CN109583227B - Privacy information protection method, device and system - Google Patents

Abstract

The embodiment of the invention discloses a method, a device and a system for protecting privacy information, wherein the method for protecting the privacy information comprises the following steps: acquiring the privacy information characteristics of the privacy information; a privacy protection scheme is determined based on at least one of the scene information and the privacy information characteristics, and at least one of the privacy protection scheme and a privacy protection algorithm in the privacy protection scheme is evaluated. According to the embodiment of the invention, a normalization framework of a privacy protection algorithm and a privacy protection scheme is determined according to the privacy information characteristics and the scene information, and the privacy protection algorithm and the privacy protection scheme which are suitable for specific application scenes and privacy information are designed; according to the evaluation results of the privacy protection algorithm and the privacy protection scheme, the privacy protection algorithm and the privacy protection scheme which are suitable for specific application scenes and privacy information and meet privacy protection requirements are designed in an iteration mode of the privacy protection algorithm and the privacy protection scheme, and the design, implementation and evaluation efficiency is improved.

Description

A kind of privacy information protection method, device and system

technical field

The embodiments of the present invention relate to, but are not limited to, the field of information technology, and in particular, refer to a privacy information protection method, device, and system.

Background technique

With the continuous and rapid development of information technology and network technology, the widespread popularization of related applications and the continuous evolution of personalized services, large Internet companies have accumulated massive amounts of data in the process of providing services, and these data are frequently cross-border, cross-system, and cross-ecosystem Interaction has become the norm, resulting in the intentional or unintentional retention of private information in different information systems, and the accumulated data contains a large amount of user private information. While users enjoy the convenience of work, life, study, etc., their data faces the risk of leakage in the process of data collection, sharing, storage, analysis, etc., which seriously threatens user privacy and security.

The existing privacy information protection scheme only protects specific scenarios and specific data, but due to the diverse types of privacy information, different privacy protection requirements, and different privacy algorithm protection capabilities, there is no effective guiding principle when designing specific privacy protection algorithms; Different privacy protection requirements in different application scenarios lead to the need to develop the same or similar algorithms multiple times, which reduces code reusability and increases development workload and cost; algorithm parameters are manually selected by developers according to their needs, lacking automation The mechanism of solving the optimal parameters affects the effect of the algorithm.

SUMMARY OF THE INVENTION

The embodiments of the present invention provide a privacy information protection method, device and system, which can design privacy protection algorithms and privacy protection schemes that are suitable for specific application scenarios and privacy information and meet privacy protection requirements, and improve the efficiency of design, implementation and evaluation. .

An embodiment of the present invention provides a privacy information protection method, comprising at least one of the following steps:

Obtain private information characteristics of private information;

The privacy protection scheme is determined according to at least one of the scene information and the privacy information feature.

In the embodiment of the present invention, it also includes:

Evaluate at least one of the privacy protection scheme and the privacy protection algorithm in the privacy protection scheme.

In this embodiment of the present invention, the evaluating the privacy protection scheme includes at least one of the following:

Evaluate the privacy protection effect of the privacy protection scheme;

Evaluate the complexity of the privacy protection scheme;

The evaluation of the privacy protection algorithm in the privacy protection scheme includes at least one of the following:

Evaluate the privacy protection effect of the privacy protection algorithm in the privacy protection scheme;

Evaluate the complexity of privacy-preserving algorithms in privacy-preserving schemes.

In the embodiment of the present invention, the evaluation of the privacy protection effect of the privacy protection algorithm in the privacy protection scheme includes:

Calculate the privacy protection effect value of the privacy protection algorithm;

When the privacy protection effect value of the privacy protection algorithm is greater than or equal to the expected value of the privacy protection effect in the demand of the privacy protection algorithm, it is judged that the privacy protection algorithm passes the privacy protection effect evaluation of the privacy protection algorithm;

When the privacy protection effect value of the privacy protection algorithm is less than the expected value of the privacy protection effect in the requirements of the privacy protection algorithm, it is determined that the privacy protection algorithm has not passed the privacy protection effect evaluation of the privacy protection algorithm.

In this embodiment of the present invention, the privacy protection effect value of the privacy protection algorithm includes any combination of one or more of the following:

The amount of deviation between the private information processed by using the privacy protection algorithm and the private information before processing, the loss ratio between the private information processed by using the privacy protection algorithm and the private information before processing, the attacker's guess The probability of private information before being processed by the privacy-preserving algorithm.

In this embodiment of the present invention, the complexity of the privacy protection algorithm includes any combination of one or more of the following: time complexity and space complexity;

The evaluation of the complexity of the privacy protection algorithm in the privacy protection scheme includes any combination of one or more of the following:

Evaluate the time complexity of the privacy protection algorithm;

Evaluate the space complexity of the privacy-preserving algorithm.

In this embodiment of the present invention, the evaluating the time complexity of the privacy protection algorithm includes:

Determine whether the running speed of the privacy protection algorithm meets the minimum running speed in the requirements of the privacy protection algorithm;

When the running speed of the privacy protection algorithm is greater than or equal to the minimum running speed in the requirements of the privacy protection algorithm, it is determined that the privacy protection algorithm passes the time complexity evaluation of the privacy protection algorithm;

When the running speed of the privacy-preserving algorithm is less than the minimum running speed in the requirements of the privacy-preserving algorithm, it is determined that the privacy-preserving algorithm has not passed the time complexity evaluation of the privacy-preserving algorithm.

In this embodiment of the present invention, the evaluation of the space complexity of the privacy protection algorithm includes any combination of one or more of the following:

Determine whether the software resources occupied by the operation of the privacy protection algorithm meet the required software resources in the requirements of the privacy protection algorithm;

When the software resources occupied by the operation of the privacy protection algorithm are less than or equal to the required software resources in the requirements of the privacy protection algorithm, it is determined that the privacy protection algorithm passes the software resource evaluation in the space complexity evaluation of the privacy protection algorithm;

When the software resources occupied by the operation of the privacy protection algorithm are greater than the required software resources in the requirements of the privacy protection algorithm, it is determined that the privacy protection algorithm does not pass the software resources in the space complexity evaluation of the privacy protection algorithm Evaluate;

Determine whether the hardware resources occupied by the operation of the privacy protection algorithm meet the hardware resources required in the requirements of the privacy protection algorithm;

When the hardware resources occupied by the operation of the privacy protection algorithm are less than or equal to the required hardware resources in the requirements of the privacy protection algorithm, it is determined that the privacy protection algorithm passes the hardware resources in the space complexity evaluation of the privacy protection algorithm Evaluate;

When the hardware resources occupied by the operation of the privacy protection algorithm are greater than the hardware resources required by the privacy protection algorithm, it is determined that the privacy protection algorithm has not passed the hardware resource evaluation in the space complexity evaluation of the privacy protection algorithm.

In the embodiment of the present invention, the evaluation of the privacy protection effect of the privacy protection scheme includes:

calculating the privacy protection effect value of the privacy protection scheme;

When the privacy protection effect value of the privacy protection scheme is greater than or equal to the expected value of the privacy protection effect in the privacy protection requirement, it is determined that the privacy protection scheme passes the privacy protection effect evaluation of the privacy protection scheme;

When the privacy protection effect value of the privacy protection scheme is smaller than the privacy protection effect expectation value in the privacy protection scheme requirement, it is determined that the privacy protection scheme has not passed the privacy protection effect evaluation of the privacy protection algorithm.

In this embodiment of the present invention, the privacy protection effect value of the privacy protection scheme includes any combination of one or more of the following:

The amount of deviation between the private information processed by the privacy protection scheme and the private information before processing, the loss ratio between the private information processed by the privacy protection scheme and the private information before processing, the attacker's guess The privacy protection scheme deals with the probability of private information before processing.

In this embodiment of the present invention, the complexity of the privacy protection scheme includes any combination of one or more of the following: time complexity and space complexity;

The evaluation of the complexity of the privacy protection scheme includes any combination of one or more of the following:

Evaluate the time complexity of the privacy protection scheme;

The space complexity of the privacy protection scheme is evaluated.

In the embodiment of the present invention, the evaluating the time complexity of the privacy protection scheme includes:

Determine whether the operating speed of the privacy protection scheme meets the minimum operating speed in the privacy protection requirements;

When the running speed of the privacy protection scheme is greater than or equal to the minimum running speed in the privacy protection requirement, it is judged that the privacy protection scheme passes the time complexity evaluation of the privacy protection scheme;

When the running speed of the privacy protection scheme is less than the minimum running speed in the privacy protection requirement, it is determined that the privacy protection scheme has not passed the time complexity evaluation of the privacy protection scheme.

In this embodiment of the present invention, the evaluation of the space complexity of the privacy protection scheme includes any combination of one or more of the following:

Determine whether the software resources occupied by the operation of the privacy protection scheme meet the required software resources in the privacy protection requirements;

When the software resources occupied by the operation of the privacy protection scheme are less than or equal to the required software resources in the privacy protection requirements, it is determined that the privacy protection scheme passes the software resource evaluation in the space complexity evaluation of the privacy protection scheme;

When the software resources occupied by the operation of the privacy protection scheme are greater than the required software resources in the privacy protection requirements, it is determined that the privacy protection scheme has not passed the software resource evaluation in the space complexity evaluation of the privacy protection scheme;

Determine whether the hardware resources occupied by the operation of the privacy protection scheme meet the hardware resources required in the privacy protection requirement;

When the hardware resources occupied by the operation of the privacy protection scheme are less than or equal to the hardware resources required in the privacy protection requirement, it is determined that the privacy protection scheme passes the hardware resource evaluation in the space complexity evaluation of the privacy protection scheme;

When the hardware resources occupied by the operation of the privacy protection scheme are greater than the hardware resources in the privacy protection requirement, it is determined that the privacy protection scheme fails the hardware resource evaluation in the space complexity evaluation of the privacy protection scheme.

In this embodiment of the present invention, the determining of a privacy protection scheme according to at least one of scene information and privacy information features includes any combination of one or more of the following steps:

Generate privacy protection requirements according to at least one of scene information and privacy information features;

Determine the requirements of the privacy protection algorithm according to any combination of one or more of scene information, privacy information characteristics, and privacy protection requirements;

Determine at least one of the following according to any combination of one or more of scene information, privacy information features, privacy protection requirements, and privacy protection algorithm requirements: the type of privacy protection algorithm and the theoretical basis of the privacy protection algorithm;

According to any combination of one or more of scene information, privacy information characteristics, privacy protection requirements, privacy protection algorithm requirements, types of privacy protection algorithms, and theoretical foundations of privacy protection algorithms, privacy protection algorithm steps and privacy protection algorithm steps are given. Combination relationship between;

Select the parameters of the privacy protection algorithm according to any combination of one or more of the scene information, privacy protection requirements, privacy protection algorithm requirements, and privacy protection algorithm steps;

According to the combination relationship between the steps of the privacy protection algorithm, the privacy protection algorithm steps and the parameters of the privacy protection algorithm are combined to generate the privacy protection algorithm;

Determine the combination scheme of the privacy protection algorithm according to any combination of one or more of the scene information, privacy information features, privacy protection requirements, and privacy protection algorithms;

The privacy protection algorithm is combined according to the combination solution of the privacy protection algorithm to generate a privacy protection solution.

In the embodiment of the present invention, it also includes:

Evaluate at least one of the privacy protection scheme and the privacy protection algorithm in the privacy protection scheme, and perform at least one of the following:

When the privacy-preserving algorithm fails the evaluation, modify any combination of one or more of the privacy-preserving algorithm steps, the combination relationship between the privacy-preserving algorithm steps, and the parameters of the privacy-preserving algorithm according to the evaluation result, and continue to execute the privacy-preserving algorithm. The combination relationship between the protection algorithm steps is a step of combining the privacy protection algorithm steps and the parameters of the privacy protection algorithm to generate the privacy protection algorithm;

When the privacy protection algorithm has passed the evaluation and the privacy protection scheme has not passed the evaluation, modify the privacy protection algorithm combination scheme, and continue to execute the privacy protection algorithm according to the privacy protection algorithm combination scheme. Perform the steps of combining to generate a privacy protection scheme;

When the privacy protection algorithm has passed the evaluation, but the new privacy protection solution fails to pass the evaluation after modifying the combination scheme of the privacy protection algorithm many times, modify the privacy protection algorithm steps, the combination relationship between the privacy protection algorithm steps, and the parameters of the privacy protection algorithm. Arbitrary combination of one or more of the above, continue to perform the described step of combining the privacy-preserving algorithm steps and the parameters of the privacy-preserving algorithm to generate a privacy-preserving algorithm according to the combination relationship between the privacy-preserving algorithm steps, and then modify the described privacy-preserving algorithm steps. For the privacy protection algorithm combination scheme, continue to perform the step of combining the privacy protection algorithms according to the privacy protection algorithm combination scheme to generate the privacy protection scheme.

In this embodiment of the present invention, the privacy protection requirement includes any combination of one or more of the following:

The expected value of the privacy protection effect of the privacy protection scheme, the performance requirements of the privacy protection scheme, the privacy operation, the constraints, the corresponding relationship between the privacy operation and the constraints;

Among them, the constraints are used to describe the conditions that need to be met for privacy operations, including: operating entity attributes, operating environment;

The operating environment includes: time, spatial location, network, and equipment.

In this embodiment of the present invention, the performance requirements of the privacy protection solution are not limited to include any combination of one or more of the following:

Operating environment, minimum operating speed, required software resources, required hardware resources.

In this embodiment of the present invention, the requirements of the privacy protection algorithm include at least one of the following: privacy protection effect expectation value and performance requirements of the privacy protection algorithm;

The performance requirements of the privacy protection algorithm are not limited to include any combination of one or more of the following:

Operating environment, minimum operating speed, required software resources, required hardware resources.

In this embodiment of the present invention, the type of the privacy protection algorithm includes any combination of one or more of the following:

Cryptography-based privacy protection algorithm, scrambling-based privacy protection algorithm, obfuscation-based privacy protection algorithm, generalization-based privacy protection algorithm, and access control-based privacy protection algorithm.

In this embodiment of the present invention, the theoretical basis of the privacy protection algorithm includes any combination of one or more of the following:

Cryptography-based privacy protection technology, probability-based privacy protection technology, and game-based privacy protection technology.

In this embodiment of the present invention, the privacy protection algorithm steps are not limited to include any combination of one or more of the following:

S change, P replacement, key extension, initialization, memory setting, linear feedback shift register, nonlinear feedback shift register, determining the granularity of disturbance, adding noise, setting information weight, filtering out the confusing information that meets the conditions, selecting Confuse the information, combine the real information to form the request information, determine the fuzzy granularity, set the fuzzy scope, and construct the request information.

In this embodiment of the present invention, the parameters of the privacy protection algorithm include any combination of one or more of the following:

Key length, anonymous set size, privacy budget, sensitivity, offset, block length, number of encryption rounds, S-box, polynomial parameters, MDS code, P permutation table.

In this embodiment of the present invention, the privacy information feature includes any combination of one or more of the following:

Types of privacy information, content of privacy information, data value range, data distribution characteristics, sensitivity of privacy information, executable privacy operations, expected value of privacy operation times, and social experience value of privacy operation results.

In this embodiment of the present invention, the sensitivity of the private information is a value used to measure the sensitivity of the information, and is obtained by calculating any combination of one or more of probability, mathematical expectation, and mathematical variance.

In this embodiment of the present invention, the executable privacy operations include any combination of one or more of the following:

Read, write, encrypt, obfuscate, generalize, add noise, anonymize, sign, verify, calculate digest, encrypt, save, copy, paste, forward, cut, modify, delete.

In this embodiment of the present invention, the scene information includes any combination of one or more of the following:

Time, space location, device, device performance, interaction object, interaction approach, request type, service type.

An embodiment of the present invention provides a privacy information protection device, including at least one of the following modules:

The private information feature acquisition module is used to obtain the private information features of the private information;

The privacy protection scheme decision module is configured to determine the privacy protection scheme according to at least one of the scene information and the characteristics of the privacy information.

In the embodiment of the present invention, it also includes:

A privacy protection scheme evaluation module, configured to evaluate at least one of the privacy protection scheme and the privacy protection algorithm in the privacy protection scheme.

An embodiment of the present invention provides an apparatus for protecting privacy information, including a processor and a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed by the processor, any of the above-mentioned options are implemented. A method of protecting privacy information.

An embodiment of the present invention provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, implements the steps of any of the foregoing methods for protecting privacy information.

The embodiment of the present invention proposes a privacy information protection system, including:

The private information feature acquisition module is used to obtain the private information features of the private information;

a privacy protection scheme decision module, configured to determine a privacy protection scheme according to at least one of the scene information and the characteristics of the privacy information;

Among them, the privacy information feature acquisition module and the privacy protection scheme decision module are set in different devices.

In the embodiment of the present invention, it also includes:

a privacy protection scheme evaluation module, configured to evaluate at least one of the privacy protection scheme and the privacy protection algorithm in the privacy protection scheme;

Wherein, at least two modules of the privacy protection scheme evaluation module, the privacy information feature acquisition module and the privacy protection scheme decision module are set in different devices.

The embodiments of the present invention include: acquiring private information features of private information; and determining a privacy protection scheme according to at least one of scene information and private information features. The embodiments of the present invention determine the privacy protection scheme based on the characteristics of the privacy information and the scene information, and improve the efficiency of designing, implementing and evaluating the privacy protection algorithm and the privacy protection scheme.

In another embodiment of the present invention, through preprocessing, acquisition of privacy information features, determination of the type or theoretical basis of privacy protection algorithm, selection and design of privacy protection algorithm steps, determination and combination of privacy protection algorithm steps Design, parameter design and other links designed a safe and efficient privacy protection algorithm that meets specific application scenarios and privacy information. Among them, preprocessing is mainly used to pre-adaptively process privacy information and scene information to ensure that the designed privacy protection algorithm meets specific privacy information and scene information; the type or theoretical basis of privacy protection algorithm is mainly based on scene information and privacy information. Determine the characteristics, privacy protection requirements, and privacy protection algorithm requirements to ensure that the designed privacy protection algorithm provides privacy protection on demand; by determining the type or theoretical basis of the privacy protection algorithm, privacy protection algorithm steps, privacy protection algorithm step combination, parameter design, etc. It improves the design efficiency and privacy protection effect of privacy protection algorithms; determines the privacy protection algorithm combination scheme according to the scene information, privacy information characteristics, and privacy protection requirements, and combines the designed or selected privacy protection algorithms to generate a complete set of privacy protection algorithms. Systematic privacy protection scheme; the evaluation of privacy protection scheme is used to evaluate the privacy protection effect and performance of the generated privacy protection algorithm and privacy protection scheme.

The embodiment of the present invention extracts the basic features of the privacy protection algorithm according to the application scenario, the characteristics of the privacy information and the privacy protection algorithm, determines the normalization framework of the privacy protection algorithm, and designs the privacy protection algorithm suitable for the specific application scenario and privacy information. Based on this, a general programming framework for iterative design of privacy-preserving algorithms and privacy-preserving algorithms is implemented.

The embodiment of the present invention provides selecting a privacy protection algorithm according to application scenarios and characteristics of privacy information, determining a combination scheme of the privacy protection algorithm, and performing the designed and/or selected one or more privacy protection algorithms according to the combination scheme of the privacy protection algorithm. The combination generates a privacy protection scheme. Based on this, a general programming framework for iterative design of privacy protection scheme and privacy protection scheme is implemented.

The embodiments of the present invention provide, according to the evaluation results of the privacy protection algorithm, through algorithm iteration, determine the steps of the privacy protection algorithm, the combination relationship between the steps of the privacy protection algorithm, and the selection and optimization of algorithm parameters, so as to design a design that adapts to specific privacy information and application scenarios, and satisfies privacy requirements. Protect the privacy protection algorithm of the demand, and improve the efficiency of algorithm design and implementation.

The embodiments of the present invention provide a privacy protection scheme that meets privacy protection requirements by adjusting and revising the privacy protection algorithm and the privacy protection algorithm combination scheme according to the evaluation result of the privacy protection scheme, thereby improving the efficiency of designing and implementing the privacy protection scheme.

Other features and advantages of embodiments of the invention will be set forth in the description that follows, and in part will be apparent from the description, or learned by practice of the embodiments of the invention. The objectives and other advantages of the embodiments of the invention may be realized and attained by the structure particularly pointed out in the description, claims and drawings.

Description of drawings

The accompanying drawings are used to provide a further understanding of the technical solutions of the embodiments of the present invention, and constitute a part of the specification. They are used to explain the technical solutions of the embodiments of the present invention together with the embodiments of the present invention, and do not constitute the technical solutions of the embodiments of the present invention. limits.

FIG. 1 is a flowchart of a privacy information protection method proposed by an embodiment of the present invention;

2 is a flowchart of a method for determining a privacy protection scheme according to at least one of scene information and privacy information features according to an embodiment of the present invention;

3 is a schematic diagram of the structure and composition of a privacy information protection device proposed by another embodiment of the present invention;

FIG. 4 is a schematic structural composition diagram of a decision module of a privacy protection scheme according to an embodiment of the present invention.

Detailed ways

Hereinafter, the embodiments of the present invention will be described in detail with reference to the accompanying drawings. It should be noted that the embodiments of the present invention and the features of the embodiments may be arbitrarily combined with each other unless there is conflict.

The steps shown in the flowcharts of the figures may be performed in a computer system, such as a set of computer-executable instructions. Also, although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order different from that herein.

Referring to FIG. 1, an embodiment of the present invention provides a privacy protection method, which includes at least one of the following steps:

Step 100: Acquire private information features of the private information.

In this embodiment of the present invention, private information features in the private information may be obtained by performing information analysis and/or computing on the private information. Specifically, any combination of one or more of the following technologies can be used to obtain private information features:

Semantic analysis technology, machine learning technology, deep learning technology, probability and statistics methods, information theory methods.

In this embodiment of the present invention, the privacy information feature includes any combination of one or more of the following:

Types of privacy information, content of privacy information, data value range, data distribution characteristics, sensitivity of privacy information, executable privacy operations, expected value of privacy operation times, and social experience value of privacy operation results.

Among them, the data distribution characteristics are used to measure the statistical characteristics of the distribution of private information, and can be obtained by means of probability statistics.

The sensitivity of private information is a value used to measure the sensitivity of information, and the sensitivity of the information can be calculated by any combination of one or more of probability, mathematical expectation, and mathematical variance.

The executable privacy operations include any combination of one or more of the following:

Read, write, encrypt, obfuscate, generalize, add noise, anonymize, sign, verify, calculate digest, encrypt, save, copy, paste, forward, cut, modify, delete.

Step 101: Determine a privacy protection scheme according to at least one of scene information and privacy information features.

In this embodiment of the present invention, referring to FIG. 2 , step 101 includes:

Step 201: Generate a privacy protection requirement according to at least one of the scene information and the privacy information feature.

In this embodiment of the present invention, the scene information includes, but is not limited to, any combination including one or more of the following:

Time, space location, device, device performance, interaction object, interaction approach, request type, service type.

The scenarios belong to different application scenarios, and may include any combination of one or more of the following: sharing scenarios, query scenarios, and payment scenarios. Different application scenarios have different scenario information.

In this embodiment of the present invention, the privacy protection requirements include, but are not limited to, any combination of one or more of the following:

The expected value of the privacy protection effect of the privacy protection scheme, the performance requirements of the privacy protection scheme, the privacy operation, the constraints, the corresponding relationship between the privacy operation and the constraints;

The expected value of privacy protection effect of the privacy protection scheme is used to describe various expected values of private information before and after processing the privacy protection scheme, including any combination of one or more of the following:

The expected value of the deviation between the private information processed by the privacy protection scheme and the private information before processing, the expected value of the loss ratio between the private information processed by the privacy protection scheme and the private information before processing, the attacker infers the privacy protection The expected value of the probability of the private information before the solution is processed;

The performance requirements of the privacy protection scheme include, but are not limited to, any combination of one or more of the following:

Operating environment, minimum operating speed, required software resources, required hardware resources;

Constraints are used to describe the conditions that need to be met for privacy operations, including but not limited to: operating entity attributes, operating environment;

The operating entity attribute is the attribute of the entity that performs privacy operations on private information, including but not limited to: identity, role, relationship, address, mobile phone number, ID number, phone number, and occupation.

The operating environment includes, but is not limited to, including: time, spatial location, network, and equipment;

Wherein, the generation of the privacy protection requirement may be generated by manual input, or generated according to a pre-designed rule, both of which are within the protection scope of the embodiments of the present invention.

The pre-designed rules are used to describe the method for generating privacy protection requirements according to scene information and privacy information features, and can be described in natural language and/or formal language.

The following methods can be adopted for the pre-designed rules, but not limited to the following methods: the scene information and/or privacy information features can be directly mapped through a graph or set, or through a function.

For example: map the service type in the scene information to the expected value of privacy protection effect. For example, if the service type is financial business, the data sensitivity involved is relatively high, and the expected value of privacy protection effect is high. If the service type is to search for restaurants around a certain location or In shopping malls, the data involved is not sensitive, and the expected value of privacy protection effect is low; according to the device or device performance in the scene information, it is mapped to the performance requirements of the privacy protection scheme, such as required software resources, required hardware resources, and operating environment; Map the privacy information type in the privacy information feature to the corresponding operation entity attributes, privacy operations, and privacy operation constraints. For different types of privacy information such as text, pictures, videos, etc., the operations that can be performed are different, and the attributes of the operation entities are also different;

The spatial location of the scene information can be mapped to the corresponding operating entity attributes, privacy operations, and privacy operation constraints. For example, in an office environment, operations such as reading and writing can be performed, and the identity in the operating entity attributes can meet certain conditions. In the public environment such as hotels, airports and railway stations outside, only read operations are allowed, and the identity in the attributes of the operating entity must meet certain conditions.

Step 202: Determine the requirements of the privacy protection algorithm according to any combination of one or more of the scene information, privacy information features, and privacy protection requirements.

In this embodiment of the present invention, the requirements of the privacy protection algorithm include at least one of the following:

The expected value of privacy protection effect of privacy protection algorithm and the performance requirements of privacy protection algorithm.

Among them, the expected value of the privacy protection effect of the privacy protection algorithm is used to describe various expected values before and after the privacy information is processed by the privacy protection algorithm, including any combination of one or more of the following:

The expected value of deviation between the private information processed by the privacy protection algorithm and the private information before processing, the expected value of the loss ratio between the private information processed by using the privacy protection algorithm and the private information before processing, the attacker infers the privacy protection The expected value of the probability of the private information before the algorithm processes it;

The performance requirements of the privacy protection algorithm include, but are not limited to, any combination of one or more of the following:

Operating environment, minimum operating speed, required software resources, required hardware resources.

Wherein, determining the expected value of the privacy protection effect of the privacy protection algorithm and the performance requirement of the privacy protection algorithm may be generated by manual input, or generated according to pre-designed rules, both of which are within the protection scope of the embodiments of the present invention.

The pre-designed rules are used to describe the performance requirements of the privacy protection algorithm determined according to scene information, privacy information characteristics, and privacy protection requirements.

The following methods may be adopted for the pre-designed rules, but are not limited to the following methods: the scene information, privacy information features, and privacy protection requirements may be directly mapped by a graph or a set, or by a function.

In this embodiment of the present invention, the expected value of the privacy protection effect of the privacy protection algorithm is determined according to any combination of one or more of the scene information, privacy information features, and privacy protection requirements. The effect expectation value is mapped to the privacy protection effect expectation value of the privacy protection algorithm;

Determine the performance requirements of the privacy protection algorithm according to any combination of one or more of the scene information, privacy information characteristics, and privacy protection requirements. For example, if the scene information belongs to the server side, the privacy protection algorithm requires a faster running speed, such as requiring every second How many times to calculate, or how many bytes of data stream to process. If the privacy protection algorithm is a signature algorithm, how many signatures are required per second; if the scene information is a terminal device and the hardware and software resources are limited, the privacy protection algorithm software and hardware resources will be limited; There are restrictions, and there are corresponding requirements for the operating environment of the privacy protection algorithm.

Step 203: Determine at least one of the following according to any combination of one or more of scene information, privacy information features, privacy protection requirements, and privacy protection algorithm requirements: the type of privacy protection algorithm and the theoretical basis of the privacy protection algorithm.

In this embodiment of the present invention, the types of privacy protection algorithms include, but are not limited to, any combination of one or more of the following:

Cryptography-based privacy protection algorithm, scrambling-based privacy protection algorithm, obfuscation-based privacy protection algorithm, generalization-based privacy protection algorithm, and access control-based privacy protection algorithm.

The theoretical basis of the privacy protection algorithm includes, but is not limited to, any combination of one or more of the following:

Cryptography-based privacy protection technology, probability-based privacy protection technology, and game-based privacy protection technology.

The determination of the type of the privacy protection algorithm and the theoretical basis of the privacy protection algorithm may be generated by manual input, or generated according to pre-designed rules, both of which are within the protection scope of the embodiments of the present invention.

Among them, the pre-designed rules are used to describe the theoretical basis for determining the type of privacy protection algorithm and the privacy protection algorithm according to scene information, privacy information characteristics, privacy protection requirements, and performance requirements of privacy protection algorithms.

The following methods can be used for pre-designing the rules, but not limited to the following methods: the scene information, privacy information features, privacy protection requirements, and privacy protection algorithm requirements can be directly mapped through charts or sets, classification matching methods, or mapping through functions;

For example: determine the type of privacy protection algorithm according to the privacy operations that can be performed in the requirements of the privacy protection algorithm. If the privacy operation is only obfuscated, then the privacy protection algorithm can only choose the privacy protection algorithm based on confusion; if the performance requirements of the privacy protection algorithm require If the running speed is relatively fast, the type of privacy protection algorithm can only choose the algorithm type that meets the running speed; if the expected value of the privacy protection effect of the privacy protection algorithm is relatively high, the privacy protection algorithm can only choose the privacy protection algorithm based on cryptography;

The theoretical basis of privacy protection algorithm can also be selected according to scene information, privacy information characteristics, privacy protection requirements, and performance requirements of privacy protection algorithm. For example, the expected value of privacy protection effect of privacy protection algorithm is relatively high. Protection technology; if the privacy operation is only anonymous, the theoretical basis of the privacy protection algorithm can only use the probability-based privacy protection technology.

Step 204: According to any combination of one or more of the scene information, privacy information characteristics, privacy protection requirements, requirements of privacy protection algorithms, types of privacy protection algorithms, and theoretical foundations of privacy protection algorithms, provide privacy protection algorithm steps and The compositional relationship between the steps of a privacy-preserving algorithm.

In the embodiment of the present invention, according to any combination of one or more of scene information, privacy information characteristics, privacy protection requirements, requirements of privacy protection algorithms, types of privacy protection algorithms, and theoretical foundations of privacy protection algorithms, determining Privacy-preserving algorithm steps can also be directly mapped or mapped using functions. For example, the steps of privacy protection algorithm are selected according to the type of privacy protection algorithm and the theoretical basis of privacy protection algorithm. If the theory of privacy protection algorithm is a privacy protection technology based on cryptography, and the type of privacy protection algorithm is a privacy protection algorithm based on cryptography, Only the cryptographic algorithm step can be selected, and the further privacy operation is signature, and the privacy protection algorithm step can only select the cryptographic module based on the signature algorithm; if the performance requirements of the privacy protection algorithm are limited in software and hardware resources, the lightweight cryptographic algorithm step is mainly selected;

According to any combination of one or more of scene information, privacy information characteristics, privacy protection requirements, performance requirements of privacy protection algorithms, types of privacy protection algorithms, and theoretical foundations of privacy protection algorithms, the interval between steps of the privacy protection algorithm is determined. Combination relationships can also be directly mapped or mapped using functions. Among them, if there is a sequential logic and execution order between the steps of the selected algorithm, the original logic and execution order are guaranteed to remain unchanged, and the execution is carried out; if there is no sequential logic and execution order between the steps of the selected algorithm, random The steps of the algorithm are sorted.

For example, in an obfuscation-based privacy protection algorithm, k-1 anonymous locations are selected to implement the process of obfuscation of real information: map division, calculation of the query probability of each location unit in the map, and comparison of the query probability of the user's location unit , Select the location unit whose probability satisfies the condition, select the location unit whose location satisfies the requirement, and construct the request information. Among them, steps 1-3 have the order of logic and execution, and it is necessary to ensure that the step remains unchanged, and steps 4 and 5 are steps that do not have the order of logic and execution, so 4 and 5 are randomly sorted.

For example, the privacy protection algorithm adopts the SP structure in the block cipher algorithm, and all privacy protection algorithm steps are combined according to the SP structure;

In this embodiment of the present invention, the privacy protection algorithm steps include, but are not limited to, any combination of one or more of the following:

S change, P replacement, key extension, initialization, memory setting, linear feedback shift register, nonlinear feedback shift register, determining the granularity of disturbance, adding noise, setting information weight, filtering out the confusing information that meets the conditions, selecting Confuse the information, combine the real information to form the request information, determine the fuzzy granularity, set the fuzzy scope, and construct the request information.

Step 205: Select parameters of the privacy protection algorithm according to any combination of one or more of the scene information, privacy protection requirements, privacy protection algorithm requirements, and privacy protection algorithm steps.

In this embodiment of the present invention, the parameters of the privacy protection algorithm include any combination of one or more of the following:

Key length, anonymous set size, privacy budget, sensitivity, offset, block length, number of encryption rounds, S-box, polynomial parameters, MDS code, P permutation table.

In the embodiment of the present invention, the parameters of the privacy protection algorithm are selected according to any combination of one or more of scene information, privacy protection requirements, privacy protection algorithm requirements, and privacy protection algorithm steps according to pre-designed rules. Pre-designed rules can be mapped directly or through functions.

For example, the correspondence table between the running speed, running software and hardware resources and parameters can be formulated. If the running speed of the privacy protection algorithm is required to be relatively fast, and the software and hardware environment for the algorithm to run is limited, the parameters of the privacy protection algorithm steps can be selected to be smaller. The key length is shorter and the number of encryption rounds is smaller; if the expected value of the privacy protection effect of the privacy protection algorithm in the scene information is relatively high, the parameter selection is larger, the key length is longer, and the number of encryption rounds is larger; for example, set the security requirements of the privacy protection algorithm Correspondence table with parameters, select parameters according to the correspondence table.

Step 206 , combine the steps of the privacy protection algorithm and the parameters of the privacy protection algorithm according to the combination relationship between the steps of the privacy protection algorithm to generate a privacy protection algorithm.

Step 207: Determine a combination scheme of the privacy protection algorithm according to any combination of one or more of the scene information, the privacy information feature, the privacy protection requirement, and the privacy protection algorithm.

In this embodiment of the present invention, pre-designed rules may be used to determine the combination scheme of privacy protection algorithms according to any combination of one or more of scene information, privacy information features, privacy protection requirements, and privacy protection algorithms, and the pre-designed rules may directly map or map through a function.

For example, formulate a correspondence table according to the expected value of privacy protection effect in the privacy protection requirement, the type of privacy protection algorithm, and the combination scheme of privacy protection algorithm, and select the corresponding privacy protection algorithm and combination scheme of privacy protection algorithm according to the type of privacy protection algorithm; For example, formulate a correspondence table between privacy information characteristics and privacy protection algorithm types, select privacy protection algorithms according to privacy information characteristics, and determine the combination scheme of privacy protection algorithms according to the input privacy information. For example, if the privacy information type is text, choose privacy protection algorithm No. 1. The information type is image, and the privacy protection algorithm No. 2 is selected, then the corresponding privacy protection algorithm is selected according to the input privacy information, and then the privacy protection scheme is determined. For example, there is one privacy protection algorithm, and different expected values of privacy protection effects are combined in different ways. A table corresponding to the expected values of privacy protection effects and combination schemes is formulated, and different combination schemes are selected according to different expectations. For example, the combination scheme of authentication encryption authentication and combination scheme of input feedback Wait.

Step 208 , combine the privacy protection algorithms according to the combination scheme of the privacy protection algorithms to generate a privacy protection scheme.

In another embodiment of the present invention, the privacy information protection method further includes:

Step 102: Evaluate at least one of the generated privacy protection scheme and the privacy protection algorithm in the privacy protection scheme.

In this embodiment of the present invention, evaluating the generated privacy protection scheme includes at least one of the following:

Evaluate the privacy protection effect of the privacy protection scheme;

Evaluate the complexity of the privacy protection scheme;

The evaluation of the privacy protection algorithm in the privacy protection scheme includes at least one of the following:

Evaluate the privacy protection effect of the privacy protection algorithm in the privacy protection scheme;

Evaluate the complexity of privacy-preserving algorithms in privacy-preserving schemes.

Among them, the evaluation of the privacy protection effect of the privacy protection algorithm in the privacy protection scheme includes:

Calculate the privacy protection effect value of the privacy protection algorithm;

When the privacy protection effect value of the privacy protection algorithm is greater than or equal to the expected value of the privacy protection effect in the requirements of the privacy protection algorithm, it is judged that the privacy protection algorithm passes the privacy protection effect evaluation of the privacy protection algorithm;

When the privacy protection effect value of the privacy protection algorithm is less than the expected value of the privacy protection effect in the requirement of the privacy protection algorithm, it is determined that the privacy protection algorithm has not passed the privacy protection effect evaluation of the privacy protection algorithm.

The privacy protection effect value includes, but is not limited to, any combination of one or more of the following:

The amount of deviation between the private information processed by using the privacy protection algorithm and the private information before processing, the loss ratio between the private information processed by using the privacy protection algorithm and the private information before processing, the attacker Infer the probability of private information before processing.

The complexity of the privacy protection algorithm includes any combination of one or more of the following: time complexity and space complexity.

Assessing the complexity of the privacy protection algorithm in the privacy protection scheme includes any combination of one or more of the following:

Evaluate the time complexity of the privacy protection algorithm;

Evaluate the space complexity of the privacy-preserving algorithm.

Wherein, the evaluation of the time complexity of the privacy protection algorithm includes:

Determine whether the software resources occupied by the operation of the privacy protection algorithm meet the required software resources in the requirements of the privacy protection algorithm;

When the software resources occupied by the operation of the privacy protection algorithm are less than or equal to the required software resources in the requirements of the privacy protection algorithm, it is determined that the privacy protection algorithm passes the software resource evaluation in the space complexity evaluation of the privacy protection algorithm;

When the software resources occupied by the operation of the privacy protection algorithm are greater than the required software resources in the requirements of the privacy protection algorithm, it is determined that the privacy protection algorithm does not pass the software resources in the space complexity evaluation of the privacy protection algorithm Evaluate;

Determine whether the hardware resources occupied by the operation of the privacy protection algorithm meet the hardware resources required in the requirements of the privacy protection algorithm;

When the hardware resources occupied by the operation of the privacy protection algorithm are less than or equal to the required hardware resources in the requirements of the privacy protection algorithm, it is determined that the privacy protection algorithm passes the hardware resources in the space complexity evaluation of the privacy protection algorithm Evaluate;

When the hardware resources occupied by the operation of the privacy protection algorithm are greater than the hardware resources required by the privacy protection algorithm, it is determined that the privacy protection algorithm has not passed the hardware resource evaluation in the space complexity evaluation of the privacy protection algorithm.

Among them, the evaluation of the privacy protection effect of the privacy protection scheme includes:

calculating the privacy protection effect value of the privacy protection scheme;

When the privacy protection effect value of the privacy protection scheme is greater than or equal to the expected value of the privacy protection effect in the privacy protection requirement, it is determined that the privacy protection scheme passes the privacy protection effect evaluation of the privacy protection scheme;

When the privacy protection effect value of the privacy protection scheme is smaller than the privacy protection effect expectation value in the privacy protection scheme requirement, it is determined that the privacy protection scheme has not passed the privacy protection effect evaluation of the privacy protection algorithm.

Wherein, the privacy protection effect value of the privacy protection scheme includes, but is not limited to, any combination of one or more of the following:

The amount of deviation between the private information processed by using the privacy protection scheme and the private information before processing, the loss ratio between the private information processed by using the privacy protection scheme and the private information before processing, the attacker Infer the probability of private information before processing.

Wherein, the complexity of the privacy protection scheme includes any combination of one or more of the following: time complexity, space complexity;

The evaluation of the complexity of the privacy protection scheme includes any combination of one or more of the following:

Evaluate the time complexity of the privacy protection scheme;

The space complexity of the privacy protection scheme is evaluated.

Wherein, the evaluation of the time complexity of the privacy protection scheme includes:

Determine whether the operating speed of the privacy protection scheme meets the minimum operating speed in the privacy protection requirements;

When the running speed of the privacy protection scheme is greater than or equal to the minimum running speed in the privacy protection requirement, it is judged that the privacy protection scheme passes the time complexity evaluation of the privacy protection scheme;

When the running speed of the privacy protection scheme is less than the running speed in the privacy protection requirement, it is determined that the privacy protection scheme has not passed the time complexity evaluation of the privacy protection scheme.

Wherein, the evaluation of the space complexity of the privacy protection scheme includes any combination of one or more of the following:

Determine whether the software resources occupied by the operation of the privacy protection scheme meet the required software resources in the privacy protection requirements;

When the software resources occupied by the operation of the privacy protection scheme are less than or equal to the required software resources in the privacy protection requirements, it is determined that the privacy protection scheme passes the software resource evaluation in the space complexity evaluation of the privacy protection scheme;

When the software resources occupied by the operation of the privacy protection scheme are greater than the required software resources in the privacy protection requirements, it is determined that the privacy protection scheme has not passed the software resource evaluation in the space complexity evaluation of the privacy protection scheme;

Determine whether the hardware resources occupied by the operation of the privacy protection scheme meet the hardware resources required in the privacy protection requirement;

When the hardware resources occupied by the operation of the privacy protection scheme are less than or equal to the hardware resources required in the privacy protection requirement, it is determined that the privacy protection scheme passes the hardware resource evaluation in the space complexity evaluation of the privacy protection scheme;

When the hardware resources occupied by the operation of the privacy protection scheme are greater than the hardware resources in the privacy protection requirement, it is determined that the privacy protection scheme fails the hardware resource evaluation in the space complexity evaluation of the privacy protection scheme.

In another embodiment of the present invention, the method further includes:

When the privacy protection algorithm fails the evaluation, continuously modify any combination of one or more of the iterative privacy protection algorithm steps, the combination relationship between the privacy protection algorithm steps, and the parameters of the privacy protection algorithm according to the evaluation results, and continue to perform the above according to the privacy protection algorithm. The combination relationship between the steps of the protection algorithm is the step of combining the steps of the privacy protection algorithm and the parameters of the privacy protection algorithm to generate the privacy protection algorithm, and then the new privacy protection algorithm is evaluated until the new privacy protection algorithm passes the privacy protection algorithm. evaluation of.

The following uses specific examples to illustrate how to continuously modify and iterate the privacy protection algorithm, but it is not limited to the following cases. For example, the evaluation result of the privacy protection algorithm shows that the complexity evaluation of the privacy protection algorithm has not passed, but the privacy protection effect evaluation has passed. At this time, a new algorithm can be generated by simply modifying the parameters of the privacy protection algorithm and/or the combination relationship between the privacy protection steps. Privacy protection algorithm, and then evaluate the newly generated privacy protection algorithm. If the evaluation result shows that both the privacy protection effect and the complexity of the privacy protection algorithm pass the evaluation, the privacy protection algorithm design is ended;

If the evaluation result of the privacy-preserving algorithm shows that it does not pass the privacy-preserving effect evaluation, but passes the complexity evaluation of the privacy-preserving algorithm, generate a new privacy-preserving algorithm by simply modifying the parameters of the privacy-preserving algorithm and/or the combination relationship between the privacy-preserving steps. , and then evaluate the newly generated privacy protection algorithm. If the privacy protection effect evaluation result of the new privacy protection algorithm shows that it has not passed the privacy protection effect evaluation. According to the type of privacy protection algorithm and the theoretical basis of the privacy protection algorithm, select the new privacy protection algorithm steps, the combination relationship between the privacy protection algorithm steps, and the parameters of the privacy protection algorithm, and then generate a new privacy protection algorithm and evaluate it. The results show that both the privacy protection effect and the complexity of the privacy protection algorithm pass the evaluation, and the design of the privacy protection algorithm is completed;

If the evaluation result of the privacy protection algorithm shows that neither the privacy protection effect nor the complexity of the privacy protection algorithm pass the evaluation, according to the type of privacy protection algorithm and the theoretical basis of the privacy protection algorithm, select a new privacy protection algorithm step and a combination between the privacy protection algorithm steps. relationship and privacy protection algorithm parameters, and then generate a new privacy protection algorithm and evaluate it. If the evaluation results show that both the privacy protection effect and the complexity of the privacy protection algorithm pass the evaluation, the design of the privacy protection algorithm ends.

When the privacy protection algorithm has passed the evaluation and the privacy protection scheme has not passed the evaluation, modify the privacy protection algorithm combination scheme, and continue to perform the combination of the privacy protection algorithms according to the privacy protection algorithm combination scheme to generate the privacy protection scheme. step, and then evaluate the generated new privacy protection scheme until the newly generated privacy protection scheme passes the evaluation of the privacy protection scheme;

When the privacy protection algorithm has passed the evaluation, but the new privacy protection solution has not passed the evaluation after modifying the combination scheme of the privacy protection algorithm many times, the privacy protection algorithm steps, the combination relationship between the privacy protection algorithm steps, and the privacy protection algorithm can also be modified. Arbitrary combination of one or more of the parameters, continue to perform the step of combining the privacy-preserving algorithm steps and the parameters of the privacy-preserving algorithm to generate the privacy-preserving algorithm according to the combination relationship between the privacy-preserving algorithm steps, so that the privacy The indicators of the protection algorithm are more optimized, then modify the privacy protection algorithm combination scheme, and continue to perform the steps of combining the privacy protection algorithms to generate the privacy protection scheme according to the privacy protection algorithm combination scheme, so that a new privacy protection scheme is generated. The privacy protection scheme passes the evaluation of the privacy protection scheme.

Example

Step 300: Acquire private information features of the private information.

In this step, for example, when a user requests a location-based service, the user's input request is "find restaurants within one kilometer around", and semantic analysis technology is used to obtain privacy information features.

The privacy information type in the privacy information feature is text-type request privacy data, and the privacy information content includes: user identity, timestamp, location information, and query content.

Step 301: Generate a privacy protection requirement according to at least one of the scene information and the privacy information feature.

In this step, the scene information is the request service information under the location service scene.

In this step, the privacy protection effect requirement of the privacy protection scheme in the privacy protection requirements is that the query probability of each selected location unit is the same as the query probability of the user's current location.

Step 302: Determine the requirements of the privacy protection algorithm according to any combination of one or more of the scene information, privacy information features, and privacy protection requirements.

In this step, according to the scene information, privacy information characteristics, and privacy protection requirements, it is determined that the operating environment in the performance requirements of the privacy protection algorithm is a wireless mobile network, the software resources are Baidu/Google maps, and the hardware resources are mobile intelligent terminals (with positioning and navigation function).

Step 303: Determine at least one of the following according to any combination of one or more of scene information, privacy information features, privacy protection requirements, and privacy protection algorithm requirements: the type of privacy protection algorithm and the theoretical basis of the privacy protection algorithm.

In this step, it is determined that the privacy protection algorithm for the privacy information is an obfuscation-based privacy protection algorithm.

Step 304, according to any combination of one or more of the scene information, privacy information features, privacy protection requirements, privacy protection algorithm requirements, types of privacy protection algorithms, and theoretical foundations of privacy protection algorithms, provide privacy protection algorithm steps and privacy protection algorithms. Protect the combination of algorithm steps;

In this step, the selected steps are as follows:

1. Divide the map.

2. Calculate the historical query probability of each location information of the map;

3. Compare with the query probability of the user's current location information, and select the location information with the same query probability as the anonymous location information;

4. According to the anonymous location information selected in step 3, calculate the distance between each other, and select the location information whose k-1 distance from the user's location is greater than D, where D is a numerical value to limit the length of the distance;

5. Randomly select l-1 pseudo query contents as the query contents of each location information.

6. Construct request information, and send k-1 anonymous location information, l-1 pseudo query content, user's real location information and query content to the service provider.

The k-anonymity and l-diversity privacy protection algorithms use probability-based privacy protection technology, that is, the probability of location information can be obtained in two ways. The first is to set an access point and periodically collect the number of sent information at the location. , the second is through the Google Maps application programming interface (API, Application Programming Interface) can directly obtain the number of location information sent from a third party. Use any of the above methods to obtain the number of information sent in the area within a period of time, and calculate the probability of the required location information through the ratio calculation. The probability of the location loc _i in the map is calculated as follows:

Among them, M is the number of information sent to obtain a certain map, and the number of information sent at the location loc _i in the map is m _i .

Step 305: Select parameters of the privacy protection algorithm according to any combination of one or more of the scene information, privacy protection requirements, performance requirements of the privacy protection algorithm, and privacy protection algorithm steps.

In this step, the parameter matching function specifies the ranges for the parameters k and l respectively, where the value range of k in the privacy protection algorithm of k anonymity and l diversity is [5, 50], and the value range of l is [2, 20] ].

Step 306 , combine the steps of the privacy protection algorithm and the parameters of the privacy protection algorithm according to the combination relationship between the steps of the privacy protection algorithm to generate a privacy protection algorithm.

In this example, steps 301-306 are used to generate k anonymity privacy protection algorithm and l diversity privacy protection algorithm.

Step 307: Determine a combination scheme of privacy protection algorithms according to any combination of one or more of the scene information, privacy information features, privacy protection requirements, and privacy protection algorithms.

Step 308 , combine the privacy protection algorithms according to the combination scheme of the privacy protection algorithms to generate a privacy protection scheme.

In this example, the k-anonymity privacy protection algorithm and the l diversity privacy protection algorithm are combined, the k anonymity privacy protection algorithm is used to protect the user's location privacy, and the l diversity privacy protection algorithm is used to protect the privacy of the user's query content.

Step 309: Evaluate the generated privacy protection algorithm and privacy protection scheme.

In this step, evaluating the privacy protection algorithm includes: evaluating the privacy protection effect of the privacy protection algorithm and the complexity of the privacy protection algorithm.

Wherein, the privacy protection effect of the privacy protection algorithm is evaluated by using the probability that the attacker infers the privacy information before processing by the privacy protection algorithm.

In this step, evaluating the privacy protection scheme includes: evaluating the privacy protection effect of the privacy protection scheme and the complexity of the privacy protection scheme.

Wherein, the privacy protection effect of the privacy protection scheme is evaluated by using the probability that the attacker infers the private information before processing by the privacy protection scheme.

Among them, evaluating the complexity of the privacy protection scheme refers to evaluating the time complexity and space complexity of the privacy protection scheme.

Referring to FIG. 3, another embodiment of the present invention provides a privacy information protection device, including at least one of the following modules:

A privacy information feature acquisition module 301, configured to acquire privacy information features of the privacy information;

The privacy protection scheme decision module 302 is configured to determine the privacy protection scheme according to at least one of the scene information and the characteristics of the privacy information.

In another embodiment of the present invention, it also includes:

The privacy protection scheme evaluation module 303 is configured to evaluate at least one of the privacy protection scheme and the privacy protection algorithm in the privacy protection scheme.

In this embodiment of the present invention, referring to FIG. 4 , the privacy protection scheme decision module 302 includes:

a privacy protection requirement generating unit 401, configured to generate a privacy protection requirement according to at least one of scene information and privacy information features;

A privacy protection algorithm requirement generating unit 402, configured to determine the requirement of the privacy protection algorithm according to any combination of one or more of the scene information, the privacy information feature, and the privacy protection requirement;

The privacy protection algorithm type or theoretical basis determining unit 403 is configured to determine at least one of the following according to any combination of one or more of scene information, privacy information features, privacy protection requirements, and privacy protection algorithm requirements: type of privacy protection algorithm and the theoretical basis of privacy-preserving algorithms;

The combining unit 404 between the steps of the privacy protection algorithm is used to arbitrarily select one or more of the scene information, privacy information characteristics, privacy protection requirements, requirements of the privacy protection algorithm, types of the privacy protection algorithm, and theoretical basis of the privacy protection algorithm. The combination gives the privacy protection algorithm steps and the combination relationship between the privacy protection algorithm steps;

The parameter design unit 405 is used to select the parameters of the privacy protection algorithm according to any combination of one or more of the scene information, privacy protection requirements, privacy protection algorithm requirements, and privacy protection algorithm steps;

A combining unit 406 between the privacy protection algorithm and the privacy protection algorithm is used to combine the privacy protection algorithm steps and the parameters of the privacy protection algorithm to generate the privacy protection algorithm according to the combination relationship between the privacy protection algorithm steps;

Determine the combination scheme of the privacy protection algorithm according to any combination of one or more of the scene information, privacy information features, privacy protection requirements, and privacy protection algorithms;

The privacy protection scheme generating unit 407 is configured to combine the privacy protection algorithms according to the combination scheme of the privacy protection algorithms to generate a privacy protection scheme.

The specific implementation process of each module or unit in the above-mentioned privacy information protection device is the same as the specific implementation process of the privacy information protection method in the foregoing embodiment, and will not be repeated here.

Another embodiment of the present invention provides an apparatus for protecting privacy information, including a processor and a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed by the processor, the Any of the above privacy information protection methods.

Another embodiment of the present invention provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, implements the steps of any of the above methods for protecting privacy information.

Another embodiment of the present invention provides a privacy information protection system, including:

A privacy information feature acquisition module 301, configured to acquire privacy information features of the privacy information;

a privacy protection scheme decision module 302, configured to determine a privacy protection scheme according to at least one of the scene information and the characteristics of the privacy information;

Wherein, the privacy information feature acquisition module 301 and the privacy protection scheme decision module 302 are set in different devices.

In another embodiment of the present invention, it also includes:

a privacy protection scheme evaluation module 303, configured to evaluate the privacy protection scheme;

Among them, at least two modules among the privacy protection scheme evaluation module 303 , the privacy information feature acquisition module 301 and the privacy protection scheme decision module 302 are set in different devices.

In this embodiment of the present invention, referring to FIG. 4 , the privacy protection scheme decision module 302 includes:

a privacy protection requirement generating unit 401, configured to generate a privacy protection requirement according to at least one of scene information and privacy information features;

A privacy protection algorithm requirement generating unit 402, configured to determine the requirement of the privacy protection algorithm according to any combination of one or more of the scene information, the privacy information feature, and the privacy protection requirement;

The privacy protection algorithm type or theoretical basis determining unit 403 is configured to determine at least one of the following according to any combination of one or more of scene information, privacy information features, privacy protection requirements, and privacy protection algorithm requirements: type of privacy protection algorithm and the theoretical basis of privacy-preserving algorithms;

The combining unit 404 between the steps of the privacy protection algorithm is used to arbitrarily select one or more of the scene information, privacy information characteristics, privacy protection requirements, requirements of the privacy protection algorithm, types of the privacy protection algorithm, and theoretical basis of the privacy protection algorithm. The combination gives the privacy protection algorithm steps and the combination relationship between the privacy protection algorithm steps;

The parameter design unit 405 is used to select the parameters of the privacy protection algorithm according to any combination of one or more of the scene information, privacy protection requirements, privacy protection algorithm requirements, and privacy protection algorithm steps;

A combining unit 406 between the privacy protection algorithm and the privacy protection algorithm is used to combine the privacy protection algorithm steps and the parameters of the privacy protection algorithm to generate the privacy protection algorithm according to the combination relationship between the privacy protection algorithm steps;

Determine the combination scheme of the privacy protection algorithm according to any combination of one or more of the scene information, privacy information features, privacy protection requirements, and privacy protection algorithms;

a privacy protection scheme generating unit 407, configured to combine the privacy protection algorithms according to the combination scheme of the privacy protection algorithms to generate a privacy protection scheme;

Wherein, the above at least two units are arranged in different devices.

The specific implementation process of each module or unit in the above-mentioned privacy information protection system is the same as the specific implementation process of the privacy information protection method in the foregoing embodiment, and will not be repeated here.

Those of ordinary skill in the art can understand that all or some of the steps in the methods disclosed above, functional modules/units in the systems, and devices can be implemented as software, firmware, hardware, and appropriate combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be composed of several physical components Components execute cooperatively. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer-readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). As known to those of ordinary skill in the art, the term computer storage media includes both volatile and nonvolatile implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules or other data flexible, removable and non-removable media. Computer storage media include, but are not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cartridges, magnetic tape, magnetic disk storage or other magnetic storage devices, or may Any other medium used to store desired information and which can be accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism, and can include any information delivery media, as is well known to those of ordinary skill in the art .

Although the implementation manners disclosed in the embodiments of the present invention are as above, the content described is only an implementation manner adopted to facilitate understanding of the embodiments of the present invention, and is not intended to limit the embodiments of the present invention. Any person skilled in the art to which the embodiments of the present invention belong, without departing from the spirit and scope disclosed by the embodiments of the present invention, can make any modifications and changes in the form and details of the implementation. The scope of patent protection is still subject to the scope defined by the appended claims.

Claims (28)

1. A privacy information protection method, comprising: Obtain private information characteristics of private information; Determine a privacy protection scheme according to at least one of scene information and privacy information features; Evaluate at least one of the privacy protection scheme and the privacy protection algorithm in the privacy protection scheme; Wherein, evaluating the privacy protection scheme includes at least one of the following: Evaluate the privacy protection effect of the privacy protection scheme; Evaluate the complexity of the privacy protection scheme; Evaluating the privacy protection algorithm in the privacy protection scheme includes at least one of the following: Evaluate the privacy protection effect of the privacy protection algorithm in the privacy protection scheme; Evaluate the complexity of privacy-preserving algorithms in privacy-preserving schemes. 2. The method for protecting privacy information according to claim 1, wherein the evaluating the privacy protection effect of the privacy protection algorithm in the privacy protection scheme comprises: Calculate the privacy protection effect value of the privacy protection algorithm; When the privacy protection effect value of the privacy protection algorithm is greater than or equal to the expected value of the privacy protection effect in the requirements of the privacy protection algorithm, it is judged that the privacy protection algorithm passes the privacy protection effect evaluation of the privacy protection algorithm; When the privacy protection effect value of the privacy protection algorithm is less than the privacy protection effect expectation value in the requirements of the privacy protection algorithm, it is determined that the privacy protection algorithm has not passed the privacy protection effect evaluation of the privacy protection algorithm. 3. The privacy information protection method according to claim 2, wherein the privacy protection effect value of the privacy protection algorithm comprises any combination of one or more of the following: The amount of deviation between the private information processed by using the privacy protection algorithm and the private information before processing, the loss ratio between the private information processed by using the privacy protection algorithm and the private information before processing, the attacker's guess The probability of private information before being processed by the privacy-preserving algorithm. 4. The privacy information protection method according to claim 1, wherein the complexity of the privacy protection algorithm comprises any combination of one or more of the following: time complexity, space complexity; The evaluation of the complexity of the privacy protection algorithm in the privacy protection scheme includes any combination of one or more of the following: Evaluate the time complexity of the privacy protection algorithm; Evaluate the space complexity of the privacy-preserving algorithm. 5. The privacy information protection method according to claim 4, wherein the evaluating the time complexity of the privacy protection algorithm comprises: Determine whether the running speed of the privacy protection algorithm meets the minimum running speed in the requirements of the privacy protection algorithm; When the running speed of the privacy protection algorithm is greater than or equal to the minimum running speed in the requirements of the privacy protection algorithm, it is determined that the privacy protection algorithm passes the time complexity evaluation of the privacy protection algorithm; When the running speed of the privacy-preserving algorithm is less than the minimum running speed in the requirements of the privacy-preserving algorithm, it is determined that the privacy-preserving algorithm has not passed the time complexity evaluation of the privacy-preserving algorithm. 6. The privacy information protection method according to claim 4, wherein the evaluation of the space complexity of the privacy protection algorithm comprises any combination of one or more of the following: Determine whether the software resources occupied by the operation of the privacy protection algorithm meet the required software resources in the requirements of the privacy protection algorithm; When the software resources occupied by the operation of the privacy protection algorithm are less than or equal to the required software resources in the requirements of the privacy protection algorithm, it is determined that the privacy protection algorithm passes the software resource evaluation in the space complexity evaluation of the privacy protection algorithm; When the software resources occupied by the operation of the privacy protection algorithm are greater than the required software resources in the requirements of the privacy protection algorithm, it is determined that the privacy protection algorithm does not pass the software resources in the space complexity evaluation of the privacy protection algorithm Evaluate; Determine whether the hardware resources occupied by the operation of the privacy protection algorithm meet the hardware resources required in the requirements of the privacy protection algorithm; When the hardware resources occupied by the operation of the privacy protection algorithm are less than or equal to the required hardware resources in the requirements of the privacy protection algorithm, it is determined that the privacy protection algorithm passes the hardware resources in the space complexity evaluation of the privacy protection algorithm Evaluate; When the hardware resources occupied by the operation of the privacy protection algorithm are greater than the hardware resources required by the privacy protection algorithm, it is determined that the privacy protection algorithm has not passed the hardware resource evaluation in the space complexity evaluation of the privacy protection algorithm. 7. The method for protecting privacy information according to claim 1, wherein the evaluating the privacy protection effect of the privacy protection scheme comprises: calculating the privacy protection effect value of the privacy protection scheme; When the privacy protection effect value of the privacy protection scheme is greater than or equal to the expected value of the privacy protection effect in the privacy protection requirement, it is determined that the privacy protection scheme passes the privacy protection effect evaluation of the privacy protection scheme; When the privacy protection effect value of the privacy protection scheme is smaller than the privacy protection effect expectation value in the privacy protection requirement, it is determined that the privacy protection scheme has not passed the privacy protection effect evaluation of the privacy protection scheme. 8. The privacy information protection method according to claim 7, wherein the privacy protection effect value of the privacy protection scheme comprises any combination of one or more of the following: The amount of deviation between the private information processed by the privacy protection scheme and the private information before processing, the loss ratio between the private information processed by the privacy protection scheme and the private information before processing, the attacker's guess The privacy protection scheme deals with the probability of private information before processing. 9. The privacy information protection method according to claim 1, wherein the complexity of the privacy protection scheme comprises any combination of one or more of the following: time complexity and space complexity; The evaluation of the complexity of the privacy protection scheme includes any combination of one or more of the following: Evaluate the time complexity of the privacy protection scheme; The space complexity of the privacy protection scheme is evaluated. 10. The privacy information protection method according to claim 9, wherein the evaluating the time complexity of the privacy protection scheme comprises: Determine whether the operating speed of the privacy protection scheme meets the minimum operating speed in the privacy protection requirements; When the running speed of the privacy protection scheme is greater than or equal to the minimum running speed in the privacy protection requirement, it is judged that the privacy protection scheme passes the time complexity evaluation of the privacy protection scheme; When the running speed of the privacy protection scheme is less than the minimum running speed in the privacy protection requirement, it is determined that the privacy protection scheme has not passed the time complexity evaluation of the privacy protection scheme. 11. The privacy information protection method according to claim 9, wherein the evaluation of the space complexity of the privacy protection scheme comprises any combination of one or more of the following: Determine whether the software resources occupied by the operation of the privacy protection scheme meet the required software resources in the privacy protection requirements; When the software resources occupied by the operation of the privacy protection scheme are less than or equal to the required software resources in the privacy protection requirements, it is determined that the privacy protection scheme passes the software resource evaluation in the space complexity evaluation of the privacy protection scheme; When the software resources occupied by the operation of the privacy protection scheme are greater than the required software resources in the privacy protection requirements, it is determined that the privacy protection scheme has not passed the software resource evaluation in the space complexity evaluation of the privacy protection scheme; Determine whether the hardware resources occupied by the operation of the privacy protection scheme meet the hardware resources required in the privacy protection requirement; When the hardware resources occupied by the operation of the privacy protection scheme are less than or equal to the hardware resources required in the privacy protection requirement, it is determined that the privacy protection scheme passes the hardware resource evaluation in the space complexity evaluation of the privacy protection scheme; When the hardware resources occupied by the operation of the privacy protection scheme are greater than the hardware resources in the privacy protection requirement, it is determined that the privacy protection scheme fails the hardware resource evaluation in the space complexity evaluation of the privacy protection scheme. 12. The privacy information protection method according to claim 1, wherein the determining the privacy protection scheme according to at least one of the scene information and the privacy information feature comprises any combination of one or more of the following steps: Generate privacy protection requirements according to at least one of scene information and privacy information features; Determine the requirements of the privacy protection algorithm according to any combination of one or more of scene information, privacy information characteristics, and privacy protection requirements; Determine at least one of the following according to any combination of one or more of scene information, privacy information features, privacy protection requirements, and privacy protection algorithm requirements: the type of privacy protection algorithm and the theoretical basis of the privacy protection algorithm; According to any combination of one or more of scene information, privacy information characteristics, privacy protection requirements, privacy protection algorithm requirements, types of privacy protection algorithms, and theoretical foundations of privacy protection algorithms, privacy protection algorithm steps and privacy protection algorithm steps are given. Combination relationship between; Select the parameters of the privacy protection algorithm according to any combination of one or more of the scene information, privacy protection requirements, privacy protection algorithm requirements, and privacy protection algorithm steps; According to the combination relationship between the steps of the privacy protection algorithm, the privacy protection algorithm steps and the parameters of the privacy protection algorithm are combined to generate the privacy protection algorithm; Determine the combination scheme of the privacy protection algorithm according to any combination of one or more of the scene information, privacy information features, privacy protection requirements, and privacy protection algorithms; The privacy protection algorithm is combined according to the combination solution of the privacy protection algorithm to generate a privacy protection solution. 13. The method for protecting privacy information according to claim 12, further comprising: Evaluate at least one of the privacy protection scheme and the privacy protection algorithm in the privacy protection scheme, and perform at least one of the following: When the privacy-preserving algorithm fails the evaluation, modify any combination of one or more of the privacy-preserving algorithm steps, the combination relationship between the privacy-preserving algorithm steps, and the parameters of the privacy-preserving algorithm according to the evaluation result, and continue to execute the privacy-preserving algorithm. The combination relationship between the protection algorithm steps is a step of combining the privacy protection algorithm steps and the parameters of the privacy protection algorithm to generate the privacy protection algorithm; When the privacy protection algorithm has passed the evaluation and the privacy protection scheme has not passed the evaluation, modify the privacy protection algorithm combination scheme, and continue to perform the combination of the privacy protection algorithms according to the privacy protection algorithm combination scheme Steps to generate a privacy protection scheme; When the privacy protection algorithm has passed the evaluation, but the new privacy protection solution fails to pass the evaluation after modifying the combination scheme of the privacy protection algorithm many times, modify the privacy protection algorithm steps, the combination relationship between the privacy protection algorithm steps, and the parameters of the privacy protection algorithm. Arbitrary combination of one or more of the above, continue to perform the described step of combining the privacy-preserving algorithm steps and the parameters of the privacy-preserving algorithm to generate a privacy-preserving algorithm according to the combination relationship between the privacy-preserving algorithm steps, and then modify the described privacy-preserving algorithm steps. For the privacy protection algorithm combination scheme, continue to perform the step of combining the privacy protection algorithms according to the privacy protection algorithm combination scheme to generate the privacy protection scheme. 14. The privacy information protection method according to claim 12 or 13, wherein the privacy protection requirement comprises any combination of one or more of the following: The expected value of the privacy protection effect of the privacy protection scheme, the performance requirements of the privacy protection scheme, the privacy operation, the constraints, the corresponding relationship between the privacy operation and the constraints; Among them, the constraints are used to describe the conditions that need to be met for privacy operations, including: operating entity attributes, operating environment; The operating environment includes: time, spatial location, network, and equipment. 15. The privacy information protection method according to claim 14, wherein the performance requirements of the privacy protection scheme are not limited to any combination comprising one or more of the following: Operating environment, minimum operating speed, required software resources, required hardware resources. 16. The privacy information protection method according to claim 12 or 13, wherein the requirements of the privacy protection algorithm include at least one of the following: privacy protection effect expectation value and performance requirements of the privacy protection algorithm; The performance requirements of the privacy protection algorithm are not limited to include any combination of one or more of the following: Operating environment, minimum operating speed, required software resources, required hardware resources. 17. The privacy information protection method according to claim 12 or 13, wherein the type of the privacy protection algorithm comprises any combination of one or more of the following: Cryptography-based privacy protection algorithm, scrambling-based privacy protection algorithm, obfuscation-based privacy protection algorithm, generalization-based privacy protection algorithm, and access control-based privacy protection algorithm. 18. The privacy information protection method according to claim 12 or 13, wherein the theoretical basis of the privacy protection algorithm comprises any combination of one or more of the following: Cryptography-based privacy protection technology, probability-based privacy protection technology, and game-based privacy protection technology. 19. The privacy information protection method according to claim 12 or 13, wherein the privacy protection algorithm step comprises any combination of one or more of the following: S change, P replacement, key expansion, initialization, setting memory, linear feedback shift register, nonlinear feedback shift register, determining the disturbance granularity, adding noise, setting information weight, filtering the obfuscated information that meets the conditions, selecting obfuscation information, combined with real information to form request information, determine fuzzy granularity, set fuzzy scope, and construct request information. 20. The privacy information protection method according to claim 12 or 13, wherein the parameters of the privacy protection algorithm comprise any combination of one or more of the following: Key length, anonymous set size, privacy budget, sensitivity, offset, block length, number of encryption rounds, S-box, polynomial parameters, MDS code, P permutation table. 21. The privacy information protection method according to claim 1, wherein the privacy information feature comprises any combination of one or more of the following: Types of privacy information, content of privacy information, data value range, data distribution characteristics, sensitivity of privacy information, executable privacy operations, expected value of privacy operation times, and social experience value of privacy operation results. 22. The method for protecting privacy information according to claim 21, wherein the sensitivity of the privacy information is a value used to measure the sensitivity of the information, and is determined by one or more arbitrary values in probability, mathematical expectation, and mathematical variance. Combination calculation is obtained. 23. The privacy information protection method according to claim 21, wherein the executable privacy operation comprises any combination of one or more of the following: Read, write, encrypt, obfuscate, generalize, add noise, anonymize, sign, verify, calculate digest, encrypt, save, copy, paste, forward, cut, modify, delete. 24. The privacy information protection method according to claim 1, wherein the scene information comprises any combination of one or more of the following: Time, space location, device, device performance, interaction object, interaction approach, request type, service type. 25. A privacy information protection device, comprising: The private information feature acquisition module is used to obtain the private information features of the private information; a privacy protection scheme decision module, configured to determine a privacy protection scheme according to at least one of the scene information and the characteristics of the privacy information; a privacy protection scheme evaluation module, configured to evaluate at least one of the privacy protection scheme and the privacy protection algorithm in the privacy protection scheme; Wherein, evaluating the privacy protection scheme includes at least one of the following: Evaluate the privacy protection effect of the privacy protection scheme; Evaluate the complexity of the privacy protection scheme; Evaluating the privacy protection algorithm in the privacy protection scheme includes at least one of the following: Evaluate the privacy protection effect of the privacy protection algorithm in the privacy protection scheme; Evaluate the complexity of privacy-preserving algorithms in privacy-preserving schemes. 26. An apparatus for protecting privacy information, comprising a processor and a computer-readable storage medium, wherein instructions are stored in the computer-readable storage medium, wherein when the instructions are executed by the processor, the rights The privacy information protection method described in any one of requirements 1-24. 27. A computer-readable storage medium on which a computer program is stored, wherein when the computer program is executed by a processor, the steps of the method for protecting private information according to any one of claims 1-24 are implemented. 28. A privacy information protection system, comprising: The private information feature acquisition module is used to obtain the private information features of the private information; a privacy protection scheme decision module, configured to determine a privacy protection scheme according to at least one of the scene information and the characteristics of the privacy information; a privacy protection scheme evaluation module, configured to evaluate at least one of the privacy protection scheme and the privacy protection algorithm in the privacy protection scheme; Wherein, at least two modules in the privacy protection scheme evaluation module, the privacy information feature acquisition module and the privacy protection scheme decision module are set in different devices; Evaluating the privacy protection scheme includes at least one of the following: Evaluate the privacy protection effect of the privacy protection scheme; Evaluate the complexity of the privacy protection scheme; Evaluating the privacy protection algorithm in the privacy protection scheme includes at least one of the following: Evaluate the privacy protection effect of the privacy protection algorithm in the privacy protection scheme; Evaluate the complexity of privacy-preserving algorithms in privacy-preserving schemes.

Images