CN111274598B - Privacy protection method and device - Google Patents
Privacy protection method and device Download PDFInfo
- Publication number
- CN111274598B CN111274598B CN202010076979.6A CN202010076979A CN111274598B CN 111274598 B CN111274598 B CN 111274598B CN 202010076979 A CN202010076979 A CN 202010076979A CN 111274598 B CN111274598 B CN 111274598B
- Authority
- CN
- China
- Prior art keywords
- user
- privacy
- target application
- setting
- setting item
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 63
- 230000004044 response Effects 0.000 claims abstract description 10
- 238000012937 correction Methods 0.000 claims description 18
- 238000003860 storage Methods 0.000 claims description 10
- 238000013475 authorization Methods 0.000 description 9
- 230000006399 behavior Effects 0.000 description 9
- 238000012545 processing Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 7
- 238000012986 modification Methods 0.000 description 7
- 230000004048 modification Effects 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 230000008901 benefit Effects 0.000 description 4
- 230000000007 visual effect Effects 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 210000000887 face Anatomy 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 210000000554 iris Anatomy 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000004091 panning Methods 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000005406 washing Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The embodiment of the invention provides a privacy protection method and equipment. The method comprises the following steps: generating a privacy interest setting interface of the target application, wherein at least one interest setting item is displayed on the privacy interest setting interface, and each interest setting item is used for setting one interest owned by the privacy data of the user in the target application by the user; and in response to the setting operation of the user on the privacy interest setting interface of the target application, determining the privacy wish list of the user, wherein the privacy wish list of the user represents the use wish of the user on the privacy data of the user in the target application. The management capability of the user on the private data is given through the visualized rights and interests setting, so that the private data of the user can be used according to the real use intention of the user.
Description
Technical Field
The invention relates to the technical field of data processing, in particular to a privacy protection method and equipment.
Background
In order to provide more personalized services or to perform more precise marketing, there is an action of collecting and using user privacy data in various Applications (APPs) installed in the terminal device or in a website running on the WEB side. The user privacy data includes identity data, attribute data, behavior data, relationship data, and the like. The identity data is most private and comprises social identity data and biological characteristic data, wherein the social identity data comprises names, identity card numbers, mobile phone numbers, family addresses, bank card numbers and the like, and the biological characteristic data comprises fingerprints, faces, irises and the like; the attribute data mainly comprises age, height, weight, academic calendar and the like; the behavior data comprises internet surfing behavior, position information, treasure washing records and the like; the relationship data includes family composition, circle of friends, relationship network, and the like.
The use of the user privacy data is a double-edged sword, which provides convenience for users on one hand, and on the other hand, the invasion on the user privacy caused by data leakage, illegal data transfer and the like becomes a serious social problem. With the continuous improvement of laws and regulations and the continuous enhancement of the attention degree of users to private data, the protection of the private data of the users is imperative. In order to legally collect and use user privacy data, APPs, websites, and the like typically obtain user authorization through user agreements. The user agreement may also be referred to as: service agreements, privacy policies, usage agreements, privacy agreements, etc. are text-wise advising users of rights and obligations and making disclaimers when they first use or register. Although the form of the user agreement satisfies the notification obligation of the user, the lengthy text and professional legal terms are not convenient for the user to read, and the user can use the agreement only after selecting the agreement, so that the agreement is mandatory, and the real intention of the user cannot be expressed.
Disclosure of Invention
The embodiment of the invention provides a privacy protection method and privacy protection equipment, which are used for solving the problem that the real intention of a user cannot be reflected in the conventional mode of obtaining user authorization through a user protocol.
In a first aspect, an embodiment of the present invention provides a privacy protection method, including:
generating a privacy interest setting interface of the target application, wherein at least one interest setting item is displayed on the privacy interest setting interface, and each interest setting item is used for setting one interest owned by the privacy data of the user in the target application by the user;
and in response to the setting operation of the user on the privacy interest setting interface of the target application, determining the privacy wish list of the user, wherein the privacy wish list of the user represents the use wish of the user on the privacy data of the user in the target application, and the privacy data of the user at least comprises the registration data of the user in the target application.
In one embodiment, the rights setting item comprises a rights name and a corresponding switch item; and responding to the operation of the user on the switch item in the right and interest setting item, and opening or closing the right and interest corresponding to the right and interest name in the right and interest setting item.
In one embodiment, the rights settings include one or more of: an informed right setting item, an access right setting item, a forgetting right setting item, a portable right setting item, a refusal right setting item and a correction right setting item;
the right-to-know setting item is used for setting the right-to-know by the user; when the right of awareness is opened, the target application needs to inform the user at least in a way of informing the user when collecting the private data of the user;
the access right setting item is used for setting the access right by the user; when the access right is opened, the target application needs to provide an interface for the user to access the private data;
the forgetting right setting item is used for setting the forgetting right by the user; when the forgetting right is opened, the target application needs to provide an interface for the user to delete the private data;
the portable right setting item is used for setting the portable right by the user; when the portability right is opened, the target application needs to provide an interface for the user to download private data of the user;
the refusal right setting item is used for the user to set the refusal right; when the refusal right is opened, the target application is refused to use the private data of the user;
the correction right setting item is used for setting the correction right by the user; when the correction right is turned on, the target application needs to provide an interface for the user to correct his private data.
In one embodiment, the method further comprises:
calculating a first hash value according to the privacy willingness table of the user and the registration data of the user;
storing the privacy wish list of the user and the first hash value in a blockchain.
In one embodiment, the method further comprises:
storing a usage record of the private data of the user by the target application in the blockchain.
In one embodiment, the method further comprises:
responding to the updating operation of the user on the privacy interest setting interface of the target application, and updating the privacy wish list of the user;
calculating a second hash value according to the updated privacy willingness table and the registration data of the user;
and storing the updated privacy willingness table and the second hash value in the block chain.
In a second aspect, an embodiment of the present invention provides a privacy protection method, including:
generating a privacy interest configuration interface, wherein a plurality of privacy interest items are displayed on the privacy interest configuration interface;
and configuring the rights setting items supported by the target application in response to the operation of the privacy rights configuration interface by the user.
In one embodiment, a style setting item is further displayed in the privacy interest configuration interface, and the style setting item is used for setting the style of the privacy interest setting interface of the target application, and the method further includes:
and setting the style of the privacy interest setting interface of the target application in response to the operation of the style setting item by the user.
In a third aspect, an embodiment of the present invention provides an electronic device, including:
at least one processor and memory;
the memory stores computer-executable instructions;
the at least one processor executes computer-executable instructions stored by the memory to cause the at least one processor to perform the privacy protecting method as recited in any one of the above.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, in which computer-executable instructions are stored, and when executed by a processor, the computer-executable instructions are used to implement the privacy protection method according to any one of the above items.
According to the privacy protection method and the privacy protection device provided by the embodiment of the invention, the privacy interest setting set of the target application is obtained, the privacy intention table of the user is determined according to the setting operation of the user on the privacy interest setting set of the target application, and the management capability of the user on the privacy data is given to the user through the interest setting, so that the user can use the privacy data of the user according to the real use intention of the user.
Drawings
Fig. 1 is a flowchart of a privacy protection method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a privacy rights setting interface provided by an embodiment of the invention;
FIG. 3 is a schematic diagram of a privacy rights setting interface according to another embodiment of the invention;
fig. 4 is a schematic diagram of an informed right notification mode setting interface according to an embodiment of the present invention;
fig. 5 is a flowchart of a privacy protecting method according to another embodiment of the present invention;
fig. 6 is a flowchart of a privacy protecting method according to another embodiment of the present invention;
fig. 7 is a flowchart of a privacy protecting method according to another embodiment of the present invention;
FIG. 8 is a schematic diagram of a privacy rights configuration interface provided by an embodiment of the invention;
fig. 9 is a signaling flow diagram of a privacy protecting method according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of an electronic device according to an embodiment of the invention.
Detailed Description
The present invention will be described in further detail with reference to the following detailed description and accompanying drawings. Wherein like elements in different embodiments are numbered with like associated elements. In the following description, numerous details are set forth in order to provide a better understanding of the present application. However, those skilled in the art will readily recognize that some of the features may be omitted or replaced with other elements, materials, methods in different instances. In some instances, certain operations related to the present application have not been shown or described in detail in order to avoid obscuring the core of the present application from excessive description, and it is not necessary for those skilled in the art to describe these operations in detail, so that they may be fully understood from the description in the specification and the general knowledge in the art.
Furthermore, the features, operations, or characteristics described in the specification may be combined in any suitable manner to form various embodiments. Also, the various steps or actions in the method descriptions may be transposed or transposed in order, as will be apparent to one of ordinary skill in the art. Thus, the various sequences in the specification and drawings are for the purpose of describing certain embodiments only and are not intended to imply a required sequence unless otherwise indicated where such sequence must be followed.
The numbering of the components as such, e.g., "first", "second", etc., is used herein only to distinguish the objects as described, and does not have any sequential or technical meaning. The term "connected" and "coupled" when used in this application, unless otherwise indicated, includes both direct and indirect connections (couplings).
The target application related in the embodiment of the invention can be various APPs running in the terminal equipment, such as WeChat, QQ, Baidu network disk and the like running in a computer or a smart phone; or various websites running on the WEB end, such as WEB portals of Baidu, Saifu, Xinlang, and the like. That is, the target application involved in the embodiment of the present invention may be understood as any application involving user private data. The privacy protection method provided by the embodiment of the invention can be executed by the terminal equipment or the server, and the server can be a background server of the target application or a third-party server specially used for providing privacy protection service.
Fig. 1 is a flowchart of a privacy protection method according to an embodiment of the present invention. As shown in fig. 1, the privacy protection method provided in this embodiment may include:
s101, generating a privacy interest setting interface of the target application, wherein at least one interest setting item is displayed on the privacy interest setting interface, and each interest setting item is used for setting one interest owned by the privacy data of the user in the target application.
The privacy rights setting item of the target application in the embodiment is determined based on the block chain intelligent contract according to laws, regulations, industry standards and the business of the target application. With the increasing enhancement of the awareness of people's privacy Protection, the laws and regulations of privacy Protection in various countries are also perfected, for example, the network security laws of the people's republic of China are issued in China, and the General Data Protection regulations (GDPR for short) are issued in the European Union. And when the privacy interest setting item of the target application is determined, the related laws and regulations are followed, so that the privacy protection image of an enterprise can be improved on one hand, and the risk of violation of the enterprise privacy can be reduced on the other hand. Different applications relate to different services, and the requirements for private data collection and use are different, so that the privacy rights setting item determined according to the service of the target application can be matched with the target application. Smart contracts are computer protocols that aim to propagate, validate or execute contracts in an informational manner, allowing trusted transactions to be conducted without third parties. Intelligent contracts running in a blockchain are traceable and irreversible, not only being safer than traditional contracts, but also being less costly.
Existing user protocols ("privacy policies") inform users of rights and obligations through lengthy text, are inconvenient for users to read, and have an unfriendly user interface; and the user can only passively accept, can not set according to individual will, and user experience is poor. The embodiment converts a lengthy user protocol (privacy policy) into a right which the user owns in the target application, and can set the right through the right setting item, so that the user interface is more friendly, and the user experience is improved.
In an alternative embodiment, the rights setting item includes a rights name and a corresponding switch item; and responding to the operation of the user on the switch item in the right and interest setting item, and opening or closing the right and interest corresponding to the right and interest name in the right and interest setting item. The switch item is used for opening or closing the right corresponding to the right setting item, and the switch item can be realized by adopting a slide switch, a check switch or a single-selection switch and the like. If only one right setting item exists, or two mutually exclusive right setting items exist, or the privacy right setting interface comprises a plurality of label pages, and each label page only comprises one right setting item, a single-selection switch can be adopted; if the privacy interest setting interface comprises a plurality of interest setting items (for example, the plurality of interest setting items are shown in a list form), a check switch or a slide switch can be adopted. The user's operation on the switch item in the rights setting item may be click, slide, double click, and the like. And converting the corresponding rights and interests from the opening state to the closing state or from the closing state to the opening state through the operation of the switch item.
In an optional implementation manner, one or more of the following rights setting items can be displayed in the privacy rights setting interface: an informed right setting item, an access right setting item, a forgetting right setting item, a portable right setting item, a refusal right setting item and a correction right setting item. It should be noted that, with the continuous improvement of the legal regulations, the privacy interest setting set of the target application may further include more interest setting items as required.
The informed right setting item is used for setting the informed right for the user. The informed rights are used to indicate that the user enjoys the informed rights when the target application collects the user's private data. When the right to know is turned on, the target application needs to inform the user at least in one way when collecting the private data of the user. When a plurality of ways of informing the user are provided, the informing way may be set by the user. Referring to fig. 4, when the user turns on the right of awareness, the notification manner may be set by means of a check box through the right of awareness notification manner setting interface as shown in fig. 4. The notification modes include, but are not limited to, the in-station messages, the short messages, the mails shown in fig. 4, and the unwanted notifications, the viewing by the user is needed, and the notifications can be voice, WeChat, and the like; the setting mode is not limited to the check, and may be a single check.
The access right setting item is used for setting the access right by the user. The access rights are used to indicate that the user has the right to access the user's private data in the target application. When access is opened, the target application needs to provide an interface for the user to access his private data. For example, a menu for viewing the private data may be set in the target application, and the user may access the private data of the user in the target application through the menu.
The forgetting right setting item is used for setting the forgetting right by the user. Forget rights are used to indicate that a user has the right to require the target application to delete the user's private data. When the forget right is opened, the target application needs to provide an interface for the user to delete his private data. The target application can receive a deletion request of the user for deleting the private data and send the request to a background server of the target application, so that the background server responds to the deletion request of the user and deletes the private data of the user in the target application.
The portability right setting item is used for the user to set the portability right. Portability rights are used to indicate that a user has the right to download private data of the user in a target application. When portability rights are turned on, the target application needs to provide an interface for the user to download his private data. Through the interface, the user can download the private data of the user in the target application to a removable storage medium, such as a U disk, a mobile hard disk and an internal storage space of an intelligent terminal, and carry the private data with the user.
The refusal right setting item is used for the user to set the refusal right. The denial right is used to indicate that the user has the right to deny the target application use of the user's private data. When the denial right is turned on, it indicates that the target application is denied use of the user's private data. After the target application collects the private data of the user, the collected private data is used according to the business requirement of the target application. Taking panning application as an example, the application can analyze the purchase demand of the user according to the browsing and searching records of the user, and carry out accurate marketing to the user, and the right of refusing is given to the user.
The correction right setting item is used for setting the correction right by the user. The correction rights are used to indicate that the user has the right to require the target application to correct the user's private data. When the correction right is turned on, the target application needs to provide an interface for the user to correct his private data. When the user finds that personal data in the target application is inaccurate, the user can request the target application to correct in time through the interface.
When the user uses the target application for the first time or registers in the target application for the first time, the user can be informed of the rights and interests that the user has for the private data in the target application through a privacy rights setting interface as shown in fig. 2. The user has an informed right, an access right, a forgetting right, a portability right, a denial right and a correction right to the private data in the target application as shown in fig. 2. The prompt is carried out through a visual interface, and the redundant privacy terms are replaced through the user rights and interests, so that good user experience can be brought.
It should be noted that, before receiving the setting operation of the user, the target application does not include any use intention of the user, and it is consistent for all users. As shown in FIG. 2, in this application, the target application opens ownership rights to all users by default. In the interface shown in fig. 2, the setting operation of the user is received through the "agree" button and the "view/modify my interests setting" button, and the user's will of use is acquired.
When the user uses the target application for the first time, or after the user registers in the target application for the first time, the user can be informed of the rights and interests of the private data in the target application through the privacy rights setting interface shown in fig. 3, and the setting operation of the user is received through the slide switch item shown in fig. 3, so that the use will of the user is acquired.
S102, responding to the setting operation of the user on the privacy interest setting interface of the target application, determining a privacy wish list of the user, wherein the privacy wish list of the user represents the use wish of the user on the privacy data of the user in the target application, and the privacy data of the user at least comprises the registration data of the user in the target application.
The embodiment does not limit the specific expression form of the privacy wish list of the user, and for example, the specific expression form may be represented by a relational database.
The privacy data of the user in this embodiment at least includes registration data of the user in the target application. After the user is registered, behavior data is generated in the process of using the target application, and then the privacy data of the user can also comprise the behavior data of the user in the target application. The behavior data may be, for example, browsing records, purchase records, search records, subscription records, etc. of the user in the target application. The private data of the user may also include data uploaded by the user to the target application, and in the case of a hundred-degree network disk, the private data of the user may also include personal data stored in the hundred-degree network disk by the user.
Setting operation of the user in the privacy interest setting interface of the target application reflects the use willingness of the user on the privacy data of the user in the target application. Taking the interface shown in fig. 2 as an example, if the user clicks an "agree" button in the interface, it indicates that the user agrees to open all rights and interests, so that the use will of the user is embodied, and a privacy will list of the user can be generated accordingly; if the user clicks the "view/modify my equity settings" button in the interface, he may enter the equity settings interface as shown in FIG. 3.
Taking the interface shown in fig. 3 as an example, the user can turn on or off the corresponding rights item by dragging/sliding the "on/off" button. Only access rights and portability rights are opened in the user's privacy wish list generated according to fig. 3. If the right to know is turned on in fig. 3, a notification mode setting interface as shown in fig. 4 may pop up.
In the privacy protection method provided by the embodiment, by generating a privacy interest setting interface of a target application, at least one interest setting item is displayed on the privacy interest setting interface, and each interest setting item is used for setting an interest owned by private data of a user in the target application by the user; the method comprises the steps of responding to setting operation of a user on a privacy interest setting interface of a target application, determining a privacy wish list of the user, wherein the privacy wish list of the user represents the use intention of the user on privacy data of the user in the target application, and the management ability of the user on the privacy data is given through visual privacy interest setting, so that the user can use the privacy data of the user according to the real use intention of the user.
The user privacy wish list reflects the use willingness of the user to the user privacy data in the target application, and after the determination, the target application can collect and use the user privacy data according to the authorization in the user privacy wish list. To prevent merchant fraud, the user's privacy wish list is modified maliciously to gain more authorization. The embodiment provides an authorization traceable privacy protection method. Referring to fig. 5, on the basis of the embodiment shown in fig. 1, the method provided in this embodiment may further include:
s103, calculating a first hash value according to the privacy willingness table and the registration data of the user.
And S104, storing the privacy wish list and the first hash value of the user in the block chain.
In the embodiment, the registration data of the user is determined according to the personal privacy data filled in by the user during registration, and cannot be modified after registration in normal conditions; the privacy wish list of the user is determined according to the setting operation of the user, and the use wish of the user is reflected.
In this embodiment, a hash algorithm is used to calculate a first hash value of both the privacy willingness table of the user and the registration data of the user. The hash algorithm is a function that converts an input of an arbitrary length into an output of a fixed length, which is a hash value, by a hash algorithm, and simply compresses a message of an arbitrary length into a message digest of a fixed length. Since the hash algorithm is not reversible, it is possible to determine whether the privacy wish list of the user is tampered with by comparing the hash values.
In this embodiment, after the first hash value is calculated, both the first hash value and the privacy willingness table of the user are stored in the blockchain. The block chain is a shared database, and the data or information stored in the block chain has the characteristics of unforgeability, trace in the whole process, traceability, public transparency, collective maintenance and the like, so that authorization traceability can be realized by acquiring the privacy wish list of the user from the block chain.
Further, a third hash value may be calculated according to the user privacy wish list acquired from the blockchain and the registration data of the user, and whether the user privacy wish list is tampered with may be determined by determining whether the third hash value is the same as the first hash value. When the third hash value is the same as the first hash value, the fact that the privacy wish list of the user is not tampered is shown; and when the third hash value is different from the first hash value, the third hash value indicates that the privacy wish list of the user is tampered maliciously.
According to the privacy protection method provided by the embodiment, the privacy wish list of the user and the first hash value corresponding to the registration data of the user are calculated, and the privacy wish list of the user and the first hash value are stored in the block chain, so that authorization traceability is realized, and the privacy wish list of the user can be effectively prevented from being tampered.
The situation of invading the user privacy often happens, and the user is often very difficult to obtain evidence as a vulnerable party, so that the malicious use of the user privacy data by an illegal merchant is aggravated, and the rights and interests of the user cannot be guaranteed. In order to facilitate the evidence collection of the behavior violating the user privacy data and practically protect the user rights and interests, the embodiment provides a privacy protection method capable of collecting the evidence of the violation. Referring to fig. 6, on the basis of the embodiment shown in fig. 1 or fig. 5, the privacy protection method provided in this embodiment may further include:
and S105, storing the use record of the private data of the user by the target application in the block chain.
Because the blockchain has the public and transparent characteristics, the user can conveniently acquire the use record of the target application on the user privacy data from the blockchain, and judge whether the use of the target application on the user privacy data meets the user privacy wish list or not so as to carry out infringement confirmation. When the behavior of invading the privacy of the user occurs, the user can conveniently obtain evidence to maintain the rights and interests of the user. On the other hand, for the merchants legally collecting and using the user privacy data, the merchants can also self-verify the clearness and deny privacy infringement through the use records recorded on the block chain.
In the process that the user uses the target application, the use intention of the user's private data in the target application may be changed, and in order to update the privacy intention of the user in time, on the basis of any of the above embodiments, the method provided in this embodiment may further include: and updating the privacy wish list of the user according to the privacy wish updating request of the user. For example, when the user needs to change the privacy wish list of the user, an update request can be made at the personal center of the target application. Similarly, in order to realize authorization traceability, after the privacy wish list of the user is updated, a second hash value is calculated according to the updated privacy wish list and the registration data of the user; and storing the updated privacy willingness table and the second hash value in the block chain.
Fig. 7 is a flowchart of a privacy protecting method according to another embodiment of the present invention. As shown in fig. 7, the privacy protection method provided in this embodiment may include:
s201, generating a privacy interest configuration interface, wherein a plurality of privacy interest items are displayed on the privacy interest configuration interface.
The privacy rights items in the privacy rights configuration interface in this embodiment may be set according to privacy protection laws, regulations, and industry specifications. For example, the setting may be made according to the network security law or the GDPR. Referring to fig. 8, fig. 8 illustrates a privacy equity configuration interface for network security laws. In this interface, the user may configure the privacy interests by means of check boxes.
In order to further improve the configuration efficiency of the merchant for the target application privacy interest item, the privacy interest configuration interface in this embodiment may also be implemented based on an extensible privacy interest configuration template. And the merchant selects a proper privacy interest item in the privacy interest configuration interface according to the service requirement of the target application.
S202, responding to the operation of the user on the privacy interest configuration interface, and configuring the interest setting items supported by the target application.
In the privacy equity configuration interface, the user can check or uncheck the corresponding equity setting item by clicking a check box. As shown in fig. 8, in this embodiment, in response to the operation of the privacy interest configuration interface by the user, configuring the interest setting items supported by the target application includes: an informed right, a portable right and a denied right.
According to the privacy protection method provided by the embodiment, the privacy interest configuration interface is generated, the plurality of privacy interest items are displayed on the privacy interest configuration interface, the interest setting items supported by the target application are configured in response to the operation of the user on the privacy interest configuration interface, and the visual privacy interest configuration interface is used, so that the user experience is improved, the configuration efficiency of the interest setting items is improved, and the user can use the privacy data of the user according to the real use intention of the user.
On the basis of the above embodiment, the privacy interest configuration interface further displays a style setting item, where the style setting item is used to set a style of the privacy interest setting interface of the target application, and the setting of the style of the privacy interest setting interface includes, but is not limited to: setting the environment suitable for the privacy interest setting interface, such as IOS, Android and WEB; setting a theme color; setting a background color; setting the style of the switch item; set fonts, etc. The method may further comprise: and setting the style of the privacy interest setting interface of the target application in response to the operation of the style setting item by the user.
The following describes the privacy protection method provided by the present invention with a specific example. Please refer to fig. 9, in which the client is an APP running in the terminal device, the client server is a server of the APP, and the third-party server is a third-party server for providing the privacy protection service. It should be noted that when the privacy preserving service is provided by a client server, the third-party server in the figure may be omitted. The privacy inclusion method provided by the embodiment may include:
s301, the client receives the registration information input by the user.
S302, the client sends the user information to the client server. The user information includes both registration information of the user and behavior information of the user in the client.
And S303, when the user clicks and confirms on the registration interface, the client generates a privacy interest setting interface.
It should be noted that both the rights setting item and the style of the privacy rights setting interface are configured in the client server in advance.
S304, responding to the operation of the user on the privacy interest setting interface, and determining the privacy wish list of the user.
S305, the client sends the user privacy wish list to the client server.
S306, the client server binds the user information with the user privacy wish list.
And S307, the client server uses the user information according to the user privacy wish list. It is achieved that user information is used according to the user's real usage will.
S308, the client calculates a first hash value according to the privacy willingness table and the registration information of the user.
S309, the client stores the privacy wish list and the first hash value of the user in the block chain, so that authorization traceability is achieved.
S310, the client server sends the use record of the user information to the third-party server.
And S311, the third-party server stores the use record of the user information in the block chain.
S312, the client sends a use record query request to the third-party server. When the user needs to perform infringement and forensics, the use record of the user information can be acquired through the use record inquiry request.
S313, the third-party server acquires the use record of the user information from the block chain according to the use record query request of the user and sends the use record of the user information to the client.
It should be noted that the foregoing is only one possible implementation manner of the privacy protection method provided by the embodiment of the present invention, and other implementation manners are also possible. The present embodiment does not limit the execution order of the above steps.
Fig. 10 is a schematic view showing an electronic device according to an embodiment of the present invention, which is only illustrated in fig. 10, and the embodiment of the present invention is not limited thereto. Fig. 10 is a schematic structural diagram of an electronic device according to an embodiment of the present invention. As shown in fig. 10, the electronic device 100 provided in this embodiment may include: memory 1001, processor 1002, and bus 1003. The bus 1003 is used to realize connection between the elements.
The memory 1001 stores a computer program, and the computer program can implement the technical solution of any of the above method embodiments when executed by the processor 1002.
Wherein, the memory 1001 and the processor 1002 are electrically connected directly or indirectly to realize data transmission or interaction. For example, these elements may be electrically connected to each other via one or more communication buses or signal lines, such as bus 1003. The memory 1001 stores a computer program for implementing the privacy protection method, which includes at least one software functional module that can be stored in the memory 1001 in the form of software or firmware, and the processor 1002 executes various functional applications and data processing by running the software program and the module stored in the memory 1001.
The Memory 1001 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. The memory 1001 is used for storing programs, and the processor 1002 executes the programs after receiving execution instructions. Further, the software programs and modules in the above-mentioned storage 1001 may also include an operating system, which may include various software components and/or drivers for managing system tasks (e.g., memory management, storage device control, power management, etc.), and may communicate with various hardware or software components to provide an operating environment for other software components.
The processor 1002 may be an integrated circuit chip having signal processing capabilities. The Processor 1002 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and so on. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. It will be appreciated that the configuration of fig. 10 is merely illustrative and may include more or fewer components than shown in fig. 10 or have a different configuration than shown in fig. 10. The components shown in fig. 10 may be implemented in hardware and/or software.
It should be noted that the electronic device provided in this embodiment includes, but is not limited to: user side equipment and network side equipment. User-side devices include, but are not limited to, computers, smart phones, tablets, digital broadcast terminals, messaging devices, personal digital assistants, and the like. The network-side device includes, but is not limited to, a single network server, a server group consisting of a plurality of network servers, or a cloud consisting of a large number of computers or network servers based on cloud computing, wherein the cloud computing is one of distributed computing and is a super virtual computer consisting of a group of loosely coupled computers.
Reference is made herein to various exemplary embodiments. However, those skilled in the art will recognize that changes and modifications may be made to the exemplary embodiments without departing from the scope hereof. For example, the various operational steps, as well as the components used to perform the operational steps, may be implemented in differing ways depending upon the particular application or consideration of any number of cost functions associated with operation of the system (e.g., one or more steps may be deleted, modified or incorporated into other steps).
Additionally, as will be appreciated by one skilled in the art, the principles herein may be reflected in a computer program product on a computer readable storage medium, which is pre-loaded with computer readable program code. Any tangible, non-transitory computer-readable storage medium may be used, including magnetic storage devices (hard disks, floppy disks, etc.), optical storage devices (CD-ROMs, DVDs, Blu Ray disks, etc.), flash memory, and/or the like. These computer program instructions may be loaded onto a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions which execute on the computer or other programmable data processing apparatus create means for implementing the functions specified. These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including means for implementing the function specified. The computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified.
While the principles herein have been illustrated in various embodiments, many modifications of structure, arrangement, proportions, elements, materials, and components particularly adapted to specific environments and operative requirements may be employed without departing from the principles and scope of the present disclosure. The above modifications and other changes or modifications are intended to be included within the scope of this document.
The foregoing detailed description has been described with reference to various embodiments. However, one skilled in the art will recognize that various modifications and changes may be made without departing from the scope of the present disclosure. Accordingly, the disclosure is to be considered in an illustrative and not a restrictive sense, and all such modifications are intended to be included within the scope thereof. Also, advantages, other advantages, and solutions to problems have been described above with regard to various embodiments. However, the benefits, advantages, solutions to problems, and any element(s) that may cause any element(s) to occur or become more pronounced are not to be construed as a critical, required, or essential feature or element of any or all the claims. As used herein, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, system, article, or apparatus. Furthermore, the term "coupled," and any other variation thereof, as used herein, refers to a physical connection, an electrical connection, a magnetic connection, an optical connection, a communicative connection, a functional connection, and/or any other connection.
The present invention has been described in terms of specific examples, which are provided to aid understanding of the invention and are not intended to be limiting. For a person skilled in the art to which the invention pertains, several simple deductions, modifications or substitutions may be made according to the idea of the invention.
Claims (9)
1. A privacy preserving method, comprising:
generating a privacy interest setting interface of a target application, wherein at least one interest setting item is displayed on the privacy interest setting interface, and each interest setting item is used for setting an interest owned by privacy data of a user in the target application by the user;
in response to a setting operation of a user on a privacy interest setting interface of the target application, determining a privacy wish list of the user, wherein the privacy wish list of the user represents the use wish of the user on the privacy data of the user in the target application, and the privacy data of the user at least comprises registration data of the user in the target application;
the rights settings items include one or more of: an informed right setting item, an access right setting item, a forgetting right setting item, a portable right setting item, a refusal right setting item and a correction right setting item;
the right-to-know setting item is used for setting the right-to-know by the user; when the right of awareness is turned on, the target application needs to inform the user at least in a way of informing the user when collecting the privacy data of the user;
the access right setting item is used for setting the access right by the user; when the access right is opened, the target application needs to provide an interface for the user to access the private data of the user;
the forgetting right setting item is used for setting a forgetting right by a user; when the forgetting right is opened, the target application needs to provide an interface for the user to delete the private data;
the portable right setting item is used for setting a portable right for a user; when the portability right is opened, the target application needs to provide an interface for the user to download private data of the user;
the refusal right setting item is used for the user to set the refusal right; when the denial right is opened, the target application is indicated to be refused to use the private data of the user;
the correction right setting item is used for setting the correction right by a user; when the correction right is opened, the target application needs to provide an interface for the user to correct his private data.
2. The method of claim 1, wherein the rights setting item includes a rights name and a corresponding switch item; and responding to the operation of the user on the switch item in the right setting item, and opening or closing the right corresponding to the right name in the right setting item.
3. The method of claim 1, wherein the method further comprises:
calculating a first hash value according to the privacy willingness table of the user and the registration data of the user;
storing the user's privacy wish list and the first hash value in a blockchain.
4. The method of claim 1, wherein the method further comprises:
storing a record of usage of the user's private data by the target application in a blockchain.
5. The method of any one of claims 1-4, further comprising:
responding to the updating operation of a user on the privacy interest setting interface of the target application, and updating the privacy wish list of the user;
calculating a second hash value according to the updated privacy willingness table and the registration data of the user;
and storing the updated privacy willingness table and the second hash value in a block chain.
6. A privacy preserving method, comprising:
generating a privacy interest configuration interface, wherein a plurality of privacy interest items are displayed on the privacy interest configuration interface;
configuring rights setting items supported by a target application in response to the operation of the privacy rights configuration interface by a user;
the rights settings items include one or more of: an informed right setting item, an access right setting item, a forgetting right setting item, a portable right setting item, a refusal right setting item and a correction right setting item;
the right-to-know setting item is used for setting the right-to-know by the user; when the right of awareness is turned on, the target application needs to inform the user at least in a way of informing the user when collecting the privacy data of the user;
the access right setting item is used for setting the access right by the user; when the access right is opened, the target application needs to provide an interface for the user to access the private data of the user;
the forgetting right setting item is used for setting a forgetting right by a user; when the forgetting right is opened, the target application needs to provide an interface for the user to delete the private data;
the portable right setting item is used for setting a portable right for a user; when the portability right is opened, the target application needs to provide an interface for the user to download private data of the user;
the refusal right setting item is used for the user to set the refusal right; when the denial right is opened, the target application is indicated to be refused to use the private data of the user;
the correction right setting item is used for setting the correction right by a user; when the correction right is opened, the target application needs to provide an interface for the user to correct his private data.
7. The method of claim 6, wherein a style setting item is further displayed in the privacy rights configuration interface, the style setting item being used to set a style of the privacy rights setting interface of the target application, the method further comprising:
and setting the style of the privacy interest setting interface of the target application in response to the operation of the style setting item by the user.
8. An electronic device, comprising: at least one processor and memory;
the memory stores computer-executable instructions;
the at least one processor executing the computer-executable instructions stored by the memory causes the at least one processor to perform the privacy protection method of any one of claims 1-7.
9. A computer-readable storage medium having computer-executable instructions stored thereon, which when executed by a processor, are configured to implement the privacy preserving method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010076979.6A CN111274598B (en) | 2020-01-23 | 2020-01-23 | Privacy protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010076979.6A CN111274598B (en) | 2020-01-23 | 2020-01-23 | Privacy protection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111274598A CN111274598A (en) | 2020-06-12 |
| CN111274598B true CN111274598B (en) | 2022-04-15 |
Family
ID=71001257
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010076979.6A Active CN111274598B (en) | 2020-01-23 | 2020-01-23 | Privacy protection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111274598B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115603984A (en) * | 2022-09-30 | 2023-01-13 | 重庆长安汽车股份有限公司(Cn) | Privacy policy notification method, device, vehicle and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8265595B1 (en) * | 2009-01-30 | 2012-09-11 | Sprint Communications Company L.P. | Managing application permissions on a mobile device |
| WO2019217151A1 (en) * | 2018-05-07 | 2019-11-14 | Google Llc | Data collection consent tools |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9032544B2 (en) * | 2010-12-22 | 2015-05-12 | Private Access, Inc. | System and method for controlling communication of private information over a network |
| WO2013101215A1 (en) * | 2011-12-30 | 2013-07-04 | Intel Corporation | Cloud based real time app privacy dashboard |
| US9443101B2 (en) * | 2014-03-10 | 2016-09-13 | Xerox Corporation | Low-cost specification and enforcement of a privacy-by-consent-policy for online services |
-
2020
- 2020-01-23 CN CN202010076979.6A patent/CN111274598B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8265595B1 (en) * | 2009-01-30 | 2012-09-11 | Sprint Communications Company L.P. | Managing application permissions on a mobile device |
| WO2019217151A1 (en) * | 2018-05-07 | 2019-11-14 | Google Llc | Data collection consent tools |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111274598A (en) | 2020-06-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10469434B2 (en) | Managing data on computer and telecommunications networks | |
| US10498769B2 (en) | Monitoring a privacy rating for an application or website | |
| US11520922B2 (en) | Method for personal data administration in a multi-actor environment | |
| US10581919B2 (en) | Access control monitoring through policy management | |
| US9928381B2 (en) | Data privacy management | |
| US20210233120A1 (en) | Authorization and termination of the binding of social account interactions to a master agnostic identity | |
| US11336599B2 (en) | Architecture for performing action in a third-party service by an email client | |
| Parsons et al. | The predator in your pocket: A multidisciplinary assessment of the stalkerware application industry | |
| US11902272B1 (en) | Online security center | |
| US10582005B2 (en) | Architecture for performing actions in a third-party service by an email client | |
| US20210258271A1 (en) | System and methods for integrating social network information | |
| US20180005276A1 (en) | User controlled profiles | |
| US11196734B2 (en) | Safe logon | |
| US11611526B2 (en) | Managing data on computer and telecommunications networks | |
| Liccardi et al. | Improving mobile app selection through transparency and better permission analysis | |
| Liccardi et al. | Improving user choice through better mobile apps transparency and permissions analysis | |
| CN111274598B (en) | Privacy protection method and device | |
| Ahmad et al. | GDPR compliance verification through a user-centric blockchain approach in multi-cloud environment | |
| US10007791B2 (en) | Systems and methods for increasing security sensitivity based on social influence | |
| KR20200031846A (en) | Method for evaluating and predicting trust index using small data | |
| Hansen | Data protection by default in identity-related applications | |
| US20170310698A1 (en) | Validating Strength Values For Account Security Questions | |
| US20190236712A1 (en) | Secure dispute settlement system | |
| Hasan et al. | Security framework for adopting mobile applications in small and medium enterprises | |
| Dalek et al. | Citizen Lab: The Predator in Your Pocket: A Multidisciplinary Assessment of the Stalkerware Application Industry |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240227 Address after: Room 1179, W Zone, 11th Floor, Building 1, No. 158 Shuanglian Road, Qingpu District, Shanghai, 200000 Patentee after: Shanghai Zhongan Information Technology Service Co.,Ltd. Guo jiahuodiqu after: Zhong Guo Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.) Patentee before: ZHONGAN INFORMATION TECHNOLOGY SERVICE Co.,Ltd. Guo jiahuodiqu before: Zhong Guo |