CN-121808752-B - Operation data safety protection method and system

Abstract

The invention is applicable to the technical field of data security, and provides an operation data security protection method and system, comprising the following steps of receiving an operation data query instruction and retrieving an encryption response data set containing original operation data; the method comprises the steps of carrying out real-time decryption and block loading on a response data set based on a screen visibility mechanism, carrying out complete rendering on data in a screen visible area, carrying out fuzzy placeholder rendering on an off-screen area, identifying sensitive numerical value segments in the visible area, generating a numerical value group, carrying out scintillation carousel on each numerical value in the numerical value group at a corresponding sensitive numerical value segment, determining sensitive fields in the response data set, replacing the sensitive fields with fictitious data conforming to the semantic distribution and statistical characteristics of original fields, and carrying out iterative calculation of an optimal replacement value by maximizing the value of a data utility maintaining function in a replacement process. The operator can normally perform business operations such as crowd image analysis, trend research and judgment, and the like, and the available invisible safety target is realized.

Inventors

• LIN WENJIA
• LIN ZHAODA

Assignees

• 福建讯网网络科技股份有限公司

Dates

Publication Date

20260508

Application Date

20260311

Claims (5)

1. 1. A method of operation data security protection, the method comprising the steps of: receiving an operation data query instruction, and calling an encryption response data set containing original operation data; based on a screen visibility mechanism, real-time decryption and block loading are carried out on the response data set, complete rendering is carried out on data in a screen visible area, and fuzzy placeholder rendering is carried out on an off-screen area; Identifying a sensitive numerical value section in a visible area, generating a numerical value group, and carrying out scintillation carousel on each numerical value in the numerical value group at the corresponding sensitive numerical value section, wherein the frequency of the scintillation carousel is more than 60Hz; Determining sensitive fields in response data sets according to user rights, and replacing the sensitive fields with imaginary data conforming to the semantic distribution and statistical characteristics of original fields; based on the user ID, the time stamp and the session ID, invisible diffusion watermark information is generated, and the diffusion watermark information is embedded into a background area; The method specifically comprises the steps of decrypting and loading the response data set in a blocking manner based on a screen visibility mechanism, wherein the steps specifically comprise: Acquiring the size of a viewing port and the position of a scroll bar of a browser window, and calculating a data line index range and a data column index range which can be covered by a visual area of a screen; Extracting encrypted data blocks in the corresponding index range from the encrypted response data set according to the index range, and decrypting to obtain complete plaintext data in the visible area; Rendering a preset fuzzy placeholder at a corresponding DOM node position for data rows and columns outside the visible area of the screen; Monitoring a scrolling event of the browser in real time, and resetting a screen visible area when detecting that the position of the scroll bar changes; the step of replacing the sensitive field with fictional data conforming to the semantic distribution and statistical characteristics of the original field specifically comprises the following steps: Determining the domain constraint of each sensitive field, calling a data generator, modifying the original data in the sensitive field based on the respective domain constraint, and determining the imaginary data corresponding to each sensitive field to obtain an imaginary data set; Inputting the imaginary data set into a data utility maintaining function to perform iterative calculation to obtain a function value; judging whether the function value of the current fictitious data set is lower than a function threshold value, if so, adjusting the random seed of the data generator, and regenerating the fictitious data set until the function value corresponding to the fictitious data set is higher than the function threshold value; The formula of the data utility maintaining function S is as follows: wherein, the method comprises the steps of, The original value of the sensitive field of the ith strip is indicated, Imaginary data of the ith bar after replacement is represented, and n represents the total number of sensitive fields; extracting function for preset semantic features, X is feature matrix of original data set, Is a characteristic matrix of the imaginary data set, cov # ) Calculating a function for the covariance matrix; The matrix is represented by the Frobenius norm, and alpha and beta are preset weight coefficients, and alpha+beta=1.
2. 2. The method for protecting operation data according to claim 1, wherein the step of identifying the sensitive value segments in the visible area and generating the value group specifically comprises: identifying a sensitive numerical value section needing to implement the blinking carousel according to a preset sensitive numerical value label; Determining an original numerical value of a sensitive numerical value segment, calling a mathematical transformation function library, and generating a group of derivative numerical values which are equivalent to the original numerical value mathematically, wherein the character expression forms of each derivative numerical value are different.
3. 3. The method for protecting operation data security according to claim 1, wherein the step of generating invisible diffusion watermark information based on the user ID, the timestamp and the session ID and embedding the diffusion watermark information in the background area comprises: Splicing the user ID, the time stamp and the session ID into an original watermark character string, and performing error correction coding and spread spectrum modulation on the original watermark character string to generate a watermark signal sequence; and traversing each pixel of the background area, and modulating the watermark signal sequence into a blue channel or Alpha transparent channel of the pixel with an amplitude lower than a human eye contrast sensitivity threshold value to form a background noise watermark image layer invisible to human eyes.
4. 4. An operational data security system, the system comprising: The operation data calling module is used for receiving an operation data query instruction and calling an encryption response data set containing original operation data; the block loading rendering module is used for decrypting the response data set in real time and loading the response data set in blocks based on a screen visibility mechanism, performing complete rendering on the data in the visible area of the screen, and performing fuzzy placeholder rendering on the area outside the screen; The system comprises a sensitive numerical value carousel module, a flicker carousel module, a mouse-over detection module and a mouse-over detection module, wherein the sensitive numerical value carousel module is used for identifying a sensitive numerical value section in a visible area, generating a numerical value group, and carrying out flicker carousel on each numerical value in the numerical value group at a corresponding sensitive numerical value section, wherein the frequency of the flicker carousel is greater than 60Hz; the sensitive field replacement module is used for determining sensitive fields in the response data set according to the user permission and replacing the sensitive fields with imaginary data conforming to the semantic distribution and statistical characteristics of the original fields; The watermark information embedding module is used for generating invisible diffusion watermark information based on the user ID, the time stamp and the session ID, and embedding the diffusion watermark information into a background area; The block loading rendering module comprises: the coverage data determining unit is used for acquiring the size of the view port and the position of the scroll bar of the browser window, and calculating the data line index range and the data column index range which can be covered by the visual area of the screen; The visible area decryption unit is used for extracting encrypted data blocks in the corresponding index range from the encrypted response data set according to the index range, and decrypting to obtain complete plaintext data in the visible area; the fuzzy rendering unit is used for rendering preset fuzzy placeholders at the corresponding DOM node positions for the data rows and columns outside the visible area of the screen; the visual area resetting unit is used for monitoring the scrolling event of the browser in real time, and resetting the visual area of the screen when detecting that the position of the scroll bar changes; The sensitive field replacement module includes: The virtual data determining unit is used for determining the domain constraint of each sensitive field, calling the data generator, modifying the original data in the sensitive field based on the respective domain constraint, and determining the virtual data corresponding to each sensitive field to obtain a virtual data set; the function value calculation unit is used for inputting the fictitious data set into the data utility maintaining function to perform iterative calculation to obtain a function value; The virtual data resetting unit is used for judging whether the function value of the current virtual data set is lower than a function threshold value, if yes, adjusting the random seed of the data generator, and regenerating the virtual data set until the function value corresponding to the virtual data set is higher than the function threshold value; The formula of the data utility maintaining function S is as follows: wherein, the method comprises the steps of, The original value of the sensitive field of the ith strip is indicated, Imaginary data of the ith bar after replacement is represented, and n represents the total number of sensitive fields; extracting function for preset semantic features, X is feature matrix of original data set, Is a characteristic matrix of the imaginary data set, cov # ) Calculating a function for the covariance matrix; The matrix is represented by the Frobenius norm, and alpha and beta are preset weight coefficients, and alpha+beta=1.
5. 5. The operational data security system of claim 4, wherein the sensitive numerical carousel module comprises: The sensitive numerical value section unit is used for identifying a sensitive numerical value section needing to implement the blinking carousel according to a preset sensitive numerical value label; And the derivative value determining unit is used for determining the original value of the sensitive value segment, calling the mathematical transformation function library and generating a group of derivative values which are equivalent to the original value mathematically, wherein the character expression forms of each derivative value are different.

Description

Operation data safety protection method and system Technical Field The invention relates to the technical field of data security, in particular to an operation data security protection method and system. Background With the rapid development of the electronic commerce industry, the electronic commerce platform accumulates massive user operation data, including high-value sensitive information such as user portraits, consumption behaviors, transaction records, receiving addresses and the like. In the existing data leakage prevention technical system, the main stream scheme focuses on encryption of a network transmission layer (such as SSL/TLS protocol) and static encryption of a storage layer. However, these techniques do not effectively address the security issues of the data during the use phase. When operators with legal rights perform normal data query and analysis work in a background system, the data must be presented in a clear text form at a user terminal for reading and operation, and this essential link forms a vacuum zone for safety protection. Conventional data desensitization techniques typically employ a static masking approach, i.e., one-time processing of sensitive fields as the data leaves the database, e.g., replacing the middle four digits of the phone number with an asterisk, and hiding the house number in the address. The static desensitization scheme has two inherent defects that firstly, the desensitization rule is fixed, once leakage occurs, an attacker can restore original information by comparing desensitization data of a plurality of versions or combining context semantics to perform consistency attack, and secondly, the desensitized data destroys original statistical characteristics, so that operators cannot effectively analyze and mine the data, and the balance between safety and usability is difficult to achieve. Therefore, there is a need to provide a method and a system for protecting operation data, which aim to solve the above problems. Disclosure of Invention Aiming at the defects existing in the prior art, the invention aims to provide an operation data safety protection method and system so as to solve the problems existing in the background art. The invention is realized in such a way that an operation data safety protection method comprises the following steps: receiving an operation data query instruction, and calling an encryption response data set containing original operation data; based on a screen visibility mechanism, real-time decryption and block loading are carried out on the response data set, complete rendering is carried out on data in a screen visible area, and fuzzy placeholder rendering is carried out on an off-screen area; Identifying a sensitive numerical value section in a visible area, generating a numerical value group, and carrying out scintillation carousel on each numerical value in the numerical value group at the corresponding sensitive numerical value section, wherein the frequency of the scintillation carousel is more than 60Hz; Determining sensitive fields in response data sets according to user rights, and replacing the sensitive fields with imaginary data conforming to the semantic distribution and statistical characteristics of original fields; Based on the user ID, the timestamp, and the session ID, invisible diffusion watermark information is generated, and the diffusion watermark information is embedded into the background area. As a further scheme of the invention, the method for carrying out real-time decryption and block loading on the response data set based on the screen visibility mechanism comprises the following steps: Acquiring the size of a viewing port and the position of a scroll bar of a browser window, and calculating a data line index range and a data column index range which can be covered by a visual area of a screen; Extracting encrypted data blocks in the corresponding index range from the encrypted response data set according to the index range, and decrypting to obtain complete plaintext data in the visible area; Rendering a preset fuzzy placeholder at a corresponding DOM node position for data rows and columns outside the visible area of the screen; and monitoring a scrolling event of the browser in real time, and resetting the visual area of the screen when detecting that the position of the scroll bar changes. As a further aspect of the present invention, the step of identifying a sensitive numerical segment in the visible area and generating a numerical group specifically includes: identifying a sensitive numerical value section needing to implement the blinking carousel according to a preset sensitive numerical value label; Determining an original numerical value of a sensitive numerical value segment, calling a mathematical transformation function library, and generating a group of derivative numerical values which are equivalent to the original numerical value mathematically, wherein the character expression