Dynamically adjusting data protection method and system based on role sensitive field

Abstract

The invention belongs to the information safety field, and provides a dynamically adjusting data protection method and system based on role sensitive fields; the system comprises the following elements: a sensitive information setting unit used for setting sensitive fields, desensitization functions and parameters for different role data by a manager; a sensitive information storage unit used for storing a search list; a data processing unit used for storing desensitization functions, obtaining a user role and verifying the completeness of the search list, and modifying a SQL sentence according to rules stored in the sensitive information storage unit. The invention also discloses a method: using the data processing unit to parse the SQL sentence; and modifying the SQL sentence according to the requirements of the search list. The method and system set different sensitive field and desensitization functions for different role data, and can set different desensitization functions and parameters for the same sensitive field, thus satisfying different sensitive information protection degree demands by different roles; in addition, the desensitization data is stored in the database, thus reducing data leak damages.

Description

technical field [0001] The invention belongs to the field of information security, and relates to a database sensitive information protection technology, in particular to a data protection method and system for dynamic adjustment of role-based sensitive fields. Background technique [0002] Today's database security is very important to many enterprise networks, even related to the survival and development of an enterprise. For example: in the process of medical and health informatization, a large number of names and ID information of residents who are sick and visiting residents are involved; in the banking system, a large amount of customer information and transaction logs are involved. These information are the sensitive information or privacy of users. Once these data are leaked, it will cause user privacy leakage accidents, which will have a bad impact on users, the units involved and the society. [0003] In order to prevent leakage of information from a database, var...

AI Technical Summary

Problems solved by technology

[0015] The above invention fixes the tables, records, fields and encryption methods that need to be desensitized when initializing the database, which cannot meet the needs of users with different roles to protect different tables and sensitive fields, nor can it meet the needs of users with different roles to protect the same sensitive fields. Sensitive fields use different masking functions and parameters for different protection requirements

At the same time, the encryption method requires special storage of the key; and the encrypted data cannot be used normally without decryption, which cannot meet the needs of statistics without leaking sensitive information of users

If the operation of data encryption and decryption is added to the client program, it will increase the development burden and cannot avoid the possibility of the key being stolen

Images