CN105095447B - A kind of distributed unlimited flow data dissemination method of w event modes difference privacy - Google Patents
A kind of distributed unlimited flow data dissemination method of w event modes difference privacy Download PDFInfo
- Publication number
- CN105095447B CN105095447B CN201510442304.8A CN201510442304A CN105095447B CN 105095447 B CN105095447 B CN 105095447B CN 201510442304 A CN201510442304 A CN 201510442304A CN 105095447 B CN105095447 B CN 105095447B
- Authority
- CN
- China
- Prior art keywords
- data
- user
- privacy
- requester
- safety zone
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Complex Calculations (AREA)
Abstract
The invention discloses a kind of distributed unlimited flow data dissemination method of w event modes difference privacy, and the privacy budget allocation of user is aided in using the function monitoring technology based on method of geometry, realizes privacy budget synchronization distribution between user;The data publication scheme in the present invention is independent of believable data center simultaneously, and the data of all transmission are containing noise data, have higher security.The present invention provides the w event difference privacy distribution schemes of two kinds of high availability, i.e. dBD schemes and dBA schemes, can be according to the characteristics of real data for flexibly selection.
Description
Technical field
The invention belongs to personal secrets data publication technical field, is related to a kind of unlimited flow data dissemination method, especially relates to
A kind of and distributed data dissemination method for meeting w- event mode difference privacies towards unlimited flow data.
Background technology
The development of electronic equipment manufacturing technology is benefited from, people can move intelligence by smart mobile phone, wearable device etc.
Energy equipment more easily obtains the data such as human body physiological parameter, geographical position.According to statistics, to the end of the year 2013, flat board and intelligent hand
Both mobile device whole world total sales volumes for possessing network communicating function of machine are up to 1,200,000,000, and by 2017, the whole world is every
Individual will possess 1.4 mobile devices.These possess high-speed communication ability and the mobile device of powerful sensor expedites the emergence of
The birth of mobile Internet, and the intrinsic life style of people is changed deeply.
In the mobile Internet epoch, people can rapidly, continuously collect data, such as Human Physiology using mobile device
Data, individual track data etc..Rationally using these perception datas can be government decision, enterprise promotes and private customization service
Facility is provided.However, the higher sensitiveness that these information have, the leakage of associated privacy information obtain extensive concern.And with
The trend that modern society is interconnected, information-based to deepen continuously, the risk of this individual privacy leakage increasingly becomes reality.Base
In the worry of this privacy leakage, a series of data publication scheme of secret protections is proposed out.Based on traditional cryptography
Secret protection scheme or pseudonymity ID hide the true ID of user record, or using a series of access control policies come by user
Record shares to particular group of users.Or these methods by it is existing go anonymization attack prove it is very fragile, security is not strong;Will
It is exactly process complexity, is extremely unfavorable for the shared use of flow data, thus practicality is not strong.
And it is safe and practicalization for promoting flow data issue, the data-privacy protection scheme based on k- anonymity models is a large amount of
It is proposed.The basic thought of this kind of scheme is extensive by being carried out to the quasi- indications (quasi-identifier) of record data
(obscure) or interception (suppress) is handled, and the data set indications extensive according to these are divided into several equivalence classes,
So that data are no less than k among each equivalence class.However, due to quantization of the shortage to secret protection degree and to attacker
Understanding for ability is defined, and many privacy leakage risks are still found to have based on the anonymous schemes of k-, need to be constantly for new
The risk of leakage proposes mending option.
Difference privacy (Differential Privacy) model based on probabilistic model is suggested more than reply many
The deficiency of scheme.Influence of the single record data of difference privacy requirement to data set result is small controllable from probability
, and difference privacy model assumption is in worst case, attacker possess except data in itself in addition to all record datas, this
The theoretic attacking ability upper limit of attacker, thus can resist differential attack show to resist it is all known and unknown
Privacy attack.Because difference privacy has the good nature that above-mentioned privacy can quantify, attacking ability can define, it is by widely
It is incorporated into many data publications and inquiry application field.The characteristics of for flow data itself, difference private data distribution scheme root
According to the difference of protection emphasis, the event mode scheme for unlimited flow data and the user type towards limited flow data can be divided into
Scheme.Event mode difference privacy schemes towards unlimited flow data can protect individual event information, and the use of limited flow data
House type difference privacy schemes then focus on the protection to user's Global Information.It should be noted, however, that existing two class is poor
Point privacy distribution scheme can not often meet the application demand of real-time system.This be due to for unlimited flow data event mode it is poor
Divide privacy distribution scheme, do not account for the incidence relation between event in continuous time, cause sensitive data relevance to be revealed;And face
It can not meet the issue need of real-time system due to issuing the limitation of number to the user type difference privacy schemes of limited flow data
Ask.
W- event mode difference privacy (w-event differentialprivacy) is exactly to be suggested under above-mentioned background
's.W- event mode difference privacy distribution schemes are a kind of special event mode schemes, and the program overcomes conventional event type difference
Privacy schemes do not consider the deficiency of incidence relation between event, realize the information protection to any one occurrence in w time windows.In addition,
In mathematical definition, when w levels off to infinity, the program then realizes the user type difference privacy on unlimited flow data.Cause
This w- event mode difference privacy combines the advantage of above two difference privacy schemes, has great theory and application value.
Kellaris etc. proposes two kinds of data publication schemes for meeting w- event mode difference privacies:BD(Budget
Distribution) scheme and BA (Budget Absorption) scheme.Above two scheme is assumed believable in the presence of one
The initial data of user is collected by data center, and after all data of user are collected into, data center is according to set rule
Calculate concurrent cloth and meet w- event mode difference private datas.But existence foundation facility deployment in trust data center is expensive to ask
How topic, and the additional safety hidden danger that can also bring, therefore, remove trust data center, realize w- in a distributed fashion
The issue of event mode difference private data is necessary.
The content of the invention
The problem of existing for prior art, the invention provides a kind of distributed w- event mode difference privacies of meeting
Unlimited flow data dissemination method, is issued suitable for the unlimited flow data personal secrets without trust data center.
The technical solution adopted in the present invention is:A kind of distributed unlimited flow data publisher of w- event modes difference privacy
Method, it is assumed that have m user, respectively u in unlimited flow data delivery system1、……、um(or referred to as user 1 ..., use
Family m).It is assumed that in the presence of a data requester u0, u0It can be communicated with all users;It is characterised in that it includes following steps:
Step 1:Infinite data stream issue initialization, its specific implementation include following sub-step:
Step 1.1:Any user uiSelect a random nonce ei;User uiWillIt is sent to user ui-1And user
ui+1, the generation that g is q rank multiplicative groups G here is first, and q is Big prime;After the information for receiving other users, user uiCalculate two with
The several sons of machineWith
Step 1.2:After user gathers initial data, each user is according to corresponding to the privacy budget amount generation of agreement
Gamma noise, and the noise is added in the initial data of collection;Then, user using its obtained in step 1.1 with
The several sons of machine, random number is generated, the random number is added with the data of the noise containing gamma, and send result to request of data
Person;After data requester is collected into the data of all users, data requester is calculated using its random number seed generation random number
These data and be worth to and issue data first;
Step 1.3:After being issued data first, data requester calculates one to issue data first as the centre of sphere and half
The maximum spherical detection security domain in footpath, and the similarity area monitoring safety zone B (c of each user are obtained based on thisi,
ri), B (c herei,ri) it is that the centre of sphere is ciRadius is riBall, and by it is corresponding monitoring safety zone be sent to each user;
Step 2:The privacy budget allocation of user and similarity area monitoring, its specific implementation include following sub-step:
Step 2.1:User i asks or calculated a corresponding area monitoring safety zone B (c in ti,ri);
Step 2.2:After user i obtains the data of t, user i calculates according to the privacy budget allocation pattern specified
Its corresponding initial data vi(t);Then, user monitors vi(t) whether in area monitoring safety zone B corresponding to the moment
(ci,ri) in;If vi(t) in area monitoring safety zone B (ci,ri) outside, then user i sends an early warning letter to data requester
Number, data requester so that require all users send its add noise after data;Conversely, user i keeps silent, until number
According to its data of requester requests;
Step 2.3:If t user i does not send data to data requester, user i remembers that the privacy at the time point is pre-
Calculation is assigned as 0;If t user i sends data to data requester, user i needs to wait for the final feedback of data requester
As a result;If data requester, which feeds back one, receives signal, user i remembers that the privacy budget allocation at the time point is its respective value;
Conversely, the privacy budget allocation for remembering the time point is 0;Its corresponding area monitoring safety zone is adjusted according to issue result;
Step 3:Data requester issues the flow data for meeting w- event difference privacies, and its specific implementation includes following sub-step
Suddenly:
Step 3.1:If t, data requester does not receive the information from any user, then when data requester remembers this
The issue data at quarter are sky;If t, data requester receives the warning information of any one user, then data requester will
All users are asked to send the noisy data at its moment;
Step 3.2:After receiving all noisy data, data requester calculates the overall similarity size at the moment, judges
Receive or refuse the time data and the result of determination is fed back into user;
Step 3.3:It is that each user calculates newly according to the principle of step 1.3 after new non vacuum data issue is received
Area monitoring safety zone.
Preferably, the privacy budget allocation pattern specified described in step 2.2 includes dBD allocation models and dBA points
With pattern;In described dBD allocation models, the privacy budget allocation of user is realized with proportional ways of distribution;Described dBA points
With in pattern, the privacy budget allocation of user is realized in a manner of absorbing empty data-privacy budget around.
Preferably, the monitoring v described in step 2.2i(t) whether in area monitoring safety zone B corresponding to the moment
(ci,ri) in, its area monitoring safety zone need to ask to data requester, or itself given privacy budget allocation of basis
Regular dynamic adjusts;When dynamic adjusts, it is local detect safety zone the centre of sphere it is constant, radius with privacy budget allocation rule again
Calculate.
Preferably, its corresponding area monitoring safety zone is adjusted according to issue result described in step 2.3, it is specific real
Now process is:If the distance of current data and newest non-NULL issue data is not less than current Laplace noise intensities, request of data
Person receives new non-NULL issue data, and calculates new area monitoring safety zone according to the principle of step 1.3 for each user;
Conversely, data requester issues an empty data, and feed back to user;After user receives feedback, time data issue is reclaimed
Privacy budget, and recalculate the radius of area monitoring safety zone.
The present invention has following contribution:Realize that the distributed w- events difference privacy for unlimited flow data is issued first,
Suggest plans independent of trust data center, there is excellent application value.
Compared with existing difference privacy dissemination method, present invention tool has the advantage that:
1) independent of believable data center, it is easy to dispose, it is easy to spread.
2) add noise process to carry out in user terminal, even if malicious attacker intercepts and captures this information, can not also obtain user
Privacy information, effectively prevent leakage of the data in transmitting procedure, it is safe.
3) number of communications of user and data requester is reduced using function area monitoring technology, communication pressure is small.
4) two kinds of w- event difference privacy distribution schemes with high availability are provided, can be according to the characteristics of real data
Flexibly selection.
Embodiment
For the ease of those of ordinary skill in the art understand and implement the present invention, the present invention is made with reference to embodiment into
The detailed description of one step, it will be appreciated that implementation example described herein is merely to illustrate and explain the present invention, and is not used to limit
The fixed present invention.
Thinking of the present invention is as follows:
When design meets the distribution infinitely flow data distribution scheme of w- event difference privacies, it is necessary between different user
The synchronization distribution of privacy budget.To realize, privacy budget synchronizes distribution between user, and present invention employs distributed traffic
Function monitoring technology, the purpose of prediction data overall similarity is reached using the area monitoring of user's independence.When a certain user supervises
It is too low to measure its local similarity, the user will send a pre-warning signal to data requester, data requester and then will
Ask all users to send it and add the data after noise;Data requester is sentenced further according to the similarity degree of data after addition noise
The disconnected data for whether using the moment.After data requester makes a policy to the data at the moment, data requester is to all
User sends a True or False signal with the privacy budget allocation progress of synchronous all users.It is noted that the side of the present invention
The data that user is sent to data requester in method are to add the data after noise, thus do not require that data requester is here can
Letter.
Assume there is m user, respectively u in unlimited flow data delivery system in the system model of the present invention1,……,um
(or referred to as user 1 ..., user m).Current invention assumes that in the presence of a data requester u0, u0It can lead to all users
Letter.Here data requester can be user's a member therein or be third party entity outside user.The present invention
Middle to assume that all participants are half believable, i.e., the execution agreement that participant can be loyal can still be inferred by result of calculation
Other users data;Current invention assumes that any user i can collect the data D of a vector form in fixed time period ti
(t), D herei(t)=(di,t[1],……,di,t[k]), each of which row represent an event.Note belongs to user in the present invention
I unlimited flow data is Si=(Di(1),Di(2) ... ...), and make the user can be before the data flow that t accesses it
Sew Si(t)=(Di(1),Di(2),……,Di(t)).Assuming that the generation member that G is q rank multiplicative groups G, q is Big prime here.It is given birth to
Possessed into first g by participant all in system.Also, it is assumed that all participants share a random number generation function F
(x, k), k is the seed of the random number generation function here.
The present invention realizes the w- event difference privacy issue of unlimited flow data in distributed environment.Providing, w- events are poor
Before dividing the definition of privacy, the present invention first introduces following guide's concept.
1 (closing on data set) is defined for two datasets D (t) and D (t) ', if D (t) ' can by increasing or
Reduce data line and obtain D (t), then present invention D (t) and D (t) ' is referred to as to close on data set.
Define 2 (w- closes on data set) and assume that w is a positive integer.For two data streams prefix S (t), S (t) ', such as
Fruit:
(i) for any i ∈ [t], if D (i) ≠ D (i) ', D (i), D (i) ' is to close on data set;
(ii) for arbitrarily meeting i1<i2,D(i1)≠D(i1) ' and D (i2)≠D(i2) ' D (i1),D(i2),D
(i1)′,D(i2The i of) ', then2-i1+1≤w。
There is above-mentioned two basic conception, the privacy protection goal that the present invention intends realizing is presented below:W- event difference
Privacy:
Define 3 (w- event difference privacies) and assume that mechanism M input is the data flow prefix of a random length, and assumeFor mechanismBe possible to output set.If for allAnd t, and all w- close on data set S (t),
S (t) ', haveTitle mechanism M so of the present invention meets w- event difference privacies.
In w- event difference privacies, sensitive data is issued in the form of finite data stream in w time windows, therefore, opponent
Sensitive information can not be speculated by monitoring the issue data in continuous time section.Under ordinary meaning, w- event difference privacy needs
Consider following two key elements:Subsequence for random length in S (t) for w,
(1) at most ε privacy budget is distributed;
(2) privacy budget allocation must be according to the actual conditions of the subsequence.
Laplce's (hereinafter referred to as " Laplace ") mechanism and index mechanism are foundation machines mostly important in difference privacy
System.The present invention will illustrate the particular content of both mechanism below.
Laplace mechanism realizes difference privacy by adding the noise of obedience Laplace distributions for initial data.Can be with
Prove, the Laplace noise takeovers that the influence of any individual element will be added.The present invention will provide saying for formalization below
It is bright.
Define 4 (global susceptibilitys):One query function Q:D→RdLk- global susceptibility is:
Δk(Q)=maxi||Q(D(i))-Q(D(i)′)||k
Wherein, D is database collection, and D (i), D (i) ' are to close on data set.Lk- global susceptibility Δk(Q) one is represented
Maximum change caused by discrepancy of the data in database collection in arbitrary data storehouse.Obviously, this be noise the upper bound, and such as
Fruit issues data all with Δ every timek(Q) it is with reference to addition noise sound, then all data can be hidden.Therefore,
How should to be added for noise under this upper bound, Laplace mechanism, which gives, quantifies controllable scheme.
Define 5 (Laplace mechanism):Give the query function Q that any global susceptibility is Δ (Q):D→Rd, it is random to calculate
Method M (D)=Q (D)+Y meets ε-difference privacy, if Y is adopted at random from Laplace distribution Lap (x | b), b=Δs (Q)/ε
Sample is got.Wherein:
In addition, laplacian distribution also has following critical nature:
Property 1:Assuming that Lap (b) is to be distributed according to LaplaceThe stochastic variable of selection, then
Lap (b) can wirelessly be decomposed into following form:Wherein n is integer not less than 1, G
(n, b) and G ' (n, b) independent same distribution are in gamma distribution g (x, n, b).Here gamma is distributed
Γ (1/n) is value of the gamma function at 1/n.
Laplce's mechanism is directed to the issue of numeric type result, for nonumeric type Query Result, how to meet difference
Divide privacy definition, issue a statistical result, index mechanism gives one and quantifies controllable scheme.Index mechanism first defines
One utility function q:Final output r ∈ R, and the susceptibility of utility function is defined as:
Δ1(q)=maxi,o‖q(D(i),O)-Q(D(i)′,O)‖1
Its meaning directly perceived is still the maximum effect for changing any one input record in arbitrary data storehouse to effectiveness.Herein
On the basis of, index mechanism is defined as foloows:
Define 6 (index mechanism):If a mechanism M is to be proportional to probabilitySelected from output set R
R ∈ R outputs are selected, then mechanism M is referred to as ε-difference privacy index mechanism.
Index mechanism can be defeated in a manner of difference privacy by nonumeric type result according to each of which value of utility size
Go out.
Distributive function monitoring is an important technology for realizing distributed w- events difference privacy.Geometry monitoring method is many
More important one kind in polygamma function monitoring technology.It is described in detail below in distributed system and realizes function using method of geometry
The technology of monitoring.
Assuming that each user u in a distributed systemiA d dimensional vectors v is produced in moment ti(t), v herei
(t) it is referred to as partial statistics vector.In system, the purpose of data requester is to obtain the aggregated vector of all m users of t
(global statistics vector) va(t), wherein va(t) it is the sum of all partial statistics vector.In Geometry monitoring method, to bulk polymerization
Vector va(t) monitoring problem is converted into the problem of its partial statistics vector of the monitoring of each user's independence.To realize user
Independent monitoring its partial statistics vector, each user need to obtain its corresponding area monitoring's security domain.Here part
Monitoring security domain needs to meet condition:When local statistical vector is in its corresponding area monitoring safety zone, current time
Bulk polymerization vectorial (that is, finally issuing result) can be substituted by non-NULL issue data newest before this moment.To be simple
For the sake of, area monitoring's security domain that any user i is assumed in the present invention is that a centre of sphere is ciRadius is riSpheric region B
(ci,ri).In the initial period, data requester is in t0Moment calculates initial polymerization vector va(0).Then, data requester utilizes
Method of geometry obtains the overall feasible zone B (c, r) of an optimization so thatHereFor t
Function Q is relative to threshold value T feasible zone, i.e., Obtaining Integral ball
After shape feasible zone B (c, r), data requester calculates the area monitoring security domain B (c for being subordinated to user i at the corresponding momenti, r/m),
Wherein ci=vi(0).The spheric region calculated by this way ensure that partial statistics vector can be away from zone boundary, then
It ensure that the spheric region can regard area monitoring safety zone.For specific, the present invention has following theorems:
Theorem 1:Assuming thatFor t0Moment function Q and makes v relative to threshold value T feasible zonea(t0) it is t0+ 1 moment
Before newest non-NULL issue data.Assume using c to be that spheric region Bs (c, r) of the centre of sphere r as radius meets againGive a series of area monitoring safety zone B (ci, r/m), wherein i=1 ..., m, ci=vi(t0), if
For each user i, there is vi(t0+1)∈B(ci, r/m), then
In the present invention, threshold value T can be changed over time, therefore area monitoring's security domain of user needs dynamic to adjust.With
Similarly, the present invention has theorem 1:
Property 2:Assuming thatFor t0Moment function Q and makes v relative to threshold value T feasible zonea(t0) for t it
Preceding newest non-NULL issue data.Assume using c to be that spheric region Bs (c, r) of the centre of sphere r as radius meets againGive a series of area monitoring safety zone B (ci, r/m), wherein i=1 ..., m, ci=vi(t0), if
For each user i, there is vi(t)∈B(ci, r/m+s/m), then
In t, once some user monitors that its partial statistics vector falls area monitoring's safety at the moment
Outside region, user will send a pre-warning signal to data requester.Then, data requester requires that all users send it
Noisy data simultaneously carry out whole monitoring judgement after all data are collected into.
In order on the premise of independent of trust data center, realize the unlimited flow data issue of w- event difference privacies, this
Invention has used the function monitoring method based on method of geometry.Specifically, first, data collector collects containing for each user
Make an uproar initial local statistical vector, calculate and issue initial global statistics vector and distribute area monitoring's peace for each user
It is region-wide;User judges its issued state according to its area monitoring safety zone, if user monitors pre-warning signal or received
The data sending request of data collector, then user send its noisy partial statistics vector to data collector;Then, Yong Hugen
According to the feedback information of data collector or itself judge, update its area monitoring safety zone;For data collector, if receiving
Collection person does not receive any data, then data requester issues a null data;If it is useful that time data gatherer receives institute
The noisy data at family, then data requester calculate the overall similarity size at the moment, judge to receive or refuse the moment number
User is fed back to according to and by the result of determination.According to the difference of privacy budget allocation method, the present invention proposes dBD
(distributed Budget DIstribution) and dBA (distributed Budget ABsorption) two kinds of distributions
Formula w- difference private data distribution schemes.
Convenient for statement, the present invention remembers global susceptibility Δ1(Q)=Δ and Δs2(Q)=Δ '.The present invention will be carried below
The two schemes gone out are described in detail.
(1) dBD schemes
DBD schemes are mainly comprising three dBD initialization, dBD partial estimations, dBD data publications parts.It will be situated between successively below
Continue the concrete technical schemes of three parts.
(1.1) dBD is initialized
The main purpose of dBD initialization is to calculate initial release data and distribute area monitoring place of safety for each user
Domain.The part includes user's initialization and data requester initializes two parts, and its concrete technical scheme is as shown in algorithm 1:
Algorithm 1:DBD is initialized
(a) user i is initialized
Input:
Si(0)-initial input flow data
Q-counting function
ε-privacy parameters
M-total number of users
Step 1:Select a random nonce ei, calculateAnd it is sent to user i-1 and user i+1;
Step 2:After the information for receiving other users, two random number seeds are calculatedWith
Step 3:Make primary data issue privacy budget ε0,2=ε/4;
Step 4:Choose gamma noise ni(0,1)=<G(m,4Δ/ε)>dAnd ni(0,2)=<G′(m,4Δ/ε)>d;
Step 5:Utilize two random number seed ki,i-1And ki,i+1, generate one group of random number ni(0,3)=<F(ki,i-1)>d
And ni(0,4)=<F(ki,i+1)>d;
Step 6:Calculate oi(0)=Q (Si(0))+ni(0,1)-ni(0,2), and by noisy data Mi(0)=oi(0)+ni
(0,3)-ni(0,4) it is sent to data requester;
(b) data requester initializes
Input:
ε-privacy parameters
M-total number of users
Step 1:Select a random nonce ei, calculateAnd it is sent to user 1 and user m;
Step 2:After the information for receiving other users, two random number seeds are calculated With
Step 3:Its initial noisy data M is asked to all usersi(0);
Step 4:Utilize two random number seed k0,1And k0,m, generate one group of random number n0(0,3)=<F(k0,1)>dAnd n0
(0,4)=<F(k0,m)>d;
Step 5:CalculateAnd by O0Receive to issue result for primary data;
Step 6:Calculate remaining privacy budget εrm=ε/2- ε0=ε/4 simultaneously make monitoring threshold T=(2 Δ ')/(εrm);
Step 7:Calculate c, r ← argmaxc,r(Vol (B (c, r))) causesAnd O0∈B(c,r);
Step 8:The radius r/m of area monitoring safety zone is sent to each user i;
(1.2) dBD partial estimations
The main purpose of dBD partial estimations is that user calculates the budget of data publication privacy and utilizes area monitoring safety zone
Realize similarity early warning.The concrete technical scheme of the part is as shown in algorithm 2:
Algorithm 2:DBD partial estimations
Input:
Si- partial statistics vector prefix
Q-counting function
ε-privacy parameters
W-time window length
B(ci,ri)-area monitoring safety zone
For each round t do
Step 1:Obtain area monitoring safety zone radius ri;
Step 2:In issue result (o1,...,ot-1) in the newest non-null issue data o of positioningl;And make its area monitoring
Safety zone B (ci,ri) the centre of sphere be ci=ol;
Step 3:Calculate partial statistics vector vi(t)=Q (Si(t)) and θ=Laplace ((4w Δs ')/ε) is chosen;
Step 4:Calculate remaining privacy budget
Step 5:Calculate B (ci, r ') and=B (ci,ri+θ),ε);
Step 6:Order
Step 7:Choose ui(t) obey and be uniformly distributed
Step 8:IfTrue is then returned, otherwise returns to false;
Step 9:If steps 6 returning result is false;
Step 10:Make εtmp=εrm/ 2, and choose gamma noise ni(t, 1)=<G(m,Δ/εtmp)>dAnd ni(t, 2)=<G′
(m,Δ/εtmp)>d;
Step 11:Utilize two random number seed ki,i-1And ki,i+1, generate one group of random number ni(t, 3)=<F(ki,i-1)>d
And ni(t, 4)=<F(ki,i+1)>d;
Step 12:Calculate noisy partial statistics vector oi(t)=Q (Si(t))+ni(t,1)-ni(t,2);
Step 13:A local pre-warning signal is sent to data requester and by Mi(t)=oi(t)+ni(t,3)-ni(t,
4) it is sent to data requester;
Step 14:Else keeps silent and makes εt,2=0, oi(t)=null;
Step 15:end if;
Step 16:If receives the data-collection command of data requester issue;
Step 17:Perform step 10 to 12 and by result of calculation Mi(t)=oi(t)+ni(t,3)-ni(t, 4) is sent to number
According to requestor;
Step 18:end if;
Step 19:If receives the too low confirmation signal of overall similarity of data requester issue;
Step 20:A new area monitoring safety zone B (c is asked to data requesteri,ri) and make εt,2=εtmp,ci
(t)=oi(t);
Step 21:Else makes εt,2=0, oi(t)=null;
Step 22:end if;
Step 23:if oi(t) the existing area monitoring safety zone B (c of=null, then adaptive adjustmenti,ri) be
Step 24:end if;
End for;
(1.3) dBD data publications scheme
The main purpose of dBD data publications is that data requester is calculated data publication result, confirmed using overall similarity
Area monitoring's early warning result and redistribute area monitoring safety zone.The concrete technical scheme of the part is as shown in algorithm 3:
Algorithm 3:DBD data publications
Input:
ε-privacy parameters
W-time window length
For each round tdo
Step 1:If any users of if having sent a local pre-warning signal then in t;
Step 2:In issue result (O1,...,Ot-1) in the newest non-null issue data O of positioningl;
Step 3:Utilize two random number seed k0,1And k0,m, generate one group of random number n0(t, 3)=<F(k0,1)>dAnd n0
(t, 4)=<F(k0,m)>d;
Step 4:It is required that all users send the noisy partial statistics vector M at the momenti(t) and calculate
Step 5:Calculate remaining privacy budgetAnd make T=(2 Δ ')/(εrm);
Step 6:if‖Ot-Ol‖2The too low confirmation signal of >=T, then issue overall similarity simultaneously receives OtTo be newest non-
Null issues result;
Step 7:Make εt,2=εrm/ 2 and calculateT1=(2 Δ ')/(εr);
Step 8:Calculate c, r ← argmaxc,r(Vol (B (c, r))) causesAnd Ot∈B(c,r);
Step 9:The radius r/m of area monitoring safety zone is sent to each user i;
Step 10:end if;
End for
(2) dBA schemes
Similar with dBD schemes, dBA schemes are mainly comprising three dBA initialization, dBA partial estimations, dBA data publications portions
Point.The concrete technical scheme of three parts will be introduced successively below.
(2.1) dBA is initialized
The main purpose of dBA initialization is to calculate initial release data and distribute its area monitoring safety for each user
Region.The part includes user's initialization and data requester initializes two parts, and its concrete technical scheme is as shown in algorithm 4:
Algorithm 4:DBA is initialized
(a) user initializes
Input:
Si(0)-initial input flow data
Q-counting function
ε-privacy parameters
M-total number of users
Step 1:Select a random nonce ei, calculateAnd it is sent to user i-1 and user i+1;
Step 2:After the information for receiving other users, two random number seeds are calculatedWith
Step 3:Make primary data issue privacy budget ε0,2=ε/2w;
Step 4:Choose gamma noise ni(0,1)=<G(m,2wΔ/ε)>dAnd ni(0,2)=<G′(m,2wΔ/ε)>d;
Step 5:Utilize two random number seed ki,i-1And ki,i+1, generate one group of random number ni(0,3)=<F(ki,i-1)>d
And ni(0,4)=<F(ki,i+1)>d;
Step 6:Calculate oi(0)=Q (Si(0))+ni(0,1)-ni(0,2), and by noisy data Mi(0)=oi(0)+ni
(0,3)-ni(0,4) it is sent to data requester;
(b) data requester initializes
Input:
ε-privacy parameters
M-total number of users
Step 1:Select a random nonce ri, calculateAnd it is sent to user 1 and user m;
Step 2:After the information for receiving other users, two random number seeds are calculatedWith
Step 3:Its initial noisy data M is asked to all usersi(0);
Step 4:Utilize two random number seed k0,1And k0,m, generate one group of random number n0(0,3)=<F(k0,1)>dAnd n0
(0,4)=<F(k0,m)>d;
Step 5:CalculateAnd by O0Receive to issue result for primary data;
Step 6:Make εab=ε/2w simultaneously calculates monitoring threshold T=(2 Δ ')/(εab);
Step 7:Calculate c, r ← argmaxc,r(Vol (B (c, r))) causesAnd O0∈B(c,r);
Step 8:The radius r/m of area monitoring safety zone is sent to each user i;
(2.2) dBA partial estimations
The main purpose of dBA partial estimations is that user calculates the budget of data publication privacy and utilizes area monitoring safety zone
Realize similarity early warning.The concrete technical scheme of the part is as shown in algorithm 5:
Algorithm 5:DBA partial estimations
Input:
Si- partial statistics vector prefix
Q-counting function
ε-privacy parameters
W-time window length
B(ci,ri)-area monitoring safety zone
For each round tdo
Step 1:Obtain area monitoring safety zone radius ri;
Step 2:In issue result (o1,...,ot-1) in the newest non-null issue data o of positioningl;And make its area monitoring
Safety zone B (ci,ri) the centre of sphere be ci=ol;
Step 3:Calculate ba_length=2w εl,2/ε-1;
Step 4:ift>l+ba_lengththen;
Step 5:Calculate partial statistics vector vi(t)=Q (Si(t)) and θ=Laplace ((4w Δs ')/ε) is chosen;
Step 6:Calculate B (ci, r ') and=B (ci,ri+θ),ε);
Step 7:Order
Step 8:Choose ui(t) obey and be uniformly distributed
Step 9:IfTrue is then returned, otherwise returns to false;
Step 10:If steps 6 returning result is false;
Step 11:Make εtmp=ε/2wmin (t-l+ba_length, w) simultaneously chooses gamma noise ni(t, 1)=<G(m,
Δ/εtmp)>dAnd ni(t, 2)=<G′(m,Δ/εtmp)>d;
Step 12:Utilize two random number seed ki,i-1And ki,i+1, generate one group of random number ni(t, 3)=<F(ki,i-1)>d
And ni(t, 4)=<F(ki,i+1)>d;
Step 13:Calculate noisy partial statistics vector oi(t)=Q (Si(t))+ni(t,1)-ni(t,2)+ni(t,3)-ni
(t,4);Step 14:A local pre-warning signal is sent to data requester and by Mi(t)=oi(t)+ni(t,3)-ni(t,4)
It is sent to data requester;
Step 15:Else keeps silent and makes εt,2=0, oi(t)=null;
Step 16:end if;
Step 17:If receives the data-collection command of data requester issue;
Step 18:Perform step 11 to 13 and by result of calculation Mi(t)=oi(t)+ni(t,3)-ni(t, 4) is sent to number
According to requestor;
Step 19:end if;
Step 20:If receives the too low confirmation signal of overall similarity of data requester issue;
Step 21:A new area monitoring safety zone B (c is asked to data requesteri,ri) and make
εt,2=εtmp,ci(t)=oi(t);
Step 22:Else makes εt,2=0, oi(t)=null;
Step 23:end if;
Step 24:if oi(t)=null and 0<T-l+ba_length≤w, then adaptive adjustment current situation portion prison
Survey safety zone B (ci,ri) be
Step 25:end if;
End for;
(2.3) dBA data publications scheme
The main purpose of dBA data publications is that data requester is calculated data publication result, confirmed using overall similarity
Area monitoring's early warning result and redistribute area monitoring safety zone.The concrete technical scheme of the part is as shown in algorithm 6:
Algorithm 6:DBA data publications
Input:
ε-privacy parameters
W-time window length
For each round tdo
For each round tdo
Step 1:If any users of if having sent a local pre-warning signal then in t;
Step 2:In issue result (O1,...,Ot-1) in the newest non-null issue data O of positioningl;
Step 3:Utilize two random number seed k0,1And k0,m, generate one group of random number n0(t, 3)=<F(k0,1)>dAnd n0
(t, 4)=<F(k0,m)>d;
Step 4:It is required that all users send the noisy partial statistics vector M at the momenti(t) and calculate
Step 5:Calculate ba_length=2w εl,2/ ε -1, makes εtmp=ε/2wmin (t-l+ba_length, w) and T=
Δ′/εtmp;
Step 6:if‖Ot-Ol‖2The too low confirmation signal of >=T, then issue overall similarity simultaneously receives OtTo be newest non-
Null issues result;
Step 7:Make εab=ε/2w simultaneously calculates monitoring threshold T1=(2 Δ ')/(εab);
Step 8:Calculate c, r ← argmaxc,r(Vol (B (c, r))) causesAnd Ot∈B(c,r);
Step 9:The radius r/m of area monitoring safety zone is sent to each user i;
Step 10:end if;
End for
Based on above-mentioned technical know-how basis, a kind of unlimited flow data of distributed w- event modes difference privacy provided by the invention
Dissemination method, comprise the following steps:
Step 1:Infinite data stream issue initialization, its specific implementation include following sub-step:
Step 1.1:Any user uiSelect a random nonce ei;User uiWillIt is sent to user ui-1And user
ui+1, the generation that g is q rank multiplicative groups G here is first, and q is Big prime;After the information for receiving other users, user uiCalculate two with
The several sons of machineWith
Step 1.2:After user gathers initial data, each user is according to corresponding to the privacy budget amount generation of agreement
Gamma noise, and the noise is added in the initial data of collection;Then, user using its obtained in step 1.1 with
The several sons of machine, random number is generated, the random number is added with the data of the noise containing gamma, and send result to request of data
Person;After data requester is collected into the data of all users, data requester is calculated using its random number seed generation random number
These data and be worth to and issue data first;
Step 1.3:After being issued data first, data requester calculates one to issue data first as the centre of sphere and half
The maximum spherical detection security domain in footpath, and the similarity area monitoring safety zone B (c of each user are obtained based on thisi,
ri), B (c herei,ri) it is that the centre of sphere is ciRadius is riBall, and by it is corresponding monitoring safety zone be sent to each user;
Step 2:The privacy budget allocation of user and similarity area monitoring, its specific implementation include following sub-step:
Step 2.1:User i asks or calculated a corresponding area monitoring safety zone B (c in ti,ri);
Step 2.2:After user i obtains the data of t, user i calculates according to the privacy budget allocation pattern specified
Its corresponding initial data vi(t);Then, user monitors vi(t) whether in area monitoring safety zone B corresponding to the moment
(ci,ri) in;If vi(t) in area monitoring safety zone B (ci,ri) outside, then user i sends an early warning letter to data requester
Number, data requester so that require all users send its add noise after data;Conversely, user i keeps silent, until number
According to its data of requester requests;Monitor vi(t) whether in area monitoring safety zone B (c corresponding to the momenti,ri) in, its office
Portion monitoring safety zone need to be asked to data requester, or itself is adjusted according to given privacy budget allocation rule dynamic;
When dynamic adjusts, the centre of sphere of local detection safety zone is constant, and radius recalculates with privacy budget allocation rule.
Step 2.3:If t user i does not send data to data requester, user i remembers that the privacy at the time point is pre-
Calculation is assigned as 0;If t user i sends data to data requester, user i needs to wait for the final feedback of data requester
As a result;If data requester, which feeds back one, receives signal, user i remembers that the privacy budget allocation at the time point is its respective value;
Conversely, the privacy budget allocation for remembering the time point is 0;Its corresponding area monitoring safety zone is adjusted according to issue result, specifically
Implementation process is:If the distance of current data and newest non-NULL issue data is not less than current Laplace noise intensities, data please
The person of asking receives new non-NULL issue data, and calculates new area monitoring place of safety according to the principle of step 1.3 for each user
Domain;Conversely, data requester issues an empty data, and feed back to user;After user receives feedback, time data hair is reclaimed
Cloth privacy budget, and recalculate the radius of area monitoring safety zone.
Step 3:Data requester issues the flow data for meeting w- event difference privacies, and its specific implementation includes following sub-step
Suddenly:
Step 3.1:If t, data requester does not receive the information from any user, then when data requester remembers this
The issue data at quarter are sky;If t, data requester receives the warning information of any one user, then data requester will
All users are asked to send the noisy data at its moment;
Step 3.2:After receiving all noisy data, data requester calculates the overall similarity size at the moment, judges
Receive or refuse the time data and the result of determination is fed back into user;
Step 3.3:It is that each user calculates newly according to the principle of step 1.3 after new non vacuum data issue is received
Area monitoring safety zone.
The solution of the present invention is further elaborated below in conjunction with specific embodiment.
Infectious disease refers to be infectious caused by after cause pathogeny imcrobe infection human body, can cause prevalence under certain condition
Disease.At present, New infectious disease continuously emerges in world wide, and old infectious disease also has revivable trend, and infectious disease is still
It is a main public health problem.The early warning ability of disease surveillance system is to tackle infectious disease to occur and popular base
Plinth.SARS's breaks out the deficiency for exposing Chinese disease surveillance system early warning ability and shortage promptness.Realize having time
With the accurate prediction in place, it becomes possible to which control infects the great outburst of disease.Present illness monitoring system is based on clinical diagnosis and reality
Room report is tested, is restricted in terms of the promptness of early warning is improved.It is medical wearable with the development of electronic equipment manufacturing technology
Equipment will necessarily be popularized largely.If user collects its physiological parameter by its wearable device, and is shared to public defend
Raw department or third party research institution, then researcher can be preferably helped to carry out accurate outbreak of disease prediction in time.
The above-mentioned background for this application example.
In the present embodiment, public health department or third party research institution are data requester.Data requester is wished
The data with more high availability are obtained, carry out aided disease outburst prediction.Data requester needs to assist participant to calculate its office
Detect safety zone, and the privacy budget alloments of synchronous all users in portion.
In the present embodiment, participant is the user for possessing physiological parameter sensing equipment.The premise of users to share data is it
Privacy information is protected.User, it is necessary to be added noise treatment to private data, and carries out part in this application example
Function monitors.
In the present embodiment, it is assumed that the sensing equipment of user can be with every 15 minutes one group of physiological parameter (or the shapes for perceiving user
State), for example, the sensor senses of user whether have a fever, whether hyperpiesia, whether cough, whether palmic rate normal, blood glucose
Whether normally this 5 physiological parameters, i.e. Di(t)=(di,t[1],……,di,t[5]);User needs every 1 hour please to data
The person of asking sends one group of data, i.e. partial statistics vector is all D in a houri(t) and value.Initial phase, Yong Huji
Calculate a noisy partial statistics vector Mi(0) and data requester is sent it to.Subsequent data requester issues the moment
Data simultaneously distribute an initial local detection safety zone for user.User utilizes this after local detection safety zone is obtained
Security domain simultaneously combines privacy budget allocation scheme, decides whether to issue the data at the moment.Data requester is receiving use
, it is necessary to calculate the similarity of the time data and newest non vacuum data first after the early warning at family, and made accordingly according to similarity
Decision-making, issue one null value of the time data or issue.If data requester does not receive any information of user, acquiescence should
The issue data at moment are null value.
DBD the and dBA schemes proposed in the present invention all meet w- event difference privacies.This is due to:
(1) each user is consistent in the privacy budget that synchronization distributes and can prove that above-mentioned two scheme exists
The issue privacy budget amount of distribution is no more than ε/2 in w time windows;
(2) for secure topical area monitoring, the privacy budget amount that each step of user is disturbed to safety zone is
ε/(4w), judge the privacy budget amount of consumption as ε/(4w), therefore be used for secure topical area monitoring in w time windows
Privacy budget amount be ε/2;
In summary, dBD and dBA schemes all meet w- event difference privacies.
Error analysis is issued to understand, when data publication number is very big in w time windows, the privacy budget amounts of dBD schemes with
Reduce Deng specific rate, error can be strained mutually greatly, and availability reduces;If data publication number is smaller in w time windows, dBD schemes can
It is preferable with property.It can prove, the issue error of dBD schemes is at least no more than with probability 1-3 δThis
In m be w time windows in issue number.For dBA schemes, the practicality of the program is higher, and availability is stable.This is due to the party
Case carries out data publication by the way of privacy budget absorption, is not in relatively low privacy budget amount.But work as w time windows
When interior data publication number is smaller, there is very its availability of maximum probability to be less than dBD schemes.It can prove, the issue error of dBA schemes
At least it is no more than with probability 1-3 δ Wherein errnlfSent out for sky
Cloth data introduce error, and α counts in advance for the absorbed privacy of issue every time.
It should be appreciated that the part that this specification does not elaborate belongs to prior art.
It should be appreciated that the above-mentioned description for preferred embodiment is more detailed, therefore can not be considered to this
The limitation of invention patent protection scope, one of ordinary skill in the art are not departing from power of the present invention under the enlightenment of the present invention
Profit is required under protected ambit, can also be made replacement or deformation, be each fallen within protection scope of the present invention, this hair
It is bright scope is claimed to be determined by the appended claims.
Claims (4)
1. a kind of distributed unlimited flow data dissemination method of w- event modes difference privacy, it is assumed that have in unlimited flow data delivery system
M user, respectively u1、……、um;It is assumed that in the presence of a data requester u0, u0It can be communicated with all users;Its feature
It is, comprises the following steps:
Step 1:Infinite data stream issue initialization, its specific implementation include following sub-step:
Step 1.1:Any user uiSelect a random nonce ei;User uiWillIt is sent to user ui-1With user ui+1, this
In g be q rank multiplicative groups G generation member, q is Big prime;After the information for receiving other users, user uiCalculating two is random several
SonWith
Step 1.2:After user gathers initial data, each user is according to gamma corresponding to the privacy budget amount generation of agreement
Noise, and the noise is added in the initial data of collection;Then, the random number that user is obtained using it in step 1.1
Seed, random number is generated, the random number is added with the data of the noise containing gamma, and send result to data requester;Number
After the data of all users are collected into according to requestor, data requester calculates these using its random number seed generation random number
Data and be worth to and issue data first;
Step 1.3:After being issued data first, data requester calculate one using issue first data as the centre of sphere and radius most
Big spherical detection security domain, and the similarity area monitoring safety zone B (c of each user are obtained based on thisi,ri), this
In B (ci,ri) it is that the centre of sphere is ciRadius is riBall, and by it is corresponding monitoring safety zone be sent to each user;
Step 2:The privacy budget allocation of user and similarity area monitoring, its specific implementation include following sub-step:
Step 2.1:User i asks or calculated a corresponding area monitoring safety zone B (c in ti,ri);
Step 2.2:After user i obtains the data of t, it is right to calculate its according to the privacy budget allocation pattern specified by user i
The initial data v answeredi(t);Then, user monitors vi(t) whether in area monitoring safety zone B (c corresponding to the momenti,ri)
In;If vi(t) in area monitoring safety zone B (ci,ri) outside, then user i sends a pre-warning signal, number to data requester
According to requestor and then require that all users send its data after adding noise;Conversely, user i keeps silent, until data please
The person of asking asks its data;
Step 2.3:If t user i does not send data to data requester, user i remembers the pre- point counting of the privacy at the time point
With for 0;If t user i sends data to data requester, user i needs to wait for the final feedback result of data requester;
If data requester, which feeds back one, receives signal, user i remembers that the privacy budget allocation at the time point is its respective value;Conversely,
The privacy budget allocation for remembering the time point is 0;Its corresponding area monitoring safety zone is adjusted according to issue result;
Step 3:Data requester issues the flow data for meeting w- event difference privacies, and its specific implementation includes following sub-step:
Step 3.1:If t, data requester does not receive the information from any user, then data requester remembers the moment
Data are issued as sky;If t, data requester receives the warning information of any one user, then data requester requires institute
There are the noisy data that user sends its moment;
Step 3.2:After receiving all noisy data, data requester calculates the overall similarity size at the moment, judges to receive
Or refuse the time data and the result of determination is fed back into user;
Step 3.3:It is that each user calculates new part according to the principle of step 1.3 after new non vacuum data issue is received
Monitor safety zone.
2. the distributed unlimited flow data dissemination method of w- event modes difference privacy according to claim 1, it is characterised in that:
The privacy budget allocation pattern specified described in step 2.2 includes dBD allocation models and dBA allocation models;Described dBD points
With in pattern, the privacy budget allocation of user is realized with proportional ways of distribution;In described dBA allocation models, user's is hidden
Private budget allocation is realized in a manner of absorbing empty data-privacy budget around.
3. the distributed unlimited flow data dissemination method of w- event modes difference privacy according to claim 1, it is characterised in that:
Monitoring v described in step 2.2i(t) whether in area monitoring safety zone B (c corresponding to the momenti,ri) in, it is locally supervised
Surveying safety zone need to be asked to data requester, or itself is adjusted according to given privacy budget allocation rule dynamic;Dynamically
During adjustment, the centre of sphere of local detection safety zone is constant, and radius recalculates with privacy budget allocation rule.
4. the distributed unlimited flow data dissemination method of w- event modes difference privacy according to claim 1, it is characterised in that:
Its corresponding area monitoring safety zone is adjusted according to issue result described in step 2.3, specific implementation process is:If current number
It is not less than current Laplace noise intensities according to the distance with newest non-NULL issue data, data requester receives new non-NULL hair
Cloth data, and calculate new area monitoring safety zone according to the principle of step 1.3 for each user;Conversely, data requester
An empty data are issued, and feed back to user;After user receives feedback, time data issue privacy budget is reclaimed, and again
Calculate the radius of area monitoring safety zone.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510442304.8A CN105095447B (en) | 2015-07-24 | 2015-07-24 | A kind of distributed unlimited flow data dissemination method of w event modes difference privacy |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510442304.8A CN105095447B (en) | 2015-07-24 | 2015-07-24 | A kind of distributed unlimited flow data dissemination method of w event modes difference privacy |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105095447A CN105095447A (en) | 2015-11-25 |
| CN105095447B true CN105095447B (en) | 2018-02-09 |
Family
ID=54575884
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510442304.8A Active CN105095447B (en) | 2015-07-24 | 2015-07-24 | A kind of distributed unlimited flow data dissemination method of w event modes difference privacy |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105095447B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107302521B (en) * | 2017-05-23 | 2021-03-23 | 全球能源互联网研究院有限公司 | Method for sending and receiving user privacy data |
| CN107247909B (en) * | 2017-06-09 | 2020-05-05 | 南京大学 | Differential privacy method for protecting multiple positions in position information service |
| CN107689950B (en) | 2017-06-23 | 2019-01-29 | 平安科技(深圳)有限公司 | Data publication method, apparatus, server and storage medium |
| CN107992769B (en) * | 2017-11-29 | 2021-08-03 | 广西师范大学 | Differential privacy protection method for data stream key mode mining |
| CN109902506B (en) * | 2019-01-08 | 2021-02-26 | 中国科学院软件研究所 | Local differential privacy data sharing method and system with multiple privacy budgets |
| CN110069943B (en) * | 2019-03-29 | 2021-06-22 | 中国电力科学研究院有限公司 | Data processing method and system based on cluster anonymization and differential privacy protection |
| CN111093191B (en) * | 2019-12-11 | 2022-09-23 | 南京邮电大学 | Crowd sensing position data issuing method based on differential privacy |
| CN111988317B (en) * | 2020-08-20 | 2023-03-14 | 郑州昂视信息科技有限公司 | Judgment method and device based on network information analysis result |
| CN113300828B (en) * | 2021-05-27 | 2022-07-05 | 南开大学 | Distributed differential privacy aggregation method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103279499A (en) * | 2013-05-09 | 2013-09-04 | 北京信息科技大学 | User privacy protection method in personalized information retrieval |
| CN103825903A (en) * | 2014-03-06 | 2014-05-28 | 武汉大学 | Safe file sharing method based on mobile social network |
| CN103829444A (en) * | 2012-11-24 | 2014-06-04 | 兴化市苏博企业管理咨询有限公司 | Slippers |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7698250B2 (en) * | 2005-12-16 | 2010-04-13 | Microsoft Corporation | Differential data privacy |
| US9348896B2 (en) * | 2011-12-05 | 2016-05-24 | Visa International Service Association | Dynamic network analytics system |
-
2015
- 2015-07-24 CN CN201510442304.8A patent/CN105095447B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103829444A (en) * | 2012-11-24 | 2014-06-04 | 兴化市苏博企业管理咨询有限公司 | Slippers |
| CN103279499A (en) * | 2013-05-09 | 2013-09-04 | 北京信息科技大学 | User privacy protection method in personalized information retrieval |
| CN103825903A (en) * | 2014-03-06 | 2014-05-28 | 武汉大学 | Safe file sharing method based on mobile social network |
Non-Patent Citations (2)
| Title |
|---|
| Differentially Private Event Sequences over Infinite Streams;Georgios Kellaris 等;《Proceedings of the VLDB Endowment》;20140831;第7卷(第12期);第1155-1166页 * |
| 一种分布式事务数据的差分隐私发布策略;欧阳佳 等;《软件学报》;20150615;第26卷(第6期);第1457-1472页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105095447A (en) | 2015-11-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105095447B (en) | A kind of distributed unlimited flow data dissemination method of w event modes difference privacy | |
| Torre et al. | A framework for personal data protection in the IoT | |
| US11989634B2 (en) | Private federated learning with protection against reconstruction | |
| Xue et al. | A resource-constrained and privacy-preserving edge-computing-enabled clinical decision system: A federated reinforcement learning approach | |
| Domadiya et al. | Privacy preserving distributed association rule mining approach on vertically partitioned healthcare data | |
| EP3420493B1 (en) | Private data aggregation framework for untrusted servers | |
| Krishnan et al. | An efficient Elman neural network classifier with cloud supported internet of things structure for health monitoring system | |
| Cornet et al. | An overview of wireless body area networks for mobile health applications | |
| CN110602145B (en) | Track privacy protection method based on location-based service | |
| Sotnikov et al. | The multi domain infocommunication model as the basis of an auditory interfaces development for multimedia informational systems | |
| Li et al. | A cloaking algorithm based on spatial networks for location privacy | |
| Kumar | A real time health care cyber attack detection using ensemble classifier | |
| Navidan et al. | Hide me behind the noise: Local differential privacy for indoor location privacy | |
| Fei et al. | Fog computing perception mechanism based on throughput rate constraint in intelligent Internet of Things | |
| Yang et al. | Teenager health oriented data security and privacy protection research for smart wearable device | |
| Min et al. | Indoor Semantic Location Privacy Protection with Safe Reinforcement Learning | |
| CN107194185A (en) | A kind of chro-matography and method with secret protection | |
| Salem et al. | A secure telemedicine electronic platform based on lightweight cryptographic approach | |
| Zhang et al. | Privacy preserving anomaly detection based on local density estimation | |
| Zakasovskaya et al. | Information security issues in the distributed information measurement system | |
| Zou et al. | VFLAIR: A Research Library and Benchmark for Vertical Federated Learning | |
| Huang et al. | An adaptive dummy-based mechanism to protect location privacy in smart health care system | |
| Srinivasan et al. | Factual Data Protection Procedure on IoT-Based Customized Medicament Innovations | |
| Jiang et al. | Fog computing perception mechanism based on throughput rate constraint in intelligent Internet of Things | |
| Farooqi et al. | Differential Privacy Based Federated Learning Techniques in IoMT: A Review |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |