CN113256301B - Data shielding method, device, server and medium - Google Patents

Data shielding method, device, server and medium Download PDF

Info

Publication number
CN113256301B
CN113256301B CN202110787147.XA CN202110787147A CN113256301B CN 113256301 B CN113256301 B CN 113256301B CN 202110787147 A CN202110787147 A CN 202110787147A CN 113256301 B CN113256301 B CN 113256301B
Authority
CN
China
Prior art keywords
transaction data
data
shielding
stored
rule
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110787147.XA
Other languages
Chinese (zh)
Other versions
CN113256301A (en
Inventor
蔡亮
邵羽
曾磊
詹士潇
张帅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Qulian Technology Co Ltd
Original Assignee
Hangzhou Qulian Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Qulian Technology Co Ltd filed Critical Hangzhou Qulian Technology Co Ltd
Priority to CN202110787147.XA priority Critical patent/CN113256301B/en
Publication of CN113256301A publication Critical patent/CN113256301A/en
Application granted granted Critical
Publication of CN113256301B publication Critical patent/CN113256301B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/405Establishing or using transaction specific rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Accounting & Taxation (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Economics (AREA)
  • Development Economics (AREA)
  • Computing Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Software Systems (AREA)
  • Computational Linguistics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The application is applicable to the technical field of block chains, and provides a data shielding method, which comprises the following steps: in response to receiving an inquiry request for inquiring the transaction data to be inquired, determining a storage identifier of the transaction data to be inquired, wherein the storage identifier is used for indicating the storage sequence of the transaction data on the blockchain; determining a mask bit corresponding to a storage identifier of transaction data to be checked from a pre-constructed bitmap, marking the mask bit as a target mask bit, acquiring mask state information on the target mask bit, and marking the mask state information as target mask state information, wherein the bitmap comprises a plurality of mask bits, and each mask bit stores one piece of mask state information; if the target shielding state information indicates that the transaction data to be checked needs to be shielded, searching a shielding rule corresponding to the storage identifier of the transaction data to be checked, and recording the shielding rule as a target shielding rule; and shielding the transaction data to be checked by adopting a target shielding rule, and sending the data obtained by shielding to a requester of the query request.

Description

Data shielding method, device, server and medium
Technical Field
The present application belongs to the field of block chaining technologies, and in particular, to a data shielding method, apparatus, server, and medium.
Background
The block chain is a distributed shared account book and a database, and has the characteristics of decentralization, no tampering, trace retaining in the whole process, traceability, collective maintenance, openness and transparency and the like. In practice, a blockchain typically has multiple blockchain nodes, the data stored at each blockchain node is the same, and each blockchain node typically has a complete ledger.
In the related art, if the data stored in the blockchain has contents to be masked, for example, when there is a sensitive vocabulary, the data stored in the blockchain needs to be masked.
Disclosure of Invention
The embodiment of the application provides a data shielding method, a data shielding device, a server and a medium, and aims to solve the problem that effective shielding processing cannot be performed on data on a block chain in the related art.
In a first aspect, an embodiment of the present application provides a data shielding method, where the method includes:
in response to receiving an inquiry request for inquiring the transaction data to be inquired, determining a storage identifier of the transaction data to be inquired, wherein the storage identifier is used for indicating the storage sequence of the transaction data on the blockchain;
determining a mask bit corresponding to a storage identifier of transaction data to be checked from a pre-constructed bitmap, marking the mask bit as a target mask bit, acquiring mask state information on the target mask bit, and marking the mask state information as target mask state information, wherein the bitmap comprises a plurality of mask bits, and each mask bit stores one piece of mask state information;
if the target shielding state information indicates that the transaction data to be checked needs to be shielded, searching a shielding rule corresponding to the storage identifier of the transaction data to be checked, and recording the shielding rule as a target shielding rule;
and shielding the transaction data to be checked by adopting a target shielding rule, and sending the data obtained by shielding to a requester of the query request.
Further, the method further comprises:
respectively determining the shielding rule of each stored transaction data on the block chain according to a pre-stored shielding rule set, wherein the shielding rule in the shielding rule set corresponds to a rule identifier;
segmenting all the stored transaction data on the blockchain according to the storage identification of each stored transaction data on the blockchain to obtain a plurality of data segments;
and establishing indexes for the data segments, and storing the storage identifiers of the stored transaction data needing to be shielded and the rule identifiers corresponding to the shielding rules in the data segments into the index spaces pointed by the indexes of the corresponding data segments.
Further, the index is established for each data segment, and the index comprises:
selecting a data segment from the plurality of data segments as a current data segment, and performing the following index establishment steps on the current data segment:
if the first number of the stored transaction data needing to be shielded in the current data segment is greater than or equal to the preset number, establishing an index for the current data segment;
if the first number is smaller than the preset number, adding the next data segment of the current data segment for continuous analysis: if the second number of the stored transaction data needing to be shielded in the next data segment of the current data segment is greater than or equal to the preset number, establishing an index for the current data segment; if the second number is less than the preset number and the sum of the first number and the second number is greater than or equal to the preset number, establishing a common index for the current data segment and a next data segment of the current data segment; if the sum of the first number and the second number is less than the preset number, adding the next data segment of the current data segment for continuous analysis, and so on until an index is established for the current data segment;
if the index is established in the current data segment, selecting the data segment without the established index from the plurality of data segments as the current data segment, and continuing to execute the index establishing step.
Further, the searching for the shielding rule corresponding to the storage identifier of the transaction data to be searched comprises:
and searching a shielding rule corresponding to the storage identifier of the transaction data to be checked from an index space pointed by the index of the data segment in which the transaction data to be checked is positioned.
Further, the method further comprises:
determining the shielding state information of each stored transaction data according to the shielding rule of each stored transaction data on the block chain;
and storing the shielding state information of each stored transaction data into a shielding bit corresponding to the storage identifier of the corresponding stored transaction data in the bitmap.
Further, the determining the masking rule of each stored transaction data on the blockchain according to the pre-stored masking rule set includes:
in response to the preset shielding condition being met, respectively determining the shielding rule of each stored transaction data on the block chain according to a pre-stored shielding rule set;
wherein the preset shielding condition comprises at least one of the following items:
detecting that a shielding rule set changes;
detecting newly stored transaction data on the block chain;
block link point activation of a block chain is detected.
Further, the method further comprises:
and adjusting the length of the bitmap according to the growth speed of the transaction data stored in the block chain.
In a second aspect, an embodiment of the present application provides a data shielding apparatus, including:
the device comprises a request receiving unit, a query processing unit and a query processing unit, wherein the request receiving unit is used for responding to a query request for querying transaction data to be queried and determining a storage identifier of the transaction data to be queried, and the storage identifier is used for indicating the storage sequence of the transaction data on a block chain;
the information acquisition unit is used for determining a mask bit corresponding to a storage identifier of the transaction data to be checked from a pre-constructed bitmap, marking the mask bit as a target mask bit, acquiring mask state information on the target mask bit and marking the mask state information as target mask state information, wherein the bitmap comprises a plurality of mask bits, and each mask bit stores one piece of mask state information;
the information searching unit is used for searching a shielding rule corresponding to the storage identifier of the transaction data to be checked and recording the shielding rule as a target shielding rule if the target shielding state information indicates that the transaction data to be checked needs to be shielded;
and the data processing unit is used for shielding the transaction data to be checked by adopting a target shielding rule and sending the data obtained by shielding to the requester of the query request.
In a third aspect, an embodiment of the present application provides a server, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of any one of the data masking methods when executing the computer program.
In a fourth aspect, the present application provides a computer-readable storage medium, where a computer program is stored, and the computer program, when executed by a processor, implements the steps of any one of the data masking methods.
In a fifth aspect, the present application provides a computer program product, which when run on a server, causes the server to execute any one of the data masking methods described above.
Compared with the related technology, the embodiment of the application has the beneficial effects that: when a requester requests to acquire transaction data to be checked, whether the transaction data to be checked needs to be shielded is determined through shielding state information of the transaction data to be checked stored in a bitmap, namely whether shielding content exists in the transaction data to be checked is determined, if the transaction data to be checked needs to be shielded, corresponding shielding rules are searched for to perform shielding processing on the transaction data to be checked, the shielded transaction data to be checked is returned to the requester, and effective shielding processing on data output in a block chain can be achieved. In addition, the transaction data to be checked in the block chain and the shielding rules of the transaction data to be checked are independently stored, so that the real integrity of the transaction data to be checked can be guaranteed while the data after shielding processing is output. In addition, as the content which originally needs to be masked may be changed to not need to be masked, that is, the masking rule may be changed, when the masking rule corresponding to the transaction data to be checked is changed, the changed masking rule may be directly adopted to perform the masking processing on the transaction data to be checked, which is beneficial to more flexibly performing the masking processing on the data on the block chain.
It is understood that the beneficial effects of the second aspect to the fifth aspect can be referred to the related description of the first aspect, and are not described herein again.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings required to be used in the embodiments or the related technical descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic flow chart diagram illustrating a data masking method according to an embodiment of the present application;
FIG. 2 is a schematic flow chart diagram illustrating a data masking method according to another embodiment of the present application;
FIG. 3 is a schematic flow chart illustrating indexing of data segments according to an embodiment of the present application;
FIG. 4 is a schematic flow chart diagram illustrating a data masking method according to another embodiment of the present application;
FIG. 5 is a schematic structural diagram of a data shielding apparatus according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a server according to an embodiment of the present application.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It should also be understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to" determining "or" in response to detecting ". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".
Furthermore, in the description of the present application and the appended claims, the terms "first," "second," "third," and the like are used for distinguishing between descriptions and not necessarily for describing or implying relative importance.
Reference throughout this specification to "one embodiment" or "some embodiments," or the like, means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the present application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," or the like, in various places throughout this specification are not necessarily all referring to the same embodiment, but rather "one or more but not all embodiments" unless specifically stated otherwise. The terms "comprising," "including," "having," and variations thereof mean "including, but not limited to," unless expressly specified otherwise.
In order to explain the technical means of the present application, the following examples are given below.
Example one
Referring to fig. 1, an embodiment of the present application provides a data masking method, including:
step 101, in response to receiving an inquiry request for inquiring the transaction data to be checked, determining a storage identifier of the transaction data to be checked.
The storage identifier is used for indicating the storage sequence of the transaction data on the blockchain. In practice, the storage identifier may be a sequence number of the transaction data in the blockchain. Each transaction data stored in the blockchain may have a stored identification.
The transaction data to be queried is usually the transaction data to be queried in the blockchain.
In the present embodiment, the execution subject of the data masking method is usually a blockchain, and specifically, a blockchain node on the blockchain. In practice, a block link point may typically be implemented as a server.
Here, a requester of the query request, such as a server or a terminal device, may send a query request for querying transaction data to be queried to the blockchain. In this way, the blockchain can directly acquire the storage identifier of the transaction data to be checked.
Step 102, determining a mask bit corresponding to the storage identifier of the transaction data to be checked from a pre-constructed bitmap, marking the mask bit as a target mask bit, and acquiring mask state information on the target mask bit, and marking the mask state information as target mask state information.
Wherein the bitmap includes a plurality of mask bits, each mask bit having stored thereon mask state information. Each mask bit in the bitmap corresponds to a storage identity. In practice, each mask bit typically has a sequence number, and there is typically a correspondence between the value of the stored identification of the transaction data in the blockchain and the sequence number value of the mask bit. For example, if the value of the storage identifier is 1, the mask bit corresponding to the storage identifier may be a mask bit with a sequence number of 1.
Wherein the mask status information is used to indicate whether the corresponding transaction data needs to be masked. It should be noted that, whether the transaction data needs to be masked as mentioned in the present application generally refers to whether the transaction data has contents that need to be masked.
In practice, the bitmap is typically a boolean array. A boolean array refers to an array whose elements are of the boolean type. It should be noted that when the bitmap is implemented as a boolean array, the required storage space is very small, which helps to save storage resources for storing the mask state information. For example, for each mask bit in the bitmap, if the value of the mask bit is true, that is, the value of the mask state information stored in the mask bit is true, it indicates that the transaction data indicated by the storage identifier corresponding to the mask bit needs to be masked, otherwise, if the value of the mask bit is false, that is, the value of the mask state information stored in the mask bit is false, it indicates that the transaction data indicated by the storage identifier corresponding to the mask bit does not need to be masked.
Here, the execution main body may determine the mask bit corresponding to the storage identifier of the transaction data to be checked from the bitmap according to a correspondence between the value of the storage identifier of the transaction data to be checked and the sequence number value of the mask bit. After determining the mask bit corresponding to the storage identifier, the execution body may directly obtain the mask state information stored in the mask bit.
And 103, if the target shielding state information indicates that the transaction data to be checked needs to be shielded, searching a shielding rule corresponding to the storage identifier of the transaction data to be checked, and recording the shielding rule as a target shielding rule.
The masking rule may be various masking rules. As an example, the masking rule may be: shielding "sky", "ocean", etc.
Here, for each transaction data that needs to be masked, a masking rule corresponding to a storage identification of the transaction data may be stored in advance. When the target shielding state information indicates that the transaction data to be checked needs to be shielded, the execution main body may search the corresponding shielding rule by using the storage identifier of the transaction data to be checked, so as to obtain the target shielding rule.
And 104, shielding the transaction data to be checked by adopting a target shielding rule, and sending the data obtained by shielding to a requester of the query request.
Here, the executing entity may perform a shielding process on the transaction data to be checked by using the obtained target shielding rule, so as to obtain the transaction data to be checked after the shielding process, and send the obtained transaction data to be checked after the shielding process to the requesting party of the query request.
It should be noted that the target mask rule may also be: the whole transaction data to be checked is shielded, and the method can also be as follows: and shielding the whole block chain where the transaction data to be checked is located. For example, if the target masking rule is to mask the whole transaction data to be checked, the executing entity may return null data to the requesting party, for example, return "null", or return a preset prompt message, for example, return "the data is not compliant".
In addition, if the target mask state information indicates that the transaction data to be checked does not need to be masked, the execution subject may directly send the transaction data to be checked to the requester of the query request.
According to the method provided by the embodiment, when a requester requests to acquire transaction data to be checked, whether the transaction data to be checked needs to be shielded or not is determined through shielding state information of the transaction data to be checked stored in a bitmap, that is, whether shielding content exists in the transaction data to be checked or not is determined, if the transaction data to be checked needs to be shielded, corresponding shielding rules are searched for to perform shielding processing on the transaction data to be checked, the shielded transaction data to be checked is returned to the requester, and effective shielding processing on data output in a block chain can be achieved. In addition, the transaction data to be checked in the block chain and the shielding rules of the transaction data to be checked are independently stored, so that the real integrity of the transaction data to be checked can be guaranteed while the data after shielding processing is output. In addition, as the content which originally needs to be masked may be changed to not need to be masked, that is, the masking rule may be changed, when the masking rule corresponding to the transaction data to be checked is changed, the changed masking rule may be directly adopted to perform the masking processing on the transaction data to be checked, which is beneficial to more flexibly performing the masking processing on the data on the block chain.
Example two
With continuing reference to fig. 2, fig. 2 is a flowchart of another data masking method provided in the present application, as shown in fig. 2, the data masking method may include the following steps:
step 201, respectively determining the masking rule of each stored transaction data on the blockchain according to the pre-stored masking rule set.
And the shielding rules in the shielding rule set correspond to the rule identifications. One rule identification uniquely corresponds to one masking rule.
The stored transaction data generally refers to transaction data stored in a block chain.
Here, for each transaction data stored in the block chain, the execution body may determine a masking rule that conforms to the transaction data from the masking rule set. In practice, if there is no masking rule in the set of masking rules that matches the transaction data, it indicates that the transaction data does not need to be masked.
Step 202, segmenting all the stored transaction data in the blockchain according to the storage identifier of each stored transaction data in the blockchain to obtain a plurality of data segments.
Here, since the transaction data stored on the blockchain has the storage identifier, and the storage identifier can indicate the storage order of the transaction data on the blockchain, the execution body may divide all the stored transaction data on the blockchain into a plurality of data segments according to the order indicated by the storage identifier.
In practice, it is common to divide several adjacently stored transaction data into one data segment. For example, each 10 adjacently stored transacted data may be divided into one data segment, or each 32 adjacently stored transacted data may be divided into one data segment.
It should be noted that, the stored transaction data on the blockchain is segmented, and the data segment is only divided without changing the storage location and the storage content of the stored transaction data.
Step 203, an index is established for each data segment, and the storage identifier of the stored transaction data which needs to be shielded and the rule identifier corresponding to the shielding rule in each data segment are stored into the index space pointed by the index of the corresponding data segment.
The rule identifier of the masking rule is information for identifying the masking rule. By way of example, the rule identification may be "01" to identify the masking rule as follows: the "starry sky" is shielded.
Here, the execution body may build an index for each data segment, for example, a single index may be built for each data segment, or a common index may be built for a plurality of data segments. For each data segment, the storage identifier and the rule identifier of the stored transaction data to be masked in the data segment are stored in the index space pointed by the index of the data segment.
It should be noted that indexing the data segments may reduce the number of indexes compared to indexing each stored transaction data, which may help to save resources used to index. In addition, the storage identification and the rule identification corresponding to the shielding rule are stored in the index space, and compared with the mode that the storage identification and the corresponding shielding rule are directly stored in the index space, the data size required to be stored is smaller, and the storage space can be saved.
Step 204, in response to receiving a query request for querying the transaction data to be queried, determining a storage identifier of the transaction data to be queried.
Wherein the storage identifier is used for indicating the storage sequence of the transaction data on the blockchain.
Step 205, determining a mask bit corresponding to the storage identifier of the transaction data to be checked from the pre-constructed bitmap, recording the mask bit as a target mask bit, and acquiring the mask state information on the target mask bit, and recording the mask state information as target mask state information.
Wherein the bitmap includes a plurality of mask bits, each mask bit having stored thereon mask state information.
In step 206, if the target shielding state information indicates that the transaction data to be checked needs to be shielded, the shielding rule corresponding to the storage identifier of the transaction data to be checked is searched and recorded as the target shielding rule.
And step 207, shielding the transaction data to be checked by adopting a target shielding rule, and sending the data obtained by shielding to a requester of the query request.
In the present embodiment, the specific operations of steps 204-207 are substantially the same as the operations of steps 101-104 in the embodiment shown in fig. 1, and are not repeated herein.
In the method provided by this embodiment, all the stored transaction data in the block chain are divided into a plurality of data segments, an index is established for each data segment, and the storage identifier and the rule identifier of the stored transaction data to be shielded in the data segment are correspondingly stored in the index space of the corresponding data segment, so that the shielding rule for quickly finding the stored transaction data to be shielded in the data segment can be implemented. In addition, the number of indexes can be obviously reduced compared with the index established for single stored transaction data by establishing the index for the data segment, and resources for establishing the index are saved.
In some optional implementation manners of this embodiment, the determining the masking rule of each stored transaction data on the blockchain according to a pre-stored masking rule set respectively may include: and responding to the condition that the preset shielding condition is met, and respectively determining the shielding rule of each stored transaction data on the block chain according to the pre-stored shielding rule set.
The preset masking condition is generally a preset condition for triggering execution of the preset masking condition, and may include but is not limited to at least one of the following three items:
first, a change in the masking rule set is detected.
Here, when the shielding rule set changes, for example, a shielding rule is added, deleted or modified, the block chain may detect that the shielding rule set changes by detecting a hash value corresponding to the shielding rule set, or may detect that the shielding rule set changes by modifying a record. In practice, the set of masking rules may be stored in the intelligent contracts of the blockchain, or may be stored in other data storage areas of the blockchain.
And the second item is that newly stored transaction data on the block chain is detected.
Third, block link point activation of a block chain is detected.
Here, the masking rule for determining each of the stored transaction data is executed when the preset masking condition is satisfied, and the masking rule for flexibly determining each of the stored transaction data can be realized.
With continuing reference to fig. 3, fig. 3 is a flowchart of indexing each data segment according to an embodiment of the present application. As shown in fig. 3, each data segment may be indexed by:
step 301, selecting a data segment from the plurality of data segments as a current data segment, and performing an index establishing step on the current data segment.
Here, the execution body may generally select the first data segment as the current data segment when first selecting. As shown in FIG. 3, the index establishment step may include the following steps 3011-3013.
In step 3011, if the first number of the stored transaction data that needs to be masked in the current data segment is greater than or equal to the predetermined number, an index is established for the current data segment.
The first number is generally the number of the stored transaction data that needs to be masked in the current data segment. The predetermined number is usually a predetermined value. As an example, the preset number may be 16, 20, etc.
Here, if the number of the stored transaction data to be masked in the current data segment is greater than or equal to the preset number, the execution body may establish a separate index for the data segment.
Step 3012, if the first number is smaller than the preset number, adding the next data segment of the current data segment for further analysis: if the second number of the stored transaction data needing to be shielded in the next data segment of the current data segment is greater than or equal to the preset number, establishing an index for the current data segment; if the second number is less than the preset number and the sum of the first number and the second number is greater than or equal to the preset number, establishing a common index for the current data segment and a next data segment of the current data segment; and if the sum of the first number and the second number is less than the preset number, adding the next data segment of the current data segment for continuous analysis, and so on until an index is established for the current data segment.
The second number is generally the number of stored transaction data that needs to be masked in the next data segment of the current data segment.
For example, if there are 3 sequentially stored data segments, which are data segment 1, data segment 2, and data segment 3, respectively, if data segment 1 is the current data segment, data segment 2 is the next data segment of the current data segment, and data segment 3 is the next data segment of the current data segment. If the predetermined number is 20.
At this time, if the number of stored transaction data to be masked in the data segment 1 is greater than or equal to 20, a separate index may be established for the data segment 1.
If the first number of stored transaction data in segment 1 that needs to be masked is less than 20, then join segment 2 for continued analysis: first, if the second number of stored transaction data in segment 2 that needs to be masked is greater than or equal to 20, then a separate index is created for segment 1. Then, if the second number is less than 20 and the sum of the first number and the second number is greater than or equal to 20, a common index is established for the data segment 1 and the data segment 2.
If the sum of the first number and the second number is less than 20, adding the data segment 3 to continue the analysis: if the third number of stored transaction data in data segment 3 that needs to be masked is greater than or equal to 20, then data segment 1 and data segment 2 are co-indexed. Then, if the third number is less than 20 and the sum of the first number, the second number and the third number is greater than or equal to 20, a common index is established for the data segment 1, the data segment 2 and the data segment 3. And finally, if the sum of the first number, the second number and the third number is less than 20, because no data segment needing to be indexed exists later, directly establishing a common index for the data segment 1, the data segment 2 and the data segment 3.
And 3013, if the index is established in the current data segment, selecting a data segment without the index from the multiple data segments as the current data segment, and continuing to execute the index establishing step.
For example, if there are 3 sequentially stored data segments, which are data segment 1, data segment 2, and data segment 3, respectively, if data segment 1 is the current data segment, data segment 2 is the next data segment of the current data segment, and data segment 3 is the next data segment of the current data segment. If the predetermined number is 20.
If a common index is currently established for the data segment 1 and the data segment 2, at this time, indexes are established for both the data segment 1 and the data segment 2, so the data segment 3 without an index established can be selected as the current data segment, and the index establishing step is continuously executed. Until all data segments are indexed.
The implementation mode can establish indexes for each data segment according to the number of the stored transaction data needing to be shielded in each data segment, can further reduce the number of the indexes, and saves data resources for establishing the indexes.
In an optional implementation manner of each embodiment of the present application, the searching for the shielding rule corresponding to the storage identifier of the transaction data to be searched may include: and searching a shielding rule corresponding to the storage identifier of the transaction data to be checked from an index space pointed by the index of the data segment in which the transaction data to be checked is positioned.
Here, when an index is established in each data segment, and a storage identifier and a shielding rule of the transaction data of the corresponding data segment are stored in an index space corresponding to the index of each data segment, the execution main body may search the shielding rule corresponding to the storage identifier of the transaction data to be searched from the index space corresponding to the index of the data segment, so as to find the shielding rule of the transaction data to be searched.
EXAMPLE III
With continuing reference to fig. 4, fig. 4 is a flowchart of another data masking method provided in the present application, and as shown in fig. 4, the data masking method may include the following steps:
step 401, respectively determining a masking rule of each stored transaction data on the blockchain according to a pre-stored masking rule set.
And the shielding rules in the shielding rule set correspond to the rule identifications.
Step 402, determining the mask status information of each stored transaction data according to the mask rule of each stored transaction data in the blockchain.
Wherein the mask status information is used to indicate whether the corresponding transaction data needs to be masked. It should be noted that, whether the transaction data needs to be masked as mentioned in the present application generally refers to whether the transaction data has contents that need to be masked.
Here, for each of the stored transaction data, the executing entity may determine the mask status information of the stored transaction data when determining the mask rule of the stored transaction data.
In practice, as long as there is a matching masking rule for the stored transaction data, the masking status information of the stored transaction data is: information indicating that the stored transaction data needs to be masked, e.g., "1", "true". Otherwise, if there is no matching shielding rule for the stored transaction data, the shielding status information of the stored transaction data is: information indicating that the stored transaction data does not need to be masked, such as "0", "false", etc.
Step 403, storing the mask status information of each stored transaction data into the mask bit corresponding to the storage identifier of the corresponding stored transaction data in the bitmap.
Here, since each mask bit in the bitmap generally has a sequence number, for each stored transaction data, the execution body may find the mask bit corresponding to the storage identifier of the stored transaction data according to the corresponding relationship between the value of the storage identifier of the transaction data in the block chain and the sequence number value of the mask bit, and then store the mask state information of the stored transaction data into the corresponding mask bit.
In step 404, all the stored transaction data in the blockchain are segmented according to the storage identifier of each stored transaction data in the blockchain, so as to obtain a plurality of data segments.
Step 405, an index is established for each data segment, and a storage identifier of stored transaction data that needs to be shielded and a rule identifier corresponding to a shielding rule in each data segment are stored into an index space pointed by the index of the corresponding data segment.
In this embodiment, the specific operation of step 401 is substantially the same as the operation of step 201 in the embodiment shown in fig. 2, and is not described herein again. The specific operations of steps 404 and 405 are substantially the same as those of steps 201 and 203 in the embodiment shown in fig. 2, and are not described herein again.
In step 406, in response to receiving a query request requesting to query the transaction data to be queried, a storage identifier of the transaction data to be queried is determined.
Wherein the storage identifier is used for indicating the storage sequence of the transaction data on the blockchain.
Step 407, determining a mask bit corresponding to the storage identifier of the transaction data to be checked from the pre-constructed bitmap, recording the mask bit as a target mask bit, and acquiring mask state information on the target mask bit, and recording the mask state information as target mask state information.
Wherein the bitmap includes a plurality of mask bits, each mask bit having stored thereon mask state information.
And step 408, if the target shielding state information indicates that the transaction data to be checked needs to be shielded, searching a shielding rule corresponding to the storage identifier of the transaction data to be checked, and recording the shielding rule as a target shielding rule.
And 409, shielding the transaction data to be checked by adopting a target shielding rule, and sending the data obtained by shielding to the requester of the query request.
In the present embodiment, the specific operations of steps 406-409 are substantially the same as the operations of steps 101-104 in the embodiment shown in fig. 1, and are not repeated herein.
The implementation mode can conveniently and rapidly obtain the bitmap for recording the shielding state information of each stored transaction data.
In practice, the bitmap is typically a boolean array. A boolean array refers to an array whose elements are of the boolean type. It should be noted that when the bitmap is implemented as a boolean array, the required storage space is very small, which helps to save storage resources for storing the mask state information. In addition, the structure of the bitmap is simple, and the mask state information of the corresponding stored transaction data can be conveniently and quickly searched from the bitmap.
In an optional implementation manner of each embodiment of the present application, the data masking method may further include: and adjusting the length of the bitmap according to the growth speed of the transaction data stored in the block chain.
In practice, the expansion speed of the length of the bitmap is usually positively correlated with the growth speed of the transaction data stored in the block chain, and the faster the growth speed of the transaction data stored in the block chain is, the faster the expansion speed of the length of the bitmap is, the larger the length of the bitmap obtained by adjustment is.
As an example, if the transaction data currently stored in the blockchain is k and k <2^ i, where ^ is the power operator. When the transaction data stored in the block chain is 2^ i, the length of the bitmap can be expanded to be 2^ (i + a), wherein the value of a is positively correlated with the growth speed of the transaction data stored in the block chain. In practice, a is usually greater than 0 or equal to or less than 1, i.e., the length expansion speed of the bitmap is less than or equal to 2.
It should be noted that, by adjusting the length of the bitmap according to the growth rate of the transaction data stored in the block chain, the bitmap length can be adjusted accurately and reliably.
Example four
Fig. 5 shows a block diagram of a data masking apparatus 500 provided in the embodiment of the present application, which corresponds to the data masking method in the first embodiment, and only shows the relevant parts in the embodiment of the present application for convenience of description.
Referring to fig. 5, the apparatus includes:
a request receiving unit 501, configured to determine, in response to receiving an inquiry request requesting to inquire transaction data to be checked, a storage identifier of the transaction data to be checked, where the storage identifier is used to indicate a storage order of the transaction data on a blockchain;
an information obtaining unit 502, configured to determine, from a pre-constructed bitmap, a mask bit corresponding to a storage identifier of transaction data to be checked, to be recorded as a target mask bit, and obtain mask state information on the target mask bit, to be recorded as target mask state information, where the bitmap includes multiple mask bits, and each mask bit stores one piece of mask state information;
an information searching unit 503, configured to search a shielding rule corresponding to the storage identifier of the transaction data to be checked if the target shielding state information indicates that the transaction data to be checked needs to be shielded, and record the shielding rule as a target shielding rule;
the data processing unit 504 is configured to perform shielding processing on the transaction data to be checked by using a target shielding rule, and send the data obtained through the shielding processing to a requester of the query request.
In some embodiments, the apparatus may further include an index establishing unit (not shown in the figures). Wherein, the index establishing unit is used for: respectively determining the shielding rule of each stored transaction data on the block chain according to a pre-stored shielding rule set, wherein the shielding rule in the shielding rule set corresponds to a rule identifier; segmenting all the stored transaction data on the blockchain according to the storage identification of each stored transaction data on the blockchain to obtain a plurality of data segments; and establishing indexes for the data segments, and storing the storage identifiers of the stored transaction data needing to be shielded and the rule identifiers corresponding to the shielding rules in the data segments into the index spaces pointed by the indexes of the corresponding data segments.
In some embodiments, the index establishing unit may establish an index for each data segment, and the index establishing unit may include: first, a data segment is selected from a plurality of data segments as a current data segment, and the following index establishment step is performed on the current data segment. Then, if the first number of the stored transaction data needing to be shielded in the current data segment is greater than or equal to the preset number, establishing an index for the current data segment; if the first number is smaller than the preset number, adding the next data segment of the current data segment for continuous analysis: if the second number of the stored transaction data needing to be shielded in the next data segment of the current data segment is greater than or equal to the preset number, establishing an index for the current data segment; if the second number is less than the preset number and the sum of the first number and the second number is greater than or equal to the preset number, establishing a common index for the current data segment and a next data segment of the current data segment; and if the sum of the first number and the second number is less than the preset number, adding the next data segment of the current data segment for continuous analysis, and so on until an index is established for the current data segment. And finally, if the index is established in the current data segment, selecting the data segment without the index from the plurality of data segments as the current data segment, and continuing to execute the index establishing step.
In some embodiments, the information search unit 503 is specifically configured to: and searching a shielding rule corresponding to the storage identifier of the transaction data to be checked from an index space pointed by the index of the data segment in which the transaction data to be checked is positioned.
In some embodiments, the apparatus may further comprise a state storage unit (not shown in the figures). Wherein the state storage unit is used for: determining the shielding state information of each stored transaction data according to the shielding rule of each stored transaction data on the block chain; and storing the shielding state information of each stored transaction data into a shielding bit corresponding to the storage identifier of the corresponding stored transaction data in the bitmap.
In some embodiments, the index establishing unit is specifically configured to: in response to the preset shielding condition being met, respectively determining the shielding rule of each stored transaction data on the block chain according to a pre-stored shielding rule set; wherein the preset shielding condition comprises at least one of the following items:
detecting that a shielding rule set changes;
detecting newly stored transaction data on the block chain;
block link point activation of a block chain is detected.
In some embodiments, the apparatus may further comprise a bitmap adjustment unit (not shown in the figures). Wherein the bitmap adjusting unit is configured to: and adjusting the length of the bitmap according to the growth speed of the transaction data stored in the block chain.
When a requester requests to acquire transaction data to be checked, the device provided by this embodiment determines whether the transaction data to be checked needs to be shielded or not through the shielding state information of the transaction data to be checked stored in the bitmap, that is, determines whether shielded content exists in the transaction data to be checked or not, if the transaction data to be checked needs to be shielded, searches for a corresponding shielding rule to perform shielding processing on the transaction data to be checked, returns the shielded transaction data to be checked to the requester, and can implement effective shielding processing on data output in a block chain. In addition, the transaction data to be checked in the block chain and the shielding rules of the transaction data to be checked are independently stored, so that the real integrity of the transaction data to be checked can be guaranteed while the data after shielding processing is output. In addition, as the content which originally needs to be masked may be changed to not need to be masked, that is, the masking rule may be changed, when the masking rule corresponding to the transaction data to be checked is changed, the changed masking rule may be directly adopted to perform the masking processing on the transaction data to be checked, which is beneficial to more flexibly performing the masking processing on the data on the block chain.
It should be noted that, for the information interaction, execution process, and other contents between the above-mentioned devices/units, the specific functions and technical effects thereof are based on the same concept as those of the embodiment of the method of the present application, which may be referred to in the embodiment of the method specifically, and are not described herein again.
EXAMPLE five
Fig. 6 is a schematic structural diagram of a server 600 according to an embodiment of the present application. As shown in fig. 6, the server 600 of this embodiment includes: at least one processor 601 (only one processor is shown in fig. 6), a memory 602, and a computer program 603, such as a data mask, stored in the memory 602 and operable on the at least one processor 601. The steps in any of the various method embodiments described above are implemented when the computer program 603 is executed by the processor 601. The steps in the various embodiments of the data masking method described above are implemented when the computer program 603 is executed by the processor 601. The processor 601, when executing the computer program 603, implements the functionality of the various modules/units in the various apparatus embodiments described above, such as the functionality of the units 501-504 shown in fig. 5.
Illustratively, the computer program 603 may be partitioned into one or more modules/units, which are stored in the memory 602 and executed by the processor 601 to accomplish the present application. One or more modules/units may be a series of computer program instruction segments capable of performing certain functions, which are used to describe the execution of computer program 603 in server 600. For example, the computer program 603 may be divided into a request receiving unit, an information obtaining unit, an information searching unit, and a data processing unit, and specific functions of each unit are described in the foregoing embodiments, and are not described herein again.
The server 600 may be a server, a desktop computer, a tablet computer, a cloud server, a mobile terminal, and other computing devices. The server 600 may include, but is not limited to, a processor 601, a memory 602. Those skilled in the art will appreciate that fig. 6 is merely an example of a server 600 and is not intended to be limiting of server 600, and may include more or fewer components than those shown, or some components in combination, or different components, e.g., the server may also include input-output devices, network access devices, buses, etc.
The Processor 601 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The storage 602 may be an internal storage unit of the server 600, such as a hard disk or a memory of the server 600. The memory 602 may also be an external storage device of the server 600, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like provided on the server 600. Further, the memory 602 may also include both internal storage units of the server 600 and external storage devices. The memory 602 is used to store computer programs and other programs and data required by the server. The memory 602 may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules, so as to perform all or part of the functions described above. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the system may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus/server and method may be implemented in other ways. For example, the above-described apparatus/server embodiments are merely illustrative, and for example, a division of modules or units is merely a logical division, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated module, if implemented in the form of a software functional unit and sold or used as a separate product, may be stored in a computer readable storage medium. The computer readable storage medium may be non-volatile or volatile. Based on such understanding, all or part of the processes in the methods of the embodiments described above may be implemented by hardware related to instructions of a computer program, which may be stored in a computer readable storage medium, and when the computer program is executed by a processor, the steps of the methods described above may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable storage medium may include: any entity or device capable of carrying computer program code, recording medium, U.S. disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution media, and the like. It should be noted that the computer readable storage medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable storage media that does not include electrical carrier signals and telecommunications signals in accordance with legislation and patent practice.
The above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.

Claims (9)

1. A method of data masking, the method comprising:
in response to receiving an inquiry request for inquiring transaction data to be inquired, determining a storage identifier of the transaction data to be inquired, wherein the storage identifier is used for indicating the storage sequence of the transaction data on a blockchain;
determining a mask bit corresponding to a storage identifier of the transaction data to be checked from a pre-constructed bitmap, marking the mask bit as a target mask bit, and acquiring mask state information on the target mask bit, and marking the mask state information as target mask state information, wherein the bitmap comprises a plurality of mask bits, each mask bit stores one piece of mask state information, the length of the bitmap is adjusted based on the growth speed of the transaction data stored in the block chain, and when the transaction data stored in the block chain is 2^ i, the length of the bitmap is adjusted to 2^ (i + a), wherein i is a positive number, and a is greater than 0 and less than or equal to 1;
if the target shielding state information indicates that the transaction data to be checked needs to be shielded, searching a shielding rule corresponding to a storage identifier of the transaction data to be checked, and recording the shielding rule as a target shielding rule, wherein the shielding rule is used for describing the content needing to be shielded, and the step of searching the shielding rule corresponding to the storage identifier of the transaction data to be checked comprises the following steps: searching a rule identifier of a shielding rule corresponding to a storage identifier of the transaction data to be checked from an index space pointed by an index of a data segment where the transaction data to be checked is located, wherein one index corresponds to at least one data segment, and at least one data segment corresponding to the same index corresponds to the same index space;
and shielding the transaction data to be checked by adopting the target shielding rule, and sending the data obtained by shielding to the requester of the query request.
2. The data masking method as claimed in claim 1, wherein said method further comprises:
respectively determining the shielding rules of the transaction data stored in the block chain according to a pre-stored shielding rule set, wherein the shielding rules in the shielding rule set correspond to rule identifiers;
segmenting all the stored transaction data on the block chain according to the storage identification of each stored transaction data on the block chain to obtain a plurality of data segments;
and establishing indexes for the data segments, and storing the storage identifiers of the stored transaction data needing to be shielded and the rule identifiers corresponding to the shielding rules in the data segments into the index spaces pointed by the indexes of the corresponding data segments.
3. The data masking method of claim 2, wherein said indexing each data segment comprises:
selecting a data segment from the plurality of data segments as a current data segment, and performing the following index establishment steps on the current data segment:
if the first number of the stored transaction data needing to be shielded in the current data segment is greater than or equal to the preset number, establishing an index for the current data segment;
if the first number is smaller than the preset number, adding the next data segment of the current data segment for continuous analysis: if the second number of the stored transaction data needing to be shielded in the next data segment of the current data segment is greater than or equal to the preset number, establishing an index for the current data segment; if the second number is smaller than the preset number and the sum of the first number and the second number is larger than or equal to the preset number, establishing a common index for the current data segment and the next data segment of the current data segment; if the sum of the first number and the second number is smaller than the preset number, adding the next data segment of the current data segment for continuous analysis, and so on until an index is established for the current data segment;
and if the index is established in the current data segment, selecting the data segment without the established index from the plurality of data segments as the current data segment, and continuously executing the index establishing step.
4. The data shielding method of claim 2, wherein the searching for the shielding rule corresponding to the storage identifier of the transaction data to be searched comprises:
and searching a shielding rule corresponding to the storage identifier of the transaction data to be checked from an index space pointed by the index of the data segment where the transaction data to be checked is located.
5. The data masking method of claim 2, further comprising:
determining shielding state information of each stored transaction data according to a shielding rule of each stored transaction data on the block chain;
and storing the shielding state information of each stored transaction data into a shielding bit corresponding to the storage identifier of the corresponding stored transaction data in the bitmap.
6. The method of claim 2, wherein the determining the masking rule for each stored transaction data in the blockchain according to a pre-stored set of masking rules comprises:
in response to meeting a preset shielding condition, respectively determining a shielding rule of each stored transaction data on the block chain according to a pre-stored shielding rule set;
wherein the preset shielding condition comprises at least one of:
detecting a change in the masking rule set;
detecting that transaction data is newly stored on the block chain;
detecting a block link point activation of the block chain.
7. A data masking apparatus, characterized in that the apparatus comprises:
the device comprises a request receiving unit, a query processing unit and a query processing unit, wherein the request receiving unit is used for responding to a query request for querying transaction data to be queried and determining a storage identifier of the transaction data to be queried, and the storage identifier is used for indicating the storage sequence of the transaction data on a block chain;
an information obtaining unit, configured to determine, from a pre-constructed bitmap, a mask bit corresponding to a storage identifier of the transaction data to be checked, mark the mask bit as a target mask bit, and obtain mask state information on the target mask bit, which is marked as target mask state information, where the bitmap includes multiple mask bits, each mask bit stores one piece of mask state information, a length of the bitmap is adjusted based on a growth speed of the transaction data stored in the block chain, and when the transaction data stored in the block chain is 2^ i, the length of the bitmap is adjusted to 2^ (i + a), where i is a positive number, and a is greater than 0 and less than or equal to 1;
an information searching unit, configured to search a shielding rule corresponding to the storage identifier of the transaction data to be checked if the target shielding state information indicates that the transaction data to be checked needs to be shielded, and record the shielding rule as a target shielding rule, where the shielding rule is used to describe content to be shielded, and the searching for the shielding rule corresponding to the storage identifier of the transaction data to be checked includes: searching a rule identifier of a shielding rule corresponding to a storage identifier of the transaction data to be checked from an index space pointed by an index of a data segment where the transaction data to be checked is located, wherein one index corresponds to at least one data segment, and at least one data segment corresponding to the same index corresponds to the same index space;
and the data processing unit is used for shielding the transaction data to be checked by adopting the target shielding rule and sending the data obtained by shielding to the requester of the query request.
8. A server comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 1 to 6 when executing the computer program.
9. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1 to 6.
CN202110787147.XA 2021-07-13 2021-07-13 Data shielding method, device, server and medium Active CN113256301B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110787147.XA CN113256301B (en) 2021-07-13 2021-07-13 Data shielding method, device, server and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110787147.XA CN113256301B (en) 2021-07-13 2021-07-13 Data shielding method, device, server and medium

Publications (2)

Publication Number Publication Date
CN113256301A CN113256301A (en) 2021-08-13
CN113256301B true CN113256301B (en) 2022-03-29

Family

ID=77191075

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110787147.XA Active CN113256301B (en) 2021-07-13 2021-07-13 Data shielding method, device, server and medium

Country Status (1)

Country Link
CN (1) CN113256301B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114066637A (en) * 2021-11-15 2022-02-18 深圳前海鸿泰源兴科技发展有限公司 Financial analysis system based on Internet of things and operation method

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013101723A1 (en) * 2011-12-27 2013-07-04 Wellpoint, Inc. Method and system for data pattern matching, masking and removal of sensitive data
CN107871083A (en) * 2017-11-07 2018-04-03 平安科技(深圳)有限公司 Desensitize regular collocation method, application server and computer-readable recording medium
CN108154047A (en) * 2017-12-25 2018-06-12 网智天元科技集团股份有限公司 A kind of data desensitization method and device
US20190207751A1 (en) * 2018-01-04 2019-07-04 Bank Of America Corporation Blockchain enterprise data management
CN108390891A (en) * 2018-03-28 2018-08-10 电子科技大学天府协同创新中心 Information protecting method based on privately owned block chain
CN108595979A (en) * 2018-04-13 2018-09-28 中国民航信息网络股份有限公司 Dynamic desensitization method and device
CN108846753B (en) * 2018-06-06 2021-11-09 北京京东尚科信息技术有限公司 Method and apparatus for processing data
CN109409121B (en) * 2018-09-07 2022-10-11 创新先进技术有限公司 Desensitization processing method and device and server
CN109697364A (en) * 2018-11-09 2019-04-30 贵州优易合创大数据资产运营有限公司 A kind of government affairs shared platform block chain data processing method
CN110457918B (en) * 2019-01-09 2022-09-09 腾讯科技(深圳)有限公司 Method, device, node and medium for filtering illegal contents in block chain data
CN111507706B (en) * 2019-01-31 2024-04-26 华为技术有限公司 Method, device, computer equipment and storage medium for browsing and storing data
CN111831785A (en) * 2020-07-16 2020-10-27 平安科技(深圳)有限公司 Sensitive word detection method and device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN113256301A (en) 2021-08-13

Similar Documents

Publication Publication Date Title
CN107729371B (en) Data indexing and querying method, device, equipment and storage medium of block chain
CN106997431B (en) Data processing method and device
CN105550225A (en) Index construction method and query method and apparatus
CN108154024B (en) Data retrieval method and device and electronic equipment
CN111460232A (en) Functional module searching method, device, terminal and computer readable storage medium
CN113256301B (en) Data shielding method, device, server and medium
CN112860953A (en) Data importing method, device, equipment and storage medium of graph database
CN112328275A (en) Data updating method and device for nuclear power plant, terminal equipment and storage medium
CN104636368A (en) Data retrieval method and device and server
CN112765155B (en) Block chain-based key value storage method and device, terminal equipment and medium
CN112597192A (en) Data query method, device, server and medium
CN110874365B (en) Information query method and related equipment thereof
CN111008220A (en) Dynamic identification method and device of data source, storage medium and electronic device
CN114363002B (en) Method and device for generating network attack relation diagram
CN112783971B (en) Transaction recording method, transaction query method, electronic device and storage medium
CN114461418A (en) Inter-process communication method and device and electronic equipment
CN113590907A (en) Camera management method and device, electronic equipment and storage medium
CN112085788A (en) Loop detection method, loop detection device, computer readable storage medium and mobile device
CN115221360A (en) Tree structure configuration method and system
CN112000671A (en) Block chain-based database table processing method, device and system
CN112052341A (en) Knowledge graph pruning method and device
CN111581207B (en) File generation method and device of Azkaban project and terminal equipment
CN113254483B (en) Request processing method and device, electronic equipment and storage medium
CN110515923B (en) Data migration method and system between distributed databases
CN116204553A (en) Data query method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant