CN109543422A

CN109543422A - A kind of privacy information method of disposal, apparatus and system

Info

Publication number: CN109543422A
Application number: CN201811272602.7A
Authority: CN
Inventors: 李凤华; 李晖; 牛犇; 李维皓; 王瀚仪
Original assignee: Xidian University; Institute of Information Engineering of CAS
Current assignee: Xidian University; Institute of Information Engineering of CAS
Priority date: 2018-10-30
Filing date: 2018-10-30
Publication date: 2019-03-29

Abstract

The embodiment of the invention discloses a kind of privacy information method of disposal, apparatus and system, the method for protecting privacy includes: the corresponding first private attribute vector of the first privacy information vector sum for constructing the first solicited message；The Privacy preserving algorithms of the first privacy information vector are selected according to the application scenarios of the first solicited message and the first private attribute vector；Secret protection is carried out using first privacy information vector of the Privacy preserving algorithms to the first solicited message to handle to obtain the second privacy information vector；The second solicited message is constructed according to the second privacy information vector；Wherein, the context of the second solicited message request is greater than or equal to the context of the first solicited message request.The embodiment of the present invention is based on the first solicited message and constructs the second solicited message; the context of second solicited message request is greater than or equal to the context of the first solicited message request; secret protection is carried out to the content of user's request, to improve the personal secrets of user.

Description

A kind of privacy information method of disposal, apparatus and system

Technical field

The present embodiments relate to but be not limited to information technology field, espespecially a kind of privacy information method of disposal, device and System.

Background technique

As information technology and network technology are lasting, fast-developing, related application is widely available and personalized service is continuous Evolution, large-scale Internet company have accumulated mass data during providing service, these data are frequently cross-border, interdepartmental System, across the ecosphere interaction have become normality, and it is intentional in different information systems or be not intended to retain to cause privacy information, and by A large number of users privacy information is contained in the data of accumulation.So that user enjoy work, life, in terms of it is convenient Meanwhile data face risk of leakage during data collection, shared, storage, analysis etc., have seriously threatened that user's is hidden Private safety.

For information technology when providing easily service, service provider is in the privacy information for constantly obtaining user.? Under the powerful calculating of service provider, storage, processing capacity, the user information for seeming non-sensitive can be utilized, and final point Analysis obtains sensitive privacy, has seriously threatened the personal secrets of user.For example, user is in the doctor for inquiring special defects disease at one's side Institute, then can by speculate the people suffer from certain class particularity disease, once the information exposure may cause the user is discriminated against or spy It is very unmoral to treat.

Summary of the invention

The embodiment of the invention provides a kind of privacy information method of disposal, apparatus and system, it can be improved and improve user's Personal secrets.

At least one the embodiment of the invention provides a kind of privacy information method of disposal, include the following steps:

Construct the corresponding first private attribute vector of the first privacy information vector sum of the first solicited message；

The hidden of the first privacy information vector is selected according to the application scenarios of the first solicited message and the first private attribute vector Private protection algorism；

Secret protection processing is carried out using first privacy information vector of the Privacy preserving algorithms to the first solicited message Obtain the second privacy information vector；The second solicited message is constructed according to the second privacy information vector；Wherein, the second solicited message is asked The context asked is greater than or equal to the context of the first solicited message request.

In embodiments of the present invention, this method further include:

Receive the content of the second solicited message request；

The content that first solicited message is requested is filtered out from the content that second solicited message is requested.

In embodiments of the present invention, the first private attribute vector of the building includes:

The privacy information component of the first privacy information vector is determined according to the application scenarios of first solicited message Significance level；

According to the significance level of the privacy information component of the first privacy information vector determine corresponding first private attribute to The private attribute component of amount.

In embodiments of the present invention, the application scenarios according to the first solicited message determine the first privacy information vector The significance level of privacy information component includes:

In the first corresponding relationship between pre-set application scenarios, privacy information component and significance level, search The corresponding significance level of privacy information component of the application scenarios of first solicited message, the first privacy information vector.

In embodiments of the present invention, the significance level of the privacy information component according to the first privacy information vector determines The private attribute component of corresponding first private attribute vector includes:

Between the significance level of pre-set privacy information component and the secret protection degree of private attribute component In second corresponding relationship, the corresponding private attribute of significance level of the privacy information component of the first privacy information vector is searched The secret protection degree of component.

In embodiments of the present invention, described to be selected according to the application scenarios of the first solicited message and the first private attribute vector The Privacy preserving algorithms of first privacy information vector include:

In third corresponding relationship between pre-set application scenarios, private attribute component and Privacy preserving algorithms, The privacy information component of the application scenarios and the first privacy information vector of searching first solicited message is corresponding described The corresponding Privacy preserving algorithms of private attribute component of first private attribute vector；

Complexity is selected to match with capacity of equipment from the Privacy preserving algorithms found, and security effectiveness analyzes result The Privacy preserving algorithms for meeting preset condition are calculated as the secret protection of the privacy information component of the first privacy information vector Method；

It is described that secret protection is carried out using first privacy information vector of the Privacy preserving algorithms to the first solicited message Processing obtains the second privacy information vector and includes:

Privacy preserving algorithms using the privacy information component of the first privacy information vector believe first privacy The privacy information component of breath vector carries out secret protection and handles to obtain the privacy information component of the second privacy information vector.

In embodiments of the present invention, described to include according to the second solicited message of the second privacy information vector building:

By the corresponding privacy of range some or all of indicated by the privacy information component of the second privacy information vector Information reconfigures to obtain second solicited message；

Alternatively, range some or all of indicated by the privacy information component of the second privacy information vector is corresponding Non- privacy information in privacy information and first solicited message reconfigures to obtain second solicited message.

At least one the embodiment of the present invention proposes a kind of privacy information disposal plant, comprise the following modules:

Construct module, for construct corresponding first private attribute of the first privacy information vector sum of the first solicited message to Amount；

Privacy preserving algorithms selecting module, for the application scenarios and the first private attribute vector according to the first solicited message Select the Privacy preserving algorithms of the first privacy information vector；

Secret protection processing module, for the first privacy information using the Privacy preserving algorithms to the first solicited message Vector carries out secret protection and handles to obtain the second privacy information vector；According to the second privacy information vector building the second request letter Breath；Wherein, the context of the second solicited message request is greater than or equal to the context of the first solicited message request.

The embodiment of the present invention proposes a kind of privacy information disposal plant, including processor and computer-readable storage medium Matter is stored with instruction in the computer readable storage medium, when described instruction is executed by the processor, realizes above-mentioned A kind of at least one of privacy information method of disposal step.

The embodiment of the present invention proposes a kind of computer readable storage medium, is stored thereon with computer program, the meter Calculation machine program realizes at least one of any of the above-described kind of privacy information method of disposal step when being executed by processor.

The embodiment of the present invention proposes a kind of privacy information disposal system, comprising:

Secret protection processing module, for the first privacy information using the Privacy preserving algorithms to the first solicited message Vector carries out secret protection and handles to obtain the second privacy information vector；According to the second privacy information vector building the second request letter Breath；Wherein, the context of the second solicited message request is greater than or equal to the context of the first solicited message request；

Wherein, the building module, Privacy preserving algorithms selecting module and secret protection processing module are arranged in different In equipment.

The embodiment of the present invention includes at least one following steps: the first privacy information vector sum of the first solicited message of building First private attribute vector determines the incidence relation between first privacy information vector sum the first private attribute vector；According to One private attribute vector sum incidence relation selects at least one Privacy preserving algorithms；It is asked using the Privacy preserving algorithms to first It asks the first privacy information vector of information to carry out secret protection to handle to obtain the second privacy information vector；According to the second privacy information Vector constructs the second solicited message；Wherein, the context of the second solicited message request is greater than or equal to the first solicited message and asks The context asked.The embodiment of the present invention is based on the first solicited message and constructs the second solicited message, the request of the second solicited message Context is greater than or equal to the context of the first solicited message request, carries out secret protection to the content of user's request, from And improve the personal secrets of user.

Firstly, realizing the method for secret protection perceived to private attribute according to the difference of application scenarios and privacy information；Its Secondary, the embodiment of the present invention considers the incidence relation of privacy information and private attribute, reasonably has chosen Privacy preserving algorithms, The privacy information of user is protected；Again, the embodiment of the present invention requests to carry out privacy guarantor according to the first information of user Shield operation generates by privacy treated the second solicited message, guarantees when the second information request is sent to service provider not The privacy information while user that user can be revealed can enjoy corresponding service；Finally, in the method for realizing secret protection, entirely The considerations of orientation, is to application scenarios, privacy information, private attribute, the capacity of equipment of user and such selected algorithm complexity Whether reach preset value with security performance, realizes fine-grained method for secret protection, the privacy information of comprehensive protection user.

The other feature and advantage of the embodiment of the present invention will illustrate in the following description, also, partly from explanation It is become apparent in book, or understood by implementing the embodiment of the present invention.The purpose of the embodiment of the present invention and other advantages It can be achieved and obtained by structure specifically noted in the specification, claims and drawings.

Detailed description of the invention

Attached drawing is used to provide one for further understanding technical solution of the embodiment of the present invention, and constituting specification Point, it is used to explain the present invention the technical solution of embodiment together with the embodiment of the embodiment of the present invention, does not constitute to the present invention The limitation of embodiment technical solution.

Fig. 1 is the flow chart for the privacy information method of disposal that one embodiment of the invention proposes；

Fig. 2 is the structure composition schematic diagram for the privacy information disposal plant that another embodiment of the present invention proposes.

Specific embodiment

The embodiment of the present invention is described in detail below in conjunction with attached drawing.It should be noted that in the feelings not conflicted Under condition, the feature in embodiment and embodiment in the present invention can mutual any combination.

Step shown in the flowchart of the accompanying drawings can be in a computer system such as a set of computer executable instructions It executes.Also, although logical order is shown in flow charts, and it in some cases, can be to be different from herein suitable Sequence executes shown or described step.

Referring to Fig. 1, one embodiment of the invention proposes a kind of privacy information method of disposal, include the following steps at least it One:

Step 100, the corresponding first private attribute vector of the first privacy information vector sum for constructing the first solicited message.

In embodiments of the present invention, the first solicited message has included the information for obtaining the content of user's request.For example, User want obtain current location around restaurant, then the first solicited message include current location information, the first preset range and Restaurant, the content of user's request include the restaurant in the first preset range centered on current location.

In embodiments of the present invention, the first privacy information vector refer to from least one privacy information component constitute to Amount, privacy information component refer to atom letter that is information content in the privacy information of symbolism, indivisible, mutually disjointing Breath.

Wherein, privacy information refers to the personal information for meeting at least one of condition:

Information generator is reluctant that other people know；

Other people know in inconvenience；

The circulation way that information generator is only willing to that within the scope of the crowd that I approves and I approves is propagated.

Wherein, privacy information includes at least one of solicited message, i.e., for example, above-mentioned user wants to obtain current location In the example in the restaurant of surrounding, privacy information includes at least one of: current location information, the first preset range and restaurant.

Wherein, symbolism atom information is to represent atom information with letter or mathematic sign.For example, by present bit confidence Breath symbol turns to loc.

Wherein, atom information is the minimum unit of information.Atom information type includes but is not limited at least one of: text Sheet, audio, video, image.

In embodiments of the present invention, the first private attribute vector is the vector being made of at least one private attribute component, Private attribute component refers to the private attribute of symbolism.

Wherein, private attribute component refers to the protection journey to subscript privacy information component identical with private attribute component Degree.

In embodiments of the present invention, the first private attribute vector realize to the degree of protection of privacy information carry out quantization and Abstract, because of different privacy informations and different application scenarios, required secret protection degree is different, so the first privacy category Property vector is the tradeoff to application scenarios and privacy information.

In embodiments of the present invention, the first private attribute vector of building includes:

The important journey of the privacy information component of the first privacy information vector is determined according to the application scenarios of the first solicited message Degree；

Wherein, the significance level of privacy information component is higher, the private attribute in corresponding first private attribute vector point The secret protection degree of amount is higher, and the significance level of privacy information component is lower, hidden in corresponding first private attribute vector The secret protection degree of private attribute component is lower.

Wherein, the weight of the privacy information component of the first privacy information vector is determined according to the application scenarios of the first solicited message The degree is wanted to include:

Wherein, the significance level of the same privacy information component of different application scene may be identical, it is also possible to different.Example Such as, in payment scene, the significance level of privacy information component are as follows: direct information > collateral information > other information.

Wherein, direct information include but is not limited to the ID card No. for including: user, account and password, name, occupation, Address.

Wherein, collateral information includes but is not limited to the location information for including: stop ground, inquiry content, the number thumbed up, purchase The commodity bought.

Wherein, corresponding first privacy category is determined according to the significance level of the privacy information component of the first privacy information vector The private attribute component of property vector includes:

Between the significance level of pre-set privacy information component and the secret protection degree of private attribute component In second corresponding relationship, the corresponding private attribute component of significance level of the privacy information component of the first privacy information vector is searched Secret protection degree.

For example, illustrating that significance level is higher if privacy information component is the account password of user, being then associated with secret protection The high private attribute component of degree；If privacy information component is the evaluation of some vegetable, illustrates that significance level is lower, then close Join the low private attribute component of secret protection degree.

Wherein, the value range of the numerical value of private attribute component is [1, X], and 1 indicates that private attribute is minimum, with numerical value Increase private attribute to gradually increase, i.e. X (such as 10) indicates private attribute highest.When private attribute is lower, secret protection is indicated Degree is lower, conversely, indicating that secret protection degree is higher when private attribute is higher.The privacy that private attribute component is constituted Attribute vector is a reference information during Privacy preserving algorithms are chosen.

Step 101 selects the first privacy information according to the application scenarios of the first solicited message and the first private attribute vector The Privacy preserving algorithms of vector.

In embodiments of the present invention, according to the application scenarios of the first solicited message and the first private attribute vector selection first The Privacy preserving algorithms of privacy information vector include:

The Privacy preserving algorithms of the first privacy information vector are selected according to following information:

The application scenarios of first solicited message, the first private attribute vector, capacity of equipment, the complexity of Privacy preserving algorithms The security effectiveness analysis result of degree, Privacy preserving algorithms.

Wherein, the Privacy preserving algorithms of the first privacy information vector of selection include:

In third corresponding relationship between pre-set application scenarios, private attribute component and Privacy preserving algorithms, Search corresponding first private attribute of privacy information component of the application scenarios and the first privacy information vector of the first solicited message The corresponding Privacy preserving algorithms of private attribute component of vector；

Complexity is selected to match with capacity of equipment from the Privacy preserving algorithms found, and security effectiveness analyzes result Meet the Privacy preserving algorithms of the Privacy preserving algorithms of preset condition as the privacy information component of the first privacy information vector.

Wherein, preset condition is the measurement standard of each analysis item in security effectiveness analysis, whether measures the analysis item Reach preset requirement, which is a value range, if the value of security effectiveness analysis belongs in preset value range, Then illustrate that the Privacy preserving algorithms are available；If the value of security effectiveness analysis belongs to outside preset value range, illustrate that this is hidden Private protection algorism is unavailable.

Wherein, the complexity with capacity of equipment of Privacy preserving algorithms match, and refer to that the equipment has and run the privacy The ability of protection algorism matches the secret protection of lot of complexity if the assessed value of capacity of equipment is higher than the threshold value of setting Algorithm, if the assessed value of capacity of equipment matches lower Privacy preserving algorithms less than or equal to the threshold value of setting.

For example, the first private attribute vector value is high, and the processing capacity of equipment is strong, and communication capacity is excellent, then in payment scene Select the Privacy preserving algorithms based on encryption.

Wherein, application scenarios include but is not limited to any of the following: shared scene, inquiry scene, payment scene.It is above-mentioned to answer With the sequence of the secret protection degree of scene are as follows: payment scene > shared scene > inquiry scene.

Wherein, Privacy preserving algorithms include but is not limited to any of the following: Privacy preserving algorithms based on encryption, based on disturbing Random Privacy preserving algorithms, based on the Privacy preserving algorithms obscured, based on fuzzy Privacy preserving algorithms.

The secret protection degree of above-mentioned Privacy preserving algorithms sorts are as follows: and the Privacy preserving algorithms based on encryption > based on upset Privacy preserving algorithms > based on the Privacy preserving algorithms obscured > based on fuzzy Privacy preserving algorithms.

Wherein, capacity of equipment includes but is not limited to: storage capacity, processing capacity, communication capacity (signal strength), electricity, It networks access module (mobile cellular network and Wi-Fi).The sequence of above equipment ability are as follows: processing capacity > communication capacity > networking Access module > electricity > storage capacity.The assessed value of capacity of equipment is weighted assignment according to above content, is summed by weight It is compared with threshold value.

Wherein, access module is networked directly concerning the communication overhead for arriving user, so in the case where mobile cellular network, The lesser Privacy preserving algorithms of communication overhead are selected, the communication that emphasis considers Privacy preserving algorithms is then not required in Wi-Fi Expense.Similarly, when equipment has the performance of high storage, strength reason, strong signal and high electricity, then focus on protecting privacy information, It is intended to provide safest secret protection.

For example, the higher privacy information component of significance level, and to calculating, the equipment that communicates and be stored with enough abilities, Then distribute the Privacy preserving algorithms based on encryption；The lower privacy information component of significance level, and to calculating, communication and storage energy The limited equipment of power, then distribution is based on fuzzy Privacy preserving algorithms.

In embodiments of the present invention, the complexity of Privacy preserving algorithms includes but is not limited to: time complexity, spatial complex Degree and communication overhead.

Wherein, time complexity is to execute the time, is that request is initiated from user after Privacy preserving algorithms output protection Time consumed by end of data；

Space complexity is memory space, is calculated and processing during is the big of the memory space occupied entire It is small；

Communication overhead is then that the size of data exported from Privacy preserving algorithms determines communication overhead.

In embodiments of the present invention, the security effectiveness analysis result of Privacy preserving algorithms includes but is not limited to following any It is a:

Probability, comentropy, expectation, variance.

Wherein, probability refers to the probability that privacy information is exposed.Probability value is higher, indicates the protected degree of privacy information Lower, security effectiveness is lower；Probability value is lower, indicates that the protected degree of privacy information is higher, security effectiveness is higher.

For example, probability obtains the visit that can acquire the position by the way that access point is arranged based in location-based service scene The amount of asking, or obtained from existing third party, such as pass through application programming interface (API, the Application of Google Maps Programming Interface) obtain the amount of access of position.Assuming that the amount of access for getting some map is M, on the ground Position loc in figure_iAmount of access be m_i, then position loc_iProbability q_iAre as follows:

Wherein, comentropy refers to the uncertainty of privacy information.Information entropy is bigger, indicates the uncertainty of privacy information It is higher, then it represents that security effectiveness is higher；Information entropy is smaller, indicates that the uncertainty of privacy information is lower, then it represents that safety effect It can be lower.Comentropy is obtained by the definition of comentropy, it may be assumed that

Wherein, H is comentropy, P_iFor privacy information S_iProbability, n be privacy information quantity.

Wherein, it is expected that referring to privacy information secret protection desired value achieved.Desired value is bigger, indicates privacy information Degree of protection is higher, and security effectiveness is higher；Desired value is lower, indicates that the degree of protection of privacy information is lower, security effectiveness is lower. It is contemplated to be and is obtained by its definition, it may be assumed that

Wherein, P_iFor privacy information S_iProbability, X_iFor privacy information S_iCorresponding privacy information vector.

Wherein, variance refers to the departure degree between privacy information.Variance is bigger, indicates the deviation journey between privacy information Degree is bigger, and the degree of association between privacy information is lower, and the protected degree of privacy information is higher, and security effectiveness is higher；Side Difference is smaller, indicates that the departure degree between privacy information is smaller, the degree of association between privacy information is higher, and privacy information is protected The degree of shield is lower, and security effectiveness is lower.Variance is obtained by its definition, it may be assumed that

D=E { X-E (X)²}

Wherein, X is corresponding privacy information vector, and E is expectation.

Step 102 carries out privacy using first privacy information vector of the Privacy preserving algorithms to the first solicited message Protection handles to obtain the second privacy information vector；The second solicited message is constructed according to the second privacy information vector；Wherein, it second asks The context of information request is asked to be greater than or equal to the context of the first solicited message request.

In embodiments of the present invention, secret protection is carried out to the first privacy information vector using the Privacy preserving algorithms of selection Processing obtains the second privacy information vector and includes:

Wherein, Privacy preserving algorithms include at least one of: encrypting, upset, obscure, obscure.

Wherein, encryption, which refers to, is encrypted privacy information component.For example, user query account information, request letter Breath includes account and password.It is possible to be encrypted by privacy information component of the Encryption Algorithm to user.

Wherein, upset, which refers to, adds noise in privacy information component, to interfere the exposure of privacy information.For example, right Location information upsets method using difference and carries out upset processing, i.e., location information is added plane Laplacian noise, so that attacking The person of hitting can not obtain the actual position information of user by obtained information analysis.

Wherein, obscure the privacy information component for referring to that addition is false, allow attacker which privacy information point can not be distinguished Amount is the true privacy information of user.For example, the restaurant near user's request, then solicited message includes current location information, the One preset range and restaurant, the content of user's request include the restaurant in the first preset range centered on current location.That , the location information that multiple falsenesses can be generated obscures operation to realize.

Wherein, it obscures and refers to privacy information component progress Fuzzy processing, i.e., indicated by expansion privacy information component Range.For example, user requests the bus station near crossroad, then solicited message includes the location information of crossroad, first Preset range and bus station, the content of user's request include the public affairs in the first preset range centered on the position of crossroad Hand over station.It is possible to which the location information to crossroad carries out Fuzzy Processing, i.e., an area is expanded as into the position of crossroad Domain, to realize blurring protection.

In embodiments of the present invention, constructing the second solicited message according to the second privacy information vector includes: by the second privacy Some or all of the indicated corresponding privacy information of range of the privacy information component of information vector, which reconfigures to obtain second, asks Seek information；

Alternatively, by the corresponding privacy of range some or all of indicated by the privacy information component of the second privacy information vector Non- privacy information in information and the first solicited message reconfigures to obtain the second solicited message.

Second solicited message can be one, be also possible to two or more.

In another embodiment, this method further include:

Receive the content of the second solicited message request；It is filtered out from the content that second solicited message is requested The content of the first solicited message request.

That is, receive the second solicited message request content when, can will the second solicited message request in Appearance is presented to the user, and useful content is selected by user；It is asked alternatively, filtering out first from the content that the second solicited message is requested The content that first solicited message is requested is presented to the user by the content for seeking information request.

Wherein, in the content and the request of the second solicited message that the process of screening only needs to be requested according to the first solicited message Appearance is matched, and the content matched is presented to the content of user.For example, the content of the first solicited message of user request For the restaurant within 100 meters, the content of the second solicited message request is the restaurant within 500 meters, need to only match the first request letter 100 meters of request range, the restaurant within 100 meters is presented in breath, and the information other than 100 meters to 500 meters will not It presents.

The embodiment of the present invention is based on the first solicited message and constructs the second solicited message, the content model of the second solicited message request The context for being greater than the request of the first solicited message is enclosed, secret protection is carried out to the content of user's request, to improve user Personal secrets.

It is described in detail, is lifted below by method for protecting privacy of the specific example to the embodiment of the present invention Example is not used in the protection scope for limiting the method for protecting privacy of the embodiment of the present invention.

Example 1

In this example, first terminal to first server request data, this method comprises:

Step 200, the corresponding first private attribute vector of the first privacy information vector sum for constructing the first inquiry request.

In this step, the first inquiry request contains information required for user query data.For example, supervision department's conduct User needs to request the related data information of enterprise to supervise to the enterprise, in order to avoid data are distorted by enterprise, However supervision department is not intended to enterprise and knows that the specific data to be inquired are, then supervision department needs to ask the first inquiry Ask carry out secret protection.Wherein, the first privacy information vector I=< ID, time, type >, wherein ID is user identity, time For timestamp, type is the data type of inquiry, (such as indicates that data are cost prices, pin for indicating that this data is Sell volume, environmental protection index etc.).

In this step, private attribute refers to the degree of protection to privacy information, and the first private attribute vector is A=< 0,0,9 >, 9 corresponding higher secret protection degree, because the first inquiry request that user sends to first server cannot allow the first clothes Business device is known in advance, so that the corresponding secret protection degree of the type being sent in the first inquiry request of first server is 9； Wherein 0 indicate identity and timestamp to user without protection.

Wherein it is possible to be every number according to the privacy significance level of data type existing in the data set of first server Weight is distributed according to type, finally by the probability secret protection degree as corresponding type of the weight of distribution, first service The data type of device data set is disclosed.For example, two item datas, first item weight is 2, and Section 2 weight is 1, that output the One probability is exactly 2/3rds, and Section 2 probability is exactly one third.

Step 201 selects the first privacy information according to the application scenarios of the first inquiry request and the first private attribute vector The Privacy preserving algorithms of vector.

In this step, the Privacy preserving algorithms of the first privacy information vector are selected according to following information:

The application scenarios of first inquiry request, the first private attribute vector, capacity of equipment, the complexity of Privacy preserving algorithms The security effectiveness analysis result of degree, Privacy preserving algorithms.

Wherein, application scenarios are data query scene, and the Privacy preserving algorithms that user selects are protected for the privacy based on difference Algorithm is protected, i.e., secret protection processing is carried out to the first privacy information component using difference Privacy preserving algorithms.

Wherein, secret protection degree 9 corresponds to DP in the first private attribute vector.

Wherein, DP is standard difference privacy (Differential Privacy).Standard difference privacy refers to be looked into given Under conditions of asking request, for any pair of adjacent data collection, attacker can not be from the result that difference privacy algorithm exports It is inferred to the source of data.

Wherein, adjacent data collection refers to that domain is identical, and in addition to an element difference, other elements are a pair of all identical Meaning data set.

Wherein, domain refers to the value range of every one kind data in data set.

In this step, terminal unit ability refers to the storage capacity of terminal device, processing capacity, communication capacity.

Wherein, storage capacity refers to the storage energy of inquiry request of the terminal device to inquiry request, after difference processing Power.

Wherein, processing capacity refers to that terminal device generates the meter of the inquiry request after difference processing according to Privacy preserving algorithms Calculation ability.

Wherein, communication capacity refers to that terminal device sends the inquiry request after difference processing to the ability of server.

In this step, the complexity of Privacy preserving algorithms refers to the time complexity of Privacy preserving algorithms, space complexity, Transport overhead.

Wherein, time complexity refers to the time overhead of Privacy preserving algorithms operation.

Wherein, space complexity refers to the space expense of Privacy preserving algorithms operation.

Wherein, transport overhead refers to that user is uploaded to the size for adding the private data after making an uproar of server.

In this step, security effectiveness analysis result is mainly indicated with probability, is protected by calculating by difference privacy algorithm The identical probability of disturbance result that user data obtains on a pair of of adjacent data collection measures secret protection degree, concrete form It is as follows:

Wherein D₁And D₂Refer to that a pair of of adjacent data collection, S refer to the random subset of difference privacy algorithm output codomain, M refers to The protection of difference privacy algorithm.

Step 202 carries out privacy using first privacy information vector of the Privacy preserving algorithms to the first inquiry request Protection handles to obtain the second privacy information vector；The second inquiry request is constructed according to the second privacy information vector；Wherein, it second looks into The context for asking request inquiry is greater than or equal to the context of the first inquiry request inquiry.

In this step, the second privacy information vector refers to that the first privacy vector I is obtained after the processing of user's difference privacy Privacy information vector I'.

Wherein, the inquiry that the inquiry request range of the data of the second privacy information vector is greater than the first privacy information vector is asked Seek range.

Above-mentioned steps 200~202 can execute in first terminal, can also take at least one second terminal or second It executes, can also be executed in first terminal and at least one second terminal or second server in business device.

Example 2

This method comprises:

Step 300, the corresponding first private attribute vector of the first privacy information vector sum for constructing the first solicited message.

In this step, the first solicited message refers to the solicited message for the information sharing that single is sent.

In this step, privacy information includes: user identity, timestamp, location information, inquiry content.So, the first privacy Information vector I=<ID, t, loc, que>；Wherein, ID is user identity, and t is timestamp, and loc is location information, and que is inquiry Content.

In this step, private attribute refers to the degree of protection to privacy information, i.e. first private attribute vector A=< 0,0, 3,4>.Wherein 0 identity and timestamp to user are indicated without protection, because assuming that user's use is the pet name in this example And Real time request.

Step 301 selects the first privacy information according to the application scenarios of the first solicited message and the first private attribute vector The Privacy preserving algorithms of vector.

According to first attribute vector A=<0,0,3,4>, the wherein system recommendation of numerical value 3 and 4 selection is protected based on the privacy obscured Algorithm is protected, so the Privacy preserving algorithms of k anonymity are selected to protect the location privacy of user, the multifarious Privacy preserving algorithms of l To protect the inquiry content privacy of user.

K anonymity and the multifarious Privacy preserving algorithms of l belong to based on the Privacy preserving algorithms obscured, i.e., according to privacy information The probability of location information in vector selects the location information with equal probabilities to believe as anonymization position in situational map Breath obtains k-1 false location information and l-1 false inquiry content.

Wherein, the probability of location information can be obtained by two methods, the first setting access point, taken at regular intervals position On transmission information number, be for second application programming interface (API, the Application by Google Maps Programming Interface) can the number that the location information is sent directly be obtained from third party.Pass through any of the above one Kind method obtains the information of the region whithin a period of time and sends number, obtains the general of required location information by ratio calculation Rate, position loc in map_iProbability calculation it is as follows:

Wherein, M is the information transmission number for getting some map, the position loc in the map_iInformation send number For m_i。

In this step, the complexity of Privacy preserving algorithms refer to the time complexity of Privacy preserving algorithms, space complexity, Communication overhead, security effectiveness analysis result refer to anonymity amount.

Wherein, time complexity refers to the execution time of Privacy preserving algorithms operation.

Wherein, space complexity refers to the memory space of Privacy preserving algorithms operation.

Wherein, communication overhead is the k-1 dummy location information generated after Privacy preserving algorithms, and l-1 false Inquire content information and the true location information of user, the information size for inquiring content totality.Wherein, privacy measurement, which is chosen, is based on Comentropy realizes security effectiveness analysis.Wherein, the entropy of location information calculates:

Wherein P_iFor position loc_iInquiry probability.Because of the k-1 false location information chosen and the true position of user Confidence ceases probability having the same, entropy maximum (characteristic of comentropy) is obtained according to the calculation formula of entropy, to illustrate letter The uncertain highest of breath, secret protection efficiency are best.

The entropy for inquiring content calculates:

Wherein Q_iTo inquire content que_iInquiry probability.Because the l-1 false inquiry content chosen and user are true Inquiry content probability having the same, it is maximum (characteristic of comentropy) that entropy is obtained according to the calculation formula of entropy, to say The uncertain highest of bright information, secret protection efficiency are best.

Step 302 carries out privacy using first privacy information vector of the Privacy preserving algorithms to the first solicited message Protection handles to obtain the second privacy information vector；The second solicited message is constructed according to the second privacy information vector；Wherein, it second asks The context of information request is asked to be greater than the context of the first solicited message request.

Above-mentioned steps 300~303 can execute in first terminal, can also take at least one second terminal or second It executes, can also be executed in first terminal and at least one second terminal or second server in business device.

Referring to fig. 2, another embodiment of the present invention proposes a kind of privacy information processing unit, comprises the following modules at least One of:

Module 201 is constructed, for constructing the corresponding first privacy category of the first privacy information vector sum of the first solicited message Property vector；

Privacy preserving algorithms selecting module 202, for the application scenarios and the first private attribute according to the first solicited message Vector selects the Privacy preserving algorithms of the first privacy information vector；

Secret protection processing module 203, for the first privacy using the Privacy preserving algorithms to the first solicited message Information vector carries out secret protection and handles to obtain the second privacy information vector；According to the second request of the second privacy information vector building Information；Wherein, the context of the second solicited message request is greater than or equal to the context of the first solicited message request.

Above-mentioned building module 201, Privacy preserving algorithms selecting module 202 and secret protection processing module 203 can be set In different equipment, also it can be set in same equipment.

Information generator is reluctant that other people know；

Other people know in inconvenience；

Wherein, private attribute component refers to the degree of protection of subscript privacy information component identical with private attribute component.

In embodiments of the present invention, building module 201 is specifically used for realizing the first private attribute of building in the following ways Vector:

Wherein, building module 201 is specifically used for realizing in the following ways true according to the application scenarios of the first solicited message The significance level of the privacy information component of fixed first privacy information vector:

Wherein, building module 201 is specifically used for realizing in the following ways and be believed according to the privacy of the first privacy information vector The significance level of breath component determines the private attribute component of corresponding first private attribute vector:

In embodiments of the present invention, Privacy preserving algorithms selecting module 202 is specifically used for:

Probability, comentropy, expectation, variance.

D=E { X-E (X)²}

Wherein, X is corresponding privacy information vector, and E is expectation.

In embodiments of the present invention, secret protection processing module 203 is specifically used for being realized in the following ways using selection Privacy preserving algorithms to the first privacy information vector carry out secret protection handle to obtain the second privacy information vector:

Wherein, Privacy preserving algorithms include at least one of: obscuring, upset, obscure, encrypt.

In embodiments of the present invention, secret protection processing module 203 is specifically used for being realized in the following ways according to second Privacy information vector constructs the second solicited message:

By the corresponding privacy information of range some or all of indicated by the privacy information component of the second privacy information vector It reconfigures to obtain the second solicited message；

Second solicited message can be one, be also possible to two or more.

In another embodiment, secret protection processing module 203 is also used to:

Another embodiment of the present invention proposes a kind of privacy information disposal plant, including processor and computer-readable deposits Storage media is stored with instruction in the computer readable storage medium, when described instruction is executed by the processor, in realization State at least one of any privacy information method of disposal step.

Another embodiment of the present invention proposes a kind of computer readable storage medium, is stored thereon with computer program, The computer program realizes at least one of any of the above-described kind of privacy information method of disposal step when being executed by processor.

Referring to fig. 2, another embodiment of the present invention proposes a kind of privacy information disposal system, comprising:

Secret protection processing module 203, for the first privacy using the Privacy preserving algorithms to the first solicited message Information vector carries out secret protection and handles to obtain the second privacy information vector；According to the second request of the second privacy information vector building Information；Wherein, the context of the second solicited message request is greater than or equal to the context of the first solicited message request；

Wherein, the building module 201, Privacy preserving algorithms selecting module 202 and secret protection processing module 203 are arranged In different equipment.

Information generator is reluctant that other people know；

Other people know in inconvenience；

Wherein, application scenarios include but is not limited to any of the following: shared scene, inquiry scene, payment scene.It is above-mentioned to answer With the sequence of the secret protection degree of scene are as follows: payment scene>shared scene>inquiry scene<.

Wherein, capacity of equipment includes but is not limited to: storage capacity, processing capacity, communication capacity (signal strength), electricity, It networks access module (mobile cellular network and Wi-Fi).The secret protection degree of above equipment ability sorts are as follows: and processing capacity > Communication capacity > networking access module > electricity > storage capacity.The assessed value of capacity of equipment is weighted assignment according to above content, It is summed by weight and is compared with threshold value.

Probability, comentropy, expectation, variance.

D=E { X-E (X)²}

Wherein, X is corresponding privacy information vector, and E is expectation.

Wherein, it obscures and refers to privacy information component progress Fuzzy processing, i.e., indicated by expansion privacy information component Range.For example, user requests the bus station near crossroad, then solicited message includes the location information of crossroad, first Preset range and bus station, the content of user's request include the public affairs in the first preset range centered on the position of crossroad Hand over station.It is possible to which the location information to crossroad carries out Fuzzy processing, i.e., the position of crossroad is expanded as one Region, to realize blurring protection.

Second solicited message can be one, be also possible to two or more.

In another embodiment, secret protection processing module 203 is also used to:

It will appreciated by the skilled person that whole or certain steps, system, dress in method disclosed hereinabove Functional module/unit in setting may be implemented as software, firmware, hardware and its combination appropriate.In hardware embodiment, Division between the functional module/unit referred in the above description not necessarily corresponds to the division of physical assemblies；For example, one Physical assemblies can have multiple functions or a function or step and can be executed by several physical assemblies cooperations.Certain groups Part or all components may be implemented as by processor, such as the software that digital signal processor or microprocessor execute, or by It is embodied as hardware, or is implemented as integrated circuit, such as specific integrated circuit.Such software can be distributed in computer-readable On medium, computer-readable medium may include computer storage medium (or non-transitory medium) and communication media (or temporarily Property medium).As known to a person of ordinary skill in the art, term computer storage medium is included in for storing information (such as Computer readable instructions, data structure, program module or other data) any method or technique in the volatibility implemented and non- Volatibility, removable and nonremovable medium.Computer storage medium include but is not limited to RAM, ROM, EEPROM, flash memory or its His memory technology, CD-ROM, digital versatile disc (DVD) or other optical disc storages, magnetic holder, tape, disk storage or other Magnetic memory apparatus or any other medium that can be used for storing desired information and can be accessed by a computer.This Outside, known to a person of ordinary skill in the art to be, communication media generally comprises computer readable instructions, data structure, program mould Other data in the modulated data signal of block or such as carrier wave or other transmission mechanisms etc, and may include any information Delivery media.

Although embodiment disclosed by the embodiment of the present invention is as above, only the present invention is real for ease of understanding for the content The embodiment applying example and using is not intended to limit the invention embodiment.Skill in any fields of the embodiment of the present invention Art personnel can be in the form and details of implementation under the premise of not departing from spirit and scope disclosed by the embodiment of the present invention It is upper to carry out any modification and variation, but the scope of patent protection of the embodiment of the present invention, it still must be with appended claims institute Subject to the range defined.

Claims

At least one 1. a kind of privacy information method of disposal, include the following steps:

Construct the corresponding first private attribute vector of the first privacy information vector sum of the first solicited message；

The privacy of the first privacy information vector is selected to protect according to the application scenarios of the first solicited message and the first private attribute vector Protect algorithm；

Secret protection is carried out using first privacy information vector of the Privacy preserving algorithms to the first solicited message to handle to obtain Second privacy information vector；The second solicited message is constructed according to the second privacy information vector；Wherein, the second solicited message is requested Context is greater than or equal to the context of the first solicited message request.
2. privacy information method of disposal according to claim 1, which is characterized in that this method further include:

Receive the content of the second solicited message request；

The content that first solicited message is requested is filtered out from the content that second solicited message is requested.
3. privacy information method of disposal according to claim 1 or 2, which is characterized in that the first private attribute of the building Vector includes:

The weight of the privacy information component of the first privacy information vector is determined according to the application scenarios of first solicited message Want degree；

Corresponding first private attribute vector is determined according to the significance level of the privacy information component of the first privacy information vector Private attribute component.
4. privacy information method of disposal according to claim 3, which is characterized in that the answering according to the first solicited message The significance level for determining the privacy information component of the first privacy information vector with scene includes:

In the first corresponding relationship between pre-set application scenarios, privacy information component and significance level, described in lookup The corresponding significance level of privacy information component of the application scenarios of first solicited message, the first privacy information vector.
5. privacy information method of disposal according to claim 3, which is characterized in that described according to the first privacy information vector The significance level of privacy information component determine that the private attribute component of corresponding first private attribute vector includes:

Second between the significance level of pre-set privacy information component and the secret protection degree of private attribute component In corresponding relationship, the corresponding private attribute component of significance level of the privacy information component of the first privacy information vector is searched Secret protection degree.
6. privacy information method of disposal according to claim 1 or 2, which is characterized in that described according to the first solicited message Application scenarios and the first private attribute vector select the first privacy information vector Privacy preserving algorithms include:

In third corresponding relationship between pre-set application scenarios, private attribute component and Privacy preserving algorithms, search The privacy information component of the application scenarios of first solicited message and the first privacy information vector corresponding described first The corresponding Privacy preserving algorithms of private attribute component of private attribute vector；

Complexity is selected to match with capacity of equipment from the Privacy preserving algorithms found, and security effectiveness analysis result meets Privacy preserving algorithms of the Privacy preserving algorithms of preset condition as the privacy information component of the first privacy information vector；

It is described that secret protection processing is carried out using first privacy information vector of the Privacy preserving algorithms to the first solicited message Obtaining the second privacy information vector includes:

Using the first privacy information vector privacy information component Privacy preserving algorithms to first privacy information to The privacy information component of amount carries out secret protection and handles to obtain the privacy information component of the second privacy information vector.
7. the privacy information method of disposal according to requiring 1 or 2, which is characterized in that described according to the second privacy information vector Constructing the second solicited message includes:

By the corresponding privacy information of range some or all of indicated by the privacy information component of the second privacy information vector It reconfigures to obtain second solicited message；

Alternatively, by the corresponding privacy of range some or all of indicated by the privacy information component of the second privacy information vector Non- privacy information in information and first solicited message reconfigures to obtain second solicited message.
At least one 8. a kind of privacy information disposal plant, comprise the following modules:

Module is constructed, for constructing the corresponding first private attribute vector of the first privacy information vector sum of the first solicited message；

Privacy preserving algorithms selecting module, for according to the application scenarios of the first solicited message and the selection of the first private attribute vector The Privacy preserving algorithms of first privacy information vector；

Secret protection processing module, for the first privacy information vector using the Privacy preserving algorithms to the first solicited message Secret protection is carried out to handle to obtain the second privacy information vector；The second solicited message is constructed according to the second privacy information vector；Its In, the context of the second solicited message request is greater than or equal to the context of the first solicited message request.
9. a kind of privacy information disposal plant, including processor and computer readable storage medium, the computer-readable storage Instruction is stored in medium, which is characterized in that when described instruction is executed by the processor, realize such as claim 1~7 times At least one of privacy information method of disposal described in one step.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program At least one of privacy information method of disposal as described in any one of claims 1 to 7 step is realized when being executed by processor.
11. a kind of privacy information disposal system, comprising:

Module is constructed, for constructing the corresponding first private attribute vector of the first privacy information vector sum of the first solicited message；

Privacy preserving algorithms selecting module, for according to the application scenarios of the first solicited message and the selection of the first private attribute vector The Privacy preserving algorithms of first privacy information vector；

Secret protection processing module, for the first privacy information vector using the Privacy preserving algorithms to the first solicited message Secret protection is carried out to handle to obtain the second privacy information vector；The second solicited message is constructed according to the second privacy information vector；Its In, the context of the second solicited message request is greater than or equal to the context of the first solicited message request；

Wherein, different equipment is arranged in building module, Privacy preserving algorithms selecting module and the secret protection processing module In.