[go: up one dir, main page]

CN114827989B - User position information protection method and system - Google Patents

User position information protection method and system Download PDF

Info

Publication number
CN114827989B
CN114827989B CN202210345290.8A CN202210345290A CN114827989B CN 114827989 B CN114827989 B CN 114827989B CN 202210345290 A CN202210345290 A CN 202210345290A CN 114827989 B CN114827989 B CN 114827989B
Authority
CN
China
Prior art keywords
user
location
query
anonymous
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210345290.8A
Other languages
Chinese (zh)
Other versions
CN114827989A (en
Inventor
彭海朋
佟承蔚
李丽香
李海涛
陈俊
戴一挥
丁一航
姚俊先
杨方
刘济舟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Federation Of Rural Credit Cooperatives
Beijing University of Posts and Telecommunications
Original Assignee
Guangdong Federation Of Rural Credit Cooperatives
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Federation Of Rural Credit Cooperatives, Beijing University of Posts and Telecommunications filed Critical Guangdong Federation Of Rural Credit Cooperatives
Priority to CN202210345290.8A priority Critical patent/CN114827989B/en
Publication of CN114827989A publication Critical patent/CN114827989A/en
Application granted granted Critical
Publication of CN114827989B publication Critical patent/CN114827989B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

本发明提供一种用户位置信息保护方法及系统,包括:待用户获取认证信息,接收所述用户发送的第一查询请求;响应所述第一查询请求,利用区域自适应匿名算法确定匿名区域,向位置服务提供商发送根据所述匿名区域生成的加密查询请求;接收所述位置服务提供商依据证书签发机构认证通过所获取的加密位置兴趣点信息,将所述加密位置兴趣点信息转发至所述用户,以供所述用户对所述加密位置兴趣点信息,获取目标位置信息。本发明通过对用户个人数据和位置数据进行解耦,在抵御推断攻击时提高了安全性,降低了通信开销和用户终端的计算开销,且有效实现用户位置隐私和服务质量之间的平衡。

The present invention provides a method and system for protecting user location information, including: when a user obtains authentication information, receiving a first query request sent by the user; in response to the first query request, determining an anonymous area using a regional adaptive anonymity algorithm, and sending an encrypted query request generated according to the anonymous area to a location service provider; receiving encrypted location point of interest information obtained by the location service provider based on authentication by a certificate issuing authority, and forwarding the encrypted location point of interest information to the user, so that the user can obtain target location information from the encrypted location point of interest information. The present invention improves security when resisting inference attacks by decoupling user personal data and location data, reduces communication overhead and computing overhead of user terminals, and effectively achieves a balance between user location privacy and service quality.

Description

User position information protection method and system
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a method and a system for protecting user location information.
Background
The mobile social network (Mobile Social Networks, MSNs) is a complex network featuring both the traditional online social network (Online Social Networks, OSNs) and the Location-Based social network (Location-Based Social Networks, LBSNs), and with the rapid development of the mobile social network, location-Based Services (LBS) have also been developed more greatly, which greatly facilitates the life of users. Users enjoy many of the benefits of these applications, as well as their own privacy protection is also a significant security threat. In order to obtain higher quality services, the mobile user needs to provide accurate location information to a location service provider (Location Service Provider, LSP), as shown in table 1, it can be abstracted that LBS services in a mobile social network are characterized by 1) the user needs to perform identity verification to obtain the service, 2) the user needs to provide personal information to obtain the service, and 3) single point LBS services are the main.
TABLE 1
Because of potential attackers in the location service provider, the LBS application provides convenience services for users, and meanwhile, the users are easily attacked by the attackers, so that the location privacy of the users is at risk of leakage. The location information, the query information, etc. of the user can be easily obtained by LBS servers or other entities, and if these servers are attacked by malicious attackers, disclosure of personal privacy information of the user may be caused. Therefore, location privacy security of users in mobile social networks is a current challenge.
The existing common mode of revealing the position information is mainly divided into the following 3 types, namely 1) a position server reveals the position privacy of a user. Since the user seeks location services from the location service provider, the location server first transmits its own location and demand to the location server, and then the location server provides the corresponding services to the user. In this case, the location server contains information such as the location of the user and shared content, so that immeasurable loss is caused once an attacker obtains the location information of the user through the attack server, and 2) the user actively shares the location and leaks the location privacy. The user can directly share the own position information on social media such as a friend circle, a QQ space or a microblog, so that the position privacy of the user can be revealed. An attacker may indirectly use some location service application to infer the user's true location and action trajectory, e.g., weChat sports or other applications that support searching for nearby friends, such functions may be exploited by the attacker to infer the user's true location, 3) location trajectory data reveal the user's privacy. An attacker obtains sensitive information of individuals, such as personal hobbies, behavior habits, life style and the like through mining and analyzing historical track data, and possibly combines information on payment records, social networks and the like to infer the identity of the user. The aim of the position privacy protection is to prevent others from acquiring the past or present position or track information of a user when the user is unknowing, and specific targets can be expressed as 1) increasing the uncertainty of the user identity, hiding the user identity or encrypting the user identity so that an attacker cannot determine the user identity, 2) increasing the uncertainty of the position, hiding the position information or encrypting the position information so that the attacker cannot determine the specific position of the user, and 3) eliminating the relevance between the user identity and the position so that the attacker cannot relate the user and the position accessed by the attacker. There are two privacy concepts in mobile social networks, weak location privacy and strong location privacy. The former means that an attacker can infer that a user is located in a certain privacy zone, but cannot determine the exact location of the user, and solutions are generally based on location perturbation, spatial anonymity and spatial conversion, while the latter means that an attacker cannot infer the specific location of the user at all, and the solutions are often combined with encryption technology. In order to cope with the threat of the position privacy of the user, the conventional position privacy protection mechanism is mainly divided into three types of (1) a k-anonymity-based scheme, (2) a confusion-based scheme and (3) a differential privacy-based scheme.
The above solution has the following problems that (1) the Trusted third party anonymous server is introduced, that is, a typical location privacy protection algorithm is mostly proposed based on a centralized architecture, and comprises a Single Trusted third party (Single Trusted THIRD PARTY, STTP), namely an anonymous server. The introduction of a trusted third party anonymous server, while providing some great convenience for location privacy protection, presents a threat to itself. 1) STTP records accurate location information for all users and is an attractive target for the attacker. Once an attacker breaks the STTP server successfully, the attacker can access all user information processed by the server, 2) all queries submitted by the user end pass through the STTP server, which not only causes the increase of communication overhead, but also becomes a central fault point, forming a performance bottleneck, and 3) in reality, a completely trusted entity is difficult to find. (2) The balance problem between the user location privacy and the service quality is that for the existing location privacy protection method based on the k-anonymity, confusion and other technologies, how to control the service quality is not reduced is the most main problem, and some existing schemes are too costly to achieve satisfactory effects, for example, the scheme based on the space anonymity technology sometimes needs to sacrifice a certain LBS applicability, so that the scheme is difficult to be applied to personal location service application. For LBS service providers, in order to provide higher quality of service, how to obtain information closer to the actual location of a user based on indirect information is an important issue of research when the indirect location information of a user is touched. Meanwhile, the limitation on the computing capacity, the storage capacity and the like of the user side is comprehensively considered, so that the user experience is best.
In summary, the existing technical solution has the problems of large communication overhead, large calculation overhead of the user equipment, high correlation degree between the user personal data and the position data information, unbalanced user position privacy and service quality, and the like.
Disclosure of Invention
The invention provides a user position information protection method and system, which are used for solving the defects of high communication cost, high calculation cost of user equipment, high correlation degree between user personal data and position data information and unbalanced user position privacy and service quality in the prior art.
In a first aspect, the present invention provides a method for protecting user location information, including:
the method comprises the steps that a user obtains authentication information and receives a first query request sent by the user;
responding to the first query request, determining an anonymous zone by utilizing a zone self-adaptive anonymization algorithm, and sending an encrypted query request generated according to the anonymous zone to a location service provider;
and receiving the encrypted position interest point information which is acquired by the position service provider through certificate issuing mechanism authentication, and forwarding the encrypted position interest point information to the user so that the user can acquire target position information according to the encrypted position interest point information.
According to the user location information protection method provided by the invention, the user obtains authentication information, and receives a first query request sent by the user, and the method comprises the following steps:
the user sends a position request to the position service provider and registers with the certificate issuing mechanism, and the user receives a pseudonym, a certificate and a secret key which are issued by the certificate issuing mechanism and contain a certificate term;
and receiving the first query request sent by the user based on the position mapping table.
According to the method for protecting user location information provided by the invention, the receiving the first query request sent by the user based on the location mapping table comprises the following steps:
acquiring a position coordinate value of any user, calculating a hash value of the position coordinate value of any user, and performing modulo operation on the number of anonymous servers to acquire a serial number of any anonymous server;
constructing the position mapping table based on the random anonymous server serial number and the random user position coordinate value;
And the user determines a receiving anonymous server according to the position mapping table, and the receiving anonymous server receives the pseudonym, the certificate deadline, the query request content, the query radius and the anonymity level sent by the user.
According to the method for protecting user location information provided by the invention, in response to the first query demand, an anonymous area is determined by using an area adaptive anonymization algorithm, and an encrypted query request generated according to the anonymous area is sent to a location service provider, which comprises the following steps:
Receiving the first query requirement, if the fact that the same pseudonym exists as the user within the certificate period is judged, sending a first mark to the user, and generating the anonymous region based on the region self-adaptive anonymization algorithm;
Otherwise, caching the first query requirement, sending a second mark to the user, receiving the second query requirement sent by the user, wherein the second query requirement comprises the second mark and a user query position, and caching the user query position, the pseudonym and the certificate deadline after associating;
And integrating the pseudonym, the certificate deadline, the query request content, the query radius and the anonymous zone to obtain an integrated query request, and encrypting the integrated query request by adopting a public key of the location service provider to obtain an encrypted query request.
According to the user location information protection method provided by the invention, the anonymous zone is generated based on the zone self-adaptive anonymization algorithm, and the method comprises the following steps:
receiving the first query requirement carrying the user query position sent by the user;
Generating a query area based on the user query location and the query radius;
obtaining the minimum number of users and the minimum request content quantity of the query area according to historical statistical experience;
Respectively determining that all users with the distance smaller than or equal to the query radius are first user neighborhoods of the users and all users with the distance larger than the query radius are second user neighborhoods of the users;
if the first user neighborhood is judged to be greater than or equal to the minimum user number and the second user neighborhood is judged to be greater than or equal to the minimum request content number, the query area is a dense area of people, otherwise, the query area is a sparse area of people;
Dividing the query area into n multiplied by n cells, if the query area is the population density area, arranging the positions of each cell in a descending order according to the current request times, determining k-1 positions closest to the user query position numbers in an ordered list, and generating the anonymous area by adopting a k-anonymity algorithm with the user query position;
And if the query region is the population sparse region, adopting a virtual position algorithm to arrange the positions of each cell in a descending order according to the historical query probability, determining k-1 positions closest to the user query position numbers in an ordered list, and adopting the k-anonymizing algorithm to generate the anonymized region.
According to the method for protecting user location information provided by the invention, the receiving the encrypted location interest point information which is acquired by the location service provider through certification of the certificate issuing authority forwards the encrypted location interest point information to the user, and the method comprises the following steps:
The location service provider receives the encrypted inquiry request, decrypts the encrypted inquiry request by adopting a private key, verifies the pseudonym through the certificate issuing mechanism, and receives the key sent by the certificate issuing mechanism;
the location service provider obtains location interest point information in a service database according to the anonymous area, the query request content and the query radius, and symmetrically encrypts the location interest point information by adopting the secret key to obtain the encrypted location interest point information;
And receiving the encryption position interest point information sent by the position service provider, and forwarding the encryption position interest point information to the user.
In a second aspect, the present invention provides a method for protecting user location information, including:
Acquiring authentication information and sending a first query request to an anonymous server;
after the anonymous server generates an anonymous zone by utilizing a zone self-adaptive anonymous algorithm and sends an encryption inquiry request generated according to the anonymous zone to a location service provider, the anonymous server receives encryption location interest point information which is acquired by the location service provider according to certificate issuing authority authentication;
and receiving the encryption position interest point information forwarded by the anonymous server from the position service provider, and decrypting the encryption position interest point information to obtain target position information.
According to the user location information protection method provided by the invention, the authentication information is obtained, and a first query request is sent to an anonymous server, comprising the following steps:
Sending a location request to the location service provider, registering with the certificate issuing authority, and receiving a pseudonym, a certificate and a secret key which are issued by the certificate issuing authority and contain a certificate term by the user;
and sending the first query request determined based on the location mapping table to the anonymous server.
In a third aspect, the present invention further provides a user location information protection system, including:
The receiving module is used for receiving a first query request sent by a user after the user acquires authentication information;
the anonymizing module is used for responding to the first query request, determining an anonymizing area by utilizing an area self-adaptive anonymizing algorithm, and sending an encrypted query request generated according to the anonymizing area to a position service provider;
And the forwarding module is used for receiving the encrypted position interest point information which is acquired by the position service provider through certificate issuing authority authentication and forwarding the encrypted position interest point information to the user so that the user can acquire target position information according to the encrypted position interest point information.
In a fourth aspect, the present invention further provides a user location information protection system, including:
The sending module is used for obtaining authentication information and sending a first query request to the anonymous server;
the acquisition module is used for generating an anonymous region by the anonymous server through a region self-adaptive anonymous algorithm, and receiving the encrypted position interest point information which is acquired by the position service provider according to certificate issuing authority authentication after sending an encrypted query request generated according to the anonymous region to the position service provider;
And the processing module is used for receiving the encrypted position interest point information forwarded by the anonymous server from the position service provider, decrypting the encrypted position interest point information and obtaining target position information.
In a fifth aspect, the present invention further provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements any one of the above-mentioned user location information protection methods when executing the program.
In a sixth aspect, the present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a user location information protection method as described in any of the above.
In a seventh aspect, the present invention also provides a computer program product comprising a computer program which, when executed by a processor, implements a user location information protection method as described in any of the above.
According to the user position information protection method and system, the user personal data and the position data are decoupled, so that the safety is improved when inference attack is resisted, the communication cost and the calculation cost of the user terminal are reduced, and the balance between the user position privacy and the service quality is effectively realized.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a diagram of a TTP architecture for deploying multiple anonymizers provided by the present invention;
FIG. 2 is a schematic flow chart of a user location information protection method according to the present invention;
FIG. 3 is a schematic diagram of a user location information protection method provided by the present invention;
FIG. 4 is a second flowchart of a method for protecting user location information according to the present invention;
FIG. 5 is a schematic diagram of a user location information protection system according to the present invention;
FIG. 6 is a second schematic diagram of a user location information protection system according to the present invention;
fig. 7 is a schematic structural diagram of an electronic device provided by the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Aiming at a plurality of defects in the prior art of User position information protection, the invention provides a novel User position information protection method facing a mobile social network, which is realized based on a TTP architecture of a deployed multi-anonymizer, as shown in figure 1, the architecture mainly comprises four entities, namely a User, a certificate issuing mechanism (CERTIFICATE AUTHORITY, CA), an anonymizing server group (Multiple Anonymizers, MAs) and a position service provider LSP, wherein the anonymizing server MAs are positioned between the User and the position service provider LSP, and N anonymizers are shared. By adopting the framework, the performance bottleneck caused by single-point faults is solved, and the information transmission performance is improved.
The User may be an operating device with wireless communication, computing and storage capabilities, but more importantly with positioning functions, and performs various functions such as location prediction, selection of virtual locations, caching and refinement of query results.
The certificate issuing authority CA, whose main function is to register different users and LSPs, is fully trusted, and in the model of the present invention, CA can also issue pseudonyms and corresponding certificates, keys to users.
The anonymous server group MAs are semi-trusted entities and can be deployed on intermediate nodes of a network, the main functions of the MAs are to forward inquiry requests and results between users and LSP, the MAs can execute anonymization to confuse the exact positions of the users, and in the model of the invention, the MAs can also perform the functions of calculation, local caching, random number generation and the like.
Location service provider LSP-LSPs are online location service solution providers such as Twitter, foursquare or Google Maps, operating some of the models of the present invention with location service related resources, LSPs are considered to be an honest but curious entity that may reveal sensitive user information as well.
In summary, in this model, the certificate issuing authority CA and the User are considered to be fully trusted entities, and furthermore, assuming that both communication channels between CA and User and between CA and LSP are secure and MAs cannot collusion with LSP, existing security authentication techniques, such as two-factor authentication and multi-factor authentication, can be used to ensure that the User and LSP are authenticated at the CA.
Fig. 2 is a flow chart of a user location information protection method provided by the present invention, where a corresponding execution body is an anonymous server MAs, as shown in fig. 2, including:
Step 101, obtaining authentication information by a user, and receiving a first query request sent by the user;
step 102, responding to the first query request, determining an anonymous zone by utilizing a zone self-adaptive anonymization algorithm, and sending an encrypted query request generated according to the anonymous zone to a location service provider;
Step 103, receiving the encrypted position interest point information acquired by the position service provider through certificate issuing authority authentication, and forwarding the encrypted position interest point information to the user so that the user can acquire target position information according to the encrypted position interest point information.
Specifically, when a user accesses a network, corresponding authentication information is obtained after registration and authentication, the anonymous server receives a first query request initiated by the user, calculates a corresponding anonymous region according to a region self-adaptive anonymous algorithm according to the first query request, adds other information of the user on the basis of the anonymous region to generate an encryption query request, sends the encryption query request to a location service provider, decrypts the encryption query request, verifies the validity of the user information through a certificate issuing mechanism, symmetrically encrypts location interest points in a service database according to the verified information, sends the encrypted location interest point information to the anonymous server, and then forwards the encrypted location interest point information to the user, and the user selects a location interest point required by the user according to the location of the user to obtain target location information.
The invention adopts distributed transmission based on a centralized architecture and a staged encryption communication mode, and combines an area self-adaptive anonymization scheme, thereby solving the problems of high communication cost, high calculation cost of user equipment, high correlation degree of personal data and position data information of the user and the like in the traditional scheme.
Based on the above embodiment, step 101 includes:
the user sends a position request to the position service provider and registers with the certificate issuing mechanism, and the user receives a pseudonym, a certificate and a secret key which are issued by the certificate issuing mechanism and contain a certificate term;
and receiving the first query request sent by the user based on the position mapping table.
Wherein the receiving the first query request sent by the user based on the location mapping table includes:
acquiring a position coordinate value of any user, calculating a hash value of the position coordinate value of any user, and performing modulo operation on the number of anonymous servers to acquire a serial number of any anonymous server;
constructing the position mapping table based on the random anonymous server serial number and the random user position coordinate value;
And the user determines a receiving anonymous server according to the position mapping table, and the receiving anonymous server receives the pseudonym, the certificate deadline, the query request content, the query radius and the anonymity level sent by the user.
Specifically, when a User uses a single point LBS service for the first time, the User must register with the certificate authority CA. The registered user can obtain the pseudonym and the corresponding certificate and the own secret key, and can apply for and update the pseudonym and the secret key to the CA for multiple times according to the requirement, wherein the multiple applications refer to that the application can be carried out again if the validity period of the certificate is exceeded.
If the user applies for or updates a pseudonym at the jth time, i.e., any time, the CA will issue a pseudonym to the userAnd corresponding certificateThe certificate deadline is T, and simultaneously, secret keys are distributed to usersThe pseudonym, certificate and key here are all valid for a time T, and the pseudonym is specifiedThe method is unique in time T, and the phenomenon of homonymy does not exist.
Further, by constructing the location mapping table, query requests at different locations are mapped to different anonymous servers. Assuming that N anonymous servers a 1,A2,...,AN are present, by calculating the hash value of the location coordinates (x+y), modulo-operating N to obtain the sequence number of the anonymous server i (l=1, 2..n), the query request issued by the location (x+y) is mapped to the corresponding anonymous server a l.
Al=Hash(x+y)modN,(1≤l≤N)
In order to ensure the security, the invention respectively sends the User information and the position information to the anonymous server A l, and the User firstly sends a query request which does not contain the position, namely a first query request, to the anonymous server, and is recorded as
Where Q is the query request content of the user, R is the query radius, and k is the user-defined anonymity level.
The invention splits the traditional position triples { identity, location, time } and sends the identity and location twice, breaks the association between the user information and the position, and effectively resists inference attack.
Based on any of the above embodiments, step 102 includes:
Receiving the first query requirement, if the fact that the same pseudonym exists as the user within the certificate period is judged, sending a first mark to the user, and generating the anonymous region based on the region self-adaptive anonymization algorithm;
Otherwise, caching the first query requirement, sending a second mark to the user, receiving the second query requirement sent by the user, wherein the second query requirement comprises the second mark and a user query position, and caching the user query position, the pseudonym and the certificate deadline after associating;
And integrating the pseudonym, the certificate deadline, the query request content, the query radius and the anonymous zone to obtain an integrated query request, and encrypting the integrated query request by adopting a public key of the location service provider to obtain an encrypted query request.
Wherein the generating the anonymous zone based on the zone adaptive anonymization algorithm comprises:
receiving the first query requirement carrying the user query position sent by the user;
Generating a query area based on the user query location and the query radius;
obtaining the minimum number of users and the minimum request content quantity of the query area according to historical statistical experience;
Respectively determining that all users with the distance smaller than or equal to the query radius are first user neighborhoods of the users and all users with the distance larger than the query radius are second user neighborhoods of the users;
if the first user neighborhood is judged to be greater than or equal to the minimum user number and the second user neighborhood is judged to be greater than or equal to the minimum request content number, the query area is a dense area of people, otherwise, the query area is a sparse area of people;
Dividing the query area into n multiplied by n cells, if the query area is the population density area, arranging the positions of each cell in a descending order according to the current request times, determining k-1 positions closest to the user query position numbers in an ordered list, and generating the anonymous area by adopting a k-anonymity algorithm with the user query position;
And if the query region is the population sparse region, adopting a virtual position algorithm to arrange the positions of each cell in a descending order according to the historical query probability, determining k-1 positions closest to the user query position numbers in an ordered list, and adopting the k-anonymizing algorithm to generate the anonymized region.
Specifically, as shown in fig. 3, when the anonymizing server a l receives the query request from the User, it searches the local cache list, and whether there is a pseudonym in TIf so, a first mark is sent to the user and is generally set to be 1, meanwhile, the query position of the user in the validity period is generated into an anonymous zone Region according to R, k required by the user, and if not, the information is sent to the userCached locally and sends a second token, typically a random number M (M.noteq.1), to the user, who receives M and sends a second query
Anonymous server A l receivesThen, the query position Location and the pseudonym of the user are determinedCertificate deadlines T are associated and cached locally.
The anonymizing server A l generates anonymizing area Region according to the Location and R, k of the user request, combines the Region with other user information to form a new query request, encrypts with the public key PK S of the LSP, and then sends the encrypted query request message MSG A2S to the LSP.
It should be noted that, the anonymizing server generates an anonymizing area Region by adopting an area self-adaptive anonymizing scheme based on the distance between users and the requested content:
first, the anonymous server receives the query request information sent by the user u i
Generating a region Reg, u i epsilon Reg by the anonymous server according to the position Location and the query radius R sent by the user u i;
the anonymous server obtains a minimum number of users MinU and a minimum number of requested content MinC for the region Reg based on historical experience;
the anonymizer calculates R neighborhood (first neighborhood) and theta neighborhood (second neighborhood) of the user u i, and all users satisfying the distance to u i not more than R in Reg are called R neighborhood of u i and are represented by N R(ui), namely:
NR(ui)={uj∈Reg|dist(ui,uj)≤R}
All users whose Reg satisfies the condition that the request content is different from u i are called θ neighborhood of u i, denoted by N θ(ui), namely:
Nθ(ui)={uj∈Reg|boolean(ui,uj)=false}
where boolean () is a boolean value that indicates whether the user's requested content is the same.
The anonymization server further judges whether the Reg is a population sparse area or a population dense area, if the Reg simultaneously meets the conditions |N R(ui) |not less than MinU and |N θ(ui) |not less than MinC, the Reg is the population dense area, otherwise, the Reg is judged to be the population sparse area;
Dividing Reg into n multiplied by n cells, if Reg is population dense region, ordering the position of each cell in Reg according to the current requested times, selecting k-1 positions closest to the query position number of user in the sequence list, generating anonymous region together with the query position of user to realize k-anonymity, if Reg is population sparse region, adopting classical virtual position algorithm, ordering the position of each cell in Reg according to historical query probability, selecting k-1 virtual positions closest to the query position number of user in the sequence list to realize k-anonymity.
The k-anonymization technique employed was originally proposed by p.samarati and l.seweney in 1998 at database system principles conference (Symposium on Principles of Database Systems, PODS). The method is mainly used in a relational database, and private data which needs to be published in the database is processed in an anonymous mode. It requires a certain number (at least k) of records and these records are indistinguishable on the quasi-identifier in the published data. An attacker cannot identify the specific individual to whom private information belongs, thus protecting individual privacy, while k-anonymously specifies the maximum risk of information disclosure that a user can afford through the parameter k. In 2002, l.seweney proposed a k-anonymous privacy protection model. In 2003, marco Gruteser applied the k-anonymization method to LBS privacy protection at the earliest, and proposed a location k-anonymization model. The principle is that by generating an anonymous zone (Cloaking Region, CR) where there are at least k users, the anonymous zone is used as the real location of the users, and the anonymous zone is directly sent to the LBS service provider when the users submit the query request. The probability that the service provider recognizes a particular user in this way is not greater than 1/k. Since the idea of the k-anonymization method has higher security, many location privacy protection schemes are currently based on the method.
According to the invention, the densely populated areas and the sparsely populated areas are divided based on the user distance and the request content, different anonymizing schemes are adopted for different areas, and the different anonymizing schemes are adopted for different areas, so that effective anonymization, user privacy protection and simultaneously, the loss of service quality obtained by the user is reduced, the balance between the user position privacy and the service quality is better realized, and the defect that the traditional scheme has overlarge cost, certain LBS applicability is required to be sacrificed, and the LBS service is difficult to achieve the user satisfaction effect is overcome.
Based on any of the above embodiments, step 103 includes:
The location service provider receives the encrypted inquiry request, decrypts the encrypted inquiry request by adopting a private key, verifies the pseudonym through the certificate issuing mechanism, and receives the key sent by the certificate issuing mechanism;
the location service provider obtains location interest point information in a service database according to the anonymous area, the query request content and the query radius, and symmetrically encrypts the location interest point information by adopting the secret key to obtain the encrypted location interest point information;
And receiving the encryption position interest point information sent by the position service provider, and forwarding the encryption position interest point information to the user.
Specifically, as shown in fig. 3, after receiving the inquiry request message MSG A2S, the LSP uses its own private key SK S to decrypt and verify the validity of the user pseudonym by the CA, and if so, the CA sends the user key to the LSP
LSP requests content Q and query radius R based on anonymous zone Region, queries POIs in service database, and then uses user keySymmetrically encrypt these POIs to obtainThen, the LSP sends the result to anonymity server A l;
anonymous server A l receives the message Forwarding the message to a User, and receiving the message by the UserUsing its own keyDecrypting to obtain POIs required by the user.
In order to reduce communication expenditure and calculation expenditure, an encryption method is not adopted in the stage of sending a query request by a user, the safety of user information is enhanced by a dynamic pseudonym technology according to the position privacy protection scheme in the mobile social network scene, the use of necessary encryption means when { identity, location and time are sent simultaneously is avoided by separately sending identity and location, the transmission of a user key through a channel is avoided by distributing the key to an LSP by a CA, the risk of privacy leakage of the user when the channel is monitored is reduced, and the communication expenditure and calculation expenditure of the prior scheme are greatly reduced.
Fig. 4 is a second flowchart of a user location information protection method provided by the present invention, where a corresponding execution body is a user, as shown in fig. 4, and includes:
Step 201, acquiring authentication information and sending a first query request to an anonymous server;
Step 202, after the anonymous server generates an anonymous zone by utilizing a zone self-adaptive anonymous algorithm and sends an encrypted query request generated according to the anonymous zone to a location service provider, the anonymous server receives encrypted location interest point information which is acquired by the location service provider according to certificate issuing authority authentication;
And 203, receiving the encrypted position interest point information forwarded by the anonymous server from the position service provider, and decrypting the encrypted position interest point information to obtain target position information.
Specifically, when a user accesses a network, corresponding authentication information is obtained after registration and authentication, the anonymous server receives a first query request initiated by the user, calculates a corresponding anonymous region according to a region self-adaptive anonymous algorithm according to the first query request, adds other information of the user on the basis of the anonymous region to generate an encryption query request, sends the encryption query request to a location service provider, decrypts the encryption query request, verifies the validity of the user information through a certificate issuing mechanism, symmetrically encrypts location interest points in a service database according to the verified information, sends the encrypted location interest point information to the anonymous server, and then forwards the encrypted location interest point information to the user, and the user selects a location interest point required by the user according to the location of the user to obtain target location information.
The invention adopts distributed transmission based on a centralized architecture and a staged encryption communication mode, and combines an area self-adaptive anonymization scheme, thereby solving the problems of high communication cost, high calculation cost of user equipment, high correlation degree of personal data and position data information of the user and the like in the traditional scheme.
Based on any of the above embodiments, step 201 includes:
And sending a location request to the location service provider, registering with the certificate issuing authority, and receiving a pseudonym, a certificate and a secret key which are issued by the certificate issuing authority and contain a certificate term by the user.
And sending the first query request determined based on the location mapping table to the anonymous server.
Specifically, when a User uses a single point LBS service for the first time, the User must register with the certificate authority CA. The registered user can obtain the pseudonym and the corresponding certificate and the own secret key, and can apply for and update the pseudonym and the secret key to the CA for multiple times according to the requirement, wherein the multiple applications refer to that the application can be carried out again if the validity period of the certificate is exceeded.
If the user applies for or updates a pseudonym at the jth time, i.e., any time, the CA will issue a pseudonym to the userAnd corresponding certificateThe certificate deadline is T, and simultaneously, secret keys are distributed to usersThe pseudonym, certificate and key here are all valid for a time T, and the pseudonym is specifiedThe method is unique in time T, and the phenomenon of homonymy does not exist.
Further, by constructing the location mapping table, query requests at different locations are mapped to different anonymous servers. Assuming that N anonymous servers a 1,A2,...,AN are present, by calculating the hash value of the location coordinates (x+y), modulo-operating N to obtain the sequence number of the anonymous server i (l=1, 2..n), the query request issued by the location (x+y) is mapped to the corresponding anonymous server a l.
Al=Hash(x+y)modN,(1≤l≤N)
In order to ensure the security, the invention respectively sends the User information and the position information to the anonymous server A l, and the User firstly sends a query request which does not contain the position, namely a first query request, to the anonymous server, and is recorded as
Where Q is the query request content of the user, R is the query radius, and k is the user-defined anonymity level.
The invention splits the traditional position triples { identity, location, time } and sends the identity and location twice, breaks the association between the user information and the position, and effectively resists inference attack.
The user location information protection system provided by the invention is described below, and the user location information protection system described below and the user location information protection method described above can be referred to correspondingly.
Fig. 5 is a schematic diagram of a user location information protection system provided by the present invention, and as shown in fig. 5, the system includes a receiving module 51, an anonymizing module 52, and a forwarding module 53, where:
The receiving module 51 is configured to receive a first query request sent by a user after the user obtains authentication information;
The anonymizing module 52 is configured to determine an anonymizing area by using an area adaptive anonymizing algorithm in response to the first query request, and send an encrypted query request generated according to the anonymizing area to a location service provider;
the forwarding module 53 is configured to receive the encrypted location interest point information acquired by the location service provider through certification by the certificate issuing authority, and forward the encrypted location interest point information to the user, so that the user acquires target location information according to the encrypted location interest point information.
By decoupling the personal data and the position data of the user, the invention improves the safety when resisting inference attack, reduces the communication cost and the calculation cost of the user terminal, and effectively realizes the balance between the position privacy and the service quality of the user.
Fig. 6 is a second schematic structural diagram of the user location information protection system provided by the present invention, as shown in fig. 6, including a sending module 61, an obtaining module 62, and a processing module 63, where:
the sending module 61 is configured to obtain authentication information, and send a first query request to the anonymous server;
The obtaining module 62 is configured to generate an anonymous area by using an area adaptive anonymization algorithm, and after sending an encrypted query request generated according to the anonymous area to a location service provider, receive encrypted location interest point information that the location service provider passes the obtaining according to certificate issuing authority authentication by using the anonymous server;
The processing module 63 is configured to receive the encrypted location interest point information forwarded by the anonymity server from the location service provider, and decrypt the encrypted location interest point information to obtain the target location information.
By decoupling the personal data and the position data of the user, the invention improves the safety when resisting inference attack, reduces the communication cost and the calculation cost of the user terminal, and effectively realizes the balance between the position privacy and the service quality of the user.
Fig. 7 illustrates a physical schematic diagram of an electronic device, which may include a processor (processor) 710, a communication interface (Communications Interface) 720, a memory (memory) 730, and a communication bus 740, where the processor 710, the communication interface 720, and the memory 730 communicate with each other via the communication bus 740, as shown in fig. 7. The processor 710 may invoke logic instructions in the memory 730 to perform a method for protecting user location information, the method including obtaining authentication information for a user, receiving a first query request sent by the user, determining an anonymous zone using a zone-adaptive anonymity algorithm in response to the first query request, sending an encrypted query request generated from the anonymous zone to a location service provider, receiving encrypted location interest point information authenticated by the location service provider according to a certificate issuing authority, forwarding the encrypted location interest point information to the user for the user to obtain target location information according to the encrypted location interest point information.
Further, the logic instructions in the memory 730 described above may be implemented in the form of software functional units and may be stored in a computer readable storage medium when sold or used as a stand alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. The storage medium includes a U disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, an optical disk, or other various media capable of storing program codes.
In another aspect, the present invention further provides a computer program product, where the computer program product includes a computer program, where the computer program is capable of being stored on a non-transitory computer readable storage medium, and where the computer program, when executed by a processor, is capable of executing a method for protecting user location information provided by the above methods, where the method includes obtaining authentication information for a user, receiving a first query request sent by the user, determining an anonymous zone using a zone adaptive anonymity algorithm in response to the first query request, sending an encrypted query request generated according to the anonymous zone to a location service provider, receiving encrypted location interest point information that the location service provider has passed the obtained encrypted location interest point information according to certificate issuing authority authentication, and forwarding the encrypted location interest point information to the user, where the user obtains target location information according to the encrypted location interest point information.
In yet another aspect, the present invention further provides a non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor, implements a method for protecting user location information provided by the above methods, the method comprising obtaining authentication information for a user, receiving a first query request sent by the user, determining an anonymous zone using a zone-adaptive anonymity algorithm in response to the first query request, sending an encrypted query request generated according to the anonymous zone to a location service provider, receiving encrypted location interest point information obtained by the location service provider according to certificate issuing authority authentication, and forwarding the encrypted location interest point information to the user for the user to obtain target location information according to the encrypted location interest point information.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
It should be noted that the above-mentioned embodiments are merely for illustrating the technical solution of the present invention, and not for limiting the same, and although the present invention has been described in detail with reference to the above-mentioned embodiments, it should be understood by those skilled in the art that the technical solution described in the above-mentioned embodiments may be modified or some technical features may be equivalently replaced, and these modifications or substitutions do not make the essence of the corresponding technical solution deviate from the spirit and scope of the technical solution of the embodiments of the present invention.

Claims (5)

1.一种用户位置信息保护方法,应用于匿名服务器,其特征在于,包括:1. A method for protecting user location information, applied to an anonymous server, comprising: 待用户获取认证信息,接收所述用户发送的第一查询请求;After the user obtains authentication information, a first query request sent by the user is received; 响应所述第一查询请求,利用区域自适应匿名算法确定匿名区域,向位置服务提供商发送根据所述匿名区域生成的加密查询请求;In response to the first query request, determine an anonymous area using a region-adaptive anonymity algorithm, and send an encrypted query request generated according to the anonymous area to a location service provider; 接收所述位置服务提供商依据证书签发机构认证通过所获取的加密位置兴趣点信息,将所述加密位置兴趣点信息转发至所述用户,以供所述用户根据所述加密位置兴趣点信息,获取目标位置信息;所述目标位置信息为目标位置兴趣点;Receiving the encrypted location point of interest information obtained by the location service provider based on the authentication of the certificate issuing authority, and forwarding the encrypted location point of interest information to the user, so that the user can obtain the target location information according to the encrypted location point of interest information; the target location information is the target location point of interest; 所述待用户获取认证信息,接收所述用户发送的第一查询请求,包括:所述用户向所述位置服务提供商发送位置请求,并向所述证书签发机构进行注册,所述用户接收所述证书签发机构下发的包含证书期限的假名、证书和密钥;接收所述用户基于位置映射表发送的所述第一查询请求;The user to be used obtains authentication information and receives a first query request sent by the user, including: the user sends a location request to the location service provider and registers with the certificate issuing authority, and the user receives a pseudonym, certificate and key including a certificate period issued by the certificate issuing authority; and receives the first query request sent by the user based on the location mapping table; 所述接收所述用户基于位置映射表发送的所述第一查询请求,包括:获取任一用户位置坐标值,计算所述任一用户位置坐标值的散列值,并对匿名服务器数量进行模操作,获得任一匿名服务器序列号;基于所述任一匿名服务器序列号和所述任一用户位置坐标值,构建所述位置映射表;所述用户根据所述位置映射表确定接收匿名服务器,所述接收匿名服务器接收所述用户发送的所述假名、所述证书、所述证书期限、查询请求内容、查询半径和匿名级别;The receiving the first query request sent by the user based on the location mapping table includes: obtaining a location coordinate value of any user, calculating a hash value of the location coordinate value of any user, and performing a modulo operation on the number of anonymous servers to obtain a serial number of any anonymous server; constructing the location mapping table based on the serial number of any anonymous server and the location coordinate value of any user; the user determines a receiving anonymous server according to the location mapping table, and the receiving anonymous server receives the pseudonym, the certificate, the certificate term, the query request content, the query radius, and the anonymity level sent by the user; 所述响应所述第一查询请求,利用区域自适应匿名算法确定匿名区域,向位置服务提供商发送根据所述匿名区域生成的加密查询请求,包括:接收所述第一查询请求,若判断在所述证书期限内与所述用户存在相同的假名,则向所述用户发送第一标记,基于所述区域自适应匿名算法生成所述匿名区域;否则,缓存所述第一查询需求,向所述用户发送第二标记,接收所述用户发送的第二查询需求,其中所述第二查询需求包括所述第二标记和用户查询位置,将所述用户查询位置、所述假名和所述证书期限关联后进行缓存;综合所述假名、所述证书、所述证书期限、所述查询请求内容、所述查询半径和所述匿名区域,得到综合查询请求,采用所述位置服务提供商的公钥对所述综合查询请求进行加密,获得加密查询请求;The responding to the first query request, using a region-adaptive anonymity algorithm to determine an anonymous region, and sending an encrypted query request generated according to the anonymous region to a location service provider, includes: receiving the first query request, and if it is determined that the same pseudonym as the user exists within the certificate period, sending a first tag to the user, and generating the anonymous region based on the region-adaptive anonymity algorithm; otherwise, caching the first query request, sending a second tag to the user, receiving a second query request sent by the user, wherein the second query request includes the second tag and the user query location, and caching the user query location, the pseudonym, and the certificate period after associating them; synthesizing the pseudonym, the certificate, the certificate period, the query request content, the query radius, and the anonymous region to obtain a comprehensive query request, and encrypting the comprehensive query request using the public key of the location service provider to obtain an encrypted query request; 所述接收所述位置服务提供商依据证书签发机构认证通过所获取的加密位置兴趣点信息,将所述加密位置兴趣点信息转发至所述用户,包括:所述位置服务提供商接收所述加密查询请求,采用私钥对所述加密查询请求进行解密,通过所述证书签发机构验证所述假名,并接收所述证书签发机构发送的所述密钥;所述位置服务提供商依据所述匿名区域、查询请求内容和查询半径,获取服务数据库中的位置兴趣点信息,并采用所述密钥对称加密所述位置兴趣点信息,得到所述加密位置兴趣点信息;接收所述位置服务提供商发送的所述加密位置兴趣点信息,将所述加密位置兴趣点信息转发至所述用户。The receiving of the encrypted location POI information obtained by the location service provider through authentication by a certificate issuing authority, and forwarding the encrypted location POI information to the user, includes: the location service provider receiving the encrypted query request, decrypting the encrypted query request with a private key, verifying the pseudonym with the certificate issuing authority, and receiving the key sent by the certificate issuing authority; the location service provider obtaining the location POI information in a service database based on the anonymous area, query request content and query radius, and symmetrically encrypting the location POI information with the key to obtain the encrypted location POI information; receiving the encrypted location POI information sent by the location service provider, and forwarding the encrypted location POI information to the user. 2.根据权利要求1所述的用户位置信息保护方法,其特征在于,所述基于所述区域自适应匿名算法生成所述匿名区域,包括:2. The user location information protection method according to claim 1, characterized in that the generating the anonymous area based on the area adaptive anonymity algorithm comprises: 接收所述用户发送的携带所述用户查询位置的所述第一查询需求;receiving the first query request sent by the user and carrying the user query location; 基于所述用户查询位置和所述查询半径生成查询区域;Generate a query area based on the user query location and the query radius; 依据历史统计经验获得所述查询区域的最小用户数和最小请求内容数量;Obtaining the minimum number of users and the minimum number of requested contents in the query area based on historical statistical experience; 分别确定与所述用户的距离小于等于所述查询半径的所有用户为所述用户的第一用户邻域,以及与所述用户的距离大于所述查询半径的所有用户为所述用户的第二用户邻域;Respectively determine all users whose distance to the user is less than or equal to the query radius as the first user neighborhood of the user, and all users whose distance to the user is greater than the query radius as the second user neighborhood of the user; 若判断所述第一用户邻域大于等于所述最小用户数,且所述第二用户邻域大于等于所述最小请求内容数量,则所述查询区域为人口稠密区域,否则,所述查询区域为人口稀疏区域;If it is determined that the first user neighborhood is greater than or equal to the minimum number of users, and the second user neighborhood is greater than or equal to the minimum number of requested contents, then the query area is a densely populated area; otherwise, the query area is a sparsely populated area; 将所述查询区域分为个单元格,若所述查询区域为所述人口稠密区域,则将每个单元格的位置按照当前请求次数进行降序排列,确定在排序列表中和用户查询位置编号最接近的个位置,与所述用户查询位置采用k-匿名算法生成所述匿名区域;Divide the query area into cells, if the query area is the densely populated area, the position of each cell is sorted in descending order according to the current request number, and the cell closest to the user's query position number in the sorted list is determined. A location and a user query location are used to generate the anonymous area using a k-anonymity algorithm; 若所述查询区域为所述人口稀疏区域,则采用虚拟位置算法,将每个单元格的位置按照历史查询概率进行降序排列,确定在排序列表中和用户查询位置编号最接近的个位置,采用所述k-匿名算法生成所述匿名区域。If the query area is a sparsely populated area, a virtual location algorithm is used to sort the location of each cell in descending order according to the historical query probability, and determine the cell closest to the user's query location number in the sorted list. The k-anonymity algorithm is used to generate the anonymous area. 3.一种用户位置信息保护方法,应用于用户侧,且对应于如权利要求1所述的用户位置信息保护方法,其特征在于,包括:3. A user location information protection method, applied to a user side, corresponding to the user location information protection method according to claim 1, characterized in that it comprises: 获取认证信息,向匿名服务器发送第一查询请求;Obtain authentication information and send a first query request to the anonymous server; 待所述匿名服务器利用区域自适应匿名算法生成匿名区域,并向位置服务提供商发送根据所述匿名区域生成的加密查询请求后,所述匿名服务器接收所述位置服务提供商依据证书签发机构认证通过获取的加密位置兴趣点信息;After the anonymous server generates an anonymous area using a region-adaptive anonymous algorithm and sends an encrypted query request generated according to the anonymous area to a location service provider, the anonymous server receives the encrypted location point of interest information obtained by the location service provider through authentication by a certificate issuing authority; 接收所述匿名服务器从位置服务提供商转发的加密位置兴趣点信息,解密所述加密位置兴趣点信息,得到目标位置信息;所述目标位置信息为目标位置兴趣点;receiving the encrypted location point of interest information forwarded by the anonymous server from the location service provider, decrypting the encrypted location point of interest information, and obtaining target location information; the target location information is the target location point of interest; 所述获取认证信息,向匿名服务器发送第一查询请求,包括:向所述位置服务提供商发送位置请求,并向所述证书签发机构进行注册,所述用户接收所述证书签发机构下发的包含证书期限的假名、证书和密钥;向所述匿名服务器发送基于位置映射表确定的所述第一查询请求。The obtaining of authentication information and sending a first query request to the anonymous server includes: sending a location request to the location service provider and registering with the certificate issuing authority, wherein the user receives a pseudonym, certificate and key including a certificate period issued by the certificate issuing authority; and sending the first query request determined based on a location mapping table to the anonymous server. 4.一种电子设备,包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述程序时实现如权利要求1至3任一项所述用户位置信息保护方法。4. An electronic device comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the user location information protection method as claimed in any one of claims 1 to 3 when executing the program. 5.一种非暂态计算机可读存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现如权利要求1至3任一项所述用户位置信息保护方法。5. A non-transitory computer-readable storage medium having a computer program stored thereon, wherein when the computer program is executed by a processor, the method for protecting user location information as claimed in any one of claims 1 to 3 is implemented.
CN202210345290.8A 2022-03-31 2022-03-31 User position information protection method and system Active CN114827989B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210345290.8A CN114827989B (en) 2022-03-31 2022-03-31 User position information protection method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210345290.8A CN114827989B (en) 2022-03-31 2022-03-31 User position information protection method and system

Publications (2)

Publication Number Publication Date
CN114827989A CN114827989A (en) 2022-07-29
CN114827989B true CN114827989B (en) 2025-01-28

Family

ID=82532079

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210345290.8A Active CN114827989B (en) 2022-03-31 2022-03-31 User position information protection method and system

Country Status (1)

Country Link
CN (1) CN114827989B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105933357A (en) * 2016-07-11 2016-09-07 湖南科技大学 Grid cell identifier matching based location-based service method

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7461251B2 (en) * 2002-05-09 2008-12-02 Canon Kabushiki Kaisha Public key certification issuing apparatus
CN109886046A (en) * 2019-02-25 2019-06-14 广东工业大学 Method and system for protecting location privacy
WO2022034933A1 (en) * 2020-08-10 2022-02-17 엘지전자 주식회사 Apparatus and server for v2x service

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105933357A (en) * 2016-07-11 2016-09-07 湖南科技大学 Grid cell identifier matching based location-based service method

Also Published As

Publication number Publication date
CN114827989A (en) 2022-07-29

Similar Documents

Publication Publication Date Title
Zhang et al. A trajectory privacy-preserving scheme based on a dual-K mechanism for continuous location-based services
Ni et al. Providing task allocation and secure deduplication for mobile crowdsensing via fog computing
Khaliq et al. A secure and privacy preserved parking recommender system using elliptic curve cryptography and local differential privacy
KR102219277B1 (en) System and method for controlling the delivery of authenticated content
JP6547079B1 (en) Registration / authorization method, device and system
Miao et al. Fair and dynamic data sharing framework in cloud-assisted internet of everything
CN106899700B (en) Privacy protection method of location sharing system in mobile social network
Li et al. Location-sharing systems with enhanced privacy in mobile online social networks
CN108566383B (en) Privacy protection system and method for online taxi-taking service
CN109039578A (en) Secret protection encryption method, information data processing terminal based on homomorphic cryptography
CN108632237A (en) A kind of position service method based on the anonymity of more Anonymizers
CN112037870B (en) Double-server light-weight searchable encryption method and system supporting data partitioning
Miao et al. VKSE-MO: Verifiable keyword search over encrypted data in multi-owner settings
Guo et al. A secure three-factor anonymous roaming authentication protocol using ECC for space information networks
Kravitz Transaction immutability and reputation traceability: Blockchain as a platform for access controlled iot and human interactivity
Tu et al. A secure, efficient and verifiable multimedia data sharing scheme in fog networking system
CN113507704A (en) Mobile crowdsensing privacy protection method based on dual attribute decision
Fugkeaw et al. Secure and fine-grained access control with optimized revocation for outsourced IoT EHRs with adaptive load-sharing in fog-assisted cloud environment
Cahyadi et al. An improved efficient anonymous authentication with conditional privacy-preserving scheme for VANETs
Zhou et al. Privacy protection scheme for the Internet of Vehicles based on collaborative services
Cui et al. Achieving revocable attribute group-based encryption for mobile cloud data: A multi-proxy assisted approach
Liu et al. AEAKA: An Adaptive and Efficient Authentication and Key Agreement Scheme for IoT in Cloud-Edge-Device Collaborative Environments
Ashouri-Talouki et al. The cloaked-centroid protocol: location privacy protection for a group of users of location-based services
Trivedi et al. Dynamically scalable privacy-preserving authentication protocol for distributed IoT based healthcare service providers
CN114827989B (en) User position information protection method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant