[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2023286968A1 - Procédé et dispositif de désidentification d'informations d'emplacement - Google Patents

Procédé et dispositif de désidentification d'informations d'emplacement Download PDF

Info

Publication number
WO2023286968A1
WO2023286968A1 PCT/KR2022/003170 KR2022003170W WO2023286968A1 WO 2023286968 A1 WO2023286968 A1 WO 2023286968A1 KR 2022003170 W KR2022003170 W KR 2022003170W WO 2023286968 A1 WO2023286968 A1 WO 2023286968A1
Authority
WO
WIPO (PCT)
Prior art keywords
identification
location information
unit
regions
area
Prior art date
Application number
PCT/KR2022/003170
Other languages
English (en)
Korean (ko)
Inventor
유정범
김명환
정진우
Original Assignee
주식회사 메쉬코리아
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 메쉬코리아 filed Critical 주식회사 메쉬코리아
Publication of WO2023286968A1 publication Critical patent/WO2023286968A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/23Clustering techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06TIMAGE DATA PROCESSING OR GENERATION, IN GENERAL
    • G06T5/00Image enhancement or restoration
    • G06T5/20Image enhancement or restoration using local operators
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06TIMAGE DATA PROCESSING OR GENERATION, IN GENERAL
    • G06T7/00Image analysis
    • G06T7/10Segmentation; Edge detection
    • G06T7/11Region-based segmentation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Definitions

  • the present invention relates to a method and apparatus for de-identifying location information, and more particularly, to a technique for maximizing anonymity and usability of de-identified data in de-identifying individual location information.
  • the number of generated de-identification regions may increase as the anonymity threshold is lower, and may decrease as the anonymity threshold is higher.
  • the generating of the non-identification areas may include grouping with a unit area adjacent to the random unit area when the number of pieces of location information included in any one of the unit areas is lower than the anonymity threshold. Identification area can be determined.
  • a unit region adjacent to the non-identification region and the non-identification region may be grouped. there is.
  • a method for de-identifying location information includes identifying a geographic area including location information of users belonging to a certain category; dividing the geographic area into a plurality of unit areas for each dimension; comparing the number of pieces of location information included in each of the unit areas with a preset anonymity threshold; generating a non-identification area by grouping the unit areas based on the comparison result; and i) combining the de-identification area and ii) a de-identification area generated from a geographic area including location information of users belonging to the arbitrary category and other categories to obtain a multi-dimensional non-identification area.
  • the number of generated de-identification regions may increase as the anonymity threshold is lower, and may decrease as the anonymity threshold is higher.
  • a unit region adjacent to the non-identification region and the non-identification region may be grouped. there is.
  • the processor when the number of pieces of location information included in any unit area among the unit areas is lower than the anonymity threshold, may determine the non-identification area by grouping with a unit area adjacent to the arbitrary unit area. .
  • the processor may group the non-identification region with a unit region adjacent to the non-identification region when the number of pieces of location information included in the non-identification region is lower than the anonymity threshold.
  • the processor groups the unit regions in a plurality of different ways to generate a plurality of combinations of non-identification regions, and the number of non-identification regions among the generated combinations of non-identification regions is a preset reference number. and determining a combination of the following de-identification regions as a final de-identification result.
  • the de-identification device includes a processor, wherein the processor identifies a geographic area including location information of users belonging to an arbitrary category; , Dividing the geographic area into a plurality of unit areas for each dimension, comparing the number of location information included in each of the unit areas with a preset anonymity threshold, and based on the result of the comparison, the unit area By grouping them, a de-identification area is created, i) the de-identification area and ii) a de-identification area created from a geographic area including location information of users belonging to the category different from the arbitrary category. By combining, it is possible to obtain a multi-dimensional non-identified area.
  • the entire area is divided into a plurality of unit areas and adjacent unit areas are grouped according to an anonymity threshold. , can maximize usability and anonymity.
  • location information to which different types of personal information is mapped is de-identified to create a multi-dimensional de-identification area, thereby enabling multi-dimensional analysis of location information.
  • FIG. 1 is a diagram illustrating a de-identification device according to an embodiment of the present invention.
  • FIG. 5 shows a result of de-identifying location information of users belonging to different categories according to an embodiment of the present invention.
  • de-identifying location information 105 such as the user's address among personal information of users
  • the entire area 103 is divided into a plurality of unit areas, and adjacent unit areas are divided according to an anonymity threshold.
  • an anonymity threshold By grouping, it relates to a technique capable of maximizing usability and anonymity of de-identified location information (105).
  • the de-identification device 101 may include a processor 102 .
  • the processor 102 of the de-identification device 101 may perform de-identification methods according to various embodiments of the present invention.
  • the processor 102 may generate de-identification areas by de-identifying the entire area 103 including location information 105 of individuals.
  • the location information 105 means information about a user's location on a map.
  • the location information 105 may include the user's address, and may include latitude, longitude, and height of the user's location in 3D space.
  • the location information 105 may have different meanings depending on the type or embodiment of the service.
  • the user's location information 105 collected in relation to delivery and delivery services may include an address.
  • the user's location information 105 collected from the application used by the rider handling the delivery may include the latitude and longitude of the parking location relative to the delivery address.
  • the location information 105 is not limited to a specific example, and may mean a user's location on a 2D map or 3D space.
  • Users may refer to people who use services provided by an application or web.
  • Location information 105 of users belonging to a certain category may be de-identified by a de-identification method according to an embodiment.
  • users belonging to a certain category may mean users belonging to a category in which some items of personal information are common, such as men in their 20s and women in their 30s.
  • a multi-dimensional de-identification area in which de-identification areas for each category are combined may be created.
  • the entire area 103 may mean a 2-dimensional or 3-dimensional geographical area of a certain range.
  • the range of the entire area 103 is determined based on the range of location information 105 to be de-identified, and the range of the entire area 103 may not be limited to a specific example. A specific example of the entire area 103 will be described later with reference to FIG. 2 .
  • an entire area 103 may include location information 105 of various uses.
  • the de-identification device 101 may de-identify location information 105 of users to create a de-identification area.
  • the non-identification area may refer to an area in which location information 105 of users has a certain range on the entire area 104, such as Zone 1 and Zone 2, in the entire area 104 of FIG. 1 .
  • the non-identification area may be created such that the number of pieces of location information 105 included in the non-identification area is 4.
  • a detailed process of generating the non-identification area by the de-identification device 101 will be described later with reference to FIG. 3 .
  • the non-identification method of the present invention which can maximize usability and anonymity, can be used.
  • the entire area 301-303 is divided into unit areas 311-313 of different shapes according to various embodiments. It may be a drawing showing that.
  • the non-identification device may divide the entire area 301 to 303 including location information into unit areas of various types.
  • Each of the unit areas 311 to 313 may include location information about several users. Location information included in each unit area 311 to 313 may be de-identified as a non-identification area.
  • the de-identification device generates non-identification areas by grouping the unit areas 311 to 313 based on the anonymity threshold and the number of location information included in each of the unit areas 311 to 313. can A detailed de-identification process of location information will be described later with reference to FIG. 4 .
  • FIG. 4 illustrates a process of grouping unit regions according to an embodiment of the present invention.
  • the non-identification device When the number of location information included in the non-identification area 431-441 is lower than the anonymity threshold 401, the non-identification device identifies the unit area 411 adjacent to the non-identification area 431-441 and the non-identification area 431-441. Identification areas 431-441 can be grouped.
  • the de-identification device divides the selected unit area 411 into non-identified areas 431-441 without separate grouping. ) can be determined.
  • the de-identification device determines whether unit areas 411 adjacent to the selected unit area 411 or non-identification Any one of the unit regions 411 or non-identified regions 431 to 441 of the regions 431 to 441 may be determined.
  • the de-identification device may create a new non-identified area 431-441 by grouping the selected unit area 411 and the determined unit area 411 or non-identified areas 431-441. Then, the de-identification device, until the number of location information included in the grouped unit areas 411 is greater than or equal to the anonymity threshold 401, the generated de-identification areas 431-441, adjacent It can be combined with the unit area 411 or non-identified areas 431-441.
  • the de-identification device performs a breadth-first search again on an arbitrary unit area 411 among the unit areas 411 not determined as non-identified areas 431 to 441 to find the unit areas 411. can be grouped.
  • the non-identified regions 431 to 441 may group the unit regions 411 such that all unit regions 411 belong to one of the non-identified regions 431 to 441 .
  • the number of location information included in each of the generated non-identification areas 431 to 441 may be greater than or equal to the anonymity threshold 401 .
  • the entire area 430 may include a plurality of non-identified areas 431-441.
  • a data usability index function may be used for usability evaluation.
  • the non-identification device determines the value of the data availability index function for each combination of a plurality of non-identification regions 431-441, and the case where the argmax value of the value of the data availability index function is the largest.
  • a combination of the de-identification regions 431 to 441 may be determined as a final de-identification result.
  • the de-identification device may generate non-identification regions 431 to 441 such that the number of non-identification regions 431 to 441 is less than or equal to a preset reference number. That is, the resolution of de-identified data can be guaranteed due to the number limitation.
  • users belonging to a category may refer to users belonging to a category in which some items of personal information are common, such as a man in his twenties and a woman in her thirties.
  • de-identification areas 501 to 503 for each category may be determined.
  • the de-identification device may generate a multi-dimensional de-identification area 504 by combining the de-identification areas 501 to 503 for each category.
  • FIG. 6 is a flowchart illustrating a de-identification method according to an embodiment of the present invention.
  • the de-identification device may determine the non-identification area by grouping the unit area adjacent to the arbitrary unit area.
  • the method according to the present invention is written as a program that can be executed on a computer and can be implemented in various recording media such as magnetic storage media, optical reading media, and digital storage media.
  • Information carriers suitable for embodying computer program instructions and data include, for example, semiconductor memory devices, for example, magnetic media such as hard disks, floppy disks and magnetic tapes, compact disk read only memory (CD-ROM) ), optical media such as DVD (Digital Video Disk), magneto-optical media such as Floptical Disk, ROM (Read Only Memory), RAM (RAM) , Random Access Memory), flash memory, EPROM (Erasable Programmable ROM), EEPROM (Electrically Erasable Programmable ROM), and the like.
  • semiconductor memory devices for example, magnetic media such as hard disks, floppy disks and magnetic tapes, compact disk read only memory (CD-ROM) ), optical media such as DVD (Digital Video Disk), magneto-optical media such as Floptical Disk, ROM (Read Only Memory), RAM (RAM) , Random Access Memory), flash memory, EPROM (Erasable Programmable ROM), EEPROM (Electrically Erasable Programmable ROM), and the like.
  • the processor and memory may be supplement
  • computer readable media may be any available media that can be accessed by a computer, and may include both computer storage media and transmission media.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Evolutionary Computation (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Evolutionary Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

L'invention concerne un procédé et un dispositif permettant de désidentifier des informations d'emplacement. Un procédé de désidentification d'informations d'emplacement, selon un mode de réalisation de la présente invention, peut comprendre les étapes suivantes : identifier une valeur seuil d'anonymat et une zone entière comprenant des informations d'emplacement concernant des utilisateurs ; diviser la totalité de la zone en une pluralité de zones unitaires ; déterminer le nombre d'informations d'emplacement présentes dans chacune des zones unitaires ; et produire des zones désidentifiées en regroupant les zones unitaires en fonction de la valeur seuil d'anonymat et du nombre d'informations d'emplacement incluses dans chacune des zones unitaires.
PCT/KR2022/003170 2021-07-12 2022-03-07 Procédé et dispositif de désidentification d'informations d'emplacement WO2023286968A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020210091098A KR102507480B1 (ko) 2021-07-12 2021-07-12 위치 정보의 비식별화 방법 및 장치
KR10-2021-0091098 2021-07-12

Publications (1)

Publication Number Publication Date
WO2023286968A1 true WO2023286968A1 (fr) 2023-01-19

Family

ID=84920396

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2022/003170 WO2023286968A1 (fr) 2021-07-12 2022-03-07 Procédé et dispositif de désidentification d'informations d'emplacement

Country Status (2)

Country Link
KR (1) KR102507480B1 (fr)
WO (1) WO2023286968A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20240145291A (ko) * 2023-03-27 2024-10-07 삼성전자주식회사 개인 정보를 나타내는 위치 정보를 가상의 위치 정보로 변환하는 서버, 이의 동작 방법 및 기록 매체

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5846548B2 (ja) * 2010-12-27 2016-01-20 日本電気株式会社 情報保護装置及び情報保護方法
KR20160066661A (ko) * 2014-12-02 2016-06-13 한양대학교 에리카산학협력단 위치 기반 서비스에서 익명성을 확보하는 방법 및 시스템
JP2016162271A (ja) * 2015-03-03 2016-09-05 Kddi株式会社 匿名化装置、方法及びプログラム
JP2016206896A (ja) * 2015-04-21 2016-12-08 トヨタ自動車株式会社 位置情報匿名化方法、移動情報匿名化方法、および装置
JP6125153B2 (ja) * 2012-04-27 2017-05-10 Kddi株式会社 位置情報匿名化装置、位置情報匿名化方法およびプログラム

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5846548B2 (ja) * 2010-12-27 2016-01-20 日本電気株式会社 情報保護装置及び情報保護方法
JP6125153B2 (ja) * 2012-04-27 2017-05-10 Kddi株式会社 位置情報匿名化装置、位置情報匿名化方法およびプログラム
KR20160066661A (ko) * 2014-12-02 2016-06-13 한양대학교 에리카산학협력단 위치 기반 서비스에서 익명성을 확보하는 방법 및 시스템
JP2016162271A (ja) * 2015-03-03 2016-09-05 Kddi株式会社 匿名化装置、方法及びプログラム
JP2016206896A (ja) * 2015-04-21 2016-12-08 トヨタ自動車株式会社 位置情報匿名化方法、移動情報匿名化方法、および装置

Also Published As

Publication number Publication date
KR102507480B1 (ko) 2023-03-09
KR20230010485A (ko) 2023-01-19

Similar Documents

Publication Publication Date Title
Jiménez et al. Perceptually important points of mobility patterns to characterise bike sharing systems: The Dublin case
WO2023286968A1 (fr) Procédé et dispositif de désidentification d'informations d'emplacement
Lanzi et al. The consensus immunoscore: toward a new classification of colorectal cancer
WO2021118039A1 (fr) Procédé fondé sur l'apprentissage profond permettant de filtrer des images similaires, et appareil faisant appel audit procédé
CN110062324B (zh) 一种基于k-匿名的个性化位置隐私保护方法
WO2017104919A1 (fr) Gestion d'images basée sur un événement à l'aide d'un regroupement
WO2020062657A1 (fr) Procédé et appareil de génération de profil de risque d'utilisateur, dispositif et dispositif associé
WO2017146337A1 (fr) Procédé et appareil d'archivage d'une base de données et procédé et appareil de recherche d'une base de données archivée
WO2011159010A1 (fr) Procédé de communication de terminal mobile et procédé d'information de terminal mobile
WO2015099394A1 (fr) Système de gestion de bâtiment pour convertir des équipements présents dans des bâtiments en une base de données et procédé associé
Qu et al. Development of a deep pathomics score for predicting hepatocellular carcinoma recurrence after liver transplantation
Cao et al. Uniqueness in the city: Urban morphology and location privacy
WO2021118040A1 (fr) Procédé basé sur un apprentissage profond pour éliminer par filtrage un texte similaire, et appareil l'utilisant
WO2012091313A2 (fr) Dispositif et procédé pour mesurer un lieu intérieur
Peters et al. Achieving equal probability of selection under various random sampling strategies
Lu et al. Considering risk locations when defining perturbation zones for geomasking
WO2024111730A1 (fr) Appareil de ré-identification d'objets basée sur l'ia et procédé associé
EP2798553A1 (fr) Appareil et procédé permettant de gérer des informations génétiques
WO2015056818A1 (fr) Filtre de bloom de comptage
WO2022220523A1 (fr) Procédé et appareil de stockage distribué pour la gestion d'informations accessibles à l'aide d'un réseau d'entreprise basé sur une chaîne de blocs
Kumar et al. Activity based resource allocation in IoT for disaster management
WO2015023106A1 (fr) Appareil et procédé de traitement d'image
WO2022075560A1 (fr) Système et procédé de médiation de données énergétiques
WO2020241943A1 (fr) Procédé de désidentification de mégadonnées
WO2016099020A1 (fr) Système de service de recherche de technologies extensibles/de parcours et procédé associé

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22842231

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22842231

Country of ref document: EP

Kind code of ref document: A1