Database Privacy Protection Devices, Methods, And Systems

摘要

A system for reducing the information content of a data stream according to privacy requirements that vary according to referents of the data while maximizing the utility of the data stream in the aggregate. In embodiments, a receiver of data characterizing multiple referents extracts information such as statistics. A filter may reduce the information content of the data to reduce the probability that the receiver could uniquely identify any single referent from the data, according to privacy requirements that vary by the referent. The filter allows this to be done in a way that allows the utility of the data to be maximized when the permitted probability of identification varies among the referents.

主权项

1. A data filtering method for a communication system connecting a source of private data with a user over a network, comprising:
at at least one network server, receiving private data from first multiple remote stations connected over a network, the private data including vectors, each characterizing a referent, the referents including objects, events, or persons; at the at least one network server:
determining privacy requirement data corresponding to subsets of the referents;filtering the private data to generate released data, the filtering including suppressing elements of the vectors characterizing each subset of the referents according to the privacy requirement data respective thereto; the suppressing being such that the number of groups of indistinguishable referents in the released data is higher than in the private data and the size of the groups varies according to the privacy requirement data; from the at least one network server:
transmitting data derived from the released data to one or more receivers.