CN106954182A

CN106954182A - A kind of anonymous region generation method and location privacy protection method

Info

Publication number: CN106954182A
Application number: CN201710146404.5A
Authority: CN
Inventors: 杨秋伟; 谭奕; 孔潘
Original assignee: BBK Electronics Co Ltd
Current assignee: BBK Electronics Co Ltd
Priority date: 2017-03-13
Filing date: 2017-03-13
Publication date: 2017-07-14

Abstract

The invention discloses a kind of anonymous region generation method and location privacy protection method, anonymous region generation method is based on space K anonymous methods and carries out anonymous Area generation, location privacy protection method uses multiple module access protection mechanism, carry out caching standardization, when targeted customer sends LBS service request according to local from targeted customer, neighbor user in network, the priority level of LBS service device obtains POI data, and use foregoing anonymous region generation method to carry out anonymous Area generation when obtaining POI data to LBS service device, LBS service request is sent to LBS service device as the anonymous location of user based on anonymous region, and the POI data for returning to LBS service device is exported.The present invention combines cache methods with space K anonymous methods to protect the location privacy of user; the inquiry request that user sends can at utmost be reduced; the secret protection grade of user can be lifted again, so as to preferably solve the problem of server and channel burdens are overweight, information recycling rate of waterused is low.

Description

A kind of anonymous region generation method and location privacy protection method

Technical field

The present invention relates to location privacy protection technology, and in particular to a kind of anonymous region generation method and location privacy protection Method.

Background technology

In recent years, the development particularly mobile positioning technique and wireless communication technology of information technology are developed rapidly so that LBS (Location Based Service, based on location-based service) is widely used popularization, can be whenever and wherever possible by LBS user The inquiry information service related to position interested.However, because all location Based services are required for user to submit to the greatest extent The positional information of possible accuracy gives LBS service provider, could obtain and accurately easily service, this causes the positional information of user In the server of location based service provider, service provider may infer that the place that user once went or will go, What was done, there are the individual privacy informations such as what hobby.And service provider may malicious exploitation these data (such as Reveal to advertiser), cause greatly inconvenience to user's life or even threaten.

In fact, location privacy protection causes the concern of scholar very early, it is defined as preventing opponent from deducing use The ability of family current and past position.The algorithm of protection customer location privacy has pointed out a lot, space K anonymities (k- Anonymity) method is as this field most a kind of classical method, is from data-privacy earliest by Marco Gruteser et al. The method that protection field is introduced, its main thought is, by k different identity tag information of a certain position correspondence, to make malicious person not The positional information of acquisition can be matched with the true identity in k identity.But it is fast due to present-day data digging technology Speed development, opponent can deduce the true identity of user according to positional information completely using data mining technology.And using In the method for space Anonymizer (AS), AS is responsible for user's actual position being hidden in one piece of band of position to realize obfuscation, There are many defects in this use AS method.It will pass through with receiving information on services firstly, since all users send request AS, this can produce serious bottleneck problem；Secondly, system is easily attacked by single-point, if AS is broken through by opponent, all users' Information all will leakage；Finally, many algorithms assume that AS is believable, and it is the increase in nothing but another " service offer Business ", this hypothesis is inherently along with risk.Although some anonymity algorithms based on mobile terminal are suggested, generally existing The problem of asking frequent, calculating and larger traffic overhead, moreover, protection class and service quality in these traditional guard methods Between intrinsic contradictions be difficult obtain balance.Importantly, it was noted that the Move Mode of user is design mobile subscriber The key factor considered is needed during secret protection, and rarely has research to consider this factor.In addition, many algorithms before Just abandoned after user has utilized the information of acquisition, how to improve these still has the information recycling rate of waterused of value to be also worth Thinking.

Space anonymity is that the accurate location of user is converted into one to include the area of space including customer location, during inquiry This area of space is sent to LBS service device so that LBS service device can not know the particular location of user in this region. There is document to propose obfuscation as a kind of mechanism of location privacy protection that but it can only concentrate hiding unique user for the first time Positional information, lack retractility when a large number of users is concurrently inquired about.There is document that position k anonymity technologies are hidden applied to space Name, and introduce one and can handle the trusted third party AS that a large number of users is concurrently inquired about, is inquired about instead of user and will be accurately by AS Information is returned.But this method it is also proposed higher performance requirement to trusted third party AS, once and trusted third party AS Become it is insincere when, can be very big to the threat of position privacy leakage.There is document to propose a kind of distributed frame, it is solid by some The fixed communications infrastructure such as base station is communicated between realizing user, and user is voluntarily found k user by network and forms required Anonymous location region, without passing through AS, the problem of being brought this avoid AS.Hide the position for thering is document to propose P2P Communicated between name algorithm, user by the communications infrastructure broadcasted rather than fixed.User passes through single-hop or many during inquiry The mode of jump finds k user and carries out anonymous, the anonymous area of space of formation, and therefrom selects a user as agency, by generation Manage to LBS service device and send inquiry request, agency receives result is filtered after candidate result collection after return to user.This method The problem of location privacy protection is present is largely solved, but has the disadvantage to disappear to the network bandwidth during a large number of users inquiry Consumption is larger.

Because the focus of location privacy protection has been limited in processing and has been sent to asking for service provider by research before Ask in content, in order to improve security and service quality, in recent years, academia's reduction that begins one's study is sent to service provider Number of requests.Because the request for sending content supplier to is fewer, exposed user privacy information is fewer, and opponent successfully obtains The chance for taking family location privacy is lower；In addition, being said on stricti jurise, there is security risk in networking.Cache methods are therefore Arise at the historic moment, it gets up the effective content caching obtained to reuse, and improves security intensity and service quality.

Shahriyar et al. proposes the location privacy protection that cache systems are used for realizing user in the literature first, because All there is a phase for most location-based service POI (Point of Interest, the information name interested of user's request) When long effective time, the POI of some regions can be downloaded store completely by user in advance, when obtaining relevant information in the future It need to only be asked in local obtain without being sent to content supplier, so as to realize secret protection.But such a method requires to use Family is previously stored the inner huge data in a sheet of region (such as one city), thus cache contents are blindly, and wastes storage Space.

The MobiCrowd methods that Shokri et al. is proposed in the literature, are a kind of distributions completed by user collaboration Location privacy protection method.When its main thought is that user needs service, request is sent to periphery neighbor user first, from him Obtain required POI in the content that caches.But this method does not account for cache hit probability, real protection effect allows People queries；Secondly, for can not from it is local obtain related content in the case of, that is, need to send request to service provider Situation, document does not consider.And have in the method that document is pointed out, if user can not obtain content in local cache, it is System can select some dummy locations to realize anonymous request, and the method for the false position of this selection is easily by data mining and the back of the body Scape knowledge is attacked.

In summary, anonymous region generation method and location privacy protection how to be realized, have become one it is urgently to be resolved hurrily Key technical problem.

The content of the invention

The technical problem to be solved in the present invention：Above mentioned problem for prior art is hidden there is provided one kind based on locational space K Name method, can effectively protect user location privacy anonymous region generation method, and in the anonymous region generation method On the basis of, a kind of multiple module access protection mechanism based on user's Move Mode is realized, it is anonymous with reference to cache methods and space K Method protects the location privacy of user, can at utmost reduce the inquiry request that user sends, the hidden of user can be lifted again Private protection class, so as to preferably solve the position for the problem of server and channel burdens are overweight, information recycling rate of waterused is low Method for secret protection.

In order to solve the above-mentioned technical problem, the technical solution adopted by the present invention is：

First, the present invention provides a kind of anonymous region generation method, and implementation steps include：

1) map is divided into size identical cell in advance, gone over according to user's POI data counting user of caching The Probability p of request is sent in each unit lattice；

2) when user sends LBS service request to LBS service device, the current location a of user is obtained_r, according to user's Current location a_rThe cell formed after k-1 anonymity, and root are obtained using locational space K anonymous methods from peripheral unit lattice The out-of-date degree of data stored according to each cell chooses the out-of-date cell of data and is used as the anonymous zone for being sent to LBS service device Domain.

Preferably, step 2) detailed step include：

2.1) when user sends LBS service request to LBS service device, execution next step is redirected；

2.2) the current location a of user is obtained_r, by current location a_rPeripheral unit lattice according to Probability p size sort；

2.3) the z peripheral unit lattice specified are selected according to the principle of Probability p from big to small and obtain set C_c；

2.4) from set C_cMiddle all subset C ' composition candidate collections containing k-1 cell of selectionWherein k is less than z；

2.5) to candidate collectionIn the out-of-date degree of each subset C ' calculating data；

2.6) the out-of-date degree of output data and the optimal subset C ' of caching contribution rate k-1 cell are as being sent to LBS The anonymous region of server.

Preferably, step 2.4) middle composition candidate collectionFunction expression such as formula (1) shown in；

In formula (1),Represent candidate collection, subset of the C ' expressions containing k-1 cell, C_cRepresent according to Probability p from Small principle is arrived greatly selecting the z peripheral unit lattice specified and gathered, k is anonymity level and is the integer less than z.

Preferably, step 2.5) fall into a trap and count according to shown in the function expression such as formula (2) of out-of-date degree；

In formula (2), O represents the out-of-date degree of data, and n represents the cell quantity in anonymous region, t_iRepresent i-th of cell Corresponding user's POI data downloads the existence time of dependence, T from LBS service device_iRepresent the corresponding user of i-th of cell The life cycle of POI data.

Preferably, step 2.6) in the out-of-date degree of output data and the optimal subset C ' of caching contribution rate k-1 cell Function expression such as formula (3) shown in；

In formula (3), C_sRepresent that the out-of-date degree of data and caching contribution rate optimal subset C ', k are anonymity level and are less than z Integer, O represents the out-of-date degree of data, α_iRepresent contribution rate of i-th of cell to cache hit rate of selection, and α_iValue and User's past sends the Probability p of request in i-th of cell_iIt is equal.

Further, the present invention also provides a kind of location privacy protection method, and implementation steps include：

S1) access control middleware is set in the interruption equipment of each user in advance, passes through access control middleware meter Calculate the positional information of user and cache the POI data of LBS service request；Under being performed when targeted customer sends LBS service request One step；

S2 the POI data) cached in the local access control middleware of targeted customer obtains POI data, if obtained Success, then export the POI data of acquisition and exit；Otherwise execution step S3 is redirected)；

S3) neighbor user into network sends LBS cooperations and mutually takes request, in the middle of the local access control of neighbor user Shared POI data is obtained in part, POI data is obtained in the POI data shared from all neighbor users, if obtained successfully, Then export the POI data of acquisition and exit；Otherwise execution step S4 is redirected)；

S4) targeted customer is generated for being sent to LBS service device according to the foregoing anonymous region generation method of the present invention Anonymous region, and LBS service request is sent to LBS service device as the anonymous location of user based on the anonymous region, and will The POI data output that LBS service device is returned.

Preferably, step S1) in by access control middleware calculate user positional information when also include determine user Personal audience venue, the access control middleware cache POI data when, if LBS service request physical location for individual Place, then specify the POI data in radius to be cached on the physical location periphery, and to the non-sensitive information of storage It is set to default sharing；If the physical location of LBS service request is non-personal audience venue, the physical location periphery is not cached and is referred to Determine the POI data in radius.

Preferably, the personal audience venue for determining user is specifically referred to：What counting user appeared in a certain position goes out occurrence Number n, if occurrence number n of the user in a certain position is more than default threshold value c, judges personal field of the position as user Institute.

Preferably, step S2) detailed step include：

S2.1) searched in the POI data cached in the local access control middleware of targeted customer and LBS service request The POI data of matching, obtains set P₁, wherein P₁={ a_p1,a_p2, a_p1,a_p2It is the POI data of matching；

S2.2) will set P₁Common factor is taken with the ideal zone request complete or collected works Q of targeted customer | P₁∩ Q |, wherein Q={ a_q1, a_q2, a_q1,a_q2It is the ideal zone request complete or collected works Q of targeted customer POI data；

S2.3) according to formula (4) first order calculation information threshold λ₁If calculating obtained primary information threshold λ₁More than or equal to pre- If one-level expect threshold gamma₁, then will occur simultaneously | P₁∩ Q | export and exit, otherwise redirect execution step S3)；

In formula (4), λ represents primary information threshold, | P₁∩ Q | represent set P₁With the ideal zone request complete or collected works Q of targeted customer Take common factor, P₁Represent in the POI data cached in the local access control middleware of targeted customer and LBS service asks matching POI data, Q represents the ideal zone request complete or collected works of targeted customer.

Preferably, step S3) detailed step include：

S3.1) targeted customer and its neighbor user are in together in self-organizing peer-to-peer multi-hop mobile communications network, and target is used Family sends a form into self-organizing peer-to-peer multi-hop mobile communications network for (poi, LBS cooperations h) mutually take request, poi For information name, the hop count that h is propagated in a network for request often can subtract 1, hop count h is kept to by the hop count h in user's request Request is no longer propagated when 0；

S3.2 the neighbor user for) receiving request mutually takes LBS cooperations in information name poi and the machine access control in request Between the content that stores in part matched, if there is related POI data, be returned to targeted customer；

S3.3) if targeted customer receives the POI data of return, all neighbor users of targeted customer are returned The POI of matching is asked in the POI data cached in POI data and the local access control middleware of targeted customer with LBS service Data generate set P, wherein P={ a_p1,a_p2, a_p1,a_p2It is the POI data in set P；

S3.4 the ideal zone request complete or collected works Q of set P and targeted customer) are taken into common factor | P ∩ Q |, wherein Q={ a_q1, a_q2, a_q1,a_q2It is the ideal zone request complete or collected works Q of targeted customer POI data；

S2.3 second-level message threshold λ) is calculated according to formula (5)₂If calculating obtained second-level message threshold λ₂More than or equal to pre- If two grades expectation threshold gammas₂, then will occur simultaneously | P ∩ Q | export and exit, otherwise redirect execution step S4)；

In formula (5), λ₂Second-level message threshold is represented, | P ∩ Q | represent the ideal zone request complete or collected works Q of set P and targeted customer Common factor is taken, P is represented in the middle of the POI data of all neighbor users return of targeted customer and the local access control of targeted customer The set of the POI data generation of matching is asked in the POI data cached in part with LBS service, Q represents the ideal area of targeted customer Domain request complete or collected works.

The anonymous region generation method tool of the present invention has the advantage that：The anonymous region generation method of the present invention is in advance by ground Figure is divided into size identical cell, and request was sent in each unit lattice according to user's POI data counting user past of caching Probability p；When user sends LBS service request to LBS service device, the current location a of user is obtained_r, according to working as user Front position a_rUsing the cell formed after k-1 anonymity of locational space K anonymous methods acquisition from peripheral unit lattice, and according to The out-of-date degree of data of each cell storage chooses the out-of-date cell of data as the anonymous region for being sent to LBS service device, The location privacy of user can be effectively protected based on locational space K anonymous methods.

The location privacy protection method tool of the present invention has the advantage that：

1st, location privacy protection method of the invention makes request mainly ask for letter in the machine by multiple module access protection mechanism Breath, neighbours take second place, and preferably make use of prestored information, and the number of request that server is sent to by reducing reduces communication overhead, Make to can reach 90% from the local probability for obtaining information, this not only saves communication flows expense, and reduces privacy leakage Risk, improve secret protection intensity；

2nd, location privacy protection method of the invention carries out caching standardization to user terminal, optimizes information Store empty Between, buffer efficiency is improved, and realizes neighbor user Information Cooperation mutually take.

3rd, location privacy protection method of the invention consider Move Mode, region request probability and user collaboration etc. because Influence of the element to cache hit rate, improves the possibility that user obtains information from the machine and neighbours, and cache hit rate reaches 90% or so.

4th, the anonymous region generation method that location privacy protection method of the invention is proposed has taken into full account background knowledge, neighbour The factor such as user collaboration and data age is occupied, prevents the location privacy of user by opponent while cache hit rate is improved Deduce and.

5th, test result indicate that the location privacy protection method of the present invention has a preferable secret protection effect, and communication and Storage overhead is smaller, and higher cache hit rate is presented in the contrast with other methods.

Brief description of the drawings

Fig. 1 is the basic procedure schematic diagram of the anonymous region generation method of the embodiment of the present invention.

Fig. 2 is the anonymous region generation method step 2 of the embodiment of the present invention) detailed process schematic diagram.

The anonymous area schematic generated when Fig. 3 is only consideration caching contribution rate.

Fig. 4 is the anonymous area schematic that the embodiment of the present invention considers to generate after caching contribution rate and the out-of-date degree of data.

Fig. 5 is the basic procedure schematic diagram of embodiment of the present invention location privacy protection method.

Fig. 6 is embodiment of the present invention location privacy protection method multiple module access location privacy protection level schematic diagram.

Fig. 7 is embodiment of the present invention location privacy protection method location privacy protection method system structure diagram.

Fig. 8 is k=4, h=4, and terminal sends the quantity time-varying figure of request to different entities during γ=0.8.

Fig. 9 is k=4, h=4, and the quantitative comparison that algorithms of different sends request to LBS service device during γ=0.8 schemes.

Figure 10 is k=4, and cache hit rate during γ=0.8, t=7 is with k value changes situation comparison diagrams.

Figure 11 is k=4, and cache hit rate during γ=0.8, k=4 is with t value changes situation comparison diagrams.

Embodiment

First, the technical scheme example of the anonymous region generation method of the present embodiment and location privacy protection method.

As shown in figure 1, the implementation steps of the anonymous region generation method of the present embodiment include：

In the present embodiment, step 1) described in cell be square shaped cells lattice.

As shown in Fig. 2 step 2) detailed step include：

In the present embodiment, step 2.4) middle composition candidate collectionFunction expression such as formula (1) shown in；

In the present embodiment, step 2.5) fall into a trap and count according to shown in the function expression such as formula (2) of out-of-date degree；

In the present embodiment, step 2.6) in k-1 of the out-of-date degree of output data and the optimal subset C ' of caching contribution rate singly Shown in the function expression of first lattice such as formula (3)；

In formula (3), C_sRepresent that the out-of-date degree of data and caching contribution rate optimal subset C ', k are anonymity level and are anonymous Grade and be integer less than z, O represents the out-of-date degree of data, α_iRepresent contribution of i-th of the cell chosen to cache hit rate Rate, and α_iValue and user's past the Probability p of request is sent in i-th of cell_iIt is equal.Referring to formula (3), the present embodiment is hidden Name Area generation method input parameter includes：Each cell past history sends the Probability p of request, system specified parameter z, Output is then C_s.In the present embodiment, the scope of activities of user is defaulted as personal audience venue periphery 1km, and z this scopes are have chosen first The region of interior request maximum probability, z is set by default or user according to computing cost and safe class, is defaulted as 20.By This z cell can obtain all candidate collection set containing k-1 cellIf obvious anonymity level k is more than candidate collection C_c In element number z will appear from mistake, otherwise, in candidate selection will be concentrated to meet the optimal set C of condition_s。

In order to solve the problem of location privacy is exposed to incredible content supplier, the anonymous Area generation of the present embodiment The cell formed after k-1 anonymity is obtained in method using locational space K anonymous methods, when user is needed to LBS service device When sending request (can estimate such case can increase and rapid drawdown over time), space K anonymous methods guarantor will be realized in terminal Shield.Influence in view of side information to cache hit probability and personal secrets, the space K anonymous methods of this method The side information ignored by many methods influence will be considered, side information refer to that opponent can obtain simultaneously For deducing the background context knowledge of user's actual position, a certain request regional lattice from map are refered in particular in the method The probability sent.As shown in figure 3, map is divided into many zonules, the list of different shades by size identical square shaped cells lattice First lattice represent that the probability for sending request is different.And this probability shows that more greatly user is more possible to inquiry information herein, in order to carry Information recycling rate of waterused during high user collaboration, i.e. cache hit probability, this method realize space in the other k-1 cell of selection When anonymous, it will be selected from several cells maximum side information around user.It is additionally, since the unit of selection Lattice request probability is larger, can prevent that opponent from carrying out background knowledge attack according to side information and reducing user's actual position Location.In short, this method realizes locational space K anonymous methods by the larger public place of user density is chosen first.Such as Dotted line frame represents the region formed after user A is anonymous in Fig. 3.In order to ensure the freshness of data, the anonymous region of the present embodiment Generation method also will account for the ageing of data, and the out-of-date degree of data and caching contribution rate have been considered in the present embodiment.Such as Fig. 4 Shown, the shade of each cell is different, and shade, which is more deeply felt, shows that this data age is higher, and blank table registration, should according to having failed Method is uploaded to data no longer fresh cell is chosen as far as possible in LBS service device, and is obtained in latest update data, Fig. 4 Dotted line frame represents to consider the anonymous region of user A formation after data age.The anonymous region generation method of the present embodiment it is total Body thinking is that the concept for making full use of personal audience venue makes user obtain information in the machine as far as possible, secondly, makes full use of public place Concept user is then obtained information from local neighbor user as far as possible, and it is final if desired to server request information when, adopt Privacy of user is protected with space K anonymous methods, shadow of the system to safety and cache hit probability is taken into full account in specific implementation Ring.

The present embodiment step 2.6) in the out-of-date degree of output data and the optimal subset C ' of caching contribution rate k-1 cell It is used as the anonymous region for being sent to LBS service device.

Cache contribution rate：That is side information values, because each region crowd activity's frequent degree on map Difference (i.e. public place the crowd is dense degree different), request nature that the place more than crowd the is sent place fewer than crowd is sent Request it is many, this is also the reason for side information values are different.This method is chosen when realizing space K anonymous methods The larger other k-1 regions of side information values (the more dense public place of crowd) because this region please Ask probability bigger, the possibility that following local user inquires about this region POI again is also bigger, and cache hit probability is higher.In quilt On the map for being divided into m × m cell, the history time that service provider can send request in the past by each cell is figured Go out the probability that all cells send request, each entity can easily obtain the probability distribution.This probability is represented with p, that is, is had Formula (3-1)：

In formula (3-1), p represents the probability of i-th of cell, m²For the total quantity of cell.

Represent that to the contribution rate of cache hit rate, then there is α in the region chosen with α_i=p_i, it is clear that do not considering data age Property when, choose k-1 user area should be satisfactionIt is worth maximum regional ensemble, is formula (3- by this selection set expression 2)：

Each symbolic parameter is identical with formula (3) in formula (3-2).

The out-of-date degree (data age) of data：Because there is certain life cycle, such as weather condition in itself in data, When finding anonymous cell, this method will take this opportunity to be updated according to the ageing content to having stored of data simultaneously.For example, The life cycle of certain Weather information is 1 day, although weather condition is not in notable difference in one day, but small difference (ratio Such as temperature, wind-force) it is present, distortion occurs in data, and in life cycle, data existence time is more long, and distortion can Can be more obvious.It is therefore necessary to be updated to out-of-date information, especially for the higher region of those request probability.

The life cycle of certain POI is represented with T, the time that the POI has existed since being downloaded from LBS service device is represented with t, The out-of-date degree of data is represented with O, O is defined as formula (3-3), data carry mechanism is represented with f, f is defined as formula (3-4)；

In formula (3-3), O represents the out-of-date degree of data, and T represents the life cycle of certain POI, represents the POI from LBS with t The time that server has existed since downloading.

In formula (3-4), f represents data carry mechanism, and T represents the life cycle of certain POI, represents the POI from LBS with t The time that server has existed since downloading.Because the anonymous region generation method of the present embodiment is by hideing that k cell is generated Name region, it is considered to which the data age of all cells in full wafer anonymity region, average out-of-date degree O is expressed as formula (2), wherein n For cell quantity in anonymous region.In summary two factors (the out-of-date degree of data and caching contribution rate), step in the present embodiment 2.6) the function expression such as formula (3) of the out-of-date degree of output data and the optimal subset C ' of caching contribution rate k-1 cell in It is shown, i.e. formula (3-5)；

The explanation in Chinese of a symbolic parameter refers to formula (2) and formula (3) in formula (3-5).

As shown in figure 5, the implementation steps of the location privacy protection method of the present embodiment include：

S1) access control middleware cacheware is set in the interruption equipment of each user in advance, passes through access control Middleware cacheware calculates the positional information of user and caches the POI data of LBS service request；When targeted customer sends LBS Next step is performed during service request；

S2 the POI data) cached in the local access control middleware cacheware of targeted customer obtains POI data, If obtained successfully, export the POI data of acquisition and exit；Otherwise execution step S3 is redirected)；

S3) neighbor user into network sends LBS cooperations and mutually takes request, in the middle of the local access control of neighbor user Shared POI data is obtained in part cacheware, POI data is obtained in the POI data shared from all neighbor users, if Obtain successfully, then export the POI data of acquisition and exit；Otherwise execution step S4 is redirected)；

S4) targeted customer is generated for being sent to LBS service device according to the foregoing anonymous region generation method of the present embodiment Anonymous region, and LBS service request is sent to LBS service device as the anonymous location of user based on anonymous region, and by LBS The POI data output that server is returned.

Referring to step S1)~S4) and Fig. 6, the location privacy protection method of the present embodiment devises multiple module access protection Mechanism, independent of third-party distributed access location privacy protection, it is in main frame, neighbours' cooperation, three layers of server protection The access protection rank in face, realizes the multi-stage protection of customer location privacy.Locally stored inquiry is multiple module access protection mechanism The first order；Neighbours' cooperation is mutually taken as the second level of multiple module access protection mechanism；To the request of LBS service device machine is protected for multiple module access The third level of system；The protection level of the first order is highest, and second and third level is reduced step by step.Locally stored inquiry：Needing service When, user is first in local terminal memory block query-related information, if meeting the expectation threshold value of user's setting, completes inquiry；It is adjacent Cooperation is occupied mutually to take：If locally stored query-related information is unsatisfactory for the expectation threshold value of user's setting, then to its in local group Relevant information needed for his neighbor user request, if meeting the expectation threshold value of user's setting, completes inquiry；To LBS service device Request：If neighbours' cooperation mutually takes the expectation threshold value for being still unsatisfactory for user's setting, by anonymous region generation method to LBS service Device sends request.Multiple module access protection mechanism of the location privacy protection method of the present embodiment based on user's Move Mode, with reference to Cache methods and space K anonymous methods protect the location privacy of user, and at utmost reducing inquiry that user sends please Ask, the secret protection grade of user can be lifted again, and so as to preferably solve, server and channel burdens be overweight, information repeats profit With rate it is low the problem of.

The location privacy protection method of the present embodiment has carried out caching standardization, according to the inherent characteristic of user's Move Mode Access control middleware is devised in terminal system (hereinafter referred to as：Cacheware) carry out the content of control terminal storage, make end The content of end caching tends to standardization, reaches optimization information storage space, lifts the effect of buffer efficiency, and neighbor user is logical Cross it and realize that the cooperation of information mutually takes；And the location privacy protection method of the present embodiment is also based on the foregoing anonymity of the present embodiment Area generation method is (referred to as：CRGA methods) considered on the basis of space K anonymous methods (space k-anonymity methods) The influence for the ageing factor of background knowledge and data that opponent can obtain, this method is on the basis of optimization position anonymity scheme Cache hit rate is improved, and strengthens secret protection intensity；The location privacy protection method of the present embodiment is by the Move Mode of user It is dissolved into cache methods, the location privacy protection of user is realized with reference to anonymous region generation method, is improving cache hit On the basis of rate, strengthen secret protection intensity to greatest extent and ensure service quality.

The mobile behavior pattern of user, the behavioural habits of mobile subscriber have some inherent characteristics, have scholar to study The mobile behavior pattern for crossing user is that design LBS (Location Based Service, based on location-based service) location privacy is protected The key factor considered is needed during shield.But existing most guard methods all have ignored this factor, the present embodiment will Take into full account this factor.First, from the point of view of the individual angle of mobile subscriber, no matter how different interpersonal life is, Vast majority of people for a long time (user will not move about or change jobs), always habitually limited Fixed place activity, such as residence, company, the place activity such as bus station or market.In brief, our majority are more It is simply movable in fixed some places in the number time.In terms of personal angle, these places are referred to as personal audience venue by we.Its It is secondary, from the point of view of global angle, with the presence of the activity of many place a large number of users, such as apartment, company, the place such as bus station, we Referred to as public place.For personal audience venue and public place, we have concluded that the association between them, i.e., when personal audience venue is same Become during a lot of other users of Shi Yongyou for public place, in other words, public place is the publicly-owned personal field of many users Institute.

In the location privacy protection method of the present embodiment, personal audience venue is theoretical will to obtain higher caching life for local cache Middle rate provides theory support, and the theoretical higher cache contribution rates of acquisition that will be cooperated for completion between user in public place be carried Theory support is supplied.Contemplate a scene：Employee Alice and her colleague will have lunch during company's lunch break, and they understand thing The restaurant information on periphery is first inquired about, such as restaurant menu, whether has vacant seat etc..In traditional LBS service, Alice is with his Colleague needs to send the request for including oneself positional information to service provider, and then service provider respectively passes restaurant information Back to them.The problem of this mode has two obviously.First, the location privacy of oneself is exposed to not by Alice (more seriously her request may not yet reach the server of content supplier and just be hacked certainly for believable content supplier Visitor intercepts and captures)；Secondly, a large amount of employees inquire about restaurant information in this period, and being connected to the server of request needs to be repeated several times Identical information is sent to different user, which increase server computing cost and network transmission expense.In order to solve first Problem, using the anonymous region generation method that the present embodiment is foregoing.In order to solve Second Problem, the location privacy of the present embodiment Guard method uses currently a popular cache methods, and it can settlement server and channel burdens are overweight, information is repeated well The problem of utilization rate is low, because the restaurant information after Alice is utilized is available for local other users to reuse completely.And pass through Cache methods at utmost reduce the inquiry request that user sends, and the secret protection grade of user can be lifted again so as to more preferably Ground solves first problem.

After the mobile behavior pattern of user, in the location privacy protection method of the present embodiment, terminal user will The only POI (Point of Interest, the information name interested of user's request) on storage user oneself personal audience venue periphery. , intuitively can be very high from the local hit rate for obtaining information because user's most time is movable within this range.Cache is deposited simultaneously Content is stored up by after limitation standardization, it is to avoid terminal storage excessive redundancy, cache content is reduced, and saves storage Space.Because personal audience venue is likely to be also public place, occur simultaneously if the personal audience venue of any at least two user is present, this It is their public place, they easily can mutually win the confidence breath in this place, will be also utilized in the present embodiment and be based on ad The neighbor user group that hoc networks (self-organizing peer-to-peer multi-hop mobile communications network) are connected cooperates acquisition letter User in breath, group prevents their privacy leakage by mutual sharing information.The location privacy protection side of the present embodiment The entirety of method is contemplated：When needing service, user is first in local terminal memory block query-related information, if relevant information is discontented The threshold value (information content is not enough) of sufficient user's setting, then to the relevant information needed for other neighbor users request in local group, If being still unsatisfactory for, request is sent to LBS service device by anonymous region generation method.This multistage to customer location privacy Access protection is reached and make to greatest extent this as shown in fig. 6, the wherein protection class highest of the first order, second and third level is reduced step by step Ground caching meets user's request, and few sent to LBS service provider is asked as far as possible.

In the present embodiment, step S1) in when calculating the positional information of user by access control middleware cacheware also Personal audience venue including determining user, the access control middleware cacheware is when caching POI data, if LBS service The physical location of request is personal audience venue, then specifies the POI data in radius to be cached on the physical location periphery, and And default sharing is set to the non-sensitive information of storage；If the physical location of LBS service request is non-personal audience venue, no Cache the POI data in the specified radius in the physical location periphery.

Strictly, there is security risk when connecting external network transmission request, this requires to realize correlation in terminal Function.In addition, the content that existing cache methods are stored to user before this does not do specification, such as, certain user is gone outer by group of company Ground is gone on business, all without using again after the POI that he inquires about in nonlocal activity is possible, if these POIs are stored in into local milli Without use and waste memory space.After these factors, in the present embodiment according to personal audience venue in user's Move Mode and The concept of public place and association, deploy access control middleware cacheware in terminal system.As shown in fig. 7, access Control middleware cacheware has memory block and calculates area, and memory block is used for storing user periphery P OI interested；Calculate area Go out the personal audience venue of user by the user terminal GPS a large amount of positional information calculations obtained, when calculating personal audience venue, calculate area Meeting periodic detection positional information, if user frequently appears in a certain position, i.e. occurrence number n more than some threshold value c, the position It is arranged to personal audience venue.In the present embodiment, determine that the personal audience venue of user is specifically referred to：Counting user appears in a certain position Occurrence number n, if user a certain position occurrence number n be more than default threshold value c, judge the position as user's Personal audience venue.

In the present embodiment, access control middleware cacheware is by sending the personal audience venue periphery P OI obtained after request (default radii is in the range of 1km) is stored, in case oneself future usage, and the non-sensitive information of storage is set to write from memory Recognize shared, facilitate the cooperation of neighbor user in system to access；The non-personal audience venue periphery P OI of acquisition is then deleted after being finished. The purpose that the present embodiment sets access control middleware cacheware is obvious：(1) when, user wants to obtain information, It is to search information in access control middleware cacheware memory blocks first, without to anonymous server or directly inwardly Hold service provider and send request exposure privacy.(2), calculated by calculating area behind the personal audience venue of user, access control middleware That stored in cacheware memory blocks is only the POI of individual subscriber proximal site, it is to avoid blindness cache information, saves and deposits Storage space does not influence but cache to hit effect.(3) the cooperation access information between user, is helped through, user can not be from the machine , will be to periphery neighbor user access control middleware when access control middleware cacheware memory blocks obtain enough information Cacheware asks for relevant information in memory block, if these information meet the demand of user, successfully completes cooperation, to greatest extent Ensure privacy of user.

In the present embodiment, step S2) detailed step include：

S2.1) in the POI data cached in the local access control middleware cacheware of targeted customer search and The POI data of LBS service request matching, obtains set P₁, wherein P₁={ a_p1,a_p2, a_p1,a_p2It is the POI data of matching；

In formula (4), λ represents primary information threshold, | P₁∩ Q | represent set P₁With the ideal zone request complete or collected works Q of targeted customer Take common factor, P₁Represent in the POI data that is cached in the local access control middleware cacheware of targeted customer and LBS service The POI data of matching is asked, Q represents the ideal zone request complete or collected works of targeted customer.

In the present embodiment, step S3) detailed step include：

S3.2 the neighbor user for) receiving request mutually takes LBS cooperations in information name poi and the machine access control in request Between the content that stores in part cacheware matched, if there is related POI data, be returned to targeted customer；

S3.3) if targeted customer receives the POI data of return, all neighbor users of targeted customer are returned In the POI data cached in POI data and the local access control middleware cacheware of targeted customer and LBS service request POI data generation the set P, wherein P={ a of matching_p1,a_p2, a_p1,a_p2It is the POI data in set P；

In formula (5), λ₂Second-level message threshold is represented, | P ∩ Q | represent the ideal zone request complete or collected works Q of set P and targeted customer Common factor is taken, P is represented in the middle of the POI data of all neighbor users return of targeted customer and the local access control of targeted customer The set of the POI data generation of matching is asked in the POI data cached in part cacheware with LBS service, Q represents that target is used The ideal zone request complete or collected works at family.

As shown in fig. 7, in the application system of the location privacy protection method of the present embodiment, two realities are mainly considered for the time being Body object, i.e. mobile subscriber and content supplier.Mobile subscriber is exactly handheld intelligent terminal device (such as smart mobile phone, flat board) Crowd；Content supplier can be the network company of any offer LBS service, and their LBS service device provides for mobile subscriber POI.Cooperated each other by ad hoc networks between user and complete the exchange and storage of information, as necessary by fortune The cellular network (such as 4G) of battalion business sends request to LBS service device.Each terminal access control middleware cacheware storages POI marked the ageing of content.Fig. 7 shows the System Operation flow of the location privacy protection method of the present embodiment, when When Alice (User A) will obtain related POI, system detects the relevant information of this terminal cacheware memory blocks first, Inquiry is completed if information meets the threshold value of A settings；Otherwise need to send request to periphery neighbor user (such as User B, C) and obtain Related POI is taken, if being still unsatisfactory for A threshold condition (can not locally obtain enough information), system will be sent out to LBS service device Go out request.Obtain after information, system will decide whether storage information according to storage condition (near personal audience venue).

Assuming that map is divided into m × m size identical square shaped cells lattice, the collection of these cells is combined into Φ={ a₁, a²,...,a_m2, POI content transmissions form is (a between collaboration user_n, poi, data), wherein n=1,2, m²Represent content place Map cell, poi represents the information name interested of user's request, and data represents detailed and marked ageing POI The information content.Assuming that in scene before, the restaurant menu information that Alice will be inquired about in 1 kilometer range fails in the machine again On find the information for being related to restaurant.It is (poi, request h), poi that she, which needs to send a form into ad hoc networks, The hop count that information name is propagated in a network such as restaurant, h for request, often by a user, the hop count h in request can subtract 1, request is no longer propagated when being kept to 0.The user of request is received by the information i.e. restaurant of name and the machine access control middleware Storage content in cacheware is matched, if there is relevant information, is returned to Alice.Return to Alice's Information generation set P, the P={ a in all restaurants_p1,a_p2, and Alice ideal zone request complete or collected works are Q={ a_q1,a_q2, For example in 1 kilometer all restaurants of map combining information, take common factor | P ∩ Q | as return to Alice effective content.

In order to preferably utilize local cache contents, and facilitate user between service quality and secret protection grade Choice adjustment (often with the difference of when and where, it is also different that user focuses on privacy degree) is carried out, the inventive method is fixed Justice information threshold (referring to formula (4) and formula (5)), represents user to the local tolerance for obtaining information, peak is for 1 (if the machine Be stored with relevant information, in the information threshold of the first order is calculated, P₁It is the set of the machine relevant information, the calculating in the second level In, P is the union of the machine and collaborative user's relevant information).Alice will set one after balance service quality and privacy classes Expect threshold γ (or being set by system default).If λ >=γ, represent that local information can meet demand；If λ<γ, Alice are by profit Request is sent with the foregoing anonymous region generation method (CRGA methods) of the present embodiment.

2nd, the risk of attacks of resisting of the present embodiment method is assessed.

On the basis of the above-mentioned record technical scheme of the present embodiment method, hereafter by the location privacy for the present embodiment The risk of guard method resistance attack is estimated.For location privacy protection, the purpose of opponent is specific in order to obtain The location privacy information of user, is substantially divided into two classes by the risk that network safety system faces, and a class is Outer risks, and a class is Internal risks.Outer risks be primarily referred to as attacker from its exterior by invade between collaboration user or user and server it Between channel intercept and capture privacy information, in order to prevent opponent carry out Network Intrusion (eavesdropping attack), can this Encryption technology is further introduced into the location privacy protection method of embodiment, such as PKIX (PKI) is protected, this It is also the main method protected at present channel safety.Internal risks refer to internal system entity using itself it is some privilege from Thing privacy information is stolen, such as the LBS service provider of malice or neighbours' collaboration user of malice, and these internal risks will More harmfulness.For the location privacy protection method of the present embodiment, mainly two kinds are internaled attack with risk and assess and is divided Analysis：

I) resistance collusion attack (colluding attack), for the collusion attack from user, it is assumed that in this method There is the collaboration user of several malice in application system, they wish to obtain more sensitive informations from inside.And should in this method With in system, need to seek to the transmission of periphery collaboration user when specific user Alice can not obtain enough information in the machine When taking related POI, its request form is (poi, h), if malicious user receives request, due to being set to hop count h Put, the solicited message that Alice is sent may transmit many hundreds rice in wireless Ad Hoc peer-to-peer multi-hop mobile communications network, Connection between these malicious users and Alice does not have not special relevance, causes these malicious persons to deduce Request from where.What is more important, the true identity information not sticked one's chin out at all in Alice request (if Need, she can be with pseudonymity), these malicious persons even can not know be who send request.It can be seen that, the position of the present embodiment The application system of method for secret protection has stronger repellence to internal collusion attack.

II) resistance Inference Attack (inference attack), the mainly Inference Attack from LBS service provider, Because LBS service device have recorded all solicited messages transmitted from user, the service provider of malice is desirable with these please Information is asked to deduce the actual position of user.The form for sending request in the inventive method application system with user orientation server is (ID, poi, R), ID is the identity or assumed name of user oneself, and R is the area of space after local anonymity.What CRGA methods were chosen K-1 position is the cell for asking probability larger, and service provider is not simply failed to by anonymous region R clear requests by what Place is sent, or even can cause bigger deviation because of true request location is analyzed according to side information, and this is fine Taken precautions against the Inference Attack that service provider is carried out according to background knowledge.

Due to the defect of some traditional anonymous methods, some attackers may speculate user's actual position just anonymous empty Between center (or other geometric positions).Although this method is that the anonymity list on periphery is found centered on individual subscriber place First lattice, but first look for asking the higher cell of probability, this has the anonymous region for causing generation very big uncertain Property.Also, after this method considers the factor such as data age of unit lattice, will finally aggravate it is this it is uncertain with Machine.Caused result is exactly that the actual position of user is unlikely in the center in the anonymous region of generation.

3rd, for the experimental simulation and Performance Evaluation of the present embodiment method.

In order to which the location privacy protection method of the present embodiment carries out experimental simulation and Performance Evaluation, the present embodiment is flat in Android The system is deployed on platform, 10000 mobile subscribers are set on 10km × 10km maps in city, each mobile subscriber abides by Follow Levy walk mobility model (model has been demonstrated truly to describe the mobile behavior pattern of the mankind), map quilt It is divided into the cell that the length of side is 50m.Initial region request probability is obtained from Google Map API, it is assumed that each user is daily Carry out 10 POI inquiries.In the case of without loss of generality, we consider a POI for the time being.Experimental data is averaged.It is real Some parameters are used in testing, k is the parameter related to space K anonymous methods, represents anonymity degree；H is request wirelessly from group The maximum hop count propagated in peer-to-peer multi-hop mobile communications network is knitted, γ is the threshold value that user is set, and t is the time of simulated experiment (number of days).Method as a comparison has enhanced-DLS methods (abbreviation enhanced-DLS), and MobiCrowd methods are (referred to as ) and CaDSA methods (abbreviation CaDSA) MobiCrowd.

3.1st, communications cost

In order to evaluate communications cost, the present embodiment by changing with time communication request as assessment, The Information Number obtained especially by the Information Number to being obtained from the machine, from the Information Number of neighbours' acquisition and from LBS service device is (i.e. The Information Number obtained from LBS providers) three kinds of data change with time as assessment.Referring to Fig. 8, because in access control Between part cacheware calculate personal audience venue and the POI data that prestores and need the regular hour, therefore the information for being obtained from the machine For number, gradually rise in the early stage, then reach one higher stable state, show that user often asks in personal audience venue POI data cached by the machine after, user main will obtain information from the machine；And the Information Number obtained from neighbours is by initial short Temporarily decline after increase and reach a stationary value, it is seen that user has starting the stage of prestoring strong ask for after information to the demand of neighbours Declined；And user then constantly declines to the demand of server, i.e., the Information Number obtained from LBS providers constantly declines.

Due to the uncertainty of safety problem, it is believed that the request sent from the machine is fewer, and security is higher.And according to On reach stable experimental result, table 1 is concluded to the security protection strength of the location privacy protection method of the present embodiment.

Table 1：The communication overhead and security intensity table of the location privacy protection method of the present embodiment.

Stage	Security intensity	Communication overhead	Information source	Information percentage
					Stage 1	It is high	It is low	The machine	71%
Stage 2	In	In	Neighbours	19%
					Stage 3	It is low	It is high	LBS service device	10%

It can be seen from table 1, ask that mainly information, neighbours will be asked in the machine in the location privacy protection method of the present embodiment Take second place, make to can reach 90% from the local probability for obtaining information, this not only saves communication flows expense, and reduces privacy The risk of leakage, improves secret protection intensity.

As shown in figure 9, the number of request for being sent to server to user under distinct methods compares, enhanced-DLS side A horizontal line is presented in the number of request that method is sent, because it does not utilize cache.Although MobiCrowd and CaDSA methods are sent out The number of request sent is fewer than enhanced-DLS, but still has many requests to be sent to server, respectively may be about 50% and 30%.And The location privacy protection method (RuleCache) of the present embodiment take into account the mobile behavior pattern of user, neighbours cooperation and The factors such as Data renewal mechanism and less request is have sent to server, only about 10% request.This result shows this The location privacy protection method of embodiment than other method preferably make use of prestored information, by reduce be sent to server Number of request reduce communication overhead.

3.2nd, carrying cost

Obviously, the size that terminal storage space takes is depending on the map area size and the POI in region stored Number, it is assumed that each with (a_n, poi, data) form storage POI size be no more than 1KB, using New York City as Example, its a total of 250,000 POI.Because cache methods before, such as CaDSA methods, as use time is elapsed, eventually End spaces takes can be increasing, and maximum possible will store 250, the data of 000 × 1KB=250MB sizes, although this is to present Smart mobile phone without a doubt, but waste larger memory space after all, and store information largely unrelated with user.And The location privacy protection method of the present embodiment only store with the POI near user-related personal audience venue, it is average only consume it is big About 27MB memory space is with regard to that can meet the demand of user, hence it is evident that reduce storage expense.

3.3rd, cache hit rate

Comparative analysis has been carried out to the cache hit rate that user obtains information from local (the machine and neighbours).Such as Figure 10 institutes Show, reflect in t=7, h=4, during γ=0.8, the location privacy protection method (RuleCache) of the present embodiment and existing several Relation between the cache hit rate and parameter k of the method for kind.Because MobiCrowd methods do not account for specially lifting caching life The problem of middle rate, so cache hit rate is not relatively high.Enhanced-DLS methods use cache methods useless, cache hit Rate is 0.CaDSA methods have also reached higher cache hit rate because employing false position to lift cache hit rate.And this The location privacy protection method (RuleCache) of embodiment design when just consider Move Mode, region request probability and Influence of the factors such as user collaboration to cache hit rate, lifts the possibility that user obtains information from the machine and neighbours as far as possible, delays Deposit hit rate and reach 90% or so.As shown in figure 11, the pass between the cache hit rate of several method and time t is reflected System, it can be seen that the cache hit rate of enhanced-DLS methods as before for 0, MobiCrowd methods, CaDSA methods, The cache hit rate of the location privacy protection method (RuleCache) of the present embodiment is increased over time and increased, and is finally reached To a nearly quasi-stationary value.And the location privacy protection method (RuleCache) of the present embodiment remains one relatively high Position, has with respect to other method and at least improves 20%.As a result the location privacy protection method (RuleCache) of the present embodiment is shown There is higher cache hit rate with respect to other method.

In summary, the location privacy protection method of the present embodiment is combined the Move Mode of user with cache methods, and And devise multiple module access protection mechanism come protective position privacy by the distributed collaborative of user, devise in access control Between part realize the standardization of terminal storage, sent and asked using anonymous region generation method, farthest reduce user's Inquiry request, improves secret protection grade.And during to LBS service device solicited message, it is contemplated that background knowledge and data age Property etc. factor influence, improve cache hit rate on the basis of optimization position anonymity scheme, and it is strong to strengthen secret protection Degree.

The above is only the preferred embodiment of the present invention, and protection scope of the present invention is not limited merely to above-mentioned implementation Example, all technical schemes belonged under thinking of the present invention belong to protection scope of the present invention.It should be pointed out that for the art Those of ordinary skill for, some improvements and modifications without departing from the principles of the present invention, these improvements and modifications It should be regarded as protection scope of the present invention.

Claims

1. a kind of anonymous region generation method, it is characterised in that implementation steps include：

1) map is divided into size identical cell in advance, according to user's POI data counting user past of caching each Cell sends the Probability p of request；

2) when user sends LBS service request to LBS service device, the current location a of user is obtained_r, according to the present bit of user Put a_rThe cell formed after k-1 anonymity is obtained using locational space K anonymous methods from peripheral unit lattice, and according to each The out-of-date degree of data of cell storage chooses the out-of-date cell of data and is used as the anonymous region for being sent to LBS service device.

2. anonymous region generation method according to claim 1, it is characterised in that step 2) detailed step include：

2.6) the out-of-date degree of output data and the optimal subset C ' of caching contribution rate k-1 cell are as being sent to LBS service The anonymous region of device.

3. anonymous region generation method according to claim 2, it is characterised in that step 2.4) middle composition candidate collection Function expression such as formula (1) shown in；

In formula (1),Represent candidate collection, subset of the C ' expressions containing k-1 cell, C_cRepresent according to Probability p from big to small Principle select the z peripheral unit lattice specified and gathered, k is anonymity level and is the integer less than z.

4. anonymous region generation method according to claim 2, it is characterised in that step 2.5) fall into a trap and count according to out-of-date degree Function expression such as formula (2) shown in；

O = \frac{1}{n} Σ_{i = 1}^{n} \sqrt{\frac{{t_{i}}^{2}}{T_{i}^{2}}} - - - (2)

In formula (2), O represents the out-of-date degree of data, and n represents the cell quantity in anonymous region, t_iRepresent i-th of cell correspondence User's POI data the existence time of dependence, T are downloaded from LBS service device_iRepresent the corresponding user POI numbers of i-th of cell According to life cycle.

5. anonymous region generation method according to claim 2, it is characterised in that step 2.6) in the out-of-date degree of output data With caching contribution rate shown in the function expression such as formula (3) of optimal subset C ' k-1 cell；

C_{s} = s e t m a x (Σ_{i = 1}^{k - 1} α_{i}) \cdot O - - - (3)

In formula (3), C_sRepresent that the out-of-date degree of data and caching contribution rate optimal subset C ', k are anonymity level and are whole less than z Number, O represents the out-of-date degree of data, α_iRepresent contribution rate of i-th of cell to cache hit rate of selection, and α_iValue and user Past sends the Probability p of request in i-th of cell_iIt is equal.

6. a kind of location privacy protection method, it is characterised in that implementation steps include：

S1) access control middleware is set in the interruption equipment of each user in advance, is calculated and used by access control middleware The positional information at family and the POI data for caching LBS service request；Next step is performed when targeted customer sends LBS service request；

S2 the POI data) cached in the local access control middleware of targeted customer obtains POI data, if obtained successfully, Then export the POI data of acquisition and exit；Otherwise execution step S3 is redirected)；

S3) neighbor user into network sends LBS cooperations and mutually takes request, in the local access control middleware of neighbor user Shared POI data is obtained, POI data is obtained in the POI data shared from all neighbor users, it is defeated if obtained successfully Go out the POI data of acquisition and exit；Otherwise execution step S4 is redirected)；

S4) anonymous region generation method of the targeted customer according to any one in Claims 1 to 5 is generated for being sent to The anonymous region of LBS service device, and LBS clothes are sent to LBS service device as the anonymous location of user based on the anonymous region Business request, and the POI data output that LBS service device is returned.

7. location privacy protection method according to claim 6, it is characterised in that step S1) in by access control Between part calculate user positional information when also include determine user personal audience venue, the access control middleware caching POI During data, if the physical location of LBS service request is personal audience venue, the physical location periphery is specified in radius POI data is cached, and is set to default sharing to the non-sensitive information of storage；If the actual bit of LBS service request Non- personal audience venue is set to, then does not cache the POI data in the specified radius in the physical location periphery.

8. location privacy protection method according to claim 7, it is characterised in that the personal audience venue tool of the determination user Body refers to：Counting user appears in the occurrence number n of a certain position, if occurrence number n of the user in a certain position is more than in advance If threshold value c, then judge personal audience venue of the position as user.

9. location privacy protection method according to claim 6, it is characterised in that step S2) detailed step include：

S2.1) searched in the POI data cached in the local access control middleware of targeted customer and LBS service asks matching POI data, obtain set P₁, wherein P₁={ a_p1,a_p2..., a_p1,a_p2It is the POI data of matching；

S2.2) will set P₁Common factor is taken with the ideal zone request complete or collected works Q of targeted customer | P₁∩ Q |, wherein Q={ a_q1, a_q2..., a_q1,a_q2It is the ideal zone request complete or collected works Q of targeted customer POI data；

S2.3) according to formula (4) first order calculation information threshold λ₁If calculating obtained primary information threshold λ₁More than or equal to default One-level expects threshold gamma₁, then will occur simultaneously | P₁∩ Q | export and exit, otherwise redirect execution step S3)；

λ_{1} = \frac{| P_{1} \cap Q |}{| Q |} - - - (4)

In formula (4), λ represents primary information threshold, | P₁∩ Q | represent set P₁Friendship is taken with the ideal zone request complete or collected works Q of targeted customer Collection, P₁Represent in the POI data cached in the local access control middleware of targeted customer and LBS service asks the POI of matching Data, Q represents the ideal zone request complete or collected works of targeted customer.

10. location privacy protection method according to claim 6, it is characterised in that step S3) detailed step include：

S3.1) targeted customer and its neighbor user are in together in self-organizing peer-to-peer multi-hop mobile communications network, targeted customer to A form is sent in self-organizing peer-to-peer multi-hop mobile communications network for (poi, LBS cooperations h) mutually take request, and poi is letter Name is ceased, the hop count that h is propagated in a network for request often can subtract 1, when hop count h is kept to 0 by the hop count h in user's request Request is no longer propagated；

S3.2 the neighbor user of request) is received LBS to cooperate the information name poi and the machine access control middleware mutually taken in request The content of middle storage is matched, if there is related POI data, is returned to targeted customer；

S3.3) if targeted customer receives the POI data of return, the POI numbers that all neighbor users of targeted customer are returned According to the POI data life for asking matching in the POI data cached in the access control middleware local with targeted customer with LBS service Into set P, wherein P={ a_p1,a_p2..., a_p1,a_p2It is the POI data in set P；

S3.4 the ideal zone request complete or collected works Q of set P and targeted customer) are taken into common factor | P ∩ Q |, wherein Q={ a_q1,a_q2..., a_q1,a_q2It is the ideal zone request complete or collected works Q of targeted customer POI data；

S2.3 second-level message threshold λ) is calculated according to formula (5)₂If calculating obtained second-level message threshold λ₂More than or equal to default Two grades of expectation threshold gammas₂, then will occur simultaneously | P ∩ Q | export and exit, otherwise redirect execution step S4)；

λ_{2} = \frac{| P \cap Q |}{| Q |} - - - (5)

In formula (5), λ₂Second-level message threshold is represented, | P ∩ Q | represent that the ideal zone request complete or collected works Q of set P and targeted customer take friendship Collection, P is represented in the POI data and the local access control middleware of targeted customer of all neighbor users return of targeted customer The set of the POI data generation of matching is asked in the POI data of caching with LBS service, Q represents that the ideal zone of targeted customer please Demand perfection collection.