4puGzW8N08vYiKdAIZitRdF2T1suLBwMQLFXFAu
commented
3 years ago Q4 ] Regarding de-anonymization, can you please provide link or guide us , about how it can be acheived ?
Closed 4puGzW8N08vYiKdAIZitRdF2T1suLBwMQLFXFAu closed 3 years ago
4puGzW8N08vYiKdAIZitRdF2T1suLBwMQLFXFAu
commented
3 years ago Q4 ] Regarding de-anonymization, can you please provide link or guide us , about how it can be acheived ?
eHK5dcC00peRJzSmBkzpRSXRdBTJxvlzYiuW95S
commented
3 years ago Hi.
The cache table is located in Cassandra (k2masking keyspace). See https://support.k2view.com/Academy_6.5/articles/19_Broadway/actors/07_masking_and_sequence_actors.html.
Please check if the process masks the sensitive data. If the mask flag is set to true, then the mapping between the hashed original value and the masked value is saved in masking_cache table under the k2masking keyspace.
You can populate the maskingID and the useExecutionId parameters to have the same masked values on 2 LUs that belong to the same task. If you want them to have different masked value, then you can set a different masking ID on each LU.
Regarding the diagram- you are correct. I've fixed the diagrams in the GitHub.
Regards, Tali
4puGzW8N08vYiKdAIZitRdF2T1suLBwMQLFXFAu
commented
3 years ago Reopening this Tali. Q4 ] Regarding de-anonymization, can you please provide link or guide us , about how it can be acheived ? https://support.k2view.com/Academy_6.5/articles/26_fabric_security/06_data_masking.html#:~:text=masking%20the%20data.-,De-Anonymization,-(Pseudonymization)
The above link talks about a solution at high level , was wondering if you could provide more details on it.
eHK5dcC00peRJzSmBkzpRSXRdBTJxvlzYiuW95S
commented
3 years ago Hi.
We've suggested 2 high-level approaches for the de-anonymization to get the original value of the masked field:
Keep the source Instance ID in Fabric and use it to retrieve the original data from source system. This is a normal Fabric LU implementation. The original data can be retrieved from the source using a WS.
Keep the encrypted version (each Instance is encrypted separately) of the original values in Fabric only, in addition to the anonymized values. Limit access to the anonymized data only. Only permitted users can access the original values. The LUI can be encrypted. For more information about the LUI encryption, see https://support.k2view.com/Academy_6.5/articles/26_fabric_security/03_fabric_LUI_encryption.html
Hello,
After reviewing information about data masking an de-anonymization we have following questions, Link - https://support.k2view.com/Academy_6.5/articles/26_fabric_security/06_data_masking.html
Q1 ] It says values are checked in Cache table -- Where is this cache table located ?
Q2] When checking the the redis or cassandra k2masking tables during or after migrate, I dont see that it contains the masked before and after values . Is this expected ?
Q3] When two LUs run extract in parallel which contain the same masking actors ( suppose masking actor name is maskssnnew), its observed that masking happens only for one of the two LUs and the other Lus throws errors related to maskssnew actor masking and its entities are not migrated. -- We want to know if there is a process in fabric that creates an exclusive lock on the maskinch cache table for that particular actor , so that other Lus cannot concurrently access the values. Whats the mechanism in this case.
Note - The same diagram is repeated 2 times on the web page.
Regards, Prathamesh