CN109583227B

CN109583227B - Privacy information protection method, device and system

Info

Publication number: CN109583227B
Application number: CN201811272603.1A
Authority: CN
Inventors: 李凤华; 牛犇; 李晖; 谢绒娜; 李维皓; 朱辉
Original assignee: Xidian University; Institute of Information Engineering of CAS
Current assignee: Xidian University; Institute of Information Engineering of CAS
Priority date: 2018-10-30
Filing date: 2018-10-30
Publication date: 2020-08-07
Anticipated expiration: 2038-10-30
Also published as: CN109583227A

Abstract

The embodiment of the invention discloses a method, a device and a system for protecting privacy information, wherein the method for protecting the privacy information comprises the following steps: acquiring the privacy information characteristics of the privacy information; a privacy protection scheme is determined based on at least one of the scene information and the privacy information characteristics, and at least one of the privacy protection scheme and a privacy protection algorithm in the privacy protection scheme is evaluated. According to the embodiment of the invention, a normalization framework of a privacy protection algorithm and a privacy protection scheme is determined according to the privacy information characteristics and the scene information, and the privacy protection algorithm and the privacy protection scheme which are suitable for specific application scenes and privacy information are designed; according to the evaluation results of the privacy protection algorithm and the privacy protection scheme, the privacy protection algorithm and the privacy protection scheme which are suitable for specific application scenes and privacy information and meet privacy protection requirements are designed in an iteration mode of the privacy protection algorithm and the privacy protection scheme, and the design, implementation and evaluation efficiency is improved.

Description

Privacy information protection method, device and system

Technical Field

The present invention relates to, but not limited to, the field of information technologies, and in particular, to a method, an apparatus, and a system for protecting private information.

Background

With the continuous and rapid development of information technology and network technology, the wide popularization of related applications and the continuous evolution of personalized services, a large-scale internet company accumulates massive data in the process of providing services, the frequent cross-border, cross-system and cross-ecological-circle interaction of the data becomes a normal state, privacy information is intentionally or unintentionally reserved in different information systems, and the accumulated data contains a large amount of user privacy information. The user can enjoy the convenience of work, life, study and the like, and the data of the user faces the leakage risk in the processes of data collection, sharing, storage, analysis and the like, thereby seriously threatening the privacy and safety of the user.

The existing privacy information protection scheme only protects specific scenes and specific data, but because the types of privacy information are various and the privacy protection requirements are different, the protection capability of privacy algorithms is different, and an effective guiding principle is lacked when a specific privacy protection algorithm is designed; different privacy protection requirements under different application scenes lead to the need of developing the same or similar algorithms for multiple times, thereby reducing the reusability of codes and increasing the development workload and cost; the algorithm parameters are manually selected by developers according to requirements, and the mechanism for automatically solving the optimal parameters is lacked, so that the effect of the algorithm is influenced.

Disclosure of Invention

The embodiment of the invention provides a privacy information protection method, a device and a system, which can design a privacy protection algorithm and a privacy protection scheme which are suitable for a specific application scene and privacy information and meet privacy protection requirements, and improve the efficiency of design, implementation and evaluation.

The embodiment of the invention provides a privacy information protection method, which comprises at least one of the following steps:

acquiring the privacy information characteristics of the privacy information;

a privacy protection scheme is determined based on at least one of the context information and the privacy information characteristics.

In the embodiment of the present invention, the method further includes:

evaluating at least one of the privacy protection scheme and a privacy protection algorithm in the privacy protection scheme.

In an embodiment of the present invention, the evaluating the privacy protecting scheme includes at least one of:

evaluating the privacy protection effect of the privacy protection scheme;

evaluating the complexity of the privacy protection scheme;

the evaluating a privacy protection algorithm in a privacy protection scheme comprises at least one of:

evaluating the privacy protection effect of a privacy protection algorithm in the privacy protection scheme;

the complexity of a privacy protection algorithm in a privacy protection scheme is evaluated.

In this embodiment of the present invention, the evaluating the privacy protection effect of the privacy protection algorithm in the privacy protection scheme includes:

calculating a privacy protection effect value of the privacy protection algorithm;

when the privacy protection effect value of the privacy protection algorithm is larger than or equal to the expected privacy protection effect value in the requirement of the privacy protection algorithm, judging that the privacy protection algorithm is evaluated through the privacy protection effect of the privacy protection algorithm;

and when the privacy protection effect value of the privacy protection algorithm is smaller than the expected privacy protection effect value in the requirement of the privacy protection algorithm, judging that the privacy protection algorithm does not pass the privacy protection effect evaluation of the privacy protection algorithm.

In an embodiment of the present invention, the privacy protection effect value of the privacy protection algorithm includes any combination of one or more of the following:

the deviation amount between the privacy information processed by the privacy protection algorithm and the privacy information before processing, the loss ratio between the privacy information processed by the privacy protection algorithm and the privacy information before processing, and the probability of the attacker deducing the privacy information before processing by the privacy protection algorithm.

In an embodiment of the present invention, the complexity of the privacy protection algorithm includes any combination of one or more of the following: temporal complexity, spatial complexity;

the evaluating the complexity of the privacy protection algorithm in the privacy protection scheme may include any combination of one or more of the following:

evaluating the time complexity of the privacy protection algorithm;

evaluating the spatial complexity of the privacy preserving algorithm.

In this embodiment of the present invention, the evaluating the time complexity of the privacy protection algorithm includes:

judging whether the running speed of the privacy protection algorithm meets the lowest running speed in the requirements of the privacy protection algorithm;

when the running speed of the privacy protection algorithm is greater than or equal to the lowest running speed in the requirements of the privacy protection algorithm, judging that the privacy protection algorithm passes the time complexity evaluation of the privacy protection algorithm;

and when the running speed of the privacy protection algorithm is lower than the lowest running speed in the requirements of the privacy protection algorithm, judging that the privacy protection algorithm does not pass the time complexity evaluation of the privacy protection algorithm.

In an embodiment of the present invention, the evaluating the spatial complexity of the privacy protection algorithm includes any combination of one or more of the following:

judging whether the software resources occupied by the operation of the privacy protection algorithm meet the software resources required in the requirements of the privacy protection algorithm;

when the software resources occupied by the operation of the privacy protection algorithm are less than or equal to the required software resources in the requirement of the privacy protection algorithm, judging that the privacy protection algorithm passes the software resource evaluation in the space complexity evaluation of the privacy protection algorithm;

when the software resources occupied by the operation of the privacy protection algorithm are larger than the required software resources in the demand of the privacy protection algorithm, judging that the privacy protection algorithm does not pass the software resource evaluation in the space complexity evaluation of the privacy protection algorithm;

judging whether the hardware resources occupied by the operation of the privacy protection algorithm meet the hardware resources required in the requirement of the privacy protection algorithm;

when the hardware resources occupied by the operation of the privacy protection algorithm are less than or equal to the required hardware resources in the requirements of the privacy protection algorithm, judging that the privacy protection algorithm passes the hardware resource evaluation in the space complexity evaluation of the privacy protection algorithm;

and when the hardware resources occupied by the operation of the privacy protection algorithm are larger than the hardware resources in the demand of the privacy protection algorithm, judging that the privacy protection algorithm does not pass the hardware resource evaluation in the space complexity evaluation of the privacy protection algorithm.

In this embodiment of the present invention, the evaluating the privacy protection effect of the privacy protection scheme includes:

calculating a privacy protection effect value of the privacy protection scheme;

when the privacy protection effect value of the privacy protection scheme is greater than or equal to the privacy protection effect expected value in the privacy protection requirement, judging that the privacy protection scheme passes the privacy protection effect evaluation of the privacy protection scheme;

and when the privacy protection effect value of the privacy protection scheme is smaller than the expected privacy protection effect value in the privacy protection scheme requirement, judging that the privacy protection scheme does not pass the privacy protection effect evaluation of the privacy protection algorithm.

In the embodiment of the present invention, the privacy protection effect value of the privacy protection scheme includes any combination of one or more of the following:

the deviation amount between the privacy information processed by the privacy protection scheme and the privacy information before processing, the loss ratio between the privacy information processed by the privacy protection scheme and the privacy information before processing, and the probability of the attacker deducing the privacy information before processing by the privacy protection scheme.

In an embodiment of the present invention, the complexity of the privacy protection scheme includes any combination of one or more of the following: temporal complexity, spatial complexity;

the evaluating the complexity of the privacy preserving scheme may include any combination of one or more of:

evaluating a temporal complexity of the privacy protection scheme;

evaluating a spatial complexity of the privacy preserving scheme.

In this embodiment of the present invention, the evaluating the time complexity of the privacy protecting scheme includes:

judging whether the running speed of the privacy protection scheme meets the lowest running speed in the privacy protection requirements or not;

when the running speed of the privacy protection scheme is greater than or equal to the lowest running speed in the privacy protection requirements, judging that the privacy protection scheme passes the time complexity evaluation of the privacy protection scheme;

and when the running speed of the privacy protection scheme is less than the lowest running speed in the privacy protection requirements, judging that the privacy protection scheme does not pass the time complexity evaluation of the privacy protection scheme.

In an embodiment of the present invention, the evaluating the spatial complexity of the privacy protecting scheme includes any combination of one or more of the following:

judging whether the software resources occupied by the operation of the privacy protection scheme meet the software resources required in the privacy protection requirement;

when the software resources occupied by the operation of the privacy protection scheme are less than or equal to the required software resources in the privacy protection requirement, judging that the privacy protection scheme passes the software resource evaluation in the space complexity evaluation of the privacy protection scheme;

when the software resources occupied by the operation of the privacy protection scheme are larger than the required software resources in the privacy protection requirement, judging that the privacy protection scheme does not pass the software resource evaluation in the space complexity evaluation of the privacy protection scheme;

judging whether the hardware resources occupied by the operation of the privacy protection scheme meet the hardware resources required in the privacy protection requirement;

when the hardware resources occupied by the operation of the privacy protection scheme are less than or equal to the required hardware resources in the privacy protection requirement, judging that the privacy protection scheme passes the hardware resource evaluation in the space complexity evaluation of the privacy protection scheme;

and when the hardware resources occupied by the operation of the privacy protection scheme are greater than the hardware resources in the privacy protection requirement, judging that the privacy protection scheme does not pass the hardware resource evaluation in the space complexity evaluation of the privacy protection scheme.

In an embodiment of the present invention, the determining the privacy protection scheme according to at least one of the scene information and the privacy information characteristics includes one or more of the following steps in any combination:

generating a privacy protection requirement according to at least one of the scene information and the privacy information characteristics;

determining the requirement of a privacy protection algorithm according to one or more of the scene information, the privacy information characteristics and the privacy protection requirement in any combination;

determining at least one of the following according to any combination of one or more of scene information, privacy information characteristics, privacy protection requirements, and requirements of privacy protection algorithms: the type of the privacy protection algorithm and the theoretical basis of the privacy protection algorithm;

giving a privacy protection algorithm step and a combination relation between the privacy protection algorithm steps according to any combination of one or more of scene information, privacy information characteristics, privacy protection requirements, requirements of a privacy protection algorithm, types of the privacy protection algorithm and a theoretical basis of the privacy protection algorithm;

selecting parameters of a privacy protection algorithm according to any combination of one or more of scene information, privacy protection requirements, requirements of the privacy protection algorithm and steps of the privacy protection algorithm;

combining the privacy protection algorithm steps and the parameters of the privacy protection algorithm according to the combination relationship among the privacy protection algorithm steps to generate a privacy protection algorithm;

determining a combination scheme of a privacy protection algorithm according to any combination of one or more of scene information, privacy information characteristics, privacy protection requirements and privacy protection algorithms;

and combining the privacy protection algorithms according to the combination scheme of the privacy protection algorithms to generate a privacy protection scheme.

In the embodiment of the present invention, the method further includes:

evaluating at least one of the privacy protection scheme and a privacy protection algorithm in the privacy protection scheme, performing at least one of:

when the privacy protection algorithm fails to be evaluated, modifying any combination of one or more of the steps of the privacy protection algorithm, the combination relationship among the steps of the privacy protection algorithm and the parameters of the privacy protection algorithm according to the evaluation result, and continuously executing the step of combining the steps of the privacy protection algorithm and the parameters of the privacy protection algorithm according to the combination relationship among the steps of the privacy protection algorithm to generate the privacy protection algorithm;

when the privacy protection algorithm passes the evaluation and the privacy protection scheme does not pass the evaluation, modifying the privacy protection algorithm combination scheme, and continuing to execute the step of combining the privacy protection algorithms according to the privacy protection algorithm combination scheme to generate the privacy protection scheme;

when the privacy protection algorithm passes the evaluation, but the new privacy protection scheme does not pass the evaluation after the privacy protection algorithm combination scheme is modified for multiple times, the step of modifying the privacy protection algorithm, the combination relationship among the steps of the privacy protection algorithm and any combination of one or more of the parameters of the privacy protection algorithm are modified, the step of combining the steps of the privacy protection algorithm and the parameters of the privacy protection algorithm according to the combination relationship among the steps of the privacy protection algorithm to generate the privacy protection algorithm is continuously executed, then the privacy protection algorithm combination scheme is modified, and the step of combining the privacy protection algorithm according to the combination scheme of the privacy protection algorithm to generate the privacy protection scheme is continuously executed.

In an embodiment of the present invention, the privacy protection requirement includes any combination of one or more of the following:

the method comprises the following steps of obtaining a privacy protection effect expected value of a privacy protection scheme, performance requirements of the privacy protection scheme, privacy operation, constraint conditions, and corresponding relations between the privacy operation and the constraint conditions;

the constraint condition is used for describing a condition which needs to be met when the privacy operation is carried out, and comprises the following steps: operation entity attribute and operation environment;

the operating environment includes: time, spatial location, network, device.

In embodiments of the present invention, the performance requirements of the privacy preserving scheme are not limited to any combination including one or more of the following:

environment of operation, minimum operating speed, required software resources, required hardware resources.

In an embodiment of the present invention, the requirement of the privacy protection algorithm includes at least one of: the expected value and the performance requirement of the privacy protection effect of the privacy protection algorithm;

the performance requirements of the privacy protection algorithm are not limited to any combination including one or more of the following:

In an embodiment of the present invention, the type of privacy preserving algorithm comprises any combination of one or more of the following:

a cryptography-based privacy protection algorithm, a scrambling-based privacy protection algorithm, a confusion-based privacy protection algorithm, a generalization-based privacy protection algorithm, an access control-based privacy protection algorithm.

In an embodiment of the present invention, the theoretical basis of the privacy protection algorithm includes any combination of one or more of the following:

the method comprises a privacy protection technology based on cryptography, a privacy protection technology based on probability and a privacy protection technology based on game.

In embodiments of the present invention, the privacy preserving algorithm step is not limited to any combination including one or more of the following:

the method comprises the following steps of S change, P replacement, key expansion, initialization, memory setting, a linear feedback shift register, a nonlinear feedback shift register, determining disturbing granularity, adding noise, setting information weight, screening confusion information meeting conditions, selecting the confusion information, combining real information to form request information, determining fuzzy granularity, setting fuzzy range and constructing the request information.

In an embodiment of the present invention, the parameters of the privacy protection algorithm include any combination of one or more of the following:

key length, anonymous set size, privacy budget, sensitivity, skewness, packet length, encryption round number, S-box, polynomial parameters, MDS codes, P substitution tables.

In an embodiment of the invention, the privacy information feature comprises any combination of one or more of the following:

the method comprises the steps of determining the type of the privacy information, the content of the privacy information, the data value range, the data distribution characteristics, the sensitivity of the privacy information, the executable privacy operation, the expected value of the number of the privacy operation and the social experience value of the privacy operation result.

In the embodiment of the invention, the sensitivity of the privacy information is a value for measuring the information sensitivity degree, and is obtained by calculating any combination of one or more of probability, mathematical expectation and mathematical variance.

In an embodiment of the present invention, the executable privacy operation includes any combination of one or more of the following:

reading, writing, encrypting, blurring, generalizing, adding noise, anonymizing, signing, verifying a signature, calculating a summary, encrypting, saving, copying, pasting, forwarding, cutting, modifying and deleting.

In this embodiment of the present invention, the scene information includes any combination of one or more of the following:

time, spatial location, device capabilities, interaction object, interaction path, request type, service type.

The embodiment of the invention provides a privacy information protection device, which comprises at least one of the following modules:

the privacy information characteristic acquisition module is used for acquiring the privacy information characteristics of the privacy information;

and the privacy protection scheme decision module is used for determining the privacy protection scheme according to at least one of the scene information and the privacy information characteristics.

In the embodiment of the present invention, the method further includes:

and the privacy protection scheme evaluation module is used for evaluating at least one of the privacy protection scheme and a privacy protection algorithm in the privacy protection scheme.

The embodiment of the invention provides a privacy information protection device, which comprises a processor and a computer-readable storage medium, wherein instructions are stored in the computer-readable storage medium, and when the instructions are executed by the processor, any one of the privacy information protection methods is realized.

An embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of any one of the above-mentioned privacy information protection methods.

The embodiment of the invention provides a privacy information protection system, which comprises:

the privacy protection scheme decision module is used for determining a privacy protection scheme according to at least one of the scene information and the privacy information characteristics;

the privacy information characteristic acquisition module and the privacy protection scheme decision module are arranged on different devices.

In the embodiment of the present invention, the method further includes:

the privacy protection scheme evaluation module is used for evaluating at least one of the privacy protection scheme and a privacy protection algorithm in the privacy protection scheme;

at least two modules of the privacy protection scheme evaluation module, the privacy information characteristic acquisition module and the privacy protection scheme decision module are arranged on different devices.

The embodiment of the invention comprises the following steps: acquiring the privacy information characteristics of the privacy information; a privacy protection scheme is determined based on at least one of the context information and the privacy information characteristics. According to the embodiment of the invention, the privacy protection scheme is determined based on the privacy information characteristics and the scene information, so that the efficiency of designing, realizing and evaluating the privacy protection algorithm and the privacy protection scheme is improved.

In another embodiment of the invention, a safe and efficient privacy protection algorithm meeting specific application scenes and privacy information is designed through links such as preprocessing, privacy information characteristic acquisition, privacy protection algorithm type or theoretical basis determination, privacy protection algorithm step selection and design, privacy protection algorithm step combination relation determination and design, parameter design and the like. The preprocessing is mainly used for performing adaptive processing on the privacy information and the scene information in advance to ensure that a designed privacy protection algorithm meets specific privacy information and scene information; the type or theoretical basis of the privacy protection algorithm is mainly determined according to scene information, privacy information characteristics, privacy protection requirements and requirements of a privacy protection algorithm, and the designed privacy protection algorithm is ensured to provide privacy protection as required; the method improves the design efficiency and the privacy protection effect of the privacy protection algorithm by determining the type or theoretical basis of the privacy protection algorithm, the steps of the privacy protection algorithm, the combination of the steps of the privacy protection algorithm, the parameter design and other links; determining a privacy protection algorithm combination scheme according to the scene information, the privacy information characteristics and the privacy protection requirements, and combining the designed or selected privacy protection algorithms to generate a set of complete and systematized privacy protection schemes; the evaluation of the privacy protection scheme is used to evaluate the generated privacy protection algorithm and privacy protection scheme from privacy protection effect and performance.

According to the method and the device, the basic characteristics of the privacy protection algorithm are extracted according to the characteristics of the application scene and the privacy information and the privacy protection algorithm, the normalization framework of the privacy protection algorithm is determined, and the privacy protection algorithm suitable for the specific application scene and the privacy information is designed. Based on the method, the iterative design of the privacy protection algorithm and a general programming framework of the privacy protection algorithm are realized.

The embodiment of the invention provides a method for selecting the privacy protection algorithm according to the characteristics of the application scene and the privacy information, determining the combination scheme of the privacy protection algorithm, and combining one or more designed and/or selected privacy protection algorithms according to the combination scheme of the privacy protection algorithm to generate the privacy protection scheme. Based on this, a privacy protection scheme iterative design and a general programming framework of the privacy protection scheme are realized.

The embodiment of the invention provides a privacy protection algorithm which is suitable for specific privacy information and application scenes, meets the privacy protection requirements and improves the efficiency of algorithm design and implementation by determining the combination relation among the privacy protection algorithm steps and selecting and optimizing algorithm parameters in an algorithm iteration mode according to the evaluation result of the privacy protection algorithm.

The embodiment of the invention provides a privacy protection scheme which meets the privacy protection requirement and is designed by adjusting and modifying the privacy protection algorithm and the privacy protection algorithm combination scheme according to the privacy protection scheme evaluation result, and the efficiency of designing and realizing the privacy protection scheme is improved.

Additional features and advantages of embodiments of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of embodiments of the invention. The objectives and other advantages of the embodiments of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.

Drawings

The accompanying drawings are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the examples of the invention serve to explain the principles of the embodiments of the invention and not to limit the embodiments of the invention.

Fig. 1 is a flowchart of a method for protecting private information according to an embodiment of the present invention;

FIG. 2 is a flow diagram of a method of determining a privacy preserving scheme based on at least one of context information and privacy information characteristics according to an embodiment of the present invention;

fig. 3 is a schematic structural diagram of a privacy information protection apparatus according to another embodiment of the present invention;

fig. 4 is a schematic structural diagram of a privacy protection scheme decision module according to an embodiment of the present invention.

Detailed Description

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings. It should be noted that the embodiments and features of the embodiments of the present invention may be arbitrarily combined with each other without conflict.

The steps illustrated in the flow charts of the figures may be performed in a computer system such as a set of computer-executable instructions. Also, while a logical order is shown in the flow diagrams, in some cases, the steps shown or described may be performed in an order different than here.

Referring to fig. 1, an embodiment of the present invention provides a privacy protecting method, including at least one of the following steps:

and step 100, acquiring the privacy information characteristics of the privacy information.

In the embodiment of the invention, the information analysis and/or calculation can be carried out on the privacy information to obtain the privacy information characteristics in the privacy information. Specifically, the private information feature may be obtained by any combination of one or more of the following techniques:

semantic analysis technology, machine learning technology, deep learning technology, probability statistical method and information theory method.

In embodiments of the invention, the private information feature comprises any combination of one or more of:

The data distribution characteristics are used for measuring the statistical characteristics of the privacy information distribution and can be obtained by a probability statistical method.

The sensitivity of the private information is a value used to measure the sensitivity of the information, which may be calculated by any combination of one or more of probability, mathematical expectation, and mathematical variance.

The privacy operations that may be performed include any combination of one or more of the following:

Step 101, determining a privacy protection scheme according to at least one of the scene information and the privacy information characteristics.

In an embodiment of the present invention, referring to fig. 2, step 101 includes:

step 201, generating a privacy protection requirement according to at least one of the scene information and the privacy information characteristics.

In embodiments of the present invention, the context information includes, but is not limited to, any combination including one or more of the following:

The scenes belong to different application scenes, and can include any combination of one or more of the following: a sharing scenario, an inquiry scenario, a payment scenario. Different application scenarios have different scenario information.

In embodiments of the present invention, privacy preserving requirements include, but are not limited to, any combination including one or more of the following:

the expected value of the privacy protection effect of the privacy protection scheme is used for describing various expected values before and after the privacy information is processed by the privacy protection scheme, and comprises any combination of one or more of the following:

the expected value of the deviation amount between the privacy information processed by the privacy protection scheme and the privacy information before processing, the expected value of the loss ratio between the privacy information processed by the privacy protection scheme and the privacy information before processing, and the expected value of the probability of the privacy information before processing by the attacker guessing the privacy protection scheme;

the performance requirements of the privacy preserving scheme include, but are not limited to, any combination including one or more of the following:

the running environment, the lowest running speed, the required software resources and the required hardware resources;

constraints are used to describe conditions that need to be met to perform privacy operations, including but not limited to including: operation entity attribute and operation environment;

the operation entity attribute is an attribute of an entity performing privacy operation on privacy information, and includes but is not limited to: identity, role, relationship, address, mobile phone number, ID number, phone number, occupation.

The operating environment includes, but is not limited to including: time, spatial location, network, device;

the privacy protection requirement generation can be generated by adopting a manual input mode or according to a pre-designed rule, and the two modes are both in the protection scope of the embodiment of the invention.

The method for generating the privacy protection requirement according to the scene information and the privacy information features is characterized in that rules are designed in advance, and the rules can be described in a natural language and/or a formal language mode.

The pre-design rule may employ the following methods, but is not limited to the following methods: the scene information and/or privacy information features can be mapped directly through a chart or a set mode, or mapped through a function.

For example: mapping the service type in the scene information into a privacy protection effect expected value, for example, the service type is financial service, the related data sensitivity is higher, the privacy protection effect expected value is high, if the service type is searching restaurants or shopping malls around a certain position, the related data sensitivity is not high, and the privacy protection effect expected value is low; mapping the device or the device performance in the scene information into the performance requirement of the privacy protection scheme, such as required software resources, required hardware resources and operating environment; the privacy information type in the privacy information characteristics can be mapped into corresponding operation entity attributes, privacy operations and privacy operation constraint conditions, different types of privacy information such as texts, pictures, videos and the like can be subjected to different operations, and the operation entity attributes are also different;

the spatial position of the scene information can be mapped to corresponding operation entity attributes, privacy operations and privacy operation constraint conditions, for example, in an office environment, reading, writing and other operations can be performed, the identity in the operation entity attributes can meet certain conditions, and in an open environment such as an outside hotel, an airport and a train station, only reading operations are allowed, and the identity in the operation entity attributes must meet specific conditions.

Step 202, determining the requirement of the privacy protection algorithm according to one or more of the scene information, the privacy information characteristics and the privacy protection requirement in any combination.

In an embodiment of the invention, the requirements of the privacy preserving algorithm comprise at least one of:

the expected value of the privacy protection effect of the privacy protection algorithm and the performance requirement of the privacy protection algorithm.

The expected value of the privacy protection effect of the privacy protection algorithm is used for describing various expected values before and after the privacy information is processed by adopting the privacy protection algorithm, and the expected value of the privacy protection effect of the privacy protection algorithm comprises one or more of the following optional combinations:

the expected value of the deviation amount between the privacy information processed by the privacy protection algorithm and the privacy information before processing, the expected value of the loss ratio between the privacy information processed by the privacy protection algorithm and the privacy information before processing, and the expected value of the probability of the privacy information before processing by the attacker guessing the privacy protection algorithm are obtained;

the performance requirements of the privacy protection algorithm include, but are not limited to, any combination including one or more of the following:

The expected value of the privacy protection effect of the privacy protection algorithm and the performance requirement of the privacy protection algorithm can be determined by adopting a manual input mode or according to a pre-designed rule, and the two modes are both in the protection range of the embodiment of the invention.

The pre-designed rule is used for describing the performance requirement of the privacy protection algorithm determined according to the scene information, the privacy information characteristics and the privacy protection requirement.

The pre-design rule may employ the following methods, but is not limited to the following methods: the scene information, the privacy information characteristics and the privacy protection requirements can be directly mapped in a chart or set mode or mapped through functions.

In the embodiment of the invention, the expected value of the privacy protection effect of the privacy protection algorithm is determined according to any combination of one or more of the scene information, the privacy information characteristics and the privacy protection requirements, for example, the expected value of the privacy protection effect of the scene information, the privacy information characteristics and the privacy protection requirements is mapped to the expected value of the privacy protection effect of the privacy protection algorithm;

determining the performance requirement of the privacy protection algorithm according to any combination of one or more of the scene information, the privacy information characteristics and the privacy protection requirement, for example: if the scene information belongs to the server side, the privacy protection algorithm is required to be executed at a high speed, such as how many times per second the scene information is calculated, or how many bytes of data stream are processed. If the privacy protection algorithm is a signature algorithm, how many times of signature are required to be completed per second; if the scene information is terminal equipment, the environment of software and hardware resources is limited, and the privacy protection algorithm software and hardware resources can set limits; if the space for operation is limited in the privacy protection requirement, the operation environment of the privacy protection algorithm is also required correspondingly.

Step 203, determining at least one of the following according to any combination of one or more of the scene information, the privacy information characteristics, the privacy protection requirement and the privacy protection algorithm requirement: the type of privacy protection algorithm and the theoretical basis for the privacy protection algorithm.

In embodiments of the present invention, the types of privacy preserving algorithms include, but are not limited to, any combination including one or more of the following:

The theoretical basis of the privacy preserving algorithm includes, but is not limited to, any combination including one or more of the following:

The type of the privacy protection algorithm and the theoretical basis of the privacy protection algorithm can be determined by manual input or according to a pre-designed rule, and both the two modes are within the protection scope of the embodiment of the invention.

The pre-designed rule is used for describing the theoretical basis of determining the type of the privacy protection algorithm and the privacy protection algorithm according to the scene information, the privacy information characteristics, the privacy protection requirement and the performance requirement of the privacy protection algorithm.

The pre-design rule may employ the following methods, but is not limited to the following methods: scene information, privacy information characteristics, privacy protection requirements and requirements of a privacy protection algorithm can be directly mapped in a chart or set mode, a classification matching method or mapped through functions;

such as: determining the type of the privacy protection algorithm according to the privacy operation which can be carried out in the requirement of the privacy protection algorithm, wherein if the privacy operation is only confused, the privacy protection algorithm can only select the privacy protection algorithm based on the confusion; if the performance requirement of the privacy protection algorithm requires a relatively high running speed, the type of the privacy protection algorithm can only select the algorithm type meeting the running speed; if the expected value of the privacy protection effect of the privacy protection algorithm is higher, the privacy protection algorithm can only select the privacy protection algorithm based on cryptography;

the theoretical basis of the privacy protection algorithm can be selected according to the scene information, the characteristics of the privacy information, the privacy protection requirement and the performance requirement of the privacy protection algorithm, for example, the expected value of the privacy protection effect of the privacy protection algorithm is high, and the theoretical basis of the privacy protection algorithm needs to adopt a privacy protection technology based on cryptography; if the privacy operation is only anonymous, the theoretical basis of the privacy protection algorithm can only adopt the privacy protection technology based on probability.

And 204, giving a combination relation between the steps of the privacy protection algorithm and the steps of the privacy protection algorithm according to any combination of one or more of scene information, privacy information characteristics, privacy protection requirements, requirements of the privacy protection algorithm, types of the privacy protection algorithm and a theoretical basis of the privacy protection algorithm.

In the embodiment of the present invention, the step of determining the privacy protection algorithm may also be directly mapped or mapped by using a function according to any combination of one or more of scene information, privacy information characteristics, privacy protection requirements, requirements of the privacy protection algorithm, types of the privacy protection algorithm, and a theoretical basis of the privacy protection algorithm. For example, the step of the privacy protection algorithm is selected according to the type of the privacy protection algorithm and the theoretical basis of the privacy protection algorithm, if the theory of the privacy protection algorithm is a privacy protection technology based on cryptography, the type of the privacy protection algorithm is a privacy protection algorithm based on cryptography, only the step of the cryptographic algorithm can be selected, further the privacy operation is signature, and only the cryptographic module based on the signature algorithm can be selected in the step of the privacy protection algorithm; if the software hardware resources are limited in the performance requirements of the privacy protection algorithm, mainly selecting a lightweight cryptographic algorithm step;

the combination relation among the steps of the privacy protection algorithm is determined according to any combination of one or more of scene information, privacy information characteristics, privacy protection requirements, performance requirements of the privacy protection algorithm, types of the privacy protection algorithm and theoretical basis of the privacy protection algorithm, and the combination relation can also be directly mapped or mapped by adopting functions. If the steps of the selected algorithm have sequential logic and execution sequence, the original logic and execution sequence are ensured to be unchanged and executed; and if the steps of the selected algorithm do not have sequential logic and execution sequence, randomly sequencing the steps of the algorithm.

For example, in an obfuscation-based privacy preserving algorithm, k-1 anonymous locations are chosen to implement an obfuscation process on real information: dividing a map, calculating the query probability of each position unit in the map, comparing the query probabilities of the position units where users are located, selecting the position units with the probabilities meeting conditions, selecting the position units with the positions meeting requirements, and constructing request information. Wherein, if the steps 1-3 are in the order of logic and execution, the steps need to be kept unchanged, and if the steps 4 and 5 are in the order of no logic and execution, the steps 4 and 5 are randomly ordered.

Such as: the privacy protection algorithm adopts an SP structure in a block cipher algorithm, and all the privacy protection algorithm steps are combined according to the SP structure;

in an embodiment of the present invention, the privacy preserving algorithm step includes, but is not limited to, any combination including one or more of the following:

Step 205, selecting parameters of the privacy protection algorithm according to any combination of one or more of the scene information, the privacy protection requirement, the privacy protection algorithm requirement and the privacy protection algorithm step.

In the embodiment of the present invention, the parameters of the privacy protection algorithm include any combination of one or more of the following:

In the embodiment of the present invention, the parameters of the privacy protection algorithm selected according to any combination of one or more of the scene information, the privacy protection requirement, the privacy protection algorithm requirement, and the privacy protection algorithm step may be according to a pre-designed rule. The pre-designed rules may be mapped directly or via a function.

For example, a corresponding table between the running speed and the running software hardware resources and parameters can be formulated, if the running speed requirement of the privacy protection algorithm is high, the running software hardware environment of the algorithm is limited, the step parameters of the privacy protection algorithm can be selected to be small, the key length is short, and the number of encryption rounds is small; if the expected value of the privacy protection effect of the privacy protection algorithm in the scene information is higher, the parameter selection is larger, the key length is longer, and the number of encryption rounds is larger; for example, a corresponding table between the security requirements of the privacy protection algorithm and the parameters is set, and the parameters are selected according to the corresponding table.

And 206, combining the privacy protection algorithm steps and the parameters of the privacy protection algorithm according to the combination relationship among the privacy protection algorithm steps to generate the privacy protection algorithm.

And step 207, determining a combination scheme of the privacy protection algorithm according to any combination of one or more of the scene information, the privacy information characteristics, the privacy protection requirements and the privacy protection algorithm.

In the embodiment of the invention, the combination scheme of the privacy protection algorithm is determined according to any combination of one or more of the scene information, the privacy information characteristics, the privacy protection requirements and the privacy protection algorithm, and a pre-designed rule can be adopted, and the pre-designed rule can be directly mapped or mapped through a function.

For example, a corresponding table of the expected value of the privacy protection effect in the privacy protection requirement, the type of the privacy protection algorithm and the combination scheme of the privacy protection algorithm is formulated, and the corresponding combination scheme of the privacy protection algorithm and the privacy protection algorithm is selected according to the type of the privacy protection algorithm; for example, a corresponding table of privacy information characteristics and privacy protection algorithm types is formulated, a privacy protection algorithm is selected according to the privacy information characteristics, a privacy protection algorithm combination scheme is determined according to input privacy information, for example, the privacy information type is a text, the number 1 privacy protection algorithm is selected, if the privacy information type is an image, the number 2 privacy protection algorithm is selected, the corresponding privacy protection algorithm is selected according to the input privacy information, and then the privacy protection scheme is determined. For example, the privacy protection algorithm is one, different privacy protection effect expected values adopt different combination modes, a corresponding table of the privacy protection effect expected value and the combination scheme is formulated, and different combination schemes are selected according to the different expected values, such as an authentication encryption authentication combination scheme, an input feedback combination scheme and the like.

And 208, combining the privacy protection algorithms according to the combination scheme of the privacy protection algorithms to generate a privacy protection scheme.

In another embodiment of the present invention, the method for protecting private information further includes:

and 102, evaluating at least one of the generated privacy protection scheme and a privacy protection algorithm in the privacy protection scheme.

In an embodiment of the present invention, evaluating the generated privacy preserving scheme includes at least one of:

evaluating the privacy protection effect of the privacy protection scheme;

evaluating the complexity of the privacy protection scheme;

evaluating a privacy protection algorithm in a privacy protection scheme includes at least one of:

Wherein, evaluating the privacy protection effect of the privacy protection algorithm in the privacy protection scheme comprises:

calculating a privacy protection effect value of a privacy protection algorithm;

Wherein the privacy preserving effect value includes, but is not limited to, any combination including one or more of the following:

the deviation amount between the privacy information processed by the privacy protection algorithm and the privacy information before processing, the loss ratio between the privacy information processed by the privacy protection algorithm and the privacy information before processing, and the probability of the attacker for estimating the privacy information before processing.

Wherein the complexity of the privacy protection algorithm comprises any combination of one or more of: temporal complexity, spatial complexity.

Evaluating the complexity of the privacy protection algorithm in the privacy protection scheme includes any combination of one or more of:

evaluating the time complexity of the privacy protection algorithm;

evaluating the spatial complexity of the privacy preserving algorithm.

Wherein the evaluating the temporal complexity of the privacy preserving algorithm comprises:

Wherein evaluating the privacy protection effect of the privacy protection scheme comprises:

calculating a privacy protection effect value of the privacy protection scheme;

Wherein the privacy protection effect value of the privacy protection scheme includes, but is not limited to, any combination including one or more of the following:

the deviation amount between the privacy information processed by the privacy protection scheme and the privacy information before processing, the loss ratio between the privacy information processed by the privacy protection scheme and the privacy information before processing, and the probability of the attacker for estimating the privacy information before processing.

Wherein the complexity of the privacy preserving scheme comprises any combination of one or more of: temporal complexity, spatial complexity;

evaluating a temporal complexity of the privacy protection scheme;

evaluating a spatial complexity of the privacy preserving scheme.

Wherein the evaluating the temporal complexity of the privacy preserving scheme comprises:

and when the running speed of the privacy protection scheme is lower than the running speed in the privacy protection requirement, judging that the privacy protection scheme does not pass the time complexity evaluation of the privacy protection scheme.

Wherein the evaluating the spatial complexity of the privacy preserving scheme comprises any combination of one or more of:

In another embodiment of the present invention, the method further comprises:

when the privacy protection algorithm does not pass the evaluation, one or more of the iterative privacy protection algorithm step, the combination relationship among the privacy protection algorithm steps and the parameters of the privacy protection algorithm are continuously modified according to the evaluation result, the step of combining the privacy protection algorithm steps and the parameters of the privacy protection algorithm according to the combination relationship among the privacy protection algorithm steps to generate the privacy protection algorithm is continuously executed, and then the new privacy protection algorithm is evaluated until the new privacy protection algorithm passes the evaluation of the privacy protection algorithm.

How the privacy-preserving algorithm performs the continuous modification iteration is described below by way of specific examples, but is not limited to the following cases. Such as: the evaluation result of the privacy protection algorithm does not pass the complexity evaluation of the privacy protection algorithm, the privacy protection effect evaluation is passed, a new privacy protection algorithm can be generated by simply modifying the parameters of the privacy protection algorithm and/or the combination relationship among the privacy protection steps, then the newly generated privacy protection algorithm is evaluated, and if the evaluation result shows that both the privacy protection effect and the privacy protection algorithm complexity pass the evaluation, the privacy protection algorithm design is ended;

if the evaluation result of the privacy protection algorithm shows that the evaluation does not pass the privacy protection effect evaluation, but passes the complexity evaluation of the privacy protection algorithm, a new privacy protection algorithm is generated by simply modifying the parameters of the privacy protection algorithm and/or the combination relationship among the privacy protection steps, and then the newly generated privacy protection algorithm is evaluated, if the evaluation result of the privacy protection effect of the new privacy protection algorithm shows that the evaluation does not pass the privacy protection effect evaluation yet. Selecting a new privacy protection algorithm step, a combination relation among the privacy protection algorithm steps and parameters of the privacy protection algorithm according to the type of the privacy protection algorithm and the theoretical basis of the privacy protection algorithm, regenerating the new privacy protection algorithm and evaluating the new privacy protection algorithm, and finishing the design of the privacy protection algorithm if the evaluation result shows that the privacy protection effect and the complexity of the privacy protection algorithm pass the evaluation;

if the evaluation result of the privacy protection algorithm shows that the privacy protection effect and the complexity of the privacy protection algorithm do not pass the evaluation, selecting a new privacy protection algorithm step, a combination relation among the privacy protection algorithm steps and privacy protection algorithm parameters according to the type of the privacy protection algorithm and the theoretical basis of the privacy protection algorithm, regenerating a new privacy protection algorithm and evaluating the new privacy protection algorithm, and if the evaluation result shows that the privacy protection effect and the complexity of the privacy protection algorithm pass the evaluation, finishing the design of the privacy protection algorithm.

When the privacy protection algorithm passes the evaluation and the privacy protection scheme does not pass the evaluation, modifying the privacy protection algorithm combination scheme, continuing to execute the step of combining the privacy protection algorithm according to the privacy protection algorithm combination scheme to generate the privacy protection scheme, and evaluating the generated new privacy protection scheme until the newly generated privacy protection scheme passes the evaluation of the privacy protection scheme;

when the privacy protection algorithm has passed the evaluation, but by modifying the privacy protection algorithm combination scheme multiple times, the new privacy protection scheme still fails the evaluation, or modifying any combination of one or more of the steps of the privacy protection algorithm, the combination relationship among the steps of the privacy protection algorithm and the parameters of the privacy protection algorithm, continuing to execute the step of combining the steps of the privacy protection algorithm and the parameters of the privacy protection algorithm according to the combination relationship among the steps of the privacy protection algorithm to generate the privacy protection algorithm, and optimizing various indexes of the privacy protection algorithm, modifying the combination scheme of the privacy protection algorithm, and continuing executing the step of combining the privacy protection algorithm according to the combination scheme of the privacy protection algorithm to generate the privacy protection scheme, so that the new privacy protection scheme passes through the evaluation of the privacy protection scheme.

Examples of the invention

And step 300, acquiring the privacy information characteristics of the privacy information.

In this step, for example, when the user requests a location-based service, the user inputs a request "find restaurants within one kilometer of the surroundings", and obtains the privacy information features by using a semantic analysis technique.

The privacy information type in the privacy information characteristics is text type privacy request data, and the privacy information content comprises: user identity, timestamp, location information, query content.

Step 301, generating a privacy protection requirement according to at least one of the scene information and the privacy information characteristics.

In this step, the context information is the request service information based on the location service context.

In this step, the privacy protection effect requirement of the privacy protection scheme in the privacy protection requirement is that the query probability of each selected location unit is the same as the query probability of the current location of the user.

Step 302, determining the requirement of the privacy protection algorithm according to one or more of the scene information, the privacy information characteristics and the privacy protection requirement in any combination.

In the step, according to the scene information, the privacy information characteristics and the privacy protection requirement, the environment in the performance requirement of the privacy protection algorithm is determined to be a wireless mobile network, the software resource is a Baidu/Google map, and the hardware resource is a mobile intelligent terminal (with positioning and navigation functions).

Step 303, determining at least one of the following according to any combination of one or more of the scene information, the privacy information characteristics, the privacy protection requirements, and the requirements of the privacy protection algorithm: the type of privacy protection algorithm and the theoretical basis for the privacy protection algorithm.

In this step, the privacy protection algorithm for the privacy information is determined to be a privacy protection algorithm based on confusion.

Step 304, giving a combination relation between the steps of the privacy protection algorithm and the steps of the privacy protection algorithm according to any combination of one or more of scene information, privacy information characteristics, privacy protection requirements, requirements of the privacy protection algorithm, types of the privacy protection algorithm and a theoretical basis of the privacy protection algorithm;

in this step, the selection steps are as follows:

1. the map is divided.

2. Calculating to obtain the historical query probability of each position information of the map;

3. comparing the query probability with the query probability of the current position information of the user, and selecting the position information with the same query probability as anonymous position information;

4. calculating the distance between the anonymous position information selected in the step 3, and selecting the position information of which the distance from k-1 to the user position is greater than D, wherein D is a numerical value to limit the length of the distance;

5. and randomly selecting l-1 pseudo query contents as the query contents of each piece of position information.

6. And constructing request information, and sending k-1 pieces of anonymous position information, l-1 pieces of pseudo query content, user real position information and query content to a service provider.

The k anonymity and l diversity privacy protection algorithm adopts a privacy protection technology based on probability, namely, the probability of the position information can be obtained through two methods, the first method is to set an access point and periodically collect the number of the sent information on the position, and the second method is to directly obtain the number of the sent position information from a third party through an Application Programming Interface (API) of a Google map. Obtaining the information sending number of the area in a period of time by any one of the methods, calculating the probability of obtaining the required position information by the ratio, and obtaining the position loc in the map_iThe probability of (c) is calculated as follows:

where M is the number of information transmissions to obtain a map in which the location loc_iThe number of information transmissions of (1) is m_i。

Step 305, selecting parameters of the privacy protection algorithm according to any combination of one or more of the scene information, the privacy protection requirement, the privacy protection algorithm performance requirement and the privacy protection algorithm step.

In this step, the parameter matching function respectively defines ranges for the parameters k and l, where the value range of k in the privacy protection algorithm for k anonymity and l diversity is [5,50], and the value range of l is [2,20 ].

And 306, combining the privacy protection algorithm steps and the parameters of the privacy protection algorithm according to the combination relationship among the privacy protection algorithm steps to generate the privacy protection algorithm.

In this example, the k-anonymous privacy preserving algorithm and the l-diversity privacy preserving algorithm are generated by steps 301-306.

And 307, determining a combination scheme of the privacy protection algorithm according to any combination of one or more of the scene information, the privacy information characteristics, the privacy protection requirements and the privacy protection algorithm.

And 308, combining the privacy protection algorithms according to the combination scheme of the privacy protection algorithms to generate a privacy protection scheme.

In this example, a k-anonymous privacy protection algorithm and an l-diversified privacy protection algorithm are combined, the k-anonymous privacy protection algorithm is used to protect the location privacy of the user, and the l-diversified privacy protection algorithm is used to protect the query content privacy of the user.

Step 309, evaluating the generated privacy protection algorithm and privacy protection scheme.

In this step, evaluating the privacy protection algorithm includes: and evaluating the privacy protection effect of the privacy protection algorithm and the complexity of the privacy protection algorithm.

The privacy protection effect of the privacy protection algorithm is evaluated by the probability that an attacker guesses the privacy information before the privacy protection algorithm processes.

In this step, evaluating the privacy protection scheme includes: and evaluating the privacy protection effect of the privacy protection scheme and the complexity of the privacy protection scheme.

The privacy protection effect of the privacy protection scheme is evaluated by utilizing the probability that an attacker guesses the privacy information before the privacy protection scheme is processed.

The evaluation of the complexity of the privacy protection scheme refers to the evaluation of the time complexity and the space complexity of the privacy protection scheme.

Referring to fig. 3, another embodiment of the present invention provides a device for protecting private information, including at least one of the following modules:

a privacy information feature obtaining module 301, configured to obtain a privacy information feature of the privacy information;

a privacy protection scheme decision module 302, configured to determine a privacy protection scheme according to at least one of the scene information and the privacy information characteristics.

In another embodiment of the present invention, the method further comprises:

a privacy protection scheme evaluation module 303, configured to evaluate at least one of the privacy protection scheme and a privacy protection algorithm in the privacy protection scheme.

In an embodiment of the present invention, referring to fig. 4, the privacy protection scheme decision module 302 includes:

a privacy protection requirement generating unit 401, configured to generate a privacy protection requirement according to at least one of the scene information and the privacy information characteristics;

a privacy protection algorithm requirement generating unit 402, configured to determine a requirement of a privacy protection algorithm according to any combination of one or more of the scene information, the privacy information characteristics, and the privacy protection requirement;

a privacy protection algorithm type or theoretical basis determining unit 403, configured to determine, according to any combination of one or more of the scene information, the privacy information characteristics, the privacy protection requirement, and the requirement of the privacy protection algorithm, at least one of the following: the type of the privacy protection algorithm and the theoretical basis of the privacy protection algorithm;

a combination unit 404 between privacy protection algorithm steps, configured to give a combination relationship between the privacy protection algorithm steps and the privacy protection algorithm steps according to any combination of one or more of scene information, privacy information characteristics, privacy protection requirements, requirements of the privacy protection algorithm, types of the privacy protection algorithm, and theoretical bases of the privacy protection algorithm;

a parameter design unit 405, configured to select a parameter of the privacy protection algorithm according to any combination of one or more of the scene information, the privacy protection requirement, the privacy protection algorithm requirement, and the privacy protection algorithm step;

a combination unit 406 between the privacy protection algorithm and the privacy protection algorithm, configured to combine the privacy protection algorithm steps and the parameters of the privacy protection algorithm according to the combination relationship between the privacy protection algorithm steps to generate a privacy protection algorithm;

a privacy protection scheme generating unit 407, configured to combine the privacy protection algorithms according to a combination scheme of the privacy protection algorithms to generate a privacy protection scheme.

The specific implementation process of each module or unit in the privacy information protection apparatus is the same as the specific implementation process of the privacy information protection method in the foregoing embodiment, and is not described here again.

Another embodiment of the present invention provides a privacy information protection apparatus, including a processor and a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed by the processor, the apparatus implements any one of the privacy information protection methods described above.

Another embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the steps of any one of the above-mentioned methods for protecting private information.

Another embodiment of the present invention provides a privacy information protection system, including:

a privacy protection scheme decision module 302, configured to determine a privacy protection scheme according to at least one of the scene information and the privacy information characteristics;

the privacy information characteristic obtaining module 301 and the privacy protection scheme deciding module 302 are disposed in different devices.

In another embodiment of the present invention, the method further comprises:

a privacy protection scheme evaluation module 303, configured to evaluate the privacy protection scheme;

at least two modules of the privacy protection scheme evaluation module 303, the privacy information feature acquisition module 301 and the privacy protection scheme decision module 302 are arranged in different devices.

a privacy protection scheme generating unit 407, configured to combine the privacy protection algorithms according to a combination scheme of the privacy protection algorithms to generate a privacy protection scheme;

wherein the at least two units are provided in different devices.

The specific implementation process of each module or unit in the privacy information protection system is the same as that of the privacy information protection method in the foregoing embodiment, and is not described here again.

It will be understood by those of ordinary skill in the art that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.

Although the embodiments of the present invention have been described above, the descriptions are only used for understanding the embodiments of the present invention, and are not intended to limit the embodiments of the present invention. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the embodiments of the invention as defined by the appended claims.

Claims

1. A method of protecting private information, comprising:

acquiring the privacy information characteristics of the privacy information;

determining a privacy protection scheme according to at least one of the scene information and the privacy information characteristics;

evaluating at least one of the privacy protection scheme and a privacy protection algorithm in the privacy protection scheme;

wherein evaluating the privacy protection scheme comprises at least one of:

evaluating the privacy protection effect of the privacy protection scheme;

evaluating the complexity of the privacy protection scheme;

evaluating a privacy protection algorithm in the privacy protection scheme comprises at least one of:

2. The method according to claim 1, wherein the evaluating the privacy protection effect of the privacy protection algorithm in the privacy protection scheme comprises:

and when the privacy protection effect value of the privacy protection algorithm is smaller than the expected privacy protection effect value in the requirement of the privacy protection algorithm, judging that the privacy protection algorithm does not pass the evaluation of the privacy protection effect of the privacy protection algorithm.

3. The method according to claim 2, wherein the privacy protection effect value of the privacy protection algorithm comprises any combination of one or more of the following:

4. The method of claim 1, wherein the complexity of the privacy preserving algorithm comprises any combination of one or more of: temporal complexity, spatial complexity;

evaluating the time complexity of the privacy protection algorithm;

evaluating the spatial complexity of the privacy preserving algorithm.

5. The method according to claim 4, wherein the evaluating the time complexity of the privacy protecting algorithm comprises:

6. The method according to claim 4, wherein the evaluating the spatial complexity of the privacy protection algorithm comprises any combination of one or more of the following:

7. The method according to claim 1, wherein the evaluating the privacy protecting effect of the privacy protecting scheme comprises:

calculating a privacy protection effect value of the privacy protection scheme;

when the privacy protection effect value of the privacy protection scheme is larger than or equal to the expected privacy protection effect value in the privacy protection requirement, judging that the privacy protection scheme passes the privacy protection effect evaluation of the privacy protection scheme;

and when the privacy protection effect value of the privacy protection scheme is smaller than the expected privacy protection effect value in the privacy protection requirement, judging that the privacy protection scheme does not pass the privacy protection effect evaluation of the privacy protection scheme.

8. The method according to claim 7, wherein the privacy protection effect value of the privacy protection scheme comprises any combination of one or more of the following:

9. The method of claim 1, wherein the complexity of the privacy preserving scheme comprises any combination of one or more of: temporal complexity, spatial complexity;

evaluating a temporal complexity of the privacy protection scheme;

evaluating a spatial complexity of the privacy preserving scheme.

10. The method of claim 9, wherein the evaluating the temporal complexity of the privacy preserving scheme comprises:

11. The method according to claim 9, wherein the evaluating the spatial complexity of the privacy protecting scheme comprises any combination of one or more of:

12. The method according to claim 1, wherein the determining the privacy protection scheme according to at least one of the scene information and the privacy information characteristics comprises one or more of the following steps in any combination:

13. The private information protecting method according to claim 12, further comprising:

when the privacy protection algorithm passes the evaluation and the privacy protection scheme does not pass the evaluation, modifying a privacy protection algorithm combination scheme, and continuing to execute the step of combining the privacy protection algorithms according to the privacy protection algorithm combination scheme to generate the privacy protection scheme;

14. The method of claim 12 or 13, wherein the privacy preserving requirements comprise any combination of one or more of:

the operating environment includes: time, spatial location, network, device.

15. The method of claim 14, wherein the performance requirements of the privacy preserving scheme are not limited to any combination including one or more of:

16. The method of claim 12 or 13, wherein the requirements of the privacy preserving algorithm include at least one of: the expected value and the performance requirement of the privacy protection effect of the privacy protection algorithm;

17. The method of claim 12 or 13, wherein the type of privacy preserving algorithm comprises any combination of one or more of:

18. The method according to claim 12 or 13, wherein the theoretical basis of the privacy protection algorithm comprises any combination of one or more of the following:

19. The method of claim 12 or 13, wherein the privacy preserving algorithm step comprises any combination of one or more of the following:

s change, P replacement, key expansion, initialization, memory setting, a linear feedback shift register, a nonlinear feedback shift register, determining disturbing granularity, adding noise, setting information weight, screening confusion information meeting conditions, selecting the confusion information, combining real information to form request information, determining fuzzy granularity, setting fuzzy range and constructing the request information.

20. The method according to claim 12 or 13, wherein the parameters of the privacy protection algorithm comprise any combination of one or more of the following:

21. The method of claim 1, wherein the private information characteristics comprise any combination of one or more of:

22. The method of claim 21, wherein the sensitivity of the private information is a value used to measure information sensitivity, and is calculated by any combination of one or more of probability, mathematical expectation, and mathematical variance.

23. The method of claim 21, wherein the executable privacy operations comprise any combination of one or more of:

24. The method of claim 1, wherein the context information comprises any combination of one or more of the following:

25. A privacy information protection apparatus comprising:

wherein evaluating the privacy protection scheme comprises at least one of:

evaluating the privacy protection effect of the privacy protection scheme;

evaluating the complexity of the privacy protection scheme;

26. A privacy information protection apparatus comprising a processor and a computer-readable storage medium having instructions stored therein, wherein the instructions, when executed by the processor, implement the privacy information protection method of any one of claims 1-24.

27. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method for protecting private information according to any one of claims 1 to 24.

28. A privacy information protection system comprising:

at least two modules of the privacy protection scheme evaluation module, the privacy information characteristic acquisition module and the privacy protection scheme decision module are arranged on different devices;

evaluating the privacy protection scheme includes at least one of:

evaluating the privacy protection effect of the privacy protection scheme;

evaluating the complexity of the privacy protection scheme;