Google Cloud DLP使用确定性加密重新识别PII数据 [英] Google Cloud DLP Re-identify PII data using Deterministic encryption

问题描述

我正在与Google进行实验，文章提供了使用AES-SIV使用确定性加密来重新识别信用卡号的信息

I was experimenting with Google provided the article to re-identify Credit Card Number using Deterministic encryption using AES-SIV

https://cloud.google.com/solutions/creating-cloud-dlp-de-identification-transformation-templates-pii-dataset#creating_a_key_encryption_key_kek

因此，我已经创建了一个Google DLP模板来取消识别数据，并且如果我们提供带有正确标题名称的3行csv，则在该模板的测试选项中它会起作用[我正在使用记录类型模板]

Accordingly, I have created a google DLP template to de-identify data and in the test option of the template it is working if we provide a 3 line csv with correct header names [I am using record type template]

DLP模板

DLP模板测试

根据以下提供的链接和视频，可以使用相同的模板将数据重新标识回原始数据

As per the following link and video provided, the same template can be used to re-identify the data back to the original

" Cloud DLP可以在以下位置执行取消标识和重新标识使用RecordTransformation的整个列而没有替代注释."

"Cloud DLP can perform both de-identification and re-identification on an entire column using a RecordTransformation without a surrogate annotation."

https://cloud.google.com/dlp/docs/pseudonymization#cryptographic-hashing

但是，当我们尝试相同的操作时，它会再次将其重新编码为如下所示的新编码值.

But when we tried the same, it is re-encoding it again to a newly encoded value as per below.

DLP模板重新标识无效

请让我知道我在做错什么，以及如何使用AES-SIV成功使用确定性加密来重新识别PII

注意:这是我继续阅读前一篇文章时遇到的相同行为，但在博客中无法正常工作以重新标识数据

Note: This was the same behavior I got when I continued through the article ahead and did not work as expected in the blog to re-identify the data

https://cloud.google.com/solutions/validating-de-identified-data-bigquery-re-identifying-pii-data

推荐答案

您无法在控制台上重新进行身份验证，需要为此使用API​​.而且，因为您不使用代理前缀，所以必须使用JSON重建表(这样做很无聊...您也可以编写脚本).

You can't re-authenticate on the console, you need to use the API for this. And, because you don't use surrogate prefix, you have to rebuild your table in JSON (and it's boring to do... Or you can script it).

您具有 API的完整详细信息

要登顶的JSON:表格(您已识别的表格和模板使用)

The JSON to summit: the table (your deidenticated table and the template use)

{
  "item": {
    "table": {
      "headers": [
        {
          "name": "id"
        },
        {
          "name": "phone"
        },
        {
          "name": "email"
        }
      ],
      "rows": [
        {
          "values": [
            {
              "stringValue": "1"
            },
            {
              "stringValue": "ASoxvJC6oo4fCgKm+ppgT6j2lSqdj179SbLc"
            },
            {
              "stringValue": "ARkspehZ720J0f/r5zqlVN65PS756cxQDbwSniZ+g8iV"
            }
          ]
        },
        {
          "values": [
            {
              "stringValue": "2"
            },
            {
              "stringValue": "ATfmBVs25TEGYHLu+6DBBhpq6dk8LSJq+XyR"
            },
            {
              "stringValue": "AZZhJLTmQKjlcXEROCRPu9u81G98/SBac/AlWXwtgiYe"
            }
          ]
        }
      ]
    }
  },
  "reidentifyTemplateName": "projects/<YOUR_PROJECT>/locations/global/deidentifyTemplates/test-email-DeId"
}

我将内容保存在名为 dlpdata.json

卷曲请求以调用API

The curl request to call the API

curl -H "Content-type: application/json"  \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -X POST -d @dlpdata.json \
     https://dlp.googleapis.com/v2/projects/<YOUR_PROJECT>/content:reidentify

这篇关于Google Cloud DLP使用确定性加密重新识别PII数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！