Shulou(Shulou.com)06/01 Report--

Baidu encyclopedia is described as follows:

Data desensitization refers to the deformation of some sensitive information through desensitization rules to achieve the reliable protection of sensitive private data. In the case of customer security data or some commercially sensitive data, transform the real data and provide testing use without violating the system rules. For example, personal sensitive information, such as × × × number, mobile phone number, card number, customer name, customer address, and so on, needs to be deformed through desensitization rules to achieve reliable protection of sensitive private data. This allows the desensitized real dataset to be safely used in development, testing, and other non-production environments, as well as in outsourced environments.

Common examples in life

1. Train tickets:

2. Harvest address information on Taobao web page:

Sensitive data carding

Before carrying out data desensitization, we should determine which data (which tables and which fields) of the company should be the target of desensitization. Here is a negative analysis from users, companies and sellers:

1. Users: name, mobile phone number, × × number, fixed telephone number, receiving address, email address, bank card number, password, etc.

2. Seller: name, mobile phone number, × × number, landline, etc.

3. Company: transaction amount, coupon code, recharge code, etc.

Determine the desensitization rule

After determining which data of the company should be used as desensitization targets, we need to formulate desensitization rules (specific implementation methods).

Common methods:

1. Replacement: if the female user name is replaced by F in a unified way, this method is more like a "cover-up". For insiders, the integrity of information can be completely maintained, but it is easy to crack.

2, rearrangement: the serial number 12345 is rearranged to 54321, which is disrupted in a certain order, much like "replacement". It is convenient to restore information when needed, but it is also easy to crack.

3. Encryption: the number 12345 is encrypted to 23456. The degree of security depends on which encryption algorithm is used, which generally depends on the actual situation.

4. Truncation: 13811001111 truncation is 138, giving up the necessary information to ensure the fuzziness of the data is a more commonly used desensitization method, but it is often not friendly to production. (length of missing field)

5. Mask: 123456-> 1xxxx6, which retains part of the information and ensures that the length of the information is invariant, making it easier to identify the holders of the information, such as the identity information on the train ticket. (common methods)

6. Date offset rounding: 20130520 12:30:45-> 20130520 12:00:00, discard accuracy to ensure the security of the original data, generally this method can protect the time distribution density of the data.

My current idea of the desensitization rule is:

1. [Chinese name] shows only the first Chinese character, and the others are hidden as 2 asterisks, such as Li *.

2. [× ×] shows the last four digits, while the others are hidden. A total of 18 or 15, for example: * 1234

3. [landline] shows the last four digits, while others are hidden, such as * 3241

4. [mobile phone number] the first three digits, the last four digits, and other hidden digits, such as 135mm / s / 6810.

5. The address is shown only to the region, but not to the detailed address, for example, Caohejing Development Zone, Xuhui District, Shanghai *

6. [email] the mailbox prefix shows only the first letter, with other hidden prefixes, with an asterisk instead of @ and the following address, such as d**@126.com

7. [bank card number] the first six, the last four, and the others hide each asterisk with an asterisk, for example: 62226001234

8. [password] all characters of the password are replaced, such as: *

Desensitize data according to the above rules!

The specific ideas are as follows:

Production data queried from the original data source-- > data desensitization-- > updated to the target data source.

The original data source, target data source, desensitized tables, fields and so on are all placed in the configuration file to achieve scalability!

Desensitization tool code

A simple desensitization rule tool class has been written according to the above rules.

/ * *

* data desensitization tool class

* Created by zhisheng_tian on 2017-10-25.

, /

Public class DesensitizedUtils {

* [Chinese name] only shows the first Chinese character, and the others are hidden as 2 asterisks, such as Li * *

*

* @ param fullName

* @ return

Public static String chineseName (String fullName) {

If (StringUtils.isBlank (fullName)) {

Return ""

}

String name = StringUtils.left (fullName, 1)

Return StringUtils.rightPad (name, StringUtils.length (fullName), "*")

* [× ×] shows the last four digits, while others are hidden. A total of 18 or 15, for example: * 1234

* @ param id

Public static String idCardNum (String id) {

If (StringUtils.isBlank (id)) {

String num = StringUtils.right (id, 4)

Return StringUtils.leftPad (num, StringUtils.length (id), "*")

* [landline] shows the last four digits, while others are hidden, such as: * 3241

* @ param num

Public static String fixedPhone (String num) {

If (StringUtils.isBlank (num)) {

Return StringUtils.leftPad (StringUtils.right (num, 4), StringUtils.length (num), "*")

* [mobile phone number] the first three digits, the last four digits, and other hidden digits, such as 135mm mobile phone number 6810

Public static String mobilePhone (String num) {

Return StringUtils.left (num, 3) .concat (StringUtils.removeStart (StringUtils.leftPad (StringUtils.right (num, 4), StringUtils.length (num), "*"), "* *")

* [address] only shows to the region, but does not show the detailed address, for example: Caohejing Development Zone, Xuhui District, Shanghai *

* @ param address

* @ param sensitiveSize sensitive message length

Public static String address (String address, int sensitiveSize) {

If (StringUtils.isBlank (address)) {

Int length = StringUtils.length (address)

Return StringUtils.rightPad (StringUtils.left (address, length-sensitiveSize), length, "*")

* [email] mailbox prefix shows only the first letter, other hidden prefixes, replaced by asterisks, @ and subsequent addresses, such as: d**@126.com

* @ param email

Public static String email (String email) {

If (StringUtils.isBlank (email)) {

Int index = StringUtils.indexOf (email, "@")

If (index

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.