Skip to main content

Managing Desensitization Algorithms

Desensitization algorithms are an essential feature of NineData's sensitive data protection solution, ensuring that sensitive information is effectively protected during storage, transmission, or display. By using desensitization algorithms, the system can encrypt or mask the data in sensitive columns, preventing unauthorized users from accessing or stealing sensitive information.

Prerequisites

  • You have created or joined an organization, and this organization has subscribed to either or . Please ensure that your annual or monthly subscription is still active. For more information, please refer to Manage Organizations.
  • Your current account has switched to the target organization. For more information, please refer to Switching to an Organization.

Creating Desensitization Algorithms

NineData's sensitive data has predefined 33 desensitization algorithms, covering most of the desensitization methods. If these desensitization algorithms do not include your scenario, you can create new desensitization algorithms yourself.

  1. Log in to the NineData Console.
  2. In the left navigation bar, click >.

  1. Click on the tab on the page, and then click on in the upper right corner of the page.

    tip

    You can also click on in the column on the right side of the target desensitization algorithm, to customize a new desensitization algorithm based on the existing one.

  2. Define the following parameters for the desensitization algorithm, and then click on .

    Parameter
    		Description
    Enter the name of the desensitization algorithm.
    Select the type of desensitization algorithm, more information, please refer to Appendix: List of Algorithm Types.
    Enter a description of the desensitization algorithm to save on later communication costs.

    In the on the right side of the page, you can enter example data, and then click on , in you can preview the desensitization effect.

Deleting Desensitization Algorithms

If a custom desensitization algorithm is no longer in use, it can be deleted.

Notes

  • Only manually created desensitization algorithms are supported for deletion, system predefined ones cannot be deleted.
  • When deleting a desensitization algorithm, please ensure that the algorithm is not associated with any table fields and sensitive data types, otherwise it cannot be deleted.

Operation Steps

  1. Log in to the NineData Console.
  2. In the left navigation bar, click >.

  1. Click on the tab on the page, and click on in the column on the right side of the target desensitization algorithm.

  2. In the pop-up window, click on to proceed.

Appendix: List of Algorithm Types

Algorithm Type
DescriptionMasking Effect
Replaces all characters of sensitive data with specific symbols, fully hiding the original content. This algorithm provides the following configurable parameter:
: You can input any character, and the masked portion of the original content will be replaced by this character.
  • Before masking: NineData
  • After masking: ********
Masks only specific position characters in the data field, leaving the rest visible to display part of the content. This algorithm provides the following configurable parameters:
  • : You can input any character, and the masked portion of the original content will be replaced by this character.
  • : Defines the positions of characters to mask in the format (start position, end position). For example, (5, -5) masks all content from the 5th character from the left to the 4th character from the right.
  • Before masking: Zhejiang Province, City, District, Street
  • After masking: Zhejiang Province********
Replaces specific characters in the data field with a specified symbol, often used to mask certain characters of sensitive information. This algorithm provides the following configurable parameters:
  • : You can input any character, and the masked portion of the original content will be replaced by this character.
  • : Defines the character(s) to be masked. For example, Zhang San, all instances of Zhang San in the target field will be replaced or masked.
  • Before masking: Owner: Zhang San
  • After masking: Owner: **
MD5Uses the MD5 algorithm to convert the target data into a 32-character hash value. This algorithm provides the following configurable parameter:
: A salt value can be added to the original data, which can be any random data to enhance the uniqueness and security of the hash.
  • Before masking: 12345
  • After masking: 109889f941...
SHA1Uses the SHA1 algorithm to convert the target data into a 40-character hash value. This algorithm provides the following configurable parameter:
: A salt value can be added to the original data, which can be any random data to enhance the uniqueness and security of the hash.
  • Before masking: 12345
  • After masking: b85ec06d48...
SHA256Uses the SHA256 algorithm to convert the target data into a 64-character hash value. This algorithm provides the following configurable parameter:
: A salt value can be added to the original data, which can be any random data to enhance the uniqueness and security of the hash.
  • Before masking: 12345
  • After masking: e2f5e4f6f0...
AESA symmetric encryption algorithm widely used for data protection. Symmetric encryption means that the same key is used to both encrypt and decrypt the data. AES requires a 16-digit numeric password as the encryption key.
: Input a 16-digit numeric password.
  • Before masking: 12345
  • After masking: M5RMO9SiEl...
Last updated on