Selective privacy guarantees
First Claim
1. A method for selectively determining privacy guarantees, comprising:
- specifying at least one first class of data in a database, said database comprising data corresponding to said first class of data, and said database further comprising additional data;
calculating a first diameter for said first class of data;
calculating a first noise distribution at least in part using said first diameter,wherein a first privacy parameter is at least in part used when calculating said first noise distribution;
performing a query over said first class of data and said additional data;
adding a noise value selected from said first noise distribution to an output of said query;
specifying at least one second class of data in the database;
calculating a second diameter for said second class of data; and
calculating a second noise distribution at least in part using said second diameter and a second privacy parameter.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are provided for selectively determining privacy guarantees. For example, a first class of data may be guaranteed a first level of privacy, while other data classes are only guaranteed some lesser level of privacy. An amount of privacy is guaranteed by adding noise values to database query outputs. Noise distributions can be tailored to be appropriate for the particular data in a given database by calculating a “diameter” of the data. When the distribution is based on the diameter of a first class of data, and the diameter measurement does not account for additional data in the database, the result is that query outputs leak information about the additional data.
-
Citations
17 Claims
-
1. A method for selectively determining privacy guarantees, comprising:
-
specifying at least one first class of data in a database, said database comprising data corresponding to said first class of data, and said database further comprising additional data; calculating a first diameter for said first class of data; calculating a first noise distribution at least in part using said first diameter, wherein a first privacy parameter is at least in part used when calculating said first noise distribution; performing a query over said first class of data and said additional data; adding a noise value selected from said first noise distribution to an output of said query; specifying at least one second class of data in the database; calculating a second diameter for said second class of data; and calculating a second noise distribution at least in part using said second diameter and a second privacy parameter. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for selectively determining privacy guarantees, comprising:
-
specifying at least one first class of privacy principals, said first class of privacy principals being associated with a first class of data in a database; specifying at least one second class of privacy principals, said second class of privacy principals being associated with said first class of data in a database, and said second class of privacy principals being further associated with a second class of data in a database; calculating a diameter of said first class of data; calculating a noise distribution at least in part using said diameter, wherein a first privacy parameter is at least in part used when calculating said noise distribution; adding a noise value selected from said noise distribution to a query output, wherein a query associated with said query output is performed at least in part over said first class of privacy principals and at least in part over said second class of privacy principals; calculating a second diameter for said second class of data; and calculating a second noise distribution at least in part using said second diameter and a second privacy parameter. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for selectively guaranteeing privacy of data associated with privacy principals, comprising:
-
a database server; a database comprising data associated with a plurality of privacy principals; an interface for selecting a first class of data associated with said privacy principals, wherein said interface allows selecting of a second class of data associated with said privacy principals, and for associating a first privacy parameter with said first class of data and a second privacy parameter with said second class of data; a mechanism for calculating a diameter of said first class of data; a mechanism for calculating a noise distribution at least in part using said diameter, wherein a first privacy parameter is at least in part used when calculating said noise distribution; a mechanism for selecting a noise value from said distribution and adding said noise value to a query output, wherein a query associated with said query output is performed at least in part over said privacy principals; a mechanism for calculating a second diameter for said second class of data; and a mechanism for calculating a second noise distribution at least in part using said second diameter and said second privacy parameter. - View Dependent Claims (16, 17)
-
Specification