CN106936765B - A kind of terminal side privacy of user guard method of web service application - Google Patents
A kind of terminal side privacy of user guard method of web service application Download PDFInfo
- Publication number
- CN106936765B CN106936765B CN201511008854.5A CN201511008854A CN106936765B CN 106936765 B CN106936765 B CN 106936765B CN 201511008854 A CN201511008854 A CN 201511008854A CN 106936765 B CN106936765 B CN 106936765B
- Authority
- CN
- China
- Prior art keywords
- privacy
- user
- web services
- private data
- preference
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000012986 modification Methods 0.000 claims description 8
- 230000004048 modification Effects 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 8
- 239000012141 concentrate Substances 0.000 claims description 2
- 230000007246 mechanism Effects 0.000 abstract description 4
- 230000006870 function Effects 0.000 description 7
- 230000035945 sensitivity Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000005611 electricity Effects 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
The present invention relates to a kind of terminal side privacy of user guard methods of web service application, comprising: web services are registered to privacy server, and the corresponding privacy policy demand collection of the web services and credit worthiness are stored in the privacy knowledge base of privacy server;User sends web services application request and privacy and preference constraint set to the privacy server;The privacy server judges whether the privacy and preference constraint set of user privacy policy demand collection corresponding with the web services that it sends application request matches;Judge whether user modifies itself privacy and preference constraint set;The web services provide service to the user;Method provided by the invention, the mechanism to be matched using privacy policy and privacy of user preference and fine-grained personalized access control policy, not only guarantee the normal execution of service, but also a possibility that privacy leakage is preferably minimized.
Description
Technical field
The present invention relates to network safety fileds, and in particular to a kind of terminal side privacy of user protection side of web service application
Method.
Background technique
With the development and construction of smart grid, the intelligent uses such as smart machine, intelligent meter, intelligent terminal are in intelligent electricity
It is used widely in net.Due to the access of a large amount of intelligent meters, intelligent appliance, network boundary further extends to user side,
The security risk of user side will be more and more prominent, and data security problem, especially users' privacy protection, which become, must be taken into consideration
The problem of.Communication in smart grid between all kinds of participants exposes many safety and privacy concern.Guaranteeing intelligence electricity
The personal secrets of user are protected to be particularly important while net can operate normally.
From the point of view of the mode of private data guard, the research of the terminal side privacy of user protection of support Web application is generally
Two classes: the secret protection of free access type and limited accass type secret protection can be divided into.The main needle of free access type secret protection
Can be by any entity free access to user data the case where, generally uses information since visitor need not authenticate and be authorized to
Hiding method, such as anonymous method.Langheinrich, which proposes design according to fair information practices, has privacy protection function
Internet application six guidelines considering when providing are provided, according to anonymous or assumed name principle therein,
Beresford etc. constructs MIX network, and infrastructure provides anonymous service, it is in a region MIX to service user
Information postponed and resequenced to achieve the purpose that obscure observer, but lack certain protection to user identity.
Jendricke devises a general Identity Management frame, and by the frame, user is according to different situations using different
Identity realizes user controllable secret protection, but user is had when selecting different virtual identities using burden.
Limited accass type secret protection refers to and protects privacy of user to the access of data by limitation visitor, legal
Visitor must authorized and certification, it is general to use the method based on access control.Duan proposes a kind of data judgement
Access authority is embedded into data to be protected by method, this method, by it is a kind of it is natural in a manner of define access strategy and mechanism.
Although this method is more effective, it is not a kind of for the complete of Internet application terminal side privacy of user data protection
Whole solution.
Summary of the invention
In view of the deficiencies of the prior art, the feature and development trend of present invention combination smart grid, analyzes smart grid
Present in safety and privacy concern, a kind of terminal side privacy of user guard method of web service application, research and establishment one are provided
A personalized user intimacy protection system for meeting different Web applications, is matched using privacy policy and privacy of user preference
Mechanism and fine-grained personalized access control policy, not only guarantee the normal execution of service, but also a possibility that privacy leakage is dropped
To minimum.
The purpose of the present invention is adopt the following technical solutions realization:
A kind of terminal side privacy of user guard method of web service application, it is improved in that including:
1, the terminal side privacy of user guard method of a kind of web service application, which is characterized in that the described method includes:
(1) web services are registered to privacy server, and by the corresponding privacy policy demand collection of the web services and prestige
Degree is stored in the privacy knowledge base of privacy server;
(2) user sends web services application request and privacy and preference constraint set to the privacy server;
(3) web that the privacy server judges that the privacy and preference constraint set of the user sends application request with it takes
Whether corresponding privacy policy demand collection of being engaged in matches, if it is not, (4) are thened follow the steps, if so, thening follow the steps (5);
(4) judge whether user modifies itself privacy and preference constraint set, if so, modification user itself privacy and preference constraint
Collect simultaneously return step (3), if it is not, then end operation;
(5) web services provide service to the user.
Preferably, in the step (1), the privacy policy demand collection is to allow web services supplier to the hidden of user
The demand collection that private data are operated, wherein the web services supplier, which operates the private data of user, at least to wrap
It includes: collecting private data, access private data, publication private data and modification private data.
Preferably, in the step (2), the privacy and preference constraint set includes: UPR set, formula are as follows:
UPR=(P, f) (1)
In formula (1), P is private data susceptibility set, and f is private data susceptibility-credit worthiness restricted function.
Further, the formula of the private data susceptibility set P are as follows:
In formula (2), dGroup is the set of private data items, siIt is corresponding quick for i-th of private data items in dGroup
Sensitivity, n are private data items sum in dGroup;
The private data susceptibility-credit worthiness restricted function f formula are as follows:
In formula (3), t is constraint credit worthiness of the user to the web services.
Preferably, the privacy and preference constraint set further include: the personal information and the individual is believed that user is capable of providing
The constraint of the processing mode of breath, wherein the processing mode includes at least: allowing to collect, access, issuing and modifies the individual
The personal information is collected, accesses, issues and modified to information and refusal.
Preferably, in the step (3), judge in the privacy and preference constraint set of the user to the place of the personal information
Whether the constraint of reason mode, which meets the privacy policy demand, is concentrated web services supplier to operate the private data of user
Demand collection and user be more than or equal to the credit worthinesses of the web services to the constraint credit worthinesses of the web services, if so,
With success, if it is not, then it fails to match.
Preferably, the method as described in claim 1, which is characterized in that at least one web services are to the privacy services
Device registration.
Preferably, after the step (6), the web services that the privacy server uses the user are remembered
Record.
Compared with the immediate prior art, the invention has the benefit that
The present invention provides a kind of terminal side privacy of user guard method of web service application, using privacy policy and user
The mechanism and fine-grained personalized access control policy that privacy and preference matches, meanwhile, individual character is carried out to privacy of user preference
Change setting, not only guaranteed the normal execution of more web services, but also a possibility that privacy leakage is preferably minimized, realizes really a
The demand of property secret protection.
Detailed description of the invention
Fig. 1 is a kind of terminal side privacy of user guard method flow chart of web service application provided by the invention.
Specific embodiment
Specific embodiments of the present invention will be described in further detail with reference to the accompanying drawing.
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
All other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
The present invention provides a kind of terminal side privacy of user guard methods of web service application, as shown in Figure 1, comprising:
(1) web services are registered to privacy server, and by the corresponding privacy policy demand collection of the web services and prestige
Degree is stored in the privacy knowledge base of privacy server;
Wherein, the credit worthiness of the web services is determined based on information security risk evaluation index guide;The privacy knowledge
Library is to carry out semantic modeling to the basic knowledge in privacy field, for describing between concept and concept in some territory
Relationship so that these concepts and relationship are in shared range with definition that everybody approves jointly, specific, unique.
(2) user sends web services application request and privacy and preference constraint set to the privacy server;
(3) web that the privacy server judges that the privacy and preference constraint set of the user sends application request with it takes
Whether corresponding privacy policy demand collection of being engaged in matches, if it is not, (4) are thened follow the steps, if so, thening follow the steps (5);
(4) judge whether user modifies itself privacy and preference constraint set, if so, modification user itself privacy and preference constraint
Collect simultaneously return step (3), if it is not, then end operation;
(5) web services provide service to the user.
Specifically, the privacy policy demand collection is to allow web services supplier to the hidden of user in the step (1)
The demand collection that private data are operated, wherein the web services supplier, which operates the private data of user, at least to wrap
It includes: collecting private data, access private data, publication private data and modification private data.
Wherein, privacy policy is use control (usage control, UCON) mould in conjunction with next-generation access control model
Type and privacy domain features, the strategy in privacy field mainly include purpose, condition, responsibility obligation, retention period, license, ruling
Etc. factors.
Such as: three different express company A, B and C, the privacy policy of three companies is respectively:
A: it needs user to provide name, phone, send and receive the personal information such as address, and retain after the completion of trading and use
Family information may use it for anything else.
B: it needs user to provide name, phone, send and receive the personal information such as address, and retain after the completion of trading and use
Family information, but do not use it for anything else.
C: it needs user to provide name, phone, send and receive the personal information such as address, and do not retain after the completion of trading
User information is directly deleted.
User can refer to the different privacy policy of three companies, then be matched according to the privacy and preference of oneself.
With popularizing for Web service, occurs a large amount of Web service application on network, for providing the multiple of identical function
Service, user often tend to the familiar and higher service of credit worthiness, because privacy information is once collected, user is just difficult to control
How Web service processed uses and exposes these data.Credit worthiness is one of numerous QoS attributes attribute, is that all users exist
Using the general introduction of the user's perception provided after some service, and this general introduction quantifies table generally by the feedback levels of user
It reaches.If the data that user thinks to be supplied to service include individual privacy information, these data are referred to as private data, and user is not to
Sensitivity with private data is different, and different users has different privacy and preferences to its data, and user not only needs
Will be to the corresponding privacy-sensitive degree of individual definition of data item, while the combination of data item may be needed to define stronger privacy
Susceptibility, if such as the name or cell-phone number of simple exposure user require the credit worthiness of service medium, but if simultaneously
Exposure name and cell-phone number give a certain service, then require service credit worthiness with higher, described hidden in the step (2)
Private Preference Constraint collection includes: UPR set, formula are as follows:
UPR=(P, f) (1)
In formula (1), P is private data susceptibility set, and f is private data susceptibility-credit worthiness restricted function.
Further, the formula of the private data susceptibility set P are as follows:
In formula (2), dGroup is the set of private data items, siIt is corresponding quick for i-th of private data items in dGroup
Sensitivity, n are private data items sum in dGroup;
Wherein, the corresponding susceptibility of private data items can manually be set, such as: define the corresponding sensitivity of private data items
Degree is { 1,2,3,4,5,6,7,8,9 } 9 grades, and number is bigger, and susceptibility is higher, and the susceptibility that name is arranged is 2, phone's
Susceptibility is 3, dGroup=(name, phone), then P=((name, phone), 5);
The private data susceptibility-credit worthiness restricted function f formula are as follows:
In formula (3), t is constraint credit worthiness of the user to the web services.
Wherein, the private data susceptibility-credit worthiness restricted function f is the susceptibility pair of privacy of user data item combination
The credit worthiness of the web services constrains, such as: f (5)=6, then it represents that if being combined using the private data items that susceptibility is 5,
The credit worthiness of web services needs to be more than or equal to 6.
The privacy and preference constraint set further include: the personal information that user is capable of providing and the processing to the personal information
The constraint of mode, wherein the processing mode includes at least: allowing to collect, access, issuing and modifies the personal information and refuses
Total crop failure collects, accesses, issues and modifies the personal information.
In the step (3), judge in the privacy and preference constraint set of the user to the processing mode of the personal information
Constraint whether meet the demand that the privacy policy demand concentrates web services supplier to operate the private data of user
Collection and user are more than or equal to the credit worthiness of the web services to the constraint credit worthiness of the web services, if so, successful match,
If it is not, then it fails to match.
The method as described in claim 1, which is characterized in that at least one web services are registered to the privacy server.
After the step (6), the web services that the privacy server uses the user are recorded.
Finally it should be noted that: the above embodiments are merely illustrative of the technical scheme of the present invention and are not intended to be limiting thereof, to the greatest extent
Invention is explained in detail referring to above-described embodiment for pipe, it should be understood by those ordinary skilled in the art that: still
It can be with modifications or equivalent substitutions are made to specific embodiments of the invention, and without departing from any of spirit and scope of the invention
Modification or equivalent replacement, should all cover within the scope of the claims of the present invention.
Claims (7)
1. a kind of terminal side privacy of user guard method of web service application, which is characterized in that the described method includes:
(1) web services are registered to privacy server, and the corresponding privacy policy demand collection of the web services and credit worthiness are deposited
It is stored in the privacy knowledge base of privacy server;
(2) user sends web services application request and privacy and preference constraint set to the privacy server;
(3) privacy server judges that the privacy and preference constraint set of the user sends the web services pair of application request with it
Whether the privacy policy demand collection answered matches, if it is not, (4) are thened follow the steps, if so, thening follow the steps (5);
(4) judge whether user modifies itself privacy and preference constraint set, if so, modification user itself privacy and preference constraint set is simultaneously
Return step (3), if it is not, then end operation;
(5) web services provide service to the user;
In the step (2), the privacy and preference constraint set includes: UPR set, formula are as follows:
UPR=(P, f) (1)
In formula (1), P is private data susceptibility set, and f is private data susceptibility-credit worthiness restricted function.
2. the method as described in claim 1, which is characterized in that in the step (1), the privacy policy demand collection is to allow
The demand collection that web services supplier operates the private data of user, wherein the web services supplier is to user's
Private data carries out operation and includes at least: collecting private data, access private data, publication private data and modification privacy number
According to.
3. the method as described in claim 1, which is characterized in that the formula of the private data susceptibility set P are as follows:
In formula (2), dGroup is the set of private data items, siFor the corresponding susceptibility of i-th of private data items, n in dGroup
For private data items sum in dGroup;
The private data susceptibility-credit worthiness restricted function f formula are as follows:
In formula (3), t is constraint credit worthiness of the user to the web services.
4. the method as described in claim 1, which is characterized in that the privacy and preference constraint set further include: user is capable of providing
Personal information and the processing mode to the personal information constraint, wherein the processing mode includes at least: allowing to receive
Collect, access, issue and modify the personal information and the personal information is collected, accesses, issues and modified to refusal.
5. the method as described in claim 1, which is characterized in that in the step (3), judge the privacy and preference of the user about
In constriction to the constraint of the processing mode of personal information whether meet the privacy policy demand concentrate web services supplier to
The demand collection and user that the private data at family is operated take the constraint credit worthiness of the web services more than or equal to the web
The credit worthiness of business, if so, successful match, if it is not, then it fails to match.
6. the method as described in claim 1, which is characterized in that the method as described in claim 1, which is characterized in that at least 1
A web services are registered to the privacy server.
7. the method as described in claim 1, which is characterized in that after the step (5), the privacy server is to described
The web services that user uses record.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511008854.5A CN106936765B (en) | 2015-12-29 | 2015-12-29 | A kind of terminal side privacy of user guard method of web service application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511008854.5A CN106936765B (en) | 2015-12-29 | 2015-12-29 | A kind of terminal side privacy of user guard method of web service application |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106936765A CN106936765A (en) | 2017-07-07 |
| CN106936765B true CN106936765B (en) | 2019-11-19 |
Family
ID=59458923
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201511008854.5A Active CN106936765B (en) | 2015-12-29 | 2015-12-29 | A kind of terminal side privacy of user guard method of web service application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106936765B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019236815A1 (en) * | 2018-06-07 | 2019-12-12 | Convida Wireless, Llc | Data anonymization for service subscriber's privacy |
| CN109670339B (en) * | 2018-12-28 | 2021-02-26 | 北京工业大学 | Ontology-based privacy protection-oriented access control method and device |
| CN110889133B (en) * | 2019-11-07 | 2022-03-15 | 中国科学院信息工程研究所 | Anti-network tracking privacy protection method and system based on identity behavior confusion |
| CN111898154B (en) * | 2020-06-16 | 2022-08-05 | 北京大学 | Negotiation type mobile application privacy data sharing protocol signing method |
| EP3975498A1 (en) * | 2020-09-28 | 2022-03-30 | Tata Consultancy Services Limited | Method and system for sequencing asset segments of privacy policy |
| CN114978594B (en) * | 2022-04-18 | 2024-02-09 | 南京工程学院 | Self-adaptive access control method for cloud computing privacy protection |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101155025A (en) * | 2006-09-27 | 2008-04-02 | 华为技术有限公司 | Intimacy protection system and method and global permission management server and client terminal |
| CN101465853A (en) * | 2008-12-19 | 2009-06-24 | 北京工业大学 | Method for protecting privacy based on access control |
| CN102025498A (en) * | 2009-09-19 | 2011-04-20 | 华为技术有限公司 | Method, device and system for protecting user privacy |
| CN102111407A (en) * | 2010-12-30 | 2011-06-29 | 北京工业大学 | Access control privacy protection method using user as center |
| CN103049704A (en) * | 2012-12-07 | 2013-04-17 | 哈尔滨工业大学深圳研究生院 | Self-adaptive privacy protection method and device for mobile terminal |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7401352B2 (en) * | 2002-08-30 | 2008-07-15 | International Business Machines Corporation | Secure system and method for enforcement of privacy policy and protection of confidentiality |
| US8966575B2 (en) * | 2012-12-14 | 2015-02-24 | Nymity Inc. | Methods, software, and devices for automatically scoring privacy protection measures |
-
2015
- 2015-12-29 CN CN201511008854.5A patent/CN106936765B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101155025A (en) * | 2006-09-27 | 2008-04-02 | 华为技术有限公司 | Intimacy protection system and method and global permission management server and client terminal |
| CN101465853A (en) * | 2008-12-19 | 2009-06-24 | 北京工业大学 | Method for protecting privacy based on access control |
| CN102025498A (en) * | 2009-09-19 | 2011-04-20 | 华为技术有限公司 | Method, device and system for protecting user privacy |
| CN102111407A (en) * | 2010-12-30 | 2011-06-29 | 北京工业大学 | Access control privacy protection method using user as center |
| CN103049704A (en) * | 2012-12-07 | 2013-04-17 | 哈尔滨工业大学深圳研究生院 | Self-adaptive privacy protection method and device for mobile terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106936765A (en) | 2017-07-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106936765B (en) | A kind of terminal side privacy of user guard method of web service application | |
| US11847197B2 (en) | System and method for identity management | |
| US11563728B2 (en) | System and method for identity management | |
| Dai et al. | Who moved my data? privacy protection in smartphones | |
| AU2014308610B2 (en) | System and method for identity management | |
| CN106203140B (en) | Data circulation method, device and terminal based on data structure | |
| CN106575327A (en) | Analyzing facial recognition data and social network data for user authentication | |
| CN103793656B (en) | The safety realized by metadata telegon | |
| JP7290359B2 (en) | Personal information management device, personal information management system, method for managing personal information, and computer-readable recording medium recording the same | |
| CN109691057A (en) | Sensitive content is convertibly fetched via private contents distribution network | |
| CN108604278A (en) | Self-described configuration with the support to shared data table | |
| Cellary et al. | Challenges of smart industries–privacy and payment in visible versus unseen internet | |
| CN107656959A (en) | A kind of message leaving method, device and message equipment | |
| Carbunar et al. | A survey of privacy vulnerabilities and defenses in geosocial networks | |
| JP2023126889A (en) | Terminal device, information processing system, and program | |
| Ishmaev et al. | Identity management systems: Singular identities and multiple moral issues | |
| Blažič | Designing a large cross-border secured eID service for e-government and e-business | |
| KR20200118568A (en) | Service system through talent sharing between domestic and foreign personnel | |
| Dimmock | Using trust and risk for access control in Global Computing | |
| CN109815393A (en) | Information processing method, device, computer equipment and readable storage medium storing program for executing | |
| Okui et al. | IoT data privacy | |
| Ma et al. | Quantizing personal privacy in ubiquitous computing | |
| Swanson | In good company: How social capital makes organizations work | |
| Seo et al. | A Study on the Factors Affecting the Establishment of Personal Information Management Systems (PIMS) | |
| KR101304450B1 (en) | Multipurpose card management system associating online/offline channels and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |