Method and apparatus for data protection in cloud-based matching system

1. A method for client proprietary data protection and protection of coefficient beta produced by proprietary algorithms of a cloud service provider (CSP) in a cloud-based matching system, comprising the steps of:

• providing by a client computer system alternative data representing the client proprietary data to be protected,performing a first transformation by the client computer system of the alternative data using a principle known as Independence of Irrelevant Alternatives (IIA), wherein the first transformation comprises two steps;
  
  first step is randomly generating some fake alternatives and adding them into an alternative list, wherein, in the transformed alternative data, most alternatives are fake and only a small portion of the alternatives are real such that the CSP cannot distinguish which alternatives are real, thereby protecting the real data, andsecond step is splitting the alternative list into several sub-lists, wherein to make sure that a result can be reverse transformed in further steps, some alternatives are simultaneously put in multiple sub-lists, two sub-lists being defined to be directly connected if the two sub-lists contain at least one common alternative,transmitting by the client computer system the transformed alternative data to the CSP across a communications boundary,generating by the CSP matching results based on a utility function of the CSP and the CSP coefficient beta, matching results for each of the sub-lists being calculated separately and corresponding results,sending matching results generated by the CSP back to the client computer system across the communications boundary,performing by the client computer a second transformation to rebuild the result into a final result by use of the IIA property, the second transformation comprising three steps;
  
  first step is introducing multipliers for each sub-list, each sub-list being multiplied by its multiplier,second step is building equations, wherein for each alternative that appears in multiple sub-lists, an equation is added to make probabilities for each such alternative in different sub-lists equal, the summation of all real alternatives being equal to one for normalization, for each real alternative, adding its probability results so that according to the IIA property, adding randomly generated alternatives or removing some irrelevant alternatives in the list does not affect the relative ratio of probabilities of two alternatives, so the result can be proven to be correct, andthird step is to solve the equations to get the probability results,wherein the client computer system sends the transformed alternative data to the CSP without disclosing transformation of the alternative data using the IIA property to the CSP; and
  
  the CSP sends matching results to the client computer system without disclosing coefficient beta data to the client computer system.