CN101841530A - Privacy information protection method based on trust and ontology - Google Patents
Privacy information protection method based on trust and ontology Download PDFInfo
- Publication number
- CN101841530A CN101841530A CN 201010123416 CN201010123416A CN101841530A CN 101841530 A CN101841530 A CN 101841530A CN 201010123416 CN201010123416 CN 201010123416 CN 201010123416 A CN201010123416 A CN 201010123416A CN 101841530 A CN101841530 A CN 101841530A
- Authority
- CN
- China
- Prior art keywords
- privacy information
- privacy
- credentials
- information
- protection policy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a privacy information protection method based on trust and ontology, belonging to the computer network security field. The method is used to protect the privacy information under network environment. The aim of the invention is to provide a privacy information protection method based on trust and ontology. Considering the existing numerous privacy protection strategies and methods, the method can integrate and specify various privacy information protection strategies to be compatible with the existing privacy information protection methods; the ontology method is adopted and semantics are extracted to abstract privacy protection strategies and privacy information to be ontology with credence quality. In addition, ontology optimization function is added in the method to achieve the aim of simplifying the privacy protection strategy expression and the trust evaluation. By adopting the method of the invention, the existing numerous privacy protection strategies can be integrated and specified, the privacy information in network environment can be effectively protected; and the method can be flexibly used in various computing environments and have good compatibility and applicability.
Description
Technical field
The present invention relates to a kind of under network environment, based on trusting and ontological method for protecting privacy.Achievement of the present invention can be used for the Internet and need network application that privacy information is protected, belongs to computer network security field.
Background technology
Dynamic and open computing environment provides convenience for user interactions, but has brought the problem of secret protection thus.Exist a large amount of privacy protection policies in the different network application environments, in traditional computing environment, can adopt method for protecting privacy based on access control; And in novel computing environment such as general fit calculation, mutual both sides may not have the previous relevant information of the other side, therefore need to adopt the method for secret protection based on trusting.
Existing method for protecting privacy all is at concrete applied environment, takes corresponding method for secret protection.There are two shortcomings in existing method for secret protection: the one, and along with computing technique and development of internet technology, the user usually can be in the different computing environment, therefore needs to use different method for protecting privacy and strategy.The multiple different method for protecting privacy that present method for secret protection can not use the user is integrated and specification details with strategy.The 2nd, at present based on the method for secret protection of trusting, calculate trust value or adopt simple level of trust such as the basic, normal, high guard method of determining privacy information, as allowing visit or disable access by various trust models.Trust is with context-sensitive, uses simple trust value or unified level of trust can not satisfy the demand of privacy information protection.For example A is the expert of computer realm, and B trusts A in computer realm very much, but B not necessarily trusts A at medical field, therefore uses simple reliability rating, and it is inappropriate that B " trusts " A very much.If adopt simple reliability rating B that A " is trusted " as the method for protecting the B privacy information very much, allow the problem of inquiry A medical treatment aspect so according to this method B, this just might reveal the privacy information of B health.
Summary of the invention
The purpose of this invention is to provide a kind of based on trusting and ontological method for protecting privacy; use this method can integrate with the various applied environments of specification details under the privacy information protection strategy; the method for secret protection seamless integration that the user is adopted in different computing environments; compatible mutually with existing method for protecting privacy; a kind of general method for protecting privacy is provided, solves the privacy information protection problem in the network environment.Simultaneously by extracting method of semantic; privacy protection policy is expressed as the privacy protection policy body that its attribute is a credentials; fully represented comprehensive implication of trusting; be different from according to simple reliability rating and make the secret protection decision methods, for privacy information protection provides safer guard method.
The present invention is the privacy protection policy abstract representation privacy protection policy body with extracting method of semantic, and the attribute of this body is the required credentials that possesses of privacy information of this policy control of visit and the constraint of each credentials.Wherein, " extraction method of semantic " is to use the method for machine learning to carry out extraction of semantics in actual applications; " privacy information of this privacy policy control " not necessarily is a privacy information, it might be a class privacy information, privacy protection policy and privacy information are the relations of one-to-many, and privacy information and certain single privacy information that this corresponding relation performance is controlled for certain privacy protection policy are to comprise and involved relation; " credentials " is all voucher and proofs that trust can be provided, as certificate, mutual satisfaction, interaction success number of times or the like." constraint " is meant the qualification for the credentials value.For example; privacy information protection strategy " this privacy information allow visit and if only if the requestor has certificate 1 "; according to semantic abstraction; this privacy information protection Policy Table is shown a privacy policy body; its attribute is credentials " certificate 1 ", and constraint is that " having ", (can adopt a Boolean function to represent among the actual behaviour, value was that 1 expression has; 0 expression does not possess, and therefore constraint can be reduced to "=1 ").According to the privacy protection policy body, be the privacy information abstract representation privacy information body with extracting method of semantic, the attribute of this body is the required credentials that possesses of this privacy information of visit, and the type of each credentials." type " is meant the value classification of credentials, and as for credentials " successful interaction times ", its type is an integer type.By judging that whether the required credentials of visit privacy information satisfies the constraints of the credentials of privacy protection policy body, makes the decision-making to request visit privacy information.
The present invention is by to the optimization of privacy protection policy body and privacy information body, reaches the expression of simplifying privacy protection policy and simplifies purpose to the trust evaluation of privacy information.
The present invention takes following technical scheme.Based on the method for protecting privacy of ontology and trust, realize that the whole framework of this method comprises privacy information requestor, privacy policy body, privacy information body, the privacy information owner and trust evaluation model.Wherein, do not do specific (special) requirements, can adopt multiple trust evaluation model to finish and realize the present invention, in the present invention, only use the result of trust evaluation and be indifferent to the process of trust evaluation for the trust evaluation model.
Based on trusting and ontological method for protecting privacy, it is characterized in that, may further comprise the steps:
1. the privacy information requestor sends the request of its privacy information of visit to the privacy information owner;
2. the privacy information owner receives request, and following several steps of doing of request are handled:
(1) with extract method of semantic the possessory privacy information protection strategy of privacy information abstract be credentials to claimed privacy information, reach the constraint of each credentials.Adopt the semantic sorting technique of extraction to produce the privacy protection policy body, the attribute of this body is the credentials through semantic abstraction, finishes the privacy information protection strategy under integration and the various applied environments of specification details.
The privacy protection policy body as shown in Figure 1.The privacy protection policy body shows as the tree structure of layering, and root is at top, and leaf below.Describe for convenient; with ground floor, this saying of the second layer privacy information protection strategy body is described; in Fig. 1; top layer is that ground floor " privacy policy " is the father node of the second layer " strategy 1 " and " strategy 2 "; the 3rd layer " strategy 1.1 ", " strategy 1.2 " are the child nodes of " strategy 1 ", by that analogy.
Wherein, the privacy protection policy body of process semantic abstraction has following three characteristics: the first, and inherited characteristics, child node and father node have inheritance.If father node has certain trust attribute, then child node is inherited and is had this attribute; The second, forced characteristic, low-level nodes is always carried out the strategy of upper level node.If father node adds certain attribute, then child node is carried out the function of this interpolation attribute.The 3rd, the strategy of upper layer node is inherited and carried out to default characteristic, lower level node and if only if the not corresponding strategy of lower level node.If father node contradicts with the constraint of child node attribute, then child node is not inherited this constraint of father node.By this method, can integrate the privacy information protection strategy that various applied environments exist down and specification details, make that various method for secret protection and strategy can seamless uses in different computing environment.
(2) the privacy protection policy body that produces according to (1) according to ontology, is organized as the privacy information body to privacy information with extracting method of semantic, as shown in Figure 2.The privacy information body shows as the tree structure of layering equally, and its attribute is a credentials, and the type of each credentials.The privacy information body possesses (1) described three specific characters equally.
(3) after privacy protection policy body and privacy information body produce, it is optimized.The optimization method of privacy protection policy body and privacy information body is; if two or more being in one deck and the identical body of father node has certain or some identical attributes; then this identical attribute is promoted to last layer; promptly join in the father node attribute, simultaneously this identical attribute of deletion in former body.In Fig. 1, " strategy 1.1 " and " tactful 1.2 " is identical with one deck and father node, they all have attribute " credentials 1 ", therefore attribute " credentials 1 " is joined in its father node " strategy 1 ", and attribute " credentials 1 " deletion that will " strategy 1.1 " and " strategy 1.2 ", this optimization result is as shown in Figure 3.
Like this, for the privacy protection policy body, simplified tactful expression.For the privacy information body, when doing trust evaluation, be credentials for the attribute of sharing, needn't be in the trust evaluation process repeated calculation, only need to calculate once can repeatedly use.As Fig. 4, after optimizing,, do not need to calculate respectively T1 for privacy information 1.1 and privacy information 1.2, calculating gets final product only to need to do once to T1.Therefore, by optimization, can reach and simplify privacy protection policy and represent and simplify purpose the trust evaluation of privacy information to privacy protection policy body and privacy information body.
(3) according to the privacy information body that produces, the privacy information owner checks the attribute of this privacy information, and which the credentials that promptly needs the requestor to provide has;
3. the privacy information owner informs the credentials that the privacy information requestor need provide;
4. the privacy information requestor submits the credentials of its requirement to the privacy information owner, otherwise finishes communication;
5. after the privacy information owner receives the credentials of privacy information requestor submission, do following processing:
(1) the privacy information owner calls the trust evaluation model according to the credentials of submitting to and does trust evaluation;
(2) according to the trust evaluation result, check the pairing privacy protection policy body of requested privacy information, if the result of trust evaluation satisfies the constraint of privacy protection policy body credentials, then allow this privacy information of privacy information requester accesses; If do not satisfy, then turn to 3. to require the privacy information requestor to continue to provide credentials;
6. inform privacy information requestor result.
The present invention proposes a kind of based on trusting and ontological method for protecting privacy, this method can integrate with the existing various applied environments of specification details under the privacy information protection strategy, with the method for secret protection seamless integration that the user adopts in different computing environments, compatible mutually with existing method for protecting privacy; Adopt the ontological method can be abstract in trust attribute privacy protection policy, fully described the needed trust information of visit privacy information from semantic angle.
Description of drawings
Fig. 1 privacy protection policy body of the present invention figure
Fig. 2 privacy information body of the present invention figure
Fig. 3 privacy protection policy body of the present invention optimization figure
Fig. 4 privacy information body of the present invention optimization figure
Fig. 5 application framework structure figure of the present invention
Fig. 6 application process flow chart of the present invention
Fig. 7 the specific embodiment of the present invention key diagram
Embodiment
It is example that the specific embodiment of the invention is divided privacy information with semantic " identity ", and the privacy information that the user is relevant with identity is protected.
User's privacy protection policy is according to credentials and the constraint thereof of semantic abstraction for a certain class privacy information needs of protection, produces the privacy protection policy body and it is optimized.
User's privacy information is expressed as one three layers privacy information body with semantic " identity " tissue privacy information body.Top layer is represented the privacy information of user identity; The second layer has two bodies, and one is pupilage, and one is the ecommerce identity; In the 3rd layer, pupilage comprises curriculum information and achievement information, the ecommerce identity comprises the information of ecommerce identity 1 (electricity merchant identity 1) and the information of ecommerce identity 2 (electricity merchant identity 2), this is that the associated privacy information of generation is not quite similar because the user may do shopping in different ecommerce with different identity.
According to the privacy protection policy body, the attribute of each class privacy information body is the needed credentials of such privacy information of visit.Shown in Fig. 7 (a), the visit curriculum information needs credentials T1, T2, T3; Visit achievement informational needs credentials T1, T2, T4; The information of visit ecommerce identity 1 and ecommerce identity 2 all needs credentials T1, T5.Each credentials is expressed as follows implication:
T1: the number of times that success is mutual;
T2: whether be the teacher of this school;
T3: mutual satisfaction;
T4: recommendation trust;
T5: authentication information.
The type of credentials is represented the value classification of credentials, and the type of each credentials is:
T1: integer type is designated as Int;
T2: Boolean type is designated as Bool;
T3: approximate type is designated as Real;
T4: approximate type is designated as Real;
T5: character string type is designated as Str.
Because pupilage and ecommerce identity are shared credentials T1, therefore T1 can be risen to ground floor; Therefore curriculum information and achievement information sharing attribute credentials T2 can mention this one deck of pupilage to T2; In like manner, ecommerce identity 1 and ecommerce identity 2 shared credentials T5 are mentioned this one deck of ecommerce identity.So just finished the optimization of privacy information body,, can simplify trust evaluation by the privacy information body of optimizing because be credentials for the attribute of sharing, and needn't be when trust evaluation repeated calculation, only need to calculate once can repeatedly use.
When the user will be in the shopping of e-commerce website, this website required user to submit some identity informations to.The user checks the privacy information body of oneself, and finding out the credentials that need submit to the website is T1, T2, T3, T4, T5, and informs the website.The website submits to relevant credentials to give the user, and the user does trust evaluation by the trust evaluation model to this website according to the history mutual information of these credentials and self and website.The trust evaluation result is as follows:
| Credentials | Type | Value |
| ??T1 | ??Int | ??8 |
| ??T2 | ??Bool | ??false |
| ??T3 | ??Real | ??0.7 |
| ??T4 | ??Real | ??0.9 |
| ??T5 | ??Str | ??pass |
Finish after the trust evaluation, the user checks the privacy protection policy body of these privacy informations of control, whether satisfies constraint in the privacy protection policy body according to the trust evaluation result, comes the privacy information request of website is made a policy.
The trust evaluation result is as follows with constraint:
| Credentials | Value | Constraint |
| ??T1 | ??8 | ??>6 |
| ??T2 | ??false | ??true |
| ??T3 | ??0.7 | ??>0.5 |
| ??T4 | ??0.9 | ??>0.6 |
| ??T5 | ??pass | ??pass |
This shows, the website can calling party about the information of ecommerce identity; Because the constraint of credentials T2 (promptly proving the teacher of this school) can not be satisfied in the website, the user refuses the information of its relevant pupilage of this website visiting, thereby has protected user's privacy information.
Adopt the present invention to integrate the numerous privacy protection strategies of existing existence and specification details, can protect privacy information effectively in network environment, flexible Application has favorable compatibility and applicability among various computing environment simultaneously.
Claims (1)
1. one kind based on trusting and ontological method for protecting privacy, it is characterized in that, may further comprise the steps:
1). the privacy information requestor sends the request of its privacy information of visit to the privacy information owner;
2). the privacy information owner receives request, and following several steps of doing of request are handled:
(2.1) adopt the sorting technique of extracting semanteme to produce the privacy protection policy body, privacy protection policy body attribute is the credentials to claimed privacy information, and the constraint of each credentials;
The privacy protection policy body shows as the tree structure of layering, and root is at top, and leaf below; Top layer is that the ground floor privacy policy is the father node of second layer strategy, and the 3rd layer of strategy is the child node of second layer strategy, by that analogy; The privacy protection policy body has following three characteristics: inherited characteristics, forced characteristic, default characteristic;
(2.2) adopt the sorting technique of extracting semanteme to produce the privacy information body, privacy information body attribute is a credentials, and the type of each credentials;
The privacy information body shows as the tree structure of layering, and root is at top, and leaf below; Top layer is that the ground floor privacy information is the father node of second layer privacy information, and the 3rd layer of privacy information is the child node of second layer privacy information, by that analogy; The privacy information body possesses and has following three characteristics: inherited characteristics, forced characteristic, default characteristic;
(2.3) after privacy protection policy body and privacy information body produce, be optimized; The optimization method of privacy protection policy body and privacy information body is, if two or more being in one deck and the identical body of father node has certain or some identical attributes, then this identical attribute is promoted to last layer, promptly join in the father node attribute, simultaneously this identical attribute of deletion in former body;
(2.4) according to the privacy information body that produces, the privacy information owner checks the attribute of this privacy information, and which the credentials that promptly needs the requestor to provide has;
3). the privacy information owner informs the credentials that the privacy information requestor need provide;
4). the privacy information requestor submits the credentials of its requirement to the privacy information owner, otherwise finishes communication;
5). the privacy information owner does following processing after receiving the credentials of privacy information requestor submission:
(5.1) the privacy information owner calls the trust evaluation model according to the credentials of submitting to and does trust evaluation;
(5.2) according to the trust evaluation result, check the pairing privacy protection policy body of requested privacy information, if the result of trust evaluation satisfies the constraint of privacy protection policy body credentials, then allow this privacy information of privacy information requester accesses; If do not satisfy, then turn to 3); Require the privacy information requestor to continue to provide credentials;
6). inform privacy information requestor result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010123416 CN101841530A (en) | 2010-03-12 | 2010-03-12 | Privacy information protection method based on trust and ontology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010123416 CN101841530A (en) | 2010-03-12 | 2010-03-12 | Privacy information protection method based on trust and ontology |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101841530A true CN101841530A (en) | 2010-09-22 |
Family
ID=42744655
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010123416 Pending CN101841530A (en) | 2010-03-12 | 2010-03-12 | Privacy information protection method based on trust and ontology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101841530A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102929931A (en) * | 2012-09-24 | 2013-02-13 | 上海师范大学 | Information credibility assessment method based on body in semantic net |
| CN108476403A (en) * | 2016-02-26 | 2018-08-31 | 慧与发展有限责任合伙企业 | Equipment secret protection |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006068551A1 (en) * | 2004-12-22 | 2006-06-29 | Telefonaktiebolaget Lm Ericsson (Publ) | Means and method for control of personal data |
| US20070081088A1 (en) * | 2005-09-29 | 2007-04-12 | Sony Corporation | Information processing apparatus and method, and program used therewith |
| CN101155025A (en) * | 2006-09-27 | 2008-04-02 | 华为技术有限公司 | Intimacy protection system and method and global permission management server and client terminal |
| CN101493874A (en) * | 2009-01-08 | 2009-07-29 | 西安交通大学 | Personal context information privacy protection policy automatic generating method |
| CN101667199A (en) * | 2009-09-18 | 2010-03-10 | 浙江大学 | Protection method of private data of users in personalized search environment |
-
2010
- 2010-03-12 CN CN 201010123416 patent/CN101841530A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006068551A1 (en) * | 2004-12-22 | 2006-06-29 | Telefonaktiebolaget Lm Ericsson (Publ) | Means and method for control of personal data |
| US20070081088A1 (en) * | 2005-09-29 | 2007-04-12 | Sony Corporation | Information processing apparatus and method, and program used therewith |
| CN101155025A (en) * | 2006-09-27 | 2008-04-02 | 华为技术有限公司 | Intimacy protection system and method and global permission management server and client terminal |
| CN101493874A (en) * | 2009-01-08 | 2009-07-29 | 西安交通大学 | Personal context information privacy protection policy automatic generating method |
| CN101667199A (en) * | 2009-09-18 | 2010-03-10 | 浙江大学 | Protection method of private data of users in personalized search environment |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102929931A (en) * | 2012-09-24 | 2013-02-13 | 上海师范大学 | Information credibility assessment method based on body in semantic net |
| CN108476403A (en) * | 2016-02-26 | 2018-08-31 | 慧与发展有限责任合伙企业 | Equipment secret protection |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Carminati et al. | Semantic web-based social network access control | |
| Du et al. | Community-structured evolutionary game for privacy protection in social networks | |
| CN104270386B (en) | Across application system user (asu) information integrating method and identity information management server | |
| Li et al. | Privacy leakage via de-anonymization and aggregation in heterogeneous social networks | |
| CN107332847A (en) | A kind of access control method and system based on block chain | |
| Nuzulita et al. | The role of risk‐benefit and privacy analysis to understand different uses of social media by Generations X, Y, and Z in Indonesia | |
| Verhulsdonck et al. | Smart cities, playable cities, and cybersecurity: a systematic review | |
| Mandal et al. | Pythagorean fuzzy preference relations and their applications in group decision‐making systems | |
| CN105045933B (en) | Mapping method between apparel maintenance support information relationship database schema and body | |
| Hong et al. | Diversity and optimality | |
| Le et al. | Full autonomy: A novel individualized anonymity model for privacy preserving | |
| De et al. | To reveal or not to reveal: balancing user-centric social benefit and privacy in online social networks | |
| Stevenson | Consumer culture, ecology and the possibility of cosmopolitan citizenship | |
| Marés et al. | On the protection of social networks user’s information | |
| Graeff | What we should do before the social bots take over: Online privacy protection and the political economy of our near future | |
| Beach et al. | q-Anon: Rethinking anonymity for social networks | |
| CN101841530A (en) | Privacy information protection method based on trust and ontology | |
| CN111737596B (en) | Interpersonal relationship map processing method and device, electronic equipment and storage medium | |
| Archer et al. | Class identification in review: past perspectives and future directions | |
| Jurová | On Etzioni’s concept of a responsive community | |
| Palaiologos | Theorising on arab family businesses | |
| Li et al. | Trapezoidal intuitionistic fuzzy multiattribute decision making method based on cumulative prospect theory and Dempster-Shafer theory | |
| CN107657539A (en) | It is a kind of can multinomial selection human connection resource software management system and method | |
| Reza et al. | 3lp: Three layers of protection for individual privacy in facebook | |
| Sahin et al. | Europe’s Capacity to Act in the Global Tech Race |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20100922 |