Selective privacy guarantees
First Claim
1. A method for selectively determining privacy guarantees, comprising:
- specifying at least one first class of data in a database, said database comprising data corresponding to said first class of data, and said database further comprising additional data;
calculating a first diameter for said first class of data;
calculating a first noise distribution at least in part using said first diameter;
performing a query over said first class of data and said additional data;
adding a noise value selected from said first noise distribution to an output of said query.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are provided for selectively determining privacy guarantees. For example, a first class of data may be guaranteed a first level of privacy, while other data classes are only guaranteed some lesser level of privacy. An amount of privacy is guaranteed by adding noise values to database query outputs. Noise distributions can be tailored to be appropriate for the particular data in a given database by calculating a “diameter” of the data. When the distribution is based on the diameter of a first class of data, and the diameter measurement does not account for additional data in the database, the result is that query outputs leak information about the additional data.
52 Citations
20 Claims
-
1. A method for selectively determining privacy guarantees, comprising:
-
specifying at least one first class of data in a database, said database comprising data corresponding to said first class of data, and said database further comprising additional data;
calculating a first diameter for said first class of data;
calculating a first noise distribution at least in part using said first diameter;
performing a query over said first class of data and said additional data;
adding a noise value selected from said first noise distribution to an output of said query. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for selectively determining privacy guarantees, comprising:
-
specifying at least one first class of privacy principals, said first class of privacy principals being associated with a first class of data in a database;
specifying at least one second class of privacy principals, said second class of privacy principals being associated with said first class of data in a database, and said second class of privacy principals being further associated with a second class of data in a database;
calculating a diameter of said first class of data;
calculating a noise distribution at least in part using said diameter;
adding a noise value selected from said noise distribution to a query output;
wherein a query associated with said query output is performed at least in part over said first class of privacy principals and at least in part over second class of privacy principals. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A system for selectively guaranteeing privacy of data associated with privacy principals, comprising:
-
a database comprising data associated with a plurality of privacy principals;
an interface for selecting a first class of data associated with said privacy principals;
a mechanism for calculating a diameter of said first class of data;
a mechanism for calculating a noise distribution at least in part using said diameter;
a mechanism for selecting a noise value from said distribution and adding said noise value to a query output, wherein a query associated with said query output is performed at least in part over said privacy principals. - View Dependent Claims (17, 18, 19, 20)
-
Specification