CN109583229A

CN109583229A - A kind of privacy information is traced to the source evidence collecting method, apparatus and system

Info

Publication number: CN109583229A
Application number: CN201811272731.6A
Authority: CN
Inventors: 李凤华; 李晖; 牛犇; 孙哲; 华佳烽; 张玲翠
Original assignee: Xidian University; Institute of Information Engineering of CAS
Current assignee: Xidian University; Institute of Information Engineering of CAS
Priority date: 2018-10-30
Filing date: 2018-10-30
Publication date: 2019-04-05
Anticipated expiration: 2038-10-30
Also published as: WO2020087877A1; CN109583229B

Abstract

It traces to the source evidence collecting method, apparatus and system the embodiment of the invention discloses a kind of privacy information, which comprises generate the evidence sample data of information；Wherein, the evidence sample data includes any combination of one or more of: privacy information, tracing to the source for privacy information record the privacy violation behavior criterion of information and privacy information；The evidence sample data is saved in the information.The embodiment of the present invention carries out evidence obtaining of tracing to the source to privacy information to realize by perpetuation of testimony sample data in the information, since evidence sample data can circulate together with information, tradition is overcome to trace to the source evidence collecting method the problem of focusing on single piece of information internal system, improve the evidence obtaining problem of tracing to the source in the privacy information stochastic flow transition scape of trace to the source evidence obtaining ability, especially multi-application system to privacy information, multiple barrier.

Description

A kind of privacy information is traced to the source evidence collecting method, apparatus and system

Technical field

The present embodiments relate to but be not limited to information application technique, espespecially a kind of privacy information trace to the source evidence collecting method, dress It sets and system.

Background technique

As information technology and network technology are lasting, fast-developing, user privacy information multi information system, multiple barrier it Between extensively dynamic circulation have become normality.At the same time, the leakage and propagation of some sensitive informations can seriously damage interests concern The privacy equity of person has caused the great attention of national correlation department, reinforces the prison to individual privacy information in internet Pipe, and the privacy compromise event of generation trace to the source collecting evidence and is also become more and more important.

During privacy information transinformation Systematic Communication, information of tracing to the source needs exchange extensively in different information systems. The evidence collecting method of tracing to the source of existing privacy information focuses on single piece of information internal system, relies primarily on boundary control and post-audit skill Art records the route of transmission of privacy information when privacy information leaves or enters this information system, sends out for incident of leakage Carry out security audit and forensics analysis after life, and privacy information circulates out behind information system boundary, it is just out of hand and trace to the source and take Card ability, the relevant technologies are not directed to multi-application system, the privacy information of multiple barrier dynamically spreads tracing to the source in scene extensively Evidence obtaining problem proposes effective solution.

Summary of the invention

It traces to the source evidence collecting method, device and system, is able to ascend to privacy the embodiment of the invention provides a kind of privacy information Tracing to the source in trace to the source evidence obtaining ability, the especially multi-application system of information, the privacy information stochastic and dynamic circulation scene of multiple barrier Evidence obtaining problem.

It traces to the source evidence collecting method the embodiment of the invention provides a kind of privacy information, comprising:

Generate the evidence sample data of information；The evidence sample data includes any combination of one or more of: Privacy information, tracing to the source for privacy information record the privacy violation behavior criterion of information and privacy information；

The evidence sample data is saved in the information.

In embodiments of the present invention, the privacy information includes privacy information content and privacy information position；Using following Mode generates the privacy information:

The privacy information content is obtained from the information, determines position of the privacy information content in the information It sets to obtain the privacy information position.

In embodiments of the present invention, tracing to the source for the privacy information is generated in the following ways and record information: judging Tracing to the source for generating records that information is credible, records letter using tracing to the source according to operation behavior of the operating main body to the privacy information Number, which generates to trace to the source, records information.

In embodiments of the present invention, described any combination for recording that function includes one or more of of tracing to the source: mapping letter Number, hash function, encryption function, signature function；

Wherein, mapping function is used to that one in environment to occur for operating main body, operation object, operation behavior and operation behavior Kind or a variety of any combination establish mapping relations；

Hash function, encryption function and signature function record information and are maliciously tampered for preventing from tracing to the source, or for preventing Only malicious operation main body denies operation behavior during evidence obtaining.

In embodiments of the present invention, the operating main body includes following any:

Information owner, information turn originator, information receiver, information transmitting apparatus, information receiving device, information transmission set It is standby；

The operation behavior includes at least one of:

The behavior of privacy information propagation operation, privacy information processing operation behavior；

It is described to trace to the source that record information include: that the operating main body, operation object, the operation behavior and operation behavior occur One of environment or a variety of any combination and/or the operating main body, operation object, the operation behavior and operation row For the mapping relations between one of environment or a variety of any combination occur.

In embodiments of the present invention, the privacy violation behavior criterion of the privacy information is generated in the following ways:

The privacy violation behavior criterion of the privacy information is generated according to the secret protection demand to privacy information；Its In, the secret protection demand includes at least one of:

Privacy preserving algorithms type, protection intensity, privacy effect.

In embodiments of the present invention, according to the description language and format packet of the privacy violation behavior criterion of privacy information It includes but is not limited to: extensible markup language (XML, Extensible Markup Language), scalable accessing control label Language (X ACML, Extensible Access Control Markup Language), security assertion markup language (SAML, Security Assertion Markup Language), Authorization definition language (ASL, Authorization Specification Language), template instruction, customized language format.

In embodiments of the present invention, the privacy violation behavior criterion includes but is not limited to: operating main body, operation visitor Corresponding relationship between any combination of one or more of body, operation behavior, operational attribute, constraint condition.

In embodiments of the present invention, the operating main body includes at least one of:

The privacy information that the operation object/operation object is used to describe to be operated；

The operation behavior includes any combination of one or more of: at privacy information propagation operation, privacy information Reason operation；

It includes: triggering that the operational attribute, which is used to describe to execute operation behavior the attribute conditions that should meet to include but is not limited to, Any combination of one or more of condition, environmental information, use scope, medium type.

The trigger condition is used to describe the condition of activation privacy violation behavior judgement, appointing including one or more of Meaning combination:

Leave or enter system boundary, leave or enter network boundary, send privacy information before, receive privacy information before, Custom rule；

The system boundary includes but is not limited to any combination of one or more of: country/province/city's difference manages model The information system boundary enclosed, the industry/group/enterprise/information system boundary of department's difference range of management, enterprises are not of the same trade or business The boundary etc. of different function intermodule in the information system boundary of business, same information system.

The network boundary includes but is not limited to any combination of one or more of: country/province/city's network enters and leaves Mouth, carrier network entrance, enterprise network entrance, Intranet security domain boundaries etc..

The environmental information includes but is not limited to any combination of one or more of:

Role, time, spatial position, equipment, network, operating system；

The use scope is used to describe the application scenarios of privacy operations, including but not limited to times of one or more of Meaning combination:

It shows, exchanged for mobile memory medium, for network transmission for printing, for display；

The mobile memory medium includes but is not limited to any combination of one or more of: CD, USB flash disk, movement are hard Disk etc..

The embodiment of the present invention to the network type of the network transmission with no restriction, it is including but not limited to following a kind of or more Any combination of kind: wired network, wireless network；The embodiment of the present invention to the network protocol of the network transmission also with no restrictions, packet Include but be not limited to Ethernet, WiFi, point-to-point (ad hoc) etc..

The medium type is used to describe the media formats of privacy information file, including but not limited to one or more of Any combination: text, picture, audio, video, hypermedia；

The constraint condition is used to describe the permission of operation behavior, wherein the constraint condition includes but is not limited to: allowing Or do not allow.

In embodiments of the present invention, privacy information propagation operation includes any combination of one or more of:

It downloads, check, forward, shear, comment on, mark；

The privacy information processing operation includes any combination of one or more of:

Extensive, anonymous, difference, mosaic, filtering, encryption, is hidden at coverage.

In embodiments of the present invention, evidence sample data is saved in information and includes:

The evidence sample data is saved in the information by any combination of one or more of mode: being tied up Fixed, insertion adds.

The binding mode is the mode that privacy information and evidence sample data are established to connection, and two kinds of data are not required to store In same position；

The embedded mode refers to the self defined area that evidence sample data is stored in privacy information file native format It is interior；

The additional mode, which refers to, to modify the file format of former privacy information, is modified as custom file format, And customized field is increased newly for storing evidence sample data.

The embodiment of the present invention proposes a kind of privacy information and traces to the source apparatus for obtaining evidence, comprising:

Evidence sample data generation module, for generating the evidence sample data of information；The evidence sample data includes But be not limited to: privacy information, privacy information the privacy violation behavior criterion for recording information and privacy information of tracing to the source in One or more kinds of any combination；

Evidence sample data memory module, for the evidence sample data to be saved in the information.

The embodiment of the present invention proposes a kind of privacy information and traces to the source apparatus for obtaining evidence, including processor and computer-readable storage Medium is stored with instruction in the computer readable storage medium, when described instruction is executed by the processor, realizes above-mentioned Any privacy information is traced to the source evidence collecting method.

The embodiment of the present invention proposes a kind of computer readable storage medium, is stored thereon with computer program, feature Be, the computer program realized when being executed by processor any of the above-described kind of privacy information trace to the source evidence collecting method the step of.

The embodiment of the present invention proposes a kind of privacy information and traces to the source evidence collecting method, comprising:

Information is obtained according to demand of investigating；

Evidence sample data is obtained from the information, wherein the evidence sample data includes: privacy information, privacy Tracing to the source for information records any combination of one or more of privacy violation behavior criterion of information and privacy information；

It is traced to the source and is recorded in information with the presence or absence of privacy violation behavior according to privacy violation behavior criterion judgement, generated hidden Private aggressive behavior determines result；

Determine that result carries out privacy violation behavior and traces to the source according to privacy violation behavior, generates privacy violation chain of evidence.

In embodiments of the present invention, it is traced to the source and is recorded in information with the presence or absence of hidden according to privacy violation behavior criterion judgement Private aggressive behavior includes:

Item is investigated in generation；

It investigates item according to described described trace to the source is recorded by information is screened, generate behavior forensic information；

When behavior forensic information is credible, whether the behavior forensic information is judged according to privacy violation behavior criterion There are privacy violation behaviors, generate privacy violation behavior and determine result.

In embodiments of the present invention, the item of investigating according to records information and screens to described trace to the source, and generates row Include: for forensic information

From it is described trace to the source to record to filter out in information investigate tracing to the source in the range of item defines and record information as behavior Forensic information.

In embodiments of the present invention, described that whether the behavior forensic information is judged according to privacy violation behavior criterion There are privacy violation behaviors to include:

When in privacy violation behavior criterion including operating main body and operation object, obtains privacy violation behavior and determine Operating main body is the operating main body in behavior forensic information in standard, and operating object is the operation object in behavior forensic information Any combination of one or more of corresponding operational attribute, operation behavior and constraint condition；

When including operating main body in privacy violation behavior criterion, when without including operation object, privacy violation is obtained Operating main body is operational attribute, operation behavior peace treaty corresponding to the operating main body in behavior forensic information in behavior criterion Any combination of one or more of beam condition；

When not including operating main body in privacy violation behavior criterion, and when including operation object, privacy violation is obtained Object is operated in behavior criterion as operational attribute, operation behavior peace treaty corresponding to the operation object in behavior forensic information Any combination of one or more of beam condition；

With the operation behavior in behavior forensic information environment is occurred for the operational attribute of acquisition to be compared, by the behaviour of acquisition Make behavior and constraint condition to be compared with the operation behavior in behavior forensic information；

When meeting at least one of: environment occurs for the operation behavior of the operating main body beyond obtaining in behavior forensic information Operational attribute；The operation behavior of the operating main body is beyond the operation behavior allowed under the constraint condition of place in behavior forensic information When, determine that there are privacy violation behaviors in behavior forensic information；

When the operating main body in behavior forensic information all operation behaviors without departing from place constraint condition under allow Operation behavior, and all operation behaviors occur environment without departing from the operational attribute of acquisition when, determine in behavior forensic information not There are privacy violation behaviors.

In embodiments of the present invention, privacy violation behavior determines that result includes any combination of one or more of:

With the presence or absence of aggressive behavior, the operation behavior type invaded, infringement degree, privacy violation behavior judging result Output format.

In embodiments of the present invention, this method further include:

Security guarantee is carried out to the privacy violation chain of evidence.

In embodiments of the present invention, described includes one or more of to privacy violation chain of evidence progress security guarantee Any combination:

Generate the audit information of the privacy violation chain of evidence；

Calculate the completeness check of one of the privacy violation chain of evidence and audit information or a variety of any combination Value；

User is generated to the privacy violation chain of evidence and privacy violation chain of evidence receives one or more of user's Any combination is digitally signed.

In embodiments of the present invention, the audit information is used to record the evidence obtaining sample number in the privacy violation chain of evidence According to acquisition record, including following any one or more any combination: privacy violation behavior determine result, information source, take Witness person, handler；

The integrity check value is for ensureing one of the privacy violation chain of evidence and described audit information or more The content of any combination of kind is not maliciously tampered；

The digital signature is for ensureing that the privacy violation chain of evidence is not maliciously tampered during submission.

Data obtaining module, for obtaining information according to demand of investigating；

Evidence sample data obtains module, for obtaining evidence sample data, the evidence sample number from the information According to include: privacy information, privacy information the privacy violation behavior criterion for recording information and privacy information of tracing to the source in one Kind or a variety of any combination；

Privacy violation behavior determination module, for tracing to the source to record in information and being according to privacy violation behavior criterion judgement No there are privacy violation behaviors, generate privacy violation behavior and determine result；

Privacy violation chain of evidence generation module, for determining that result carries out privacy violation behavior and traces back according to privacy violation behavior Source generates privacy violation chain of evidence.

The embodiment of the present invention proposes a kind of computer readable storage medium, is stored thereon with computer program, the meter Calculation machine program realized when being executed by processor any of the above-described kind of privacy information trace to the source evidence collecting method the step of.

The embodiment of the present invention also proposed a kind of privacy information and trace to the source evidence-obtaining system, comprising:

Evidence sample data generating device, for generating the evidence sample data of information；The evidence sample data includes: Privacy information, tracing to the source for privacy information record one of privacy violation behavior criterion of information and privacy information or more Any combination of kind；The evidence sample data is saved in the information；

Privacy information is traced to the source evidence taking equipment, for obtaining information according to demand of investigating；Evidence sample is obtained from the information Notebook data, the evidence sample data include: that privacy information, tracing to the source for privacy information record the privacy of information and privacy information and invade Any combination of one or more of criminal's behavior criterion；Record of tracing to the source is judged according to privacy violation behavior criterion It whether there is privacy violation behavior in information, generate privacy violation behavior and determine result；Result is determined according to privacy violation behavior It carries out privacy violation behavior to trace to the source, generates privacy violation chain of evidence.

The embodiment of the present invention includes: generate the evidence sample data of information；Wherein, the evidence sample data includes: hidden Personal letter breath, tracing to the source for privacy information record one of privacy violation behavior criterion of information and privacy information or a variety of Any combination；The evidence sample data is saved in the information.The embodiment of the present invention passes through perpetuation of testimony in the information Sample data realizes the evidence obtaining ability of tracing to the source to privacy information, since evidence sample data can circulate together with information, overcomes Tradition is traced to the source evidence collecting method the problem of focusing on single piece of information internal system, improves the energy of collecting evidence of tracing to the source to privacy information Power, especially multi-application system, multiple barrier privacy information stochastic flow transition scape in evidence obtaining problem of tracing to the source.

The other feature and advantage of the embodiment of the present invention will illustrate in the following description, also, partly from explanation It is become apparent in book, or understood by implementing the embodiment of the present invention.The purpose of the embodiment of the present invention and other advantages It can be achieved and obtained by structure specifically noted in the specification, claims and drawings.

Detailed description of the invention

Attached drawing is used to provide one for further understanding technical solution of the embodiment of the present invention, and constituting specification Point, it is used to explain the present invention the technical solution of embodiment together with the embodiment of the embodiment of the present invention, does not constitute to the present invention The limitation of embodiment technical solution.

Fig. 1 is that the privacy information that one embodiment of the invention proposes is traced to the source the flow chart of evidence collecting method；

Fig. 2 is that the privacy information that another embodiment of the present invention proposes is traced to the source the structure composition schematic diagram of apparatus for obtaining evidence；

Fig. 3 is that the privacy information that another embodiment of the present invention proposes is traced to the source the flow chart of evidence collecting method；

Fig. 4 is that the privacy information that another embodiment of the present invention proposes is traced to the source the structure composition schematic diagram of apparatus for obtaining evidence；

Fig. 5 is that the privacy information that another embodiment of the present invention proposes is traced to the source the structure composition schematic diagram of evidence-obtaining system.

Specific embodiment

The embodiment of the present invention is described in detail below in conjunction with attached drawing.It should be noted that in the feelings not conflicted Under condition, the feature in embodiment and embodiment in the present invention can mutual any combination.

Step shown in the flowchart of the accompanying drawings can be in a computer system such as a set of computer executable instructions It executes.Also, although logical order is shown in flow charts, and it in some cases, can be to be different from herein suitable Sequence executes shown or described step.

Referring to Fig. 1, one embodiment of the invention proposes a kind of privacy information and traces to the source evidence collecting method, comprising:

Step 100, the evidence sample data for generating information；Evidence sample data includes but is not limited to: privacy information, privacy Tracing to the source for information records one or more any combination of the privacy violation behavior criterion of information and privacy information.

In embodiments of the present invention, privacy information is used for the part or complete that the description information owner is not desired in disclosed information Portion's content, privacy information include but is not limited to privacy information content and privacy information position.

Wherein, privacy information content includes but is not limited at least one of:

The sensitizing range in sensitive words, picture in text, the sensitive segment in audio, the sensitive frame in video.

Privacy information position includes but is not limited at least one of:

Page, chapters and sections, paragraph, row, serial number, coordinate, figure layer, pixel number, period, track, figure layer, frame number.

In the present invention is implemented, privacy information is generated in the following ways:

Wherein it is possible to obtain privacy information content from information using following any method: automatic to extract, manually obtain It takes, pattern-recognition obtains automatically.

For example, can be to the keyword Automatic in blog articles, the keyword extracted is privacy information content；

For another example, the sensitive corpus in artificial calibration recording, the sensitive corpus demarcated is privacy information content；

For another example, the human face region in picture is identified by face recognition algorithms；By Text region algorithm (OCR, Optical Character Recognition) identification photo in ID card No., the region where ID card No. is Privacy information content.

After obtaining privacy information content, privacy information position is also determined that.For example, being obtained when using automatic extraction mode When obtaining privacy information content, privacy information position is also obtained while extracting privacy information content；When using artificial acquisition side When formula obtains privacy information content, privacy information position can be by being manually entered；It is obtained when using the automatic acquisition modes of pattern-recognition When obtaining privacy information content, privacy information position is also obtained while identifying privacy information content.

In embodiments of the present invention, any one operating main body produces privacy information, but privacy information is once raw At, then follow-up circulate during can not delete generated privacy information, operating main body can only during subsequent circulation Generate new privacy information.

In embodiments of the present invention, operating main body is used to describe the entity that is operated to privacy information content, including but It is not limited to following any:

Information owner, information turn originator, information receiver, information transmitting apparatus, information receiving device, information transmission set It is standby.

In embodiments of the present invention, tracing to the source for privacy information can be generated in the following ways record information:

Judge that generated trace to the source records that information is credible, according to operating main body to the operation behavior of privacy information using tracing to the source Record function generation, which is traced to the source, records information.

Wherein, judge it is generated trace to the source record information it is credible refer to traced to the source by the mechanism guarantee such as Hash, encryption, signature Record information is not distorted by malicious user during circulation, is forged.

It traces to the source and records function with operating main body, operation object (i.e. privacy information), operation behavior and operation behavior generation ring It traces to the source for input information generation and records information in border.

It traces to the source any combination for recording that function includes one or more of: mapping function, Hash (Hash) function, encryption Function, signature function.

Wherein, mapping function is used to that one in environment to occur for operating main body, operation object, operation behavior and operation behavior Kind or a variety of any combination establish mapping relations.

Hash function, encryption function and signature function record information and are maliciously tampered for preventing from tracing to the source, or for preventing Only malicious operation main body denies operation behavior during evidence obtaining.Hash function, encryption function and signature function are traced back for ensureing Confidentiality and integrity of source record information during with information flow, realizes to trace to the source and records can not forging and not for information The demand that can be distorted.

For example, can use mapping function bindings main body, operation object, operation behavior and operation behavior occurs environment One of or a variety of any combination corresponding relationship, can be the corresponding operation behavior of operating main body and (reflect one by one Penetrate), multiple operation behaviors (one-to-many mapping) can also be corresponded to.

For another example, the cryptographic Hash deposit of privacy information is traced to the source using Hash (Hash) function and records information, as current behaviour The state of privacy information when noting down.In next time, storage is traced to the source before record, first to the cryptographic Hash of current privacy information into Row verifying.Specifically, calculating the cryptographic Hash of current privacy information, the cryptographic Hash of calculating and generated trace to the source are recorded into information In the cryptographic Hash of privacy information compare, both such as mismatch, then illustrate that privacy information is tampered.

For another example, it also can use encryption technology and record the integrality of information to guarantee to trace to the source, only possess the credible of key Main body could record operation note.That is, when it is generated trace to the source record information can be designated key decryption when, say It is bright generated to trace to the source that record information credible；When it is generated trace to the source record information can not be with specified key decryption when, illustrate To record information insincere for tracing to the source of generating.

For another example, can guarantee to trace to the source with encryption function and signature function record information can not be forged in communication process and It can not distort.For example, a kind of feasible tamper resistant method can be by being encrypted with by privacy information, privacy information per treatment must Privacy information must be decrypted by licensed software, licensed software verily records user's operation.Licensed software benefit It is signed with the private key of each user in privacy information communication process to operation behavior, from first privacy information processor Signature start, each user requires to record tracing to the source before into information later and the operation of oneself is signed together, forms one Kind signatures nested structure, realization prevent malicious user to the tampering for recording information of tracing to the source.

In embodiments of the present invention, the operation behavior for describe operating main body privacy information content is carried out it is specific Operation, including but not limited to any combination of one or more of:

The behavior of privacy information propagation operation, privacy information processing operation behavior.

Wherein, the behavior of privacy information propagation operation includes but is not limited to any combination of one or more of:

It downloads, check, forward, shear, comment on, mark.

Wherein, the behavior of privacy information processing operation includes but is not limited to any combination of one or more of:

In embodiments of the present invention, tracing to the source and recording information includes: operating main body, operation object, the operation behavior and behaviour Make behavior and one of environment or a variety of any combination and/or the operating main body, operation object, operation row occurs For and operation behavior the mapping relations between one of environment or a variety of any combination occur.

Wherein, it includes but is not limited at least one of that environment, which occurs, for operation behavior:

Operating system where network, operation behavior where operating time, operating space position, operation equipment, operation behavior.

In embodiments of the present invention, it can be invaded according to the privacy that the secret protection demand to privacy information generates privacy information Criminal's behavior criterion；Or privacy violation behavior criterion is generated according to artificial setting.

Wherein, secret protection demand can be manually arranged.

Wherein it is possible to which secret protection demand is translated into the information that machine can identify, i.e. privacy violation behavior determines mark It is quasi-.

Wherein it is possible to which secret protection demand is translated into the information that machine can identify using at least one of mode: Natural language analysis, template instruction etc..

In embodiments of the present invention, secret protection demand includes but is not limited at least one of: Privacy preserving algorithms class Type, protection intensity, privacy effect.

In embodiments of the present invention, the description language and format of privacy violation behavior criterion include but is not limited to: XML, ACML, SAML, ASL, template instruction, customized language format.

Wherein, Privacy preserving algorithms type includes that can restore Privacy preserving algorithms and unreducible Privacy preserving algorithms, institute Privacy preserving algorithms can be restored by, which stating, refers to that the privacy information of processing can restore the information of script by inversely calculating, including but It is not limited at least one of: encryption, coding, Information hiding；After the unreducible Privacy preserving algorithms refer to secret protection, Privacy information is unreducible, including but not limited at least one of: obscuring, disturbs, difference privacy, extensive, anonymous, coverage；

Wherein, protection intensity can be divided into slight, moderate, severe according to information security grade；It is protected to reach corresponding privacy Grade is protected, the parameter of Privacy preserving algorithms need to be set, under normal conditions the better parameter of secret protection effect, after processing Available information is fewer.

Wherein, privacy effect refers to the readable effects of privacy information after the Privacy preserving algorithms processing, typically refers to Attacker is assessed by the anti-probability for releasing privacy information of information after processing.

In embodiments of the present invention, privacy violation behavior criterion includes but is not limited to: operating main body, operation object, Corresponding relationship between any combination of one or more of operation behavior, operational attribute, constraint condition.

Wherein, operating main body includes but is not limited at least one of:

The privacy information that the operation object is used to describe to be operated；

Wherein, privacy information propagation operation is for describing the concrete operations that operating main body executes privacy information, including but It is not limited at least one of:

It downloads, check, forward, shear, comment on, mark.

Wherein, privacy information processing operation is used to describe the secret protection technology that operating main body can execute privacy information, Including but not limited at least one of:

It includes: touching that the operational attribute, which is used to describe to execute operation behavior the attribute conditions that should meet to include but is not limited to, Clockwork spring part, environmental information, use scope, one or more kinds of any combination of medium type.

Wherein, the trigger condition is used to describe the condition of activation privacy violation behavior judgement, including following a kind of or more Any combination of kind:

Role, time, spatial position, equipment, network, operating system；

The mobile memory medium includes but is not limited to any combination of one or more of: CD, USB flash disk, movement are hard Disk.

The embodiment of the present invention to the network type of network transmission with no restriction, including but not limited to one or more of Any combination: wired network, wireless network；The embodiment of the present invention to the network protocol of network transmission also with no restrictions, including it is but unlimited In Ethernet, WiFi, ad hoc etc..

Wherein, include: in privacy violation behavior criterion operating main body under operational attribute to operation object have or Without the operation behavior under the constraint condition of place；

Alternatively, indicating that all operating main bodies are operating when not including operating main body in privacy violation behavior criterion Operation object is all had or without the operation behavior under the constraint condition of place under attribute；Alternatively, privacy violation behavior determines When not including operation object in standard, indicate that operating main body all has or do not have to all operation objects under operational attribute Operation behavior under the constraint condition of place；Alternatively, limiting mode using other operating rights, the embodiment of the present invention does not make this It limits.

Information generator and/or message sender can correspond to different trigger condition, different environmental informations, different Use scope, different medium types need that different operation behaviors is arranged for different operating main bodies and/or operation object Permission.

The evidence sample data is saved in the information by step 101.

In embodiments of the present invention, any combination for the evidence sample data of generation being passed through into one or more of mode It is saved in information: binding, insertion, additional etc..

Wherein, the binding mode is the mode that privacy information and evidence sample data are established to connection, and two kinds of data are not Same position need to be stored in；

For example, evidence sample data can be embedded into the picture file of JPEG in the picture file of jpeg format In EXIF metadata, the specific form embodiment of the present invention that is embedded in is not construed as limiting；

In text file, evidence sample data can be appended at end of file, the specific additional form present invention Embodiment is not construed as limiting；

Evidence sample data can also be bundled in information in the form of another file by technologies such as links.

It is of course also possible to use other preserving types, the embodiment of the present invention are not construed as limiting specific preserving type.

In embodiments of the present invention, step 100 and step 101 can need to carry out privacy information to information in operating main body Executed when propagation operation or privacy information processing operation, can also operating main body to information carry out privacy information processing operation it After execute.

The embodiment of the present invention carries out evidence obtaining of tracing to the source to privacy information to realize by perpetuation of testimony sample data in the information, Since evidence sample data can circulate together with information, overcomes tradition evidence collecting method of tracing to the source and focus on single piece of information internal system The problem of, improve the privacy information stochastic flow of trace to the source evidence obtaining ability, especially multi-application system to privacy information, multiple barrier Evidence obtaining problem of tracing to the source in transition scape.

Referring to fig. 2, another embodiment of the present invention proposes a kind of privacy information and traces to the source apparatus for obtaining evidence, comprising:

Evidence sample data generation module 201, for generating the evidence sample data of information；The evidence sample data packet Include but be not limited to: privacy information, tracing to the source for privacy information record the privacy violation behavior criterion one of information and privacy information Kind or a variety of any combination；

Evidence sample data memory module 202, for the evidence sample data to be saved in the information.

Privacy information position includes but is not limited at least one of:

In the present invention is implemented, evidence sample data generation module 201 is specifically used for generating privacy letter in the following ways Breath:

Wherein, evidence sample data generation module 201 can obtain privacy letter using following any method from information Breath content: automatic extraction, artificial acquisition, pattern-recognition obtain automatically.

When judge it is generated trace to the source record information it is insincere when, terminate this process.

Wherein, it traces to the source and records function with operating main body, operation object (i.e. privacy information), operation behavior and operation behavior hair Raw environment traces to the source for input information generation and records information.

Tracing to the source and recording function includes following any one or more any combination: mapping function, adds Hash (Hash) function Close function, signature function.

It downloads, check, forward, shear, comment on, mark.

In embodiments of the present invention, evidence sample data generation module 201 can be according to the secret protection to privacy information The privacy violation behavior criterion of demand generation privacy information；Or privacy violation behavior is generated according to artificial setting and determines mark It is quasi-.

Wherein, secret protection demand can be manually arranged.

Wherein, secret protection demand can be translated into the letter that machine can identify by evidence sample data generation module 201 Breath, i.e. privacy violation behavior criterion.

Wherein, evidence sample data generation module 201 can be turned over secret protection demand using at least one of mode It is translated into the information that machine can identify: natural language analysis, template instruction etc..

Wherein, operating main body includes but is not limited at least one of:

It downloads, check, forward, shear, comment on, mark.

Role, time, spatial position, equipment, network, operating system；

In embodiments of the present invention, evidence sample data memory module 202 can pass through one or more of mode Evidence sample data is saved in information by any combination: binding, insertion, additional etc..

Another embodiment of the present invention proposes a kind of privacy information and traces to the source apparatus for obtaining evidence, including processor and computer can Storage medium is read, is stored with instruction in the computer readable storage medium, it is real when described instruction is executed by the processor Existing any of the above-described kind of privacy information is traced to the source evidence collecting method.

Another embodiment of the present invention proposes a kind of computer readable storage medium, is stored thereon with computer program, The computer program realized when being executed by processor any of the above-described kind of privacy information trace to the source evidence collecting method the step of.

Referring to Fig. 3, another embodiment of the present invention proposes a kind of privacy information and traces to the source evidence collecting method, comprising:

Step 300 obtains information according to demand of investigating.

In embodiments of the present invention, investigate demand for describe trace to the source evidence obtaining personnel in the case where difference investigates scene to privacy letter Tracing to the source for breath records information and is investigated, and inquiry whether there is the demand of privacy violation behavior.

Wherein, the demand of investigating includes but is not limited at least one of:

Scene is investigated, target is investigated, investigates the time, investigate equipment, investigate network, investigate system.

Wherein, investigating scene includes but is not limited at least one of:

Investigation, conventional privacy audit, privacy compromise early warning after the generation of privacy compromise event.

Wherein, when investigating scene is the investigation after privacy compromise event occurs, the information of leakage is obtained.

When investigating scene is conventional privacy audit, the information of each forwarding of periodicity or timing acquisition.

When investigating scene is privacy compromise early warning, the information of each forwarding is obtained in real time.

It is described investigate target, investigate the time, investigate equipment, investigate network, the system of investigating can be used as and investigate information sifting Foundation.

Step 301 obtains evidence sample data from the information, wherein the evidence sample data includes: privacy letter Breath, tracing to the source for privacy information record appointing for one or more of privacy violation behavior criterion of information and privacy information Meaning combination.

In embodiments of the present invention, privacy information, tracing to the source records information and privacy violation behavior criterion and aforementioned reality It is identical to apply example, which is not described herein again.It should be noted that privacy violation behavior criterion may be embodied in evidence sample data In, it can also be not included in evidence sample data, when privacy violation behavior criterion includes in evidence sample data, It is obtained directly from evidence sample data；When privacy violation behavior criterion is not comprised in evidence sample data When, it can generate when needed, generation method is identical as previous embodiment, and which is not described herein again.

Step 302, being traced to the source according to privacy violation behavior criterion judgement records in information with the presence or absence of privacy violation row To generate privacy violation behavior and determining result.

Item is investigated in generation；According to it is described investigate item information recorded to tracing to the source in the evidence sample data screen, Generation behavior forensic information；When behavior forensic information is credible, judge that the behavior takes according to privacy violation behavior criterion Demonstrate,proving information whether there is privacy violation behavior, generates privacy violation behavior and determines result.

When behavior forensic information is insincere, terminate this process.

Wherein, whether the whether believable judgment mode of behavior forensic information with previous embodiment to record information believable if being traced to the source Judgment mode is identical, and which is not described herein again.

In embodiments of the present invention, investigating item can be with manual setting；Or item is investigated according to demand generation is investigated.

Wherein it is possible to realize that item is investigated in generation using at least one of mode: template matching is manually entered, natural language Speech processing etc..

For example, can investigate prescriptive grammar template requirement description text carries out Keywords matching, the matched keyword of institute Item is as investigated, is illustrated: when the record that the demand of investigating is inspection in July, 2018 and August, can automatically extract and investigate the time " 2018 On July on August 31st, 1,1 in.

For another example, according to the concrete condition for the demand of investigating, be manually entered it is more careful investigate a content, to save investigation Time.

For another example, the demand of investigating is analyzed by natural language processing method；Demand history is investigated by training history, Construction investigates demand model；When it is new investigate demand corpus and need to handle when, fields match examination item therein.

The above method for example, natural language processing method identifies after examining item, can continue to use in any combination Manual input approach confirms.

In embodiments of the present invention, it investigates item and records the sifting sort standard of information for describing to trace to the source, including is but unlimited In at least one of:

Specified time interval, designated place range, specified operating main body, specified operation behavior.

Wherein, operation behavior includes but is not limited at least one of: at the behavior of privacy information propagation operation, privacy information Manage operation behavior.

In embodiments of the present invention, it investigates item according to described described trace to the source is recorded by information is screened, generation behavior takes Demonstrate,proving information includes:

From trace to the source record filtered out in information investigate tracing to the source in the range of item defines record information as behavior collect evidence Information.

For example, behavior forensic information is the corresponding note of tracing to the source of specified time interval when investigating item is specified time interval Information is recorded, that is, the time, at the appointed time tracing to the source in section recorded information.

When investigating item is designated place range, behavior forensic information is the corresponding record letter of tracing to the source of designated place range Breath, that is, place tracing to the source within the scope of designated place record information.

When investigating item is specified operating main body, behavior forensic information is the corresponding record letter of tracing to the source of specified operating main body Breath, that is, trace to the source identical with specified operating main body of operating main body record information.

When investigating item is specified operation behavior, behavior forensic information is the corresponding record letter of tracing to the source of specified operation behavior Breath, that is, trace to the source identical with specified operation behavior of operation behavior record information.

In embodiments of the present invention, privacy violation behavior determines that result includes one or more any combination:

In embodiments of the present invention, judge that the behavior forensic information whether there is according to privacy violation behavior criterion Privacy violation behavior includes:

Step 303 determines that result carries out privacy violation behavior and traces to the source according to privacy violation behavior, generates privacy violation evidence Chain.

In embodiments of the present invention, privacy violation chain of evidence, which refers to a series of objective facts and truly traces to the source, records information It is formed by proof chain, is able to demonstrate that privacy violation process.The chain of evidence is the concept of legal field, is not necessarily referring to computer The chained list of FIELD Data structure, appearance form can be point, chain, tree, graph structure.

Privacy violation chain of evidence includes at least one node, each node includes at least one of:

Privacy violation main body, privacy violation environment, the behavior of privacy information propagation operation, privacy information processing operation behavior.

In embodiments of the present invention, when the privacy information propagation operation behavior recorded in information of tracing to the source is believed beyond record of tracing to the source The operating right of operating main body in breath, and privacy information propagation operation behavior is download permission or when checking permission, is determined hidden It is not the operating main body recorded in information of tracing to the source that main body is invaded in private, and privacy violation main body should be privacy information in record of tracing to the source It is broadcast to the operating main body of the user；

The propagation operation behavior of the privacy information in information is recorded beyond the operating main body recorded in information of tracing to the source when tracing to the source Operating right, and privacy information propagation operation behavior is when forwarding permission or shearing permission or comment permission or label permission, really Determining privacy violation main body is the operating main body recorded in information of tracing to the source；

The processing operation behavior of the privacy information in information is recorded beyond the operating main body recorded in information of tracing to the source when tracing to the source When operating right, determine that privacy violation main body is the operating main body recorded in information of tracing to the source；

The access of the operating main body in information is recorded beyond tracing to the source when tracing to the source to record the operation behavior in information environment occurs When restrictive condition, determine that privacy violation main body is the operating main body recorded in information of tracing to the source.

After determining all privacy violation main bodys, all privacy violation main bodys can be labeled in privacy violation chain of evidence In.

In embodiments of the present invention, this method further include:

Security guarantee is carried out to the privacy violation chain of evidence.

Wherein, described that any combination that security guarantee includes one or more of is carried out to privacy violation chain of evidence:

Generate the audit information of the privacy violation chain of evidence；

Wherein, the audit information is used to record the acquisition note of the evidence obtaining sample data in the privacy violation chain of evidence Record, including following any one or more any combination: privacy violation behavior determines result, information source, evidence obtaining personnel, handles People；

Wherein, evidence obtaining personnel are to have qualified evidence collection staff.

Handle the artificial staff for having and receiving and transmit chain of evidence permission.

Referring to fig. 4, another embodiment of the present invention proposes that a kind of privacy information is traced to the source apparatus for obtaining evidence, comprising:

Data obtaining module 401, for obtaining information according to demand of investigating；

Evidence sample data obtains module 402, for obtaining evidence sample data from the information, wherein the card Include but is not limited to according to sample data: privacy information, tracing to the source for privacy information record the privacy violation row of information and privacy information For one or more any combination of criterion；

Privacy violation behavior determination module 403 records information for tracing to the source according to privacy violation behavior criterion judgement In whether there is privacy violation behavior, generate privacy violation behavior determine result；

Privacy violation chain of evidence generation module 404, for determining that result carries out privacy violation row according to privacy violation behavior To trace to the source, privacy violation chain of evidence is generated.

Scene is investigated, the time is investigated, investigates equipment, investigate network, investigate system.

Wherein, investigating scene includes but is not limited at least one of:

Wherein, when investigating scene is the investigation after privacy compromise event occurs, data obtaining module 401 obtains leakage Information.

When investigating scene as conventional privacy audit, 401 periodicity of data obtaining module or timing acquisition each forwarding Information.

When investigating scene is privacy compromise early warning, data obtaining module 401 obtains the information of each forwarding in real time.

In embodiments of the present invention, privacy violation behavior determination module 403 is specifically used for:

When behavior forensic information is insincere, terminate this process.

Wherein, privacy violation behavior judgment module 403 can realize that item is investigated in generation using at least one of mode: mould Plate matches, is manually entered, natural language processing etc..

In embodiments of the present invention, privacy violation behavior determination module 403 is specifically used for realizing basis in the following ways The item of investigating records information and screens to described trace to the source, and generates behavior forensic information:

When investigating the operation behavior that item is specified operating main body, to specify, operating main body is corresponding to trace back behavior forensic information Source record information, that is, trace to the source identical with specified operating main body of operating main body record information.

In embodiments of the present invention, privacy violation behavior determination module 403 is specifically used for realizing basis in the following ways Privacy violation behavior criterion judges the behavior forensic information with the presence or absence of privacy violation behavior:

In embodiments of the present invention, when the privacy information propagation operation behavior recorded in information of tracing to the source is believed beyond record of tracing to the source The operating right of operating main body in breath, and privacy information propagation operation behavior is download permission or when checking permission, is determined hidden It is not the operating main body recorded in information of tracing to the source that main body is invaded in private；

The propagation operation behavior of the privacy information in information is recorded beyond the operating main body recorded in information of tracing to the source when tracing to the source Operating right, and privacy information propagation operation behavior is when forwarding permission or shearing permission or comment permission or label permission, really Determining privacy violation main body is the operating main body recorded in information of tracing to the source, and privacy violation main body, which should be, believes privacy in record of tracing to the source Breath is broadcast to the operating main body of the user；

In embodiments of the present invention, further includes:

Chain of evidence safety guarantee module 405, for carrying out security guarantee to the privacy violation chain of evidence.

Wherein, chain of evidence safety guarantee module 405 is specifically used for right described in any combination using one or more of Privacy violation chain of evidence carries out security guarantee:

Generate the audit information of the privacy violation chain of evidence；

Fig. 4 only show the present invention propose a kind of privacy information trace to the source device one kind it is achievable show form, can be with Occur otherwise.This patent with no restriction, can be a kind of module or multiple module in figure to the quantity of module and sequence Any combination, can also with other sequence arrangement module.

Referring to Fig. 5, another embodiment of the present invention proposes a kind of privacy information and traces to the source evidence-obtaining system, comprising:

Evidence sample data generating device 501, for generating the evidence sample data of information；Wherein, the evidence sample Data include: in the privacy violation behavior criterion for recording information and privacy information of tracing to the source of privacy information, privacy information One or more any combination；The evidence sample data is saved in the information；

Privacy information is traced to the source evidence taking equipment 502, for obtaining information according to demand of investigating；Evidence is obtained from the information Sample data；It is traced to the source and is recorded in information with the presence or absence of privacy violation behavior according to privacy violation behavior criterion judgement, generated Privacy violation behavior determines result；Determine that result carries out privacy violation behavior and traces to the source according to privacy violation behavior, generates privacy and invade Violate chain of evidence.

Above-mentioned evidence sample data generating device 501 and privacy information trace to the source evidence taking equipment 502 specific implementation process with The specific implementation process of previous embodiment is identical, and which is not described herein again.

Technical scheme is illustrated below by specific application example.

Example 1

Picture generates evidence sample data in real time during circulation, and evidence sample data is saved in picture and picture It circulates together, this method comprises:

Step 500, privacy information define: by manually mark or image recognition algorithm obtain picture in privacy area institute Coordinate, a rectangular area can be described by the transverse and longitudinal coordinate in the upper left corner and the lower right corner, to pictorial information carry out privacy zone Domain is labeled, and generates privacy information.

In this step, privacy information refers to the picture privacy area clearly marked out, including but not limited in picture privacy Hold, the position of picture privacy information.

Wherein, picture privacy content includes but is not limited at least one of:

Face, license plate, certificate, property, terrestrial reference in picture file.

Wherein, the format of picture privacy content can be type coding, verbal description, ID.

Wherein, the position of the picture privacy information includes but is not limited to pixel coordinate of the privacy area in picture file (such as top left co-ordinate x value, top left co-ordinate y value；Bottom right angular coordinate x value, bottom right angular coordinate y value etc.)；In motion picture files Which frame, and the pixel coordinate on each frame.

In this example, it is assumed that the information is the privacy picture an of private session, Alice being labelled in picture Two privacy areas, " face area " of user and " image-region where jewellery "；The pixel of " face area " in picture Coordinate is (354,234；410,290), the region of " image-region where jewellery " in picture is (467,237；497, 302)。

Step 501, evidence sample data generate: according to operating main body to the operation behavior of the privacy information, calling is traced back Source record function generates tracing to the source for privacy information and records information.

Optionally, mark is determined according to the privacy violation behavior that the secret protection demand to privacy information generates privacy information It is quasi-.

By the privacy information and tracing to the source record the combination of information or by privacy information, tracing to the source records information and privacy The combination of aggressive behavior criterion is as evidence sample data.

In this example, it is assumed that the privacy area encryption in picture has been transmitted to Bob by Alice, while hope is arranged should " image-region where jewellery " is only shared within the scope of classmate, and other users is not allowed to carry out Marseille to " face area " again Gram, Fuzzy Processing.Outside the Carol and classmate's range that " image-region where jewellery " is transmitted in classmate's range by Bob David, and Carol has carried out mosaic processing to " face area " in picture.

It is described to trace to the source that record information include but is not limited to record operating main body, operating main body to the processing operation of picture file Behavior, operating main body are to the propagation operation behavior of picture file, operating time, operation place.

Wherein, record operating main body include but is not limited to User ID, equipment unique identifier, phone number, IP address, MAC Address.

In this example, described trace to the source records information for the following several information of record:

It " traces to the source and records information 001；Operating main body: Alice；Processing operation: label, encryption；Operating time: 2018-03- 04 20:30:43"；

It " traces to the source and records information 002；Operating main body: Alice；Propagation operation: forwarding (Bob)；Operating time: 2018-03- 04 20:42:41"；

It " traces to the source and records information 003；Operating main body: Bob；Propagation operation: check (face, jewellery), forwarding (Carol, David)；Operating time: 2018-03-04 21:42:23 "；

It " traces to the source and records information 004；Operating main body: Carol；Propagation operation: (face, jewellery) are checked；Operating time: 2018-03-05 09:12:51"；

It " traces to the source and records information 005；Operating main body: Carol；Processing operation: mosaic (face area)；Operating time: 2018-03-05 11:32:42"；

Exist on another propagation path:

It " traces to the source and records information 004；Operating main body: David；Propagation operation: (face, jewellery) are checked；Operating time: 2018-03-05 08:07:14”。

In this step, secret protection demand refers to that user wishes the protecting effect of privacy information in picture file, including but It is not limited to Privacy preserving algorithms selection, protection intensity, privacyization treated visual effect.

Wherein, Privacy preserving algorithms include reversible mathematical algorithm and irreversible operation algorithm.

Wherein, reversible mathematical algorithm refer to can restore protect data original information amount algorithm, including but not limited to plus Close algorithm, transformation algorithm.

Wherein, irreversible operation algorithm includes but is not limited to unidirectional lossy compression, Bloom filter obscures, mosaic is calculated Method.

Wherein, protection intensity for Encryption Algorithm include using Encryption Algorithm intensity, whether support to cut out, lossy compression The parameter that use fuzzy algorithmic approach, controls fog-level, or even directly covered with small icon.

Wherein, privacyization treated visual effect includes but is not limited to fuzzy, mosaic, crystallization, oil painting.

In this example, it is assumed that the secret protection demand is that jewellery region is not checked to the people other than classmate's circle, oneself Face area do not allow mosaic, fuzzy operation.

In this example, privacy violation behavior criterion includes but is not limited to: access restrictive condition and it is following at least it One: privacy information propagation operation permission, privacy information processing operation permission.

Wherein, access restrictive condition includes but is not limited to temporal information in picture metadata, spatial information, picture attribute Relevant information；

Privacy information propagation operation permission includes but is not limited at least one of: checking, forwards, downloads, comments on, marks Note；

The privacy processing authority refers to all kinds of processing operations to privacy information, including but not limited to it is following at least it One: the filter processing of image privacy information, picture being covered, image encryption.

Wherein, the temporal information in picture metadata includes but is not limited to shooting date, shooting time；

The spatial information includes but is not limited to that the longitude and latitude of shooting location, shooting location height above sea level, shooting location are translated into Literal address information, shooting location POI；

The picture attribute relevant information includes but is not limited to capture apparatus model, camera camera model, focal length, shooting Distance.

In this example, the privacy violation behavioral standard includes following two:

For " image-region where jewellery ", accessing restrictive condition is " classmate's range ", privacy information propagation operation power It limits " check, forward "；

For " face area ", accessing restrictive condition is " owner ", privacy information processing authority be " forbid mosaic, It is fuzzy ".

Step 502, evidence sample data is saved in picture and is circulated with picture.

Example 2

The picture to circulate in Case-based Reasoning 1 carries out forensics analysis of tracing to the source, this method comprises:

Step 600, acquisition of information: information is obtained according to demand of investigating.

In this step, investigate demand for describe trace to the source evidence obtaining personnel it is different investigate scene under trace to the source privacy information Record information is investigated, and inquiry whether there is the demand of privacy violation behavior.

Wherein, investigating scene includes but is not limited at least one of:

Step 601, behavior forensic information generate: evidence sample data is obtained from information；According to picture privacy violation row Item is investigated to investigate demand generation；According to it is described investigate item information recorded to tracing to the source in evidence sample data screen, it is raw It embarks on journey for forensic information.

In this step, investigates item and refer to sifting sort standard to information of tracing to the source, including but not limited to specified time interval In operating main body and its operating main body within the scope of operation behavior, designated place and its operation behavior, specified operating main body Operation behavior.

The behavior forensic information refers to that tracing to the source after investigating item screening records information.

In this example, the scene of investigating of Alice has selected conventional privacy to audit, and by " image-region where jewellery " Investigate dimension be set as consult user, set " face area " to " progress mosaic, Fuzzy Processing user ", obtain Several below behavior forensic information:

" record 003 of tracing to the source；Operating main body: Bob；Propagation operation: (face, jewellery), forwarding (Carol, David) are checked； Operating time: 2018-03-04 21:42:23 "；

" record 004 of tracing to the source；Operating main body: Carol；Propagation operation: (face, jewellery) are checked；Operating time: 2018- 03-05 09:12:51"；

" record 004 of tracing to the source；Operating main body: David；Propagation operation: (face, jewellery) are checked；Operating time: 2018- 03-05 08:07:14"；

" record 005 of tracing to the source；Operating main body: Carol；Processing operation: mosaic (face area)；Operating time: 2018- 03-05 11:32:42"；

Step 602, privacy violation behavior determine: judging behavior forensic information according to the privacy violation behavior criterion With the presence or absence of privacy violation behavior, generates privacy violation behavior and determine result.

In this step, privacy violation behavior determines that result refers to when existing in the behavior forensic information beyond the following conditions One of: access restrictive condition, privacy information propagation operation permission, privacy information processing operation permission then determine privacy violation row To occur.

In this example, " record 004 of tracing to the source is inquired；Operating main body: David；Propagation operation: it checks；Operating time: 2018-03-05 08:07:14 " checks the access restrictive condition " classmate's range " of permission beyond " image-region where jewellery "； " record 005 of tracing to the source；Operating main body: Carol；Processing operation: mosaic (face area)；Operating time: 2018-03-05 11: Privacy processing authority of the 32:42 " beyond " face area " " forbid mosaic, obscure ", is determined as privacy violation behavior.

Step 603, privacy violation behavior are traced to the source: determining that result carries out privacy violation behavior according to the privacy violation behavior It traces to the source, generates privacy violation chain of evidence.

In this step, privacy violation behavior can be carried out using evidence obtaining function and traced to the source, evidence obtaining function, which refers to, can verify institute The confidentiality of the label of tracing to the source extracted, the tool of integrality optionally have the privacy violation chain of evidence and are packaged function.

In this step, privacy violation chain of evidence refers to a series of objective facts and record of truly tracing to the source is formed by proof Chain is able to demonstrate that privacy violation process.Chain of evidence is the concept of legal field, is not necessarily referring to the chain of computer field data structure Table, appearance form can be point, chain, tree, graph structure.

In this example, the evidence obtaining function that Alice is called determines the privacy violation behavior confidentiality, complete of result Property verified, determine and trace to the source the genuine and believable of information.Evidence obtaining function checks that behavior is traceable to Bob for privacy by David's Information transfers restriction range, determines that Bob is privacy violation behavioral agent；By the mosaic processing of Carol, Carol is determined For another privacy violation behavioral agent, and all privacy violation behaviors judgement result is finally packaged into privacy violation evidence Chain.

It will appreciated by the skilled person that whole or certain steps, system, dress in method disclosed hereinabove Functional module/unit in setting may be implemented as software, firmware, hardware and its combination appropriate.In hardware embodiment, Division between the functional module/unit referred in the above description not necessarily corresponds to the division of physical assemblies；For example, one Physical assemblies can have multiple functions or a function or step and can be executed by several physical assemblies cooperations.Certain groups Part or all components may be implemented as by processor, such as the software that digital signal processor or microprocessor execute, or by It is embodied as hardware, or is implemented as integrated circuit, such as specific integrated circuit.Such software can be distributed in computer-readable On medium, computer-readable medium may include computer storage medium (or non-transitory medium) and communication media (or temporarily Property medium).As known to a person of ordinary skill in the art, term computer storage medium is included in for storing information (such as Computer readable instructions, data structure, program module or other data) any method or technique in the volatibility implemented and non- Volatibility, removable and nonremovable medium.Computer storage medium include but is not limited to RAM, ROM, EEPROM, flash memory or its His memory technology, CD-ROM, digital versatile disc (DVD) or other optical disc storages, magnetic holder, tape, disk storage or other Magnetic memory apparatus or any other medium that can be used for storing desired information and can be accessed by a computer.This Outside, known to a person of ordinary skill in the art to be, communication media generally comprises computer readable instructions, data structure, program mould Other data in the modulated data signal of block or such as carrier wave or other transmission mechanisms etc, and may include any information Delivery media.

Although embodiment disclosed by the embodiment of the present invention is as above, only the present invention is real for ease of understanding for the content The embodiment applying example and using is not intended to limit the invention embodiment.Skill in any fields of the embodiment of the present invention Art personnel can be in the form and details of implementation under the premise of not departing from spirit and scope disclosed by the embodiment of the present invention It is upper to carry out any modification and variation, but the scope of patent protection of the embodiment of the present invention, it still must be with appended claims institute Subject to the range defined.

Claims

The evidence collecting method 1. a kind of privacy information is traced to the source, comprising:

Generate the evidence sample data of information；The evidence sample data includes any combination of one or more of: privacy Information, tracing to the source for privacy information record the privacy violation behavior criterion of information and privacy information；

The evidence sample data is saved in the information.
The evidence collecting method 2. privacy information according to claim 1 is traced to the source, which is characterized in that the privacy information includes privacy The information content and privacy information position；The privacy information is generated in the following ways:

The privacy information content is obtained from the information, determines that position of the privacy information content in the information obtains To the privacy information position.
The evidence collecting method 3. privacy information according to claim 1 is traced to the source, which is characterized in that described in generating in the following ways Tracing to the source for privacy information records information:

Judge that generated trace to the source records that information is credible, according to operating main body to the operation behavior of the privacy information using tracing back It traces to the source described in the generation of source record function and records information.
The evidence collecting method 4. privacy information according to claim 3 is traced to the source, which is characterized in that described trace to the source records function and include Any combination of one or more of: mapping function, hash function, encryption function, signature function；

Wherein, mapping function be used to occur for operating main body, operation object, operation behavior and operation behavior one of environment or A variety of any combination establish mapping relations；

Hash function, encryption function and signature function record information and are maliciously tampered for preventing from tracing to the source, or for preventing Malicious operation main body denies operation behavior during evidence obtaining.
The evidence collecting method 5. privacy information according to claim 3 is traced to the source, which is characterized in that the operating main body includes following It is any:

Information owner, information turn originator, information receiver, information transmitting apparatus, information receiving device, information transmission equipment；

The operation behavior includes any combination of one or more of:

The behavior of privacy information propagation operation, privacy information processing operation behavior；

It is described to trace to the source that record information include: that environment occurs for the operating main body, operation object, the operation behavior and operation behavior One of or a variety of any combination and/or the operating main body, operation object, the operation behavior and operation behavior hair Mapping relations between one of raw environment or a variety of any combination.
The evidence collecting method 6. privacy information according to claim 1 is traced to the source, which is characterized in that described in generating in the following ways The privacy violation behavior criterion of privacy information:

The privacy violation behavior criterion of the privacy information is generated according to the secret protection demand to privacy information；Wherein, The secret protection demand includes one or more of any combination:

Privacy preserving algorithms type, protection intensity, privacy effect.
The evidence collecting method 7. privacy information according to claim 6 is traced to the source, which is characterized in that the privacy violation behavior determines The description language and format of standard include: expandable mark language XML, extensible access control markup language X ACML, safety Assertion markup language SAML, Authorization definition language ASL, template instruction, customized language format.
The evidence collecting method 8. privacy information according to claim 6 is traced to the source, which is characterized in that the privacy violation behavior determines Standard includes: any group of one or more of operating main body, operation object, operational attribute, operation behavior, constraint condition Corresponding relationship between conjunction.
The evidence collecting method 9. privacy information according to claim 8 is traced to the source, which is characterized in that

The operating main body includes following any:

Information owner, information turn originator, information receiver, information transmitting apparatus, information receiving device, information transmission equipment；

The privacy information that the operation object is used to describe to be operated；

The operation behavior includes any combination of one or more of: privacy information propagation operation, privacy information processing behaviour Make；

The operational attribute is used to describe the attribute conditions that should meet of execution operation behavior, comprising: trigger condition, environmental information, Any combination of one or more of use scope, medium type；

Wherein, the trigger condition is used to describe the condition of activation privacy violation behavior judgement, including one or more of Any combination:

Leave or enter system boundary, leave or enter network boundary, send privacy information before, receive privacy information before, make by oneself Adopted rule；

The environmental information includes any combination of one or more of:

Role, time, spatial position, equipment, network, operating system；

The use scope is used to describe the application scenarios of privacy operations, any combination including one or more of:

It shows, exchanged for mobile memory medium, for network transmission for printing, for display；

The medium type is used to describe the media formats of privacy information file, any combination including one or more of: Text, picture, audio, video, hypermedia；

The constraint condition is used to describe the permission of operation behavior, wherein the constraint condition includes: to allow or do not allow.
The evidence collecting method 10. privacy information according to claim 9 is traced to the source, which is characterized in that wherein, the privacy information passes Broadcast any combination that operation includes one or more of:

It downloads, check, forward, shear, comment on, mark；

The privacy information processing operation includes any combination of one or more of:

Extensive, anonymous, difference, mosaic, filtering, encryption, is hidden at coverage.
The evidence collecting method 11. privacy information according to claim 1 is traced to the source, which is characterized in that described by evidence sample data It is saved in information and includes:

The evidence sample data is saved in the information by any combination of one or more of mode: binding, Insertion adds.
The apparatus for obtaining evidence 12. a kind of privacy information is traced to the source, comprising:

Evidence sample data generation module, for generating the evidence sample data of information；Wherein, the evidence sample data includes But being not limited to includes: privacy information, tracing to the source records any of one or more of information, privacy violation behavior criterion Combination；

Evidence sample data memory module, for the evidence sample data to be saved in the information.
The apparatus for obtaining evidence 13. a kind of privacy information is traced to the source, including processor and computer readable storage medium, it is described computer-readable Instruction is stored in storage medium, which is characterized in that when described instruction is executed by the processor, realize such as claim 1 ~11 described in any item privacy informations are traced to the source evidence collecting method.
14. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program Realized when being executed by processor privacy information as claimed in any one of claims 1 to 11 trace to the source evidence collecting method the step of.
The evidence collecting method 15. a kind of privacy information is traced to the source, comprising:

Information is obtained according to demand of investigating；

Obtain evidence sample data from the information, the evidence sample data includes: that privacy information, privacy information are traced to the source Record any combination of one or more of privacy violation behavior criterion of information and privacy information；

It is traced to the source and is recorded in information with the presence or absence of privacy violation behavior according to privacy violation behavior criterion judgement, generated privacy and invade Criminal's behavior determines result；

Determine that result carries out privacy violation behavior and traces to the source according to privacy violation behavior, generates privacy violation chain of evidence.
The evidence collecting method 16. privacy information according to claim 15 is traced to the source, which is characterized in that described according to privacy violation row It traces to the source to record in information for criterion judgement and includes: with the presence or absence of privacy violation behavior

Item is investigated in generation；

It investigates item according to described described trace to the source is recorded by information is screened, generate behavior forensic information；

When behavior forensic information is credible, judge that the behavior forensic information whether there is according to privacy violation behavior criterion Privacy violation behavior generates privacy violation behavior and determines result.
The evidence collecting method 17. privacy information according to claim 16 is traced to the source, which is characterized in that described that item is investigated according to Described trace to the source is recorded by information is screened, generating behavior forensic information includes:

From it is described trace to the source record filtered out in information investigate tracing to the source in the range of item defines record information as behavior collect evidence Information.
The evidence collecting method 18. privacy information according to claim 16 is traced to the source, which is characterized in that described according to privacy violation row Judge that the behavior forensic information includes: with the presence or absence of privacy violation behavior for criterion

When in privacy violation behavior criterion including operating main body and operation object, privacy violation behavior criterion is obtained Middle operating main body is the operating main body in behavior forensic information, and it is right for the operation object in behavior forensic information to operate object Any combination of one or more of operational attribute, operation behavior and the constraint condition answered；

When including operating main body in privacy violation behavior criterion, when without including operation object, privacy violation behavior is obtained Operating main body is operational attribute corresponding to the operating main body in behavior forensic information, operation behavior and constraint item in criterion Any combination of one or more of part；

When not including operating main body in privacy violation behavior criterion, and when including operation object, privacy violation behavior is obtained Object is operated in criterion as operational attribute corresponding to the operation object in behavior forensic information, operation behavior and constraint item Any combination of one or more of part；

With the operation behavior in behavior forensic information environment is occurred for the operational attribute of acquisition to be compared, by the operation row of acquisition To be compared with constraint condition with the operation behavior in behavior forensic information；

When meeting at least one of: environment occurs for the operation behavior of the operating main body beyond the behaviour obtained in behavior forensic information Make attribute；When the operation behavior of the operating main body is beyond the operation behavior allowed under the constraint condition of place in behavior forensic information, Determine that there are privacy violation behaviors in behavior forensic information；

When the operating main body in behavior forensic information all operation behaviors without departing from place constraint condition under the operation that allows Behavior, and all operation behaviors occur environment without departing from the operational attribute of acquisition when, determine and be not present in behavior forensic information Privacy violation behavior.
The evidence collecting method 19. privacy information according to claim 18 is traced to the source, which is characterized in that the privacy violation behavior is sentenced Determine any combination that result includes one or more of:

With the presence or absence of aggressive behavior, the output of the operation behavior type invaded, infringement degree, privacy violation behavior judging result Format.
20. 5~19 described in any item privacy informations are traced to the source evidence collecting method according to claim 1, which is characterized in that this method is also Include:

Security guarantee is carried out to the privacy violation chain of evidence.
The evidence collecting method 21. privacy information according to claim 20 is traced to the source, which is characterized in that described to privacy violation evidence Chain carries out any combination that security guarantee includes one or more of:

Generate the audit information of the privacy violation chain of evidence；

Calculate the integrity check value of one of the privacy violation chain of evidence and audit information or a variety of any combination；

User is generated to the privacy violation chain of evidence and privacy violation chain of evidence receives any of one or more of user Combination is digitally signed.
The evidence collecting method 22. privacy information according to claim 21 is traced to the source, which is characterized in that wherein, the audit information Acquisition for recording the evidence obtaining sample data in the privacy violation chain of evidence records, and appoints including following any one or more Meaning combination: privacy violation behavior determines result, information source, evidence obtaining personnel, handler；

The integrity check value is for ensureing one of the privacy violation chain of evidence and described audit information or a variety of The content of any combination is not maliciously tampered；

The digital signature is for ensureing that the privacy violation chain of evidence is not maliciously tampered during submission.
The apparatus for obtaining evidence 23. a kind of privacy information is traced to the source, comprising:

Data obtaining module, for obtaining information according to demand of investigating；

Evidence sample data obtains module, for obtaining evidence sample data, the evidence sample data packet from the information Include: privacy information, privacy information trace to the source record one of privacy violation behavior criterion of information and privacy information or The a variety of any combination of person；

Whether privacy violation behavior determination module is deposited for tracing to the source to record in information according to privacy violation behavior criterion judgement In privacy violation behavior, generates privacy violation behavior and determine result；

Privacy violation chain of evidence generation module, for determining that result carries out privacy violation behavior and traces to the source according to privacy violation behavior, Generate privacy violation chain of evidence.
The apparatus for obtaining evidence 24. a kind of privacy information is traced to the source, including processor and computer readable storage medium, it is described computer-readable Instruction is stored in storage medium, which is characterized in that when described instruction is executed by the processor, realize such as claim 15 ~22 described in any item privacy informations are traced to the source evidence collecting method.
25. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program When being executed by processor realize as the described in any item privacy informations of claim 15~22 trace to the source evidence collecting method the step of.
The evidence-obtaining system 26. a kind of privacy information is traced to the source, comprising:

Evidence sample data generating device, for generating the evidence sample data of information；The evidence sample data includes: privacy Information, tracing to the source for privacy information record one or more of privacy violation behavior criterion of information and privacy information Any combination；The evidence sample data is saved in the information；

Privacy information is traced to the source evidence taking equipment, for obtaining information according to demand of investigating；Evidence sample number is obtained from the information It include: that privacy information, tracing to the source for privacy information record the privacy violation row of information and privacy information according to, the evidence sample data For any combination of one or more of criterion；It is traced to the source according to privacy violation behavior criterion judgement and records information In whether there is privacy violation behavior, generate privacy violation behavior determine result；Determine that result carries out according to privacy violation behavior Privacy violation behavior is traced to the source, and privacy violation chain of evidence is generated.