Privacy-preserving matching service

摘要

Described herein are technologies pertaining to protecting user privacy in connection with attribute-based matching services. A user registers with a platform that includes a plurality of non-collaborating partitions, where registration includes transmitting a message to the platform that indicates that the user has one or more attributes corresponding thereto. Through selective encryption and a communications protocol amongst the partitions, none of the partitions are able to ascertain that the user has the attributes. Acting in conjunction, however, the plurality of partitions perform rich attribute.

主权项

1. A method, comprising:
at a first computing partition, performing a first plurality of acts, the first plurality of acts comprising:
receiving a request from a computer-executable application to match a first entity with a second entity based upon an attribute of the first entity, the request comprising a first anonymous identifier of the first entity;responsive to receiving the request, searching a first dataset based upon the first anonymous identifier;based upon the searching of the first dataset, identifying a first obscured linkage that represents that the first entity represented by the first anonymous identifier has a first attribute, wherein the first computing partition is unable to ascertain that the first anonymous identifier represents the first entity or that the first attribute is the attribute; andtransmitting the obscured linkage to a second computing partition; at the second computing partition, performing a second plurality of acts, the second plurality of acts comprising:
receiving the obscured linkage from the first computing partition;responsive to receiving the obscured linkage from the first computing partition, searching a second dataset based upon the first obscured linkage;based upon the searching of the second dataset, identifying the attribute represented by the obscured linkage;responsive to identifying the attribute represented by the obscured linkage, searching the second dataset based upon the attribute;based upon the searching of the second dataset, identifying a second obscured linkage, wherein the second computing partition is unable to ascertain an identity of an entity that has the attribute based upon the second obscured linkage; andtransmitting the second obscured linkage to the first computing partition; at the first computing partition, performing a third plurality of acts, the third plurality of acts comprising:
receiving the second obscured linkage from the second computing partition;responsive to receiving the second obscured linkage, searching the first dataset using the second obscured linkage; andbased upon the searching of the first dataset using the second obscured linkage, identifying a second anonymous identifier that represents the second entity, the first computing partition unable to ascertain that the second anonymous identifier represents the second entity or that the second entity has the attribute; transmitting a signal to the computer-executable application that indicates that the first entity is matched with the second entity.