Apparatus and methods ensuring data privacy in a content distribution network
First Claim
1. A computer readable apparatus configured to implement a method for ensuring privacy of a plurality of transmitted data, said plurality of transmitted data relating to the interaction of individual ones of a plurality of subscribers in a content distribution network with digitally rendered content provided over said network, said computer readable apparatus comprising a non-transitory storage medium, the non-transitory storage medium comprising a plurality of instructions which are configured to, when executed on a computerized apparatus of the content distribution network:
- receive a plurality of data at the computerized apparatus of said content distribution network, said plurality of data relating to interaction of said plurality of subscribers with said content;
examine a first cardinality of a subset of said plurality of subscribers having a first aspect reflected in respective ones of individual ones of said plurality of data;
when said first cardinality of said subset meets or exceeds a predetermined threshold, transmit, via said computerized apparatus, said plurality of data to a remote computerized entity for algorithmic analysis thereat, said algorithmic analysis further comprising execution of an algorithm to examine a second cardinality associated with both said plurality of data and said first cardinality of said subset; and
when said first cardinality does not meet said predetermined threshold, perform an automated data collapse process via said computerized apparatus, said automated data collapse process comprising;
automatically cause adjustment of said first aspect of said plurality of data so as to increase said privacy thereof; and
cause transmission of said adjusted data to a remote entity for algorithmic analysis thereat.
7 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for ensuring the privacy of users and/or devices in a content delivery network from which data regarding the users'"'"' interaction with content is collected and distributed. In one embodiment, “tuning” records which describe the interaction of users with content or other activities of interest are collected. It is determined whether an opportunity for compromise of the user'"'"'s privacy (e.g., by derivative association) is present. If it is determined that such an opportunity exists, at least portions of the data are modified (e.g., collapsed). The modification may comprise replacing a first explicit data value with a second descriptive data value, increasing a range for the value, generalizing the value, removing the value, or encoding the value. Further processing of the collected tuning records may include, validating the data, accounting for latency, and generating reports based thereon.
321 Citations
25 Claims
-
1. A computer readable apparatus configured to implement a method for ensuring privacy of a plurality of transmitted data, said plurality of transmitted data relating to the interaction of individual ones of a plurality of subscribers in a content distribution network with digitally rendered content provided over said network, said computer readable apparatus comprising a non-transitory storage medium, the non-transitory storage medium comprising a plurality of instructions which are configured to, when executed on a computerized apparatus of the content distribution network:
-
receive a plurality of data at the computerized apparatus of said content distribution network, said plurality of data relating to interaction of said plurality of subscribers with said content; examine a first cardinality of a subset of said plurality of subscribers having a first aspect reflected in respective ones of individual ones of said plurality of data; when said first cardinality of said subset meets or exceeds a predetermined threshold, transmit, via said computerized apparatus, said plurality of data to a remote computerized entity for algorithmic analysis thereat, said algorithmic analysis further comprising execution of an algorithm to examine a second cardinality associated with both said plurality of data and said first cardinality of said subset; and when said first cardinality does not meet said predetermined threshold, perform an automated data collapse process via said computerized apparatus, said automated data collapse process comprising; automatically cause adjustment of said first aspect of said plurality of data so as to increase said privacy thereof; and cause transmission of said adjusted data to a remote entity for algorithmic analysis thereat. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computerized apparatus for use in a content distribution network, said computerized apparatus comprising:
-
at least one interface configured to receive data representative of a plurality of tuning event data records associated with a respective plurality of user devices in said content distribution network; a storage apparatus comprising at least one computer program stored thereon; and at least one digital processor configured to execute said at least one computer program, said computer program comprising a plurality of instructions which are configured to, when executed; algorithmically determine whether a number of said received data representative of said plurality of tuning event data records having a first aspect is within an acceptable range, said acceptable range comprising a range selected to ensure that privacy of identity of said user devices is maintained; when said number is greater or less than said acceptable range, automatically increase a magnitude of a size of said acceptable range for said first aspect of said data representative of said plurality of tuning event records so as to maintain said privacy of identity of said user devices; and transmit said data representative of said plurality of tuning event records to a remote entity. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computerized method for ensuring privacy of data in a content distribution network comprising a plurality of client devices, said method comprising:
-
receiving at a first computerized apparatus, a plurality of data representative of anonymized data records, each of said plurality of data representative of anonymized data records describing an interaction of an individual one of a plurality of users with said plurality of client devices configured to provide digitally rendered content, said plurality of data representative of anonymized data records each having a plurality of fields; examining a first cardinality of a subset of said plurality of data representative of anonymized data records with respect to a first one of said plurality of fields via said first computerized apparatus; examining a second cardinality of a difference between (i) said subset of said plurality of data representative of anonymized data records with respect to said first one of said plurality of fields and (ii) said plurality of data representative of anonymized data records; and when either said first or said second cardinality is not within a respective predetermined range computed to avoid vulnerability to derivative association of at least said first one of said plurality of data representative of anonymized data records, automatically initiating an algorithm to adjust, via said first computerized apparatus, said first one of said plurality of fields by performing at least one of broadening, replacing or eliminating said first one of said plurality of fields. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A system for providing a plurality of data records relating to subscribers'"'"' interaction with digitally rendered content via a plurality of computerized client devices, said digitally rendered content provided via a content distribution network, said system comprising:
-
said plurality of computerized client devices, each of said plurality of computerized client devices being configured to receive said digitally rendered content via said content distribution network and configured to generate a plurality of information describing interaction therewith; and a headend server in communication with said plurality of computerized client devices and configured to receive said plurality of information therefrom, said headend server further configured to run a computer program thereon, said computer program comprising a plurality of instructions which are configured to, when executed; examine said plurality of information to determine whether an identity of an individual one of said plurality of computerized client devices is derivable when said plurality of information is provided to an outside party; when said identity is derivable, automatically replace a value of a first aspect of respective ones of said plurality of information with a broadened value therefor; when said value is replaced with said broadened value, examine said plurality of information comprising the broadened value to algorithmically determine whether the identity of the individual one of said computerized client devices is derivable; and when it is determined that said identity is not derivable after said replacement, provide said plurality of information to said outside party. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25. A non-transitory computer-readable apparatus comprising a storage medium having a plurality of instructions thereon, the plurality of instructions being configured to cause a computerized apparatus to, when executed by a processor apparatus:
-
receive a plurality of data records via the computerized apparatus; examine a cardinality of a first subset of the plurality of data records, the plurality of data records each having a first aspect; responsive to the cardinality of the first subset meeting or exceeding a predetermined threshold; determine whether a second cardinality meets or exceeds a second predetermined threshold, the second cardinality comprising a difference between a cardinality of the plurality of data records and the cardinality of the first subset; responsive to the second cardinality not meeting or exceeding the second predetermined threshold, automatically adjust the first aspect of a second subset of the plurality of data records, and transmit the plurality of data records comprising adjusted second subset; and responsive to the second cardinality meeting or exceeding the second predetermined threshold, transmit the plurality of data records; and responsive to the cardinality of the first subset not meeting or exceeding the predetermined threshold; automatically adjust the first aspect of the first subset; determine whether the second cardinality meets or exceeds the second predetermined threshold; responsive to the second cardinality not meeting or exceeding the second predetermined threshold, automatically adjust the first aspect of the second subset of the plurality of records, and transmit the plurality of records comprising the adjusted first subset and second subset; and responsive to the second cardinality meeting or exceeding the second predetermined threshold, transmit the adjusted plurality of records.
-
Specification