Differentially private processing and database storage
First Claim
1. A method for returning differentially private results in response to a query to a database storing restricted health data for a plurality of patients, the database storing records comprising rows and columns, where the rows are associated with patients having a medical condition, and columns of the rows contain values describing health data for the patients, the method comprising:
- receiving a database query from a client device, the database query requesting a linear model describing correlations among values of columns in a set of records in the database, the database query specifying a degree of privacy to maintain for the restricted data;
performing the database query on the set of records in the database to produce a differentially private version of the linear model that maintains the specified degree of privacy for the restricted data, performing the query comprising;
modeling the values of the columns in the set of records in the database to produce a linear model comprising a set of parameters θ
that describe correlations among the values describing health data for the patients;
minimizing a loss function on the linear model over possible values of the set of parameters θ
to produce an optimal set of parameters θ
; and
perturbing the optimal set of parameters θ
to produce the differentially private version of the linear model, the set of parameters θ
perturbed by a factor defined by;
4 Assignments
0 Petitions
Accused Products
Abstract
A hardware database privacy device is communicatively coupled to a private database system. The hardware database privacy device receives a request from a client device to perform a query of the private database system and identifies a level of differential privacy corresponding to the request. The identified level of differential privacy includes privacy parameters (ε,δ) indicating the degree of information released about the private database system. The hardware database privacy device identifies a set of operations to be performed on the set of data that corresponds to the requested query. After the set of data is accessed, the set of operations is modified based on the identified level of differential privacy such that a performance of the modified set of operations produces a result set that is (ε,δ)-differentially private.
-
Citations
20 Claims
-
1. A method for returning differentially private results in response to a query to a database storing restricted health data for a plurality of patients, the database storing records comprising rows and columns, where the rows are associated with patients having a medical condition, and columns of the rows contain values describing health data for the patients, the method comprising:
-
receiving a database query from a client device, the database query requesting a linear model describing correlations among values of columns in a set of records in the database, the database query specifying a degree of privacy to maintain for the restricted data; performing the database query on the set of records in the database to produce a differentially private version of the linear model that maintains the specified degree of privacy for the restricted data, performing the query comprising; modeling the values of the columns in the set of records in the database to produce a linear model comprising a set of parameters θ
that describe correlations among the values describing health data for the patients;minimizing a loss function on the linear model over possible values of the set of parameters θ
to produce an optimal set of parameters θ
; andperturbing the optimal set of parameters θ
to produce the differentially private version of the linear model, the set of parameters θ
perturbed by a factor defined by; - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable storage medium storing computer program instructions executable by a processor to perform operations for returning differentially private results in response to a query to a database storing restricted health data for a plurality of patients, the database storing records comprising rows and columns, where the rows are associated with patients having a medical condition, and columns of the rows contain values describing health data for the patients, the operations comprising:
-
receiving a database query from a client device, the database query requesting a linear model describing correlations among values of columns in a set of records in the database, the database query specifying a degree of privacy to maintain for the restricted data; performing the database query on the set of records in the database to produce a differentially private version of the linear model that maintains the specified degree of privacy for the restricted data, performing the query comprising; modeling the values of the columns in the set of records in the database to produce a linear model comprising a set of parameters θ
that describe correlations among the values describing health data for the patients;minimizing a loss function on the linear model over possible values of the set of parameters θ
to produce an optimal set of parameters θ
; andperturbing the optimal set of parameters θ
to produce the differentially private version of the linear model, the set of parameters θ
perturbed by a factor defined by; - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
a processor for executing computer program instructions; and a non-transitory computer-readable storage medium storing computer program instructions executable by the processor to perform operations for returning differentially private results in response to a query to a database storing restricted health data for a plurality of patients, the database storing records comprising rows and columns, where the rows are associated with patients having a medical condition, and columns of the rows contain values describing health data for the patients, the operations comprising; receiving a database query from a client device, the database query requesting a linear model describing correlations among values of columns in a set of records in the database, the database query specifying a degree of privacy to maintain for the restricted data; performing the database query on the set of records in the database to produce a differentially private version of the linear model that maintains the specified degree of privacy for the restricted data, performing the query comprising; modeling the values of the columns in the set of records in the database to produce a linear model comprising a set of parameters θ
that describe correlations among the values describing health data for the patients;minimizing a loss function on the linear model over possible values of the set of parameters θ
to produce an optimal set of parameters θ
; andperturbing the optimal set of parameters θ
to produce the differentially private version of the linear model, the set of parameters θ
perturbed by a factor defined by; - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification