SYSTEM AND METHOD FOR PRIVACY PROTECTION USING IDENTIFIABILITY RISK ASSESSMENT

US 20090228990A1
Filed: 06/04/2008
Published: 09/10/2009
Est. Priority Date: 07/03/2006
Status: Active Grant

First Claim

Patent Images

1. A risk assessment system, comprising:

an information system configured to disclose information to a third party; and

a risk determination model configured to compute identifiability risk for one or more records in storage, the identifiability risk being compared to a threshold prior to being disclosed wherein the information system is informed of the identifiability risk exceeding the threshold prior to disclosure to the third party.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A risk assessment system and method includes an information system configured to disclose information to a third party. A risk determination model is configured to compute identifiability risk for on one or more records in storage. The identifiability risk is compared to a threshold prior to being disclosed wherein the information system is informed of the identifiability risk exceeding the threshold prior to disclosure to the third party.

48 Citations

View as Search Results

35 Claims

1. A risk assessment system, comprising:
- an information system configured to disclose information to a third party; and
  
  a risk determination model configured to compute identifiability risk for one or more records in storage, the identifiability risk being compared to a threshold prior to being disclosed wherein the information system is informed of the identifiability risk exceeding the threshold prior to disclosure to the third party.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system as recited in claim 1, wherein the information system builds the risk determination model based on the one or more records of input data.
  - 3. The system as recited in claim 1, wherein the information system builds the risk determination model using records having a highest identifiability for a combination attributes.
  - 4. The system as recited in claim 1, wherein the risk determination model computes identifiability risk for a given record based on a reciprocal of a subset of records or cell size from a population table that includes only the records that have values of all attributes in a set of key attributes included in the given record.
  - 5. The system as recited in claim 4, wherein the cell size is approximated.
  - 6. The system as recited in claim 1, wherein the risk determination model computes identifiability risk for multiple records by subtracting from 1:
    - a sum of 1 minus the identifiably risk for all records in a sample table.
  - 7. The system as recited in claim 1, wherein the risk determination model predicts identifiability risk for records input to the information system.
  - 8. The system as recited in claim 1, wherein the risk determination model predicts a single record identifiability risk for a given record, knowing a set of key attributes, by summing over a population:
    - a probability that an individual is the one appearing in a sample table divided by a cell size for each record corresponding to the individual.
  - 9. The system as recited in claim 8, wherein the cell size is approximated.
  - 10. The system as recited in claim 8, wherein the risk determination model predicts identifiability risk for each of multiple records by subtracting from 1:
    - 1 minus the single record identifiably risk to exponent m, where m is the number of records.
  - 11. The system as recited in claim 1, wherein the risk determination model includes a combined privacy risk model configured to combine risk assessment for a plurality of risk factors.

12. A risk monitoring system, comprising:
- an information system configured to disclose information to an entity;
  
  a risk determination model configured to compute identifiability risk for on one or more records in storage;
  
  a privacy monitor configured to receive the one or more records being released, and prior to disclosing the one or more records to the entity, the privacy monitor being configured to detect whether the identifiability risk exceeds a threshold and perform a function to mitigate unauthorized disclosure of the records to the entity.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The system as recited in claim 12, wherein the information system builds the risk determination model based on the one or more records of input data.
  - 14. The system as recited in claim 12, wherein the information system builds the risk determination model using records having a highest identifiability for a combination attributes.
  - 15. The system as recited in claim 12, wherein the risk determination model computes identifiability risk for a given record based on a reciprocal of a subset of records or cell size from a population table that includes only the records that have values of all attributes in a set of key attributes included in the given record.
  - 16. The system as recited in claim 15, wherein the cell size is approximated.
  - 17. The system as recited in claim 12, wherein the risk determination model computes identifiability risk for multiple records by subtracting from 1:
    - a sum of 1 minus the identifiably risk for all records in a sample table.
  - 18. The system as recited in claim 12, wherein the risk determination model predicts identifiability risk for records input to the information system.
  - 19. The system as recited in claim 12, wherein the risk determination model predicts a single record identifiability risk for a given record, knowing a set of key attributes, by summing over a population:
    - a probability that an individual is the one appearing in a sample table divided by a cell size for each record corresponding to the individual.
  - 20. The system as recited in claim 19, wherein the cell size is approximated.
  - 21. The system as recited in claim 19, wherein the risk determination model predicts identifiability risk for each of multiple records by subtracting from 1:
    - 1 minus the single record identifiably risk to exponent m, where m is the number of records.
  - 22. The system as recited in claim 12, wherein the risk determination model includes a combined privacy risk model configured to combine risk assessment for a plurality of risk factors.

23. A method for privacy protection, comprising:
- evaluating identifiability risk for one or more records in storage using a risk assessment model;
  
  comparing the identifiability risk with a threshold to determine whether the one or more records can be disclosed to a third party without violation of privacy criteria; and
  
  disclosing the one or more records if disclosure is acceptable based on the comparing step.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 24. The method as recited in claim 23, further comprising, prior to disclosing the one or more records to the third party, detecting whether the identifiability risk exceeds a threshold and performing a function to mitigate unauthorized disclosure of the records to the third party.
  - 25. The method as recited in claim 23, further comprising building the risk determination model using records having a highest identifiability for a combination attributes.
  - 26. The method as recited in claim 23, wherein evaluating includes computing identifiability risk for a given record based on a reciprocal of a subset of records or cell size from a population table that includes only the records that have values of all attributes in a set of key attributes included in the given record.
  - 27. The method as recited in claim 26, further comprising approximating the cell size.
  - 28. The method as recited in claim 23, wherein evaluating includes computing identifiability risk for multiple records by subtracting from 1:
    - a sum of 1 minus the identifiably risk for all records in a sample table.
  - 29. The method as recited in claim 23, wherein evaluating includes predicting identifiability risk for records input to an information system.
  - 30. The method as recited in claim 23, wherein evaluating includes predicting a single record identifiability risk for a given record, knowing a set of key attributes, by summing over a population:
    - a probability that an individual is the one appearing in a sample table divided by a cell size for each record corresponding to the individual.
  - 31. The method as recited in claim 30, further comprising approximating the cell size.
  - 32. The method as recited in claim 30, wherein evaluating includes predicting identifiability risk for each of multiple records by subtracting from 1:
    - 1 minus the single record identifiably risk to exponent m, where m is the number of records.
  - 33. The method as recited in claim 23, further comprising combining risks using a combined privacy risk model configured to combine risk assessment for a plurality of risk factors.

34. A computer program product of privacy protection comprising a computer useable medium including a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
- evaluating identifiability risk for one or more records in storage using a risk assessment model;
  
  comparing the identifiability risk with a threshold to determine whether the one or more records can be disclosed to a third party without violation of privacy criteria; and
  
  disclosing the one or more records if disclosure is acceptable based on the comparing step.
- View Dependent Claims (35)
- - 35. The computer program product as recited in claim 34, further comprising wherein evaluating includes predicting identifiability risk for records input to an information system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Angela Marie Schuett, Anton Riabov, Weifeng Chen, Zhen Liu
Original Assignee
Angela Marie Schuett, Anton Riabov, Weifeng Chen, Zhen Liu
Inventors
Riabov, Anton, Liu, Zhen, Schuett, Angela Marie, Chen, Weifeng

Granted Patent

US 8,332,959 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/30
CPC Class Codes

G06Q 10/10 Office automation; Time man...

SYSTEM AND METHOD FOR PRIVACY PROTECTION USING IDENTIFIABILITY RISK ASSESSMENT

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR PRIVACY PROTECTION USING IDENTIFIABILITY RISK ASSESSMENT

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links