JP2017203904A - Privacy protection device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a privacy protection device capable of providing individual data which meet a differential privacy reference and improve practicality.SOLUTION: A privacy protection device 10 comprises: an input part 11 for receiving an input of first individual data; a total part 12 for generating first total data by totaling the first individual data received by the input part 11; a random number application part 13 for generating second total data by applying a random number of a predetermined strength to the first total data; a precision part 14 for generating, from the second total data, third total data of which each element is an integer that is not a negative value, and the total sum of all the elements is equal to a total sum of all elements of the second total data; an individual generation part 15 for generating second individual data from the third total data; and an output part 16 for outputting the second individual data.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a privacy protection device.

  In recent years, in the information security field and the database processing field, various new standards and methods for publishing useful data while protecting privacy have been proposed. These technologies are called privacy protection data publishing (PPDP) technology. However, these PPDP technologies have different assumptions regarding the objectives, abilities, and background knowledge of attackers, and it is difficult to discuss their safety in general, so it is easy to apply them to actual data utilization. is not. In other words, when these technologies are actually applied, it is required to appropriately determine “based on which privacy protection standards should be used to protect privacy” for each nature and application of the data to be handled. However, it is practically difficult to make this determination in all data utilization.

  Therefore, a differential privacy standard (differential privacy) has attracted attention (see Patent Document 1, Patent Document 2, and Non-Patent Documents 1 to 3). This differential privacy standard is a privacy protection standard based on the safety of "difficulty in determining whether or not a person is included in the database that is the original data for creating processed data". It is. Differential privacy standards, unlike many other privacy protection standards, have the excellent property that they are given mathematical security against attackers with arbitrary background knowledge and unknown attacks. Means that meet the differential privacy criteria are called "mechanism". A typical Laplace mechanism is a differential privacy mechanism. The Laplace mechanism can be realized by a simple means of “adding Laplace noise to the inquiry result”.

  The Laplace mechanism can easily and quickly create aggregate data that satisfies the differential privacy standard. However, the original data before aggregation, that is, individual vote data cannot be directly used for anonymization so as to satisfy the differential privacy standard. As a means for anonymizing individual vote data so as to satisfy the differential privacy standard, a method based on PRAM (Post Randomization), that is, the value of each record included in the individual vote data is changed with a predetermined probability. There is a method to change the value. In the method that satisfies the differential privacy standard based on PRAM, the strength (safety) of the differential privacy obtained by applying this method changes depending on the probability of changing the value. (See Non-Patent Document 4)

JP 2012-133320 A JP 2006-012074 A

Cynthia Dwork. Differential Privacy. In Michele Bugliesi, BartPreneel, Vladimiro Sassone, and Ingo Wegener, editors, Proc. 33rd intl.conf. Autom ata, Languages and Programming-Volume Part II, Vol. 1-12. Springer, 2006. Cynthia Dwork. Differential privacy: a survey of results.In Proc.5th intl.conf.Theory and applications of models of computation, pp.1-19.Springer-Verlag, April 2008. Masayuki Terada, 3 others, Application of differential privacy to large-scale aggregate data, IPSJ Transactions, Vol. 56, No. 9, pp. 1801-1816, September 2015. Dai Ikarashi et al., K-anonymous microdata release via postrandomisation method, eprint arXiv, Vol. 1504.05353, pp. 1-22, 2015.

  However, if anonymized personal data with sufficient security is generated by a method based on PRAM, it is necessary to change the value of the record with a very high probability. Therefore, the usefulness of data is greatly impaired in order to provide sufficient safety.

  The present invention has been made in view of the above problems, and an object of the present invention is to provide a privacy protection device that satisfies the differential privacy standard and can provide highly useful individual slip data.

  A privacy protection device according to an aspect of the present invention is a privacy protection device that receives input of first piece data including a plurality of records and outputs second piece data, and includes first piece data. Input means for accepting the input, a summing means for generating the first aggregated data by aggregating the first individual vote data received by the input means, and a predetermined strength for the first aggregated data Random number assigning means for generating the second aggregated data by assigning random numbers, and from the second aggregated data, each element is an integer that is not a negative value, and the sum of all the elements is the second Refinement means for generating third total data, which is equal to the sum of all elements of the total data, individual form generation means for generating second individual form data from the third total data, and second individual form Output that outputs data It includes a stage, a.

  In this privacy protection device, random numbers are assigned to the first aggregated data to generate second aggregated data. Thus, for example, the value of the record of the individual slip data is not directly changed by PRAM or the like, but a random number is given to the aggregated data, so that the difference privacy standard can be set without significantly impairing the usefulness of the data. It is possible to generate aggregate data that satisfies the requirement. Here, the second tabulated data to which random numbers are assigned may include a negative value or a small number of elements. Due to the inclusion of the element, individual vote data may not be generated from the aggregated data after the random number is assigned. In this respect, the third aggregated data is generated by generating the third aggregate data in which each element is an integer that is not a negative value and the sum of the elements is equal to the sum of all the elements of the second aggregate data. It is possible to generate the second individual vote data corresponding to. Since the second individual vote data is based on the third aggregate data generated from the second aggregate data, the second privacy data satisfies the differential privacy standard and is highly useful, like the second aggregate data. As described above, according to the present invention, it is possible to provide individual vote data that satisfies the differential privacy standard and is highly useful.

  In the privacy protection apparatus, the elaboration unit may generate the third aggregated data by performing a nearest neighbor search on elements of the second aggregated data. Thereby, the second individual form data can have a record structure similar to the first individual form data. As a result, the usefulness of the second individual vote data can be improved.

  According to the present invention, it is possible to provide individual vote data that satisfies the differential privacy standard and is highly useful.

It is a figure showing roughly the composition of the privacy protection device concerning a 1st embodiment. It is a hardware block diagram of the privacy protection apparatus of FIG. It is a flowchart which shows a series of processes of the privacy protection method performed by the privacy protection apparatus of FIG.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings. In the description of the drawings, the same reference numerals are used for the same or equivalent elements, and redundant descriptions are omitted.

[First Embodiment]
FIG. 1 is a diagram schematically showing the configuration of the privacy protection device according to the first embodiment. As shown in FIG. 1, the privacy protection device 10 is a device that inputs first piece data D including a plurality of records and outputs second piece data D +. It is comprised by the information processing apparatus. The privacy protection device 10 applies privacy protection processing to the first individual data D to prevent leakage of information (personal information) related to the privacy of people included in the database when the individual data is disclosed. For example, the privacy protection device 10 protects privacy in providing and disclosing information such as sales history in stores and location information by GPS.

  The first individual slip data D is a processing target of privacy protection processing by the privacy protection device 10. The first individual vote data D is a database composed of one or more records each associated with an individual, and each record has one or more attribute values. That is, it is expressed as a multiset based on each record.

  Details will be described below. A record associated with a certain individual i is assumed to be x_i. x_i is composed of a set (order pair) of d attribute values x_ {ij} representing some information about the individual. The jth attribute value in any record belongs to the set A_j. Here, A_j is called an attribute, and the direct product A = A_1 × A_2 ×... × A_d of all attributes is called an attribute space.

At this time, the individual slip data D composed of n records is represented as the following n-element multiple set, where the attribute space A is an underlying set. In addition, {{•}} is a multiple set, (•) is an ordered pair, and {} is a symbol representing the set. D, x_i, and A are represented by the following formulas (1) to (3).
D = {{x_1, x_2, ..., x_n}} (1)
x_i = (x_ {i1}, x_ {i2}, ..., x_ {id}) ... (2)
A = A_1 × A_2 ×… × A_d (3)

  Here, the reason why the individual data D is expressed as a multiple set (not a set or an ordered pair) is that there can be a plurality of records having the same combination of attribute values in the individual data, and the arrangement order of the records. This is because individual vote data that differ only should be regarded as equivalent.

  Functionally, the privacy protection device 10 includes an input unit 11 (input unit), a totaling unit 12 (totaling unit), a random number assigning unit 13 (random number providing unit), and a refining unit 14 (refining unit). , An individual form generation unit 15 (individual form generation means) and an output unit 16 (output means). The privacy protection device 10 is configured by hardware shown in FIG.

  FIG. 2 is a hardware configuration diagram of the privacy protection device 10. As shown in FIG. 2, the privacy protection device 10 is physically composed of one or a plurality of CPUs (Central Processing Units) 101, a main storage device RAM (Random Access Memory) 102, and a ROM (Read Only Memory) 103. A computer including hardware such as a communication module 104 which is a data transmission / reception device, an auxiliary storage device 105 such as a hard disk device, an input device 106 which accepts user input such as a keyboard, and an output device 107 such as a display . Each function of the privacy protection device 10 in FIG. 1 is configured such that one or a plurality of predetermined computer software is loaded on hardware such as the CPU 101 and the RAM 102, thereby controlling the communication module 104, the input device 106, and the like. This is realized by operating the output device 107 and reading and writing data in the RAM 102 and the auxiliary storage device 105.

  Returning to FIG. 1, the functional configuration of the privacy protection device 10 will be described in detail. The input unit 11 functions as an input unit that receives input of the first individual slip data D. The input unit 11 receives the first individual form data D from the outside of the privacy protection device 10 and outputs the received first individual form data D to the totaling unit 12.

  The tabulation unit 12 functions as a tabulation unit that generates the first tabulation data V by tabulating the first individual vote data D received by the input unit 11. The first aggregated data V is a set of values obtained by counting the number of records having attribute values (or combinations of attribute values) satisfying a predetermined condition in the first individual data D.

When A is the attribute space of D, the number of records belonging to the subspace C_k of A is Count (D, C_k) =. This is called a count query result. At this time, for the aggregation condition C = (C_1, C_2, ..., C_p), which is an ordered pair consisting of arbitrary C_k, the first aggregation data V is the count inquiry result Count corresponding to each element of C It is shown by the following formula (4) as an ordered pair consisting of (D, C_k).
V (D, C) = (v_1, v_2, ..., v_p), v_k = Count (D, C_k) (4)

  In creating the first aggregated data V, the direct product of disjoint subsets of the attribute range A_j of each attribute is generally used as the aggregate condition C. At this time, the aggregated data is called a contingency table. Each value v_j in the contingency table is called a cell or a cell value.

  Furthermore, in the first aggregated data V having A = {a_1, a_2, ..., a_p} as the attribute space, c_i = {a_i}, that is, each element c_i of the aggregation condition is any element of the attribute space. It is a set including only and can be associated with all elements without duplication (having a one-to-one correspondence). The first aggregated data V is a contingency table, and a contingency table with finer aggregation conditions cannot be created. Therefore, this is hereinafter referred to as a complete contingency table. The number of cells | V | in the complete contingency table is equal to the A concentration | A |.

  At this time, each element v_i in the complete contingency table V is none other than the multiplicity m_D (a_i) of the element a_i of the attribute space A that is the set in the first piece data D that is the multiset. . Since an arbitrary multiset is uniquely defined by the base set and the multiplicity of each element, D is uniquely determined if a set of (V, A) is given. From this, the following theorem holds.

  (Theorem 1) Let f_A be a map that generates a complete contingency table V, which is the first aggregated data, from the first piece of data D having the attribute space A (V = f_A (D)). At this time, f_A has an inverse map f ^ {-1} _A such that D = f ^ {-1} _A (V).

  The first total data V generated by the totaling unit 12 is an arbitrary contingency table generated from the first piece of data, but is preferably a complete contingency table from the above theorem.

  The random number assigning unit 13 functions as a random number assigning unit that generates the second aggregated data V * by giving a random number having a predetermined strength to the first aggregated data V. Here, the second aggregated data V * satisfies the differential privacy standard. The random number is a random number that can satisfy the differential privacy standard by addition. As such random numbers, for example, Laplace noise (Laplace random number) that is a random number according to the Laplace distribution, geometric noise (geometric random number) that is a random number according to the geometric distribution, or the like is used. A means for satisfying the differential privacy standard by applying Laplace noise is called a Laplace mechanism, and a means for satisfying the differential privacy standard by applying geometric noise is called a geometric mechanism.

  A description will be given using Laplace noise as a random number. Here, the Laplace noise is a random number extracted independently from a Laplace distribution which is a kind of probability distribution. Let Lap (λ) be Laplace noise generated according to Laplace distribution with mean 0 and scale λ. Specifically, by generating the second total data V * by adding the independently generated Lap (1 / ε) to all elements included in the first total data V The second aggregated data V * is guaranteed to satisfy the safety strength of ε-difference privacy.

  When geometric noise is used as a random number, the Laplace noise may be replaced with geometric noise. Also in this case, it is possible to obtain the second aggregated data V * satisfying the differential privacy having the safety strength corresponding to the geometric noise scale to be used.

  In this way, by using Laplace noise (Laplace random number), which is a random number according to the Laplace distribution, and geometric noise (geometric random number), which is a random number according to the geometric distribution, it is guaranteed that the second aggregated data V * satisfies the differential privacy standard. Is done.

  The refinement unit 14 determines from the second aggregated data V * that each element is an integer that is not a negative value, and all the elements are equal to the sum of all the elements of the second aggregated data V *. 3 functions as an elaboration means for generating the total data V +. That is, the refinement unit 14 determines that each element is not a negative value, each element is an integer, and the total sum of all elements is included in the second aggregated data V * from the second aggregated data V *. 3rd total data V + which satisfy | fills all the constraints that it is equal to the sum total of all the elements to be generated is produced | generated.

  A method for generating the third aggregated data V + is arbitrary as long as V + satisfies all of the above-described constraints. To simplify, for example, all elements with negative values in V * are set to 0, and fractional values are rounded down, and constants are added to or subtracted from V * elements evenly so that the totals match. Thus, it is possible to generate the third aggregated data V + that satisfies all the above-described constraint conditions. However, the method for generating the third total data V + in the refinement unit 14 is not limited to this method.

  The individual form generation unit 15 functions as individual form generation means for generating second individual form data D + from the third tabulated data V + by a predetermined procedure. As described above, if the third tabulated data V + is a complete contingency table, each element of V + represents the multiplicity of the corresponding element in the table set A of the first individual data D. For example, for an element v_i of a certain V +, v_i corresponds to the element a_i = (male, 30s) of A, and v_i = 3. At this time, the second individual vote data D + means that three records (male, 30s) are included.

  The output unit 16 functions as an output unit that outputs the second individual form data D + generated by the individual form generation unit 15. The output unit 16 receives the second piece data D + from the piece generation unit 15 and outputs the received second piece data D + to the outside of the privacy protection device 10. For example, the output unit 16 outputs the second individual form data D + to a public database, and creates a database including the individual form data in which privacy is protected.

  Next, processing of the privacy protection method executed by the privacy protection apparatus 10 described above will be described with reference to FIG. FIG. 3 is a flowchart showing a series of processes of the privacy protection method executed by the privacy protection apparatus 10 of FIG.

  As shown in FIG. 3, first, the input of the first individual slip data D is accepted by the input unit 11 (step S1). Then, the first individual form data D is output to the totaling unit 12 by the input unit 11, and the first individual form data D is totaled by the totaling unit 12 to generate the first total data V (step S2). ).

  Subsequently, a random number with a predetermined strength is assigned to the first aggregated data V by the random number assigning unit 13 to generate second aggregated data V * (step S3). Then, the refinement unit 14 determines from the second aggregated data V * that each element is an integer that is not a negative value, and all the elements are equal to the sum of all the elements of the second aggregated data V *. Third aggregate data V + is generated (step S4).

  Subsequently, the individual vote generation unit 15 generates second individual vote data D + from the third tabulated data V + by a predetermined procedure (step S5). Finally, the output unit 16 outputs the second individual piece data D + generated by the individual piece generation unit 15 to the outside (step S6). The above is the processing of the privacy protection method executed by the privacy protection device 10.

  Next, the effect of the privacy protection apparatus 10 is demonstrated.

  As described above, the privacy protection device 10 is a privacy protection device that receives the input of the first individual piece data D including a plurality of records and outputs the second individual piece data D +. An input unit 11 that receives input of data D, a totaling unit 12 that generates first aggregated data V by aggregating first individual form data D received by the input unit 11, and first aggregated data V From the random number assigning unit 13 that generates the second aggregated data V * by assigning a random number having a predetermined strength to the above, and from the second aggregated data V *, each element is an integer that is not a negative value. Yes, the refinement unit 14 for generating the third aggregated data V + in which the sum of all the elements is equal to the sum of all the elements of the second aggregated data V *, and the second from the third aggregated data V + The individual form generating unit 15 for generating the individual form data D +, and the second form data D + And an output unit 16 for outputting the individual slip data D +.

  In this privacy protection device 10, random numbers are assigned to the first aggregated data V to generate second aggregated data V *. Thus, for example, the value of the record of the individual slip data is not directly changed by PRAM or the like, but a random number is given to the aggregated data, so that the difference privacy standard can be set without significantly impairing the usefulness of the data. It is possible to generate aggregate data that satisfies the requirement. Here, the second aggregated data V * to which random numbers are assigned may include a negative value or a small number of elements. Due to the inclusion of the element, individual vote data may not be generated from the aggregated data after the random number is assigned. In this respect, the third aggregated data V + is generated by generating the third aggregated data V + in which each element is an integer that is not a negative value and the sum of the elements is equal to the sum of all the elements of the second aggregated data V *. It is possible to generate the second individual slip data D + corresponding to the total data V +. Since the second individual data D + is based on the third total data V + generated from the second total data V *, the second privacy data satisfies the differential privacy standard and is useful like the second total data V *. The nature is also high. As described above, according to the present invention, it is possible to provide individual vote data that satisfies the differential privacy standard and is highly useful.

[Second Embodiment]
Next, the privacy protection apparatus 10 according to the second embodiment of the present invention will be described. As described in the first embodiment, in the privacy protection device 10, the elaboration unit 14 determines that each element is not a negative value, each element is an integer, and all of the second aggregated data V *. The third aggregated data V + is generated that satisfies all of the constraints that the sum of all the elements is equal to the sum of all the elements included in the second aggregated data V *. Here, in order to obtain the highly useful second individual slip data D + that better retains the properties of the first individual slip data D in the individual slip generator 15, the second aggregated data V * and It is desirable that the third aggregated data V + take values close to each other.

  Therefore, in the privacy protection device 10 according to the second embodiment, the elaboration unit 14 generates the third aggregated data V + from the second aggregated data V * by nearest neighbor search from the data satisfying the constraint conditions. Functions as an elaboration means. About another structure, it is the same as that of 1st Embodiment.

  That is, the elaboration unit 14 in the second embodiment generates the third total data V + by performing a nearest neighbor search on the elements of the second total data V *. The nearest neighbor search in the refinement unit 14 is a non-negative integer lattice on the n-1 dimensional hyperplane Z that satisfies the above constraints when the second aggregated data V * is regarded as a point on an n dimensional vector space. This corresponds to searching for a point closest to V * among the points. This hyperplane Z includes the first aggregated data V, and at any point of Z, the primary norm from the origin is equal to the primary norm from the origin of V.

  This search can be obtained simply by counting all the lattice points that satisfy the above-mentioned constraint conditions and selecting data having the shortest distance from the second aggregated data V *. Various definitions of this distance can be considered. For example, various norms such as L1 norm and L2 norm (Euclidean distance) and distances based on statistics between samples such as KS-distance may be used, but are not limited thereto.

  Further, when it is difficult in terms of calculation amount to count all the data satisfying the above-described constraint conditions, it is also desirable to perform the nearest neighbor search using a data structure for efficiently performing the nearest neighbor search. An example of such a data structure is a kd tree, but is not limited thereto.

  According to such a privacy protection device 10, the second individual form data D + can have a record configuration similar to the first individual form data D. Thus, the usefulness of the second individual vote data D + can be improved.

  DESCRIPTION OF SYMBOLS 10 ... Privacy protection apparatus, 11 ... Input part (input means), 12 ... Counting part (counting means), 13 ... Random number giving part (random number giving means), 14 ... Refinement part (refining means), 15 ... Individual vote Generating unit (individual generating unit), 16... Output unit (outputting unit), D... 1st individual form data, D +... 2nd individual form data, V... First aggregated data, V *. Aggregated data, V + ... third aggregated data.

Claims (2)

A privacy protection device that receives input of first piece data including a plurality of records and outputs second piece data,
An input means for receiving input of the first individual vote data;
Tally means for generating first tally data by tallying the first individual form data received by the input means;
Random number providing means for generating second aggregated data by assigning a random number having a predetermined strength to the first aggregated data;
From the second aggregated data, third aggregated data is generated in which each element is an integer that is not a negative value and the sum of all the elements is equal to the sum of all the elements of the second aggregated data Elaboration means,
Individual vote generating means for generating the second individual vote data from the third tabulated data;
A privacy protection device comprising: output means for outputting the second individual vote data.   The privacy protection device according to claim 1, wherein the elaboration unit generates the third aggregated data by performing a nearest neighbor search on elements of the second aggregated data.

Images