Privacy preserving method for summarizing user data

US 9,189,650 B2
Filed: 07/29/2013
Issued: 11/17/2015
Est. Priority Date: 07/31/2012
Status: Active Grant

First Claim

Patent Images

1. A method of preparing data corresponding to a plurality of users for anonymous analysis comprising:

receiving the data into a memory of a server;

for each user of the plurality of users, converting the received data into a plurality of key/value pairs, forming a set of user-key/value pairs;

generating a new data structure in the memory of the server for each key/value pair for which no data structure is associated;

for each user of the plurality of users, inserting a UserID associated with the user into the data structure associated with each of the key/value pairs in the set of user-key/value pairs;

storing the data structure associated with each of the key/value pairs as a prepared data set;

deleting the received data; and

providing access to the prepared data set for anonymous analysis.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes, in a server residing in a network of interconnected computers, receiving user data, dissecting the received user data into a plurality of key/value pairs, iterating through the plurality of key/value pairs, generating a new data structure in the memory of the server for each key/value pair that do not exist, inserting a UserID into a set associated for a specific key/value pair, storing the key/value sets, and destroying the received user data.

209 Citations

56 Claims

1. A method of preparing data corresponding to a plurality of users for anonymous analysis comprising:
- receiving the data into a memory of a server;
  
  for each user of the plurality of users, converting the received data into a plurality of key/value pairs, forming a set of user-key/value pairs;
  
  generating a new data structure in the memory of the server for each key/value pair for which no data structure is associated;
  
  for each user of the plurality of users, inserting a UserID associated with the user into the data structure associated with each of the key/value pairs in the set of user-key/value pairs;
  
  storing the data structure associated with each of the key/value pairs as a prepared data set;
  
  deleting the received data; and
  
  providing access to the prepared data set for anonymous analysis.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 49, 50, 51, 52, 53, 54, 55, 56)
- - 2. The method of claim 1 wherein the received data is a relational document.
  - 3. The method of claim 1 wherein the new data structure is a Bloom filter data structure.
  - 4. The method claim 1 wherein the new data structure is a Minhash data structure.
  - 5. The method of claim 1 wherein generating the new data structure comprises generating plural data structures corresponding to times on a time scale.
  - 6. The method of claim 1 further comprising:
    - receiving a set of columns requested for a summary, during the providing access;
      
      querying labels of the data structures of the prepared data set for unique values for each column; and
      
      calculating all combinations of the unique values across columns to form the requested summary.
  - 7. The method of claim 6 further comprising, for each combination of key value pairs, looking up the corresponding set of data structures, intersecting those sets to find a size, and outputting a summary entry with that size for each combination.
  - 8. The method of claim 1 further comprising:
    - receiving a set of columns requested for a summary; and
      
      sorting the set of columns into a fixed order.
  - 9. The method of claim 8 further comprising placing each value for a first key into a new data structure representing a summary entry.
  - 10. The method of claim 9 further comprising placing each of the data structures into a first-in-first-out (FIFO) candidate queue.
  - 11. The method of claim 10 further comprising:
    - taking summary structures off of the candidate queue;
      
      getting the last key in the structure, and using it to look up the next key; and
      
      creating a number of new structures equivalent to the number of values in the next key.
  - 12. The method of claim 11 further comprising:
    - iterating over the new summary structures;
      
      for each key/value pair in the summary structure, retrieving the associated set of data structures; and
      
      intersecting all of the data structures.
  - 13. The method of claim 12 further comprising:
    - if the intersection size is not 0, adding a calculated intersection cardinality to the structure; and
      
      outputting the summary entry.
  - 14. The method of claim 12 further comprising:
    - if the intersection size is not 0 and the summary structure is not complete, adding this summary structure back to the FIFO candidate queue.
  - 15. The method of claim 1 further comprising:
    - creating multiple sets of data structures for different types of UserID;
      
      estimating the cardinality of each of the data structures; and
      
      using a ratio of cardinalities to correct unique user estimates for users who frequently change UserID.
  - 16. The method of claim 1, wherein the data structures of the prepared data set include counting Bloom filters capable of having elements removed, the method further comprising:
    - creating a new Bloom filter data structure for storing a UserID for a user who opts out of analysis;
      
      adding a UserID of the user who opts out of analysis to the new Bloom filter data structure;
      
      destroying any future data that comes into the server for the added UserID before the data can be included in analysis; and
      
      removing the UserID of the user who opts out of analysis from the counting Bloom filters of the key/value sets.
  - 49. The method of claim 1, wherein for each user of the plurality of users, the userID associated with the user is generated randomly.
  - 50. The method of claim 1, wherein for each user of the plurality of users, the userID associated with the user is a unique identifier previously associated with the user.
  - 51. The method of claim 1, wherein for each user of the plurality of users, the userID associated with the user is a hashed version of an existing identifier.
  - 52. The method of claim 1, wherein for each user of the plurality of users, the userID associated with the user includes at least one of:
    - a cookie set locally by a client or server;
      
      a web browser fingerprint;
      
      an online ID; and
      
      an offline ID.
  - 53. The method of claim 1, wherein data is continually being received.
  - 54. A method for summarizing user data, the method comprising:
    - receiving a prepared data set prepared for anonymous analysis according to the method of claim 1;
      
      receiving a list of columns to be reported, wherein the columns in the list of columns correspond to keys of the key/value pairs of the prepared data set;
      
      determining a set of keys, wherein each key corresponds to one of the columns in the list of columns;
      
      determining a set of unique values for each key in the set of keys;
      
      generating all combinations of key/value pairs from the set of keys and set of unique values for each key; and
      
      for each combination of the generated combinations, intersecting the data structures corresponding to the key/value pairs to generate a final count of unique users.
  - 55. The method of claim 54, further comprising suppressing summary entries where the counts are below a threshold value.
  - 56. A method for summarizing user data, the method comprising:
    - receiving a prepared data set prepared for anonymous analysis according to the method of claim 1;
      
      receiving a list of columns to be reported, wherein the columns in the list of columns correspond to keys of the key/value pairs of the prepared data set;
      
      sorting the columns into a fixed order;
      
      determining a set of unique values for the key corresponding to the first column in the sorted columns;
      
      initializing a first-in-first-out (FIFO) candidate queue with summary entry structures, wherein the summary entry structures comprise key/value pairs for each of the values of the set of unique values and each summary entry structure comprises a last key, the last key being the key corresponding to the first column in the sorted columns; and
      
      while the candidate queue is non-empty;
      
      removing a summary entry structure off the candidate queue;
      
      determining if a next key exists, wherein the next key is the key corresponding to the column immediately following the column corresponding to the last key of the summary entry structure in the set sorted columns;
      
      in response to determining that a next key exists;
      
      determining a set of unique values for the next key; and
      
      creating a new summary entry structure for each unique value of the set of unique values, the new summary entry structure comprising the key/value pair corresponding to the determined next key and the unique value and the key/value pairs of the removed summary entry structure and wherein the last key of the new summary entry structure is the next key;
      
      for each new summary entry structure, determining a cardinality of the intersection of the data structures corresponding to each of the key/value pairs in the new summary entry structure;
      
      for each new summary entry structure for which the determined cardinality is nonzero, determining if the summary entry structure contains keys corresponding to each column in the list of columns;
      
      for each new summary entry structure for which the determined cardinality is nonzero, in response to determining that the summary entry structure contains keys corresponding to each column in the list of columns, outputting the summary entry structure; and
      
      for each new summary entry structure for which the determined cardinality is nonzero, in response to determining that the summary entry structure does not contain keys corresponding to each column in the list of columns, inserting the new summary entry structure into the candidate queue.

17. A method of preventing access by an analytics process to sensitive data corresponding to a plurality of users comprising:
- receiving the data into a memory of a server;
  
  for each user of the plurality of users, converting the received data into a plurality of key/value pairs, forming a set of user-key/value pairs;
  
  generating a new data structure in the memory of the server for each key/value pair for which no data structure is associated;
  
  for each user of the plurality of users, inserting a UserID associated with the user into the data structure associated with each of the key/value pairs in the set of user-key/value pairs;
  
  storing the data structure associated with each of the key/value pairs as a prepared data set; and
  
  deleting the received sensitive data, thereby preventing access by the analytics process to the received sensitive data.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 18. The method of claim 17 wherein the received data is a relational document.
  - 19. The method of claim 17 wherein the new data structure is a Bloom filter data structure.
  - 20. The method claim 17 wherein the new data structure is a Minhash data structure.
  - 21. The method of claim 17 wherein generating the new data structure comprises generating plural data structures corresponding to times on a time scale.
  - 22. The method of claim 17 further comprising:
    - receiving a set of columns requested for a summary;
      
      querying labels of the data structures of the prepared data set for unique values for each column; and
      
      calculating all combinations of the unique values across columns to form the requested summary.
  - 23. The method of claim 22 further comprising, for each combination of key/value pairs, looking up the corresponding set of data structures, intersecting those sets to find a size, and outputting a summary entry with that size for each combination.
  - 24. The method of claim 17 further comprising:
    - receiving a set of columns requested for a summary; and
      
      sorting the set of columns into a fixed order.
  - 25. The method of claim 24 further comprising placing each value for a first key into a new data structure representing a summary entry.
  - 26. The method of claim 25 further comprising placing each of the data structures into a first-in-first-out (FIFO) candidate queue.
  - 27. The method of claim 26 further comprising:
    - taking summary structures off of the candidate queue;
      
      getting the last key in the structure, and using it to look up the next key; and
      
      creating a number of new structures equivalent to the number of values in the next key.
  - 28. The method of claim 27 further comprising:
    - iterating over the new summary structures;
      
      for each key/value pair in the summary structure, retrieving the associated set of data structures; and
      
      intersecting all of the data structures.
  - 29. The method of claim 28 further comprising:
    - if the intersection size is not 0, adding a calculated intersection cardinality to the structure; and
      
      outputting the summary entry.
  - 30. The method of claim 28 further comprising:
    - if the intersection size is not 0 and the summary structure is not complete, adding this summary structure back to the FIFO candidate queue.
  - 31. The method of claim 17 further comprising:
    - creating multiple sets of data structures for different types of UserID;
      
      estimating the cardinality of each of the data structures; and
      
      using a ratio of cardinalities to correct unique user estimates for users who frequently change UserID.
  - 32. The method of claim 17, wherein the key/value sets of the prepared data set include counting Bloom filters capable of having elements removed, the method further comprising:
    - creating a new Bloom filter data structure for storing a UserID for a user who opts out of analysis;
      
      adding a UserID of the user who opts out of analysis to the new Bloom filter data structure;
      
      destroying any future data that comes into the server for the added UserID before the data can be included in analysis; and
      
      removing the UserID of the user who opts out of analysis from the counting Bloom filters of the key/value sets.

33. A method of evaluating the effectiveness of an advertisement without reference to identifying information in data corresponding to a plurality of users comprising:
- receiving data comprising information responsive to the advertisement into a memory of a server;
  
  for each user of the plurality of users, converting the received data into a plurality of key/value pairs, forming a set of user-key/value pairs;
  
  generating a new data structure in the memory of the server for each key/value pair for which no data structure is associated;
  
  for each user of the plurality of users, inserting a UserID associated with the user into the data structure associated with each of the key/value pairs in the set of user-key/value pairs;
  
  storing the data structure associated with each of the key/value pairs as a prepared data set;
  
  deleting the received data; and
  
  evaluating the prepared data set without reference to identifying information the received data.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
- - 34. The method of claim 33 wherein the received data is a relational document.
  - 35. The method of claim 33 wherein the new data structure is a Bloom filter data structure.
  - 36. The method claim 33 wherein the new data structure is a Minhash data structure.
  - 37. The method of claim 33 wherein generating the new data structure comprises generating plural data structures corresponding to times on a time scale.
  - 38. The method of claim 33 further comprising:
    - receiving a set of columns requested for a summary;
      
      querying labels of the data structures of the prepared data set for unique values for each column; and
      
      calculating all combinations of the unique values across columns to form the requested summary.
  - 39. The method of claim 38 further comprising, for each combination of key/value pairs, looking up the corresponding set of data structures, intersecting those sets to find a size, and outputting a summary entry with that size for each combination.
  - 40. The method of claim 33 further comprising:
    - receiving a set of columns requested for a summary; and
      
      sorting the set of columns into a fixed order.
  - 41. The method of claim 40 further comprising placing each value for a first key into a new data structure representing a summary entry.
  - 42. The method of claim 41 further comprising placing each of the data structures into a first-in-first-out (FIFO) candidate queue.
  - 43. The method of claim 42 further comprising:
    - taking summary structures off of the candidate queue;
      
      getting the last key in the structure, and using it to look up the next key; and
      
      creating a number of new structures equivalent to the number of values in the next key.
  - 44. The method of claim 43 further comprising:
    - iterating over the new summary structures;
      
      for each key/value pair in the summary structure, retrieving the associated set of data structures; and
      
      intersecting all of the data structures.
  - 45. The method of claim 44 further comprising:
    - if the intersection size is not 0, adding a calculated intersection cardinality to the structure; and
      
      outputting the summary entry.
  - 46. The method of claim 44 further comprising:
    - if the intersection size is not 0 and the summary structure is not complete, adding this summary structure back to the FIFO candidate queue.
  - 47. The method of claim 33 further comprising:
    - creating multiple sets of data structures for different types of UserID;
      
      estimating the cardinality of each of the data structures; and
      
      using a ratio of cardinalities to correct unique user estimates for users who frequently change UserID.
  - 48. The method of claim 33, wherein the key/value sets of the prepared data set include counting Bloom filters capable of having elements removed, the method further comprising:
    - creating a new Bloom filter data structure for storing a UserID for a user who opts out of analysis;
      
      adding a UserID of the user who opts out of analysis to the new Bloom filter data structure;
      
      destroying any future data that comes into the server for the added UserID before the data can be included in analysis; and
      
      removing the UserID of the user who opts out of analysis from the counting Bloom filters of the key/value sets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
J.D. Power
Original Assignee
J.D. Power and Associates, Inc.
Inventors
Jaye, Daniel, Secretan, James Q
Primary Examiner(s)
Okeke, Izunna

Application Number

US13/953,233
Publication Number

US 20140041047A1
Time in Patent Office

841 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06F 21/6254   by anonymising data, e.g. d...

G06F 21/6263   during internet communicati...

H04L 63/0407   wherein the identity of one...

Privacy preserving method for summarizing user data

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

209 Citations

56 Claims

Specification

Solutions

Use Cases

Quick Links

Privacy preserving method for summarizing user data

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

209 Citations

56 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links