Privacy Preserving Statistical Analysis for Distributed Databases

US 20140137260A1
Filed: 11/14/2012
Published: 05/15/2014
Est. Priority Date: 11/14/2012
Status: Active Grant

First Claim

Patent Images

1. A method for securely determining aggregate statistics on private data, comprising the steps of:

randomizing firstly and independently data X and Y to obtain randomized data {circumflex over (X)} and Ŷ

, respectively, wherein the randomizing firstly preserves a privacy of the data X and Y;

randomizing secondly independently the randomized data {circumflex over (X)} and Ŷ

to obtain randomized data {tilde over (X)} and {tilde over (Y)} for a server, and helper information T_{{tilde over (X)}|{circumflex over (X)}} and T_{{tilde over (Y)}|Ŷ}[[T_Ŷ

|Ŷ]] for a client, respectively, wherein T represents an empirical distribution, and wherein the randomizing secondly preserves the privacy of the aggregate statistics of the data X and Y;

determining, at the server, T_{{tilde over (X)},{tilde over (Y)};}applying, by the client, the helper information T_{{tilde over (X)}|{circumflex over (X)}} and T_{{tilde over (Y)}|Ŷ} [[T_Ŷ

|Ŷ]] to T_{{tilde over (X)},{tilde over (Y)}} obtain an estimated {dot over (T)}_X,Y, wherein “

|” and

”

,”

between X and Y represent a conditional and joint distribution, respectively.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aggregate statistics are determined by first randomizing independently data X and Y to obtain randomized data {circumflex over (X)} and Ŷ. The first randomizing preserves the privacy of the data X and Y. Then, the randomized data {circumflex over (X)} and Ŷ is randomized secondly to obtain randomized data {tilde over (X)} and {tilde over (Y)} for a server, and helper information T_{{tilde over (X)}|{circumflex over (X)}} and T_Ŷ|Ŷ for a client, wherein T represents an empirical distribution, and wherein the randomizing secondly preserves the privacy of the aggregate statistics of the data X and Y. The server then determines T_{{tilde over (X)},{tilde over (Y)}}. Last, the client applies the side information T_{{tilde over (X)}|{circumflex over (X)}} and T_Ŷ|Ŷ to T_{{tilde over (X)},{tilde over (Y)}} to obtain an estimated {dot over (T)}_X,Y, where “|” and “,” between X and Y represent a conditional and joint distribution, respectively.

15 Citations

View as Search Results

8 Claims

1. A method for securely determining aggregate statistics on private data, comprising the steps of:
- randomizing firstly and independently data X and Y to obtain randomized data {circumflex over (X)} and Ŷ
  
  , respectively, wherein the randomizing firstly preserves a privacy of the data X and Y;
  
  randomizing secondly independently the randomized data {circumflex over (X)} and Ŷ
  
  to obtain randomized data {tilde over (X)} and {tilde over (Y)} for a server, and helper information T_{{tilde over (X)}|{circumflex over (X)}} and T_{{tilde over (Y)}|Ŷ}[[T_Ŷ
  
  |Ŷ]] for a client, respectively, wherein T represents an empirical distribution, and wherein the randomizing secondly preserves the privacy of the aggregate statistics of the data X and Y;
  
  determining, at the server, T_{{tilde over (X)},{tilde over (Y)};}applying, by the client, the helper information T_{{tilde over (X)}|{circumflex over (X)}} and T_{{tilde over (Y)}|Ŷ} [[T_Ŷ
  
  |Ŷ]] to T_{{tilde over (X)},{tilde over (Y)}} obtain an estimated {dot over (T)}_X,Y, wherein “
  
  |” and
  
  ”
  
  ,”
  
  between X and Y represent a conditional and joint distribution, respectively.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the data X are produced by a first data source, and the data Y are produced by a second data source, and the data X and Y are produced independently in a distributed manner.
  - 3. The method of claim 1, wherein the randomizing uses a Post RAndomisation Method (PRAM).
  - 4. The method of claim 1, wherein the randomizing firstly and secondly are different.
  - 5. The method of claim 1, wherein the helper information is small compared to the data X and Y.
  - 6. The method of claim 1, wherein data X and Y are random sequences, and data pairs (X_i,Y_i) are independently and identically distributed.
  - 7. The method of claim 1, wherein the randomizing preserves differential and distributional privacy of the data X and Y.
  - 8. The method of claim 1, wherein the randomizing secondly provides distributional privacy that is stronger than the differential privacy provided by the randomizing firstly.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mitsubishi Electric Research Laboratories, Inc. (Mitsubishi Electric Corporation)
Original Assignee
Mitsubishi Electric Research Laboratories, Inc. (Mitsubishi Electric Corporation)
Inventors
Rane, Shantanu, Wang, Ye, Lin, Bing-Rong

Granted Patent

US 8,893,292 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06F 21/60   Protecting data

G06F 21/6245   Protecting personal data, e...

G06F 21/6254   by anonymising data, e.g. d...

Privacy Preserving Statistical Analysis for Distributed Databases

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Privacy Preserving Statistical Analysis for Distributed Databases

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links