System and method for transforming data to preserve privacy where the data transform module suppresses the subset of the collection of data according to the privacy constraint

US 7,024,409 B2
Filed: 04/16/2002
Issued: 04/04/2006
Est. Priority Date: 04/16/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A data transform system comprising:

a processor;

a memory connected to the processor, storing a collection of data; and

a data transform module, accepting a usage constraint, a privacy constraint and the collection of data from memory, the data transform module transforming the collection of data according to the usage constraint and the privacy constraint,wherein the usage constraint defines a subset of the collection of data, andwherein the data transform module suppresses the subset of the collection of data according to the privacy constraint, the privacy constraint defining a minimum number of entities in a subset of the collection of data, wherein any combination of all values of a suppressed collection of data output by the data transform module can be narrowed to the subset having at least the minimum number of entities in the collection of data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data transform system comprises a processor, a memory connected to the processor, storing a collection of data, and a data transform module, accepting two data constraints and the collection of data from memory, wherein a first constraint is a usage constraint and a second constraint is a privacy constraint, the data transform module transforming the collection of data according to the usage constraint and the privacy constraint.

Citations

25 Claims

1. A data transform system comprising:
- a processor;
  
  a memory connected to the processor, storing a collection of data; and
  
  a data transform module, accepting a usage constraint, a privacy constraint and the collection of data from memory, the data transform module transforming the collection of data according to the usage constraint and the privacy constraint,wherein the usage constraint defines a subset of the collection of data, andwherein the data transform module suppresses the subset of the collection of data according to the privacy constraint, the privacy constraint defining a minimum number of entities in a subset of the collection of data, wherein any combination of all values of a suppressed collection of data output by the data transform module can be narrowed to the subset having at least the minimum number of entities in the collection of data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The data transform system of claim 1, wherein the collection of data is a data base.
  - 3. The data transform system of claim 1, wherein the collection of data comprises:
    - a meta data portion comprising information about the collection of data; and
      
      a tabular data portion comprising a plurality of attributes corresponding to the collection of data.
  - 4. The data transform system of claim 3, wherein the tabular data portion is organized by rows or columns.
  - 5. The data transform system of claim 1, wherein the usage constraint identifies the subset of data from the collection of data.
  - 6. The data transform system of claim 1, further comprising abstracting the data according to the privacy constraint.
  - 7. The data transform system of claim 6, wherein the data is a serial number and the privacy constraint defines an abstraction of the data as a maximum number of digits of the serial number that can be revealed in the suppressed data.
  - 8. The data transform system of claim 1, wherein the usage constraint defines a weight for each data type of the collection of data.

9. A computer-implemented method for constraining data comprising the steps of:
- determining, for a collection of data, a level of granularity, wherein the level of granularity is a minimum number of entities in a set to which any combination of values in a constrained collection of data can be narrowed;
  
  determining an application specific constraint, wherein the application specific constraint defines a subset of the collection of data;
  
  determining a metric including a combination of an abstraction and/or a suppression of the subset of the collection of data, wherein the metric satisfies the level of granularity;
  
  constraining the collection of data according to the metric; and
  
  providing a constrained collection of data to a client.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 10. The computer-implemented method of claim 9, wherein the step of constraining the collection of data further comprises the step of abstracting and suppressing values for an identifying attribute in the collection of data, wherein the collection of data comprises a meta data portion specifying the identifying attribute.
  - 11. The computer-implemented of claim 10, wherein a categorical identifying attribute is abstracted according to values in a corresponding taxonomy tree.
  - 12. The computer-implemented of claim 10, wherein a numeric identifying attribute is abstracted to a set of disjoint intervals that cover values in the collection of data.
  - 13. The computer-implemented of claim 10, further comprising the step of determining a data loss, according to the metric, in the collection of data according to the application constraint.
  - 14. The computer-implemented of claim 13, wherein the step of constraining comprises minimizing the data loss.
  - 15. The computer-implemented of claim 13, wherein the step of constraining comprises minimizing the data loss according to a genetic algorithm.
  - 16. The computer-implemented of claim 9, wherein the application constraint specifies at least one target attribute for which a predictive model is generated.
  - 17. The computer-implemented of claim 16, wherein a plurality of identifying attributes are grouped according to values, wherein the metric aggregates a variability in the values for each target attribute within a group.
  - 18. The computer-implemented of claim 17, wherein the variability, for a numeric target attribute is determined as the sum of absolute deviations between a representative value for the group and values for the numeric target attribute within the group.
  - 19. The computer-implemented of claim 17, wherein the variability for a categorical target attribute is determined as a number of categories in a group with a value for the categorical target attribute different from a majority value in the group.
  - 20. The computer-implemented of claim 9, wherein the application constraint specifies a weight for an identifying attribute of the data.
  - 21. The computer-implemented of claim 20, further comprising the step of determining a weighted sum of data loss over the collection of data.
  - 22. The computer-implemented of claim 21, wherein the data loss for an identifying attribute depends on a type of attribute and is determined as an average loss for each entry for that attribute.
  - 23. The computer-implemented of claim 22, wherein the data loss for a numeric type attribute entry is a width of an abstracted interval.
  - 24. The computer-implemented of claim 22, wherein the data loss for a categorical attribute type entry is based on an ambiguity in an abstracted value from a taxonomy tree.

25. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps, for constraining data, the method steps comprising:
- determining, for a collection of data, a level of granularity, wherein the level of granularity is a minimum number of entities in a set to which any combination of values in a constrained collection of data can be narrowed;
  
  determining an application specific constraint, wherein the application specific constraint defines a subset of the collection of data;
  
  determining a metric including a combination of an abstraction and/or a suppression of the subset of the collection of data, wherein the metric satisfies the level of granularity;
  
  constraining the collection of data according to the metric; and
  
  providing a constrained collection of data to a client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Iyengar, Vijay S.
Primary Examiner(s)
CHANNAVAJJALA, SRIRAMA T

Application Number

US10/123,777
Publication Number

US 20030208457A1
Time in Patent Office

1,449 Days
Field of Search

707 1- 2, 707100-102, 707200-204, 707 8- 9, 711133-138, 711160-167, 725 34- 38, 709210-215, 709220-225, 713200-202
US Class Current

1/1
CPC Class Codes

G06F 21/6254 by anonymising data, e.g. d...

Y10S 707/99939 Privileged access

System and method for transforming data to preserve privacy where the data transform module suppresses the subset of the collection of data according to the privacy constraint

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for transforming data to preserve privacy where the data transform module suppresses the subset of the collection of data according to the privacy constraint

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links