KR20160044553A - Method and apparatus for utility-aware privacy preserving mapping through additive noise - Google Patents

Abstract

These embodiments focus on the privacy-utility tradeoff encountered by a user who wishes to release to the analyst some public data (denoted by X) associated with private data (denoted by S) in the hope of obtaining some utility It is tailored. If noise is added as a privacy protection mechanism, i.e., Y = X + N, then -Y is the data actually released to the analyst and N is noise-we add that adding Gaussian noise It is optimal. We present a mechanism to add Gaussian noise that minimizes the worst case information leakage by Gaussian mechanism. The parameters for the Gaussian mechanism are determined based on the eigenvectors of the covariance of X and eigenvalues. We also develop a probability privacy protection mapping mechanism for discrete data X, where the random discrete noise follows a maximum-entropy variance.

Description

[0001] METHOD AND APPARATUS FOR UTILITY-AWARE PRIVACY PRESERVING MAPPING THROUGH ADDITIVE NOISE [0002]

Cross reference to related applications

This application claims the benefit of the filing date of the following US Provisional Application, which is hereby incorporated by reference in its entirety for all purposes: "Method and Apparatus for Utility-Aware Privacy Preserving Mapping " filed August 19, Serial No. 61 / 867,546 entitled " through Additive Noise ".

This application is related to U.S. Provisional Patent Application No. 61 / 691,090 ("Fawaz"), filed on August 20, 2012 and entitled "A Framework for Privacy against Statistical Inference". This application is expressly incorporated herein by reference in its entirety.

(1) Attorney Docket No. PU130120, entitled " Method and Apparatus for Utility-Aware Privacy Preserving Mapping Against Inference Attacks, " and (2) "Method and Apparatus for Utility-Aware Privacy Preserving Mapping in View of Collusion and Composition ", assigned to the assignee of the present invention and assigned to Attorney Docket No. PU130121, both of which are incorporated herein by reference in their entireties.

The present invention relates to a method and apparatus for protecting privacy, and more particularly to a method and apparatus for adding noise to user data to protect privacy.

In the era of Big Data, the collection and mining of user data has become a fast-growing and common practice by multiple private and public agencies. For example, technology companies can utilize user data to provide personalized services to their customers, or government agencies can rely on data to deal with a variety of challenges, such as national security, national health, budget and funding, Medical institutions analyze data to find causes and potential treatments for diseases. In some instances, the collection, analysis, or sharing of user data with third parties is performed without the user's consent or awareness. In other examples, the user voluntarily releases the data to a particular analyst and obtains the service in response thereto, for example by releasing product ratings to obtain recommendations. Such a service, or other benefit that a user derives from granting access to user data, may be referred to as a utility. In any case, some of the collected data may be regarded as sensitive by the user, for example, political views, health status, income levels, or seemingly innocuous at first glance, such as product ratings, Privacy risk may arise because it can lead to inferences of more sensitive data. The latter risk is referred to as an inference attack, which is a technique for inferring private data using its correlation with publicly released data.

The present principles provide a method for processing user data for a user, the method comprising: accessing user data including private data and public data, wherein the private data corresponds to a first data category, Corresponding to 2 data categories; Determining a covariance matrix of the first data category; Generating Gaussian noise in response to a covariance matrix; Modifying the common data by adding the generated Gaussian noise to the public data of the user; And releasing the modified data to at least one of the service provider and the data collection agency as described below. These principles also provide an apparatus for performing these steps.

The principles also provide a method for processing user data for a user, the method comprising: accessing user data including private data and public data; Accessing the constraints on utility D - the utility responds to the user's public data and release data; Generating a random noise Z in response to a utility constraint; the random noise follows a maximum entropy probability distribution under a utility constraint; And adding the generated noise to the user ' s public data to generate release data for the user as described below. These principles also provide an apparatus for performing these steps.

The present principles also provide a computer-readable storage medium having stored thereon instructions for processing user data for a user in accordance with the methods described above.

1 is a flow diagram depicting an exemplary method for protecting privacy by adding Gaussian noise to continuous data, in accordance with an embodiment of the present principles.
Figure 2 is a flow diagram depicting an exemplary method for protecting privacy by adding discrete noise to discrete data, in accordance with embodiments of the present principles.
3 is a block diagram depicting an exemplary privacy agent, in accordance with an embodiment of the present principles.
4 is a block diagram depicting an exemplary system with multiple privacy agents, in accordance with an embodiment of the present principles.

We take into account the settings described in Fawaz, where the user has two types of correlated data: some data that he wants to leave private, non-private data that is intended to be released to analysts and may derive some utilities For example, a release of media preference to a service provider is intended to receive more accurate content recommendations.

As used in this application, a terminology analyst, which may be part of a service provider's system, for example, refers to a recipient of release data that uses surface data to provide a utility to a user. The analyst is the legitimate recipient of the release data. However, the analyst may also illegally use the release data and infer some information about the user's private data. This creates a conflict between privacy and utility needs. In order to reduce the threat of speculation while maintaining the utility, the user has to create a "distorted version" of the data, generated according to a conditional probabilistic mapping, called a "privacy preserving mapping" "Can be released.

In the present application, we have determined that the data that the user wants to leave private as "private data ", data that the user intends to release as" public data & Refer to released data. For example, a user may want to keep his political views private and may be willing to modify and release his TV rankings (e.g., the actual rank of the user's program is 4, 3). In this case, the user's political view is considered to be private data for this user, the television rankings are considered to be common data, and the released modified TV rankings are considered to be release data. Another user may be willing to release both political views and TV rankings without modification, so that for this other user, when only political views and TV rankings are considered, private data, public data, and release data It should be noted that there is no difference between the two. As many people release political views and TV rankings, analysts can derive correlations between political views and TV rankings, so they can infer the political views of users who want to maintain their political views privately.

With respect to private data, this refers to data indicating that the user does not want to be inferred from other data released, as well as to indicate that the user should not be released publicly. Public data is data that allows a user to release a privacy agent in a distorted way, perhaps to prevent inference of private data.

In one embodiment, the common data is data that the service provider has requested the user to provide the service to the user. However, the user will distort (i.e., modify) it before releasing it to the service provider. In yet another embodiment, the public data is data that is marked as "public " by the user in that it does not mind releasing as long as the release takes the form of protecting against speculation of private data.

As discussed above, whether a particular category of data is to be considered private or public data is based on the particular user's perspective. For ease of representation, we refer to a particular category of data as private or public data from the perspective of the current user. For example, when attempting to design a privacy-protected mapping for the current user who wants to maintain a political, private view, we may use political views of both current and current users who are willing to release his political views, Quot;

In this principle, we use the distortion between release data and public data as a measure of utility. If the distortion is larger, the release data is significantly different from the public data and more privacy is protected, but the utility derived from the distortion data may be lower for the user. On the other hand, if the distortion is smaller, the release data is a more accurate representation of the public data and the user can receive more utilities, for example, more accurate content recommendations.

In one embodiment, in order to protect privacy against statistical reasoning, we solve the optimization problem that is subject to distortion constraints and minimizes the information leakage defined as the amount of mutual information between private and release data Model private-utility tradeoffs and design privacy-protected mappings.

In Fawaz, looking for a privacy-protected mapping relies on a basic assumption that a joint distribution linking private and release data is known and can be provided as input to the optimization problem. In practice, a true prior distribution is not known, but some conventional statistics can be estimated from a set of sample data that can be observed. For example, the pre-combined distribution may be a set of publicly releasing categories of different data that do not have an interest in privacy and may be considered private or public data by interested users about their privacy Can be estimated from users. Alternatively, when private data can not be observed, the distribution of the public data to be released, or simply its secondary order statistics, may be estimated from a set of users who have just released their public data . Next, the estimated statistics based on the set of these samples are used to design a privacy protection mapping mechanism that will be applied to new users interested in their privacy. In fact, there may be a discrepancy between the estimated dictionary and the true dictionary statistics, for example due to a small number of observable samples or due to the incompleteness of the observable data.

로 표시된다. X는 랜덤 변수

로 표시된 사적 데이터와 상관된다. S와 X의 상관은 결합 분포 P_S,X에 의해 정의된다. 랜덤 변수

로 표시된 릴리즈 데이터는 X의 왜곡된 버전이다. Y는 커널

을 통해 X를 통과시키는 것을 통해 달성된다. 본 출원에서, 용어 "커널(kernel)"은 확률적으로 데이터 X를 데이터 Y에 매핑하는 조건부 확률을 지칭한다. 즉, 커널

은 우리가 설계하기를 원하는 프라이버시 보호 매핑이다. Y는 본 출원에서, X만의 확률 함수(probabilistic function)이기 때문에, 우리는 S→X→Y가 마르코프 체인(Markov chain)을 형성한다고 가정한다. 따라서, 우리가

를 정의하면, 우리는 결합 분포

와 특히 결합 분포 P_S,Y를 갖는다.To formulate this problem, the common data is a random variable with a probability distribution P _X

. X is a random variable

As shown in FIG. The correlation between S and X is defined by the joint distribution P _{S, X.} Random variable

Is a distorted version of X. Y is the kernel

Lt; RTI ID = 0.0 > X < / RTI > In the present application, the term "kernel" refers to the conditional probability of mapping data X to data Y probabilistically. That is,

Is a privacy protection mapping we want to design. Since Y is a probabilistic function of X only in the present application, we assume that S → X → Y forms a Markov chain. Therefore,

We define the combined distribution

And in particular the joint distribution P _{S, Y.}

In the following, we first define the concept of privacy, then define the concept of accuracy.

은 결합 분포

에 기인한 분포 P_S,Y가 수학식 (1)

을 충족할 경우에

-발산 사적(divergence private)이라고 불리고, 여기서, D(.)은 K-L 발산이고,

은 랜덤 변수의 기대값이고, H(.)는 엔트로피이고,

는 누설 인수라고 불리고, 상호 정보량 I(S;Y)은 정보 누설을 나타낸다. Definition 1. Assume S → X → Y. Kernel

Bond distribution

The distribution P _{S, Y} due to the expression (1)

If you meet

- called divergence private, where D (.) Is the KL divergence,

Is the expected value of the random variable, H (.) Is the entropy,

Is referred to as a leakage factor, and mutual information amount I (S; Y) represents information leakage.

=0일 경우에 메커니즘이 풀 프라이버시(full privacy)를 갖는다고 말한다. 극단적인 경우들에서,

=0은 릴리즈된 랜덤 변수 Y가 사적 랜덤 변수 S와 별개라는 것을 의미하고,

=1은 S가 Y로부터 완벽하게 복구가능하다는 것을 의미한다(S는 Y의 결정 함수(deterministic function)이다). 우리는 Y가 풀 프라이버시(

=0)를 갖도록 S와 완전히 독립적이라고 가정할 수 있지만, 이것은 빈약한 정확도 레벨로 이어질 수 있다는 것에 유의해야 한다. 우리는 다음과 같이 정확도를 정의한다.We are

= 0, the mechanism is said to have full privacy. In extreme cases,

= 0 means that the released random variable Y is independent of the private random variable S,

= 1 means that S is completely recoverable from Y (S is a deterministic function of Y). We assume that Y is full privacy (

= 0), but it should be noted that this may lead to poor accuracy levels. We define the accuracy as follows.

를 왜곡 측도라고 하자. 커널

은

인 경우에 D-정확이라고 불려진다.Definition 2.

Let's call it a distortion measure. Kernel

silver

It is called D-accurate.

와 왜곡 레벨 D간에 트레이드오프가 있다.Leakage factor of privacy-protected mapping

And the distortion level D is a trade-off.

This principle suggests ways to design utility-aware privacy-protected mappings when only pre-local statistical knowledge is available. More specifically, the present principles provide privacy protection mapping mechanisms as classes of additive noise mechanisms, where noise is added to public data before public data is released. In the analysis, we assume that the mean value of the noise is zero. The mechanism may also be applied when the average is not zero. In one example, the results are the same for the non-zero mean as entropy is not averaged. The mechanisms need only knowledge of the second moments of the data to be released for both continuous data and discrete data.

Gaussian  mechanism

In one embodiment, we consider privacy protection mapping schemes that can be achieved by adding consecutive common data X and noise to the signal, i.e., Y = X + N. Exemplary consecutive data may be the user's key or blood pressure. The mapping is obtained by knowing VAR (X) (or covariance matrix in the case of multidimensional X), without knowledge of P _X and P _{S, X.} First, we will show that it is optimal to add Gaussian noise among all the privacy protection mapping mechanisms when noise is added to the public data to protect privacy.

가 S의 결정 함수인 경우, I(S;Y)=I(X;Y)이고 바운드는 타이트(tight)하다(이것은 예를 들어, 어떤 행렬 A의 경우에 X=AS일 때 선형 회귀시 발생한다).Since S → X → Y, we have I (S; Y) ≤I (X; Y). To bound the information leak I (S; Y), we bound to I (X; Y).

(X; Y) and the bound is tight (this may occur in linear regression when X = AS for some matrix A, for example) do).

이라고 하자. C_X에 의해 X의 공분산 행렬을 표시한다. Y=X+N이라고 하고, 여기서 N은 평균 0과 공분산 행렬 C_N을 가지면서, X와는 별개의 잡음이다. 우리는 하나의 랜덤 변수만이 있을 때 분산

의 표기를 사용하고, 다수개 있을 때 분산(C_N)을 사용한다는 것에 유의해야 한다. 우리는 다음 결과를 갖는다.

. The covariance matrix of X is displayed by C _X. Y = X + N, where N is a noise distinct from X, with an average of 0 and a covariance matrix C _N. When we have only one random variable,

And use variance (C _N ) when there are multiple. We have the following results.

의 경우에 단지

를 알고 있다고 가정한다. 또한, 신호 X에 독립적 잡음 N을 추가함으로써 획득되는 프라이버시 보호 메커니즘들의 클래스를 고려한다. 잡음은 어떤

의 경우에

보다 크지 않은 분산(

-노름 왜곡(norm distortion))과 제로 평균을 갖는다. 우리는 하기 의미에서, 가우시안 잡음이 최선이라는 것을 보일 것이다: Proposition 2. P _X was not known at the time of designing the privacy-protected mapping,

In the case of

. It also takes into account the class of privacy protection mechanisms obtained by adding the independent noise N to the signal X. The noise is

in case of

Greater than variance (

- norm distortion) and zero average. We will see in the following sense that Gaussian noise is the best:

, (15)

, (15)

=

=0이고

이다. 이것은 N_G를 이용한 최악의 경우의 정보 누설은 N을 이용한 최악의 경우의 정보 누설보다 크지 않다는 것을 의미한다.Where N _G is the Gaussian noise and N is the random variable

=

= 0

to be. This means that the worst-case information leakage using N _G is not greater than the worst-case information leak using N.

Proof: Using the Gaussian Intaglio Theorem, we

(16)을 가지고

(16)

을 가진 가우시안 분포를 갖는다. 이것은 증명을 완료한다.

Where X _G is the zero mean and variance

With a Gaussian distribution. This completes the proof.

-노름 왜곡 제약하에서, 가산성 잡음들의 패밀리중에서 최적의 해결책이라는 것을 알았다. 다음에서, 우리는 가우시안 잡음이 공용 데이터에 추가되게 될 최적의 파라미터들을 결정한다. 우리는 가우시안 메커니즘에 의해 가우시안 잡음을 그러한 파라미터들에 추가하는 메커니즘을 표시한다.Now we add Gaussian noise when noise is added to protect privacy

Under the gambling distortion constraint, we have found that this is the optimal solution among the family of additive noise. In the following, we determine the optimal parameters by which the Gaussian noise will be added to the common data. We present a mechanism for adding Gaussian noise to such parameters by a Gaussian mechanism.

In one exemplary embodiment, for a given C _X and distortion level D, the Gaussian mechanism proceeds by the steps illustrated in FIG.

Method 100 begins at 105. At step 110, statistical information is estimated based on data released by users not interested in the privacy of public or private data. We label these users as "public users" and mark users who are interested in the privacy of private data as "private users".

Statistics can be collected by crawling the web and accessing different databases, or by a data aggregator, such as bluekai.com. Which statistical information can be collected depends on what public users release it. It should be noted that it requires less data to characterize the dispersion than to characterize the perimeter distribution P _X. Thus, we can be in a situation where we can estimate the variance, but can not accurately estimate the marginal distribution. In one example, we can obtain the mean and variance (or covariance) of the common data at step 120 based solely on the collected statistical information.

In step 130, we shall take the eigenvalue decomposition of the covariance matrix C _X. The covariance matrix of the Gaussian noise N _G has eigenvectors equal to the eigenvectors of C _X. In addition, the corresponding eigenvalues of C _N are given by the following optimization problem

(17)

(17)

Given by solving

와

는 각각 고유값들 C_X와 C_N를 표시한다. 다음으로, 결정된 고유벡터들과 고유값들로부터, 우리는 그것의 고유분해를 통해, 가우시안 잡음에 대한 공분산 행렬 C_N을 결정할 수 있다. 다음으로, 우리는 가우시안 잡음

을 생성할 수 있다. 왜곡은

로 주어지고, 여기서 tr()은 대각 원소들의 합계를 표시하고 n은 벡터 X의 차원이다.here,

Wow

Represent the eigenvalues C _X and C _N , respectively. Next, from the determined eigenvectors and eigenvalues, we can determine the covariance matrix C _N for Gaussian noise through its eigen decomposition. Next, we use Gaussian noise

Can be generated. Distortion

, Where tr () denotes the sum of the diagonal elements, and n is the dimension of the vector X.

In step 140, the Gaussian noise is added to the shared data, and that is Y = X + N _G. Next, the distortion data is released to the service provider or data collection agency, for example, at step 150. The method 100 ends at step 199.

-노름 왜곡 제약하에서 최적이라는 것을 입증한다.In the following theorem, we see that the proposed Gaussian mechanism

- It proves to be optimal under gambling distortion constraints.

-노름 왜곡과 주어진 왜곡 레벨, D을 가정하면, 상호 정보량을 최소화하는 가우시안 메커니즘에서의 최적 가우시안 잡음은: Theorem 3.

- Given the gambling distortion and the given distortion level, D, the optimal Gaussian noise in the Gaussian mechanism minimizing the amount of mutual information is:

It is satisfied that the covariance matrix of the optimal noise N _G has eigenvectors equal to the eigenvectors of C _X. In addition, the eigenvalues are given in (17).

, (18)을 가지고, Proof: We are

, And (18)

를 최소화하여야 하는데, 그 이유는 이것이 가우시안 X에 의해 달성될 수 있기 때문이다.

를 얻기 위해 반확정 행렬 C_X의 고유값 분해를 고려하고, 여기서

이고

는 C_X의 고유값들을 포함하는 대각 행렬이다. 우리는

를 가지고 최적화 문제는 Here, inequalities can be found in 2012, Wiley-interscience, Elements of information theory, Cover (TM Cover) and J.A. It comes from the theorem 8.6.5 of the book by Thomas Thomas (JA Thomas). Since we do not know the variance of X, we have an upper bound,

Should be minimized, since this can be achieved by Gaussian X. < RTI ID = 0.0 >

Lt; RTI ID = 0.0 > _Cx , < / RTI > where < RTI ID =

ego

Is a diagonal matrix containing the eigenvalues of C _X. We are

Optimization problems with

이 된다.

.

라고 가정한다.

이

의 고유값들이라고 하자. 미국 수학 협회의 회의록, "Bounds for the determinant of the sum of Hermitian matrices", 엠. 피들러(M. Fiedler)에 의한 논문의 정리 1에 따르면, 우리는

를 가지고 등식은

가 대각 행렬인 경우에 성립한다. 따라서, 동일한 고유값들

을 가진 대각 행렬을 이용하여, 우리는 동일 왜곡 레벨 및 더 작은 누설을 달성하는데, 이것은 최적성과 모순된다. 따라서,

는 대각 행렬이다.

Without loss of generality,

.

this

. Minutes of the American Mathematical Society, "Bounds for the determinants of the sum of Hermitian matrices", M. According to the paper 1 by M. Fiedler,

Equation with

Is a diagonal matrix. Thus, the same eigenvalues

, We achieve the same distortion level and smaller leakage, which is inconsistent with the optimality. therefore,

Is a diagonal matrix.

이고

이라고 가정한다. S→X→Y이기 때문에, 우리는 I(X;Y)=I(S;Y)를 갖는다.

이고 Y=X+N이라고 하자. 임의의

의 경우, 우리는 (

,D)-발산-왜곡 사적을 달성할 수 있고, 여기서

이다. Example 3. X is a deterministic real-valued function of S,

ego

. Since S → X → Y, we have I (X; Y) = I (S; Y).

And Y = X + N. random

In this case,

, D) - divergence-distortion can be achieved, where

to be.

>0에 대해서만 통한다. 우리가 완벽한 프라이버시, 즉,

=0를 갖기를 원한다면, 이 방식은

를 선택한다. 실제로, 이것은 Y가 X와 독립적이라는 것을 의미한다. 우리가

(결정론적 값)라고 가정하면, I(Y;S)=0이고

이다. 따라서, VAR(X)보다 크거나 이와 동일한 왜곡 레벨의 경우,

를 설정하는 결정론적 메커니즘은

=0를 달성한다. Comment 1. This analysis

> 0 only. We have perfect privacy,

If you want to have = 0,

. In practice, this means that Y is independent of X. we

(Deterministic value), I (Y; S) = 0

to be. Thus, for distortion levels greater than or equal to VAR (X)

The deterministic mechanism to set

= 0.

을 가진 가우시안 잡음을 추가함으로써, 우리가

-차별적 프라이버시(differential privacy)를 달성할 수 있다는 것이 보여줄 수 있다. 이 방식은 왜곡

와 정보의 누설

이 초래된다. 비교를 위한 질적 방식은

차별적 프라이버시 가우시안 메커니즘을 이용하면, 우리가 작은 누설을 달성하기 위해 큰 왜곡을 필요로 할 것이라는 것을 말한다. 한편, 본 원리에 따른 발산 프라이버시 가우시안 메커니즘을 이용하면, 최소 왜곡 D을 가지며 L 비트들을 누설시키는 방식은 임의의

-차별적 프라이버시를 달성하고, 여기서

이다. Example 5. Distributed

By adding a Gaussian noise with

- It can be shown that differential privacy can be achieved. This method is called distortion

And leakage of information

. The qualitative method for comparison is

Using a differential privacy Gaussian mechanism, we say that we will need large distortions to achieve a small leak. On the other hand, using the diverging privacy Gaussian mechanism according to the present principle, the method of having the minimum distortion D and leakage of the L bits can be arbitrary

- Achieving differential privacy, where

to be.

Discrete Mechanism

이다. 다시, 우리는 I(S;Y)를 바운드하기 위해 I(X;Y)로 바운드한다. 왜곡 측도가

노름이라고 하고, 즉 어떤

인 경우에 X와 Y간의 왜곡이

라고 하자.In another embodiment, we consider the discrete random variable X, where

to be. Again, we bound to I (X; Y) to bind I (S; Y). The distortion measure

It is called gambling, that is,

The distortion between X and Y is

Let's say.

에 대해, 주어진 D보다 작거나 이와 동일한

노름을 가진 모든 랜덤 변수 중에서,

에 의해 최대 엔트로피를 갖는 분산을 표시한다. 보다 형식적으로,

는 다음 최적화

에서 최대 목적 함수를 달성하는 확률 측도이다. Definition 5. Given

For a given D, < RTI ID = 0.0 >

Of all the random variables with gambling,

Lt; RTI ID = 0.0 > entropy < / RTI > More formally,

Next Optimization

Lt; / RTI > is a probability measure that achieves the maximum objective function in the equation.

모멘트상의 제약에 종속되는, 최대 엔트로피 이산 확률 분포

에 있게 된다. 최대 엔트로피는

로 표시된다.That is,

Depending on the constraint on the moment, the maximum entropy discrete probability distribution

. The maximum entropy is

.

와 이것의 엔트로피를 특성화한다.Next, we

And its entropy.

에 대해,

는

에 의해 주어지고, 여기서 A와 B는

이고

이 되도록 선택된다. 게다가, 우리는

를 갖는다. Proposition 3. arbitrary

About,

The

, Where A and B are given by

ego

. Moreover,

.

및

로 하여

가 되게 하자.

이기 때문에, 우리는 proof:

And

To

Let's be.

Because we are

를 갖는다.

.

이다.

H (Z) > H (W)

to be.

를 추가하는 메커니즘을 표시한다. 한가지 예시적인 실시예에서, 이산 메커니즘은 도 2에 예시된 바와 같은 단계들에 의해 진행된다.We use discrete mechanisms to remove noise in discrete common data

Lt; / RTI > In one exemplary embodiment, the discrete mechanism proceeds by steps as illustrated in FIG.

와 D에 엑세스한다. 주어진 왜곡 측도

(

)와 왜곡 레벨 D의 경우, 단계 220에서 명제 3에서 주어진 바와 같이 확률 측도

를 계산한다. 분산

은 단지

와 D에 의해 결정되지만, 최종적인 프라이버시 정확도 트레이드오프는 X에 의존할 것이며, 그 이유는 왜곡 제약이 프라이버시와 정확도를 결합하기 때문이라는 것에 유의해야 한다.Method 200 begins at 205. In step 210, to define a distortion measure, parameters, e.g.,

And D. Given a distortion measure

(

) And the distortion level D, the probability measure, as given in Proposition 3 at step 220,

. Dispersion

Only

And D, but note that the final privacy accuracy tradeoff will depend on X, because the distortion constraint combines privacy and accuracy.

이다. 우리는

를 갖는다. 방법 200은 단계 299에서 종료된다.In step 230, the noise is generated in step 240 according to a probability measure before it is added to the public data, i.e. before Y = X + Z, where

to be. We are

. The method 200 ends at step 299.

가 X의

노름을 표시한다고 하자. 민코프스키의 부등식을 이용하여, 우리는

를 갖는다. 따라서, 우리는

를 얻는다. 즉, 이산 메커니즘을 이용할 때 우리가 획득하는 프라이버시 보장(즉, 정보 누설)은 X의 평균

노름과 D 양쪽 모두에 의존하는, 우측 항에 의해 상계가 지어진다.Next, we analyze the mutual information quantity I (X; Y).

Of X

Let's say that it displays gambling. Using Minkowski's inequality, we

. Therefore,

. That is, the privacy guarantees (ie, information leakage) that we gain when using the discrete mechanism are the average of X

Offset is built by the right term, which depends on both gambling and D.

를 특정하는 것 대신에, 잡음의 파라미터들이 되는 간단한 문제로 최적화 문제를 축소시킨다는 것이다. 이것은 최적화의 사이즈를 현저하게 축소시킬 수 있으며, 또한 그에 따라 그것을 해결하기 위한 그것의 복잡도 및 연산/메모리 요구사항을 현저하게 감소시킨다.The advantage of additive noise technology is that it not only requires a lot of information about X's statistics, but also all the information we need to design,

Instead of specifying the noise parameters, it is a simple problem that reduces the optimization problem. This can significantly reduce the size of the optimization and also significantly reduce its complexity and computation / memory requirements to solve it.

Advantageously, only with knowledge of the joint probability distribution P _{S, X} , and knowledge of the first and second moments of the common data X, this principle applies to both the continuous and discrete data, by adding noise to the common data, A privacy protection mapping mechanism is provided.

A privacy agent is an entity that provides a privacy service to a user. The Privacy Agent may perform any of the following:

- receiving from the user what data he considers to be private, what data he regards as public, and what level of privacy he desires;

- computing a privacy-protected mapping;

Implement a privacy-protected mapping for the user (i.e., distort its data according to the mapping); And

- release the distorted data to a service provider or data collection agency, for example.

These principles may be used in a privacy agent that protects the privacy of user data. FIG. 3 shows a block diagram of an exemplary system 300 in which a privacy agent may be used. Public users 310 release their private data (S) and / or public data (X). As discussed above, public users release public data intact, i.e., Y = X. Information released by public users is statistical information useful to the privacy agent.

The privacy agent 380 includes a statistics gathering module 320, an additive noise generator 330, and a privacy protection module 340. The statistics collection module 320 may be used to collect covariances of public data. Statistics collection module 320 may also receive statistics from data aggregators such as bluekai.com. Depending on the available statistical information, the additive noise generator 330 designs the noise based on, for example, a Gaussian mechanism or a discrete mechanism. The privacy protection module 340 adds the generated noise, thereby distorting the public data of the private user 360 before being released. In one embodiment, the statistics acquisition module 320, the additive noise generator 330, and the privacy protection module 340 may each be used to perform steps 110, 130, and 140 in the method 100.

It should be noted that the privacy agent only needs statistics to work without knowledge of the entire data collected in the data collection module. Thus, in yet another embodiment, the data collection module may be a stand-alone module that collects data and then compiles statistics, and does not need to be part of the privacy agent. The data collection module shares statistics with the privacy agent. In one embodiment, additive noise generator 330 and privacy protection module 340 may each be used to perform steps 220 and 230 in method 200.

The privacy agent is located between the user and the recipient of the user data (e.g., a service provider). For example, the privacy agent may be located in a user device, for example a computer or a set-top box (STB). In another example, the privacy agent may be a separate entity.

All of the modules of the privacy agent may be located in one device or distributed across different devices, for example, the statistics collection module 320 may be located in a data aggregator that releases statistics only to the module 330 Additive noise generator 330 may be located at a user end on a user device that is connected to a "privacy service provider" or to a module 320, and the privacy protection module 340 may include a user, May be located at a user terminal on a user device or at a privacy service provider acting as a mediator between service providers that are desired to release.

The privacy agent may provide the release data to a service provider, such as Comcast or Netflix, which allows the private user 360 to improve the receiving service based on the release data, The recommendation system provides the user with movie recommendations based on his released movie rankings.

In Figure 4, we show that there are multiple privacy agents in the system. In different variants, there is no need for privacy agents to be present everywhere, since this is not a requirement for the privacy system to operate. For example, there may be only one privacy agent at the user device or at the service provider, or both. In Figure 4, we show that there is the same privacy agent "C " for both Netflix and Facebook. In another embodiment, the privacy agents in Facebook and Netfliess may be the same, but not necessarily.

Implementations described herein may be implemented in, for example, a method or process, an apparatus, a software program, a data stream, or a signal. Even when discussed only in the context of a single type of implementation (e.g., discussed only by way of example), the implementation of the features discussed may also be implemented in other forms (e.g., a device or a program). The device may be implemented with, for example, suitable hardware, software, and firmware. The methods may be implemented, for example, in an apparatus such as a processor, for example, generally referring to processing devices including, for example, a computer, microprocessor, integrated circuit, or programmable logic device. The processors also include communication devices such as, for example, computers, cell phones, portable / personal digital assistants ("PDAs"), and other devices that facilitate communication of information between end users.

Reference to "an embodiment" or "an embodiment" or "an embodiment" or "an implementation" of the principles of the present application as well as other modifications thereof, means that the particular features, Quot; is included in at least one embodiment of the principles of < / RTI > Thus, the appearances of the phrases "in one embodiment" or "in an embodiment" or "in one embodiment" or "in an implementation" appearing in various places throughout the specification are not necessarily all referring to the same embodiment It does not refer to it.

Furthermore, the present application, or claims, may refer to "determining " various information. Determining the information may include, for example, one or more of estimating the information, calculating the information, predicting the information, or retrieving information from the memory.

Further, the subject matter, or claims thereof, may refer to "accessing " various information. Accessing information may include, for example, receiving information, retrieving information (e.g., from memory), storing information, processing information, transferring information, It may include one or more of moving, copying information, clearing information, calculating information, determining information, predicting information, or estimating information.

Furthermore, the present application, or claims, may refer to "reception" of various information. Reception is intended to be a broad term such as "access ". Receipt of information may include, for example, one or more of accessing information or retrieving information (e.g., from memory). Also, "receiving" typically includes, for example, storing information, processing information, transferring information, moving information, copying information, deleting information, Computation, information determination, prediction of information, or estimation of information, in one way or another.

As will be apparent to those of ordinary skill in the art, implementations may generate various signals that are formatted, for example, to convey information that may be stored or transmitted. The information may include, for example, instructions for performing the method, or data generated by one of the described implementations. For example, the signal may be formatted to convey the bitstream of the described embodiment. Such a signal may be formatted (e.g., using a radio frequency portion of the spectrum), for example, as an electromagnetic wave, or as a baseband signal. Formatting may include, for example, encoding the data stream and modulating the carrier with the encoded data stream. The information that the signal carries may be, for example, analog or digital information. The signals may be transmitted over a variety of different wired or wireless links, as is known. The signal may be stored on the processor readable medium.

Claims (21)

A method for processing user data for a user,
Accessing the user data including private data and public data, the private data corresponding to a first data category and the common data corresponding to a second data category;
Determining (120) a covariance matrix of the first data category;
Generating (130) Gaussian noise in response to the covariance matrix;
(140) modifying the common data by adding the generated Gaussian noise to the common data of the user; And
Releasing the modified data to at least one of a service provider and a data collection agency (150)
≪ / RTI > The method according to claim 1,
Wherein the public data includes data indicating that the user is publicly releasable and the private data includes data indicating that the user is not publicly released. The method according to claim 1,
Wherein the generating the Gaussian noise comprises:
Determining eigenvalues and eigenvectors of the covariance matrix; And
Determining respective eigenvalues and eigenvectors in response to the determined eigenvalues and eigenvectors, respectively
Lt; / RTI >
Wherein the Gaussian noise is generated in response to the further eigenvalues and eigenvectors. The method according to claim 1,
Wherein the determined other eigenvectors are substantially the same as the determined eigenvectors of the covariance matrix. The method according to claim 1,
Wherein generating the Gaussian noise is further responsive to distortion constraints. The method according to claim 1,
Wherein generating the Gaussian noise comprises generating independently of the information of the second data category. The method according to claim 1,
And receiving a service based on the release data. CLAIMS 1. A method for processing user data for a user,
Accessing the user data including private data and public data;
Accessing (220) constraints on utility D, the utility responding to the user's public data and release data;
Generating (230) random noise Z in response to the utility constraint, the random noise following a maximum entropy probability distribution under the utility constraint;
Adding (140) the generated noise to the public data of the user to generate the release data for the user; And
Releasing (150) the release data to at least one of a service provider and a data collection agency,
≪ / RTI > 9. The method of claim 8,
The random noise may be a distribution,

, A and B follow

Lt; / RTI >

Is an integer. 10. The method of claim 9,

/ RTI > An apparatus for processing user data for a user,
A statistics collection module (320) configured to determine a covariance matrix of a first data category of the user data, including private data and public data, the private data corresponding to the first data category, Corresponds to data category -;
An additive noise generator (330) configured to generate Gaussian noise in response to the covariance matrix; And
Modifying the common data by adding the generated Gaussian noise to the common data of the user, and
A privacy protection module (340) configured to release the modified data to at least one of a service provider and a data collection agency,
/ RTI > 12. The method of claim 11,
Wherein the public data includes data indicating that the user is publicly releasable, and the private data includes data indicating that the user is not publicly released. 12. The method of claim 11,
The additive noise generator 330 generates a noise-
Determining eigenvalues and eigenvectors of the covariance matrix,
And to determine further eigenvalues and eigenvectors in response to the determined eigenvalues and eigenvectors, respectively, and wherein the Gaussian noise is generated in response to the eigenvalues and eigenvectors. 12. The method of claim 11,
Wherein the determined other eigenvectors are substantially identical to the determined eigenvectors of the covariance matrix. 12. The method of claim 11,
Wherein the additive noise generator is configured to respond to a distortion constraint. 12. The method of claim 11,
Wherein the additive noise generator generates the Gaussian noise independently of the information of the second data category. 12. The method of claim 11,
And a processor configured to receive the service based on the release data. An apparatus for processing user data for a user,
A statistics gathering module (320) configured to access constraints on utility D, the utility responsive to the user's public data and release data;
An additive noise generator configured to generate a random noise Z in response to the utility constraint, the random noise following a maximum entropy probability distribution under the utility constraint; And
Accessing the user data including private data and public data,
Add the generated noise to the public data of the user to generate release data for the user, and
A privacy protection module (340) configured to release the release data to at least one of a service provider and a data collection agency,
/ RTI > 19. The method of claim 18,
The random noise

, A and B follow

Lt; / RTI >

Is an integer. 20. The method of claim 19,

/ RTI > 10. A computer-readable storage medium storing instructions for processing user data for a user, according to any one of claims 1 to 10.

Images