阅读说明：本技术 数据脱敏方法、装置、计算机设备及存储介质 (Data desensitization method and device, computer equipment and storage medium ) 是由 明亮文 于 2021-06-30 设计创作，主要内容包括：本申请涉及安全防护技术,尤其涉及访问控制,具体公开了一种数据脱敏方法、装置、计算机设备及存储介质,所述方法包括接收到服务访问请求时,基于预设的脱敏拦截器确定所述服务访问请求是否需要进行脱敏,所述脱敏拦截器中存储有需要进行脱敏的服务的第一访问标识和/或不需要进行脱敏的服务的第二访问标识；若所述服务访问请求需要进行脱敏,从微服务的配置中心获取所述服务访问请求对应的脱敏策略；在响应所述服务访问请求时,根据所述服务访问请求对应的敏策略,对所述服务访问请求对应的数据进行脱敏处理。本申请还涉及区块链技术,所述脱敏策略可以存储于区块链中。(The application relates to a security protection technology, in particular to access control, and particularly discloses a data desensitization method, a device, computer equipment and a storage medium, wherein the method comprises the steps of determining whether a service access request needs desensitization or not based on a preset desensitization interceptor when the service access request is received, wherein the desensitization interceptor stores a first access identifier of a service which needs desensitization and/or a second access identifier of the service which does not need desensitization; if the service access request needs desensitization, acquiring a desensitization strategy corresponding to the service access request from a configuration center of the micro-service; and when the service access request is responded, desensitizing treatment is carried out on the data corresponding to the service access request according to the sensitive strategy corresponding to the service access request. The application also relates to blockchain techniques, where the desensitization policy may be stored in blockchains.)

1. A method of data desensitization, the method being for use in a microservice, the method comprising:

when a service access request is received, determining whether the service access request needs desensitization or not based on a preset desensitization interceptor, wherein a first access identifier of the service needing desensitization and/or a second access identifier of the service not needing desensitization are stored in the desensitization interceptor;

if the service access request needs desensitization, acquiring a desensitization strategy corresponding to the service access request from a configuration center of the micro-service;

and when the service access request is responded, desensitizing treatment is carried out on the data corresponding to the service access request according to the sensitive strategy corresponding to the service access request.

2. The data desensitization method according to claim 1, wherein when performing a service access request, determining whether the service access request needs to be desensitized based on a preset desensitization interceptor comprises:

and if the service access request has the same data as one of the first access identifications and/or the service access request does not have the same data as any one of the second access identifications, determining that the service access request needs to be desensitized.

3. The data desensitization method according to claim 1, wherein said determining a desensitization policy corresponding to the service access request if the service access request needs to be desensitized comprises:

acquiring a preset desensitization strategy from a configuration center of the micro-service;

determining whether a first access identifier corresponding to the desensitization policy matches the request;

and if so, determining the desensitization strategy as the desensitization strategy corresponding to the request.

4. A method of data desensitization according to claim 1, wherein: when the service access request is responded, desensitization processing is carried out on the data corresponding to the service access request according to the desensitization strategy corresponding to the service access request, and the desensitization processing method comprises the following steps:

obtaining a desensitization field and a desensitization processing rule corresponding to the service access request according to the desensitization strategy corresponding to the service access request;

acquiring data of a service corresponding to the service access request on the desensitization field to determine data to be desensitized;

converting the data to be desensitized into desensitized form data through the desensitization processing rule;

outputting the desensitized form of data.

5. The data desensitization method according to claim 4, wherein said obtaining data of the service corresponding to the service access request on the desensitization field to determine data to be desensitized comprises:

and acquiring the reflection object of the desensitization field in the service corresponding to the service access request through a return body for acquiring the reflection object according to a reflection mechanism, and determining the reflection object of the desensitization field as the data to be desensitized.

6. The data desensitization method according to any one of claims 1 to 5, wherein if the service access request needs to be desensitized, acquiring a desensitization policy corresponding to the service access request from a configuration center of a microservice, includes:

acquiring a configuration file;

and configuring the desensitization strategy in a configuration center of the micro-service architecture according to the configuration file.

7. The data desensitization method according to any one of claims 4-5, wherein said obtaining the desensitization field and desensitization processing rule corresponding to the service access request according to the desensitization policy corresponding to the service access request comprises:

acquiring a current desensitization mode;

if the current desensitization mode is a standard mode, the desensitization processing rule is a standard desensitization processing rule preset by the micro-service; and if the current desensitization mode is the self-defined mode, the desensitization processing rule is a desensitization processing rule except the standard desensitization processing rule.

8. A data desensitization apparatus, the apparatus for use in a microservice, the apparatus comprising:

the device comprises a request interception module, a service access request processing module and a desensitization processing module, wherein the request interception module is used for determining whether the service access request needs desensitization or not based on a preset desensitization interceptor when receiving the service access request, and the desensitization interceptor stores a first access identifier of the service needing desensitization and/or a second access identifier of the service not needing desensitization;

the policy determining module is used for acquiring a desensitization policy corresponding to the service access request from a configuration center of the micro-service if the service access request needs desensitization;

and the desensitization processing module is used for performing desensitization processing on data corresponding to the service access request according to the desensitization strategy corresponding to the service access request when responding to the service access request.

9. A computer device, wherein the computer device comprises a memory and a processor;

the memory for storing a computer program;

the processor for executing the computer program and implementing the desensitization processing method according to any one of claims 1 to 7 when executing the computer program.

10. A computer-readable storage medium, the computer-readable storage medium storing a computer program, wherein if the computer program is executed by a processor, the desensitization processing method according to any one of claims 1 to 7 is implemented.

Technical Field

The present application relates to the field of computer technologies, and in particular, to a data desensitization method and apparatus, a computer device, and a storage medium.

Background

Micro-services are a cloud-native architecture approach in which a single application consists of many loosely-coupled and independently deployable smaller services. A service in a computer is an application type, running in the background. A service may typically provide some functionality, such as a client/server application, to a user locally and/or over a network. At present, data desensitization is realized in microservice, a desensitization annotation is marked in a service access request needing desensitization generally by developing a desensitization annotation component, whether the service access request needs desensitization is judged according to the desensitization annotation in the service access request, then the desensitization annotation component is called by a message converter to perform desensitization processing according to the desensitization annotation, the method needs to mark the desensitization annotation and analyze the desensitization annotation process, desensitization efficiency is influenced to a certain extent, an Application Program Interface (API) needs to be correspondingly modified, and certain code intrusiveness exists; the desensitization annotation component is called by the message converter to perform desensitization processing, the message converter can only use the processing mode supported by the desensitization annotation component, and the message converter needs to be correspondingly adjusted during service adjustment.

Disclosure of Invention

The application provides a data desensitization method, a data desensitization device, computer equipment and a storage medium, which can determine whether a service access request needs desensitization based on a preset desensitization interceptor, and perform desensitization processing on data corresponding to the request through a desensitization strategy acquired in a configuration center to acquire data in a desensitization form.

In a first aspect, the present application provides a data desensitization method, which is used in a microservice, and is characterized in that the method includes:

when a service access request is received, determining whether the service access request needs desensitization or not based on a preset desensitization interceptor, wherein a first access identifier of the service needing desensitization and/or a second access identifier of the service not needing desensitization are stored in the desensitization interceptor;

if the service access request needs desensitization, acquiring a desensitization strategy corresponding to the service access request from a configuration center of the micro-service;

and when the service access request is responded, desensitizing treatment is carried out on the data corresponding to the service access request according to the sensitive strategy corresponding to the service access request.

In a second aspect, the present application provides a data desensitization apparatus, the apparatus being for use in a microservice, comprising:

the device comprises a request interception module, a service access request processing module and a desensitization processing module, wherein the request interception module is used for determining whether the service access request needs desensitization or not based on a preset desensitization interceptor when receiving the service access request, and the desensitization interceptor stores a first access identifier of the service needing desensitization and/or a second access identifier of the service not needing desensitization;

the policy determining module is used for acquiring a desensitization policy corresponding to the service access request from a configuration center of the micro-service if the service access request needs desensitization;

and the desensitization processing module is used for performing desensitization processing on data corresponding to the service access request according to the desensitization strategy corresponding to the service access request when responding to the service access request.

In a third aspect, the present application provides a computer device comprising a memory and a processor; the memory is used for storing a computer program; the processor is configured to execute the computer program and to implement the above-described data desensitization method when executing the computer program.

In a fourth aspect, the present application provides a computer readable storage medium storing a computer program which, if executed by a processor, implements the data desensitization method described above.

The application discloses a data desensitization method, a data desensitization device, computer equipment and a storage medium, wherein when a service access request is received, whether the service access request needs desensitization or not is determined based on a preset desensitization interceptor, and a first access identifier of the service which needs desensitization and/or a second access identifier of the service which does not need desensitization are stored in the desensitization interceptor; if the service access request needs desensitization, acquiring a desensitization strategy corresponding to the service access request from a configuration center of the micro-service; and when the service access request is responded, desensitizing treatment is carried out on the data corresponding to the service access request according to the sensitive strategy corresponding to the service access request. Whether service access requests need desensitization or not is determined according to the access identification based on the desensitization interceptor, desensitization efficiency is improved, and code intrusiveness is reduced; desensitization processing is carried out through the desensitization strategy acquired from the configuration center, decoupling of the desensitization strategy and a service code of a service is realized, service adjustment is facilitated, and maintenance and updating of the desensitization strategy are facilitated.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.

Fig. 1 is a schematic flow chart of a data desensitization method according to an embodiment of the present application;

FIG. 2 is a block diagram schematically illustrating the structure of a data desensitization apparatus according to an embodiment of the present disclosure;

fig. 3 is a block diagram illustrating a structure of a computer device according to an embodiment of the present disclosure.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

The flow diagrams depicted in the figures are merely illustrative and do not necessarily include all of the elements and operations/steps, nor do they necessarily have to be performed in the order depicted. For example, some operations/steps may be decomposed, combined or partially combined, so that the actual execution sequence may be changed according to the actual situation. In addition, although the division of the functional blocks is made in the device diagram, in some cases, it may be divided in blocks different from those in the device diagram.

Embodiments of the application provide a data desensitization method, apparatus, computer device and computer readable storage medium. The desensitization processing method is used for determining whether the request needs desensitization or not based on the desensitization interceptor according to the access identification so as to perform desensitization processing on data of a service corresponding to the request needing desensitization. Illustratively, in the development process of the intelligent agricultural platform based on micro-service implementation, in order to reliably protect private data such as an identity card number, a mobile phone number, a client number and the like of a user, when data desensitization processing needs to be performed on part of the private data, whether service access requests need to be desensitized or not is determined according to access identifiers based on a desensitization interceptor according to the data desensitization method of the embodiment of the application, desensitization efficiency is improved, and code intrusiveness is reduced; desensitization processing is carried out through the desensitization strategy acquired from the configuration center, decoupling of the desensitization strategy and a service code of a service is realized, service adjustment is facilitated, and maintenance and updating of the desensitization strategy are facilitated.

The data desensitization method can be used for a server, and can also be used for a terminal, wherein the terminal can be an electronic device such as a mobile phone, a tablet computer, a notebook computer and a desktop computer; the servers may be, for example, individual servers or clusters of servers. However, for ease of understanding, the following embodiments will be described in detail with respect to a data desensitization method applied to a server.

Some embodiments of the present application will be described in detail below with reference to the accompanying drawings. The embodiments described below and the features of the embodiments can be combined with each other without conflict.

Referring to fig. 1, fig. 1 is a schematic flow chart of a data desensitization method according to an embodiment of the present application.

As shown in fig. 1, the data desensitization method may include the following steps S110 to S130.

Step S110, when a service access request is received, whether the service access request needs desensitization is determined based on a preset desensitization interceptor, wherein a first access identifier of the service needing desensitization and/or a second access identifier of the service not needing desensitization are stored in the desensitization interceptor.

For example, if the service access request has the same data as one of the first access identities, and/or the service access request does not have the same data as any of the second access identities, it is determined that the service access request needs to be desensitized.

Illustratively, if the service access request needs desensitization, the desensitization interceptor intercepts the service access request.

Illustratively, in one embodiment, the desensitization interceptor is implemented based on an interceptor (handlernentercaptoraadapter) provided by the spring framework. The spring framework is an open source application framework on a Java platform, wherein an interceptor is defined, and relevant parameters can be configured in the interceptor of the spring framework to obtain the desensitization interceptor. It is understood that in other embodiments, the desensitization interceptor may be obtained in a customized manner.

For example, at least two different access indicators are set in each service with sensitive data, one of the access indicators is determined as the first access indicator, and the other access indicator is determined as the second access indicator.

Illustratively, the access identification comprises a Uniform Resource Identifier (URI) of an Application Program Interface (API) of the service. The uniform resource identifier is a character string used for identifying a name of a certain network resource, and the network resource can be accessed according to the uniform resource identifier, for example, a corresponding application program interface can be accessed through the uniform resource identifier of the application program interface, so as to access a corresponding service. It is understood that, in implementation, the access identifier may also be a Uniform Resource Locator (URL), a Uniform Resource Name (URN), or other identifiers.

For example, for a web service, two different uniform resource locators are configured, one of the uniform resource locators is determined as the first access identifier, and the other uniform resource locator is determined as the second access identifier; when the public user accesses the web service through the first access identifier, the request is intercepted by the interceptor to perform data desensitization processing, the data finally shown to the public user is desensitized data, and when the internal user accesses the web service through the first access identifier, the data finally shown to the internal user is original data which is not desensitized.

And S120, if the service access request needs desensitization, acquiring a desensitization strategy corresponding to the service access request from a configuration center of the micro-service.

Illustratively, the desensitization policy is used to determine a corresponding desensitization field of the request and a desensitization processing rule, the desensitization field is used to determine data to be desensitized according to data serving on the desensitization field corresponding to the request, and the desensitization processing rule is used to determine a desensitization processing mode of the data to be desensitized.

Illustratively, the desensitization field is set in the desensitization policy. For example, if the desensitization field is set to "mobile" in a desensitization policy, the corresponding request may be determined according to the policy, the corresponding service may be determined according to the corresponding request, and the data to be desensitized may be determined according to the data of the corresponding service in the "mobile" field.

Illustratively, desensitization mode identifiers are set in the desensitization strategy, and a current desensitization mode is determined according to the desensitization mode identifier in the desensitization strategy corresponding to the current request. The desensitization processing rule corresponding to the desensitization strategy of the standard mode is a standard desensitization processing rule preset by the micro-service; and the desensitization processing rule corresponding to the desensitization strategy of the user-defined mode is a desensitization processing rule except the standard desensitization processing rule.

In the micro-service system, a group of standard desensitization processing rules based on regular expressions are provided, and desensitization processing can be performed on sensitive data such as user names, identity card numbers, mobile phone numbers, telephone numbers, e-mails and bank card numbers.

Illustratively, the desensitization policy of the standard mode further includes a corresponding rule template ID, so as to determine the standard desensitization processing rule corresponding to the request requiring desensitization according to the rule template ID. For example, the rule template ID is 3(rule _ module ═ 3) corresponding to the standard desensitization processing rule of the e-mail preset by the microservice system.

Illustratively, a corresponding custom desensitization processing rule is set in the desensitization strategy of the custom mode. For example, when the desensitization rule of the standard mode cannot meet the requirement of data desensitization, the custom desensitization rule may be set in the desensitization policy of the custom mode as required, so as to perform desensitization processing on the data to be desensitized according to a custom desensitization processing mode.

Illustratively, the rule template ID and the custom desensitization processing rule may be set in one desensitization policy at the same time, if the desensitization mode is the standard mode, the desensitization policy is the desensitization policy of the standard mode, the standard desensitization processing rule corresponding to the rule template ID is adopted to perform desensitization processing on the data to be desensitized, and the custom desensitization processing rule fails; and if the desensitization mode is the self-defined mode, the desensitization strategy is the desensitization strategy of the self-defined mode, desensitization processing is carried out on data to be desensitized by adopting the self-defined desensitization processing rule, and the standard desensitization processing rule corresponding to the rule template is invalid.

Illustratively, each desensitization strategy is provided with a corresponding strategy ID, and the strategy IDs of all desensitization strategies are not repeated. The policy ID, which is equivalent to the code number of the desensitization policy, may facilitate management and use of the desensitization mapping policy.

Illustratively, step S120 specifically includes steps S123 to S125.

S123, acquiring a preset desensitization strategy from a configuration center of the micro-service;

the configuration center is a module in the micro service architecture for uniformly managing all configurations in a project, and is an important module of the micro service architecture. The desensitization strategy is configured in the configuration center, and the method has the advantages of centralized configuration management, configuration and service business code decoupling, real-time updating, high readability, strong maintainability and the like.

S124, determining whether the first access identifier corresponding to the desensitization strategy is matched with the request;

for example, the first access identifier corresponding to the desensitization policy may be directly set in the desensitization policy, or may be set in a mapping sub-policy of the desensitization policy, for example, the policy ID having a corresponding relationship and the first access identifier corresponding to the desensitization policy are set in the mapping sub-policy, and the desensitization policy corresponding to the first access identifier is determined according to the policy ID in the mapping sub-policy.

And S125, if the request is matched with the desensitization policy, determining that the desensitization policy is the desensitization policy corresponding to the request.

Illustratively, the server loads all desensitization policies to the server memory, and if a service access request is intercepted by the interceptor, scans all desensitization policies, and reads all desensitization policies corresponding to the service access request.

Illustratively, step S120 further includes steps S121-S122.

And S121, acquiring a configuration file.

Illustratively, the step S101 specifically includes S121a-S121 b.

S121a, creating an independent desensitization namespace in the configuration center;

for example, a Namespace (Namespace) is created and named custom-prop to get the desensitized Namespace.

S121b, adding the configuration file in the desensitization namespace.

For example, the configuration file is generated according to the configuration operation of the user, and the configuration file is added into the desensitization namespace.

And S122, configuring the desensitization strategy in a configuration center of the micro-service architecture according to the configuration file.

Illustratively, the configuration of one such desensitization strategy is as follows:

in some embodiments, the desensitization strategy may also be pre-stored in blockchain nodes. The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism and an encryption algorithm. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.

S130, when the service access request is responded, desensitization processing is carried out on data corresponding to the service access request according to a sensitive strategy corresponding to the service access request.

For example, in an embodiment, step S130 specifically includes step S131 to step S134.

S131, acquiring a desensitization field and a desensitization processing rule corresponding to the service access request according to the desensitization strategy corresponding to the service access request;

illustratively, step S131 specifically includes steps S131a-S131 b.

S131a, acquiring a current desensitization mode;

illustratively, according to the desensitization mode identification in the desensitization strategy, the current desensitization mode is determined to be a standard desensitization mode or a custom desensitization mode.

S131b, if the current desensitization mode is the standard mode, the desensitization processing rule is a standard desensitization processing rule preset by the micro-service; and if the current desensitization mode is the self-defined mode, the desensitization processing rule is a desensitization processing rule except the standard desensitization processing rule.

For example, the service access request corresponds to a desensitization policy with policy ID of 1, the desensitization field corresponding to the obtained service access request is "com.

S132, acquiring data of a service corresponding to the service access request on the desensitization field to determine the data to be desensitized;

illustratively, a reflection object of the desensitization field in the service corresponding to the service access request is obtained through a return body for obtaining the reflection object according to a reflection mechanism, and the reflection object of the desensitization field is determined as the data to be desensitized;

the reflection mechanism is a dynamic language technology, can dynamically acquire class objects and members in the class objects, can call the members of the class objects, and has reflection mechanisms in programming languages such as JAVA, NET and the like.

Illustratively, the reflection object in the data of the service corresponding to the service access request is obtained through a return body for obtaining the reflection object according to the reflection mechanism, if the reflection object is of the object type, the reflection object is continuously obtained until the obtained reflection object is of the basic data type, the reflection object of the desensitization field is searched in the reflection object of the basic data type, and the reflection object of the desensitization field is determined as the data to be desensitized.

S133, converting the data to be desensitized into data in a desensitized form through the desensitization processing rule;

illustratively, the desensitization processing rule corresponding to the service access request is applied to the data to be desensitized, so as to convert the data to be desensitized into data in a desensitized form. For example, all or part of the desensitization data is converted to an "x" form.

Illustratively, steps S131 to S133 are executed in the server memory, and the obtained data in the desensitized form is cached in the server memory, so as to increase the corresponding speed of the service.

134. Outputting the desensitized form of data.

Illustratively, if the service access request needs desensitization, the desensitization form data is read from the server memory, and the sensitive data is replaced with the desensitization form data in the data presented to the user obtained by the service access request.

The traditional method realizes the conversion of desensitization form data based on JSON, and the method can not support flexible desensitization processing rules, usually does not support user-defined desensitization processing rules, and has a limited application range.

In the application, through a reflection mechanism, desensitization form data conversion is carried out in the reflection object of the desensitization field, original data of service is not changed, and dynamic desensitization is realized, so that an application developer only needs to concentrate on service development without concerning the specific process of desensitization processing, development workload is reduced, and delivery efficiency of application development is improved; compared with the traditional method based on JSON, the method can support the user-defined desensitization processing rule, has wider application range and higher execution performance.

Referring to fig. 2, fig. 2 is a schematic diagram of a data desensitization apparatus according to an embodiment of the present application, where the data desensitization apparatus may be configured in a server or a terminal, and is used to perform the foregoing data desensitization method.

As shown in fig. 2, the data desensitization apparatus includes: a request interception module 110, a policy determination module 120, and a desensitization processing module 130.

The request intercepting module 110 is configured to, when requesting service access and based on receiving a service access request, determine whether the service access request needs desensitization based on a preset desensitization interceptor, where a first access identifier of a service that needs desensitization and/or a second access identifier of a service that does not need desensitization are stored in the desensitization interceptor.

A policy determining module 120, configured to, if the service access request needs desensitization, obtain a desensitization policy corresponding to the service access request from a configuration center of the micro service.

A desensitization processing module 130, configured to perform desensitization processing on data corresponding to the service access request according to a desensitization policy corresponding to the service access request when responding to the service access request.

Illustratively, the request intercepting module is specifically configured to determine that the service access request needs to be desensitized if the service access request has data that is the same as one of the first access identities, and/or the service access request does not have data that is the same as any of the second access identities.

Illustratively, the policy determination module includes a policy acquisition sub-module, a policy matching sub-module, and a policy determination sub-module:

illustratively, the policy obtaining sub-module is configured to obtain a preset desensitization policy from a configuration center of the micro service;

illustratively, the policy matching sub-module is configured to determine whether the first access identifier corresponding to the desensitization policy matches the request;

illustratively, the policy determination sub-module is configured to determine, if the request is a desensitization policy corresponding to the request, that the desensitization policy is a desensitization policy corresponding to the request.

Illustratively, the policy determining module further includes a policy configuration sub-module, and the policy configuration sub-module is configured to obtain a configuration file; and configuring the desensitization strategy in a configuration center of the micro-service architecture according to the configuration file.

Illustratively, the desensitization processing module comprises a rule acquisition unit, a data to be desensitized determination unit, a desensitization data conversion unit and a desensitization data output unit:

illustratively, the rule obtaining unit is configured to obtain, according to the desensitization policy corresponding to the service access request, a desensitization field and a desensitization processing rule corresponding to the service access request;

illustratively, the rule obtaining unit further includes a desensitization mode obtaining subunit, where the desensitization mode obtaining subunit is configured to obtain a current desensitization mode; if the current desensitization mode is a standard mode, the desensitization processing rule corresponding to the desensitization strategy is a standard desensitization processing rule preset by the micro-service; and if the current desensitization mode is a self-defined mode, the desensitization processing rule corresponding to the desensitization strategy is a desensitization processing rule except the standard desensitization processing rule.

Illustratively, the data to be desensitized determining unit is configured to obtain data of a service corresponding to the service access request on the desensitization field, so as to determine data to be desensitized;

illustratively, the to-be-desensitized data determining unit is specifically configured to obtain a reflection object of the desensitization field in the service corresponding to the service access request by using a return body for obtaining the reflection object according to a reflection mechanism, and determine the reflection object of the desensitization field as the to-be-desensitized data;

illustratively, the desensitization data conversion unit is configured to convert the data to be desensitized into desensitized form data according to the desensitization processing rule.

Illustratively, a desensitization data output unit for outputting the desensitized form of data.

It should be noted that, as will be clear to those skilled in the art, for convenience and brevity of description, the specific working processes of the apparatus, the modules and the units described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

The methods, apparatus, and devices of the present application are operational with numerous general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.

The above-described methods and apparatuses may be implemented, for example, in the form of a computer program that can be run on a computer device as shown in fig. 3.

Referring to fig. 3, fig. 3 is a schematic diagram of a computer device according to an embodiment of the present disclosure. The computer device may be a server or a terminal.

As shown in fig. 3, the computer device includes a processor, a memory, and a network interface connected by a system bus, wherein the memory may include a nonvolatile storage medium and an internal memory.

The non-volatile storage medium may store an operating system and a computer program. The computer program comprises program instructions that, when executed, cause a processor to perform any of the data desensitization methods.

The processor is used for providing calculation and control capability and supporting the operation of the whole computer equipment.

The internal memory provides an environment for the execution of a computer program on a non-volatile storage medium, which when executed by the processor, causes the processor to perform any of a variety of data desensitization methods.

The network interface is used for network communication, such as sending assigned tasks and the like. Those skilled in the art will appreciate that the configuration of the computer apparatus is merely a block diagram of a portion of the configuration associated with aspects of the present application and is not intended to limit the computer apparatus to which aspects of the present application may be applied, and that a particular computer apparatus may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.

It should be understood that the Processor may be a Central Processing Unit (CPU), and the Processor may be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, etc. Wherein a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

Wherein, in some embodiments, the processor is configured to execute a computer program stored in the memory to implement the steps of: when a service access request is received, determining whether the service access request needs desensitization or not based on a preset desensitization interceptor, wherein a first access identifier of the service needing desensitization and/or a second access identifier of the service not needing desensitization are stored in the desensitization interceptor; if the service access request needs desensitization, acquiring a desensitization strategy corresponding to the service access request from a configuration center of the micro-service; and when the service access request is responded, desensitizing treatment is carried out on the data corresponding to the service access request according to the sensitive strategy corresponding to the service access request.

Illustratively, when the processor is configured to implement the service access request, and determine whether the service access request needs desensitization based on a preset desensitization interceptor, implement: and if the service access request has the same data as one of the first access identifications and/or the service access request does not have the same data as any one of the second access identifications, determining that the service access request needs to be desensitized.

Illustratively, the processor is configured to, if the service access request needs desensitization, when obtaining a desensitization policy corresponding to the service access request from a configuration center of a micro service, implement: acquiring a preset desensitization strategy from a configuration center of the micro-service; determining whether the first access identification corresponding to the desensitization policy matches the request; and if so, determining the desensitization strategy as the desensitization strategy corresponding to the request.

Illustratively, when the processor is configured to implement that, if the service access request needs to be desensitized, and a desensitization policy corresponding to the service access request is acquired from a configuration center of a micro service, the processor is further configured to implement: acquiring a configuration file; and configuring the desensitization strategy in a configuration center of the micro-service architecture according to the configuration file.

Illustratively, the processor is configured to, when responding to the service access request, perform desensitization processing on data corresponding to the service access request according to a sensitivity policy corresponding to the service access request, and implement: obtaining a desensitization field and a desensitization processing rule corresponding to the service access request according to the desensitization strategy corresponding to the service access request; acquiring data of a service corresponding to the service access request on the desensitization field to determine data to be desensitized; converting the data to be desensitized into desensitized form data through the desensitization processing rule; outputting the desensitized form of data.

Illustratively, the processor is configured to implement, according to the desensitization policy corresponding to the service access request, obtaining the desensitization field and the desensitization processing rule corresponding to the service access request, and specifically implement: acquiring a current desensitization mode; if the current desensitization mode is a standard mode, the desensitization processing rule corresponding to the desensitization strategy is a standard desensitization processing rule preset by the micro-service; and if the current desensitization mode is a self-defined mode, the desensitization processing rule corresponding to the desensitization strategy is a desensitization processing rule except the standard desensitization processing rule.

Illustratively, the processor is configured to, when obtaining data of a service corresponding to the service access request on the desensitization field to determine data to be desensitized, implement: and acquiring the reflection object of the desensitization field in the service corresponding to the service access request through a return body for acquiring the reflection object according to a reflection mechanism, and determining the reflection object of the desensitization field as the data to be desensitized.

In another embodiment, the processor is configured to execute a computer program stored in the memory to implement the steps of the data desensitization method.

In some embodiments, the processor, when executing the computer program stored in the memory, performs the steps of: when a service access request is received, determining whether the service access request needs desensitization or not based on a preset desensitization interceptor, wherein a first access identifier of the service needing desensitization and/or a second access identifier of the service not needing desensitization are stored in the desensitization interceptor; if the service access request needs desensitization, acquiring a desensitization strategy corresponding to the service access request from a configuration center of the micro-service; and when the service access request is responded, desensitizing treatment is carried out on the data corresponding to the service access request according to the sensitive strategy corresponding to the service access request.

From the above description of the embodiments, it is clear to those skilled in the art that the present application can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art in the form of a software product, which may be stored in a storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments of the present application, such as:

a computer readable storage medium storing a computer program comprising program instructions, the processor executing the program instructions to implement any one of the data desensitization methods provided by the embodiments of the present application.

The computer-readable storage medium may be an internal storage unit of the computer device described in the foregoing embodiment, for example, a hard disk or a memory of the computer device. The computer readable storage medium may also be an external storage device of the computer device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like provided on the computer device.

While the invention has been described with reference to specific embodiments, the scope of the invention is not limited thereto, and those skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the invention. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.