CN111291405A - Data tracing method for personal privacy data leakage - Google Patents
Data tracing method for personal privacy data leakage Download PDFInfo
- Publication number
- CN111291405A CN111291405A CN202010050336.4A CN202010050336A CN111291405A CN 111291405 A CN111291405 A CN 111291405A CN 202010050336 A CN202010050336 A CN 202010050336A CN 111291405 A CN111291405 A CN 111291405A
- Authority
- CN
- China
- Prior art keywords
- data
- application
- personal
- processing
- tracing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a data tracing method facing personal privacy data leakage, which firstly introduces the idea of a personal privacy data supply chain, mainly relates to the links of data acquisition, processing, application and the like, and establishes a three-layer management framework comprising an acquisition layer, a storage layer and an application layer. And recording the information of each layer of data stream by adopting the PROV standard. The involved subjects are associated one by one through the identification information, the participation process and the possible exposed problems of each subject are analyzed, and then a solution is given.
Description
Technical Field
The invention relates to a data tracing method, in particular to a data tracing method facing personal privacy data leakage.
Background
With the wide deployment of the internet of things and the rise and development of technologies such as cloud computing, electronic commerce rises rapidly and becomes an important part of life of people. Under the demands including shopping, entertainment, medical treatment, takeaway, car calling and the like, a user has more choices, corresponding APP is generally required to be downloaded for use, information can be comprehensively obtained by browsing various different types of websites, and most websites or APPs can browse, download or use corresponding resources by registering the user. The large amount of personal information is contained, so that the personal information becomes a part of network big data, and the flowing links of the personal information of users and the related subjects are increased. The digitized information collection and utilization process often inadvertently violates the privacy of the individual.
In a big data environment, data presents the characteristics of diversification and complication, which are expressed in the generation scale and the propagation speed of the data and the source and derivation of the data, and great challenges are brought to the traditional static information resource management mode. In the data sharing process, the primary data may form a large amount of derived data after operations such as multiple circulation, copying, migration, integration, extraction, calculation and the like, and if the tracing information of the primary data is not recorded, the authenticity and the effectiveness of the derived data are reduced to a great extent, so that risks are brought to the application of the data. In order to increase the reliability and credibility of data, the derivation and flow process of data is traced, and a data tracing technology is developed.
The data tracing is a technology for tracing the origin, and the tracing of the data history file is realized according to the history state and the evolution process of the reproduction data of the tracing path. There are also many applications today: liuxi peace and the like sort out the main method and application of the current calculation data traceability in detail; the system analyzes and compares the existing mature traceability management system, and systematically researches the data traceability tracking technology in the data warehouse system; xu yang, et al, outlines models, methods, techniques, and application system status of data tracing; liyazi researches a data tracing and tracing annotation mode and a description model, and introduces a 7W model of data tracing. Data tracing is one of important methods for solving data tracing, and when data is leaked, the processing stage of the data can be positioned through tracing information, but individuals cannot be positioned.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a data tracing method facing personal privacy data leakage. In addition, the introduction of the data supply chain idea enables the circulation link path of personal information to be traceable, the data flow information can be clearly traced through metadata recording and marking, and when personal privacy is revealed, accountability can be traced and the source of the disclosure can be found. These technologies provide greater assurance of privacy security for individuals in large data environments.
In order to achieve the above purpose, the present invention proposes a data tracing method facing personal privacy data disclosure, as shown in fig. 1. Firstly, introducing a personal privacy data supply chain idea, mainly relating to links such as data acquisition, processing, application and the like, and establishing a three-layer management framework comprising an acquisition layer, a storage layer and an application layer. And recording the information of each layer of data stream by adopting the PROV standard. The involved subjects are associated one by one through the identification information, the participation process and the possible exposed problems of each subject are analyzed, and then a solution is given.
The purpose of the invention is realized by the following technical scheme: a data tracing method facing personal privacy data disclosure comprises the following steps, as shown in FIG. 2.
S1) establishing a data supply chain;
the whole life cycle of the personal privacy data comprises the generation to the extinction of the data, the process goes through a plurality of steps, and chain nodes of a data supply chain comprise data acquisition, data storage and data application.
S2) layered design;
aiming at node layering, a data acquisition layer, a data storage layer and a data application layer are respectively used, and a PROV in the W3C standard is used for data recording.
S3) designing a tracing path;
the method comprises a link of personal data utilization, a stakeholder of the personal data utilization, a data flow of the personal data utilization and source tracing path analysis.
S4) source-tracing query;
according to the link of personal data utilization, finding the link of leakage, tracing backwards and positioning the privacy leakage source.
The step S2 includes the following sub-steps:
s21 data acquisition: aiming at a social platform, data paths comprise various types such as personal registration, data uploading, data downloading, data forwarding, data copying and pasting, data analysis and the like;
s22 data storage: and (3) quoting a PROV standard, storing metadata and data activities of each node on the data chain, recording traceability information through a marking method, and establishing a PROV model, wherein main records comprise entities, activities, agents and the mutual relations among the entities, the activities and the agents.
S23 data application: the value of data is becoming more and more important, and the application field of personal data is wide, including life service, business application, scientific research, public service and the like.
S31 personal data utilization includes four links of collection, processing, transaction and application, and there are six data flows, as shown in fig. 3.
① collection-processing-application, which represents social platform collection and data processing to meet application needs;
② collect-trade-application, collect user information on behalf of social platform, trade with another main body, meet buyer's application demand;
③ collection-processing-transaction-application, collecting and processing data on behalf of the social platform, and then making transaction profit to meet the application requirements of the buyer;
④ collection-transaction-processing-application, which is used for directly trading with a subject to obtain profit after collecting data on behalf of the social platform, and the buyer processes and satisfies the self application;
⑤ collection, transaction, processing, transaction and application, which is used for collecting data on behalf of the social platform and then directly transacting with one subject to obtain profit, and the buyer transacts after processing to meet the application requirement of another subject;
⑥ collection-processing-transaction-processing-application, which collects and processes data on behalf of the social platform, then makes transaction profit, and the buyer processes the transaction to meet the application requirement of another main body;
s32 follows the source path against the data stream. The more links flow through and the more related subjects, the more difficult the privacy disclosure link is to determine; a supervision mechanism is introduced, and illegal transaction application and the like are reduced through supervision of a third party.
S41 tracing query: and analyzing which link and path may exist in privacy disclosure by using a related traceability technology and a supervision mechanism, comparing traceability data in a storage layer, and inquiring data flow direction and operation history by using a reverse query method. As shown in fig. 4.
Drawings
FIG. 1 is a diagram of a data tracing architecture.
FIG. 2 is a data tracing mechanism design diagram.
Fig. 3 is a tracing path analysis diagram.
Fig. 4 is a flow chart of tracing personal privacy data.
Detailed Description
In order to more concisely and clearly describe the contents and objects of the present invention, the present invention will be further described with reference to the accompanying drawings.
The following describes the implementation of the method by way of example.
In the present invention, a subject is provided with:
1. user { U1, U2, U3... Un }
The user includes two parts: one is an individual, which refers to the entity that produces the individual's private data, the actual owner of the private data. The second is a data application, which refers to a person or platform using private data. It should be noted that individuals are both data producers and data consumers.
2. Collector of data Collector { C1, C2, C3... Cn }
One is to provide collection of certain services, for example, a social platform needs to register personal information and then log in to use certain functions; the second is an entity that may collect the user's privacy data for some purpose, such as an illegal collector gathering the user's personal privacy for transactions.
3. Handler { H1, H2, H3... Hn } of data processor
The format change formed by editing, sorting, reforming, integrating, mining and analyzing personal data can be database products, information systems or services and the like, and the format change can comprise primary data products formed by directly sorting the primary data and high-grade data products generated by secondary mining and development.
4. Data trader Deller { D1, D2, D3.. Dn }
Refers to an agent that deals with private data for a benefit.
5. Supervisor Monitor { M1, M2, M3.. Mn }
The system refers to the constraint of supervision and protection of personal privacy information, and mainly comprises a government department, a trusted third party organization and organization. The government is the most effective supervision and management department for personal data utilization and is a powerful governor of the traceability mechanism.
Scene description: aiming at the problem of privacy disclosure possibly occurring in the social platform, when the U1 receives a harassing call of a data application U2, the U1 does not disclose personal information such as personal identification numbers, addresses and other personal privacy data to the U2. How to locate how personal privacy is compromised?
The specific steps of the implementation case are as follows:
step 001: the user U1 registers an APP, and the registration information comprises name, identification number, gender, age, telephone, hobby, user name, password and the like;
step 002: the user U1 receives a fraud call that a platform impersonates as a merchant and the information such as name and identity card is correct. The user U1 has little idea how the information is leaked;
step 003: a user U1 initiates a traceability application, submits identity information and verifies the identity information on a traceability platform;
step 004: searching the information flow direction after the user registration by inquiring the data operation record;
step 005: the traceability platform feeds back to a user U1, through query result analysis, after the user registers, information is collected by the APP, data storage is carried out after data collection by the C1, and data sorting and analysis are carried out by a background developer H1;
step 006: the APP platform is illegally stolen by the information collector C2 due to the unsafe interface;
step 007: according to legal regulations, user U1 may legally blame C2 requesting M1 for processing.
Claims (5)
1. A data tracing method facing personal privacy data disclosure is characterized in that: firstly, introducing a personal privacy data supply chain idea, relating to data acquisition, processing and application links, and establishing a three-layer management framework comprising an acquisition layer, a storage layer and an application layer; recording information of each layer of data flow by adopting a PROV standard; relating the related subjects one by one through the identification information, analyzing the participation process and the possible exposed problems of each subject, and then providing a solution; the specific implementation process is as follows:
s1) establishing a data supply chain;
the chain nodes of the data supply chain comprise data acquisition, data storage and data application;
s2) layered design;
aiming at node layering, namely a data acquisition layer, a data storage layer and a data application layer, and referring to a PROV in the W3C standard to make data records;
s3) designing a tracing path;
the method comprises a link of personal data utilization, a stakeholder of the personal data utilization, a data flow of the personal data utilization and source tracing path analysis;
s4) source-tracing query;
according to the link of personal data utilization, finding the link of leakage, tracing backwards and positioning the privacy leakage source.
2. The data tracing method for personal private data disclosure according to claim 1, wherein: the step S2 includes the steps of:
s21 data acquisition: aiming at a social platform, data paths comprise various types of personal registration, data uploading, data downloading, data forwarding, data copying and pasting and data analysis;
s22 data storage: the method comprises the steps of quoting a PROV standard, storing metadata and data activities of each node on a data chain, recording traceability information through a marking method, and establishing a PROV model, wherein the records comprise entities, activities, agents and mutual relations among the entities, the activities and the agents;
s23 data application.
3. The data tracing method for personal private data disclosure according to claim 1, wherein: the personal data utilization comprises four links of collection, processing, transaction and application, and six data flows exist;
① collection-processing-application, which represents social platform collection and data processing to meet application needs;
② collect-trade-application, collect user information on behalf of social platform, trade with another main body, meet buyer's application demand;
③ collection-processing-transaction-application, collecting and processing data on behalf of the social platform, and then making transaction profit to meet the application requirements of the buyer;
④ collection-transaction-processing-application, which is used for directly trading with a subject to obtain profit after collecting data on behalf of the social platform, and the buyer processes and satisfies the self application;
⑤ collection, transaction, processing, transaction and application, which is used for collecting data on behalf of the social platform and then directly transacting with one subject to obtain profit, and the buyer transacts after processing to meet the application requirement of another subject;
⑥ collection-processing-transaction-processing-application, which collects and processes data on behalf of the social platform, then proceeds transaction to gain profit, and the buyer performs transaction after processing to meet the requirement of another main application.
4. The data tracing method for personal private data disclosure according to claim 1, wherein: the tracing path is performed against the data flow; the more links flow through and the more related subjects, the more difficult the privacy disclosure link is to determine; and a supervision mechanism is introduced, and illegal transactions are reduced by supervision of a third party.
5. The data tracing method for personal private data disclosure according to claim 1, wherein: tracing and querying: and analyzing which link and path may exist in privacy disclosure by using a related traceability technology and a supervision mechanism, comparing traceability data in a storage layer, and inquiring data flow direction and operation history by using a reverse query method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010050336.4A CN111291405A (en) | 2020-01-17 | 2020-01-17 | Data tracing method for personal privacy data leakage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010050336.4A CN111291405A (en) | 2020-01-17 | 2020-01-17 | Data tracing method for personal privacy data leakage |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111291405A true CN111291405A (en) | 2020-06-16 |
Family
ID=71016966
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010050336.4A Pending CN111291405A (en) | 2020-01-17 | 2020-01-17 | Data tracing method for personal privacy data leakage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111291405A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116305294A (en) * | 2023-05-18 | 2023-06-23 | 成方金融科技有限公司 | Data leakage tracing method and device, electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2005267153A (en) * | 2004-03-18 | 2005-09-29 | Hiroshi Sato | Traceability system device and means, traceability information referencing confirming device, and traceability information |
| CN104731976A (en) * | 2015-04-14 | 2015-06-24 | 海量云图(北京)数据技术有限公司 | Method for finding and sorting private data in data table |
| CN106713313A (en) * | 2016-12-22 | 2017-05-24 | 河海大学 | Access control method based on origin graph abstractness |
| CN110113325A (en) * | 2019-04-25 | 2019-08-09 | 成都卫士通信息产业股份有限公司 | Network Data Control method, apparatus and storage medium based on third party SDK |
-
2020
- 2020-01-17 CN CN202010050336.4A patent/CN111291405A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2005267153A (en) * | 2004-03-18 | 2005-09-29 | Hiroshi Sato | Traceability system device and means, traceability information referencing confirming device, and traceability information |
| CN104731976A (en) * | 2015-04-14 | 2015-06-24 | 海量云图(北京)数据技术有限公司 | Method for finding and sorting private data in data table |
| CN106713313A (en) * | 2016-12-22 | 2017-05-24 | 河海大学 | Access control method based on origin graph abstractness |
| CN110113325A (en) * | 2019-04-25 | 2019-08-09 | 成都卫士通信息产业股份有限公司 | Network Data Control method, apparatus and storage medium based on third party SDK |
Non-Patent Citations (2)
| Title |
|---|
| 朱光;杨嘉韵;丰米宁;陈叶;: "问责情境下的大数据隐私溯源框架研究", 图书馆学研究 * |
| 殷建立;王忠;: "大数据环境下个人数据溯源管理体系研究", 情报科学 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116305294A (en) * | 2023-05-18 | 2023-06-23 | 成方金融科技有限公司 | Data leakage tracing method and device, electronic equipment and storage medium |
| CN116305294B (en) * | 2023-05-18 | 2023-09-05 | 成方金融科技有限公司 | Data leakage tracing method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108737361B (en) | Data verification method based on block chain | |
| WO2020108046A1 (en) | Cross-block chain interaction method and system, computer device, and storage medium | |
| Kim et al. | Data governance framework for big data implementation with a case of Korea | |
| Elkoumy et al. | Secure multi-party computation for inter-organizational process mining | |
| Al-Dhaqm et al. | Digital forensics subdomains: the state of the art and future directions | |
| CN111639914A (en) | Block chain case information management method and device, electronic equipment and storage medium | |
| CN104850955B (en) | The user information intelligent management and system of Network Environment | |
| Whittington et al. | Push, pull, and spill: A transdisciplinary case study in municipal open government | |
| Sarfaty | Can big data revolutionize international human rights law | |
| Cueva-Sánchez et al. | A blockchain-based technological solution to ensure data transparency of the wood supply chain | |
| CN113158233A (en) | Data preprocessing method and device and computer storage medium | |
| Pupentsova et al. | The enterprises risk management in the context of digital transformation | |
| Garrido et al. | Lessons learned: Surveying the practicality of differential privacy in the industry | |
| Cagigas et al. | Blockchain in government: toward an evaluation framework | |
| Al-Dhaqm et al. | Database Forensics Field and Children Crimes | |
| CN111291405A (en) | Data tracing method for personal privacy data leakage | |
| Alegria et al. | Method of quantitative analysis of cybersecurity risks focused on data security in financial institutions | |
| Cox et al. | An agenda for research in statistical disclosure limitation | |
| Chang et al. | Who is the boss? Identifying key roles in telecom fraud network via centrality-guided deep random walk | |
| CN106156904B (en) | Cross-platform virtual asset tracing method based on eID | |
| Khurshid et al. | Big data-9vs, challenges and solutions | |
| Yang et al. | Framework Design of Science and Technology Venture Capital Salary Management System Driven by Blockchain Technology | |
| Berendt et al. | A privacy-protecting business-analytics service for on-line transactions | |
| Xiao | Information security management of sharing economy based on blockchain technology | |
| Lincke | Attending to Information Privacy |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |