CN113158244A - Data privacy protection method and device, storage medium and electronic equipment - Google Patents

Data privacy protection method and device, storage medium and electronic equipment Download PDF

Info

Publication number
CN113158244A
CN113158244A CN202110449811.XA CN202110449811A CN113158244A CN 113158244 A CN113158244 A CN 113158244A CN 202110449811 A CN202110449811 A CN 202110449811A CN 113158244 A CN113158244 A CN 113158244A
Authority
CN
China
Prior art keywords
data
shuffling
buried point
privacy
shuffle
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110449811.XA
Other languages
Chinese (zh)
Other versions
CN113158244B (en
Inventor
侯宪龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Hefei Technology Co ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority to CN202110449811.XA priority Critical patent/CN113158244B/en
Publication of CN113158244A publication Critical patent/CN113158244A/en
Application granted granted Critical
Publication of CN113158244B publication Critical patent/CN113158244B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The embodiment of the application discloses a data privacy protection method, a data privacy protection device, a storage medium and electronic equipment, wherein the method comprises the following steps: acquiring buried point user data corresponding to at least one user terminal, performing data shuffling processing on each buried point user data to generate a shuffling buried point data set containing at least one shuffling buried point data, performing differential privacy processing on each shuffling buried point data in the shuffling buried point data set to generate a target privacy data set, and sending the target privacy data set to a data service end corresponding to the buried point user data, wherein the target privacy data set is used for indicating the data server to generate a data aggregation result corresponding to the target privacy data set. By adopting the embodiment of the application, the usability of the data can be ensured, and meanwhile, effective data privacy protection can be carried out.

Description

Data privacy protection method and device, storage medium and electronic equipment
Technical Field
The present application relates to the field of computer technologies, and in particular, to a data privacy protection method and apparatus, a storage medium, and an electronic device.
Background
With the development of communication networks, Internet of Things (IOT) devices are widely applied to smart cities, smart homes, unmanned vehicles, and other fields. At present, the internet of things equipment generates a large amount of user data in the using process of a user, so that an internet of things service provider can obtain the user data and perform aggregation analysis calculation on the user data, and the internet of things equipment is optimized. Because the user data belongs to the category of personal privacy data, the internet of things service provider should adopt an effective data privacy protection technology to carry out privacy protection on the user data in the process of acquiring the user data.
Disclosure of Invention
The embodiment of the application provides a data privacy protection method and device, a storage medium and electronic equipment, which can ensure the usability of data and can perform effective data privacy protection. The technical scheme is as follows:
in a first aspect, an embodiment of the present application provides a data privacy protection method, where the method includes:
acquiring buried point user data corresponding to at least one user terminal, and performing data shuffling processing on each buried point user data to generate a shuffling buried point data set containing at least one shuffling buried point data;
carrying out differential privacy processing on the shuffling buried point data in the shuffling buried point data set to generate a target privacy data set;
and sending the target privacy data set to a data server corresponding to the data of the embedded point user, wherein the target privacy data set is used for indicating the data server to generate a data aggregation result corresponding to the target privacy data set.
In a second aspect, an embodiment of the present application provides an apparatus for protecting data privacy, where the apparatus includes:
the shuffle module is used for acquiring buried point user data corresponding to at least one user terminal, performing data shuffle processing on each buried point user data, and generating a shuffle buried point data set containing at least one shuffle buried point data;
the difference privacy module is used for carrying out difference privacy processing on the shuffling buried point data in the shuffling buried point data set to generate a target privacy data set;
and the data set sending module is used for sending the target privacy data set to a data server corresponding to the data of the embedded point user, and the target privacy data set is used for indicating the data server to generate a data aggregation result corresponding to the target privacy data set.
In a third aspect, embodiments of the present application provide a computer storage medium storing a plurality of instructions adapted to be loaded by a processor and to perform the above-mentioned method steps.
In a fourth aspect, an embodiment of the present application provides an electronic device, which may include: a processor and a memory; wherein the memory stores a computer program adapted to be loaded by the processor and to perform the above-mentioned method steps.
The beneficial effects brought by the technical scheme provided by some embodiments of the application at least comprise:
in one or more embodiments of the present application, embedded point user data corresponding to at least one user terminal is obtained, data shuffling is performed on each embedded point user data, a shuffle embedded point data set including at least one shuffle embedded point data is generated, differential privacy processing is performed on each shuffle embedded point data in the shuffle embedded point data set, a target privacy data set is generated, and the target privacy data set is sent to a data server corresponding to the embedded point user data, where the target privacy data set is used to instruct the data server to generate a data aggregation result corresponding to the target privacy data set. The data shuffling processing is carried out on the buried point user data, so that the privacy protection degree corresponding to the data aggregation result is enhanced, the usability of the data can be ensured, and meanwhile, the effective data privacy protection can be carried out.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of a data privacy protection method provided in an embodiment of the present application;
FIG. 2 is an exemplary illustration of a shuffling process provided in embodiments of the present application;
FIG. 3 is an exemplary diagram of a differential privacy process provided by an embodiment of the present application;
FIG. 4 is a schematic flow chart diagram illustrating another data privacy protection method provided in an embodiment of the present application;
FIG. 5 is a schematic diagram illustrating an example of data training provided by an embodiment of the present application;
fig. 6 is a schematic structural diagram of a data privacy protecting apparatus according to an embodiment of the present application;
figure 7 is a schematic structural view of a shuffling module provided in embodiments of the present application;
figure 8 is a schematic structural view of another shuffling module provided in the embodiments of the present application;
FIG. 9 is a schematic structural diagram of a differential privacy module provided in an embodiment of the present application;
fig. 10 is a schematic structural diagram of a privacy processing unit provided in an embodiment of the present application;
fig. 11 is a schematic structural diagram of an electronic device according to an embodiment of the present application;
FIG. 12 is a schematic structural diagram of an operating system and a user space provided in an embodiment of the present application;
FIG. 13 is an architectural diagram of the android operating system of FIG. 11;
FIG. 14 is an architectural diagram of the IOS operating system of FIG. 11.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In the description of the present application, it is to be understood that the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. In the description of the present application, it is noted that, unless explicitly stated or limited otherwise, "including" and "having" and any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus. The specific meaning of the above terms in the present application can be understood in a specific case by those of ordinary skill in the art. Further, in the description of the present application, "a plurality" means two or more unless otherwise specified. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
In the related art, a differential privacy protection technique may be employed to protect the privacy of user data. Specifically, the differential privacy parameter is set to disturb the user data, for example, after a 01 character string of the user data is disturbed and output, 1 in the 01 character string has a certain probability of becoming 0, and 0 also has a certain probability of becoming 1, so that the privacy protection function of the user data can be realized, wherein the greater the value of the differential privacy parameter is, the smaller the probability that 1 becomes 0 or 0 becomes 1 is, it can be understood that the smaller the value of the differential privacy parameter is, the greater the difference between the disturbed user data and the original user data is, and the greater the privacy protection degree of the user data is. However, the larger the difference between the disturbed user data and the original user data is, the smaller the availability of the disturbed user data is, so that the service demand degree of the user data by aggregation analysis and calculation cannot be satisfied.
The present application will be described in detail with reference to specific examples.
In one embodiment, as shown in fig. 1, a data privacy protection method is specifically proposed, which can be implemented by means of a computer program and can run on a data privacy protection device based on the von neumann architecture. The computer program may be integrated into the application or may run as a separate tool-like application. The data privacy protection device may be a terminal device, including but not limited to: personal computers, tablet computers, handheld devices, in-vehicle devices, wearable devices, computing devices or other processing devices connected to a wireless modem, and the like. The terminal devices in different networks may be called different names, for example: user equipment, access terminal, subscriber unit, subscriber station, mobile station, remote terminal, mobile device, user terminal, wireless communication device, user agent or user equipment, cellular telephone, cordless telephone, terminal equipment in a 5G network or future evolution network, and the like.
Specifically, the data privacy protection method includes:
s101: acquiring buried point user data corresponding to at least one user terminal, and performing data shuffling processing on each buried point user data to generate a shuffling buried point data set containing at least one shuffling buried point data.
It should be noted that the execution subject in the embodiment of the present application may be a trusted server, where the trusted server refers to a server that can perform privacy protection on the obtained data of the embedded point user and prohibit data leakage, and may be a paid third-party server, for example, an ari cloud server.
The embedded point user data refers to user data acquired by a user terminal by using an embedded point technology, and it can be understood that the user data is data generated by a user performing an access operation, a click operation, and the like in the user terminal. In the embodiment of the application, the buried point user data refers to privacy data which needs privacy protection when the buried point user data is applied to an untrusted server.
Furthermore, when the user terminal collects the buried point user data, the device identification information corresponding to the user terminal in the buried point user data can be removed. The device identification information includes, but is not limited to, device identification information such as a current process Identity identification number (ID), a current thread ID, a current system start relative time unit (Tick) number, a current hard disk serial number, a current network interface card physical address, and a current system host name. It can be understood that the manner of removing the device identification information in the buried point user data may be to hide the device identification information, or to delete the device identification information.
Further, to facilitate the transmission of the buried point user data, the user terminal may temporarily store the buried point user data in a memory. The Memory may be a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, an optical disk, or other various media capable of storing data.
According to some embodiments, when the trusted server obtains the embedded point user Data corresponding to at least one user terminal, the trusted server needs to establish a communication connection with each user terminal, and the communication connection mode may adopt a fourth Generation Mobile communication System (4G), a fifth Generation Mobile communication technology (5G), a New air interface (NR) System or a future communication System, or may adopt other various wireless communication systems, such as a narrowband Internet of Things (Narrow-Band-Internet of Things (IoT-IoT) System, a Global System of Mobile communication (GSM), an Enhanced Data rate GSM Evolution (Enhanced Data for GSM Evolution, EDGE) System, a Wideband Code Division Multiple Access (Wideband Code Division Multiple Access, WCDMA) System, a wireless Access System, a, Code Division Multiple Access 2000 (CDMA 2000) System, Time Division-Synchronization Code Division Multiple Access (TD-SCDMA) System, General Packet Radio Service (GPRS), Long Term Evolution (LTE) System, LTE Frequency Division Duplex (FDD) System, LTE Time Division Duplex (TDD), Universal Mobile Telecommunications System (UMTS), and the like.
It should be noted that, in order to ensure the security and integrity of the buried point user data in the acquisition process, the buried point user data may be encrypted and encoded at the user terminal, so as to obtain encrypted and encoded data, and the encrypted and encoded data is decoded, so as to obtain the buried point user data. The algorithm for encrypting and encoding the buried point user data includes but is not limited to: MD5 Message Digest Algorithm (Message-Digest Algorithm, MD5), Merkel-Hellman knapsack Algorithm, Elliptic Cryptography Algorithm (ECC), and Secure Hash Algorithm 1(Secure Hash Algorithm 1, SHA-1 Algorithm).
In the embodiment of the present application, data shuffling processing is performed on each buried point data, where the data shuffling processing is to perform scrambling processing on buried point user data by using a preset shuffling algorithm, and the shuffling algorithm includes, but is not limited to: equal probability random permutation number group Algorithm (Fisher-Yates Shuffle), classical shuffling Algorithm (Knuth-Durstenfeld Shuffle), and Inside and outside shuffling Algorithm (Inside-Out Algorithm).
The shuffling and burying point data set is a set composed of shuffling and burying point data, and the shuffling and burying point data is a set composed of shuffling and burying point data, wherein the shuffling and burying point data is a set composed of shuffling and burying point data, and the shuffling and burying point data is a set composed of shuffling and burying point data corresponding to each piece of burying point user data.
It will be readily appreciated that the equal probability random permutation number group algorithm may be to randomly fetch one previously unsewn buried point user data from each buried point user data into the shuffled buried point data set, thereby generating a shuffled buried point data set containing at least one shuffled buried point data. Schematically, fig. 2 shows an example schematic diagram of a shuffling process, comprising buried point user data a, buried point user data B, buried point user data C and buried point user data D, and the generated shuffled buried point data set, wherein the shuffled buried point data set comprises: shuffle burying point data a, shuffle burying point data B, shuffle burying point data C, and shuffle burying point data D.
S102: and carrying out differential privacy processing on the shuffling buried point data in the shuffling buried point data set to generate a target privacy data set.
Differential Privacy (Differential Privacy) refers to a processing technique that randomly adds noise to each of the set of shuffle burial point data, according to some embodiments. Wherein the degree of noise addition for each shuffled buried point data can be determined by the differential privacy parameter epsilon. The smaller the difference privacy parameter epsilon is, the larger the noise adding degree of each shuffling buried point data is; the larger the difference privacy parameter epsilon, the smaller the noise addition degree to each shuffle buried point data.
It is easy to understand that the greater the noise adding degree of each shuffling buried point data, the lower the data availability; the smaller the degree of noise addition to each shuffle buried point data, the higher the usability of the data. Therefore, based on the consideration of data availability, a feasible correspondence table of data availability and differential privacy parameters is set as follows:
data availability levels Differential privacy parameters
First stage 0~0.25
Second stage 0.25~0.5
Three-stage 0.5~0.75
Four stages 0.75~1
Wherein the smaller the level of data availability, the lower the data availability, e.g., the primary data availability is lower than the secondary data availability. Further, the range of the differential privacy parameter is: epsilon is more than 0 and less than or equal to 1, and it can be understood that when the differential privacy parameter is 0, the shuffling and buried point data is subjected to over-noise addition; and when the differential privacy parameter is 1, substantially no noise is added to the shuffle buried point data.
In the embodiment of the application, difference privacy processing is performed on the shuffling and burying point data respectively to generate a target privacy data set, wherein the target privacy data set comprises target privacy data corresponding to the shuffling and burying point data. It is understood that the target privacy data is data obtained by performing differential privacy processing on shuffle buried point data. Fig. 3 schematically shows an example of a survival target private data set, which includes generated shuffle-burying point data sets (shuffle-burying point data a, shuffle-burying point data B, shuffle-burying point data C, and shuffle-burying point data D), and generates a target private data set by performing differential privacy processing on the shuffle-burying point data a, the shuffle-burying point data B, the shuffle-burying point data C, and the shuffle-burying point data D to obtain target private data a corresponding to the shuffle-burying point data a, target private data B corresponding to the shuffle-burying point data B, target private data C corresponding to the shuffle-burying point data C, and target private data D corresponding to the shuffle-burying point data D, the target private data set including: target privacy data a, target privacy data B, target privacy data C, and target privacy data D.
S103: sending the target privacy data set to a data server corresponding to the buried point user data, wherein the target privacy data set is used for indicating the data server to generate a data aggregation result corresponding to the target privacy data set
It should be noted that the data server is a server that needs to perform data aggregation analysis on each target privacy data in the target privacy data set, and may be a server corresponding to an internet of things service provider in an application scenario of the internet of things, or an untrusted server that needs to collect user data in other scenarios that need to perform privacy protection on user data, and further, the data server may be an independent physical server, or a server cluster or distributed system formed by a plurality of physical servers, or a cloud server that provides basic cloud computing services such as cloud service, cloud database, cloud computing, cloud function, cloud storage, Network service, cloud communication, middleware service, domain name service, security service, CDN (Content Delivery Network), and big data and artificial intelligence platform.
In some possible embodiments, the data aggregation analysis on the target privacy data may be: and respectively extracting data features in the target privacy data, and calculating frequency distribution, a mode, an average value and the like corresponding to the data features, wherein the frequency distribution, the mode, the average value and the like are data aggregation results corresponding to the target data set.
In the embodiment of the application, embedded point user data corresponding to at least one user terminal is obtained, data shuffling processing is performed on each embedded point user data, a shuffling and embedding data set containing at least one shuffling and embedding data is generated, difference privacy processing is performed on each shuffling and embedding data in the shuffling and embedding data set, a target privacy data set is generated, the target privacy data set is sent to a data service end corresponding to the embedded point user data, and the target privacy data set is used for indicating the data server to generate a data aggregation result corresponding to the target privacy data set. The data shuffling processing is carried out on the buried point user data, so that the privacy protection degree corresponding to the data aggregation result is enhanced, the usability of the data can be ensured, and meanwhile, the effective data privacy protection can be carried out.
Referring to fig. 4, fig. 4 is a schematic flowchart of another embodiment of a data privacy protection method proposed in the present application. Specifically, the method comprises the following steps:
s201: acquiring buried point user data corresponding to at least one user terminal, and determining data source information carried by each buried point user data.
Specifically, the data source information refers to data information related to a source end corresponding to the buried point user data, that is, data information related to a user terminal corresponding to the buried point user data, and may be timestamp information of a parameter when the buried point user data is acquired, or may be interface information corresponding to the received buried point user data.
Furthermore, an expected hiding value and a preset differential privacy parameter corresponding to the buried point user data are obtained, and the shuffling number of the user terminal is determined based on the expected hiding value and the differential privacy parameter. And acquiring buried point user data corresponding to each user terminal indicated by the shuffling number.
The desired concealed value is a value corresponding to a degree of privacy protection desired for the buried-point user data, and may be a target differential privacy parameter epsilon' corresponding to the aggregation result. The preset differential privacy parameter epsilon refers to that the differential privacy processing is carried out on the shuffling buried point data corresponding to the buried point user data based on the differential privacy parameter. The shuffle number n of the user terminals refers to the number of terminals of the user terminal corresponding to the user buried point data subjected to the shuffle process. It will be appreciated that the concealment value epsilon', the differential privacy parameter epsilon, and the shuffle number n are expected to have a data mapping relationship.
It will be appreciated that the number N of shuffles of the user terminal corresponding to the desired concealment value epsilon 'and the differential privacy parameter epsilon is determined based on the data mapping relation of the reference desired concealment value E', the reference shuffled number N, and the reference differential privacy parameter E. The reference expected concealed value E 'is less than or equal to the actual concealed value E'Fruit of Chinese wolfberryNamely:
E′≤E′fruit of Chinese wolfberry
Wherein the product of the reference shuffle number n and the differential dilation factor beta and the differential dilation difference m is an actual concealed value E'Fruit of Chinese wolfberryActual secret value E'Fruit of Chinese wolfberryThe difference value of the result of the differential expansion factor beta power of the natural constant e and the preset value m; the differential inflation factor β is associated with a reference shuffle number N, a reference differential privacy parameter E, a natural constant E, and a preset value m.
E′Fruit of Chinese wolfberry=N(eβ-m)
Figure BDA0003038228690000091
Note that the actual hidden value E'Fruit of Chinese wolfberryThe parameter values calculated from the reference shuffle number N and the reference differential privacy parameter E are used as criteria for expressing the degree of privacy protection of the data. The differential expansion factor β may be a reference differential implicitThe privacy parameter corresponds to a degree of privacy protection that is an increasing factor of the degree of privacy protection corresponding to the reference expected concealment value E'.
In an embodiment of the present application, during data training, a data mapping relationship may be generated that refers to the desired privacy value E', to the reference shuffle number N, and to the differential privacy parameter E. Specifically, as shown in fig. 5, a feasible data training method presets the shuffle number n, and obtains the buried point user data { x ] corresponding to the user terminal with the shuffle number n1、x2、x3、…、xn};
Data shuffling is carried out on user data of each buried point to generate a shuffled buried point data set pi [ D (x)i)]Where i is any of values 1-n, i.e., the shuffled buried point data set pi [ D (x)i)]Comprising { D (x)1)、D(x2)、 D(x3)、…、D(xn)};
Presetting a differential privacy parameter epsilon, and pairing the shuffling buried point data set pi [ D (x) based on the preset privacy differential parameter epsiloni)]Performing differential privacy processing on the shuffling and burying point data to obtain target privacy data corresponding to the shuffling and burying point data
Figure BDA0003038228690000092
Thereby generating a target privacy data set
Figure BDA0003038228690000093
Target privacy data set
Figure BDA0003038228690000094
Sending the data to a data server corresponding to the data of the embedded point user to generate a data aggregation result corresponding to the target privacy data set
Figure BDA0003038228690000095
The data aggregation result can be determined through the data aggregation result
Figure BDA0003038228690000096
Corresponding desired concealment value ε', the following formula can be derived:
Figure BDA0003038228690000097
based on the above formula, it can be determined that the magnitude of the expected hiding value corresponding to the generated data aggregation result has a mapping relation with the privacy difference parameter epsilon and the shuffle number in the data training process, and it can be understood that the privacy difference parameter epsilon can ensure the usability of the data when the shuffle embedded point data is subjected to the difference privacy processing, and the expected hiding value epsilon ' can ensure the data privacy protection degree corresponding to the data aggregation result, wherein the expected hiding value epsilon ' is smaller than the privacy difference parameter epsilon, which indicates that when the same privacy difference parameter epsilon is set to ensure the usability of the embedded point user data, the data aggregation result (epsilon ') corresponding to the shuffle-processed shuffle-embedded point data is increased relative to the data privacy protection degree of the data aggregation result (epsilon) corresponding to the embedded point user data which is not subjected to the shuffle processing.
It can be understood that, in order to ensure the availability of the buried point user data and the degree of data privacy protection, the privacy difference parameter epsilon corresponding to the data availability and the expected hiding value epsilon ' corresponding to the degree of data privacy protection are determined, and based on the data mapping relationship of the reference expected hiding value E ', the reference shuffle number N and the reference difference privacy parameter E, the shuffle number N corresponding to the privacy difference parameter epsilon and the expected hiding value epsilon ' in the data mapping relationship can be determined, so as to obtain the buried point shuffle data of the user terminal of the shuffle number N, and the data aggregation result corresponding to the buried point shuffle data can ensure the availability of the data and can perform effective data privacy protection.
Furthermore, the expected hiding value epsilon' corresponding to the data aggregation result can be adjusted by adjusting the shuffle number n and/or the privacy difference parameter epsilon, namely, the privacy protection degree of the data aggregation result is adjusted.
Illustratively, when the privacy difference parameter ∈ is 0.5 and the shuffle number n is 2000, the expected concealment value ∈ 'is 0.006, and it is understood that the availability of the buried point user data is the data availability level corresponding to the privacy difference parameter ∈ 0.5, and the privacy protection degree of the data aggregation result corresponding to the buried point user data is the privacy protection degree corresponding to the expected concealment value ∈' 0.006.
Optionally, different shuffling algorithms are adopted or different shuffling force parameters are set in a preset shuffling algorithm, so that the obtained effects corresponding to shuffling processing are different, and in practical application, the effects corresponding to shuffling processing can be divided into different shuffling grades, wherein each shuffling grade corresponds to the preset shuffling algorithm or the preset shuffling force parameter in the shuffling algorithm. An exemplary table of possible shuffle ratings versus shuffling algorithm is shown in the following table.
Shuffling grades Shuffling algorithm
First shuffling grade First shuffling algorithm
Second shuffling grade Second shuffling algorithm
Third shuffling grade Third shuffling algorithm of first shuffling force parameter
Fourth shuffling grade Third shuffling algorithm for second shuffling force parameter
The smaller the shuffling grade is, the smaller the shuffling force is, the poorer the corresponding shuffling effect is, for example, the shuffling effect corresponding to the first shuffling grade is lower than that corresponding to the second shuffling grade.
It can be understood that the better the shuffling effect, the higher the shuffling grade is, the higher the privacy protection degree corresponding to the data aggregation result is; the better the shuffling effect is, the higher the shuffling grade is, the higher the privacy protection degree corresponding to the data aggregation result is, further, the shuffling force to the buried point user data can be adjusted by adopting the shuffling algorithm corresponding to different shuffling grades or the shuffling force parameter in the shuffling algorithm, so that the expected hiding value epsilon' corresponding to the data aggregation result is adjusted, namely, the privacy protection degree of the data aggregation result is adjusted.
S202: and performing data shuffling processing on the buried point user data based on data source information carried by the buried point user data to generate a shuffling buried point data set containing at least one shuffling buried point data.
According to some embodiments, a preset data shuffling mode is adopted, mapping relation shuffling processing is carried out on time stamp information corresponding to each piece of buried point user data, and a shuffling buried point data set containing at least one shuffling buried point data is generated, wherein the shuffling buried point data comprises the buried point user data and target time stamp information carried by the buried point user data, and the target time stamp information is different from the time stamp information.
It can be understood that the time stamp information may refer to time information generated when the buried point user data is acquired, where the buried point user data and the time stamp information have a one-to-one correspondence relationship, and after the shuffle processing, the mapping relationship is randomly disturbed, so that the buried point user data and other time stamp information form a one-to-one correspondence relationship, and the other time stamp information, that is, the target time stamp information is different from the time stamp information corresponding to the buried point user data before the shuffle processing.
Illustratively, before shuffling processing, the buried point user data a corresponds to timestamp information a, the buried point user data B corresponds to timestamp information B, and the buried point user data C corresponds to timestamp information C, when shuffling processing is performed, the buried point user data B is extracted, the buried point user data B corresponds to timestamp information a, the buried point user data C is extracted, the buried point user data C corresponds to timestamp information B, the buried point user data a is extracted, and the buried point user a corresponds to timestamp information C.
S203: and respectively carrying out local differential privacy processing on the shuffling buried point data in the shuffling buried point data set by adopting a random response algorithm to obtain target privacy data corresponding to the shuffling buried point data, and generating a target privacy data set containing the target privacy data.
Differential Privacy includes Centralized Differential Privacy (CDP) which can centralize private data into a data center for Differential Privacy algorithms, and Local Differential Privacy (LDP) which can perform Differential Privacy algorithms on the private data. The local differential privacy is to perform differential privacy processing on each private data.
In the embodiment of the application, local differential privacy processing can be performed on each shuffling buried point data by adopting local differential privacy. Specifically, the unique hot coding processing is carried out on each shuffling buried point data in the shuffling buried point data set to generate a unique hot coding vector corresponding to each shuffling buried point data; and determining a difference privacy parameter based on the service demand degree corresponding to each shuffling and burying point data, and respectively carrying out random response processing on each unique heat vector based on the difference privacy parameter to obtain target privacy data corresponding to each shuffling and burying point data.
It should be noted that the random response algorithm is one of the local differential privacy algorithms, and the shuffle buried point data may be subjected to the differential privacy processing based on a perturbation mechanism of the random response. The One-Hot Encoding (One-Hot Encoding) is an Encoding algorithm for preprocessing data of the shuffle buried point data before the random response algorithm is performed.
It can be understood that the service demand degree corresponding to the buried point user data is a quantized value of data availability, and may be a ratio of noisy part data to non-noisy part data in the data after the differential privacy processing.
S204: and sending the target privacy data set to a data server corresponding to the data of the embedded point user, wherein the target privacy data set is used for indicating the data server to generate a data aggregation result corresponding to the target privacy data set.
See S103 specifically, and the details are not repeated here.
In the embodiment of the application, embedded point user data corresponding to at least one user terminal is obtained, data shuffling processing is performed on each embedded point user data, a shuffling and embedding data set containing at least one shuffling and embedding data is generated, difference privacy processing is performed on each shuffling and embedding data in the shuffling and embedding data set, a target privacy data set is generated, the target privacy data set is sent to a data service end corresponding to the embedded point user data, and the target privacy data set is used for indicating the data server to generate a data aggregation result corresponding to the target privacy data set. The data shuffling processing is carried out on the buried point user data, so that the privacy protection degree corresponding to the data aggregation result is enhanced, the usability of the data can be ensured, and meanwhile, the effective data privacy protection can be carried out. Furthermore, a differential privacy parameter can be set to ensure the usability of the data, and the data privacy protection degree corresponding to the data aggregation result can be adjusted by adjusting the shuffle quantity, the shuffle level and the differential privacy parameter.
The following describes in detail a data privacy protecting apparatus provided in an embodiment of the present application with reference to fig. 6. It should be noted that, the data privacy protecting apparatus shown in fig. 6 is used for executing the method of the embodiment shown in fig. 1 to fig. 5 of the present application, and for convenience of description, only the portion related to the embodiment of the present application is shown, and details of the specific technology are not disclosed, please refer to the embodiment shown in fig. 1 to fig. 5 of the present application.
Please refer to fig. 6, which shows a schematic structural diagram of a data privacy protecting apparatus according to an embodiment of the present application. The data privacy protecting apparatus 1 may be implemented by software, hardware or a combination of both as all or a part of an electronic device. According to some embodiments, the data privacy protecting apparatus 1 includes a shuffling module 11, a differential privacy module 12, and a data set sending module 13, and is specifically configured to:
a shuffling module 11, configured to obtain buried point user data corresponding to at least one user terminal, perform data shuffling on each buried point user data, and generate a shuffle buried point data set including at least one shuffle buried point data;
a difference privacy module 12, configured to perform difference privacy processing on each piece of shuffling buried point data in the shuffling buried point data set, and generate a target privacy data set;
and a data set sending module 13, configured to send the target privacy data set to a data server corresponding to the data of the embedded point user, where the target privacy data set is used to instruct the data server to generate a data aggregation result corresponding to the target privacy data set.
Optionally, as shown in fig. 7, the shuffling module 11 includes:
an information determining unit 111, configured to obtain buried point data corresponding to at least one user terminal, and determine data source information carried by each buried point data;
a shuffle processing unit 112, configured to perform data shuffle processing on each of the buried point data based on the data source information carried by each of the buried point data, and generate a shuffle buried point data set including at least one shuffle buried point data.
Optionally, the data source information includes timestamp information corresponding to the buried point data, and the shuffle processing unit 112 is specifically configured to:
and performing mapping relation shuffling processing on timestamp information corresponding to each buried point data by adopting a preset data shuffling mode to generate a shuffling buried point data set containing at least one shuffling buried point data, wherein the shuffling buried point data comprises the buried point data and target timestamp information carried by the buried point data, and the target timestamp information is different from the timestamp information.
Optionally, as shown in fig. 8, the shuffling module 11 includes:
a number determination unit 113 configured to acquire a desired concealment value and a preset differential privacy parameter corresponding to the buried point user data, and determine the number of shuffles of the user terminal based on the desired concealment value and the differential privacy parameter;
a data obtaining unit 114, configured to obtain buried point user data corresponding to each user terminal indicated by the shuffling amount
Optionally, the number determining unit 113 is specifically configured to:
and determining the shuffling quantity of the user terminal corresponding to the expected hiding value and the differential privacy parameter based on the data mapping relation of the reference expected hiding value, the reference shuffling quantity and the reference differential privacy parameter.
Optionally, the number determining unit 113 is specifically configured to:
the reference desired concealment value is less than or equal to the actual concealment value; wherein the product of the reference shuffle number and the differential expansion factor and the differential expansion difference value is the actual concealment value; the actual hiding value is the difference value between the result of the difference expansion factor power of the natural constant e and a preset value; the differential expansion factor is associated with the reference shuffle number, a reference differential privacy parameter, a natural constant e, and the preset value.
Optionally, as shown in fig. 9, the differential privacy module 12 includes:
a privacy processing unit 121, configured to perform local difference privacy processing on the shuffling and burying point data in the shuffling and burying point data set by using a random response algorithm, to obtain target privacy data corresponding to the shuffling and burying point data;
a data set generating unit 122, configured to generate a target privacy data set including each of the target privacy data.
Optionally, as shown in fig. 10, the privacy processing unit 121 includes:
an encoding subunit 1211, configured to perform unique hot encoding processing on each of the shuffling buried point data in the shuffling buried point data set, and generate a unique hot encoding vector corresponding to each of the shuffling buried point data;
the response subunit 1212 is configured to determine a difference privacy parameter based on the service requirement degree corresponding to each piece of shuffling and burying data, and perform random response processing on each unique heat vector based on the difference privacy parameter, so as to obtain target privacy data corresponding to each piece of shuffling and burying data.
It should be noted that, when the data privacy protecting apparatus provided in the foregoing embodiment executes the data privacy protecting method, only the division of the functional modules is illustrated, and in practical applications, the above function distribution may be completed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules, so as to complete all or part of the above described functions. In addition, the data privacy protection apparatus and the data privacy protection method provided by the above embodiments belong to the same concept, and details of implementation processes thereof are referred to in the method embodiments and are not described herein again.
The above-mentioned serial numbers of the embodiments of the present application are merely for description and do not represent the merits of the embodiments.
In the embodiment of the application, embedded point user data corresponding to at least one user terminal is obtained, data shuffling processing is performed on each embedded point user data, a shuffling and embedding data set containing at least one shuffling and embedding data is generated, difference privacy processing is performed on each shuffling and embedding data in the shuffling and embedding data set, a target privacy data set is generated, the target privacy data set is sent to a data service end corresponding to the embedded point user data, and the target privacy data set is used for indicating the data server to generate a data aggregation result corresponding to the target privacy data set. The data shuffling processing is carried out on the buried point user data, so that the privacy protection degree corresponding to the data aggregation result is enhanced, the usability of the data can be ensured, and meanwhile, the effective data privacy protection can be carried out.
An embodiment of the present application further provides a computer storage medium, where the computer storage medium may store a plurality of instructions, and the instructions are suitable for being loaded by a processor and executing the data privacy protection method according to the embodiment shown in fig. 1 to 5, and a specific execution process may refer to specific descriptions of the embodiment shown in fig. 1 to 5, which is not described herein again.
The present application further provides a computer program product, where at least one instruction is stored, where the at least one instruction is loaded by the processor and executes the data privacy protection method according to the embodiment shown in fig. 1 to 5, and a specific execution process may refer to specific descriptions of the embodiment shown in fig. 1 to 5, which is not described herein again.
Referring to fig. 11, a block diagram of an electronic device according to an exemplary embodiment of the present application is shown. The electronic device in the present application may comprise one or more of the following components: a processor 110, a memory 120, an input device 130, an output device 140, and a bus 150. The processor 110, memory 120, input device 130, and output device 140 may be connected by a bus 150.
Processor 110 may include one or more processing cores. The processor 110 connects various parts within the overall electronic device using various interfaces and lines, and performs various functions of the electronic device 100 and processes data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 120 and calling data stored in the memory 120. Alternatively, the processor 110 may be implemented in hardware using at least one of Digital Signal Processing (DSP), field-programmable gate Array (FPGA), and Programmable Logic Array (PLA). The processor 110 may integrate one or more of a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), a modem, and the like. Wherein, the CPU mainly processes an operating system, a user interface, an application program and the like; the GPU is used for rendering and drawing display content; the modem is used to handle wireless communications. It is understood that the modem may not be integrated into the processor 110, but may be implemented by a communication chip.
The Memory 120 may include a Random Access Memory (RAM) or a read-only Memory (ROM). Optionally, the memory 120 includes a non-transitory computer-readable medium. The memory 120 may be used to store instructions, programs, code sets, or instruction sets. The memory 120 may include a program storage area and a data storage area, wherein the program storage area may store instructions for implementing an operating system, instructions for implementing at least one function (such as a touch function, a sound playing function, an image playing function, etc.), instructions for implementing various method embodiments described below, and the like, and the operating system may be an Android (Android) system, including a system based on Android system depth development, an IOS system developed by apple, including a system based on IOS system depth development, or other systems. The data storage area may also store data created by the electronic device during use, such as phone books, audio and video data, chat log data, and the like.
Referring to fig. 12, the memory 120 may be divided into an operating system space, where an operating system is run, and a user space, where native and third-party applications are run. In order to ensure that different third-party application programs can achieve a better operation effect, the operating system allocates corresponding system resources for the different third-party application programs. However, the requirements of different application scenarios in the same third-party application program on system resources are different, for example, in a local resource loading scenario, the third-party application program has a higher requirement on the disk reading speed; in the animation rendering scene, the third-party application program has a high requirement on the performance of the GPU. The operating system and the third-party application program are independent from each other, and the operating system cannot sense the current application scene of the third-party application program in time, so that the operating system cannot perform targeted system resource adaptation according to the specific application scene of the third-party application program.
In order to enable the operating system to distinguish a specific application scenario of the third-party application program, data communication between the third-party application program and the operating system needs to be opened, so that the operating system can acquire current scenario information of the third-party application program at any time, and further perform targeted system resource adaptation based on the current scenario.
Taking an operating system as an Android system as an example, programs and data stored in the memory 120 are as shown in fig. 13, and a Linux kernel layer 320, a system runtime library layer 340, an application framework layer 360, and an application layer 380 may be stored in the memory 120, where the Linux kernel layer 320, the system runtime library layer 340, and the application framework layer 360 belong to an operating system space, and the application layer 380 belongs to a user space. The Linux kernel layer 320 provides underlying drivers for various hardware of the electronic device, such as a display driver, an audio driver, a camera driver, a bluetooth driver, a Wi-Fi driver, power management, and the like. The system runtime library layer 340 provides a main feature support for the Android system through some C/C + + libraries. For example, the SQLite library provides support for a database, the OpenGL/ES library provides support for 3D drawing, the Webkit library provides support for a browser kernel, and the like. Also provided in the system runtime library layer 340 is an Android runtime library (Android runtime), which mainly provides some core libraries that can allow developers to write Android applications using the Java language. The application framework layer 360 provides various APIs that may be used in building an application, and developers may build their own applications by using these APIs, such as activity management, window management, view management, notification management, content provider, package management, session management, resource management, and location management. At least one application program runs in the application layer 380, and the application programs may be native application programs carried by the operating system, such as a contact program, a short message program, a clock program, a camera application, and the like; or a third-party application developed by a third-party developer, such as a game application, an instant messaging program, a photo beautification program, a display program of a notification message, and the like.
Taking an operating system as an IOS system as an example, programs and data stored in the memory 120 are shown in fig. 14, and the IOS system includes: a Core operating system Layer 420(Core OS Layer), a Core Services Layer 440(Core Services Layer), a Media Layer 460(Media Layer), and a touchable Layer 480(Cocoa Touch Layer). The kernel operating system layer 420 includes an operating system kernel, drivers, and underlying program frameworks that provide functionality closer to hardware for use by program frameworks located in the core services layer 440. The core services layer 440 provides system services and/or program frameworks, such as a Foundation framework, an account framework, an advertisement framework, a data storage framework, a network connection framework, a geographic location framework, a motion framework, and so forth, as required by the application. The media layer 460 provides audiovisual interfaces for applications, such as graphics-related interfaces, audio-related interfaces, video-related interfaces, audio-video transmission technology wireless broadcast (Airplay) interfaces, and the like. Touchable layer 480 provides various common interface-related frameworks for application development, and touchable layer 480 is responsible for user touch interaction operations on the electronic device. Such as a local notification service, a remote push service, an advertising framework, a game tool framework, a messaging User Interface (UI) framework, a User Interface UIKit framework, a map framework, and so forth.
In the framework illustrated in FIG. 14, the framework associated with most applications includes, but is not limited to: a base framework in the core services layer 440 and a UIKit framework in the touchable layer 480. The base framework provides many basic object classes and data types, provides the most basic system services for all applications, and is UI independent. While the class provided by the UIKit framework is a basic library of UI classes for creating touch-based user interfaces, iOS applications can provide UIs based on the UIKit framework, so it provides an infrastructure for applications for building user interfaces, drawing, processing and user interaction events, responding to gestures, and the like.
The Android system can be referred to as a mode and a principle for realizing data communication between the third-party application program and the operating system in the IOS system, and details are not repeated herein.
The input device 130 is used for receiving input instructions or data, and the input device 130 includes, but is not limited to, a keyboard, a mouse, a camera, a microphone, or a touch device. The output device 140 is used for outputting instructions or data, and the output device 140 includes, but is not limited to, a display device, a speaker, and the like. In one example, the input device 130 and the output device 140 may be combined, and the input device 130 and the output device 140 are touch display screens for receiving touch operations of a user on or near the touch display screens by using any suitable object such as a finger, a touch pen, and the like, and displaying user interfaces of various applications. Touch displays are typically provided on the front panel of an electronic device. The touch display screen may be designed as a full-face screen, a curved screen, or a profiled screen. The touch display screen can also be designed to be a combination of a full-face screen and a curved-face screen, and a combination of a special-shaped screen and a curved-face screen, which is not limited in the embodiment of the present application.
In addition, those skilled in the art will appreciate that the configurations of the electronic devices illustrated in the above-described figures do not constitute limitations on the electronic devices, which may include more or fewer components than illustrated, or some components may be combined, or a different arrangement of components. For example, the electronic device further includes a radio frequency circuit, an input unit, a sensor, an audio circuit, a wireless fidelity (Wi-Fi) module, a power supply, a bluetooth module, and other components, which are not described herein again.
In the embodiment of the present application, the main body of execution of each step may be the electronic device described above. Optionally, the execution subject of each step is an operating system of the electronic device. The operating system may be an android system, an IOS system, or another operating system, which is not limited in this embodiment of the present application.
The electronic device of the embodiment of the application can also be provided with a display device, and the display device can be various devices capable of realizing a display function, for example: a cathode ray tube (CR) display, a light-emitting diode (LED) display, an electronic ink panel, a Liquid Crystal Display (LCD), a Plasma Display Panel (PDP), and the like. A user may utilize a display device on the electronic device 101 to view information such as displayed text, images, video, and the like. The electronic device may be a smartphone, a tablet computer, a gaming device, an AR (Augmented Reality) device, an automobile, a data storage device, an audio playback device, a video playback device, a notebook, a desktop computing device, a wearable device such as an electronic watch, an electronic glasses, an electronic helmet, an electronic bracelet, an electronic necklace, an electronic garment, or the like.
In the embodiment of the application, embedded point user data corresponding to at least one user terminal is obtained, data shuffling processing is performed on each embedded point user data, a shuffling and embedding data set containing at least one shuffling and embedding data is generated, difference privacy processing is performed on each shuffling and embedding data in the shuffling and embedding data set, a target privacy data set is generated, the target privacy data set is sent to a data service end corresponding to the embedded point user data, and the target privacy data set is used for indicating the data server to generate a data aggregation result corresponding to the target privacy data set. The data shuffling processing is carried out on the buried point user data, so that the privacy protection degree corresponding to the data aggregation result is enhanced, the usability of the data can be ensured, and meanwhile, the effective data privacy protection can be carried out.
It is clear to a person skilled in the art that the solution of the present application can be implemented by means of software and/or hardware. The "unit" and "module" in this specification refer to software and/or hardware that can perform a specific function independently or in cooperation with other components, where the hardware may be, for example, a Field-Programmable Gate Array (FPGA), an Integrated Circuit (IC), or the like.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present application is not limited by the order of acts described, as some steps may occur in other orders or concurrently depending on the application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required in this application.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus may be implemented in other manners. For example, the above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implementing, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of some service interfaces, devices or units, and may be an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable memory. Based on such understanding, the technical solution of the present application may be substantially implemented or a part of or all or part of the technical solution contributing to the prior art may be embodied in the form of a software product stored in a memory, and including several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned memory comprises: various media capable of storing program codes, such as a usb disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by hardware associated with instructions of a program, which may be stored in a computer-readable memory, which may include: flash disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
The above description is only an exemplary embodiment of the present disclosure, and the scope of the present disclosure should not be limited thereby. That is, all equivalent changes and modifications made in accordance with the teachings of the present disclosure are intended to be included within the scope of the present disclosure. Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

Claims (10)

1. A method for protecting data privacy, the method comprising:
acquiring buried point user data corresponding to at least one user terminal, and performing data shuffling processing on each buried point user data to generate a shuffling buried point data set containing at least one shuffling buried point data;
carrying out differential privacy processing on the shuffling buried point data in the shuffling buried point data set to generate a target privacy data set;
and sending the target privacy data set to a data server corresponding to the data of the embedded point user, wherein the target privacy data set is used for indicating the data server to generate a data aggregation result corresponding to the target privacy data set.
2. The method of claim 1, wherein the obtaining of the buried point user data corresponding to at least one user terminal, and the data shuffling of each buried point user data to generate a shuffle buried point data set comprising at least one shuffle buried point data, comprises:
acquiring buried point user data corresponding to at least one user terminal, and determining data source information carried by each buried point user data;
and performing data shuffling processing on the buried point user data based on data source information carried by the buried point user data to generate a shuffling buried point data set containing at least one shuffling buried point data.
3. The method of claim 2, wherein the data source information includes timestamp information corresponding to the buried point user data, and wherein generating a shuffle buried point data set including at least one shuffle buried point data by performing data shuffling on each buried point user data based on the data source information carried by each buried point user data comprises:
and performing mapping relation shuffling processing on timestamp information corresponding to each buried point user data by adopting a preset data shuffling mode to generate a shuffling buried point data set containing at least one shuffling buried point data, wherein the shuffling buried point data comprises the buried point user data and target timestamp information carried by the buried point user data, and the target timestamp information is different from the timestamp information.
4. The method of claim 1, wherein the obtaining of the buried point user data corresponding to at least one user terminal comprises:
acquiring an expected hiding value and a preset differential privacy parameter corresponding to the buried point user data, and determining the shuffling number of the user terminal based on the expected hiding value and the differential privacy parameter;
and acquiring buried point user data corresponding to each user terminal indicated by the shuffling number.
5. The method of claim 4, wherein determining the number of shuffles of user terminals to acquire based on the desired concealment value and the differential privacy parameter comprises:
and determining the shuffling quantity of the user terminal corresponding to the expected hiding value and the differential privacy parameter based on the data mapping relation of the reference expected hiding value, the reference shuffling quantity and the reference differential privacy parameter.
6. The method of claim 5, wherein the data mapping relationship of the reference desired privacy value, the reference shuffle number, and the reference differential privacy parameter is:
the reference desired concealment value is less than or equal to the actual concealment value;
wherein the product of the reference shuffle number and the differential expansion factor and the differential expansion difference value is the actual concealment value; the actual hiding value is the difference value between the result of the difference expansion factor power of the natural constant e and a preset value; the differential expansion factor is associated with the reference shuffle number, a reference differential privacy parameter, a natural constant e, and the preset value.
7. The method of claim 1, wherein said performing differential privacy processing on each of said shuffle burial point data in said shuffle burial point data set to generate a target privacy data set, comprises:
performing local differential privacy processing on the shuffling buried point data in the shuffling buried point data set by adopting a random response algorithm to obtain target privacy data corresponding to the shuffling buried point data;
a target privacy data set is generated that includes each of the target privacy data.
8. The method of claim 7, wherein said performing local differential privacy processing on each said shuffle buried point data in said shuffle buried point data set using a random response algorithm to obtain target privacy data corresponding to each said shuffle buried point data, comprises:
carrying out single-hot coding processing on the shuffling buried point data in the shuffling buried point data set to generate a single-hot coding vector corresponding to each shuffling buried point data;
and determining a difference privacy parameter based on the service demand degree corresponding to each shuffling and burying point data, and respectively carrying out random response processing on each unique heat vector based on the difference privacy parameter to obtain target privacy data corresponding to each shuffling and burying point data.
9. A computer storage medium, characterized in that it stores a plurality of instructions adapted to be loaded by a processor and to carry out the method steps according to any one of claims 1 to 8.
10. An electronic device, comprising: a processor and a memory; wherein the memory stores a computer program adapted to be loaded by the processor and to perform the method steps of any of claims 1 to 8.
CN202110449811.XA 2021-04-25 2021-04-25 Data privacy protection method and device, storage medium and electronic equipment Active CN113158244B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110449811.XA CN113158244B (en) 2021-04-25 2021-04-25 Data privacy protection method and device, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110449811.XA CN113158244B (en) 2021-04-25 2021-04-25 Data privacy protection method and device, storage medium and electronic equipment

Publications (2)

Publication Number Publication Date
CN113158244A true CN113158244A (en) 2021-07-23
CN113158244B CN113158244B (en) 2024-05-17

Family

ID=76870629

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110449811.XA Active CN113158244B (en) 2021-04-25 2021-04-25 Data privacy protection method and device, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN113158244B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113343191A (en) * 2021-08-04 2021-09-03 广东南方电信规划咨询设计院有限公司 Network information security protection method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112182638A (en) * 2020-08-20 2021-01-05 中国海洋大学 Histogram data publishing method and system based on localized differential privacy model
CN112288324A (en) * 2020-11-20 2021-01-29 支付宝(杭州)信息技术有限公司 Equipment risk detection method and device based on privacy protection
CN112329056A (en) * 2020-11-03 2021-02-05 石家庄铁道大学 Government affair data sharing-oriented localized differential privacy method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112182638A (en) * 2020-08-20 2021-01-05 中国海洋大学 Histogram data publishing method and system based on localized differential privacy model
CN112329056A (en) * 2020-11-03 2021-02-05 石家庄铁道大学 Government affair data sharing-oriented localized differential privacy method
CN112288324A (en) * 2020-11-20 2021-01-29 支付宝(杭州)信息技术有限公司 Equipment risk detection method and device based on privacy protection

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
柯海峰: ""基于差分隐私的数据发布技术研究与实现"", 《中国优秀硕士学位论文全文数据库信息科技辑》, no. 6, pages 138 - 129 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113343191A (en) * 2021-08-04 2021-09-03 广东南方电信规划咨询设计院有限公司 Network information security protection method and system
CN113343191B (en) * 2021-08-04 2022-05-27 广东南方电信规划咨询设计院有限公司 Network information security protection method and system

Also Published As

Publication number Publication date
CN113158244B (en) 2024-05-17

Similar Documents

Publication Publication Date Title
CN108595970B (en) Configuration method and device of processing assembly, terminal and storage medium
CN112214653B (en) Character string recognition method and device, storage medium and electronic equipment
KR20160015727A (en) Method and apparatus for visualizing music information
CN111767554B (en) Screen sharing method and device, storage medium and electronic equipment
CN112653670B (en) Business logic vulnerability detection method and device, storage medium and terminal
CN112839223B (en) Image compression method, image compression device, storage medium and electronic equipment
CN112231617A (en) Service call checking method and device, storage medium and electronic equipment
CN111124668A (en) Memory release method and device, storage medium and terminal
CN111127469A (en) Thumbnail display method, device, storage medium and terminal
CN112506878A (en) File processing method and device, storage medium and electronic equipment
CN113158244B (en) Data privacy protection method and device, storage medium and electronic equipment
WO2024067319A1 (en) Method and system for creating stickers from user-generated content
CN113438614A (en) Flow package obtaining method and device, terminal and storage medium
CN113098859B (en) Webpage page rollback method, device, terminal and storage medium
CN113836538A (en) Data model processing method, device, server and storage medium
CN115145660A (en) Multimedia playing method, device, storage medium and terminal equipment
CN110917625B (en) Game equipment display method and device, electronic equipment and storage medium
CN111538997A (en) Image processing method, image processing device, storage medium and terminal
CN113419650A (en) Data moving method and device, storage medium and electronic equipment
CN113490028A (en) Video processing method, device, storage medium and terminal
CN113286349A (en) Personal hotspot connection method, device, terminal and storage medium
CN113950043A (en) Communication method, communication apparatus, storage medium, and terminal
CN110602513A (en) Information processing method and device and electronic equipment
CN115314588B (en) Background synchronization method, device, terminal, equipment, system and storage medium
CN113692026B (en) Network connection method, device, terminal and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20230725

Address after: 1301, Office Building T2, Qianhai China Resources Financial Center, No. 55 Guiwan Fourth Road, Nanshan Street, Qianhai Shenzhen-Hong Kong Cooperation Zone, Shenzhen, Guangdong Province, 518052

Applicant after: Shenzhen Hefei Technology Co.,Ltd.

Address before: Changan town in Guangdong province Dongguan 523860 usha Beach Road No. 18

Applicant before: GUANGDONG OPPO MOBILE TELECOMMUNICATIONS Corp.,Ltd.

GR01 Patent grant
GR01 Patent grant