CN106899700B - Privacy protection method of location sharing system in mobile social network - Google Patents

Privacy protection method of location sharing system in mobile social network Download PDF

Info

Publication number
CN106899700B
CN106899700B CN201710287904.0A CN201710287904A CN106899700B CN 106899700 B CN106899700 B CN 106899700B CN 201710287904 A CN201710287904 A CN 201710287904A CN 106899700 B CN106899700 B CN 106899700B
Authority
CN
China
Prior art keywords
user
pseudonym
location
search
social network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710287904.0A
Other languages
Chinese (zh)
Other versions
CN106899700A (en
Inventor
孙罡
谢喻霞
廖丹
孙健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Electronic Science and Technology of China
Original Assignee
University of Electronic Science and Technology of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Electronic Science and Technology of China filed Critical University of Electronic Science and Technology of China
Priority to CN201710287904.0A priority Critical patent/CN106899700B/en
Publication of CN106899700A publication Critical patent/CN106899700A/en
Application granted granted Critical
Publication of CN106899700B publication Critical patent/CN106899700B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/52Network services specially adapted for the location of the user terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a privacy protection method of a location sharing system in a mobile social network, which realizes the search of nearby friends and strangers and aims at the technical problem of location privacy protection of nearby friend and stranger search services in the mobile online social network. The invention comprehensively considers the particularity of the nearby friend searching and stranger searching service relative to the traditional location-based service, and can protect the social relation privacy of the user besides protecting the location privacy of the user. In the invention, when the user uses the nearby friend to search and the nearby stranger to search the location sharing service, the user can select the location sharing object, namely, the user is allowed to select to expose the own location to a part of friends instead of all friends. Compared with the existing privacy protection method, the protection strategy provided by the invention is more efficient, and nearby friends and strangers can be found more quickly.

Description

Privacy protection method of location sharing system in mobile social network
Technical Field
The invention belongs to the technical field of mobile communication, and particularly relates to privacy protection of a location sharing system in a mobile social network.
Background
With the rapid development of mobile communication technology and social networks and the popularization of high-performance intelligent mobile devices, the traditional location services and the social networks are continuously fused to form a mobile online social network. The mobile online social network provides more location sharing services, and a user can not only search nearby friends and strangers, but also check in services. The mobile social network combines real position service with virtual community, and enriches people's social ways. However, users also risk sensitive information leakage when they enjoy the convenience of location services.
When a user sends a location service request, an attacker can not only associate the location with the identity information of the user, but can also infer more private information of the user, such as health status, etc. Meanwhile, an attacker can also utilize continuous position service request information to form a user track according to time, and through the track analysis of the user, the attacker not only can possibly find the past and the present positions of the user, but also can analyze the possible home address, the working place and the life law of the user, and even can deduce the behavior pattern, the life habit and other information of the daily life track of the user. If the mobile social network is constantly gathering the user's location, it may sell the user's location to a third party merchant for business benefit.
Privacy protection issues for nearby friends and strangers lookup services in a mobile online social network may be decomposed into location privacy protection issues in a social network server and social identity protection issues in a location server.
Location encryption is the primary method to address the problem of location privacy protection in social networking servers. The user encrypts the real position at the terminal and sends the encrypted real position to the social network server, and the social network server does not have a corresponding decryption key, so that the real position of the user cannot be obtained. The location privacy of the user is guaranteed at the social network server side. Dynamic user pseudonyms are the main approach to solving the social identity protection problem in location servers. When a user executes a search service of nearby friends and strangers each time, the social network server randomly generates a user pseudonym for the user, and the location server obtains only the user pseudonym of the user and a social friend list of the user. The location server cannot get the social identity of the user. To enhance social identity privacy protection, false social identities may be randomly added to a user's buddy list. The user's social buddy list may randomly change in the buddy query, so the location server may not associate the user's pseudonym, the user's social buddy list, to the user's social identity. However, in the above location encryption and social identity protection strategies, the asymmetric location encryption algorithm has high computational complexity and computation time, and the user terminal needs more computational resources. Meanwhile, the dynamic user pseudonym is not completely random, and the content of the user pseudonym contains the real social identity of the user, so that the user identity is likely to be inferred by the location server, and the social identity information of the user is exposed.
A system for addressing social identity privacy and location privacy includes a social network server and a plurality of location servers. The system introduces a position encryption algorithm, a dynamic user pseudonym technology and adds false social identities. The user pseudonym is randomly generated when the user initiates a request of finding nearby friends and strangers every time, so that the situation that the location server cannot associate the pseudonym information of the user with the real social identity of the user is guaranteed. Meanwhile, the method considers that false social identities are added in the friend list, the friend list is randomly divided into multiple parts and sent to the multiple location servers respectively, and therefore the location servers cannot associate the friend list with the real social identities of the users. Location privacy encryption makes the social network server unable to obtain the user's location. The method not only realizes the position privacy protection of the user, but also realizes the social identity privacy protection of the user. However, the following disadvantages still exist: (1) the dynamic user pseudonym contains the real social identity information of the user, and the location server can estimate the historical location of the user according to the historical user pseudonym. (2) The computing resources of the user terminal are limited, the position of each friend or stranger needs to be asymmetrically encrypted when the friend or stranger is found, and the computing time is almost in direct proportion to the number of friends and the number of strangers. In the case of a large number of friends and strangers, a large amount of calculation time is required. (3) The method enables the user to share the positions with all the friends only, and does not consider that in practical application, the user may not trust all the friends and only hopes to share the positions with part of the friends.
Another solution for addressing social identity privacy and location privacy is: a trusted third party server based location sharing system includes a trusted third party server and a location social server. The location social server can provide location and social related services. Before a user sends a request for finding nearby friends and strangers, the position needs to be sent to a third-party server, and the third-party server can infer a sensitive position where the user has arrived according to the historical position of the user and the current requested position. And the user stops sending a request which possibly reveals the sensitive position to the position social server according to the calculation result of the credible third-party server. The system and the algorithm effectively realize the privacy protection of the sensitive position of the user. However, the following disadvantages also exist: (1) the system requires a trusted third party server, and once an attacker successfully attacks the server, the historical locations of all users are revealed. (2) Location privacy protection herein refers primarily to privacy protection of sensitive locations, without regard to other locations that may already expose some users' personal privacy, such as activity areas, trajectories, etc.
Disclosure of Invention
In a nearby friend and stranger lookup service in a mobile online social network, not only is the social network server prevented from obtaining the user's true location, but also the location server is prevented from obtaining the user's social identity information, and simultaneously an unauthorized user is prevented from accessing the user's location. Conventional location privacy protection algorithms are therefore not applicable to nearby friend and stranger lookup services in mobile online social networks. The invention provides a user position privacy protection and social relation privacy protection method in a nearby friend searching and stranger searching service, aiming at the technical problem of position privacy protection of the nearby friend and stranger searching service in a mobile online social network. The invention comprehensively considers the particularity of the nearby friend searching and stranger searching service relative to the traditional location-based service, and can protect the social relation privacy of the user besides protecting the location privacy of the user. Considering that the computing resources of the terminal are quite precious, the protection strategy is more efficient than the existing privacy protection method, and nearby friends and strangers can be found more quickly. In the invention, when the user uses the nearby friend to search and the nearby stranger to search the location sharing service, the user can select the location sharing object, namely, the user is allowed to select to expose the own location to a part of friends instead of all friends.
The privacy protection method of the location sharing system in the mobile social network comprises the following steps:
a privacy protection method for a location sharing system in a mobile social network, comprising the steps of:
step 1: the online social network server generates a user pseudonym for the user terminal, and the user terminal logs in the location information on the location server based on the user pseudonym:
101: the user side initiates a user pseudonym generation request to an online social network server:
a user side generates a random key pair, a private key when the social identity ID is registered is used as a key, the social identity ID and the timestamp are asymmetrically encrypted to generate a first digital signature, and a user pseudonym generation request containing the social identity ID, the timestamp, the first digital signature and a public key of the random key pair is sent to an online social network server;
102: the online social network server performs social Identity (ID) verification on the user side: decrypting the received first digital signature through a public key when the user registers the social identity ID and verifying the social identity ID;
the online social network server randomly generates a user pseudonym for the verified user and returns the user pseudonym to the user side, and simultaneously sends the current user pseudonym and a public key of a random key pair from the user side to the location server; updating the user pseudonym of the current social identity ID in the local social network database, wherein the social network database comprises the social identity ID, the user pseudonym and the social identity ID of the friend;
103: the user side generates position login information based on a current user pseudonym and sends the position login information to the position server, wherein the position login information comprises the user pseudonym, a timestamp, a second digital signature, a user position and a searched distance, and the second digital signature is as follows: the method comprises the steps that a private key of a current random key pair is used as a key to carry out asymmetric encryption generation on a pseudonym and a timestamp of a current user; the searched distance includes: the distance of the user position searched by friends and strangers;
104: the location server performs user pseudonym verification on the user side, and maintains a local location database:
user pseudonym verification: decrypting the second digital signature and verifying the user pseudonym based on a public key of a random key pair matched with the user pseudonym;
the home location database is maintained as: storing the verified location login information to a local location database; the location database includes: the user position, the searched distance, the public key of the current random key pair and the user pseudonym;
step 2: and (3) position searching request processing:
201: the method comprises the steps that a user side sends a first search request to an online social network server, wherein the first search request comprises: social identity ID, search type and social identity access authority, wherein the social identity access authority is as follows: allowing access to the buddy list of the home subscriber;
202: the online social network server performs search processing based on the search type:
if the search type is a friend, returning the social identity ID and the user pseudonym of the friend meeting the social identity access authority to the user side;
if the search type is a stranger, waiting for the position server to send a second user pseudonym set, and when receiving the second user pseudonym set, after deleting friends belonging to the user who sends the first search request currently from the second user pseudonym set by the social network server, returning the second user pseudonym set and the corresponding social identity ID to the user side;
203: the user side sends a second search request to the location server, wherein the second search request comprises: user pseudonym, search type, search range and position access control, wherein the position access control is as follows: whether to display the user position of the home terminal user;
204: the location server performs search processing based on the search type:
if the search type is a friend, the location server searches all user pseudonyms meeting the search range and the searched distance to obtain an initial search set; and based on whether position access control for displaying the position of the home terminal user is sent, dividing an initial search set: if the data is not sent, the data is divided into a first subset; otherwise, dividing into a second subset; returning the user pseudonyms of the first subset, the user pseudonyms of the second subset and the user positions to the user side;
if the search type is a stranger, the location server searches all user pseudonyms meeting the search range and the searched distance to obtain a second user pseudonym set, and the second user pseudonym set is returned to the user side and sent to the online social network server;
205: and the user side matches the returned information of the online social network server and the position server to obtain a search result.
In summary, due to the adoption of the technical scheme, the invention has the beneficial effects that:
(1) and protecting the position privacy. The invention fully considers the possible location privacy protection problem when the user uses the location sharing service of friend searching and stranger searching, and can achieve the user location privacy protection on the online social network server and the location server.
(2) Social relationship privacy protection. The invention fully considers the social relationship privacy protection problem of the user on the online social network server, and can achieve the social relationship privacy protection of the user on the position server.
(3) High efficiency. Compared with the traditional symmetric/asymmetric encryption algorithm, the privacy protection algorithm provided by the invention is more efficient.
Drawings
FIG. 1 is a location update flow diagram of the present invention;
FIG. 2 is a flow chart of friend search of the present invention;
FIG. 3 is a stranger finding flow chart of the present invention;
wherein LS represents a location server, SNS represents an online social network server, ID represents a social identity of a social user, and pid represents a user pseudonym generated by the SNS for the user.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the following embodiments and accompanying drawings.
The privacy protection method of the position sharing system provided by the invention has the following implementation process:
(1) position sharing system
The position sharing system for realizing the invention mainly comprises three parts: the system comprises a terminal, a position server and an online social network server. The user initiates a request for inquiring friends and strangers in a specified range through a carried terminal (called a user terminal for short). The terminal may communicate with a location server and an online social network server. The online social network server manages social identity information (user identification) of social users, buddy list information, identity authentication, and the like. An online social network server provides a social identity based online social network service for users. The location server manages user pseudonyms, corresponding locations and identities of all users and provides location-related services.
(2) Lookup method settings
The searching and matching processing involved in the embodiment adopts a red-black balance search tree as a data structure, and key searching is carried out.
(3) Privacy protection policy
Can be divided into three steps: user registration, location update and request submission.
(3.1) user Login
In the invention, different coordinate positions of the user correspond to different user pseudonyms respectively, when the user position changes, a request for generating the user pseudonym needs to be initiated to the online social network server firstly, and then login is carried out on the position server based on the current user pseudonym, so that the position server can record the user position in real time.
Including login on an online social network server and login on a location server.
Logging on an online social network:
the online social network server stores the user IDs and the corresponding buddy lists. For example, an online social network server maintains a social network database for users in the form of { (ID, pid, G, PK) }. Where the user's social network graph G ═ V, E, V denotes the vertices of the social network graph, E denotes the edges of the social network graph, (PK, SK) is the key pair, typically the third, when the user registers a social identity ID on the online social network serverThe digital certificate server of the party generates the social ID for the user, in order to distinguish different users, PK represents the public key, SK represents the private key, can distinguish by the subscript with user identifier, such as PKID、SKID
Each time a user initiates generation of a user pseudonym to a social network server, the user terminal generates a random key pair (pk, sk) for authentication of the user identity (user pseudonym) on the location server, where pk is a public key and sk is a private key, and in order to distinguish the random key pairs of different users, the random key pairs can be distinguished by a subscript with a user identifier, such as (pk)ID,skID)。
User authentication request (ID, ts, SigSK) for social identity IDID(ID, ts), pk) to an online social network server, wherein SigSKID(ID, ts) is the private key SK when the user adds the ID and timestamp ts to register the social identity IDIDThe first digital signature is a digital signature generated by asymmetric encryption (e.g., RSA public key encryption) as a key.
Public key PK when online social network server registers social identity ID through userIDDecrypting and, once the validity of the verified social identity ID is verified, the online social network server randomly generates a user pseudonym pid for the user, which is unique and can be distinguished by a subscript with a user identifier in order to identify the correspondence of the user pseudonym to the user, e.g. pid for the user IDID. And finally, the online social network server sends the currently generated user pseudonym pid to the user, and simultaneously sends (pid, pk) to the location server.
Logging in a position server:
the location server maintains a location database in the form of { (pid, pk, (x, y), dif, s) }. Where pid represents the user pseudonym, pk represents the public key used to authenticate the user pseudonym, (x, y) represents the user location, dif represents the distance the pid is looked up by his friends, and s represents the distance the pid is looked up by strangers. A user authenticated by social ID sends location login information (pid, ts, Sigsk, (x, y), dif) to a location serverID,sID) Wherein Sigsk (pid, ts) is a digital signature generated by asymmetric encryption of a user pseudonym pid and a timestamp ts by using a current sk as a key, namely, a second digital signature, dif represents the distance that a user position can be queried by friends, s represents the distance that the user position can be queried by strangers, and (x, y) represents the user position, and in order to distinguish the distance dif, the distance s and the position of different users, the user position is distinguished by subscripts with user identifiers, for example, the user position corresponding to the social identity ID is (x, y)ID,yID) The distance that the user position can be inquired by friends and strangers is dif respectivelyID、sID. The location server verifies the legitimacy of the signature Sigsk (pid, ts) using the public key pk of the random key pair from the online social network server and matching the current user pseudonym. And saving the verified location login information to a local location database.
In the invention, different user positions correspond to a user pseudonym, when the user positions are updated, the processing flow is the same as the processing mode of new position login information, referring to fig. 1, a user side firstly generates a random key pair (pk ', sk ') for verifying the user pseudonym, then carries out social Identity (ID) verification on an SNS (online social network server), and sends a public key pk ' of the currently generated random key pair to the SNS during verification; the SNS regenerates the user pseudonym pid' for the user authenticated by the social ID, and the user pseudonym is unique. Meanwhile, the SNS updates the user's social network database { (ID, pid ', G, pk) }, and sends pid ' to the user, while sending (pid ', pk ') to the LS.
The user sends the location login information (pid ', Sigsk' (pid ', ts), (x', y '), dif, s) to the LS, and after the LS decrypts and verifies the validity of the current user pseudonym pid', the new user location (x ', y') will be saved in the location database in the form of { (pid ', pk', (x ', y'), dif, s) }.
(3.3) lookup request submission and processing
The premise that the user can submit the search request is that the corresponding authentication is finished on SNS and LS, wherein the first digital signature (SigS) is finished on SNSKID(ID, ts)), namely verifying whether the ID decrypted by the first digital signature is consistent with the received ID; in the LS, the verification process of the second digital signature Sigsk (pid, ts) is completed, that is, whether the pid obtained by decrypting the second digital signature is consistent with the received pid is verified.
The searching request comprises a friend position searching request and a stranger position searching request.
Referring to fig. 2, the friend location search request process is:
after the user side completes corresponding identity authentication on the SNS and the LS, the user side sends a first search request to the SNS, wherein the first search request comprises: social identity ID, lookup type (friends), social identity access rights, where the social identity access rights may be set in the form of a field "Y/N/< friends-set >", where Y denotes that all friends are allowed to access their user location, N denotes that the user's ID allows friends to access but the user location denies access, the default of Y/N is NULL, < friends-set > denotes that the user specifies friends are allowed to access their location.
For example, NULL/NULL/< friends-set > indicates that only friends (user pseudonyms) specified by < friends-set > are allowed to access the user position of the local end user (the user sending the first search request), and friends not specified by < friends-set > are allowed to access the social identity ID of the local end user but are denied access to the user position; NULL/N/NULL indicates that the user location of the home user is not displayed, i.e., the social identity ID of the home user allows friend access but the user location denies access.
Because the current search type is a friend, the SNS directly returns the social identity ID and the user pseudonym of the friend meeting the social identity access authority to the user side:
the SNS manages a Friend list of a user and a corresponding user pseudonym, the Friend list of a searching party and an SNS searching result of the user pseudonym are obtained by inquiring in a social network database based on the social identity ID of the searching party, and Friend-Set is used for representing the SNS searching result, and then Friend-Set { (ID-ID)1,pid1),…,(IDi,pidi),…,(IDn,pidn)}. Then adding FriesElements in nd-Set that allow the seeker to access the user's location are divided into the Set Friend-Set'. Finally, the SNS sends Friend-Set' to the seeker.
Meanwhile, the user side sends a second search request to the LS, wherein the second search request comprises: user pseudonym, search type (friend), search range and location access control, wherein the location access control is as follows: and whether the user position of the local end user is displayed or not, for example, the user position of the local end user is not displayed by using a field Y/N/NULL, and the user position of the local end user is displayed by using the field Y/NULL/NULL.
For the user passing the user pseudonym verification, LS searches all the user pseudonyms meeting the query range and the searched distance to obtain an initial search set. For example, when a search request condition (PID, l, Y/N/NULL) is sent to the LS, where the letter l indicates the search range of the friend location specified by the user, the LS searches all the user pseudonyms satisfying the distance dif searched by the friend in a circle with the location (x, Y) of the user pseudonym PID as the center and l as the radius to obtain the PID for the initial search set0Wherein PID0={pid1,…,pidi,…,pidnWhere i (i ═ 1, …, n), then PID0All user pseudonyms in (a) should satisfy the following condition:
dis((x,y),(xi,yi))≤min(l,difi)
where dis (-) represents a distance function, i.e. the distance between any two user locations is calculated, and min (-) represents a function that calculates the minimum.
When the current search type is friend, LS sets PID set according to whether the user end has sent N (i.e. position access control is set to be that user position of the user at home end is not displayed) when the search type is friend0The user pseudonym in the system is divided into two parts, if the current user pseudonym sends N to LS, the current user pseudonym is divided into subset PID1Is (denied access to its user location), otherwise is divided into subset PIDs2(allowing access to user locations);
PID (proportion integration differentiation) of subset based on division result of initial search set1Subset PID2And the corresponding user pseudonym is sent to the user terminal.
The user terminal matches the information from the SNS and the LS, and the matching process comprises the following steps: for any belonging to PID1User pseudonym pid ofiIf pid isiBelongs to Friend-Set', then the user acquires pidiThe corresponding social identity ID. For any belonging to PID2User pseudonym pid ofiIf pid isiBelongs to Friend-Set', then the user acquires pidiCorresponding social identity IDiAnd position (x)i,yi)。
Referring to fig. 3, the stranger location search request process is:
after the user side completes corresponding identity authentication on the SNS and the LS, the user side sends a first search request to the SNS, namely, the user verifies whether the social identity ID is valid on the SNS. Wherein the first lookup request comprises: social identity ID, type of lookup (stranger), social identity access rights.
And the SNS waits for the LS to send the user pseudonym set because the current searching type is a stranger.
The user side sends a second search request to the LS, wherein the second search request comprises: user pseudonym, lookup type (stranger), lookup range, location access control (location orientation control may be set by default when lookup type is stranger).
For example, the search request condition sent to the LS is (pid, d, s), where d represents the stranger location search range specified by the searching party. The LS searches all the user pseudonyms which simultaneously meet the searching range and the searched distance, forms a user pseudonym set PID, and sends the PID to the user.
For example, the query results in a user pseudonym set of PID { (PID)1,(x1,y1)),…,(pidi,(xi,yi)),…,(pidn,(xn,yn) ) }, the elements in all PIDs satisfy the following conditions:
dis((x,y),(xi,yi))≤min(d,si)
in order to further enhance the location privacy protection, the LS randomly selects some user pseudonyms (elements in the PID which is not added before) to be added into the queried user pseudonym set PID, and then sends the PID to the SNS. The SNS is therefore unable to distinguish which user pseudonyms in the set PID satisfy the lookup range of the current seeker (i.e., the seeker's access distance), thus further enhancing the user's privacy protection.
The SNS removes elements of user pseudonyms belonging to user friends in the received set PID, and then sets the social identity IDs corresponding to the PID and all the elements thereof to { (ID)1,pid1),…,(IDi,pidi),…,(IDn,pidn) And sending the data to the user in the form of the data.
After receiving the messages from the SNS and the LS, the user matches the SNS and the LS, and the matching process comprises the following steps: for any user pseudonym PID belonging to a set PIDiIf pid isiBelong to PID2Then the user gets pidiCorresponding social identity information IDiAnd position (x)i,yi)。
While the invention has been described with reference to specific embodiments, any feature disclosed in this specification may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise; all of the disclosed features, or all of the method or process steps, may be combined in any combination, except mutually exclusive features and/or steps.

Claims (2)

1. A privacy protection method of a location sharing system in a mobile social network is characterized by comprising the following steps:
step 1: the online social network server generates a user pseudonym for the user terminal, and the user terminal logs in the location information on the location server based on the user pseudonym:
101: the user side initiates a user pseudonym generation request to an online social network server:
a user side generates a random key pair, a private key when the social identity ID is registered is used as a key, the social identity ID and the timestamp are asymmetrically encrypted to generate a first digital signature, and a user pseudonym generation request containing the social identity ID, the timestamp, the first digital signature and a public key of the random key pair is sent to an online social network server;
102: the online social network server performs social Identity (ID) verification on the user side: decrypting the received first digital signature through a public key when the user registers the social identity ID and verifying the social identity ID;
the online social network server randomly generates a user pseudonym for the verified user and returns the user pseudonym to the user side, and simultaneously sends the current user pseudonym and a public key of a random key pair from the user side to the location server; updating the user pseudonym of the current social identity ID in the local social network database, wherein the social network database comprises the social identity ID, the user pseudonym and the social identity ID of the friend;
103: the user side generates position login information based on a current user pseudonym and sends the position login information to the position server, wherein the position login information comprises the user pseudonym, a timestamp, a second digital signature, a user position and a searched distance, and the second digital signature is as follows: the method comprises the steps that a private key of a current random key pair is used as a key to carry out asymmetric encryption generation on a pseudonym and a timestamp of a current user; the searched distance includes: the distance of the user position searched by friends and strangers;
104: the location server performs user pseudonym verification on the user side, and maintains a local location database:
user pseudonym verification: decrypting the second digital signature and verifying the user pseudonym based on a public key of a random key pair matched with the user pseudonym;
the home location database is maintained as: storing the verified location login information to a local location database; the location database includes: the user position, the searched distance, the public key of the current random key pair and the user pseudonym;
step 2: and (3) position searching request processing:
201: the method comprises the steps that a user side sends a first search request to an online social network server, wherein the first search request comprises: social identity ID, search type and social identity access authority, wherein the social identity access authority is as follows: allowing access to the buddy list of the home subscriber;
202: the online social network server performs search processing based on the search type:
if the search type is a friend, returning the social identity ID and the user pseudonym of the friend meeting the social identity access authority to the user side;
if the search type is a stranger, waiting for the position server to send a second user pseudonym set, and when receiving the second user pseudonym set, after deleting friends belonging to the user who sends the first search request currently from the second user pseudonym set by the social network server, returning the second user pseudonym set and the corresponding social identity ID to the user side;
wherein, the second user pseudonym set is as follows: the location server searches all user pseudonyms meeting the searching range and the searched distance to obtain a second user pseudonym set;
203: the user side sends a second search request to the location server, wherein the second search request comprises: user pseudonym, search type, search range and position access control of a user side, wherein the position access control comprises the following steps: whether to display the user position of the home terminal user;
204: the location server performs search processing based on the search type:
if the search type is a friend, the location server searches all user pseudonyms meeting the search range and the searched distance to obtain an initial search set; and based on whether position access control for displaying the position of the home terminal user is sent, dividing an initial search set: if the data is not sent, the data is divided into a first subset; otherwise, dividing into a second subset; returning the user pseudonyms of the first subset, the user pseudonyms of the second subset and the user positions to the user side;
if the search type is a stranger, the location server searches all user pseudonyms meeting the search range and the searched distance to obtain a second user pseudonym set, and the second user pseudonym set is returned to the user side and sent to the online social network server;
205: and the user side matches the returned information of the online social network server and the position server to obtain a search result.
2. The method of claim 1, wherein in step 204, when the type of search is stranger, the location server randomly adds a plurality of user pseudonyms to the second set of user pseudonyms, and then sends the added user pseudonyms to the online social network server, wherein the added user pseudonyms are not in the second set of user pseudonyms before the addition.
CN201710287904.0A 2017-04-27 2017-04-27 Privacy protection method of location sharing system in mobile social network Active CN106899700B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710287904.0A CN106899700B (en) 2017-04-27 2017-04-27 Privacy protection method of location sharing system in mobile social network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710287904.0A CN106899700B (en) 2017-04-27 2017-04-27 Privacy protection method of location sharing system in mobile social network

Publications (2)

Publication Number Publication Date
CN106899700A CN106899700A (en) 2017-06-27
CN106899700B true CN106899700B (en) 2020-01-14

Family

ID=59197552

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710287904.0A Active CN106899700B (en) 2017-04-27 2017-04-27 Privacy protection method of location sharing system in mobile social network

Country Status (1)

Country Link
CN (1) CN106899700B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108390865B (en) * 2018-01-30 2021-03-02 南京航空航天大学 Fine-grained access control method based on privacy drive
CN108494666B (en) * 2018-04-01 2020-10-02 王勇 Network chat tool
TWI677805B (en) * 2018-04-24 2019-11-21 大陸商物聯智慧科技(深圳)有限公司 Data encryption and decryption method and system and apparatus terminal and data encryption and decryption method thereof
CN109348413B (en) * 2018-11-26 2020-10-02 苏州达家迎信息技术有限公司 Position information sharing method, device, equipment and storage medium
CN110166350B (en) * 2019-06-06 2021-08-03 雷雨 Open social network communication method
CN110602631B (en) * 2019-06-11 2021-03-05 东华大学 Processing method and processing device for location data for resisting conjecture attack in LBS
CN110569413B (en) * 2019-08-16 2022-11-18 湖北工业大学 Indexing system and method for protecting member privacy in social network
CN111061919A (en) * 2019-08-29 2020-04-24 上海岚孜网络科技有限公司 Edge randomization algorithm and authority control method for social network group
CN110933050B (en) * 2019-11-18 2022-04-01 湖北工业大学 Privacy protection position sharing system and method
CN112800458B (en) * 2021-01-26 2022-06-14 华南理工大学 Track privacy protection method based on relationship strength among users in social network

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103984764A (en) * 2014-05-30 2014-08-13 石家庄铁道大学 Individuation privacy protection method for sensing semantic query based on road network
CN104219245A (en) * 2014-09-19 2014-12-17 西安电子科技大学 System and method for location based service-orientated user privacy protection
CN104836789A (en) * 2015-03-20 2015-08-12 湖南科技大学 Location privacy protection scheme based on space region anonymity
CN105721433A (en) * 2016-01-18 2016-06-29 河南科技大学 Access control method of user private data of online social networks

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140143241A1 (en) * 2012-11-19 2014-05-22 Daniel Dee Barello Internet news platform and related social network
US20170099133A1 (en) * 2015-10-01 2017-04-06 Pitney Bowes Inc. Method and system for privacy-friendly location-based advertising

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103984764A (en) * 2014-05-30 2014-08-13 石家庄铁道大学 Individuation privacy protection method for sensing semantic query based on road network
CN104219245A (en) * 2014-09-19 2014-12-17 西安电子科技大学 System and method for location based service-orientated user privacy protection
CN104836789A (en) * 2015-03-20 2015-08-12 湖南科技大学 Location privacy protection scheme based on space region anonymity
CN105721433A (en) * 2016-01-18 2016-06-29 河南科技大学 Access control method of user private data of online social networks

Also Published As

Publication number Publication date
CN106899700A (en) 2017-06-27

Similar Documents

Publication Publication Date Title
CN106899700B (en) Privacy protection method of location sharing system in mobile social network
Liu et al. A survey on secure data analytics in edge computing
Wei et al. Mobishare: Flexible privacy-preserving location sharing in mobile online social networks
US11456882B2 (en) Using PKI for security and authentication of control devices and their data
Li et al. Location-sharing systems with enhanced privacy in mobile online social networks
Tan et al. Blockchain-assisted distributed and lightweight authentication service for industrial unmanned aerial vehicles
Li et al. A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems
CN109218981B (en) Wi-Fi access authentication method based on position signal feature common recognition
US9003486B2 (en) Methods and apparatus for reliable and privacy protecting identification of parties&#39; mutual friends and common interests
US20230059173A1 (en) Password concatenation for secure command execution in a secure network device
US11582241B1 (en) Community server for secure hosting of community forums via network operating system in secure data network
Hasan et al. WORAL: A witness oriented secure location provenance framework for mobile devices
He et al. An accountable, privacy-preserving, and efficient authentication framework for wireless access networks
US20230012373A1 (en) Directory server providing tag enforcement and network entity attraction in a secure peer-to-peer data network
CN104507049A (en) Location privacy protection method based on coordinate transformation
He et al. Privacy and incentive mechanisms in people-centric sensing networks
CN106856605B (en) Wireless network anonymous switching authentication method based on false identity
US11743057B2 (en) Using PKI for security and authentication of control devices and their data
CN110933050A (en) Privacy protection position sharing system and method
US11582201B1 (en) Establishing and maintaining trusted relationship between secure network devices in secure peer-to-peer data network based on obtaining secure device identity containers
KR101760600B1 (en) A Trustless Broker Based Protocol to Discover Friends in Proximity-Based Mobile Social Network and System Therefor
Cheng et al. IoT security access authentication method based on blockchain
Mocktoolah et al. Privacy challenges in proximity based social networking: Techniques & solutions
US11848763B2 (en) Secure ad-hoc deployment of IoT devices in a secure peer-to-peer data network
US11811755B2 (en) Dynamic secure keyboard resource obtaining interface definitions for secure ad-hoc control of a target device in a secure peer-to-peer data network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant