Multi-level privacy evaluation

摘要

An multi-level privacy evaluation technology is described for increasing the performance of applications or services that experience high volumes of queries for data with privacy attributes. The multi-level privacy evaluation technology evaluates data using a subset of privacy policy rules and privacy information determined for the data at a backend server and thereby reduces the volume of data that need to be filtered at a frontend server. The multi-level privacy evaluation technology first applies an initial privacy check on a large data set at the backend to authoritatively filter out any data that a viewing user is not permitted to view or access and return as results a smaller data set that the viewing user may be permitted to view or access. A full privacy check is then performed at the frontend on the smaller data set, resulting in reduction in the overall cost of performing privacy checks and reducing latency in displaying data to the viewing user.

主权项

1. A computer-implemented method of evaluating privacy of multiple data items, comprising:
computing, by a backend server, a privacy value of each of the multiple data items, wherein the computing includes:
receiving, from the user, the privacy value of a data item of the multiple data items in a first format, andconverting the privacy value from the first format to a second format, the second format being an approximate privacy value determined based on the first format; storing, by the backend server, the privacy values in association with corresponding data items; and evaluating, by the backend server, the privacy values to determine whether to deny outputting any of the multiple data items, wherein the evaluating includes:
filtering out, by the backend server, one or more data items from the multiple data items whose privacy values do not pass an initial privacy check to generate an initial set of data items, the initial privacy checked performed using at least some of the privacy values in the second format,sending, by the backend server, the initial set of data items to a frontend server computer system for additional filtering,filtering out, by the frontend server, one or more data items from the initial set of data items whose privacy values do not pass a full privacy check to generate a final set of data items, andsending, by the frontend server, the final set of data items to the client device.