[go: up one dir, main page]

CN103067918B - Method, device and system of privacy data anonymization in communication network - Google Patents

Method, device and system of privacy data anonymization in communication network Download PDF

Info

Publication number
CN103067918B
CN103067918B CN201210568522.2A CN201210568522A CN103067918B CN 103067918 B CN103067918 B CN 103067918B CN 201210568522 A CN201210568522 A CN 201210568522A CN 103067918 B CN103067918 B CN 103067918B
Authority
CN
China
Prior art keywords
data
anonymization
private data
original information
private
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210568522.2A
Other languages
Chinese (zh)
Other versions
CN103067918A (en
Inventor
刘庄
田彦峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201210568522.2A priority Critical patent/CN103067918B/en
Publication of CN103067918A publication Critical patent/CN103067918A/en
Application granted granted Critical
Publication of CN103067918B publication Critical patent/CN103067918B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

Provided is a method, a device and a system of privacy data anonymization in a communication network. The method of the privacy data anonymization in the communication network comprises the following steps of receiving a directive of opening an anonymization function sent by an anonymization control center, recognizing privacy data in raw information generated by operating business, and carrying out anonymization process of the privacy data in the raw information generated by operating business. When the method, the device and the system of the privacy data anonymization in the communication network are in use, sensitive data in the raw information is processed in an anonymization mode, equipment maintenance businessmen are incapable of restoring the sensitive data form data which are processed in the anonymization mode, and leakage of the sensitive data is avoided.

Description

一种通信网络中隐私数据匿名化方法、装置及系统A method, device and system for anonymizing private data in a communication network

技术领域technical field

本发明涉及通信领域,尤其涉及一种通信网络中隐私数据匿名化方法、装置及系统。The present invention relates to the communication field, in particular to a method, device and system for anonymizing private data in a communication network.

背景技术Background technique

隐私保护已成为个人或机构关心的基本问题,各种数据挖掘工具的出现使得隐私泄露问题日益突出。通常移除标识符的方式发布数据是无法阻止隐私泄露的,攻击者仍然可以通过链接操作以很高的概率来获取用户的隐私数据。匿名化是目前数据发布环境下实现隐私保护的主要技术之一。Privacy protection has become a basic concern of individuals or institutions, and the emergence of various data mining tools has made the problem of privacy leakage increasingly prominent. Generally, publishing data by removing identifiers cannot prevent privacy leaks, and attackers can still obtain users' private data with a high probability through link operations. Anonymization is one of the main technologies to achieve privacy protection in the current data publishing environment.

目前的通信网络中,存在着大量的个人信息,如用户的手机号码、IMSI(Intemational Mobile SubscriberIdentification,国际移动用户识别码,简称IMSI)号、用户设备的IP地址及用户的上网记录等。设备提供商在进行通信网络维护时,如故障定位等,一般需要抓取信令层面的信息用于诊断问题发生的原因,但这些信息通常都会包括个人信息,有些国家的法律规定,个人信息数据属于隐私数据,禁止从运营商内部网络携带出去,这样就会导致无法利用这些信息进行问题的定位和诊断。In the current communication network, there is a large amount of personal information, such as the user's mobile phone number, IMSI (International Mobile Subscriber Identification, IMSI for short), the IP address of the user's device, and the user's Internet access records. When equipment providers perform communication network maintenance, such as fault location, etc., they generally need to capture information at the signaling level to diagnose the cause of the problem, but this information usually includes personal information. According to laws in some countries, personal information data It is private data, and it is forbidden to carry it out from the operator's internal network, which will make it impossible to use this information to locate and diagnose problems.

发明内容Contents of the invention

本发明实施例提供一种通信网络中隐私数据匿名化方法、装置及系统,用以解决现有技术中包含敏感数据的原始信息禁止被携带出去,因此无法对通信系统进行维护的不足。Embodiments of the present invention provide a method, device and system for anonymizing private data in a communication network to solve the problem in the prior art that the original information containing sensitive data is prohibited from being carried out, so the communication system cannot be maintained.

为了解决上述技术问题,本发明实施例第一方面提供了一种通信网络中隐私数据匿名化方法,包括:In order to solve the above technical problems, the first aspect of the embodiment of the present invention provides a method for anonymizing private data in a communication network, including:

接收匿名化控制中心发送的开启匿名化功能的指示;Receive an instruction to enable the anonymization function sent by the anonymization control center;

识别运行业务产生的原始信息中的隐私数据;Identify private data in raw information generated by running a business;

根据所述开启匿名化功能的指示,对运行业务产生的原始信息中的隐私数据进行匿名化处理。According to the instruction of enabling the anonymization function, the private data in the original information generated by running the business is anonymized.

在第一种可能的实现方式中,所述对所述原始信息中的隐私数据进行匿名化处理后,进一步包括:In the first possible implementation manner, after anonymizing the private data in the original information, further include:

将匿名化处理后的隐私数据,以及所述原始信息中的非隐私数据,上报至所述匿名化控制中心。Reporting the anonymized private data and the non-private data in the original information to the anonymization control center.

结合第一方面第一种可能的实现方式,在第二种可能的实现方式中,所述对所述原始信息中的隐私数据进行匿名化处理,包括:With reference to the first possible implementation of the first aspect, in a second possible implementation, the anonymizing the private data in the original information includes:

将所述原始信息转换成树状结构数据,所述树状结构数据的叶子节点数据包括隐私数据和非隐私数据;Converting the original information into tree structure data, the leaf node data of the tree structure data includes private data and non-private data;

对所述叶子节点中的隐私数据使用匿名化函数进行匿名化处理。结合第一方面第二种可能的实现方式,在第三种可能的实现方式中,对不同叶子节点中的隐私数据使用不同匿名化函数进行匿名化处理,所述不同匿名化函数为不同的哈希映射。An anonymization function is used to anonymize the private data in the leaf node. In combination with the second possible implementation of the first aspect, in the third possible implementation, different anonymization functions are used to anonymize the private data in different leaf nodes, and the different anonymization functions are different hashing functions. Greek mapping.

结合第一方面,在第四种可能的实现方式中,所述识别运行业务产生的原始信息中的隐私数据,包括:In combination with the first aspect, in a fourth possible implementation manner, the identification of private data in the original information generated by running the business includes:

根据匿名化功能的指示中包含的隐私数据的数据类型,识别出所述原始数据中与该数据类型匹配的数据为隐私数据;或According to the data type of the private data contained in the indication of the anonymization function, it is identified that the data matching the data type in the original data is private data; or

网元侧设备预先配置隐私数据的数据类型,识别出所述原始数据中与该数据类型匹配的数据为隐私数据。The network element side device pre-configures the data type of the private data, and identifies the data matching the data type in the original data as the private data.

本发明第二方面提供了一种通信网络中隐私数据匿名的装置,包括:The second aspect of the present invention provides a device for anonymizing private data in a communication network, including:

指示接收模块,用于接收匿名化控制中心发送的开启匿名化功能的指示;An instruction receiving module, configured to receive an instruction to enable the anonymization function sent by the anonymization control center;

识别模块,用于识别运行业务产生的原始信息中的隐私数据;The identification module is used to identify the private data in the original information generated by running the business;

匿名处理模块,用于根据所述开启匿名化功能的指示,对所述识别模块识别的隐私数据进行匿名化处理。An anonymization processing module, configured to anonymize the private data identified by the identification module according to the instruction to enable the anonymization function.

在第一种可能的实现方式中,还包括:In the first possible implementation manner, it also includes:

信息上报模块,用于将匿名化处理后的隐私数据,以及所述原始信息中的非隐私数据,上报至所述匿名化控制中心。The information reporting module is configured to report the anonymized private data and the non-private data in the original information to the anonymization control center.

结合第二方面和第二方面的第一种可能的实现方式,在第二种可能的实现方式中,所述匿名处理模块包括:In combination with the second aspect and the first possible implementation manner of the second aspect, in a second possible implementation manner, the anonymous processing module includes:

数据转换单元,将所述原始信息转换成树状结构数据,所述树状结构数据的叶子节点数据包括隐私数据和非隐私数据;a data conversion unit, which converts the original information into tree-structured data, and the leaf node data of the tree-structured data includes private data and non-private data;

匿名处理单元,用于对所述叶子节点中的隐私数据使用匿名化函数进行匿名化处理。An anonymization processing unit, configured to anonymize the private data in the leaf node using an anonymization function.

结合第二方面的第二种可能的实现方式,在第三种可能的实现方式中,还包括:In combination with the second possible implementation of the second aspect, the third possible implementation also includes:

所述匿名处理单元包括:The anonymous processing unit includes:

哈希映射单元,用于对不同叶子节点中的隐私数据使用不同匿名化函数进行匿名化处理,所述不同匿名化函数为不同的哈希映射。A hash mapping unit, configured to anonymize private data in different leaf nodes using different anonymization functions, where the different anonymization functions are different hash maps.

结合第二方面,在第四种可能的实现方式中,所述识别模块,With reference to the second aspect, in a fourth possible implementation manner, the identification module,

用于根据所述指示接收模块接收到的匿名化功能的指示中包含的隐私数据的数据类型,识别出所述原始数据中与该数据类型匹配的数据为隐私数据;或According to the data type of the privacy data included in the indication of the anonymization function received by the indication receiving module, identify the data matching the data type in the original data as privacy data; or

用于预先配置隐私数据的数据类型,识别出所述原始数据中与该数据类型匹配的数据为隐私数据。It is used to preconfigure the data type of the private data, and identify the data matching the data type in the original data as the private data.

本发明第三方面提供了一种通信系统,包括匿名化控制中心和第二方面至第二方面的第四种可能的实现方式中的任一种装置。A third aspect of the present invention provides a communication system, including an anonymization control center and any device in the fourth possible implementation manners of the second aspect to the second aspect.

实施本发明实施例,具有如下有益效果:Implementing the embodiment of the present invention has the following beneficial effects:

将原始信息中敏感数据进行匿名化处理,设备维护商无法从匿名化后的数据中还原出敏感数据,避免了敏感数据的泄露,因此设备供应商可以把原始信息携带出运营商内部网络,满足运营商保护个人隐私的法律要求,同时不影响通信设备的维护效率。By anonymizing the sensitive data in the original information, the equipment maintenance provider cannot restore the sensitive data from the anonymized data, avoiding the leakage of sensitive data, so the equipment supplier can carry the original information out of the operator's internal network to meet the Legal requirements for operators to protect personal privacy without compromising the maintenance efficiency of communication equipment.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention. Those skilled in the art can also obtain other drawings based on these drawings without creative work.

图1是本发明的一种通信网络中隐私数据匿名化方法的流程示意图;1 is a schematic flow diagram of a method for anonymizing private data in a communication network according to the present invention;

图2是本发明的一种通信网络中隐私数据匿名化方法的另一流程示意图;Fig. 2 is another schematic flowchart of a method for anonymizing private data in a communication network according to the present invention;

图3是图2中匿名化处理的示意图;Fig. 3 is a schematic diagram of anonymization processing in Fig. 2;

图4是本发明的一种通信网络中隐私数据匿名化装置的结构示意图;Fig. 4 is a schematic structural diagram of a device for anonymizing private data in a communication network according to the present invention;

图5是本发明的一种通信网络中隐私数据匿名化装置的另一结构示意图;FIG. 5 is another structural schematic diagram of a device for anonymizing private data in a communication network according to the present invention;

图6是图5中匿名处理模块的结构示意图;Fig. 6 is a schematic structural diagram of the anonymous processing module in Fig. 5;

图7是图6中匿名处理单元的结构示意图;Fig. 7 is a schematic structural diagram of the anonymous processing unit in Fig. 6;

图8是本发明的一种通信系统的结构示意图;Fig. 8 is a schematic structural diagram of a communication system of the present invention;

图9是本发明的一种通信网络中隐私数据匿名化装置的又一结构示意图。Fig. 9 is another structural schematic diagram of a device for anonymizing private data in a communication network according to the present invention.

具体实施方式detailed description

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

参见图1,为本发明的一种通信网络中隐私数据匿名化方法的流程示意图,包括:Referring to Fig. 1, it is a schematic flow diagram of a method for anonymizing private data in a communication network of the present invention, including:

步骤101、接收匿名化控制中心发送的的开启匿名化功能的指示;Step 101, receiving an instruction to enable the anonymization function sent by the anonymization control center;

具体的,网元侧的设备接收到部署在网元管理系统的匿名化控制中心发送的开启匿名化功能的指示。这里,网元侧的设备是与网元管理系统区别的设备,可以为移动交换中心,归属位置寄存器,呼叫会话控制功能实体等;网元管理系统可以是网络管理中心等,本发明实施例在此不作限定。Specifically, the device on the network element side receives an instruction to enable the anonymization function sent by the anonymization control center deployed in the network element management system. Here, the device on the network element side is a device different from the network element management system, and may be a mobile switching center, a home location register, a call session control functional entity, etc.; the network element management system may be a network management center, etc., the embodiment of the present invention is in This is not limited.

步骤102、识别业务生成的原始信息中的隐私数据;Step 102, identifying private data in the original information generated by the business;

识别方法可以为根据匿名化功能的指示中包含的隐私数据的数据类型,识别出所述原始数据中与该数据类型匹配的数据为隐私数据。可选地,识别运行业务产生的原始信息中的隐私数据这一步骤还可以在步骤101之前,可以在网元侧设备预先配置隐私数据的数据类型,将原始信息与该数据类型进行匹配,得到隐私数据。本发明实施例对具体的识别方法不作限制。The identification method may be to identify, according to the data type of the private data included in the indication of the anonymization function, that the data matching the data type in the original data is private data. Optionally, before step 101, the step of identifying the private data in the original information generated by running the service may pre-configure the data type of the private data on the network element side device, and match the original information with the data type to obtain private data. The embodiment of the present invention does not limit the specific identification method.

步骤103、根据所述开启匿名化功能的指示,对运行业务产生的原始信息中的隐私数据进行匿名化处理。Step 103 , according to the instruction of enabling the anonymization function, anonymize the private data in the original information generated by running the business.

具体的,所述原始信息包含隐私数据和非隐私数据,所述隐私数据包括IMSI,电话号码,用户上网记录中的至少一种,也可以是其他隐私数据。网元侧设备预先存储有匿名化函数库,网元侧设备在接收到匿名化控制中心发送的开启匿名化功能的指示时,加载所述匿名化函数库中的匿名化函数对运行业务产生的数据进行匿名化处理。匿名化处理是指采用安全算法对原始信息中的敏感数据进行加密,如哈希函数,可以是不同的哈希映射算法,也可以是替换函数,如对电话号码的部分位加以星号。发布者在发布这些原始信息时不会造成敏感数据的泄露,同时在特定的条件下又可以还原原始信息中的敏感数据。此处,匿名化函数的类型不作限制。另外,本发明实施例中的运行业务,可以是通信网络中进行通话、上网、数据传输等产生的各种信令。出现网络故障时,需提取运行业务产生的这些数据进行故障定位。Specifically, the original information includes private data and non-private data, and the private data includes at least one of IMSI, phone number, and user surfing records, and may also be other private data. The network element side device has an anonymization function library stored in advance, and when the network element side device receives the instruction to enable the anonymization function sent by the anonymization control center, it loads the anonymization function in the anonymization function library, which will affect the operation of the business. The data is anonymized. Anonymization refers to the encryption of sensitive data in the original information using a security algorithm, such as a hash function, which can be a different hash mapping algorithm, or a replacement function, such as adding an asterisk to some digits of a phone number. Publishers will not cause leakage of sensitive data when publishing these original information, and at the same time can restore sensitive data in the original information under certain conditions. Here, the type of the anonymous function is not limited. In addition, the operation service in the embodiment of the present invention may be various signalings generated in the communication network such as calling, surfing the Internet, and transmitting data. When a network fault occurs, it is necessary to extract the data generated by running services for fault location.

原始信息中的敏感数据,即隐私数据,已由网元侧设备作匿名化处理,可以将匿名化后的信息连同所述原始信息中的非隐私信息对外发布,不必担心敏感数据遭到泄露。同时可以将上述匿名化后的信息以及原始信息中的非隐私信息保存至本地的指定文件中,用于实现网元侧设备本地定位。The sensitive data in the original information, that is, the private data, has been anonymized by the network element side equipment, and the anonymized information can be released together with the non-private information in the original information, without worrying about the sensitive data being leaked. At the same time, the above-mentioned anonymized information and non-private information in the original information can be saved in a local specified file, which is used to realize local positioning of the network element side device.

可选地,对于多个网元侧设备进行匿名化处理,可以将每个网元侧设备对隐私数据进行匿名化后得到的数据,连同原始信息中的非隐私信息,上报给匿名化控制中心,由匿名化控制中心存储为文件,用于实现全网故障定位。Optionally, for anonymization of multiple network element side devices, the data obtained after each network element side device anonymizes private data, together with non-private information in the original information, can be reported to the anonymization control center , which is stored as a file by the anonymized control center and used to locate faults across the network.

实施本发明的实施例,将原始信息中敏感数据进行匿名化处理,设备维护商无法从匿名化后的数据中还原出敏感数据,避免了敏感数据的泄露,因此设备供应商可以把上述匿名化后的信息以及原始信息中的非隐私信息携带出运营商内部网络,满足运营商保护个人隐私的法律要求,同时不影响通信设备的维护效率。Implementing the embodiment of the present invention, the sensitive data in the original information is anonymized, and the equipment maintainer cannot restore the sensitive data from the anonymized data, which avoids the leakage of sensitive data, so the equipment supplier can anonymize the above-mentioned The final information and the non-private information in the original information are carried out of the operator's internal network to meet the operator's legal requirements for protecting personal privacy without affecting the maintenance efficiency of communication equipment.

参见图2和图3,为本发明的一种通信网络中隐私数据匿名化方法的另一流程示意图,包括:Referring to Fig. 2 and Fig. 3, it is another schematic flowchart of a method for anonymizing private data in a communication network according to the present invention, including:

步骤201、接收匿名化控制中心发送的的开启匿名化功能的指示。Step 201. Receive an instruction to enable the anonymization function sent by the anonymization control center.

具体的,网元侧设备接收到部署在网元管理系统的匿名化控制中心发送的开启匿名化功能的指示,所述指示用于控制网元侧设备开启匿名化功能,可以理解的是,当网元侧设备接收到匿名化控制中心发送的关闭匿名化功能的指令时,网元侧设备不再对运行业务产生的原始信息进行匿名化处理。这里,网元侧的设备是与网元管理系统区别的设备,可以为移动交换中心,归属位置寄存器,呼叫会话控制功能实体等;网元管理系统可以是网络管理中心等,本发明实施例在此不作限定。Specifically, the network element side device receives an instruction to enable the anonymization function sent by the anonymization control center deployed in the network element management system, and the instruction is used to control the network element side device to enable the anonymization function. It can be understood that when When the network element side device receives the instruction to disable the anonymization function sent by the anonymization control center, the network element side device will no longer anonymize the original information generated by running services. Here, the device on the network element side is a device different from the network element management system, and may be a mobile switching center, a home location register, a call session control functional entity, etc.; the network element management system may be a network management center, etc., the embodiment of the present invention is in This is not limited.

步骤202、识别运行业务产生的原始信息中的隐私数据;Step 202, identifying private data in the original information generated by running the business;

具体的,识别的方法可以是根据所述指示接收模块接收到的匿名化功能的指示中包含的隐私数据的数据类型,识别出所述原始数据中与该数据类型匹配的数据为隐私数据;或预先配置隐私数据的数据类型,识别出所述原始数据中与该数据类型匹配的数据为隐私数据。本发明实施例对具体的识别方法不作限制。Specifically, the identification method may be to identify the data matching the data type in the original data as private data according to the data type of the private data contained in the indication of the anonymization function received by the indication receiving module; or The data type of the private data is preconfigured, and the data matching the data type in the original data is identified as the private data. The embodiment of the present invention does not limit the specific identification method.

步骤203、根据所述开启匿名化功能的指示,对运行业务产生的原始信息转换成树状结构数据,所述树状结构数据的叶子节点数据包括隐私数据和非隐私数据Step 203: According to the instruction of enabling the anonymization function, convert the original information generated by the running business into tree-structured data, and the leaf node data of the tree-structured data includes private data and non-private data

具体的,网元侧设备运行业务生成的原始信息的数据类型通常为非结构化数据,例如TLV(Type-Length-Value,标签-长度-值,简称TLV)格式的报文,由于该格式的报文为非结构化的数据,不易对其进行处理和分析,因此需要转换成结构化的数据,以便进行后续的匿名化处理。Specifically, the data type of the original information generated by the network element side equipment is usually unstructured data, such as a message in TLV (Type-Length-Value, label-length-value, TLV for short) format. The message is unstructured data, which is not easy to process and analyze, so it needs to be converted into structured data for subsequent anonymization.

如图3所示,为网元侧设备运行也产生的原始信息转换后的树状结构数据的示意图,该树状结构数据中,每个叶子节点代表原始信息中的各项数据,如手机号、姓名、归属地、IMSI号、用户IP地址和用户上网记录等,这些叶子节点中包括既包括隐私数据又包括非隐私数据,如图中黑色的叶子节点代表隐私数据,白色的叶子节点代表非隐私数据。原始信息转换为树状结构数据后,便于计算机对树状结构化数据进行处理,同时也易于查询原始信息中需要匿名化处理的隐私数据,提高了运行的效率。As shown in Figure 3, it is a schematic diagram of the tree-structured data converted from the original information generated by the operation of the equipment on the network element side. In the tree-structured data, each leaf node represents various data in the original information, such as a mobile phone number , name, attribution, IMSI number, user IP address and user online records, etc. These leaf nodes include both private data and non-private data. In the figure, the black leaf nodes represent private data, and the white leaf nodes represent non-private data. private data. After the original information is converted into tree-structured data, it is convenient for the computer to process the tree-structured data, and it is also easy to query the private data in the original information that needs to be anonymized, which improves the efficiency of operation.

步骤204,对不同叶子节点中的隐私数据使用不同匿名化函数进行匿名化处理,所述匿名化函数包括哈希映射。Step 204, anonymize private data in different leaf nodes using different anonymization functions, where the anonymization function includes hash mapping.

具体的,匿名化函数的配置方法可以是由匿名化控制中心指定匿名化函数,直接将包括所述指定的匿名化函数的开启匿名化功能的指示发送至网元侧设备;也可以是预先在网元设备侧配置匿名化函数库,同时给每一个匿名化函数分配一个唯一的函数标识,匿名化控制中心发送包括所述函数标识的开启匿名化功能的指令,网元侧设备接收到调用本地匿名化函数库中的该函数标识对应的匿名化函数。不同匿名化函数可以为不同的哈希映射,也可以是其他类型的函数,本发明不作限制。Specifically, the configuration method of the anonymization function may be to specify the anonymization function by the anonymization control center, and directly send an indication of enabling the anonymization function including the specified anonymization function to the network element side device; The anonymization function library is configured on the network element device side, and a unique function identifier is assigned to each anonymization function at the same time. The anonymization control center sends an instruction to enable the anonymization function including the function identifier. The function in the anonymization function library identifies the corresponding anonymization function. Different anonymization functions may be different hash maps, or other types of functions, which are not limited in the present invention.

如图3所示,原始信息中隐私数据为黑色的叶子节点,非隐私数据为白色的叶子节点,例如手机号、姓名、归属地、IMSI号和用户上网记录属于隐私数据。隐私数据的叶子节点的数量为5个,对5个节点分别配置了匿名化函数1、匿名化函数2、匿名化函数3、匿名化函数4和匿名化函数5,分别对不同的隐私数据配置不同的匿名化函数,使得网元侧设备加载匿名化函数进行匿名化处理后的数据遭到破解的难度加大,提高了数据的安全性。匿名化函数的加载方式可采用静态编译和动态加载的方法,现有技术以作披露,此处不再描述。As shown in Figure 3, in the original information, the private data is a black leaf node, and the non-private data is a white leaf node, such as mobile phone number, name, attribution, IMSI number, and user online records are private data. The number of leaf nodes of private data is 5, and anonymization function 1, anonymization function 2, anonymization function 3, anonymization function 4 and anonymization function 5 are respectively configured for 5 nodes, and different privacy data configurations are respectively Different anonymization functions make it more difficult to crack the data after the network element side device loads the anonymization function for anonymization processing, and improves the security of the data. The loading method of the anonymized function can adopt the methods of static compilation and dynamic loading, which are disclosed in the prior art and will not be described here.

步骤205、将匿名化处理后的隐私数据,以及所述原始信息中的非隐私数据,上报至所述匿名化控制中心。Step 205: Report the anonymized private data and the non-private data in the original information to the anonymization control center.

具体的,通常一个通信系统中,一个网元管理系统管理若干个网元侧设备,两者之间采用SOAP(Simple Object Access Protocol,简单对象访问协议,简称SOAP)接口通信。网元侧设备通过SFTP(Secure File Transfer Protocol,安全文件传送协议,简称SFTP)接口或FPTS(File Transfer Protocol over Secure socketslayer)接口将匿名化处理后的隐私数据以及所述原始信息中的非隐私数据上传至部署在网元管理系统的匿名化控制中心,以实现对全网问题的定位和诊断。Specifically, usually in a communication system, a network element management system manages several network element side devices, and SOAP (Simple Object Access Protocol, SOAP for short) interface is used for communication between the two. The device on the network element side uses the SFTP (Secure File Transfer Protocol, SFTP for short) interface or the FPTS (File Transfer Protocol over Secure sockets layer) interface to anonymize the private data and the non-private data in the original information Upload to the anonymized control center deployed in the network element management system to locate and diagnose network-wide problems.

实施本发明的实施例,将原始信息中敏感数据进行匿名化处理,设备维护商无法从匿名化后的数据中还原出敏感数据,避免了敏感数据的泄露,因此设备供应商可以把上述处理后的信息携带出运营商内部网络,满足运营商保护个人隐私的法律要求,同时不影响通信设备的维护效率。In the embodiment of the present invention, the sensitive data in the original information is anonymized, and the equipment maintainer cannot restore the sensitive data from the anonymized data, which avoids the leakage of sensitive data. Therefore, the equipment supplier can anonymize the above-mentioned processed The information carried out of the operator's internal network meets the operator's legal requirements for protecting personal privacy without affecting the maintenance efficiency of communication equipment.

参见图4,为本发明的一种通信网络中隐私数据匿名化装置,其特征在于,包括:Referring to Fig. 4, it is a privacy data anonymization device in a communication network of the present invention, which is characterized in that it includes:

指示接收模块11,用于接收匿名化控制中心发送的开启匿名化功能的指示。The instruction receiving module 11 is configured to receive the instruction to enable the anonymization function sent by the anonymization control center.

具体的,指示接收模块11接收到部署在网元管理系统的匿名化控制中心发送的开启匿名化功能的指示,该指示中包括匿名化函数的类型和需要匿名化的数据类型。Specifically, the instruction receiving module 11 receives an instruction to enable the anonymization function sent by the anonymization control center deployed in the network element management system, and the instruction includes the type of the anonymization function and the type of data that needs to be anonymized.

识别模块12,用于识别运行业务产生的原始信息中的隐私数据;The identification module 12 is used to identify the private data in the original information generated by running the business;

匿名处理模块13,用于根据所述开启匿名化功能的指示,对识别模块12识别的隐私数据进行匿名化处理。The anonymization processing module 13 is configured to anonymize the private data identified by the identification module 12 according to the instruction to enable the anonymization function.

具体的,所述原始信息包含隐私数据和非隐私数据,所述隐私数据包括IMSI,电话号码,用户上网记录中的至少一种,也可以是其他隐私数据。网元侧设备预先存储有匿名化函数库,指示接收模块11在接收到匿名化控制中心发送的开启匿名化功能的指示时,匿名处理模块13加载所述匿名化函数库中的匿名化函数对运行业务产生的数据进行匿名化处理。匿名化处理是指采用安全算法对原始信息中的敏感数据进行加密,发布者在发布这些原始信息时不会造成敏感数据的泄露,同时在特定的条件下又可以还原原始信息中的敏感数据。此处,匿名化函数的类型不作限制。Specifically, the original information includes private data and non-private data, and the private data includes at least one of IMSI, phone number, and user surfing records, and may also be other private data. The network element side device pre-stores an anonymization function library, and instructs the receiving module 11 to load the anonymization function pair in the anonymization function library when receiving the instruction to enable the anonymization function sent by the anonymization control center. The data generated by running the business is anonymized. Anonymization refers to the use of security algorithms to encrypt sensitive data in the original information. When the publisher publishes the original information, the sensitive data will not be leaked, and at the same time, the sensitive data in the original information can be restored under certain conditions. Here, the type of the anonymous function is not limited.

原始信息中的敏感数据,即隐私数据,已由网元侧设备作匿名化处理,可以将所述原始信息对外发布,不必担心敏感数据遭到泄露。同时将所述原始信息保存至本地的指定文件中,以便进行维护操作时利用所述原始信息进行故障定位等维护工作。Sensitive data in the original information, that is, private data, has been anonymized by the device on the network element side, and the original information can be released to the outside world without worrying about sensitive data being leaked. At the same time, the original information is saved in a local specified file, so that the original information can be used for fault location and other maintenance work during maintenance operations.

进一步的,参见图5-图7,为本发明的一种通信网络中隐私数据匿名化装置的另一种结构示意图,除指示接收模块11、识别模块12和匿名处理模块13外,还包括:Further, referring to FIG. 5-FIG. 7, it is another schematic structural diagram of a device for anonymizing private data in a communication network according to the present invention. In addition to the instruction receiving module 11, the identification module 12 and the anonymity processing module 13, it also includes:

信息上报模块14,用于将匿名化处理后的隐私数据,以及所述原始信息中的非隐私数据,上报至所述匿名化控制中心。The information reporting module 14 is configured to report the anonymized private data and the non-private data in the original information to the anonymization control center.

具体的,通常一个通信系统中,一个网元管理系统管理若干个网元侧设备,两者之间采用SOAP(Simple Object Access Protocol,简单对象访问协议,简称SOAP)接口通信。信息上报模块14通过SFTP接口或FPTS接口将匿名化处理后的隐私数据以及所述原始信息中的非隐私数据上传至部署在网元管理系统的匿名化控制中心,以实现对全网问题的定位和诊断。Specifically, usually in a communication system, a network element management system manages several network element side devices, and SOAP (Simple Object Access Protocol, SOAP for short) interface is used for communication between the two. The information reporting module 14 uploads the anonymized private data and the non-private data in the original information to the anonymized control center deployed in the network element management system through the SFTP interface or FPTS interface, so as to realize the positioning of the whole network problem and diagnosis.

其中,所述匿名处理模块13包括:Wherein, the anonymous processing module 13 includes:

数据转换单元131,将所述原始信息转换成树状结构数据,所述树状结构数据的叶子节点数据包括隐私数据和非隐私数据。The data conversion unit 131 converts the original information into tree-structured data, and the leaf node data of the tree-structured data includes private data and non-private data.

具体的,网元侧设备运行业务生成的原始信息的数据类型通常为非结构化数据,例如TLV(Type-Length-Value,标签-长度-值,简称TLV)格式的报文,由于该格式的报文为非结构化的数据,不易对其进行处理和分析,因此数据转换单元131需要将非结构化的原始信息转换成结构化的数据,以便进行后续的匿名化处理。Specifically, the data type of the original information generated by the network element side equipment is usually unstructured data, such as a message in TLV (Type-Length-Value, label-length-value, TLV for short) format. The message is unstructured data, which is difficult to process and analyze. Therefore, the data conversion unit 131 needs to convert unstructured original information into structured data for subsequent anonymization processing.

匿名处理单元132,用于对所述叶子节点中的隐私数据使用匿名化函数进行匿名化处理。An anonymization processing unit 132, configured to anonymize the private data in the leaf node using an anonymization function.

具体的,匿名处理单元132使用匿名化函数对叶子节点中的隐私数据进行匿名化处理,不同的隐私数据可以配置不同的匿名化函数,如不同的哈希映射,也可以配置相同的匿名化函数,本发明不作限制。Specifically, the anonymization processing unit 132 uses an anonymization function to anonymize the private data in the leaf nodes. Different private data can be configured with different anonymization functions, such as different hash maps, or the same anonymization function can be configured. , the present invention is not limited.

进一步的,匿名化处理单元132包括:Further, the anonymization processing unit 132 includes:

哈希映射单元1321,用于对不同叶子节点中的隐私数据使用不同匿名化函数进行匿名化处理,所述匿名化函数包括哈希映射。The hash mapping unit 1321 is configured to anonymize private data in different leaf nodes using different anonymization functions, where the anonymization function includes hash mapping.

具体的,如图3的结构化数据例子,原始信息中隐私数据为黑色的叶子节点,非隐私数据为白色的叶子节点,例如手机号、姓名、归属地、IMSI号和用户上网记录属于隐私数据。隐私数据的叶子节点的数量为5个,对5个节点分别配置了匿名化函数1、匿名化函数2、匿名化函数3、匿名化函数4和匿名化函数5,分别对不同的隐私数据配置不同的匿名化函数,哈希映射单元1321加载匿名化函数进行匿名化处理后的数据遭到破解的难度加大,提高了数据的安全性。匿名化函数的加载方式可采用静态编译和动态加载的方法,现有技术以作披露,此处不再描述。Specifically, as shown in the structured data example in Figure 3, in the original information, the private data is a black leaf node, and the non-private data is a white leaf node, such as mobile phone number, name, attribution, IMSI number, and user online records are private data . The number of leaf nodes of private data is 5, and anonymization function 1, anonymization function 2, anonymization function 3, anonymization function 4 and anonymization function 5 are respectively configured for 5 nodes, and different privacy data configurations are respectively With different anonymization functions, the hash mapping unit 1321 loads the anonymization function to anonymize the data, which is more difficult to crack, which improves the security of the data. The loading method of the anonymized function can adopt the methods of static compilation and dynamic loading, which are disclosed in the prior art and will not be described here.

进一步的,识别模块12具体用于,Further, the identification module 12 is specifically used for,

根据所述指示接收模块接收到的匿名化功能的指示中包含的隐私数据的数据类型,识别出所述原始数据中与该数据类型匹配的数据为隐私数据;或According to the data type of the private data contained in the indication of the anonymization function received by the indication receiving module, it is identified that the data matching the data type in the original data is private data; or

预先配置隐私数据的数据类型,识别出所述原始数据中与该数据类型匹配的数据为隐私数据。The data type of the private data is preconfigured, and the data matching the data type in the original data is identified as the private data.

实施本发明的实施例,将原始信息中敏感数据进行匿名化处理,设备维护商无法从匿名化后的数据中还原出敏感数据,避免了敏感数据的泄露,因此设备供应商可以把上述处理后的信息携带出运营商内部网络,满足运营商保护个人隐私的法律要求,同时不影响通信设备的维护效率。In the embodiment of the present invention, the sensitive data in the original information is anonymized, and the equipment maintainer cannot restore the sensitive data from the anonymized data, which avoids the leakage of sensitive data. Therefore, the equipment supplier can anonymize the above-mentioned processed The information carried out of the operator's internal network meets the operator's legal requirements for protecting personal privacy without affecting the maintenance efficiency of communication equipment.

参见图8,为本发明的一种通信系统的结构示意图,包括匿名化控制中心2和装置1a-1c,其中,匿名化控制中心部署在网元管理系统侧,装置部署在网元设备侧,装置是上述实施例中通信网络中隐私数据匿名化装置,该装置的数量不作限制。以匿名化控制中心2和装置1a之间的工作过程为例,其他装置与匿名化控制中心的交互过程一致。Referring to FIG. 8, it is a schematic structural diagram of a communication system of the present invention, including an anonymization control center 2 and devices 1a-1c, wherein the anonymization control center is deployed on the side of the network element management system, and the device is deployed on the side of the network element equipment. The device is the privacy data anonymization device in the communication network in the above embodiment, and the number of the devices is not limited. Taking the working process between the anonymization control center 2 and the device 1a as an example, other devices have the same interaction process with the anonymization control center.

匿名化控制中心2发送一个开启匿名化功能的指示至装置1a,,装置1a接收到所述开启匿名化功能的指示时,对网元侧设备运行业务产生的原始信息中包括的隐私数据进行匿名化处理,。匿名化处理完成后,装置1a通过SFTP接口或FPTS接口将匿名化处理后的隐私数据以及所述原始信息中的非隐私数据上传至部署在网元管理系统的匿名化控制中心,以使网元管理系统实现对全网问题的定位和诊断。The anonymization control center 2 sends an instruction to enable the anonymization function to the device 1a, and when the device 1a receives the instruction to enable the anonymization function, it anonymizes the private data included in the original information generated by the network element side equipment running services processing,. After the anonymization process is completed, the device 1a uploads the anonymized private data and the non-private data in the original information to the anonymization control center deployed in the network element management system through the SFTP interface or the FPTS interface, so that the network element The management system realizes the positioning and diagnosis of network-wide problems.

实施本发明的实施例,将原始信息中敏感数据进行匿名化处理,设备维护商无法从匿名化后的数据中还原出敏感数据,避免了敏感数据的泄露,因此设备供应商可以把原始信息携带出运营商内部网络,满足运营商保护个人隐私的法律要求,同时不影响通信设备的维护效率。Implementing the embodiment of the present invention, the sensitive data in the original information is anonymized, and the equipment maintainer cannot restore the sensitive data from the anonymized data, avoiding the leakage of sensitive data, so the equipment supplier can carry the original information Access to the operator's internal network meets the operator's legal requirements for protecting personal privacy without affecting the maintenance efficiency of communication equipment.

参见图9,为本发明的一种通信网络中隐私数据匿名的装置的又一结构示意图,包括处理器61、存储器62、输入装置63和输出装置64,装置1的处理器61的数量可以是一个或多个,图9以一个处理器为例。本发明的一些实施例中,处理器61、存储器62、输入装置63和输出装置64可通过总线或其他方式连接,图9中以总线连接为例。Referring to FIG. 9 , it is another structural schematic diagram of a device for anonymizing private data in a communication network of the present invention, including a processor 61, a memory 62, an input device 63 and an output device 64. The number of processors 61 of the device 1 can be One or more, FIG. 9 takes a processor as an example. In some embodiments of the present invention, the processor 61 , the memory 62 , the input device 63 and the output device 64 may be connected via a bus or in other ways, and bus connection is taken as an example in FIG. 9 .

其中,存储器62中存储一组程序代码,且处理器61用于调用存储器62中存储的程序代码,用于执行以下操作:Wherein, a set of program codes are stored in the memory 62, and the processor 61 is used to call the program codes stored in the memory 62 to perform the following operations:

接收匿名化控制中心发送的开启匿名化功能的指示;Receive an instruction to enable the anonymization function sent by the anonymization control center;

识别运行业务产生的原始信息中的隐私数据;Identify private data in raw information generated by running a business;

根据所述开启匿名化功能的指示,对运行业务产生的原始信息中的隐私数据进行匿名化处理。According to the instruction of enabling the anonymization function, the private data in the original information generated by running the business is anonymized.

在本发明的一些实施例中,处理器61还用于执行:将匿名化处理后的隐私数据,以及所述原始信息中的非隐私数据,上报至所述匿名化控制中心。In some embodiments of the present invention, the processor 61 is further configured to: report the anonymized private data and the non-private data in the original information to the anonymization control center.

在本发明的一些实施例中,处理器61具体用于执行:In some embodiments of the present invention, the processor 61 is specifically configured to execute:

将所述原始信息转换成树状结构数据,所述树状结构数据的叶子节点数据包括隐私数据和非隐私数据;Converting the original information into tree structure data, the leaf node data of the tree structure data includes private data and non-private data;

对所述叶子节点中的隐私数据使用匿名化函数进行匿名化处理。An anonymization function is used to anonymize the private data in the leaf node.

在本发明的一些实施例中,处理器61具体用于执行:In some embodiments of the present invention, the processor 61 is specifically configured to execute:

对不同叶子节点中的隐私数据使用不同匿名化函数进行匿名化处理,所述不同匿名化函数为不同的哈希映射。The privacy data in different leaf nodes are anonymized using different anonymization functions, and the different anonymization functions are different hash maps.

在本发明的一些实施例中,处理器61具体用于执行:In some embodiments of the present invention, the processor 61 is specifically configured to execute:

根据匿名化功能的指示中包含的隐私数据的数据类型,识别出所述原始数据中与该数据类型匹配的数据为隐私数据;或According to the data type of the private data contained in the indication of the anonymization function, it is identified that the data matching the data type in the original data is private data; or

网元侧设备预先配置隐私数据的数据类型,识别出所述原始数据中与该数据类型匹配的数据为隐私数据。The network element side device pre-configures the data type of the private data, and identifies the data matching the data type in the original data as the private data.

实施本发明的实施例,将原始信息中敏感数据进行匿名化处理,设备维护商无法从匿名化后的数据中还原出敏感数据,避免了敏感数据的泄露,因此设备供应商可以把上述处理后的信息携带出运营商内部网络,满足运营商保护个人隐私的法律要求,同时不影响通信设备的维护效率。In the embodiment of the present invention, the sensitive data in the original information is anonymized, and the equipment maintainer cannot restore the sensitive data from the anonymized data, which avoids the leakage of sensitive data. Therefore, the equipment supplier can anonymize the above-mentioned processed The information carried out of the operator's internal network meets the operator's legal requirements for protecting personal privacy without affecting the maintenance efficiency of communication equipment.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,所述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random AccessMemory,RAM)等。Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments can be implemented through computer programs to instruct related hardware, and the programs can be stored in a computer-readable storage medium. During execution, it may include the processes of the embodiments of the above-mentioned methods. Wherein, the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM) or a random access memory (Random Access Memory, RAM) and the like.

以上所揭露的仅为本发明一种较佳实施例而已,当然不能以此来限定本发明之权利范围,本领域普通技术人员可以理解实现上述实施例的全部或部分流程,并依本发明权利要求所作的等同变化,仍属于发明所涵盖的范围。What is disclosed above is only a preferred embodiment of the present invention, and of course it cannot limit the scope of rights of the present invention. Those of ordinary skill in the art can understand all or part of the process for realizing the above embodiments, and according to the rights of the present invention The equivalent changes required still belong to the scope covered by the invention.

Claims (5)

1.一种通信网络中隐私数据匿名化方法,其特征在于,包括:1. A method for anonymizing private data in a communication network, comprising: 接收匿名化控制中心发送的开启匿名化功能的指示;Receive an instruction to enable the anonymization function sent by the anonymization control center; 根据匿名化功能的指示中包含的隐私数据的数据类型,识别出原始信息中与该数据类型匹配的数据为隐私数据;According to the data type of the private data included in the indication of the anonymization function, identify the data that matches the data type in the original information as private data; 根据所述开启匿名化功能的指示,对运行业务产生的原始信息中的隐私数据进行匿名化处理;According to the instruction to enable the anonymization function, anonymize the private data in the original information generated by running the business; 其中,所述对所述原始信息中的隐私数据进行匿名化处理,包括:Wherein, the anonymizing the private data in the original information includes: 将所述原始信息转换成树状结构数据,所述树状结构数据的叶子节点数据包括隐私数据和非隐私数据;Converting the original information into tree structure data, the leaf node data of the tree structure data includes private data and non-private data; 对不同叶子节点中的隐私数据使用不同匿名化函数进行匿名化处理,所述不同匿名化函数为不同的哈希映射。The privacy data in different leaf nodes are anonymized using different anonymization functions, and the different anonymization functions are different hash maps. 2.如权利要求1所述的方法,其特征在于,所述对所述原始信息中的隐私数据进行匿名化处理后,进一步包括:2. The method according to claim 1, wherein after said anonymizing the private data in the original information, further comprising: 将匿名化处理后的隐私数据,以及所述原始信息中的非隐私数据,上报至所述匿名化控制中心。Reporting the anonymized private data and the non-private data in the original information to the anonymization control center. 3.一种通信网络中隐私数据匿名的装置,其特征在于,包括:3. A device for anonymizing private data in a communication network, characterized in that it comprises: 指示接收模块,用于接收匿名化控制中心发送的开启匿名化功能的指示;An instruction receiving module, configured to receive an instruction to enable the anonymization function sent by the anonymization control center; 识别模块,用于根据所述指示接收模块接收到的匿名化功能的指示中包含的隐私数据的数据类型,识别出原始信息中与该数据类型匹配的数据为隐私数据;An identification module, configured to identify the data that matches the data type in the original information as private data according to the data type of the private data contained in the indication of the anonymization function received by the indication receiving module; 匿名处理模块,用于根据所述开启匿名化功能的指示,对所述识别模块识别的隐私数据进行匿名化处理;An anonymous processing module, configured to anonymize the private data identified by the identification module according to the instruction to enable the anonymization function; 其中,所述匿名处理模块包括:Wherein, the anonymous processing module includes: 数据转换单元,将所述原始信息转换成树状结构数据,所述树状结构数据的叶子节点数据包括隐私数据和非隐私数据;a data conversion unit, converting the original information into tree-structured data, the leaf node data of the tree-structured data includes private data and non-private data; 匿名处理单元,用于对不同叶子节点中的隐私数据使用不同匿名化函数进行匿名化处理,所述不同匿名化函数为不同的哈希映射。An anonymization processing unit, configured to anonymize private data in different leaf nodes using different anonymization functions, where the different anonymization functions are different hash maps. 4.如权利要求3所述的装置,其特征在于,还包括:4. The device of claim 3, further comprising: 信息上报模块,用于将匿名化处理后的隐私数据,以及所述原始信息中的非隐私数据,上报至所述匿名化控制中心。The information reporting module is configured to report the anonymized private data and the non-private data in the original information to the anonymization control center. 5.一种通信系统,其特征在于,包括匿名化控制中心和如权利要求3或4所述的装置。5. A communication system, comprising an anonymous control center and the device according to claim 3 or 4.
CN201210568522.2A 2012-12-25 2012-12-25 Method, device and system of privacy data anonymization in communication network Active CN103067918B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210568522.2A CN103067918B (en) 2012-12-25 2012-12-25 Method, device and system of privacy data anonymization in communication network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210568522.2A CN103067918B (en) 2012-12-25 2012-12-25 Method, device and system of privacy data anonymization in communication network

Publications (2)

Publication Number Publication Date
CN103067918A CN103067918A (en) 2013-04-24
CN103067918B true CN103067918B (en) 2017-04-12

Family

ID=48110344

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210568522.2A Active CN103067918B (en) 2012-12-25 2012-12-25 Method, device and system of privacy data anonymization in communication network

Country Status (1)

Country Link
CN (1) CN103067918B (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8645763B2 (en) * 2011-09-12 2014-02-04 Microsoft Corporation Memory dump with expanded data and user privacy protection
EP3198470B1 (en) * 2014-09-26 2021-07-28 Alcatel Lucent Privacy protection for third party data sharing
CN104410532A (en) * 2014-12-12 2015-03-11 携程计算机技术(上海)有限公司 Server and log filtering method thereof
CN106162624A (en) * 2015-04-15 2016-11-23 宇龙计算机通信科技(深圳)有限公司 The method of secret protection, device and mobile terminal in communication process
CN108352103A (en) * 2015-09-07 2018-07-31 诺基亚技术有限公司 Secret protection monitors
CN105553979A (en) * 2015-12-15 2016-05-04 国网智能电网研究院 Encryption publishing method for privacy information in smart power grid
CN107357943B (en) * 2016-05-10 2021-11-30 中国移动通信集团湖北有限公司 Data fuzzification method and device
CN107995616B (en) * 2016-10-27 2021-05-18 中国电信股份有限公司 User behavior data processing method and device
CN107547513B (en) * 2017-07-14 2021-02-05 新华三信息安全技术有限公司 Message processing method, device, network equipment and storage medium
CN108924091A (en) * 2018-06-06 2018-11-30 深圳市血之缘医疗科技有限公司 Method for authenticating user identity and Related product
CN113055930B (en) * 2021-03-09 2022-12-27 Oppo广东移动通信有限公司 Data processing method, communication device, server, and storage medium
CN116149235B (en) * 2023-04-03 2023-07-18 艾欧史密斯(中国)热水器有限公司 Data processing method of household appliance system, controller and household appliance system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101473625A (en) * 2006-06-20 2009-07-01 阿尔卡特朗讯公司 Secure domain information protection apparatus and methods
CN101911591A (en) * 2008-01-15 2010-12-08 微软公司 Preventing secure data from leaving a network perimeter
CN102480481A (en) * 2010-11-26 2012-05-30 腾讯科技(深圳)有限公司 Method and device for improving product user data security
CN103037428A (en) * 2011-09-29 2013-04-10 北京三星通信技术研究有限公司 A Method for Realizing Anonymous Reporting of MDT Measurement

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ATE514267T1 (en) * 2004-12-22 2011-07-15 Ericsson Telefon Ab L M MEANS AND METHOD FOR CONTROLLING PERSONAL DATA
US8560456B2 (en) * 2005-12-02 2013-10-15 Credigy Technologies, Inc. System and method for an anonymous exchange of private data
EP2058982A4 (en) * 2006-10-06 2012-02-01 Nec Corp Communication device, communication system, communication method and communication program

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101473625A (en) * 2006-06-20 2009-07-01 阿尔卡特朗讯公司 Secure domain information protection apparatus and methods
CN101911591A (en) * 2008-01-15 2010-12-08 微软公司 Preventing secure data from leaving a network perimeter
CN102480481A (en) * 2010-11-26 2012-05-30 腾讯科技(深圳)有限公司 Method and device for improving product user data security
CN103037428A (en) * 2011-09-29 2013-04-10 北京三星通信技术研究有限公司 A Method for Realizing Anonymous Reporting of MDT Measurement

Also Published As

Publication number Publication date
CN103067918A (en) 2013-04-24

Similar Documents

Publication Publication Date Title
CN103067918B (en) Method, device and system of privacy data anonymization in communication network
US9781255B1 (en) Authentication of phone call origination
US9979705B2 (en) Caller-identity based security
US20140215620A1 (en) System for Testing Computer Application
CN103716785B (en) A kind of mobile Internet safety service system
JP2016530814A (en) Gateway device to block a large number of VPN connections
CN116094696B (en) Data security protection method, data security management platform, system and storage medium
CN114338682B (en) Flow identity identification transmission method and device, electronic equipment and storage medium
US20210409432A1 (en) Automatic identification of applications that circumvent permissions and/or obfuscate data flows
CN111181831A (en) Communication data processing method and device, storage medium and electronic device
CN112966303A (en) Data encryption and decryption method and device, electronic equipment and computer storage medium
Rong‐na et al. Provenance‐based data flow control mechanism for Internet of things
CN107528820A (en) For the encipher-decipher method of application program, device and method for auditing safely and platform
Vidhani et al. Security Challenges in 5G Network: A technical features survey and analysis
CN115883245A (en) Data decryption method, device, equipment and storage medium
CN103152328B (en) A kind of conferencing information control system based on wireless network and control method thereof
CN111246407A (en) Data encryption and decryption method and device for short message transmission
CN118568755B (en) Trusted multi-party data transmission method and device, electronic equipment and storage medium
CN114697052B (en) Network protection methods and devices
CN110958267B (en) A method and system for monitoring internal threat behavior in a virtual network
CN104753774A (en) A Distributed Enterprise Integrated Access Gateway
CN116743481A (en) Service security management and control method, device, equipment and storage medium
Wang et al. MobileGuardian: A security policy enforcement framework for mobile devices
JP2017076303A (en) Information processing system
CN112188529B (en) Micro base station operation method and micro base station

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant