Method And Apparatus For Privacy-Preserving Data Mapping Under A Privacy-Accuracy Trade-Off
First Claim
1. A method of generating a privacy-preserving mapping of an input data set which is subject to a privacy threat, said method performed by a processor and comprising:
- determining a relationship between said input data set Y and a set of hidden features S, wherein said relationship is not a deterministic function;
minimizing a metric on the hidden features S subject to utility constraints in order to obtain an optimal mapping, wherein said metric describes the privacy threat and is based on a self-information cost function and said utility constraints are based on a distortion between the input data set and an output of said privacy-preserving mapping; and
obtaining an output U of said optimal mapping, wherein said output is privacy-preserving on the hidden features.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for generating a privacy-preserving mapping commences by characterizing an input data set Y with respect to a set of hidden features S. Thereafter, the privacy threat is modeled to create a threat model, which is a minimization of an inference cost gain on the hidden features S. The minimization is then constrained by adding utility constraints to introduce a privacy/accuracy trade-off. The threat model is represented with a metric related to a self-information cost function. Lastly, the metric is optimized to obtain an optimal mapping, in order to provide a mapped output U, which is privacy-preserving.
27 Citations
28 Claims
-
1. A method of generating a privacy-preserving mapping of an input data set which is subject to a privacy threat, said method performed by a processor and comprising:
-
determining a relationship between said input data set Y and a set of hidden features S, wherein said relationship is not a deterministic function; minimizing a metric on the hidden features S subject to utility constraints in order to obtain an optimal mapping, wherein said metric describes the privacy threat and is based on a self-information cost function and said utility constraints are based on a distortion between the input data set and an output of said privacy-preserving mapping; and obtaining an output U of said optimal mapping, wherein said output is privacy-preserving on the hidden features. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 11, 12, 13, 14)
-
-
9. (canceled)
-
10. (canceled)
-
15. An apparatus for generating a privacy-preserving mapping of an input data set which is subject to a privacy threat, said apparatus comprising:
-
a processor, for receiving at least one input/output; and at least one memory in signal communication with said processor, said processor being configured to; determine a relationship between said input data set Y and a set of hidden features S, wherein said relationship is not a deterministic function; minimize a metric on the hidden features S subject to utility constraints in order to obtain an optimal mapping, wherein said metric describes the privacy threat and is based on a self-information cost function and said utility constraints are based on a distortion between the input data set and an output of said privacy-preserving mapping; and obtain an output U of said optimal mapping, wherein said output is privacy-preserving on the hidden features. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 25, 26, 27, 28)
-
-
23. (canceled)
-
24. (canceled)
Specification