Double blinded privacy-safe distributed data mining protocol

US 8,577,933 B2
Filed: 12/23/2008
Issued: 11/05/2013
Est. Priority Date: 08/02/2006
Status: Active Grant

First Claim

Patent Images

1. A method of mining privacy-sensitive data, comprising the steps of:

a) formulating a query with at least one condition,b) comparing an initial set of privacy-sensitive data against the at least one condition in the query, and generating a list of specific instances within the initial set of privacy- sensitive data that satisfy the at least one condition,c) transmitting the list via an electronic data communications topology to at least one data source entity having privacy-sensitive transactional data,d) matching, by a data processing machine at the at least one data source entity, specific instances on the list with corresponding items in the privacy-sensitive transactional data,e) de-identifying, by the at least one data source entity, the matched specific instances and corresponding items in the privacy-sensitive transactional data,f) electronically transmitting, by the at least one data source entity, at least one file containing the de-identified, matched specific instances and corresponding items in the privacy-sensitive transactional data, to an aggregator,g) merging, by a data processing machine at the aggregator, the at least one file into a combined result responsive to the query, wherein said merging involves combining together information about multiple different persons or entities, and said merging comprises mixing together information contained in one person'"'"'s or entity'"'"'s record with information contained in a different person'"'"'s or entity'"'"'s record to produce the combined result responsive to the query.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A Double Blinded Privacy-Safe Distributed Data Mining Protocol is disclosed, among an aggregator, a data consumer entity having privacy-sensitive information, and data source entities having privacy-sensitive information. The aggregator does not have access to the privacy-sensitive information at either the data consumer entity or the data source entities. The aggregator formulates a query without using privacy-sensitive information, and sends the query to the data consumer entity. The data consumer entity generates a list of specific instances that meet the conditions of the query and sends the list, encrypted, to the data source entities either directly or through the aggregator. The data source entities match the list against transactional data, de-identify the matched results, and send them to the aggregator. The aggregator combines results from data source entities and sends the combined result to the data consumer entity. This allows for privacy-safe data mining where both the data consumer entity and data source entities have privacy-sensitive information not available for the aggregator to see or use.

68 Citations

View as Search Results

20 Claims

1. A method of mining privacy-sensitive data, comprising the steps of:
- a) formulating a query with at least one condition,b) comparing an initial set of privacy-sensitive data against the at least one condition in the query, and generating a list of specific instances within the initial set of privacy- sensitive data that satisfy the at least one condition,c) transmitting the list via an electronic data communications topology to at least one data source entity having privacy-sensitive transactional data,d) matching, by a data processing machine at the at least one data source entity, specific instances on the list with corresponding items in the privacy-sensitive transactional data,e) de-identifying, by the at least one data source entity, the matched specific instances and corresponding items in the privacy-sensitive transactional data,f) electronically transmitting, by the at least one data source entity, at least one file containing the de-identified, matched specific instances and corresponding items in the privacy-sensitive transactional data, to an aggregator,g) merging, by a data processing machine at the aggregator, the at least one file into a combined result responsive to the query, wherein said merging involves combining together information about multiple different persons or entities, and said merging comprises mixing together information contained in one person'"'"'s or entity'"'"'s record with information contained in a different person'"'"'s or entity'"'"'s record to produce the combined result responsive to the query.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, wherein the method also comprises the step of electronically transmitting, by the aggregator, the combined result to at least one data consumer entity having the initial set of privacy-sensitive data.
  - 3. The method of claim 1, wherein the step of formulating the query is performed by the aggregator, and the step of generating the list is performed by at least one data consumer entity having the initial set of privacy-sensitive data, the data consumer entity receiving the query from the aggregator.
  - 4. The method of claim 3, wherein the list is transmitted by the at least one data consumer entity directly to the at least one data source entity.
  - 5. The method of claim 3, wherein the list is transmitted by the at least one data consumer entity to the aggregator, and the aggregator forwards the list to the at least one data source entity.
  - 6. The method of claim 1, wherein the steps of formulating the query and generating the list are performed by at least one data consumer entity having the initial set of privacy- sensitive data.
  - 7. The method of claim 6, wherein the list is transmitted by the at least one data consumer entity directly to the at least one data source entity.
  - 8. The method of claim 6, wherein the list is transmitted by the at least one data consumer entity to the aggregator, and the aggregator forwards the list to the at least one data source entity.
  - 9. The method of claim 1, wherein the step of formulating the query is performed by the aggregator, and the step of generating the list is performed by at least one data originator entity having the initial set of privacy-sensitive data, the data originator entity receiving the query from the aggregator.
  - 10. The method of claim 9, wherein the list is transmitted by the at least one data originator entity directly to the at least one data source entity.
  - 11. The method of claim 9, wherein the list is transmitted by the at least one data originator entity to the aggregator, and the aggregator forwards the list to the at least one data source entity.
  - 12. The method of claim 1, wherein the steps of formulating the query and generating the list are performed by at least one data originator entity having the initial set of privacy-sensitive data.
  - 13. The method of claim 12, wherein the list is transmitted by the at least one data originator entity directly to the at least one data source entity.
  - 14. The method of claim 12, wherein the list is transmitted by the at least one data originator entity to the aggregator, and the aggregator forwards the list to the at least one data source entity.
  - 15. The method of claim 1, wherein the list is encrypted before being sent to the at least one data source entity.
  - 16. The method of claim 1, wherein the list includes a sufficiently large number of identity disclosing specifics.
  - 17. The method of claim 1, wherein the step of merging the at least one file includes filtering out portions of the at least one file which characterize details particular to less than a predetermined number of items in the privacy-sensitive transactional data.
  - 18. The method of claim 1, wherein formulating a query includes performing a preprocessing privacy check against a predetermined source-entity data-ensemble model.
  - 19. The method of claim 1, wherein at least one of the steps of comparing and generating, matching, de-identifying, and merging involves fuzzy matching.
  - 20. The method of claim 1, wherein formulating a query includes transforming the query into a standardized query, capable of resulting in a syndicated reporting of the combined result responsive to the query.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Veeva Systems Incorporated
Original Assignee
Crossix Solutions, Inc. (Veeva Systems Incorporated)
Inventors
Evenhaim, Asaf
Primary Examiner(s)
ROBINSON, GRETA LEE

Application Number

US12/342,091
Publication Number

US 20090150362A1
Time in Patent Office

1,778 Days
Field of Search

707/603, 707/687, 707/694, 707/781, 707/783, 707/785, 707/787, 707/803, 707/808, 707/809, 707/821, 707/999.107, 707/693, 705/2, 705/3, 705/7.15, 705/51, 705/7, 705/50, 705/64, 705/69, 705/7.11, 726/26
US Class Current

707/809
CPC Class Codes

G06F 21/6254   by anonymising data, e.g. d...

G16H 10/20   for electronic clinical tri...

G16H 50/70   for mining of medical data,...

Y04S 40/20   Information technology spec...

Double blinded privacy-safe distributed data mining protocol

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

68 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Double blinded privacy-safe distributed data mining protocol

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others