WO2014031041A1 - Policy composing apparatus and control method therefor - Google Patents

Policy composing apparatus and control method therefor Download PDF

Info

Publication number
WO2014031041A1
WO2014031041A1 PCT/SE2012/050888 SE2012050888W WO2014031041A1 WO 2014031041 A1 WO2014031041 A1 WO 2014031041A1 SE 2012050888 W SE2012050888 W SE 2012050888W WO 2014031041 A1 WO2014031041 A1 WO 2014031041A1
Authority
WO
WIPO (PCT)
Prior art keywords
policy
fragments
information
composing
step
Prior art date
Application number
PCT/SE2012/050888
Other languages
French (fr)
Inventor
Johan Hjelm
Original Assignee
Telefonaktiebolaget L M Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget L M Ericsson (Publ) filed Critical Telefonaktiebolaget L M Ericsson (Publ)
Priority to PCT/SE2012/050888 priority Critical patent/WO2014031041A1/en
Publication of WO2014031041A1 publication Critical patent/WO2014031041A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management, e.g. organising, planning, scheduling or allocating time, human or machine resources; Enterprise planning; Organisational models
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/06Electricity, gas or water supply

Abstract

There is provided a policy composing apparatus for composing a policy for use in obfuscating requested information prior to providing it to a requesting party in order to protect privacy. The policy composing apparatus comprises, among other things, a detecting unit configured to detect a potential threat to privacy caused by release of requested information, by analyzing a request for information, a searching unit configured to search for a set of policy fragments that can relieve the potential threat, an excluding unit configured to exclude unsuitable policy fragments from the set of policy fragments, and a composing unit configured to compose the policy based on one or more policy fragments selected from the set of policy fragments from which the unsuitable policy fragments have been excluded.

Description

DESCRIPTION

POLICY COMPOSING APPARATUS AND CONTROL METHOD THEREFOR

TECHNICAL FIELD

[0001] The present invention generally relates to a technique for composing a policy for use in

obfuscating requested information in order to protect privacy .

BACKGROUND

[0002] In the so called smart grid, electrical consumption is managed to a much higher degree than in current systems. This assumes both a metering and control system, which are usually implemented in two components: A "smart meter" which measures the

consumption of electrical energy in a connected household; and a CEMS, or Consumer premises Electric Management System. The CEMS can be implemented in the same node as the smart meter, but its functions are to control the delivery of energy.

[0003] To enable precise payments for the consumed energy, it is desirable to have frequent measurements or sampling values for the energy consumed. In some countries, hourly measurements is becoming the norm, but smart meters are capable of much more precise measurements, which can be aggregated per reporting period. The measurements may be further aggregated to compose the bill for the consumed energy.

[0004] The measurement is not normally related to individual devices, although it is possible to make the measurement related to individual devices even without additional measurement points, as the technology has continued to develop towards more precise measurement technologies. This may result in the problem described later .

[0005] One additional piece of background to the present invention is that the collection and use of context information for various purposes has been thoroughly exploited in several inventions filed by various parties; see References [1, 2, 3, 4, 5, 16, 17, 18] .

[0006] Meanwhile, when user's data is collected by a sensor system, for instance a smart meter, privacy becomes a problem. Currently, information about consumer actions, such as the television programs a person has been viewing, can be analyzed; see

References [6, 7] .

[0007] It is possible to track individual TV program viewing if the sampling interval is shorter than the rate of change in other appliances in the household - i.e., a TV program can be deconstructed in terms of changes in how bright the screen is and how loud the music is; these changes can be deconstructed into a unique pattern for each television show, or even video. However, a refrigerator or washing machine work in the opposite way from a TV set, since these

appliances basically function by a heating element combined with a motor and a pump, which do the work for an extended duration of time. Even if individual television programs are not traced, the knowledge of person' s or family' s electric consumption patterns are problematic from a privacy perspective, as they reveal a great deal about the person or family and their preferences, potentially in a damaging way.

[0008] Regarding privacy solutions, one existing solution, which is frequently applied, is to hide the user in a group of similar users. However, this does not work very well.

[0009] Instead of providing information about the individual user, providing information about the group the user belongs to provides issues in the grouping itself. For large groups, it is ineffective in terms of processing, since the values for each user has to be processed separately. Alternatively, the users values are represented by a standardized statistic value, such as the average or median of the group, in which case processing is not so demanding, but instead there is a risk that the values represent the true value of the user very closely; or that outliers distort the value so that it is not actually usable for the receiver. Even if outliers are removed, the values can potentially be tied to the subject of the sample.

[0010] One solution to this problem which is frequently applied is to add a level of noise to each sample. However, if noise is added for each query, the resulting data set will become increasingly distorted for each query, ending up in nothing but noise (if the noise that is added is at a too low level, it will be possible over repeated queries to discern the actual values); see Reference [8].

[0011] One solution is to apply a budget for the noise that is being added (a privacy budget) , which is gradually used up by queries. However, there is a risk that the entire budget will be used up, so that there is no budget left to answer queries. This is

particularly true if queries asked are not tightly standardized, but varies in terms of the data and analysis that the queries perform. This is

particularly true when data is released to third parties for analysis. Introducing noise into the measurements, as well as methods to control the insertion of noise, has been the subject of

investigations by various parties; see References [10, 11, 12, 13, 14, 15] . However, the control mechanism for this is different in all use cases. A generic mechanism for the control of noise insertion would be desirable .

[0012] When users consume electricity and the measurement interval is shorter than that which

reflects changes in the consumption rate that can be traced back to privacy-sensitive activities, such as watching television programs, privacy violations may occur .

SUMMARY

[0013] The present invention has been made in view of the above circumstances, and it is an object thereof to provide a technique for composing a policy for use in obfuscating requested information in order to protect privacy, such that it becomes more difficult to know the non-obfuscated version of the requested information .

[0014] According to the first aspect of the present invention, there is provided a policy composing apparatus for composing a policy for use in obfuscating requested information prior to providing it to a requesting party in order to protect privacy. The policy composing apparatus comprises a receiving unit configured to receive a request for information, a selecting unit configured to select a policy

enforcement apparatus that enforces the policy, by analyzing the request for information, and a detecting unit configured to detect a potential threat to privacy caused by release of the requested information, by analyzing the request for information. The policy composing apparatus also comprises a searching unit configured to search for a set of policy fragments that can relieve the potential threat, an excluding unit configured to exclude unsuitable policy fragments from the set of policy fragments, and a composing unit configured to compose the policy based on one or more policy fragments selected from the set of policy fragments from which the unsuitable policy fragments have been excluded. The policy composing apparatus further comprises a providing unit configured to provide the policy enforcement apparatus with the policy .

[ 0015 ] According to the second aspect of the present invention, there is provided a method for controlling a policy composing apparatus for composing a policy for use in obfuscating requested information prior to providing it to a requesting party in order to protect privacy. The method comprises a receiving step of receiving a request for information, a selecting step of selecting a policy enforcement apparatus that enforces the policy, by analyzing the request for information, and a detecting step of detecting a potential threat to privacy caused by release of the requested information, by analyzing the request for information. The method also comprises a searching step of searching for a set of policy fragments that can relieve the potential threat, an excluding step of excluding unsuitable policy fragments from the set of policy fragments, and a composing step of composing the policy based on one or more policy fragments selected from the set of policy fragments from which the

unsuitable policy fragments have been excluded. The method further comprises a providing step of providing the policy enforcement apparatus with the policy.

[0016] By virtue of the above features, it is possible to compose a policy for use in obfuscating requested information in order to protect privacy, such that it becomes more difficult to know the non- obfuscated version of the requested information.

[0017] Further features and advantages of the present invention will be apparent from the following description with reference to the accompanying drawings, in which like reference characters designate the same or similar parts throughout the figures thereof.

BRIEF DESCRIPTION OF DRAWINGS

[0018] Fig. 1 illustrates an overview of a system

100 according to a first embodiment of the present invention;

[0019] Fig. 2 is a sequence diagram illustrating a policy provisioning procedure according to the first embodiment of the present invention;

[0020] Fig. 3 illustrates an overview of a system

300 according to a second embodiment of the present invention;

[0021] Fig. 4 is a sequence diagram illustrating a policy provisioning procedure according to the second embodiment of the present invention;

[0022] Fig. 5 illustrates a first example of obfuscation of the requested information; and

[0023] Fig. 6 illustrates a second example of obfuscation of the requested information.

DETAILED DESCRIPTION

(First Embodiment)

[0024] Fig. 1 illustrates an overview of a system

100 according to a first embodiment of the present invention. As shown in Fig. 1, the system 100

comprises a controlled distortion server (CDS) 110, which is also referred to as a policy composing apparatus, context reporting agents 120a and 120b, and policy enforcement points (PEPs) 130a and 130b. The context reporting agent 120a and the PEP 130a are included in a smart meter 140. The context reporting agent 120b and the PEP 130b are included in a

measurements database 150. In the following

description, when it is not necessary to exactly distinguish the context reporting agents 120a and 120b with each other, they may be collectively referred to as a context reporting agent 120. Similarly, the PEPs 130a and 130b may be collectively referred to as a PEP 130.

[0025] The CDS 110 implements the mechanism to control the distortion of collected measurement data in a structured way. The CDS 110 comprises a context database 111, a policy database 112, a policy decision point (PDP) 113, and a policy provisioning function 114. The CDS 110 also comprises a central processing unit

(CPU) 115, a read only memory (ROM) 116, and a random access memory (RAM) 117. The functionality of the PDP 113 and the policy provisioning function 114 of the CDS 110 may be implemented by the CPU 115 which executes software stored in the ROM 116 with using the RAM 117 as a work area. Alternatively, the functionality of at least one of the PDP 113 and the policy provisioning function 114 may be implemented using dedicated

hardware, or by the combination of software and

hardware .

[0026] The context database 111 is a database for context. Context is a collective name for parameters pertaining to the description of a situation of a user or device. There are many ways of describing context, and it has also been the subject of several patents and patent applications by various parties. While context can contain multiple parameters and their values, for the purpose of the present embodiment, it is sufficient to consider two aspects: The capabilities information and the actors involved. The first aspect, the

capabilities information, will be described later in more detail. The second aspect is the identity of the actors involved. While this is frequently handled using other, separate mechanisms, the identity of the user, the devices the user is using, and the identities of those devices can be considered part of the context of each other. The actual mechanism of identity management is not described in more detail, as this is well known in the art. The context database 111 contains the capabilities information collected from the PEP 130. The capabilities information will be used for determining what distortions are possible in the PEP 130.

[0027] The policy database 112 is a database for policy elements or fragments, which can be instantiated in the PEP 130. It also serves as storage for the master policy, which can be provisioned by an external party, such as the operator, the user, an electricity company, or similar.

[0028] The PDP 113 determines which policy

elements should be applied in the available PEPs, according to the capabilities information of the available PEPs and the master policy.

[0029] The policy provisioning function 114 (a) delivers the policies composed by the PDP 113 to the PEPs, and (b) receives provisioned policies, including policy elements, from the entity responsible for

managing the policies. Here, this entity is called the "user", but it could equally well be the electricity network provider, the operator of a telecommunications network, a group of concerned citizens, or any other similar third party.

[0030] The context reporting agent 120 is co- located with the PEP 130 in the location where

distortion is to be implemented. It reports the

capabilities for distortion to the context database 111. The context reporting agent 120 is a supporting

function, and can be implemented by a person skilled in the art based on any known art.

[0031] The PEP 130 is co-located with the context reporting agent 120 and is responsible for the

enforcement of the policies received from the CDS 110.

[0032] It should be noted that while the present embodiment only discusses the aggregation of data or information on request, the aggregation can take place continuously or discretely but at pre-selected

intervals which do not have to relate to the requests. The process will be the same whether the aggregation is triggered from the requestor or the aggregator. It will be slightly different if the data collection from the smart meters is done using a push mechanism, but only in the way that the triggering of the collection process is deferred. [0033] It should also be noted that in this document, the distortion control mechanism is described as operating using policies. While this is a possible technical solution, other control signaling mechanisms implementing other message types could also be used.

[0034] It should also be noted that the collection of context information in the present embodiment is described as taking place during the discovery of the context reporting agent 120 by the servers in the network. However, the collection of context

information can also take place during the process of responding to a request. In this case, the context information reporting and requesting may be performed as updates and queries to a central database of context information maintained inside or outside the CDS 110.

[0035] The system 100 may also comprise a response server 160. The response server 160 receives the requests for information regarding an entity under the purview of the CDS 110, authenticates the requestor, and sends the request to the CDS 110.

[0036] The measurements database 150 contains the collected information regarding the operations of the entities under the purview of the CDS 110. The

information can for instance be measurements regarding electricity consumption, if this method is applied to electric meters. In some circumstances, some or all of the information in the measurements database 150 can be considered part of the context information.

[0037] Fig. 2 is a sequence diagram illustrating a policy provisioning procedure according to the first embodiment of the present invention. Before the step S201 is executed, a request for information of the type which is stored in the measurements database 150 is received by the response server 160. The response server 160 then requests information from the

measurements database 150. When servicing the request, the measurements database 150 discovers that a policy needs to be applied to the response. This may be a general policy of the entity owning the measurements database 150, it can be a legal condition (which might apply in countries like Japan) , or it may be a special condition that e.g., applies to the contract of the entity (i.e., you can pay an extra fee of 20$ per month if you want your privacy to be protected) . This can actually be acceptable to users; see Reference [19]. Then, the procedure starts from step S201.

[0038] S201: The PEP 130b in the measurements database 150 queries the PDP 113 in the CDS 110 for an applicable policy. In this step, the PDP 113 receives a request for information. In the present embodiment, it is assumed that the requested information is information about electric power consumption measured by the smart meter 140. It should be noted that the initiation may not be triggered by a request as such, but by an operation such as the starting of the device or other similar operation. The triggering contains information about what data is requested, and what the purpose of using it is. It should also be noted that this behavior is not specific to the PEP 130b; all PEPs are expected to act in the same way.

[0039] S202: The PDP 113 retrieves the master policy from the policy database 112.

[0040] S203: The PDP 113 checks whether the identity of the entity for which information is

requested is registered in the master policy, and what level of privacy protection, applicable operations, policies etc. are prescribed.

[0041] S204: The PDP 113 in the CDS 110 looks up the applicable PEP pertaining to the entity for which information is requested by checking the context information for the concerned entity in the context database 111. In the present embodiment, it is assumed that the PEP 130a is selected as an applicable PEP.

[0042] S205: The PDP 113 retrieves the

capabilities information of the PEP 130a from the context reporting agent 120a. Alternatively the capabilities information may be retrieved from the context database 111.

[0043] S206: The PDP 113 retrieves the appropriate policy fragments from the policy database 112.

[0044] S207: The PDP 113 composes an applicable policy. It should be noted that this composition also may register which operations are prescribed in the policies when writing back the master policy to the policy database 112.

[0045] S208: The PDP 113 triggers the policy provisioning function 114, and provides it with a list of applicable PEPs and policies which they are to enforce. It should be noted that this essentially means that you can change the privacy budget and distortion mechanism for different PEP on the fly, which means it becomes very difficult for an attacker who tries to determine which mechanism you are using by performing repeated queries to determine a pattern from the responses.

[0046] S209a and S209b: The policy provisioning function 114 delivers the policies to the PEPs 130a and 130b.

[0047] S210a and S210b: The PEPs 130a and 130b enforces the policies.

[0048] After that, the measurements database 150 queries the entities in which the PEPs are embedded for information. The PEPs enforce the policies requested, distorting the responses appropriately. However, this is not evident to the measurements database 150. The measurements database 150 then services the response server 160 with the requested information.

[0049] Next, details about the master policy will be described. The master policy has to be set so that the distortions do not disrupt legitimate operations; this may for instance mean that if you are using the information for charging, and the price is set per hour, the PEP can be directed to aggregate the total

consumption during one hour and present a mean value, even if the request is to provide information regarding the consumption during single minutes or even shorter time periods. Hence, the master policy is set by an entity external to the system described here, and received using the policy provisioning function 114.

[ 0050 ] The master policy is derived by taking the capabilities of the PEPs, in particular the PEP 130b in the measurements database 150, into account; and by including the known applications of the data into account. These are assumed to be described in terms of elemental properties as well. For instance, if the charging system calculates the consumption every hour starting from midnight every day, and does this by averaging the consumption over 24 hours, apply a price which is calculated by retrieving the current spot price on offer from the electricity provider every hour, averaging that over 24 hours, and then calculating the amount to be debited (the averaged price times the averaged consumption per hour) , then the master policy should declare that the obfuscation periods should be one hour or shorter, since they would otherwise interfere with the hourly price calculation.

[0051] This particular policy fragment would look as follows:

<policy : Policy

xmlns : policy=http : //example . com/Policy

<tns : TimeSeries

xmlns : tns=http : //example . com/Statistics

<tns :Method>AVG</tns :Method>

<tns : SeriesLength>3600</tns : SeriesLength> <tns : Scale>Seconds</tns : Scale> </tns : TimeSeries>

<tns : DailyAvg

xmlns : tns=http : //example . com/Statistics

<tns :Method>AVG</tns :Method>

<tns : SeriesLength>24</tns : SeriesLength> <tns : Scale>Hour</tns : Scale>

</tns : DailyAvg>

</policy:Policy>

[0052] The master policy applying this would look as follows (assuming the charging method described above has been declared in the same way, naming it "24Average") :

<chg : Charging

xmlns : chg=http : //example . com/Charging <chg : Interval><tns : DailyAvg/x/chg : Interval>

<chg : ChargeMethod>24Average</chg : ChargeMethod> </chg : Charging>

[0053] Obviously, there can be many other policy fragments which can be combined into a complete master policy. Since the master policy would depend on several application-dependent factors, a complete master policy has not been defined here, but using the languages defined in References [24, 25], the

standardized and well-known XML methods of combining policy fragments can be used.

[0054] In this process, the potential conflict between policy elements have to be determined and resolved. For instance, if the time series computation is done using hourly averages, whereas the debiting is done using an hourly median, this will require

extensive recalculations unless the right values are computed from the start. Hence, before the master policy itself is applied, conflict resolution has to be applied to it.

[0055] Next, details about the capabilities information will be described. Capabilities are the ability to perform functions, as defined in Reference

[22], or differently expressed, the resource in

References [24, 25] . By providing a representation of the resource in WSDL or a similar description language, the resource becomes accessible to parties who want to utilize the resource to perform functions. In

Reference [25] , the assumption is that the capabilities definition should be application-specific, i.e., for each domain there is a separate name space where the capabilities and their properties are declared. The agent resolving the WS-Resource request responds using the application-specific name space values represented in the request. If no application-specific function exists, the response is null.

[0056] Capabilities information usually serves to describe properties of a device which pertain to its propensity to perform operations, such as the screen size, which pertains to the propensity to display images, video, etc; or the network interfaces, which pertains to its propensity to perform message exchanged with other entities. Both capabilities and other context information, their collection, management, and storage have been explored extensively in the prior art; see References [16, 17, 18].

[0057] As an example, a fragment declaring the ability to compute averages on an hourly basis would look as follows:

<tns : TimeSeries

xmlns : tns=http : //example . com/Statistics

<tns :Method>AVG</tns :Method> <tns : SeriesLength>3600</tns : SeriesLength> <tns : Scale>Seconds</tns : Scale> </tns : TimeSeries>

[0058] It should be noted that the representation of each capability will be dependent on the properties of that capability, and hence have to be declared in an application-specific name space, as is described in Reference [25] . It should also be noted that a

resource will be able to present all its capabilities, which can be quite an extensive list, and which will have to be filtered by the requestor to derive only the desired capabilities. For more on capabilities

representation, see Reference [9].

(Second Embodiment)

[0059] In the first embodiment, the control of the generation of the policy is done through a master policy. While techniques exist to determine such policies (see Reference [21]), having a single static policy makes the system sensitive to attacks which attempt to determine the content of the policy and then deconstruct any privacy preservation methods applied to the data through discerning any patterns in the

distortions introduced.

[0060] Hence, it would be desirable to have a system which could instantiate automatic variations in the policies composed depending on the query pattern.

[0061] Fig. 3 illustrates an overview of a system 300 according to a second embodiment of the present invention. Compared to the system 100 shown in Fig. 1, the system 300 comprises a controlled distortion server (CDS) 310 in place of the CDS 110.

[0062] The CDS 310 comprises a request analysis function 311, a policy composer function 312, a threats database 313, a request history database 314, a context database 315, a policy history database 316, which is also referred to as a usage history database, a policy database 317, a rules and constraints database 318, and a policy provisioning function 319. The CDS 310 also comprises a central processing unit (CPU) 320, a read only memory (ROM) 321, and a random access memory (RAM) 322. The functionality of the request analysis

function 311, the policy composer function 312, and the policy provisioning function 319 of the CDS 310 may be implemented by the CPU 320 which executes software stored in the ROM 321 with using the RAM 322 as a work area. Alternatively, the functionality of at least one of the request analysis function 311, the policy composer function 312, and the policy provisioning function 319 may be implemented using dedicated

hardware, or by the combination of software and

hardware .

[0063] The threats database 313 contains

information about which threats are applicable, encoded in a machine-readable form (e.g., as AVDL; see Reference [23]) . It is assumed to be externally

provisioned, for instance by an electricity company, an operator, or a third party such as a dedicated security company .

[0064] The request history database 314 contains information about which requests for information have been received by the measurements database 150,

including information about who the requester were, and when the request was received.

[0065] The context database 315 is the same as the context database 111 shown in Fig. 1.

[0066] The policy history database 316 contains information about which policy fragments were applied to which PEP at which time.

[0067] The policy database 317 is the same as the policy database 112 shown in Fig. 1.

[0068] The rules and constraints database 318 contains information about which rules and constrains should be applied for different PEP in different

contexts. For instance, while a PEP may be capable of executing a certain set of operations, it may not be feasible to do so when it is disconnected from the fixed network and only has a mobile connection; or the user may only have a "bronze" subscription and not

"gold", so only a lower level of protection should be applied. This database is externally provisioned, for instance by the electricity company, a network operator, the user themselves, or a third party such as an independent security company. If the provisioner is an MNO (Mobile Network Operator) or MVNO (Mobile Virtual Network Operator) , the information in the database can be extracted from the databases containing user

information in the network, e.g., using the CAI3G interface .

[0069] Fig. 4 is a sequence diagram illustrating a policy provisioning procedure according to the second embodiment of the present invention. As with the first embodiment, the triggering is driven by the

measurements database 150. The policy provisioning can consist of any of the many such mechanisms which exist, e.g., using OMA DM or a similar standard.

[0070] S401: The PEP 130b in the measurements database 150 queries the request analysis function 311 in the CDS 310 for an applicable policy. In this step, the request analysis function 311 receives a request for information. In the present embodiment, it is assumed that the requested information is information about electric power consumption measured by the smart meter 140. It should be noted that the initiation may not be triggered by a request as such, but by an operation such as the starting of the device or other similar operation. The triggering (i.e., the request for information) contains information about what data is requested, and what the purpose of using it is. It should be noted that this behavior is not specific to the PEP 130b; all PEPs are expected to act in the same way .

[0071] S402: The request analysis function 311 analyzes the request for information for the purpose of knowing applicable PEP and query patterns.

[0072] S403: The request analysis function 311 accesses the context database 315 and selects, based on the analysis made in step S402, one or more PEPs that enforce the policy. In the present embodiment, it is assumed that the PEP 130a is selected.

[0073] S404: Depending on the identity of the selected PEP 130a, the request analysis function 311 retrieves the rules and constraints concerning the PEP 130a from the rules and constraints database 318.

[0074] S405: The request analysis function 311 retrieves the history of previous requests from the request history database 314.

[0075] S406: The request analysis function 311 retrieves the potential threats from the threats database 313.

[0076] S407: The request analysis function 311 retrieves the metadata of the policy fragments from the policy database 317. This is to verify which

operations are possible to direct the PEP 130a selected in step S403 to perform.

[0077] S408: The request analysis function 311 then analyzes the request for information itself. It checks which information is requested and what type of privacy violation it may be used for according to the information retrieved from the threats database 313. In this step, the history of previous requests

retrieved in step S405 is also considered. For

instance, a request for a per-second breakdown of electrical data can be used to identify which

television programs a user is watching, as described in Reference [7] . In other words, in this step, the request analysis function 311 detects, from the

potential threats retrieved in step S406, one or more potential threats to privacy caused by release of the requested information, by analyzing the request for information .

[0078] S409: Having detected the potential threats, the request analysis function 311 looks at the metadata describing the available policy fragments from the policy database 317 which were retrieved in step S407.

[0079] S410: The request analysis function 311 compares the detected potential threats with the policy fragments in order to find remedial actions. In other words, the request analysis function 311 searches for a set of policy fragments that can relieve the detected potential threats.

[0080] S411: The request analysis function 311 sends a list of potential policy fragments to apply to the policy composer function 312. The request analysis function 311 sends a list of the applicable PEPs (i.e., PEPs selected in step S403) to the policy composer function 312.

[0081] S412: The policy composer function 312 then retrieves the capabilities of the PEP 130a from the context database 315.

[0082] S413: The policy composer function 312 retrieves information about which policies or policy fragments have previously been applied from the policy history database 316.

[0083] S414: The policy composer function 312 retrieves the metadata describing the policy fragments from the policy database 317.

[0084] S415: The policy composer function 312 then excludes unsuitable policy fragments from the set of policy fragments found in step S410. For example, the policy composer function 312 excludes policy fragments which have previously been used, or which are not applicable (i.e., which are not supported by the PEP 130a or which do not conform to the constraints

retrieved in step S404) .

[0085] S416: The policy composer function 312 then composes a metapolicy composed of the identifiers for the one or more applicable policy fragments selected from the policy fragments which have not been excluded in step S415. [0086] S417: The policy composer function 312 uses the metapolicy to retrieve the applicable policy fragments from the policy database 317.

[0087] S418: The policy composer function 312 then creates a policy for use in obfuscating requested information .

[0088] S419: The policy composer function 312 sends the created policy to the policy provisioning function 319, for further delivery to the PEP 130a. The policy composer function 312 also sends a list of destination PEPs (i.e., the list received in step S411) to the policy provisioning function 319.

[0089] S420: The policy composer function 312 updates the policy history database 316 with

information about which policies were applied to which PEP, and when. It should be noted that this

essentially means that you can change the privacy budget and distortion mechanism for different PEP on the fly, which means it becomes very difficult for an attacker who tries to determine which mechanism you are using by performing repeated queries to determine a pattern from the responses.

[0090] S421a and S421b: The policy provisioning function 319 provides the PEP 130a with the policy created in step S418. Alternatively, if the PEP 130b has been selected in step S403, the policy provisioning function 319 provides the PEP 130b with the policy. [0091] S422a and S422b: The PEP 130a enforces the policy. If the PEP 130b has received the policy in step S421b, the PEP 130b enforces the policy.

[0092] After that, the measurements database 150 queries the entities in which the PEPs are embedded for information. The PEPs enforce the policies requested, distorting the responses appropriately. However, this is not evident to the measurements database 150. The measurements database 150 then services the response server 160 with the requested information.

[0093] Next, examples of the distortion or

obfuscation mechanisms will be described. As

demonstrated in References [6, 7, 20], the variation of electrical consumption in a device can vary

considerably depending on its use. Certain events will also trigger additional electricity consumption. For instance, as shown in References [7, 20], the electric consumption of certain types of television sets vary proportionally to the luminosity of the picture, i.e., the more brightness there is in the screen, the more electricity they consume. This can be directly related to sensitive aspects such as which television programs a user is consuming. Similarly, a refrigerator will normally operate in a stepwise on-off-pattern, but when triggered by an entropic event (for instance, the door kept open for a period of time) , it will start the motor to restore the temperature in the refrigerator. The light of the refrigerator will also shine, adding to the electricity consumption. Ceteris paribus, these variations could be detected by the electric meter if measurements are performed at short enough time

intervals .

[0094] To counter this, the present embodiment introduces distortion into the measurements, as well as directs the measurement point to vary the sampling interval. This means that a malicious observer will not be able to deduce the actual energy consumption at the desired time interval, but at only over longer time intervals such as an hour, when the merger of data makes the deduction of individual events such as TV programs meaningless. At the same time, compensation for the process applied in varied time intervals as well as shifting in time will obfuscate the actual consumption at a specific time interval, while

maintaining the true value of the consumption as a whole (a truth threshold which is included in the policies ) .

[0095] Since the present embodiment works by directing the PEP 130 to apply several methods for obfuscation, two methods of obfuscation are introduced in the following, as an example. These can be applied in combination during the process of the present embodiment, or they can be applied in isolation, or together with other methods. However, as will be clear to the practitioner skilled in the art, it will be impossible to deduce during which advertising break the viewer of a television show got a beer from the

refrigerator (knowing which would otherwise constitute a privacy violation) .

[0096] The first example is obfuscation by time series convergence. As illustrated in Fig. 5, this method works by aggregating the peaks of the

electricity consumption over time. For certain devices, e.g., plasma televisions (as demonstrated in Reference [20]), the consumption of electricity varies linearly with the brightness in the image. Hence, it is

possible to deduce the sequence of brightness and darkness performed by the television screen from the electric consumption, and hence it is possible to determine the viewed television program. However, if billing of electricity is performed by the hour, this level of detail is inappropriate and the average over an hour could be applied. If there are reasons to retrieve values with higher granularity, e.g., due to charging arrangements, the aggregation into e.g., running 5-minute averages will be sufficient.

[0097] The second example is obfuscation by time shifting. As illustrated in Fig. 6, this method works by shifting the reporting of the actual usage over time. This implies that it is particularly suitable for e.g., refrigerators and similar devices. [0098] Next, an example of the policy will be described .

[0099] A potential obfuscation policy might look as follows (expressed in human-readable language) .

1. Compute an hourly time series average with a

tolerance of +/- 30 %.

2. Shift to time-shifting the true values by 180 seconds .

3. Apply 1. for 3 hours and 2 for 2 hours, then apply 1 for 4 hours and 2 for 1 hour.

[0100] The functions available depend on the capabilities of the PEP. If a device has very little memory, its PEP may not be able to perform averages, for instance, as that requires keeping the values in memory until the average can be calculated.

[0101] The sequence of the functions and the number of times they are repeated is set by the CDS 310 as part of the overall privacy management as described in this document.

[0102] Expressed as a (simplified) XML document, this would look something like the following:

<policy : Policy

xmlns : Policy=http : //example . com/Policy

xmlns : tns=http : //example . com/Statistics

xmlns : time=http : //example . com/Time>

<policy : Functionl> <policy : Repeat>3</policy : Repeat>

<time : Duration>Hour</time : Duration>

<tns :Method>AVG</tns :Method>

</policy : Functionl>

<policy : Function2>

<policy : Repeat>2</policy : Repeat> <time : Duration>Hour</time : Duration>

<tns :Method>Time-shift</tns :Method>

</policy : Function2>

<policy : Sequence>

<policy : Functionl="3"/>

<policy : Function2="2"/>

<policy : Functionl="4"/>

<policy : Function2="l"/>

</policy : Sequence>

</policy:Policy>

[0103] Normally, Function 1 and Function 2 would be defined in a different document.

[0104] As described above, according to the present embodiment, the policy composer function 312 excludes unsuitable policy fragments before it composes a policy. For example, the policy composer function 312 excludes policy fragments which have previously been used. Accordingly, it is possible to composing a policy for use in obfuscating requested information in order to protect privacy, such that it becomes more difficult to know the non-obfuscated version of the requested information.

[ 0105 ] The present invention is not limited to the above-described embodiment, and various changes and modifications can be made within the spirit and scope of the present invention. Therefore, to apprise the public of the scope of the present invention, the following claims are made.

References

[1] US 2010/0223098 Al

[2] US 2010/0222039 Al

[3] US 2009/0132540 Al

[4] WO 2008/103103 A2

[5] WO 2010/092363 Al

[6] A.G. Ruzzelli, et al . , "Real-Time Recognition and Profiling of Appliances through a Single Electricity Sensor". Available at

http : //csserver . ucd . ie/~aruzzelli/pubs/Seconl 0_REAR . pdf

[7] U. Greveler, et al . , "Hintergrund und

experimentelle Ergebnisse zum Thema „Smart Meter und Datenschutz"" . Available at http://www.its.fh- muenster . de/greveler/pubs/smartmeter_sepll_v06.pdf

[8] Ninghui Li, et al . , "Provably Private Data

Anonymization : Or, k-Anonymity Meets Differential

Privacy". Available at

http://arxiv.org/abs/1101.2604vl

[9] http: //www. w3. org/Mobile/CCPP/ [11] US 2011/0270453 Al

[12] GB 2479956

[13] GB 2473083

[14] WO 2008/073472 A2

[15] US 2011/0271352 Al

[16] WO 2010/005351 Al

[17] WO 2006/115442 Al

[18] WO 2008/140358 Al

[19]

http : //www. technologyre iew . com/computing/39938/?pl=Mst Rent

[20]

http : //www. clasponline . org/~/media/Files/SLDocuments/20 06-2011/2011-08_CLASP-

AnalysisOfTelevisionLuminanceAndPowerConsumption . pdf [21] US 2006/0265397 Al

[22 ] http : //www. w3. org/TR/ws-arch/#capability

[23] https : //www. oasis- open . org/committees/download . php/7145/AVDL%2 OSpecificat ion%20Vl .pdf

[ 24 ] http : //docs . oasis-open . org/wsrf/wsrf-ws_resource- 1.2-spec-os. pdf

[25] http : //docs. oasis-open. org/wsrf/wsrf- ws_resource_properties-l .2-spec-os .pdf

Claims

1. A policy composing apparatus (310) for composing a policy for use in obfuscating requested information prior to providing it to a requesting party in order to protect privacy, the policy composing apparatus comprising :
a receiving unit (311) configured to receive a request for information;
a selecting unit (311) configured to select a policy enforcement apparatus (130a) that enforces the policy, by analyzing the request for information;
a detecting unit (311) configured to detect a potential threat to privacy caused by release of the requested information, by analyzing the request for information;
a searching unit (311) configured to search for a set of policy fragments that can relieve the potential threat ;
an excluding unit (312) configured to exclude unsuitable policy fragments from the set of policy fragments ;
a composing unit (312) configured to compose the policy based on one or more policy fragments selected from the set of policy fragments from which the unsuitable policy fragments have been excluded; and a providing unit (319) configured to provide the policy enforcement apparatus with the policy.
2. The policy composing apparatus according to Claim
1, wherein the excluding unit excludes, from the set of policy fragments, policy fragments which have
previously been used.
3. The policy composing apparatus according to Claim
2, further comprising:
a usage history obtaining unit (312) configured to obtain a usage history of policy fragments from a usage history database (316); and
an updating unit (312) configured to update the usage history in the usage history database by the policy fragments composing the policy,
wherein the excluding unit excludes the policy fragments which have previously been used based on the usage history.
4. The policy composing apparatus according to any one of Claims 1-3, further comprising a request history obtaining unit (311) configured to obtain a history of requests for information received by the receiving unit, wherein the detecting unit detects the potential threat based on the request history.
5. The policy composing apparatus according to any one of Claims 1-4, wherein:
the selecting unit identifies capabilities of the policy enforcement apparatus; and
the excluding unit excludes, based on the
capabilities of the policy enforcement apparatus, policy fragments which are not supported by the policy enforcement apparatus from the set of policy fragments.
6. The policy composing apparatus according to Claim 5, wherein the selecting unit identifies the
capabilities of the policy enforcement apparatus by accessing a context database (315) which maintains capability information of policy enforcement
apparatuses .
7. The policy composing apparatus according to any one of Claims 1-6, further comprising a constraint obtaining unit (311) configured to obtain constraints for the policy enforcement apparatus,
wherein the excluding unit excludes, from the set of policy fragments, policy fragments which do not conform to the constraints for the policy enforcement apparatus .
8. The policy composing apparatus according to any one of Claims 1-7, wherein:
the requested information is information about electric power consumption measured by an electric power meter; and
the policy is for use in obfuscating the
requested information in order to protect privacy of a user of the electric power meter (140) .
9. A method for controlling a policy composing apparatus (310) for composing a policy for use in obfuscating requested information prior to providing it to a requesting party in order to protect privacy, the method comprising:
a receiving step (S401) of receiving a request for information;
a selecting step (S402, S403) of selecting a policy enforcement apparatus (130a) that enforces the policy, by analyzing the request for information;
a detecting step (S406, S408) of detecting a potential threat to privacy caused by release of the requested information, by analyzing the request for information;
a searching step (S407, S409, S410) of searching for a set of policy fragments that can relieve the potential threat;
an excluding step (S415) of excluding unsuitable policy fragments from the set of policy fragments;
a composing step (S416-S418) of composing the policy based on one or more policy fragments selected from the set of policy fragments from which the unsuitable policy fragments have been excluded; and a providing step (S419, S421a) of providing the policy enforcement apparatus with the policy.
10. The method according to Claim 9, wherein the excluding step excludes, from the set of policy fragments, policy fragments which have previously been used .
11. The method according to Claim 10, further comprising :
a usage history obtaining step (S413) of
obtaining a usage history of policy fragments from a usage history database (316); and
an updating step (S420) of updating the usage history in the usage history database by the policy fragments composing the policy,
wherein the excluding step excludes the policy fragments which have previously been used based on the usage history.
12. The method according to any one of Claims 9-11, further comprising a request history obtaining step (S405) of obtaining a history of requests for
information received in the receiving step,
wherein the detecting step detects the potential threat based on the request history.
13. The method according to any one of Claims 9-12, wherein :
the selecting step identifies capabilities of the policy enforcement apparatus; and
the excluding step excludes, based on the
capabilities of the policy enforcement apparatus, policy fragments which are not supported by the policy enforcement apparatus from the set of policy fragments.
14. The method according to Claim 13, wherein the selecting step identifies the capabilities of the policy enforcement apparatus by accessing a context database (315) which maintains capability information of policy enforcement apparatuses.
15. The method according to any one of Claims 9-14, further comprising a constraint obtaining step (S404) of obtaining constraints for the policy enforcement apparatus ,
wherein the excluding step excludes, from the set of policy fragments, policy fragments which do not conform to the constraints for the policy enforcement apparatus .
16. The method according to any one of Claims 9-15, wherein :
the requested information is information about electric power consumption measured by an electric power meter; and
the policy is for use in obfuscating the
requested information in order to protect privacy of a user of the electric power meter (140) .
PCT/SE2012/050888 2012-08-20 2012-08-20 Policy composing apparatus and control method therefor WO2014031041A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/SE2012/050888 WO2014031041A1 (en) 2012-08-20 2012-08-20 Policy composing apparatus and control method therefor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/SE2012/050888 WO2014031041A1 (en) 2012-08-20 2012-08-20 Policy composing apparatus and control method therefor

Publications (1)

Publication Number Publication Date
WO2014031041A1 true WO2014031041A1 (en) 2014-02-27

Family

ID=47018442

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2012/050888 WO2014031041A1 (en) 2012-08-20 2012-08-20 Policy composing apparatus and control method therefor

Country Status (1)

Country Link
WO (1) WO2014031041A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9506776B2 (en) 2014-08-08 2016-11-29 International Business Machines Corporation Adaptive sampling of smart meter data
WO2019089439A1 (en) * 2017-10-30 2019-05-09 Equifax Inc. Data protection via aggregation-based obfuscation

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006115442A1 (en) 2005-04-26 2006-11-02 Telefonaktiebolaget Lm Ericsson (Publ) A method and arrangement for providing context information
US20060294575A1 (en) * 2003-09-11 2006-12-28 Rogers Paul J Method and apparatus for use in security
WO2008073472A2 (en) 2006-12-11 2008-06-19 V2Green, Inc. Electric resource power meter in a power aggregation system for distributed electric resources
WO2008103103A2 (en) 2007-02-19 2008-08-28 Telefonaktiebolaget Lm Ericsson (Publ) A method and apparatus for enabling user group services in a communication network
WO2008140358A1 (en) 2007-05-10 2008-11-20 Telefonaktiebolaget Lm Ericsson (Publ) A method and apparatus for providing customised services in a communication network
WO2010005351A1 (en) 2008-07-10 2010-01-14 Telefonaktiebolaget L M Ericsson (Publ) A method and apparatus for context-based content management
WO2010053418A1 (en) 2008-11-10 2010-05-14 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for enabling services and media in a communication network
WO2010092363A1 (en) 2009-02-16 2010-08-19 The University Of Birmingham Assay for detection of adrenal tumour
US20100223098A1 (en) 2007-05-28 2010-09-02 Telefonaktiebolaget L M Ericssson (Publ) Method and Apparatus for Providing Services to Client Groups in a Communication Network
EP2244419A1 (en) * 2009-04-20 2010-10-27 Hewlett-Packard Development Company, L.P. Policy provisioning
GB2473083A (en) 2010-04-28 2011-03-02 Toshiba Res Europ Ltd Method for making smart meter data anonymous using a privacy scrambler
GB2479956A (en) 2010-04-28 2011-11-02 Toshiba Res Europ Ltd Anonymising utility usage data
US20110270453A1 (en) 2010-04-28 2011-11-03 Kabushiki Kaisha Toshiba Apparatus and method for privacy-driven moderation of metering data

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060294575A1 (en) * 2003-09-11 2006-12-28 Rogers Paul J Method and apparatus for use in security
WO2006115442A1 (en) 2005-04-26 2006-11-02 Telefonaktiebolaget Lm Ericsson (Publ) A method and arrangement for providing context information
US20090132540A1 (en) 2005-04-26 2009-05-21 Johan Hjelm Method and Arrangement for Providing Context Information
WO2008073472A2 (en) 2006-12-11 2008-06-19 V2Green, Inc. Electric resource power meter in a power aggregation system for distributed electric resources
WO2008103103A2 (en) 2007-02-19 2008-08-28 Telefonaktiebolaget Lm Ericsson (Publ) A method and apparatus for enabling user group services in a communication network
WO2008140358A1 (en) 2007-05-10 2008-11-20 Telefonaktiebolaget Lm Ericsson (Publ) A method and apparatus for providing customised services in a communication network
US20100222039A1 (en) 2007-05-10 2010-09-02 Lidstroem Mattias Method And Apparatus For Providing Customised Services In A Communication Network
US20100223098A1 (en) 2007-05-28 2010-09-02 Telefonaktiebolaget L M Ericssson (Publ) Method and Apparatus for Providing Services to Client Groups in a Communication Network
WO2010005351A1 (en) 2008-07-10 2010-01-14 Telefonaktiebolaget L M Ericsson (Publ) A method and apparatus for context-based content management
WO2010053418A1 (en) 2008-11-10 2010-05-14 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for enabling services and media in a communication network
WO2010092363A1 (en) 2009-02-16 2010-08-19 The University Of Birmingham Assay for detection of adrenal tumour
EP2244419A1 (en) * 2009-04-20 2010-10-27 Hewlett-Packard Development Company, L.P. Policy provisioning
GB2473083A (en) 2010-04-28 2011-03-02 Toshiba Res Europ Ltd Method for making smart meter data anonymous using a privacy scrambler
GB2479956A (en) 2010-04-28 2011-11-02 Toshiba Res Europ Ltd Anonymising utility usage data
US20110270453A1 (en) 2010-04-28 2011-11-03 Kabushiki Kaisha Toshiba Apparatus and method for privacy-driven moderation of metering data
US20110271352A1 (en) 2010-04-28 2011-11-03 Kabushiki Kaisha Toshiba Device and method for anonymising smart metering data

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
A.G. RUZZELLI ET AL., REAL-TIME RECOGNITION AND PROFILING OF APPLIANCES THROUGH A SINGLE ELECTRICITY SENSOR
DONG WEI ET AL: "Protecting Smart Grid Automation Systems Against Cyberattacks", IEEE TRANSACTIONS ON SMART GRID, IEEE, USA, vol. 2, no. 4, 1 December 2011 (2011-12-01), pages 782 - 795, XP011380185, ISSN: 1949-3053, DOI: 10.1109/TSG.2011.2159999 *
MAZEIAR SALEHIE ET AL: "Adaptive security and privacy in smart grids: A software engineering vision", SOFTWARE ENGINEERING FOR THE SMART GRID (SE4SG), 2012 INTERNATIONAL WORKSHOP ON, IEEE, 3 June 2012 (2012-06-03), pages 46 - 49, XP032195491, ISBN: 978-1-4673-1863-1, DOI: 10.1109/SE4SG.2012.6225718 *
NINGHUI LI ET AL., PROVABLY PRIVATE DATA ANONYMIZATION: OR, K-ANONYMITY MEETS DIFFERENTIAL PRIVACY
U. GREVELER ET AL., HINTERGRUND UND EXPERIMENTELLE ERGEBNISSE ZUM THEMA ''SMART METER UND DATENSCHUTZ, Retrieved from the Internet <URL:http://www.its.fh- muenster.de/greveler/pubs/smartmeter sep11 v06.pdf>

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9506776B2 (en) 2014-08-08 2016-11-29 International Business Machines Corporation Adaptive sampling of smart meter data
US9980019B2 (en) 2014-08-08 2018-05-22 International Business Machines Corporation Adaptive sampling of smart meter data
US10250956B2 (en) 2014-08-08 2019-04-02 International Business Machines Corporation Adaptive sampling of smart meter data
WO2019089439A1 (en) * 2017-10-30 2019-05-09 Equifax Inc. Data protection via aggregation-based obfuscation

Similar Documents

Publication Publication Date Title
US8825791B2 (en) Managing subscribed resource in cloud network using variable or instantaneous consumption tracking periods
Perera et al. Big data privacy in the internet of things era
US10257674B2 (en) System and method for triggering on platform usage
US9672355B2 (en) Automated behavioral and static analysis using an instrumented sandbox and machine learning classification for mobile security
US8813225B1 (en) Provider-arbitrated mandatory access control policies in cloud computing environments
JP2014502066A (en) Service design center for device support services
US8375120B2 (en) Domain name system security network
Ardagna et al. From security to assurance in the cloud: A survey
Jiang et al. Energy-theft detection issues for advanced metering infrastructure in smart grid
Li et al. Privacy protection for preventing data over-collection in smart city
US8954546B2 (en) Tracing with a workload distributor
Gibler et al. Adrob: Examining the landscape and impact of android application plagiarism
Okuhara et al. Security architecture for cloud computing
Greveler et al. Multimedia content identification through smart meter power usage profiles
VivinSandar et al. Economic denial of sustainability (edos) in cloud services using http and xml based ddos attacks
US10256979B2 (en) Assessing application authenticity and performing an action in response to an evaluation result
US10313355B2 (en) Client side security management for an operations, administration and maintenance system for wireless clients
Nappa et al. Driving in the cloud: An analysis of drive-by download operations and abuse reporting
Jawurek et al. Smart metering de-pseudonymization
EP3080741A2 (en) Systems and methods for cloud security monitoring and threat intelligence
TW200842716A (en) Spyware detection mechanism
WO2014116290A1 (en) Obfuscating trace data
US9838839B2 (en) Repackaging media content data with anonymous identifiers
CN105283849A (en) Parallel tracing for performance and detail
US9940454B2 (en) Determining source of side-loaded software using signature of authorship

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12772542

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12772542

Country of ref document: EP

Kind code of ref document: A1