Beispiele für die De-Identifikation von Tabellendaten

Cloud Data Loss Prevention (DLP) kann sensible Daten in strukturierten Daten erkennen, klassifizieren und de-identifizieren. Wenn Sie Inhalte als Tabelle de-identifizieren, liefern die Struktur und die Spalten Cloud DLP zusätzliche Hinweise, die in einigen Anwendungsfällen zu besseren Ergebnissen führen können. Sie können beispielsweise eine einzelne Spalte nach einem bestimmten Datentyp statt der gesamten Tabellenstruktur durchsuchen.

In diesem Thema erfahren Sie, wie Sie die De-Identifikation sensibler Daten in strukturiertem Text konfigurieren. Die De-Identifikation wird durch Eintragstransformationen aktiviert. Diese Transformationen werden auf eine ganze Spalte mit tabellarischen Daten oder Werte in tabellarischen Textdaten angewendet, die als bestimmter infoType gekennzeichnet sind.

In diesem Thema finden Sie auch Beispiele für tabellarische Datentransformationen mit der kryptografischen Hash-Methode. Die kryptografischen Transformationsmethoden sind eindeutig, da sie einen kryptografischen Schlüssel erfordern.

Der in den folgenden Beispielen angegebene JSON-Code kann in jede De-Identifikationsanfrage im Attribut "deidentifyConfig" (DeidentifyConfig) eingefügt werden. Klicken Sie auf den Link "APIs Explorer-Beispiel", um das JSON-Beispiel in APIs Explorer auszuprobieren.

Spalte ohne Inspektion transformieren

Zum Transformieren einer bestimmten Spalte, deren Inhalt bekannt ist, können Sie die Inspektion überspringen und direkt eine Transformation angeben. Im Beispiel unter der Tabelle werden die Inhalte der Spalte "HAPPINESS SCORE" zu jeweils 10 gruppiert.

Eingabe Transformierte Tabelle
AGE PATIENT HAPPINESS SCORE
101 Charles Dickens 95
22 Jane Austen 21
55 Mark Twain 75
AGE PATIENT HAPPINESS SCORE
101 Charles Dickens 90:100
22 Jane Austen 20:30
55 Mark Twain 70:80

Java


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.FieldId;
import com.google.privacy.dlp.v2.FieldTransformation;
import com.google.privacy.dlp.v2.FixedSizeBucketingConfig;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.PrimitiveTransformation;
import com.google.privacy.dlp.v2.RecordTransformations;
import com.google.privacy.dlp.v2.Table;
import com.google.privacy.dlp.v2.Table.Row;
import com.google.privacy.dlp.v2.Value;
import java.io.IOException;

public class DeIdentifyTableBucketing {

  public static void deIdentifyTableBucketing() throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    Table tableToDeIdentify = Table.newBuilder()
        .addHeaders(FieldId.newBuilder().setName("AGE").build())
        .addHeaders(FieldId.newBuilder().setName("PATIENT").build())
        .addHeaders(FieldId.newBuilder().setName("HAPPINESS SCORE").build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("101").build())
            .addValues(Value.newBuilder().setStringValue("Charles Dickens").build())
            .addValues(Value.newBuilder().setStringValue("95").build())
            .build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("22").build())
            .addValues(Value.newBuilder().setStringValue("Jane Austen").build())
            .addValues(Value.newBuilder().setStringValue("21").build())
            .build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("55").build())
            .addValues(Value.newBuilder().setStringValue("Mark Twain").build())
            .addValues(Value.newBuilder().setStringValue("75").build())
            .build())
        .build();

    deIdentifyTableBucketing(projectId, tableToDeIdentify);
  }

  public static Table deIdentifyTableBucketing(String projectId, Table tableToDeIdentify)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify what content you want the service to de-identify.
      ContentItem contentItem = ContentItem.newBuilder().setTable(tableToDeIdentify).build();

      // Specify how the content should be de-identified.
      FixedSizeBucketingConfig fixedSizeBucketingConfig =
          FixedSizeBucketingConfig.newBuilder()
              .setBucketSize(10)
              .setLowerBound(Value.newBuilder().setIntegerValue(0).build())
              .setUpperBound(Value.newBuilder().setIntegerValue(100).build())
              .build();
      PrimitiveTransformation primitiveTransformation =
          PrimitiveTransformation.newBuilder()
              .setFixedSizeBucketingConfig(fixedSizeBucketingConfig)
              .build();

      // Specify field to be encrypted.
      FieldId fieldId = FieldId.newBuilder().setName("HAPPINESS SCORE").build();

      // Associate the encryption with the specified field.
      FieldTransformation fieldTransformation =
          FieldTransformation.newBuilder()
              .setPrimitiveTransformation(primitiveTransformation)
              .addFields(fieldId)
              .build();
      RecordTransformations transformations =
          RecordTransformations.newBuilder().addFieldTransformations(fieldTransformation).build();

      DeidentifyConfig deidentifyConfig =
          DeidentifyConfig.newBuilder().setRecordTransformations(transformations).build();

      // Combine configurations into a request for the service.
      DeidentifyContentRequest request =
          DeidentifyContentRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setItem(contentItem)
              .setDeidentifyConfig(deidentifyConfig)
              .build();

      // Send the request and receive response from the service.
      DeidentifyContentResponse response = dlp.deidentifyContent(request);

      // Print the results.
      System.out.println(
          "Table after de-identification: " + response.getItem().getTable());

      return response.getItem().getTable();
    }
  }
}

Beispiel für API Explorer

"deidentifyConfig":{
  "recordTransformations":{
    "fieldTransformations":[
      {
        "fields":[
          {
            "name":"HAPPINESS SCORE"
          }
        ],
        "primitiveTransformation":{
          "fixedSizeBucketingConfig":{
            "bucketSize":10,
            "lowerBound":{
              "integerValue":"0"
            },
            "upperBound":{
              "integerValue":"100"
            }
          }
        }
      }
    ]
  }
}

Spalte basierend auf dem Wert einer anderen Spalte transformieren

Sie können eine Spalte basierend auf dem Wert einer anderen Spalte transformieren. In diesem Beispiel wird für alle Patienten über 89 der Wert "HAPPINESS SCORE" entfernt.

Eingabe Transformierte Tabelle
AGE PATIENT HAPPINESS SCORE
101 Charles Dickens 95
22 Jane Austen 21
55 Mark Twain 75
AGE PATIENT HAPPINESS SCORE
101 Charles Dickens **
22 Jane Austen 21
55 Mark Twain 75

Java


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.CharacterMaskConfig;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.FieldId;
import com.google.privacy.dlp.v2.FieldTransformation;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.PrimitiveTransformation;
import com.google.privacy.dlp.v2.RecordCondition;
import com.google.privacy.dlp.v2.RecordCondition.Condition;
import com.google.privacy.dlp.v2.RecordCondition.Conditions;
import com.google.privacy.dlp.v2.RecordCondition.Expressions;
import com.google.privacy.dlp.v2.RecordTransformations;
import com.google.privacy.dlp.v2.RelationalOperator;
import com.google.privacy.dlp.v2.Table;
import com.google.privacy.dlp.v2.Table.Row;
import com.google.privacy.dlp.v2.Value;
import java.io.IOException;

public class DeIdentifyTableConditionMasking {

  public static void deIdentifyTableConditionMasking() throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    Table tableToDeIdentify = Table.newBuilder()
        .addHeaders(FieldId.newBuilder().setName("AGE").build())
        .addHeaders(FieldId.newBuilder().setName("PATIENT").build())
        .addHeaders(FieldId.newBuilder().setName("HAPPINESS SCORE").build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("101").build())
            .addValues(Value.newBuilder().setStringValue("Charles Dickens").build())
            .addValues(Value.newBuilder().setStringValue("95").build())
            .build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("22").build())
            .addValues(Value.newBuilder().setStringValue("Jane Austen").build())
            .addValues(Value.newBuilder().setStringValue("21").build())
            .build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("55").build())
            .addValues(Value.newBuilder().setStringValue("Mark Twain").build())
            .addValues(Value.newBuilder().setStringValue("75").build())
            .build())
        .build();

    deIdentifyTableConditionMasking(projectId, tableToDeIdentify);
  }

  public static Table deIdentifyTableConditionMasking(String projectId, Table tableToDeIdentify)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify what content you want the service to de-identify.
      ContentItem contentItem = ContentItem.newBuilder().setTable(tableToDeIdentify).build();

      // Specify how the content should be de-identified.
      CharacterMaskConfig characterMaskConfig =
          CharacterMaskConfig.newBuilder()
              .setMaskingCharacter("*")
              .build();
      PrimitiveTransformation primitiveTransformation =
          PrimitiveTransformation.newBuilder()
              .setCharacterMaskConfig(characterMaskConfig)
              .build();

      // Specify field to be de-identified.
      FieldId fieldId = FieldId.newBuilder().setName("HAPPINESS SCORE").build();

      // Specify when the above field should be de-identified.
      Condition condition = Condition.newBuilder()
          .setField(FieldId.newBuilder().setName("AGE").build())
          .setOperator(RelationalOperator.GREATER_THAN)
          .setValue(Value.newBuilder().setIntegerValue(89).build())
          .build();
      // Apply the condition to records
      RecordCondition recordCondition = RecordCondition.newBuilder()
          .setExpressions(Expressions.newBuilder()
              .setConditions(Conditions.newBuilder()
                  .addConditions(condition)
                  .build())
              .build())
          .build();

      // Associate the de-identification and conditions with the specified field.
      FieldTransformation fieldTransformation =
          FieldTransformation.newBuilder()
              .setPrimitiveTransformation(primitiveTransformation)
              .addFields(fieldId)
              .setCondition(recordCondition)
              .build();
      RecordTransformations transformations =
          RecordTransformations.newBuilder().addFieldTransformations(fieldTransformation).build();

      DeidentifyConfig deidentifyConfig =
          DeidentifyConfig.newBuilder().setRecordTransformations(transformations).build();

      // Combine configurations into a request for the service.
      DeidentifyContentRequest request =
          DeidentifyContentRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setItem(contentItem)
              .setDeidentifyConfig(deidentifyConfig)
              .build();

      // Send the request and receive response from the service.
      DeidentifyContentResponse response = dlp.deidentifyContent(request);

      // Print the results.
      System.out.println(
          "Table after de-identification: " + response.getItem().getTable());

      return response.getItem().getTable();
    }
  }
}

Beispiel für API Explorer

"deidentifyConfig":{
  "recordTransformations":{
    "fieldTransformations":[
      {
        "fields":[
          {
            "name":"HAPPINESS SCORE"
          }
        ],
        "primitiveTransformation":{
          "characterMaskConfig":{
            "maskingCharacter":"*"
          }
        },
        "condition":{
          "expressions":{
            "conditions":{
              "conditions":[
                {
                  "field":{
                    "name":"AGE"
                  },
                  "operator":"GREATER_THAN",
                  "value":{
                    "integerValue":"89"
                  }
                }
              ]
            }
          }
        }
      }
    ]
  }
}

Ergebnisse in Spalten transformieren

Sie können Ergebnisse aus dem gesamten Zelleninhalt oder nur aus einem Teil davon transformieren. In diesem Beispiel werden alle Einträge PERSON_NAME anonymisiert.

Eingabe Transformierte Tabelle
AGE PATIENT HAPPINESS SCORE FACTOID
101 Charles Dickens 95 Der Name Charles Dickens war ein Fluch, der möglicherweise von Shakespeare erfunden wurde.
22 Jane Austen 21 Es gibt 14 Küsse in den Romanen von Jane Austen.
55 Mark Twain 75 Mark Twain liebte Katzen.
AGE PATIENT HAPPINESS SCORE FACTOID
101 [PERSON_NAME] 95 Der Name [PERSON_NAME] war ein Fluch, der möglicherweise von Shakespeare entwickelt wurde.
22 [PERSON_NAME] 21 Es gibt 14 Küsse in den Romanen von [PERSON_NAME].
55 [PERSON_NAME] 75 [PERSON_NAME] liebte Katzen.

Java


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.FieldId;
import com.google.privacy.dlp.v2.FieldTransformation;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InfoTypeTransformations;
import com.google.privacy.dlp.v2.InfoTypeTransformations.InfoTypeTransformation;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.PrimitiveTransformation;
import com.google.privacy.dlp.v2.RecordTransformations;
import com.google.privacy.dlp.v2.ReplaceWithInfoTypeConfig;
import com.google.privacy.dlp.v2.Table;
import com.google.privacy.dlp.v2.Table.Row;
import com.google.privacy.dlp.v2.Value;
import java.io.IOException;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;

public class DeIdentifyTableInfoTypes {

  public static void deIdentifyTableInfoTypes() throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    Table tableToDeIdentify = Table.newBuilder()
        .addHeaders(FieldId.newBuilder().setName("AGE").build())
        .addHeaders(FieldId.newBuilder().setName("PATIENT").build())
        .addHeaders(FieldId.newBuilder().setName("HAPPINESS SCORE").build())
        .addHeaders(FieldId.newBuilder().setName("FACTOID").build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("101").build())
            .addValues(Value.newBuilder().setStringValue("Charles Dickens").build())
            .addValues(Value.newBuilder().setStringValue("95").build())
            .addValues(Value.newBuilder().setStringValue(
                "Charles Dickens name was a curse, possibly invented by Shakespeare.").build())
            .build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("22").build())
            .addValues(Value.newBuilder().setStringValue("Jane Austen").build())
            .addValues(Value.newBuilder().setStringValue("21").build())
            .addValues(Value.newBuilder().setStringValue(
                "There are 14 kisses in Jane Austen's novels.").build())
            .build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("55").build())
            .addValues(Value.newBuilder().setStringValue("Mark Twain").build())
            .addValues(Value.newBuilder().setStringValue("75").build())
            .addValues(Value.newBuilder().setStringValue("Mark Twain loved cats.").build())
            .build())
        .build();

    deIdentifyTableInfoTypes(projectId, tableToDeIdentify);
  }

  public static Table deIdentifyTableInfoTypes(String projectId, Table tableToDeIdentify)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify what content you want the service to de-identify.
      ContentItem contentItem = ContentItem.newBuilder().setTable(tableToDeIdentify).build();

      // Specify how the content should be de-identified.
      // Select type of info to be replaced.
      InfoType infoType = InfoType.newBuilder().setName("PERSON_NAME").build();
      // Specify that findings should be replaced with corresponding info type name.
      ReplaceWithInfoTypeConfig replaceWithInfoTypeConfig =
          ReplaceWithInfoTypeConfig.getDefaultInstance();
      PrimitiveTransformation primitiveTransformation = PrimitiveTransformation.newBuilder()
          .setReplaceWithInfoTypeConfig(replaceWithInfoTypeConfig).build();
      // Associate info type with the replacement strategy
      InfoTypeTransformation infoTypeTransformation =
          InfoTypeTransformation.newBuilder()
              .addInfoTypes(infoType)
              .setPrimitiveTransformation(primitiveTransformation)
              .build();
      InfoTypeTransformations infoTypeTransformations =
          InfoTypeTransformations.newBuilder()
              .addTransformations(infoTypeTransformation)
              .build();

      // Specify fields to be de-identified.
      List<FieldId> fieldIds = Stream.of("PATIENT", "FACTOID")
          .map(id -> FieldId.newBuilder().setName(id).build())
          .collect(Collectors.toList());

      // Associate the de-identification and conditions with the specified field.
      FieldTransformation fieldTransformation =
          FieldTransformation.newBuilder()
              .setInfoTypeTransformations(infoTypeTransformations)
              .addAllFields(fieldIds)
              .build();
      RecordTransformations transformations =
          RecordTransformations.newBuilder().addFieldTransformations(fieldTransformation).build();

      DeidentifyConfig deidentifyConfig =
          DeidentifyConfig.newBuilder().setRecordTransformations(transformations).build();

      // Combine configurations into a request for the service.
      DeidentifyContentRequest request =
          DeidentifyContentRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setItem(contentItem)
              .setDeidentifyConfig(deidentifyConfig)
              .build();

      // Send the request and receive response from the service.
      DeidentifyContentResponse response = dlp.deidentifyContent(request);

      // Print the results.
      System.out.println(
          "Table after de-identification: " + response.getItem().getTable());

      return response.getItem().getTable();
    }
  }
}

APIs Explorer-Beispiel

"deidentifyConfig":{
  "recordTransformations":{
    "fieldTransformations":[
      {
        "infoTypeTransformations":{
          "transformations":[
            {
              "infoTypes":[
                {
                  "name":"PERSON_NAME"
                }
              ],
              "primitiveTransformation":{
                "replaceWithInfoTypeConfig":{

                }
              }
            }
          ]
        },
        "fields":[
          {
            "name":"PATIENT"
          },
          {
            "name":"FACTOID"
          }
        ]
      }
    ]
  }
}

Zeile basierend auf dem Inhalt einer Spalte unterdrücken

Sie können eine Zeile basierend auf dem Inhalt einer Spalte vollständig entfernen. In diesem Beispiel wird der Datensatz "Charles Dickens" unterdrückt, da dieser Patient über 89 Jahre alt ist.

Eingabe Transformierte Tabelle
AGE PATIENT HAPPINESS SCORE
101 Charles Dickens 95
22 Jane Austen 21
55 Mark Twain 75
AGE PATIENT HAPPINESS SCORE
22 Jane Austen 21
55 Mark Twain 75

Java


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.FieldId;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.RecordCondition;
import com.google.privacy.dlp.v2.RecordCondition.Condition;
import com.google.privacy.dlp.v2.RecordCondition.Conditions;
import com.google.privacy.dlp.v2.RecordCondition.Expressions;
import com.google.privacy.dlp.v2.RecordSuppression;
import com.google.privacy.dlp.v2.RecordTransformations;
import com.google.privacy.dlp.v2.RelationalOperator;
import com.google.privacy.dlp.v2.Table;
import com.google.privacy.dlp.v2.Table.Row;
import com.google.privacy.dlp.v2.Value;
import java.io.IOException;

public class DeIdentifyTableRowSuppress {

  public static void deIdentifyTableRowSuppress() throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    Table tableToDeIdentify = Table.newBuilder()
        .addHeaders(FieldId.newBuilder().setName("AGE").build())
        .addHeaders(FieldId.newBuilder().setName("PATIENT").build())
        .addHeaders(FieldId.newBuilder().setName("HAPPINESS SCORE").build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("101").build())
            .addValues(Value.newBuilder().setStringValue("Charles Dickens").build())
            .addValues(Value.newBuilder().setStringValue("95").build())
            .build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("22").build())
            .addValues(Value.newBuilder().setStringValue("Jane Austen").build())
            .addValues(Value.newBuilder().setStringValue("21").build())
            .build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("55").build())
            .addValues(Value.newBuilder().setStringValue("Mark Twain").build())
            .addValues(Value.newBuilder().setStringValue("75").build())
            .build())
        .build();

    deIdentifyTableRowSuppress(projectId, tableToDeIdentify);
  }

  public static Table deIdentifyTableRowSuppress(String projectId, Table tableToDeIdentify)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify what content you want the service to de-identify.
      ContentItem contentItem = ContentItem.newBuilder().setTable(tableToDeIdentify).build();

      // Specify when the content should be de-identified.
      Condition condition = Condition.newBuilder()
          .setField(FieldId.newBuilder().setName("AGE").build())
          .setOperator(RelationalOperator.GREATER_THAN)
          .setValue(Value.newBuilder().setIntegerValue(89).build()).build();
      // Apply the condition to record suppression.
      RecordSuppression recordSuppressions =
          RecordSuppression.newBuilder()
              .setCondition(RecordCondition.newBuilder()
                  .setExpressions(Expressions.newBuilder()
                      .setConditions(Conditions.newBuilder().addConditions(condition).build())
                      .build())
                  .build())
              .build();
      // Use record suppression as the only transformation
      RecordTransformations transformations =
          RecordTransformations.newBuilder()
              .addRecordSuppressions(recordSuppressions)
              .build();

      DeidentifyConfig deidentifyConfig =
          DeidentifyConfig.newBuilder().setRecordTransformations(transformations).build();

      // Combine configurations into a request for the service.
      DeidentifyContentRequest request =
          DeidentifyContentRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setItem(contentItem)
              .setDeidentifyConfig(deidentifyConfig)
              .build();

      // Send the request and receive response from the service.
      DeidentifyContentResponse response = dlp.deidentifyContent(request);

      // Print the results.
      System.out.println(
          "Table after de-identification: " + response.getItem().getTable());

      return response.getItem().getTable();
    }
  }
}

APIs Explorer-Beispiel

"deidentifyConfig":{
  "recordTransformations":{
    "recordSuppressions":[
      {
        "condition":{
          "expressions":{
            "conditions":{
              "conditions":[
                {
                  "field":{
                    "name":"AGE"
                  },
                  "operator":"GREATER_THAN",
                  "value":{
                    "integerValue":"89"
                  }
                }
              ]
            }
          }
        }
      }
    ]
  }
}

Ergebnisse nur transformieren, wenn bestimmte Bedingungen für ein anderes Feld erfüllt sind

In diesem Beispiel werden die Ergebnisse von PERSON_NAME nur entfernt, wenn die Spalte "AGE" angibt, dass der Patient über 89 Jahre alt ist.

Eingabe Transformierte Tabelle
AGE PATIENT HAPPINESS SCORE FACTOID
101 Charles Dickens 95 Der Name Charles Dickens war ein Fluch, der möglicherweise von Shakespeare erfunden wurde.
22 Jane Austen 21 Es gibt 14 Küsse in den Romanen von Jane Austen.
55 Mark Twain 75 Mark Twain liebte Katzen.
AGE PATIENT HAPPINESS SCORE FACTOID
101 [PERSON_NAME] 95 [PERSON_NAME] war ein Fluch, der möglicherweise von [PERSON_NAME] erfunden wurde.
22 Jane Austen 21 Es gibt 14 Küsse in den Romanen von Jane Austen.
55 Mark Twain 75 Mark Twain liebte Katzen.

Java


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.FieldId;
import com.google.privacy.dlp.v2.FieldTransformation;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InfoTypeTransformations;
import com.google.privacy.dlp.v2.InfoTypeTransformations.InfoTypeTransformation;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.PrimitiveTransformation;
import com.google.privacy.dlp.v2.RecordCondition;
import com.google.privacy.dlp.v2.RecordCondition.Condition;
import com.google.privacy.dlp.v2.RecordCondition.Conditions;
import com.google.privacy.dlp.v2.RecordCondition.Expressions;
import com.google.privacy.dlp.v2.RecordTransformations;
import com.google.privacy.dlp.v2.RelationalOperator;
import com.google.privacy.dlp.v2.ReplaceWithInfoTypeConfig;
import com.google.privacy.dlp.v2.Table;
import com.google.privacy.dlp.v2.Table.Row;
import com.google.privacy.dlp.v2.Value;
import java.io.IOException;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;

public class DeIdentifyTableConditionInfoTypes {

  public static void deIdentifyTableConditionInfoTypes() throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    Table tableToDeIdentify = Table.newBuilder()
        .addHeaders(FieldId.newBuilder().setName("AGE").build())
        .addHeaders(FieldId.newBuilder().setName("PATIENT").build())
        .addHeaders(FieldId.newBuilder().setName("HAPPINESS SCORE").build())
        .addHeaders(FieldId.newBuilder().setName("FACTOID").build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("101").build())
            .addValues(Value.newBuilder().setStringValue("Charles Dickens").build())
            .addValues(Value.newBuilder().setStringValue("95").build())
            .addValues(Value.newBuilder().setStringValue(
                "Charles Dickens name was a curse, possibly invented by Shakespeare.").build())
            .build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("22").build())
            .addValues(Value.newBuilder().setStringValue("Jane Austen").build())
            .addValues(Value.newBuilder().setStringValue("21").build())
            .addValues(Value.newBuilder().setStringValue(
                "There are 14 kisses in Jane Austen's novels.").build())
            .build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("55").build())
            .addValues(Value.newBuilder().setStringValue("Mark Twain").build())
            .addValues(Value.newBuilder().setStringValue("75").build())
            .addValues(Value.newBuilder().setStringValue("Mark Twain loved cats.").build())
            .build())
        .build();

    deIdentifyTableConditionInfoTypes(projectId, tableToDeIdentify);
  }

  public static Table deIdentifyTableConditionInfoTypes(String projectId, Table tableToDeIdentify)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify what content you want the service to de-identify.
      ContentItem contentItem = ContentItem.newBuilder().setTable(tableToDeIdentify).build();

      // Specify how the content should be de-identified.
      // Select type of info to be replaced.
      InfoType infoType = InfoType.newBuilder().setName("PERSON_NAME").build();
      // Specify that findings should be replaced with corresponding info type name.
      ReplaceWithInfoTypeConfig replaceWithInfoTypeConfig =
          ReplaceWithInfoTypeConfig.getDefaultInstance();
      PrimitiveTransformation primitiveTransformation = PrimitiveTransformation.newBuilder()
          .setReplaceWithInfoTypeConfig(replaceWithInfoTypeConfig).build();
      // Associate info type with the replacement strategy
      InfoTypeTransformation infoTypeTransformation =
          InfoTypeTransformation.newBuilder()
              .addInfoTypes(infoType)
              .setPrimitiveTransformation(primitiveTransformation)
              .build();
      InfoTypeTransformations infoTypeTransformations =
          InfoTypeTransformations.newBuilder()
              .addTransformations(infoTypeTransformation)
              .build();

      // Specify fields to be de-identified.
      List<FieldId> fieldIds = Stream.of("PATIENT", "FACTOID")
          .map(id -> FieldId.newBuilder().setName(id).build())
          .collect(Collectors.toList());

      // Specify when the above fields should be de-identified.
      Condition condition = Condition.newBuilder()
          .setField(FieldId.newBuilder().setName("AGE").build())
          .setOperator(RelationalOperator.GREATER_THAN)
          .setValue(Value.newBuilder().setIntegerValue(89).build())
          .build();
      // Apply the condition to records
      RecordCondition recordCondition = RecordCondition.newBuilder()
          .setExpressions(Expressions.newBuilder()
              .setConditions(Conditions.newBuilder()
                  .addConditions(condition)
                  .build())
              .build())
          .build();

      // Associate the de-identification and conditions with the specified fields.
      FieldTransformation fieldTransformation =
          FieldTransformation.newBuilder()
              .setInfoTypeTransformations(infoTypeTransformations)
              .addAllFields(fieldIds)
              .setCondition(recordCondition)
              .build();
      RecordTransformations transformations =
          RecordTransformations.newBuilder().addFieldTransformations(fieldTransformation).build();

      DeidentifyConfig deidentifyConfig =
          DeidentifyConfig.newBuilder().setRecordTransformations(transformations).build();

      // Combine configurations into a request for the service.
      DeidentifyContentRequest request =
          DeidentifyContentRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setItem(contentItem)
              .setDeidentifyConfig(deidentifyConfig)
              .build();

      // Send the request and receive response from the service.
      DeidentifyContentResponse response = dlp.deidentifyContent(request);

      // Print the results.
      System.out.println(
          "Table after de-identification: " + response.getItem().getTable());

      return response.getItem().getTable();
    }
  }
}

APIs Explorer-Beispiel

"deidentifyConfig":{
  "recordTransformations":{
    "fieldTransformations":[
      {
        "infoTypeTransformations":{
          "transformations":[
            {
              "infoTypes":[
                {
                  "name":"PERSON_NAME"
                }
              ],
              "primitiveTransformation":{
                "replaceWithInfoTypeConfig":{

                }
              }
            }
          ]
        },
        "fields":[
          {
            "name":"PATIENT"
          },
          {
            "name":"FACTOID"
          }
        ],
        "condition":{
          "expressions":{
            "conditions":{
              "conditions":[
                {
                  "field":{
                    "name":"AGE"
                  },
                  "operator":"GREATER_THAN",
                  "value":{
                    "integerValue":"89"
                  }
                }
              ]
            }
          }
        }
      }
    ]
  }
}

Ergebnisse mithilfe einer kryptografischen Hashtransformation transformieren

In den folgenden JSON-Beispielen wird die Cloud DLP API mithilfe von infoType-Transformationen angewiesen, die gesamte Tabellenstruktur auf bestimmte infoTypes zu untersuchen und dann die übereinstimmenden Werte mit einem Transient CryptoKey zu verschlüsseln.

Im folgenden Beispiel wird die De-Identifikation von zwei infoTypes mithilfe einer kryptografischen Hash-Transformation veranschaulicht.

Eingabe

Nutzer-ID Kommentare
user1@example.org Meine E-Mail-Adresse lautet user1@example.org und meine Telefonnummer ist 858-555-0222
user2@example.org Meine E-Mail-Adresse lautet user2@example.org und meine Telefonnummer ist 858-555-0223
user3@example.org Meine E-Mail-Adresse lautet user3@example.org und meine Telefonnummer ist 858-555 0224

Transformierte Tabelle:

Nutzer-ID Kommentare
1kSfj3Op64MH1BiznupEpX0BdQrHMm62X6abgsPH5zM= Meine E-Mail-Adresse lautet 1kSfj3Op64MH1BiznupEpX0BdQrHMm62X6abgsPH5zM= und meine Telefonnummer ist hYXPcsJNBCe1rr51sHiVw2KhtoyMe4HEFKNHWFcDVm0=
4ESy7+rEN8NVaUJ6J7kwvcgW8wcm0cm5gbBAcu6SfdM= Meine E-Mail lautet 4ESy7 + rEN8NVaUJ6J7kwvcgW8wcm0cm5gbBAcu6SfdM= und meine Telefonnummer ist KKqW1tQwgvGiC6iWJHhLiz2enNSEFRzhmLOf9fSTxRw=
bu1blyd/mbjLmpF2Rdi6zpgsLatSwpJLVki2fMeudM0= Meine E-Mail-Adresse lautet bu1blyd/MBJLMPF2Rdi6zpgsLatSwpJLVki2fMeudM0= und meine Telefonnummer ist eNt7qtZVLmxRb8z8NBR/+ z00In07 CI3hEMStbwofWoc=

APIs Explorer-Beispiel

{
  "inspectConfig":{
    "infoTypes":[
      {
        "name":"EMAIL_ADDRESS"
      },
      {
        "name":"PHONE_NUMBER"
      }
    ]
  },
  "deidentifyConfig":{
    "infoTypeTransformations":{
      "transformations":[
        {
          "infoTypes":[
            {
              "name":"EMAIL_ADDRESS"
            },
            {
              "name":"PHONE_NUMBER"
            }
          ],
          "primitiveTransformation":{
            "cryptoHashConfig":{
              "cryptoKey":{
                "transient":{
                  "name":"[TRANSIENT-CRYPTO-KEY]"
                }
              }
            }
          }
        }
      ]
    }
  },
  "item":{
    "table":{
      "headers":[
        {
          "name":"userid"
        },
        {
          "name":"comments"
        }
      ],
      "rows":[
        {
          "values":[
            {
              "stringValue":"abby_abernathy@example.org"
            },
            {
              "stringValue":"my email is abby_abernathy@example.org and phone is 858-555-0222"
            }
          ]
        },
        {
          "values":[
            {
              "stringValue":"bert_beauregard@example.org"
            },
            {
              "stringValue":"my email is bert_beauregard@example.org and phone is 858-555-0223"
            }
          ]
        },
        {
          "values":[
            {
              "stringValue":"cathy_crenshaw@example.org"
            },
            {
              "stringValue":"my email is cathy_crenshaw@example.org and phone is 858-555-0224"
            }
          ]
        }
      ]
    }
  }
}

Ergebnisse mithilfe von zwei separaten kryptografischen Hashtransformationen transformieren

Dieses Beispiel zeigt, wie Sie innerhalb einer einzelnen De-Identifizierungskonfiguration verschiedene kryptografische Schlüssel in verschiedenen Transformationen verwenden können. Zuerst wird eine Feldtransformation für das Feld "userid" deklariert. Diese Transformation enthält keine infoType-Transformationen, sodass das Feld "userid" in jeder Zeile unabhängig vom Datentyp transformiert wird. Dann wird eine weitere Feldtransformation deklariert, und zwar die des Felds "comments".

Eingabe

Nutzer-ID Kommentare
user1@example.org Meine E-Mail-Adresse lautet user1@example.org und meine Telefonnummer ist 858-555-0222
abbyabernathy1 Meine Nutzer-ID lautet abbyabernathy1 und meine E-Mail-Adresse aabernathy@example.com

Transformierte Tabelle:

Nutzer-ID Kommentare
5WvS4+aJtCCwWWG79cmRNamDgyvJ+CkuwNpA2gaR1VQ= Meine E-Mail-Adresse lautet vjqGLaA6 + NUUnZAWXpI72lU1GfwQdoku7XqWaJPcvQQ= und meine Telefonnummer ist BY + mSXXTu6mOoX5pr0Xbse60uelsSHmwRCq6HcscKtk=
t0dOmHvkT0VsM++SVmESVKHenLkmhBmFezH3hSDldDg= Meine Nutzer-ID lautet abbyabernathy1 und meine E-Mail-Adresse TQ3ancdUn9zgwO5qe6ahkmVrBuNhvlMknxjPjIt0N2w=

APIs Explorer-Beispiel

{
  "inspectConfig":{
    "infoTypes":[
      {
        "name":"EMAIL_ADDRESS"
      },
      {
        "name":"PHONE_NUMBER"
      }
    ]
  },
  "deidentifyConfig":{
    "recordTransformations":{
      "fieldTransformations":[
        {
          "fields":[
            {
              "name":"userid"
            }
          ],
          "primitiveTransformation":{
            "cryptoHashConfig":{
              "cryptoKey":{
                "transient":{
                  "name":"[TRANSIENT-CRYPTO-KEY-1]"
                }
              }
            }
          }
        },
        {
          "fields":[
            {
              "name":"comments"
            }
          ],
          "infoTypeTransformations":{
            "transformations":[
              {
                "infoTypes":[
                  {
                    "name":"PHONE_NUMBER"
                  },
                  {
                    "name":"EMAIL_ADDRESS"
                  }
                ],
                "primitiveTransformation":{
                  "cryptoHashConfig":{
                    "cryptoKey":{
                      "transient":{
                        "name":"[TRANSIENT-CRYPTO-KEY-2]"
                      }
                    }
                  }
                }
              }
            ]
          }
        }
      ]
    }
  },
  "item":{
    "table":{
      "headers":[
        {
          "name":"userid"
        },
        {
          "name":"comments"
        }
      ],
      "rows":[
        {
          "values":[
            {
              "stringValue":"user1@example.org"
            },
            {
              "stringValue":"my email is user1@example.org and phone is 858-333-2222"
            }
          ]
        },
        {
          "values":[
            {
              "stringValue":"abbyabernathy1"
            },
            {
              "stringValue":"my userid is abbyabernathy1 and my email is aabernathy@example.com"
            }
          ]
        }
      ]
    }
  }
}