CN104080081A - Space anonymization method suitable for mobile terminal position privacy protection - Google Patents

Space anonymization method suitable for mobile terminal position privacy protection Download PDF

Info

Publication number
CN104080081A
CN104080081A CN201410267766.6A CN201410267766A CN104080081A CN 104080081 A CN104080081 A CN 104080081A CN 201410267766 A CN201410267766 A CN 201410267766A CN 104080081 A CN104080081 A CN 104080081A
Authority
CN
China
Prior art keywords
space
region
grid
user
anonymous
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410267766.6A
Other languages
Chinese (zh)
Other versions
CN104080081B (en
Inventor
沈晴霓
韩笑
方跃坚
吴中海
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Peking University
Original Assignee
Peking University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Peking University filed Critical Peking University
Priority to CN201410267766.6A priority Critical patent/CN104080081B/en
Publication of CN104080081A publication Critical patent/CN104080081A/en
Application granted granted Critical
Publication of CN104080081B publication Critical patent/CN104080081B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a space anonymization method suitable for mobile terminal position privacy protection. The method comprises the steps that firstly, when a mobile terminal carries out inquiry based on the position, the historical lower limit value cLB of the number of mobile users of each grid cell is inquired from a cloud server; secondly, the mobile terminal carries out bottom-to-top recursion on the space area according to the lower limit value cLB of each grid unit, and an initial recursion area used for actual space anonym area calculation is worked out; thirdly, the mobile terminal interacts with the cloud server, the cloud server is inquired about from top to bottom in a recursion mode from the initial recursion area, whether the condition for generating the anonym area is met or not is determined according to the returned number of the current users in each grid unit, and if the condition for generating the anonym area is met, the condition is sent to a service supplier based on the position, and a corresponding service is obtained through requesting; fourthly, the service supplier based on the position transmits and returns an inquired message queue to the mobile terminal. According to the space anonymization method, the effectiveness of privacy protection is guaranteed, and communication cost is reduced.

Description

A kind of space anonymization method that is applicable to mobile terminal location privacy protection
Technical field
The present invention relates to a kind of space anonymization method that is applicable to mobile terminal location privacy protection, belong to network security technology field.
Background technology
In recent years, along with the high speed development of intelligent movable mobile phone, location-based service (LBS) becomes and becomes more and more popular, this be mainly due to modern mobile device integrated position transducer, thereby improved the availability of this service.Typical example is interesting to be searched or social networks based on physical location, as the place of Renren Network and Facebook, GPS (Global Position System), in popular comment application, according near the dining room my location finding, micro-letter is applied the demonstration current location information of the inside etc.In conjunction with the current positional information of user, to help user to obtain service better with convenient.But; provide this service based on user's private location may cause serious privacy concern; if these positions are not adequately protected, consequence will be very serious, may cause user's location privacy illegally analyzed or utilized by Continuous Tracking.Therefore the concept of location privacy becomes a kind of enforceable concept, to ensure that mobile subscriber can receive location-based service.
Location privacy protection method for mobile subscriber has a detailed description in various documents.Wherein, k-anonymity (k-anonymity) is a general privacy methods, its thought is the accurate location that replaces request promoter by a fuzzy region that at least comprises k object (mobile subscriber), ensure destination object and other k-1 to as if undistinguishable.Therefore the probability of, determining targeted customer is 1/k.Anonymization method in space is suggested and studies on this basis, the location privacy for the protection of mobile subscriber in the time using location-based service.Traditional space anonymization method is will depend on the agency who is trusted to be called believable location server LTS (Location Trusted Server), is used for producing an anonymous space that at least comprises k user for each request.A typical space anonymization method is New Casper, and Casper is a new framework, and the user with static mobile in this framework can obtain location-based service, can't reveal their positional information simultaneously.Because the target of Casper method is both to find as far as possible little anonymous region soon and safely, so Casper method has reached good service quality.But Casper depends on single LTS; and hypothesis LTS knows all users positional information at any time; for all users that send request produce anonymous space; carry out secret protection so rely on single LTS; also be faced with a series of problem; LTS " that knows is too many ", and the extensibility of single LTS is bad, easily becomes the focus of attack.In order to improve the problem of this dependence single server, the space anonymization method (below by the space anonymization method referred to as equipment end) that someone has proposed by means of mobile subscriber's secret protection of the equipment end of cloud service may be preferable.But stubborn problem is, cell phone apparatus is not known the positional information of other users in the time of request, and this is absolutely necessary in the process that produces corresponding anonymous region.Along with the development of cloud service, can suppose that user density information can obtain from cloud server.These servers can be collected the customer position information of different regions, also can be by estimate different local user density by complicated method, in the time that user sends an anonymous request, mobile terminal obtains corresponding user density information and comes the anonymous region of computer memory to high in the clouds.
The space anonymization method of equipment end, by the support of cloud service, can provide user density information accurately by Cloud Server.The method has been revised traditional Casper space anonymity algorithm, changes start upwards extended recursive algorithm from bottom to top from minimum grid cell as the top-down recursive structure that starts to reduce the scope gradually from maximum region into downwards.But, start recurrence by increasing a large amount of communication rate from root node, also can impact computational speed, so the method expects again to improve algorithm, use the lower limit of the historical data based on user density as initial value, intention is improved the communication consumption bringing from root node recurrence.But, its improved process is not improved corresponding speed issue, and can therefore bring significant privacy disclosure risk, because the historical lower limit once the number of mobile users when obtaining from cloud server is larger than current actual user's number, to there will be actual area number of users to be less than the situation of the threshold values k of k-anonymity, so, k-is anonymous will lose efficacy, and the location of mobile users of initiating request will expose.So, the improvement of algorithm has been got back to the problem that exchanges speed and rate by safety for.
The technical scheme of prior art one
Location privacy protection method for mobile subscriber has a detailed description in various documents.New Casper space anonymization method is the framework that a kind of new solution privacy is revealed model, and the user with static mobile in this framework can obtain location-based service, can also protect their positional information simultaneously.Casper is mainly made up of two parts: the anonymous device in position and privacy perception query processor.The privacy demand that the anonymous device in position is specified according to user, anonymous fuzzy user's accurate location information one-tenth space region.Privacy perception query processor is embedded in location-based database server, is in order to process anonymous region, space, instead of positional information accurately.Casper uses traditional location-based server and query processor to provide anonymous service to their client.Mobile subscriber can use location-based service, and without revealing oneself private location information.Calculate an anonymous region that has k user by Casper framework, in this framework, set the value of k and the minimum area Amin in the anonymous region that is used for hiding customer location by user oneself.By registration Casper, mobile subscriber can arrange privacy settings shelves and specify the comfort level of privacy.The configuration file of privacy of user comprises two parameter k and Amin.Parameter k represents that asking the mobile subscriber of k-anonymity and other k-1 user is undistinguishable, and Amin represents that user wants the positional information of hiding oneself to be at least in the region of Amin a size.The value that k and Amin are larger represents to have stricter security requirements.
Scene description: Casper structure mainly comprises two assemblies: the anonymous device in position and privacy perception query processor.To position, anonymous device sends location updating message to mobile subscriber continuously, the anonymous device in position produces anonymous region, space and carrys out ambiguous location renewal, privacy profile (k with guarantee with each mobile subscriber, Amin) match, and this anonymity area of space is sent to location-based database server.In camouflage customer position information, anonymous device also can be deleted any subscriber identity information, sets up with the assumed name of guaranteeing positional information.Similar with user's location point, anonymous device also can be before the anonymous query region of transmission be to location-based database server, the positional information of first fuzzy query.
Privacy perception query processor is embedded in location-based database server, processes anonymous region, space instead of location point with anonymous way.With respect to directly returning to a definite answer, privacy perception query processor returns to a query candidate list, to answer the location-based inquiry producing by the anonymous device in position.Mobile subscriber, by the candidate list returning after the assessment inquiry of this locality, finds own desired result.Privacy perception query processor can ensure that query candidate list is minimum, and comprises the required answer of user.The size of candidate list depends on user's privacy profile to a great extent.Strict privacy profile may be returned to a larger candidate list.By privacy profile is set, mobile subscriber can independently make a reasonably balance between the service quality of revealing the sensitivity of own positional information and obtain from Casper.The location privacy perception inquiry of processing in location-based database server, can be from mobile subscriber, the person that also can be public administration.Be used as private inquiry from mobile subscriber's inquiry, need first to hide the identity information of inquiry by the anonymous device in position, and the fuzzy query person's of sending position.The person's that comes from public administration location-based inquiry is used as common query, does not need by the anonymous device in position, but directly they is submitted to location-based database server.Database server will be inquired about according to the such public of the anonymous location information answer of all mobile subscriber's storages.
The shortcoming of prior art one:
Casper method can both be found as far as possible little anonymous region soon and safely, can reach good service quality.But do like this and still have some problems:
Casper depends on single LTS; and hypothesis LTS knows all users positional information at any time; for all users that send request produce anonymous space; carry out secret protection so rely on single LTS; also be faced with a series of problem; LTS " that knows is too many ", and the extensibility of single LTS is bad, easily becomes the focus of attack.
The technical scheme of prior art two
Another location privacy protection method is the space anonymization method of the existing equipment end by cloud service.
This sets of plan has been cancelled LTS, space anonymity algorithm is put into mobile device end to be realized, and relevant positional information of mobile subscriber, by the help of cloud service, obtains and calculates mobile subscriber's density information of required relevant range and user's real-time position information from cloud service provider.Although this process has been improved traditional Casper space anonymity algorithm from top to bottom
(Down-Top) recursive algorithm, becomes from top to bottom the recurrence of (Top-Down), but with the problem of communication cost and speed, the threat that even also location privacy is revealed.
The specific works flow process of the space anonymization method of equipment end as shown in Figure 1.
We carry out the workflow of the space anonymization method of devices illustrated end with mobile subscriber's whole use procedure, introduce in detail user's use procedure below.
The 1st step, mobile subscriber is responsible for producing anonymous region on cell phone apparatus, and mobile device client is by recurrence partition space, and regional compartmentalization is stored in network by the mode of index.For each grid cell, it can be mutual with Cloud Server, and inquiry is the mobile subscriber's quantity in this grid cell at a time.
The 2nd step, Cloud Server can upgrade user's positional information, along with mobile subscriber in space constantly moves, the number of users time to time change in grid cell.So for Cloud Server, the renewal that obtain at any time customer position information is extremely important.Cloud Server can provide real-time region user density information.So Cloud Server can return the statistical information of location of mobile users of desired zone to mobile subscriber's cell phone apparatus.
The 3rd step, mobile subscriber, by active user position and the density information received from high in the clouds, independently produces anonymous space.
The 4th step, once mobile subscriber equipment generates an anonymous region, it will send to location-based service provider (LBS) the request in the anonymous region that comprises generation, as application " popular comment ", inquires nearest dining room.
The 5th step, LBS can be returned to user the results set inquiring.
As can be seen here, cause the pressure calculating to user's mobile phone terminal, and the lifting that may bring alternately frequently communication rate with high in the clouds.
The shortcoming of prior art two
The space anonymization method of equipment end by with the combination of Cloud Server, the drawback of having avoided LTS to bring, can produce effectively as far as possible little anonymous region.But also there are some problems:
1. because mobile subscriber's quantity of root node is far longer than k-anonymous object value k, so find the anonymous region of k-using root node as starting point beginning recurrence, to increase communication number of times a large amount of and Cloud Server, thereby cause the waste of communication rate and the restriction of speed.
2. this scheme also attempts to utilize the disposable lower limit c that is written into historical data lBas primary data, the initial recursive region that then utilizes top-down algorithm to find the anonymous region of target based on historical data to calculate as the anonymous region of reality, intention is improved prime area.But method based on historical data still adopts the recursive fashion of Top-Down, and because the net region of root node representative is far longer than the k-anonymous object region of actual demand, so Down-Top recursive fashion of more original Casper anonymity algorithm, still increase greatly recurrence number of times, affected efficiency.
3. the most important thing is, the lower limit of the number of mobile users drawing when the historical record obtaining from cloud server occurs when wrong, as the c of the initial position grid cell drawing based on historical data lB>=k, but actual number of mobile users at that time is but just less than k, k-is anonymous so will lose efficacy, and mobile subscriber will be exposed, thereby cause privacy to be revealed.So the problem that exchanges speed and communication rate by safety for has been got back to again in the improvement of this scheme, has run counter on the contrary the original intention of secret protection.
Privacy threats scene modeling:
Mobile subscriber A sends the request in the nearest dining room of inquiry.Mobile terminal of mobile telephone is responsible for producing corresponding anonymous region and protects the actual position of oneself.First the disposable historical data that is written into the each unit of network, the i.e. lower limit of the historical number of mobile users of each unit from high in the clouds.Then obtain the grid cell c at the place, anonymous region based on historical data lB, its c lB>=k, as the initial cell of the anonymous zone algorithm of real space.Cell phone apparatus will be initiated to high in the clouds request, inquire about the current actual number of mobile users of this initiation region.But now the active user number of initial cell is just lower than historical low value and be less than k, and so, the number of users of initial mesh unit will not meet the requirement of k-anonymity.Now, cloud server will know that the number of mobile users of user A region is less than k, and in the anonymous region returned of user A, number of users also will be less than k, and k-is anonymous lost efficacy, and the location privacy of user A is revealed, and the secret protection of A is lost efficacy.
Summary of the invention
In order to address the above problem, the relation between equilbrium position secret protection, communication rate and computational speed three, the invention provides a kind of space anonymization method that is applicable to mobile terminal location privacy protection.The present invention is that location privacy in order to make the mobile subscriber in cloud environment obtains fine protection to the improvement of space anonymization method, improves computational speed simultaneously and reduces and the communication rate that bring alternately of cloud service.Specifically, the present invention is mainly the feasible method of determining the initial recursive region of algorithm, to avoid the waste that repeatedly brings communication rate alternately from root node recurrence and cloud server; Increase corresponding safety approach, resist the privacy existing in existing method and reveal threat, realize location privacy protection.
The present invention is directed to the initial recursive region of the improved anonymity algorithm of how to confirm; feasible demonstration scheme has been proposed; and the threat of revealing according to the customer location privacy that may bring in this process; propose to increase the scheme of interference value m; thereby avoid exchanging for by safety in existing method the problem of speed and communication cost, accomplished the relation between balance secret protection, actual speed and communication rate.Not only ensure the validity of secret protection but also reduced communication cost.
Main contents of the present invention are as follows: the one,, determined the initial recursive region of top-down space anonymity algorithm in conjunction with Casper method and historical data, reduce the communication-cost mutual with Cloud Server; The 2nd,, two kinds of schemes that increase interference value m have been proposed, suitably expand prime area, resist the privacy disclosure risk existing in existing method; The 3rd,, propose to carry out according to actual traffic situation the scheme of time slice, historical data is processed, improve the computational speed of historical lower limit and the accuracy of result.By the Milano data set that adopts Everyware laboratory to provide, on PC, simulate the emulation experiment that mobile subscriber and Cloud Server generate anonymous region alternately, improved plan and existing scheme are carried out to performance comparison test, and provided by experiment the span of interference value m.Result shows, this method taking lower communication cost and faster speed provide effective location privacy protection as mobile subscriber.
In order to make the premium properties of Casper anonymous methods of space anonymization method inheriting tradition of mobile terminal location privacy protection; find as far as possible little anonymous region; meanwhile; consider the incomplete credibility of cloud service in cloud environment; we need to change the recursive algorithm of (Down-Top) from bottom to top of the original anonymity algorithm of Casper, become from larger territory element to target area the diminishing recursive algorithm of (Top-Down) from top to bottom.But, can produce effective anonymous region though start recurrence from larger region, well ensure mobile subscriber's location privacy, but, this initialized region is whole system region, and it is far longer than the size in the anonymous region of target, thereby finds the repeatedly recurrence before the anonymous region of target, increase the number of times mutual with cloud service, brought extra mobile communication rate and the reduction of speed.Therefore; we are for the initial recursive region of the improved anonymity algorithm of how to confirm; feasible demonstration scheme has been proposed; and the threat of revealing according to the customer location privacy that may bring in this process; propose to increase the scheme of interference value m; thereby avoid exchanging for by safety in existing method the problem of speed and communication cost, accomplished the relation between balance secret protection, actual speed and communication rate.
Technical scheme of the present invention is:
A space anonymization method that is applicable to mobile terminal location privacy protection, the steps include:
1) mobile terminal adopts pyramid grid data structural maintenance area of space information of mobile user; In the time carrying out location-based service-seeking, the historical lower limit c of the number of mobile users of each grid cell in this area of space is inquired about in this mobile terminal first to Cloud Server lB;
2) this mobile terminal is according to the historical lower limit c of the number of mobile users of all grid cells that return lB, this area of space is carried out to recurrence from bottom to top, calculate the initial recursive region of calculating for the anonymous region of real space;
3) this mobile terminal and Cloud Server carry out alternately, start this area of space to carry out the Cloud Server of recurrence inquiry from top to bottom from this initial recursive region, active user's quantity in inquiry grid cell, and determine whether to meet the anonymous region of generation according to the active user's quantity in the grid cell returning, if meet, generate anonymous region, send it to location-based service provider, request obtains corresponding service;
4) this location-based service provider passes the message queue inquiring to return to this mobile terminal.
Further, Cloud Server, by mobile subscriber's historical data and the user density information of this area of space of statistics, calculates the historical lower limit c of the number of mobile users of all grid cells in current this area of space lB.
Further, Cloud Server was classified to statistics from the different periods in non-festivals or holidays and one day by different months, different week, festivals or holidays, returned to the historical lower limit c of the number of mobile users that current grid cell is corresponding according to the period under inquiry request lB.
Further, the method that calculates described initial recursive region is: the historical lower limit c that utilizes the number of mobile users of Casper anonymity algorithm and each grid cell lB, this area of space is carried out to recurrence from bottom to top, until calculate a grid cell c of the N layer of this area of space lBthe user who comprises this mobile terminal, and the historical lower limit c of its number of mobile users lBbe more than or equal to this Cas pset point k in er anonymity algorithm, by this grid cell c lBas described initial recursive region.
Further, an interference value m is set, described set point k=k+m, for calculating based on historical lower limit c lBinitial recursive region.The span of described m value is 3~5.
Further, the method that generates described anonymous region is: use c crepresent current grid cell, start seasonal c in recurrence c=c lB; Inquiry c cactive user number separately of four sub-grid cells, if the number of users that wherein a sub-grid unit c has is not less than set point k, using this sub-grid unit c as active cell c c, proceed recurrence; If the active user number of each sub-grid unit c of current layer is all less than k, check each sub-grid unit c and perpendicular adjacent mesh unit c huser's summation, or sub-grid unit c and adjacent mesh horizontal with it unit c vuser's summation, if summation is not less than k, and active user's number of neighbours' grid cell of this sub-grid unit c is less than k, returns to the region union of this sub-grid unit c and its neighbours' grid cell as described anonymous region, stops recurrence; Otherwise according to this grid cell c lBgenerate described anonymous region.
Further, an interference value m is set; Start the Cloud Server of recurrence inquiry from top to bottom from the N-m layer of this area of space; Wherein, the N layer that described initial recursive region is this area of space.The span of described m value is 0~3.
Compared with prior art, the beneficial effect that technical solution of the present invention is brought
Along with popularizing of location-based Information Mobile Service, mobile subscriber usually can use the location-based facility that should be used for obtaining.Therefore, location-based mobile subscriber's secret protection becomes extremely important.But traditional space anonymization method need to depend on the credible anonymous device of single third party, poor expandability and be easy to become the focus of attack.And there is speed and the high problem of communication cost in the space anonymization method of equipment end, the threat that avoid this problem to there will be privacy to reveal.The present invention is directed to the problem that above method exists, in conjunction with cloud service, a kind of improved space anonymization method has been proposed, the Milano data set that adopts Everyware laboratory to provide, on PC, simulate the reciprocal process of mobile subscriber's client and cloud server, carry out emulation experiment, proved validity and the feasibility of the method.The beneficial effect main manifestations that brings of method that the present invention proposes is in the following areas:
(1) for the initial recurrence position of the improved space of how to confirm anonymity algorithm, a kind of feasible implementation method has been proposed, the historical lower limit of mobile subscriber and the Casper method of utilizing cloud server to provide, calculate the unnecessary communication-cost of having avoided top-down recurrence and Cloud Server to bring alternately from bottom to top at mobile phone terminal.
(2) reveal and threaten scene for the privacy building, proposed two kinds of interference value m schemes, and provided the span of interference value m scheme by emulation experiment, the scheme of having verified can be resisted well location privacy and be threatened.Therefore, our improved method can taking lower communication cost and faster speed provide effective location privacy protection as mobile subscriber.
(3) proposed according to actual traffic situation, the time to be divided into the schemes of different periods, return to the historical lower limit of the number of mobile users of grid cell according to the different periods, thereby improved the computational speed in historical lower limit and anonymous region and the accuracy of initial recursive region.
Brief description of the drawings
Fig. 1 is the space anonymization method workflow diagram of equipment end;
Fig. 2 is the space anonymization method workflow diagram that is applicable to mobile terminal location privacy protection;
Fig. 3 is the space anonymization method flow diagram that is applicable to mobile terminal location privacy protection;
Fig. 4 is complete pyramid data structure;
Fig. 5 is the imperfect type pyramidal data structure of space anonymization method;
Fig. 6 is the impact (m value does not affect anonymous region area, and many curves overlap) in a pair of anonymous region of m value scheme;
Fig. 7 is the impact of a pair of anonymous time of m value scheme;
Fig. 8 is the impact of a pair of communication cost of m value scheme;
Fig. 9 is the impact (m value do not affect anonymous region area, many curves overlap) of m value scheme two on anonymous region;
Figure 10 is the impact of m value scheme two on the anonymous time;
Figure 11 is the impact of m value scheme two on communication cost;
Embodiment
Below in conjunction with accompanying drawing, the present invention is explained in further detail.
As shown in Figure 4, it is hierarchically area of space to be resolved into H level to complete pyramid data structure based on grid, and wherein the high clathrum for h has 4h grid cell in the horizontal direction.Pyramidal root node is called the 0th layer, only has a grid cell to cover whole area of space.Pyramidal each unit is expressed as (cid, n), and cid represents the identifier of junior unit, and n is the number of the mobile subscriber in elementary boundary for this reason.The dynamic tracking and maintenance of pyramid structure mobile subscriber's quantity in each junior unit, make it remain current actual user's numerical value.In addition, Hash table (Hash Table) maintains a structure (uid for each registration mobile subscriber, profile, cid), wherein uid represents mobile user identifier, the privacy attribute of profile representative of consumer, cid represents the element identifier (element ID) at mobile subscriber place.Cid is conventionally in pyramidal lowermost layer, as the shadow region in figure.
But the present invention more needs to utilize an incomplete pyramid structure, as shown in Figure 5.Content and Fig. 4 of each grid cell and Hash table are similar.The main thought of incomplete pyramid structure is only to safeguard that those can be used as the grid cell in the anonymous region of mobile subscriber potentially.For example, if all mobile subscribers have strict privacy requirement, wherein the pyramid bottom can not meet any user's privacy attribute, and the anonymization method of Fig. 5 will not maintain this level, and therefore, the cost that maintains pyramid data structure significantly reduces.Shade grid cell in Fig. 5 represents the grid cell (more known with Fig. 4, all dash area of Fig. 4 is only in level of the end) of the lowest hierarchical level being maintained.For instance, in inferior high level (being the 1st layer in Fig. 5), the dash area explanation in bottom-right 1/4th regions, all has strict requirement to privacy all mobile subscribers in this region, and any rudimentary grid cell all can not meet its requirement to privacy.But, there is no need to expand to whole quadrant.For example, at the bottom, there are four shade grid cells in the upper right corner, and this user that these grid cells are described is the loosest to the requirement of privacy.In the anonymization method of space, Hash table points to and maintains the required minimum level of grid cell, and this level might not be the pyramidal bottom (and in Fig. 4, Hash table points to be the pyramid bottom).
We illustrate the workflow of improved space anonymization method with mobile subscriber's whole use procedure, concrete workflow as shown in Figure 2,3.Introduce in detail the workflow of improved method below.
The 1st step: mobile subscriber and Cloud Server are mutual.Mobile device client is by adopting imperfect pyramid grid data structure to safeguard area of space information of mobile user (cid, n).Mobile subscriber asks Cloud Server, inquires about the lower limit (historical low number of mobile users) of the historical number of mobile users of each grid cell.
The 2nd step: Cloud Server, by mobile subscriber's historical data and the region user density information of the each grid cell of statistics, calculates the historical lower limit c of the number of mobile users of current all grid cells lB.We can be according to actual traffic situation, by different months, different weeks, festivals or holidays and non-festivals or holidays, and in one day the different periods classify, return to different current grid cell number of users history lower limit c according to the different periods lB, can improve like this speed of service and result accuracy.
The 3rd step: the disposable c that obtains all grid cells from high in the clouds of mobile subscriber lB, be used for calculating the anonymous region of k-based on historical data, the initial recursive region of recurrence of calculating for the anonymous region of the real space as next step.
The 4th step: mobile subscriber is responsible for producing anonymous region on cell phone apparatus.First, by the c of Casper anonymity algorithm and each grid cell lB, the recurrence from bottom to top minimum grid unit recurrence from bottom to top of asking user that comprises of the bottom below (from), calculates the grid cell c of N layer lB, meet: comprise active user, and its c lB>=k.Certainly, in this process, we have increased interference value m, to prevent privacy leakage.Grid cell c lBusing the initial recursive region of recurrence as improved Casper anonymity algorithm, carry out the generation in the anonymous region of follow-up real space.
The 5th step: mobile subscriber and Cloud Server are mutual.Recurrence inquiry cloud server (taking recurrence initial cell as starting point, to low layer recurrence, dwindling gradually region) from top to bottom, the number of users of retrieval in certain grid cell of this moment.
The 6th step: mobile subscriber, by active user position and the space density information received from high in the clouds, independently produces anonymous region.
The 7th step: once mobile subscriber equipment generates an anonymous region, anonymous space region will be sent to location-based service provider (LBS), request obtains corresponding service.As application " popular comment ", inquire about nearest KTV.
The 8th step: LBS can pass the message queue inquiring to return to user.Initiate the mobile subscriber of request as long as oneself filter out the information that is applicable to oneself.
The embodiment of the present invention one:
The present invention has carried out concrete demonstration to the initial recursive region implementation method of improved space anonymity algorithm.
First, utilize the mobile subscriber's of each grid cell that cloud service provides historical statistical data, can obtain historical low mobile subscriber's quantity of each grid cell, the historical lower limit of number of mobile users, is denoted as c lB, then disposable these historical lower limits are downloaded to mobile terminal of mobile telephone, so just can local operation, the communication-cost of avoiding top-down recurrence each time all to bring alternately with Cloud Server.Certainly, this process has certain initialization cost.Again because the historical data of each grid cell on user's mobile terminal, directly calculate initialization area at mobile terminal, and do not need to obtain alternately data with high in the clouds again, so there is not incomplete believable cloud environment problem at local operation in this process, therefore we do not need again from maximum region root node from top to bottom recurrence (introduced the recurrence number of times that top-down recurrence has too many time above, because root node region is far longer than target area), start the efficient Casper anonymity algorithm of recurrence from bottom to top and can adopt from minimum grid cell, directly calculate the initial recursive region based on historical lower limit, thereby the region of having avoided like this root node is far longer than the problem of target area has improved speed, reduce communication cost.So we are here the lower limit c of the historical number of mobile users based on all grid cells lB, on mobile phone terminal, by traditional Casper anonymity algorithm, calculate the grid cell c of N layer lBmeet: 1. c lBdistrict inclusion active user's position; 2. c lB>=k.Because the minimum lower limit of historical number of mobile users has represented historical low mobile subscriber's crowd density, so the anonymous region calculating with this is normally greater than actual anonymous region.So, can be by grid cell c lBthe initial recursive region of calculating the anonymous zone algorithm of real space as next step.
Generally this programme is safe, meanwhile, has also considered herein and has done like this privacy threats that may occur, will carry out labor and propose solution in next trifle, and this trifle is only used for analyzing the method for dwindling initial recursive region.Next, we carry out labor to the algorithm of determining initial recursive region.
(1) based on c lBcasper anonymity algorithm
Our paper is based on c lBthe handling process of Casper anonymity algorithm.Casper anonymity algorithm is the one recursive algorithm of (Down-Top) from bottom to top.Because it can be not only the as far as possible little anonymous region of generation of fast but also safety, so it can be good at work in the anonymous framework in traditional space.Even and assailant knows the process of anonymization, mobile subscriber's anonymization also can be guaranteed.So we utilize the thought of Casper anonymity algorithm, by the historical lower limit c of the number of mobile users of the each grid cell based on historical data lB, carry out based on c in cell phone terminal lBcasper anonymity algorithm, thereby obtain the initial recursive region of next step real space anonymity algorithm that we want.
Algorithm flow: first from the corresponding grid cell c at bottommost layer time consumer positioning place, then check the historical lower limit of the historical number of mobile users in this discrete cell.If lower limit is not less than the threshold values k of setting, just return to unit c as the historical anonymous space generating; Otherwise, will check horizontal adjacent cells and the vertical adjacent cells (they and c have identical father node) of current grid cell c, check respectively the summation of user's history lower limit of they and unit c.If above two user's summation numbers are all not less than k, return to so adjacent cells that summation is larger and the union of c.If also do not met the demands, the father node that is c last layer grid cell is made as c, then repeats recurrence until the root node of grid G.We suppose that the number of users in overall area (corresponding with the root node of G) is far longer than k conventionally, therefore, this algorithm will produce one and comprise the region that is no less than k user, thereby the desired k-based on historical lower limit of the request that realizes is anonymous region R lB, using the initial recursive region as next step real space anonymity algorithm.
Concrete based on c lBcasper anonymity algorithm:
Input: network G, integer k, sends the location of mobile users p of request, the c of each grid cell lB
Output: the area of space R based on historical low lower limit lB
General k is normally far smaller than the size of population in whole region
Method:
(2) improved top-down anonymity algorithm
We pass through previous step based on c lBcasper anonymity algorithm calculate the anonymous region R of the lower limit based on historical number of mobile users lB, place grid cell is c lB, c lBthe layer at place is the layer that approaches place, true anonymous region most, so we utilize the initial cell of this grid cell dwindling as the anonymous region of Practical Calculation, recurrence from top to bottom, dwindles region gradually until find, and meets c livethe anonymous region of minimum space of >=k, c livefor the current real-time number of mobile users of grid cell.
Algorithm flow: this algorithm is set to the anonymous region R from calculating based on historical data lBthe grid cell c at place lBstart.Use c crepresent current grid cell, so c in the time that recurrence starts c=c lBfirst to inquire about c cactive user number separately of four sub-grid cell c.Request promoter (mobile subscriber) is arranged in these four sub-grid cell c, if the number of users that c has is not less than k, and so will be using c as active cell c c, and repeat above step.Otherwise, will check cwith its vertical adjacent node c huser's summation or c and he's horizontal adjacent node c vuser's summation.If summation is not less than k, and the number of users of the neighbours unit of c is less than k, returns to so the region union of unit c and its neighbours unit.Different from traditional Casper anonymity algorithm, also require c here h(and c v) in active user quantity be less than k.If there is no this requirement, if at c hactive user number be not less than k, if user is positioned at c so hin, will directly return to number of users and be not less than the grid cell c of k hcan meet the demands, there is no need to return the union c ∪ c of two unit hso it is in unit c instead of c that assailant can calculate request promoter easily hin, so require c herein h(and c v) in active user quantity be less than k.If above-mentioned subelement c (and with together with its neighbor node) can not meet the requirement of k-anonymity, algorithm is using the unit that returns to current grid as anonymous region.When downward recurrence arrives the grid bottom, then stop, asking the bottom unit at promoter place (in this case, the number of mobile users in this unit is not less than k, because current grid cell c as return value using comprising cnumber of mobile users be not less than k, with reference to algorithm below.Represent c so arrive the bottom cbe positioned at the bottom of data structure, downward recurrence again, so by the c returning now cas anonymous region).
Improved top-down anonymity algorithm:
Input: network G, integer k, location of mobile users p, the maximum number of plies H of grid
Output: generate anonymous area of space R
Suppose: k is normally far smaller than the mobile subscriber's sum in whole net region
Method:
The embodiment of the present invention two
The present invention increases interference value m reply privacy threats.
A upper joint has been analyzed the initial recursive region of the improved space of how to confirm anonymity algorithm, but the anonymous region R calculating based on historical data lBthe grid cell c at place lBas initial mesh unit, in fact also exist the danger that privacy is revealed.Because work as c lBwhen >=k, might not ensure grid cell c lBactive user number be not less than k, now perhaps the number of users in grid cell is just historical minimum point and is less than k, so improved top-down anonymity algorithm will return to c lB, at this moment, mobile subscriber's quantity in anonymous region is less than k, and k-is anonymous so will lose efficacy, and the customer location of initiating request is exposed.So for these three key elements of balancing speed, communication cost and location privacy protection better, we have carried out further improvement to such scheme.
We can increase an interference value and suitably expand the scope of initial cell, thereby improve the privacy requirement of k-anonymity, to increase fail safe, protect better customer location privacy.We have increased an interference value m; in order to follow user friendly principle; the mobile subscriber who initiates request can arrange voluntarily the numerical value of m before executive program; in the time of m=0; fastest, but the risk that privacy is revealed is the highest, in the time that m is maximum; the effect of secret protection is best, but therefore communication cost can improve.User can select according to the actual demand of oneself value of m, meets the demand of self.Meanwhile, system also can be set default value, reaches best counterbalance effect, and user can remove the step of setting from.
For the increase of interference value m, two kinds of different schemes are proposed herein.
Scheme one:
For based on c lBcasper anonymity algorithm, calculate start element c lBplace layer position time, we replace k with k+m, increase the threshold values size of k-anonymity, required the higher safer anonymous region based on historical data in the hope of obtaining a privacy, be used as the initial mesh unit of improved top-down Casper anonymity algorithm.So we have revised based on c lBthe importation of Casper anonymity algorithm, replace k with k+m, find first and meet number of users c lBthe grid cell c of >=k+m lB, as the initial cell of next step real space anonymity algorithm.Because obviously have: (c lB 1>=k+m) >=(c lB 2>=k), i.e. c lB 1>=c lB 2thereby, suitably expand the scope of the initial mesh unit of improved top-down Casper anonymity algorithm, reduce the risk that actual privacy is revealed.
Scheme two:
For based on c lBcasper anonymity algorithm, calculate start element c lBplace layer position time, meet c when algorithm is checked through first lBthe grid cell c of >=k lBtime, suppose that this grid cell is positioned at the N layer of whole grid, the layer the place, unit at user place is upwards expanded M layer by we so, i.e. N-M layer (much smaller than the 0th layer of the superiors), then the initiation layer using N-M layer as second step, if user is in the c of four child element of N-M layer, unit c is using the initial mesh unit as improved top-down Casper anonymity algorithm so.Because the region area of N-M place layer is greater than the area at N place, so suitably expanded the scope in the anonymous region calculating based on historical data by the change of the number of plies, strengthens the privacy class of k-anonymity, thereby reduced the risk that actual privacy is revealed.
The test of interference value m scheme
We have designed the scheme of two kinds of increase interference value m, respectively the m value scope of this two schemes is tested, the impact of the value that experiment comprises m on anonymous time, anonymous region area and communication cost, and after increasing interference value m, privacy is revealed to the resistant function threatening.Respectively the test result of two kinds of interference value m schemes is analyzed below.
(1) interference value m scheme one
Interference value m scheme one is k+m-anonymity for using interference value m to become k-anonymity, and the threshold k that expands k-anonymity is k+m, for calculating the initial recursive region based on historical lower limit.
As shown in Figure 6, the anonymous region area that this scheme generates in the time not adding m value and increase the m value of different numerical value changes along with the anonymous big or small variation of value of k-, and increases different m values and do not add m value the anonymous region of all having returned to formed objects.The area in this explanation a pair of anonymous region of interference value m scheme does not bring impact, has passed through the test of anonymous zone index, can reach and not add the front the same performance of m value.
As shown in Figure 7, the anonymous value of we k-has got 2,5, and 10,15,20 5 values, have tested respectively m value and between 0-20, changed the impact for the anonymous region rise time.Can find out, these five curves all tend towards stability, and illustrate that the m value in m value scheme one is little on the impact of anonymous time in 20.
As shown in Figure 8, tested respectively while not adding m value and different m value, communication cost is with the change curve of the anonymous value of k-, we find out, generally m value is larger, and communication cost is higher, but when m=15, communication cost does not exceed 1.6 yet, illustrate that m value is little on the impact of communication cost, and, in the time that m is not more than 5, communication cost preserves value in 1.2 left and right or following, similar to the communication cost that does not add m value.So we can be set in the m value scope of this scheme between 0-5.
We discuss m value scheme one and reveal the opposing effect threatening for privacy below.As shown in table 1, privacy occurs in 1 representative reveals, and 0 represents that privacy leakage does not occur.Can find out, in the time not adding m value, the probability that privacy leakage occurs is higher, along with the increase of m value, the situation that this privacy is revealed takes a turn for the better gradually, is not less than at 3 o'clock to m, privacy is revealed and is not occurred again, illustrates in the time that our interference value m value is not less than 3, can well resist privacy and reveal threat.
Table 1 uses interference value m to become k-anonymity and contrasts into privacy leak case occurs k+m
In sum, in m value scheme one, the span of m value can well be resisted the threat that privacy is revealed between 3-5, ensures good performance simultaneously.
(2) interference value m scheme two
Interference value m scheme two is that use interference value m reduces the number of plies, replaces with N-m the initiation layer N that calculates anonymous region from top to bottom, is equivalent to upwards expand initial recursive region.
As shown in Figure 9, this scheme before and after m value increases the anonymous region area that generates along with the size of the anonymous value of k-increases and increases, and different m value and do not add m value and all returned the anonymous region of formed objects.The area that this explanation interference value m scheme two does not affect anonymous region, has passed through the test of anonymous zone index, can reach the performance the same with not adding m value.
As shown in figure 10, the anonymous value of we k-has got 2,5, and 10,15,20 5 values, have tested respectively the variation of m value between 0-8, upwards reduce the impact of 0-8 level for the anonymous region rise time.Can find out, these five curve entirety times, between 0.08-0.11ms, only have a point to arrive 0.115ms left and right, can say substantially and tend towards stability, and illustrate that the m value in m value scheme two is negligible on the impact of anonymous time in 8.
As shown in figure 11, test respectively while not adding m value and different m value, the curve that communication cost changes with the anonymous value of k-, can find out, nine curves tend towards stability, and m value is larger, communication cost is higher, in the time that m is not more than 3, communication cost is no more than 2, so we can be set in the m value scope of this scheme between 0-3.
We discuss m value scheme two and reveal the opposing effect threatening for privacy below.As shown in table 2, privacy occurs in 1 representative reveals, and 0 represents that privacy leakage does not occur.Can find out, in the time not adding m value, the probability that privacy leakage occurs is higher, along with the increase of m value, the situation that this privacy is revealed takes a turn for the better gradually, is not less than at 2 o'clock to m, and privacy is revealed and do not occurred again, illustrate in the time that our interference value m value is not less than 2, upwards expand the two-layer privacy of just can well resisting and reveal threat.
Table 2 uses interference value m to reduce the contrast of number of plies generation privacy leak case
In sum, in m value scheme two, the span of m value can well be resisted the threat that privacy is revealed between 2-3, ensures good performance simultaneously.
The embodiment of the present invention three
This patent replaces static state when initial once to upgrade with time slice.
Based on c lBcasper anonymity algorithm, we are the lower limits that calculate historical low number of mobile users according to all historical datas, but, mobile phone user has mobility, along with the traffic of the difference reality of time period also has difference, and also will there is very large difference in different time period mobile subscriber density, if all calculate historical lower limit according to all historical datas at every turn, although can ensure it is minimum, also affect to a certain extent computational speed and accuracy.For example, current is rush hour on and off duty, mobile subscriber's density on road is relatively large so, if now also calculate the prime area of historical anonymous region as the anonymous region of reality with the historical lower limit of all periods, this historical anonymous region is by the demand region much larger than actual so, because historical lower limit has represented minimum in history user density, the region that meets k-anonymity calculating according to this minimum user density so will be far longer than actual demand region size, so in the time of follow-up calculating, the number of times of recurrence will be increased, affect efficiency and accuracy.
So we have proposed, according to actual traffic situation, the time is divided into the different periods, calculate the historical lower limit of different periods according to the difference of request time, by different months, different week classification, by festivals or holidays and non-festivals or holidays of classification, also can, the different period classification in a day, return to the historical lower limit c of different grid cell mobile subscriber quantity according to the different periods lB, in the time that user sends request of data to high in the clouds, by return to dynamically minimum user density and the quantity information of required time period according to the current time period, can improve like this speed and the accuracy of calculating.

Claims (9)

1. a space anonymization method that is applicable to mobile terminal location privacy protection, the steps include:
1) mobile terminal adopts the information of mobile user of pyramid grid data structural maintenance area of space; In the time carrying out location-based service-seeking, the historical lower limit c of the number of mobile users of each grid cell in this area of space is inquired about in this mobile terminal first to Cloud Server lB;
2) this mobile terminal is according to the historical lower limit c of the number of mobile users of all grid cells that return lB, this area of space is carried out to recurrence from bottom to top, calculate the initial recursive region of calculating for the anonymous region of real space;
3) this mobile terminal and Cloud Server carry out alternately, start this area of space to carry out recurrence from top to bottom from this initial recursive region, each recurrence all will be inquired Cloud Server, current mobile user quantity in inquiry grid cell, and according to the current mobile user quantity in the grid cell returning, judge whether to meet the condition that generates anonymous region, if met, generate anonymous region, send it to location-based service provider, request obtains corresponding service;
4) this location-based service provider passes the message queue inquiring to return to this mobile terminal.
2. the method for claim 1, is characterized in that Cloud Server, by adding up historical data and the user density information of number of mobile users of this area of space, calculates the historical lower limit c of the number of mobile users of all grid cells in current this area of space lB.
3. method as claimed in claim 2, it is characterized in that Cloud Server classifies to statistics from the different periods in non-festivals or holidays and one day by different months, different week, festivals or holidays, return to the historical lower limit c of the number of mobile users that current grid cell is corresponding according to the period under inquiry request lB.
4. the method for claim 1, is characterized in that the method that calculates described initial recursive region is: the historical lower limit c that utilizes the number of mobile users of Casper anonymity algorithm and each grid cell lB, this area of space is started to carry out recurrence from bottom to top from minimum grid cell, until calculate a grid cell c of the N layer of this area of space lBthe user who comprises this mobile terminal, and the historical lower limit c of number of mobile users wherein lBbe more than or equal to the set point k of the k-anonymity in this Casper anonymity algorithm, by this grid cell c lBas described initial recursive region.
5. method as claimed in claim 4, is characterized in that arranging an interference value m, described set point k=k+m.
6. method as claimed in claim 5, is characterized in that the span of described m value is 3~5.
7. the method for claim 1, is characterized in that the method that generates described anonymous region is: use c crepresent current grid cell, start seasonal c in recurrence c=c lB; Inquiry c cactive user number separately of four sub-grid cells, the sub-grid unit at the user place of mobile terminal is denoted as c, if the number of users that c has is not less than set point k, using this sub-grid unit c as active cell c c, proceed recurrence; If the active user number of sub-grid unit c is less than k, check sub-grid unit c and perpendicular adjacent mesh unit c huser's summation, or sub-grid unit c and adjacent mesh horizontal with it unit c vuser's summation, if summation is not less than k, and active user's number of neighbours' grid cell of this sub-grid unit c is less than k, returns to the region union of this sub-grid unit c and its neighbours' grid cell as described anonymous region, stops recurrence; Otherwise will return to current grid cell as anonymous region.
8. method as claimed in claim 7, is characterized in that arranging an interference value m; The N layer at the place, initial recursive region calculating, upwards expand m layer, the layer using the N-m layer of this area of space as place, initial recursive region, the sub-grid unit at the user place that initial recursive region is N-m layer.
9. method as claimed in claim 8, is characterized in that the span of described m value is 0~3.
CN201410267766.6A 2014-06-16 2014-06-16 A kind of space de-identification method suitable for mobile terminal location privacy protection Active CN104080081B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410267766.6A CN104080081B (en) 2014-06-16 2014-06-16 A kind of space de-identification method suitable for mobile terminal location privacy protection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410267766.6A CN104080081B (en) 2014-06-16 2014-06-16 A kind of space de-identification method suitable for mobile terminal location privacy protection

Publications (2)

Publication Number Publication Date
CN104080081A true CN104080081A (en) 2014-10-01
CN104080081B CN104080081B (en) 2018-01-05

Family

ID=51601083

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410267766.6A Active CN104080081B (en) 2014-06-16 2014-06-16 A kind of space de-identification method suitable for mobile terminal location privacy protection

Country Status (1)

Country Link
CN (1) CN104080081B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104361123A (en) * 2014-12-03 2015-02-18 中国科学技术大学 Individual behavior data anonymization method and system
CN105847227A (en) * 2016-06-23 2016-08-10 国家电网公司 Privacy protection method for mobile electric power inspection system
CN106209813A (en) * 2016-07-05 2016-12-07 中国科学院计算技术研究所 A kind of method for secret protection anonymous based on position and device
CN107222302A (en) * 2017-07-03 2017-09-29 深圳大学 The space mass-rent task distribution system and method built with part homomorphic encryption scheme
WO2017193783A1 (en) * 2016-05-10 2017-11-16 北京京东尚科信息技术有限公司 Method and device for protecting user location information
WO2019097327A1 (en) * 2017-11-17 2019-05-23 International Business Machines Corporation Cognitive data anonymization
CN110602145A (en) * 2019-09-30 2019-12-20 哈尔滨工程大学 Track privacy protection method based on location-based service
FR3094109A1 (en) 2019-03-21 2020-09-25 Roofstreet Process and system for processing digital data from connected equipment while ensuring data security and protection of privacy
CN114025310A (en) * 2021-11-01 2022-02-08 湖南大学 Location service privacy protection method, device and medium based on edge computing environment
CN114091100A (en) * 2021-11-23 2022-02-25 北京邮电大学 Track data collection method and system meeting local differential privacy

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110248878A1 (en) * 2010-04-13 2011-10-13 The Boeing Company Method for protecting location privacy of air traffic communications
CN103826204A (en) * 2014-03-12 2014-05-28 北京京东尚科信息技术有限公司 Method and device for providing location information of mobile terminals

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110248878A1 (en) * 2010-04-13 2011-10-13 The Boeing Company Method for protecting location privacy of air traffic communications
CN103826204A (en) * 2014-03-12 2014-05-28 北京京东尚科信息技术有限公司 Method and device for providing location information of mobile terminals

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
侯士江: "一种满足共匿性要求的空间K-匿名及分割算法", 《小型微型计算机***》 *

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104361123A (en) * 2014-12-03 2015-02-18 中国科学技术大学 Individual behavior data anonymization method and system
CN104361123B (en) * 2014-12-03 2017-11-03 中国科学技术大学 A kind of personal behavior data anonymous method and system
WO2017193783A1 (en) * 2016-05-10 2017-11-16 北京京东尚科信息技术有限公司 Method and device for protecting user location information
CN105847227A (en) * 2016-06-23 2016-08-10 国家电网公司 Privacy protection method for mobile electric power inspection system
CN106209813A (en) * 2016-07-05 2016-12-07 中国科学院计算技术研究所 A kind of method for secret protection anonymous based on position and device
CN106209813B (en) * 2016-07-05 2019-05-07 中国科学院计算技术研究所 A kind of method for secret protection and device based on position anonymity
CN107222302A (en) * 2017-07-03 2017-09-29 深圳大学 The space mass-rent task distribution system and method built with part homomorphic encryption scheme
WO2019006967A1 (en) * 2017-07-03 2019-01-10 深圳大学 Spatial crowdsourcing task allocation system and method using partial homomorphic cryptographic scheme construction
WO2019097327A1 (en) * 2017-11-17 2019-05-23 International Business Machines Corporation Cognitive data anonymization
US10719627B2 (en) 2017-11-17 2020-07-21 International Business Machines Corporation Cognitive data anonymization
US10740488B2 (en) 2017-11-17 2020-08-11 International Business Machines Corporation Cognitive data anonymization
GB2582506A (en) * 2017-11-17 2020-09-23 Ibm Cognitive data anonymization
GB2582506B (en) * 2017-11-17 2022-09-28 Ibm Cognitive data anonymization
FR3094109A1 (en) 2019-03-21 2020-09-25 Roofstreet Process and system for processing digital data from connected equipment while ensuring data security and protection of privacy
CN110602145A (en) * 2019-09-30 2019-12-20 哈尔滨工程大学 Track privacy protection method based on location-based service
CN114025310A (en) * 2021-11-01 2022-02-08 湖南大学 Location service privacy protection method, device and medium based on edge computing environment
CN114025310B (en) * 2021-11-01 2022-08-12 湖南大学 Location service privacy protection method, device and medium based on edge computing environment
CN114091100A (en) * 2021-11-23 2022-02-25 北京邮电大学 Track data collection method and system meeting local differential privacy
CN114091100B (en) * 2021-11-23 2024-05-03 北京邮电大学 Track data collection method and system meeting local differential privacy

Also Published As

Publication number Publication date
CN104080081B (en) 2018-01-05

Similar Documents

Publication Publication Date Title
CN104080081A (en) Space anonymization method suitable for mobile terminal position privacy protection
Dong et al. Novel privacy-preserving algorithm based on frequent path for trajectory data publishing
US20180158108A1 (en) System and Method for Estimating Mobile Device Locations
US9049549B2 (en) Method and apparatus for probabilistic user location
US20160105801A1 (en) Geo-based analysis for detecting abnormal logins
Boukoros et al. On (the lack of) location privacy in crowdsourcing applications
Boutsis et al. Location privacy for crowdsourcing applications
Miao et al. Differential privacy–based location privacy enhancing in edge computing
Klise et al. Two-tiered sensor placement for large water distribution network models
Zhang et al. Privacy quantification model based on the Bayes conditional risk in Location-based services
Li et al. DALP: A demand‐aware location privacy protection scheme in continuous location‐based services
Arain et al. Map services based on multiple mix-zones with location privacy protection over road network
Li et al. Street‐Level Landmark Evaluation Based on Nearest Routers
Kim et al. Hilbert‐order based spatial cloaking algorithm in road network
Phan et al. An efficient algorithm for maximizing range sum queries in a road network
Miura et al. A hybrid method of user privacy protection for location based services
Zhao et al. EPLA: efficient personal location anonymity
Song et al. A Privacy‐Preserving Location‐Based System for Continuous Spatial Queries
Khan et al. Lucy with agents in the sky: trustworthiness of cloud storage for industrial internet of things
Huang et al. Intelligent pseudo‐location recommendation for protecting personal location privacy
Manju et al. Dispersed dummy selection approach for location‐based services to preempt user‐profiling
Chen Cloud computing database and travel smart platform design based on LSTM algorithm
Yang et al. Cloud edge-client collaborative trajectory privacy protection system and technology
Zhou et al. A location privacy preserving method based on sensitive diversity for LBS
Pan et al. P 3 RN: personalized privacy protection using query semantics over road networks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant