Role based dynamic database desensitization service method and system

Abstract

The invention belongs to the field of information safety and provides a role based dynamic database desensitization service method and system. The system comprises a parser for parsing SQL statements, a sensitive information setting unit for setting sensitive fields, desensitization functions and parameters for users of different roles, a sensitive information storage unit for storing a lookup table, a data processing unit for generating the desensitization functions in a database, obtaining user roles, verifying the integrity of the lookup table and modifying SELECT statements according to the requirements in the lookup table. In addition, the invention discloses the method, the method comprises the steps that the SQL statements are parsed through the parser, if the SQL statements are SELECT statements, the statements are submitted to the data processing unit for processing; if not, the statements are submitted to the database. Different sensitive fields and desensitization functions are set for the users of different roles, different desensitization functions can be also set for the same sensitive fields, the requirement for different sensitive data protection degrees of the users of different roles are met, and the diversification demand during provision of data service is met.

Description

technical field [0001] The invention belongs to the field of information security, and relates to a database sensitive information protection technology, in particular to a role-based database dynamic desensitization service method and system. Background technique [0002] A database is a place where computer servers are used to store data, and it is specially used to provide various data services. For example, in the process of medical and health informatization, the names and ID card information of a large number of sick patients are involved, and the database provides data query services for authorized applications. Applications of different units and roles can connect to medical databases to query medical information. For example, the program of the government's medical and health management department can read the hospital's medical statistics, and the mobile phone APP developed by the hospital can also read personal medical information. Providing the same original dat...

AI Technical Summary

Problems solved by technology

For example, patients can read personal disease information through the mobile app developed by the hospital, while the program of the government's medical and health management department can only read the hospital's medical statistics, but not the individual's condition

Moreover, the above invention fixes the tables, records, fields and encryption methods that need to be desensitized when initializing the database, which cannot satisfy the protection of different tables and sensitive fields for users of different roles, nor can it satisfy the use of different desensitization methods for users of different roles. Sensitive functions and parameters require different levels of protection for the same sensitive fields

Images