CN105578412A - Position anonymization method based on position service and system - Google Patents
Position anonymization method based on position service and system Download PDFInfo
- Publication number
- CN105578412A CN105578412A CN201510970497.4A CN201510970497A CN105578412A CN 105578412 A CN105578412 A CN 105578412A CN 201510970497 A CN201510970497 A CN 201510970497A CN 105578412 A CN105578412 A CN 105578412A
- Authority
- CN
- China
- Prior art keywords
- anonymous
- mobile subscriber
- service request
- territory
- grid
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a position anonymization method based on position service and a system. The position anonymization method based on position service comprises steps of transmitting a position service request and a current position to a credible center server by a mobile user, performing hiding on the position of the mobile user to obtain an anonymous area which is transmitted to a server providing the position service along with the position service request of the mobile user, performing retrieval to find the result set satisfying the position service request content of the mobile user and transmitting the result set to the credible center server, and finding the position service result corresponding to the mobile user position through screening. The system comprises a position service request module, a position anonymous module, a result set retrieval module and a result set screening module. The invention obtains the relatively small anonymous area when satisfying the user demand, improves the LBS inquiry accuracy, controls the mobile user who transmits the position service request in position most near to the k and reduces the resource waste due to the excessive number of the mobile users, adds the false mobile user information under the condition that the mobile users are sparse to finish the anonymization process and improves the success rate of the anonymization.
Description
Technical field
The invention belongs to location privacy protection field, be specifically related to position anonymous methods and the system of the service of a kind of position-based.
Background technology
Along with the maturation of space orientation technique, and the developing rapidly of mobile communication technology and sensing location technology, make the service of position-based information (LBS) become important component part in following mobile internet environment, people can use PDA, mobile phone to inquire about the required relevant information about location-based service whenever and wherever possible.LBS, bringing user easily simultaneously, also brings the danger that location privacy is leaked.User uses the mobile terminal device with stationkeeping ability to obtain the current location of oneself, obtains the service that position is relevant, and its now residing position must be sent to LBS provider by that.And LBS provider likely control by malicious attacker, assailant can excavate the personal information (as habits and customs, health status etc.) of user according to the customer position information collected and query contents, thus threatens the safety of user.In this case, the location privacy of user is protected to seem particularly important.
The research that current researcher carries out mainly for aspects such as the architecture of location privacy protection hiding algorithm, location privacy protection, the transmission of data and inquiries.It is 3 classes that existing location privacy protection technical research roughly can divide following:
(1) assumed name hiding method.Ask for any LBS, user utilizes believable middleware to generate the user profile of other falsenesses of an alternative User Identity, and sends it to LBS provider to protect the positional information of current request user.Beresford and Stajano proposes a kind of location privacy protection method based on assumed name.Define the Mixed Zone that is mixzone, after user sends location service request, in mixzone, according to certain rule, user is carried out to the replacing of assumed name, make assailant cannot find the actual position of user.But, the method is vulnerable to the attack of fast-developing data mining technology.
(2) based on the method for encryption.By being encrypted the privacy information protecting user to the position of current request user.This method make use of encryption technology, so protection intensity is large and can not the POI of over-exposure LBS client database, but communication and assess the cost all very high, the retardation ratio of service is more serious.The people such as Mascetti propose a kind of method based on encryption technology protection customer location privacy.In closely service (proximityservices), when good friend in its vicinity time can notify user, without the need to leaking the current location of user to LBS provider.In this process, user and each good friend share a password and use symmetric cryptosystem.
(3) method of position-based anonymity.The location point of user is extended for a region containing this position, replaces this point to inquire about.K-anonymity technology is incorporated in the middle of the anonymity technology of space by Gruteser and Grunwald the earliest, proposes IntervalCloak.Trusted servers (anonymous device) utilizes the method based on quaternary tree to divide whole space, after user sends position enquiring request, anonymous device is from the quadtree's node of active user place, recurrence search this space until find the area of space ASR met consumers' demand, ASR is sent to LBS server with all request the in it together with user.Namely assailant allows to the position and the request that obtain all users, but this k user ID can not be mated one by one with position, thus reaches the object of location privacy.The anonymous region that the method obtains is excessive, and inquiry precision is lower.
Make a general survey of the development of location privacy protection; contradiction between the secret protection safety that the accuracy of positional information causes and inquiry service quality; the inherent characteristic of location-based service, balance secret protection fail safe and the relation of inquiry service quality become LBS study in major issue.
Summary of the invention
For prior art Problems existing, the invention provides position anonymous methods and the system of a kind of position-based service.
Technical scheme of the present invention is:
A position anonymous methods for position-based service, comprises the following steps:
Location service request and current location, when the application utilizing position-based to serve, are sent to believable central server by step 1, mobile subscriber;
Step 2, trusted party server carry out concealment to the position of mobile subscriber and obtain anonymous territory, and send to location-based service to provide server together with the location service request content of mobile subscriber in this anonymous territory;
Step 3, location-based service provide the location service request content of the anonymity collection of server according to receiving and mobile subscriber to retrieve, and find the result set of the location service request content meeting mobile subscriber, result set are sent to trusted party server;
Step 4, trusted party server screen result set according to the position of mobile subscriber, find the location-based service result corresponding with the position of mobile subscriber to be sent to mobile subscriber.
Described step 2 is specifically carried out as follows:
The whole locational space comprising mobile subscriber under step 2-1, believable central server are covered is divided into several grid cells; The anonymous demand of recording scheduled justice simultaneously: in the anonymous territory finally determined, the mobile subscriber's quantity sending location service request is not less than setting anonymous quantity k and anonymous degree, and the area of grid cell is not less than presetting minimum anonymous territory Amin;
Step 2-2, check and send the mobile subscriber current place grid cell of location service request, judge whether it meets anonymous demand: be, then using this grid cell as alternative anonymous territory AR, terminate to search; Otherwise forward step 2-3 to;
Step 2-3, judge the current grid that is made up of one or more grid cell and any one or one arrange the area of space whether producing satisfied anonymous demand after the adjacent grid cell in direction merges: be, then this merging area of space is as alternative anonymous territory AR, terminates to search; Otherwise neighbours' mesh update that current grid is maximum with having mobile subscriber's quantity of sending location service request being obtained a new grid, forwarding step 2-4 to;
Step 2-4, judge new grid with it arbitrary long limit adjacent one row grid cell combination and after area of space whether meet anonymous demand: be, then using merge after area of space as alternative anonymous territory AR, terminate to search; Otherwise, the neighboring grid cells that this new grid is maximum with having mobile subscriber's quantity of sending location service request combine and obtains a new grid, execution step 2-5;
Step 2-5, repetition step 2-3 ~ step 2-4, until find the alternative anonymous territory AR of satisfied anonymous demand or reach the maximum anonymous territory Amax of setting, terminate traversal;
Step 2-6, searching in the process of alternative anonymous territory AR in step 2-2 ~ step 2-5, record the grid cell quantity a after each recurrence increase grid cell
1a
ithe mobile subscriber quantity u that send location service request corresponding with corresponding grid
1u
i; And find out in record the one group of record a meeting and make resource utilization and inquiry precision sum optimum
k, u
k;
Step 2-7, judge to send the mobile subscriber quantity u of location service request
kwhether>=k sets up: be, then by grid cell quantity a
kcorresponding region as anonymous territory, with u
kthe anonymity collection of the location service request content composition of individual mobile subscriber sends to location-based service to provide server together; Otherwise, go to step 2-8;
Step 2-8, judge to send the mobile subscriber quantity u of location service request
kwhether/k< ε sets up: be, then abandon this record, finds to meet to make resource utilization and the record inquiring about precision sum optimum, the process in recursion step 2-7 in remaining record; Otherwise, go to step 2-9; ε is for limiting real mobile subscriber's quantity lower limit in anonymous territory;
Step 2-9, now send the mobile subscriber quantity u of location service request
k/ k>=ε, and current u
k<k, does not meet the anonymous demand of setting, then supplements k-u by trusted party server
kthe location service request of the mobile subscriber of individual falseness, and by a
klocation-based service is sent to provide server together with the anonymity collection Aset that individual grid cell region forms as anonymous territory and the location service request content of k mobile subscriber.
The system for position anonymity that described method adopts, comprising:
Location service request module: when the application that mobile subscriber utilizes position-based to serve, the location service request of mobile subscriber is sent to trusted party server;
Position Anonymizing module: concealment is carried out to the position of mobile subscriber and obtains anonymous collection, send to location-based service to provide server together with the location service request content of mobile subscriber this anonymity collection;
Result set retrieval module: the location service request content according to the anonymity collection received and mobile subscriber is retrieved, in the service providing server of position, find the result set of the location service request content meeting mobile subscriber, result set is sent to trusted party server;
Result set screening module: the position according to mobile subscriber is screened result set, and the location-based service result finding the position of mobile subscriber corresponding is sent to mobile subscriber.
Described position Anonymizing module comprises:
Slot storage module: the whole locational space comprising mobile subscriber under being covered by believable central server is divided into several grid cells, the storage content of each grid cell comprises the mobile subscriber quantity Num sending location service request in the id of this grid cell and this grid cell, and the longitude and latitude of corresponding user id and position thereof in each grid;
Anonymous requirements set module: setting anonymous demand is in the anonymous territory finally determined, the mobile subscriber's quantity sending location service request is not less than the anonymous degree k of setting and the area of grid cell is not less than presetting minimum anonymous territory Amin;
Alternative anonymous domain lookup module: check whether the mobile subscriber current place grid cell sending location service request meets anonymous demand: be, then using this grid cell as alternative anonymous territory AR, terminate to search; Otherwise judge the current grid that is made up of one or more grid cell and any one or one arrange the area of space whether producing satisfied anonymous demand after the adjacent grid cell in direction merges: be, then this merging area of space is as alternative anonymous territory AR, terminates to search; Otherwise neighbours' mesh update that current grid is maximum with having mobile subscriber's quantity of sending location service request is obtained a new grid, judge whether the area of space after the row's grid cell combination also that arbitrary long limit is adjacent with it of new grid meets anonymous demand: be, then using merge after area of space as alternative anonymous territory AR, terminate to search; Otherwise, the neighboring grid cells that this new grid is maximum with having mobile subscriber's quantity of sending location service request is combined and obtains a new grid, repeat said process, until find the alternative anonymous territory AR of satisfied anonymous demand or reach the maximum anonymous territory Amax of setting, terminate traversal; The mobile subscriber's quantity sending location service request that the grid cell quantity after each recurrence increase grid cell is corresponding with corresponding grid is recorded in the process of searching alternative anonymous territory AR; And find out in record the one group of record making resource utilization and inquiry required precision reach optimum;
Anonymous domain lookup module: according to the mobile subscriber quantity u sending location service request in optimum record
kanonymous territory is searched: if u with the anonymous degree k of setting
k>=k, then by grid cell quantity a
kcorresponding region as anonymous territory, with u
kthe anonymity collection of the location service request content composition of individual mobile subscriber sends to location-based service to provide server together; If u
k/ k< ε, ε for limiting true mobile subscriber's quantity in anonymous territory, then abandon this record, find to meet to make resource utilization and the record inquiring about precision sum optimum in remaining record, and recurrence said process, if u
k/ k>=ε, and current u
k<k, does not meet the anonymous demand of setting, then supplements k-u by trusted party server
kthe location service request of the mobile subscriber of individual falseness, and by a
klocation-based service is sent to provide server together with the anonymity collection Aset that individual grid cell region forms as anonymous territory and the location service request content of k mobile subscriber.
Beneficial effect:
In order to better solve the contradiction between the fail safe of location privacy protection and service quality; improve anonymous success rate and inquiry precision; reduce communication and calculate waste etc.; the present invention proposes position anonymous methods and the system of the service of a kind of position-based, can improve service quality preferably when protecting customer location privacy.Anonymous territory, the position of optimization of the present invention choose mode, less anonymous region can be obtained when meeting consumers' demand, improve the inquiry precision of LBS.Can the number of mobile users sending location service request in anonymous territory be controlled in the situation closest to k, the waste of the resources such as the communication that minimizing mobile subscriber quantity too much causes and calculating.When mobile subscriber's rareness, false information of mobile user can be added on request and complete anonymous process, improve anonymous success rate.Finally, improve the service quality of LBS on the whole.
Accompanying drawing explanation
Fig. 1 is third party's central server architectural schematic of the specific embodiment of the invention;
Fig. 2 is the system configuration schematic diagram for position anonymity of the specific embodiment of the invention;
Fig. 3 is the data store organisation schematic diagram of the grid cell of the specific embodiment of the invention;
Anonymous process schematic when Fig. 4 is the continuous anonymous failure of the specific embodiment of the invention;
Fig. 5 is the position anonymous methods flow chart of the position-based service of the specific embodiment of the invention;
Fig. 6 is the anonymous success rate contrast schematic diagram of the specific embodiment of the invention;
Fig. 7 is the anonymous territory area contrast schematic diagram of the specific embodiment of the invention;
Fig. 8 is number contrast schematic diagram in the anonymous territory of the specific embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing, the specific embodiment of the present invention is elaborated.
Fig. 1 is the system configuration that this method is used---third party's central server architecture.After mobile subscriber sends location service request, the process of whole anonymous procedural information is as follows:
(1) mobile subscriber must can obtain the secret protection service of trusted party server in the registration of trusted party server place, need submit location privacy protection parameter (generally as anonymous degree k and minimum anonymous territory area A min) when registering to.
(2) when mobile subscriber sends LBS inquiry request, first inquiry request is sent to trusted party server, process through the positional information of trusted party server to user.
(3) after trusted party server receives the LBS inquiry request of user; the location privacy protection parameter submitted to when registering according to this user carries out anonymity protection, and the anonymous territory obtained is sent to LBS server (location-based service provides server) together with LBS query contents.
(4), after LBS server receives inquiry request, need all possible outcomes that search is relevant to this anonymous territory, obtain a candidate collection comprising numerous Query Result and return to trusted party server.
(5) after trusted party server receives and returns results set, the actual position according to mobile subscriber filters, and finally the legitimate reading that user needs is sent to user.
Present embodiment provides a kind of system for position anonymity, as shown in Figure 2, comprising:
Location service request module: when the application that mobile subscriber utilizes position-based to serve, the location service request of mobile subscriber is sent to trusted party server; Location service request module realizes in mobile subscriber.
Position Anonymizing module: concealment is carried out to the position of mobile subscriber and obtains anonymous collection, send to location-based service to provide server together with the location service request content of mobile subscriber this anonymity collection; Position Anonymizing module realizes in trusted party server.
Result set retrieval module: the location service request content according to the anonymity collection received and mobile subscriber is retrieved, in the service providing server of position, find the result set of the location service request content meeting mobile subscriber, result set is sent to trusted party server; Result set retrieval module realizes in the service providing server of position.
Result set screening module: the position according to mobile subscriber is screened result set, and the location-based service result finding the position of mobile subscriber corresponding is sent to mobile subscriber.
Position Anonymizing module comprises:
Slot storage module: the whole locational space comprising mobile subscriber under being covered by believable central server is divided into α × β grid cell, as shown in Figure 3, α and β represents horizontal and vertical grid cell number respectively, the storage content of each grid cell comprises the mobile subscriber quantity Num sending location service request in the Cellid of this grid cell and this grid cell, the storage content of the position of mobile subscriber comprises (Useid, Lon, Lat, Cellid), Lon represents the longitude of mobile subscriber position, Lat represents the latitude of mobile subscriber position, Cellid represents the id of the grid cell residing for location of mobile users.Mobile subscriber logins LBS application, positional information is sent to trusted party server, the positional information of trusted party server receives user is also preserved, and judges user current place grid cell id simultaneously, then the mobile subscriber quantity Num sending location service request in this grid cell is added 1.
Anonymous requirements set module: setting anonymous demand is in the anonymous territory finally determined, the mobile subscriber's quantity sending location service request is not less than the anonymous degree k of setting and the area of grid cell is not less than presetting minimum anonymous territory Amin;
Alternative anonymous domain lookup module: as shown in Figure 4, checks whether the mobile subscriber current place grid cell sending location service request meets anonymous demand: be, then using this grid cell as alternative anonymous territory AR, terminate to search; Otherwise judge the current grid that is made up of one or more grid cell and any one or one arrange the area of space whether producing satisfied anonymous demand after the adjacent grid cell in direction merges: be, then this merging area of space is as alternative anonymous territory AR, terminates to search; Otherwise neighbours' mesh update that current grid is maximum with having mobile subscriber's quantity of sending location service request is obtained a new grid, judge whether the area of space after the row's grid cell combination also that arbitrary long limit is adjacent with it of new grid meets anonymous demand: be, then using merge after area of space as alternative anonymous territory AR, terminate to search; Otherwise, the neighboring grid cells that this new grid is maximum with having mobile subscriber's quantity of sending location service request is combined and obtains a new grid, repeat said process, until find the alternative anonymous territory AR of satisfied anonymous demand or reach the maximum anonymous territory Amax of setting, terminate traversal; The mobile subscriber's quantity sending location service request that the grid cell quantity after each recurrence increase grid cell is corresponding with corresponding grid is recorded in the process of searching alternative anonymous territory AR; And find out in record the one group of record making resource utilization and inquiry required precision reach optimum;
Anonymous domain lookup module: according to the mobile subscriber quantity u sending location service request in optimum record
kanonymous territory is searched: if u with the anonymous degree k of setting
k>=k, then by grid cell quantity a
kcorresponding region as anonymous territory, with u
kthe anonymity collection of the location service request content composition of individual mobile subscriber sends to location-based service to provide server together; If u
k/ k< ε, ε for limiting true mobile subscriber's quantity in anonymous territory, then abandon this record, find to meet to make resource utilization and the record inquiring about precision sum optimum in remaining record, and recurrence said process, if u
k/ k>=ε, and current u
k<k, does not meet the anonymous demand of setting, then supplements k-u by trusted party server
kthe location service request of the mobile subscriber of individual falseness, and by a
klocation-based service is sent to provide server together with the anonymity collection Aset that individual grid cell region forms as anonymous territory and the location service request content of k mobile subscriber.
A position anonymous methods for position-based service, as shown in Figure 5, comprises the following steps:
Location service request and current location, when the application utilizing position-based to serve, are sent to believable central server by step 1, mobile subscriber;
Step 2, trusted party server carry out concealment to the position of mobile subscriber and obtain anonymous territory, and send to location-based service to provide server together with the location service request content of mobile subscriber in this anonymous territory;
Step 2-1, the whole locational space comprising mobile subscriber under believable central server is covered is divided into α × β grid cell, α and β represents horizontal and vertical number of meshes respectively, the storage mode of the position of mobile subscriber is U (Useid, Lon, Lat, Cellid), Useid represents the individual id of mobile subscriber, Lon represents the longitude of mobile subscriber position, Lat represents the latitude of mobile subscriber position, Cellid represents the id of the grid cell residing for location of mobile users, the storage content of each grid cell comprises the mobile subscriber quantity Num sending location service request in the Cellid of this grid cell and this grid cell, set anonymous demand: in the anonymous territory finally determined, the mobile subscriber's quantity sending location service request is not less than the anonymous degree k of setting and the area of grid cell is not less than presetting minimum anonymous territory Amin simultaneously,
According to the mode shown in Fig. 3, grid is carried out to the query script of step 2-2 ~ step 2-5:
The structure of definition inquiry request Q is
Q={uid,p,t,k,Amin,qr},
Wherein:
Uid represents the identify label of mobile subscriber;
P=(Lon, Lat) record sends the position coordinates at the mobile subscriber place of inquiry Q;
T is the time that mobile subscriber sends inquiry request;
K is the anonymous degree that mobile subscriber specifies;
Amin represents that mobile subscriber specifies and ensures that self-position is not by the minimum anonymous territory area revealed;
Qr represents the query contents of mobile subscriber.
Step 2-2, check and send the mobile subscriber current place grid cell of location service request, judge whether it meets anonymous demand: be, then using this grid cell as alternative anonymous territory AR, terminate to search; Otherwise forward step 2-3 to;
Step 2-3, judge the current grid that is made up of one or more grid cell and any one or one arrange the area of space whether producing satisfied anonymous demand after the adjacent grid cell in direction merges: be, then this merging area of space is as alternative anonymous territory AR, terminates to search; Otherwise neighbours' mesh update that current grid is maximum with having mobile subscriber's quantity of sending location service request being obtained a new grid, forwarding step 2-4 to;
Step 2-4, judge new grid with it arbitrary long limit adjacent one row grid cell combination and after area of space whether meet anonymous demand: be, then using merge after area of space as alternative anonymous territory AR, terminate to search; Otherwise, the neighboring grid cells that this new grid is maximum with having mobile subscriber's quantity of sending location service request combine and obtains a new grid, execution step 2-5;
Step 2-5, repetition step 2-3 ~ step 2-4, until find the alternative anonymous territory AR of satisfied anonymous demand or reach the maximum anonymous territory Amax of setting, terminate traversal;
Step 2-6, searching in the process of alternative anonymous territory AR in step 2-2 ~ step 2-5, record the grid cell quantity a after each recurrence increase grid cell
1a
ithe mobile subscriber quantity u that send location service request corresponding with corresponding grid
1u
i, obtain gathering C
i={ (a
1, u
1), (a
i, u
i), wherein a
iand u
ithe value of corresponding A num and Unum respectively, and find out in record the one group of record a meeting and make resource utilization and inquiry precision sum optimum
k, u
k;
K and Amin is the principal element affecting anonymous result; Definition M, as the overall measurement of resource utilization with inquiry precision, is expressed as follows;
M=Rp+Qp
Wherein:
Rp represents a criterion of resource utilization, and resource refers to location service request that location-based service provides server and trusted party server process mobile subscriber to send and the resource needed for transfer of data;
Qp represents the criterion of inquiry precision, the difference of the location service request accuracy that the mobile subscriber caused according to the size in anonymous territory sends, and the accuracy of the less Query Result in anonymous territory is higher;
Unum is as the mobile subscriber's quantity sending location service request in current searched grid;
Anum represents the anonymous territory area (representing with number of grid, so be discrete) of formation.
Define a ε (size of value is determined according to the situation of trusted party server), object is time in anonymous territory, the less needs of mobile subscriber add false mobile subscriber, control to add false mobile subscriber with it and concentrate proportion in anonymity, namely
when it is less than ε, return anonymous failure.Prevent the dummy location service request of interpolation too much, easily suffer malicious attack.
M represents the criterion of final service quality, and M value is less, and service quality is higher.
Have formula defined above to find out, the domain of definition of M is the set of the data composition of limited (Anum, Unum) form.Anum and Unum is interactional, does not have again certain regularity, and their relation is as shown in table 1.According to the data in table 1, the candidate data set of the M that (Anum, Unum) forms is discrete, meets the condition of combinatorial optimization.
The correspondence table of table 1Anum and Unum
Step 2-7, judge to send the mobile subscriber quantity u of location service request
kwhether>=k sets up: be, then by grid cell quantity a
kcorresponding region as anonymous territory, with u
kthe anonymity collection of the location service request content composition of individual mobile subscriber sends to location-based service to provide server together; Otherwise, go to step 2-8;
Step 2-8, judge to send the mobile subscriber quantity u of location service request
kwhether/k< ε sets up: be, then abandon this record, finds to meet to make resource utilization and the record inquiring about precision sum optimum, the process in recursion step 2-7 in remaining record; Otherwise, go to step 2-9; ε is for limiting real mobile subscriber's quantity lower limit in anonymous territory;
Step 2-9, now send the mobile subscriber quantity u of location service request
k/ k>=ε, and current u
k<k, does not meet the anonymous demand of setting, then supplements k-u by trusted party server
kthe location service request of the mobile subscriber of individual falseness, and by a
klocation-based service is sent to provide server together with the anonymity collection Aset that individual grid cell region forms as anonymous territory and the location service request content of k mobile subscriber.
Step 3, location-based service provide the location service request content of the anonymity collection of server according to receiving and mobile subscriber to retrieve, and find the result set of the location service request content meeting mobile subscriber, result set are sent to trusted party server;
Step 4, trusted party server screen result set according to the position of mobile subscriber, find the location-based service result corresponding with the position of mobile subscriber to be sent to mobile subscriber.
Experimental situation and analysis
Emulation experiment is carried out to the system and method for present embodiment, the environment of experiment is 64 Windows7 systems, internal memory (RAM) is 8.00GB, and processor is Intel (R) Core (TM) i7-2600CPU3.40GHz3.40GHz; Realized by java.Experimental data is that ThomasBrinkhoff Data Generator generates.
As shown in table 2, be the parameter of some necessity arranged in experimentation.Comprising some thick-and-thin default data and the independent variable affecting experimental result change.
Table 2 experiment parameter arranges table
By above experiment condition, test and experimental verification has been carried out to indexs such as the anonymous territory area of anonymous success rate of the present invention, acquisition and the waste rates of communication.And contrast with existing typical space-time anonymity technology Casper model, the feasibility of the system and method that checking the present invention proposes and superiority.
Be illustrated in figure 6 the contrast schematic diagram of the inventive method and the anonymous success rate of Casper model.According to change and the contrast of the anonymous success rate of two kinds of methods, Casper model is when anonymous degree k increases more, anonymous success rate can obviously reduce, and this method is in anonymous degree k increase process, the reduction of anonymous success rate is slower, as much as possiblely can complete the location service request of mobile subscriber, make mobile subscriber have good Consumer's Experience to improve service quality.
Be illustrated in figure 7 the contrast schematic diagram that two kinds of methods obtain anonymous region area.Anonymous territory is the area of space replacing inquiring user actual position to inquire about for user's request, and the size of anonymous territory area directly affects the accuracy of the Query Result of LBS provider, and anonymous territory is less, and the precision of Query Result is higher.Can find out in figure, the area in this method anonymous territory under different anonymous degree k is obviously less, and rate of change is less.Thus the inquiry precision of the method is higher, then mobile subscriber can enjoy location-based service more accurately, improves the credit worthiness of businessman, thus improves overall service quality.
Two kinds of methods obtain number contrast schematic diagram in anonymous territory as shown in Figure 8.In data transmission procedure, the more required delivery flow rates of number are larger, and simultaneously required during server process user profile amount of calculation is larger.When communication channel by flow less time, and in anonymous result, the anonymous information of mobile user comprised that collects is more, can bring larger burden to communication, even communication blocking occurs.So the number sending location service request in anonymous territory directly affects communication and computational resource consumption, the fewer communication of number and the resource needed for calculating fewer, the location service response time can be reduced, effectively the service quality of raising LBS.By finding out in figure that this method and Casper model contrast, reduce the number sending location service request in anonymous territory preferably, namely in communication transmitting data amount with on call duration time, have good optimization.
Claims (4)
1. a position anonymous methods for position-based service, is characterized in that, comprise the following steps:
Location service request and current location, when the application utilizing position-based to serve, are sent to believable central server by step 1, mobile subscriber;
Step 2, trusted party server carry out concealment to the position of mobile subscriber and obtain anonymous territory, and send to location-based service to provide server together with the location service request content of mobile subscriber in this anonymous territory;
Step 3, location-based service provide the location service request content of the anonymity collection of server according to receiving and mobile subscriber to retrieve, and find the result set of the location service request content meeting mobile subscriber, result set are sent to trusted party server;
Step 4, trusted party server screen result set according to the position of mobile subscriber, find the location-based service result corresponding with the position of mobile subscriber to be sent to mobile subscriber.
2. the position anonymous methods of position-based service according to claim 1, it is characterized in that, described step 2 is specifically carried out as follows:
The whole locational space comprising mobile subscriber under step 2-1, believable central server are covered is divided into several grid cells; The anonymous demand of recording scheduled justice simultaneously: in the anonymous territory finally determined, the mobile subscriber's quantity sending location service request is not less than the anonymous degree k of setting, and the area of grid cell is not less than presetting minimum anonymous territory Amin;
Step 2-2, check and send the mobile subscriber current place grid cell of location service request, judge whether it meets anonymous demand: be, then using this grid cell as alternative anonymous territory AR, terminate to search; Otherwise forward step 2-3 to;
Step 2-3, judge the current grid that is made up of one or more grid cell and any one or one arrange the area of space whether producing satisfied anonymous demand after the adjacent grid cell in direction merges: be, then this merging area of space is as alternative anonymous territory AR, terminates to search; Otherwise neighbours' mesh update that current grid is maximum with having mobile subscriber's quantity of sending location service request being obtained a new grid, forwarding step 2-4 to;
Step 2-4, judge new grid with it arbitrary long limit adjacent one row grid cell combination and after area of space whether meet anonymous demand: be, then using merge after area of space as alternative anonymous territory AR, terminate to search; Otherwise, the neighboring grid cells that this new grid is maximum with having mobile subscriber's quantity of sending location service request combine and obtains a new grid, execution step 2-5;
Step 2-5, repetition step 2-3 ~ step 2-4, until find the alternative anonymous territory AR of satisfied anonymous demand or reach the maximum anonymous territory Amax of setting, terminate traversal;
Step 2-6, searching in the process of alternative anonymous territory AR in step 2-2 ~ step 2-5, record the grid cell quantity after each recurrence increase grid cell
a 1 a i the mobile subscriber quantity that sends location service request corresponding with corresponding grid
u 1 u i ; And find out in record the one group of record meeting and make resource utilization and inquiry precision sum optimum
a k ,
u k ;
Step 2-7, judge to send mobile subscriber's quantity of location service request
u k whether>=k sets up: be, then by grid cell quantity
a k corresponding region as anonymous territory, with
u k the anonymity collection of the location service request content composition of individual mobile subscriber sends to location-based service to provide server together; Otherwise, go to step 2-8;
Step 2-8, judge to send mobile subscriber's quantity of location service request
u k whether/k< ε sets up: be, then abandon this record, finds to meet to make resource utilization and the record inquiring about precision sum optimum, the process in recursion step 2-7 in remaining record; Otherwise, go to step 2-9; ε is for limiting real mobile subscriber's quantity lower limit in anonymous territory;
Step 2-9, now send mobile subscriber's quantity of location service request
u k / k>=ε, and current
u k <k, does not meet the anonymous demand of setting, then supplements k-by trusted party server
u k the location service request of the mobile subscriber of individual falseness, and will
a k location-based service is sent to provide server together with the anonymity collection Aset that individual grid cell region forms as anonymous territory and the location service request content of k mobile subscriber.
3. the system for position anonymity that adopts of the method for claim 1, is characterized in that, comprising:
Location service request module: when the application that mobile subscriber utilizes position-based to serve, the location service request of mobile subscriber is sent to trusted party server;
Position Anonymizing module: concealment is carried out to the position of mobile subscriber and obtains anonymous collection, send to location-based service to provide server together with the location service request content of mobile subscriber this anonymity collection;
Result set retrieval module: the location service request content according to the anonymity collection received and mobile subscriber is retrieved, in the service providing server of position, find the result set of the location service request content meeting mobile subscriber, result set is sent to trusted party server;
Result set screening module: the position according to mobile subscriber is screened result set, and the location-based service result finding the position of mobile subscriber corresponding is sent to mobile subscriber.
4. the system for position anonymity according to claim 3, is characterized in that, described position Anonymizing module comprises:
Slot storage module: the whole locational space comprising mobile subscriber under being covered by believable central server is divided into several grid cells, the storage content of each grid cell comprises the mobile subscriber quantity Num sending location service request in the id of this grid cell and this grid cell, and the longitude and latitude of corresponding user id and position thereof in each grid;
Anonymous requirements set module: setting anonymous demand is in the anonymous territory finally determined, the mobile subscriber's quantity sending location service request is not less than the anonymous degree k of setting and the area of grid cell is not less than presetting minimum anonymous territory Amin;
Alternative anonymous domain lookup module: check whether the mobile subscriber current place grid cell sending location service request meets anonymous demand: be, then using this grid cell as alternative anonymous territory AR, terminate to search; Otherwise judge the current grid that is made up of one or more grid cell and any one or one arrange the area of space whether producing satisfied anonymous demand after the adjacent grid cell in direction merges: be, then this merging area of space is as alternative anonymous territory AR, terminates to search; Otherwise neighbours' mesh update that current grid is maximum with having mobile subscriber's quantity of sending location service request is obtained a new grid, judge whether the area of space after the row's grid cell combination also that arbitrary long limit is adjacent with it of new grid meets anonymous demand: be, then using merge after area of space as alternative anonymous territory AR, terminate to search; Otherwise, the neighboring grid cells that this new grid is maximum with having mobile subscriber's quantity of sending location service request is combined and obtains a new grid, repeat said process, until find the alternative anonymous territory AR of satisfied anonymous demand or reach the maximum anonymous territory Amax of setting, terminate traversal; The mobile subscriber's quantity sending location service request that the grid cell quantity after each recurrence increase grid cell is corresponding with corresponding grid is recorded in the process of searching alternative anonymous territory AR; And find out in record the one group of record meeting and make resource utilization and inquiry precision sum optimum;
Anonymous domain lookup module: according to the mobile subscriber's quantity sending location service request in optimum record
u k anonymous territory is searched with the anonymous quantity k of setting: if
u k >=k, then by grid cell quantity
a k corresponding region as anonymous territory, with
u k the anonymity collection of the location service request content composition of individual mobile subscriber sends to location-based service to provide server together; If
u k / k< ε, ε for limiting true mobile subscriber's quantity in anonymous territory, then abandon this record, find to meet to make resource utilization and the record inquiring about precision sum optimum, recurrence said process in remaining record, if
u k / k>=ε, and current
u k <k, does not meet the anonymous demand of setting, then supplements k-by trusted party server
u k the location service request of the mobile subscriber of individual falseness, and will
a k location-based service is sent to provide server together with the anonymity collection Aset that individual grid cell region forms as anonymous territory and the location service request content of k mobile subscriber.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510970497.4A CN105578412B (en) | 2015-12-21 | 2015-12-21 | A kind of position anonymous methods and system based on location-based service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510970497.4A CN105578412B (en) | 2015-12-21 | 2015-12-21 | A kind of position anonymous methods and system based on location-based service |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105578412A true CN105578412A (en) | 2016-05-11 |
| CN105578412B CN105578412B (en) | 2018-11-27 |
Family
ID=55887980
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510970497.4A Active CN105578412B (en) | 2015-12-21 | 2015-12-21 | A kind of position anonymous methods and system based on location-based service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105578412B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105847227A (en) * | 2016-06-23 | 2016-08-10 | 国家电网公司 | Privacy protection method for mobile electric power inspection system |
| CN106302110A (en) * | 2016-08-04 | 2017-01-04 | 福建师范大学 | A kind of social network position sharing method based on secret protection |
| CN109218974A (en) * | 2018-09-18 | 2019-01-15 | 北京邮电大学 | It is a kind of cooperate secret protection node determine method and device |
| CN110430526A (en) * | 2018-12-20 | 2019-11-08 | 西安电子科技大学 | Method for secret protection based on credit assessment |
| CN112866992A (en) * | 2021-01-22 | 2021-05-28 | 湖南大学 | Position privacy protection method and system |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20090129837A (en) * | 2008-06-13 | 2009-12-17 | 팅크웨어(주) | System and method for genrating cloaking area to cloak position inforamtion of user in location based service |
| US20100064373A1 (en) * | 2008-09-05 | 2010-03-11 | Iowa State University Research Foundation, Inc. | Cloaking with footprints to provide location privacy protection in location-based services |
| CN101866353A (en) * | 2010-06-09 | 2010-10-20 | 孟小峰 | Privacy continuous-query protection method based on location-based service |
| CN103249038A (en) * | 2013-04-09 | 2013-08-14 | 哈尔滨工程大学 | Privacy protection method based on location of moving object in road network space |
| CN104092692A (en) * | 2014-07-15 | 2014-10-08 | 福建师范大学 | Location privacy protection method based on combination of k-anonymity and service similarity |
| CN104394509A (en) * | 2014-11-21 | 2015-03-04 | 西安交通大学 | High-efficiency difference disturbance location privacy protection system and method |
| CN104618896A (en) * | 2015-01-07 | 2015-05-13 | 上海交通大学 | Method and system for protecting location service privacy based on grid density |
-
2015
- 2015-12-21 CN CN201510970497.4A patent/CN105578412B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20090129837A (en) * | 2008-06-13 | 2009-12-17 | 팅크웨어(주) | System and method for genrating cloaking area to cloak position inforamtion of user in location based service |
| US20100064373A1 (en) * | 2008-09-05 | 2010-03-11 | Iowa State University Research Foundation, Inc. | Cloaking with footprints to provide location privacy protection in location-based services |
| CN101866353A (en) * | 2010-06-09 | 2010-10-20 | 孟小峰 | Privacy continuous-query protection method based on location-based service |
| CN103249038A (en) * | 2013-04-09 | 2013-08-14 | 哈尔滨工程大学 | Privacy protection method based on location of moving object in road network space |
| CN104092692A (en) * | 2014-07-15 | 2014-10-08 | 福建师范大学 | Location privacy protection method based on combination of k-anonymity and service similarity |
| CN104394509A (en) * | 2014-11-21 | 2015-03-04 | 西安交通大学 | High-efficiency difference disturbance location privacy protection system and method |
| CN104618896A (en) * | 2015-01-07 | 2015-05-13 | 上海交通大学 | Method and system for protecting location service privacy based on grid density |
Non-Patent Citations (4)
| Title |
|---|
| BEN NIU,ET.AL.: "A Personalized Two-Tier Cloaking Scheme for Privacy-Aware Location-Based Services", 《2015 INTERNATIONAL CONFERENCE ON COMPUTING, NETWORKING AND COMMUNICATIONS》 * |
| HOA NGO,ET.AL.: "Location Privacy via Differential Private Perturbation of Cloaking Area", 《2015 IEEE 28TH COMPUTER SECURITY FOUNDATIONS SYMPOSIUM》 * |
| 张付霞等: "一种基于网格聚类的查询隐私匿名算法研究", 《信息网络安全》 * |
| 邹永贵等: "基于网格划分空间的位置匿名算法", 《计算机应用研究》 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105847227A (en) * | 2016-06-23 | 2016-08-10 | 国家电网公司 | Privacy protection method for mobile electric power inspection system |
| CN106302110A (en) * | 2016-08-04 | 2017-01-04 | 福建师范大学 | A kind of social network position sharing method based on secret protection |
| CN106302110B (en) * | 2016-08-04 | 2019-07-23 | 福建师范大学 | A kind of social network position sharing method based on secret protection |
| CN110190948A (en) * | 2016-08-04 | 2019-08-30 | 福建师范大学 | Social network position sharing method independent of third-party server |
| CN110190948B (en) * | 2016-08-04 | 2022-06-28 | 福建师范大学 | Social network position sharing method independent of third-party server |
| CN109218974A (en) * | 2018-09-18 | 2019-01-15 | 北京邮电大学 | It is a kind of cooperate secret protection node determine method and device |
| CN110430526A (en) * | 2018-12-20 | 2019-11-08 | 西安电子科技大学 | Method for secret protection based on credit assessment |
| CN110430526B (en) * | 2018-12-20 | 2020-09-08 | 西安电子科技大学 | Privacy protection method based on credit evaluation |
| CN112866992A (en) * | 2021-01-22 | 2021-05-28 | 湖南大学 | Position privacy protection method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105578412B (en) | 2018-11-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Shin et al. | Privacy protection for users of location-based services | |
| Albouq et al. | A double obfuscation approach for protecting the privacy of IoT location based applications | |
| Damiani | Location privacy models in mobile applications: conceptual view and research directions | |
| CN105578412A (en) | Position anonymization method based on position service and system | |
| Gao et al. | LTPPM: a location and trajectory privacy protection mechanism in participatory sensing | |
| Zhao et al. | Preserving privacy in WiFi localization with plausible dummy locations | |
| Kang et al. | MoveWithMe: Location privacy preservation for smartphone users | |
| Peng et al. | Multidimensional privacy preservation in location-based services | |
| Gupta et al. | Achieving location privacy through CAST in location based services | |
| CN108600304A (en) | A kind of personalized location method for secret protection based on position k- anonymities | |
| CN109067750B (en) | Location privacy protection method and device based on anonymity | |
| Wang et al. | Achieving effective $ k $-anonymity for query privacy in location-based services | |
| Sai et al. | A survey on privacy issues in mobile social networks | |
| CN111786970B (en) | Cache-based cooperative location obfuscation anonymous privacy protection method and system | |
| CN107135197B (en) | Chain k-anonymous location privacy protection method based on grey prediction | |
| Li et al. | Location privacy protection scheme for LBS in IoT | |
| Ma et al. | Achieve personalized anonymity through query blocks exchanging | |
| Tefera et al. | A survey of system architectures, privacy preservation, and main research challenges on location-based services | |
| Han et al. | Near-complete privacy protection: Cognitive optimal strategy in location-based services | |
| Cheng et al. | A survey of crowdsensing and privacy protection in digital city | |
| Zhao et al. | A Privacy‐Preserving Trajectory Publication Method Based on Secure Start‐Points and End‐Points | |
| Zhang et al. | LPPS-AGC: Location privacy protection strategy based on alt-geohash coding in location-based services | |
| Zhao et al. | EPLA: efficient personal location anonymity | |
| Yin et al. | Location privacy protection based on improved-value method in augmented reality on mobile devices | |
| Damiani | Third party geolocation services in LBS: privacy requirements and research issues |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |