Preserving privacy when statistically analyzing a large database
First Claim
1. A method in connection with a database having a plurality of entries and a plurality of attributes common to each entry, each entry corresponding to an individual, the method for providing a level of protection of privacy of the individual, the method comprising:
- receiving from a querying entity a query q;
passing the query q to the database;
receiving in response an answer a;
generating an amount of noise e;
adding the noise e to the answer a to result in an obscured answer o; and
returning the obscured answer o to the querying entity.
2 Assignments
0 Petitions
Accused Products
Abstract
A database has a plurality of entries and a plurality of attributes common to each entry, where each entry corresponds to an individual. A query q is received from a querying entity query q and is passed to the database, and an answer a is received in response. An amount of noise e is generated and added to the answer a to result in an obscured answer o, and the obscured answer o is returned to the querying entity. Thus, a level of protection of privacy is provided to each individual represented within the database.
106 Citations
12 Claims
-
1. A method in connection with a database having a plurality of entries and a plurality of attributes common to each entry, each entry corresponding to an individual, the method for providing a level of protection of privacy of the individual, the method comprising:
-
receiving from a querying entity a query q;
passing the query q to the database;
receiving in response an answer a;
generating an amount of noise e;
adding the noise e to the answer a to result in an obscured answer o; and
returning the obscured answer o to the querying entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method in connection with a database having a plurality of entries and a plurality of attributes common to each entry, each entry corresponding to an individual, the database being partitioned into parts such that a first part includes an attribute A for each entry and a second part includes an attribute B for each entry, the method for providing a level of protection of privacy of the individual when performing a statistical analysis on the partitioned database based on attributes A and B, the method comprising:
-
computing a probability of any particular entry having attribute A(Pr[A]) as a total number of entries with attribute A set divided by all entries in the database;
computing a probability of any particular entry having attribute B (Pr[B]) as a total number of entries with attribute B set divided by all entries in the database;
presuming that A implies B in probability with a gap of G if the probability of A given B (Pr[B|A])=Pr[B]+G;
determining G by iteratively;
selecting a Gx;
determining whether for such Gx, Pr[B|A]>
=Pr[B]+Gx, and based thereon determining whether G(x+1) should be higher or lower, a number of times until an estimation of G is settled upon;
finding an estimate of Pr[B|A] based on the estimate of G and the computed Pr[B]; and
with the estimated Pr[B|A] employing standard Boolean arithmetic to perform the statistical analysis. - View Dependent Claims (10, 11, 12)
-
Specification