WO2018233051A1 - 数据发布方法、装置、服务器和存储介质 - Google Patents

数据发布方法、装置、服务器和存储介质 Download PDF

Info

Publication number
WO2018233051A1
WO2018233051A1 PCT/CN2017/100019 CN2017100019W WO2018233051A1 WO 2018233051 A1 WO2018233051 A1 WO 2018233051A1 CN 2017100019 W CN2017100019 W CN 2017100019W WO 2018233051 A1 WO2018233051 A1 WO 2018233051A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
publishing
probability
distribution
request
Prior art date
Application number
PCT/CN2017/100019
Other languages
English (en)
French (fr)
Inventor
王健宗
黄章成
吴天博
肖京
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Priority to US16/463,740 priority Critical patent/US10848466B2/en
Priority to SG11201903754TA priority patent/SG11201903754TA/en
Publication of WO2018233051A1 publication Critical patent/WO2018233051A1/zh

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/565Conversion or adaptation of application format or content
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/20Services signaling; Auxiliary data signalling, i.e. transmitting data via a non-traffic channel
    • H04W4/21Services signaling; Auxiliary data signalling, i.e. transmitting data via a non-traffic channel for social networking applications

Definitions

  • a data distribution method, apparatus, server, and storage medium capable of enabling more reliable differential privacy protection for published contact network data is provided.
  • a data publishing method comprising:
  • a data distribution device comprising:
  • a data release request module configured to receive a data release request sent by the terminal
  • a raw data obtaining module configured to search for original contact network data in response to the data publishing request, wherein the original contact network data includes a node set and a set of edges existing between the nodes;
  • a parameter determining module configured to search for a corresponding user level according to the user identifier carried in the data publishing request, and determine a privacy budget parameter corresponding to the user level, wherein the lower the user level, the more the privacy budget parameter small;
  • a release probability calculation module configured to determine, according to the pre-configured Laplace model and the determined privacy budget parameter, a release probability distribution corresponding to the original contact network data to be published, where the privacy budget parameter is smaller, The smaller the range of values in which the probability distribution is distributed;
  • a publishing data determining module configured to select an arbitrary value in the publishing probability distribution as a publishing probability of each network edge in the edge set, and generate a random number between each 0-1 of the network edge And comparing the random number with the publishing probability, if the publishing probability is greater than the random number, publishing the corresponding network edge.
  • a server comprising a memory and a processor, the memory storing computer executable instructions, the instructions being executed by the processor, causing the processor to perform the following steps:
  • One or more non-volatile readable storage media storing computer-executable instructions, the instructions being executed by one or more processors, such that the one or more processors perform the following steps:
  • 1 is an application environment diagram of a data distribution method in an embodiment
  • FIG. 2 is a flow chart of a data distribution method in an embodiment
  • FIG. 3 is another flowchart of a data distribution method in an embodiment
  • FIG. 5 is another flowchart of a data distribution method in an embodiment
  • FIG. 6 is a structural block diagram of a data distribution apparatus in an embodiment
  • FIG. 7 is a schematic diagram showing the internal structure of a server in an embodiment.
  • an application environment diagram of a data distribution method includes a terminal 110 and a differential distribution server 120.
  • Terminal 110 can communicate with server 120 over a network.
  • the terminal 110 may be at least one of a smartphone, a tablet, a notebook, and a desktop computer, but is not limited thereto.
  • the differential publishing server 120 may be an independent physical server or a server cluster composed of multiple physical servers.
  • the terminal 110 sends a data distribution request to the server 120, and the server searches for the original contact network data to be published in response to the request of the terminal, and determines the user level according to the user identifier, thereby determining a privacy budget parameter capable of characterizing different privacy protection levels, based on the privacy.
  • the budget parameter calculates the distribution probability distribution of the data to be released, compared to the traditionally treated data to perform different degrees of noise processing to achieve differential privacy publishing, and for the contact network data, it is based on the calculated distribution probability distribution and for each of the data
  • the random number generated by the network side determines whether each network edge is released for the purpose of privacy release. Because the release probability and the random number of each network edge are random, it is not easy for an attacker to get the difference between the published data. It is impossible to infer complete and correct data and achieve more reliable differential privacy protection for published contact network data.
  • FIG. 2 is a schematic flowchart diagram of a data distribution method according to an embodiment of the present invention. It should be understood that although the various steps in the flowchart of FIG. 2 are sequentially displayed as indicated by the arrows, these steps are not necessarily performed in the order indicated by the arrows. Except as explicitly stated herein, the execution of these steps is not strictly limited, and may be performed in other sequences. Moreover, at least a portion of the steps in FIG. 2 may include a plurality of sub-steps or stages, which are not necessarily sequential, but may alternate or alternate with at least a portion of the other steps or other sub-steps or stages carried out.
  • a data distribution method is provided as an example for application to the differential server shown in FIG. 1, which specifically includes the following steps:
  • Step S202 Receive a data distribution request sent by the terminal.
  • the terminal sends a data publishing request to the differential publishing server, where the data publishing request carries the terminal user identifier and requests to release the data information.
  • the requesting to release the data information may be a condition that the user-defined request to publish the data needs to satisfy, such as the data requested to be published as the friend information of the specified user u, the student's student status information of a certain school, or the relationship data between the doctor and the patient.
  • the data requested by the request here is data that can constitute a contact network.
  • the contact network data refers to an association relationship between information included in the data, and the association relationship may be a friend relationship, a cooperation relationship, a doctor-patient relationship, a competition relationship, and the like.
  • Step S204 In response to the data distribution request, look up the original contact network data requested to be published, wherein the original contact network data includes a set of nodes and a set of edges existing between the nodes.
  • the differential publishing server responds to the data publishing request sent by the terminal, extracts the request publishing data information carried in the request, and publishes the data information according to the request to obtain the corresponding original contact network data to be released.
  • the original contact network data refers to the original real data without the privacy operation, and abstracts the obtained original contact network data to obtain a node set and an edge set existing between the nodes, and each network edge representative node in the edge set The relationship between the two.
  • Step S206 Search for a corresponding user level according to the user identifier carried in the data distribution request, and determine a privacy budget parameter corresponding to the user level, wherein the lower the user level, the smaller the privacy budget parameter.
  • the correspondence between the user ID and the user level is pre-stored in the differential publishing server, and is different.
  • Level users are configured with corresponding privacy budget parameters (indicated by ⁇ ).
  • the privacy budget parameter ⁇ can reflect the level of privacy protection, so as to achieve different levels of privacy protection data for different levels of users, to achieve differential data release.
  • the user level may be divided according to the needs or permissions of the user (institution).
  • the Center for Disease Research requests medical data. Because the Center for Disease Research uses disease research for disease, it requires relatively detailed medical data, so it ranks the disease research center with a high user level. For unknown organizations, they are assigned a lower user level. It is easy to understand that a higher user level is assigned to a requesting user with higher authority, such as assigning a high user level to an administrator; and assigning a relatively low user level to a user with lower authority.
  • Step S208 Calculate a distribution probability distribution corresponding to the original contact network data to be released according to the pre-configured Laplace model and the determined privacy budget parameter, wherein the smaller the privacy budget parameter, the smaller the value range in which the probability distribution is distributed. .
  • the differential publishing server pre-builds a Laplace model for calculating the release probability, in which the privacy budget parameter is a scale parameter of the model, and the distribution curve of the release probability can be determined according to the determined privacy budget parameter, wherein the privacy budget parameter is more Small, the smaller the range of values in which the probability distribution is published.
  • Step S210 Select any value in the distribution probability distribution as the publishing probability of each network edge in the edge set, and generate a random number between 0-1 for each network edge, compare the random number with the publishing probability, if released If the probability is greater than the random number, the corresponding network edge is issued.
  • the calculated distribution probability distribution is a range of interval values.
  • an independent variable can be arbitrarily determined to determine a release probability value as the release probability of each network edge in the edge set. If the range of the release probability distribution is (0.4-0.6), then 0.5 can be selected as the release probability of each network edge in the edge set.
  • Randomly generate a random number for each network edge in the contact network data the random number is a decimal between 0-1, and compare the generated random number with the determined release probability of the network edge, if the random number is greater than the network edge If the random number is less than the publishing probability of the network edge, the network edge is advertised. If the random number is equal to the publishing probability, the network edge may be advertised or the network edge may not be advertised.
  • a random number for each network edge is generated from the 0-1 distribution function.
  • the attacker can't get the rule of publishing data. Even if the same user requests the same contact network data, the published data is different each time, which ensures the reliability of the data privacy protection.
  • the privacy budget parameter is a release probability distribution scale parameter
  • the higher the user level the larger the privacy budget parameter, the larger the value range in which the release probability distribution is located, and the greater the probability that the release probability is greater than the random number, and each network edge is The chances of publishing are greater. That is to say, users with high levels will be able to obtain data with relatively small degree of privacy, and on the basis of effective protection of the published data, data differential publishing for users of different levels is realized.
  • the pre-built Laplacian model is:
  • D is the edge set to be released
  • A(D) is the release probability distribution
  • ⁇ f/ ⁇ is the scale parameter of the probability distribution
  • is the privacy budget parameter
  • M is the original release probability of the server pre-configured data
  • lap ⁇ f/ ⁇ (x) is the Laplacian random probability.
  • the published network edges are real network edge data, and the attacker may obtain all the network side information, that is, the original contact network data, through the request data.
  • Adding a virtual network edge to the original contact network data, that is, the network edge of the original contact network data includes an edge between the actually existing nodes, and also includes a virtual network edge between the added user nodes, that is, there is no association relationship
  • Add a virtual network edge between the nodes is:
  • the data distribution method for the pre-built Laplacian model (2) includes the following steps:
  • Step S302 Receive a data distribution request sent by the terminal.
  • Step S304 Querying the original contact network data requested to be published in response to the data distribution request, wherein the original contact network data includes a node set and a set of edges existing between the nodes.
  • the network edge in the edge set included in the original contact network data is a real network edge.
  • Step S306 Search for a corresponding user level according to the user identifier carried in the data distribution request, and determine a privacy budget parameter corresponding to the user level, wherein the lower the user level, the smaller the privacy budget parameter.
  • Step S308 Generate a virtual network edge of the original contact network data, and the generated virtual network edge is generated between two nodes that do not have a real network edge.
  • a virtual network edge can be generated between any two nodes that do not have a real network edge. You can generate only a portion of the virtual network edge, or you can generate all of the virtual network edges. As shown in FIG. 4, the broken line indicates the generated virtual network side. As can be seen from the figure, the virtual network edge can be generated between the node v3 and the node v8, between the node v2 and the node v8, between the node v2 and the node v7.
  • Step S310 Calculate a distribution probability distribution corresponding to the original contact network data to be released according to the pre-configured Laplace model and the determined privacy budget parameter, where the generated release probability distribution includes a distribution probability distribution and a virtual network of the real network edge.
  • the release probability distribution of the edge the smaller the privacy budget parameter, the smaller the value range in which the probability distribution is distributed.
  • Step S312 Select any value in the distribution probability distribution of the real network edge as the publishing probability of the real network edge, select any value in the publishing probability distribution of the virtual network edge as the publishing probability of the virtual network edge, and generate each network edge.
  • the random number between 0-1 compares the generated random number with the corresponding publishing probability. If the publishing probability is greater than the random number, the corresponding network edge is issued.
  • the non-existent network edge addition may also be released, effectively preventing the attacker from obtaining all the network side information through the request data quite a plurality of times, and the virtual network side information is released equivalent to the published link. Random noise is added to the network data to further ensure the reliability of the data privacy protection.
  • the release probability of each real network edge determined according to the calculated real network edge release probability distribution may also be different, for example, the value range of the release probability distribution of the real network edge is (0.4-0.6).
  • the distribution probability of the real network edge 1 can be selected to be 0.45, and the distribution probability of the real network edge 2 is 0.55.
  • the distribution probability of the corresponding different virtual network edges may also be different. For example, if the value range of the release probability distribution of the virtual network edge is (0.1-0.3), the release probability of the virtual network edge 1 may be set to 0.2, the release probability of virtual network edge 2 is 0.25. When the network side is released or not, it is only necessary to judge according to the corresponding release probability.
  • contact network data from a plurality of social network platforms are pre-stored in the server, and the contact network data is stored in association with the platform identifier.
  • the data publishing method includes the following steps:
  • Step S402 Receive a data distribution request sent by the terminal.
  • Step S404 Acquire the contact network data stored in association with the platform identifier according to the platform identifier carried in the data distribution request, and then extract and request the data condition information from the acquired contact network data according to the request data condition information carried in the data distribution request. Corresponding to the original contact network data.
  • the platform identifier pre-stored by the server may be a medical platform identifier, a school platform identifier, an enterprise platform identifier, etc., and each platform identifier may further include a plurality of sub-platform identifiers, such as hospital A, hospital B; A school, B school Wait.
  • the differential publishing server searches for the contact network data corresponding to the platform identifier according to the carried platform identifier, and obtains the contact network data corresponding to the condition in the platform big data according to the request data condition information carried in the request, and the obtained data is the original contact. Network data.
  • the differential publishing server may also send a data request instruction to the corresponding platform system through an interface with each platform system, and the corresponding platform system returns original contact network data corresponding to the requested data condition, and the differential publishing server The data is released to the requesting terminal after differential privacy protection.
  • Step S406 Search for a corresponding user level according to the user identifier carried in the data distribution request, and determine a privacy budget parameter corresponding to the user level, wherein the lower the user level, the smaller the privacy budget parameter.
  • Step S408 Calculate a distribution probability distribution corresponding to the original contact network data to be released according to the pre-configured Laplace model and the determined privacy budget parameter, wherein the smaller the privacy budget parameter, the smaller the value range in which the probability distribution is distributed.
  • the pre-built Laplacian model is shown below.
  • D is the set of edges to be published
  • A(D) is the distribution probability distribution
  • ⁇ f/ ⁇ is the rule of probability distribution.
  • the degree parameter, ⁇ is the privacy budget parameter
  • the server pre-stores the correspondence between the M value and the platform identifier, and determines the M value based on the platform identifier corresponding to the original contact network data to be released, and the M value is used for the overall adjustment calculation release probability.
  • corresponding different platform identifiers correspond to different M values.
  • the M value corresponding to different platforms can be configured by the platform system, and the M value is set by the platform system to adjust the probability of data release in the platform as a whole. If the M value of a hospital platform is 0.5, the probability of publishing data in the platform is at least 0.5, and the M value of a school platform is 0.2, the platform sets a small M value for the release of its internal data. Make its data release probability less, in order to achieve greater privacy protection for the data.
  • Step S410 Select any value in the distribution probability distribution as the publishing probability of each network edge in the edge set, and generate a random number between each 0-1 between each network edge, and compare the generated random number with the publishing probability. If the publishing probability is greater than the random number, the corresponding network edge is issued.
  • the probability adjustment M value in the release probability model is associated with different platform identifiers, so that the platform can control the release probability of the data by setting the M value, thereby performing macro control on the privacy protection of the data. .
  • the user requesting data from the differential publishing server may not want to disclose the behavior of requesting to use the published data. Therefore, in this embodiment, the identity of the user terminal requesting the data is protected, and based on this, the data is The publishing method is:
  • the client sends a data publishing request to the trusted terminal, where the data publishing request carries the real user identifier.
  • the trusted terminal searches for a pseudonym identifier corresponding to the real user identifier, and determines a user level corresponding to the requesting user according to the pseudonym identifier, wherein the pseudonym identifier is a character obtained by the trusted terminal through an encryption algorithm operation on the real user identifier of the user. string.
  • the trusted terminal sends a data publishing request to the differential publishing server, where the data publishing request carries the discovered pseudonym identifier and the user level.
  • the differential publishing server searches for the privacy budget parameter corresponding to the user level, and searches for the original contact network data to be released, and then calculates the release corresponding to the original contact network data to be released according to the pre-configured Laplace model and the determined privacy budget parameter. Probability distributions.
  • the difference server selects any value in the release probability distribution as the release probability of each network edge in the edge set, and generates a random number between 0-1 on each network edge, and compares the generated random number with the release probability. If the publishing probability is greater than the random number, the corresponding network edge is issued. Otherwise, the corresponding network edge is not released, and the released data after the privacy is generated.
  • Differential release The server pushes the generated post-privacy release data to the trusted terminal, and the trusted terminal pushes the post-privacy release data to the client.
  • the user end of the real query data is first registered with the trusted terminal, and the trusted terminal generates the user identifier of the user end according to the registration information provided by the user terminal, and may use the user's identity code and the mobile communication number as the user identifier of the user end.
  • the user ID can reflect the true identity of the user to a certain extent.
  • the trusted terminal encrypts the real user identifier according to the set encryption algorithm to obtain a pseudonym identifier.
  • the pseudonym identifier does not reflect the true identity of the user.
  • the trusted terminal also assigns a user level to the user according to the identity information provided by the client at the time of registration and the attribute information of the user, and establishes an association relationship between the user level and the pseudonym identifier.
  • the user identity information may include an organization, a unit, and the like to which the user belongs.
  • the user's own attribute information includes information such as user rights.
  • the trusted terminal When the user sends a data distribution request to the trusted terminal, the trusted terminal first searches for the pseudonym identifier corresponding to the real user identifier, and determines the user requesting the user according to the association relationship between the pre-established user level and the pseudonym identifier. grade.
  • the trusted terminal herein may be a smart phone, a tablet computer, a laptop computer, a desktop computer, or a server or a server cluster.
  • This embodiment considers the need to protect the privacy of data users, and introduces a trusted proxy to implement identity privacy protection of data users.
  • a data distribution apparatus comprising:
  • the data distribution requesting module 502 is configured to receive a data publishing request sent by the terminal.
  • the original data obtaining module 504 is configured to search for original contact network data in response to the data publishing request, wherein the original contact network data includes a set of nodes and a set of edges existing between the nodes.
  • the parameter determining module 506 is configured to search for a corresponding user level according to the user identifier carried in the data distribution request, and determine a privacy budget parameter corresponding to the user level, wherein the lower the user level, the smaller the privacy budget parameter.
  • a probabilistic calculation module 508 for pre-constructed Laplace models and determined privacy The budget parameter calculates a distribution probability distribution corresponding to the original contact network data to be released, wherein the smaller the privacy budget parameter, the smaller the value range in which the probability distribution is distributed.
  • the publishing data determining module 510 is configured to select an arbitrary value in the distribution probability distribution as a publishing probability of each network edge in the edge set, and generate a random number between 0-1 of each network edge, and compare the random The number and the publishing probability, if the publishing probability is greater than the random number, the corresponding network edge is issued.
  • the user identifier carried in the data distribution request is a pseudonym identifier obtained by performing encryption processing on the real user identifier, and the data distribution request further carries a user corresponding to the pseudonym identifier.
  • a level wherein the user level corresponding to the pseudonym identifier is obtained by the trusted terminal according to a correspondence between the pre-stored kana identifier and the user level;
  • the parameter determining module 506 is further configured to extract The user level of the requesting user carried in the data publishing request, and determining a privacy budget parameter corresponding to the user level according to a pre-configured correspondence between the user level and the privacy budget parameter, where The lower the user level, the smaller the privacy budget parameter.
  • the contact network data from the plurality of social network platforms is pre-stored in the server, and the contact network data is stored in association with the platform identifier;
  • the original data obtaining module 504 is further configured to obtain, according to the platform identifier carried in the data publishing request, the contact network data stored in association with the platform identifier, and further obtain the contact data from the acquired network data according to the request data condition information carried in the data publishing request.
  • the original contact network data corresponding to the request data condition information is extracted, wherein the original contact network data includes a set of nodes and a set of edges existing between the nodes.
  • the pre-built Laplacian model is:
  • D is the set of edges to be released
  • A(D) is the distribution probability distribution
  • ⁇ f/ ⁇ is the scale parameter of the probability distribution
  • is the privacy budget parameter
  • the server pre-stores the correspondence between the M value and the platform identifier.
  • the M value is determined based on the platform identifier corresponding to the original contact network data to be released, and the M value is used to adjust the value range of the calculated release probability distribution as a whole.
  • the release data determination module 510 is further configured to select any of the release probability distributions.
  • the value is used as the publishing probability of each network edge in the edge set, and the random number of each network edge is generated according to the uniform distribution of 0-1, and the generated random number is compared with the publishing probability. If the publishing probability is not less than the random number, Then the corresponding network edge is released; otherwise, the corresponding network edge is not released.
  • the data distribution apparatus in each of the above embodiments may be implemented in the form of a computer program, and the computer executable instructions corresponding to the computer program may be run on a differential publishing server as shown in FIG.
  • the differential publishing server includes a processor coupled through a system bus, a non-volatile storage medium, an internal memory, and a network interface.
  • the non-volatile storage medium of the differential distribution server stores an operating system, a database, and the above-described computer-executable instructions implemented by the data distribution apparatus.
  • the database is used to store data, such as contact network data to be published.
  • the processor is used to provide computing and control capabilities to support the operation of the entire differential publishing server.
  • the internal memory provides an environment for the operation of an operating system in a non-volatile storage medium and computer-executable instructions for implementing data distribution.
  • the network interface is used to communicate with the terminal. It will be understood by those skilled in the art that the structure of the differential publishing server shown in FIG. 7 is only a block diagram of a partial structure related to the solution of the present application, and does not constitute a limitation of the differential publishing server to which the solution of the present application is applied.
  • a particular differential publishing server may include more or fewer components than shown in the figures, or some components may be combined, or have different component arrangements.
  • the above network interface may be an Ethernet card or a wireless network card.
  • the above modules may also be embedded in hardware or independent of the differential publishing server described above. It may also be stored in the memory of the differential distribution server in the form of software as described above, so that the processor calls to perform the operations corresponding to the above respective modules.
  • the processor can be a central processing unit (CPU), a microprocessor, a microcontroller, or the like.
  • one or more non-volatile readable storage media storing computer-executable instructions are provided that, when executed by one or more processors, cause one or more processors to perform the above-described implementation All or part of the process in the example method.
  • the computer executable instructions described above are computer executable instructions corresponding to a computer program implemented by all or part of the processes of the various embodiments described above.
  • the program can be stored in a computer readable
  • the program may be stored in a storage medium of the computer system and executed by at least one processor in the computer system to implement a flow comprising an embodiment of the methods as described above.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

一种数据发布方法,包括:接收终端发送的数据发布请求;查找原始联系网络数据,其中,原始联系网络数据包括节点集合和存在于节点间的边集合;根据数据发布请求中携带的用户标识查找对应的用户等级,并确定用户等级对应的隐私预算参数,;根据预先构建的拉普拉斯模型以及确定的隐私预算参数确定待发布的原始联系网络数据对应的发布概率分布;选取发布概率分布中的任意值作为边集合中每个网络边的发布概率,并生成每个网络边的介于0-1之间的随机数,对比随机数与发布概率,若发布概率大于随机数,则发布对应的网络边。

Description

数据发布方法、装置、服务器和存储介质
本申请要求于2017年06月23日提交中国专利局、申请号为201710488427.4、发明名称为“数据发布方法、装置、服务器和存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
背景技术
随着信息技术的飞速发展以及大数据时代的到来,数据的收集、发布与分析需求日益增多,这些数据中潜在的用户隐私泄露问题成为了人们广泛关注的焦点。
传统的隐私保护通常是对待发布数据添加噪声后发布。然而对于包含有用户关联关系的联系网络数据若采用传统的添加固定噪声的方式进行发布,会给攻击者留下通过挖掘发布数据结果之间的差异而推测出隐私信息的漏洞,隐私保护可靠性差。
发明内容
根据本申请公开的各种实施例,提供一种能够实现对发布的联系网络数据进行更加可靠的差分隐私保护的数据发布方法、装置、服务器和存储介质。
一种数据发布方法,所述方法包括:
接收终端发送的数据发布请求;
响应于所述数据发布请求,查找原始联系网络数据,其中,所述原始联系网络数据包括节点集合和存在于节点间的边集合;
根据所述数据发布请求中携带的用户标识查找对应的用户等级,并确定所述用户等级对应的隐私预算参数,其中,所述用户等级越低,所述隐私预算参数越小;
根据预先构建的拉普拉斯模型以及确定的所述隐私预算参数确定待发布的所述原始联系网络数据对应的发布概率分布,其中,所述隐私预算参数越小, 所述发布概率分布所处的值域越小;及
选取所述发布概率分布中的任意值作为所述边集合中每个网络边的发布概率,并生成每个所述网络边的介于0-1之间的随机数,对比所述随机数与所述发布概率,若所述发布概率大于所述随机数,则发布对应的所述网络边。
一种数据发布装置,所述装置包括:
数据发布请求模块,用于接收终端发送的数据发布请求;
原始数据获取模块,用于响应于所述数据发布请求,查找原始联系网络数据,其中,所述原始联系网络数据包括节点集合和存在于节点间的边集合;
参数确定模块,用于根据所述数据发布请求中携带的用户标识查找对应的用户等级,并确定所述用户等级对应的隐私预算参数,其中,所述用户等级越低,所述隐私预算参数越小;
发布概率计算模块,用于根据预先构建的拉普拉斯模型以及确定的所述隐私预算参数确定待发布的所述原始联系网络数据对应的发布概率分布,其中,所述隐私预算参数越小,所述发布概率分布所处的值域越小;及
发布数据确定模块,用于选取所述发布概率分布中的任意值作为所述边集合中每个网络边的发布概率,并生成每个所述网络边的介于0-1之间的随机数,对比所述随机数与所述发布概率,若所述发布概率大于所述随机数,则发布对应的所述网络边。
一种服务器,包括存储器和处理器,所述存储器中存储有计算机可执行指令,所述指令被所述处理器执行时,使得所述处理器执行以下步骤:
接收终端发送的数据发布请求;
响应于所述数据发布请求,查找原始联系网络数据,其中,所述原始联系网络数据包括节点集合和存在于节点间的边集合;
根据所述数据发布请求中携带的用户标识查找对应的用户等级,并确定所述用户等级对应的隐私预算参数,其中,所述用户等级越低,所述隐私预算参数越小;
根据预先构建的拉普拉斯模型以及确定的所述隐私预算参数确定待发布的所述原始联系网络数据对应的发布概率分布,其中,所述隐私预算参数越小, 所述发布概率分布所处的值域越小;及
选取所述发布概率分布中的任意值作为所述边集合原始联系网络数据中每个网络边的发布概率,并生成每个所述网络边的介于0-1之间的随机数,对比所述随机数与所述发布概率,若所述发布概率大于所述随机数,则发布对应的所述网络边。
一个或者多个存储有计算机可执行指令的非易失性可读存储介质,所述指令被一个或者多个处理器执行,使得所述一个或者多个处理器执行以下步骤:
接收终端发送的数据发布请求;
响应于所述数据发布请求,查找原始联系网络数据,其中,所述原始联系网络数据包括节点集合和存在于节点间的边集合;
根据所述数据发布请求中携带的用户标识查找对应的用户等级,并确定所述用户等级对应的隐私预算参数,其中,所述用户等级越低,所述隐私预算参数越小;
根据预先构建的拉普拉斯模型以及确定的所述隐私预算参数确定待发布的所述原始联系网络数据对应的发布概率分布,其中,所述隐私预算参数越小,所述发布概率分布所处的值域越小;及
选取所述发布概率分布中的任意值作为所述边集合原始联系网络数据中每个网络边的发布概率,并生成每个所述网络边的介于0-1之间的随机数,对比所述随机数与所述发布概率,若所述发布概率大于所述随机数,则发布对应的所述网络边。
本申请的一个或多个实施例的细节在下面的附图和描述中提出。本申请的其它特征、目的和优点将从说明书、附图以及权利要求书变得明显。
附图说明
为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付 出创造性劳动的前提下,还可以根据这些附图获得其他的附图。
图1为一个实施例中数据发布方法的应用环境图;
图2为一个实施例中数据发布方法的流程图;
图3另为一个实施例中数据发布方法的流程图;
图4为一个实施例中联系网络数据的社交网络图;
图5又为一个实施例中数据发布方法的流程图;
图6为一个实施例中数据发布装置的结构框图;
图7为一个实施例中服务器的内部结构示意图。
具体实施方式
为了使本发明的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。
如图1所示,在一个实施例中,提供了一种数据发布方法的应用环境图,该应用环境图包括终端110和差分发布服务器120。终端110可通过网络与服务器120通信。终端110可以是智能手机、平板电脑、笔记本电脑、台式计算机中的至少一种,但并不局限于此。差分发布服务器120可以是独立的物理服务器,也可以是多个物理服务器构成的服务器集群。终端110向服务器120发送数据发布请求,服务器响应于终端的请求,查找待发布的原始联系网络数据,并根据用户标识确定用户等级,进而确定能够表征不同隐私保护程度的隐私预算参数,基于该隐私预算参数计算待发布数据的发布概率分布,相比对于传统的对待发布数据进行不同程度的噪声处理以达到差分隐私发布,对于联系网络数据,则是基于计算的发布概率分布以及为数据中每个网络边生成的随机数,判断每个网络边是否发布以达到隐私发布的目的,由于发布概率以及每个网络边的随机数都具有随机性,因此,攻击者不太容易得到发布数据间的差异,也就无法推测出完整的正确数据,实现了对发布的联系网络数据的更加可靠的差分隐私保护。
图2为本发明一个实施例的数据发布方法的流程示意图。应当理解的是,虽然图2的流程图中的各个步骤按照箭头的指示依次显示,但是这些步骤并不是必须按照箭头指示的顺序依次执行。除非本文中有明确的说明,这些步骤的执行并没有严格的顺序限制,其可以以其他的顺序执行。而且图2中的至少一部分步骤可以包括多个子步骤或者多个阶段,这些子步骤或者阶段并不必然是依次进行,而是可以与其他步骤或者其他步骤的子步骤或者阶段的至少一部分轮流或者交替执行。
参考图2,提供的一种数据发布方法以应用到图1所示中的差分服务器中为例进行说明,具体包括如下步骤:
步骤S202:接收终端发送的数据发布请求。
终端向差分发布服务器发送数据发布请求,该数据发布请求中携带终端用户标识、请求发布数据信息。其中,请求发布数据信息可以是用户限定的请求发布数据需要满足的条件,如请求发布的数据为指定用户u的好友信息、某一个学校的学生学籍信息或者医生与患者的关系数据等。这里的请求发布的数据为能够构成联系网络的数据。
本实施例是针对联系网络数据的数据发布方法,联系网络数据是指数据中包含的信息之间具有关联关系,关联关系可以是好友关系、合作关系、医患关系、竞争关系等等。
步骤S204:响应于数据发布请求,查找请求发布的原始联系网络数据,其中,原始联系网络数据包括节点集合和存在于节点间的边集合。
差分发布服务器响应于终端发送的数据发布请求,提取请求中携带的请求发布数据信息,根据请求发布数据信息获取对应的待发布原始联系网络数据。原始联系网络数据是指没有经过隐私运算的原始真实的数据,将获取到的原始联系网络数据进行抽象,得到节点集合和存在于各节点间的边集合,边集合中的每个网络边代表节点间的关联关系。
步骤S206:根据数据发布请求中携带的用户标识查找对应的用户等级,并确定用户等级对应的隐私预算参数,其中,用户等级越低,隐私预算参数越小。
差分发布服务器中预先存储了用户标识与用户等级的对应关系,并为不同 等级的用户配置了相应的隐私预算参数(用ε表示)。隐私预算参数ε能够体现隐私保护水平,以达到不同等级的用户得到不同隐私保护程度的数据,实现数据差分发布。
在一个实施例中,可根据用户(机构)的需求或者权限划分用户等级。举例来说,疾病研究中心请求医疗数据,由于疾病研究中心用于疾病成因研究,需要相对详细的医疗数据,因此,为疾病研究中心划分较高的用户等级。而对未知机构,则为其分配比较低的用户等级。容易理解的是,对权限较高的请求用户分配较高的用户等级,如为管理员分配高用户等级;为权限较低的用户分配相对低的用户等级。
步骤S208:根据预先构建的拉普拉斯模型以及确定的隐私预算参数计算待发布的原始联系网络数据对应的发布概率分布,其中,隐私预算参数越小,发布概率分布所处的值域越小。
差分发布服务器预先构建用于计算发布概率的拉普拉斯模型,在该模型中隐私预算参数为模型的尺度参数,根据确定的隐私预算参数可确定发布概率的分布曲线,其中,隐私预算参数越小,发布概率分布所处的值域越小。
步骤S210:选取发布概率分布中的任意值作为边集合中每个网络边的发布概率,并生成每个网络边的介于0-1之间的随机数,对比随机数与发布概率,若发布概率大于随机数,则发布对应的网络边。
计算的发布概率分布为某一范围的区间值,本实施例中,可任意给定一个自变量确定一个发布概率值作为边集合中每个网络边的发布概率。若发布概率分布的值域区间为(0.4-0.6),则可选择0.5作为边集合中每个网络边的发布概率。
为联系网络数据中每个网络边随机生成一个随机数,该随机数为0-1之间的小数,将生成的随机数与确定的网络边的发布概率进行对比,若随机数大于网络边的发布概率,则不发布该网络边,若随机数小于网络边的发布概率,则发布该网络边,若随机数与发布概率相等,可以发布该网络边也可以不发布该网络边。
在一个实施例中,根据0-1分布函数生成每个网络边的随机数。
由于存在随机性,攻击者并不能得到发布数据之间的规律,即使是同一用户请求同一联系网络数据,每次得到的发布数据也是不相同的,保证了发布数据隐私保护的可靠性。由于隐私预算参数是发布概率分布尺度参数,用户等级越高,隐私预算参数越大,发布概率分布所处的值域越大,发布概率大于随机数的概率也就越大,每个网络边被发布的几率就越大。也就是,等级高的用户将可获取到隐私程度相对较小的数据,在对发布数据有效保护的基础上,实现了针对不同级别用户的数据差分发布。
在一个实施例中,预先构建的拉普拉斯模型为:
A(D)=M+lapΔf/ε(x)   (1)
其中,D为待发布的边集,A(D)为发布概率分布,Δf/ε为概率分布的尺度参数,ε为隐私预算参数,M为服务器预先配置的数据的原始发布概率,lapΔf/ε(x)为拉普拉斯随机概率。通过添加lapΔf/ε(x)拉普拉斯随机概率,可使计算的发布概率为分布函数,具有随机性。
在一个实施例中,按照上述发布方式,发布的网络边均为真实网络边数据,攻击者可能通过相当多次的请求数据来获取到全部的网络边信息也就是原始联系网络数据,为此,在原始联系网络数据中添加虚拟网络边,也就是,原始联系网络数据的网络边包括实际存在的节点之间的边,还包括添加的用户节点之间的虚拟网络边,即在不存在关联关系的节点之间添加虚拟网络边。预先构建的拉普拉斯模型为:
Figure PCTCN2017100019-appb-000001
如图3所示,针对预先构建的拉普拉斯模型(2)的数据发布方法包括如下步骤:
步骤S302:接收终端发送的数据发布请求。
步骤S304:响应于数据发布请求,查找请求发布的原始联系网络数据,其中,原始联系网络数据包括节点集合和存在于节点间的边集合。
需要说明的是,原始联系网络数据包括的边集合中的网络边为真实存在的网络边。
步骤S306:根据数据发布请求中携带的用户标识查找对应的用户等级,并确定用户等级对应的隐私预算参数,其中,用户等级越低,隐私预算参数越小。
步骤S308:生成原始联系网络数据的虚拟网络边,生成的虚拟网络边产生于不存在真实网络边的两个节点之间。
可就任意两个不存在真实网络边的节点之间生成虚拟网络边。可以仅生成部分虚拟网络边,也可以生成所有的虚拟网络边。如图4所示,虚线表示生成的虚拟网路边,由图可知,节点v3和节点v8之间、节点v2和节点v8之间、节点v2和节点v7之间等都可生成虚拟网络边。
步骤S310:根据预先构建的拉普拉斯模型以及确定的隐私预算参数计算待发布的原始联系网络数据对应的发布概率分布,其中,生成的发布概率分布包括真实网络边的发布概率分布和虚拟网络边的发布概率分布,隐私预算参数越小,发布概率分布所处的值域越小。
预先构建的拉普拉斯模型如公式(2)所示。
步骤S312:选取真实网络边的发布概率分布中任意值作为真实网络边的发布概率,选取虚拟网络边的发布概率分布中任意值作为虚拟网络边的发布概率,并生成每个网络边的介于0-1之间的随机数,将生成的随机数与对应的发布概率进行对比,若发布概率大于随机数,则发布对应的网络边。
通过添加虚拟网络边,不存在的网络边添加也可能被发布,有效防止了攻击者通过相当多次的请求数据来获取到全部的网络边信息,虚拟网络边信息的发布相当于在发布的联系网络数据中添加了随机噪声,进一步保证了发布数据隐私保护的可靠性。
在另一个实施例中,根据计算的真实网路边发布概率分布确定的每个真实网络边的发布概率也可以不相同,如真实网络边的发布概率分布的值域区间为(0.4-0.6),可以选定真实网络边1的分布概率为0.45,真实网络边2的分布概率为0.55。相应的不同的虚拟网络边的分布概率也可以不同,如虚拟网络边的发布概率分布的值域区间为(0.1-0.3),则可以设定虚拟网路边1的发布概率为 0.2,虚拟网络边2的发布概率为0.25。而在进行网络边发布与否判断时,只需根据各自对应的发布概率进行判断即可。
在一个实施例中,如图5所示,服务器中预先存储有来自多个社交网络平台的联系网络数据,联系网络数据与平台标识关联存储。数据发布方法包括如下步骤:
步骤S402:接收终端发送的数据发布请求。
步骤S404:根据数据发布请求中携带的平台标识,获取与平台标识关联存储的联系网络数据,进而根据数据发布请求中携带的请求数据条件信息,从获取的联系网络数据中提取与请求数据条件信息相对应的原始联系网络数据。
具体的,服务器预先存储的平台标识可以是医疗平台标识、学校平台标识、企业平台标识等,上述的每个平台标识还可以包括若干个子平台标识,如医院A,医院B;A学校,B学校等。
差分发布服务器根据携带的平台标识,查找与平台标识对应的联系网络数据,并根据请求中携带的请求数据条件信息获取平台大数据中与该条件对应的联系网络数据,获取到的数据为原始联系网络数据。
在一个实施例中,差分发布服务器还可通过与各平台系统之间的接口,向对应的平台系统发送数据请求指令,对应的平台系统返回与请求数据条件对应的原始联系网络数据,差分发布服务器经差分隐私保护后向请求的终端发布该数据。
步骤S406:根据数据发布请求中携带的用户标识查找对应的用户等级,并确定用户等级对应的隐私预算参数,其中,用户等级越低,隐私预算参数越小。
步骤S408:根据预先构建的拉普拉斯模型以及确定的隐私预算参数计算待发布的原始联系网络数据对应的发布概率分布,其中,隐私预算参数越小,发布概率分布所处的值域越小,预先构建的拉普拉斯模型如下所示,
A(D)=M+lapΔf/ε(x)
其中,D为待发布的边集合,A(D)为发布概率分布,Δf/ε为概率分布的尺 度参数,ε为隐私预算参数,服务器预先存储有M值与平台标识之间的对应关系,基于待发布的原始联系网络数据对应的平台标识确定M值,M值用于整体调整计算的发布概率分布的值域。
也就是,对应不同平台标识对应不同的M值。不同平台对应的M值可由平台系统进行配置,M值为平台系统设置用户整体调整平台内数据发布概率的。如某一医院平台配置M值为0.5,则该平台内数据的发布概率至少为0.5,某学校平台配置M值为0.2,则该平台为其内部数据的发布设置了一个较小的M值以使其数据发布概率较小,以达到对数据更大的隐私保护。
步骤S410:选取发布概率分布中的任意值作为边集中每个网络边的发布概率,并生成每个网络边的介于0-1之间的随机数,将生成的随机数与发布概率进行对比,若发布概率大于随机数,则发布对应的网络边。
本市实施例中,通过将发布概率模型中的概率调整M值与不同的平台标识建立对应关系,使得平台可通过设定M值控制自身数据的发布概率,以对数据的隐私保护进行宏观掌控。
在一个实施例中,向差分发布服务器请求数据的用户可能不希望泄露自己请求使用发布数据这一行为,因此,本实施例中,对请求发布数据的用户终端的身份进行保护,基于此,数据发布方法为:
用户端向可信终端发送数据发布请求,该数据发布请求携带真实用户标识。可信终端查找与真实用户标识对应的假名标识符,并根据假名标识符确定请求用户对应的用户等级,其中,假名标识符是可信终端通过对用户的真实用户标识经过加密算法运算得到的字符串。可信终端向差分发布服务器发送数据发布请求,该数据发布请求中携带查找到的假名标识符和用户等级。差分发布服务器查找与用户等级对应的隐私预算参数,并查找待发布的原始联系网络数据,进而根据预先构建的拉普拉斯模型以及确定的隐私预算参数计算待发布的原始联系网络数据对应的发布概率分布。差分服务器选取发布概率分布中的任意值作为边集中每个网络边的发布概率,并生成每个网络边的介于0-1之间的随机数,将生成的随机数与发布概率进行对比,若发布概率大于随机数,则发布对应的网络边,否则,不发布对应的网络边,进而生成隐私后的发布数据。差分发布 服务器将生成的隐私后的发布数据推送至可信终端,可信终端再将隐私后的发布数据推送至用户端。
具体的,真实查询数据的用户端首先到可信终端进行注册,可信终端根据用户端提供的注册信息生成用户端的用户标识,可以以用户的身份编码、移动通信号码作为用户端的用户标识,该用户标识在一定程度上能够反映用户的真实身份。为了对用户的真实身份进行隐藏,可信终端按照设定的加密算法对真实用户标识进行加密运算得到假名标识符。假名标识符不能反映用户的真实身份。
可信终端还根据用户端在注册时提供的身份信息以及用户自身属性信息为用户分配用户等级,并建立用户等级与假名标识符之间的关联关系。其中,用户身份信息可包括用户所属机构、单位等。用户自身属性信息包括用户权限等信息。
在用户端向可信终端发送数据发布请求时,可信终端首先查找与真实用户标识对应的假名标识符,并根据预先建立的用户等级与假名标识符之间的关联关系,确定请求用户的用户等级。
需要说明的是,这里的可信终端可以是智能手机、平板电脑、笔记本电脑、台式计算机,还可以是服务器或者服务器集群。
本实施例考虑了保护数据使用者隐私的需求,引入了可信代理来实现数据使用者的身份隐私保护。
在一个实施例中,如图6所示,提供了一种数据发布装置,该装置包括:
数据发布请求模块502,用于接收终端发送的数据发布请求。
原始数据获取模块504,用于响应于数据发布请求,查找原始联系网络数据,其中,原始联系网络数据包括节点集合和存在于节点间的边集合。
参数确定模块506,用于根据数据发布请求中携带的用户标识查找对应的用户等级,并确定用户等级对应的隐私预算参数,其中,用户等级越低,隐私预算参数越小。
发布概率计算模块508,用于根据预先构建的拉普拉斯模型以及确定的隐私 预算参数计算待发布的原始联系网络数据对应的发布概率分布,其中,隐私预算参数越小,发布概率分布所处的值域越小。
发布数据确定模块510,用于选取发布概率分布中的任意值作为边集合中每个网络边的发布概率,并生成每个网络边的介于0-1之间的随机数,对比所述随机数与所述发布概率,若发布概率大于随机数,则发布对应的网络边。
在一个实施例中,所述数据发布请求中携带的所述用户标识为对真实用户标识进行加密处理后得到的假名标识符,所述数据发布请求中还携带与所述假名标识符对应的用户等级,其中,所述假名标识符对应的所述用户等级是通过可信终端根据预先存储的假名标识符与所述用户级别之间的对应关系查找得到的;参数确定模块506,还用于提取所述数据发布请求中携带的请求用户的所述用户等级,并根据预先配置的所述用户等级与所述隐私预算参数之间的对应关系确定所述用户等级对应的隐私预算参数,其中,所述用户等级越低,所述隐私预算参数越小。
在一个实施例中,服务器中预先存储有来自多个社交网络平台的联系网络数据,联系网络数据与平台标识关联存储;
原始数据获取模块504,还用于根据数据发布请求中携带的平台标识,获取与平台标识关联存储的联系网络数据,进而根据数据发布请求中携带的请求数据条件信息,从获取的联系网络数据中提取与请求数据条件信息相对应的原始联系网络数据,其中,所述原始联系网络数据包括节点集合和存在于节点间的边集合。
在一个实施例中,预先构建的拉普拉斯模型为:
A(D)=M+lapΔf/ε(x)
其中,D为待发布的边集合,A(D)为发布概率分布,Δf/ε为概率分布的尺度参数,ε为隐私预算参数,服务器预先存储有M值与平台标识之间的对应关系,基于待发布的原始联系网络数据对应的平台标识确定M值,M值用于整体调整计算的发布概率分布的值域。
在一个实施例中,发布数据确定模块510,还用于选取发布概率分布中的任 意值作为边集合中每个网络边的发布概率,并根据0-1的均匀分布生成每个网络边的随机数,将生成的随机数与发布概率进行对比,若发布概率不小于随机数,则发布对应的网络边;否则不发布对应的网络边。
在一个实施例中,上述各个实施例中的数据发布装置可以实现为一种计算机程序的形式,计算机程序对应的计算机可执行指令可在如图7所示的差分发布服务器上运行。该差分发布服务器包括通过系统总线连接的处理器、非易失性存储介质、内存储器和网络接口。其中,该差分发布服务器的非易失性存储介质存储有操作系统、数据库和上述的由数据发布装置实现的计算机可执行指令。数据库用于存储数据,如待发布的联系网络数据。处理器用于提供计算和控制能力,支撑整个差分发布服务器的运行。内存储器为非易失性存储介质中的操作系统和用于实现数据发布的计算机可执行指令的运行提供环境。网络接口用于与终端进行通信连接。本领域技术人员可以理解,图7中示出的差分发布服务器的结构,仅仅是与本申请方案相关的部分结构的框图,并不构成对本申请方案所应用于其上的差分发布服务器的限定,具体的差分发布服务器可以包括比图中所示更多或更少的部件,或者组合某些部件,或者具有不同的部件布置。
上述的网络接口可以是以太网卡或者无线网卡等。上述各模块还可以硬件形式内嵌于或者独立于上述的差分发布服务器中。也可以如上述的以软件的形式存储于差分发布服务器的存储器中,以便于处理器调用执行以上各个模块对应的操作。该处理器可以为中央处理单元(CPU)、微处理器、单片机等。
在一个实施例中,提供了一个或多个存储有计算机可执行指令的非易失性可读存储介质,该指令被一个或多个处理器执行时,使得一个或多个处理器执行上述实施例方法中的全部或部分流程。上述的计算机可执行指令为由上述各实施例方法中的全部或者部分流程实现的计算机程序对应的计算机可执行指令。
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,程序可存储于一计算机可读 取存储介质中,如本发明实施例中,该程序可存储于计算机系统的存储介质中,并被该计算机系统中的至少一个处理器执行,以实现包括如上述各方法的实施例的流程。其中,存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)等。
以上实施例的各技术特征可以进行任意的组合,为使描述简洁,未对上述实施例中的各个技术特征所有可能的组合都进行描述,然而,只要这些技术特征的组合不存在矛盾,都应当认为是本说明书记载的范围。
以上实施例仅表达了本发明的几种实施方式,其描述较为具体和详细,但并不能因此而理解为对发明专利范围的限制。应当指出的是,对于本领域的普通技术人员来说,在不脱离本发明构思的前提下,还可以做出若干变形和改进,这些都属于本发明的保护范围。因此,本发明专利的保护范围应以所附权利要求为准。

Claims (20)

  1. 一种数据发布方法,所述方法包括:
    接收终端发送的数据发布请求;
    响应于所述数据发布请求,查找原始联系网络数据,其中,所述原始联系网络数据包括节点集合和存在于节点间的边集合;
    根据所述数据发布请求中携带的用户标识查找对应的用户等级,并确定所述用户等级对应的隐私预算参数,其中,所述用户等级越低,所述隐私预算参数越小;
    根据预先构建的拉普拉斯模型以及确定的所述隐私预算参数确定待发布的所述原始联系网络数据对应的发布概率分布,其中,所述隐私预算参数越小,所述发布概率分布所处的值域越小;及
    选取所述发布概率分布中的任意值作为所述边集合原始联系网络数据中每个网络边的发布概率,并生成每个所述网络边的介于0-1之间的随机数,对比所述随机数与所述发布概率,若所述发布概率大于所述随机数,则发布对应的所述网络边。
  2. 根据权利要求1所述的方法,其特征在于,所述数据发布请求中携带的所述用户标识为对真实用户标识进行加密处理后得到的假名标识符,所述数据发布请求中还携带与所述假名标识符对应的用户等级,其中,所述假名标识符对应的所述用户等级是通过可信终端根据预先存储的假名标识符与所述用户级别之间的对应关系查找得到的;
    所述根据所述数据发布请求中携带的用户标识查找对应的用户等级,并确定所述用户等级对应的隐私预算参数为:提取所述数据发布请求中携带的请求用户的所述用户等级,并根据预先配置的所述用户等级与所述隐私预算参数之间的对应关系确定所述用户等级对应的隐私预算参数。
  3. 根据权利要求1所述的方法,其特征在于,服务器中预先存储有来自多个社交网络平台的联系网络数据,所述联系网络数据与平台标识关联存储;
    所述响应于所述数据发布请求,查找原始联系网络数据为:
    根据所述数据发布请求中携带的所述平台标识,获取与所述平台标识关联 存储的所述联系网络数据,进而根据所述数据发布请求中携带的请求数据条件信息,从获取的所述联系网络数据中提取与所述请求数据条件信息相对应的原始联系网络数据。
  4. 根据权利要求3所述的方法,其特征在于,所述预先构建的拉普拉斯模型为:
    A(D)=M+lapΔf/ε(x)
    其中,D为待发布的所述边集合,A(D)为所述发布概率分布,Δf/ε为概率分布的尺度参数,ε为隐私预算参数,服务器预先存储有M值与平台标识之间的对应关系,服务器基于待发布的原始联系网络数据对应的平台标识确定所述M值,所述M值用于整体调整所述发布概率分布的值域。
  5. 根据权利要求1所述的方法,其特征在于,所述选取所述发布概率分布中的任意值作为所述边集合中每个网络边的发布概率,并生成每个所述网络边的介于0-1之间的随机数,对比所述随机数与所述发布概率,若所述发布概率大于所述随机数,则发布对应的所述网络边,包括:
    选取所述发布概率分布中的任意值作为所述边集合中每个网络边的发布概率;
    根据0-1的均匀分布生成每个所述网络边的随机数,对比所述随机数与所述发布概率,若所述发布概率大于所述随机数,则发布对应的所述网络边;否则,不发布对应的所述网络边。
  6. 一种数据发布装置,其特征在于,所述装置包括:
    数据发布请求模块,用于接收终端发送的数据发布请求;
    原始数据获取模块,用于响应于所述数据发布请求,查找原始联系网络数据,其中,所述原始联系网络数据包括节点集合和存在于节点间的边集合;
    参数确定模块,用于根据所述数据发布请求中携带的用户标识查找对应的用户等级,并确定所述用户等级对应的隐私预算参数,其中,所述用户等级越低,所述隐私预算参数越小;
    发布概率计算模块,用于根据预先构建的拉普拉斯模型以及确定的所述隐私预算参数确定待发布的所述原始联系网络数据对应的发布概率分布,其中,所述隐私预算参数越小,所述发布概率分布所处的值域越小;及
    发布数据确定模块,用于选取所述发布概率分布中的任意值作为所述边集合中每个网络边的发布概率,并生成每个所述网络边的介于0-1之间的随机数,对比所述随机数与所述发布概率,若所述发布概率大于所述随机数,则发布对应的所述网络边。
  7. 根据权利要求6所述的装置,其特征在于,所述数据发布请求中携带的所述用户标识为对真实用户标识进行加密处理后得到的假名标识符,所述数据发布请求中还携带与所述假名标识符对应的用户等级,其中,所述假名标识符对应的所述用户等级是通过可信终端根据预先存储的假名标识符与所述用户级别之间的对应关系查找得到的;
    所述参数确定模块,还用于提取所述数据发布请求中携带的请求用户的所述用户等级,并根据预先配置的所述用户等级与所述隐私预算参数之间的对应关系确定所述用户等级对应的隐私预算参数。
  8. 根据权利要求6所述的装置,其特征在于,服务器中预先存储有来自多个社交网络平台的联系网络数据,所述联系网络数据与平台标识关联存储;
    所述原始数据获取模块,还用于根据所述数据发布请求中携带的所述平台标识,获取与所述平台标识关联存储的所述联系网络数据,进而根据所述数据发布请求中携带的请求数据条件信息,从获取的所述联系网络数据中提取与所述请求数据条件信息相对应的原始联系网络数据。
  9. 根据权利要求8所述的装置,其特征在于,所述预先构建的拉普拉斯模型为:
    A(D)=M+lapΔf/ε(x)
    其中,D为待发布的所述边集合,A(D)为所述发布概率分布,Δf/ε为概率分布的尺度参数,ε为隐私预算参数,服务器预先存储有M值与平台标识之间的对应关系,服务器基于待发布的原始联系网络数据对应的平台标识确定所述 M值,所述M值用于整体调整所述发布概率分布的值域。
  10. 根据权利要求6所述的装置,其特征在于,所述发布数据确定模块,还用于选取所述发布概率分布中的任意值作为所述边集合中每个网络边的发布概率;根据0-1的均匀分布生成每个所述网络边的随机数,对比所述随机数与所述发布概率,若所述发布概率大于所述随机数,则发布对应的所述网络边;否则,不发布对应的所述网络边。
  11. 一种服务器,包括存储器和处理器,所述存储器中存储有计算机可执行指令,所述指令被所述处理器执行时,使得所述处理器执行以下步骤:
    接收终端发送的数据发布请求;
    响应于所述数据发布请求,查找原始联系网络数据,其中,所述原始联系网络数据包括节点集合和存在于节点间的边集合;
    根据所述数据发布请求中携带的用户标识查找对应的用户等级,并确定所述用户等级对应的隐私预算参数,其中,所述用户等级越低,所述隐私预算参数越小;
    根据预先构建的拉普拉斯模型以及确定的所述隐私预算参数确定待发布的所述原始联系网络数据对应的发布概率分布,其中,所述隐私预算参数越小,所述发布概率分布所处的值域越小;及
    选取所述发布概率分布中的任意值作为所述边集合原始联系网络数据中每个网络边的发布概率,并生成每个所述网络边的介于0-1之间的随机数,对比所述随机数与所述发布概率,若所述发布概率大于所述随机数,则发布对应的所述网络边。
  12. 根据权利要求11所述的服务器,其特征在于,所述数据发布请求中携带的所述用户标识为对真实用户标识进行加密处理后得到的假名标识符,所述数据发布请求中还携带与所述假名标识符对应的用户等级,其中,所述假名标识符对应的所述用户等级是通过可信终端根据预先存储的假名标识符与所述用户级别之间的对应关系查找得到的;
    所述处理器执行的所述根据所述数据发布请求中携带的用户标识查找对应的用户等级,并确定所述用户等级对应的隐私预算参数为:提取所述数据发布请求中携带的请求用户的所述用户等级,并根据预先配置的所述用户等级与所述隐私预算参数之间的对应关系确定所述用户等级对应的隐私预算参数。
  13. 根据权利要求11所述的服务器,其特征在于,服务器中预先存储有来自多个社交网络平台的联系网络数据,所述联系网络数据与平台标识关联存储;
    所述处理器执行的所述响应于所述数据发布请求,查找原始联系网络数据为:根据所述数据发布请求中携带的所述平台标识,获取与所述平台标识关联存储的所述联系网络数据,进而根据所述数据发布请求中携带的请求数据条件信息,从获取的所述联系网络数据中提取与所述请求数据条件信息相对应的原始联系网络数据。
  14. 根据权利要求13所述的服务器,其特征在于,所述预先构建的拉普拉斯模型为:
    A(D)=M+lapΔf/ε(x)
    其中,D为待发布的所述边集合,A(D)为所述发布概率分布,Δf/ε为概率分布的尺度参数,ε为隐私预算参数,服务器预先存储有M值与平台标识之间的对应关系,服务器基于待发布的原始联系网络数据对应的平台标识确定所述M值,所述M值用于整体调整所述发布概率分布的值域。
  15. 根据权利要求11所述的服务器,其特征在于,所述处理器执行的所述选取所述发布概率分布中的任意值作为所述边集合中每个网络边的发布概率,并生成每个所述网络边的介于0-1之间的随机数,对比所述随机数与所述发布概率,若所述发布概率大于所述随机数,则发布对应的所述网络边,包括:
    选取所述发布概率分布中的任意值作为所述边集合中每个网络边的发布概率;
    根据0-1的均匀分布生成每个所述网络边的随机数,对比所述随机数与所述发布概率,若所述发布概率大于所述随机数,则发布对应的所述网络边;否则,不发布对应的所述网络边。
  16. 一个或者多个存储有计算机可执行指令的非易失性可读存储介质,所述指令被一个或者多个处理器执行,使得所述一个或者多个处理器执行以下步骤:
    接收终端发送的数据发布请求;
    响应于所述数据发布请求,查找原始联系网络数据,其中,所述原始联系网络数据包括节点集合和存在于节点间的边集合;
    根据所述数据发布请求中携带的用户标识查找对应的用户等级,并确定所述用户等级对应的隐私预算参数,其中,所述用户等级越低,所述隐私预算参数越小;
    根据预先构建的拉普拉斯模型以及确定的所述隐私预算参数确定待发布的所述原始联系网络数据对应的发布概率分布,其中,所述隐私预算参数越小,所述发布概率分布所处的值域越小;及
    选取所述发布概率分布中的任意值作为所述边集合原始联系网络数据中每个网络边的发布概率,并生成每个所述网络边的介于0-1之间的随机数,对比所述随机数与所述发布概率,若所述发布概率大于所述随机数,则发布对应的所述网络边。
  17. 根据权利要求16所述的非易失性可读存储介质,其特征在于,所述数据发布请求中携带的所述用户标识为对真实用户标识进行加密处理后得到的假名标识符,所述数据发布请求中还携带与所述假名标识符对应的用户等级,其中,所述假名标识符对应的所述用户等级是通过可信终端根据预先存储的假名标识符与所述用户级别之间的对应关系查找得到的;
    所述处理器执行的所述根据所述数据发布请求中携带的用户标识查找对应的用户等级,并确定所述用户等级对应的隐私预算参数为:提取所述数据发布请求中携带的请求用户的所述用户等级,并根据预先配置的所述用户等级与所述隐私预算参数之间的对应关系确定所述用户等级对应的隐私预算参数。
  18. 根据权利要求16所述的非易失性可读存储介质,其特征在于,服务器中预先存储有来自多个社交网络平台的联系网络数据,所述联系网络数据与平 台标识关联存储;
    所述处理器执行的所述响应于所述数据发布请求,查找原始联系网络数据为:根据所述数据发布请求中携带的所述平台标识,获取与所述平台标识关联存储的所述联系网络数据,进而根据所述数据发布请求中携带的请求数据条件信息,从获取的所述联系网络数据中提取与所述请求数据条件信息相对应的原始联系网络数据。
  19. 根据权利要求18所述的非易失性可读存储介质,其特征在于,所述预先构建的拉普拉斯模型为:
    A(D)=M+lapΔf/ε(x)
    其中,D为待发布的所述边集合,A(D)为所述发布概率分布,Δf/ε为概率分布的尺度参数,ε为隐私预算参数,服务器预先存储有M值与平台标识之间的对应关系,服务器基于待发布的原始联系网络数据对应的平台标识确定所述M值,所述M值用于整体调整所述发布概率分布的值域。
  20. 根据权利要求16所述的非易失性可读存储介质,其特征在于,所述处理器执行的所述选取所述发布概率分布中的任意值作为所述边集合中每个网络边的发布概率,并生成每个所述网络边的介于0-1之间的随机数,对比所述随机数与所述发布概率,若所述发布概率大于所述随机数,则发布对应的所述网络边,包括:
    选取所述发布概率分布中的任意值作为所述边集合中每个网络边的发布概率;
    根据0-1的均匀分布生成每个所述网络边的随机数,对比所述随机数与所述发布概率,若所述发布概率大于所述随机数,则发布对应的所述网络边;否则,不发布对应的所述网络边。
PCT/CN2017/100019 2017-06-23 2017-08-31 数据发布方法、装置、服务器和存储介质 WO2018233051A1 (zh)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US16/463,740 US10848466B2 (en) 2017-06-23 2017-08-31 Method, server and storage medium for data distribution
SG11201903754TA SG11201903754TA (en) 2017-06-23 2017-08-31 Data release method and device, and server and storage medium

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710488427.4A CN107689950B (zh) 2017-06-23 2017-06-23 数据发布方法、装置、服务器和存储介质
CN201710488427.4 2017-06-23

Publications (1)

Publication Number Publication Date
WO2018233051A1 true WO2018233051A1 (zh) 2018-12-27

Family

ID=61152692

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/100019 WO2018233051A1 (zh) 2017-06-23 2017-08-31 数据发布方法、装置、服务器和存储介质

Country Status (4)

Country Link
US (1) US10848466B2 (zh)
CN (1) CN107689950B (zh)
SG (1) SG11201903754TA (zh)
WO (1) WO2018233051A1 (zh)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3642847A1 (en) * 2018-08-31 2020-04-29 Google LLC. Privacy-first on-device federated health modeling and intervention
CN109543422A (zh) * 2018-10-30 2019-03-29 中国科学院信息工程研究所 一种隐私信息处置方法、装置及系统
CN109902506B (zh) * 2019-01-08 2021-02-26 中国科学院软件研究所 一种多隐私预算的本地差分隐私数据分享方法和系统
CN112287359A (zh) * 2019-07-22 2021-01-29 华为技术有限公司 一种隐私保护方法和装置
CN111046429B (zh) * 2019-12-13 2021-06-04 支付宝(杭州)信息技术有限公司 基于隐私保护的关系网络构建方法及装置
CN111080123A (zh) * 2019-12-14 2020-04-28 支付宝(杭州)信息技术有限公司 用户风险评估方法及装置、电子设备、存储介质
CN113094746B (zh) * 2021-03-31 2022-10-28 北京邮电大学 基于本地化差分隐私的高维数据发布方法及相关设备
CN114090656B (zh) * 2021-11-23 2023-05-26 抖音视界有限公司 一种数据处理方法、装置、计算机设备及存储介质
CN115795527B (zh) * 2022-10-20 2023-08-18 福建师范大学 一种基于节点相似性的不确定图用户隐私保护方法

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110208763A1 (en) * 2010-02-25 2011-08-25 Microsoft Corporation Differentially private data release
CN103902924A (zh) * 2014-04-17 2014-07-02 广西师范大学 社交网络数据发布的混合随机化隐私保护方法
CN105095447A (zh) * 2015-07-24 2015-11-25 武汉大学 一种分布式w-事件型差分隐私无限流数据发布方法
CN105608389A (zh) * 2015-10-22 2016-05-25 广西师范大学 医疗数据发布的差分隐私保护方法
CN106685893A (zh) * 2015-11-06 2017-05-17 中国科学院沈阳计算技术研究所有限公司 一种基于社交网络群的权限控制方法

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7817014B2 (en) * 2004-07-30 2010-10-19 Reva Systems Corporation Scheduling in an RFID system having a coordinated RFID tag reader array
WO2012042646A1 (ja) * 2010-09-30 2012-04-05 富士通株式会社 動画像符号化装置、動画像符号化方法、動画像符号化用コンピュータプログラム、動画像復号装置及び動画像復号方法ならびに動画像復号用コンピュータプログラム
US8375030B2 (en) * 2010-12-03 2013-02-12 Mitsubishi Electric Research Laboratories, Inc. Differentially private aggregate classifier for multiple databases
US8627488B2 (en) * 2011-12-05 2014-01-07 At&T Intellectual Property I, L.P. Methods and apparatus to anonymize a dataset of spatial data
US9648007B1 (en) * 2015-06-17 2017-05-09 Amazon Technologies, Inc. Token-based storage service
US10366249B2 (en) * 2015-10-14 2019-07-30 Samsung Electronics Co., Ltd. System and method for privacy management of infinite data streams
CN105376243B (zh) * 2015-11-27 2018-08-21 中国人民解放军国防科学技术大学 基于分层随机图的在线社会网络差分隐私保护方法
US10445527B2 (en) * 2016-12-21 2019-10-15 Sap Se Differential privacy and outlier detection within a non-interactive model

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110208763A1 (en) * 2010-02-25 2011-08-25 Microsoft Corporation Differentially private data release
CN103902924A (zh) * 2014-04-17 2014-07-02 广西师范大学 社交网络数据发布的混合随机化隐私保护方法
CN105095447A (zh) * 2015-07-24 2015-11-25 武汉大学 一种分布式w-事件型差分隐私无限流数据发布方法
CN105608389A (zh) * 2015-10-22 2016-05-25 广西师范大学 医疗数据发布的差分隐私保护方法
CN106685893A (zh) * 2015-11-06 2017-05-17 中国科学院沈阳计算技术研究所有限公司 一种基于社交网络群的权限控制方法

Also Published As

Publication number Publication date
CN107689950B (zh) 2019-01-29
SG11201903754TA (en) 2019-05-30
CN107689950A (zh) 2018-02-13
US20190386962A1 (en) 2019-12-19
US10848466B2 (en) 2020-11-24

Similar Documents

Publication Publication Date Title
WO2018233051A1 (zh) 数据发布方法、装置、服务器和存储介质
US11509462B2 (en) Secure data distribution protocol using blockchains
US11127097B2 (en) Method, apparatus, and system for copyright rights defense detection
US11336634B2 (en) Identity management via a centralized identity management server device
US11805105B2 (en) System and associated method for ensuring data privacy
US9229997B1 (en) Embeddable cloud analytics
US11048690B2 (en) Contribution of multiparty data aggregation using distributed ledger technology
CN108769230B (zh) 交易数据存储方法、装置、服务器及存储介质
Mouratidis et al. Shortest path computation with no information leakage
US10984410B2 (en) Entity-sovereign data wallets using distributed ledger technology
US20190384956A1 (en) Device fingerprinting, tracking, and management
US20230370265A1 (en) Method, Apparatus and Device for Constructing Token for Cloud Platform Resource Access Control
EP4002786A1 (en) Distributed ledger system
US11146552B1 (en) Decentralized application authentication
CN108881261B (zh) 一种容器环境下基于区块链技术的服务认证方法及系统
TWI812366B (zh) 一種資料共用方法、裝置、設備及存儲介質
EP3158478A1 (en) Embeddable cloud analytics
CN111147235B (zh) 对象访问方法、装置、电子设备及机器可读存储介质
WO2019052328A1 (zh) 一种匿名账户的鉴权方法及服务器
KR20120127339A (ko) 소셜 네트워크 서비스를 제공받는 사용자들 사이의 데이터 공유 방법 및 그 장치
Zhao et al. EPLA: efficient personal location anonymity
US11799629B2 (en) Access authorization utilizing homomorphically encrypted access authorization objects
WO2018121164A1 (zh) 一种用于创建服务号的方法、设备及系统
EP4220468A1 (en) Distributed ledger system
CN114745173A (zh) 登陆验证方法、装置、计算机设备、存储介质和程序产品

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17914588

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 15/05/2020)

122 Ep: pct application non-entry in european phase

Ref document number: 17914588

Country of ref document: EP

Kind code of ref document: A1