WO2010083654A1 - Method and related device for realizing protection of the privacy of user location information - Google Patents

Method and related device for realizing protection of the privacy of user location information Download PDF

Info

Publication number
WO2010083654A1
WO2010083654A1 PCT/CN2009/070296 CN2009070296W WO2010083654A1 WO 2010083654 A1 WO2010083654 A1 WO 2010083654A1 CN 2009070296 W CN2009070296 W CN 2009070296W WO 2010083654 A1 WO2010083654 A1 WO 2010083654A1
Authority
WO
WIPO (PCT)
Prior art keywords
location
condition
update information
mobile terminal
location update
Prior art date
Application number
PCT/CN2009/070296
Other languages
French (fr)
Chinese (zh)
Inventor
谢俊清
Original Assignee
阿尔卡特朗讯公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 阿尔卡特朗讯公司 filed Critical 阿尔卡特朗讯公司
Priority to CN2009801550491A priority Critical patent/CN102293021A/en
Priority to PCT/CN2009/070296 priority patent/WO2010083654A1/en
Publication of WO2010083654A1 publication Critical patent/WO2010083654A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/02Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
    • H04W8/08Mobility data transfer
    • H04W8/10Mobility data transfer between location register and external networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data

Definitions

  • the present invention relates to the processing of location information of users in a communication network, and more particularly to location servers, mobile terminals and related methods for protecting location information of users. Background technique
  • LBS location-based services
  • GPS-enabled LBS location consumption modes there are two GPS-enabled LBS location consumption modes: self-use and public use.
  • Personal navigation is a typical case where GPS locations are used by themselves (ie, locally consumed) in mobile devices.
  • the GPS location is commonly used: The mobile device typically sends a location update to a particular component of the location server, and then the LBS will consume the location and perform the appropriate action.
  • a key issue with location servers is how to protect the privacy of end users because location is private information for end users.
  • location is disclosed to an unauthorized entity, it can have a negative impact.
  • GPS is the most accurate positioning technique currently used to determine the position of a user. Therefore, for location servers, it is especially important to implement strong and flexible privacy controls for GPS locations.
  • PCP Privacy Check Protocol
  • LS Location Server
  • PCE Location Privacy Checking Entity
  • MLS generic Mobile Location Services
  • the PCE implements a location access control decision and a virtual ID/real ID mutual mapping (pseudonym/ver inym mediat ion).
  • these specifications only focus on the protocol and do not define any details on how to implement the PCE.
  • the PCE is designed for general location rather than GPS location.
  • the Fi reEag le platform from Yahoo does not provide a location licensing mechanism that allows users to configure location accuracy levels for different applications.
  • the accuracy level comes from the exact location (for example, GPS location and detailed physical address), zip code, adjacent/local area, metropolitan area, county, country.
  • the end user only provides the GPS position, there is no way to adjust the precision further.
  • the positional accuracy from FireEagle is independent of the rules and cannot be adjusted based on the current time and position of the end user. Therefore, this model is not powerful and flexible for adjusting their GPS position. Summary of the invention
  • the present invention provides a method of processing location information on a location server, the method comprising receiving location update information from a mobile terminal and requesting, by the target application, the location update information from the location server, wherein The method further includes: pre-storing at least one rule for the mobile terminal, the at least one rule including a condition part and an action part; generating a package when receiving location update information from the mobile terminal a decision request including the location update information and the at least one condition parameter; comparing the at least one condition parameter in the decision request with the condition portion; and if the at least one condition parameter matches the condition portion And executing the action specified in the action part for the target application.
  • the condition part is at least one of an identifier, a time period, and a moving area of the target application, and in a case where the condition part is an identifier of the target application, At least one condition parameter is an identifier of a target application requesting the GPS location information from the location server; where the condition portion is a time period, the at least one condition parameter is receiving GPS location information from the mobile terminal The current time; and, in the case where the condition portion is a mobile area, the at least one condition parameter is a mobile area of the mobile terminal.
  • the present invention also provides a location server for use in a communication network, comprising: means for receiving location update information from a mobile terminal; and means for providing the location update information to the target application, wherein the location server further comprises And a user data storage device, configured to pre-store at least one rule for the mobile terminal, where the at least one rule includes a condition part and an action part; and the decision request generating apparatus is configured to generate, when receiving the location update information from the mobile terminal, a decision request including the location update information and the at least one condition parameter; a rule calculation device, configured to compare the at least one condition parameter in the decision request with the condition portion; and a decision result execution device, if The at least one condition parameter is matched with the condition portion, and the action specified by the action portion is performed for the target application.
  • the present invention also relates to a method of processing location information on a mobile terminal, comprising receiving location update information from a location device and transmitting the location update information to a location server, wherein the method further comprises: pre-targeting the mobile terminal Storing at least one rule, the at least one rule including a condition part and an action part; and when receiving the location update information, generating a decision request including the location update information and the at least one condition parameter; At least one condition parameter is associated with the condition portion Comparing; and, if the at least one condition parameter matches the conditional portion, performing an action specified by the action portion for the location server.
  • the action specified by the action portion is to inhibit transmission of the location update information to the location server.
  • the present invention also relates to a mobile terminal equipped with a positioning function, comprising: means for receiving location update information from a positioning device; and means for providing the location update information to the location server, wherein the mobile terminal further comprises: a user data storage device And at least one rule is pre-stored for the mobile terminal, where the at least one rule includes a condition part and an action part; and the decision request generating means is configured to: when the location update information is received from the positioning apparatus, generate the location update a decision request of the information and the at least one condition parameter; a rule calculation means for comparing the at least one condition parameter in the decision request with the condition part; and a decision result execution means if the at least one condition parameter Matching the conditional portion, the action specified by the action portion is performed for the location server.
  • the basic idea of the invention includes two aspects: a rule-based privacy control mechanism and a distributed privacy control structure.
  • rule-based privacy control introduces rule computing devices.
  • the rule computing device allows the end user to establish a rule group in the form of (target, time, region, action), so that the end user can apply to different targets based on the current time (time) and the region (reg ion). , about the same GPS position update setting action (act ion).
  • the mechanism supports fine adjustment of the GPS position, which protects the real position of the end user.
  • the distributed privacy control structure distributes a portion of the rules from the location server to the end user's mobile device, and the number of GPS location updates sent from the location server can be reduced. Therefore, by reducing the number of GPS updates from mobile devices, this mechanism can reduce the cost and location of end users in data services.
  • FIG. 1 shows a block diagram of a rule-based privacy control structure according to the present invention
  • FIG. 2 shows an example of a location information precision adjustment process
  • Figure 3 shows a flow chart of a method in accordance with an embodiment of the present invention
  • Figure 4a shows a rule management structure in accordance with an embodiment of the present invention
  • Figure 4b shows a specific calculation process in accordance with an embodiment of the present invention
  • Fig. 5 shows a functional block diagram of a location server according to an embodiment of the present invention
  • Fig. 6 shows a rule calculation process performed by a mobile terminal according to the present invention. detailed description
  • Figure 1 illustrates a rule based privacy control structure in accordance with one embodiment of the present invention.
  • the portion to the left of the dashed line represents the workflow of a conventional public user location:
  • the mobile device 101 obtains its location from an internal GPS driver or an external GPS device, and then sends the location to the data connection via the wireless communication network to Location server 102.
  • the one or more location applications 103 have subscribed to the location server 102 for location update information and receive GPS location updates as agreed, the location application 103 sharing the location provided by the location server 102 over a public network such as the Internet. Finally, these applications perform operations based on the location received from the location server.
  • the original (ie, real) GPS location will be sent to the target application via the location server without any modification.
  • the end user can set whether to expose the real GPS location to a specific target application. And, if the end user chooses not to disclose the real GPS location, the related application cannot obtain the location of the user until he/ She then manually resets the initial settings.
  • Rule computing device 105 is coupled to and interacts with location server 102.
  • the rule database 104 stores a predefined rule template, which may be a standard form including a quaternion parameter set (target, time, region, action), which is preset by the network administrator.
  • User data storage 106 is used to store rules pre-set by the user, which in the embodiment according to the invention is preferably a user data database.
  • the user interface 107 is typically a web-based graphical user interface (GUI) that allows the user to enter rules parameters.
  • GUI graphical user interface
  • the rules computing device 105 may exist as part of the location server 102, which may also be a physically separate component.
  • the two databases 104 and 106 are shown in the figure. Actually, according to the specific implementation environment, the two databases can also be combined into one to store the hidden and exposed rules preset by the user.
  • the rules may be a collection of (target, time, region, action). Users can set a set of rules at different times for different targets in advance.
  • the calculation or comparison of rules can be performed in a programming language similar to the "if-then" conditional control: If (target is A, time is within B and GPS location update in region C) then act ion D.
  • the target represents a location-based target application, and the application requests to obtain location information of the terminal user. It can be a specific application, and it can also represent "all" applications when it is necessary to set a rule for all possible target applications.
  • Time indicates the period of time when the rule is implemented. It can include a specific time of year, month, day, and day, or it can be a type of day (for example, weekdays, weekends, mondays) Saturday, Sunday, etc.). Time can be set manually by the user via a device such as a user interface, or can be entered by other applications (eg, a soft Out look).
  • the t ime parameter used in the rule can be further extended to context, which represents the current environment, timetable, activity, and even the user's emotions.
  • Context can be defined as a combination of different input parameters (ie, end user's schedule, activity).
  • reg ions can be of any shape. However, for ease of calculation, the reg ion is preferably rectangular or circular.
  • the end user may or may not want the application to find or track his/her location within the location area. An obvious example is that end users don't want to let others know their location information near their home.
  • Hide If the end user wishes to hide the target application at the current time and location, the GPS location will not be sent to the target application.
  • Expose ( error ): If the end user chooses to expose his or her location information to the target application at the current time and location, the GPS location will be sent to the target application.
  • Figure 2 shows an example of a precision adjustment process.
  • the GPS real position is in the region with the center point cl and the error radius rl.
  • the new center point will move a distance from cl (the distance is 0 to the error value), and the radius to be exposed will become the sum of error and the actual error radius rl. Therefore, it can be seen that the adjustment process causes the resulting position to still cover the real position, but with an adjusted center point and a larger margin of error, that is, the position information provided to the target application is "fuzzy".
  • step 301 the mobile terminal 101 equipped with a GPS circuit or an external GPS device transmits GPS location update information to the location server 102.
  • the GPS-equipped mobile terminal transmits the GPS location update to the location server in a conventional manner, i.e., does not hide any GPS location updates.
  • the location server 102 does not pass the GPS location update directly to the particular location application as is conventional, but sends a decision request to the rule computing device 105, ie, "hidden” or "exposure” the GPS to a particular target application.
  • the decision request should include the parameters required for the decision: GPS location information, target application identification, current time (ie, the time the request was sent). How to obtain these parameters is well known to those skilled in the art and will not be described again in order to avoid unnecessarily obscuring the present invention.
  • the rule calculation means 105 performs rule calculation (rule comparison). It should be noted here that the rules of comparison have been previously input by the user through the user interface 107 of FIG. 1 and stored in the user data storage device 106. In the embodiment of the present invention, the rules stored in the user data storage device 106 may be Use the four-tuple form of (target, t ime , reg ion, ac t ion ).
  • the rule computing device compares the GPS location information, the target application identifier, and the current time contained therein with the rules stored in the user data storage device 106, when the values fall within the corresponding rule range Then, the result corresponding to the rule is executed, that is, the GPS location information is hidden or exposed, and the location information is exposed with the accuracy when the GPS location information is selected to be exposed.
  • the specific rule calculation method will give a more specific implementation in Figure 4b.
  • step 304 if the decision result given by the rule calculation device is "Hide", this means that the end user wishes to apply to the target at the current time and location. Hide your location. In this case, the location server does not send GPS location updates to specific target applications. As shown in step 305.
  • the decision result is not "Hide”, it is "Expose”, which means that the end user chooses to send the GPS location to the target application at the current time and location.
  • the rule computing device will also continue to query the relevant precision settings.
  • the error parameter is set, which controls how accurate the GPS position from the end user is sent to the target application.
  • step 306 it is determined whether the error is 0:
  • the precision adjustment process here can be completely combined with the example given in Figure 2.
  • the GPS real position is in the area with the center point cl and the error radius rl.
  • the user can set the error value to 200 meters in advance, and the new center point will be removed from cl by a distance from 0 to 200 meters, and the radius to be exposed will become rl + 200 meters. Therefore, it can be seen that the adjustment process causes the resulting position to still cover the real position, but with an adjusted center point and a larger margin of error, that is, the position information provided to the target application is "fuzzy".
  • the location disclosed to the target application can be closely related to the user's environment (current time, current GPS location, etc.). End users can preset a set of rules for location disclosure preferences: based on their current environment, whether and how to expose the current actual location. The privacy control mechanism will then automatically adjust the open location without manual intervention.
  • conditional control parameters used for comparison need not be a combination of target , ime and reg ion , or any of these three or envision other parameters, such as the context parameter mentioned above.
  • rule parameters can also be called condition control parameters.
  • Example 1 With target as the rule parameter, the mobile terminal user can apply the target setting rule for different targets in advance. For example, for a target like emergency response or emergency rescue, the exposure of the real GPS position is set. For emergency rescue, of course, the location information is more The more accurate it is. For applications such as location-based advertising, you can choose to expose location information with a "fuzzy" precision. You can set up such a set of rules like this:
  • the mobile terminal user can set rules for different time periods in advance, for example, for location-based advertisements, it can be set to expose location information on a working day with an accuracy of, for example, 100 meters, and hide GPS location information on weekends.
  • the rule calculation means can perform a rule comparison using different methods to determine the rule result, that is, hide or expose (error).
  • Figures 4a and 4b show an embodiment of a rule comparison device for performing a rule comparison.
  • Figure 4a shows the rule management structure used in this example, and
  • Figure 4b shows the specific calculation process. It can be seen that this is a calculation method for using ( target, time, region, act ion ) as the standard ' J .
  • step 401 all rules are extracted for the target from the hide rule hash, step 401.
  • the purpose of steps 402, 403, and 404 is to check whether the current time and position match the preset rules one by one, and if it matches, execute step 405, that is, stop and return "hide".
  • FIG. 5 is a block diagram showing the structure of a location server in accordance with one embodiment of the present invention.
  • location server 102 includes means 506 for receiving GPS location information from a mobile terminal and means 507 for providing said GPS location information to a target application.
  • the location server 102 also includes the following devices:
  • the rule 'J may be a (target , t ime , reg ion, act ion ) quaternary, where target , t ime , reg ion is a conditional part of the rule 'J, act
  • the ion is the action part, and the actions specified in the action part include hide and expose (error), that is, the position information of the mobile terminal is not exposed, and the position information of the mobile terminal is exposed "blurredly" with the error amount of error.
  • the conditional part may include only one of target, t ime, reg ion, or a combination of any two.
  • a parameter input device 508 which is an interface for inputting current condition parameters.
  • the condition parameter is an identification target of the target application requesting GPS location information, a current time t ime, and a region or region in which the mobile terminal moves;
  • - decision request generating means 502 for receiving GPS location information from the mobile terminal, generating a decision request including the GPS location information and condition parameters for providing to the rule calculation means 503;
  • the decision result execution means 504 if at least one condition parameter matches the condition part, performs the action specified by the action part.
  • the calculation of the rule can be done in a programming language similar to the "if ... then" conditional control: If ( target is A, t ime is wi thin B and GPS locat ion update in reg ion C ) then act ion D
  • the decision result execution means 504 will perform a specific decision result action. For example, if the result is hide, no GPS location information is sent to the target app.
  • the mobile terminal transmits the GPS location update to the location server whenever there is a GPS location update from the GPS device. Therefore, the more location update information, the higher the computational cost of the location server. In addition, the more updates are sent to the location server, the larger the amount of data generated by the mobile terminal, and the greater the overhead of the terminal user. Therefore, if the number of GPS location updates issued from the mobile terminal is reduced, the cost of the end user and the location server will be reduced.
  • One of the most straightforward optimizations sends update information to the location server only when the current GPS location leaves the previous location a certain distance (for example, 50 meters or 100 meters).
  • a part of the "hidden” rule can be provided to the mobile terminal.
  • the mobile terminal does not have to send the GPS location to the location server at all if the "hidden” condition is satisfied. Update, thereby reducing The number of GPS location updates that need to be sent to the location server.
  • Figure 6 is a diagram showing a rule calculation process performed by a mobile terminal in the privacy control mechanism according to the present invention, in accordance with the present invention.
  • the end user can set the following rules:
  • the first rule shows that for Appl, if the time is On Saturday, when the user's moving area is in a circular area with a latitude of 10.0 and a longitude of 1.00 and a radius of 100. 0 meters, it is not necessary to transmit any GPS location update information from the mobile terminal to the location server.
  • the second rule shows that, for the application App2, if the time is on the weekend, when the user's moving area is in a circular area with a latitude of 10. 0, a longitude of 1.0, and a radius of 200. 0 meters, it is not necessary. Any GPS location update information is sent from the mobile terminal to the location server.
  • two points xl , yl ), ( x2 , y2 ) can be defined.
  • step 601 the mobile terminal receives the GPS location update; in step 602, a decision request is sent to the rule computing device, the decision request including GPS location information and at least one condition parameter, in this example, the at least one condition parameter Is the target application identifier, the current time, and the mobile area; in step 603, the rule computing device compares the target application identifier, the current time, and the mobile area included in the decision request with the rules stored in the user data storage device 106; The rule calculation means determines whether the condition parameters match, that is, whether the "Hide" condition is satisfied; if it matches, the mobile terminal does not send the GPS location update to the location server, as shown in step 605.
  • the mobile terminal transmits a GPS location to the target application, as shown in step 606. Improvements in the mobile terminal given by the method of the present invention can reduce the number of location update messages and reduce the processing overhead of the location server. Of course, the client software on the mobile terminal must know the "hidden” related rules (for example, by downloading, etc.).
  • the GPS-equipped mobile terminal processes some GPS location information "on its own” according to the corresponding rules, that is, selectively hides some GPS information, and the related calculation does not increase the burden on the user terminal.
  • the rule mechanism adopted by the mobile terminal can be similar to the rule mechanism of the location server.
  • the hidden rules on the mobile terminal are derived from the selection and derivation of the user's hidden rules stored in the location server.
  • the mobile terminal according to the present invention may logically include functional modules similar to those in the location server 102, except that the rule calculation method performed therein is simpler. Therefore, the functional block diagram of the mobile terminal is no longer drawn separately.
  • the GPS position update information is taken as an example of the position update information, but the present invention is not limited thereto.
  • the privacy protection mechanism of the present invention is applicable to methods and apparatus for processing any type of location information.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Position Fixing By Use Of Radio Waves (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A method for processing location information on location server, the method includes that a location updating information is received from a mobile terminal and a target requests the location updating information from the location server. The method also includes that: at least one rule is pre-saved for the mobile terminal, and at least one rule comprises a condition part and an action part; a decision request which comprises the location updating information and at least one condition parameter is created when the location updating information is received from the mobile terminal; at least one condition parameter in the decision request is compared with the condition part; and if at least one condition parameter matches the condition part, the action prescribed by the action part is executed for the target. A location server and a mobile terminal which execute the location information processing are provided in the invention.

Description

实现用户位置信息私密性保护的方法和相关设备 技术领域  Method and related device for realizing user location information privacy protection
本发明涉及通信网络中用户的位置信息的处理, 尤其涉及对用户 的位置信息进行保护的位置服务器、 移动终端和相关方法。 背景技术  The present invention relates to the processing of location information of users in a communication network, and more particularly to location servers, mobile terminals and related methods for protecting location information of users. Background technique
当前, 配备了 GPS的手机以较低价格大量进入市场。 根据 2008年 ABI研究机构的报告, 2012年具有 GPS功能的手机的出货量将超过 5 亿 5 千万台。 另外, 主要的智能移动电话操作系统, 例如 Symbian, Windows Mobi le和 Android,都已经做好了使用 GPS 的准备。 这种趋 势对基于位置的服务( LBS )的发展起到了巨大的促进作用, 基于位置 的服务的常见例子有个人导航、 紧急响应、 基于位置的游戏、 基于位 置的广告、 交友等等。  Currently, mobile phones equipped with GPS enter the market at a lower price. According to a report by the ABI Research Institute in 2008, shipments of GPS-enabled mobile phones will exceed 550 million units in 2012. In addition, major smart phone operating systems, such as Symbian, Windows Mobi le and Android, are ready to use GPS. This trend has greatly contributed to the development of location-based services (LBS). Common examples of location-based services are personal navigation, emergency response, location-based games, location-based advertising, dating, and more.
通常, 有两种具有 GPS功能的 LBS位置消耗模式: 自己使用和公 共使用。 个人导航是 GPS位置在移动设备中自己使用 (即, 本地消耗) 的典型情况。 然而对于许多其他 LBS来说, GPS位置是公共使用的: 移动设备通常向位置服务器的特定部件发送位置更新, 接着 LBS将消 耗位置并执行适当动作。  In general, there are two GPS-enabled LBS location consumption modes: self-use and public use. Personal navigation is a typical case where GPS locations are used by themselves (ie, locally consumed) in mobile devices. However, for many other LBSs, the GPS location is commonly used: The mobile device typically sends a location update to a particular component of the location server, and then the LBS will consume the location and perform the appropriate action.
位置服务器的一个关键问题是如何保护终端用户的私密性, 因为 位置是终端用户的私有信息。 当把用户位置向未授权的实体公开时, 会带来负面的影响。 特别地, GPS 是当前确定用户位置的最精确的定 位技术。 因此, 对于位置服务器来说, 对 GPS位置实施强大而且灵活 的私密性控制是尤其重要的。  A key issue with location servers is how to protect the privacy of end users because location is private information for end users. When a user's location is disclosed to an unauthorized entity, it can have a negative impact. In particular, GPS is the most accurate positioning technique currently used to determine the position of a user. Therefore, for location servers, it is especially important to implement strong and flexible privacy controls for GPS locations.
来自标准化组织和不同设备供应商的位置服务器中, 有一些对用 户位置的私密性保护的解决方案。 其中最著名的是来自开放移动联盟 ( OMA )的私密性检查协议( PCP )以及来自雅虎( Yahoo )的 Fi reEag l e。 PCP定义了在一般的移动位置服务( MLS )结构中,位置服务器( LS ) 和位置私密性检查实体(PCE )之间使用的协议。 PCE实施位置访问控 制判决和虚拟 ID/真实 ID互相映射( pseudonym/ver inym mediat ion )。 然而,这些规范只关注协议而并未定义关于如何实施 PCE的任何细节。 此外, PCE是针对一般的位置而不是 GPS位置设计的。 In location servers from standardization organizations and different equipment vendors, there are some solutions to the privacy protection of user locations. The most famous of these is the Open Mobile Alliance. (OMA) Privacy Check Protocol (PCP) and Fi reEag le from Yahoo. The PCP defines the protocol used between the Location Server (LS) and the Location Privacy Checking Entity (PCE) in a generic Mobile Location Services (MLS) architecture. The PCE implements a location access control decision and a virtual ID/real ID mutual mapping (pseudonym/ver inym mediat ion). However, these specifications only focus on the protocol and do not define any details on how to implement the PCE. In addition, the PCE is designed for general location rather than GPS location.
来自 Yahoo的 Fi reEag le平台没有提供位置许可机制, 这种机制 允许用户对不同应用配置位置精度等级。精度等级来自于准确位置(例 如, GPS 位置和详细的实际地址)、 邮政编码、 相邻 /本地区域、 大城 市、 县、 国家。 然而, 如果终端用户只提供 GPS位置, 则没有办法进 一步调整精密度。 除此之外, 来自 FireEag le的位置精度与规则无关, 不能基于终端用户的当前时间和位置调整位置精度。 因此, 这种模型 对于用于调整他们的 GPS位置来说不够强大和灵活。 发明内容  The Fi reEag le platform from Yahoo does not provide a location licensing mechanism that allows users to configure location accuracy levels for different applications. The accuracy level comes from the exact location (for example, GPS location and detailed physical address), zip code, adjacent/local area, metropolitan area, county, country. However, if the end user only provides the GPS position, there is no way to adjust the precision further. In addition, the positional accuracy from FireEagle is independent of the rules and cannot be adjusted based on the current time and position of the end user. Therefore, this model is not powerful and flexible for adjusting their GPS position. Summary of the invention
本发明的目的在于提出一种基于规则的位置信息私密性控制机 制, 该机制可应用于位置服务器并且使得终端用户能够:  It is an object of the present invention to provide a rule based location information privacy control mechanism that can be applied to a location server and enables an end user to:
-基于当前时间和位置, 配置位置信息对于不同应用是否可见; -基于当前时间和位置, 调整可见位置信息对不同应用的精度; 以及  - Configuring location information for different applications based on current time and location; - adjusting the accuracy of visible location information for different applications based on current time and location;
-通过分布式的私密性控制结构, 降低终端用户的成本和位置服 务器的计算成本。  - Reduce the cost of end users and the computational cost of location servers through a distributed privacy control structure.
为实现以上目的, 本发明提出一种在位置服务器上处理位置信息 的方法, 该方法包括从移动终端接收位置更新信息以及目标应用向所 述位置服务器请求所述位置更新信息, 其特征在于, 该方法还包括: 针对所述移动终端预先存储至少一个规则, 所述至少一个规则包括条 件部分和动作部分; 当从所述移动终端接收位置更新信息时, 生成包 括所述位置更新信息和至少一个条件参数的决策请求; 将所述决策请 求中的所述至少一个条件参数与所述条件部分相比较; 以及如果所述 至少一个条件参数与所述条件部分匹配, 则针对所述目标应用执行所 述动作部分规定的动作。 To achieve the above object, the present invention provides a method of processing location information on a location server, the method comprising receiving location update information from a mobile terminal and requesting, by the target application, the location update information from the location server, wherein The method further includes: pre-storing at least one rule for the mobile terminal, the at least one rule including a condition part and an action part; generating a package when receiving location update information from the mobile terminal a decision request including the location update information and the at least one condition parameter; comparing the at least one condition parameter in the decision request with the condition portion; and if the at least one condition parameter matches the condition portion And executing the action specified in the action part for the target application.
在才艮据本发明的优选实施例中,所述条件部分是目标应用的标识、 时间段、 移动区域中的至少一个, 并且, 在所述条件部分是目标应用 的标识的情况下, 所述至少一个条件参数是向所述位置服务器请求所 述 GPS位置信息的目标应用的标识; 在所述条件部分是时间段的情况 下, 所述至少一个条件参数是从所述移动终端接收 GPS位置信息的当 前时间; 以及, 在所述条件部分是移动区域的情况下, 所述至少一个 条件参数是所述移动终端的移动区域。  In a preferred embodiment according to the present invention, the condition part is at least one of an identifier, a time period, and a moving area of the target application, and in a case where the condition part is an identifier of the target application, At least one condition parameter is an identifier of a target application requesting the GPS location information from the location server; where the condition portion is a time period, the at least one condition parameter is receiving GPS location information from the mobile terminal The current time; and, in the case where the condition portion is a mobile area, the at least one condition parameter is a mobile area of the mobile terminal.
另外, 本发明还提出一种通信网络中使用的位置服务器, 包括用 于从移动终端接收位置更新信息的装置以及向目标应用提供所述位置 更新信息的装置, 其特征在于, 该位置服务器进一步包括: 用户数据 存储装置, 用于针对所述移动终端预先存储至少一个规则, 所述至少 一个规则包括条件部分和动作部分; 决策请求生成装置, 用于从所述 移动终端接收位置更新信息时, 生成包括所述位置更新信息和至少一 个条件参数的决策请求; 规则计算装置, 用于将所述决策请求中的所 述至少一个条件参数与所述条件部分相比较; 以及决策结果执行装置, 如果所述至少一个条件参数与所述条件部分匹配, 则针对所述目标应 用执行所述动作部分规定的动作。  In addition, the present invention also provides a location server for use in a communication network, comprising: means for receiving location update information from a mobile terminal; and means for providing the location update information to the target application, wherein the location server further comprises And a user data storage device, configured to pre-store at least one rule for the mobile terminal, where the at least one rule includes a condition part and an action part; and the decision request generating apparatus is configured to generate, when receiving the location update information from the mobile terminal, a decision request including the location update information and the at least one condition parameter; a rule calculation device, configured to compare the at least one condition parameter in the decision request with the condition portion; and a decision result execution device, if The at least one condition parameter is matched with the condition portion, and the action specified by the action portion is performed for the target application.
本发明还涉及一种在移动终端上处理位置信息的方法, 包括从定 位装置接收位置更新信息以及向位置服务器发送所述位置更新信息, 其特征在于, 该方法进一步包括: 针对所述移动终端预先存储至少一 个规则, 所述至少一个规则包括条件部分和动作部分; 接收所述位置 更新信息时, 生成包括所述位置更新信息和至少一个条件参数的决策 请求; 将所述决策请求中的所述至少一个条件参数与所述条件部分相 比较; 以及, 如果所述至少一个条件参数与所述条件部分匹配, 则针 对所述位置服务器执行所述动作部分规定的动作。 The present invention also relates to a method of processing location information on a mobile terminal, comprising receiving location update information from a location device and transmitting the location update information to a location server, wherein the method further comprises: pre-targeting the mobile terminal Storing at least one rule, the at least one rule including a condition part and an action part; and when receiving the location update information, generating a decision request including the location update information and the at least one condition parameter; At least one condition parameter is associated with the condition portion Comparing; and, if the at least one condition parameter matches the conditional portion, performing an action specified by the action portion for the location server.
在根据本发明的优选实施例中, 所述动作部分规定的动作是抑制 向所述位置服务器发送所述位置更新信息。  In a preferred embodiment in accordance with the present invention, the action specified by the action portion is to inhibit transmission of the location update information to the location server.
本发明还涉及一种配备定位功能的移动终端, 包括从定位装置接 收位置更新信息的装置以及向位置服务器提供所述位置更新信息的装 置, 其特征在于, 该移动终端还包括: 用户数据存储装置, 用于针对 所述移动终端预先存储至少一个规则, 所述至少一个规则包括条件部 分和动作部分; 决策请求生成装置, 用于从所述定位装置接收位置更 新信息时, 生成包括所述位置更新信息和至少一个条件参数的决策请 求; 规则计算装置, 用于将所述决策请求中的所述至少一个条件参数 与所述条件部分相比较; 以及决策结果执行装置, 如果所述至少一个 条件参数与所述条件部分匹配, 则针对所述位置服务器执行所述动作 部分规定的动作。  The present invention also relates to a mobile terminal equipped with a positioning function, comprising: means for receiving location update information from a positioning device; and means for providing the location update information to the location server, wherein the mobile terminal further comprises: a user data storage device And at least one rule is pre-stored for the mobile terminal, where the at least one rule includes a condition part and an action part; and the decision request generating means is configured to: when the location update information is received from the positioning apparatus, generate the location update a decision request of the information and the at least one condition parameter; a rule calculation means for comparing the at least one condition parameter in the decision request with the condition part; and a decision result execution means if the at least one condition parameter Matching the conditional portion, the action specified by the action portion is performed for the location server.
本发明的基本思想包括两个方面: 基于规则的私密性控制机制和 分布式私密性控制结构。  The basic idea of the invention includes two aspects: a rule-based privacy control mechanism and a distributed privacy control structure.
在对来自移动设备的 GPS位置更新的处理中, 基于规则的私密性 控制引入了规则计算装置。 该规则计算装置允许终端用户建立以 (目 标, 时间, 区域, 动作) 为形式的规则组, 这样终端用户可以基于当 前时间 ( t ime )和区域( reg ion ), 对不同的目标应用 (target ), 关 于同一 GPS位置更新设置不同的动作(act ion )。 除此之外, 当动作是 "暴露" 时, 该机制支持对 GPS位置的精密调节, 这可以保护终端用 户的真实位置。  In the process of updating GPS locations from mobile devices, rule-based privacy control introduces rule computing devices. The rule computing device allows the end user to establish a rule group in the form of (target, time, region, action), so that the end user can apply to different targets based on the current time (time) and the region (reg ion). , about the same GPS position update setting action (act ion). In addition, when the action is "exposed", the mechanism supports fine adjustment of the GPS position, which protects the real position of the end user.
使用移动设备的计算性能, 分布式私密性控制结构将一部分规则 从位置服务器分发给终端用户的移动设备, 并且从位置服务器发送的 GPS 位置更新的数量可以减少。 因此, 通过减少来自移动设备的 GPS 更新的数量, 该机制可以降低终端用户在数据业务方面的成本和位置 服务器的计算成本。 附图说明 Using the computing performance of the mobile device, the distributed privacy control structure distributes a portion of the rules from the location server to the end user's mobile device, and the number of GPS location updates sent from the location server can be reduced. Therefore, by reducing the number of GPS updates from mobile devices, this mechanism can reduce the cost and location of end users in data services. The computing cost of the server. DRAWINGS
通过参考以下结合附图的说明, 本发明的其他目的及优点将变得 更加清楚和易于理解, 在附图中:  Other objects and advantages of the present invention will become more apparent and appreciated from the description of the appended claims appended claims
图 1示出了根据本发明的基于规则的私密性控制结构框图; 图 2给出了位置信息精度调整过程的例子;  1 shows a block diagram of a rule-based privacy control structure according to the present invention; FIG. 2 shows an example of a location information precision adjustment process;
图 3示出根据本发明的实施例的方法的流程图;  Figure 3 shows a flow chart of a method in accordance with an embodiment of the present invention;
图 4a示出了根据本发明的实施例的规则管理结构, 图 4b给出了 根据本发明的实施例的具体计算过程;  Figure 4a shows a rule management structure in accordance with an embodiment of the present invention, and Figure 4b shows a specific calculation process in accordance with an embodiment of the present invention;
图 5示出根据本发明的实施例的位置服务器的功能结构框图; 图 6示出根据本发明的移动终端执行的规则计算过程。 具体实施方式  Fig. 5 shows a functional block diagram of a location server according to an embodiment of the present invention; Fig. 6 shows a rule calculation process performed by a mobile terminal according to the present invention. detailed description
图 1示出了根据本发明的一个实施例的基于规则的私密性控制结 构。 在图 1中, 虚线左侧的部分表示传统的公开用户位置的工作流程: 移动设备 101从内部的 GPS驱动器或者外部的 GPS装置获得其位置, 然后将该位置经由无线通信网络的数据连接发送到位置服务器 102。 一个或多个位置应用 103已经向位置服务器 102预订了位置更新信息 并且按照约定接收 GPS位置更新, 位置应用 103通过诸如因特网的公 共网络共享位置服务器 102提供的所述位置。 最后, 这些应用基于从 位置服务器接收的位置执行操作。  Figure 1 illustrates a rule based privacy control structure in accordance with one embodiment of the present invention. In Figure 1, the portion to the left of the dashed line represents the workflow of a conventional public user location: The mobile device 101 obtains its location from an internal GPS driver or an external GPS device, and then sends the location to the data connection via the wireless communication network to Location server 102. The one or more location applications 103 have subscribed to the location server 102 for location update information and receive GPS location updates as agreed, the location application 103 sharing the location provided by the location server 102 over a public network such as the Internet. Finally, these applications perform operations based on the location received from the location server.
在这样的工作流程中, 原始的 (即真实的) GPS 位置将不加任何 修改地经由位置服务器发送给目标应用。 当然, 在类似 Yahoo Fi reEag l e 的基本私密性控制机制的支持下, 终端用户可以设置是否 向特定目标应用公开真实的 GPS位置。 并且, 如果终端用户选择不公 开真实的 GPS 位置, 则相关应用就不能获得该用户的位置, 直到他 / 她随后人工地重设初始设置。 In such a workflow, the original (ie, real) GPS location will be sent to the target application via the location server without any modification. Of course, with the support of the basic privacy control mechanism like Yahoo Fi reEag le, the end user can set whether to expose the real GPS location to a specific target application. And, if the end user chooses not to disclose the real GPS location, the related application cannot obtain the location of the user until he/ She then manually resets the initial settings.
虚线右侧的部分表示在传统结构基础上引入的本发明的基于规则 的私密性控制。规则计算装置 105耦合到位置服务器 102并与之交互。 规则数据库 104存储预先定义的规则模板, 该模板可以是一个包括四 元参数组(target, time, region, action ) 的标准形式, 由网络管 理人员预先设置。 用户数据存储装置 106用于存储用户预先设置的规 则, 在根据本发明的实施例中, 该装置优选地是一个用户数据数据库。 用户接口 107典型地是基于 web的图形用户界面 (GUI), 使得用户可 以输入规则参数。 一般情况下, 当用户存储装置 106输入的数据格式 不符合规则数据库 104存储的 ( target, time, region, action)标 准模板时, 系统会提示用户重新输入。  The portion to the right of the broken line indicates the rule-based privacy control of the present invention introduced on the basis of the conventional structure. Rule computing device 105 is coupled to and interacts with location server 102. The rule database 104 stores a predefined rule template, which may be a standard form including a quaternion parameter set (target, time, region, action), which is preset by the network administrator. User data storage 106 is used to store rules pre-set by the user, which in the embodiment according to the invention is preferably a user data database. The user interface 107 is typically a web-based graphical user interface (GUI) that allows the user to enter rules parameters. In general, when the data format input by the user storage device 106 does not conform to the (target, time, region, action) standard template stored in the rule database 104, the system prompts the user to re-enter.
应当注意的是, 图 1给出的结构只是说明性的。规则计算装置 105 可以作为位置服务器 102的一部分而存在, 它也可以是一个物理上独 立存在的部件。 图中示出了两个数据库 104和 106, 实际上才艮据具体 实施环境, 这两个数据库也可以合并为一个, 用于存储用户预先设置 的隐藏、 暴露规则。  It should be noted that the structure shown in Figure 1 is merely illustrative. The rules computing device 105 may exist as part of the location server 102, which may also be a physically separate component. The two databases 104 and 106 are shown in the figure. Actually, according to the specific implementation environment, the two databases can also be combined into one to store the hidden and exposed rules preset by the user.
在本发明的优选实施例中, 规则可以是( target, time, region, action) 的集合。 用户可以预先对不同 target在不同的 time设置一 组规则。 在本发明的规则计算装置中, 规则的计算或者说比较可以采 用类似于 "if- then..." 条件控制的编程语言进行: If ( target is A, time is within B and GPS location update in region C ) then act ion D。  In a preferred embodiment of the invention, the rules may be a collection of (target, time, region, action). Users can set a set of rules at different times for different targets in advance. In the rule computing device of the present invention, the calculation or comparison of rules can be performed in a programming language similar to the "if-then..." conditional control: If (target is A, time is within B and GPS location update in region C) then act ion D.
其中, target表示基于位置的目标应用, 该应用请求获得终端用 户的位置信息。 它可以是一个特定的应用, 在有必要为所有可能的目 标应用设置一个规则时, 它也可以表示 "所有" 应用。  Wherein, the target represents a location-based target application, and the application requests to obtain location information of the terminal user. It can be a specific application, and it can also represent "all" applications when it is necessary to set a rule for all possible target applications.
Time表示实施规则的一段时间。 它可以包括年、 月、 日和一天中 的特定时间, 也可以是一类日子(例如, 工作日、 周末、 星期一 星期六、 星期天, 等等)。 Time 可由用户通过例如用户接口的装置手 动设置, 也可以由其他应用 (例如, 敖软的 Out look )输入。 Time indicates the period of time when the rule is implemented. It can include a specific time of year, month, day, and day, or it can be a type of day (for example, weekdays, weekends, mondays) Saturday, Sunday, etc.). Time can be set manually by the user via a device such as a user interface, or can be entered by other applications (eg, a soft Out look).
另外, 在规则中使用的 t ime参数可以进一步扩展为 context (背 景), context表示当前环境、时间表、活动、甚至用户的情绪。 Context 可以定义为不同输入参数(即, 终端用户的时间表、 活动) 的组合。 此外, 对于许多 context输入参数, 应当有可以使得规则计算装置获 取参数的当前值的接口。  In addition, the t ime parameter used in the rule can be further extended to context, which represents the current environment, timetable, activity, and even the user's emotions. Context can be defined as a combination of different input parameters (ie, end user's schedule, activity). In addition, for many context input parameters, there should be an interface that allows the rule computing device to obtain the current value of the parameter.
Reg ion由终端用户设置。 一般来说, reg ion可以为任意形状。 但 是, 为了计算的简便, reg ion优选地是矩形或圆形。 终端用户可以或 不必希望应用在该位置区域内查找或追踪他 /她的位置。一个明显的例 子是终端用户不希望在自己家附近让别人知道自己的位置信息。  Region is set by the end user. In general, reg ions can be of any shape. However, for ease of calculation, the reg ion is preferably rectangular or circular. The end user may or may not want the application to find or track his/her location within the location area. An obvious example is that end users don't want to let others know their location information near their home.
有两种类型的规则输出,即 act ion结果: Hide和 Expose( error )。 There are two types of rule output, the act ion result: Hide and Expose( error ).
Hide: 如果终端用户希望在当前时间和位置对目标应用隐藏, 则 GPS位置将不发送给目标应用。 Hide: If the end user wishes to hide the target application at the current time and location, the GPS location will not be sent to the target application.
Expose ( error ): 如果终端用户选择在当前时间和位置向目标应 用暴露自己的位置信息, 则 GPS位置将发送给目标应用。  Expose ( error ): If the end user chooses to expose his or her location information to the target application at the current time and location, the GPS location will be sent to the target application.
( 1 )如果 error = 0, 则 GPS位置将无修改地发送给目标应用; ( 2 )如果 error>0, 则 GPS位置将在公布之前进行调整。  (1) If error = 0, the GPS position will be sent to the target application without modification; (2) If error>0, the GPS position will be adjusted before publication.
图 2给出了一个精度调整过程的例子。 在图 2 中, GPS真实位置 是在具有中心点 cl和误差半径 rl的区域。新的中心点将从 cl移开一 段距离(该距离为 0到 error值), 要暴露的半径将变为 error与实际 误差半径 rl的和。 因此, 可以看出, 调整过程使得最后得到的位置依 旧覆盖真实位置, 但是具有调整了的中心点和更大的误差范围, 也就 是说, 提供给目标应用的是 "模糊" 的位置信息。  Figure 2 shows an example of a precision adjustment process. In Figure 2, the GPS real position is in the region with the center point cl and the error radius rl. The new center point will move a distance from cl (the distance is 0 to the error value), and the radius to be exposed will become the sum of error and the actual error radius rl. Therefore, it can be seen that the adjustment process causes the resulting position to still cover the real position, but with an adjusted center point and a larger margin of error, that is, the position information provided to the target application is "fuzzy".
需要注意的是, 以上规则可以使用在位置服务器或者移动终端中, 优选地, 只为移动终端设置一套 hide规则, 而将大部分计算交由位置 服务器来完成。 图 3示出根据本发明的位置服务器处理 GPS位置信息的流程图。 首先, 在步骤 301 , 配备了 GPS电路或外部 GPS装置的移动终端 101向位置服务器 102发送 GPS位置更新信息。 It should be noted that the above rules may be used in a location server or a mobile terminal. Preferably, only one set of hide rules is set for the mobile terminal, and most of the calculations are performed by the location server. 3 is a flow chart showing the processing of GPS location information by a location server in accordance with the present invention. First, in step 301, the mobile terminal 101 equipped with a GPS circuit or an external GPS device transmits GPS location update information to the location server 102.
在该方法的步骤 301中, 配备了 GPS功能的移动终端按照传统方 式向位置服务器发送 GPS位置更新, 即不隐藏任何 GPS位置更新。  In step 301 of the method, the GPS-equipped mobile terminal transmits the GPS location update to the location server in a conventional manner, i.e., does not hide any GPS location updates.
在步骤 302中, 位置服务器 102并不向传统的那样将 GPS位置更 新直接传递给特定的位置应用, 而是向规则计算装置 105发送决策请 求, 即向特定目标应用 "隐藏" 还是 "暴露" GPS 位置更新? 以及在 需要向特定目标应用 "暴露" GPS 位置更新的情况下, 以怎样的精度 来暴露位置信息? 决策请求中应当包括判定需要的参数: GPS 位置信 息、 目标应用标识、 当前时间 (即该请求的发送时间)。 如何获得这些 参数是本领域技术人员所公知的, 在此不再赘述, 以免不必要地模糊 本发明。  In step 302, the location server 102 does not pass the GPS location update directly to the particular location application as is conventional, but sends a decision request to the rule computing device 105, ie, "hidden" or "exposure" the GPS to a particular target application. Location update? And what accuracy is used to expose location information when an "exposed" GPS location update needs to be applied to a specific target? The decision request should include the parameters required for the decision: GPS location information, target application identification, current time (ie, the time the request was sent). How to obtain these parameters is well known to those skilled in the art and will not be described again in order to avoid unnecessarily obscuring the present invention.
在步骤 303中, 规则计算装置 105进行规则计算(规则比较)。 这 里需要说明的是,比较的规则已经预先由用户通过图 1的用户接口 107 输入并存储在用户数据存储装置 106 中, 在本发明的实施例中, 存储 在用户数据存储装置 106中的规则可以采用 (target , t ime , reg ion, ac t ion ) 的四元组形式。 根据从位置服务器提供的决策请求中, 规则 计算装置将其中包含的 GPS位置信息、 目标应用标识、 当前时间与用 户数据存储装置 106 中存储的规则进行比较, 当这些数值落在相应规 则范围内时, 则执行该规则对应的结果 act i on, 即隐藏还是暴露 GPS 位置信息, 以及在选择暴露 GPS位置信息的情况下, 以什么样的精度 来暴露位置信息。具体的规则计算方法将在图 4b中给出更具体的实施 在步骤 304中, 如果规则计算装置给出的决策结果为 "H ide" , 这 意味着终端用户在当前时间和位置希望向目标应用隐藏自己的位置信 息。 在这种情况下, 位置服务器不向特定目标应用发送 GPS位置更新, 如步骤 305所示。 In step 303, the rule calculation means 105 performs rule calculation (rule comparison). It should be noted here that the rules of comparison have been previously input by the user through the user interface 107 of FIG. 1 and stored in the user data storage device 106. In the embodiment of the present invention, the rules stored in the user data storage device 106 may be Use the four-tuple form of (target, t ime , reg ion, ac t ion ). According to the decision request provided from the location server, the rule computing device compares the GPS location information, the target application identifier, and the current time contained therein with the rules stored in the user data storage device 106, when the values fall within the corresponding rule range Then, the result corresponding to the rule is executed, that is, the GPS location information is hidden or exposed, and the location information is exposed with the accuracy when the GPS location information is selected to be exposed. The specific rule calculation method will give a more specific implementation in Figure 4b. In step 304, if the decision result given by the rule calculation device is "Hide", this means that the end user wishes to apply to the target at the current time and location. Hide your location. In this case, the location server does not send GPS location updates to specific target applications. As shown in step 305.
如果决策结果不是 "Hide" , 即为 "Expose" , 这意味着终端用户 在当前时间和位置, 选择向目标应用发送 GPS位置。 在这种情况下, 规则计算装置还将继续查询相关的精度设置。 在本例中设置了 error 参数, 该参数控制来自终端用户的 GPS位置以怎样的精度发送给目标 应用。 在步骤 306中, 判断 error是否为 0:  If the decision result is not "Hide", it is "Expose", which means that the end user chooses to send the GPS location to the target application at the current time and location. In this case, the rule computing device will also continue to query the relevant precision settings. In this example, the error parameter is set, which controls how accurate the GPS position from the end user is sent to the target application. In step 306, it is determined whether the error is 0:
( 1 )如果 error = 0, 则 GPS位置将无修改地发送给目标应用, 如步骤 307所示;  (1) If error = 0, the GPS position will be sent to the target application without modification, as shown in step 307;
( 2 )如果 error>0, 则 GPS位置将在公布之前进行调整, 即步骤 308所示。  (2) If error>0, the GPS position will be adjusted before publication, as shown in step 308.
这里的精度调整过程完全可以采用结合图 2给出的例子。 GPS真 实位置是在具有中心点 cl 和误差半径 rl 的区域。 用户可以预先将 error值设为 200米, 新的中心点将从 cl移开从 0到 200米的一段距 离, 要暴露的半径将变为 rl + 200米。 因此, 可以看出, 调整过程使 得最后得到的位置依旧覆盖真实位置, 但是具有调整了的中心点和更 大的误差范围, 也就是说, 提供给目标应用的是 "模糊" 的位置信息。  The precision adjustment process here can be completely combined with the example given in Figure 2. The GPS real position is in the area with the center point cl and the error radius rl. The user can set the error value to 200 meters in advance, and the new center point will be removed from cl by a distance from 0 to 200 meters, and the radius to be exposed will become rl + 200 meters. Therefore, it can be seen that the adjustment process causes the resulting position to still cover the real position, but with an adjusted center point and a larger margin of error, that is, the position information provided to the target application is "fuzzy".
在根据本发明的私密性控制机制中, 公开给目标应用的位置可以 与用户的环境(当前时间、 当前 GPS位置等) 紧密相关。 终端用户可 以为位置公开偏好预设一组规则: 基于他们当前的环境, 是否以及如 何公开当前的实际位置。 该私密性控制机制于是将自动调整公开的位 置而无需人工干预。  In the privacy control mechanism according to the present invention, the location disclosed to the target application can be closely related to the user's environment (current time, current GPS location, etc.). End users can preset a set of rules for location disclosure preferences: based on their current environment, whether and how to expose the current actual location. The privacy control mechanism will then automatically adjust the open location without manual intervention.
对于本领域技术人员而言, 在理解本发明基本思想的情况下, 可 以设想不同的比较或计算方法。 用来作为比较的条件控制参数不必是 target , t ime和 reg ion三者的组合, 也可以是这三者中的任何一个 或者设想其他参数, 例如上文提到的 context参数。 在本文中, 规则 参数也可以称为条件控制参数。  For the person skilled in the art, different comparison or calculation methods can be envisaged in the context of understanding the basic idea of the invention. The conditional control parameters used for comparison need not be a combination of target , ime and reg ion , or any of these three or envision other parameters, such as the context parameter mentioned above. In this paper, rule parameters can also be called condition control parameters.
以下给出几种采用不同条件控制参数的最简单的例子: 例 1: 以 target作为规则参数, 移动终端用户可以预先针对不同 的目标应用 target 设置规则, 例如对于类似紧急响应或紧急救援的 target, 设置暴露真实 GPS位置, 对于紧急救援来说, 当然位置信息 越准确越有利。 对于诸如基于位置的广告一类的应用, 可以选择以较 "模糊" 的精度暴露位置信息。 可以这样设置这样一组规则: The simplest examples of several different control parameters are given below: Example 1: With target as the rule parameter, the mobile terminal user can apply the target setting rule for different targets in advance. For example, for a target like emergency response or emergency rescue, the exposure of the real GPS position is set. For emergency rescue, of course, the location information is more The more accurate it is. For applications such as location-based advertising, you can choose to expose location information with a "fuzzy" precision. You can set up such a set of rules like this:
If ( target is emergency response ) then expose (0)  If ( target is emergency response ) then expose (0)
If ( target is location-based service ) then expose ( 200 ) 例 2: 以 time作为规则参数  If ( target is location-based service ) then expose ( 200 ) Example 2: Using time as the rule parameter
移动终端用户可以预先针对不同的时间段设置规则, 例如对于如 基于位置的广告, 可以设置在工作日以例如 100米的精度暴露位置信 息, 而在周末隐藏 GPS位置信息, 可以这样设置这样一组规则:  The mobile terminal user can set rules for different time periods in advance, for example, for location-based advertisements, it can be set to expose location information on a working day with an accuracy of, for example, 100 meters, and hide GPS location information on weekends. Rule:
If ( time is within weekday ) then expose (100)  If ( time is within weekday ) then expose (100)
If (time is within weekend ) then hide  If (time is within weekend ) then hide
上文中提到, 在图 3的步骤 303中, 规则计算装置可以采用不同 的方法进行规则比较,以确定规则结果,即 hide还是 expose( error )。 图 4a和图 4b给出了规则计算装置进行规则比较的实施例。 图 4a示出 了本例中采用的规则管理结构, 而图 4b给出的具体的计算过程。 可以 看出, 这是针对以 ( target, time, region, act ion )作为规贝' J的一 种计算方法。  As mentioned above, in step 303 of Fig. 3, the rule calculation means can perform a rule comparison using different methods to determine the rule result, that is, hide or expose (error). Figures 4a and 4b show an embodiment of a rule comparison device for performing a rule comparison. Figure 4a shows the rule management structure used in this example, and Figure 4b shows the specific calculation process. It can be seen that this is a calculation method for using ( target, time, region, act ion ) as the standard ' J .
对于每个来自移动终端的 GPS位置更新, 可以逐个计算所有相关 的规则。 然而, 采用这样的计算方法, 当应用的数量和针对每个移动 终端和应用的规则数量增加时, 位置服务器上的规则计算负担会非常 重。实际上,规则具有可能的使用优先级以优化计算过程:采用 "hide" 动作的规则应当比采用 "Expose (error)" 的规则具有更高的优先级。 因此, 可以使用以下的规则管理和计算方法。  For each GPS location update from the mobile terminal, all relevant rules can be calculated one by one. However, with such a calculation method, when the number of applications and the number of rules for each mobile terminal and application increase, the calculation burden of the rules on the location server is very heavy. In fact, rules have a possible use priority to optimize the calculation process: rules with "hide" actions should have higher priority than rules with "Expose (error)". Therefore, the following rule management and calculation methods can be used.
在图 4a的规则管理结构中, 所有的规则都以 "mobile device ID + target" 存储到 2个散列表中。 根据规则中的 act ion, 所有的规则 都可以划分进 "Hide" 规则 和 "Expose" 规则。 In the rule management structure of Figure 4a, all rules are stored in 2 hash tables with "mobile device ID + target". According to the act ion in the rule, all the rules Can be divided into "Hide" rules and "Expose" rules.
在图 4b示出的最小完整覆盖规则算法中, 对来自 hide规则散列 表的 target提取所有规则, 即步骤 401。 步骤 402、 403、 404的目的 在于逐个地检查当前时间和位置是否与预先设置的规则匹配, 如果匹 配则执行步骤 405 , 即停止并返回 "hide"。  In the minimum complete coverage rule algorithm illustrated in Figure 4b, all rules are extracted for the target from the hide rule hash, step 401. The purpose of steps 402, 403, and 404 is to check whether the current time and position match the preset rules one by one, and if it matches, execute step 405, that is, stop and return "hide".
当不再剩余 "hide"规则, 则对来自 expose规则散列表的 target 提取所有规则, 即步骤 406。 在步骤 406 中, 为了获得最大的模糊范 围 MaxError , 预先把该值的初始值设为 0。 步骤 407中, 判断是否有 规则剩余, 如果没有, 则在步骤 408 以 (MaxError )暴露位置信息, 这种情况下, 即暴露原始 (即真实的) GPS位置信息, 因为 MaxError = 0。 如果还有规则剩余, 将检查所有包含匹配时间段的规则以获得最 大 error范围,且当规则中的 error值大于 MaxError时,将当前 error 值赋给 MaxError , 即步骤 409、 410、 411和 412所示。 采用这类算法 的最终目的是以最大模糊值暴露位置信息。  When the "hide" rule is no longer left, all rules are extracted from the target from the expose rule hash table, step 406. In step 406, in order to obtain the maximum blur range MaxError, the initial value of the value is set to 0 in advance. In step 407, it is judged whether there is a rule remaining. If not, the position information is exposed by (MaxError) in step 408. In this case, the original (i.e., real) GPS position information is exposed because MaxError = 0. If there are rules remaining, all rules containing matching time periods will be checked to obtain the maximum error range, and when the error value in the rule is greater than MaxError, the current error value is assigned to MaxError, ie steps 409, 410, 411 and 412 Show. The ultimate goal of using such an algorithm is to expose location information with a maximum ambiguity value.
图 5示出根据本发明的一个实施例的位置服务器的结构框图。 在根据本发明实施例, 位置服务器 102 包括用于从移动终端接收 GPS位置信息的装置 506 以及向目标应用提供所述 GPS位置信息的装 置 507。 位置服务器 102还包括以下这些装置:  Figure 5 is a block diagram showing the structure of a location server in accordance with one embodiment of the present invention. In accordance with an embodiment of the present invention, location server 102 includes means 506 for receiving GPS location information from a mobile terminal and means 507 for providing said GPS location information to a target application. The location server 102 also includes the following devices:
-用户数据存储装置 501 , 用于针对所述移动终端预先存储至少 一个规则, 所述至少一个规则包括条件部分和动作部分。 在本发明的 优选实施例中, 该规贝 'J可以是( target , t ime , reg ion, act ion ) 四 元组, 其中 target , t ime, reg ion是规贝 'J的条件部分, act ion是动 作部分, 动作部分规定的动作包括 hide和 expose ( error ), 即不暴 露移动终端的位置信息和以 error为误差量 "模糊地" 暴露移动终端 的位置信息。 当然, 在 error = 0的情况下, 暴露移动终端的真实位置 信息。 条件部分可以只包括 target , t ime, reg ion中的一个或任意两 个的组合。 -参数输入装置 508 , 是一个输入当前条件参数的接口, 在本例 中, 条件参数是请求 GPS位置信息的目标应用的标识 target , 当前时 间 t ime以及移动终端移动的区或 region; a user data storage means 501, configured to pre-store at least one rule for the mobile terminal, the at least one rule comprising a condition part and an action part. In a preferred embodiment of the present invention, the rule 'J may be a (target , t ime , reg ion, act ion ) quaternary, where target , t ime , reg ion is a conditional part of the rule 'J, act The ion is the action part, and the actions specified in the action part include hide and expose (error), that is, the position information of the mobile terminal is not exposed, and the position information of the mobile terminal is exposed "blurredly" with the error amount of error. Of course, in the case of error = 0, the real location information of the mobile terminal is exposed. The conditional part may include only one of target, t ime, reg ion, or a combination of any two. a parameter input device 508, which is an interface for inputting current condition parameters. In this example, the condition parameter is an identification target of the target application requesting GPS location information, a current time t ime, and a region or region in which the mobile terminal moves;
-决策请求生成装置 502 , 用于从移动终端接收 GPS位置信息时, 生成包括所述 GPS位置信息和条件参数的决策请求, 以提供给规则计 算装置 503;  - decision request generating means 502, for receiving GPS location information from the mobile terminal, generating a decision request including the GPS location information and condition parameters for providing to the rule calculation means 503;
-规则计算装置 503 , 将所述决策请求中的条件参数与用户数据存 储装置 501中的规则的条件部分相比较并生成决策结果; 图 4b给出了 具体的计算过程的实施例。 当然, 在本发明的基本框架内, 本领域技 术人员还可以设想其他一些计算方法;  - Rule calculation means 503, comparing the condition parameters in the decision request with the conditional part of the rules in the user data storage means 501 and generating a decision result; Figure 4b shows an embodiment of a specific calculation process. Of course, other computational methods are also contemplated by those skilled in the art within the basic framework of the present invention;
-决策结果执行装置 504 , 如果至少一个条件参数与所述条件部 分匹配, 则执行所述动作部分规定的动作。 规则的计算可以采用类似 于 " if ... then... " 条件控制的编程语言进行: If ( target i s A, t ime i s wi thin B and GPS locat ion update in reg ion C ) then act ion D, 决策结果执行装置 504将执行具体的决策结果 act ion。 例如, 如果结 果为 hide, 则不向目标应用发送 GPS位置信息。  The decision result execution means 504, if at least one condition parameter matches the condition part, performs the action specified by the action part. The calculation of the rule can be done in a programming language similar to the "if ... then..." conditional control: If ( target is A, t ime is wi thin B and GPS locat ion update in reg ion C ) then act ion D The decision result execution means 504 will perform a specific decision result action. For example, if the result is hide, no GPS location information is sent to the target app.
结合图 3给出的工作流程图中, 在步骤 301 , 只要有来自 GPS装 置的 GPS位置更新, 移动终端就会将该 GPS位置更新发送给位置服务 器。 因此, 位置更新信息越多, 位置服务器的计算成本就越高。 此外, 发送到位置服务器的更新越多, 移动终端生成的数据量就越大, 终端 用户的开销也相应变大。 因此, 如果从移动终端发出的 GPS位置更新 的数量减少, 则终端用户和位置服务器的成本将降低。 一个最直接的 优化方案时只在当前的 GPS位置离开先前位置一定距离 (例如, 50米 或 100米) 时才向位置服务器发送更新信息。  In conjunction with the workflow shown in Figure 3, in step 301, the mobile terminal transmits the GPS location update to the location server whenever there is a GPS location update from the GPS device. Therefore, the more location update information, the higher the computational cost of the location server. In addition, the more updates are sent to the location server, the larger the amount of data generated by the mobile terminal, and the greater the overhead of the terminal user. Therefore, if the number of GPS location updates issued from the mobile terminal is reduced, the cost of the end user and the location server will be reduced. One of the most straightforward optimizations sends update information to the location server only when the current GPS location leaves the previous location a certain distance (for example, 50 meters or 100 meters).
根据本发明的分布式私密性控制结构, 可以向移动终端提供一部 分 "隐藏" 规则, 根据设置的 "隐藏" 规则, 移动终端在满足 "隐藏" 条件的情况下, 根本不必向位置服务器发送 GPS位置更新, 从而减少 需要向位置服务器发送的 GPS位置更新的数量。 According to the distributed privacy control structure of the present invention, a part of the "hidden" rule can be provided to the mobile terminal. According to the set "hidden" rule, the mobile terminal does not have to send the GPS location to the location server at all if the "hidden" condition is satisfied. Update, thereby reducing The number of GPS location updates that need to be sent to the location server.
图 6示出根据本发明的在根据本发明的私密性控制机制中, 移动 终端执行的规则计算过程。  Figure 6 is a diagram showing a rule calculation process performed by a mobile terminal in the privacy control mechanism according to the present invention, in accordance with the present invention.
例如, 位置服务器支持两个应用 Appl 和 App2 , 则终端用户可以 设置以下规则:  For example, if the location server supports two apps, Appl and App2, the end user can set the following rules:
( target=Appl, t ime^iondaySa turday, region=(lat=10. 0, lng=10. 0, radius=100. 0) , action=Hide) , 以及 ( target=Appl, t ime^iondaySa turday, region=(lat=10. 0, lng=10. 0, radius=100. 0) , action=Hide) , and
( target =App2, time= weekend, region: (1 a t=10. 0, lng=10. 0, radius=200. 0) , action=Hide) 第一个规则表明, 对于应用 Appl , 如果时间是在星期六, 当用户 的移动区域在以纬度 10. 0、 经度 10. 0为中心、 半径为 100. 0米的圆 形区域内时, 不必从移动终端向位置服务器发送任何 GPS位置更新信 息。 而第二个规则表明, 对于应用 App2 , 如果时间是在周末, 当用户 的移动区域在以纬度 10. 0、 经度 10. 0为中心、 半径为 200. 0米的圆 形区域内时, 不必从移动终端向位置服务器发送任何 GPS位置更新信 息。 顺便提一下, 当 reg ion采用矩形时, 可以定义(xl , yl )、 ( x2 , y2 ) 两个点。  ( target =App2, time= weekend, region: (1 at=10. 0, lng=10. 0, radius=200. 0) , action=Hide) The first rule shows that for Appl, if the time is On Saturday, when the user's moving area is in a circular area with a latitude of 10.0 and a longitude of 1.00 and a radius of 100. 0 meters, it is not necessary to transmit any GPS location update information from the mobile terminal to the location server. The second rule shows that, for the application App2, if the time is on the weekend, when the user's moving area is in a circular area with a latitude of 10. 0, a longitude of 1.0, and a radius of 200. 0 meters, it is not necessary. Any GPS location update information is sent from the mobile terminal to the location server. Incidentally, when the reg ion adopts a rectangle, two points (xl , yl ), ( x2 , y2 ) can be defined.
在步骤 601中, 移动终端接收到 GPS位置更新; 在步骤 602中, 向规则计算装置发出决策请求, 该决策请求包括 GPS位置信息和至少 一个条件参数, 在本例中, 所述至少一个条件参数是目标应用标识、 当前时间、 移动区域; 步骤 603 中, 规则计算装置将决策请求中包含 的目标应用标识、 当前时间、 移动区域与用户数据存储装置 106 中存 储的规则进行比较; 在步骤 604 中, 规则计算装置判断条件参数是否 匹配, 即是否满足 "Hide" 条件; 如果匹配, 则移动终端不向位置服 务器发送 GPS位置更新, 如步骤 605所示。 如果条件参数不匹配, 移 动终端则向目标应用发送 GPS位置, 如步骤 606所示。 才艮据本发明的方法给出的移动终端中的改进可以减少位置更新消 息的数量, 降低位置服务器的处理开销。 当然, 移动终端上的客户端 软件必须 (例如通过下载等方式)知道 "隐藏" 的相关规则。 In step 601, the mobile terminal receives the GPS location update; in step 602, a decision request is sent to the rule computing device, the decision request including GPS location information and at least one condition parameter, in this example, the at least one condition parameter Is the target application identifier, the current time, and the mobile area; in step 603, the rule computing device compares the target application identifier, the current time, and the mobile area included in the decision request with the rules stored in the user data storage device 106; The rule calculation means determines whether the condition parameters match, that is, whether the "Hide" condition is satisfied; if it matches, the mobile terminal does not send the GPS location update to the location server, as shown in step 605. If the condition parameters do not match, the mobile terminal transmits a GPS location to the target application, as shown in step 606. Improvements in the mobile terminal given by the method of the present invention can reduce the number of location update messages and reduce the processing overhead of the location server. Of course, the client software on the mobile terminal must know the "hidden" related rules (for example, by downloading, etc.).
在该实施例中,配备了 GPS功能的移动终端依据相应规则, "自行" 处理了一些 GPS位置信息, 即有选择地隐藏一些 GPS信息, 相关的计 算并不会加大用户终端的负担, 而当系统中用户的数量和目标应用的 数量变大时, 这样的处理可以明显地减轻位置服务器的工作负荷。 移 动终端采用的规则机制可以与位置服务器的规则机制类似, 考虑到终 端设备的局限性, 优选地可以为移动终端设置一组隐藏规则。 移动终 端上的隐藏规则是从存储在位置服务器的该用户的隐藏规则中选择和 推导而得出。  In this embodiment, the GPS-equipped mobile terminal processes some GPS location information "on its own" according to the corresponding rules, that is, selectively hides some GPS information, and the related calculation does not increase the burden on the user terminal. Such a process can significantly reduce the workload of the location server when the number of users in the system and the number of target applications become large. The rule mechanism adopted by the mobile terminal can be similar to the rule mechanism of the location server. Considering the limitations of the terminal device, it is preferable to set a set of hidden rules for the mobile terminal. The hidden rules on the mobile terminal are derived from the selection and derivation of the user's hidden rules stored in the location server.
值得注意的是, 根据本发明的移动终端逻辑上也可以包括类似位 置服务器 102中的功能模块,只是其中执行的规则计算方法更加简单。 因此, 不再将移动终端的功能结构框图单独画出。  It is to be noted that the mobile terminal according to the present invention may logically include functional modules similar to those in the location server 102, except that the rule calculation method performed therein is simpler. Therefore, the functional block diagram of the mobile terminal is no longer drawn separately.
尽管结合了实施例来描述本发明, 但是本发明并不局限于任何实 施例。 本发明的范围由权利要求书限定, 并且包括各种可选方式、 修 改和等效替换。 因此, 本发明的保护范围应当由所附的权利要求书的 内容确定。 此外, 在根据本发明的实施例中, 以 GPS位置更新信息作 为位置更新信息的例子, 但本发明并不局限于此。 本发明的私密性保 护机制适用于处理任何一种位置信息的方法和设备。  Although the invention has been described in connection with the embodiments, the invention is not limited to any embodiments. The scope of the invention is defined by the claims, and includes various alternatives, modifications and equivalents. Therefore, the scope of the invention should be determined by the scope of the appended claims. Further, in the embodiment according to the present invention, the GPS position update information is taken as an example of the position update information, but the present invention is not limited thereto. The privacy protection mechanism of the present invention is applicable to methods and apparatus for processing any type of location information.

Claims

权利要求 Rights request
1. 一种在位置服务器上处理位置信息的方法, 该方法包括从移动 终端接收位置更新信息以及目标应用向所述位置服务器请求所述位置 更新信息, 其特征在于, 该方法还包括:  A method for processing location information on a location server, the method comprising: receiving location update information from a mobile terminal, and the target application requesting the location update information from the location server, the method further comprising:
针对所述移动终端预先存储至少一个规则, 所述至少一个规则包 括条件部分和动作部分;  Pre-storing at least one rule for the mobile terminal, the at least one rule including a condition part and an action part;
当从所述移动终端接收位置更新信息时, 生成包括所述位置更新 信息和至少一个条件参数的决策请求;  When receiving location update information from the mobile terminal, generating a decision request including the location update information and the at least one condition parameter;
将所述决策请求中的所述至少一个条件参数与所述条件部分相比 较; 以及  Comparing the at least one condition parameter in the decision request with the condition portion;
如果所述至少一个条件参数与所述条件部分匹配,则针对所述目标 应用执行所述动作部分规定的动作。  If the at least one condition parameter matches the conditional portion, the action specified by the action portion is performed for the target application.
2. 根据权利要求 1所述的方法, 其特征在于, 在所述条件部分是 目标应用的标识、 时间段、 移动区域中的至少一个, 并且,  2. The method according to claim 1, wherein the condition part is at least one of an identification, a time period, and a moving area of the target application, and
在所述条件部分是目标应用的标识的情况下, 所述至少一个条件 参数是向所述位置服务器请求所述位置更新信息的目标应用的标识; 在所述条件部分是时间段的情况下, 所述至少一个条件参数是从所述 移动终端接收所述位置更新信息的当前时间; 以及, 在所述条件部分 是移动区域的情况下, 所述至少一个条件参数是所述移动终端的移动 区域。  In a case where the condition part is an identifier of a target application, the at least one condition parameter is an identifier of a target application requesting the location update information from the location server; in a case where the condition part is a time period, The at least one condition parameter is a current time of receiving the location update information from the mobile terminal; and, in a case where the condition part is a mobile area, the at least one condition parameter is a mobile area of the mobile terminal .
3. 根据权利要求 1所述的方法, 其特征在于, 所述条件部分是终 端用户的背景, 相应的输入参数是用户的当前环境、 时间表、 活动、 以及用户的情绪中的一项或多项。  3. The method according to claim 1, wherein the condition part is a background of an end user, and the corresponding input parameter is one or more of a current environment, a schedule, an activity, and a user's emotion of the user. item.
4. 据权利要求 1所述的方法, 其特征在于, 所述动作部分是向所 述目标应用隐藏或者暴露所述位置更新信息。  4. The method of claim 1 wherein the action portion is to hide or expose the location update information to the target application.
5. 根据权利要求 4所述的方法, 其特征在于, 当所述动作部分是 暴露所述位置更新信息时, 进一步设置误差参数, 以按照所述误差参 数调整要暴露的位置信息的精度并发送给所述目标应用。 The method according to claim 4, wherein when the action part is exposed to the location update information, an error parameter is further set to follow the error parameter The number adjusts the accuracy of the location information to be exposed and sends it to the target application.
6. 根据权利要求 1或 2所述的方法, 其特征在于, 所述位置更新 信息是 GPS位置更新信息。  The method according to claim 1 or 2, wherein the location update information is GPS location update information.
7. 一种通信网络中使用的位置服务器, 包括用于从移动终端接收 位置更新信息的装置以及向目标应用提供所述位置更新信息的装置, 其特征在于, 该位置服务器进一步包括:  A location server for use in a communication network, comprising: means for receiving location update information from a mobile terminal; and means for providing the location update information to the target application, wherein the location server further comprises:
用户数据存储装置, 用于针对所述移动终端预先存储至少一个规 则, 所述至少一个规则包括条件部分和动作部分;  a user data storage device, configured to pre-store at least one rule for the mobile terminal, where the at least one rule includes a condition part and an action part;
决策请求生成装置, 用于从所述移动终端接收位置更新信息时, 生成包括所述位置更新信息和至少一个条件参数的决策请求;  a decision request generating means, configured to generate a decision request including the location update information and the at least one condition parameter when receiving the location update information from the mobile terminal;
规则计算装置, 用于将所述决策请求中的所述至少一个条件参数 与所述条件部分相比较; 以及  a rule calculation means, configured to compare the at least one condition parameter in the decision request with the condition part;
决策结果执行装置, 如果所述至少一个条件参数与所述条件部分  a decision result execution device, if the at least one condition parameter and the condition portion
8. 根据权利要求 7所述的位置服务器, 其特征在于, 在所述条件 部分是目标应用的标识、 时间段、 移动区域中的至少一个, 并且, 在所述条件部分是目标应用的标识的情况下, 所述至少一个条件 参数是向所述位置服务器请求所述位置更新信息的目标应用的标识; 在所述条件部分是时间段的情况下, 所述至少一个条件参数是从所述 移动终端接收位置更新信息的当前时间; 以及, 在所述条件部分是移 动区域的情况下,所述至少一个条件参数是所述移动终端的移动区域。 The location server according to claim 7, wherein the condition part is at least one of an identifier, a time period, and a moving area of the target application, and wherein the condition part is an identifier of the target application. In the case, the at least one condition parameter is an identifier of a target application that requests the location update information from the location server; where the condition part is a time period, the at least one condition parameter is from the mobile a current time at which the terminal receives the location update information; and, in a case where the condition portion is a mobile region, the at least one condition parameter is a mobile region of the mobile terminal.
9. 根据权利要求 7所述的位置服务器, 其特征在于, 所述动作部 分是向所述目标应用隐藏或者暴露所述位置更新信息。  9. The location server according to claim 7, wherein the action portion hides or exposes the location update information to the target application.
10. 根据权利要求 9所述的位置服务器, 其特征在于, 当所述动 作部分是暴露所述位置更新信息时, 进一步设置误差参数, 以按照所 述误差参数调整要暴露的位置信息的精度。  10. The location server according to claim 9, wherein when the action portion exposes the location update information, an error parameter is further set to adjust the accuracy of the location information to be exposed according to the error parameter.
11. 一种在移动终端上处理位置信息的方法, 包括从定位装置接 收位置更新信息以及向位置服务器发送所述位置更新信息, 其特征在 于, 该方法进一步包括: 11. A method of processing location information on a mobile terminal, comprising receiving from a location device And receiving the location update information and sending the location update information to the location server, where the method further includes:
针对所述移动终端预先存储至少一个规则, 所述至少一个规则包 括条件部分和动作部分;  Pre-storing at least one rule for the mobile terminal, the at least one rule including a condition part and an action part;
接收所述位置更新信息时, 生成包括所述位置更新信息和至少一 个条件参数的决策请求;  And when the location update information is received, generating a decision request including the location update information and the at least one condition parameter;
将所述决策请求中的所述至少一个条件参数与所述条件部分相比 较; 以及  Comparing the at least one condition parameter in the decision request with the condition portion;
决策结果执行装置, 如果所述至少一个条件参数与所述条件部分 匹配, 则针对所述位置服务器执行所述动作部分规定的动作。  The decision result executing means, if the at least one condition parameter matches the condition part, performs an action specified by the action part for the location server.
12. 根据权利要求 11所述的方法, 其特征在于, 所述动作部分规 定的动作是抑制向所述位置服务器发送所述位置更新信息。  The method according to claim 11, wherein the action specified by the action portion is to suppress transmission of the location update information to the location server.
13. 一种配备定位功能的移动终端, 包括从定位装置接收位置更 新信息的装置以及向位置服务器提供所述位置更新信息的装置, 其特 征在于, 该移动终端还包括:  A mobile terminal equipped with a positioning function, comprising: means for receiving location update information from a positioning device; and means for providing the location update information to the location server, wherein the mobile terminal further comprises:
用户数据存储装置, 用于针对所述移动终端预先存储至少一个规 则, 所述至少一个规则包括条件部分和动作部分;  a user data storage device, configured to pre-store at least one rule for the mobile terminal, where the at least one rule includes a condition part and an action part;
决策请求生成装置, 用于从所述定位装置接收位置更新信息时, 生成包括所述位置更新信息和至少一个条件参数的决策请求;  a decision request generating means, configured to generate a decision request including the location update information and the at least one condition parameter when receiving the location update information from the positioning device;
规则计算装置, 用于将所述决策请求中的所述至少一个条件参数 与所述条件部分相比较; 以及  a rule calculation means, configured to compare the at least one condition parameter in the decision request with the condition part;
决策结果执行装置, 如果所述至少一个条件参数与所述条件部分 匹配, 则针对所述位置服务器执行所述动作部分规定的动作。  The decision result executing means, if the at least one condition parameter matches the condition part, performs an action specified by the action part for the location server.
14. 根据权利要求 13所述的移动终端, 其特征在于, 所述动作部 分规定的动作是抑制向所述位置服务器发送所述 GPS位置信息。  The mobile terminal according to claim 13, wherein the predetermined action of the action portion is to suppress transmission of the GPS location information to the location server.
PCT/CN2009/070296 2009-01-23 2009-01-23 Method and related device for realizing protection of the privacy of user location information WO2010083654A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN2009801550491A CN102293021A (en) 2009-01-23 2009-01-23 Method and related device for realizing protection of the privacy of user location information
PCT/CN2009/070296 WO2010083654A1 (en) 2009-01-23 2009-01-23 Method and related device for realizing protection of the privacy of user location information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2009/070296 WO2010083654A1 (en) 2009-01-23 2009-01-23 Method and related device for realizing protection of the privacy of user location information

Publications (1)

Publication Number Publication Date
WO2010083654A1 true WO2010083654A1 (en) 2010-07-29

Family

ID=42355496

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/070296 WO2010083654A1 (en) 2009-01-23 2009-01-23 Method and related device for realizing protection of the privacy of user location information

Country Status (2)

Country Link
CN (1) CN102293021A (en)
WO (1) WO2010083654A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104270717A (en) * 2014-03-29 2015-01-07 华为技术有限公司 Positional accuracy control device and method
CN104581625A (en) * 2014-11-12 2015-04-29 华中科技大学 Position privacy protection method and system based on particle size control
CN105430033A (en) * 2014-09-17 2016-03-23 宇龙计算机通信科技(深圳)有限公司 Method and device for protecting position of terminal
CN105472547A (en) * 2014-08-15 2016-04-06 中国电信股份有限公司 Method, terminal and system for protecting user position privacy
CN106304042A (en) * 2015-06-17 2017-01-04 中兴通讯股份有限公司 A kind of mobile terminal locations safeguard method and device
CN108429856A (en) * 2018-02-28 2018-08-21 维沃移动通信有限公司 A kind of location information acquisition methods and mobile terminal

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104684073A (en) * 2013-11-29 2015-06-03 腾讯科技(深圳)有限公司 User position positioning method and user position positioning device
CN105611486B (en) * 2015-08-27 2019-05-14 宇龙计算机通信科技(深圳)有限公司 The operation method of user domain, the operating system of user domain and terminal device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5948043A (en) * 1996-11-08 1999-09-07 Etak, Inc. Navigation system using GPS data
EP1548456A1 (en) * 2003-12-17 2005-06-29 Motorola, Inc. Location updating method and apparatus for a cellular subscriber unit comprising a communication receiver and a GPS receiver
US20060079244A1 (en) * 2004-09-09 2006-04-13 Posner Jeffrey S System and method for collecting continuous location updates while minimizing overall network utilization
CN101203038A (en) * 2006-12-13 2008-06-18 华为技术有限公司 Method for processing location updating request and network entity

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5948043A (en) * 1996-11-08 1999-09-07 Etak, Inc. Navigation system using GPS data
EP1548456A1 (en) * 2003-12-17 2005-06-29 Motorola, Inc. Location updating method and apparatus for a cellular subscriber unit comprising a communication receiver and a GPS receiver
US20060079244A1 (en) * 2004-09-09 2006-04-13 Posner Jeffrey S System and method for collecting continuous location updates while minimizing overall network utilization
CN101203038A (en) * 2006-12-13 2008-06-18 华为技术有限公司 Method for processing location updating request and network entity

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104270717A (en) * 2014-03-29 2015-01-07 华为技术有限公司 Positional accuracy control device and method
CN105472547A (en) * 2014-08-15 2016-04-06 中国电信股份有限公司 Method, terminal and system for protecting user position privacy
CN105472547B (en) * 2014-08-15 2019-07-26 中国电信股份有限公司 A kind of method, terminal and system for protecting user location privacy
CN105430033A (en) * 2014-09-17 2016-03-23 宇龙计算机通信科技(深圳)有限公司 Method and device for protecting position of terminal
CN104581625A (en) * 2014-11-12 2015-04-29 华中科技大学 Position privacy protection method and system based on particle size control
CN106304042A (en) * 2015-06-17 2017-01-04 中兴通讯股份有限公司 A kind of mobile terminal locations safeguard method and device
CN108429856A (en) * 2018-02-28 2018-08-21 维沃移动通信有限公司 A kind of location information acquisition methods and mobile terminal

Also Published As

Publication number Publication date
CN102293021A (en) 2011-12-21

Similar Documents

Publication Publication Date Title
WO2010083654A1 (en) Method and related device for realizing protection of the privacy of user location information
US10104534B2 (en) System and method for location privacy and location information management over wireless systems
KR101227707B1 (en) Method and device for controlling use of context information of a user
JP4833620B2 (en) Licensing based on location information
JP2021527349A (en) Data anonymization for service subscriber privacy
EP2577551B1 (en) Identity management via cloud
US20160078095A1 (en) Location-based updating of profile data
EP2770769B1 (en) Terminal and server for applying security policy, and method of controlling the same
KR101158150B1 (en) A method and system for managing access to presence attribute information
US20060141985A1 (en) Dynamic management for interface access permissions
US20140282893A1 (en) Reducing authentication confidence over time based on user history
US20120255026A1 (en) Method and device for managing digital usage rights of documents
CN1545792A (en) System and method for location based web services
JP2004118456A (en) Authentication system of mobile terminal using position information
CN105981331A (en) An entity handle registry to support traffic policy enforcement
CN101123644A (en) An authorized management system and authorized management server
US20110066712A1 (en) User-defined services in a personal distributed network
JP2021501394A (en) Controlling the operation of computing devices
CN111567023B (en) Method of providing notification and electronic device supporting the same
JP2015176172A (en) Apparatus control device in common space, apparatus control method, program, recording medium storing program, and control method using portable information terminal
CN111835523B (en) Data request method, system and computing device
KR102222342B1 (en) System and method for controlling use of credit cards in advance and computer program for the same
JP2004295437A (en) Schedule management method
JP2013137595A (en) Content access management system, content access management method and program
JP5662811B2 (en) Server apparatus and program thereof

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200980155049.1

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09838621

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09838621

Country of ref document: EP

Kind code of ref document: A1