CN114139199A - Data desensitization method, apparatus, device and medium - Google Patents

Data desensitization method, apparatus, device and medium Download PDF

Info

Publication number
CN114139199A
CN114139199A CN202111441922.2A CN202111441922A CN114139199A CN 114139199 A CN114139199 A CN 114139199A CN 202111441922 A CN202111441922 A CN 202111441922A CN 114139199 A CN114139199 A CN 114139199A
Authority
CN
China
Prior art keywords
data
incremental
desensitization
plaintext
processing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111441922.2A
Other languages
Chinese (zh)
Inventor
苏剑树
王健
张松祥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Pingan Payment Technology Service Co Ltd
Original Assignee
Pingan Payment Technology Service Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Pingan Payment Technology Service Co Ltd filed Critical Pingan Payment Technology Service Co Ltd
Priority to CN202111441922.2A priority Critical patent/CN114139199A/en
Publication of CN114139199A publication Critical patent/CN114139199A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/21Design, administration or maintenance of databases
    • G06F16/215Improving data quality; Data cleansing, e.g. de-duplication, removing invalid entries or correcting typographical errors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2282Tablespace storage structures; Management thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Quality & Reliability (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the field of data processing, and provides a data desensitization method, a device, equipment and a medium, which can carry out name reconstruction on sensitive data in a uniform naming format, improve the readability of the data and the efficiency of data processing, obtain incremental data from obtained first intermediate data to carry out double-write operation to obtain second intermediate data, ensure that the data can be normally used in the desensitization process through a plaintext and ciphertext double-write mode, reduce the reconstruction risk, obtain stock data from the first intermediate data to carry out cleaning operation to obtain third intermediate data after double-write, carry out union operation on the second intermediate data and the third intermediate data after cleaning to obtain fourth intermediate data and carry out single-write operation, can realize the desensitization of the data without calling a large number of interfaces, and realize more optimized desensitization processing on the sensitive data. In addition, the invention also relates to a block chain technology, and desensitization data corresponding to the data to be processed can be stored in the block chain nodes.

Description

Data desensitization method, apparatus, device and medium
Technical Field
The invention relates to the technical field of data processing, in particular to a data desensitization method, a data desensitization device, data desensitization equipment and a data desensitization medium.
Background
As application systems that are becoming more and more diversified are developed and used, sensitive information such as user data stored in each system is increasing.
For the sensitive information, desensitization is usually required to be used, otherwise the information security of the user is affected.
However, at present, when data desensitization is performed, the following problems still exist:
1. the coverage of changed services is wide, a large number of interfaces need to be changed and verified, and the cost of the modified manpower is extremely high;
2. the related scenes are usually more active, so that the reconstruction risk is high;
3. the abnormal data encryption may cause the problem of user information loss.
Disclosure of Invention
In view of the above, there is a need to provide a data desensitization method, apparatus, device and medium, which aims to solve the problems of high cost and high risk of desensitization of sensitive data.
A data desensitization method, the data desensitization method comprising:
in response to a data desensitization instruction for a target system, determining data to be processed in the target system;
calling a naming format, and renaming the data to be processed according to the naming format to obtain first intermediate data;
obtaining incremental data from the first intermediate data, and performing double-write operation on the incremental data to obtain second intermediate data;
when the fact that the double-write operation is finished is detected, stock data are obtained from the first intermediate data, and the stock data are cleaned to obtain third intermediate data;
when the cleaning operation is detected to be finished, performing union operation on the second intermediate data and the third intermediate data to obtain fourth intermediate data;
and performing single-write operation on the fourth intermediate data to obtain desensitization data corresponding to the data to be processed.
According to a preferred embodiment of the present invention, renaming the data to be processed according to the naming format to obtain first intermediate data includes:
acquiring an initial field name of the data to be processed;
acquiring preset characters from the named format;
and splicing the preset character and the initial field name of the data to be processed to obtain the first intermediate data.
According to the preferred embodiment of the present invention, the double write operation and the single write operation include a new addition process, an update process, a query process, and a query result return process, and the performing the double write operation on the incremental data includes:
when the incremental data is subjected to the newly added processing, acquiring a plaintext of the incremental data, a set method of a plaintext field, a set method of a ciphertext field and a set method of an encryption flag bit;
determining the plaintext of the incremental data, a set method of the plaintext field, a set method of the ciphertext field and a set method of the encryption flag bit as input parameters, and adding the incremental data to obtain a ciphertext corresponding to the incremental data;
decrypting the ciphertext corresponding to the incremental data to obtain first decrypted data;
checking the plaintext consistency of the first decrypted data and the incremental data;
when the first decrypted data is inconsistent with the plaintext of the incremental data, determining that the first decrypted data does not pass verification, and separately recording the plaintext of the incremental data; or
And when the first decrypted data is consistent with the plaintext of the incremental data, determining that the first decrypted data passes the verification, and simultaneously recording the plaintext of the incremental data and the ciphertext corresponding to the incremental data.
According to a preferred embodiment of the present invention, said performing a double write operation on the incremental data further comprises:
detecting the execution progress of the new addition processing and the update processing when the query processing is executed on the incremental data;
when the execution progress shows that the newly-added processing and the updating processing are executed completely, clearing the plaintext of the incremental data, and inquiring by using the ciphertext corresponding to the incremental data; or
And when the execution progress shows that the newly-added processing and the updating processing are not executed completely, inquiring by using the plaintext of the incremental data.
According to a preferred embodiment of the present invention, said performing a double write operation on the incremental data further comprises:
when the query result return processing is executed on the incremental data, detecting whether a ciphertext corresponding to the incremental data is a null field;
when the ciphertext corresponding to the incremental data is not a null field, decrypting the ciphertext corresponding to the incremental data to obtain second decrypted data;
checking the plaintext consistency of the second decrypted data and the incremental data;
when the second decrypted data is inconsistent with the plaintext of the incremental data, determining that the second decrypted data does not pass the verification, and returning the plaintext of the incremental data; or
And when the second decrypted data is consistent with the plaintext of the incremental data, determining that the second decrypted data passes verification, and returning the second decrypted data.
According to a preferred embodiment of the present invention, the performing the purge operation on the inventory data includes:
acquiring a pre-established configuration file, wherein the configuration file is used for storing a cleaning method of each database table;
acquiring a JOB to be executed, acquiring a plurality of database tables corresponding to the JOB to be executed, and taking the database tables as a plurality of target database tables;
querying a cleaning method of each target database table in the configuration file as a target method of each target database table;
acquiring the ID of the primary key when the execution of the to-be-executed JOB is finished last time from each target database table;
acquiring a pre-maintained ID range, and acquiring a plurality of threads from a pre-established thread pool, wherein the number of the threads is consistent with the number of the target database tables;
starting from a primary key ID of each target database table, executing the JOB to be executed in parallel based on the target method and the plurality of threads in the ID range;
acquiring time consumption and data processing amount after the execution of the to-be-executed JOB is finished;
and updating the ID range according to the consumed time and the data processing amount.
According to a preferred embodiment of the present invention, the performing a single write operation on the fourth intermediate data to obtain desensitization data corresponding to the data to be processed includes:
obtaining a ciphertext corresponding to the fourth intermediate data;
executing the newly-added processing, and/or the updating processing, and/or the query result returning processing by using the ciphertext corresponding to the fourth intermediate data;
in the execution process, when the ciphertext is detected to be inconsistent with the corresponding plaintext, the abnormity is thrown out, and the calling is returned to fail;
and after the single-write operation is finished, clearing the plaintext of the fourth intermediate data to obtain desensitization data corresponding to the data to be processed.
A data desensitization apparatus, said data desensitization apparatus comprising:
the device comprises a determining unit, a processing unit and a processing unit, wherein the determining unit is used for responding to a data desensitization instruction aiming at a target system and determining data to be processed in the target system;
the naming unit is used for calling a naming format and renaming the data to be processed according to the naming format to obtain first intermediate data;
the double-write unit is used for acquiring incremental data from the first intermediate data and performing double-write operation on the incremental data to obtain second intermediate data;
the cleaning unit is used for acquiring stock data from the first intermediate data when the double-write operation is detected to be finished, and cleaning the stock data to obtain third intermediate data;
the operation unit is used for performing union operation on the second intermediate data and the third intermediate data to obtain fourth intermediate data when the cleaning operation is detected to be finished;
and the single-writing unit is used for executing single-writing operation on the fourth intermediate data to obtain desensitization data corresponding to the data to be processed.
A computer device, the computer device comprising:
a memory storing at least one instruction; and
a processor executing instructions stored in the memory to implement the data desensitization method.
A computer-readable storage medium having stored therein at least one instruction for execution by a processor in a computer device to implement the data desensitization method.
According to the technical scheme, the method can respond to a data desensitization instruction aiming at a target system, determine the data to be processed in the target system, call a naming format, rename the data to be processed according to the naming format to obtain first intermediate data, modify the name of sensitive data according to a uniform naming format, improve the readability of the data, facilitate subsequent call, improve the efficiency of data processing, obtain incremental data from the first intermediate data, perform double-write operation on the incremental data to obtain second intermediate data, ensure that the data can be normally used in the desensitization process through a mode of double-writing plaintext and ciphertext, reduce the risk of modification and avoid data loss, and obtain stock data from the first intermediate data when the execution of the double-write operation is detected to be finished, and cleaning the stock data to obtain third intermediate data, performing union operation on the second intermediate data and the third intermediate data to obtain fourth intermediate data when the cleaning operation is detected to be completed, performing write-once operation on the fourth intermediate data to obtain desensitization data corresponding to the data to be processed, and realizing desensitization of the data without calling a large number of interfaces so as to realize more optimal desensitization processing on the sensitive data.
Drawings
FIG. 1 is a flow chart of a preferred embodiment of the data desensitization method of the present invention.
FIG. 2 is a functional block diagram of a preferred embodiment of the data desensitization apparatus of the present invention.
FIG. 3 is a schematic structural diagram of a computer device for implementing a data desensitization method according to a preferred embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in detail with reference to the accompanying drawings and specific embodiments.
FIG. 1 is a flow chart of a preferred embodiment of the data desensitization method of the present invention. The order of the steps in the flow chart may be changed and some steps may be omitted according to different needs.
The data desensitization method is applied to one or more computer devices, which are devices capable of automatically performing numerical calculation and/or information processing according to preset or stored instructions, and the hardware thereof includes, but is not limited to, a microprocessor, an Application Specific Integrated Circuit (ASIC), a Programmable Gate Array (FPGA), a Digital Signal Processor (DSP), an embedded device, and the like.
The computer device may be any electronic product capable of performing human-computer interaction with a user, for example, a Personal computer, a tablet computer, a smart phone, a Personal Digital Assistant (PDA), a game machine, an interactive web Television (IPTV), an intelligent wearable device, and the like.
The computer device may also include a network device and/or a user device. The network device includes, but is not limited to, a single network server, a server group consisting of a plurality of network servers, or a Cloud Computing (Cloud Computing) based Cloud consisting of a large number of hosts or network servers.
The server may be an independent server, or may be a cloud server that provides basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, a middleware service, a domain name service, a security service, a Content Delivery Network (CDN), a big data and artificial intelligence platform, and the like.
Among them, Artificial Intelligence (AI) is a theory, method, technique and application system that simulates, extends and expands human Intelligence using a digital computer or a machine controlled by a digital computer, senses the environment, acquires knowledge and uses the knowledge to obtain the best result.
The artificial intelligence infrastructure generally includes technologies such as sensors, dedicated artificial intelligence chips, cloud computing, distributed storage, big data processing technologies, operation/interaction systems, mechatronics, and the like. The artificial intelligence software technology mainly comprises a computer vision technology, a robot technology, a biological recognition technology, a voice processing technology, a natural language processing technology, machine learning/deep learning and the like.
The Network in which the computer device is located includes, but is not limited to, the internet, a wide area Network, a metropolitan area Network, a local area Network, a Virtual Private Network (VPN), and the like.
S10, in response to the data desensitization instruction for the target system, determining data to be processed in the target system.
In this embodiment, the target system includes a business system with data desensitization requirement, such as: online shopping malls associated with various enterprises, and the like.
In this embodiment, the data desensitization instruction may be triggered by a relevant staff, may also be configured to be triggered periodically, or may be triggered automatically when a data update is detected, which is not limited by the present invention.
In this embodiment, the data to be processed refers to sensitive data that needs desensitization modification, such as personal information including an identification number, a mobile phone number, a bank card number, a customer number, and the like.
Specifically, sensitive data such as an identification number, a mobile phone number and the like are obtained from the target system, and the obtained data are determined as the data to be processed.
S11, calling a naming format, and renaming the data to be processed according to the naming format to obtain first intermediate data.
In at least one embodiment of the present invention, renaming the data to be processed according to the naming format to obtain first intermediate data includes:
acquiring an initial field name of the data to be processed;
acquiring preset characters from the named format;
and splicing the preset character and the initial field name of the data to be processed to obtain the first intermediate data.
For example: when the preset character is enc and the initial field name of data in the data to be processed is XXX, the preset character can be named enc _ XXX according to the naming format.
Through the embodiment, the name of the sensitive data is modified according to the uniform naming format, so that the readability of the data is improved, the subsequent calling is facilitated, and the data processing efficiency is improved.
And S12, obtaining incremental data from the first intermediate data, and carrying out double-write operation on the incremental data to obtain second intermediate data.
In this embodiment, the acquiring incremental data from the first intermediate data includes:
acquiring data with change within a preset time range;
determining the altered data as the incremental data.
Wherein, the preset time range can be configured by self-definition, such as within 1 month.
In this embodiment, incremental transformation is performed on the sensitive data, that is, the double write operation is performed, then the stock purging is performed, and finally the single write operation is performed, thereby desensitizing the sensitive data.
Specifically, the operations in this embodiment may be implemented based on the JAVA8 Consumer language and the corresponding interface, which is not limited by the present invention.
In at least one embodiment of the present invention, the double write operation and the single write operation include a new addition process, an update process, a query process, and a query result return process, and the performing the double write operation on the incremental data includes:
when the incremental data is subjected to the newly added processing, acquiring a plaintext of the incremental data, a set method of a plaintext field, a set method of a ciphertext field and a set method of an encryption flag bit;
determining the plaintext of the incremental data, a set method of the plaintext field, a set method of the ciphertext field and a set method of the encryption flag bit as input parameters, and adding the incremental data to obtain a ciphertext corresponding to the incremental data;
decrypting the ciphertext corresponding to the incremental data to obtain first decrypted data;
checking the plaintext consistency of the first decrypted data and the incremental data;
when the first decrypted data is inconsistent with the plaintext of the incremental data, determining that the first decrypted data does not pass verification, and separately recording the plaintext of the incremental data; or
And when the first decrypted data is consistent with the plaintext of the incremental data, determining that the first decrypted data passes the verification, and simultaneously recording the plaintext of the incremental data and the ciphertext corresponding to the incremental data.
In the embodiment, by checking the consistency of the first decrypted data and the plaintext, the degradation processing can be executed when the abnormality is captured, and only the plaintext is used for processing the related service, so that data errors caused by recording of inconsistent ciphertext are avoided, the service is affected, and the accuracy is higher.
It should be noted that, in the process of executing the double write operation, the update process is similar to the operation manner of the new processing, but the entry is different, and corresponding changes need to be made, which is not described herein again.
Further, the performing a double write operation on the delta data further includes:
detecting the execution progress of the new addition processing and the update processing when the query processing is executed on the incremental data;
when the execution progress shows that the newly-added processing and the updating processing are executed completely, clearing the plaintext of the incremental data, and inquiring by using the ciphertext corresponding to the incremental data; or
And when the execution progress shows that the newly-added processing and the updating processing are not executed completely, inquiring by using the plaintext of the incremental data.
Through the embodiment, the method and the device can avoid being used for querying the data when the incremental data is not modified, and can cause query errors.
Further, the performing a double write operation on the delta data further includes:
when the query result return processing is executed on the incremental data, detecting whether a ciphertext corresponding to the incremental data is a null field;
when the ciphertext corresponding to the incremental data is not a null field, decrypting the ciphertext corresponding to the incremental data to obtain second decrypted data;
checking the plaintext consistency of the second decrypted data and the incremental data;
when the second decrypted data is inconsistent with the plaintext of the incremental data, determining that the second decrypted data does not pass the verification, and returning the plaintext of the incremental data; or
And when the second decrypted data is consistent with the plaintext of the incremental data, determining that the second decrypted data passes verification, and returning the second decrypted data.
By the adoption of the method, degradation processing can be performed when the data is abnormal, plaintext is directly returned as a query result, and the problem that data query is wrong due to wrong ciphertext and the correctness of the data query is influenced is avoided.
According to the data processing method and device, the data can be normally used in the desensitization process in a plaintext and ciphertext double-writing mode, the transformation risk is reduced, and data loss cannot be caused.
And S13, when the double-write operation is detected to be completed, acquiring stock data from the first intermediate data, and performing cleaning operation on the stock data to obtain third intermediate data.
In this embodiment, the inventory data refers to data that is stored historically and has not been changed within the preset time range.
In at least one embodiment of the invention, the performing a purge operation on the inventory data includes:
acquiring a pre-established configuration file, wherein the configuration file is used for storing a cleaning method of each database table;
acquiring a JOB to be executed, acquiring a plurality of database tables corresponding to the JOB to be executed, and taking the database tables as a plurality of target database tables;
querying a cleaning method of each target database table in the configuration file as a target method of each target database table;
acquiring the ID of the primary key when the execution of the to-be-executed JOB is finished last time from each target database table;
acquiring a pre-maintained ID range, and acquiring a plurality of threads from a pre-established thread pool, wherein the number of the threads is consistent with the number of the target database tables;
starting from a primary key ID of each target database table, executing the JOB to be executed in parallel based on the target method and the plurality of threads in the ID range;
acquiring time consumption and data processing amount after the execution of the to-be-executed JOB is finished;
and updating the ID range according to the consumed time and the data processing amount.
In the above embodiment, by configuring the ID range, the data processing amount can be effectively reduced on the premise of ensuring accuracy, and thus the efficiency is improved.
For example: when data is queried, the ID range can be configured into 100 data to obtain 10 data, so that querying 10 data in 100 data can certainly reduce querying time, and meanwhile, sufficient data can be guaranteed to serve as support, accuracy of data querying cannot be affected, and influence on normal operation of a system is reduced.
In the above embodiment, asynchronous callback and streaming processing are performed on each database table by adopting multiple threads, so that the efficiency of data processing can be further improved, and the mutual influence among different database tables is reduced.
In the above embodiment, after each JOB execution, the time consumption and the data processing amount are collected, and the ID range is updated accordingly, so as to optimize the next processing mode, thereby further improving the data cleaning effect.
Further, while maintaining the ID range, the data processing amount may be continuously increased until the consumed time reaches a threshold, and the ID range is determined according to the current data processing amount.
Configuration files, multiple threads and ID range configuration are convenient for unified management and cleaning of data.
And S14, when the cleaning operation is detected to be completed, performing union operation on the second intermediate data and the third intermediate data to obtain fourth intermediate data.
In the above embodiment, the data obtained after the double write operation and the stock quantity purging operation are performed are combined to obtain the fourth intermediate data for subsequent execution of the single write operation.
And S15, performing single-write operation on the fourth intermediate data to obtain desensitization data corresponding to the data to be processed.
In at least one embodiment of the present invention, the performing a single write operation on the fourth intermediate data to obtain desensitization data corresponding to the data to be processed includes:
obtaining a ciphertext corresponding to the fourth intermediate data;
executing the newly-added processing, and/or the updating processing, and/or the query result returning processing by using the ciphertext corresponding to the fourth intermediate data;
in the execution process, when the ciphertext is detected to be inconsistent with the corresponding plaintext, the abnormity is thrown out, and the calling is returned to fail;
and after the single-write operation is finished, clearing the plaintext of the fourth intermediate data to obtain desensitization data corresponding to the data to be processed.
Through the implementation mode, desensitization to data can be realized without calling a large number of interfaces, and desensitization treatment for sensitive data is more optimized.
In other embodiments, according to the pre-configured requirement, an index can be added before the recorded ciphertext, so that the line where the ciphertext is located can be directly located through the index, and the retrieval efficiency is improved.
For example: according to the requirements of related service personnel, indexes are added when the mobile phone numbers are recorded, and then the corresponding mobile phone numbers can be inquired more efficiently.
It should be noted that, in order to further improve the security of the data and avoid malicious tampering of the data, desensitization data corresponding to the data to be processed may be stored in the blockchain node.
According to the technical scheme, the method can respond to a data desensitization instruction aiming at a target system, determine the data to be processed in the target system, call a naming format, rename the data to be processed according to the naming format to obtain first intermediate data, modify the name of sensitive data according to a uniform naming format, improve the readability of the data, facilitate subsequent call, improve the efficiency of data processing, obtain incremental data from the first intermediate data, perform double-write operation on the incremental data to obtain second intermediate data, ensure that the data can be normally used in the desensitization process through a mode of double-writing plaintext and ciphertext, reduce the risk of modification and avoid data loss, and obtain stock data from the first intermediate data when the execution of the double-write operation is detected to be finished, and cleaning the stock data to obtain third intermediate data, performing union operation on the second intermediate data and the third intermediate data to obtain fourth intermediate data when the cleaning operation is detected to be completed, performing write-once operation on the fourth intermediate data to obtain desensitization data corresponding to the data to be processed, and realizing desensitization of the data without calling a large number of interfaces so as to realize more optimal desensitization processing on the sensitive data.
Fig. 2 is a functional block diagram of a preferred embodiment of the data desensitization apparatus of the present invention. The data desensitization device 11 comprises a determination unit 110, a naming unit 111, a double-writing unit 112, a cleaning unit 113, an operation unit 114 and a single-writing unit 115. The module/unit referred to in the present invention refers to a series of computer program segments that can be executed by the processor 13 and that can perform a fixed function, and that are stored in the memory 12. In the present embodiment, the functions of the modules/units will be described in detail in the following embodiments.
In response to a data desensitization instruction for a target system, the determination unit 110 determines data to be processed in the target system.
In this embodiment, the target system includes a business system with data desensitization requirement, such as: online shopping malls associated with various enterprises, and the like.
In this embodiment, the data desensitization instruction may be triggered by a relevant staff, may also be configured to be triggered periodically, or may be triggered automatically when a data update is detected, which is not limited by the present invention.
In this embodiment, the data to be processed refers to sensitive data that needs desensitization modification, such as personal information including an identification number, a mobile phone number, a bank card number, a customer number, and the like.
Specifically, sensitive data such as an identification number, a mobile phone number and the like are obtained from the target system, and the obtained data are determined as the data to be processed.
The naming unit 111 calls a naming format and renames the data to be processed according to the naming format to obtain first intermediate data.
In at least one embodiment of the present invention, the renaming unit 111 renames the data to be processed according to the naming format to obtain first intermediate data, where the renaming unit includes:
acquiring an initial field name of the data to be processed;
acquiring preset characters from the named format;
and splicing the preset character and the initial field name of the data to be processed to obtain the first intermediate data.
For example: when the preset character is enc and the initial field name of data in the data to be processed is XXX, the preset character can be named enc _ XXX according to the naming format.
Through the embodiment, the name of the sensitive data is modified according to the uniform naming format, so that the readability of the data is improved, the subsequent calling is facilitated, and the data processing efficiency is improved.
The double-writing unit 112 obtains incremental data from the first intermediate data, and performs double-writing operation on the incremental data to obtain second intermediate data.
In this embodiment, the acquiring incremental data from the first intermediate data includes:
acquiring data with change within a preset time range;
determining the altered data as the incremental data.
Wherein, the preset time range can be configured by self-definition, such as within 1 month.
In this embodiment, incremental transformation is performed on the sensitive data, that is, the double write operation is performed, then the stock purging is performed, and finally the single write operation is performed, thereby desensitizing the sensitive data.
Specifically, the operations in this embodiment may be implemented based on the JAVA8 Consumer language and the corresponding interface, which is not limited by the present invention.
In at least one embodiment of the present invention, the double write operation and the single write operation include a new addition process, an update process, a query process, and a query result return process, and the performing, by the double write unit 112, the double write operation on the incremental data includes:
when the incremental data is subjected to the newly added processing, acquiring a plaintext of the incremental data, a set method of a plaintext field, a set method of a ciphertext field and a set method of an encryption flag bit;
determining the plaintext of the incremental data, a set method of the plaintext field, a set method of the ciphertext field and a set method of the encryption flag bit as input parameters, and adding the incremental data to obtain a ciphertext corresponding to the incremental data;
decrypting the ciphertext corresponding to the incremental data to obtain first decrypted data;
checking the plaintext consistency of the first decrypted data and the incremental data;
when the first decrypted data is inconsistent with the plaintext of the incremental data, determining that the first decrypted data does not pass verification, and separately recording the plaintext of the incremental data; or
And when the first decrypted data is consistent with the plaintext of the incremental data, determining that the first decrypted data passes the verification, and simultaneously recording the plaintext of the incremental data and the ciphertext corresponding to the incremental data.
In the embodiment, by checking the consistency of the first decrypted data and the plaintext, the degradation processing can be executed when the abnormality is captured, and only the plaintext is used for processing the related service, so that data errors caused by recording of inconsistent ciphertext are avoided, the service is affected, and the accuracy is higher.
It should be noted that, in the process of executing the double write operation, the update process is similar to the operation manner of the new processing, but the entry is different, and corresponding changes need to be made, which is not described herein again.
Further, the double writing unit 112 performs a double writing operation on the incremental data, further including:
detecting the execution progress of the new addition processing and the update processing when the query processing is executed on the incremental data;
when the execution progress shows that the newly-added processing and the updating processing are executed completely, clearing the plaintext of the incremental data, and inquiring by using the ciphertext corresponding to the incremental data; or
And when the execution progress shows that the newly-added processing and the updating processing are not executed completely, inquiring by using the plaintext of the incremental data.
Through the embodiment, the method and the device can avoid being used for querying the data when the incremental data is not modified, and can cause query errors.
Further, the double writing unit 112 performs a double writing operation on the incremental data, further including:
when the query result return processing is executed on the incremental data, detecting whether a ciphertext corresponding to the incremental data is a null field;
when the ciphertext corresponding to the incremental data is not a null field, decrypting the ciphertext corresponding to the incremental data to obtain second decrypted data;
checking the plaintext consistency of the second decrypted data and the incremental data;
when the second decrypted data is inconsistent with the plaintext of the incremental data, determining that the second decrypted data does not pass the verification, and returning the plaintext of the incremental data; or
And when the second decrypted data is consistent with the plaintext of the incremental data, determining that the second decrypted data passes verification, and returning the second decrypted data.
By the adoption of the method, degradation processing can be performed when the data is abnormal, plaintext is directly returned as a query result, and the problem that data query is wrong due to wrong ciphertext and the correctness of the data query is influenced is avoided.
According to the data processing method and device, the data can be normally used in the desensitization process in a plaintext and ciphertext double-writing mode, the transformation risk is reduced, and data loss cannot be caused.
When the double-write operation is detected to be completed, the cleaning unit 113 obtains stock data from the first intermediate data, and performs a cleaning operation on the stock data to obtain third intermediate data.
In this embodiment, the inventory data refers to data that is stored historically and has not been changed within the preset time range.
In at least one embodiment of the present invention, the purge unit 113 performing a purge operation on the inventory data includes:
acquiring a pre-established configuration file, wherein the configuration file is used for storing a cleaning method of each database table;
acquiring a JOB to be executed, acquiring a plurality of database tables corresponding to the JOB to be executed, and taking the database tables as a plurality of target database tables;
querying a cleaning method of each target database table in the configuration file as a target method of each target database table;
acquiring the ID of the primary key when the execution of the to-be-executed JOB is finished last time from each target database table;
acquiring a pre-maintained ID range, and acquiring a plurality of threads from a pre-established thread pool, wherein the number of the threads is consistent with the number of the target database tables;
starting from a primary key ID of each target database table, executing the JOB to be executed in parallel based on the target method and the plurality of threads in the ID range;
acquiring time consumption and data processing amount after the execution of the to-be-executed JOB is finished;
and updating the ID range according to the consumed time and the data processing amount.
In the above embodiment, by configuring the ID range, the data processing amount can be effectively reduced on the premise of ensuring accuracy, and thus the efficiency is improved.
For example: when data is queried, the ID range can be configured into 100 data to obtain 10 data, so that querying 10 data in 100 data can certainly reduce querying time, and meanwhile, sufficient data can be guaranteed to serve as support, accuracy of data querying cannot be affected, and influence on normal operation of a system is reduced.
In the above embodiment, asynchronous callback and streaming processing are performed on each database table by adopting multiple threads, so that the efficiency of data processing can be further improved, and the mutual influence among different database tables is reduced.
In the above embodiment, after each JOB execution, the time consumption and the data processing amount are collected, and the ID range is updated accordingly, so as to optimize the next processing mode, thereby further improving the data cleaning effect.
Further, while maintaining the ID range, the data processing amount may be continuously increased until the consumed time reaches a threshold, and the ID range is determined according to the current data processing amount.
Configuration files, multiple threads and ID range configuration are convenient for unified management and cleaning of data.
When the cleaning operation is detected to be completed, the operation unit 114 performs union operation on the second intermediate data and the third intermediate data to obtain fourth intermediate data.
In the above embodiment, the data obtained after the double write operation and the stock quantity purging operation are performed are combined to obtain the fourth intermediate data for subsequent execution of the single write operation.
The single writing unit 115 performs a single writing operation on the fourth intermediate data to obtain desensitization data corresponding to the data to be processed.
In at least one embodiment of the present invention, the performing, by the single writing unit 115, a single writing operation on the fourth intermediate data to obtain desensitization data corresponding to the data to be processed includes:
obtaining a ciphertext corresponding to the fourth intermediate data;
executing the newly-added processing, and/or the updating processing, and/or the query result returning processing by using the ciphertext corresponding to the fourth intermediate data;
in the execution process, when the ciphertext is detected to be inconsistent with the corresponding plaintext, the abnormity is thrown out, and the calling is returned to fail;
and after the single-write operation is finished, clearing the plaintext of the fourth intermediate data to obtain desensitization data corresponding to the data to be processed.
Through the implementation mode, desensitization to data can be realized without calling a large number of interfaces, and desensitization treatment for sensitive data is more optimized.
In other embodiments, according to the pre-configured requirement, an index can be added before the recorded ciphertext, so that the line where the ciphertext is located can be directly located through the index, and the retrieval efficiency is improved.
For example: according to the requirements of related service personnel, indexes are added when the mobile phone numbers are recorded, and then the corresponding mobile phone numbers can be inquired more efficiently.
It should be noted that, in order to further improve the security of the data and avoid malicious tampering of the data, desensitization data corresponding to the data to be processed may be stored in the blockchain node.
According to the technical scheme, the method can respond to a data desensitization instruction aiming at a target system, determine the data to be processed in the target system, call a naming format, rename the data to be processed according to the naming format to obtain first intermediate data, modify the name of sensitive data according to a uniform naming format, improve the readability of the data, facilitate subsequent call, improve the efficiency of data processing, obtain incremental data from the first intermediate data, perform double-write operation on the incremental data to obtain second intermediate data, ensure that the data can be normally used in the desensitization process through a mode of double-writing plaintext and ciphertext, reduce the risk of modification and avoid data loss, and obtain stock data from the first intermediate data when the execution of the double-write operation is detected to be finished, and cleaning the stock data to obtain third intermediate data, performing union operation on the second intermediate data and the third intermediate data to obtain fourth intermediate data when the cleaning operation is detected to be completed, performing write-once operation on the fourth intermediate data to obtain desensitization data corresponding to the data to be processed, and realizing desensitization of the data without calling a large number of interfaces so as to realize more optimal desensitization processing on the sensitive data.
Fig. 3 is a schematic structural diagram of a computer device for implementing the data desensitization method according to the preferred embodiment of the present invention.
The computer device 1 may comprise a memory 12, a processor 13 and a bus, and may further comprise a computer program, such as a data desensitization program, stored in the memory 12 and executable on the processor 13.
It will be understood by those skilled in the art that the schematic diagram is merely an example of the computer device 1, and does not constitute a limitation to the computer device 1, the computer device 1 may have a bus-type structure or a star-shaped structure, the computer device 1 may further include more or less other hardware or software than those shown, or different component arrangements, for example, the computer device 1 may further include an input and output device, a network access device, etc.
It should be noted that the computer device 1 is only an example, and other electronic products that are currently available or may come into existence in the future, such as electronic products that can be adapted to the present invention, should also be included in the scope of the present invention, and are included herein by reference.
The memory 12 includes at least one type of readable storage medium, which includes flash memory, removable hard disks, multimedia cards, card-type memory (e.g., SD or DX memory, etc.), magnetic memory, magnetic disks, optical disks, etc. The memory 12 may in some embodiments be an internal storage unit of the computer device 1, for example a removable hard disk of the computer device 1. The memory 12 may also be an external storage device of the computer device 1 in other embodiments, such as a plug-in removable hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), etc. provided on the computer device 1. Further, the memory 12 may also include both an internal storage unit and an external storage device of the computer device 1. The memory 12 can be used not only for storing application software installed in the computer apparatus 1 and various kinds of data such as codes of a data desensitization program, etc., but also for temporarily storing data that has been output or is to be output.
The processor 13 may be composed of an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be composed of a plurality of integrated circuits packaged with the same or different functions, including one or more Central Processing Units (CPUs), microprocessors, digital Processing chips, graphics processors, and combinations of various control chips. The processor 13 is a Control Unit (Control Unit) of the computer device 1, connects the respective components of the entire computer device 1 by using various interfaces and lines, and executes various functions and processes data of the computer device 1 by running or executing programs or modules (for example, executing a data desensitizing program and the like) stored in the memory 12 and calling data stored in the memory 12.
The processor 13 executes the operating system of the computer device 1 and various installed application programs. The processor 13 executes the application program to implement the steps in the various data desensitization method embodiments described above, such as the steps shown in fig. 1.
Illustratively, the computer program may be divided into one or more modules/units, which are stored in the memory 12 and executed by the processor 13 to accomplish the present invention. The one or more modules/units may be a series of computer readable instruction segments capable of performing certain functions, which are used to describe the execution of the computer program in the computer device 1. For example, the computer program may be divided into a determination unit 110, a naming unit 111, a double write unit 112, a flush unit 113, an arithmetic unit 114, a single write unit 115.
The integrated unit implemented in the form of a software functional module may be stored in a computer-readable storage medium. The software functional module is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a computer device, or a network device) or a processor (processor) to execute the parts of the data desensitization method according to the embodiments of the present invention.
The integrated modules/units of the computer device 1 may be stored in a computer-readable storage medium if they are implemented in the form of software functional units and sold or used as separate products. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented.
Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, U-disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), random-access Memory, or the like.
Further, the computer-readable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the blockchain node, and the like.
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
The bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one line is shown in FIG. 3, but this does not mean only one bus or one type of bus. The bus is arranged to enable connection communication between the memory 12 and at least one processor 13 or the like.
Although not shown, the computer device 1 may further include a power supply (such as a battery) for supplying power to each component, and preferably, the power supply may be logically connected to the at least one processor 13 through a power management device, so that functions of charge management, discharge management, power consumption management and the like are realized through the power management device. The power supply may also include any component of one or more dc or ac power sources, recharging devices, power failure detection circuitry, power converters or inverters, power status indicators, and the like. The computer device 1 may further include various sensors, a bluetooth module, a Wi-Fi module, and the like, which are not described herein again.
Further, the computer device 1 may further include a network interface, and optionally, the network interface may include a wired interface and/or a wireless interface (such as a WI-FI interface, a bluetooth interface, etc.), which are generally used for establishing a communication connection between the computer device 1 and other computer devices.
Optionally, the computer device 1 may further comprise a user interface, which may be a Display (Display), an input unit, such as a Keyboard (Keyboard), and optionally a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable for displaying information processed in the computer device 1 and for displaying a visualized user interface.
It is to be understood that the described embodiments are for purposes of illustration only and that the scope of the appended claims is not limited to such structures.
Fig. 3 shows only the computer device 1 with the components 12-13, and it will be understood by a person skilled in the art that the structure shown in fig. 3 does not constitute a limitation of the computer device 1 and may comprise fewer or more components than shown, or a combination of certain components, or a different arrangement of components.
In connection with fig. 1, the memory 12 in the computer device 1 stores a plurality of instructions to implement a data desensitization method, the processor 13 being executable to implement:
in response to a data desensitization instruction for a target system, determining data to be processed in the target system;
calling a naming format, and renaming the data to be processed according to the naming format to obtain first intermediate data;
obtaining incremental data from the first intermediate data, and performing double-write operation on the incremental data to obtain second intermediate data;
when the fact that the double-write operation is finished is detected, stock data are obtained from the first intermediate data, and the stock data are cleaned to obtain third intermediate data;
when the cleaning operation is detected to be finished, performing union operation on the second intermediate data and the third intermediate data to obtain fourth intermediate data;
and performing single-write operation on the fourth intermediate data to obtain desensitization data corresponding to the data to be processed.
Specifically, the processor 13 may refer to the description of the relevant steps in the embodiment corresponding to fig. 1 for a specific implementation method of the instruction, which is not described herein again.
In the embodiments provided in the present invention, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice.
The invention is operational with numerous general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like. The invention may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional module.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof.
The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the present invention may also be implemented by one unit or means through software or hardware. The terms first, second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.

Claims (10)

1. A data desensitization method, characterized in that the data desensitization method comprises:
in response to a data desensitization instruction for a target system, determining data to be processed in the target system;
calling a naming format, and renaming the data to be processed according to the naming format to obtain first intermediate data;
obtaining incremental data from the first intermediate data, and performing double-write operation on the incremental data to obtain second intermediate data;
when the fact that the double-write operation is finished is detected, stock data are obtained from the first intermediate data, and the stock data are cleaned to obtain third intermediate data;
when the cleaning operation is detected to be finished, performing union operation on the second intermediate data and the third intermediate data to obtain fourth intermediate data;
and performing single-write operation on the fourth intermediate data to obtain desensitization data corresponding to the data to be processed.
2. The data desensitization method according to claim 1, wherein said renaming the data to be processed according to the named format to obtain first intermediate data comprises:
acquiring an initial field name of the data to be processed;
acquiring preset characters from the named format;
and splicing the preset character and the initial field name of the data to be processed to obtain the first intermediate data.
3. The data desensitization method of claim 1, wherein the dual write operations and the single write operations include a new add process, an update process, an inquiry process, and an inquiry result return process, the performing dual write operations on the incremental data comprising:
when the incremental data is subjected to the newly added processing, acquiring a plaintext of the incremental data, a set method of a plaintext field, a set method of a ciphertext field and a set method of an encryption flag bit;
determining the plaintext of the incremental data, a set method of the plaintext field, a set method of the ciphertext field and a set method of the encryption flag bit as input parameters, and adding the incremental data to obtain a ciphertext corresponding to the incremental data;
decrypting the ciphertext corresponding to the incremental data to obtain first decrypted data;
checking the plaintext consistency of the first decrypted data and the incremental data;
when the first decrypted data is inconsistent with the plaintext of the incremental data, determining that the first decrypted data does not pass verification, and separately recording the plaintext of the incremental data; or
And when the first decrypted data is consistent with the plaintext of the incremental data, determining that the first decrypted data passes the verification, and simultaneously recording the plaintext of the incremental data and the ciphertext corresponding to the incremental data.
4. A data desensitization method according to claim 3, wherein said double writing the delta data further comprises:
detecting the execution progress of the new addition processing and the update processing when the query processing is executed on the incremental data;
when the execution progress shows that the newly-added processing and the updating processing are executed completely, clearing the plaintext of the incremental data, and inquiring by using the ciphertext corresponding to the incremental data; or
And when the execution progress shows that the newly-added processing and the updating processing are not executed completely, inquiring by using the plaintext of the incremental data.
5. A data desensitization method according to claim 3, wherein said double writing the delta data further comprises:
when the query result return processing is executed on the incremental data, detecting whether a ciphertext corresponding to the incremental data is a null field;
when the ciphertext corresponding to the incremental data is not a null field, decrypting the ciphertext corresponding to the incremental data to obtain second decrypted data;
checking the plaintext consistency of the second decrypted data and the incremental data;
when the second decrypted data is inconsistent with the plaintext of the incremental data, determining that the second decrypted data does not pass the verification, and returning the plaintext of the incremental data; or
And when the second decrypted data is consistent with the plaintext of the incremental data, determining that the second decrypted data passes verification, and returning the second decrypted data.
6. A method of data desensitization according to claim 1, wherein said performing a purge operation on said inventory data comprises:
acquiring a pre-established configuration file, wherein the configuration file is used for storing a cleaning method of each database table;
acquiring a JOB to be executed, acquiring a plurality of database tables corresponding to the JOB to be executed, and taking the database tables as a plurality of target database tables;
querying a cleaning method of each target database table in the configuration file as a target method of each target database table;
acquiring the ID of the primary key when the execution of the to-be-executed JOB is finished last time from each target database table;
acquiring a pre-maintained ID range, and acquiring a plurality of threads from a pre-established thread pool, wherein the number of the threads is consistent with the number of the target database tables;
starting from a primary key ID of each target database table, executing the JOB to be executed in parallel based on the target method and the plurality of threads in the ID range;
acquiring time consumption and data processing amount after the execution of the to-be-executed JOB is finished;
and updating the ID range according to the consumed time and the data processing amount.
7. The data desensitization method according to claim 3, wherein said performing a single write operation on the fourth intermediate data to obtain desensitization data corresponding to the pending data comprises:
obtaining a ciphertext corresponding to the fourth intermediate data;
executing the newly-added processing, and/or the updating processing, and/or the query result returning processing by using the ciphertext corresponding to the fourth intermediate data;
in the execution process, when the ciphertext is detected to be inconsistent with the corresponding plaintext, the abnormity is thrown out, and the calling is returned to fail;
and after the single-write operation is finished, clearing the plaintext of the fourth intermediate data to obtain desensitization data corresponding to the data to be processed.
8. A data desensitization apparatus, characterized in that the data desensitization apparatus comprises:
the device comprises a determining unit, a processing unit and a processing unit, wherein the determining unit is used for responding to a data desensitization instruction aiming at a target system and determining data to be processed in the target system;
the naming unit is used for calling a naming format and renaming the data to be processed according to the naming format to obtain first intermediate data;
the double-write unit is used for acquiring incremental data from the first intermediate data and performing double-write operation on the incremental data to obtain second intermediate data;
the cleaning unit is used for acquiring stock data from the first intermediate data when the double-write operation is detected to be finished, and cleaning the stock data to obtain third intermediate data;
the operation unit is used for performing union operation on the second intermediate data and the third intermediate data to obtain fourth intermediate data when the cleaning operation is detected to be finished;
and the single-writing unit is used for executing single-writing operation on the fourth intermediate data to obtain desensitization data corresponding to the data to be processed.
9. A computer device, characterized in that the computer device comprises:
a memory storing at least one instruction; and
a processor executing instructions stored in the memory to implement a method of desensitizing data according to any of claims 1 to 7.
10. A computer-readable storage medium characterized by: the computer readable storage medium having stored therein at least one instruction for execution by a processor in a computer device to implement a data desensitization method according to any of claims 1 to 7.
CN202111441922.2A 2021-11-30 2021-11-30 Data desensitization method, apparatus, device and medium Pending CN114139199A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111441922.2A CN114139199A (en) 2021-11-30 2021-11-30 Data desensitization method, apparatus, device and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111441922.2A CN114139199A (en) 2021-11-30 2021-11-30 Data desensitization method, apparatus, device and medium

Publications (1)

Publication Number Publication Date
CN114139199A true CN114139199A (en) 2022-03-04

Family

ID=80389751

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111441922.2A Pending CN114139199A (en) 2021-11-30 2021-11-30 Data desensitization method, apparatus, device and medium

Country Status (1)

Country Link
CN (1) CN114139199A (en)

Similar Documents

Publication Publication Date Title
CN112328677B (en) Lost data recovery method, device, equipment and medium based on table association
CN115118738B (en) Disaster recovery method, device, equipment and medium based on RDMA
CN111950621A (en) Target data detection method, device, equipment and medium based on artificial intelligence
CN115936886B (en) Failure detection method, device, equipment and medium for heterogeneous securities trading system
CN115081538A (en) Customer relationship identification method, device, equipment and medium based on machine learning
CN113806434A (en) Big data processing method, device, equipment and medium
CN114185776A (en) Big data point burying method, device, equipment and medium for application program
CN114547696A (en) File desensitization method and device, electronic equipment and storage medium
CN114169303A (en) Method, device, equipment and medium for editing table based on vue.js
CN114816371B (en) Message processing method, device, equipment and medium
CN115002062B (en) Message processing method, device, equipment and readable storage medium
CN115731047A (en) Batch order processing method, equipment and medium
CN113419718A (en) Data transmission method, device, equipment and medium
CN115101152A (en) Sample priority switching method, device, equipment and medium
CN114139199A (en) Data desensitization method, apparatus, device and medium
CN114840388A (en) Data monitoring method and device, electronic equipment and storage medium
CN114626103A (en) Data consistency comparison method, device, equipment and medium
CN112686759A (en) Account checking monitoring method, device, equipment and medium
CN115065642B (en) Code table request method, device, equipment and medium under bandwidth limitation
CN114860349B (en) Data loading method, device, equipment and medium
CN115543214B (en) Data storage method, device, equipment and medium in low-delay scene
CN116843454B (en) Channel information management method, device, equipment and medium
CN115934576B (en) Test case generation method, device, equipment and medium in transaction scene
CN116934263B (en) Product batch admittance method, device, equipment and medium
CN113687834B (en) Distributed system node deployment method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination