WO2020087877A1 - Privacy information tracing and evidence collection method, apparatus, and system - Google Patents

Privacy information tracing and evidence collection method, apparatus, and system Download PDF

Info

Publication number
WO2020087877A1
WO2020087877A1 PCT/CN2019/083047 CN2019083047W WO2020087877A1 WO 2020087877 A1 WO2020087877 A1 WO 2020087877A1 CN 2019083047 W CN2019083047 W CN 2019083047W WO 2020087877 A1 WO2020087877 A1 WO 2020087877A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
privacy
behavior
traceability
forensics
Prior art date
Application number
PCT/CN2019/083047
Other languages
French (fr)
Chinese (zh)
Inventor
李凤华
李晖
牛犇
张玲翠
Original Assignee
中国科学院信息工程研究所
西安电子科技大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国科学院信息工程研究所, 西安电子科技大学 filed Critical 中国科学院信息工程研究所
Publication of WO2020087877A1 publication Critical patent/WO2020087877A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Definitions

  • This article involves but is not limited to information application technology, especially a privacy information traceability forensics method, device and system.
  • An embodiment of the present invention provides a method for forensic traceability of private information, including:
  • the evidence sample data includes any combination of one or more of the following: privacy information, traceability record information of the privacy information, and privacy violation behavior judgment standards of the privacy information;
  • the private information may include private information content and private information location; the private information may be generated in the following manner:
  • Obtain the privacy information content from the information determine the location of the privacy information content in the information to obtain the location of the privacy information.
  • the traceability record information of the private information may be generated in the following manner: it is determined that the generated traceability record information is credible, and a traceability record function is used to generate the traceability record information according to the operation behavior of the operation subject on the privacy information.
  • the traceability record function may include any combination of one or more of the following: mapping function, hash function, encryption function, signature function;
  • the mapping function can be set as any combination of one or more of the operation subject, operation object, operation behavior and the environment in which the operation behavior occurs to establish the mapping relationship;
  • the hash function, encryption function and signature function can be set to prevent the traceability record information from being maliciously tampered with, or can be set to prevent the malicious operation subject from denying the operation during the forensics process.
  • the operation subject may include any one of the following:
  • Information owner information forwarder, information receiver, information sending device, information receiving device, information transmission device;
  • the operation behavior may include at least one of the following:
  • Private information dissemination operation behavior private information processing operation behavior
  • the traceability record information may include: any combination of one or more of the operation subject, operation object, the operation behavior and the environment in which the operation behavior occurs, and / or the operation subject, operation object, and operation The mapping relationship between behaviors and any combination of one or more of the operating behavior occurrence environments.
  • a judgment criterion for privacy violation behavior of the privacy information is generated according to the privacy protection requirements for the privacy information; wherein the privacy protection requirements include at least one of the following:
  • Privacy protection algorithm type protection strength, privacy effect.
  • the description language and format of the criteria for determining privacy violations based on private information may include but not limited to: Extensible Markup Language (XML, Extensible Markup Language), Extensible Access Control Markup Language (XACML, Extensible Access Control Markup Language) , Security Statement Markup Language (SAML, Security Assertion Markup Language), Authorization Definition Language (ASL, Authorization, Specification, Language), template language, custom language format.
  • XML Extensible Markup Language
  • XACML Extensible Access Control Markup Language
  • SAML Security Statement Markup Language
  • ASL Authorization Definition Language
  • ASL Authorization, Specification, Language
  • template language custom language format.
  • the judgment criterion of privacy violation behavior may include, but not limited to, a correspondence between any combination of one or more of an operation subject, an operation object, an operation behavior, an operation attribute, and a constraint condition.
  • the operation subject may include at least one of the following:
  • Information owner information forwarder, information receiver, information sending device, information receiving device, information transmission device;
  • the operation object / operation object may be set to describe the operated private information
  • the operation behavior may include any combination of one or more of the following: private information dissemination operation, private information processing operation;
  • the operation attribute may be set to describe attribute conditions that should be satisfied to perform the operation behavior, including, but not limited to, any combination of one or more of trigger conditions, environmental information, use range, and media type.
  • the trigger condition may be set to describe a condition for activating the judgment of privacy violation behavior, including any combination of one or more of the following:
  • Leave or enter the system boundary leave or enter the network boundary, before sending private information, before receiving private information, custom rules;
  • the system boundary may include, but is not limited to, any combination of one or more of the following: information system boundaries of different management scopes in countries / provinces / municipalities, information system boundaries of different management scopes in industries / groups / enterprises / departments, and differences within enterprises Business information system boundaries, boundaries between different functional modules in the same information system, etc.
  • the network boundary may include, but is not limited to, any combination of one or more of the following: country / province / city network gateways, operator network gateways, enterprise network gateways, enterprise internal network security domain boundaries, etc.
  • the environmental information may include, but is not limited to, any combination of one or more of the following:
  • the usage range may be set to describe application scenarios of privacy operations, including but not limited to any combination of one or more of the following:
  • the mobile storage medium may include, but is not limited to, any combination of one or more of the following: an optical disk, a U disk, a mobile hard disk, and the like.
  • the type of the network transmitted by the network which may include, but is not limited to, any combination of one or more of the following: wired network, wireless network; wherein the network protocol for the network transmission is also not limited, and may include But it is not limited to Ethernet, WiFi, ad hoc, etc.
  • the media type may be set to a media format describing the private information file, including but not limited to any combination of one or more of the following: text, pictures, audio, video, hypermedia;
  • the constraint condition may be set as a permission to describe the operation behavior, where the constraint condition may include but is not limited to: allowed or not allowed.
  • the private information dissemination operation may include any combination of one or more of the following:
  • the private information processing operation may include any combination of one or more of the following:
  • saving the evidence sample data in the information may include:
  • the binding method is a way to establish a connection between private information and evidence sample data, and the two types of data need not be stored in the same location;
  • the embedding method refers to storing the evidence sample data in a custom area in the original format of the private information file
  • the appending method refers to modifying the file format of the original private information, modifying it into a custom file format, and setting a newly added custom field to store evidence sample data.
  • An embodiment of the present invention provides a device for tracing and obtaining evidence of privacy information, including:
  • Evidence sample data generation module set to generate evidence sample data of information; the evidence sample data includes but is not limited to: one or more of the privacy information, the traceability record information of the privacy information and the privacy violation behavior judgment standard of the privacy information Any combination of
  • the evidence sample data storage module is configured to save the evidence sample data in the information.
  • An embodiment of the present invention provides a privacy information traceability and forensics device, which includes a processor and a computer-readable storage medium.
  • the computer-readable storage medium stores instructions. When the instructions are executed by the processor, the foregoing Any kind of privacy information traceability and forensics method.
  • An embodiment of the present invention provides a computer-readable storage medium on which a computer program is stored.
  • the computer program is characterized in that, when the computer program is executed by a processor, the steps of any one of the foregoing privacy information traceability forensics methods are implemented.
  • An embodiment of the present invention provides a method for forensic traceability of private information, including:
  • the evidence sample data includes: any combination of one or more of the privacy information, the traceability record information of the privacy information, and the privacy violation judgment standard of the privacy information;
  • judging whether there is a privacy violation in the traceability record information according to the privacy violation judgment standard may include:
  • the behavioral forensics information When the behavioral forensics information is credible, it is determined whether the behavioral forensics information has a privacy violation behavior according to the privacy violation behavior judgment standard, and a privacy violation behavior judgment result is generated.
  • the screening of the traceability record information according to the review item and generating behavior forensics information may include:
  • the traceability record information within the range defined by the review item is selected as behavior forensics information.
  • the judging whether the behavior forensics information has privacy violation according to the privacy violation judgment standard may include:
  • the privacy violation behavior judgment standard includes the operation subject and the operation object
  • the operation subject in the acquisition privacy violation judgment standard is the operation subject in the behavior forensics information
  • the operation object is the operation attribute corresponding to the operation object in the behavior forensics information, Any combination of one or more of operating behaviors and constraints;
  • the acquisition of the privacy violation behavior judgment standard is one of the operation attributes, operation behaviors, and constraints corresponding to the operation subject in the behavior forensics information. Or any combination of multiple;
  • the acquisition of the privacy violation behavior judgment standard is one of the operation attributes, operation behaviors, and constraints corresponding to the operation object in the behavior forensics information. Or any combination of multiple;
  • the operating environment of the operation subject in the behavioral forensics information exceeds the obtained operation attributes; Operating behavior;
  • the judgment result of privacy violation behavior may include any combination of one or more of the following:
  • the method may further include:
  • the security guarantee for the privacy infringement evidence chain may include any combination of one or more of the following:
  • the audit information can be set to record the acquisition record of the forensic sample data in the privacy violation evidence chain, and can include any one or more of the following: any combination of the following: violation of privacy violation judgment results, information sources, forensics personnel, Handle person
  • the integrity check value may be set to ensure that any combination of one or more of the privacy violation evidence chain and the audit information is not maliciously tampered with;
  • the digital signature may be set to ensure that the privacy violation evidence chain is not tampered with maliciously during the submission process.
  • An embodiment of the present invention provides a device for tracing and obtaining evidence of privacy information, including:
  • the information acquisition module is set to acquire information according to the review requirements
  • the evidence sample data acquisition module is configured to obtain evidence sample data from the information, the evidence sample data including: one or more of the privacy information, the traceability record information of the privacy information, and the privacy violation judgment criteria of the privacy information Any combination of
  • the privacy violation judgment module is set to judge whether there is a privacy violation in the traceability record information according to the privacy violation judgment standard, and generate a privacy violation judgment result;
  • the privacy infringement evidence chain generation module is set to trace the source of the privacy infringement behavior based on the result of the privacy infringement behavior judgment and generate the privacy infringement evidence chain.
  • An embodiment of the present invention provides a privacy information traceability and forensics device, which includes a processor and a computer-readable storage medium.
  • the computer-readable storage medium stores instructions. When the instructions are executed by the processor, the foregoing Any kind of privacy information traceability and forensics method.
  • An embodiment of the present invention provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, any of the steps of the above-mentioned privacy information traceability and forensics method is implemented.
  • An embodiment of the present invention also proposes a privacy information traceability and forensics system, including:
  • Evidence sample data generating device set to generate evidence sample data of information;
  • the evidence sample data includes: any combination of one or more of the privacy information, the traceability record information of the privacy information and the privacy violation behavior judgment standard of the privacy information ; Save the evidence sample data to the information;
  • the privacy information traceability and forensics equipment is set to obtain information according to the review requirements; to obtain evidence sample data from the information, the evidence sample data includes: privacy information, the traceability record information of the privacy information, and the privacy violation behavior judgment standard Any combination of one or more types; determine whether there is a privacy violation in the traceability record information according to the privacy violation judgment standard, and generate a privacy violation behavior judgment result; perform a privacy violation behavior traceability based on the privacy violation behavior judgment result, and generate privacy violation evidence chain.
  • the evidence sample data may include: any combination of one or more of the privacy information, the traceability record information of the privacy information, and the privacy violation judgment criteria of the privacy information; storing the evidence sample data to the information in.
  • the embodiment of the present invention realizes the traceability and forensics of private information by storing evidence sample data in the information. Since the evidence sample data can be transferred along with the information, it overcomes the problem of the traditional traceability forensics method focusing on a single information system and improves the The ability of traceability and forensics of private information, especially the issue of traceability and forensics in the scenario of multi-application systems and multi-boundary random flow of private information.
  • FIG. 1 is a flowchart of a method for tracing and obtaining evidence of privacy information according to an embodiment of the present invention
  • FIG. 2 is a schematic structural diagram of a privacy information traceability and forensics device according to an embodiment of the present invention
  • FIG. 3 is a flowchart of a method for forensic traceability of private information according to an embodiment of the present invention
  • FIG. 4 is a schematic diagram of the structure of a privacy information traceability and forensics device according to an embodiment of the invention.
  • FIG. 5 is a schematic structural diagram of a privacy information traceability and forensics system according to an embodiment of the present invention.
  • an embodiment of the present application proposes a method for forensic traceability of private information, including:
  • Step 100 Generate evidence sample data of the information; the evidence sample data includes but is not limited to: any combination of one or more of private information, the traceability record information of the private information, and the privacy violation judgment criteria of the private information.
  • the privacy information is set to describe some or all of the information that the information owner does not want to disclose.
  • the privacy information includes but is not limited to the privacy information content and the location of the privacy information.
  • the private information content includes but is not limited to at least one of the following:
  • Sensitive words in text sensitive areas in pictures, sensitive segments in audio, sensitive frames in video.
  • the location of private information includes but is not limited to at least one of the following:
  • Page Chapter, paragraph, line, sequence number, coordinates, layer, number of pixels, time period, audio track, layer, frame sequence number.
  • private information is generated in the following manner:
  • Obtain the privacy information content from the information determine the location of the privacy information content in the information to obtain the location of the privacy information.
  • any one of the following methods may be used to obtain private information content from information: automatic extraction, manual acquisition, automatic pattern recognition acquisition, and the like.
  • keywords in blog posts can be automatically extracted, and the extracted keywords are private information content;
  • the marked sensitive corpus is the content of private information
  • a face recognition algorithm is used to identify the face area in the picture;
  • a text recognition algorithm OCR, Optical, Character, Recognition
  • OCR Optical, Character, Recognition
  • the location of the private information is determined. For example, when the automatic extraction method is used to obtain the private information content, the private information content is also obtained while extracting the private information content; when the manual information acquisition method is used to obtain the private information content, the private information location can be manually input; when the pattern recognition is used automatically When obtaining the content of private information in the acquisition mode, the location of the private information is obtained while identifying the content of the private information.
  • any operation subject can generate private information. However, once the privacy information is generated, the generated private information cannot be deleted in the subsequent information transfer process. During the subsequent transfer process, the operation subject can only generate new Privacy information.
  • the traceability record information of the private information may be generated in the following manner:
  • judging that the generated traceability record information is credible refers to ensuring that the traceability record information is not tampered with or forged by malicious users during the transfer process through hashing, encryption, and signature mechanisms.
  • the traceability record function generates the traceability record information by using the operation subject, the operation object (that is, private information), the operation behavior, and the environment in which the operation behavior occurs as input information.
  • the traceability record function includes any combination of one or more of the following: a mapping function, a hash function, an encryption function, and a signature function.
  • the mapping function is configured to establish a mapping relationship by any combination of one or more of an operation subject, an operation object, an operation behavior, and an environment in which the operation behavior occurs.
  • the hash function, encryption function and signature function are set to prevent the traceability record information from being maliciously tampered with, or to prevent the malicious operation subject from denying the operation during the forensics process.
  • the hash function, encryption function and signature function are set to ensure the confidentiality and integrity of the traceability record information in the process of information transfer, and the requirements of the traceability record information can not be forged and tampered with.
  • the mapping function can be used to bind the corresponding relationship of any combination of one or more of the operation subject, operation object, operation behavior and the environment in which the operation behavior occurs. It can be that one operation subject corresponds to one operation behavior (one-to-one mapping) It can also correspond to multiple operations (one-to-many mapping).
  • a hash function is used to store the hash value of the privacy information in the traceability record information as the status of the privacy information at the time of the current operation record. Before storing the traceability record next time, first verify the hash value of the current private information. Calculate the hash value of the current privacy information, and compare the calculated hash value with the hash value of the privacy information in the generated traceability record information. If the two do not match, it means that the privacy information has been tampered with.
  • encryption technology can also be used to ensure the integrity of traceability record information, and only trusted subjects with keys can record operation records. That is to say, when the generated traceability record information can be decrypted by the specified key, it means that the generated traceability record information is reliable; when the generated traceability record information cannot be decrypted by the specified key, it means that the generated traceability record The information is not credible.
  • the encryption function and signature function can be used to ensure that the traceability record information cannot be forged and tampered during the propagation process.
  • a viable anti-tampering method can be used to encrypt private information.
  • the authorized software uses the private key of each user in the process of disseminating the private information to sign the operation behavior, starting from the signature of the first private information processor, and then each user needs to record the previous traceability record information with his own operation Signatures form a nested signature structure to prevent malicious users from tampering with traceability records.
  • the operation behavior is set to describe the operation performed by the operation subject on the content of private information, including but not limited to any combination of one or more of the following:
  • Private information dissemination operation behavior private information processing operation behavior.
  • private information dissemination operations include but are not limited to any combination of one or more of the following:
  • private information processing operations include but are not limited to any combination of one or more of the following:
  • the traceability record information includes: an operation subject, an operation object, any combination of one or more of the operation behavior and the environment in which the operation behavior occurs, and / or the operation subject, operation object, The mapping relationship between the operation behavior and any combination of one or more of the operation behavior occurrence environments.
  • the operating behavior occurrence environment includes but is not limited to at least one of the following:
  • a judgment criterion for privacy violation behavior of privacy information may be generated according to a privacy protection requirement for privacy information; or a judgment criterion for privacy violation behavior may be generated according to manual settings.
  • the privacy protection requirements can be set manually.
  • the privacy protection requirements can be translated into machine-recognizable information, that is, privacy violation behavior judgment standards.
  • the privacy protection requirements can be translated into machine-recognizable information in at least one of the following ways: natural language analysis, template language, etc.
  • the privacy protection requirement may refer to the user's desire to protect the privacy information in the image file; including but not limited to at least one of the following: privacy protection algorithm type, protection strength, privacy effect (such as but not limited to The visual effect after privacy treatment).
  • the description language and format of the privacy infringement judgment standard include but are not limited to: XML, ACML, SAML, ASL, template language, and custom language format.
  • the types of privacy protection algorithms include reversible privacy protection algorithms and non-recoverable privacy protection algorithms.
  • the reversible privacy protection algorithm refers to that the processed privacy information can be restored to the original information through reverse calculation, including but Not limited to at least one of the following: encryption, encoding, and information hiding;
  • the non-recoverable privacy protection algorithm means that after privacy protection, private information cannot be restored, including but not limited to at least one of the following: confusion, disturbance, differential privacy, generalization , Anonymity, cover-up;
  • the protection strength can be divided into mild, moderate, and severe according to the information security level; in order to achieve the corresponding privacy protection level, the parameters of the privacy protection algorithm need to be set, and usually the privacy protection effect The better the parameters, the less information available after processing.
  • the privacy effect refers to the readable effect of the privacy information after processing by the privacy protection algorithm, and generally refers to an attacker's assessment of the probability of pushing back the privacy information through the processed information.
  • the privacy information processing operation is set to describe the privacy protection technology that the operation subject can perform on the privacy information, including but not limited to at least one of the following:
  • the operation attributes set to describe the attribute conditions that should be satisfied to perform the operation include, but are not limited to, any combination of one or more of trigger conditions, environmental information, use range, and media type.
  • the trigger condition is set to describe a condition for activating the judgment of privacy violation behavior, including any combination of one or more of the following:
  • Leave or enter the system boundary leave or enter the network boundary, before sending private information, before receiving private information, custom rules;
  • the system boundary includes but is not limited to any combination of one or more of the following: information system boundaries in different management scopes of countries / provinces / cities, information system boundaries in different management scopes of industries / groups / enterprises / departments, and different businesses within enterprises Information system boundaries, boundaries between different functional modules in the same information system, etc.
  • the network boundary includes, but is not limited to, any combination of one or more of the following: country / province / city network gateways, operator network gateways, enterprise network gateways, enterprise internal network security domain boundaries, etc.
  • the criteria for determining the privacy violation behavior include: the operation behavior of the operation subject under the operation attribute with or without the constraint on the operation object;
  • the privacy violation judgment standard it means that all the operation subjects have or do not have the operation behavior under the constraints of the operation object under the operation attribute; or, the privacy violation behavior judgment standard does not include the operation
  • the operation subject has or does not have the operation behavior under the constraint conditions for all the operation objects under the operation attributes; or, other operation authority restriction methods are adopted, which are not limited in the embodiments of the present invention.
  • the information generator and / or the information communicator may correspond to different triggering conditions, different environmental information, different use scopes, different media types, and need to set different operation behavior permissions for different operation subjects and / or operation objects.
  • Step 101 Save the evidence sample data into the information.
  • the generated evidence sample data is saved into the information in any combination of one or more of the following ways: binding, embedding, appending, etc.
  • the binding method is a method of establishing a connection between private information and evidence sample data, and the two types of data need not be stored in the same location;
  • the embedding method refers to storing the evidence sample data in a custom area in the original format of the private information file
  • the appending method refers to modifying the file format of the original private information, modifying it into a custom file format, and setting a newly added custom field to store evidence sample data.
  • evidence sample data may be embedded in the EXIF metadata of the JPEG picture file, and the embedding form is not limited by the embodiment of the present invention
  • the evidence sample data can be appended to the end of the file, and the appended form is not limited by the embodiment of the present invention.
  • Evidence sample data can also be bound to the information in the form of another file through links and other techniques.
  • steps 100 and 101 may be performed when the operation subject needs to perform a privacy information propagation operation or a privacy information processing operation on the information, or may be performed after the operation subject performs the privacy information processing operation on the information.
  • FIG. 2 another embodiment of the present application proposes a privacy information traceability and forensics device, including:
  • the evidence sample data generation module 201 is configured to generate evidence sample data of information; the evidence sample data includes but is not limited to: privacy information, traceability record information of privacy information, and one or more judgment standards of privacy violation behavior of privacy information random combination;
  • the evidence sample data storage module 202 is configured to save the evidence sample data in the information.
  • FIG. 3 another embodiment of the present application proposes a privacy information traceability and forensics method, including:
  • Step 300 Obtain information according to the review requirements.
  • the review requirement is set to describe the requirement that the traceability and forensic personnel review the traceability record information of the private information under different review scenarios to query whether there is a privacy violation.
  • the review requirements include but are not limited to at least one of the following:
  • Review scenario review objectives, review time, review equipment, review network, review system.
  • the review scenario includes but is not limited to at least one of the following:
  • the leaked information is obtained.
  • each forwarded information is obtained periodically or periodically.
  • each forwarded information is obtained in real time.
  • the review objectives, review time, review equipment, review network, and review system can be used as the basis for review information screening.
  • Step 301 Obtain evidence sample data from the information.
  • the evidence sample data includes: one of privacy information, the traceability record information of the privacy information, and the privacy violation behavior judgment standard of the privacy information Or any combination of multiple.
  • the criteria for determining the privacy information, traceability record information, and privacy violation behavior are the same as those in the foregoing embodiment, and details are not described here. It should be noted that the criteria for determining privacy violations may or may not be included in the evidence sample data. When the criteria for determining privacy violations are included in the evidence sample data, they are obtained directly from the evidence sample data. Yes; when the criterion of privacy violation behavior is not included in the evidence sample data, it can be generated when needed, and the generation method is the same as the previous embodiment, and will not be repeated here.
  • Step 302 Determine whether there is a privacy violation in the traceability record information according to the privacy violation judgment standard, and generate a privacy violation judgment result.
  • determining whether there is a privacy violation in the traceability record information according to the privacy violation judgment standard includes:
  • the manner of determining whether the behavioral forensics information is credible is the same as the manner of determining whether the traceability record information is credible in the foregoing embodiment, and details are not described herein again.
  • the review items can be set manually; or the review items can be generated according to the review requirements.
  • At least one of the following ways may be used to generate the review items: template matching, manual input, natural language processing, and the like.
  • the matched keywords are the review items. For example: when the review requirement is to check the records of July and August 2018, the review time "2018" can be automatically extracted. From July 1, 2014 to August 31, 2018.
  • the review requirements are analyzed through natural language processing methods; the review requirements records are trained through training history, and the review requirements model is constructed; when the new review requirements corpus needs to be processed, the fields match the review items therein.
  • the above methods can be combined arbitrarily. For example, after the natural language processing method identifies the review item, it can continue to use the manual input method for confirmation.
  • the review item is set to describe the filtering classification criteria of the traceability record information, including but not limited to at least one of the following:
  • the operation behavior includes but is not limited to at least one of the following: privacy information dissemination operation behavior, privacy information processing operation behavior.
  • screening the traceability record information according to the review item to generate behavior forensics information includes:
  • the traceability record information within the scope defined by the review item is selected as the behavior forensics information.
  • the behavioral forensics information is the traceability record information corresponding to the specified time interval, that is, the traceability record information whose time is within the specified time interval.
  • the behavioral forensics information is the traceability record information corresponding to the specified location range, that is, the traceability record information of the location within the specified location range.
  • the behavior forensics information is the traceability record information corresponding to the designated operation subject, that is, the same traceability record information of the operation subject and the designated operation subject.
  • the behavior forensics information is the traceability record information corresponding to the specified operation behavior, that is, the traceability record information with the same operation behavior as the specified operation behavior.
  • the result of determining the privacy violation behavior includes any combination of one or more types:
  • judging whether the behavior forensics information has a privacy violation according to the privacy violation behavior judgment standard includes:
  • the privacy violation behavior judgment standard includes the operation subject and the operation object
  • the operation subject in the acquisition privacy violation judgment standard is the operation subject in the behavior forensics information
  • the operation object is the operation attribute corresponding to the operation object in the behavior forensics information, Any combination of one or more of operating behaviors and constraints;
  • the acquisition of the privacy violation behavior judgment standard is one of the operation attributes, operation behaviors, and constraints corresponding to the operation subject in the behavior forensics information. Or any combination of multiple;
  • the acquisition of the privacy violation behavior judgment standard is one of the operation attributes, operation behaviors, and constraints corresponding to the operation object in the behavior forensics information. Or any combination of multiple;
  • the operating environment of the operation subject in the behavioral forensics information exceeds the obtained operation attributes; when the operation behavior of the operation subject in the behavioral forensics information exceeds the allowed operation behavior under the constraint conditions, the behavioral forensics information is determined There are privacy violations in
  • Step 303 Trace the source of the privacy violation according to the result of the privacy violation, and generate a privacy violation evidence chain.
  • the privacy infringement evidence chain refers to a certification chain formed by a series of objective facts and true traceability record information, which can prove the privacy infringement process.
  • the chain of evidence is a concept in the legal field, and does not refer to a linked list of data structures in the computer field, and its presentation form may be a point, chain, tree, or graph structure.
  • the privacy infringement evidence chain includes at least one node, and each node includes at least one of the following:
  • Privacy violation subject privacy violation environment, privacy information dissemination operation behavior, privacy information processing operation behavior.
  • the privacy violation subject when the privacy information propagation operation behavior in the traceability record information exceeds the operation authority of the operation subject in the traceability record information, and the privacy information propagation operation behavior is the download authority or the viewing authority, it is determined that the privacy violation subject is not The operation subject in the traceability record information, the privacy violation subject should be the operation subject in the traceability record that spreads the privacy information to the user;
  • the privacy information dissemination operation behavior in the traceability record information exceeds the operation authority of the operation subject in the traceability record information, and the privacy information dissemination operation behavior is the forwarding authority or the cutting authority or the comment authority or the marking authority, it is determined that the privacy infringement subject is the The operation subject in the traceability record information;
  • the privacy violation subject is determined to be the operation subject in the traceability record information
  • the privacy violation subject is determined to be the operation subject in the traceability record information.
  • the method further includes:
  • the security guarantee for the privacy infringement evidence chain includes any combination of one or more of the following:
  • the audit information is configured to record the acquisition record of the forensic sample data in the privacy violation evidence chain, including any combination of any one or more of the following: the judgment result of privacy violation behavior, the information source , Forensics personnel, handlers;
  • the forensic personnel are qualified evidence collection staff.
  • the handling person is a staff member who has the authority to receive and transmit the evidence chain.
  • the integrity check value is set to ensure that the content of any combination of one or more of the privacy violation evidence chain and the audit information is not maliciously tampered with;
  • the digital signature is set to ensure that the privacy infringement evidence chain is not tampered with maliciously during the submission process.
  • FIG. 4 another embodiment of the present application proposes a privacy information traceability and forensics device, including:
  • the information obtaining module 401 is set to obtain information according to the review requirements
  • the evidence sample data obtaining module 402 is configured to obtain evidence sample data from the information, wherein the evidence sample data includes but is not limited to: privacy information, traceability record information of the privacy information, and the privacy violation behavior judgment standard of the privacy information Any combination of one or more types;
  • the privacy violation judgment module 403 is set to judge whether there is a privacy violation in the traceability record information according to the privacy violation judgment standard, and generate a privacy violation judgment result;
  • the privacy infringement evidence chain generation module 404 is configured to trace the source of the privacy infringement behavior according to the result of the privacy infringement behavior judgment and generate the privacy infringement evidence chain.
  • FIG. 5 another embodiment of the present application proposes a privacy information traceability and forensics system, including:
  • the evidence sample data generating device 501 is configured to generate evidence sample data of information; wherein, the evidence sample data includes: one or more of: privacy information, traceability record information of the privacy information, and privacy violation judgment criteria of the privacy information Any combination of; save the evidence sample data into the information;
  • the privacy information traceability and forensics device 502 is configured to obtain information according to the review requirements; obtain evidence sample data from the information; determine whether there is a privacy violation in the traceability record information according to the privacy violation behavior judgment standard; The result of the privacy violation behavior is traced to the source of the privacy violation behavior to generate a privacy violation evidence chain.
  • the implementation process of the above-mentioned evidence sample data generation device 501 and the privacy information traceability and forensics device 502 is the same as the implementation process of the foregoing embodiment, and will not be repeated here.
  • Example 1 Evidence sample data is generated in real time during the circulation of the picture, and the evidence sample data is saved in the picture and circulated together with the picture.
  • the privacy information obtain the coordinates of the privacy area in the picture by manual annotation or image recognition algorithm.
  • the horizontal and vertical coordinates of the upper left and lower right corners can be used to describe a rectangular area, and the privacy area of the picture information can be marked to generate privacy. information.
  • private information refers to clearly marked image privacy areas, including but not limited to image privacy content and location of image privacy information.
  • the information is a private picture of a private party
  • Alice marked two privacy areas in the picture the user's "face area” and the "image area where the jewelry is located.
  • the privacy information traceability and forensics method shown in FIG. 1.
  • Example 2 For the traceability and forensics analysis based on the pictures transferred in Example 1, the process can refer to the privacy information traceability and forensics method shown in FIG. 3.
  • the forensic function called by Alice verifies the confidentiality and integrity of the result of the privacy violation judgment to determine the authenticity of the traceability information.
  • the forensic function traces the source of David's private information through David's viewing behavior to Bob and determines that Bob is the subject of privacy violations; through Carol's mosaic processing, it is determined that Carol is another subject of privacy violations, and finally determines all privacy violations
  • the results are packaged into a privacy infringement evidence chain.
  • the term computer storage medium includes both volatile and non-volatile implemented in any method or technology configured to store information (such as computer-readable instructions, data structures, program modules, or other data) Sex, removable and non-removable media.
  • Computer storage media include but are not limited to RAM, ROM, EEPROM, flash memory or other memory technologies, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cartridges, magnetic tape, magnetic disk storage or other magnetic storage devices, or may Any other medium configured to store the desired information and be accessible by the computer.
  • the communication medium generally contains computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transmission mechanism, and may include any information delivery medium .

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Strategic Management (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Finance (AREA)
  • General Business, Economics & Management (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed in the embodiments of the present invention are a privacy information tracing and evidence collection method, apparatus, and system, the method comprising: generating evidence sample data of information; the evidence sample data comprises any combination of one or more of the following: privacy information, tracing record information of the privacy information, and privacy violation behaviour determining criteria of the privacy information; and storing the evidence sample data in the information.

Description

一种隐私信息溯源取证方法、装置及系统Method, device and system for tracing and obtaining evidence of private information 技术领域Technical field
本文涉及但不限于信息应用技术,尤指一种隐私信息溯源取证方法、装置及系统。This article involves but is not limited to information application technology, especially a privacy information traceability forensics method, device and system.
背景技术Background technique
随着信息技术和网络技术持续、快速发展,用户隐私信息在多信息系统、多边界之间广泛动态流转已成为常态。与此同时,一些敏感信息的泄漏与传播,会严重损害利益攸关者的隐私权益,已经引起了国家相关部门的高度重视,加强对互联网中个人隐私信息的监管,并对发生的隐私泄漏事件进行溯源取证也显得越来越重要。With the continuous and rapid development of information technology and network technology, the widespread and dynamic flow of user privacy information between multiple information systems and multiple boundaries has become the norm. At the same time, the leakage and dissemination of some sensitive information will seriously damage the privacy rights of stakeholders. It has attracted the attention of relevant state departments, strengthened the supervision of personal privacy information on the Internet, and dealt with the occurrence of privacy leaks. It is also more and more important to carry out traceability forensics.
在隐私信息跨信息系统传播的过程中,溯源信息需要在不同信息系统广泛交换。现有隐私信息的溯源取证方法聚焦于单一信息系统内部,主要依靠边界管控和事后审计技术,当隐私信息离开或进入本信息系统时,对隐私信息的传播途径进行记录,供泄漏事件发生后进行安全审计和取证分析,而隐私信息流转出信息系统边界后,便失去控制和溯源取证能力,相关技术并没有针对多应用系统、多边界的隐私信息广泛动态流传场景中的溯源取证问题提出有效解决方案。In the process of spreading private information across information systems, traceability information needs to be widely exchanged in different information systems. The existing private information traceability and forensics method focuses on a single information system, mainly relying on border control and post-audit technology. When private information leaves or enters this information system, it records the transmission path of private information for leakage after the incident Security audit and forensic analysis, and after the private information flows out of the information system boundary, it loses control and traceability forensics. Related technologies have not effectively addressed the issue of traceability forensics in the scenario of multi-application systems and multi-boundary privacy information widespread dynamic transmission. Program.
发明概述Summary of the invention
以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。The following is an overview of the topics detailed in this article. This summary is not intended to limit the scope of protection of the claims.
本发明实施例提供了一种隐私信息溯源取证方法,包括:An embodiment of the present invention provides a method for forensic traceability of private information, including:
生成信息的证据样本数据;所述证据样本数据包括以下一种或多种的任意组合:隐私信息、隐私信息的溯源记录信息和隐私信息的隐私侵犯行为判定标准;Generate evidence sample data of the information; the evidence sample data includes any combination of one or more of the following: privacy information, traceability record information of the privacy information, and privacy violation behavior judgment standards of the privacy information;
将所述证据样本数据保存到所述信息中。Save the evidence sample data into the information.
其中,所述隐私信息可以包括隐私信息内容和隐私信息位置;可以采用以下方式生成所述隐私信息:Wherein, the private information may include private information content and private information location; the private information may be generated in the following manner:
从所述信息中获取所述隐私信息内容,确定所述隐私信息内容在所述信息中的位置得到所述隐私信息位置。Obtain the privacy information content from the information, determine the location of the privacy information content in the information to obtain the location of the privacy information.
其中,可以采用以下方式生成所述隐私信息的溯源记录信息:判断出已生成的溯源记录信息可信,根据所述操作主体对所述隐私信息的操作行为采用溯源记录函数生成溯源记录信息。Wherein, the traceability record information of the private information may be generated in the following manner: it is determined that the generated traceability record information is credible, and a traceability record function is used to generate the traceability record information according to the operation behavior of the operation subject on the privacy information.
其中,所述溯源记录函数可以包括以下一种或多种的任意组合:映射函数、哈希函数、加密函数、签名函数;Wherein, the traceability record function may include any combination of one or more of the following: mapping function, hash function, encryption function, signature function;
其中,映射函数可以设置成为操作主体、操作客体、操作行为和操作行为发生环境中的一种或多种的任意组合建立映射关系;Among them, the mapping function can be set as any combination of one or more of the operation subject, operation object, operation behavior and the environment in which the operation behavior occurs to establish the mapping relationship;
哈希函数、加密函数和签名函数可以设置成防止溯源记录信息被恶意篡改,或者可以设置成防止在取证过程中恶意操作主体否认操作行为。The hash function, encryption function and signature function can be set to prevent the traceability record information from being maliciously tampered with, or can be set to prevent the malicious operation subject from denying the operation during the forensics process.
其中,所述操作主体可以包括以下任一种:Wherein, the operation subject may include any one of the following:
信息所有者、信息转发者、信息接收者、信息发送设备、信息接收设备、信息传输设备;Information owner, information forwarder, information receiver, information sending device, information receiving device, information transmission device;
所述操作行为可以包括以下至少之一:The operation behavior may include at least one of the following:
隐私信息传播操作行为、隐私信息处理操作行为;Private information dissemination operation behavior, private information processing operation behavior;
所述溯源记录信息可以包括:所述操作主体、操作客体、所述操作行为和操作行为发生环境中的一种或多种的任意组合,和/或所述操作主体、操作客体、所述操作行为和操作行为发生环境中的一种或多种的任意组合之间的映射关系。The traceability record information may include: any combination of one or more of the operation subject, operation object, the operation behavior and the environment in which the operation behavior occurs, and / or the operation subject, operation object, and operation The mapping relationship between behaviors and any combination of one or more of the operating behavior occurrence environments.
其中,可以采用以下方式生成所述隐私信息的隐私侵犯行为判定标准:Among them, the following standards can be used to generate the privacy violation judgment criteria:
根据对隐私信息的隐私保护需求生成所述隐私信息的隐私侵犯行为判定标准;其中,所述隐私保护需求包括以下至少之一:A judgment criterion for privacy violation behavior of the privacy information is generated according to the privacy protection requirements for the privacy information; wherein the privacy protection requirements include at least one of the following:
隐私保护算法类型、保护强度、隐私化效果。Privacy protection algorithm type, protection strength, privacy effect.
其中,根据隐私信息的隐私侵犯行为判定标准的描述语言及格式可以包括但不限于:可扩展标记语言(XML,Extensible Markup Language)、可扩展访问控制标记语言(X ACML,Extensible Access Control Markup Language)、 安全声明标记语言(SAML,Security Assertion Markup Language)、授权定义语言(ASL,Authorization Specification Language)、模板语言、自定义语言格式。Among them, the description language and format of the criteria for determining privacy violations based on private information may include but not limited to: Extensible Markup Language (XML, Extensible Markup Language), Extensible Access Control Markup Language (XACML, Extensible Access Control Control Markup Language) , Security Statement Markup Language (SAML, Security Assertion Markup Language), Authorization Definition Language (ASL, Authorization, Specification, Language), template language, custom language format.
其中,所述隐私侵犯行为判定标准可以包括但不限于:操作主体、操作客体、操作行为、操作属性、约束条件中的一种或者多种的任意组合之间的对应关系。Wherein, the judgment criterion of privacy violation behavior may include, but not limited to, a correspondence between any combination of one or more of an operation subject, an operation object, an operation behavior, an operation attribute, and a constraint condition.
其中,所述操作主体可以包括以下至少之一:Wherein, the operation subject may include at least one of the following:
信息所有者、信息转发者、信息接收者、信息发送设备、信息接收设备、信息传输设备;Information owner, information forwarder, information receiver, information sending device, information receiving device, information transmission device;
所述操作客体/操作对象可以设置成描述被操作的隐私信息;The operation object / operation object may be set to describe the operated private information;
所述操作行为可以包括以下一种或多种的任意组合:隐私信息传播操作、隐私信息处理操作;The operation behavior may include any combination of one or more of the following: private information dissemination operation, private information processing operation;
所述操作属性可以设置成描述执行操作行为应满足的属性条件包括但不限于包括:触发条件、环境信息、使用范围、媒体类型中的一种或者多种的任意组合。The operation attribute may be set to describe attribute conditions that should be satisfied to perform the operation behavior, including, but not limited to, any combination of one or more of trigger conditions, environmental information, use range, and media type.
所述触发条件可以设置成描述激活隐私侵犯行为判断的条件,包括以下一种或多种的任意组合:The trigger condition may be set to describe a condition for activating the judgment of privacy violation behavior, including any combination of one or more of the following:
离开或进入系统边界、离开或进入网络边界、发送隐私信息前、接收隐私信息前、自定义规则;Leave or enter the system boundary, leave or enter the network boundary, before sending private information, before receiving private information, custom rules;
所述系统边界可以包括但不限于以下一种或多种的任意组合:国家/省/市不同管理范围的信息系统边界、行业/集团/企业/部门不同管理范围的信息系统边界、企业内部不同业务的信息系统边界、同一信息系统中不同功能模块间的边界等。The system boundary may include, but is not limited to, any combination of one or more of the following: information system boundaries of different management scopes in countries / provinces / municipalities, information system boundaries of different management scopes in industries / groups / enterprises / departments, and differences within enterprises Business information system boundaries, boundaries between different functional modules in the same information system, etc.
所述网络边界可以包括但不限于以下一种或多种的任意组合:国家/省/市网络出入口、运营商网络出入口、企业网络出入口、企业内部网络安全域边界等。The network boundary may include, but is not limited to, any combination of one or more of the following: country / province / city network gateways, operator network gateways, enterprise network gateways, enterprise internal network security domain boundaries, etc.
所述环境信息可以包括但不限于以下一种或多种的任意组合:The environmental information may include, but is not limited to, any combination of one or more of the following:
角色、时间、空间位置、设备、网络、操作系统;Role, time, space location, equipment, network, operating system;
所述使用范围可以设置成描述隐私操作的应用场景,包括但不限于以下一种或多种的任意组合:The usage range may be set to describe application scenarios of privacy operations, including but not limited to any combination of one or more of the following:
设置成打印、设置成显示器显示、设置成移动存储介质交换、设置成网络传输;Set to print, set to display, set to removable storage medium exchange, set to network transmission;
所述移动存储介质可以包括但不限于以下一种或多种的任意组合:光盘、U盘、移动硬盘等。The mobile storage medium may include, but is not limited to, any combination of one or more of the following: an optical disk, a U disk, a mobile hard disk, and the like.
其中,对所述网络传输的网络类型不作限制,可以包括但不限于以下一种或多种的任意组合:有线网、无线网;其中对所述网络传输的网络协议也不做限制,可以包括但不限于以太网、WiFi、点对点(ad hoc)等。Among them, there is no restriction on the type of the network transmitted by the network, which may include, but is not limited to, any combination of one or more of the following: wired network, wireless network; wherein the network protocol for the network transmission is also not limited, and may include But it is not limited to Ethernet, WiFi, ad hoc, etc.
所述媒体类型可以设置成描述隐私信息文件的媒体格式,包括但不限于以下一种或多种的任意组合:文本、图片、音频、视频、超媒体;The media type may be set to a media format describing the private information file, including but not limited to any combination of one or more of the following: text, pictures, audio, video, hypermedia;
所述约束条件可以设置成描述操作行为的权限,其中所述约束条件可以包括但不限于:允许或不允许。The constraint condition may be set as a permission to describe the operation behavior, where the constraint condition may include but is not limited to: allowed or not allowed.
其中,隐私信息传播操作可以包括以下一种或多种的任意组合:The private information dissemination operation may include any combination of one or more of the following:
下载、查看、转发、剪切、评论、标记;Download, view, forward, cut, comment, mark;
所述隐私信息处理操作可以包括以下一种或多种的任意组合:The private information processing operation may include any combination of one or more of the following:
泛化、匿名、差分、遮掩、马赛克、过滤、加密、隐藏。Generalization, anonymity, difference, concealment, mosaic, filtering, encryption, hiding.
其中,将证据样本数据保存到信息中可以包括:Among them, saving the evidence sample data in the information may include:
将所述证据样本数据通过以下一种或多种方式的任意组合保存到所述信息中:绑定、嵌入、追加。Save the evidence sample data into the information in any combination of one or more of the following ways: binding, embedding, appending.
所述绑定方式是将隐私信息与证据样本数据建立连接的方式,两种数据不需存储在同一位置;The binding method is a way to establish a connection between private information and evidence sample data, and the two types of data need not be stored in the same location;
所述嵌入方式是指将证据样本数据存储在隐私信息文件原本格式的自定义区域内;The embedding method refers to storing the evidence sample data in a custom area in the original format of the private information file;
所述追加方式是指将修改原隐私信息的文件格式,将其修改成自定义文件格式,并新增自定义的字段设置成存储证据样本数据。The appending method refers to modifying the file format of the original private information, modifying it into a custom file format, and setting a newly added custom field to store evidence sample data.
本发明实施例提出了一种隐私信息溯源取证装置,包括:An embodiment of the present invention provides a device for tracing and obtaining evidence of privacy information, including:
证据样本数据生成模块,设置成生成信息的证据样本数据;所述证据样本数据包括但不限于:隐私信息、隐私信息的溯源记录信息和隐私信息的隐私侵犯行为判定标准中的一种或者多种的任意组合;Evidence sample data generation module, set to generate evidence sample data of information; the evidence sample data includes but is not limited to: one or more of the privacy information, the traceability record information of the privacy information and the privacy violation behavior judgment standard of the privacy information Any combination of
证据样本数据存储模块,设置成将所述证据样本数据保存到所述信息中。The evidence sample data storage module is configured to save the evidence sample data in the information.
本发明实施例提出了一种隐私信息溯源取证装置,包括处理器和计算机可读存储介质,所述计算机可读存储介质中存储有指令,当所述指令被所述处理器执行时,实现上述任一种隐私信息溯源取证方法。An embodiment of the present invention provides a privacy information traceability and forensics device, which includes a processor and a computer-readable storage medium. The computer-readable storage medium stores instructions. When the instructions are executed by the processor, the foregoing Any kind of privacy information traceability and forensics method.
本发明实施例提出了一种计算机可读存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现上述任一种隐私信息溯源取证方法的步骤。An embodiment of the present invention provides a computer-readable storage medium on which a computer program is stored. The computer program is characterized in that, when the computer program is executed by a processor, the steps of any one of the foregoing privacy information traceability forensics methods are implemented.
本发明实施例提出了一种隐私信息溯源取证方法,包括:An embodiment of the present invention provides a method for forensic traceability of private information, including:
根据审查需求获取信息;Obtain information based on review requirements;
从所述信息中获取证据样本数据,其中,所述证据样本数据包括:隐私信息、隐私信息的溯源记录信息和隐私信息的隐私侵犯行为判定标准中的一种或者多种的任意组合;Obtaining evidence sample data from the information, wherein the evidence sample data includes: any combination of one or more of the privacy information, the traceability record information of the privacy information, and the privacy violation judgment standard of the privacy information;
根据隐私侵犯行为判定标准判断溯源记录信息中是否存在隐私侵犯行为,生成隐私侵犯行为判定结果;Determine whether there is a privacy violation in the traceability record information according to the privacy violation judgment standard, and generate a privacy violation judgment result;
根据隐私侵犯行为判定结果进行隐私侵犯行为溯源,生成隐私侵犯证据链数据。Trace the source of privacy violations according to the judgment result of privacy violations, and generate privacy violation evidence chain data.
其中,根据隐私侵犯行为判定标准判断溯源记录信息中是否存在隐私侵犯行为可以包括:Among them, judging whether there is a privacy violation in the traceability record information according to the privacy violation judgment standard may include:
生成审查项;Generate review items;
根据所述审查项对所述溯源记录信息进行筛选,生成行为取证信息;Screening the traceability record information according to the review items to generate behavioral forensics information;
当行为取证信息可信时,根据隐私侵犯行为判定标准判断所述行为取证信息是否存在隐私侵犯行为,生成隐私侵犯行为判定结果。When the behavioral forensics information is credible, it is determined whether the behavioral forensics information has a privacy violation behavior according to the privacy violation behavior judgment standard, and a privacy violation behavior judgment result is generated.
其中,所述根据所述审查项对所述溯源记录信息进行筛选,生成行为取证信息可以包括:Wherein, the screening of the traceability record information according to the review item and generating behavior forensics information may include:
从所述溯源记录信息中筛选出审查项所界定的范围内的溯源记录信息作为行为取证信息。From the traceability record information, the traceability record information within the range defined by the review item is selected as behavior forensics information.
其中,所述根据隐私侵犯行为判定标准判断所述行为取证信息是否存在隐私侵犯行为可以包括:Wherein, the judging whether the behavior forensics information has privacy violation according to the privacy violation judgment standard may include:
当隐私侵犯行为判定标准中包括操作主体和操作客体时,获取隐私侵犯行为判定标准中操作主体为行为取证信息中的操作主体,且操作客体为行为取证信息中的操作客体所对应的操作属性、操作行为和约束条件中的一种或者多种的任意组合;When the privacy violation behavior judgment standard includes the operation subject and the operation object, the operation subject in the acquisition privacy violation judgment standard is the operation subject in the behavior forensics information, and the operation object is the operation attribute corresponding to the operation object in the behavior forensics information, Any combination of one or more of operating behaviors and constraints;
当隐私侵犯行为判定标准中包括操作主体,而不包括操作客体时,获取隐私侵犯行为判定标准中操作主体为行为取证信息中的操作主体所对应的操作属性、操作行为和约束条件中的一种或者多种的任意组合;When the privacy violation behavior judgment standard includes the operation subject, but not the operation object, the acquisition of the privacy violation behavior judgment standard is one of the operation attributes, operation behaviors, and constraints corresponding to the operation subject in the behavior forensics information. Or any combination of multiple;
当隐私侵犯行为判定标准中不包括操作主体,而包括操作客体时,获取隐私侵犯行为判定标准中操作客体为行为取证信息中的操作客体所对应的操作属性、操作行为和约束条件中的一种或者多种的任意组合;When the privacy violation judgment standard does not include the operation subject, but includes the operation object, the acquisition of the privacy violation behavior judgment standard is one of the operation attributes, operation behaviors, and constraints corresponding to the operation object in the behavior forensics information. Or any combination of multiple;
将获得的操作属性与行为取证信息中的操作行为发生环境进行比对,将获得的操作行为和约束条件与行为取证信息中的操作行为进行比对;Compare the obtained operation attributes with the operation behavior occurrence environment in the behavior forensics information, and compare the obtained operation behaviors and constraints with the operation behavior in the behavior forensics information;
当满足以下至少之一时确定行为取证信息中存在隐私侵犯行为:行为取证信息中该操作主体的操作行为发生环境超出获得的操作属性;行为取证信息中该操作主体的操作行为超出所在约束条件下允许的操作行为;When at least one of the following is satisfied, it is determined that there is a privacy violation in the behavioral forensics information: the operating environment of the operation subject in the behavioral forensics information exceeds the obtained operation attributes; Operating behavior;
当行为取证信息中该操作主体的所有操作行为均未超出所在约束条件下允许的操作行为,且所有操作行为发生环境均未超出获得的操作属性时,确定行为取证信息中不存在隐私侵犯行为。When all operation behaviors of the operation subject in the behavior forensics information do not exceed the operation behaviors allowed under the constraints, and the environment in which all operation behaviors occur does not exceed the obtained operation attributes, it is determined that there is no privacy violation in the behavior forensics information.
其中,隐私侵犯行为判定结果可以包括以下一种或多种的任意组合:Among them, the judgment result of privacy violation behavior may include any combination of one or more of the following:
是否存在侵犯行为、所侵犯的操作行为类型、侵犯程度、隐私侵犯行为判断结果的输出格式。Whether there is an infringement, the type of operation infringement, the degree of infringement, and the output format of the judgment result of privacy infringement.
其中,该方法还可以包括:Among them, the method may further include:
对所述隐私侵犯证据链进行安全性保障。Make security guarantee for the privacy violation evidence chain.
其中,所述对隐私侵犯证据链进行安全性保障可以包括以下一种或多种 的任意组合:Wherein, the security guarantee for the privacy infringement evidence chain may include any combination of one or more of the following:
生成所述隐私侵犯证据链的审计信息;Generate audit information of the privacy violation evidence chain;
计算所述隐私侵犯证据链和审计信息中的一种或多种的任意组合的完整性校验值;Calculating the integrity check value of any combination of one or more of the privacy violation evidence chain and audit information;
对所述隐私侵犯证据链生成用户和隐私侵犯证据链接收用户中的一个或多个的任意组合进行数字签名。Digitally sign any combination of one or more of the privacy violation evidence chain generation user and the privacy violation evidence chain reception user.
其中,所述审计信息可以设置成记录所述隐私侵犯证据链中的取证样本数据的获取记录,可以包括以下任一种或多种的任意组合:隐私侵犯行为判定结果、信息来源、取证人员、经手人;Wherein, the audit information can be set to record the acquisition record of the forensic sample data in the privacy violation evidence chain, and can include any one or more of the following: any combination of the following: violation of privacy violation judgment results, information sources, forensics personnel, Handle person
所述完整性校验值可以设置成保障所述隐私侵犯证据链和所述审计信息中的一种或多种的任意组合的内容不被恶意篡改;The integrity check value may be set to ensure that any combination of one or more of the privacy violation evidence chain and the audit information is not maliciously tampered with;
所述数字签名可以设置成保障所述隐私侵犯证据链在提交过程中不被恶意篡改。The digital signature may be set to ensure that the privacy violation evidence chain is not tampered with maliciously during the submission process.
本发明实施例提出了一种隐私信息溯源取证装置,包括:An embodiment of the present invention provides a device for tracing and obtaining evidence of privacy information, including:
信息获取模块,设置成根据审查需求获取信息;The information acquisition module is set to acquire information according to the review requirements;
证据样本数据获取模块,设置成从所述信息中获取证据样本数据,所述证据样本数据包括:隐私信息、隐私信息的溯源记录信息和隐私信息的隐私侵犯行为判定标准中的一种或者多种的任意组合;The evidence sample data acquisition module is configured to obtain evidence sample data from the information, the evidence sample data including: one or more of the privacy information, the traceability record information of the privacy information, and the privacy violation judgment criteria of the privacy information Any combination of
隐私侵犯行为判定模块,设置成根据隐私侵犯行为判定标准判断溯源记录信息中是否存在隐私侵犯行为,生成隐私侵犯行为判定结果;The privacy violation judgment module is set to judge whether there is a privacy violation in the traceability record information according to the privacy violation judgment standard, and generate a privacy violation judgment result;
隐私侵犯证据链生成模块,设置成根据隐私侵犯行为判定结果进行隐私侵犯行为溯源,生成隐私侵犯证据链。The privacy infringement evidence chain generation module is set to trace the source of the privacy infringement behavior based on the result of the privacy infringement behavior judgment and generate the privacy infringement evidence chain.
本发明实施例提出了一种隐私信息溯源取证装置,包括处理器和计算机可读存储介质,所述计算机可读存储介质中存储有指令,当所述指令被所述处理器执行时,实现上述任一种隐私信息溯源取证方法。An embodiment of the present invention provides a privacy information traceability and forensics device, which includes a processor and a computer-readable storage medium. The computer-readable storage medium stores instructions. When the instructions are executed by the processor, the foregoing Any kind of privacy information traceability and forensics method.
本发明实施例提出了一种计算机可读存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现上述任一种隐私信息溯源取证方法的步 骤。An embodiment of the present invention provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, any of the steps of the above-mentioned privacy information traceability and forensics method is implemented.
本发明实施例还提出了一种隐私信息溯源取证系统,包括:An embodiment of the present invention also proposes a privacy information traceability and forensics system, including:
证据样本数据生成设备,设置成生成信息的证据样本数据;所述证据样本数据包括:隐私信息、隐私信息的溯源记录信息和隐私信息的隐私侵犯行为判定标准中的一种或者多种的任意组合;将所述证据样本数据保存到所述信息中;Evidence sample data generating device, set to generate evidence sample data of information; the evidence sample data includes: any combination of one or more of the privacy information, the traceability record information of the privacy information and the privacy violation behavior judgment standard of the privacy information ; Save the evidence sample data to the information;
隐私信息溯源取证设备,设置成根据审查需求获取信息;从所述信息中获取证据样本数据,所述证据样本数据包括:隐私信息、隐私信息的溯源记录信息和隐私信息的隐私侵犯行为判定标准中的一种或者多种的任意组合;根据隐私侵犯行为判定标准判断溯源记录信息中是否存在隐私侵犯行为,生成隐私侵犯行为判定结果;根据隐私侵犯行为判定结果进行隐私侵犯行为溯源,生成隐私侵犯证据链。The privacy information traceability and forensics equipment is set to obtain information according to the review requirements; to obtain evidence sample data from the information, the evidence sample data includes: privacy information, the traceability record information of the privacy information, and the privacy violation behavior judgment standard Any combination of one or more types; determine whether there is a privacy violation in the traceability record information according to the privacy violation judgment standard, and generate a privacy violation behavior judgment result; perform a privacy violation behavior traceability based on the privacy violation behavior judgment result, and generate privacy violation evidence chain.
其中,所述证据样本数据可以包括:隐私信息、隐私信息的溯源记录信息和隐私信息的隐私侵犯行为判定标准中的一种或多种的任意组合;将所述证据样本数据保存到所述信息中。本发明实施例通过在信息中保存证据样本数据来实现对隐私信息的溯源取证能力,由于证据样本数据可随信息一同流转,克服了传统溯源取证方法聚焦于单一信息系统内部的问题,提升了对隐私信息的溯源取证能力,尤其是多应用系统、多边界的隐私信息随机流转场景中的溯源取证问题。Wherein, the evidence sample data may include: any combination of one or more of the privacy information, the traceability record information of the privacy information, and the privacy violation judgment criteria of the privacy information; storing the evidence sample data to the information in. The embodiment of the present invention realizes the traceability and forensics of private information by storing evidence sample data in the information. Since the evidence sample data can be transferred along with the information, it overcomes the problem of the traditional traceability forensics method focusing on a single information system and improves the The ability of traceability and forensics of private information, especially the issue of traceability and forensics in the scenario of multi-application systems and multi-boundary random flow of private information.
在阅读并理解了附图和详细描述后,可以明白其他方面。After reading and understanding the drawings and detailed description, other aspects can be understood.
附图概述Brief description of the drawings
图1为本发明实施例的隐私信息溯源取证方法的流程图;FIG. 1 is a flowchart of a method for tracing and obtaining evidence of privacy information according to an embodiment of the present invention;
图2为本发明实施例的隐私信息溯源取证装置的结构组成示意图;FIG. 2 is a schematic structural diagram of a privacy information traceability and forensics device according to an embodiment of the present invention;
图3为本发明实施例的隐私信息溯源取证方法的流程图;FIG. 3 is a flowchart of a method for forensic traceability of private information according to an embodiment of the present invention;
图4为本发明实施例的隐私信息溯源取证装置的结构组成示意图;FIG. 4 is a schematic diagram of the structure of a privacy information traceability and forensics device according to an embodiment of the invention;
图5为本发明实施例的隐私信息溯源取证系统的结构组成示意图。FIG. 5 is a schematic structural diagram of a privacy information traceability and forensics system according to an embodiment of the present invention.
详述Elaborate
在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互任意组合。In the case of no conflict, the embodiments in the present application and the features in the embodiments can be arbitrarily combined with each other.
参见图1,本申请一个实施例提出了一种隐私信息溯源取证方法,包括:Referring to FIG. 1, an embodiment of the present application proposes a method for forensic traceability of private information, including:
步骤100、生成信息的证据样本数据;证据样本数据包括但不限于:隐私信息、隐私信息的溯源记录信息和隐私信息的隐私侵犯行为判定标准的一种或多种的任意组合。Step 100: Generate evidence sample data of the information; the evidence sample data includes but is not limited to: any combination of one or more of private information, the traceability record information of the private information, and the privacy violation judgment criteria of the private information.
一个示例性的实施例中,隐私信息设置成描述信息所有者不想公开的信息中的部分或全部内容,隐私信息包括但不限于隐私信息内容和隐私信息位置。In an exemplary embodiment, the privacy information is set to describe some or all of the information that the information owner does not want to disclose. The privacy information includes but is not limited to the privacy information content and the location of the privacy information.
一个示例性的实施例中,隐私信息内容包括但不限于以下至少之一:In an exemplary embodiment, the private information content includes but is not limited to at least one of the following:
文本中的敏感字、图片中的敏感区域、音频中的敏感段、视频中的敏感帧。Sensitive words in text, sensitive areas in pictures, sensitive segments in audio, sensitive frames in video.
隐私信息位置包括但不限于以下至少之一:The location of private information includes but is not limited to at least one of the following:
页、章节、段落、行、序号、坐标、图层、像素数、时间段、音轨、图层、帧序号。Page, chapter, paragraph, line, sequence number, coordinates, layer, number of pixels, time period, audio track, layer, frame sequence number.
一个示例性的实施例中,采用以下方式生成隐私信息:In an exemplary embodiment, private information is generated in the following manner:
从所述信息中获取所述隐私信息内容,确定所述隐私信息内容在所述信息中的位置得到所述隐私信息位置。Obtain the privacy information content from the information, determine the location of the privacy information content in the information to obtain the location of the privacy information.
一个示例性的实施例中,可以采用以下任一种方法从信息中获取隐私信息内容:自动抽取、人工获取、模式识别自动获取等。In an exemplary embodiment, any one of the following methods may be used to obtain private information content from information: automatic extraction, manual acquisition, automatic pattern recognition acquisition, and the like.
例如,可以对博客文章中的关键词自动抽取,所抽取的关键词即为隐私信息内容;For example, keywords in blog posts can be automatically extracted, and the extracted keywords are private information content;
又如,人工标定录音中的敏感语料,所标定的敏感语料即为隐私信息内容;As another example, manually calibrating the sensitive corpus in the recording, the marked sensitive corpus is the content of private information;
又如,通过人脸识别算法识别图片中的人脸区域;通过文字识别算法(OCR,Optical Character Recognition)识别照片中的身份证号码,身份证号码所在的区域即为隐私信息内容。In another example, a face recognition algorithm is used to identify the face area in the picture; a text recognition algorithm (OCR, Optical, Character, Recognition) is used to identify the ID number in the photo, and the area where the ID number is located is the content of the privacy information.
在获得隐私信息内容后,隐私信息位置也就确定了。例如,当采用自动抽取方式获得隐私信息内容时,抽取隐私信息内容的同时也获得了隐私信息位置;当采用人工获取方式获得隐私信息内容时,隐私信息位置可以由人工输入;当采用模式识别自动获取方式获得隐私信息内容时,识别隐私信息内容的同时也获得了隐私信息位置。After obtaining the content of the private information, the location of the private information is determined. For example, when the automatic extraction method is used to obtain the private information content, the private information content is also obtained while extracting the private information content; when the manual information acquisition method is used to obtain the private information content, the private information location can be manually input; when the pattern recognition is used automatically When obtaining the content of private information in the acquisition mode, the location of the private information is obtained while identifying the content of the private information.
一个示例性的实施例中,任何一个操作主体均可生成隐私信息,但是隐私信息一旦生成,则在后续信息流转过程中无法删除已生成的隐私信息,后续流转过程中操作主体只能生成新的隐私信息。In an exemplary embodiment, any operation subject can generate private information. However, once the privacy information is generated, the generated private information cannot be deleted in the subsequent information transfer process. During the subsequent transfer process, the operation subject can only generate new Privacy information.
一个示例性的实施例中,可以采用以下方式生成隐私信息的溯源记录信息:In an exemplary embodiment, the traceability record information of the private information may be generated in the following manner:
判断已生成的溯源记录信息可信,根据操作主体对隐私信息的操作行为采用溯源记录函数生成溯源记录信息。Determine that the generated traceability record information is credible, and use the traceability record function to generate the traceability record information according to the operation behavior of the operation subject on the privacy information.
一个示例性的实施例中,判断已生成的溯源记录信息可信是指通过哈希、加密、签名等机制保障溯源记录信息在流转过程中未被恶意用户篡改、伪造。In an exemplary embodiment, judging that the generated traceability record information is credible refers to ensuring that the traceability record information is not tampered with or forged by malicious users during the transfer process through hashing, encryption, and signature mechanisms.
溯源记录函数以操作主体、操作客体(即隐私信息)、操作行为和操作行为发生环境为输入信息生成溯源记录信息。The traceability record function generates the traceability record information by using the operation subject, the operation object (that is, private information), the operation behavior, and the environment in which the operation behavior occurs as input information.
溯源记录函数包括以下一种或多种的任意组合:映射函数、哈希(Hash)函数、加密函数、签名函数。The traceability record function includes any combination of one or more of the following: a mapping function, a hash function, an encryption function, and a signature function.
一个示例性的实施例中,映射函数设置成为操作主体、操作客体、操作行为和操作行为发生环境中的一种或多种的任意组合建立映射关系。In an exemplary embodiment, the mapping function is configured to establish a mapping relationship by any combination of one or more of an operation subject, an operation object, an operation behavior, and an environment in which the operation behavior occurs.
哈希函数、加密函数和签名函数设置成防止溯源记录信息被恶意篡改,或者设置成防止在取证过程中恶意操作主体否认操作行为。哈希函数、加密函数和签名函数设置成保障溯源记录信息在随信息流转过程中的机密性和完整性,实现了溯源记录信息的不可伪造和不可篡改的需求。The hash function, encryption function and signature function are set to prevent the traceability record information from being maliciously tampered with, or to prevent the malicious operation subject from denying the operation during the forensics process. The hash function, encryption function and signature function are set to ensure the confidentiality and integrity of the traceability record information in the process of information transfer, and the requirements of the traceability record information can not be forged and tampered with.
例如,可以利用映射函数绑定操作主体、操作客体、操作行为和操作行为发生环境中的一种或多种的任意组合的对应关系,可以是一个操作主体对应一个操作行为(一一映射),也可以对应多个操作行为(一对多映射)。For example, the mapping function can be used to bind the corresponding relationship of any combination of one or more of the operation subject, operation object, operation behavior and the environment in which the operation behavior occurs. It can be that one operation subject corresponds to one operation behavior (one-to-one mapping) It can also correspond to multiple operations (one-to-many mapping).
又如,利用哈希(Hash)函数将隐私信息的哈希值存入溯源记录信息, 作为当前操作记录时的隐私信息的状态。在下次存储溯源记录之前,先对当前的隐私信息的哈希值进行验证。计算当前的隐私信息的哈希值,将计算的哈希值与已生成的溯源记录信息中的隐私信息的哈希值做对比,如两者不匹配,则说明隐私信息遭到篡改。In another example, a hash function is used to store the hash value of the privacy information in the traceability record information as the status of the privacy information at the time of the current operation record. Before storing the traceability record next time, first verify the hash value of the current private information. Calculate the hash value of the current privacy information, and compare the calculated hash value with the hash value of the privacy information in the generated traceability record information. If the two do not match, it means that the privacy information has been tampered with.
又如,也可以利用加密技术来保证溯源记录信息的完整性,只有拥有密钥的可信主体,才能记录操作记录。也就是说,当已生成的溯源记录信息可以被指定密钥解密时,说明已生成的溯源记录信息可信;当已生成的溯源记录信息无法用指定密钥解密时,说明已生成的溯源记录信息不可信。As another example, encryption technology can also be used to ensure the integrity of traceability record information, and only trusted subjects with keys can record operation records. That is to say, when the generated traceability record information can be decrypted by the specified key, it means that the generated traceability record information is reliable; when the generated traceability record information cannot be decrypted by the specified key, it means that the generated traceability record The information is not credible.
又如,可以用加密函数和签名函数来保证溯源记录信息在传播过程中不可伪造和不可篡改。例如,一种可行的防篡改方法可以通过用将隐私信息加密,每次处理隐私信息必须通过授权软件对隐私信息进行解密,授权软件将用户操作忠实地记录下来。授权软件利用隐私信息传播过程中的每个用户的私钥对操作行为进行签名,从第一个隐私信息处理者的签名开始,之后每个用户都需要将之前的溯源记录信息和自己的操作一起签名,形成一种嵌套签名结构,实现防止恶意用户对溯源记录信息的篡改行为。As another example, the encryption function and signature function can be used to ensure that the traceability record information cannot be forged and tampered during the propagation process. For example, a viable anti-tampering method can be used to encrypt private information. Each time the private information is processed, the private information must be decrypted by authorized software, and the authorized software faithfully records user operations. The authorized software uses the private key of each user in the process of disseminating the private information to sign the operation behavior, starting from the signature of the first private information processor, and then each user needs to record the previous traceability record information with his own operation Signatures form a nested signature structure to prevent malicious users from tampering with traceability records.
一个示例性的实施例中,所述操作行为设置成描述操作主体对隐私信息内容进行的操作,包括但不限于以下一种或多种的任意组合:In an exemplary embodiment, the operation behavior is set to describe the operation performed by the operation subject on the content of private information, including but not limited to any combination of one or more of the following:
隐私信息传播操作行为、隐私信息处理操作行为。Private information dissemination operation behavior, private information processing operation behavior.
其中,隐私信息传播操作行为包括但不限于以下一种或多种的任意组合:Among them, private information dissemination operations include but are not limited to any combination of one or more of the following:
下载、查看、转发、剪切、评论、标记。Download, view, forward, cut, comment, mark.
其中,隐私信息处理操作行为包括但不限于以下一种或多种的任意组合:Among them, private information processing operations include but are not limited to any combination of one or more of the following:
泛化、匿名、差分、遮掩、马赛克、过滤、加密、隐藏。Generalization, anonymity, difference, concealment, mosaic, filtering, encryption, hiding.
一个示例性的实施例中,溯源记录信息包括:操作主体、操作客体、所述操作行为和操作行为发生环境中的一种或多种的任意组合,和/或所述操作主体、操作客体、所述操作行为和操作行为发生环境中的一种或多种的任意组合之间的映射关系。In an exemplary embodiment, the traceability record information includes: an operation subject, an operation object, any combination of one or more of the operation behavior and the environment in which the operation behavior occurs, and / or the operation subject, operation object, The mapping relationship between the operation behavior and any combination of one or more of the operation behavior occurrence environments.
一个示例性的实施例中,操作行为发生环境包括但不限于以下至少之一:In an exemplary embodiment, the operating behavior occurrence environment includes but is not limited to at least one of the following:
操作时间、操作空间位置、操作设备、操作行为所在网络、操作行为所 在操作系统。Operating time, operating space location, operating equipment, operating network, operating system operating system.
一个示例性的实施例中,可以根据对隐私信息的隐私保护需求生成隐私信息的隐私侵犯行为判定标准;或者根据人工设置生成隐私侵犯行为判定标准。In an exemplary embodiment, a judgment criterion for privacy violation behavior of privacy information may be generated according to a privacy protection requirement for privacy information; or a judgment criterion for privacy violation behavior may be generated according to manual settings.
一个示例性的实施例中,隐私保护需求可以人工设置。In an exemplary embodiment, the privacy protection requirements can be set manually.
一个示例性的实施例中,可以将隐私保护需求翻译成机器可以识别的信息,即隐私侵犯行为判定标准。In an exemplary embodiment, the privacy protection requirements can be translated into machine-recognizable information, that is, privacy violation behavior judgment standards.
一个示例性的实施例中,可以采用以下至少之一方式将隐私保护需求翻译成机器可以识别的信息:自然语言分析、模板语言等。In an exemplary embodiment, the privacy protection requirements can be translated into machine-recognizable information in at least one of the following ways: natural language analysis, template language, etc.
一个示例性的实施例中,隐私保护需求可以是指用户希望图片文件中隐私信息的保护效果;包括但不限于以下至少之一:隐私保护算法类型、保护强度、隐私化效果(比如但不限于隐私化处理后的视觉效果)。In an exemplary embodiment, the privacy protection requirement may refer to the user's desire to protect the privacy information in the image file; including but not limited to at least one of the following: privacy protection algorithm type, protection strength, privacy effect (such as but not limited to The visual effect after privacy treatment).
一个示例性的实施例中,隐私侵犯行为判定标准的描述语言及格式包括但不限于:XML、ACML、SAML、ASL、模板语言、自定义语言格式。In an exemplary embodiment, the description language and format of the privacy infringement judgment standard include but are not limited to: XML, ACML, SAML, ASL, template language, and custom language format.
一个示例性的实施例中,隐私保护算法类型包括可还原隐私保护算法和不可还原隐私保护算法,所述可还原隐私保护算法是指处理的隐私信息可以通过逆向计算还原出原本的信息,包括但不限于以下至少之一:加密、编码、信息隐藏;所述不可还原隐私保护算法是指隐私保护后,隐私信息不可还原,包括但不限于以下至少之一:混淆、扰动、差分隐私、泛化、匿名、遮掩;In an exemplary embodiment, the types of privacy protection algorithms include reversible privacy protection algorithms and non-recoverable privacy protection algorithms. The reversible privacy protection algorithm refers to that the processed privacy information can be restored to the original information through reverse calculation, including but Not limited to at least one of the following: encryption, encoding, and information hiding; the non-recoverable privacy protection algorithm means that after privacy protection, private information cannot be restored, including but not limited to at least one of the following: confusion, disturbance, differential privacy, generalization , Anonymity, cover-up;
一个示例性的实施例中,保护强度可根据信息安全等级分为轻度、中度、重度;为达到相应的隐私保护等级,需对隐私保护算法的参数进行设定,通常情况下隐私保护效果越好的参数,处理后可用信息越少。In an exemplary embodiment, the protection strength can be divided into mild, moderate, and severe according to the information security level; in order to achieve the corresponding privacy protection level, the parameters of the privacy protection algorithm need to be set, and usually the privacy protection effect The better the parameters, the less information available after processing.
一个示例性的实施例中,隐私化效果是指所述隐私保护算法处理后隐私信息的可读效果,通常是指攻击者通过处理后信息反推出隐私信息的概率进行评估。In an exemplary embodiment, the privacy effect refers to the readable effect of the privacy information after processing by the privacy protection algorithm, and generally refers to an attacker's assessment of the probability of pushing back the privacy information through the processed information.
一个示例性的实施例中,隐私信息处理操作设置成描述操作主体可对隐私信息执行的隐私保护技术,包括但不限于以下至少之一:In an exemplary embodiment, the privacy information processing operation is set to describe the privacy protection technology that the operation subject can perform on the privacy information, including but not limited to at least one of the following:
泛化、匿名、差分、遮掩、马赛克、过滤、加密、隐藏。Generalization, anonymity, difference, concealment, mosaic, filtering, encryption, hiding.
所述的操作属性设置成描述执行操作行为应满足的属性条件包括但不限于包括:触发条件、环境信息、使用范围、媒体类型的一种或者多种的任意组合。The operation attributes set to describe the attribute conditions that should be satisfied to perform the operation include, but are not limited to, any combination of one or more of trigger conditions, environmental information, use range, and media type.
一个示例性的实施例中,所述触发条件设置成描述激活隐私侵犯行为判断的条件,包括以下一种或多种的任意组合:In an exemplary embodiment, the trigger condition is set to describe a condition for activating the judgment of privacy violation behavior, including any combination of one or more of the following:
离开或进入系统边界、离开或进入网络边界、发送隐私信息前、接收隐私信息前、自定义规则;Leave or enter the system boundary, leave or enter the network boundary, before sending private information, before receiving private information, custom rules;
所述系统边界包括但不限于以下一种或多种的任意组合:国家/省/市不同管理范围的信息系统边界、行业/集团/企业/部门不同管理范围的信息系统边界、企业内部不同业务的信息系统边界、同一信息系统中不同功能模块间的边界等。The system boundary includes but is not limited to any combination of one or more of the following: information system boundaries in different management scopes of countries / provinces / cities, information system boundaries in different management scopes of industries / groups / enterprises / departments, and different businesses within enterprises Information system boundaries, boundaries between different functional modules in the same information system, etc.
所述网络边界包括但不限于以下一种或多种的任意组合:国家/省/市网络出入口、运营商网络出入口、企业网络出入口、企业内部网络安全域边界等。The network boundary includes, but is not limited to, any combination of one or more of the following: country / province / city network gateways, operator network gateways, enterprise network gateways, enterprise internal network security domain boundaries, etc.
一个示例性的实施例中,隐私侵犯行为判定标准中包括:操作主体在操作属性下对操作客体具有或不具有所在约束条件下的操作行为;In an exemplary embodiment, the criteria for determining the privacy violation behavior include: the operation behavior of the operation subject under the operation attribute with or without the constraint on the operation object;
或者,隐私侵犯行为判定标准中不包含操作主体时,表示所有的操作主体在操作属性下对操作客体均具有或不具有所在约束条件下的操作行为;或者,隐私侵犯行为判定标准中不包含操作客体时,表示操作主体在操作属性下对所有的操作客体均具有或不具有所在约束条件下的操作行为;或者,采用其他的操作权限限制方式,本发明实施例对此不作限定。Or, if the operation subject is not included in the privacy violation judgment standard, it means that all the operation subjects have or do not have the operation behavior under the constraints of the operation object under the operation attribute; or, the privacy violation behavior judgment standard does not include the operation In the case of an object, it means that the operation subject has or does not have the operation behavior under the constraint conditions for all the operation objects under the operation attributes; or, other operation authority restriction methods are adopted, which are not limited in the embodiments of the present invention.
信息生成者和/或信息传播者可以对应不同的触发条件、不同的环境信息、不同的使用范围、不同的媒体类型,需要为不同的操作主体和/或操作客体设置不同的操作行为的权限。The information generator and / or the information communicator may correspond to different triggering conditions, different environmental information, different use scopes, different media types, and need to set different operation behavior permissions for different operation subjects and / or operation objects.
步骤101、将所述证据样本数据保存到所述信息中。Step 101: Save the evidence sample data into the information.
一个示例性的实施例中,将生成的证据样本数据通过以下一种或多种方式的任意组合保存到信息中:绑定、嵌入、追加等。In an exemplary embodiment, the generated evidence sample data is saved into the information in any combination of one or more of the following ways: binding, embedding, appending, etc.
一个示例性的实施例中,所述绑定方式是将隐私信息与证据样本数据建 立连接的方式,两种数据不需存储在同一位置;In an exemplary embodiment, the binding method is a method of establishing a connection between private information and evidence sample data, and the two types of data need not be stored in the same location;
所述嵌入方式是指将证据样本数据存储在隐私信息文件原本格式的自定义区域内;The embedding method refers to storing the evidence sample data in a custom area in the original format of the private information file;
所述追加方式是指将修改原隐私信息的文件格式,将其修改成自定义文件格式,并新增自定义的字段设置成存储证据样本数据。The appending method refers to modifying the file format of the original private information, modifying it into a custom file format, and setting a newly added custom field to store evidence sample data.
例如,在JPEG格式的图片文件中,可以将证据样本数据嵌入到JPEG的图片文件的EXIF元数据中,嵌入形式本发明实施例不作限定;For example, in a picture file in the JPEG format, evidence sample data may be embedded in the EXIF metadata of the JPEG picture file, and the embedding form is not limited by the embodiment of the present invention;
在文本文件中,可以将证据样本数据追加到文件末尾处,追加形式本发明实施例不作限定;In the text file, the evidence sample data can be appended to the end of the file, and the appended form is not limited by the embodiment of the present invention;
证据样本数据也可以以另一个文件的形式,通过链接等技术绑定在信息上。Evidence sample data can also be bound to the information in the form of another file through links and other techniques.
当然,也可以采用其他的保存方式,本发明实施例对保存方式不作限定。Of course, other storage methods may also be used, and the embodiment of the present invention does not limit the storage method.
一个示例性的实施例中,步骤100和步骤101可以在操作主体需要对信息进行隐私信息传播操作或隐私信息处理操作时执行,也可以在操作主体对信息进行隐私信息处理操作之后执行。In an exemplary embodiment, steps 100 and 101 may be performed when the operation subject needs to perform a privacy information propagation operation or a privacy information processing operation on the information, or may be performed after the operation subject performs the privacy information processing operation on the information.
参见图2,本申请另一个实施例提出了一种隐私信息溯源取证装置,包括:Referring to FIG. 2, another embodiment of the present application proposes a privacy information traceability and forensics device, including:
证据样本数据生成模块201,设置成生成信息的证据样本数据;所述证据样本数据包括但不限于:隐私信息、隐私信息的溯源记录信息和隐私信息的隐私侵犯行为判定标准一种或多种的任意组合;The evidence sample data generation module 201 is configured to generate evidence sample data of information; the evidence sample data includes but is not limited to: privacy information, traceability record information of privacy information, and one or more judgment standards of privacy violation behavior of privacy information random combination;
证据样本数据存储模块202,设置成将所述证据样本数据保存到所述信息中。The evidence sample data storage module 202 is configured to save the evidence sample data in the information.
参见图3,本申请另一个实施例提出了一种隐私信息溯源取证方法,包括:Referring to FIG. 3, another embodiment of the present application proposes a privacy information traceability and forensics method, including:
步骤300、根据审查需求获取信息。Step 300: Obtain information according to the review requirements.
一个示例性的实施例中,审查需求设置成描述溯源取证人员在不同审查场景下对隐私信息的溯源记录信息进行审查,查询是否存在隐私侵犯行为的 需求。In an exemplary embodiment, the review requirement is set to describe the requirement that the traceability and forensic personnel review the traceability record information of the private information under different review scenarios to query whether there is a privacy violation.
一个示例性的实施例中,审查需求包括但不限于以下至少之一:In an exemplary embodiment, the review requirements include but are not limited to at least one of the following:
审查场景、审查目标、审查时间、审查设备、审查网络、审查系统。Review scenario, review objectives, review time, review equipment, review network, review system.
一个示例性的实施例中,审查场景包括但不限于以下至少之一:In an exemplary embodiment, the review scenario includes but is not limited to at least one of the following:
隐私泄漏事件发生后的调查、常规隐私审计、隐私泄漏预警。Investigations after privacy leaks, regular privacy audits, and privacy leak warnings.
一个示例性的实施例中,当审查场景为隐私泄漏事件发生后的调查时,获取泄漏的信息。In an exemplary embodiment, when the review scenario is an investigation after a privacy leak event occurs, the leaked information is obtained.
当审查场景为常规隐私审计时,周期性或定时获取每一个转发的信息。When the review scenario is a conventional privacy audit, each forwarded information is obtained periodically or periodically.
当审查场景为隐私泄漏预警时,实时获取每一个转发的信息。When the review scenario is a privacy leak warning, each forwarded information is obtained in real time.
所述审查目标、审查时间、审查设备、审查网络、审查系统可作为审查信息筛选的依据。The review objectives, review time, review equipment, review network, and review system can be used as the basis for review information screening.
步骤301、从所述信息中获取证据样本数据,一个示例性的实施例中,所述证据样本数据包括:隐私信息、隐私信息的溯源记录信息和隐私信息的隐私侵犯行为判定标准中的一种或者多种的任意组合。Step 301: Obtain evidence sample data from the information. In an exemplary embodiment, the evidence sample data includes: one of privacy information, the traceability record information of the privacy information, and the privacy violation behavior judgment standard of the privacy information Or any combination of multiple.
一个示例性的实施例中,隐私信息、溯源记录信息和隐私侵犯行为判定标准与前述实施例相同,这里不再赘述。需要说明的是,隐私侵犯行为判定标准可以包含在证据样本数据中,也可以不包含在证据样本数据中,当隐私侵犯行为判定标准包含在证据样本数据中时,直接从证据样本数据中获取即可;当隐私侵犯行为判定标准没有包含在证据样本数据中时,可以在需要的时候生成,生成方法与前述实施例相同,这里不再赘述。In an exemplary embodiment, the criteria for determining the privacy information, traceability record information, and privacy violation behavior are the same as those in the foregoing embodiment, and details are not described here. It should be noted that the criteria for determining privacy violations may or may not be included in the evidence sample data. When the criteria for determining privacy violations are included in the evidence sample data, they are obtained directly from the evidence sample data. Yes; when the criterion of privacy violation behavior is not included in the evidence sample data, it can be generated when needed, and the generation method is the same as the previous embodiment, and will not be repeated here.
步骤302、根据隐私侵犯行为判定标准判断溯源记录信息中是否存在隐私侵犯行为,生成隐私侵犯行为判定结果。Step 302: Determine whether there is a privacy violation in the traceability record information according to the privacy violation judgment standard, and generate a privacy violation judgment result.
一个示例性的实施例中,根据隐私侵犯行为判定标准判断溯源记录信息中是否存在隐私侵犯行为包括:In an exemplary embodiment, determining whether there is a privacy violation in the traceability record information according to the privacy violation judgment standard includes:
生成审查项;根据所述审查项对所述证据样本数据中的溯源记录信息进行筛选,生成行为取证信息;当行为取证信息可信时,根据隐私侵犯行为判定标准判断所述行为取证信息是否存在隐私侵犯行为,生成隐私侵犯行为判 定结果。Generate a review item; filter the traceability record information in the evidence sample data according to the review item to generate behavioral forensic information; when the behavioral forensic information is credible, determine whether the behavioral forensic information exists according to the privacy violation behavior judgment standard Privacy violations, generate privacy violations judgment results.
当行为取证信息不可信时,结束本流程。When the behavioral forensics information is not credible, this process is ended.
一个示例性的实施例中,行为取证信息是否可信的判断方式与前述实施例溯源记录信息是否可信的判断方式相同,这里不再赘述。In an exemplary embodiment, the manner of determining whether the behavioral forensics information is credible is the same as the manner of determining whether the traceability record information is credible in the foregoing embodiment, and details are not described herein again.
一个示例性的实施例中,审查项可以手动设置;或者根据审查需求生成审查项。In an exemplary embodiment, the review items can be set manually; or the review items can be generated according to the review requirements.
一个示例性的实施例中,可以采用以下至少之一方式实现生成审查项:模板匹配、人工输入、自然语言处理等。In an exemplary embodiment, at least one of the following ways may be used to generate the review items: template matching, manual input, natural language processing, and the like.
例如,可以对规定语法模板审查需求描述文字进行关键词匹配,所匹配的关键词即为审查项,举例:当审查需求为检查2018年7月和8月的记录,可自动提取审查时间“2018年7月1日至2018年8月31日。For example, you can perform keyword matching on the description text of the review requirements of the specified grammar template. The matched keywords are the review items. For example: when the review requirement is to check the records of July and August 2018, the review time "2018" can be automatically extracted. From July 1, 2014 to August 31, 2018.
又如,根据审查需求的情况,人工输入较为细致的审查项内容,从而节省排查时间。As another example, according to the situation of the review requirements, manually input more detailed contents of the review items, thereby saving the time for troubleshooting.
又如,通过自然语言处理方法对审查需求进行分析;通过训练历史审查需求记录,构造审查需求模型;当新的审查需求语料需要处理时,字段匹配其中的审查项。In another example, the review requirements are analyzed through natural language processing methods; the review requirements records are trained through training history, and the review requirements model is constructed; when the new review requirements corpus needs to be processed, the fields match the review items therein.
上述方法可以任意组合,例如,自然语言处理方法识别出审查项后,可以继续使用人工输入方法进行确认。The above methods can be combined arbitrarily. For example, after the natural language processing method identifies the review item, it can continue to use the manual input method for confirmation.
一个示例性的实施例中,审查项设置成描述溯源记录信息的筛选分类标准,包括但不限于以下至少之一:In an exemplary embodiment, the review item is set to describe the filtering classification criteria of the traceability record information, including but not limited to at least one of the following:
指定时间区间、指定地点范围、指定操作主体、指定操作行为。Specify the time interval, the specified location range, the specified operation subject, and the specified operation behavior.
其中,操作行为包括但不限于以下至少之一:隐私信息传播操作行为、隐私信息处理操作行为。Among them, the operation behavior includes but is not limited to at least one of the following: privacy information dissemination operation behavior, privacy information processing operation behavior.
在本发明实施例中,根据所述审查项对所述溯源记录信息进行筛选,生成行为取证信息包括:In the embodiment of the present invention, screening the traceability record information according to the review item to generate behavior forensics information includes:
从溯源记录信息中筛选出审查项所界定的范围内的溯源记录信息作为行为取证信息。From the traceability record information, the traceability record information within the scope defined by the review item is selected as the behavior forensics information.
例如,当审查项为指定时间区间时,行为取证信息为指定时间区间对应的溯源记录信息,也就是时间在指定时间区间中的溯源记录信息。For example, when the review item is a specified time interval, the behavioral forensics information is the traceability record information corresponding to the specified time interval, that is, the traceability record information whose time is within the specified time interval.
当审查项为指定地点范围时,行为取证信息为指定地点范围对应的溯源记录信息,也就是地点在指定地点范围内的溯源记录信息。When the review item is the specified location range, the behavioral forensics information is the traceability record information corresponding to the specified location range, that is, the traceability record information of the location within the specified location range.
当审查项为指定操作主体时,行为取证信息为指定操作主体对应的溯源记录信息,也就是操作主体与指定操作主体相同的溯源记录信息。When the review item is the designated operation subject, the behavior forensics information is the traceability record information corresponding to the designated operation subject, that is, the same traceability record information of the operation subject and the designated operation subject.
当审查项为指定操作行为时,行为取证信息为指定操作行为对应的溯源记录信息,也就是操作行为与指定操作行为相同的溯源记录信息。When the review item is the specified operation behavior, the behavior forensics information is the traceability record information corresponding to the specified operation behavior, that is, the traceability record information with the same operation behavior as the specified operation behavior.
一个示例性的实施例中,隐私侵犯行为判定结果包括一种或多种的任意组合:In an exemplary embodiment, the result of determining the privacy violation behavior includes any combination of one or more types:
是否存在侵犯行为、所侵犯的操作行为类型、侵犯程度、隐私侵犯行为判断结果的输出格式。Whether there is an infringement, the type of operation infringement, the degree of infringement, and the output format of the judgment result of privacy infringement.
在本发明实施例中,根据隐私侵犯行为判定标准判断所述行为取证信息是否存在隐私侵犯行为包括:In the embodiment of the present invention, judging whether the behavior forensics information has a privacy violation according to the privacy violation behavior judgment standard includes:
当隐私侵犯行为判定标准中包括操作主体和操作客体时,获取隐私侵犯行为判定标准中操作主体为行为取证信息中的操作主体,且操作客体为行为取证信息中的操作客体所对应的操作属性、操作行为和约束条件中的一种或者多种的任意组合;When the privacy violation behavior judgment standard includes the operation subject and the operation object, the operation subject in the acquisition privacy violation judgment standard is the operation subject in the behavior forensics information, and the operation object is the operation attribute corresponding to the operation object in the behavior forensics information, Any combination of one or more of operating behaviors and constraints;
当隐私侵犯行为判定标准中包括操作主体,而不包括操作客体时,获取隐私侵犯行为判定标准中操作主体为行为取证信息中的操作主体所对应的操作属性、操作行为和约束条件中的一种或者多种的任意组合;When the privacy violation behavior judgment standard includes the operation subject, but not the operation object, the acquisition of the privacy violation behavior judgment standard is one of the operation attributes, operation behaviors, and constraints corresponding to the operation subject in the behavior forensics information. Or any combination of multiple;
当隐私侵犯行为判定标准中不包括操作主体,而包括操作客体时,获取隐私侵犯行为判定标准中操作客体为行为取证信息中的操作客体所对应的操作属性、操作行为和约束条件中的一种或者多种的任意组合;When the privacy violation judgment standard does not include the operation subject, but includes the operation object, the acquisition of the privacy violation behavior judgment standard is one of the operation attributes, operation behaviors, and constraints corresponding to the operation object in the behavior forensics information. Or any combination of multiple;
将获得的操作属性与行为取证信息中的操作行为发生环境进行比对,将获得的操作行为和约束条件与行为取证信息中的操作行为进行比对;Compare the obtained operation attributes with the operation behavior occurrence environment in the behavior forensics information, and compare the obtained operation behaviors and constraints with the operation behavior in the behavior forensics information;
当满足以下至少之一:行为取证信息中该操作主体的操作行为发生环境超出获得的操作属性;行为取证信息中该操作主体的操作行为超出所在约束 条件下允许的操作行为时,确定行为取证信息中存在隐私侵犯行为;When at least one of the following is satisfied: the operating environment of the operation subject in the behavioral forensics information exceeds the obtained operation attributes; when the operation behavior of the operation subject in the behavioral forensics information exceeds the allowed operation behavior under the constraint conditions, the behavioral forensics information is determined There are privacy violations in
当行为取证信息中该操作主体的所有操作行为均未超出所在约束条件下允许的操作行为,且所有操作行为发生环境均未超出获得的操作属性时,确定行为取证信息中不存在隐私侵犯行为。When all operation behaviors of the operation subject in the behavior forensics information do not exceed the operation behaviors allowed under the constraints, and the environment in which all operation behaviors occur does not exceed the obtained operation attributes, it is determined that there is no privacy violation in the behavior forensics information.
步骤303、根据隐私侵犯行为判定结果进行隐私侵犯行为溯源,生成隐私侵犯证据链。Step 303: Trace the source of the privacy violation according to the result of the privacy violation, and generate a privacy violation evidence chain.
一个示例性的实施例中,隐私侵犯证据链是指一系列客观事实与真实地溯源记录信息所形成的证明链条,能够证明隐私侵犯过程。所述证据链是法律领域的概念,并非指计算机领域数据结构的链表,其呈现形式可以是点、链、树、图结构。In an exemplary embodiment, the privacy infringement evidence chain refers to a certification chain formed by a series of objective facts and true traceability record information, which can prove the privacy infringement process. The chain of evidence is a concept in the legal field, and does not refer to a linked list of data structures in the computer field, and its presentation form may be a point, chain, tree, or graph structure.
隐私侵犯证据链包括至少一个节点,每一个节点包含以下至少之一:The privacy infringement evidence chain includes at least one node, and each node includes at least one of the following:
隐私侵犯主体、隐私侵犯环境、隐私信息传播操作行为、隐私信息处理操作行为。Privacy violation subject, privacy violation environment, privacy information dissemination operation behavior, privacy information processing operation behavior.
一个示例性的实施例中,当溯源记录信息中的隐私信息传播操作行为超出溯源记录信息中的操作主体的操作权限,且隐私信息传播操作行为为下载权限或查看权限时,确定隐私侵犯主体不是该溯源记录信息中的操作主体,隐私侵犯主体应为溯源记录中将隐私信息传播给该用户的操作主体;In an exemplary embodiment, when the privacy information propagation operation behavior in the traceability record information exceeds the operation authority of the operation subject in the traceability record information, and the privacy information propagation operation behavior is the download authority or the viewing authority, it is determined that the privacy violation subject is not The operation subject in the traceability record information, the privacy violation subject should be the operation subject in the traceability record that spreads the privacy information to the user;
当溯源记录信息中的隐私信息传播操作行为超出溯源记录信息中的操作主体的操作权限,且隐私信息传播操作行为为转发权限或剪切权限或评论权限或标记权限时,确定隐私侵犯主体为该溯源记录信息中的操作主体;When the privacy information dissemination operation behavior in the traceability record information exceeds the operation authority of the operation subject in the traceability record information, and the privacy information dissemination operation behavior is the forwarding authority or the cutting authority or the comment authority or the marking authority, it is determined that the privacy infringement subject is the The operation subject in the traceability record information;
当溯源记录信息中的隐私信息处理操作行为超出溯源记录信息中的操作主体的操作权限时,确定隐私侵犯主体为溯源记录信息中的操作主体;When the privacy information processing operation in the traceability record information exceeds the operation authority of the operation subject in the traceability record information, the privacy violation subject is determined to be the operation subject in the traceability record information;
当溯源记录信息中的操作行为发生环境超出溯源记录信息中的操作主体的访问限制条件时,确定隐私侵犯主体为溯源记录信息中的操作主体。When the operating environment in the traceability record information exceeds the access restriction condition of the operation subject in the traceability record information, the privacy violation subject is determined to be the operation subject in the traceability record information.
确定出所有隐私侵犯主体后,即可将所有隐私侵犯主体标注在隐私侵犯证据链中。Once all the subjects of privacy infringement are identified, all subjects of privacy infringement can be marked in the privacy infringement evidence chain.
一个示例性的实施例中,该方法还包括:In an exemplary embodiment, the method further includes:
对所述隐私侵犯证据链进行安全性保障。Make security guarantee for the privacy violation evidence chain.
一个示例性的实施例中,所述对隐私侵犯证据链进行安全性保障包括以下一种或多种的任意组合:In an exemplary embodiment, the security guarantee for the privacy infringement evidence chain includes any combination of one or more of the following:
生成所述隐私侵犯证据链的审计信息;Generate audit information of the privacy violation evidence chain;
计算所述隐私侵犯证据链和审计信息中的一种或多种的任意组合的完整性校验值;Calculating the integrity check value of any combination of one or more of the privacy violation evidence chain and audit information;
对所述隐私侵犯证据链生成用户和隐私侵犯证据链接收用户中的一个或多个的任意组合进行数字签名。Digitally sign any combination of one or more of the privacy violation evidence chain generation user and the privacy violation evidence chain reception user.
一个示例性的实施例中,所述审计信息设置成记录所述隐私侵犯证据链中的取证样本数据的获取记录,包括以下任一种或多种的任意组合:隐私侵犯行为判定结果、信息来源、取证人员、经手人;In an exemplary embodiment, the audit information is configured to record the acquisition record of the forensic sample data in the privacy violation evidence chain, including any combination of any one or more of the following: the judgment result of privacy violation behavior, the information source , Forensics personnel, handlers;
一个示例性的实施例中,取证人员为具有资质的证据采集工作人员。In an exemplary embodiment, the forensic personnel are qualified evidence collection staff.
经手人为具有接收并传递证据链权限的工作人员。The handling person is a staff member who has the authority to receive and transmit the evidence chain.
所述完整性校验值设置成保障所述隐私侵犯证据链和所述审计信息中的一种或多种的任意组合的内容不被恶意篡改;The integrity check value is set to ensure that the content of any combination of one or more of the privacy violation evidence chain and the audit information is not maliciously tampered with;
所述数字签名设置成保障所述隐私侵犯证据链在提交过程中不被恶意篡改。The digital signature is set to ensure that the privacy infringement evidence chain is not tampered with maliciously during the submission process.
参见图4,本申请另一个实施例提出一种隐私信息溯源取证装置,包括:Referring to FIG. 4, another embodiment of the present application proposes a privacy information traceability and forensics device, including:
信息获取模块401,设置成根据审查需求获取信息;The information obtaining module 401 is set to obtain information according to the review requirements;
证据样本数据获取模块402,设置成从所述信息中获取证据样本数据,其中,所述证据样本数据包括但不限于:隐私信息、隐私信息的溯源记录信息和隐私信息的隐私侵犯行为判定标准的一种或多种的任意组合;The evidence sample data obtaining module 402 is configured to obtain evidence sample data from the information, wherein the evidence sample data includes but is not limited to: privacy information, traceability record information of the privacy information, and the privacy violation behavior judgment standard of the privacy information Any combination of one or more types;
隐私侵犯行为判定模块403,设置成根据隐私侵犯行为判定标准判断溯源记录信息中是否存在隐私侵犯行为,生成隐私侵犯行为判定结果;The privacy violation judgment module 403 is set to judge whether there is a privacy violation in the traceability record information according to the privacy violation judgment standard, and generate a privacy violation judgment result;
隐私侵犯证据链生成模块404,设置成根据隐私侵犯行为判定结果进行隐私侵犯行为溯源,生成隐私侵犯证据链。The privacy infringement evidence chain generation module 404 is configured to trace the source of the privacy infringement behavior according to the result of the privacy infringement behavior judgment and generate the privacy infringement evidence chain.
参见图5,本申请另一个实施例提出了一种隐私信息溯源取证系统,包括:Referring to FIG. 5, another embodiment of the present application proposes a privacy information traceability and forensics system, including:
证据样本数据生成设备501,设置成生成信息的证据样本数据;其中,所述证据样本数据包括:隐私信息、隐私信息的溯源记录信息和隐私信息的隐私侵犯行为判定标准中的一种或多种的任意组合;将所述证据样本数据保存到所述信息中;The evidence sample data generating device 501 is configured to generate evidence sample data of information; wherein, the evidence sample data includes: one or more of: privacy information, traceability record information of the privacy information, and privacy violation judgment criteria of the privacy information Any combination of; save the evidence sample data into the information;
隐私信息溯源取证设备502,设置成根据审查需求获取信息;从所述信息中获取证据样本数据;根据隐私侵犯行为判定标准判断溯源记录信息中是否存在隐私侵犯行为,生成隐私侵犯行为判定结果;根据隐私侵犯行为判定结果进行隐私侵犯行为溯源,生成隐私侵犯证据链。The privacy information traceability and forensics device 502 is configured to obtain information according to the review requirements; obtain evidence sample data from the information; determine whether there is a privacy violation in the traceability record information according to the privacy violation behavior judgment standard; The result of the privacy violation behavior is traced to the source of the privacy violation behavior to generate a privacy violation evidence chain.
上述证据样本数据生成设备501和隐私信息溯源取证设备502的实现过程与前述实施例的实现过程相同,这里不再赘述。The implementation process of the above-mentioned evidence sample data generation device 501 and the privacy information traceability and forensics device 502 is the same as the implementation process of the foregoing embodiment, and will not be repeated here.
下面通过应用实例对本申请技术方案进行示例性说明。The technical solution of the present application will be exemplarily described below through application examples.
实例1 图片在流转过程中实时生成证据样本数据,将证据样本数据保存到图片中与图片一起进行流转。首先,进行隐私信息界定:通过人工标注或者图像识别算法获取图片中隐私区域所在的坐标,可通过左上角和右下角的横纵坐标描述一个矩形区域,对图片信息进行隐私区域进行标注,生成隐私信息。本步骤中,隐私信息是指明确标注出的图片隐私区域,包括但不限于图片隐私内容、图片隐私信息的位置。在本实例中,假设所述信息是一张私人聚会的隐私图片,Alice在图片中的标注了两个隐私区域,用户的“脸部区域”和“首饰所在的图像区域”。之后的过程可以参见图1所示的隐私信息溯源取证方法。Example 1 Evidence sample data is generated in real time during the circulation of the picture, and the evidence sample data is saved in the picture and circulated together with the picture. First, define the privacy information: obtain the coordinates of the privacy area in the picture by manual annotation or image recognition algorithm. The horizontal and vertical coordinates of the upper left and lower right corners can be used to describe a rectangular area, and the privacy area of the picture information can be marked to generate privacy. information. In this step, private information refers to clearly marked image privacy areas, including but not limited to image privacy content and location of image privacy information. In this example, assuming that the information is a private picture of a private party, Alice marked two privacy areas in the picture, the user's "face area" and the "image area where the jewelry is located". For the subsequent process, please refer to the privacy information traceability and forensics method shown in FIG. 1.
在本实例中,假设Alice将图片中的隐私区域加密转发给了Bob,同时设置希望该“首饰所在的图像区域”仅在同学范围内分享,且不允许其他用户再对“脸部区域”进行马赛克、模糊处理。Bob将“首饰所在的图像区域”转发给同学范围中的Carol和同学范围外的David,而Carol对图片中的“脸部区域”进行了马赛克处理。+In this example, suppose Alice encrypted and forwarded the privacy area in the picture to Bob, and at the same time set the hope that the "image area where the jewelry is located" is only shared within the scope of classmates, and other users are not allowed to do more on the "face area" Mosaic and blur processing. Bob forwards the "image area where the jewelry is located" to Carol in the classmates and David outside the classmates, and Carol mosaics the "face area" in the picture. +
实例2 基于实例1中流转的图片进行溯源取证分析,过程可以参见图3所示的隐私信息溯源取证方法。在本实例中,Alice调用的取证函数对所述隐私侵犯行为判定结果的机密性、完整性进行校验,确定溯源信息的真实可信。取证函数通过David的查看行为溯源到Bob将隐私信息转发出限定范围,确 定Bob为隐私侵犯行为主体;通过Carol的马赛克处理,确定Carol为另一个隐私侵犯行为主体,并最终将所有隐私侵犯行为判定结果打包成隐私侵犯证据链。本领域普通技术人员可以理解,上文中所公开方法中的全部或某些步骤、系统、装置中的功能模块/单元可以被实施为软件、固件、硬件及其适当的组合。在硬件实施方式中,在以上描述中提及的功能模块/单元之间的划分不一定对应于物理组件的划分;例如,一个物理组件可以具有多个功能,或者一个功能或步骤可以由若干物理组件合作执行。某些组件或所有组件可以被实施为由处理器,如数字信号处理器或微处理器执行的软件,或者被实施为硬件,或者被实施为集成电路,如专用集成电路。这样的软件可以分布在计算机可读介质上,计算机可读介质可以包括计算机存储介质(或非暂时性介质)和通信介质(或暂时性介质)。如本领域普通技术人员公知的,术语计算机存储介质包括在设置成存储信息(诸如计算机可读指令、数据结构、程序模块或其他数据)的任何方法或技术中实施的易失性和非易失性、可移除和不可移除介质。计算机存储介质包括但不限于RAM、ROM、EEPROM、闪存或其他存储器技术、CD-ROM、数字多功能盘(DVD)或其他光盘存储、磁盒、磁带、磁盘存储或其他磁存储装置、或者可以设置成存储期望的信息并且可以被计算机访问的任何其他的介质。此外,本领域普通技术人员公知的是,通信介质通常包含计算机可读指令、数据结构、程序模块或者诸如载波或其他传输机制之类的调制数据信号中的其他数据,并且可包括任何信息递送介质。Example 2 For the traceability and forensics analysis based on the pictures transferred in Example 1, the process can refer to the privacy information traceability and forensics method shown in FIG. 3. In this example, the forensic function called by Alice verifies the confidentiality and integrity of the result of the privacy violation judgment to determine the authenticity of the traceability information. The forensic function traces the source of David's private information through David's viewing behavior to Bob and determines that Bob is the subject of privacy violations; through Carol's mosaic processing, it is determined that Carol is another subject of privacy violations, and finally determines all privacy violations The results are packaged into a privacy infringement evidence chain. Those of ordinary skill in the art may understand that all or some of the steps, systems, and functional modules / units in the method disclosed above may be implemented as software, firmware, hardware, and appropriate combinations thereof. In a hardware implementation, the division between the functional modules / units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be composed of several physical The components are executed in cooperation. Some or all components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer-readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). As is well known to those of ordinary skill in the art, the term computer storage medium includes both volatile and non-volatile implemented in any method or technology configured to store information (such as computer-readable instructions, data structures, program modules, or other data) Sex, removable and non-removable media. Computer storage media include but are not limited to RAM, ROM, EEPROM, flash memory or other memory technologies, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cartridges, magnetic tape, magnetic disk storage or other magnetic storage devices, or may Any other medium configured to store the desired information and be accessible by the computer. In addition, it is well known to those of ordinary skill in the art that the communication medium generally contains computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transmission mechanism, and may include any information delivery medium .

Claims (15)

  1. 一种隐私信息溯源取证方法,包括:A method for forensic traceability of private information, including:
    生成信息的证据样本数据;所述证据样本数据包括以下一种或多种的任意组合:隐私信息、隐私信息的溯源记录信息和隐私信息的隐私侵犯行为判定标准;Generate evidence sample data of the information; the evidence sample data includes any combination of one or more of the following: privacy information, traceability record information of the privacy information, and privacy violation behavior judgment standards of the privacy information;
    将所述证据样本数据保存到所述信息中。Save the evidence sample data into the information.
  2. 根据权利要求1所述的隐私信息溯源取证方法,其中,所述隐私信息包括隐私信息内容和隐私信息位置;采用以下方式生成所述隐私信息:The privacy information traceability and forensics method according to claim 1, wherein the privacy information includes privacy information content and privacy information location; the privacy information is generated in the following manner:
    从所述信息中获取所述隐私信息内容,确定所述隐私信息内容在所述信息中的位置得到所述隐私信息位置。Obtain the privacy information content from the information, determine the location of the privacy information content in the information to obtain the location of the privacy information.
  3. 根据权利要求1所述的隐私信息溯源取证方法,其中,采用以下方式生成所述隐私信息的溯源记录信息:The privacy information traceability and forensics method according to claim 1, wherein the traceability record information of the privacy information is generated in the following manner:
    判断出已生成的溯源记录信息可信,根据操作主体对所述隐私信息的操作行为采用溯源记录函数生成所述溯源记录信息。It is determined that the generated traceability record information is credible, and a traceability record function is used to generate the traceability record information according to the operation behavior of the operation subject on the private information.
  4. 根据权利要求3所述的隐私信息溯源取证方法,其中,所述溯源记录函数包括以下一种或多种的任意组合:映射函数、哈希函数、加密函数、签名函数;The method for forensic traceability of private information according to claim 3, wherein the traceability record function includes any combination of one or more of the following: a mapping function, a hash function, an encryption function, and a signature function;
    其中,映射函数设置成为操作主体、操作客体、操作行为和操作行为发生环境中的一种或多种的任意组合建立映射关系;Among them, the mapping function is set to be any combination of one or more of the operation subject, operation object, operation behavior and the environment in which the operation behavior occurs to establish the mapping relationship;
    哈希函数、加密函数和签名函数设置成防止溯源记录信息被恶意篡改,或者设置成防止在取证过程中恶意操作主体否认操作行为;The hash function, encryption function and signature function are set to prevent the traceability record information from being maliciously tampered with, or set to prevent the malicious operation subject from denying the operation during the forensics process;
    或者,其中,所述操作主体包括以下任一种:Or, wherein, the operation subject includes any one of the following:
    信息所有者、信息转发者、信息接收者、信息发送设备、信息接收设备、信息传输设备;Information owner, information forwarder, information receiver, information sending device, information receiving device, information transmission device;
    所述操作行为包括以下一种或多种的任意组合:The operation behavior includes any combination of one or more of the following:
    隐私信息传播操作行为、隐私信息处理操作行为;Private information dissemination operation behavior, private information processing operation behavior;
    所述溯源记录信息包括:所述操作主体、操作客体、所述操作行为和操 作行为发生环境中的一种或多种的任意组合,和/或所述操作主体、操作客体、所述操作行为和操作行为发生环境中的一种或多种的任意组合之间的映射关系。The traceability record information includes: any combination of one or more of the operation subject, operation object, the operation behavior and the environment in which the operation behavior occurs, and / or the operation subject, operation object, and operation behavior The mapping relationship between any combination of one or more of the operating environment.
  5. 根据权利要求1所述的隐私信息溯源取证方法,其中,采用以下方式生成所述隐私信息的隐私侵犯行为判定标准:The privacy information traceability and forensics method according to claim 1, wherein the privacy violation judgment criterion of the privacy information is generated in the following manner:
    根据对隐私信息的隐私保护需求生成所述隐私信息的隐私侵犯行为判定标准;其中,所述隐私保护需求包括以下一种或多种任意组合:A judgment criterion for privacy violation of the privacy information is generated according to the privacy protection requirement for the privacy information; wherein the privacy protection requirement includes any one or more of the following combinations:
    隐私保护算法类型、保护强度、隐私化效果。Privacy protection algorithm type, protection strength, privacy effect.
  6. 根据权利要求5所述的隐私信息溯源取证方法,其中,所述隐私侵犯行为判定标准包括:操作主体、操作客体、操作属性、操作行为、约束条件中的一种或者多种的任意组合之间的对应关系;其中,The privacy information tracing and forensic method according to claim 5, wherein the privacy violation behavior judgment standard includes: any combination of one or more of an operation subject, an operation object, an operation attribute, an operation behavior, and a constraint Corresponding relationship; where,
    所述操作主体包括以下任一种:The operation subject includes any one of the following:
    信息所有者、信息转发者、信息接收者、信息发送设备、信息接收设备、信息传输设备;Information owner, information forwarder, information receiver, information sending device, information receiving device, information transmission device;
    所述操作客体设置成描述被操作的隐私信息;The operation object is set to describe the privacy information being operated;
    所述操作行为包括以下一种或多种的任意组合:隐私信息传播操作、隐私信息处理操作;The operation behavior includes any combination of one or more of the following: private information dissemination operation and private information processing operation;
    所述操作属性设置成描述执行操作行为应满足的属性条件,包括:触发条件、环境信息、使用范围、媒体类型中的一种或者多种的任意组合;The operation attribute is set to describe the attribute conditions that should be satisfied to perform the operation behavior, including: any combination of one or more of the trigger condition, environmental information, use range, and media type;
    其中,所述触发条件设置成描述激活隐私侵犯行为判断的条件,包括以下一种或多种的任意组合:Wherein, the trigger condition is set to describe a condition for activating the judgment of privacy violation behavior, including any combination of one or more of the following:
    离开或进入系统边界、离开或进入网络边界、发送隐私信息前、接收隐私信息前、自定义规则;Leave or enter the system boundary, leave or enter the network boundary, before sending private information, before receiving private information, custom rules;
    所述环境信息包括以下一种或多种的任意组合:The environmental information includes any combination of one or more of the following:
    角色、时间、空间位置、设备、网络、操作系统;Role, time, space location, equipment, network, operating system;
    所述使用范围设置成描述隐私操作的应用场景,包括以下一种或多种的任意组合:The scope of use is set to describe application scenarios of privacy operations, including any combination of one or more of the following:
    设置成打印、设置成显示器显示、设置成移动存储介质交换、设置成网络传输;Set to print, set to display, set to removable storage medium exchange, set to network transmission;
    所述媒体类型设置成描述隐私信息文件的媒体格式,包括以下一种或多种的任意组合:文本、图片、音频、视频、超媒体;The media type is set to a media format describing the private information file, including any combination of one or more of the following: text, pictures, audio, video, hypermedia;
    所述约束条件设置成描述操作行为的权限,其中,所述约束条件包括:允许或不允许。The constraint condition is set as a permission to describe the operation behavior, wherein the constraint condition includes: allowed or not allowed.
  7. 根据权利要求1所述的隐私信息溯源取证方法,其中,所述将证据样本数据保存到信息中包括:The private information traceability and forensics method according to claim 1, wherein the saving of evidence sample data in the information includes:
    将所述证据样本数据通过以下一种或多种方式的任意组合保存到所述信息中:绑定、嵌入、追加。Save the evidence sample data into the information in any combination of one or more of the following ways: binding, embedding, appending.
  8. 一种计算机可读存储介质,其上存储有计算机程序,其中,所述计算机程序被处理器执行时实现如权利要求1~7任一项所述的隐私信息溯源取证方法的步骤。A computer-readable storage medium on which a computer program is stored, wherein, when the computer program is executed by a processor, the steps of the privacy information traceability forensic method according to any one of claims 1 to 7 are implemented.
  9. 一种隐私信息溯源取证方法,包括:A method for forensic traceability of private information, including:
    根据审查需求获取信息;Obtain information based on review requirements;
    从所述信息中获取证据样本数据,所述证据样本数据包括:隐私信息、隐私信息的溯源记录信息和隐私信息的隐私侵犯行为判定标准中的一种或者多种的任意组合;Obtain evidence sample data from the information, where the evidence sample data includes: any combination of one or more of the privacy information, the traceability record information of the privacy information, and the privacy violation judgment standard of the privacy information;
    根据隐私侵犯行为判定标准判断溯源记录信息中是否存在隐私侵犯行为,生成隐私侵犯行为判定结果;Determine whether there is a privacy violation in the traceability record information according to the privacy violation judgment standard, and generate a privacy violation judgment result;
    根据隐私侵犯行为判定结果进行隐私侵犯行为溯源,生成隐私侵犯证据链数据。Trace the source of privacy violations according to the judgment result of privacy violations, and generate privacy violation evidence chain data.
  10. 根据权利要求9所述的隐私信息溯源取证方法,其中,所述根据隐私侵犯行为判定标准判断溯源记录信息中是否存在隐私侵犯行为包括:The privacy information traceability and forensics method according to claim 9, wherein the judging whether a privacy violation exists in the traceability record information according to the privacy violation behavior judgment standard includes:
    生成审查项;Generate review items;
    根据所述审查项对所述溯源记录信息进行筛选,生成行为取证信息;Screening the traceability record information according to the review items to generate behavioral forensics information;
    当行为取证信息可信时,根据隐私侵犯行为判定标准判断所述行为取证 信息是否存在隐私侵犯行为,生成隐私侵犯行为判定结果。When the behavioral forensics information is credible, it is determined whether the behavioral forensics information has privacy violations according to the privacy violation behavior judgment standard, and a privacy violation behavior judgment result is generated.
  11. 根据权利要求10所述的隐私信息溯源取证方法,其中,所述根据所述审查项对所述溯源记录信息进行筛选,生成行为取证信息包括:The privacy information traceability forensics method according to claim 10, wherein the screening of the traceability record information according to the review item and generating behavior forensics information include:
    从所述溯源记录信息中筛选出审查项所界定的范围内的溯源记录信息作为行为取证信息。From the traceability record information, the traceability record information within the range defined by the review item is selected as behavior forensics information.
  12. 根据权利要求10所述的隐私信息溯源取证方法,其中,所述根据隐私侵犯行为判定标准判断所述行为取证信息是否存在隐私侵犯行为包括:The privacy information traceability and forensics method according to claim 10, wherein the judging whether the behavior forensics information has a privacy violation according to a privacy violation behavior judgment standard includes:
    当隐私侵犯行为判定标准中包括操作主体和操作客体时,获取隐私侵犯行为判定标准中操作主体为行为取证信息中的操作主体,且操作客体为行为取证信息中的操作客体所对应的操作属性、操作行为和约束条件中的一种或者多种的任意组合;When the privacy violation behavior judgment standard includes the operation subject and the operation object, the operation subject in the acquisition privacy violation judgment standard is the operation subject in the behavior forensics information, and the operation object is the operation attribute corresponding to the operation object in the behavior forensics information, Any combination of one or more of operating behaviors and constraints;
    当隐私侵犯行为判定标准中包括操作主体,而不包括操作客体时,获取隐私侵犯行为判定标准中操作主体为行为取证信息中的操作主体所对应的操作属性、操作行为和约束条件中的一种或者多种的任意组合;When the privacy violation behavior judgment standard includes the operation subject, but not the operation object, the acquisition of the privacy violation behavior judgment standard is one of the operation attributes, operation behaviors, and constraints corresponding to the operation subject in the behavior forensics information. Or any combination of multiple;
    当隐私侵犯行为判定标准中不包括操作主体,而包括操作客体时,获取隐私侵犯行为判定标准中操作客体为行为取证信息中的操作客体所对应的操作属性、操作行为和约束条件中的一种或者多种的任意组合;When the privacy violation judgment standard does not include the operation subject, but includes the operation object, the acquisition of the privacy violation behavior judgment standard is one of the operation attributes, operation behaviors, and constraints corresponding to the operation object in the behavior forensics information. Or any combination of multiple;
    将获得的操作属性与行为取证信息中的操作行为发生环境进行比对,将获得的操作行为和约束条件与行为取证信息中的操作行为进行比对;Compare the obtained operation attributes with the operation behavior occurrence environment in the behavior forensics information, and compare the obtained operation behaviors and constraints with the operation behavior in the behavior forensics information;
    当满足以下至少之一时确定行为取证信息中存在隐私侵犯行为:行为取证信息中该操作主体的操作行为发生环境超出获得的操作属性;行为取证信息中该操作主体的操作行为超出所在约束条件下允许的操作行为;When at least one of the following is satisfied, it is determined that there is a privacy violation in the behavioral forensics information: the operating environment of the operation subject in the behavioral forensics information exceeds the obtained operation attributes; Operating behavior;
    当行为取证信息中该操作主体的所有操作行为均未超出所在约束条件下允许的操作行为,且所有操作行为发生环境均未超出获得的操作属性时,确定行为取证信息中不存在隐私侵犯行为。When all operation behaviors of the operation subject in the behavior forensics information do not exceed the operation behaviors allowed under the constraints, and the environment in which all operation behaviors occur does not exceed the obtained operation attributes, it is determined that there is no privacy violation in the behavior forensics information.
  13. 根据权利要求12所述的隐私信息溯源取证方法,其中,所述隐私侵犯行为判定结果包括以下一种或多种的任意组合:The privacy information traceability and forensic method according to claim 12, wherein the result of the privacy violation determination includes any combination of one or more of the following:
    是否存在侵犯行为、所侵犯的操作行为类型、侵犯程度、隐私侵犯行为 判断结果的输出格式。Whether there is an infringement, the type of operation behavior infringed, the degree of infringement, and the output format of the judgment result of privacy infringement.
  14. 一种计算机可读存储介质,其上存储有计算机程序,其中,所述计算机程序被处理器执行时实现如权利要求9~13任一项所述的隐私信息溯源取证方法的步骤。A computer-readable storage medium on which a computer program is stored, wherein when the computer program is executed by a processor, the steps of the privacy information traceability forensic method according to any one of claims 9 to 13 are implemented.
  15. 一种隐私信息溯源取证系统,包括:A privacy information traceability and forensics system, including:
    证据样本数据生成设备,设置成生成信息的证据样本数据;所述证据样本数据包括:隐私信息、隐私信息的溯源记录信息和隐私信息的隐私侵犯行为判定标准中的一种或者多种的任意组合;将所述证据样本数据保存到所述信息中;Evidence sample data generating device, set to generate evidence sample data of information; the evidence sample data includes: any combination of one or more of the privacy information, the traceability record information of the privacy information and the privacy violation behavior judgment standard of the privacy information ; Save the evidence sample data to the information;
    隐私信息溯源取证设备,设置成根据审查需求获取信息;从所述信息中获取证据样本数据,所述证据样本数据包括:隐私信息、隐私信息的溯源记录信息和隐私信息的隐私侵犯行为判定标准中的一种或者多种的任意组合;根据隐私侵犯行为判定标准判断溯源记录信息中是否存在隐私侵犯行为,生成隐私侵犯行为判定结果;根据隐私侵犯行为判定结果进行隐私侵犯行为溯源,生成隐私侵犯证据链。The privacy information traceability and forensics equipment is set to obtain information according to the review requirements; to obtain evidence sample data from the information, the evidence sample data includes: privacy information, the traceability record information of the privacy information, and the privacy violation behavior judgment standard Any combination of one or more types; determine whether there is a privacy violation in the traceability record information according to the privacy violation judgment standard, and generate a privacy violation behavior judgment result; perform a privacy violation behavior traceability based on the privacy violation behavior judgment result, and generate privacy violation evidence chain.
PCT/CN2019/083047 2018-10-30 2019-04-17 Privacy information tracing and evidence collection method, apparatus, and system WO2020087877A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811272731.6 2018-10-30
CN201811272731.6A CN109583229B (en) 2018-10-30 2018-10-30 Privacy information tracing and evidence obtaining method, device and system

Publications (1)

Publication Number Publication Date
WO2020087877A1 true WO2020087877A1 (en) 2020-05-07

Family

ID=65921204

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/083047 WO2020087877A1 (en) 2018-10-30 2019-04-17 Privacy information tracing and evidence collection method, apparatus, and system

Country Status (2)

Country Link
CN (1) CN109583229B (en)
WO (1) WO2020087877A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109583229B (en) * 2018-10-30 2021-05-11 中国科学院信息工程研究所 Privacy information tracing and evidence obtaining method, device and system
CN112016131B (en) * 2020-08-25 2023-11-07 南京大学 Distributed cloud evidence obtaining credibility verification system and method thereof
CN113239383A (en) * 2021-06-01 2021-08-10 北京华赛在线科技有限公司 File transfer processing method, device, equipment and storage medium
CN115829187A (en) * 2022-12-02 2023-03-21 北京东土泛联信息技术有限公司 Method and device for managing hazardous chemical substance, storage medium and electronic equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100114627A1 (en) * 2008-11-06 2010-05-06 Adler Sharon C Processing of Provenance Data for Automatic Discovery of Enterprise Process Information
CN103297267A (en) * 2013-05-10 2013-09-11 河北远东通信系统工程有限公司 Method and system for network behavior risk assessment
CN106156904A (en) * 2015-03-24 2016-11-23 中国人民解放军国防科学技术大学 A kind of cross-platform fictitious assets source tracing method based on eID
CN107944299A (en) * 2017-12-29 2018-04-20 西安电子科技大学 A kind of processing method of privacy information, apparatus and system
CN108055194A (en) * 2017-12-14 2018-05-18 浙江工商大学 Multi-tag and the newer method for secret protection of user are supported in microblog system
CN109583229A (en) * 2018-10-30 2019-04-05 中国科学院信息工程研究所 A kind of privacy information is traced to the source evidence collecting method, apparatus and system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105787389B (en) * 2016-03-02 2018-07-27 四川师范大学 Cloud file integrality public audit evidence generation method and public audit method
CN108322306B (en) * 2018-03-17 2020-11-27 北京工业大学 Privacy protection-oriented cloud platform trusted log auditing method based on trusted third party

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100114627A1 (en) * 2008-11-06 2010-05-06 Adler Sharon C Processing of Provenance Data for Automatic Discovery of Enterprise Process Information
CN103297267A (en) * 2013-05-10 2013-09-11 河北远东通信系统工程有限公司 Method and system for network behavior risk assessment
CN106156904A (en) * 2015-03-24 2016-11-23 中国人民解放军国防科学技术大学 A kind of cross-platform fictitious assets source tracing method based on eID
CN108055194A (en) * 2017-12-14 2018-05-18 浙江工商大学 Multi-tag and the newer method for secret protection of user are supported in microblog system
CN107944299A (en) * 2017-12-29 2018-04-20 西安电子科技大学 A kind of processing method of privacy information, apparatus and system
CN109583229A (en) * 2018-10-30 2019-04-05 中国科学院信息工程研究所 A kind of privacy information is traced to the source evidence collecting method, apparatus and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
YIN, JIANLI ET AL.: "System of Personal Data Traceability Management under the Big Data Environment", INFORMATION SCIENCE, vol. 34, no. 2, 29 February 2016 (2016-02-29), pages 139 - 143, XP009520785, DOI: 10.13833/j.cnki.is.2016.02.028 *

Also Published As

Publication number Publication date
CN109583229B (en) 2021-05-11
CN109583229A (en) 2019-04-05

Similar Documents

Publication Publication Date Title
US11790118B2 (en) Cloud-based system for protecting sensitive information in shared content
WO2020087877A1 (en) Privacy information tracing and evidence collection method, apparatus, and system
US10192068B2 (en) Reversible redaction and tokenization computing system
US20170277773A1 (en) Systems and methods for secure storage of user information in a user profile
US10515126B2 (en) Reversible redaction and tokenization computing system
CA3020743A1 (en) Systems and methods for secure storage of user information in a user profile
US9608811B2 (en) Managing access to a secure digital document
CN111885153B (en) Block chain-based data acquisition method, device, computer equipment and storage medium
Nurhaeni et al. Transformation framework design on digital copyright entities using blockchain technology
US20090205051A1 (en) Systems and methods for securing data in electronic communications
Nieto et al. Privacy-aware digital forensics.
Aronson Preserving human rights media for justice, accountability, and historical clarification
US20190356483A1 (en) Document meta-data repository
Salama et al. Metadata based forensic analysis of digital information in the web
KR101727582B1 (en) Evidence system and method to determine whether digital file is forged or falsified by using smart phone
Duranti Involuntary secondary permanence: do many copies replace the one original?
Halboob et al. Privacy policies for computer forensics
Beleuta Data privacy and security in Business Intelligence and Analytics
Soujanya et al. Secured surveillance storage model using blockchain
Li et al. Privacy Computing Theory
Collberg et al. Provenance of exposure: Identifying sources of leaked documents
Pietri Privacy in computational social science
Li et al. Privacy Computing Techniques
Yang et al. Research on Intelligent Perception and Supervision for Data Circulation Security Based on Block-Chain
Vonnegut et al. TICKS OR IT DIDN’T HAPPEN

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19877905

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19877905

Country of ref document: EP

Kind code of ref document: A1