Tracking privacy budget with distributed ledger

US 10,380,366 B2
Filed: 04/25/2017
Issued: 08/13/2019
Est. Priority Date: 04/25/2017
Status: Active Grant

First Claim

Patent Images

1. A computerized method, comprising:

sending, via a network and using one or more hardware processors of a computing device associated with a first data owner, a request to register a data offer from the first data owner to participate in a distributed ledger stored in distributed computer memory, the request to register the data offer including information associated with the data offer and a privacy budget for the data offer, and wherein the information associated with the data offer and the privacy budget are stored in the distributed ledger and the data offer is accessible by third parties to the first data owner;

receiving, via the network, a first request from a first third party computer associated with a first third party, to access specified data associated with the data offer from the first data owner;

analyzing, using the one or more hardware processors, the privacy budget for the data offer to determine whether the privacy budget comprises a balance necessary to allow access to the specified data;

based on determining that the privacy budget comprises the balance necessary to allow access to the specified data, accessing the data offer, using the one or more hardware processors to produce result data comprising the specified data;

anonymizing, using the one or more hardware processors, the result data;

updating, using the one or more hardware processors, a distributed ledger entry in the distributed ledger to update a balance for the privacy budget;

providing, via the network, the anonymized result data to the first third party computer;

receiving a second request from a second third party computer associated with a second third party, to access second specified data associated with the data offer from the first data owner;

analyzing the privacy budget for the data offer to determine that the privacy budget does not comprise a balance necessary to allow access to the second specified data; and

causing the data offer to be marked as invalid or expired in the distributed ledger.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for sending a request to register a data offer from a data owner to participate in a distributed ledger, the request including information associated with the data offer and a privacy budget for the data offer, and wherein the information associated with the data offer and the privacy budget is stored in the distributed ledger and the data offer is accessible by third parties to the data owner. The systems and method further providing for receiving a request, associated with a third party computer, to access data associated with the data offer, processing a data request associated with the request to access data, based on determining that there is sufficient privacy budget to allow access to the data associated with the request to access data, to produce result data, anonymizing the result data, and updating the distributed ledger.

Citations

20 Claims

1. A computerized method, comprising:
- sending, via a network and using one or more hardware processors of a computing device associated with a first data owner, a request to register a data offer from the first data owner to participate in a distributed ledger stored in distributed computer memory, the request to register the data offer including information associated with the data offer and a privacy budget for the data offer, and wherein the information associated with the data offer and the privacy budget are stored in the distributed ledger and the data offer is accessible by third parties to the first data owner;
  
  receiving, via the network, a first request from a first third party computer associated with a first third party, to access specified data associated with the data offer from the first data owner;
  
  analyzing, using the one or more hardware processors, the privacy budget for the data offer to determine whether the privacy budget comprises a balance necessary to allow access to the specified data;
  
  based on determining that the privacy budget comprises the balance necessary to allow access to the specified data, accessing the data offer, using the one or more hardware processors to produce result data comprising the specified data;
  
  anonymizing, using the one or more hardware processors, the result data;
  
  updating, using the one or more hardware processors, a distributed ledger entry in the distributed ledger to update a balance for the privacy budget;
  
  providing, via the network, the anonymized result data to the first third party computer;
  
  receiving a second request from a second third party computer associated with a second third party, to access second specified data associated with the data offer from the first data owner;
  
  analyzing the privacy budget for the data offer to determine that the privacy budget does not comprise a balance necessary to allow access to the second specified data; and
  
  causing the data offer to be marked as invalid or expired in the distributed ledger.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computerized method of claim 1, wherein the information associated with the data offer comprises identification information for the first data owner.
  - 3. The computerized method of claim 1, wherein analyzing the privacy budget for the data offer to determine whether the privacy budget comprises a balance necessary to allow access to the specified data associated comprises:
    - determining a current balance of the privacy budget for the data offer;
      
      determining how much privacy budget is necessary for the specified data; and
      
      comparing the privacy budget necessary for the specified data and the current balance of the privacy budget for the data offer.
  - 4. The computerized method of claim 1, wherein the information associated with the data offer comprises a description of the data associated with the data offer.
  - 5. The computerized method of claim 1, wherein receiving the first request from the first third party computer to access specified data associated with the data offer from the data owner comprises accessing the distributed ledger to determine that a request is made from the first third party.
  - 6. The computerized method of claim 1, wherein the first request from the first third party computer to access specified data associated with the data offer comprises a privacy guarantee the first third party is willing to accept.
  - 7. The computerized method of claim 1, wherein the first request from the first third party computer to access data associated with the data offer comprises a function the first third party is interested in.
  - 8. The computerized method of claim 1, wherein anonymizing the result data comprises adding noise to the result data.
  - 9. The computerized method of claim 8, wherein an amount of noise added is scaled according to a portion of the privacy budget that is available for the result data.
  - 10. The computerized method of claim 1, further comprising:
    - receiving a third request from a third third party computer associated with a third third party, to access third specified data associated with the data offer from the data owner;
      
      analyzing the privacy budget for the data offer to determine whether the budget comprises a balance necessary to allow access to the third specified data;
      
      based on determining that the privacy budget comprises the balance necessary to allow access to the third specified data, accessing the data offer to produce third result data comprising the third specified data;
      
      anonymizing the third result data;
      
      updating a distributed ledger entry with an updated balance for the privacy budget; and
      
      providing the anonymized third result data to the second third party computer.
  - 11. The computerized method of claim 1, wherein the distributed ledger comprises data offers from other data owners not associated with the first data owner.
  - 12. The computerized method of claim 1, wherein analyzing the privacy budget for the data offer to determine that the privacy budget does not comprise a balance necessary to allow access to the second specified data comprises determining that the balance for the privacy budget is zero or insufficient for any further query.

13. A server computer associated with a first data owner comprising:
- at least one processor; and
  
  a computer-readable medium coupled with the at least one processor, the computer-readable medium comprising instructions stored thereon that are executable by the at least one processor to cause the server computer to perform operations comprising;
  
  sending a request to register a data offer from the first data owner to participate in a distributed ledger stored in distributed computer memory, the request to register the data offer including information associated with the data offer and a privacy budget for the data offer, and wherein the information associated with the data offer and the privacy budget are stored in the distributed ledger and the data offer is accessible by third parties to the first data owner;
  
  receiving a first request from a first third party computer associated with a first third party, to access specified data associated with the data offer from the first data owner;
  
  analyzing the privacy budget for the data offer to determine whether the privacy budget comprises a balance necessary to allow access to the specified data;
  
  based on determining that the privacy budget comprises the balance necessary to allow access to the specified data, accessing the data offer to produce result data comprising the specified data;
  
  anonymizing the result data;
  
  updating a distributed ledger entry in the distributed ledger to update a balance for the privacy budget;
  
  providing the anonymized result data to the first third party computer;
  
  receiving a second request from a second third party computer associated with a second third party, to access second specified data associated with the data offer from the first data owner;
  
  analyzing the privacy budget for the data offer to determine that the privacy budget does not comprise a balance necessary to allow access to the second specified data; and
  
  causing the data offer to be marked as invalid or expired in the distributed ledger.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The server computer of claim 13, wherein receiving the first request from the first third party computer to access data associated with the data offer from the first data owner comprises accessing the distributed ledger to determine that a request is made from the first third party.
  - 15. The server computer of claim 13, wherein the first request from the first third party computer to access specified data associated with the data offer comprises a privacy guarantee the first third party is willing to accept.
  - 16. The server computer of claim 13, wherein the first request from the first third party computer to access specified data associated with the data offer comprises a function the first third party is interested in.
  - 17. The server computer of claim 13, wherein anonymizing the result data comprises adding noise to the result data.
  - 18. The server computer of claim 17, wherein an amount of noise added is scaled according to a portion of the privacy budget that is available for the result data.
  - 19. The server computer of claim 13, wherein the distributed ledger comprises data offers from other data owners not associated with the first data owner.

20. A non-transitory computer-readable medium comprising instructions stored thereon that are executable by at least one processor to cause a computing device associated with a first data owner to perform operations comprising:
- sending a request to register a data offer from the first data owner to participate in a distributed ledger stored in distributed computer memory, the request to register the data offer including information associated with the data offer and a privacy budget for the data offer, and wherein the information associated with the data offer and the privacy budget are stored in the distributed ledger and the data offer is accessible by third parties to the first data owner;
  
  receiving a first request from a first third party computer associated with a first third party, to access specified data associated with the data offer from the first data owner;
  
  analyzing the privacy budget for the data offer to determine whether the privacy budget comprises a balance necessary to allow access to the specified data;
  
  based on determining that the privacy budget comprises the balance necessary to allow access to the specified data, accessing the data offer to produce result data comprising the specified data;
  
  anonymizing the result data;
  
  updating a distributed ledger entry in the distributed ledger to update a balance for the privacy budget;
  
  providing the anonymized result data to the first third party computer;
  
  receiving a second request from a second third party computer associated with a second third party, to access second specified data associated with the data offer from the first data owner;
  
  analyzing the privacy budget for the data offer to determine that the privacy budget does not comprise a balance necessary to allow access to the second specified data; and
  
  causing the data offer to be marked as invalid or expired in the distributed ledger.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
Bernau, Daniel, Hahn, Florian, Boehler, Jonas
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US15/496,403
Publication Number

US 20180307854A1
Time in Patent Office

840 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06N 3/08   Learning methods

G06Q 40/12   Accounting

Tracking privacy budget with distributed ledger

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Tracking privacy budget with distributed ledger

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links