Method And Apparatus For Privacy-Preserving Data Mapping Under A Privacy-Accuracy Trade-Off

US 20150235051A1
Filed: 08/19/2013
Published: 08/20/2015
Est. Priority Date: 08/20/2012
Status: Abandoned Application

First Claim

Patent Images

1. A method of generating a privacy-preserving mapping of an input data set which is subject to a privacy threat, said method performed by a processor and comprising:

determining a relationship between said input data set Y and a set of hidden features S, wherein said relationship is not a deterministic function;

minimizing a metric on the hidden features S subject to utility constraints in order to obtain an optimal mapping, wherein said metric describes the privacy threat and is based on a self-information cost function and said utility constraints are based on a distortion between the input data set and an output of said privacy-preserving mapping; and

obtaining an output U of said optimal mapping, wherein said output is privacy-preserving on the hidden features.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for generating a privacy-preserving mapping commences by characterizing an input data set Y with respect to a set of hidden features S. Thereafter, the privacy threat is modeled to create a threat model, which is a minimization of an inference cost gain on the hidden features S. The minimization is then constrained by adding utility constraints to introduce a privacy/accuracy trade-off. The threat model is represented with a metric related to a self-information cost function. Lastly, the metric is optimized to obtain an optimal mapping, in order to provide a mapped output U, which is privacy-preserving.

27 Citations

28 Claims

1. A method of generating a privacy-preserving mapping of an input data set which is subject to a privacy threat, said method performed by a processor and comprising:
- determining a relationship between said input data set Y and a set of hidden features S, wherein said relationship is not a deterministic function;
  
  minimizing a metric on the hidden features S subject to utility constraints in order to obtain an optimal mapping, wherein said metric describes the privacy threat and is based on a self-information cost function and said utility constraints are based on a distortion between the input data set and an output of said privacy-preserving mapping; and
  
  obtaining an output U of said optimal mapping, wherein said output is privacy-preserving on the hidden features.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the step of minimizing comprises:
    - transforming said metric minimization into a convex optimization; and
      
      solving said convex optimization.
  - 3. The method of claim 1, wherein said metric is one of an average information leakage and a maximum information leakage of said set of hidden features S given said privacy-preserving mapping.
  - 4. The method of claim 2, wherein the step of solving said convex optimization comprises:
    - using one of convex solver methods and interior-point methods.
  - 5. The method of claim 1, wherein the step of determining comprises:
    - determining one of a joint probability density and a distribution function of the input data set Y and the hidden features S.
  - 6. The method of claim 1, wherein the output U is a function of Y.
  - 7. The method of claim 6, wherein the optimal mapping is of the type:
    - U=Y+Z, wherein Z is an additive noise variable and said utility constraint is a function of Z.
  - 8. The method of claim 1, wherein the privacy-preserving mapping is used for privacy-preserving queries to a database, wherein S represents discrete entries to a database of n users, Y is a non-deterministic function of S, and U is a query output, such that the individual entries S are hidden to an adversary with access to U.
  - 11. The method of claim 1, wherein the step of obtaining comprises:
    - sampling one of a probability density and a distribution function on U.
  - 12. The method of claim 7, wherein the noise is one of Laplacian, Gaussian and pseudo-random noise.
  - 13. The method of claim 1, wherein the step of minimizing is pre-processed.
  - 14. The method of claim 1, wherein the step of determining is pre-processed.

9. (canceled)

10. (canceled)

15. An apparatus for generating a privacy-preserving mapping of an input data set which is subject to a privacy threat, said apparatus comprising:
- a processor, for receiving at least one input/output; and
  
  at least one memory in signal communication with said processor, said processor being configured to;
  
  determine a relationship between said input data set Y and a set of hidden features S, wherein said relationship is not a deterministic function;
  
  minimize a metric on the hidden features S subject to utility constraints in order to obtain an optimal mapping, wherein said metric describes the privacy threat and is based on a self-information cost function and said utility constraints are based on a distortion between the input data set and an output of said privacy-preserving mapping; and
  
  obtain an output U of said optimal mapping, wherein said output is privacy-preserving on the hidden features.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 25, 26, 27, 28)
- - 16. The apparatus of claim 15, wherein said processor is configured to minimize by being configured to:
    - transform said metric minimization into a convex optimization; and
      
      solve said convex optimization.
  - 17. The apparatus of claim 15, wherein said metric is one of an average information leakage and a maximum information leakage of said set of hidden features S given said privacy-preserving mapping.
  - 18. The apparatus of claim 15, wherein said processor is configured to solve said convex optimization by being configured to:
    - use one of convex solver methods and interior-point methods.
  - 19. The apparatus of claim 15 wherein said processor is configured to determine a relationship by being configured to:
    - determine the joint probability density or distribution function of the input data set Y and the hidden features S.
  - 20. The apparatus of claim 15, wherein the output U is a function of Y.
  - 21. The apparatus of claim 20, wherein the optimal mapping performed by said processor is of the type:
    - U=Y+Z, wherein Z is an additive noise variable and said utility constraint (distortion) is a function of Z.
  - 22. The apparatus of claim 15, wherein the privacy-preserving mapping performed by said processor is used for privacy-preserving queries to a database, wherein S represents discrete entries to a database of n users, Y is a non-deterministic function of S, and U is a query output, such that the individual entries S are hidden to an adversary with access to U.
  - 25. The apparatus of claim 15, wherein said processor is configured to obtain a mapped output U by being configured to:
    - sample a probability density or distribution function on U.
  - 26. The apparatus of claim 21, wherein the noise is one of Laplacian, Gaussian and pseudo-random noise.
  - 27. The apparatus of claim 15, wherein the step of minimizing is pre-processed.
  - 28. The apparatus of claim 27, wherein the step of determining is pre-processed.

23. (canceled)

24. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Thomson Licensing (Vantiva SA)
Original Assignee
Thomson Licensing (Vantiva SA)
Inventors
Fawaz, Nadia, Calmon, Flavio Du Pin

Application Number

US14/420,476
Publication Number

US 20150235051A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6245 Protecting personal data, e...

Method And Apparatus For Privacy-Preserving Data Mapping Under A Privacy-Accuracy Trade-Off

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

27 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Method And Apparatus For Privacy-Preserving Data Mapping Under A Privacy-Accuracy Trade-Off

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links