A data desensitization method and system based on a rotation mechanism

By constructing a diverse de-identification algorithm library and dynamically rotating strategies, combined with symmetric encryption, the problem of single de-identification strategies being easily cracked in existing technologies has been solved, thereby improving the security and flexibility of data de-identification and reducing risks.

CN122263153APending Publication Date: 2026-06-23STATE GRID SHANGHAI MUNICIPAL ELECTRIC POWER CO

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
STATE GRID SHANGHAI MUNICIPAL ELECTRIC POWER CO
Filing Date
2026-03-13
Publication Date
2026-06-23

Smart Images

  • Figure CN122263153A_ABST
    Figure CN122263153A_ABST
Patent Text Reader

Abstract

The present application relates to the technical field of data processing, and especially relates to a data desensitization method and system based on rotation mechanism, which firstly determines a key feature set of an original data set, then constructs a data desensitization algorithm library, respectively uses each algorithm in the data desensitization algorithm library to perform data desensitization processing on the original data set, tests the feature similarity of the desensitized data set, performs clustering, carries out a rotation strategy according to the desensitized data set in the sharing process of the desensitized data set, finally performs symmetric encryption processing on the desensitization algorithm and parameters, and attaches the ciphertext to the desensitized data set to track the rotation mechanism; the present application significantly improves the security and flexibility of data desensitization by introducing a dynamic rotation mechanism, reduces the data predictability risk, cumulative effect risk and environmental change risk by constructing a diversified desensitization algorithm library and regularly rotating the desensitization strategy.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of data processing technology, and in particular to a data desensitization method and system based on a rotation mechanism. Background Technology

[0002] Power grid supply chain management relies on the effective use of supply chain data, which has become one of the core elements supporting enterprise operations. However, supply chain data contains a large amount of sensitive information, including important content such as trade secrets, personal information, and non-public information. Once this information is leaked, enterprises will face severe risks, including weakened business competitiveness, potential legal and regulatory risks, and significant reputational damage.

[0003] Especially in the power grid supply chain sector, as the digitalization of the power grid supply chain deepens, data flow has become an indispensable and important way for supply chain collaboration. Digital transformation has generated massive amounts of data in all aspects of the power grid supply chain, such as material procurement, warehousing and logistics, production and manufacturing, and operation and maintenance. This data flows efficiently among upstream and downstream enterprises in the supply chain, power grid operation departments, and third-party service providers, greatly improving the transparency and collaboration efficiency of the supply chain. However, at the same time, the risk of sensitive information leakage is becoming increasingly prominent in the data flow, display and application stages. For example, un-anonymized supplier quotation information may reveal the company's procurement strategy; unprocessed power grid operation data may expose security vulnerabilities in critical infrastructure.

[0004] Currently, data anonymization technology has become an important means of protecting sensitive data. However, existing anonymization technologies show certain limitations when applied to complex and interconnected supply chain data. In order to further understand the necessity of rotating anonymization methods, a detailed analysis should be conducted on the various risks that may arise from using a single anonymization strategy. The following are four common risk points in practical applications.

[0005] The risk of data predictability arises because the de-identification strategy remains fixed throughout the entire data flow process. Key parameters, such as the number of clusters K and distance measurement methods in the K-means clustering algorithm, do not change over time or with different data batches. This creates a stable and predictable transformation pattern during data processing, meaning the de-identification process is no longer a black box but gradually becomes a relatively transparent transformation function. Malicious users can deduce fixed de-identification rules and patterns through reverse analysis and statistical comparison by accumulating shared data over a long period. This greatly increases the possibility of data leakage due to cross-data association inference, providing a predictable breakthrough for malicious attackers.

[0006] The risk of data accumulation effect: In the long-term, multi-stage data anonymization process, even if each anonymization operation can effectively mask sensitive information, small residual information may still gradually amplify as the batches of data anonymized accumulate. As the amount of data processed using the same anonymization method continues to increase, malicious attackers will accumulate more and more anonymized data samples for analysis. This accumulation effect will amplify the weaknesses of the anonymization strategy itself. What originally seemed to be independent and harmless residual information may also converge into complete clues of sensitive information, causing the security of the anonymized data to gradually decline. This accumulation effect not only affects data security, but may also lead to deviations in key statistical characteristics, thereby reducing the overall fidelity and business utility of the data.

[0007] Environmental changes and rapid technological advancements, particularly the rapid progress in artificial intelligence and machine learning, have significantly improved data analysis and pattern recognition capabilities. New anti-identification tools and algorithms are highly likely to find vulnerabilities in existing fixed anonymization strategies. If anonymization strategies are not dynamically adjusted, they are easily eliminated by external technological innovations. Currently, newly emerging algorithmic formulas can potentially crack traditional clustering replacement and differential privacy schemes. There is no permanently secure, established strategy. At the same time, the business environment of enterprises is constantly changing, and the characteristics and sensitivity of the resulting data will change at any time. Fixed, single anonymization solutions obviously lack sufficient flexibility to cope with these changes, leading to an increased risk of anonymized data exposure.

[0008] Internal attack risks exist because fixed de-identification strategies typically form a set of fixed processes and data formats within an organization. Internal personnel familiar with these processes or employees with high privileges have ample opportunity to exploit the rules and patterns of these fixed strategies to launch targeted attacks. Internal attackers can leverage their understanding of the system's de-identification algorithms, compare different data interfaces, and correlate business data across systems to gradually reconstruct sensitive information and even the details of the entire de-identification strategy. Furthermore, internal personnel possess the details and technical parameters of the de-identification process, making their attacks more efficient and covert compared to external attackers. This makes it more difficult for internal monitoring and auditing to detect abnormal changes in the de-identification process, leading to a greater risk of data leakage.

[0009] While the fixed nature of a single de-identification strategy has its advantages, it also makes it highly susceptible to information accumulation and vulnerability discovery by internal and external attackers. Over time, this will inevitably weaken data protection capabilities and pose a significant risk to enterprise data security. To effectively prevent such risks, introducing a de-identification method rotation mechanism is particularly crucial.

[0010] Therefore, in order to address the above problems, this invention proposes a data desensitization method and system based on a rotation mechanism. Summary of the Invention

[0011] To overcome the problem that existing desensitization technologies often adopt a single desensitization strategy, which may expose certain sensitive data features of the desensitized dataset during long-term use, thereby causing data security or compliance risks, this invention proposes a data desensitization method and system based on a rotation mechanism.

[0012] The technical solution of this invention is: a data anonymization method based on a rotation mechanism, comprising: S1, determine the set of key features of the original dataset; S2, Build a data anonymization algorithm library; S3, each algorithm in the data anonymization algorithm library is used to perform data anonymization processing on the original dataset; S4, test the feature similarity of the de-identified dataset and perform clustering; S5. During the sharing of the de-identified dataset, a rotation strategy is implemented according to the de-identified dataset. S6 performs symmetric encryption on the desensitization algorithm and parameters, and attaches the ciphertext to the desensitized dataset to track the rotation mechanism.

[0013] Preferably, step S1 includes: The first step is to obtain the original dataset from the data source and calculate the statistical and structural characteristics of all data columns in the original dataset. The statistical characteristics include the mean, sum, median, variance, standard deviation, minimum, maximum, quantile, skewness, kurtosis, distribution shape, and correlation between data columns. The structural characteristics include the relationships and organization of data columns in the dataset. The second step is to calculate all statistical and structural features of the original dataset, and then select key statistical or structural features based on the purpose of data desensitization and application scenario, and put the key features into the feature set. The third step is to determine the weight of each key feature in the feature set to be retained, based on the purpose of data anonymization and the application scenario.

[0014] Preferably, the data desensitization algorithm library in step S2 predefines and stores a variety of available desensitization algorithms, including clustering replacement algorithms, generalization algorithms, perturbation algorithms and other algorithms.

[0015] Preferably, step S3 includes: The first step is to select a data anonymization algorithm Si from the data anonymization algorithm library, and provide appropriate anonymization parameters Pj according to the purpose and application scenario of data anonymization; The second step is to select the top N desensitization parameters that meet the data desensitization purpose and scenario requirements for the desensitization algorithm Si. The third step is to create multiple de-identified datasets X'ij, where each algorithm and each parameter will form a de-identified dataset.

[0016] Preferably, step S4 includes: the similarity of a single feature of the dataset S(X,X') = ‖statistic(X)-statistic(X')‖, where X is the original dataset and X' is the de-identified dataset; statistic(X) and statistic(X') are calculation functions for the retained features, wherein the similarity of key features of the dataset = the weighted average of the similarities of single features, and the de-identified dataset is clustered according to the similarity of the de-identified dataset to form a cluster of de-identified datasets.

[0017] Preferably, step S5 includes: The first step is to develop a set of rotation strategies, which includes fixed-time rotation, data volume threshold rotation, and random rotation strategies. The second step is to periodically change the de-identified dataset or use relevant de-identification algorithms and parameters according to the rotation strategy.

[0018] Preferably, in a shared scenario that provides data query or access, step S5 can be performed by periodically changing the de-identified dataset in the platform backend according to a rotation strategy; the method of changing the de-identified dataset is to randomly select one from the de-identified dataset cluster. In step S5, under the scenario of full sharing of dynamic datasets, the desensitization algorithm and parameters are changed for incremental datasets to perform data desensitization; the method of changing the desensitization algorithm and parameters is to randomly select the algorithm and parameters corresponding to a dataset from the desensitized dataset cluster.

[0019] Preferably, step S6 includes: after the de-identification algorithm and corresponding parameters are determined, the actual algorithm name and corresponding parameter configuration, together with information such as timestamps, are integrated into a string, encrypted using a symmetric encryption algorithm, and the ciphertext is distributed together with the de-identified dataset to trace the de-identification rotation mechanism.

[0020] As a preferred embodiment, a data anonymization system based on a rotation mechanism includes: The key feature determination module is used to determine the set of key features in the original dataset; The de-identification algorithm library module is used to store various de-identification algorithms; The desensitization module is used to generate multiple desensitized datasets; The similarity testing and clustering module is used to calculate feature similarity and cluster datasets. The rotation strategy execution module is used to change the de-identified dataset or algorithm and parameters according to the rotation strategy; The encryption and tracking module is used to encrypt the de-identification algorithm and parameters and attach ciphertext.

[0021] Preferably, the rotation strategy execution module includes fixed-time rotation, data volume threshold rotation, and random rotation strategies.

[0022] The beneficial effects of this invention are: 1. By introducing a dynamic rotation mechanism, the security and flexibility of data anonymization are significantly improved. By constructing a diverse anonymization algorithm library and regularly rotating the anonymization strategy, the risks of data predictability, cumulative effects, and environmental changes are effectively reduced, preventing malicious attackers from cracking the anonymization rules through long-term observation or reverse analysis.

[0023] 2. The encryption and desensitization algorithm and parameter configuration, along with the ciphertext, enhance the traceability and controllability of the desensitization process, ensuring that data can meet business needs while continuously protecting the security of sensitive information during sharing and circulation. Attached Figure Description

[0024] Figure 1 The diagram shown illustrates the workflow of this invention. Figure 2 The diagram shown is a schematic representation of the system structure of the present invention. Detailed Implementation

[0025] To make the objectives, technical solutions, and advantages of the embodiments of the present invention clearer, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are some embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0026] Please see Figure 1 This invention provides an embodiment: a data anonymization method based on a rotation mechanism, comprising: S1, determine the set of key features of the original dataset; S2, Build a data anonymization algorithm library; S3, each algorithm in the data anonymization algorithm library is used to perform data anonymization processing on the original dataset; S4, test the feature similarity of the de-identified dataset and perform clustering; S5. During the sharing of the de-identified dataset, a rotation strategy is implemented according to the de-identified dataset. S6 performs symmetric encryption on the desensitization algorithm and parameters, and attaches the ciphertext to the desensitized dataset to track the rotation mechanism.

[0027] Furthermore, the specific steps of the present invention are as follows: S1. First, the raw dataset is obtained from the data source, and its statistical and structural features are comprehensively analyzed. Statistical features include mean, sum, variance, standard deviation, minimum, maximum, quantiles, skewness, kurtosis, data distribution pattern (such as normal distribution, uniform distribution, exponential distribution, etc.), and the correlation between data columns. Structural features involve the inherent organization of the data, such as the node degree distribution of network data, the community structure of social networks, and the periodic patterns of time series data. After completing the feature calculation, key features are selected and assigned different weights according to the specific application scenario of data anonymization. For example, when protecting supplier quotation data, mean, variance, and extreme values ​​may be more important than skewness, so these features will have higher weights. This step ensures that the subsequent anonymization process can protect sensitive information in a targeted manner while preserving the business usability of the data.

[0028] S2 predefines and stores multiple de-identification algorithms, forming a dynamically selectable algorithm library. This library may include clustering replacement algorithms (such as K-means clustering replacement), generalization algorithms (such as hierarchical generalization), perturbation algorithms (such as differential privacy), and other algorithms (such as homomorphic encryption). Among them, clustering replacement algorithms are suitable for numerical data, achieving de-identification by replacing the original data with cluster center values; generalization algorithms are suitable for categorical data, replacing precise values ​​with broader categories (such as replacing a specific age with an age range); perturbation algorithms protect data privacy by adding controllable noise and are suitable for statistical analysis scenarios; homomorphic encryption is suitable for high-security scenarios that require direct computation on encrypted data. The diversity of the algorithm library ensures the flexibility and adaptability of the de-identification strategy, avoiding the security risks caused by the long-term use of a single algorithm.

[0029] S3. For the original dataset, each de-identification algorithm in the algorithm library and its different parameter combinations are processed in turn. For example, for the K-means clustering replacement algorithm, different values ​​of K (such as 3, 5, 10) and distance metrics can be tried; for the differential privacy algorithm, the amount of noise can be adjusted (such as ε=0.1, 0.5, 1.0). Each algorithm-parameter combination generates an independent de-identified dataset, and finally multiple candidate datasets are formed. The key to this step is to cover diverse de-identification patterns to ensure that sufficient variation can be provided during subsequent rotations to prevent attackers from inferring the original data through fixed patterns.

[0030] S4. Calculate the key feature similarity between each anonymized dataset and the original dataset. The similarity of a single feature can be evaluated using distance metrics (such as mean, standard deviation, quantiles, or more complex distribution distances). The key feature similarity of the dataset is then the weighted average of the individual feature similarities. Cluster the anonymized datasets based on the similarity, grouping datasets with similar feature distributions into the same cluster. For example, all datasets that meet the criteria of "mean error < 5% and standard deviation error < 10%" can be grouped into one cluster. The clustering results are used to guide the rotation strategy: datasets within the same cluster can be considered as equivalent replacement options, while datasets from different clusters provide more significant changes in the anonymization pattern, further enhancing security.

[0031] S5, during the data sharing process, dynamically replace the de-identified dataset or de-identification algorithm and parameters. The rotation strategy is fixed-time rotation, data volume threshold rotation, and random rotation strategy.

[0032] In shared scenarios that provide data query or access, the de-identified dataset can be changed periodically in the platform backend according to a rotation strategy; the method of changing the de-identified dataset is to randomly select one from the de-identified dataset cluster. In the scenario of sharing the entire dynamic dataset, the de-identification algorithm and parameters are changed for incremental datasets. The method of changing the de-identification algorithm and parameters is to randomly select the algorithm and parameters corresponding to a dataset from the de-identified dataset cluster.

[0033] S6. Symmetric encryption is performed on the de-identification algorithm and parameters, and the ciphertext is attached to the de-identified dataset to track the rotation mechanism. After the de-identification algorithm and corresponding parameters are determined, the actual algorithm name and corresponding parameter configuration, along with information such as timestamps, are integrated into a string, which is then encrypted using a symmetric encryption algorithm. The ciphertext is then distributed together with the de-identified dataset to trace the de-identification rotation mechanism.

[0034] Please see Figure 2 A data anonymization system based on a rotation mechanism includes: The key feature determination module is used to determine the set of key features in the original dataset; The de-identification algorithm library module is used to store various de-identification algorithms; The desensitization module is used to generate multiple desensitized datasets; The similarity testing and clustering module is used to calculate feature similarity and cluster datasets. The rotation strategy execution module is used to change the de-identified dataset or algorithm and parameters according to the rotation strategy; The encryption and tracking module is used to encrypt the de-identification algorithm and parameters and attach ciphertext.

[0035] The rotation strategy execution module includes fixed-time rotation, data volume threshold rotation, and random rotation strategies.

[0036] Through the above steps, the security and flexibility of data anonymization are significantly improved by introducing a dynamic rotation mechanism. By constructing a diverse anonymization algorithm library and regularly rotating the anonymization strategy, the risks of data predictability, cumulative effects, and environmental changes are effectively reduced. This prevents malicious attackers from cracking the anonymization rules through long-term observation or reverse analysis. It addresses the problem that existing anonymization technologies often adopt a single anonymization strategy, which may expose certain sensitive data features of the anonymized dataset during long-term use, thereby causing data security or compliance risks.

Claims

1. A data anonymization method based on a rotation mechanism, characterized in that, Including: S1, determine the set of key features of the original dataset; S2, Build a data anonymization algorithm library; S3, each algorithm in the data anonymization algorithm library is used to perform data anonymization processing on the original dataset; S4, test the feature similarity of the de-identified dataset and perform clustering; S5. During the sharing of the de-identified dataset, a rotation strategy is implemented according to the de-identified dataset. S6 performs symmetric encryption on the desensitization algorithm and parameters, and attaches the ciphertext to the desensitized dataset to track the rotation mechanism.

2. The data anonymization method based on a rotation mechanism according to claim 1, characterized in that, Step S1 includes: The first step is to obtain the original dataset from the data source and calculate the statistical and structural characteristics of all data columns in the original dataset. The statistical characteristics include the mean, sum, median, variance, standard deviation, minimum, maximum, quantile, skewness, kurtosis, distribution shape, and correlation between data columns. The structural characteristics include the relationships and organization of data columns in the dataset. The second step is to calculate all statistical and structural features of the original dataset, and then select key statistical or structural features based on the purpose of data desensitization and application scenario, and put the key features into the feature set. The third step is to determine the weight of each key feature in the feature set to be retained, based on the purpose of data anonymization and the application scenario.

3. The data anonymization method based on a rotation mechanism according to claim 1, characterized in that: The data desensitization algorithm library in step S2 predefines and stores a variety of available desensitization algorithms, including clustering replacement algorithms, generalization algorithms, perturbation algorithms, and other algorithms.

4. The data anonymization method based on a rotation mechanism according to claim 1, characterized in that, Step S3 includes: The first step is to select a data anonymization algorithm Si from the data anonymization algorithm library, and provide appropriate anonymization parameters Pj according to the purpose and application scenario of data anonymization; The second step is to select the top N desensitization parameters that meet the data desensitization purpose and scenario requirements for the desensitization algorithm Si. The third step is to create multiple de-identified datasets X'ij, where each algorithm and each parameter will form a de-identified dataset.

5. The data anonymization method based on a rotation mechanism according to claim 1, characterized in that, Step S4 includes: the similarity of a single feature of the dataset S(X,X') = "statistic(X) - statistic(X')" where X is the original dataset and X' is the anonymized dataset; statistic(X) and statistic(X') are calculation functions for the retained features, where the similarity of key features of the dataset = the weighted average of the similarities of single features; and the anonymized datasets are clustered according to the similarity of the anonymized datasets to form an anonymized dataset cluster.

6. The data anonymization method based on a rotation mechanism according to claim 1, characterized in that, Step S5 includes: The first step is to develop a set of rotation strategies, which includes fixed-time rotation, data volume threshold rotation, and random rotation strategies. The second step is to periodically change the de-identified dataset or use relevant de-identification algorithms and parameters according to the rotation strategy.

7. The data anonymization method based on a rotation mechanism according to claim 6, characterized in that: In the shared scenario where data querying or access is provided, step S5 can be performed by periodically changing the de-identified dataset in the platform backend according to a rotation strategy. The method for replacing the anonymized dataset is to randomly select one from the anonymized dataset cluster; In step S5, under the scenario of full sharing of dynamic datasets, the desensitization algorithm and parameters are changed for incremental datasets to perform data desensitization. The method to change the de-identification algorithm and parameters is to randomly select the algorithm and parameters corresponding to a dataset from the de-identified dataset cluster.

8. A data anonymization method based on a rotation mechanism according to claim 1, characterized in that, Step S6 includes: after the de-identification algorithm and corresponding parameters are determined, the actual algorithm name and corresponding parameter configuration, together with information such as timestamps, are integrated into a string, encrypted using a symmetric encryption algorithm, and the ciphertext is distributed together with the de-identified dataset to trace the de-identification rotation mechanism.

9. A data anonymization system based on a rotation mechanism, employing the data anonymization method based on a rotation mechanism as described in claims 1-8, characterized in that, Including: The key feature determination module is used to determine the set of key features in the original dataset; The de-identification algorithm library module is used to store various de-identification algorithms; The desensitization module is used to generate multiple desensitized datasets; The similarity testing and clustering module is used to calculate feature similarity and cluster datasets. The rotation strategy execution module is used to change the de-identified dataset or algorithm and parameters according to the rotation strategy; The encryption and tracking module is used to encrypt the de-identification algorithm and parameters and attach ciphertext.

10. A data anonymization system based on a rotation mechanism according to claim 9, characterized in that: The rotation strategy execution module includes fixed-time rotation, data volume threshold rotation, and random rotation strategies.