obtain the field information to be desensitized further comprises the following steps:
filtering and matching the request field of the database client according to a preset strategy matching rule to obtain a storage request field to be desensitized;
and filtering and matching the response content of the database server according to a preset strategy matching rule to obtain the storage response content to be desensitized.
5. The dynamic database desensitization method based on the TCP agent according to claim 1, wherein said desensitization processing for the desensitization field information to obtain desensitized data includes:
and processing the acquired sensitive field information by using a preset desensitization algorithm to obtain a desensitized data packet.
6. The dynamic database desensitization method based on the TCP agent according to claim 1, wherein said desensitization processing for the desensitization field information to obtain desensitized data includes:
analyzing according to a preset protocol format, desensitizing the content to be desensitized, and organizing the data content according to the corresponding database protocol format again according to the desensitized result.
7. The method for dynamic desensitization of databases based on TCP proxies of claim 1, wherein said sending the reassembled data to the corresponding database client or database server comprises:
sending the request field in the recombined data to a database server;
and sending the response content in the reorganization data to the database client.
8. A TCP proxy based database dynamic desensitization system, comprising:
the agent deployment module is used for establishing a TCP agent between the database client and the database server;
the data interception module is used for intercepting the request of the database client and the response content of the database server through a TCP agent;
the filtering matching module is used for filtering and matching the request of the database client and the response content of the database server according to a preset strategy matching rule so as to obtain field information to be desensitized;
the desensitization module is used for desensitizing the field information to be desensitized to obtain desensitized data;
and the data recombination module is used for acquiring, analyzing and recombining the desensitized data according to the corresponding database protocol to obtain recombined data, and sending the recombined data to the corresponding database client or database server.
9. The TCP proxy based database dynamic desensitization system of claim 8, further comprising:
the request processing submodule judges whether the request of the database client has a sensitive field according to a preset strategy matching rule, if so, records the request containing the sensitive field, and then submits the request to the database server without modification; if not, the request to the database client is directly sent to the database server;
the response processing submodule judges whether the response of the database server has a sensitive field according to a preset strategy matching rule, if so, desensitizes the response containing the sensitive field, organizes the data content according to the corresponding database protocol format again according to the desensitized result, and sends the modified response content to the database client; and if not, directly sending the response to the database client.
10. The TCP proxy based database dynamic desensitization system of claim 8, comprising:
at least one memory for storing computer instructions;
at least one processor in communication with the memory, wherein the at least one processor, when executing the computer instructions, causes the system to perform: the system comprises an agent deployment module, a data interception module, a filtering matching module, a desensitization module and a data recombination module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110236800.3A CN112948877A (en) | 2021-03-03 | 2021-03-03 | Dynamic database desensitization method and system based on TCP (Transmission control protocol) proxy |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110236800.3A CN112948877A (en) | 2021-03-03 | 2021-03-03 | Dynamic database desensitization method and system based on TCP (Transmission control protocol) proxy |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112948877A true CN112948877A (en) | 2021-06-11 |
Family
ID=76247421
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110236800.3A Pending CN112948877A (en) | 2021-03-03 | 2021-03-03 | Dynamic database desensitization method and system based on TCP (Transmission control protocol) proxy |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112948877A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113806808A (en) * | 2021-09-24 | 2021-12-17 | 四川新网银行股份有限公司 | Non-invasive data desensitization method and system in distributed environment |
| CN113901515A (en) * | 2021-10-11 | 2022-01-07 | 矢量云科信息科技(无锡)有限公司 | Dynamic desensitization processing method and dynamic desensitization system |
| CN113992345A (en) * | 2021-09-13 | 2022-01-28 | 百度在线网络技术(北京)有限公司 | Method and device for encrypting and decrypting webpage sensitive data, electronic equipment and storage medium |
| CN114117498A (en) * | 2021-12-01 | 2022-03-01 | 恒安嘉新(北京)科技股份公司 | Desensitization data realization method, device, system, equipment and storage medium |
| CN114465823A (en) * | 2022-04-08 | 2022-05-10 | 杭州海康威视数字技术股份有限公司 | Industrial Internet terminal encrypted flow data security detection method, device and equipment |
| CN116028980A (en) * | 2023-03-29 | 2023-04-28 | 北京中安星云软件技术有限公司 | Database bypassing prevention method, system, equipment and medium |
Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104796412A (en) * | 2014-04-06 | 2015-07-22 | 惠州Tcl移动通信有限公司 | End-to-end cloud service system and method for accessing sensitive data thereof |
| CN106548085A (en) * | 2015-09-17 | 2017-03-29 | ***通信集团甘肃有限公司 | A kind of processing method and processing device of data |
| CN107040606A (en) * | 2017-05-10 | 2017-08-11 | 上海上讯信息技术股份有限公司 | Method and apparatus for handling http request |
| CN107194273A (en) * | 2017-04-20 | 2017-09-22 | 北京同余科技有限公司 | Can continuous-query data desensitization method and system |
| CN107392051A (en) * | 2017-07-28 | 2017-11-24 | 北京明朝万达科技股份有限公司 | A kind of big data processing method and system |
| CN108073821A (en) * | 2016-11-09 | 2018-05-25 | ***通信有限公司研究院 | Data safety processing method and device |
| CN108154047A (en) * | 2017-12-25 | 2018-06-12 | 网智天元科技集团股份有限公司 | A kind of data desensitization method and device |
| CN110245505A (en) * | 2019-05-20 | 2019-09-17 | 中国平安人寿保险股份有限公司 | Tables of data access method, device, computer equipment and storage medium |
| CN110392062A (en) * | 2019-08-06 | 2019-10-29 | 深圳萨摩耶互联网金融服务有限公司 | A kind of multidimensional encryption method and device based on big data |
| CN110443059A (en) * | 2018-05-02 | 2019-11-12 | 中兴通讯股份有限公司 | Data guard method and device |
| CN110532797A (en) * | 2019-07-24 | 2019-12-03 | 方盈金泰科技(北京)有限公司 | The desensitization method and system of big data |
| CN110795756A (en) * | 2019-09-25 | 2020-02-14 | 江苏满运软件科技有限公司 | Data desensitization method and device, computer equipment and computer readable storage medium |
| CN111177788A (en) * | 2020-01-07 | 2020-05-19 | 北京启明星辰信息安全技术有限公司 | Hive dynamic desensitization method and dynamic desensitization system |
| CN111274610A (en) * | 2020-01-21 | 2020-06-12 | 京东数字科技控股有限公司 | Data desensitization method and device and desensitization service platform |
| CN112035871A (en) * | 2020-07-22 | 2020-12-04 | 北京中安星云软件技术有限公司 | Dynamic desensitization method and system based on database driven proxy |
| CN112347511A (en) * | 2020-11-09 | 2021-02-09 | 平安普惠企业管理有限公司 | Permission-based data shielding method and device, computer equipment and storage medium |
| CN112417443A (en) * | 2020-11-20 | 2021-02-26 | 平安普惠企业管理有限公司 | Database protection method and device, firewall and computer readable storage medium |
-
2021
- 2021-03-03 CN CN202110236800.3A patent/CN112948877A/en active Pending
Patent Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104796412A (en) * | 2014-04-06 | 2015-07-22 | 惠州Tcl移动通信有限公司 | End-to-end cloud service system and method for accessing sensitive data thereof |
| CN106548085A (en) * | 2015-09-17 | 2017-03-29 | ***通信集团甘肃有限公司 | A kind of processing method and processing device of data |
| CN108073821A (en) * | 2016-11-09 | 2018-05-25 | ***通信有限公司研究院 | Data safety processing method and device |
| CN107194273A (en) * | 2017-04-20 | 2017-09-22 | 北京同余科技有限公司 | Can continuous-query data desensitization method and system |
| CN107040606A (en) * | 2017-05-10 | 2017-08-11 | 上海上讯信息技术股份有限公司 | Method and apparatus for handling http request |
| CN107392051A (en) * | 2017-07-28 | 2017-11-24 | 北京明朝万达科技股份有限公司 | A kind of big data processing method and system |
| CN108154047A (en) * | 2017-12-25 | 2018-06-12 | 网智天元科技集团股份有限公司 | A kind of data desensitization method and device |
| CN110443059A (en) * | 2018-05-02 | 2019-11-12 | 中兴通讯股份有限公司 | Data guard method and device |
| CN110245505A (en) * | 2019-05-20 | 2019-09-17 | 中国平安人寿保险股份有限公司 | Tables of data access method, device, computer equipment and storage medium |
| CN110532797A (en) * | 2019-07-24 | 2019-12-03 | 方盈金泰科技(北京)有限公司 | The desensitization method and system of big data |
| CN110392062A (en) * | 2019-08-06 | 2019-10-29 | 深圳萨摩耶互联网金融服务有限公司 | A kind of multidimensional encryption method and device based on big data |
| CN110795756A (en) * | 2019-09-25 | 2020-02-14 | 江苏满运软件科技有限公司 | Data desensitization method and device, computer equipment and computer readable storage medium |
| CN111177788A (en) * | 2020-01-07 | 2020-05-19 | 北京启明星辰信息安全技术有限公司 | Hive dynamic desensitization method and dynamic desensitization system |
| CN111274610A (en) * | 2020-01-21 | 2020-06-12 | 京东数字科技控股有限公司 | Data desensitization method and device and desensitization service platform |
| CN112035871A (en) * | 2020-07-22 | 2020-12-04 | 北京中安星云软件技术有限公司 | Dynamic desensitization method and system based on database driven proxy |
| CN112347511A (en) * | 2020-11-09 | 2021-02-09 | 平安普惠企业管理有限公司 | Permission-based data shielding method and device, computer equipment and storage medium |
| CN112417443A (en) * | 2020-11-20 | 2021-02-26 | 平安普惠企业管理有限公司 | Database protection method and device, firewall and computer readable storage medium |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113992345A (en) * | 2021-09-13 | 2022-01-28 | 百度在线网络技术(北京)有限公司 | Method and device for encrypting and decrypting webpage sensitive data, electronic equipment and storage medium |
| CN113992345B (en) * | 2021-09-13 | 2024-05-28 | 百度在线网络技术(北京)有限公司 | Webpage sensitive data encryption and decryption method and device, electronic equipment and storage medium |
| CN113806808A (en) * | 2021-09-24 | 2021-12-17 | 四川新网银行股份有限公司 | Non-invasive data desensitization method and system in distributed environment |
| CN113901515A (en) * | 2021-10-11 | 2022-01-07 | 矢量云科信息科技(无锡)有限公司 | Dynamic desensitization processing method and dynamic desensitization system |
| CN114117498A (en) * | 2021-12-01 | 2022-03-01 | 恒安嘉新(北京)科技股份公司 | Desensitization data realization method, device, system, equipment and storage medium |
| CN114465823A (en) * | 2022-04-08 | 2022-05-10 | 杭州海康威视数字技术股份有限公司 | Industrial Internet terminal encrypted flow data security detection method, device and equipment |
| CN116028980A (en) * | 2023-03-29 | 2023-04-28 | 北京中安星云软件技术有限公司 | Database bypassing prevention method, system, equipment and medium |
| CN116028980B (en) * | 2023-03-29 | 2023-08-25 | 北京中安星云软件技术有限公司 | Database bypassing prevention method, system, equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112948877A (en) | Dynamic database desensitization method and system based on TCP (Transmission control protocol) proxy | |
| CN112100675B (en) | Zero-trust data storage access method and system | |
| US6247017B1 (en) | Server-client communication over a network | |
| US7089246B1 (en) | Overriding content ratings and restricting access to requested resources | |
| CN112104617B (en) | Rights management method, device, equipment and storage medium for micro-service | |
| US7636777B1 (en) | Restricting access to requested resources | |
| US20030074367A1 (en) | Scoped metadata | |
| US20010011277A1 (en) | Network directory access mechanism | |
| JP2002518726A (en) | A highly scalable proxy server using plug-in filters | |
| US7801883B2 (en) | Method and apparatus for improving data processing speed through storage of record information of identity module | |
| CN106878367B (en) | Method and device for realizing asynchronous call of service interface | |
| CN109284466B (en) | Method, apparatus and storage medium for enabling web page access in blockchain | |
| CN113612686A (en) | Traffic scheduling method and device and electronic equipment | |
| CN113162974B (en) | Method and system for realizing dynamic encryption and decryption of database based on TCP (Transmission control protocol) proxy | |
| CN113672960A (en) | Database transparent encryption and decryption implementation method and system based on user mode file system | |
| CN114448857B (en) | Mock service processing method, mock service processing device, storage medium and Mock service processing system | |
| CN111224981B (en) | Data processing method and device, electronic equipment and storage medium | |
| CN112818038A (en) | Data management method based on combination of block chain and IPFS (Internet protocol file system) and related equipment | |
| CN111782428A (en) | Data calling system and method | |
| CN111291393A (en) | Request checking method and device | |
| US6996830B1 (en) | System determining whether to activate public and private components operating within multiple applications of a component-based computing system | |
| CN115277383B (en) | Log generation method, device, electronic equipment and computer readable storage medium | |
| Baihan | Role-based Access Control Solution for GraphQL-based Fast Healthcare Interoperability Resources Health Application Programming Interface | |
| CN115277042A (en) | Database firewall implementation method and system based on XDP technology | |
| US20050063417A1 (en) | Communication system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |