Risk assessment method and device for private data leakage

A privacy data and data technology, which is applied in the field of risk assessment for privacy data leakage, can solve problems such as illegal calls, stealing users' personal privacy information, user privacy leakage, etc., and achieve the effect of improving credibility and usability

Active Publication Date: 2020-04-17
ALIPAY (HANGZHOU) INFORMATION TECH CO LTD
View PDF3 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, with the increase in the amount of API data, the requester's personalized business customization and the unavoidable development and management loopholes, there are still differences between the actual output data content of the API and the requester's declared content, resulting in the existence of data during the API call process. risk of leakage
For example, there may be cases where the requester makes illegal calls to APIs that it does not have the right to call, stealing the user's personal privacy information, resulting in the leakage of user privacy

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Risk assessment method and device for private data leakage
  • Risk assessment method and device for private data leakage
  • Risk assessment method and device for private data leakage

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] The following describes the solutions provided in this specification with reference to the drawings.

[0028] As mentioned earlier, there is a risk of data leakage in the current API call process. Specifically, because of the large number of APIs and the difficulty of avoiding API development and management vulnerabilities, the actual output data content of the API and the data actually requested by the requestor or the requester There may be differences in data with usage rights.

[0029] For example, an API that a certain requesting party has no right to call is illegally called by the certain requesting party due to omissions in API authority management, and outputs the user's sensitive personal information, resulting in leakage of user privacy.

[0030] For another example, a requesting party has the right to call a certain API, but its contract data with the service platform only includes part of the data that can be output by the certain API (such as user gender, user ad...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention provides a risk assessment method for private data leakage. The method comprises the steps that firstly, a request message sent by a requester to a service platform andused for calling an application program interface (API) and a response message returned by the service platform for the request message are obtained, and the request message is used for requesting private data of a target object; then, the request message and the response message are analyzed to obtain analyzed data which at least comprises a plurality of target APIs, input parameters for the plurality of target APIs and a plurality of privacy categories of privacy data output through the plurality of target APIs; then, permission data of API calling of the requester is obtained from the service platform, wherein the permission data comprises an API set which the requester has permission to call, a parameter set composed of parameters which have permission to be transmitted in for the APIset, and a privacy category set of output data corresponding to the parameter set; and then, at least based on the analysis data and the permission data, the data leakage risk of the API call is evaluated.

Description

Technical field [0001] One or more embodiments of this specification relate to the technical field of data information security, and in particular to a risk assessment method and device for private data leakage. Background technique [0002] API (Application Programming Interface) has the advantages of convenient calling and strong versatility, and has gradually become the main way of providing Internet network services. Therefore, API calls have also become a key focus area to prevent data leakage. [0003] The service platform usually stores the basic information data of the objects it serves (such as individuals or enterprises, etc.), as well as the service data generated during the use of the service. It is understandable that these data are all private data for the service object. In the case where the service object authorizes some of their private data, the service platform can provide API call services to the data demander (such as research institutions or merchants, etc....

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/62
CPCG06F21/6245
Inventor 邓圆
Owner ALIPAY (HANGZHOU) INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap