CN105975871B - A kind of protecting sensitive data method and system - Google Patents

Abstract

The disclosure discloses a kind of protecting sensitive data method and system; applied to Intelligent mobile equipment; methods described includes the tense related information of statistics perception data correspondence context; context sensitivity set, the risk threshold value of context sensitivity leakage are set; based on the tense related information, context sensitivity set, risk threshold value, the submission probability of current perception data is calculated, threshold value is submitted in random generation; the submission probability obtained according to calculating, selection perception data carries out the step such as submitting；Methods described considers the disclosure risk that current perception data is triggered to previous moment and the possible sensitive data of later moment in time, decides whether to submit current perception data by calculating, to ensure the disclosure risk of user's sensitive data in controlled range；Meanwhile, local tense related information of the methods described when submitting perception data only only in accordance with current perception data, required computing resource and storage resource is smaller, is more suitable for realizing on Intelligent mobile equipment.

Description

A kind of protecting sensitive data method and system

Technical field

This disclosure relates to data security arts, particularly a kind of protecting sensitive data method and system.

Background technology

At present, various sensors (such as microphone, camera, GPS, gyroscope, acceleration, optical sensor) be embedded in Intelligent mobile equipment (such as smart mobile phone, mobile flat board, intelligent watch, Intelligent bracelet) progressively incorporate the daily of people In Working Life.Meanwhile, the application (application, abbreviation app) that may operate on Intelligent mobile equipment is largely developed Out, including context-aware applications (Context-aware applications).Context-aware applications can be according to The perception data that embedded sensor is gathered in the Intelligent mobile equipment carried according to user, is inferred to the current context of user Information, so as to provide the user personalization, context-aware service.Such as, with reference to GPS (global positioning system, Global Positioning System) information that sensor is gathered, the position (being in or in office etc.) of user can be pushed off Out, the data that acceleration transducer is gathered may infer that user motion state (it is static, walk or by bus etc.), microphone (Mic) intensity of sound (whether there is noise) around user can be obtained.At present, it is widely used on Intelligent mobile equipment Include than more typical context-aware applications：Wechat (knowing wechat user around user by shaking function), Whether Twitter (can be to the other users pushed information for around using Twitter), GeoReminder (can inform user Reach specified location), intelligent health bracelet (user's amount of exercise of one day can be detected).

On the other hand, the context-aware applications based on Intelligent mobile equipment platform are giving people to provide context-sensitive In service process, the risk for also having triggered serious user's sensitive data to reveal.Such as, personal sensitive data (such as suffers from certain Disease, it is in Special geographical position) it may be inferred to by the context-aware applications of malice, and illegally it is sold to third party's clothes Be engaged in device or advertiser, to obtain economic interests or other interests.If a malice clique knows that user's is quick by malice app Feel positional information (such as user is current to walk alone on remote road), then user may be by serious life wealth Production is threatened.But, it is contemplated that the convenient personalized service that context-aware applications are provided, most of users may also can It is continuing with these context-aware applications.Therefore, how research effectively protects user's quick on Intelligent mobile equipment platform Contextual information is felt, with important practical significance and wide application prospect.

From existing achievement in research, the current protecting sensitive data method and system institute towards Intelligent mobile equipment The granularity of user's sensitive data of protection is thicker, such as in Android (Android) and apple (IOS) system, user often only It can statically specify an app to use the device resources such as particular sensor, and in fine granularity app can not be specified dynamically to make With sensor, such as, as long as user is in hospital, Baidu map app cannot access gps data, so as to protect the position of user Privacy-sensitive data.But, simple dynamic protecting sensitive data strategy can not effectively protect the sensitive number of user sometimes According to.Under this policy, if user is not presently within context sensitivity, then allow app to access the contextual information；Otherwise prohibit Only it is accessed.The main cause for causing the dynamic strategy to fail is there is tense related information between the contextual information of user. Such as, the florist's shop of user currently near hospital, then following user goes the possibility of hospital just than larger.One attacker The tense related information between context can be utilized, is inferred to whether user is currently in above and below certain sensitivity with greater probability Text.

Therefore, on the basis of context tense related information is taken into full account, design is a kind of to be applied to Intelligent mobile equipment Fine-grained dynamic protecting sensitive data method, be very necessary.

The content of the invention

In view of the above-mentioned problems, present disclose provides a kind of protecting sensitive data method, methods described comprises the steps：

S100, statistics perception data correspondence context tense related information；

S200, the risk threshold value for setting context sensitivity set, context sensitivity to reveal；

S300, based on the tense related information, context sensitivity set, risk threshold value, calculate current perception data Submit probability；

Threshold value is submitted in S400, random generation, and the submission probability obtained according to calculating, selection perception data is submitted.

Further, the tense related information of perception data is counted in the step S100, is comprised the steps：

S101, one period set T={ t of acquisition₁, t₂... } represent, wherein, t_iFor the i-th period, i=1, 2 ..., N, N are the sum of period；

S102, the various contexts being likely to occur to each period, deduction on the period, with set C_iDuring expression Between section t_iOn the various contexts that are likely to occur；And the probability that each context occurs on each period is counted, useMark Know in time period t_iOn go out occurrence context c probability, wherein c ∈ C_i, i=1,2 ..., N；

S103, for two adjacent periods, count from a context transfer of previous time period to latter time The probability of another context of section；WithRepresent in time period t_iUnder conditions of place context c, in next time period t_i+1Will Probability in context c ', wherein c, c ' ∈ C_i, i=1,2 ..., N-1.

Preferably, probability is submitted to be calculated by following formula in the step S300：

And following condition is set up,

In formula：

c_iIt is user in time period t_iThe set of context being likely to be at；S is the context sensitivity set that user is set, i= 2,3 ..., N-1；

p_{C, c}It is the probability that the corresponding perception datas of context c are submitted when user is in context c；p_{C ', c}It is to work as user The probability of the data corresponding to context c is submitted when being in context c ', wherein, c ' ≠ c；

δ is the risk threshold value for the context sensitivity leakage that user is set；

It is user in time period t_iIt is in context c probability；It is user in time period t_i-1It is in context c ' Probability,It is user in time period t_i+1It is in context c " probability；It is user in time period t_iIt is in context c ' Probability；

It is user in time period t_iUnder conditions of being in context c, in time period t_i+1By in the general of context c ' Rate；It is user in time period t_i-1Under conditions of being in context c ', in time period t_iProbability in context c； It is user in time period t_i-1Under conditions of being in context c ", in time period t_iProbability in context c；Exist for user Time period t_iUnder conditions of being in context c, in time period t_i+1Context c " probability will be in；

It is user in time period t_i-1Under conditions of being in context c ', in time period t_iNormalizing in context c Change probability；Calculated by following formula：

Preferably, perception data is submitted to comprise the following steps according to the probability calculated in the step S400：

S401：A number in random generation interval [0,1] is used as submission threshold value；

S402：If the submission threshold value is less than or equal to the submission probability, current perception data is submitted；Otherwise, submit The perception data of non-present.

According to described method, a kind of sensitive data protection system is realized, the system includes statistical module, sets mould Block, computing module and submission module；Wherein：

The statistical module, is used for：Count the tense related information of perception data correspondence context；

The setup module, is used for：Context sensitivity set, the risk threshold value of context sensitivity leakage are set；

The computing module, is used for：Set in the tense related information and setup module that are obtained based on statistical module Context sensitivity set, the risk threshold value of context sensitivity leakage, calculate the submission probability of current perception data；

The submission module, is used for：The submission probability obtained based on computing module, with reference to the submission threshold value generated at random, Selection perception data is submitted.

The advantage of the disclosure compared with prior art is：

1) present disclose provides a kind of fine-grained protecting sensitive data method, based on current perception data to previous moment The disclosure risk that the sensitive data perceived with later moment in time is triggered, determines to submit current perception data still to submit by calculating Non-present perception data, so as to ensure the disclosure risk of user's sensitive data in controlled range.

2) local tense of the method for disclosure when submit perception data decision-making only only in accordance with current perception data is closed Join information, while ensureing that the disclosure risk of user's sensitive data is in controlled range, required computing resource and storage is provided Source is smaller, is more suitable for realizing on Intelligent mobile equipment.

Brief description of the drawings

Fig. 1 is the protecting sensitive data scene graph of disclosure Intelligent mobile equipment；

Fig. 2 is the flow chart for the protecting sensitive data method that the disclosure is proposed；

Fig. 3 is context schematic diagram residing for time adjacent segments user in disclosure one embodiment；

Fig. 4 is context schematic diagram residing for time adjacent segments user in disclosure one embodiment.

Embodiment

Fig. 1 is the protecting sensitive data scene graph of disclosure Intelligent mobile equipment, in the scene graph, the hand-held intelligence of user Energy mobile device is by the sensor senses data such as GPS, WiFi, Mic, the protecting sensitive data method processing by the disclosure Afterwards, context-aware applications are submitted to；The perception data that context-aware applications are submitted based on user, so as to provide the user Corresponding personalized, context-sensitive service, meanwhile, context-aware applications may be information leakages such as perception datas To attacker.The protecting sensitive data method of the disclosure is used as a bridge between Intelligent mobile equipment and context-aware applications Beam, serves the purpose of protection user's sensitive data.

In one embodiment it is proposed that a kind of protecting sensitive data method, methods described includes as shown in Figure 2 following Step：

S100, statistics perception data correspondence context tense related information；

S200, the risk threshold value for setting context sensitivity set, context sensitivity to reveal；

S300, based on the tense related information, context sensitivity set, risk threshold value, calculate current perception data Submit probability；

Threshold value is submitted in S400, random generation, and the submission probability obtained according to calculating, selection perception data is submitted.

Further, the tense related information of perception data is counted in the step S100, is comprised the steps：

S101, one period set T={ t of acquisition₁, t₂... } represent, wherein, t_iFor the i-th period, i=1, 2 ..., N, N are the sum of period；

S102, the various contexts being likely to occur to each period, deduction on the period, with set C_iDuring expression Between section t_iOn the various contexts that are likely to occur；And the probability that each context occurs on each period is counted, useMark Know in time period t_iOn go out occurrence context c probability, wherein c ∈ C_i, i=1,2 ..., N；

S103, for two adjacent periods, count from a context transfer of previous time period to latter time The probability of another context of section；WithRepresent in time period t_iUnder conditions of place context c, in next time period t_i+1Will Probability in context c ', wherein c, c ' ∈ C_i, i=1,₂..., N-1.

Optionally, the daily time of a user is divided into several consecutive hourss by a kind of step S101 be achieved in that Between section, such as each hour is divided into a period, is divided into 24 periods, respectively 1,2,3 ..., 24, and Be 1 (the 1st period of the 2nd day) in 24 next period, be next 2 successively, 3 ..., 24, so constantly circulate Back and forth.Therefore, if t_i=6, then its next time period t_i+1=7, its a upper time period t_i-1=5；If t_i=24, then Its next time period t_i+1=1, its a upper time period t_i-1=23.

Optionally, user can be divided into week and week the time weekly by step S101 another be achieved in that End, then respectively in week and time that weekend is daily carries out discretization.

The risk threshold value δ that context sensitivity is revealed in the step S200 is the number between (0,1), and its numerical value is bigger, Represent that the risk that user allows its context sensitivity to reveal is bigger, so that attacker conjecture user is in correct context sensitivity Probability it is bigger, conversely, its numerical value is smaller, the possibility that context sensitivity is guessed right by attacker is smaller.

It is pointed out that once user specifies the risk threshold value δ of its context sensitivity leakage, then method of disclosure It will ensure that any attacker guesses that user is in the probability of context sensitivity in controlled range, i.e., at attacker's conjecture user Such as lower inequality is met in the probability of context sensitivity：

Wherein,Represent that attacker guesses user in time period t_iContext sensitivity c probability is in,Represent that user exists Time period t_iIt is in context sensitivity c probability, wherein c ∈ C_i。

It is further noted that no matter user is in time period t_iWhether context sensitivity c is in, if attacker guesses Survey it and be in context sensitivity c, then attacker guesses that correct probability is at leastTherefore, if attacker is quick to user Feel context and guess that correct probability is bigger, then the compromised risk of user's sensitive data is bigger.The purpose of attacker is exactly So thatAnd the purpose of the present invention is to ensure that attacker conjecture user is correct in context sensitivity Rate meets formulaUnder conditions of so that user is supplied to the perception data of context-aware applications to reach most Bigization.

Preferably, probability is submitted to be calculated by following formula in the step S300：

And following condition is set up,

In formula：

C_iIt is user in time period t_iThe set of context being likely to be at；S is the context sensitivity set that user is set, i= 2,3 ..., N-1；

p_{C, c}It is the probability that the corresponding perception datas of context c are submitted when user is in context c；p_{C ', c}It is to work as user The probability of the data corresponding to context c is submitted when being in context c ', wherein, c ' ≠ c；

δ is the risk threshold value for the context sensitivity leakage that user is set；

It is user in time period t_iIt is in context c probability；It is user in time period t_i-1It is in context c ' Probability,It is user in time period t_i+1It is in context c " probability；It is user in time period t_iIt is in context c ' Probability；

It is user in time period t_iUnder conditions of being in context c, in time period t_i+1By in the general of context c ' Rate；It is user in time period t_i-1Under conditions of being in context c ', in time period t_iProbability in context c； It is user in time period t_i-1Under conditions of being in context c ", in time period t_iProbability in context c；Exist for user Time period t_iUnder conditions of being in context c, in time period t_i+1Context c " probability will be in；

It is user in time period t_i-1Under conditions of being in context c ', in time period t_iNormalizing in context c Change probability；Calculated by following formula：

Preferably, perception data is submitted to comprise the following steps according to the probability calculated in the step S400：

S401：A number in random generation interval [0,1] is used as submission threshold value；

S402：If the submission threshold value is less than or equal to the submission probability, current perception data is submitted；Otherwise, submit The perception data of non-present.

The perception data of non-present described here, the perception data of the non-present refers to differ with current perception data , the perception data forged, and the data of the forgery are still meaningful, can derive a context, and user Above-mentioned derived context is likely to be in the time period t, so that attacker is difficult to guess that the perception data is It is current or non-present, and then the difficulty that attacker conjecture user is presently in context is added, simultaneously as adjacent There is tense incidence relation between period context, therefore, the context residing for active user if attacker has guessed wrong, that The possibility for continuing to guess wrong in subsequent period of time can be greatly increased.

Example below combination accompanying drawing 3 illustrates the application of method of disclosure.

In one embodiment, period set T={ t₁, t₂, t₃, the period is presently in for t₂.Assuming that according to history Data, are inferred to user in time period t₂Upper residing set of context is { c₂, c₃, in time period t₁And t₃Upper user can be at Set of context is respectively { c₁And { c₄}。

User is counted in time period t₁In context c₁ProbabilityFor 1.0, in time period t₂It is upper to be in context c₂ ProbabilityFor 0.5, in time period t₂It is upper to be in context c₃ProbabilityFor 0.5, and in time period t₃On be in above and below Literary c₄ProbabilityFor 1.0.

User is counted in time period t₁Residing context c₁Under conditions of, in time period t₂It is upper to be in context c₂It is general RateFor 0.5；User is in time period t₁Residing context c₁Under conditions of, in time period t₂It is upper to be in context c₃ProbabilityFor 0.5；User is in time period t₂Residing context c₂Under conditions of, in time period t₃It is upper to be in context c₄Probability For 1.0；User is in time period t₂Residing context c₃Under conditions of, in time period t₃It is upper to be in context c₄ProbabilityFor 1.0.In figure 3, represent that the numeral near the context that user is likely to occur, circle represents that user goes out in the context with circle Existing probability, is represented from the context transfer where directed edge starting point to directed edge with the numeral on the directed edge between context The probability of the context of sensing, such as in time period t₁And t₂Between from context c₁In the presence of sensing context c₂Directed edge, thereon Numeral 0.5 beValue.

The context sensitivity collection that user is set is combined into { c₃, risk threshold value δ=0.05 of context sensitivity leakage, if currently Residing context is c₃.The submission probability of current perception data is calculated according to formula (1)：

Following condition is set up：

Above-mentioned equation is solved, can be obtainedWherein,It is general to submit Rate.The number generated at random in interval [0,1] is 0.5, as threshold value is submitted, due to 0.5 less than or equal to submission generally RateTherefore user submits current perception data.

In another embodiment, the perception data of statistics is constant, the tense related information of its corresponding context and upper One embodiment is identical, and current slot is t₂, the context being presently in is c₃, except that being given birth at random in interval [0,1] Into a number be 0.6, as submit threshold value.Because 0.6 more than submission probabilityThen user submits one The perception data of non-present, and the context that the perception data is derived belongs to context c of the user in current slot₂。

In another embodiment, compared with a upper embodiment, the perception data of statistics is constant, its corresponding context Tense related information is identical with a upper embodiment, and current slot is still t₂, but infer that its is corresponding according to current perception data Context is c₂If the submission threshold value generated at random is 0.5, because it is less than or equal to submit probabilityTherefore User submits current perception data.

In another embodiment, compared with a upper embodiment, the perception data of statistics is constant, its corresponding context Tense related information is identical with a upper embodiment, and current slot is still t₂, according to current perception data infer its it is corresponding on Hereinafter c₂If the submission threshold value generated at random is 0.7, probability is submitted because it is more thanTherefore user submits The perception data of one non-present, the context that the perception data is derived belongs to context of the user in current slot c₃。

In this way, attacker sees the perception data currently submitted, and derives corresponding to the perception data Context is context sensitivity c₃, but be difficult to distinguish whether the perception data is the currently practical perception data of user, so as to increase Current attack person has been added to guess the difficulty of actual, real context residing for user.

Example below combination Fig. 4 illustrates the application of method of disclosure.

In one embodiment, period set T={ t₃, t₄, t₅, current slot is t₄.Assuming that according to time period t₄ History perception data before, is inferred to user in time period t₄Upper user can be at set of context { c₃, c₄, in the period t₃And t₅It is respectively { c that upper user, which can be at set of context,₁, c₂And { c₅, c₆}；Meanwhile, user can be counted in each period t_iThe upper probability in each possible context；Circle in Fig. 4 is represented near the context that user is likely to occur, circle Numeral represents the probability that user occurs in the context, such as in time period t₃When the user that counts be in context c₁Probability ForIn time period t₄When, user is in context c₃And c₄Probability, be respectivelyWith Numeral on directed edge in Fig. 4 between context represents what is pointed to from the context transfer where directed edge starting point to directed edge The probability of context, the tense incidence relation between time adjacent segments context is reacted with this.Such as in time period t₃And t₄Between from Context c₁In the presence of sensing context c₃Directed edge, numeral 0.5 thereon isValue.

In the present embodiment, user sets context sensitivity collection to be combined into { c₂, c₄, c₅, while setting context sensitivity to reveal Risk threshold value δ=0.1.Assuming that the context according to residing for current perception data infers user is c₄, calculate current according to formula (1) The submission probability of perception data under context,

Following condition is set up：

In formula：

As seen in Figure 4,For 0.5,For 0.393,For 0.5,For 0.45.Calculated according to formula (2)：

User is in time period t₃It is in context c₂Under conditions of, in time period t₄In context c₃Normalization probability：

And user is in time period t₃It is in context c₂Under conditions of, in time period t₄In context c₄Normalization Probability：

Above-mentioned equation is solved, can be obtainedWithWherein：It is when above and below user is in Literary c₃When submit context c₃Corresponding perception data probability,It is when user is in context c₄When submit context c₄ The probability of corresponding perception data.

The number of random generation one in interval [0,1] is 0.4, because it is less than or equal to submit probability Therefore user submits current perception data.

In another embodiment, if the number of random generation one in interval [0,1] is 0.5, submitted because it is more than ProbabilityThen user submits the perception data of a non-present, and the context that the perception data is derived belongs to Context c of the user in current slot₃。

In another embodiment shown in Fig. 4, if the context according to residing for current perception data infers user is c₃, then Submit probability beRandom number in interval [0,1] is 0.4, because it is less than or equal to 0.583, therefore user Submit current perception data.

According to described method, a kind of sensitive data protection system is realized, the system includes statistical module, sets mould Block, computing module and submission module；Wherein：

The statistical module, is used for：Count the tense related information of perception data correspondence context；

The setup module, is used for：Context sensitivity set, the risk threshold value of context sensitivity leakage are set；

The computing module, is used for：Set in the tense related information and setup module that are obtained based on statistical module Context sensitivity set, the risk threshold value of context sensitivity leakage, calculate the submission probability of current perception data；

The submission module, is used for：The submission probability obtained based on computing module, with reference to the submission threshold value generated at random, Selection perception data is submitted.

The disclosure is described in detail above, used herein specific case principle of this disclosure and embodiment party Formula is set forth, and the explanation of above example is only intended to help and understands disclosed method and its core concept；Meanwhile, it is right In those skilled in the art, according to the thought of the disclosure, it will change in specific embodiments and applications, it is comprehensive Upper described, this specification content should not be construed as limitation of this disclosure.

Claims (2)

1. a kind of protecting sensitive data method, it is characterised in that methods described comprises the steps：

S100, statistics perception data correspondence context tense related information；

S200, the risk threshold value for setting context sensitivity set, context sensitivity to reveal；

S300, based on the tense related information, context sensitivity set, risk threshold value, calculate the submission of current perception data Probability；

Threshold value is submitted in S400, random generation, and the submission probability obtained according to calculating, selection perception data is submitted；Specific bag Include following step：

S401：A number in random generation interval [0,1] is used as submission threshold value；

S402：If the submission threshold value is less than or equal to the submission probability, current perception data is submitted；Otherwise, non-work as is submitted Preceding perception data；

Probability is submitted to be calculated by following formula in the step S300：

And following condition is set up：

1)If c is not context sensitivity,

<mrow> <msub> <mi>p</mi> <mrow> <mi>c</mi> <mo>,</mo> <mi>c</mi> </mrow> </msub> <mo>&amp;le;</mo> <munder> <mi>min</mi> <mrow> <msup> <mi>c</mi> <mo>&amp;prime;</mo> </msup> <mo>,</mo> <msup> <mi>c</mi> <mrow> <mo>&amp;prime;</mo> <mo>&amp;prime;</mo> </mrow> </msup> <mo>&amp;Element;</mo> <mi>S</mi> </mrow> </munder> <mrow> <mo>(</mo> <mfrac> <msubsup> <mi>P</mi> <msup> <mi>c</mi> <mo>&amp;prime;</mo> </msup> <msub> <mi>t</mi> <mrow> <mi>i</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> </msubsup> <msubsup> <mover> <mi>P</mi> <mo>^</mo> </mover> <mrow> <msup> <mi>c</mi> <mo>&amp;prime;</mo> </msup> <mo>,</mo> <mi>c</mi> </mrow> <msub> <mi>t</mi> <mrow> <mi>i</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> </msubsup> </mfrac> <mo>,</mo> <mfrac> <msubsup> <mi>P</mi> <msup> <mi>c</mi> <mrow> <mo>&amp;prime;</mo> <mo>&amp;prime;</mo> </mrow> </msup> <msub> <mi>t</mi> <mrow> <mi>i</mi> <mo>+</mo> <mn>1</mn> </mrow> </msub> </msubsup> <msubsup> <mover> <mi>P</mi> <mo>^</mo> </mover> <mrow> <mi>c</mi> <mo>,</mo> <msup> <mi>c</mi> <mrow> <mo>&amp;prime;</mo> <mo>&amp;prime;</mo> </mrow> </msup> </mrow> <msub> <mi>t</mi> <mi>i</mi> </msub> </msubsup> </mfrac> <mo>,</mo> <mn>1.0</mn> <mo>)</mo> </mrow> <mo>;</mo> </mrow>

2)If c is context sensitivity,

<mrow> <msub> <mi>p</mi> <mrow> <mi>c</mi> <mo>,</mo> <mi>c</mi> </mrow> </msub> <mo>&amp;le;</mo> <munder> <mi>min</mi> <mrow> <msup> <mi>c</mi> <mo>&amp;prime;</mo> </msup> <mo>,</mo> <msup> <mi>c</mi> <mrow> <mo>&amp;prime;</mo> <mo>&amp;prime;</mo> </mrow> </msup> <mo>&amp;Element;</mo> <mi>S</mi> </mrow> </munder> <mrow> <mo>(</mo> <mfrac> <msubsup> <mi>P</mi> <msup> <mi>c</mi> <mo>&amp;prime;</mo> </msup> <msub> <mi>t</mi> <mrow> <mi>i</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> </msubsup> <msubsup> <mover> <mi>P</mi> <mo>^</mo> </mover> <mrow> <msup> <mi>c</mi> <mo>&amp;prime;</mo> </msup> <mo>,</mo> <mi>c</mi> </mrow> <msub> <mi>t</mi> <mrow> <mi>i</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> </msubsup> </mfrac> <mo>,</mo> <mfrac> <msubsup> <mi>P</mi> <msup> <mi>c</mi> <mrow> <mo>&amp;prime;</mo> <mo>&amp;prime;</mo> </mrow> </msup> <msub> <mi>t</mi> <mrow> <mi>i</mi> <mo>+</mo> <mn>1</mn> </mrow> </msub> </msubsup> <msubsup> <mi>P</mi> <mrow> <mi>c</mi> <mo>,</mo> <msup> <mi>c</mi> <mrow> <mo>&amp;prime;</mo> <mo>&amp;prime;</mo> </mrow> </msup> </mrow> <msub> <mi>t</mi> <mi>i</mi> </msub> </msubsup> </mfrac> <mo>,</mo> <msubsup> <mi>P</mi> <mi>c</mi> <msub> <mi>t</mi> <mi>i</mi> </msub> </msubsup> <mo>+</mo> <mi>&amp;delta;</mi> <mo>)</mo> </mrow> <mo>;</mo> </mrow>

3)If c is context sensitivity,

<mrow> <msubsup> <mi>P</mi> <mi>c</mi> <msub> <mi>t</mi> <mi>i</mi> </msub> </msubsup> <mo>&amp;CenterDot;</mo> <mrow> <mo>(</mo> <mn>1.0</mn> <mo>-</mo> <msub> <mi>p</mi> <mrow> <mi>c</mi> <mo>,</mo> <mi>c</mi> </mrow> </msub> <mo>)</mo> </mrow> <mo>&amp;le;</mo> <munder> <mo>&amp;Sigma;</mo> <mrow> <msup> <mi>c</mi> <mo>&amp;prime;</mo> </msup> <mo>&amp;NotEqual;</mo> <mi>c</mi> </mrow> </munder> <msub> <mi>p</mi> <mrow> <msup> <mi>c</mi> <mo>&amp;prime;</mo> </msup> <mo>,</mo> <mi>c</mi> </mrow> </msub> <mo>&amp;CenterDot;</mo> <msubsup> <mi>P</mi> <msup> <mi>c</mi> <mo>&amp;prime;</mo> </msup> <msub> <mi>t</mi> <mi>i</mi> </msub> </msubsup> <mo>;</mo> </mrow>

In formula：

C_iIt is user in time period t_iThe set of context being likely to be at；

S is the context sensitivity set that user is set, i=2,3 ..., N-1；N is the sum of period；

p_c,cIt is the probability that the perception data corresponding to context c is submitted when user is in context c；

p_c',cIt is the probability that the perception data corresponding to context c is submitted when user is in context c', wherein, c' ≠ c；

δ is the risk threshold value for the context sensitivity leakage that user is set；

It is user in time period t_iIt is in context c probability；It is user in time period t_i-1It is in the general of context c' Rate,It is user in time period t_i+1It is in context c " probability；It is user in time period t_iIt is in the general of context c' Rate；

It is user in time period t_iUnder conditions of being in context c, in time period t_i+1Context c " probability will be in；

It is user in time period t_i-1Under conditions of being in context c', in time period t_iNormalization in context c is general Rate；Calculated by following formula：

<mrow> <msubsup> <mover> <mi>P</mi> <mo>^</mo> </mover> <mrow> <msup> <mi>c</mi> <mo>&amp;prime;</mo> </msup> <mo>,</mo> <mi>c</mi> </mrow> <msub> <mi>t</mi> <mrow> <mi>i</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> </msubsup> <mo>=</mo> <mfrac> <msubsup> <mi>P</mi> <mrow> <msup> <mi>c</mi> <mo>&amp;prime;</mo> </msup> <mo>,</mo> <mi>c</mi> </mrow> <msub> <mi>t</mi> <mrow> <mi>i</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> </msubsup> <mrow> <munder> <mo>&amp;Sigma;</mo> <mrow> <msup> <mi>c</mi> <mrow> <mo>&amp;prime;</mo> <mo>&amp;prime;</mo> </mrow> </msup> <mo>&amp;Element;</mo> <msub> <mi>C</mi> <mrow> <mi>i</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> </mrow> </munder> <msubsup> <mi>P</mi> <mrow> <msup> <mi>c</mi> <mrow> <mo>&amp;prime;</mo> <mo>&amp;prime;</mo> </mrow> </msup> <mo>,</mo> <mi>c</mi> </mrow> <msub> <mi>t</mi> <mrow> <mi>i</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> </msubsup> </mrow> </mfrac> <mo>,</mo> </mrow>

In formula：

It is user in time period t_i-1Under conditions of being in context c', in time period t_iProbability in context c；

It is user in time period t_i-1Under conditions of being in context c ", in time period t_iProbability in context c；

C_i-1Represent time period t_i-1On the various set of context that are likely to occur.

2. a kind of sensitive data protection system that method according to power 1 is realized, the system includes statistical module, sets mould Block, computing module and submission module；Wherein：

The statistical module, is used for：Count the tense related information of perception data correspondence context；

The setup module, is used for：Context sensitivity set, the risk threshold value of context sensitivity leakage are set；

The computing module, is used for：The sensitivity set in the tense related information and setup module that are obtained based on statistical module Set of context, the risk threshold value of context sensitivity leakage, calculate the submission probability of current perception data；

The submission module, is used for：The submission probability obtained based on computing module, with reference to the submission threshold value generated at random, selection Perception data is submitted；

Wherein, probability is submitted to be calculated by following formula described in the computing module：

And following condition is set up：

1)If c is not context sensitivity,

<mrow> <msub> <mi>p</mi> <mrow> <mi>c</mi> <mo>,</mo> <mi>c</mi> </mrow> </msub> <mo>&amp;le;</mo> <munder> <mi>min</mi> <mrow> <msup> <mi>c</mi> <mo>&amp;prime;</mo> </msup> <mo>,</mo> <msup> <mi>c</mi> <mrow> <mo>&amp;prime;</mo> <mo>&amp;prime;</mo> </mrow> </msup> <mo>&amp;Element;</mo> <mi>S</mi> </mrow> </munder> <mrow> <mo>(</mo> <mfrac> <msubsup> <mi>P</mi> <msup> <mi>c</mi> <mo>&amp;prime;</mo> </msup> <msub> <mi>t</mi> <mrow> <mi>i</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> </msubsup> <msubsup> <mover> <mi>P</mi> <mo>^</mo> </mover> <mrow> <msup> <mi>c</mi> <mo>&amp;prime;</mo> </msup> <mo>,</mo> <mi>c</mi> </mrow> <msub> <mi>t</mi> <mrow> <mi>i</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> </msubsup> </mfrac> <mo>,</mo> <mfrac> <msubsup> <mi>P</mi> <msup> <mi>c</mi> <mrow> <mo>&amp;prime;</mo> <mo>&amp;prime;</mo> </mrow> </msup> <msub> <mi>t</mi> <mrow> <mi>i</mi> <mo>+</mo> <mn>1</mn> </mrow> </msub> </msubsup> <msubsup> <mover> <mi>P</mi> <mo>^</mo> </mover> <mrow> <mi>c</mi> <mo>,</mo> <msup> <mi>c</mi> <mrow> <mo>&amp;prime;</mo> <mo>&amp;prime;</mo> </mrow> </msup> </mrow> <msub> <mi>t</mi> <mi>i</mi> </msub> </msubsup> </mfrac> <mo>,</mo> <mn>1.0</mn> <mo>)</mo> </mrow> <mo>;</mo> </mrow>

2)If c is context sensitivity,

<mrow> <msub> <mi>p</mi> <mrow> <mi>c</mi> <mo>,</mo> <mi>c</mi> </mrow> </msub> <mo>&amp;le;</mo> <munder> <mi>min</mi> <mrow> <msup> <mi>c</mi> <mo>&amp;prime;</mo> </msup> <mo>,</mo> <msup> <mi>c</mi> <mrow> <mo>&amp;prime;</mo> <mo>&amp;prime;</mo> </mrow> </msup> <mo>&amp;Element;</mo> <mi>S</mi> </mrow> </munder> <mrow> <mo>(</mo> <mfrac> <msubsup> <mi>P</mi> <msup> <mi>c</mi> <mo>&amp;prime;</mo> </msup> <msub> <mi>t</mi> <mrow> <mi>i</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> </msubsup> <msubsup> <mover> <mi>P</mi> <mo>^</mo> </mover> <mrow> <msup> <mi>c</mi> <mo>&amp;prime;</mo> </msup> <mo>,</mo> <mi>c</mi> </mrow> <msub> <mi>t</mi> <mrow> <mi>i</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> </msubsup> </mfrac> <mo>,</mo> <mfrac> <msubsup> <mi>P</mi> <msup> <mi>c</mi> <mrow> <mo>&amp;prime;</mo> <mo>&amp;prime;</mo> </mrow> </msup> <msub> <mi>t</mi> <mrow> <mi>i</mi> <mo>+</mo> <mn>1</mn> </mrow> </msub> </msubsup> <msubsup> <mi>P</mi> <mrow> <mi>c</mi> <mo>,</mo> <msup> <mi>c</mi> <mrow> <mo>&amp;prime;</mo> <mo>&amp;prime;</mo> </mrow> </msup> </mrow> <msub> <mi>t</mi> <mi>i</mi> </msub> </msubsup> </mfrac> <mo>,</mo> <msubsup> <mi>P</mi> <mi>c</mi> <msub> <mi>t</mi> <mi>i</mi> </msub> </msubsup> <mo>+</mo> <mi>&amp;delta;</mi> <mo>)</mo> </mrow> <mo>;</mo> </mrow>

3)If c is context sensitivity,

<mrow> <msubsup> <mi>P</mi> <mi>c</mi> <msub> <mi>t</mi> <mi>i</mi> </msub> </msubsup> <mo>&amp;CenterDot;</mo> <mrow> <mo>(</mo> <mn>1.0</mn> <mo>-</mo> <msub> <mi>p</mi> <mrow> <mi>c</mi> <mo>,</mo> <mi>c</mi> </mrow> </msub> <mo>)</mo> </mrow> <mo>&amp;le;</mo> <munder> <mo>&amp;Sigma;</mo> <mrow> <msup> <mi>c</mi> <mo>&amp;prime;</mo> </msup> <mo>&amp;NotEqual;</mo> <mi>c</mi> </mrow> </munder> <msub> <mi>p</mi> <mrow> <msup> <mi>c</mi> <mo>&amp;prime;</mo> </msup> <mo>,</mo> <mi>c</mi> </mrow> </msub> <mo>&amp;CenterDot;</mo> <msubsup> <mi>P</mi> <msup> <mi>c</mi> <mo>&amp;prime;</mo> </msup> <msub> <mi>t</mi> <mi>i</mi> </msub> </msubsup> <mo>;</mo> </mrow>

In formula：

C_iIt is user in time period t_iThe set of context being likely to be at；

S is the context sensitivity set that user is set, i=2,3 ..., N-1；N is the sum of period；

p_c,cIt is the probability that the perception data corresponding to context c is submitted when user is in context c；

p_c',cIt is the probability that the perception data corresponding to context c is submitted when user is in context c', wherein, c' ≠ c；

δ is the risk threshold value for the context sensitivity leakage that user is set；

It is user in time period t_iIt is in context c probability；It is user in time period t_i-1It is in the general of context c' Rate,It is user in time period t_i+1It is in context c " probability；For user at time period t i in the general of context c' Rate；

It is user in time period t_iUnder conditions of being in context c, in time period t_i+1Context c " probability will be in；

It is user in time period t_i-1Under conditions of being in context c', in time period t_iNormalization in context c is general Rate；Calculated by following formula：

<mrow> <msubsup> <mover> <mi>P</mi> <mo>^</mo> </mover> <mrow> <msup> <mi>c</mi> <mo>&amp;prime;</mo> </msup> <mo>,</mo> <mi>c</mi> </mrow> <msub> <mi>t</mi> <mrow> <mi>i</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> </msubsup> <mo>=</mo> <mfrac> <msubsup> <mi>P</mi> <mrow> <msup> <mi>c</mi> <mo>&amp;prime;</mo> </msup> <mo>,</mo> <mi>c</mi> </mrow> <msub> <mi>t</mi> <mrow> <mi>i</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> </msubsup> <mrow> <munder> <mo>&amp;Sigma;</mo> <mrow> <msup> <mi>c</mi> <mrow> <mo>&amp;prime;</mo> <mo>&amp;prime;</mo> </mrow> </msup> <mo>&amp;Element;</mo> <msub> <mi>C</mi> <mrow> <mi>i</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> </mrow> </munder> <msubsup> <mi>P</mi> <mrow> <msup> <mi>c</mi> <mrow> <mo>&amp;prime;</mo> <mo>&amp;prime;</mo> </mrow> </msup> <mo>,</mo> <mi>c</mi> </mrow> <msub> <mi>t</mi> <mrow> <mi>i</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> </msubsup> </mrow> </mfrac> <mo>,</mo> </mrow>

In formula：

It is user in time period t_i-1Under conditions of being in context c', in time period t_iProbability in context c；

It is user in time period t_i-1Under conditions of being in context c ", in time period t_iProbability in context c；

C_i-1Represent time period t_i-1On the various set of context that are likely to occur.