Data display method and device, computer device, storage medium and program product

Abstract

This application provides a data display method, apparatus, computer equipment, storage medium, and program product, relating to the field of data security and applicable to the financial sector or other technical fields. The method includes: receiving a user read request from a first target user and obtaining the user's permission level; based on the user permission level, obtaining a de-identification tag for the target field requested to be read in the user read request, the de-identification tag indicating whether the field needs to be de-identified, and if de-identification is required, the de-identification rules also include the corresponding de-identification rules for the field; obtaining the target data corresponding to the target field requested to be read in the user read request; processing the target data according to the de-identification tag and displaying it. This application adds a de-identification tag when storing data, and retrieves data based on the de-identification tag of the field being viewed when the user queries, thus achieving dynamic de-identification without changing the actual stored data; and selecting appropriate de-identification rules based on the user's permission level ensures data security.

Description

Technical Field

[0001] This application relates to the field of data security, and in particular to a data display method, apparatus, computer equipment, storage medium, and program product. Background Technology

[0002] Sensitive data refers to data that, if leaked, could cause serious harm to society or individuals. This includes, but is not limited to, names, ID card numbers, addresses, phone numbers, bank account numbers, email addresses, passwords, medical information, and educational backgrounds. Data security display technology refers to the technique of processing sensitive data using custom-configured de-identification rules to achieve de-identified display. This de-identification process does not change the actual content of the data storage, nor does it affect complex computational operations on the sensitive data, ensuring that the de-identified sensitive data is usable and providing secure and effective protection for sensitive data.

[0003] For existing data privacy protection models built on deep learning, the data collection, preprocessing, and storage processes during the training of deep learning models may leak data or its sensitive features. Furthermore, deep learning models are typically black-box models, making it impossible to directly understand their internal workings. This makes it difficult to detect potential privacy leaks during training, and even if problems are discovered, they may be difficult to fix because the model's internal weights and structure are randomly initialized. Summary of the Invention

[0004] This application provides data display methods, apparatus, computer equipment, storage media, and program products to achieve high data security and flexible data usage.

[0005] In a first aspect, embodiments of this application provide a data display method, the method comprising:

[0006] Receive the user read request from the first target user and obtain the user permission level of the first target user;

[0007] Based on the user's permission level, obtain the de-identification tag of the target field requested to be read in the user's read request. The de-identification tag is used to indicate whether the field needs to be de-identified, and when de-identification is required, the de-identification rules also include the corresponding de-identification rules for the field.

[0008] Retrieve the target data corresponding to the target field requested in the user's read request, process the target data according to the de-identification tag, and then display the data.

[0009] In one possible implementation, based on the user's permission level, the de-identified tag of the target field requested to be read in the user's read request is obtained, including:

[0010] When the user's permission level is the first permission level, which indicates low security for the user, the de-identification tag of the target field requested to be read in the user's read request is determined according to the first correspondence relationship, wherein the first correspondence relationship is used to indicate the correspondence between the user's permission level, the field type, and the de-identification tag;

[0011] When the user's permission level is the second permission level, which indicates high security for the user, the de-identification tag of the target field requested to be read in the user's read request is not retrieved, or the de-identification tag of the target field requested to be read in the user's read request is empty by default.

[0012] In one possible implementation, the target data is processed and displayed based on the de-identified label, including:

[0013] When the user's permission level is the first permission level, which indicates low security for the user, determine the de-sensitization rules in the de-sensitization tags of the target field requested to be read in the user's read request;

[0014] The target data is processed based on the de-identification rules to obtain de-identified data, which is then displayed.

[0015] In one possible implementation, the target data is de-identified and displayed based on the de-identification label, including:

[0016] When the user's permission level is the second permission level, which indicates high security for the user, the target data is displayed directly.

[0017] In one possible implementation, the method further includes:

[0018] Receive the write request from the second target user and obtain the target field requested to be written in the write request.

[0019] Based on the second correspondence, the de-identification tag of the target field to be written is determined. The second correspondence is used to indicate the correspondence between the field type and the de-identification tag in the source data.

[0020] Based on the de-identification tag of the target field requested to be written, execute the write operation corresponding to the user's write request.

[0021] In one possible implementation, based on the de-identification tag of the target field to be written, the write operation corresponding to the user's write request is executed, including:

[0022] For sensitive data requested to be written in a user write request, the sensitive data is processed according to its corresponding de-identification tag and preset homomorphic encryption rules to obtain encrypted data and store it.

[0023] In one possible implementation, the desensitization rules include custom desensitization rules, which are used to indicate the format in which sensitive data is retained.

[0024] Secondly, embodiments of this application provide a data display device, characterized in that the device includes:

[0025] The information interaction module is used to receive user read requests from the first target user and obtain the user permission level of the first target user;

[0026] The request processing module is used to obtain the de-identification tag of the target field requested to be read in the user's read request according to the user's permission level. The de-identification tag is used to indicate whether the field needs to be de-identified, and when de-identification is required, the de-identification rules also include the corresponding de-identification rules of the field.

[0027] The data display module is used to obtain the target data corresponding to the target field requested in the user's read request, process the target data according to the de-identification tag, and then display it.

[0028] Thirdly, embodiments of this application provide a computer device, including: a memory and a processor;

[0029] The memory stores instructions that the computer executes;

[0030] The processor executes computer execution instructions stored in memory, causing the processor to perform the first aspect and / or various possible implementations of the first aspect as described above.

[0031] Fourthly, embodiments of this application provide a computer-readable storage medium storing computer-executable instructions, which, when executed by a processor, are used to implement the first aspect and / or various possible implementations of the first aspect.

[0032] Fifthly, embodiments of this application provide a computer program product, including a computer program that, when executed by a processor, implements the first aspect and / or various possible implementations of the first aspect.

[0033] This application provides a data display method, apparatus, computer device, storage medium, and program product. The method includes: receiving a user read request from a first target user and obtaining the user permission level of the first target user; based on the user permission level, obtaining a de-identification tag for the target field requested to be read in the user read request, wherein the de-identification tag indicates whether the field needs to be de-identified, and if de-identification is required, the de-identification rules also include the corresponding de-identification rules for the field; obtaining the target data corresponding to the target field requested to be read in the user read request; processing the target data according to the de-identification tag and displaying it. This application adds de-identification tags to the data when storing it, and obtains the data based on the de-identification tags of the fields being viewed when the user queries it, which can achieve dynamic de-identification without changing the actual stored data; and selects appropriate de-identification rules based on the user permission level to ensure data security. Attached Figure Description

[0034] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with this application and, together with the description, serve to explain the principles of this application.

[0035] Figure 1 This is a schematic diagram illustrating an application scenario of the data display method provided in one embodiment.

[0036] Figure 2 Flow of a data display method provided in one embodiment Figure 1 ;

[0037] Figure 3 This is a schematic diagram illustrating the processing of a user read request in one embodiment;

[0038] Figure 4 Flow of a data display method provided in one embodiment Figure 2 ;

[0039] Figure 5 Flow of a data display method provided in one embodiment Figure 3 ;

[0040] Figure 6 This is a schematic diagram illustrating the processing of a user write request as provided in one embodiment;

[0041] Figure 7 This is a schematic diagram of the structure of a data display device provided in one embodiment;

[0042] Figure 8 This is an internal structural diagram of a computer device in one embodiment.

[0043] The accompanying drawings illustrate specific embodiments of this application, which will be described in more detail below. These drawings and descriptions are not intended to limit the scope of the concept in any way, but rather to illustrate the concept of this application to those skilled in the art through reference to particular embodiments. Detailed Implementation

[0044] Exemplary embodiments will now be described in detail, examples of which are illustrated in the accompanying drawings. When the following description relates to the drawings, unless otherwise indicated, the same numbers in different drawings denote the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with this application. Rather, they are merely examples of apparatuses and methods consistent with some aspects of this application as detailed in the appended claims.

[0045] In the description of this application, the terms "first" and "second" are used for descriptive purposes only and should not be construed as indicating or implying relative importance or implicitly specifying the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of this application, "multiple" means two or more, unless otherwise explicitly specified.

[0046] First, let me explain the terms used in this application:

[0047] Data anonymization technology refers to the process of identifying sensitive data in storage devices by customizing a sensitive data rule base, utilizing sensitive field identification functions, and then anonymizing the sensitive data according to the set anonymization strategy.

[0048] Sensitive data identification: refers to the process of automatically detecting sensitive fields in source data, such as ID card numbers, mobile phone numbers, email addresses, etc., and identifying them according to preset rules.

[0049] Desensitization strategy configuration: This refers to setting corresponding desensitization strategies based on the identified sensitive fields, such as hash desensitization, masking desensitization, replacement desensitization, encryption desensitization, or shuffling desensitization.

[0050] Data processing and storage devices: These refer to hardware devices used for processing and storing data, such as servers and databases. These devices typically have computing, storage, and communication functions, and can support the implementation and application of data anonymization technologies.

[0051] Front-end presentation refers to the process of displaying processed data to users in the form of a user interface. This can be achieved through various methods, such as web pages and mobile applications. The purpose of front-end presentation is to allow users to intuitively understand and access the anonymized data.

[0052] Sensitive data refers to data that, if leaked, could cause serious harm to society or individuals. This includes, but is not limited to, names, ID card numbers, addresses, phone numbers, bank account numbers, email addresses, passwords, medical information, and educational backgrounds. Data security display technology refers to the technique of processing sensitive data using custom-configured de-identification rules to achieve de-identified display. This de-identification process does not change the actual content of the data storage, nor does it affect complex computational operations on the sensitive data, ensuring that the de-identified sensitive data is usable and providing secure and effective protection for sensitive data.

[0053] For existing data privacy protection models built on deep learning, the data collection, preprocessing, and storage processes during the training of deep learning models may leak data or its sensitive features. Furthermore, deep learning models are typically black-box models, making it impossible to directly understand their internal workings. This makes it difficult to detect potential privacy leaks during training, and even if problems are discovered, they may be difficult to fix because the model's internal weights and structure are randomly initialized.

[0054] To address the aforementioned technical problems, this application provides a data display method capable of dynamically de-identifying and then displaying the de-identified data. The method provided in this application can be applied to, for example... Figure 1 In the application environment shown, the application environment includes a terminal 102 and a processing device 104. The terminal 102 can be a monitor, computer, smartphone, tablet computer, or portable computer, etc. The processing device 104 can be a server, a server cluster consisting of several servers, or other computer equipment. The terminal 102 establishes wired or wireless communication with the processing device 104.

[0055] Terminal 102 acts as the front end, used to display data to the user and receive user input commands and data to achieve interaction with the user. Processing device 104 acts as the back end, used to interact with the front end and process data from the data source, such as displaying it after anonymization. For example, a client, script, or browser can be installed on terminal 102 to implement the front end's functions. The user interface of terminal 102 can be displayed as a client interface, terminal interface, or a corresponding webpage in a browser. In subsequent embodiments, processing device 104 displaying certain data refers to processing device 104 displaying the data through a user interface. In one possible implementation, the aforementioned application environment is a bare metal computing system, and processing device 104 is a bare metal storage device storing a data source that can be used for computation. In another possible implementation, the aforementioned application environment is a data analysis system. This application environment may also include a data analysis device used to analyze data from the data source. Optionally, the data analysis device can be integrated into the processing device, and the processing device can provide the data source to the data analysis device after anonymization. In yet another implementation, the aforementioned application environment is a data sharing system. In this application environment, there are multiple terminals. The processing device can share the de-identified data source with one or more other terminals when triggered by a user on one terminal.

[0056] In one embodiment, such as Figure 2 As shown, a data visualization method has been provided, which can be applied to... Figure 1 Taking the processing device 104 as an example, the following steps are included:

[0057] Step 202: Receive the user read request from the first target user and obtain the user permission level of the first target user;

[0058] Step 204: Based on the user's permission level, obtain the desensitization tag of the target field requested to be read in the user's read request. The desensitization tag is used to indicate whether the field needs to be desensitized, and when desensitization is required, the desensitization rules also include the corresponding desensitization rules for the field.

[0059] Step 206: Obtain the target data corresponding to the target field requested to be read in the user's read request, process the target data according to the de-identification tag, and then display it.

[0060] First, it should be noted that the processing device 104 includes a storage layer, which stores the actual raw data. The target user triggers a data request command through the terminal 102 and sends it to the processing device 104. The 104 then completes the data display method provided in this embodiment and sends the data queried by the target user to the terminal 102 for display.

[0061] The first target user refers to the user who logs into terminal 102 based on their user identity information and triggers a data request command on terminal 102. It is understood that each user's identity information is unique; therefore, a unique identifier is generated based on each user's identity information, and this identifier is sent to processing device 104 along with the triggered data request command. The user's user permission level is obtained based on the unique identifier of the first target user. Specifically, the user permission level of the first target user can be obtained through a permission mapping table stored in processing device 104.

[0062] A user read request is a type of data request instruction used to request the reading of data. A user read request includes the target fields that need to be read and displayed, such as identity information, mobile phone number, and address. Upon receiving a user read request, it is parsed to extract the target fields and obtain the corresponding de-identification tags based on these fields.

[0063] User permission levels indicate a user's level of security, and similarly, their access rights to data. For customers with lower security levels, data needs to be anonymized when requesting access to protect their privacy. Understandably, the higher a user's security level, the higher their corresponding user permission level.

[0064] Based on the de-identification tags of the target field, the read operation request is rewritten. The rewritten read operation request is then used for step-by-step concurrent submission to the storage space to extract the target data. The data is then de-identified based on the corresponding de-identification tags of the target field and displayed. In one embodiment, such as... Figure 3 As shown, the processing device 104 includes a presentation layer, a computing layer, and a storage layer. The computing layer includes a security engine and a computing engine, and the storage layer stores the original data and de-identified labels. The data display method provided in this embodiment includes:

[0065] 1. A secure user initiates a read request: This means that the current user is a secure user and sensitive data needs to be anonymized for display; this type of account initiates the read operation.

[0066] 2. Initiate a request: A connection is established through the security engines of the presentation layer and the computing layer, and the specific read operation is issued;

[0067] 3. Obtain the de-identification tags for the returned fields: The security engine parses the read operation request, extracts the target fields, and retrieves the corresponding de-identification tags from the storage layer;

[0068] 4. Sending back field de-identification tags and read requests: The security engine attaches the target fields and corresponding de-identification tags;

[0069] 5. Issue rewritten read operations: The computing engine rewrites the read operation request based on the target field and corresponding de-identification tag provided by the security engine, which is used for step-by-step concurrent submission to the storage layer to extract the target data;

[0070] 6. Return the de-identified collection: The target data is obtained from the storage layer, de-identified by the computing engine of the computing layer, and formed into a streaming collection, which is then gradually pushed back to the security engine;

[0071] 7. Return Collection: The security engine adds identifiers to the de-identified fields and streams the collection before forwarding it to the presentation layer;

[0072] 8. Obtain the de-identified set: The presentation layer presents the target data to the first target user on the terminal and informs them of which specific fields have been de-identified.

[0073] Among them, a secure user refers to a user who has passed identity security authentication. If a user's identity has not passed security authentication, no data request instructions sent by the user will be responded to.

[0074] In the method provided in the above embodiments, a user read request from a first target user is received, and the user permission level of the first target user is obtained; according to the user permission level, the de-identification tag of the target field requested to be read in the user read request is obtained, the de-identification tag is used to indicate whether the field needs to be de-identified, and when de-identification is required, the de-identification rule also includes the corresponding de-identification rule for the field; the target data corresponding to the target field requested to be read in the user read request is obtained, and the target data is processed and displayed according to the de-identification tag. This application adds de-identification tags to the data when storing the data, and obtains the data based on the de-identification tag of the field being viewed when the user queries, which can achieve dynamic de-identification without changing the actual stored data; and selects appropriate de-identification rules based on the user permission level to ensure data security.

[0075] In one embodiment, such as Figure 4 As shown, based on the user's permission level, the de-identified tags of the target fields requested to be read in the user's read request are obtained, including:

[0076] Step 402: When the user's permission level is the first permission level indicating low security for the user, the de-identification tag of the target field requested to be read in the user's read request is determined according to the first correspondence relationship, wherein the first correspondence relationship is used to indicate the correspondence between the user's permission level, the field type, and the de-identification tag.

[0077] Step 404: When the user's permission level is the second permission level, which indicates high security for the user, the de-identification tag of the target field requested to be read in the user's read request is not obtained, or the de-identification tag of the target field requested to be read in the user's read request is left empty by default.

[0078] In this embodiment, the first permission level is lower than the second permission level, meaning users with the first permission level have lower security than those with the second permission level. Furthermore, users are only categorized into low-security and high-security users. When a target user sends a data request instruction for a read request, for target users with the first permission level, due to their lower security, the presented data needs to be anonymized. The anonymization tag corresponding to the target field requested by the target user with the first permission level is found through the first correspondence. It is then determined whether the data for each target field needs to be anonymized. If the target field has an anonymization tag, the target data corresponding to the target field is anonymized according to the corresponding anonymization rules. For target users with the second permission level, due to their higher security, the data they request to read can be displayed directly without anonymization.

[0079] It should be noted that not obtaining the desensitization tag of the target field requested in the user read request or the default value of the desensitization tag of the target field requested in the user read request being empty means that it is not necessary to obtain the desensitization tag of the target field, and desensitization is not required by default.

[0080] In the method provided in the above embodiments, the de-identification rules are determined by the user's permission level, which can prevent unauthorized access and use, help protect the security of sensitive information, prevent information leakage or malicious use, and improve data security.

[0081] In one embodiment, the target data is processed and displayed based on the de-identified label, including:

[0082] When the user's permission level is the first permission level, which indicates low security for the user, determine the de-sensitization rules in the de-sensitization tags of the target field requested to be read in the user's read request;

[0083] The target data is processed based on the de-identification rules to obtain de-identified data, which is then displayed.

[0084] In this embodiment, sensitive data rules are sorted out by referring to various sensitive data, such as the content characteristics of sensitive data such as ID cards, mobile phone numbers, and email addresses. Among them, for the ID card recognition method, it is judged that the data length is 15 or 18 digits. The first 6 digits are the regional identification numbers for each region. For the 18-digit ID card, the 7th to 14th digits are the date, and for the 15-digit ID card, the 7th to 12th digits are the date. The last digit of the 18-digit ID card is a numerical value or the character "X", and the remaining digits are all numerical values. For the email recognition method, it is judged that the data content contains "@" in the middle, and the string after "@" contains at least one "." separated character content, and the length does not exceed 100. For the mobile phone number recognition method, it starts with 13, 14, 15, 16, 17, 18, the data length is 11 digits, and all content is numbers. At the same time, for the telephone number, the area code is judged, such as 010, 021, 0551, 0565, etc. For the recognition of Chinese names, a preset sensitive word library is used, and word segmentation is performed through natural language processing technology. The surname identification of the Hundred Family Surnames is built in. If the recognition degree of the full field exceeds 50%, it is considered that the content conforms to the classification of the sensitive word. For example, if there are 100 pieces of data in a certain field, and more than 50 pieces of data hit the name rule.

[0085] The desensitization rules are used to process the sensitive data determined based on the above sensitive data rules to achieve desensitization. For example, desensitization strategies are configured for the fields in the rule library according to hash desensitization, masking desensitization, substitution desensitization transformation desensitization, encryption desensitization or shuffling desensitization. For the ID card desensitization strategy, the middle date of birth and the last digit are all masked with *, such as "342622********139*". For the mobile phone number transformation strategy, the first three digits are transformed into 199, and the last 8 digits are replaced and transformed, such as "19955518748". For the name desensitization strategy, it is deformed through the mapping of the Chinese character library, and the default character is assigned to the unmapped value, such as "Zhang San" is replaced with "Li Si". For the email desensitization strategy, the characters before and after the "@" symbol are mapped and deformed in English and numbers, and the default character is assigned to the unmapped value, such as "zhangsan@qq.com" is replaced with "lisi@163.com".

[0086] Based on the recognition of the above sensitive fields and the corresponding desensitization rules set, the desensitization strategy is configured for the source-sensitive data fields in batches in the storage device. In this embodiment, only the source data is desensitized, and the desensitization rules are inherited and passed downstream. The batch data service system has a hierarchical feature. Data desensitization only needs to perform desensitization operations on the source data. Downstream data generates the same desensitization rules according to the desensitization rules of the source data to achieve transfer desensitization, saving the operation of formulating desensitization strategies for all-link sensitive data and saving unnecessary consumption of computing resources.

[0087] In this embodiment, for the desensitization of complex processing result sets, the data desensitization transmission not only supports one-to-one mapping insertion transmission, but also supports inheritance transmission after complex logical processing, such as system functions (trim, sum, replace, etc.), join, copy to table, etc. The transmission process has the ability to pollute. (1) If multiple source data are inserted into the same target field, and a single source data has a single desensitization rule, the data in the corresponding field of the inserted target will all inherit the desensitization rule; (2) If there are multiple data sources and multiple data desensitization rules, different desensitization rules have priorities. The target field only inherits the high-priority desensitization rule. When multiple different desensitization rules have the same priority, the target field directly pollutes and inherits the masking desensitization rule; (3) If the source field has multiple desensitization rules and has complex system functions (trim, sum, replace, etc.), join, copy to table processing, the target field directly pollutes and inherits the full data masking desensitization rule.

[0088] The data flow during the processing of target data is based on de-identification rules, which rely on inheritance capabilities to pass on these rules. However, when the user's permission level is the second level, indicating high security, the target data can be displayed directly without de-identification.

[0089] In the method provided in the above embodiments, data is accessed through different data access channels, and the effectiveness of sensitive data de-identification rules is selectively set. Users with the first permission level access the display of de-identified data, while users with the second permission level access the display of real data. The ability to display de-identified data can be granted and revoked in the form of permissions.

[0090] In one embodiment, such as Figure 5 As shown, the method also includes:

[0091] Step 502: Receive the user write request from the second target user and obtain the target field requested to be written in the user write request;

[0092] Step 504: Determine the de-identification tag of the target field to be written according to the second correspondence relationship. The second correspondence relationship is used to indicate the correspondence between the field type and the de-identification tag in the source data.

[0093] Step 506: Execute the write operation corresponding to the user's write request based on the de-identification tag of the target field to be written.

[0094] A user write request is a type of data request instruction used to complete a data write operation. The target user submits a write request to the processing device's port. For the target field in the write request, the system checks if there is a data masking rule set in the source data; that is, it checks if the target field has a data masking tag. Based on the data masking tag, the write request is directly sent to the database engine to issue the write operation to complete the data writing. If the target field has a data masking tag in table A, it means that there is a corresponding data masking rule, and the data in the corresponding field in table B will also have a data masking tag.

[0095] like Figure 6 As shown, for a processing device with a storage layer, a computing layer, and a presentation layer, the processing procedure for a user write request is as follows:

[0096] 1. Write operation request: A write request triggered by the user;

[0097] 2. Initiating a request: The client presentation layer initiates a user write request to the security engine of the computing layer;

[0098] 3. Obtain source data de-identification tags: The security engine extracts the de-identification tags of the target fields in the associated source data from the de-identification tags in the storage layer, which are used by the security engine to asynchronously output the de-identification tags of the target fields;

[0099] 4. Send write requests: Write operation requests are sent synchronously through the computing engine to ensure that business write operations do not cause additional blocking;

[0100] 5. Write Successful: The storage layer acknowledges that the actual processed data has been successfully written, and the computing engine sends feedback to the security engine.

[0101] 6. Target field additional desensitization: The security engine informs the storage layer which target fields need to have additional desensitization attributes added, forming desensitization tags that are then passed down to the storage layer;

[0102] 7. Request Successful: After both the actual write operation and the de-identification tagging are successful, the security engine reports that the front-end presentation layer request was successful.

[0103] 8. Request successful: External users receive confirmation that the write operation was successfully executed, but they do not need to be concerned about the process of passing the de-identification tag.

[0104] In the method provided in the above embodiments, when parsing that the current user is performing a write operation, it determines whether the target inherits the source's de-identification rules based on whether predefined de-identification rules exist in the data source. If no de-identification mark exists, no de-identification rules are passed on and inherited. By inheriting de-identification rules, the operation of formulating de-identification rules for sensitive data across the entire data chain is eliminated, saving unnecessary computational resource consumption.

[0105] In one embodiment, based on the de-identified tag of the target field to be written, the write operation corresponding to the user's write request is executed, including:

[0106] For sensitive data requested to be written in a user write request, the sensitive data is processed according to its corresponding de-identification tag and preset homomorphic encryption rules to obtain encrypted data and store it.

[0107] Based on the built-in security engine of the processing device, sensitive data is homomorphically encrypted. Assuming A and B are sensitive data, and Enc is the encryption rule, then according to its homomorphism (Enc(A)°Enc(B)=Enc(A*B)), after a user submits a task with two plaintext data, the operation performed on the ciphertext is Enc(A)°Enc(B). Using homomorphic encryption, the data can still undergo basic calculations, statistics, analysis, and retrieval operations in the ciphertext domain. The processed data is then presented to the end user, ensuring data usability and full user access, thus reducing data analysis costs.

[0108] In one embodiment, the desensitization rules include custom desensitization rules, which are used to indicate the format in which sensitive data is retained.

[0109] Based on the processing device's built-in computing engine, data is tagged and attributes are added using its existing desensitization rules. In addition, a custom desensitization rule of "Format-Preserving Encryption (FPE)" is introduced. This means that if the entered sensitive data contains Chinese characters, the encrypted output will still be Chinese characters; if the data contains numbers, the encrypted output will still be numbers; and if the data contains letters, the encrypted output will still be letters. This format-preserving encryption uses the session number generated when the client connects as the key, ensuring the consistency of data encryption behavior for requests within the same connection session, and also ensuring the differences between different session connections and the requirements for preventing brute-force attacks. The format-preserving encryption introduces the Feistel network and cryptographic pseudo-random function in the FFX (Format-Preserving Encryption Feistel-based mode) mode to achieve irreversible encryption of data and preserve the data format.

[0110] The data display method mentioned in the above embodiments also includes:

[0111] Data anonymization: By anonymizing sensitive data, some information can be removed or replaced, making it impossible to identify a specific individual in the original data. This method is suitable for protecting personal privacy information.

[0112] Encrypted data storage: By encrypting and storing sensitive data, access and control of the data can be achieved without disclosing the original data. This method is suitable for scenarios where the confidentiality of sensitive information is critical.

[0113] Data obfuscation: By obfuscating sensitive data, its original structure and characteristics can be altered, making it difficult to identify and extract. This method is suitable for scenarios where the concealment of sensitive information is critical.

[0114] Rule-based data anonymization: This method filters, replaces, or deletes source data according to pre-defined rules and conditions, thereby achieving anonymization of sensitive data. It is suitable for scenarios with specific requirements for anonymization strategies.

[0115] Multi-dimensional data anonymization techniques: This approach combines multiple data anonymization techniques, such as data masking, anonymization, and encrypted storage, to achieve more comprehensive and effective sensitive data processing. This method is suitable for scenarios requiring the protection of sensitive information at different levels.

[0116] It should be understood that although the steps in the flowcharts of the above embodiments are shown sequentially according to the arrows, these steps are not necessarily executed in the order indicated by the arrows. Unless explicitly stated herein, there is no strict order restriction on the execution of these steps, and they can be executed in other orders. Moreover, at least some steps in the flowcharts of the above embodiments may include multiple steps or multiple stages. These steps or stages are not necessarily completed at the same time, but can be executed at different times. The execution order of these steps or stages is not necessarily sequential, but can be performed alternately or in turn with other steps or at least some of the steps or stages of other steps.

[0117] Based on the same inventive concept, this application also provides an abnormal transaction data monitoring device. The solution provided by this device is similar to the solution described in the above method. Therefore, the specific limitations of one or more abnormal transaction data monitoring device embodiments provided below can be found in the limitations of the abnormal transaction data monitoring method above, and will not be repeated here.

[0118] In one embodiment, such as Figure 7 As shown, a data display device 700 is provided, including an information interaction module 701, a request processing module 702, and a data display module 703, wherein:

[0119] The information interaction module 701 is used to receive the user read request from the first target user and obtain the user permission level of the first target user;

[0120] The request processing module 702 is used to obtain the de-sensitization tag of the target field requested to be read in the user's read request according to the user's permission level. The de-sensitization tag is used to indicate whether the field needs to be de-sensitized, and when de-sensitization is required, the de-sensitization rules also include the corresponding de-sensitization rules of the field.

[0121] The data display module 703 is used to obtain the target data corresponding to the target field requested in the user's read request, process the target data according to the de-identification tag, and display it.

[0122] In one embodiment, the request processing module 702 is further configured to:

[0123] When the user's permission level is the first permission level, which indicates low security for the user, the de-identification tag of the target field requested to be read in the user's read request is determined according to the first correspondence relationship, wherein the first correspondence relationship is used to indicate the correspondence between the user's permission level, the field type, and the de-identification tag;

[0124] When the user's permission level is the second permission level, which indicates high security for the user, the de-identification tag of the target field requested to be read in the user's read request is not retrieved, or the de-identification tag of the target field requested to be read in the user's read request is empty by default.

[0125] In one embodiment, the data display module 703 is further configured to:

[0126] When the user's permission level is the first permission level, which indicates low security for the user, determine the de-sensitization rules in the de-sensitization tags of the target field requested to be read in the user's read request;

[0127] The target data is processed based on the de-identification rules to obtain de-identified data, which is then displayed.

[0128] In one embodiment, the data display module 703 is further configured to:

[0129] When the user's permission level is the second permission level, which indicates high security for the user, the target data is displayed directly.

[0130] In one embodiment, the information interaction module 701 is further configured to:

[0131] Receive the write request from the second target user and obtain the target field requested to be written in the write request.

[0132] Based on the second correspondence, the de-identification tag of the target field to be written is determined. The second correspondence is used to indicate the correspondence between the field type and the de-identification tag in the source data.

[0133] Based on the de-identification tag of the target field requested to be written, execute the write operation corresponding to the user's write request.

[0134] In one embodiment, the information interaction module 701 is further configured to:

[0135] For sensitive data requested to be written in a user write request, the sensitive data is processed according to its corresponding de-identification tag and preset homomorphic encryption rules to obtain encrypted data and store it.

[0136] Each module in the aforementioned data display device can be implemented entirely or partially through software, hardware, or a combination thereof. These modules can be embedded in the processor of a computer device in hardware form or independent of it, or stored in the memory of a computer device in software form, so that the processor can call and execute the operations corresponding to each module.

[0137] The data display device provided in this embodiment can execute the method provided in the above method embodiment. Its implementation principle and technical effect are similar, and will not be described in detail here.

[0138] Figure 8 A schematic diagram of the structure of the computer device provided in this application. Figure 8 As shown, the electronic device 80 provided in this embodiment includes at least one processor 801 and a memory 802. Optionally, the device 80 further includes a communication component 803. The processor 801, memory 802, and communication component 803 are connected via a bus 804.

[0139] In a specific implementation, at least one processor 801 executes computer execution instructions stored in memory 802, causing at least one processor 801 to perform the above-described method.

[0140] The specific implementation process of processor 801 can be found in the above method embodiments, and its implementation principle and technical effect are similar. It will not be repeated here.

[0141] In the above embodiments, it should be understood that the processor can be a Central Processing Unit (CPU), or other general-purpose processors, digital signal processors (DSPs), application-specific integrated circuits (ASICs), etc. The general-purpose processor can be a microprocessor or any conventional processor. The steps of the method disclosed in this invention can be directly implemented by a hardware processor, or implemented by a combination of hardware and software modules within the processor.

[0142] The memory may include random access memory (RAM) and may also include non-volatile memory (NVM), such as at least one disk storage device.

[0143] The bus can be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, or an Extended Industry Standard Architecture (EISA) bus, etc. Buses can be categorized as address buses, data buses, control buses, etc. For ease of illustration, the buses shown in the accompanying drawings are not limited to a single bus or a single type of bus.

[0144] This application also provides a computer program product, including a computer program that, when executed by a processor, implements the above-described method.

[0145] This application also provides a computer-readable storage medium storing computer-executable instructions, which, when executed by a processor, implement the above-described method.

[0146] The aforementioned readable storage medium can be implemented by any type of volatile or non-volatile storage device or a combination thereof, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic storage, flash memory, magnetic disk, or optical disk. The readable storage medium can be any available medium accessible to a general-purpose or special-purpose computer.

[0147] An exemplary readable storage medium is coupled to a processor, enabling the processor to read information from and write information to the readable storage medium. Of course, the readable storage medium can also be a component of the processor. The processor and the readable storage medium can reside in an Application Specific Integrated Circuit (ASIC). Alternatively, the processor and the readable storage medium can exist as discrete components in the device.

[0148] The division of units is merely a logical functional division; in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the coupling or direct coupling or communication connection shown or discussed may be indirect coupling or communication connection through some interfaces, devices, or units, and may be electrical, mechanical, or other forms.

[0149] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.

[0150] In addition, the functional units in the various embodiments of the present invention can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit.

[0151] If a function is implemented as a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this invention, or the part that contributes to the prior art, or a part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods of the various embodiments of this invention. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.

[0152] Those skilled in the art will understand that all or part of the steps of the above-described method embodiments can be implemented by hardware related to program instructions. The aforementioned program can be stored in a computer-readable storage medium. When executed, the program performs the steps of the above-described method embodiments; and the aforementioned storage medium includes various media capable of storing program code, such as ROM, RAM, magnetic disks, or optical disks.

[0153] Finally, it should be noted that other embodiments of the invention will readily occur to those skilled in the art upon consideration of the specification and practice of the invention disclosed herein. This invention is intended to cover any variations, uses, or adaptations of the invention that follow the general principles of the invention and include common knowledge or customary techniques in the art not disclosed herein, and is not limited to the precise structures described above and shown in the accompanying drawings, and various modifications and changes can be made without departing from its scope. The scope of the invention is limited only by the appended claims.

Claims

1. A data presentation method, characterized by, The method includes: Receive a user read request from the first target user and obtain the user permission level of the first target user; Based on the user permission level, obtain the desensitization tag of the target field requested to be read in the user read request. The desensitization tag is used to indicate whether the field needs to be desensitized, and when desensitization is required, the desensitization rule also includes the corresponding desensitization rule of the field. Obtain the target data corresponding to the target field requested to be read in the user's read request, process the target data according to the de-identification tag, and then display it; The method further includes: Receive a write request from a second target user and obtain the target field requested to be written in the write request. Based on the second correspondence, the de-identification tag of the target field to be written is determined, and the second correspondence is used to indicate the correspondence between the field type and the de-identification tag in the source data; Based on the de-identification tag of the target field requested to be written, the write operation corresponding to the user's write request is executed; wherein, only the source data is de-identified, and the de-identification rules are inherited and passed down downstream. The downstream data generates the same de-identification rules based on the de-identification rules of the source data to achieve the transmission of de-identification; when downstream data is generated based on the source data, de-identification tags with the same or corresponding de-identification rules as the source data are generated for the downstream fields through data de-identification transmission, and the generated de-identification tags are stored in the storage layer as attributes of the downstream fields along with the downstream field data to achieve the transmission and implementation of de-identification tags; the original data of the target field requested to be written is stored in the storage layer along with the de-identification tags, and the original data is not modified by the de-identification rules.

2. The method according to claim 1, characterized in that, The step of obtaining the de-identified tag of the target field requested to be read in the user's read request according to the user's permission level includes: When the user permission level is a first permission level indicating low security for the user, the de-identification tag of the target field requested to be read in the user read request is determined according to the first correspondence, wherein the first correspondence is used to indicate the correspondence between the user permission level, the field type and the de-identification tag; When the user's permission level is the second permission level, which indicates high security for the user, the de-identification tag of the target field requested to be read in the user's read request is not obtained, or the de-identification tag of the target field requested to be read in the user's read request is left empty by default.

3. The method according to claim 2, characterized in that, The step of processing and displaying the target data based on the de-identified label includes: When the user's permission level is the first permission level, which indicates low security for the user, determine the de-sensitization rules in the de-sensitization tag of the target field requested to be read in the user's read request; The target data is processed based on the aforementioned desensitization rules to obtain desensitized data, which is then displayed.

4. The method according to claim 2, characterized in that, The step of de-identifying and displaying the target data based on the de-identified label includes: When the user permission level is the second permission level, which indicates high user security, the target data is displayed directly.

5. The method according to claim 1, characterized in that, The step of executing the write operation corresponding to the user write request based on the de-identified tag of the target field written according to the request includes: For the sensitive data requested to be written in the user write request, the sensitive data is processed according to its corresponding de-identification tag and preset homomorphic encryption rules to obtain encrypted data and store it.

6. A data display device, characterized in that, The device includes: The information interaction module is used to receive user read requests from the first target user and obtain the user permission level of the first target user. The request processing module is used to obtain the de-identification tag of the target field requested to be read in the user's read request according to the user's permission level. The de-identification tag is used to indicate whether the field needs to be de-identified, and when de-identification is required, the de-identification rules also include the corresponding de-identification rules for the field. The data display module is used to obtain the target data corresponding to the target field requested to be read in the user's read request, process the target data according to the de-identification tag, and display it. The information interaction module is also used for: receiving a user write request from a second target user, obtaining the target field requested to be written in the user write request; determining the desensitization label of the target field requested to be written according to a second correspondence, the second correspondence being used to indicate the correspondence between the field type and the desensitization label in the source data; executing the write operation corresponding to the user write request according to the desensitization label of the target field requested to be written; wherein, only the source data is desensitized, and the desensitization rules are inherited and passed down downstream, and the downstream data generates the same desensitization rules according to the desensitization rules of the source data to achieve the transmission of desensitization; when downstream data is generated based on the source data, the same or corresponding desensitization labels as the source data are generated for the downstream fields through data desensitization transmission, and the generated desensitization labels are stored in the storage layer as attributes of the downstream fields along with the downstream field data to achieve the transmission and implementation of desensitization labels; the original data of the target field requested to be written is stored in the storage layer along with the desensitization labels, and the original data is not modified by the desensitization rules.

7. A computer device, characterized in that, include: Memory, processor; The memory stores computer-executed instructions; The processor executes computer execution instructions stored in the memory, causing the processor to perform the method as described in any one of claims 1-5.

8. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores computer-executable instructions, which, when executed by a processor, are used to implement the method as described in any one of claims 1-5.

9. A computer program product, characterized in that, Includes a computer program that, when executed by a processor, implements the method described in any one of claims 1-5.

Images