WO2016109583A1 - Analytics with privacy - Google Patents
Analytics with privacy Download PDFInfo
- Publication number
- WO2016109583A1 WO2016109583A1 PCT/US2015/067933 US2015067933W WO2016109583A1 WO 2016109583 A1 WO2016109583 A1 WO 2016109583A1 US 2015067933 W US2015067933 W US 2015067933W WO 2016109583 A1 WO2016109583 A1 WO 2016109583A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- question
- query
- identifier
- anonymous response
- response message
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2453—Query optimisation
- G06F16/24534—Query rewriting; Transformation
- G06F16/24547—Optimisations to support specific applications; Extensibility of optimisers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/957—Browsing optimisation, e.g. caching or content distillation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6254—Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
Definitions
- analytics of data may result in the discovery of useful information. Further, analytics and extrapolation of data may allow drawing of conclusions regarding data sets. When capturing data for analytics, extraneous data may be transmitted, which may result in inefficient data transfer over networks. Further, sensitive data may be collected when capturing data for analytics, which may result in concerns of privacy.
- embodiments relate to a method for collecting analytics from devices.
- the method includes receiving a query message comprising a question identifier and a query by a device.
- the method further includes determining a query reply to the query.
- the method further includes obtaining a device identifier for the device.
- the method further includes generating a question-device hash using the question identifier and the device identifier.
- the method further includes generating an anonymous response message comprising the question identifier, the query reply, and the question- device hash.
- the method further includes sending the anonymous response message to the analytics server.
- inventions relate to a system for collecting analytics from devices.
- the system includes a processor, a memory executable by the processor, and a device including a responder and a question- device hash generator.
- the memory includes functionality for receiving a query message comprising a question identifier and a query.
- the memory further includes functionality for determining a query reply to the query.
- the memory further includes functionality for obtaining a device identifier for the device.
- the memory further includes functionality for generating the question-device i hash using the question identifier and the device identifier.
- the memory further includes functionality for generating an anonymous response message comprising the question identifier, the query reply, and a question-device hash.
- the memory further includes functionality for sending the anonymous response message to the analytics server.
- embodiments relate to a non-transitory computer readable medium (CRM) storing various instructions for collecting analytics from devices.
- the instructions include functionality for receiving a query message comprising a question identifier and a query by a device.
- the instructions further include functionality for determining a query reply to the query.
- the instructions further include functionality for obtaining a device identifier for the device.
- the instructions further include functionality for generating a question- device hash using the question identifier and the device identifier.
- the instructions further include functionality for generating an anonymous response message comprising the question identifier, the query reply, and the question-device hash.
- the instructions further include functionality for sending the anonymous response message to the analytics server.
- FIG. 1 shows one or more computing systems in accordance with one or more embodiments of the invention.
- FIGs 2A and 2B show schematic drawings in accordance with one or more embodiments of the invention.
- FIGs 3A and 3B show schematic drawings in accordance with one or more embodiments of the invention.
- FIGs. 4 and 5 show flowcharts in accordance with one or more embodiments of the invention.
- FIG. 6 shows a computing system in accordance with one or more embodiments of the invention.
- ordinal numbers e.g., first, second, third, etc.
- an element i.e., any noun in the application.
- the use of ordinal numbers is not to imply or create any particular ordering of the elements nor to limit any element to being only a single element unless expressly disclosed, such as by the use of the terms "before,” “after,” “single,” and other such terminology. Rather, the use of ordinal numbers is to distinguish between the elements.
- a first element is distinct from a second element, and the first element may encompass more than one element and succeed (or precede) the second element in an ordering of elements.
- embodiments of the invention relate to a computer readable medium (CRM), method, and system for collecting analytics from mobile devices, including receiving, by a device, a query message comprising a question identifier and a query, determining a query reply to the query, obtaining a device identifier for the device, generating a question-device hash using the question identifier and the device identifier, generating an anonymous response message comprising the question identifier, the query reply, and the question-device hash, and sending the anonymous response message to the analytics server.
- the CRM, method, and system further includes comparing the query to a security profile for the device and determining, based on the comparing, that the query is permitted under the security profile.
- the CRM, method, and system for collecting analytics from mobile devices also includes sending, to a plurality of devices, a query message comprising a question identifier, receiving a plurality of anonymous response messages, wherein each of the plurality of anonymous response messages comprises the question identifier and a question-device hash generated from the question identifier and a device identifier, determining a number of unique anonymous response messages based on the question-device hash of each of the plurality of anonymous response messages, and providing the number of unique anonymous response messages to a user.
- the CRM, method, and system further includes receiving, from a device, a first anonymous response message comprising a first question identifier, a first query reply, and a first question- device hash generated from the first question identifier and a device identifier, wherein the device identifier is unreadable from the first anonymous response message, receiving, from the device, a second anonymous response message comprising a second question identifier, a second query reply, and a second question-device hash generated from the second question identifier and the device identifier, wherein the device identifier is unreadable from the second anonymous response message, and providing the first anonymous response message and the second anonymous response message to a user.
- the analytics server (100) comprises a query engine (108).
- the devices e.g., device A (106A), device B (106B), and device N (106N)
- the devices comprise a responder (e.g., responder A (1 10A), responder B (HOB), and responder N (HON)) and a question-device hash generator (e.g., question-device hash generator A (112A), question- device hash generator B (1 12B), and question-device hash generator N (1 12N)).
- the analytics server (100), telecom server (102), and devices are connected via an analytics network (104) (e.g., a local area network (LAN), a wide area network (WAN) such as the Internet, mobile network, or any other type of network).
- the analytics server (100), telecom server (102), and devices e.g., device A (106A), device B (106B), and device N (106N)
- the analytics server (100), telecom server (102), and/or devices may also be implemented on the same or different specialized computer systems of the type found and described in relation to FIG. 6.
- the analytics server (100) is a computer system or group of computer systems configured to provide analytics related to a user response.
- the analytics server (100) may also be configured to send a query message (200) to the devices (e.g., device A (106A), device B (106B), and device N (106N)).
- the analytics server (100) may also be configured to receive an anonymous response message (300) from the devices (e.g., device A (106A), device B (106B), and device N (106N)).
- the analytics server (100) may also be configured to provide anonymous response messages to one or more users.
- the analytics server (100) may also be configured to receive one or more queries from a user.
- the analytics server (100) and the telecom server (102) are implemented in the same server.
- the analytics server (100) and telecom server (102) are connected via an analytics network (104).
- the analytics server (100) comprises a query engine (108).
- the query engine (108) is a computer system, group of computer systems, or software process configured to generate a query message (200), including the question ID (202) and the query (204).
- the query engine (108) is configured to generate the query message (202) using input from a user submitted via an input device connected to the analytics server (100).
- the query engine (108) is configured to generate the query message (202) using data received over the analytics network (104).
- the query engine (108) is configured to send and receive messages from devices (e.g., device A (106A), device B (106B), and device N (106N)).
- the query engine (108) is configured to determine unique anonymous response messages.
- the telecom server (102) is a computer system or group of computer systems configured to send and receive data to and from the devices (e.g., device A (106A), device B (106B), and device N (106N)) and the analytics server (102) via the analytics network (104).
- the telecom server (102) is configured to receive a query message (200) from an analytics server (100) via the analytics network (104) and respond with an anonymous response message (300) via the analytics network (104).
- the telecom server (102) may implement some or all of the functionality of the devices (e.g., device A (106A), device B (106B), and device N (106N)).
- each device e.g. , device A (106 A), device B (106B), and device N (106N)
- a device e.g., device A (106A), device B (106B), and device N (106N)
- a device may be a physical computer system that includes a processor, volatile memory, persistent memory, an output device, and an input device.
- a device may be implemented as a personal computer or computing device operated by a user such as, for example, a smartphone, a laptop computer, a smart television, a smart appliance, a tablet computer, and/or any user device that is capable of interacting over a network connection such as the analytics network (106).
- a user such as, for example, a smartphone, a laptop computer, a smart television, a smart appliance, a tablet computer, and/or any user device that is capable of interacting over a network connection such as the analytics network (106).
- each device e.g., device A (106 A), device B (106B), and device N (106N)
- a responder e.g., responder A (110A), responder B (HOB), and responder N (HON)
- a responder is a process or group of processes configured to interact with analytics server (100) and telecom server (102).
- a responder e.g., responder A (11 OA), responder B (HOB), and responder N (HON)
- a responder is configured to receive one or more query messages (200) and respond with one or more anonymous response messages (300).
- a responder e.g., responder A (1 1 OA), responder B (110B), and responder N (HON)
- each device e.g., device A (106A), device B (106B), and device N (106N)
- a question- device hash generator e.g., question-device hash generator A ( ⁇ 2 ⁇ ), question-device hash generator B (112B), and question-device hash generator N (1 12N)
- a question-device hash generator (e.g., question-device hash generator A (112A), question-device hash generator B (112B), and question-device hash generator N (112N)) is a process or group of processes configured to take as input a question ID (202) and a device identifier associated with a device (e.g., device A (106 A), device B (106B), and device N (106N)) and output a question-device hash (306) that is unique to each question ID (202) and device identifier pair.
- a question-device hash generator (e.g., question-device hash generator A (112A), question- device hash generator B (1 12B). and question-device hash generator N (112N)) utilizes a function to take a question ID (202) and a device ID as inputs, and produces a question- device hash (306) as an output.
- a question-device hash generator (e.g., question-device hash generator A (1 12A), question-device hash generator B (1 12B), and question-device hash generator N (1 12N)) may use any mathematical function well known to one of ordinary skill in the art provided that the results for using two given inputs are the same when used subsequently on the same two inputs, the results for using two different sets of inputs are different when used subsequently on different sets of inputs, and the results are able to be tested for equality.
- supplying a question ID (202) of "QID-001" and a device ID of "001002003004" to the question-device hash generator results in a question-device hash (306) of "EE6E 3ABC” each time the same input set is used.
- changing the device ID input to "002002003004" results in a different question-device hash (306) of "CA99 2D 17.”
- the results of "EE6E 3 ABC” and "CA99 2D 17" can be compared to test for equality.
- the question-device hash (306) does not disclose a device ID, and keeps the device ID anonymous. For example, given a question-device hash (306) of "CA99 2D 17" in the above example, the analytics server (100) is unable to determine the device ID of "002002003004.”
- FIG. 2A shows a data structure for a query message (200) in accordance with one or more embodiments of the invention.
- a query message (200) is a data structure including fields for question ID (202) and a query (204).
- a query message (200) may be stored as a linked list, stack, queue, associative array, or any other format useful for storing the information contained in the query message (200).
- Each field of the query message (200) may be stored in data objects, numerical format, string format, or any other format useful for storing the information contained in that particular field.
- question ID (202) is an alphanumeric identifier associated with a specific query (204).
- each question ID (202) is unique to a specific query (204), such that a different query (204) will have a different question ID (202).
- a query (204) of " ⁇ client device>” may have a question ID (202) of "QID-001,” while a query (204) of " ⁇ brands with negative impression>” may have a question ID (202) of "QID-002.”
- query (204) is a representation of a question to present to a user of a device (e.g., device A (106A), device B (106B), and device N (106N)).
- a query (204) may be a text string, an image, an audiovisual file, or any other manner of conveying information.
- Example queries (204) include " ⁇ client device>,” “ ⁇ brands with negative impression>,” and " ⁇ app launch time>.”
- FIG. 2B shows one or more examples of the query message (200) in one or more embodiments of the invention as described above.
- each row corresponds to an example query message (200)
- the value in the first column corresponds to an example question ID (202)
- the value in the second column corresponds to an example query (204).
- a query message (200) may have a question ID (202) of "QID-001" and a query (204) of " ⁇ client device>.” Additional examples are listed in subsequent rows of FIG. 2B.
- FIG. 3A shows a data structure for an anonymous response message (300) in accordance with one or more embodiments of the invention.
- an anonymous response message (300) is a data structure including fields for a question ID (202), a query reply (304), and a question-device hash (306).
- An anonymous response message (300) may be stored as a linked list, stack, queue, associative array, or any other format useful for storing the information contained in the an anonymous response message (300).
- Each field of the anonymous response message (300) may be stored in data objects, numerical format, string format, or any other format useful for storing the information contained in that particular field.
- the query ID (202) included in the anonymous response message (300) corresponds to the query ID (202) in the query message (200).
- the analytics server (100) is configured to correlate an anonymous response message (300) with a query message (200) and a query (204) based on this query ID (202).
- query reply (304) is a representation of an answer to the query (204) from a user or from a user's device (e.g., device A (106A), device B (106B), and device N (106N)).
- a query reply (304) may be a text string, as an image, as an audiovisual file, or any other manner of conveying information.
- Example query replies (304) to the query (204) of " ⁇ client device>” include " ⁇ ePhone 7>,” “ ⁇ Nova 4>,” and " ⁇ Foci s7>.”
- question-device hash (306) is a data field representing the result of applying the question-device hash generator (e.g., question-device hash generator A (112A), question- device hash generator B (112B), and question-device hash generator N (1 12N)) using a question ID (202) and a device identifier as input.
- the question-device hash (306) is testable for equality, such that two separate question-device hash (306) values can be tested to see if they are equal.
- Example question-device hash (306) values include "EE6E 3 ABC" and "CA99 2D17.”
- FIG. 3B shows one or more examples of the anonymous response message (300) in one or more embodiments of the invention as described above.
- each row corresponds to an example anonymous response message (300)
- the value in the first column corresponds to an example question ID (202)
- the value in the second column corresponds to an example question-device hash (306)
- the value in the third column corresponds to an example query reply (304).
- an anonymous response message (300) may have a question ID (202) of "QID-001,” a question-device hash (306) of “EE6E 3 ABC,” and a query reply (304) of " ⁇ ePhone 7x>.”
- an anonymous response message (300) may have a question ID (202) of "QID-001,” a question-device hash (306) of "CA99 2D17,” and a query reply (304) of " ⁇ Nova 4>.” Additional examples are listed in FIG. 3B.
- FIGs. 1-3B show a configuration of components and/or data structures
- other configurations may be used without departing from the scope of the invention.
- various components and/or data structures may be combined to create a single component.
- the functionality performed by a single component and/or data structure may be performed by two or more components and/or data structures.
- FIG. 4 shows a flowchart in accordance with one or more embodiments of the invention.
- a device receives a query message comprising a question identifier and a query.
- the question ID corresponds to the query, such that each distinct query has a corresponding distinct question ID.
- a question ID may correspond to one or more similar queries (e.g., "client device” and "user device”).
- the question ID "QID- 001" may correspond to the query " ⁇ client device>.”
- the question ID "QID-002" may correspond to the query " ⁇ brands with negative impression>.”
- the query is received from an analytics server and delivered via an analytics network.
- the query is generated by the query engine of the analytics server using input from a user.
- a user of the analytics server may instruct the query engine to generate a query message using the input "app launch time,” after which the query engine constructs a query message with question ID "QID-003" and query " ⁇ app launch time>” and transmits the query message to a device for receipt via the analytics network.
- the device compares the query to a security profile for the device. In one or more embodiments of the invention, in STEP 406 the device determines, based on the comparing the query to the security profile for the device, if the query is permitted under the security profile. In one or more embodiments of the invention, the determination uses a correspondence between allowed or white- listed question IDs and/or queries and the question ID and/or query contained in the received query message. In one or more embodiments of the invention, the determination uses a correspondence between denied or black-listed question IDs and/or queries and the question ID and/or query contained in the received query message. In one or more embodiments of the invention, the device stores the security profile for the device.
- the device receives the security profile for the device via the advertising network.
- the device determines a query reply to the query.
- the device determines a query reply using information stored on the device. For example, in response to a query corresponding to the type of client device, the device may determine a query reply using configuration information stored on the client device.
- the device determines a query reply using input from a user solicited in response to a prompt on the screen of the device. For example, in response to a query corresponding to brands with a negative impression from the user, the device may prompt the user to input brands for which the user has a negative impression, and may determine a query reply to the query using the brands input by the user.
- STEP 406 is that the query is not permitted, in STEP 410 the device sets a query reply to NULL ⁇ e.g., the character ⁇ ,' the string "NULL,” any value representing an empty results set, etc.).
- NULL e.g., the character ⁇ ,' the string "NULL,” any value representing an empty results set, etc.
- the device in STEP 412 the device obtains a device identifier for the device.
- the device obtains a device identifier using information stored on the device.
- the device may obtain a device identifier using a value stored in local persistent memory or in a locally stored configuration file.
- the device obtains a device identifier using information input by the user of the device.
- the device identifier is a set of alphanumeric characters that uniquely identifies each device.
- the device identifier may be a UDID (unique device identifier), MEID (mobile equipment identifier), IMEI (international mobile station equipment identity), IMSI (international mobile subscriber identity), serial number, MAC (media access control) address, or similar.
- the device in STEP 414 the device generates a question-device hash using the question identifier and the device identifier.
- the question-device hash is generated using the question-device hash generator associated with the device.
- the question-device hash generator present on the device may generate the question-device hash of "EE6E 3ABC” using the question ID of "QID-001" and a device ID of "001002003004.”
- the question- device hash generator present on the device may generate the question-device hash of "CA99 2D 17" using the question ID of "QID-001” and a device ID of "002002003004.”
- the question- device hash generator uses a mathematical function such that two input sets produce the same results if the two input sets are the same, two input sets produce different results if the two input sets are not the same, and results are testable for equality.
- the device may generate a question-device hash using implementations of the MD5, SHA-0, SHA-1, or SHA-2 hash algorithms with the question identifier and the device identifier as inputs.
- the device in STEP 416 the device generates an anonymous response message comprising the question identifier, the query reply, and the question-device hash.
- the anonymous response message is generated by the responder on the device. For example, the responder generates an anonymous response message using the question ID of "QID-001," the question-device hash of "EE6E 3 ABC,” and the query reply of " ⁇ ePhone 7x>.”
- FIG. 5 shows a flowchart in accordance with one or more embodiments of the invention.
- an analytics server sends a query message to a group of devices.
- the analytics server may send a query message to device A, device B, and device N.
- the analytics server sends the query message via the analytics network.
- the query message comprises a question ID and a query.
- the question ID corresponds to the query, such that each distinct query has a corresponding distinct question ID.
- a question ID may correspond to one or more similar queries (e.g., "client device” and "user device”).
- the question ID "QID-001” may correspond to the query “ ⁇ client device>.”
- the question ID "QID-002” may correspond to the query " ⁇ brands with negative impression>.”
- the query is generated by the query engine of the analytics server using input from a user.
- a user of the analytics server may instruct the query engine to generate a query message using the input "app launch time,” and the query engine constructs a query message with question ID "QID-003" and query " ⁇ app launch time>” and transfers the query message to a group of devices via the analytics network.
- the analytics server receives a plurality of anonymous response messages.
- the anonymous response messages include a question identifier and a question-device hash generated from the question identifier and a device identifier.
- the anonymous response message comprises a query reply.
- the analytics server receives a plurality of anonymous response messages from some or all of the group of devices to which the analytics server sent the query message.
- the plurality of anonymous response messages is received via the analytics network.
- the analytics server determines a number of unique anonymous response messages based on the question-device hash of each of the plurality of anonymous response messages. For example, anonymous response messages that contain duplicate question-device hashes of already received anonymous response messages may be deleted. In one or more embodiments, the analytics server may determine that question-device hashes are unique even though the question- device hashes correspond to the same question ID. For example, two question- device hashes "EE6E 3 ABC" and "C199 2D17" are unique even though the question-device hashes correspond to the same question ID of "QID-001.”
- the analytics server provides the number of unique response messages to a user.
- the analytics server provides the query replies associated with the anonymous response messages.
- the query replies within the unique response messages are displayed to a user via an output device connected to the analytics server.
- the query replies within the unique response messages are displayed with a corresponding query.
- the output device connected to the analytics server may display a query "client device” and display associated query replies of " ⁇ ePhone 7x>,” “ ⁇ Nova 4>,” and " ⁇ Foci s7>.”
- the analytics server provides the number of unique response messages to a user via a network connection, such as the analytics network.
- the analytics server provides the number of unique response messages to a user in a processed, aggregated, formatted, and/or abstracted form. For example, the analytics server provides the "ePhone" corresponding to a query reply of " ⁇ ePhone 7x>" within a unique anonymous response message.
- the analytics server displays "2 ePhones" corresponding to query replies of " ⁇ ePhone 7x>" and " ⁇ ePhone 5>" within two unique anonymous response messages.
- determination steps may not require a processor to process an instruction unless an interrupt is received to signify that condition exists in accordance with one or more embodiments of the invention.
- determination steps may be performed by performing a test, such as checking a data value to test whether the value is consistent with the tested condition in accordance with one or more embodiments of the invention.
- Embodiments of the invention may be implemented on a computing system. Any combination of mobile, desktop, server, embedded, or other types of hardware may be used.
- the computing system (600) may include one or more computer processor(s) (602), associated memory (604) (e.g., random access memory (RAM), cache memory, flash memory, etc.), one or more storage device(s) (606) (e.g., a hard disk, an optical drive such as a compact disk (CD) drive or digital versatile disk (DVD) drive, a flash memory stick, etc.), and numerous other elements and functionalities.
- the computer processor(s) (602) may be an integrated circuit for processing instructions.
- the computer processor(s) may be one or more cores, or micro-cores of a processor.
- the computing system (600) may also include one or more input device(s) (610), such as a touchscreen, keyboard, mouse, microphone, touchpad, electronic pen, or any other type of input device.
- the computing system (600) may include one or more output device(s) (608), such as a screen (e.g., a liquid crystal display (LCD), a plasma display, touchscreen, cathode ray tube (CRT) monitor, projector, or other display device), a printer, external storage, or any other output device.
- a screen e.g., a liquid crystal display (LCD), a plasma display, touchscreen, cathode ray tube (CRT) monitor, projector, or other display device
- a printer external storage, or any other output device.
- One or more of the output device(s) may be the same or different from the input device(s).
- the computing system (600) may be connected to a network (612) (e.g., a local area network (LAN), a wide area network (WAN) such as the Internet, mobile network, or any other type of network) via a network interface connection (not shown).
- the input and output device(s) may be locally or remotely (e.g., via the network (612)) connected to the computer processor(s) (602), memory (604), and storage device(s) (606).
- LAN local area network
- WAN wide area network
- the input and output device(s) may be locally or remotely (e.g., via the network (612)) connected to the computer processor(s) (602), memory (604), and storage device(s) (606).
- Software instructions in the form of computer readable program code to perform embodiments of the invention may be stored, in whole or in part, temporarily or permanently, on a non-transitory computer readable medium such as a CD, DVD, storage device, a diskette, a tape, flash memory, physical memory, or any other computer readable storage medium.
- the software instructions may correspond to computer readable program code that when executed by a processor(s), is configured to perform embodiments of the invention.
- one or more elements of the aforementioned computing system (600) may be located at a remote location and connected to the other elements over a network (612).
- embodiments of the invention may be implemented on a distributed system having a plurality of nodes, where each portion of the invention may be located on a different node within the distributed system.
- the node corresponds to a distinct computing device.
- the node may correspond to a computer processor with associated physical memory.
- the node may alternatively correspond to a computer processor or micro-core of a computer processor with shared memory and/or resources.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Data Mining & Analysis (AREA)
- Computational Linguistics (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Medical Informatics (AREA)
- Software Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
A method involves collecting analytics from mobile devices. The method may include receiving, by a device, a query message comprising a question identifier and a query, determining a query reply to the query, obtaining a device identifier for the device, generating a question-device hash using the question identifier and the device identifier, generating an anonymous response message comprising the question identifier, the query reply, and the question-device hash, and sending the anonymous response message to the analytics server.
Description
ANALYTICS WITH PRIVACY
BACKGROUND
[0001] In general, analytics of data may result in the discovery of useful information. Further, analytics and extrapolation of data may allow drawing of conclusions regarding data sets. When capturing data for analytics, extraneous data may be transmitted, which may result in inefficient data transfer over networks. Further, sensitive data may be collected when capturing data for analytics, which may result in concerns of privacy.
SUMMARY
[0002] In general, in one aspect, embodiments relate to a method for collecting analytics from devices. The method includes receiving a query message comprising a question identifier and a query by a device. The method further includes determining a query reply to the query. The method further includes obtaining a device identifier for the device. The method further includes generating a question-device hash using the question identifier and the device identifier. The method further includes generating an anonymous response message comprising the question identifier, the query reply, and the question- device hash. The method further includes sending the anonymous response message to the analytics server.
[0003] In general, in one aspect, embodiments relate to a system for collecting analytics from devices. The system includes a processor, a memory executable by the processor, and a device including a responder and a question- device hash generator. The memory includes functionality for receiving a query message comprising a question identifier and a query. The memory further includes functionality for determining a query reply to the query. The memory further includes functionality for obtaining a device identifier for the device. The memory further includes functionality for generating the question-device i
hash using the question identifier and the device identifier. The memory further includes functionality for generating an anonymous response message comprising the question identifier, the query reply, and a question-device hash. The memory further includes functionality for sending the anonymous response message to the analytics server.
[0004] In general, in one aspect, embodiments relate to a non-transitory computer readable medium (CRM) storing various instructions for collecting analytics from devices. The instructions include functionality for receiving a query message comprising a question identifier and a query by a device. The instructions further include functionality for determining a query reply to the query. The instructions further include functionality for obtaining a device identifier for the device. The instructions further include functionality for generating a question- device hash using the question identifier and the device identifier. The instructions further include functionality for generating an anonymous response message comprising the question identifier, the query reply, and the question-device hash. The instructions further include functionality for sending the anonymous response message to the analytics server.
[0005] Other aspects of the invention will be apparent from the following description and the appended claims.
BRIEF DESCRIPTION OF DRAWINGS
[0006] FIG. 1 shows one or more computing systems in accordance with one or more embodiments of the invention.
[0007] FIGs 2A and 2B show schematic drawings in accordance with one or more embodiments of the invention.
[0008] FIGs 3A and 3B show schematic drawings in accordance with one or more embodiments of the invention.
[0009] FIGs. 4 and 5 show flowcharts in accordance with one or more embodiments of the invention.
[0010] FIG. 6 shows a computing system in accordance with one or more embodiments of the invention.
DETAILED DESCRIPTION
[0011] Specific embodiments of the invention will now be described in detail with reference to the accompanying figures. Like elements in the various figures are denoted by like reference numerals for consistency.
[0012] In the following detailed description of embodiments of the invention, numerous specific details are set forth in order to provide a more thorough understanding of the invention. However, it will be apparent to one of ordinary skill in the art that the invention may be practiced without these specific details. In other instances, well-known features have not been described in detail to avoid unnecessarily complicating the description.
[0013] Throughout the application, ordinal numbers (e.g., first, second, third, etc.) may be used as an adjective for an element (i.e., any noun in the application). The use of ordinal numbers is not to imply or create any particular ordering of the elements nor to limit any element to being only a single element unless expressly disclosed, such as by the use of the terms "before," "after," "single," and other such terminology. Rather, the use of ordinal numbers is to distinguish between the elements. By way of an example, a first element is distinct from a second element, and the first element may encompass more than one element and succeed (or precede) the second element in an ordering of elements.
[0014] In general, embodiments of the invention relate to a computer readable medium (CRM), method, and system for collecting analytics from mobile devices, including receiving, by a device, a query message comprising a question identifier and a query, determining a query reply to the query,
obtaining a device identifier for the device, generating a question-device hash using the question identifier and the device identifier, generating an anonymous response message comprising the question identifier, the query reply, and the question-device hash, and sending the anonymous response message to the analytics server. The CRM, method, and system further includes comparing the query to a security profile for the device and determining, based on the comparing, that the query is permitted under the security profile. The CRM, method, and system for collecting analytics from mobile devices also includes sending, to a plurality of devices, a query message comprising a question identifier, receiving a plurality of anonymous response messages, wherein each of the plurality of anonymous response messages comprises the question identifier and a question-device hash generated from the question identifier and a device identifier, determining a number of unique anonymous response messages based on the question-device hash of each of the plurality of anonymous response messages, and providing the number of unique anonymous response messages to a user. The CRM, method, and system further includes receiving, from a device, a first anonymous response message comprising a first question identifier, a first query reply, and a first question- device hash generated from the first question identifier and a device identifier, wherein the device identifier is unreadable from the first anonymous response message, receiving, from the device, a second anonymous response message comprising a second question identifier, a second query reply, and a second question-device hash generated from the second question identifier and the device identifier, wherein the device identifier is unreadable from the second anonymous response message, and providing the first anonymous response message and the second anonymous response message to a user. m one or more embodiments, FIG. 1 shows an analytics server (100), a telecom server (102), an analytics network (104), and devices (e.g., device A (106A), device B (106B), and device N (106N)). The analytics server (100) comprises a query engine (108). The devices (e.g., device A (106A), device B
(106B), and device N (106N)) comprise a responder (e.g., responder A (1 10A), responder B (HOB), and responder N (HON)) and a question-device hash generator (e.g., question-device hash generator A (112A), question- device hash generator B (1 12B), and question-device hash generator N (1 12N)). In one or more embodiments, the analytics server (100), telecom server (102), and devices (e.g. , device A (106A), device B (106B), and device N (106N)) are connected via an analytics network (104) (e.g., a local area network (LAN), a wide area network (WAN) such as the Internet, mobile network, or any other type of network). The analytics server (100), telecom server (102), and devices (e.g., device A (106A), device B (106B), and device N (106N)) may take the form of a specialized computer system of the type found and described in relation to FIG. 6. The analytics server (100), telecom server (102), and/or devices (e.g., device A (106A), device B (106B), and device N (106N)) may also be implemented on the same or different specialized computer systems of the type found and described in relation to FIG. 6. In one or more embodiments of the invention, the analytics server (100) is a computer system or group of computer systems configured to provide analytics related to a user response. Specifically, the analytics server (100) may also be configured to send a query message (200) to the devices (e.g., device A (106A), device B (106B), and device N (106N)). The analytics server (100) may also be configured to receive an anonymous response message (300) from the devices (e.g., device A (106A), device B (106B), and device N (106N)). The analytics server (100) may also be configured to provide anonymous response messages to one or more users. The analytics server (100) may also be configured to receive one or more queries from a user. In one embodiment of the invention, the analytics server (100) and the telecom server (102) are implemented in the same server. In another embodiment of the invention, the analytics server (100) and telecom server (102) are connected via an analytics network (104).
[0017] In one or more embodiments, the analytics server (100) comprises a query engine (108). The query engine (108) is a computer system, group of computer systems, or software process configured to generate a query message (200), including the question ID (202) and the query (204). In one or more embodiments, the query engine (108) is configured to generate the query message (202) using input from a user submitted via an input device connected to the analytics server (100). In one or more embodiments, the query engine (108) is configured to generate the query message (202) using data received over the analytics network (104). In one or more embodiments, the query engine (108) is configured to send and receive messages from devices (e.g., device A (106A), device B (106B), and device N (106N)). In one or more embodiments, the query engine (108) is configured to determine unique anonymous response messages.
[0018] In one or more embodiments of the invention, the telecom server (102) is a computer system or group of computer systems configured to send and receive data to and from the devices (e.g., device A (106A), device B (106B), and device N (106N)) and the analytics server (102) via the analytics network (104). In one or more embodiments, the telecom server (102) is configured to receive a query message (200) from an analytics server (100) via the analytics network (104) and respond with an anonymous response message (300) via the analytics network (104). In one or more embodiments of the invention, the telecom server (102) may implement some or all of the functionality of the devices (e.g., device A (106A), device B (106B), and device N (106N)).
[0019] In one or more embodiments of the invention, each device (e.g. , device A (106 A), device B (106B), and device N (106N)) is a computer system configured to interact with the analytics server (100) and the telecom server (102) over the analytics network (104). Specifically, a device (e.g., device A (106A), device B (106B), and device N (106N)) may be a physical computer system that includes a processor, volatile memory, persistent memory, an output device, and an input device. A device (e.g., device A (106A), device B
(106B), and device N (106N)) may be implemented as a personal computer or computing device operated by a user such as, for example, a smartphone, a laptop computer, a smart television, a smart appliance, a tablet computer, and/or any user device that is capable of interacting over a network connection such as the analytics network (106).
[0020] In one or more embodiments of the invention, each device (e.g., device A (106 A), device B (106B), and device N (106N)) includes a responder (e.g., responder A (110A), responder B (HOB), and responder N (HON)). In one or more embodiments of the invention, a responder (e.g., responder A (110A), responder B (HOB), and responder N (HON)) is a process or group of processes configured to interact with analytics server (100) and telecom server (102). Specifically, a responder (e.g., responder A (11 OA), responder B (HOB), and responder N (HON)) is configured to receive one or more query messages (200) and respond with one or more anonymous response messages (300). In one or more embodiments, a responder (e.g., responder A (1 1 OA), responder B (110B), and responder N (HON)) is configured to generate one or more anonymous response messages (300).
[0021] In one or more embodiments of the invention, each device (e.g., device A (106A), device B (106B), and device N (106N)) includes and a question- device hash generator (e.g., question-device hash generator A (Π2Α), question-device hash generator B (112B), and question-device hash generator N (1 12N)). I one or more embodiments, a question-device hash generator (e.g., question-device hash generator A (112A), question-device hash generator B (112B), and question-device hash generator N (112N)) is a process or group of processes configured to take as input a question ID (202) and a device identifier associated with a device (e.g., device A (106 A), device B (106B), and device N (106N)) and output a question-device hash (306) that is unique to each question ID (202) and device identifier pair.
[0022] In one or more embodiments, a question-device hash generator (e.g., question-device hash generator A (112A), question- device hash generator B (1 12B). and question-device hash generator N (112N)) utilizes a function to take a question ID (202) and a device ID as inputs, and produces a question- device hash (306) as an output. A question-device hash generator (e.g., question-device hash generator A (1 12A), question-device hash generator B (1 12B), and question-device hash generator N (1 12N)) may use any mathematical function well known to one of ordinary skill in the art provided that the results for using two given inputs are the same when used subsequently on the same two inputs, the results for using two different sets of inputs are different when used subsequently on different sets of inputs, and the results are able to be tested for equality. For example, supplying a question ID (202) of "QID-001" and a device ID of "001002003004" to the question-device hash generator results in a question-device hash (306) of "EE6E 3ABC" each time the same input set is used. In this example, changing the device ID input to "002002003004" results in a different question-device hash (306) of "CA99 2D 17." Further, in this example, the results of "EE6E 3 ABC" and "CA99 2D 17" can be compared to test for equality.
[0023] In one or more embodiments, the question-device hash (306) does not disclose a device ID, and keeps the device ID anonymous. For example, given a question-device hash (306) of "CA99 2D 17" in the above example, the analytics server (100) is unable to determine the device ID of "002002003004."
[0024] FIG. 2A shows a data structure for a query message (200) in accordance with one or more embodiments of the invention.
[0025] In one or more embodiments of the invention, a query message (200) is a data structure including fields for question ID (202) and a query (204). One of ordinary skill in the art will appreciate that more fields or fewer fields than
those enumerated above may be included in a query message (200) without departing from aspects of the invention. A query message (200) may be stored as a linked list, stack, queue, associative array, or any other format useful for storing the information contained in the query message (200). Each field of the query message (200) may be stored in data objects, numerical format, string format, or any other format useful for storing the information contained in that particular field.
[0026] In one or more embodiments of the invention, question ID (202) is an alphanumeric identifier associated with a specific query (204). In one or more embodiments, each question ID (202) is unique to a specific query (204), such that a different query (204) will have a different question ID (202). For example, a query (204) of "<client device>" may have a question ID (202) of "QID-001," while a query (204) of "<brands with negative impression>" may have a question ID (202) of "QID-002."
[0027] In one or more embodiments of the invention, query (204) is a representation of a question to present to a user of a device (e.g., device A (106A), device B (106B), and device N (106N)). A query (204) may be a text string, an image, an audiovisual file, or any other manner of conveying information. Example queries (204) include "<client device>," "<brands with negative impression>," and "<app launch time>."
[0028] FIG. 2B shows one or more examples of the query message (200) in one or more embodiments of the invention as described above. In FIG. 2B, each row corresponds to an example query message (200), the value in the first column corresponds to an example question ID (202), and the value in the second column corresponds to an example query (204). For example, a query message (200) may have a question ID (202) of "QID-001" and a query (204) of "<client device>." Additional examples are listed in subsequent rows of FIG. 2B.
[0029] FIG. 3A shows a data structure for an anonymous response message (300) in accordance with one or more embodiments of the invention.
[0030] In one or more embodiments of the invention, an anonymous response message (300) is a data structure including fields for a question ID (202), a query reply (304), and a question-device hash (306). One of ordinary skill in the art will appreciate that more fields or fewer fields than those enumerated above may be included in an anonymous response message (300) without departing from aspects of the invention. An anonymous response message (300) may be stored as a linked list, stack, queue, associative array, or any other format useful for storing the information contained in the an anonymous response message (300). Each field of the anonymous response message (300) may be stored in data objects, numerical format, string format, or any other format useful for storing the information contained in that particular field.
[0031] In one or more embodiments of the invention, the query ID (202) included in the anonymous response message (300) corresponds to the query ID (202) in the query message (200). In one or more embodiments of the invention, the analytics server (100) is configured to correlate an anonymous response message (300) with a query message (200) and a query (204) based on this query ID (202).
[0032] In one or more embodiments of the invention, query reply (304) is a representation of an answer to the query (204) from a user or from a user's device (e.g., device A (106A), device B (106B), and device N (106N)). A query reply (304) may be a text string, as an image, as an audiovisual file, or any other manner of conveying information. Example query replies (304) to the query (204) of "<client device>" include "<ePhone 7>," "<Nova 4>," and "<Foci s7>."
[0033] In one or more embodiments of the invention, question-device hash (306) is a data field representing the result of applying the question-device
hash generator (e.g., question-device hash generator A (112A), question- device hash generator B (112B), and question-device hash generator N (1 12N)) using a question ID (202) and a device identifier as input. In one or more embodiments, the question-device hash (306) is testable for equality, such that two separate question-device hash (306) values can be tested to see if they are equal. Example question-device hash (306) values include "EE6E 3 ABC" and "CA99 2D17."
[0034] FIG. 3B shows one or more examples of the anonymous response message (300) in one or more embodiments of the invention as described above. In FIG. 3B, each row corresponds to an example anonymous response message (300), the value in the first column corresponds to an example question ID (202), the value in the second column corresponds to an example question-device hash (306), and the value in the third column corresponds to an example query reply (304). For example, as depicted in the first non-header row of FIG. 3B, an anonymous response message (300) may have a question ID (202) of "QID-001," a question-device hash (306) of "EE6E 3 ABC," and a query reply (304) of "<ePhone 7x>." As a second example, as depicted in the second non-header row of FIG. 3B, an anonymous response message (300) may have a question ID (202) of "QID-001," a question-device hash (306) of "CA99 2D17," and a query reply (304) of "<Nova 4>." Additional examples are listed in FIG. 3B.
[0035] While FIGs. 1-3B show a configuration of components and/or data structures, other configurations may be used without departing from the scope of the invention. For example, various components and/or data structures may be combined to create a single component. As another example, the functionality performed by a single component and/or data structure may be performed by two or more components and/or data structures.
[0036] FIG. 4 shows a flowchart in accordance with one or more embodiments of the invention. In one or more embodiments of the invention, in STEP 402 a
device receives a query message comprising a question identifier and a query. In one or more embodiments, the question ID corresponds to the query, such that each distinct query has a corresponding distinct question ID. In another embodiment, a question ID may correspond to one or more similar queries (e.g., "client device" and "user device"). For example, the question ID "QID- 001" may correspond to the query "<client device>." In another example, the question ID "QID-002" may correspond to the query "<brands with negative impression>." In one or more embodiments of the invention, the query is received from an analytics server and delivered via an analytics network. In one or more embodiments, the query is generated by the query engine of the analytics server using input from a user. For example, a user of the analytics server may instruct the query engine to generate a query message using the input "app launch time," after which the query engine constructs a query message with question ID "QID-003" and query "<app launch time>" and transmits the query message to a device for receipt via the analytics network. In one or more embodiments of the invention, in STEP 404 the device compares the query to a security profile for the device. In one or more embodiments of the invention, in STEP 406 the device determines, based on the comparing the query to the security profile for the device, if the query is permitted under the security profile. In one or more embodiments of the invention, the determination uses a correspondence between allowed or white- listed question IDs and/or queries and the question ID and/or query contained in the received query message. In one or more embodiments of the invention, the determination uses a correspondence between denied or black-listed question IDs and/or queries and the question ID and/or query contained in the received query message. In one or more embodiments of the invention, the device stores the security profile for the device. In one or more embodiments, the device receives the security profile for the device via the advertising network.
[0038] In one or more embodiments of the invention, if the determination from STEP 406 is that the query is permitted, in STEP 408 the device determines a query reply to the query. In one or more embodiments of the invention, the device determines a query reply using information stored on the device. For example, in response to a query corresponding to the type of client device, the device may determine a query reply using configuration information stored on the client device. In another embodiment of the invention, the device determines a query reply using input from a user solicited in response to a prompt on the screen of the device. For example, in response to a query corresponding to brands with a negative impression from the user, the device may prompt the user to input brands for which the user has a negative impression, and may determine a query reply to the query using the brands input by the user.
[0039] In one or more embodiments of the invention, if the determination from
STEP 406 is that the query is not permitted, in STEP 410 the device sets a query reply to NULL {e.g., the character Ό,' the string "NULL," any value representing an empty results set, etc.).
[0040] In one or more embodiments of the invention, in STEP 412 the device obtains a device identifier for the device. In one or more embodiments, the device obtains a device identifier using information stored on the device. For example, the device may obtain a device identifier using a value stored in local persistent memory or in a locally stored configuration file. In another embodiment, the device obtains a device identifier using information input by the user of the device. In one or more embodiments of the invention, the device identifier is a set of alphanumeric characters that uniquely identifies each device. For example, the device identifier may be a UDID (unique device identifier), MEID (mobile equipment identifier), IMEI (international mobile station equipment identity), IMSI (international mobile subscriber identity), serial number, MAC (media access control) address, or similar.
[0041] In one or more embodiments of the invention, in STEP 414 the device generates a question-device hash using the question identifier and the device identifier. In one or more embodiments of the invention, the question-device hash is generated using the question-device hash generator associated with the device. For example, the question-device hash generator present on the device may generate the question-device hash of "EE6E 3ABC" using the question ID of "QID-001" and a device ID of "001002003004." As another example, the question- device hash generator present on the device may generate the question-device hash of "CA99 2D 17" using the question ID of "QID-001" and a device ID of "002002003004." In one or more embodiments of the invention, the question- device hash generator uses a mathematical function such that two input sets produce the same results if the two input sets are the same, two input sets produce different results if the two input sets are not the same, and results are testable for equality. For example, the device may generate a question-device hash using implementations of the MD5, SHA-0, SHA-1, or SHA-2 hash algorithms with the question identifier and the device identifier as inputs.
[0042] In one or more embodiments of the invention, in STEP 416 the device generates an anonymous response message comprising the question identifier, the query reply, and the question-device hash. In one or more embodiments of the invention, the anonymous response message is generated by the responder on the device. For example, the responder generates an anonymous response message using the question ID of "QID-001," the question-device hash of "EE6E 3 ABC," and the query reply of "<ePhone 7x>."
[0043] In one or more embodiments of the invention, in STEP 418 the device sends the anonymous response message to the analytics server. In one or more embodiments of the invention, the anonymous response message is sent to the analytics server by the responder via the analytics network.
[0044] FIG. 5 shows a flowchart in accordance with one or more embodiments of the invention. In one or more embodiments of the invention, in STEP 502 an analytics server sends a query message to a group of devices. For example, the analytics server may send a query message to device A, device B, and device N. In one or more embodiments, the analytics server sends the query message via the analytics network. In one or more embodiments, the query message comprises a question ID and a query. In one or more embodiments, the question ID corresponds to the query, such that each distinct query has a corresponding distinct question ID. In another embodiment, a question ID may correspond to one or more similar queries (e.g., "client device" and "user device"). For example, the question ID "QID-001" may correspond to the query "<client device>." In another example, the question ID "QID-002" may correspond to the query "<brands with negative impression>." In one or more embodiments, the query is generated by the query engine of the analytics server using input from a user. For example, a user of the analytics server may instruct the query engine to generate a query message using the input "app launch time," and the query engine constructs a query message with question ID "QID-003" and query "<app launch time>" and transfers the query message to a group of devices via the analytics network.
[0045] In one or more embodiments of the invention, in STEP 504 the analytics server receives a plurality of anonymous response messages. In one or more embodiments, the anonymous response messages include a question identifier and a question-device hash generated from the question identifier and a device identifier. In one or more embodiments, the anonymous response message comprises a query reply. In one or more embodiments, the analytics server receives a plurality of anonymous response messages from some or all of the group of devices to which the analytics server sent the query message. In one or more embodiments, the plurality of anonymous response messages is received via the analytics network.
[0046] In one or more embodiments of the invention, in STEP 506 the analytics server determines a number of unique anonymous response messages based on the question-device hash of each of the plurality of anonymous response messages. For example, anonymous response messages that contain duplicate question-device hashes of already received anonymous response messages may be deleted. In one or more embodiments, the analytics server may determine that question-device hashes are unique even though the question- device hashes correspond to the same question ID. For example, two question- device hashes "EE6E 3 ABC" and "C199 2D17" are unique even though the question-device hashes correspond to the same question ID of "QID-001."
[0047] In one or more embodiments of the invention, in STEP 508 the analytics server provides the number of unique response messages to a user. In one or more embodiments, the analytics server provides the query replies associated with the anonymous response messages. In one or more embodiments, the query replies within the unique response messages are displayed to a user via an output device connected to the analytics server. In one or more embodiments, the query replies within the unique response messages are displayed with a corresponding query. For example, the output device connected to the analytics server may display a query "client device" and display associated query replies of "<ePhone 7x>," "<Nova 4>," and "<Foci s7>." In one or more embodiments of the invention, the analytics server provides the number of unique response messages to a user via a network connection, such as the analytics network. In one or more embodiments of the invention, the analytics server provides the number of unique response messages to a user in a processed, aggregated, formatted, and/or abstracted form. For example, the analytics server provides the "ePhone" corresponding to a query reply of "<ePhone 7x>" within a unique anonymous response message. In another example, the analytics server displays "2 ePhones" corresponding to query replies of "<ePhone 7x>" and "<ePhone 5>" within two unique anonymous response messages.
[0048] While the various steps in this flowchart are presented and described sequentially, one of ordinary skill will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel. Furthermore, the steps may be performed actively or passively. For example, some steps may be performed using polling or be interrupt driven in accordance with one or more embodiments of the invention. By way of an example, determination steps may not require a processor to process an instruction unless an interrupt is received to signify that condition exists in accordance with one or more embodiments of the invention. As another example, determination steps may be performed by performing a test, such as checking a data value to test whether the value is consistent with the tested condition in accordance with one or more embodiments of the invention.
[0049] Embodiments of the invention may be implemented on a computing system. Any combination of mobile, desktop, server, embedded, or other types of hardware may be used. For example, as shown in FIG. 6, the computing system (600) may include one or more computer processor(s) (602), associated memory (604) (e.g., random access memory (RAM), cache memory, flash memory, etc.), one or more storage device(s) (606) (e.g., a hard disk, an optical drive such as a compact disk (CD) drive or digital versatile disk (DVD) drive, a flash memory stick, etc.), and numerous other elements and functionalities. The computer processor(s) (602) may be an integrated circuit for processing instructions. For example, the computer processor(s) may be one or more cores, or micro-cores of a processor. The computing system (600) may also include one or more input device(s) (610), such as a touchscreen, keyboard, mouse, microphone, touchpad, electronic pen, or any other type of input device. Further, the computing system (600) may include one or more output device(s) (608), such as a screen (e.g., a liquid crystal display (LCD), a plasma display, touchscreen, cathode ray tube (CRT) monitor, projector, or other display device), a printer, external storage, or any other output device. One or
more of the output device(s) may be the same or different from the input device(s). The computing system (600) may be connected to a network (612) (e.g., a local area network (LAN), a wide area network (WAN) such as the Internet, mobile network, or any other type of network) via a network interface connection (not shown). The input and output device(s) may be locally or remotely (e.g., via the network (612)) connected to the computer processor(s) (602), memory (604), and storage device(s) (606). Many different types of computing systems exist, and the aforementioned input and output device(s) may take other forms.
[0050] Software instructions in the form of computer readable program code to perform embodiments of the invention may be stored, in whole or in part, temporarily or permanently, on a non-transitory computer readable medium such as a CD, DVD, storage device, a diskette, a tape, flash memory, physical memory, or any other computer readable storage medium. Specifically, the software instructions may correspond to computer readable program code that when executed by a processor(s), is configured to perform embodiments of the invention.
[0051] Further, one or more elements of the aforementioned computing system (600) may be located at a remote location and connected to the other elements over a network (612). Further, embodiments of the invention may be implemented on a distributed system having a plurality of nodes, where each portion of the invention may be located on a different node within the distributed system. In one embodiment of the invention, the node corresponds to a distinct computing device. Alternatively, the node may correspond to a computer processor with associated physical memory. The node may alternatively correspond to a computer processor or micro-core of a computer processor with shared memory and/or resources.
[0052] While the invention has been described with respect to a limited number of embodiments, those skilled in the art, having benefit of this disclosure, will
appreciate that other embodiments can be devised which do not depart from the scope of the invention as disclosed herein. Accordingly, the scope of the invention should be limited only by the attached claims.
Claims
Lat is claimed is:
A non-transitory computer readable medium for collecting analytics from devices comprising instructions that, when executed by a processor, perform a method, the method comprising:
receiving, by a device, a query message comprising a question identifier and a query;
determining a query reply to the query;
obtaining a device identifier for the device;
generating a question-device hash using the question identifier and the device identifier;
generating an anonymous response message comprising the question identifier, the query reply, and the question- device hash; and
sending the anonymous response message to the analytics server.
The non-transitory computer readable medium of claim 1, wherein the determining the query reply to the query comprises:
comparing the query to a security profile for the device; and
determining, based on the comparing, that the query is permitted under the security profile.
A method for collecting analytics from devices comprising:
receiving, by a device, a query message comprising a question identifier and a query;
determining a query reply to the query;
obtaining a device identifier for the device;
generating a question- device hash using the question identifier and the device identifier;
generating an anonymous response message comprising the question identifier, the query reply, and the question-device hash; and
sending the anonymous response message to the analytics server.
4. The method of claim 3, further comprising:
comparing the query to a security profile for the device; and
determining, based on the comparing, that the query is permitted under the security profile.
5. A system for collecting analytics from devices comprising:
a processor;
memory; and
a device comprising:
a responder stored in the memory and executing on the processor, configured to:
receive a query message comprising a question identifier and a query,
determine a query reply to the query,
obtain a device identifier for the device,
generate an anonymous response message comprising the question identifier, the query reply, and a question-device hash, and
send the anonymous response message to the analytics server, and
a question-device hash generator stored in the memory and executing on the processor, configured to generate the question-device hash using the question identifier and the device identifier.
6. The system of claim 5, wherein the responder is further configured to:
compare the query to a security profile for the device; and
determine, based on the comparing, that the query is permitted under the security profile.
7. A non-transitory computer readable medium for collecting analytics from devices comprising instructions that, when executed by a processor, perform a method, the method comprising:
sending, to a plurality of devices, a query message comprising a question identifier;
receiving a plurality of anonymous response messages, wherein each of the plurality of anonymous response messages comprises the question identifier and a question-device hash generated from the question identifier and a device identifier;
determining a number of unique anonymous response messages based on the question-device hash of each of the plurality of anonymous response messages; and
providing the number of unique anonymous response messages to a user.
8. A method for collecting analytics from devices comprising:
sending, to a plurality of devices, a query message comprising a question identifier;
receiving a plurality of anonymous response messages, wherein each of the plurality of anonymous response messages comprises the question identifier and a question-device hash generated from the question identifier and a device identifier;
determining a number of unique anonymous response messages based on the question- device hash of each of the plurality of anonymous response messages; and
providing the number of unique anonymous response messages to a user.
9. A system for collecting analytics from devices comprising:
a processor ;
memory; and
an analytics server comprising:
a query engine stored in the memory and executing on the processor, configured to:
send, to a plurality of devices, a query message comprising a question identifier;
receive a plurality of anonymous response messages, wherein each of the plurality of anonymous response messages comprises the question identifier and a question-device hash generated from the question identifier and a device identifier;
determine a number of unique anonymous response messages based on the question-device hash of each of the plurality of anonymous response messages; and
provide the number of unique anonymous response messages to a user.
10. A non-transitory computer readable medium for collecting analytics from devices comprising instructions that, when executed by a processor, perform a method, the method comprising:
receiving, from a device, a first anonymous response message comprising a first question identifier, a first query reply, and a first question-device hash generated from the first question identifier and a device identifier, wherein the device identifier is unreadable from the first anonymous response message;
receiving, from the device, a second anonymous response message comprising a second question identifier, a second query reply, and a second question-device hash generated from the second question identifier and the device identifier, wherein the device identifier is unreadable from the second anonymous response message; and
providing the first anonymous response message and the second anonymous response message to a user.
11. A method for collecting analytics from devices comprising:
receiving, from a device, a first anonymous response message comprising a first question identifier, a first query reply, and a first question-device hash generated from the first question identifier and a device identifier, wherein the device identifier is unreadable from the first anonymous response message;
receiving, from the device, a second anonymous response message comprising a second question identifier, a second query reply, and a second question-device hash generated from the second question identifier and the device identifier, wherein the device identifier is unreadable from the second anonymous response message; and
providing the first anonymous response message and the second anonymous response message to a user.
12. A system for collecting analytics from devices comprising:
a processor;
memory; and
an analytics server comprising:
a query engine stored in the memory and executing on the processor, configured to:
receive, from a device, a first anonymous response message comprising a first question identifier, a first query reply, and a first question- device hash generated from the first question identifier and a device identifier, wherein the device identifier is unreadable from the first anonymous response message;
receive, from the device, a second anonymous response message comprising a second question identifier, a second query reply, and a second question-device hash generated from the second question identifier and the device identifier, wherein the device
identifier is unreadable from the second anonymous response message; and
provide the first anonymous response message and the second anonymous response message to a user.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP15876200.5A EP3241333A4 (en) | 2014-12-29 | 2015-12-29 | Analytics with privacy |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201462097417P | 2014-12-29 | 2014-12-29 | |
US62/097,417 | 2014-12-29 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016109583A1 true WO2016109583A1 (en) | 2016-07-07 |
Family
ID=56285008
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2015/067933 WO2016109583A1 (en) | 2014-12-29 | 2015-12-29 | Analytics with privacy |
Country Status (2)
Country | Link |
---|---|
EP (1) | EP3241333A4 (en) |
WO (1) | WO2016109583A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3358875A1 (en) * | 2017-02-03 | 2018-08-08 | Alcatel Lucent | Method for protecting privacy in data queries |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20060095215A (en) * | 2005-02-28 | 2006-08-31 | 삼성전자주식회사 | System and method for electronic voting using mobile terminal |
KR20080040932A (en) * | 2006-11-06 | 2008-05-09 | 한국전자통신연구원 | Device and method of e-voting using mobile terminal |
KR20080094119A (en) * | 2007-04-13 | 2008-10-23 | 박종운 | System and method for researching customer satisfaction index |
JP2009146113A (en) * | 2007-12-13 | 2009-07-02 | Ueda Seni Kagaku Shinkokai | Marketing information operation processor and its system in university campus and the like |
JP2013211729A (en) * | 2012-03-30 | 2013-10-10 | Panasonic Corp | Multiple dwelling house information system |
-
2015
- 2015-12-29 WO PCT/US2015/067933 patent/WO2016109583A1/en active Application Filing
- 2015-12-29 EP EP15876200.5A patent/EP3241333A4/en not_active Ceased
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20060095215A (en) * | 2005-02-28 | 2006-08-31 | 삼성전자주식회사 | System and method for electronic voting using mobile terminal |
KR20080040932A (en) * | 2006-11-06 | 2008-05-09 | 한국전자통신연구원 | Device and method of e-voting using mobile terminal |
KR20080094119A (en) * | 2007-04-13 | 2008-10-23 | 박종운 | System and method for researching customer satisfaction index |
JP2009146113A (en) * | 2007-12-13 | 2009-07-02 | Ueda Seni Kagaku Shinkokai | Marketing information operation processor and its system in university campus and the like |
JP2013211729A (en) * | 2012-03-30 | 2013-10-10 | Panasonic Corp | Multiple dwelling house information system |
Non-Patent Citations (1)
Title |
---|
See also references of EP3241333A4 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3358875A1 (en) * | 2017-02-03 | 2018-08-08 | Alcatel Lucent | Method for protecting privacy in data queries |
Also Published As
Publication number | Publication date |
---|---|
EP3241333A1 (en) | 2017-11-08 |
EP3241333A4 (en) | 2018-06-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10050899B2 (en) | Data processing method, apparatus, client, server and system | |
US10313319B2 (en) | Efficient use of keystreams | |
US9178707B2 (en) | Policy based signature authentication system and method | |
US10630807B2 (en) | Method and system for loading application- specific interfaces in a social networking application | |
US10887655B2 (en) | Cluster-based collaborative filtering | |
US11212371B2 (en) | Operation request allocation methods, apparatuses, and devices | |
US10455542B2 (en) | Method of synchronizing notification messages for electronic devices and electronic devices | |
US10944655B2 (en) | Data verification based upgrades in time series system | |
US11196554B2 (en) | Default password removal | |
US9654479B2 (en) | Private discovery of electronic devices | |
CN109154968B (en) | System and method for secure and efficient communication within an organization | |
JP2017123140A (en) | Method and apparatus for updating object data in object storage system | |
CN108683668A (en) | Resource checksum method, apparatus, storage medium and equipment in content distributing network | |
US9686277B2 (en) | Unique identification for an information handling system | |
CN108289074B (en) | User account login method and device | |
US9781230B2 (en) | Broadcast-based update management | |
CN107918617B (en) | Data query method and device | |
US11070614B2 (en) | Load balancing method and related apparatus | |
US20210112025A1 (en) | Method and server for processing messages | |
CN104601448A (en) | Method and device for handling virtual card | |
CN109391658B (en) | Account data synchronization method and equipment, storage medium and terminal thereof | |
US10003635B1 (en) | System and method for tracking event occurrences between applications | |
US20170169239A1 (en) | Method for file synchronization, the receiver equipment and systems | |
EP3241333A1 (en) | Analytics with privacy | |
US20180322539A1 (en) | Running client experiments based on server-side user segment data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15876200 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
REEP | Request for entry into the european phase |
Ref document number: 2015876200 Country of ref document: EP |