Exemplos de desidentificação de dados tabulares

O Cloud Data Loss Prevention (DLP) pode detectar, classificar e desidentificar dados confidenciais em dados estruturados. Ao desidentificar um conteúdo, como uma tabela, a estrutura e as colunas fornecem ao Cloud DLP pistas adicionais que podem permitir que ele ofereça resultados melhores para alguns casos de uso. Por exemplo, é possível verificar uma única coluna para um determinado tipo de dado em vez de toda a estrutura da tabela.

Este tópico fornece exemplos de como configurar a desidentificação de dados confidenciais no texto estruturado. A desidentificação é ativada por meio de transformações de registro. Essas transformações são aplicadas a valores em uma coluna inteira de dados tabulares ou dentro de dados do texto tabular que são identificados como um infoType específico.

Este tópico também fornece exemplos de transformações de dados tabulares usando o método de hash criptográfico. Os métodos de transformação criptográfica são únicos devido à necessidade de uma chave criptográfica.

O JSON fornecido nos exemplos a seguir pode ser inserido em qualquer solicitação de desidentificação dentro do atributo "deidentifyConfig" (DeidentifyConfig). Clique no link "Exemplo das APIs Explorer" para testar o JSON de exemplo nas APIs Explorer.

Transformar uma coluna sem inspeção

Para transformar uma coluna específica na qual o conteúdo já é conhecido, pule a inspeção e especifique uma transformação diretamente. O exemplo depois da tabela agrupa a coluna "ÍNDICE DE FELICIDADE" em incrementos de 10.

Entrada Tabela transformada
IDADE PACIENTE ÍNDICE DE FELICIDADE
101 Charles Dickens 95
22 Jane Austen 21
55 Mark Twain 75
IDADE PACIENTE ÍNDICE DE FELICIDADE
101 Charles Dickens 90:100
22 Jane Austen 20:30
55 Mark Twain 70:80

Java


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.FieldId;
import com.google.privacy.dlp.v2.FieldTransformation;
import com.google.privacy.dlp.v2.FixedSizeBucketingConfig;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.PrimitiveTransformation;
import com.google.privacy.dlp.v2.RecordTransformations;
import com.google.privacy.dlp.v2.Table;
import com.google.privacy.dlp.v2.Table.Row;
import com.google.privacy.dlp.v2.Value;
import java.io.IOException;

public class DeIdentifyTableBucketing {

  public static void deIdentifyTableBucketing() throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    Table tableToDeIdentify = Table.newBuilder()
        .addHeaders(FieldId.newBuilder().setName("AGE").build())
        .addHeaders(FieldId.newBuilder().setName("PATIENT").build())
        .addHeaders(FieldId.newBuilder().setName("HAPPINESS SCORE").build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("101").build())
            .addValues(Value.newBuilder().setStringValue("Charles Dickens").build())
            .addValues(Value.newBuilder().setStringValue("95").build())
            .build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("22").build())
            .addValues(Value.newBuilder().setStringValue("Jane Austen").build())
            .addValues(Value.newBuilder().setStringValue("21").build())
            .build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("55").build())
            .addValues(Value.newBuilder().setStringValue("Mark Twain").build())
            .addValues(Value.newBuilder().setStringValue("75").build())
            .build())
        .build();

    deIdentifyTableBucketing(projectId, tableToDeIdentify);
  }

  public static Table deIdentifyTableBucketing(String projectId, Table tableToDeIdentify)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify what content you want the service to de-identify.
      ContentItem contentItem = ContentItem.newBuilder().setTable(tableToDeIdentify).build();

      // Specify how the content should be de-identified.
      FixedSizeBucketingConfig fixedSizeBucketingConfig =
          FixedSizeBucketingConfig.newBuilder()
              .setBucketSize(10)
              .setLowerBound(Value.newBuilder().setIntegerValue(0).build())
              .setUpperBound(Value.newBuilder().setIntegerValue(100).build())
              .build();
      PrimitiveTransformation primitiveTransformation =
          PrimitiveTransformation.newBuilder()
              .setFixedSizeBucketingConfig(fixedSizeBucketingConfig)
              .build();

      // Specify field to be encrypted.
      FieldId fieldId = FieldId.newBuilder().setName("HAPPINESS SCORE").build();

      // Associate the encryption with the specified field.
      FieldTransformation fieldTransformation =
          FieldTransformation.newBuilder()
              .setPrimitiveTransformation(primitiveTransformation)
              .addFields(fieldId)
              .build();
      RecordTransformations transformations =
          RecordTransformations.newBuilder().addFieldTransformations(fieldTransformation).build();

      DeidentifyConfig deidentifyConfig =
          DeidentifyConfig.newBuilder().setRecordTransformations(transformations).build();

      // Combine configurations into a request for the service.
      DeidentifyContentRequest request =
          DeidentifyContentRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setItem(contentItem)
              .setDeidentifyConfig(deidentifyConfig)
              .build();

      // Send the request and receive response from the service.
      DeidentifyContentResponse response = dlp.deidentifyContent(request);

      // Print the results.
      System.out.println(
          "Table after de-identification: " + response.getItem().getTable());

      return response.getItem().getTable();
    }
  }
}

Exemplo da API Explorer

"deidentifyConfig":{
  "recordTransformations":{
    "fieldTransformations":[
      {
        "fields":[
          {
            "name":"HAPPINESS SCORE"
          }
        ],
        "primitiveTransformation":{
          "fixedSizeBucketingConfig":{
            "bucketSize":10,
            "lowerBound":{
              "integerValue":"0"
            },
            "upperBound":{
              "integerValue":"100"
            }
          }
        }
      }
    ]
  }
}

Transformar uma coluna com base no valor de outra coluna

É possível transformar uma coluna com base no valor de outra. Este exemplo edita o "ÍNDICE DE FELICIDADE" para todos os pacientes com mais de 89 anos.

Entrada Tabela transformada
IDADE PACIENTE ÍNDICE DE FELICIDADE
101 Charles Dickens 95
22 Jane Austen 21
55 Mark Twain 75
IDADE PACIENTE ÍNDICE DE FELICIDADE
101 Charles Dickens **
22 Jane Austen 21
55 Mark Twain 75

Java


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.CharacterMaskConfig;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.FieldId;
import com.google.privacy.dlp.v2.FieldTransformation;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.PrimitiveTransformation;
import com.google.privacy.dlp.v2.RecordCondition;
import com.google.privacy.dlp.v2.RecordCondition.Condition;
import com.google.privacy.dlp.v2.RecordCondition.Conditions;
import com.google.privacy.dlp.v2.RecordCondition.Expressions;
import com.google.privacy.dlp.v2.RecordTransformations;
import com.google.privacy.dlp.v2.RelationalOperator;
import com.google.privacy.dlp.v2.Table;
import com.google.privacy.dlp.v2.Table.Row;
import com.google.privacy.dlp.v2.Value;
import java.io.IOException;

public class DeIdentifyTableConditionMasking {

  public static void deIdentifyTableConditionMasking() throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    Table tableToDeIdentify = Table.newBuilder()
        .addHeaders(FieldId.newBuilder().setName("AGE").build())
        .addHeaders(FieldId.newBuilder().setName("PATIENT").build())
        .addHeaders(FieldId.newBuilder().setName("HAPPINESS SCORE").build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("101").build())
            .addValues(Value.newBuilder().setStringValue("Charles Dickens").build())
            .addValues(Value.newBuilder().setStringValue("95").build())
            .build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("22").build())
            .addValues(Value.newBuilder().setStringValue("Jane Austen").build())
            .addValues(Value.newBuilder().setStringValue("21").build())
            .build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("55").build())
            .addValues(Value.newBuilder().setStringValue("Mark Twain").build())
            .addValues(Value.newBuilder().setStringValue("75").build())
            .build())
        .build();

    deIdentifyTableConditionMasking(projectId, tableToDeIdentify);
  }

  public static Table deIdentifyTableConditionMasking(String projectId, Table tableToDeIdentify)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify what content you want the service to de-identify.
      ContentItem contentItem = ContentItem.newBuilder().setTable(tableToDeIdentify).build();

      // Specify how the content should be de-identified.
      CharacterMaskConfig characterMaskConfig =
          CharacterMaskConfig.newBuilder()
              .setMaskingCharacter("*")
              .build();
      PrimitiveTransformation primitiveTransformation =
          PrimitiveTransformation.newBuilder()
              .setCharacterMaskConfig(characterMaskConfig)
              .build();

      // Specify field to be de-identified.
      FieldId fieldId = FieldId.newBuilder().setName("HAPPINESS SCORE").build();

      // Specify when the above field should be de-identified.
      Condition condition = Condition.newBuilder()
          .setField(FieldId.newBuilder().setName("AGE").build())
          .setOperator(RelationalOperator.GREATER_THAN)
          .setValue(Value.newBuilder().setIntegerValue(89).build())
          .build();
      // Apply the condition to records
      RecordCondition recordCondition = RecordCondition.newBuilder()
          .setExpressions(Expressions.newBuilder()
              .setConditions(Conditions.newBuilder()
                  .addConditions(condition)
                  .build())
              .build())
          .build();

      // Associate the de-identification and conditions with the specified field.
      FieldTransformation fieldTransformation =
          FieldTransformation.newBuilder()
              .setPrimitiveTransformation(primitiveTransformation)
              .addFields(fieldId)
              .setCondition(recordCondition)
              .build();
      RecordTransformations transformations =
          RecordTransformations.newBuilder().addFieldTransformations(fieldTransformation).build();

      DeidentifyConfig deidentifyConfig =
          DeidentifyConfig.newBuilder().setRecordTransformations(transformations).build();

      // Combine configurations into a request for the service.
      DeidentifyContentRequest request =
          DeidentifyContentRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setItem(contentItem)
              .setDeidentifyConfig(deidentifyConfig)
              .build();

      // Send the request and receive response from the service.
      DeidentifyContentResponse response = dlp.deidentifyContent(request);

      // Print the results.
      System.out.println(
          "Table after de-identification: " + response.getItem().getTable());

      return response.getItem().getTable();
    }
  }
}

Exemplo da API Explorer

"deidentifyConfig":{
  "recordTransformations":{
    "fieldTransformations":[
      {
        "fields":[
          {
            "name":"HAPPINESS SCORE"
          }
        ],
        "primitiveTransformation":{
          "characterMaskConfig":{
            "maskingCharacter":"*"
          }
        },
        "condition":{
          "expressions":{
            "conditions":{
              "conditions":[
                {
                  "field":{
                    "name":"AGE"
                  },
                  "operator":"GREATER_THAN",
                  "value":{
                    "integerValue":"89"
                  }
                }
              ]
            }
          }
        }
      }
    ]
  }
}

Transformar as descobertas encontradas nas colunas

Também é possível transformar as descobertas que compõem apenas parte ou todo o conteúdo de uma célula. Neste exemplo, todas as instâncias de PERSON_NAME são anônimas.

Entrada Tabela transformada
IDADE PACIENTE ÍNDICE DE FELICIDADE FACTOIDE
101 Charles Dickens 95 O nome Charles Dickens era uma maldição e, possivelmente, foi inventado por Shakespeare.
22 Jane Austen 21 Há 14 beijos nos romances de Jane Austen.
55 Mark Twain 75 Mark Twain adorava gatos.
IDADE PACIENTE ÍNDICE DE FELICIDADE FACTOIDE
101 [PERSON_NAME] 95 O nome [PERSON_NAME] era uma maldição, possivelmente inventado por Shakespeare.
22 [PERSON_NAME] 21 Há 14 beijos nos romances de [PERSON_NAME].
55 [PERSON_NAME] 75 [PERSON_NAME] amava gatos.

Java


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.FieldId;
import com.google.privacy.dlp.v2.FieldTransformation;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InfoTypeTransformations;
import com.google.privacy.dlp.v2.InfoTypeTransformations.InfoTypeTransformation;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.PrimitiveTransformation;
import com.google.privacy.dlp.v2.RecordTransformations;
import com.google.privacy.dlp.v2.ReplaceWithInfoTypeConfig;
import com.google.privacy.dlp.v2.Table;
import com.google.privacy.dlp.v2.Table.Row;
import com.google.privacy.dlp.v2.Value;
import java.io.IOException;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;

public class DeIdentifyTableInfoTypes {

  public static void deIdentifyTableInfoTypes() throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    Table tableToDeIdentify = Table.newBuilder()
        .addHeaders(FieldId.newBuilder().setName("AGE").build())
        .addHeaders(FieldId.newBuilder().setName("PATIENT").build())
        .addHeaders(FieldId.newBuilder().setName("HAPPINESS SCORE").build())
        .addHeaders(FieldId.newBuilder().setName("FACTOID").build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("101").build())
            .addValues(Value.newBuilder().setStringValue("Charles Dickens").build())
            .addValues(Value.newBuilder().setStringValue("95").build())
            .addValues(Value.newBuilder().setStringValue(
                "Charles Dickens name was a curse, possibly invented by Shakespeare.").build())
            .build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("22").build())
            .addValues(Value.newBuilder().setStringValue("Jane Austen").build())
            .addValues(Value.newBuilder().setStringValue("21").build())
            .addValues(Value.newBuilder().setStringValue(
                "There are 14 kisses in Jane Austen's novels.").build())
            .build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("55").build())
            .addValues(Value.newBuilder().setStringValue("Mark Twain").build())
            .addValues(Value.newBuilder().setStringValue("75").build())
            .addValues(Value.newBuilder().setStringValue("Mark Twain loved cats.").build())
            .build())
        .build();

    deIdentifyTableInfoTypes(projectId, tableToDeIdentify);
  }

  public static Table deIdentifyTableInfoTypes(String projectId, Table tableToDeIdentify)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify what content you want the service to de-identify.
      ContentItem contentItem = ContentItem.newBuilder().setTable(tableToDeIdentify).build();

      // Specify how the content should be de-identified.
      // Select type of info to be replaced.
      InfoType infoType = InfoType.newBuilder().setName("PERSON_NAME").build();
      // Specify that findings should be replaced with corresponding info type name.
      ReplaceWithInfoTypeConfig replaceWithInfoTypeConfig =
          ReplaceWithInfoTypeConfig.getDefaultInstance();
      PrimitiveTransformation primitiveTransformation = PrimitiveTransformation.newBuilder()
          .setReplaceWithInfoTypeConfig(replaceWithInfoTypeConfig).build();
      // Associate info type with the replacement strategy
      InfoTypeTransformation infoTypeTransformation =
          InfoTypeTransformation.newBuilder()
              .addInfoTypes(infoType)
              .setPrimitiveTransformation(primitiveTransformation)
              .build();
      InfoTypeTransformations infoTypeTransformations =
          InfoTypeTransformations.newBuilder()
              .addTransformations(infoTypeTransformation)
              .build();

      // Specify fields to be de-identified.
      List<FieldId> fieldIds = Stream.of("PATIENT", "FACTOID")
          .map(id -> FieldId.newBuilder().setName(id).build())
          .collect(Collectors.toList());

      // Associate the de-identification and conditions with the specified field.
      FieldTransformation fieldTransformation =
          FieldTransformation.newBuilder()
              .setInfoTypeTransformations(infoTypeTransformations)
              .addAllFields(fieldIds)
              .build();
      RecordTransformations transformations =
          RecordTransformations.newBuilder().addFieldTransformations(fieldTransformation).build();

      DeidentifyConfig deidentifyConfig =
          DeidentifyConfig.newBuilder().setRecordTransformations(transformations).build();

      // Combine configurations into a request for the service.
      DeidentifyContentRequest request =
          DeidentifyContentRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setItem(contentItem)
              .setDeidentifyConfig(deidentifyConfig)
              .build();

      // Send the request and receive response from the service.
      DeidentifyContentResponse response = dlp.deidentifyContent(request);

      // Print the results.
      System.out.println(
          "Table after de-identification: " + response.getItem().getTable());

      return response.getItem().getTable();
    }
  }
}

Exemplo das APIs Explorer

"deidentifyConfig":{
  "recordTransformations":{
    "fieldTransformations":[
      {
        "infoTypeTransformations":{
          "transformations":[
            {
              "infoTypes":[
                {
                  "name":"PERSON_NAME"
                }
              ],
              "primitiveTransformation":{
                "replaceWithInfoTypeConfig":{

                }
              }
            }
          ]
        },
        "fields":[
          {
            "name":"PATIENT"
          },
          {
            "name":"FACTOID"
          }
        ]
      }
    ]
  }
}

Suprimir uma linha com base no conteúdo de uma coluna

É possível remover uma linha totalmente com base no conteúdo que aparece em qualquer coluna. Este exemplo suprime o registro de "Charles Dickens", já que esse paciente tem mais de 89 anos.

Entrada Tabela transformada
IDADE PACIENTE ÍNDICE DE FELICIDADE
101 Charles Dickens 95
22 Jane Austen 21
55 Mark Twain 75
IDADE PACIENTE ÍNDICE DE FELICIDADE
22 Jane Austen 21
55 Mark Twain 75

Java


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.FieldId;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.RecordCondition;
import com.google.privacy.dlp.v2.RecordCondition.Condition;
import com.google.privacy.dlp.v2.RecordCondition.Conditions;
import com.google.privacy.dlp.v2.RecordCondition.Expressions;
import com.google.privacy.dlp.v2.RecordSuppression;
import com.google.privacy.dlp.v2.RecordTransformations;
import com.google.privacy.dlp.v2.RelationalOperator;
import com.google.privacy.dlp.v2.Table;
import com.google.privacy.dlp.v2.Table.Row;
import com.google.privacy.dlp.v2.Value;
import java.io.IOException;

public class DeIdentifyTableRowSuppress {

  public static void deIdentifyTableRowSuppress() throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    Table tableToDeIdentify = Table.newBuilder()
        .addHeaders(FieldId.newBuilder().setName("AGE").build())
        .addHeaders(FieldId.newBuilder().setName("PATIENT").build())
        .addHeaders(FieldId.newBuilder().setName("HAPPINESS SCORE").build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("101").build())
            .addValues(Value.newBuilder().setStringValue("Charles Dickens").build())
            .addValues(Value.newBuilder().setStringValue("95").build())
            .build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("22").build())
            .addValues(Value.newBuilder().setStringValue("Jane Austen").build())
            .addValues(Value.newBuilder().setStringValue("21").build())
            .build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("55").build())
            .addValues(Value.newBuilder().setStringValue("Mark Twain").build())
            .addValues(Value.newBuilder().setStringValue("75").build())
            .build())
        .build();

    deIdentifyTableRowSuppress(projectId, tableToDeIdentify);
  }

  public static Table deIdentifyTableRowSuppress(String projectId, Table tableToDeIdentify)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify what content you want the service to de-identify.
      ContentItem contentItem = ContentItem.newBuilder().setTable(tableToDeIdentify).build();

      // Specify when the content should be de-identified.
      Condition condition = Condition.newBuilder()
          .setField(FieldId.newBuilder().setName("AGE").build())
          .setOperator(RelationalOperator.GREATER_THAN)
          .setValue(Value.newBuilder().setIntegerValue(89).build()).build();
      // Apply the condition to record suppression.
      RecordSuppression recordSuppressions =
          RecordSuppression.newBuilder()
              .setCondition(RecordCondition.newBuilder()
                  .setExpressions(Expressions.newBuilder()
                      .setConditions(Conditions.newBuilder().addConditions(condition).build())
                      .build())
                  .build())
              .build();
      // Use record suppression as the only transformation
      RecordTransformations transformations =
          RecordTransformations.newBuilder()
              .addRecordSuppressions(recordSuppressions)
              .build();

      DeidentifyConfig deidentifyConfig =
          DeidentifyConfig.newBuilder().setRecordTransformations(transformations).build();

      // Combine configurations into a request for the service.
      DeidentifyContentRequest request =
          DeidentifyContentRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setItem(contentItem)
              .setDeidentifyConfig(deidentifyConfig)
              .build();

      // Send the request and receive response from the service.
      DeidentifyContentResponse response = dlp.deidentifyContent(request);

      // Print the results.
      System.out.println(
          "Table after de-identification: " + response.getItem().getTable());

      return response.getItem().getTable();
    }
  }
}

Exemplo das APIs Explorer

"deidentifyConfig":{
  "recordTransformations":{
    "recordSuppressions":[
      {
        "condition":{
          "expressions":{
            "conditions":{
              "conditions":[
                {
                  "field":{
                    "name":"AGE"
                  },
                  "operator":"GREATER_THAN",
                  "value":{
                    "integerValue":"89"
                  }
                }
              ]
            }
          }
        }
      }
    ]
  }
}

Transformar as descobertas somente quando condições específicas forem atendidas em outro campo

Neste exemplo, as descobertas de PERSON_NAME só serão editadas se a coluna "IDADE" indicar que o paciente tem mais de 89 anos.

Entrada Tabela transformada
IDADE PACIENTE ÍNDICE DE FELICIDADE FACTOIDE
101 Charles Dickens 95 O nome Charles Dickens era uma maldição e, possivelmente, foi inventado por Shakespeare.
22 Jane Austen 21 Há 14 beijos nos romances de Jane Austen.
55 Mark Twain 75 Mark Twain adorava gatos.
IDADE PACIENTE ÍNDICE DE FELICIDADE FACTOIDE
101 [PERSON_NAME] 95 O nome [PERSON_NAME] era uma maldição e, possivelmente, foi inventado por [PERSON_NAME].
22 Jane Austen 21 Há 14 beijos nos romances de Jane Austen.
55 Mark Twain 75 Mark Twain adorava gatos.

Java


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.FieldId;
import com.google.privacy.dlp.v2.FieldTransformation;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InfoTypeTransformations;
import com.google.privacy.dlp.v2.InfoTypeTransformations.InfoTypeTransformation;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.PrimitiveTransformation;
import com.google.privacy.dlp.v2.RecordCondition;
import com.google.privacy.dlp.v2.RecordCondition.Condition;
import com.google.privacy.dlp.v2.RecordCondition.Conditions;
import com.google.privacy.dlp.v2.RecordCondition.Expressions;
import com.google.privacy.dlp.v2.RecordTransformations;
import com.google.privacy.dlp.v2.RelationalOperator;
import com.google.privacy.dlp.v2.ReplaceWithInfoTypeConfig;
import com.google.privacy.dlp.v2.Table;
import com.google.privacy.dlp.v2.Table.Row;
import com.google.privacy.dlp.v2.Value;
import java.io.IOException;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;

public class DeIdentifyTableConditionInfoTypes {

  public static void deIdentifyTableConditionInfoTypes() throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    Table tableToDeIdentify = Table.newBuilder()
        .addHeaders(FieldId.newBuilder().setName("AGE").build())
        .addHeaders(FieldId.newBuilder().setName("PATIENT").build())
        .addHeaders(FieldId.newBuilder().setName("HAPPINESS SCORE").build())
        .addHeaders(FieldId.newBuilder().setName("FACTOID").build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("101").build())
            .addValues(Value.newBuilder().setStringValue("Charles Dickens").build())
            .addValues(Value.newBuilder().setStringValue("95").build())
            .addValues(Value.newBuilder().setStringValue(
                "Charles Dickens name was a curse, possibly invented by Shakespeare.").build())
            .build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("22").build())
            .addValues(Value.newBuilder().setStringValue("Jane Austen").build())
            .addValues(Value.newBuilder().setStringValue("21").build())
            .addValues(Value.newBuilder().setStringValue(
                "There are 14 kisses in Jane Austen's novels.").build())
            .build())
        .addRows(Row.newBuilder()
            .addValues(Value.newBuilder().setStringValue("55").build())
            .addValues(Value.newBuilder().setStringValue("Mark Twain").build())
            .addValues(Value.newBuilder().setStringValue("75").build())
            .addValues(Value.newBuilder().setStringValue("Mark Twain loved cats.").build())
            .build())
        .build();

    deIdentifyTableConditionInfoTypes(projectId, tableToDeIdentify);
  }

  public static Table deIdentifyTableConditionInfoTypes(String projectId, Table tableToDeIdentify)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify what content you want the service to de-identify.
      ContentItem contentItem = ContentItem.newBuilder().setTable(tableToDeIdentify).build();

      // Specify how the content should be de-identified.
      // Select type of info to be replaced.
      InfoType infoType = InfoType.newBuilder().setName("PERSON_NAME").build();
      // Specify that findings should be replaced with corresponding info type name.
      ReplaceWithInfoTypeConfig replaceWithInfoTypeConfig =
          ReplaceWithInfoTypeConfig.getDefaultInstance();
      PrimitiveTransformation primitiveTransformation = PrimitiveTransformation.newBuilder()
          .setReplaceWithInfoTypeConfig(replaceWithInfoTypeConfig).build();
      // Associate info type with the replacement strategy
      InfoTypeTransformation infoTypeTransformation =
          InfoTypeTransformation.newBuilder()
              .addInfoTypes(infoType)
              .setPrimitiveTransformation(primitiveTransformation)
              .build();
      InfoTypeTransformations infoTypeTransformations =
          InfoTypeTransformations.newBuilder()
              .addTransformations(infoTypeTransformation)
              .build();

      // Specify fields to be de-identified.
      List<FieldId> fieldIds = Stream.of("PATIENT", "FACTOID")
          .map(id -> FieldId.newBuilder().setName(id).build())
          .collect(Collectors.toList());

      // Specify when the above fields should be de-identified.
      Condition condition = Condition.newBuilder()
          .setField(FieldId.newBuilder().setName("AGE").build())
          .setOperator(RelationalOperator.GREATER_THAN)
          .setValue(Value.newBuilder().setIntegerValue(89).build())
          .build();
      // Apply the condition to records
      RecordCondition recordCondition = RecordCondition.newBuilder()
          .setExpressions(Expressions.newBuilder()
              .setConditions(Conditions.newBuilder()
                  .addConditions(condition)
                  .build())
              .build())
          .build();

      // Associate the de-identification and conditions with the specified fields.
      FieldTransformation fieldTransformation =
          FieldTransformation.newBuilder()
              .setInfoTypeTransformations(infoTypeTransformations)
              .addAllFields(fieldIds)
              .setCondition(recordCondition)
              .build();
      RecordTransformations transformations =
          RecordTransformations.newBuilder().addFieldTransformations(fieldTransformation).build();

      DeidentifyConfig deidentifyConfig =
          DeidentifyConfig.newBuilder().setRecordTransformations(transformations).build();

      // Combine configurations into a request for the service.
      DeidentifyContentRequest request =
          DeidentifyContentRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setItem(contentItem)
              .setDeidentifyConfig(deidentifyConfig)
              .build();

      // Send the request and receive response from the service.
      DeidentifyContentResponse response = dlp.deidentifyContent(request);

      // Print the results.
      System.out.println(
          "Table after de-identification: " + response.getItem().getTable());

      return response.getItem().getTable();
    }
  }
}

Exemplo das APIs Explorer

"deidentifyConfig":{
  "recordTransformations":{
    "fieldTransformations":[
      {
        "infoTypeTransformations":{
          "transformations":[
            {
              "infoTypes":[
                {
                  "name":"PERSON_NAME"
                }
              ],
              "primitiveTransformation":{
                "replaceWithInfoTypeConfig":{

                }
              }
            }
          ]
        },
        "fields":[
          {
            "name":"PATIENT"
          },
          {
            "name":"FACTOID"
          }
        ],
        "condition":{
          "expressions":{
            "conditions":{
              "conditions":[
                {
                  "field":{
                    "name":"AGE"
                  },
                  "operator":"GREATER_THAN",
                  "value":{
                    "integerValue":"89"
                  }
                }
              ]
            }
          }
        }
      }
    ]
  }
}

Transformar as descobertas usando uma transformação de hash criptográfico

Os exemplos JSON a seguir usam transformações infoType para instruir a API Cloud DLP a inspecionar toda a estrutura da tabela em busca de infoTypes específicos e, em seguida, criptografar os valores correspondentes usando um CryptoKey temporário.

No exemplo a seguir, demonstramos como desidentificar dois infoTypes usando uma transformação de hash criptográfico.

Entrada:

userid comentários
user1@example.org Meu e-mail é user1@example.org e meu telefone é 858-555-0222
user2@example.org Meu e-mail é user2@example.org e meu telefone é 858-555-0223
user3@example.org Meu e-mail é user3@example.org e meu telefone é 858-555-0224

Tabela transformada:

userid comentários
1kSfj3Op64MH1BiznupEpX0BdQrHMm62X6abgsPH5zM= Meu e-mail é 1kSfj3Op64MH1BiznupEpX0BdQrHMm62X6abgsPH5zM= e meu telefone é hYXPcsJNBCe1rr51sHiVw2KhtoyMe4HEFKNHWFcDVm0=
4ESy7+rEN8NVaUJ6J7kwvcgW8wcm0cm5gbBAcu6SfdM= Meu e-mail é 4ESy7+rEN8NVaUJ6J7kwvcgW8wcm0cm5gbBAcu6SfdM= e meu telefone é KKqW1tQwgvGiC6iWJHhLiz2enNSEFRzhmLOf9fSTxRw=
bu1blyd/mbjLmpF2Rdi6zpgsLatSwpJLVki2fMeudM0= Meu e-mail é bu1blyd/mbjLmpF2Rdi6zpgsLatSwpJLVki2fMeudM0= e meu telefone é eNt7qtZVLmxRb8z8NBR/+z00In07CI3hEMStbwofWoc=

Exemplo das APIs Explorer

{
  "inspectConfig":{
    "infoTypes":[
      {
        "name":"EMAIL_ADDRESS"
      },
      {
        "name":"PHONE_NUMBER"
      }
    ]
  },
  "deidentifyConfig":{
    "infoTypeTransformations":{
      "transformations":[
        {
          "infoTypes":[
            {
              "name":"EMAIL_ADDRESS"
            },
            {
              "name":"PHONE_NUMBER"
            }
          ],
          "primitiveTransformation":{
            "cryptoHashConfig":{
              "cryptoKey":{
                "transient":{
                  "name":"[TRANSIENT-CRYPTO-KEY]"
                }
              }
            }
          }
        }
      ]
    }
  },
  "item":{
    "table":{
      "headers":[
        {
          "name":"userid"
        },
        {
          "name":"comments"
        }
      ],
      "rows":[
        {
          "values":[
            {
              "stringValue":"abby_abernathy@example.org"
            },
            {
              "stringValue":"my email is abby_abernathy@example.org and phone is 858-555-0222"
            }
          ]
        },
        {
          "values":[
            {
              "stringValue":"bert_beauregard@example.org"
            },
            {
              "stringValue":"my email is bert_beauregard@example.org and phone is 858-555-0223"
            }
          ]
        },
        {
          "values":[
            {
              "stringValue":"cathy_crenshaw@example.org"
            },
            {
              "stringValue":"my email is cathy_crenshaw@example.org and phone is 858-555-0224"
            }
          ]
        }
      ]
    }
  }
}

Transformar as descobertas usando duas transformações de hash criptográfico separadas

Neste exemplo, demonstramos como você pode usar chaves criptográficas diferentes em várias transformações dentro de uma única configuração de desidentificação. Em primeiro lugar, uma transformação no campo "userid" é declarada. Essa transformação não inclui nenhuma transformação de infoType. Portanto, o campo "userid" em cada linha é transformado, independentemente do tipo de dado. Em seguida, outra transformação de campo é declarada, agora no campo "comentários".

Entrada:

userid comentários
user1@example.org Meu e-mail é user1@example.org e meu telefone é 858-555-0222
abbyabernathy1 Meu userid é abbyabernathy1 e meu e-mail é aabernathy@example.com

Tabela transformada:

userid comentários
5WvS4+aJtCCwWWG79cmRNamDgyvJ+CkuwNpA2gaR1VQ= Meu e-mail é vjqGLaA6+NUUnZAWXpI72lU1GfwQdOKu7XqWaJPcvQQ= e meu telefone é BY+mSXXTu6mOoX5pr0Xbse60uelsSHmwRCq6HcscKtk=
t0dOmHvkT0VsM++SVmESVKHenLkmhBmFezH3hSDldDg= Meu userid é abbyabernathy1 e meu e-mail é TQ3ancdUn9zgwO5qe6ahkmVrBuNhvlMknxjPjIt0N2w=

Exemplo das APIs Explorer

{
  "inspectConfig":{
    "infoTypes":[
      {
        "name":"EMAIL_ADDRESS"
      },
      {
        "name":"PHONE_NUMBER"
      }
    ]
  },
  "deidentifyConfig":{
    "recordTransformations":{
      "fieldTransformations":[
        {
          "fields":[
            {
              "name":"userid"
            }
          ],
          "primitiveTransformation":{
            "cryptoHashConfig":{
              "cryptoKey":{
                "transient":{
                  "name":"[TRANSIENT-CRYPTO-KEY-1]"
                }
              }
            }
          }
        },
        {
          "fields":[
            {
              "name":"comments"
            }
          ],
          "infoTypeTransformations":{
            "transformations":[
              {
                "infoTypes":[
                  {
                    "name":"PHONE_NUMBER"
                  },
                  {
                    "name":"EMAIL_ADDRESS"
                  }
                ],
                "primitiveTransformation":{
                  "cryptoHashConfig":{
                    "cryptoKey":{
                      "transient":{
                        "name":"[TRANSIENT-CRYPTO-KEY-2]"
                      }
                    }
                  }
                }
              }
            ]
          }
        }
      ]
    }
  },
  "item":{
    "table":{
      "headers":[
        {
          "name":"userid"
        },
        {
          "name":"comments"
        }
      ],
      "rows":[
        {
          "values":[
            {
              "stringValue":"user1@example.org"
            },
            {
              "stringValue":"my email is user1@example.org and phone is 858-333-2222"
            }
          ]
        },
        {
          "values":[
            {
              "stringValue":"abbyabernathy1"
            },
            {
              "stringValue":"my userid is abbyabernathy1 and my email is aabernathy@example.com"
            }
          ]
        }
      ]
    }
  }
}