Search

CN-122029539-A - System and method for sharing data while preserving privacy

CN122029539ACN 122029539 ACN122029539 ACN 122029539ACN-122029539-A

Abstract

The present application relates to a method, system, network and tangible readable medium for sharing data associated with a user by a digital representation of the user. A communication path is established between the User device of the User and the D-User module. User data from the User device is stored in a data store of the D-User module, the User data comprising data subsets, each data subset being associated with a privacy protection level (privacy preservation level, PPL). The subset of data is processed as privacy-preserving data according to the PPL marked for each subset. A location stores the privacy-preserving data and provides access to this location to an internal or external node to enable the node to access the privacy-preserving data.

Inventors

  • Nimer Gamini Senares
  • Renzier LEM bor jalinin
  • Mohammed Faraj Mofuta Alzenade
  • ZHANG HANG

Assignees

  • 华为技术有限公司

Dates

Publication Date
20260512
Application Date
20240613
Priority Date
20231018

Claims (20)

  1. 1. A method for sharing data associated with a User by a digital representation of the User hosted in a network, said digital representation being referred to as a D-User module, said method comprising the steps of: Establishing a communication path between User Equipment (UE) of the User and the D-User module; Storing User data from the User device in a data store of the D-User module, the User data comprising data subsets, at least one data subset being associated with a privacy protection level PPL; Processing the subset of data into privacy-preserving data according to the PPL of the subset of data; An access location storing the privacy-preserving data is provided to an internal node of the network or to an external node to enable the node to access the privacy-preserving data.
  2. 2. The method according to claim 1, characterized in that the D-User module is instantiated in a hosting platform HOP of the network, referred to as a hosting network HN.
  3. 3. The method according to claim 2, characterized in that the managed network HN is an untrusted network, access of which to the data storage or network functions within the D-User module is controlled by an access control function in the HOP.
  4. 4. The method according to claim 2, characterized in that the managed network HN is an untrusted network, access to the data storage or network functions within the D-User module being controlled by an access control function within the D-User module.
  5. 5. The method according to any of claims 1 to 4, wherein providing the access location to an internal node or an external node is controlled by a network function of the network.
  6. 6. The method of any one of claims 1 to 5, wherein establishing the communication path between the UE of the User and the D-User module comprises providing a security key to mutually authenticate the UE and the D-User module to enable secure communication between the UE and the D-User module, preventing visibility of the communication between the UE and the D-User module by the network.
  7. 7. The method of any of claims 1 to 5, wherein the User continuously updates the User data by the UE using the D-User module, the D-User module including a data synchronization function to track validity of the User data and timeliness of the User data, and to update metadata associated with the User data in the data store of the D-User module.
  8. 8. The method of claim 7, wherein the data synchronization function notifies the UE when User data is shared or dropped from the D-User module.
  9. 9. The method according to any of claims 1 to 8, comprising pre-filtering the User data using UE functionality of the UE before sending new User data into the data store of the D-User module.
  10. 10. The method of claim 1, wherein the D-User module is instantiated in an isolation container.
  11. 11. The method of claim 10, wherein the isolation container is a trusted execution environment TEE, and wherein communication between the D-User module and the UE is not visible to the HN.
  12. 12. The method of claim 1, wherein the hosted network includes a privacy protection portal PPP, and wherein communication between the D-User module and the external node is performed through the PPP.
  13. 13. The method of claim 3, wherein the HOP comprises a privacy protection portal PPP, and wherein communication between the D-User module and the external node is performed through the PPP.
  14. 14. The method of claim 13, wherein the PPP is used to de-privacy communications between the D-User module and the external node.
  15. 15. The method according to claim 13 or 14, wherein the PPP is used for anonymizing the communication between the D-User module and the external node.
  16. 16. The method according to claim 15, wherein anonymization of User data is performed by the PPP changing a User identification (User ID), a User equipment identification (UE-ID) or a D-User identification (D-user_ID) to a temporary identification (Temp_ID), and/or changing a location of a source address of the communication with an external node to a temporary location, thereby preventing private information from being revealed to the external node.
  17. 17. The method according to claim 16, wherein the User ID, the UE-ID or the D-user_id corresponds to a location address, such as an IP address.
  18. 18. A method according to claim 15 or 16, wherein the PPP applies an encryption process to the subset of data associated with PPL requiring data encryption to further disassociate the user data from the user.
  19. 19. A method according to any one of claims 13 to 18, characterized in that each PPL is associated with a privacy protection technique applied by a data processing function DPF of the D-User module for the processing of the subset of data.
  20. 20. The method of claim 19, wherein the PPP includes a policy engine in which the PPLs are stored, maintained, and associated with respective privacy protection technologies according to privacy policies established in conjunction with the UE.

Description

System and method for sharing data while preserving privacy 1. Cross-reference to related applications The present application claims priority from U.S. patent application Ser. No. 63/591,245, entitled "method for sharing dates by a user with a third party while preserving privacy (Method for User to SHARE DATE WITH. Rd Parties Preserving Privacy)" filed on month 10 of 2023, 18. The contents of this priority application are incorporated herein by reference. Technical Field The present disclosure relates to the field of data communications, and more particularly, to a system, method, and memory for enabling a user to share user data with an external service or content provider while ensuring privacy and confidentiality of the user data. Background The public land mobile network (public land mobile network, PLMN) is intended to provide connectivity services for users or other types of entities and their User Equipments (UEs). The concept of a user centric network (user centric network, UCN) improves the user network experience by dynamically adapting the network structure to the individual user contexts. As users or other types of entities require or claim more ownership and control over their services and their privacy, future networks may become increasingly "user-centric", that is, they are expected to provide more user authorization. The UCN design may allow entities to have more control over the services provided by the network or over the network that provides these services to these entities. Future networks must also be able to support new network infrastructure capabilities, suitable for cloud computing applications being deployed on a large scale. Future networks should be able to support the use of large scale artificial intelligence (ARTIFICIAL INTELLIGENCE, AI) models, data anonymization, blockchain technology, etc., which have made significant progress in the past few years. Furthermore, future networks, including enhanced 5G and 6G networks, should also be designed to support new applications and services, including AI and data sensing services, which are not only widely used for industrial applications, but also by individuals. These applications make collaboration between different entities more global and open, and future networks should be designed to provide or improve data confidentiality and reliability, standardization, and rapid application deployment. As the real world is increasingly controlled by means of the digital domain and more precise control of the real world system is required, digital twinning is created to provide a digital representation of the real world entity. These digital twins may represent any type of entity, including objects such as engines, automobiles, robots, infrastructure such as cities and factories, but also users themselves. Replicating users in the virtual world presents additional challenges compared to objects or infrastructure because confidentiality and integrity of user data is critical. All of these factors are driving the study of future network architectures, including, for example, 6G networks. Therefore, improvements in communication networks are imperative. This background is provided for the purpose of revealing information that the applicant believes may be relevant to the present disclosure. It is not intended to be an admission that any of the preceding information is not to be construed as constituting prior art against the present disclosure. Disclosure of Invention The present disclosure provides a method, system, platform, and computer readable memory that enable users of a network to securely and using a user-controlled privacy level to share data associated with the user with third parties, including personal data, queries, and application-running data from various equipment and devices used by the user. In the present application, a digital entity (also referred to as a DE, D-XX, DE module, or D-XX module) corresponds to a representation of any entity, including, for example, an asset, a process, a system, a digital world, an organization, or a user. The digital entities may be virtual representations or copies of real world objects, people, or processes that can be used to simulate their behavior in order to better understand and predict their operation in real life. The digital entity may be linked to the actual data sources collected from the sensors, as well as other sources of information from its environment. The digital entity may be updated in real time to reflect the original, real world version. The digital entities may be interconnected and may communicate with each other affecting each other so that the entire system may be replicated. A digital entity that replicates a physical entity or collection of physical entities may be referred to as a digital representation (D-Rep or D-Rep module). A digital entity that replicates a more complex system (e.g., an organization or a factory) and that includes several D-reps may be