[go: up one dir, main page]

CN108288003A - A kind of Database Dynamic desensitization method and system based on more agency mechanisms - Google Patents

A kind of Database Dynamic desensitization method and system based on more agency mechanisms Download PDF

Info

Publication number
CN108288003A
CN108288003A CN201711473573.6A CN201711473573A CN108288003A CN 108288003 A CN108288003 A CN 108288003A CN 201711473573 A CN201711473573 A CN 201711473573A CN 108288003 A CN108288003 A CN 108288003A
Authority
CN
China
Prior art keywords
desensitization
data
agency
agent group
database
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711473573.6A
Other languages
Chinese (zh)
Inventor
战立岸
王洪涛
樊建峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Upper Marine Infotech Share Co Ltd Of Interrogating
Original Assignee
Upper Marine Infotech Share Co Ltd Of Interrogating
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Upper Marine Infotech Share Co Ltd Of Interrogating filed Critical Upper Marine Infotech Share Co Ltd Of Interrogating
Priority to CN201711473573.6A priority Critical patent/CN108288003A/en
Publication of CN108288003A publication Critical patent/CN108288003A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The present invention relates to a kind of Database Dynamic desensitization methods based on more agency mechanisms, include the following steps:Configuration service database and dynamic desensitization rule model library;It creates and acts on behalf of the desensitization agent group formed by multiple;User terminal establishes connection with agency one of in desensitization agent group;Act on behalf of the data of monitoring users end transmission;After data desensitize according to desensitization rule, desensitization data are sent to user terminal.Present invention employs the mechanism of desensitization agent group, can desensitization operation be carried out to the data of disparate databases type simultaneously, agent pool mechanism in agent group can improve the desensitization speed of data, it is faster more flexible to the data desensitization speed under big data environment, and the scalability of agency is enhanced, and uses and operates and is also more easy.

Description

A kind of Database Dynamic desensitization method and system based on more agency mechanisms
Technical field
The present invention relates to field of information security technology more particularly to a kind of Database Dynamic desensitizations based on more agency mechanisms Method and system.
Background technology
With the arrival in big data epoch, a large amount of sensitive and important information is usually contained in every profession and trade data resource, one Denier is revealed or is illegally utilized, it will is brought irreparable damage to individual even country, is worth and excavates in big data On the basis of how to protect the privacy information of people, will be that data desensitize the problem that must be solved.
Dynamic data desensitization has two class realization mechanisms at present:Realization mechanism based on view and the realization machine based on agency System.Realization mechanism based on view needs to change database structure and code although efficiency is higher;And the realization based on agency Although mechanism flexibility is high, adaptable, there is shortcoming in autgmentability and uniformity management aspect.It is both difficult to cope with big The severe challenge of data desensitization under data environment.
Invention content
Technical problem to be solved by the invention is to provide a kind of Database Dynamic desensitization methods based on more agency mechanisms And system, can desensitization process flexibly and efficiently be carried out to the data of database.
In order to solve the above technical problems, the technical scheme is that:A kind of Database Dynamic based on more agency mechanisms Desensitization method includes the following steps:
Configuration service database and dynamic desensitization rule model library;
It creates and acts on behalf of the desensitization agent group formed by multiple;
User terminal establishes connection with agency one of in the desensitization agent group;
Act on behalf of the data of monitoring users end transmission;
After data desensitize according to desensitization rule, desensitization data are sent to user terminal.
The agency is subdivided into several generations by the desensitization agent group according to data type as a preferred technical solution, Manage pond.
Further include database and the library update of dynamic desensitization rule model as a preferred technical solution, and described in reconstruction The step of desensitization agent group.
A kind of Database Dynamic desensitization system based on more agency mechanisms, including:
For storing the dynamic desensitization rule model library for needing the service database to desensitize and for storing desensitization rule;
Proxy management server for creating and recombinating desensitization agent group;
Multiple proxy servers that desensitization agent group is constituted as agency.
By adopting the above-described technical solution, the beneficial effects of the invention are as follows:Present invention employs the machines of desensitization agent group System can carry out desensitization operation to the data of disparate databases type simultaneously, and the agent pool mechanism in agent group can improve number According to desensitization speed, it is faster more flexible to the data desensitization speed under big data environment, and enhance the scalability of agency, And it uses and operates and is also more easy.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention without having to pay creative labor, may be used also for those of ordinary skill in the art With obtain other attached drawings according to these attached drawings.
Fig. 1 is a kind of flow chart of the Database Dynamic desensitization method based on more agency mechanisms of the present invention;
Fig. 2 is a kind of structure diagram of the Database Dynamic desensitization system based on more agency mechanisms of the present invention.
Specific implementation mode
As shown in Figure 1, a kind of Database Dynamic desensitization method based on more agency mechanisms, includes the following steps:
Configuration service database and dynamic desensitization rule model library;
It creates and acts on behalf of the desensitization agent group formed by multiple, it is preferred that agency is subdivided by desensitization agent group according to data type Several agent pools, agent pool includes MYSQL_DS agent pools and ORACLE_DS agent pools in the present embodiment;
User terminal establishes connection with agency one of in desensitization agent group;
Act on behalf of the data of monitoring users end transmission;
After data desensitize according to desensitization rule, desensitization data are sent to user terminal.
This method further includes database and the library update of dynamic desensitization rule model, and the step of rebuilding desensitization agent group.
The system as shown in Fig. 2, a kind of Database Dynamic based on more agency mechanisms desensitizes, including:
Dynamic desensitization rule model library for the service database of storage service data and for storing desensitization rule;
Proxy management server for creating and recombinating desensitization agent group;
Multiple proxy servers that desensitization agent group is constituted as agency.
Working principle of the present invention is as follows:
Configuration needs the service database DATA_SYSTEM to desensitize and desensitization rule model library RULES_MODEL_LIB, generation first Management server is managed according to database and the rule creation desensitization agent group that desensitizes, the agency in agent group monitors the number sended over According to carrying out desensitization process to data according to desensitization rule and then the Data Data after desensitization be sent to user.
Operating process:
1)Initialization, proxy management server(AGENT_MANAGEMENT_SERVICE)According to the service database of configuration (DATA_SYSTEM)Proxy server, create one desensitization agent group(AGENT_GROUP), in agent group, according to data Agent group is subdivided into MYSQL_DS agent pools by type(MYSQL_AGENT_POOL)With ORACLE_DS agent pools(ORACLE_ AGENT_POOL).
2)After the completion of agent group creates, user U1 is connected to the service database of MYSQL_DS by client, then U1 Client is established with proxy server Mysql_Agent1 one of in MYSQL_AGENT_POOL agent pools and is communicated to connect.
3)After connection setup, this not reusable agency of other users U2 hereafter to come, proxy server Mysql_ Agent1 can monitor whether corresponding ports have data to come, and proxy server Mysql_Agent1 can be by de- after receiving data Quick plug-in unit is handled data according to desensitization strategy.
4)Data pass through desensitization process after the completion of, proxy server Mysql_Agent1 can by the data after desensitization according still further to Former road is sent to client.
5)If U1 is not turned off the connection with service database MYSQL_DS, the data of U1 can take all the time by agency Be engaged in device Mysql_Agent1 carries out desensitization process, and constantly repeatedly 3)、4)Step;If be disconnected, proxy server Mysql_ Agent1 can be in unbound state, other users to come can also be acted on behalf of with this.
6)The proxy management server ceaselessly proxy server in snoop agents group, if the configuration of database or de- Quick strategy is changed, then proxy server can be restarted or be added to proxy management server, rebuilds desensitization agent group.
The basic principles and main features and advantages of the present invention of the present invention have been shown and described above.The technology of the industry Personnel are it should be appreciated that the present invention is not limited to the above embodiments, and the above embodiments and description only describe this The principle of invention, without departing from the spirit and scope of the present invention, various changes and improvements may be made to the invention, these changes Change and improvement all fall within the protetion scope of the claimed invention.The claimed scope of the invention by appended claims and its Equivalent thereof.

Claims (4)

1. a kind of Database Dynamic desensitization method based on more agency mechanisms, it is characterised in that:Include the following steps:
Configuration service database and dynamic desensitization rule model library;
It creates and acts on behalf of the desensitization agent group formed by multiple;
User terminal establishes connection with agency one of in the desensitization agent group;
Act on behalf of the data of monitoring users end transmission;
After data desensitize according to desensitization rule, desensitization data are sent to user terminal.
2. a kind of Database Dynamic desensitization method based on more agency mechanisms as described in claim 1, it is characterised in that:It is described The agency is subdivided into several agent pools by desensitization agent group according to data type.
3. a kind of Database Dynamic desensitization method based on more agency mechanisms as described in claim 1, it is characterised in that:Also wrap Include database and the library update of dynamic desensitization rule model, and the step of rebuilding the desensitization agent group.
The system 4. a kind of Database Dynamic based on more agency mechanisms desensitizes, which is characterized in that including:
For storing the dynamic desensitization rule model library for needing the service database to desensitize and for storing desensitization rule;
Proxy management server for creating and recombinating desensitization agent group;
Multiple proxy servers that desensitization agent group is constituted as agency.
CN201711473573.6A 2017-12-29 2017-12-29 A kind of Database Dynamic desensitization method and system based on more agency mechanisms Pending CN108288003A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711473573.6A CN108288003A (en) 2017-12-29 2017-12-29 A kind of Database Dynamic desensitization method and system based on more agency mechanisms

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711473573.6A CN108288003A (en) 2017-12-29 2017-12-29 A kind of Database Dynamic desensitization method and system based on more agency mechanisms

Publications (1)

Publication Number Publication Date
CN108288003A true CN108288003A (en) 2018-07-17

Family

ID=62832225

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711473573.6A Pending CN108288003A (en) 2017-12-29 2017-12-29 A kind of Database Dynamic desensitization method and system based on more agency mechanisms

Country Status (1)

Country Link
CN (1) CN108288003A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112000986A (en) * 2020-08-27 2020-11-27 中国平安财产保险股份有限公司 Data desensitization method, device, equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101355427A (en) * 2008-07-22 2009-01-28 中国移动通信集团江苏有限公司 Information gateway-business support system internal control security method
US20140164405A1 (en) * 2012-12-12 2014-06-12 Institute For Information Industry Dynamic data masking method and database system
CN106407843A (en) * 2016-10-17 2017-02-15 深圳中兴网信科技有限公司 Data desensitization method and data desensitization device
US20170169245A1 (en) * 2015-11-01 2017-06-15 International Business Machines Corporation Dynamic Data Masking of Post-Output Database Data
CN107392051A (en) * 2017-07-28 2017-11-24 北京明朝万达科技股份有限公司 A kind of big data processing method and system
CN106599713B (en) * 2016-11-11 2019-04-12 中国电子科技网络信息安全有限公司 A kind of database desensitization system and method based on big data

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101355427A (en) * 2008-07-22 2009-01-28 中国移动通信集团江苏有限公司 Information gateway-business support system internal control security method
US20140164405A1 (en) * 2012-12-12 2014-06-12 Institute For Information Industry Dynamic data masking method and database system
US20170169245A1 (en) * 2015-11-01 2017-06-15 International Business Machines Corporation Dynamic Data Masking of Post-Output Database Data
CN106407843A (en) * 2016-10-17 2017-02-15 深圳中兴网信科技有限公司 Data desensitization method and data desensitization device
CN106599713B (en) * 2016-11-11 2019-04-12 中国电子科技网络信息安全有限公司 A kind of database desensitization system and method based on big data
CN107392051A (en) * 2017-07-28 2017-11-24 北京明朝万达科技股份有限公司 A kind of big data processing method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陈天莹 等: "大数据环境下的智能数据脱敏系统", 《通信技术》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112000986A (en) * 2020-08-27 2020-11-27 中国平安财产保险股份有限公司 Data desensitization method, device, equipment and storage medium
CN112000986B (en) * 2020-08-27 2025-07-15 中国平安财产保险股份有限公司 Data desensitization method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN111124277B (en) Deep learning data set caching method, system, terminal and storage medium
WO2016183545A1 (en) Distributed and optimized garbage collection of remote and exported table handle links to update propagation graph nodes
CN105357273B (en) SOCKET communications and management of process general-purpose platform and method under asynchronous communication model
CN114041134B (en) Systems and methods for secure storage based on blockchain
CN114338684B (en) An energy management system and method
CN108566290A (en) service configuration management method, system, storage medium and server
CN108920948A (en) A kind of anti-fraud streaming computing device and method
CN111008105A (en) Distributed system call relationship visualization method and device
CN113222408A (en) Online inquiry service monitoring method, device, equipment and storage medium
DE112021000361T5 (en) PERFECT FORWARD SECRECY FOR VIRTUAL MACHINES
CN108885667A (en) Safety risk management system, server, control method and non-transitory computer-readable medium
CN102737016B (en) A system and a method for generating information files based on parallel processing
CN108063787A (en) The method that dual-active framework is realized based on distributed consensus state machine
CN109815198A (en) Method and device for realizing source layer of mobile game big data
US7933981B1 (en) Method and apparatus for graphical representation of elements in a network
CN110324365A (en) Without key front end cluster system, application method, storage medium, electronic device
CN108288003A (en) A kind of Database Dynamic desensitization method and system based on more agency mechanisms
CN106354723B (en) A kind of on-line data acquisition system
CN104536926B (en) The control method and device of serial equipment
CN102929744B (en) A kind of Local Area Network real-time database date storage method and system
CN112217639B (en) Data encryption sharing method and device, electronic equipment and computer storage medium
CN108512917A (en) A kind of data push method and system based on Websocket
CN108900482A (en) Execution method, server management system and the storage medium of script
CN116781591B (en) A pressure testing system, pressure testing terminal and storage medium based on flow dyeing and transparent transmission technology
CN107395722A (en) A kind of group system event interaction processing method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180717