Double Blinded Privacy-Safe Distributed Data Mining Protocol
First Claim
1. A method of mining privacy-sensitive data, comprising the steps of:
- a) formulating a query with at least one condition,b) comparing an initial set of privacy-sensitive data against the at least one condition in the query, and generating a list of specific instances within the initial set of privacy-sensitive data that satisfy the at least one condition,c) transmitting the list via an electronic data communications topology to at least one data source entity having privacy-sensitive transactional data,d) matching, by the at least one data source entity, specific instances on the list with corresponding items in the privacy-sensitive transactional data,e) de-identifying, by the at least one data source entity, the matched specific instances and corresponding items in the privacy-sensitive transactional data,f) electronically transmitting, by the at least one data source entity, at least one file containing the de-identified, matched specific instances and corresponding items in the privacy-sensitive transactional data, to an aggregator,g) merging, by the aggregator, the at least one file into a combined result responsive to the query.
2 Assignments
0 Petitions
Accused Products
Abstract
A Double Blinded Privacy-Safe Distributed Data Mining Protocol is disclosed, among an aggregator, a data consumer entity having privacy-sensitive information, and data source entities having privacy-sensitive information. The aggregator does not have access to the privacy-sensitive information at either the data consumer entity or the data source entities. The aggregator formulates a query without using privacy-sensitive information, and sends the query to the data consumer entity. The data consumer entity generates a list of specific instances that meet the conditions of the query and sends the list, encrypted, to the data source entities either directly or through the aggregator. The data source entities match the list against transactional data, de-identify the matched results, and send them to the aggregator. The aggregator combines results from data source entities and sends the combined result to the data consumer entity. This allows for privacy-safe data mining where both the data consumer entity and data source entities have privacy-sensitive information not available for the aggregator to see or use.
98 Citations
20 Claims
-
1. A method of mining privacy-sensitive data, comprising the steps of:
-
a) formulating a query with at least one condition, b) comparing an initial set of privacy-sensitive data against the at least one condition in the query, and generating a list of specific instances within the initial set of privacy-sensitive data that satisfy the at least one condition, c) transmitting the list via an electronic data communications topology to at least one data source entity having privacy-sensitive transactional data, d) matching, by the at least one data source entity, specific instances on the list with corresponding items in the privacy-sensitive transactional data, e) de-identifying, by the at least one data source entity, the matched specific instances and corresponding items in the privacy-sensitive transactional data, f) electronically transmitting, by the at least one data source entity, at least one file containing the de-identified, matched specific instances and corresponding items in the privacy-sensitive transactional data, to an aggregator, g) merging, by the aggregator, the at least one file into a combined result responsive to the query. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification