WO2016109583A1 - Analytics with privacy - Google Patents

Analytics with privacy Download PDF

Info

Publication number
WO2016109583A1
WO2016109583A1 PCT/US2015/067933 US2015067933W WO2016109583A1 WO 2016109583 A1 WO2016109583 A1 WO 2016109583A1 US 2015067933 W US2015067933 W US 2015067933W WO 2016109583 A1 WO2016109583 A1 WO 2016109583A1
Authority
WO
WIPO (PCT)
Prior art keywords
question
query
identifier
anonymous response
response message
Prior art date
Application number
PCT/US2015/067933
Other languages
French (fr)
Inventor
Ahmed Essam NAIEM
Original Assignee
F16Apps, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by F16Apps, Inc. filed Critical F16Apps, Inc.
Priority to EP15876200.5A priority Critical patent/EP3241333A4/en
Publication of WO2016109583A1 publication Critical patent/WO2016109583A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2453Query optimisation
    • G06F16/24534Query rewriting; Transformation
    • G06F16/24547Optimisations to support specific applications; Extensibility of optimisers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/957Browsing optimisation, e.g. caching or content distillation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification

Definitions

  • analytics of data may result in the discovery of useful information. Further, analytics and extrapolation of data may allow drawing of conclusions regarding data sets. When capturing data for analytics, extraneous data may be transmitted, which may result in inefficient data transfer over networks. Further, sensitive data may be collected when capturing data for analytics, which may result in concerns of privacy.
  • embodiments relate to a method for collecting analytics from devices.
  • the method includes receiving a query message comprising a question identifier and a query by a device.
  • the method further includes determining a query reply to the query.
  • the method further includes obtaining a device identifier for the device.
  • the method further includes generating a question-device hash using the question identifier and the device identifier.
  • the method further includes generating an anonymous response message comprising the question identifier, the query reply, and the question- device hash.
  • the method further includes sending the anonymous response message to the analytics server.
  • inventions relate to a system for collecting analytics from devices.
  • the system includes a processor, a memory executable by the processor, and a device including a responder and a question- device hash generator.
  • the memory includes functionality for receiving a query message comprising a question identifier and a query.
  • the memory further includes functionality for determining a query reply to the query.
  • the memory further includes functionality for obtaining a device identifier for the device.
  • the memory further includes functionality for generating the question-device i hash using the question identifier and the device identifier.
  • the memory further includes functionality for generating an anonymous response message comprising the question identifier, the query reply, and a question-device hash.
  • the memory further includes functionality for sending the anonymous response message to the analytics server.
  • embodiments relate to a non-transitory computer readable medium (CRM) storing various instructions for collecting analytics from devices.
  • the instructions include functionality for receiving a query message comprising a question identifier and a query by a device.
  • the instructions further include functionality for determining a query reply to the query.
  • the instructions further include functionality for obtaining a device identifier for the device.
  • the instructions further include functionality for generating a question- device hash using the question identifier and the device identifier.
  • the instructions further include functionality for generating an anonymous response message comprising the question identifier, the query reply, and the question-device hash.
  • the instructions further include functionality for sending the anonymous response message to the analytics server.
  • FIG. 1 shows one or more computing systems in accordance with one or more embodiments of the invention.
  • FIGs 2A and 2B show schematic drawings in accordance with one or more embodiments of the invention.
  • FIGs 3A and 3B show schematic drawings in accordance with one or more embodiments of the invention.
  • FIGs. 4 and 5 show flowcharts in accordance with one or more embodiments of the invention.
  • FIG. 6 shows a computing system in accordance with one or more embodiments of the invention.
  • ordinal numbers e.g., first, second, third, etc.
  • an element i.e., any noun in the application.
  • the use of ordinal numbers is not to imply or create any particular ordering of the elements nor to limit any element to being only a single element unless expressly disclosed, such as by the use of the terms "before,” “after,” “single,” and other such terminology. Rather, the use of ordinal numbers is to distinguish between the elements.
  • a first element is distinct from a second element, and the first element may encompass more than one element and succeed (or precede) the second element in an ordering of elements.
  • embodiments of the invention relate to a computer readable medium (CRM), method, and system for collecting analytics from mobile devices, including receiving, by a device, a query message comprising a question identifier and a query, determining a query reply to the query, obtaining a device identifier for the device, generating a question-device hash using the question identifier and the device identifier, generating an anonymous response message comprising the question identifier, the query reply, and the question-device hash, and sending the anonymous response message to the analytics server.
  • the CRM, method, and system further includes comparing the query to a security profile for the device and determining, based on the comparing, that the query is permitted under the security profile.
  • the CRM, method, and system for collecting analytics from mobile devices also includes sending, to a plurality of devices, a query message comprising a question identifier, receiving a plurality of anonymous response messages, wherein each of the plurality of anonymous response messages comprises the question identifier and a question-device hash generated from the question identifier and a device identifier, determining a number of unique anonymous response messages based on the question-device hash of each of the plurality of anonymous response messages, and providing the number of unique anonymous response messages to a user.
  • the CRM, method, and system further includes receiving, from a device, a first anonymous response message comprising a first question identifier, a first query reply, and a first question- device hash generated from the first question identifier and a device identifier, wherein the device identifier is unreadable from the first anonymous response message, receiving, from the device, a second anonymous response message comprising a second question identifier, a second query reply, and a second question-device hash generated from the second question identifier and the device identifier, wherein the device identifier is unreadable from the second anonymous response message, and providing the first anonymous response message and the second anonymous response message to a user.
  • the analytics server (100) comprises a query engine (108).
  • the devices e.g., device A (106A), device B (106B), and device N (106N)
  • the devices comprise a responder (e.g., responder A (1 10A), responder B (HOB), and responder N (HON)) and a question-device hash generator (e.g., question-device hash generator A (112A), question- device hash generator B (1 12B), and question-device hash generator N (1 12N)).
  • the analytics server (100), telecom server (102), and devices are connected via an analytics network (104) (e.g., a local area network (LAN), a wide area network (WAN) such as the Internet, mobile network, or any other type of network).
  • the analytics server (100), telecom server (102), and devices e.g., device A (106A), device B (106B), and device N (106N)
  • the analytics server (100), telecom server (102), and/or devices may also be implemented on the same or different specialized computer systems of the type found and described in relation to FIG. 6.
  • the analytics server (100) is a computer system or group of computer systems configured to provide analytics related to a user response.
  • the analytics server (100) may also be configured to send a query message (200) to the devices (e.g., device A (106A), device B (106B), and device N (106N)).
  • the analytics server (100) may also be configured to receive an anonymous response message (300) from the devices (e.g., device A (106A), device B (106B), and device N (106N)).
  • the analytics server (100) may also be configured to provide anonymous response messages to one or more users.
  • the analytics server (100) may also be configured to receive one or more queries from a user.
  • the analytics server (100) and the telecom server (102) are implemented in the same server.
  • the analytics server (100) and telecom server (102) are connected via an analytics network (104).
  • the analytics server (100) comprises a query engine (108).
  • the query engine (108) is a computer system, group of computer systems, or software process configured to generate a query message (200), including the question ID (202) and the query (204).
  • the query engine (108) is configured to generate the query message (202) using input from a user submitted via an input device connected to the analytics server (100).
  • the query engine (108) is configured to generate the query message (202) using data received over the analytics network (104).
  • the query engine (108) is configured to send and receive messages from devices (e.g., device A (106A), device B (106B), and device N (106N)).
  • the query engine (108) is configured to determine unique anonymous response messages.
  • the telecom server (102) is a computer system or group of computer systems configured to send and receive data to and from the devices (e.g., device A (106A), device B (106B), and device N (106N)) and the analytics server (102) via the analytics network (104).
  • the telecom server (102) is configured to receive a query message (200) from an analytics server (100) via the analytics network (104) and respond with an anonymous response message (300) via the analytics network (104).
  • the telecom server (102) may implement some or all of the functionality of the devices (e.g., device A (106A), device B (106B), and device N (106N)).
  • each device e.g. , device A (106 A), device B (106B), and device N (106N)
  • a device e.g., device A (106A), device B (106B), and device N (106N)
  • a device may be a physical computer system that includes a processor, volatile memory, persistent memory, an output device, and an input device.
  • a device may be implemented as a personal computer or computing device operated by a user such as, for example, a smartphone, a laptop computer, a smart television, a smart appliance, a tablet computer, and/or any user device that is capable of interacting over a network connection such as the analytics network (106).
  • a user such as, for example, a smartphone, a laptop computer, a smart television, a smart appliance, a tablet computer, and/or any user device that is capable of interacting over a network connection such as the analytics network (106).
  • each device e.g., device A (106 A), device B (106B), and device N (106N)
  • a responder e.g., responder A (110A), responder B (HOB), and responder N (HON)
  • a responder is a process or group of processes configured to interact with analytics server (100) and telecom server (102).
  • a responder e.g., responder A (11 OA), responder B (HOB), and responder N (HON)
  • a responder is configured to receive one or more query messages (200) and respond with one or more anonymous response messages (300).
  • a responder e.g., responder A (1 1 OA), responder B (110B), and responder N (HON)
  • each device e.g., device A (106A), device B (106B), and device N (106N)
  • a question- device hash generator e.g., question-device hash generator A ( ⁇ 2 ⁇ ), question-device hash generator B (112B), and question-device hash generator N (1 12N)
  • a question-device hash generator (e.g., question-device hash generator A (112A), question-device hash generator B (112B), and question-device hash generator N (112N)) is a process or group of processes configured to take as input a question ID (202) and a device identifier associated with a device (e.g., device A (106 A), device B (106B), and device N (106N)) and output a question-device hash (306) that is unique to each question ID (202) and device identifier pair.
  • a question-device hash generator (e.g., question-device hash generator A (112A), question- device hash generator B (1 12B). and question-device hash generator N (112N)) utilizes a function to take a question ID (202) and a device ID as inputs, and produces a question- device hash (306) as an output.
  • a question-device hash generator (e.g., question-device hash generator A (1 12A), question-device hash generator B (1 12B), and question-device hash generator N (1 12N)) may use any mathematical function well known to one of ordinary skill in the art provided that the results for using two given inputs are the same when used subsequently on the same two inputs, the results for using two different sets of inputs are different when used subsequently on different sets of inputs, and the results are able to be tested for equality.
  • supplying a question ID (202) of "QID-001" and a device ID of "001002003004" to the question-device hash generator results in a question-device hash (306) of "EE6E 3ABC” each time the same input set is used.
  • changing the device ID input to "002002003004" results in a different question-device hash (306) of "CA99 2D 17.”
  • the results of "EE6E 3 ABC” and "CA99 2D 17" can be compared to test for equality.
  • the question-device hash (306) does not disclose a device ID, and keeps the device ID anonymous. For example, given a question-device hash (306) of "CA99 2D 17" in the above example, the analytics server (100) is unable to determine the device ID of "002002003004.”
  • FIG. 2A shows a data structure for a query message (200) in accordance with one or more embodiments of the invention.
  • a query message (200) is a data structure including fields for question ID (202) and a query (204).
  • a query message (200) may be stored as a linked list, stack, queue, associative array, or any other format useful for storing the information contained in the query message (200).
  • Each field of the query message (200) may be stored in data objects, numerical format, string format, or any other format useful for storing the information contained in that particular field.
  • question ID (202) is an alphanumeric identifier associated with a specific query (204).
  • each question ID (202) is unique to a specific query (204), such that a different query (204) will have a different question ID (202).
  • a query (204) of " ⁇ client device>” may have a question ID (202) of "QID-001,” while a query (204) of " ⁇ brands with negative impression>” may have a question ID (202) of "QID-002.”
  • query (204) is a representation of a question to present to a user of a device (e.g., device A (106A), device B (106B), and device N (106N)).
  • a query (204) may be a text string, an image, an audiovisual file, or any other manner of conveying information.
  • Example queries (204) include " ⁇ client device>,” “ ⁇ brands with negative impression>,” and " ⁇ app launch time>.”
  • FIG. 2B shows one or more examples of the query message (200) in one or more embodiments of the invention as described above.
  • each row corresponds to an example query message (200)
  • the value in the first column corresponds to an example question ID (202)
  • the value in the second column corresponds to an example query (204).
  • a query message (200) may have a question ID (202) of "QID-001" and a query (204) of " ⁇ client device>.” Additional examples are listed in subsequent rows of FIG. 2B.
  • FIG. 3A shows a data structure for an anonymous response message (300) in accordance with one or more embodiments of the invention.
  • an anonymous response message (300) is a data structure including fields for a question ID (202), a query reply (304), and a question-device hash (306).
  • An anonymous response message (300) may be stored as a linked list, stack, queue, associative array, or any other format useful for storing the information contained in the an anonymous response message (300).
  • Each field of the anonymous response message (300) may be stored in data objects, numerical format, string format, or any other format useful for storing the information contained in that particular field.
  • the query ID (202) included in the anonymous response message (300) corresponds to the query ID (202) in the query message (200).
  • the analytics server (100) is configured to correlate an anonymous response message (300) with a query message (200) and a query (204) based on this query ID (202).
  • query reply (304) is a representation of an answer to the query (204) from a user or from a user's device (e.g., device A (106A), device B (106B), and device N (106N)).
  • a query reply (304) may be a text string, as an image, as an audiovisual file, or any other manner of conveying information.
  • Example query replies (304) to the query (204) of " ⁇ client device>” include " ⁇ ePhone 7>,” “ ⁇ Nova 4>,” and " ⁇ Foci s7>.”
  • question-device hash (306) is a data field representing the result of applying the question-device hash generator (e.g., question-device hash generator A (112A), question- device hash generator B (112B), and question-device hash generator N (1 12N)) using a question ID (202) and a device identifier as input.
  • the question-device hash (306) is testable for equality, such that two separate question-device hash (306) values can be tested to see if they are equal.
  • Example question-device hash (306) values include "EE6E 3 ABC" and "CA99 2D17.”
  • FIG. 3B shows one or more examples of the anonymous response message (300) in one or more embodiments of the invention as described above.
  • each row corresponds to an example anonymous response message (300)
  • the value in the first column corresponds to an example question ID (202)
  • the value in the second column corresponds to an example question-device hash (306)
  • the value in the third column corresponds to an example query reply (304).
  • an anonymous response message (300) may have a question ID (202) of "QID-001,” a question-device hash (306) of “EE6E 3 ABC,” and a query reply (304) of " ⁇ ePhone 7x>.”
  • an anonymous response message (300) may have a question ID (202) of "QID-001,” a question-device hash (306) of "CA99 2D17,” and a query reply (304) of " ⁇ Nova 4>.” Additional examples are listed in FIG. 3B.
  • FIGs. 1-3B show a configuration of components and/or data structures
  • other configurations may be used without departing from the scope of the invention.
  • various components and/or data structures may be combined to create a single component.
  • the functionality performed by a single component and/or data structure may be performed by two or more components and/or data structures.
  • FIG. 4 shows a flowchart in accordance with one or more embodiments of the invention.
  • a device receives a query message comprising a question identifier and a query.
  • the question ID corresponds to the query, such that each distinct query has a corresponding distinct question ID.
  • a question ID may correspond to one or more similar queries (e.g., "client device” and "user device”).
  • the question ID "QID- 001" may correspond to the query " ⁇ client device>.”
  • the question ID "QID-002" may correspond to the query " ⁇ brands with negative impression>.”
  • the query is received from an analytics server and delivered via an analytics network.
  • the query is generated by the query engine of the analytics server using input from a user.
  • a user of the analytics server may instruct the query engine to generate a query message using the input "app launch time,” after which the query engine constructs a query message with question ID "QID-003" and query " ⁇ app launch time>” and transmits the query message to a device for receipt via the analytics network.
  • the device compares the query to a security profile for the device. In one or more embodiments of the invention, in STEP 406 the device determines, based on the comparing the query to the security profile for the device, if the query is permitted under the security profile. In one or more embodiments of the invention, the determination uses a correspondence between allowed or white- listed question IDs and/or queries and the question ID and/or query contained in the received query message. In one or more embodiments of the invention, the determination uses a correspondence between denied or black-listed question IDs and/or queries and the question ID and/or query contained in the received query message. In one or more embodiments of the invention, the device stores the security profile for the device.
  • the device receives the security profile for the device via the advertising network.
  • the device determines a query reply to the query.
  • the device determines a query reply using information stored on the device. For example, in response to a query corresponding to the type of client device, the device may determine a query reply using configuration information stored on the client device.
  • the device determines a query reply using input from a user solicited in response to a prompt on the screen of the device. For example, in response to a query corresponding to brands with a negative impression from the user, the device may prompt the user to input brands for which the user has a negative impression, and may determine a query reply to the query using the brands input by the user.
  • STEP 406 is that the query is not permitted, in STEP 410 the device sets a query reply to NULL ⁇ e.g., the character ⁇ ,' the string "NULL,” any value representing an empty results set, etc.).
  • NULL e.g., the character ⁇ ,' the string "NULL,” any value representing an empty results set, etc.
  • the device in STEP 412 the device obtains a device identifier for the device.
  • the device obtains a device identifier using information stored on the device.
  • the device may obtain a device identifier using a value stored in local persistent memory or in a locally stored configuration file.
  • the device obtains a device identifier using information input by the user of the device.
  • the device identifier is a set of alphanumeric characters that uniquely identifies each device.
  • the device identifier may be a UDID (unique device identifier), MEID (mobile equipment identifier), IMEI (international mobile station equipment identity), IMSI (international mobile subscriber identity), serial number, MAC (media access control) address, or similar.
  • the device in STEP 414 the device generates a question-device hash using the question identifier and the device identifier.
  • the question-device hash is generated using the question-device hash generator associated with the device.
  • the question-device hash generator present on the device may generate the question-device hash of "EE6E 3ABC” using the question ID of "QID-001" and a device ID of "001002003004.”
  • the question- device hash generator present on the device may generate the question-device hash of "CA99 2D 17" using the question ID of "QID-001” and a device ID of "002002003004.”
  • the question- device hash generator uses a mathematical function such that two input sets produce the same results if the two input sets are the same, two input sets produce different results if the two input sets are not the same, and results are testable for equality.
  • the device may generate a question-device hash using implementations of the MD5, SHA-0, SHA-1, or SHA-2 hash algorithms with the question identifier and the device identifier as inputs.
  • the device in STEP 416 the device generates an anonymous response message comprising the question identifier, the query reply, and the question-device hash.
  • the anonymous response message is generated by the responder on the device. For example, the responder generates an anonymous response message using the question ID of "QID-001," the question-device hash of "EE6E 3 ABC,” and the query reply of " ⁇ ePhone 7x>.”
  • FIG. 5 shows a flowchart in accordance with one or more embodiments of the invention.
  • an analytics server sends a query message to a group of devices.
  • the analytics server may send a query message to device A, device B, and device N.
  • the analytics server sends the query message via the analytics network.
  • the query message comprises a question ID and a query.
  • the question ID corresponds to the query, such that each distinct query has a corresponding distinct question ID.
  • a question ID may correspond to one or more similar queries (e.g., "client device” and "user device”).
  • the question ID "QID-001” may correspond to the query “ ⁇ client device>.”
  • the question ID "QID-002” may correspond to the query " ⁇ brands with negative impression>.”
  • the query is generated by the query engine of the analytics server using input from a user.
  • a user of the analytics server may instruct the query engine to generate a query message using the input "app launch time,” and the query engine constructs a query message with question ID "QID-003" and query " ⁇ app launch time>” and transfers the query message to a group of devices via the analytics network.
  • the analytics server receives a plurality of anonymous response messages.
  • the anonymous response messages include a question identifier and a question-device hash generated from the question identifier and a device identifier.
  • the anonymous response message comprises a query reply.
  • the analytics server receives a plurality of anonymous response messages from some or all of the group of devices to which the analytics server sent the query message.
  • the plurality of anonymous response messages is received via the analytics network.
  • the analytics server determines a number of unique anonymous response messages based on the question-device hash of each of the plurality of anonymous response messages. For example, anonymous response messages that contain duplicate question-device hashes of already received anonymous response messages may be deleted. In one or more embodiments, the analytics server may determine that question-device hashes are unique even though the question- device hashes correspond to the same question ID. For example, two question- device hashes "EE6E 3 ABC" and "C199 2D17" are unique even though the question-device hashes correspond to the same question ID of "QID-001.”
  • the analytics server provides the number of unique response messages to a user.
  • the analytics server provides the query replies associated with the anonymous response messages.
  • the query replies within the unique response messages are displayed to a user via an output device connected to the analytics server.
  • the query replies within the unique response messages are displayed with a corresponding query.
  • the output device connected to the analytics server may display a query "client device” and display associated query replies of " ⁇ ePhone 7x>,” “ ⁇ Nova 4>,” and " ⁇ Foci s7>.”
  • the analytics server provides the number of unique response messages to a user via a network connection, such as the analytics network.
  • the analytics server provides the number of unique response messages to a user in a processed, aggregated, formatted, and/or abstracted form. For example, the analytics server provides the "ePhone" corresponding to a query reply of " ⁇ ePhone 7x>" within a unique anonymous response message.
  • the analytics server displays "2 ePhones" corresponding to query replies of " ⁇ ePhone 7x>" and " ⁇ ePhone 5>" within two unique anonymous response messages.
  • determination steps may not require a processor to process an instruction unless an interrupt is received to signify that condition exists in accordance with one or more embodiments of the invention.
  • determination steps may be performed by performing a test, such as checking a data value to test whether the value is consistent with the tested condition in accordance with one or more embodiments of the invention.
  • Embodiments of the invention may be implemented on a computing system. Any combination of mobile, desktop, server, embedded, or other types of hardware may be used.
  • the computing system (600) may include one or more computer processor(s) (602), associated memory (604) (e.g., random access memory (RAM), cache memory, flash memory, etc.), one or more storage device(s) (606) (e.g., a hard disk, an optical drive such as a compact disk (CD) drive or digital versatile disk (DVD) drive, a flash memory stick, etc.), and numerous other elements and functionalities.
  • the computer processor(s) (602) may be an integrated circuit for processing instructions.
  • the computer processor(s) may be one or more cores, or micro-cores of a processor.
  • the computing system (600) may also include one or more input device(s) (610), such as a touchscreen, keyboard, mouse, microphone, touchpad, electronic pen, or any other type of input device.
  • the computing system (600) may include one or more output device(s) (608), such as a screen (e.g., a liquid crystal display (LCD), a plasma display, touchscreen, cathode ray tube (CRT) monitor, projector, or other display device), a printer, external storage, or any other output device.
  • a screen e.g., a liquid crystal display (LCD), a plasma display, touchscreen, cathode ray tube (CRT) monitor, projector, or other display device
  • a printer external storage, or any other output device.
  • One or more of the output device(s) may be the same or different from the input device(s).
  • the computing system (600) may be connected to a network (612) (e.g., a local area network (LAN), a wide area network (WAN) such as the Internet, mobile network, or any other type of network) via a network interface connection (not shown).
  • the input and output device(s) may be locally or remotely (e.g., via the network (612)) connected to the computer processor(s) (602), memory (604), and storage device(s) (606).
  • LAN local area network
  • WAN wide area network
  • the input and output device(s) may be locally or remotely (e.g., via the network (612)) connected to the computer processor(s) (602), memory (604), and storage device(s) (606).
  • Software instructions in the form of computer readable program code to perform embodiments of the invention may be stored, in whole or in part, temporarily or permanently, on a non-transitory computer readable medium such as a CD, DVD, storage device, a diskette, a tape, flash memory, physical memory, or any other computer readable storage medium.
  • the software instructions may correspond to computer readable program code that when executed by a processor(s), is configured to perform embodiments of the invention.
  • one or more elements of the aforementioned computing system (600) may be located at a remote location and connected to the other elements over a network (612).
  • embodiments of the invention may be implemented on a distributed system having a plurality of nodes, where each portion of the invention may be located on a different node within the distributed system.
  • the node corresponds to a distinct computing device.
  • the node may correspond to a computer processor with associated physical memory.
  • the node may alternatively correspond to a computer processor or micro-core of a computer processor with shared memory and/or resources.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Medical Informatics (AREA)
  • Software Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

A method involves collecting analytics from mobile devices. The method may include receiving, by a device, a query message comprising a question identifier and a query, determining a query reply to the query, obtaining a device identifier for the device, generating a question-device hash using the question identifier and the device identifier, generating an anonymous response message comprising the question identifier, the query reply, and the question-device hash, and sending the anonymous response message to the analytics server.

Description

ANALYTICS WITH PRIVACY
BACKGROUND
[0001] In general, analytics of data may result in the discovery of useful information. Further, analytics and extrapolation of data may allow drawing of conclusions regarding data sets. When capturing data for analytics, extraneous data may be transmitted, which may result in inefficient data transfer over networks. Further, sensitive data may be collected when capturing data for analytics, which may result in concerns of privacy.
SUMMARY
[0002] In general, in one aspect, embodiments relate to a method for collecting analytics from devices. The method includes receiving a query message comprising a question identifier and a query by a device. The method further includes determining a query reply to the query. The method further includes obtaining a device identifier for the device. The method further includes generating a question-device hash using the question identifier and the device identifier. The method further includes generating an anonymous response message comprising the question identifier, the query reply, and the question- device hash. The method further includes sending the anonymous response message to the analytics server.
[0003] In general, in one aspect, embodiments relate to a system for collecting analytics from devices. The system includes a processor, a memory executable by the processor, and a device including a responder and a question- device hash generator. The memory includes functionality for receiving a query message comprising a question identifier and a query. The memory further includes functionality for determining a query reply to the query. The memory further includes functionality for obtaining a device identifier for the device. The memory further includes functionality for generating the question-device i hash using the question identifier and the device identifier. The memory further includes functionality for generating an anonymous response message comprising the question identifier, the query reply, and a question-device hash. The memory further includes functionality for sending the anonymous response message to the analytics server.
[0004] In general, in one aspect, embodiments relate to a non-transitory computer readable medium (CRM) storing various instructions for collecting analytics from devices. The instructions include functionality for receiving a query message comprising a question identifier and a query by a device. The instructions further include functionality for determining a query reply to the query. The instructions further include functionality for obtaining a device identifier for the device. The instructions further include functionality for generating a question- device hash using the question identifier and the device identifier. The instructions further include functionality for generating an anonymous response message comprising the question identifier, the query reply, and the question-device hash. The instructions further include functionality for sending the anonymous response message to the analytics server.
[0005] Other aspects of the invention will be apparent from the following description and the appended claims.
BRIEF DESCRIPTION OF DRAWINGS
[0006] FIG. 1 shows one or more computing systems in accordance with one or more embodiments of the invention.
[0007] FIGs 2A and 2B show schematic drawings in accordance with one or more embodiments of the invention.
[0008] FIGs 3A and 3B show schematic drawings in accordance with one or more embodiments of the invention. [0009] FIGs. 4 and 5 show flowcharts in accordance with one or more embodiments of the invention.
[0010] FIG. 6 shows a computing system in accordance with one or more embodiments of the invention.
DETAILED DESCRIPTION
[0011] Specific embodiments of the invention will now be described in detail with reference to the accompanying figures. Like elements in the various figures are denoted by like reference numerals for consistency.
[0012] In the following detailed description of embodiments of the invention, numerous specific details are set forth in order to provide a more thorough understanding of the invention. However, it will be apparent to one of ordinary skill in the art that the invention may be practiced without these specific details. In other instances, well-known features have not been described in detail to avoid unnecessarily complicating the description.
[0013] Throughout the application, ordinal numbers (e.g., first, second, third, etc.) may be used as an adjective for an element (i.e., any noun in the application). The use of ordinal numbers is not to imply or create any particular ordering of the elements nor to limit any element to being only a single element unless expressly disclosed, such as by the use of the terms "before," "after," "single," and other such terminology. Rather, the use of ordinal numbers is to distinguish between the elements. By way of an example, a first element is distinct from a second element, and the first element may encompass more than one element and succeed (or precede) the second element in an ordering of elements.
[0014] In general, embodiments of the invention relate to a computer readable medium (CRM), method, and system for collecting analytics from mobile devices, including receiving, by a device, a query message comprising a question identifier and a query, determining a query reply to the query, obtaining a device identifier for the device, generating a question-device hash using the question identifier and the device identifier, generating an anonymous response message comprising the question identifier, the query reply, and the question-device hash, and sending the anonymous response message to the analytics server. The CRM, method, and system further includes comparing the query to a security profile for the device and determining, based on the comparing, that the query is permitted under the security profile. The CRM, method, and system for collecting analytics from mobile devices also includes sending, to a plurality of devices, a query message comprising a question identifier, receiving a plurality of anonymous response messages, wherein each of the plurality of anonymous response messages comprises the question identifier and a question-device hash generated from the question identifier and a device identifier, determining a number of unique anonymous response messages based on the question-device hash of each of the plurality of anonymous response messages, and providing the number of unique anonymous response messages to a user. The CRM, method, and system further includes receiving, from a device, a first anonymous response message comprising a first question identifier, a first query reply, and a first question- device hash generated from the first question identifier and a device identifier, wherein the device identifier is unreadable from the first anonymous response message, receiving, from the device, a second anonymous response message comprising a second question identifier, a second query reply, and a second question-device hash generated from the second question identifier and the device identifier, wherein the device identifier is unreadable from the second anonymous response message, and providing the first anonymous response message and the second anonymous response message to a user. m one or more embodiments, FIG. 1 shows an analytics server (100), a telecom server (102), an analytics network (104), and devices (e.g., device A (106A), device B (106B), and device N (106N)). The analytics server (100) comprises a query engine (108). The devices (e.g., device A (106A), device B (106B), and device N (106N)) comprise a responder (e.g., responder A (1 10A), responder B (HOB), and responder N (HON)) and a question-device hash generator (e.g., question-device hash generator A (112A), question- device hash generator B (1 12B), and question-device hash generator N (1 12N)). In one or more embodiments, the analytics server (100), telecom server (102), and devices (e.g. , device A (106A), device B (106B), and device N (106N)) are connected via an analytics network (104) (e.g., a local area network (LAN), a wide area network (WAN) such as the Internet, mobile network, or any other type of network). The analytics server (100), telecom server (102), and devices (e.g., device A (106A), device B (106B), and device N (106N)) may take the form of a specialized computer system of the type found and described in relation to FIG. 6. The analytics server (100), telecom server (102), and/or devices (e.g., device A (106A), device B (106B), and device N (106N)) may also be implemented on the same or different specialized computer systems of the type found and described in relation to FIG. 6. In one or more embodiments of the invention, the analytics server (100) is a computer system or group of computer systems configured to provide analytics related to a user response. Specifically, the analytics server (100) may also be configured to send a query message (200) to the devices (e.g., device A (106A), device B (106B), and device N (106N)). The analytics server (100) may also be configured to receive an anonymous response message (300) from the devices (e.g., device A (106A), device B (106B), and device N (106N)). The analytics server (100) may also be configured to provide anonymous response messages to one or more users. The analytics server (100) may also be configured to receive one or more queries from a user. In one embodiment of the invention, the analytics server (100) and the telecom server (102) are implemented in the same server. In another embodiment of the invention, the analytics server (100) and telecom server (102) are connected via an analytics network (104). [0017] In one or more embodiments, the analytics server (100) comprises a query engine (108). The query engine (108) is a computer system, group of computer systems, or software process configured to generate a query message (200), including the question ID (202) and the query (204). In one or more embodiments, the query engine (108) is configured to generate the query message (202) using input from a user submitted via an input device connected to the analytics server (100). In one or more embodiments, the query engine (108) is configured to generate the query message (202) using data received over the analytics network (104). In one or more embodiments, the query engine (108) is configured to send and receive messages from devices (e.g., device A (106A), device B (106B), and device N (106N)). In one or more embodiments, the query engine (108) is configured to determine unique anonymous response messages.
[0018] In one or more embodiments of the invention, the telecom server (102) is a computer system or group of computer systems configured to send and receive data to and from the devices (e.g., device A (106A), device B (106B), and device N (106N)) and the analytics server (102) via the analytics network (104). In one or more embodiments, the telecom server (102) is configured to receive a query message (200) from an analytics server (100) via the analytics network (104) and respond with an anonymous response message (300) via the analytics network (104). In one or more embodiments of the invention, the telecom server (102) may implement some or all of the functionality of the devices (e.g., device A (106A), device B (106B), and device N (106N)).
[0019] In one or more embodiments of the invention, each device (e.g. , device A (106 A), device B (106B), and device N (106N)) is a computer system configured to interact with the analytics server (100) and the telecom server (102) over the analytics network (104). Specifically, a device (e.g., device A (106A), device B (106B), and device N (106N)) may be a physical computer system that includes a processor, volatile memory, persistent memory, an output device, and an input device. A device (e.g., device A (106A), device B (106B), and device N (106N)) may be implemented as a personal computer or computing device operated by a user such as, for example, a smartphone, a laptop computer, a smart television, a smart appliance, a tablet computer, and/or any user device that is capable of interacting over a network connection such as the analytics network (106).
[0020] In one or more embodiments of the invention, each device (e.g., device A (106 A), device B (106B), and device N (106N)) includes a responder (e.g., responder A (110A), responder B (HOB), and responder N (HON)). In one or more embodiments of the invention, a responder (e.g., responder A (110A), responder B (HOB), and responder N (HON)) is a process or group of processes configured to interact with analytics server (100) and telecom server (102). Specifically, a responder (e.g., responder A (11 OA), responder B (HOB), and responder N (HON)) is configured to receive one or more query messages (200) and respond with one or more anonymous response messages (300). In one or more embodiments, a responder (e.g., responder A (1 1 OA), responder B (110B), and responder N (HON)) is configured to generate one or more anonymous response messages (300).
[0021] In one or more embodiments of the invention, each device (e.g., device A (106A), device B (106B), and device N (106N)) includes and a question- device hash generator (e.g., question-device hash generator A (Π2Α), question-device hash generator B (112B), and question-device hash generator N (1 12N)). I one or more embodiments, a question-device hash generator (e.g., question-device hash generator A (112A), question-device hash generator B (112B), and question-device hash generator N (112N)) is a process or group of processes configured to take as input a question ID (202) and a device identifier associated with a device (e.g., device A (106 A), device B (106B), and device N (106N)) and output a question-device hash (306) that is unique to each question ID (202) and device identifier pair. [0022] In one or more embodiments, a question-device hash generator (e.g., question-device hash generator A (112A), question- device hash generator B (1 12B). and question-device hash generator N (112N)) utilizes a function to take a question ID (202) and a device ID as inputs, and produces a question- device hash (306) as an output. A question-device hash generator (e.g., question-device hash generator A (1 12A), question-device hash generator B (1 12B), and question-device hash generator N (1 12N)) may use any mathematical function well known to one of ordinary skill in the art provided that the results for using two given inputs are the same when used subsequently on the same two inputs, the results for using two different sets of inputs are different when used subsequently on different sets of inputs, and the results are able to be tested for equality. For example, supplying a question ID (202) of "QID-001" and a device ID of "001002003004" to the question-device hash generator results in a question-device hash (306) of "EE6E 3ABC" each time the same input set is used. In this example, changing the device ID input to "002002003004" results in a different question-device hash (306) of "CA99 2D 17." Further, in this example, the results of "EE6E 3 ABC" and "CA99 2D 17" can be compared to test for equality.
[0023] In one or more embodiments, the question-device hash (306) does not disclose a device ID, and keeps the device ID anonymous. For example, given a question-device hash (306) of "CA99 2D 17" in the above example, the analytics server (100) is unable to determine the device ID of "002002003004."
[0024] FIG. 2A shows a data structure for a query message (200) in accordance with one or more embodiments of the invention.
[0025] In one or more embodiments of the invention, a query message (200) is a data structure including fields for question ID (202) and a query (204). One of ordinary skill in the art will appreciate that more fields or fewer fields than those enumerated above may be included in a query message (200) without departing from aspects of the invention. A query message (200) may be stored as a linked list, stack, queue, associative array, or any other format useful for storing the information contained in the query message (200). Each field of the query message (200) may be stored in data objects, numerical format, string format, or any other format useful for storing the information contained in that particular field.
[0026] In one or more embodiments of the invention, question ID (202) is an alphanumeric identifier associated with a specific query (204). In one or more embodiments, each question ID (202) is unique to a specific query (204), such that a different query (204) will have a different question ID (202). For example, a query (204) of "<client device>" may have a question ID (202) of "QID-001," while a query (204) of "<brands with negative impression>" may have a question ID (202) of "QID-002."
[0027] In one or more embodiments of the invention, query (204) is a representation of a question to present to a user of a device (e.g., device A (106A), device B (106B), and device N (106N)). A query (204) may be a text string, an image, an audiovisual file, or any other manner of conveying information. Example queries (204) include "<client device>," "<brands with negative impression>," and "<app launch time>."
[0028] FIG. 2B shows one or more examples of the query message (200) in one or more embodiments of the invention as described above. In FIG. 2B, each row corresponds to an example query message (200), the value in the first column corresponds to an example question ID (202), and the value in the second column corresponds to an example query (204). For example, a query message (200) may have a question ID (202) of "QID-001" and a query (204) of "<client device>." Additional examples are listed in subsequent rows of FIG. 2B. [0029] FIG. 3A shows a data structure for an anonymous response message (300) in accordance with one or more embodiments of the invention.
[0030] In one or more embodiments of the invention, an anonymous response message (300) is a data structure including fields for a question ID (202), a query reply (304), and a question-device hash (306). One of ordinary skill in the art will appreciate that more fields or fewer fields than those enumerated above may be included in an anonymous response message (300) without departing from aspects of the invention. An anonymous response message (300) may be stored as a linked list, stack, queue, associative array, or any other format useful for storing the information contained in the an anonymous response message (300). Each field of the anonymous response message (300) may be stored in data objects, numerical format, string format, or any other format useful for storing the information contained in that particular field.
[0031] In one or more embodiments of the invention, the query ID (202) included in the anonymous response message (300) corresponds to the query ID (202) in the query message (200). In one or more embodiments of the invention, the analytics server (100) is configured to correlate an anonymous response message (300) with a query message (200) and a query (204) based on this query ID (202).
[0032] In one or more embodiments of the invention, query reply (304) is a representation of an answer to the query (204) from a user or from a user's device (e.g., device A (106A), device B (106B), and device N (106N)). A query reply (304) may be a text string, as an image, as an audiovisual file, or any other manner of conveying information. Example query replies (304) to the query (204) of "<client device>" include "<ePhone 7>," "<Nova 4>," and "<Foci s7>."
[0033] In one or more embodiments of the invention, question-device hash (306) is a data field representing the result of applying the question-device hash generator (e.g., question-device hash generator A (112A), question- device hash generator B (112B), and question-device hash generator N (1 12N)) using a question ID (202) and a device identifier as input. In one or more embodiments, the question-device hash (306) is testable for equality, such that two separate question-device hash (306) values can be tested to see if they are equal. Example question-device hash (306) values include "EE6E 3 ABC" and "CA99 2D17."
[0034] FIG. 3B shows one or more examples of the anonymous response message (300) in one or more embodiments of the invention as described above. In FIG. 3B, each row corresponds to an example anonymous response message (300), the value in the first column corresponds to an example question ID (202), the value in the second column corresponds to an example question-device hash (306), and the value in the third column corresponds to an example query reply (304). For example, as depicted in the first non-header row of FIG. 3B, an anonymous response message (300) may have a question ID (202) of "QID-001," a question-device hash (306) of "EE6E 3 ABC," and a query reply (304) of "<ePhone 7x>." As a second example, as depicted in the second non-header row of FIG. 3B, an anonymous response message (300) may have a question ID (202) of "QID-001," a question-device hash (306) of "CA99 2D17," and a query reply (304) of "<Nova 4>." Additional examples are listed in FIG. 3B.
[0035] While FIGs. 1-3B show a configuration of components and/or data structures, other configurations may be used without departing from the scope of the invention. For example, various components and/or data structures may be combined to create a single component. As another example, the functionality performed by a single component and/or data structure may be performed by two or more components and/or data structures.
[0036] FIG. 4 shows a flowchart in accordance with one or more embodiments of the invention. In one or more embodiments of the invention, in STEP 402 a device receives a query message comprising a question identifier and a query. In one or more embodiments, the question ID corresponds to the query, such that each distinct query has a corresponding distinct question ID. In another embodiment, a question ID may correspond to one or more similar queries (e.g., "client device" and "user device"). For example, the question ID "QID- 001" may correspond to the query "<client device>." In another example, the question ID "QID-002" may correspond to the query "<brands with negative impression>." In one or more embodiments of the invention, the query is received from an analytics server and delivered via an analytics network. In one or more embodiments, the query is generated by the query engine of the analytics server using input from a user. For example, a user of the analytics server may instruct the query engine to generate a query message using the input "app launch time," after which the query engine constructs a query message with question ID "QID-003" and query "<app launch time>" and transmits the query message to a device for receipt via the analytics network. In one or more embodiments of the invention, in STEP 404 the device compares the query to a security profile for the device. In one or more embodiments of the invention, in STEP 406 the device determines, based on the comparing the query to the security profile for the device, if the query is permitted under the security profile. In one or more embodiments of the invention, the determination uses a correspondence between allowed or white- listed question IDs and/or queries and the question ID and/or query contained in the received query message. In one or more embodiments of the invention, the determination uses a correspondence between denied or black-listed question IDs and/or queries and the question ID and/or query contained in the received query message. In one or more embodiments of the invention, the device stores the security profile for the device. In one or more embodiments, the device receives the security profile for the device via the advertising network. [0038] In one or more embodiments of the invention, if the determination from STEP 406 is that the query is permitted, in STEP 408 the device determines a query reply to the query. In one or more embodiments of the invention, the device determines a query reply using information stored on the device. For example, in response to a query corresponding to the type of client device, the device may determine a query reply using configuration information stored on the client device. In another embodiment of the invention, the device determines a query reply using input from a user solicited in response to a prompt on the screen of the device. For example, in response to a query corresponding to brands with a negative impression from the user, the device may prompt the user to input brands for which the user has a negative impression, and may determine a query reply to the query using the brands input by the user.
[0039] In one or more embodiments of the invention, if the determination from
STEP 406 is that the query is not permitted, in STEP 410 the device sets a query reply to NULL {e.g., the character Ό,' the string "NULL," any value representing an empty results set, etc.).
[0040] In one or more embodiments of the invention, in STEP 412 the device obtains a device identifier for the device. In one or more embodiments, the device obtains a device identifier using information stored on the device. For example, the device may obtain a device identifier using a value stored in local persistent memory or in a locally stored configuration file. In another embodiment, the device obtains a device identifier using information input by the user of the device. In one or more embodiments of the invention, the device identifier is a set of alphanumeric characters that uniquely identifies each device. For example, the device identifier may be a UDID (unique device identifier), MEID (mobile equipment identifier), IMEI (international mobile station equipment identity), IMSI (international mobile subscriber identity), serial number, MAC (media access control) address, or similar. [0041] In one or more embodiments of the invention, in STEP 414 the device generates a question-device hash using the question identifier and the device identifier. In one or more embodiments of the invention, the question-device hash is generated using the question-device hash generator associated with the device. For example, the question-device hash generator present on the device may generate the question-device hash of "EE6E 3ABC" using the question ID of "QID-001" and a device ID of "001002003004." As another example, the question- device hash generator present on the device may generate the question-device hash of "CA99 2D 17" using the question ID of "QID-001" and a device ID of "002002003004." In one or more embodiments of the invention, the question- device hash generator uses a mathematical function such that two input sets produce the same results if the two input sets are the same, two input sets produce different results if the two input sets are not the same, and results are testable for equality. For example, the device may generate a question-device hash using implementations of the MD5, SHA-0, SHA-1, or SHA-2 hash algorithms with the question identifier and the device identifier as inputs.
[0042] In one or more embodiments of the invention, in STEP 416 the device generates an anonymous response message comprising the question identifier, the query reply, and the question-device hash. In one or more embodiments of the invention, the anonymous response message is generated by the responder on the device. For example, the responder generates an anonymous response message using the question ID of "QID-001," the question-device hash of "EE6E 3 ABC," and the query reply of "<ePhone 7x>."
[0043] In one or more embodiments of the invention, in STEP 418 the device sends the anonymous response message to the analytics server. In one or more embodiments of the invention, the anonymous response message is sent to the analytics server by the responder via the analytics network. [0044] FIG. 5 shows a flowchart in accordance with one or more embodiments of the invention. In one or more embodiments of the invention, in STEP 502 an analytics server sends a query message to a group of devices. For example, the analytics server may send a query message to device A, device B, and device N. In one or more embodiments, the analytics server sends the query message via the analytics network. In one or more embodiments, the query message comprises a question ID and a query. In one or more embodiments, the question ID corresponds to the query, such that each distinct query has a corresponding distinct question ID. In another embodiment, a question ID may correspond to one or more similar queries (e.g., "client device" and "user device"). For example, the question ID "QID-001" may correspond to the query "<client device>." In another example, the question ID "QID-002" may correspond to the query "<brands with negative impression>." In one or more embodiments, the query is generated by the query engine of the analytics server using input from a user. For example, a user of the analytics server may instruct the query engine to generate a query message using the input "app launch time," and the query engine constructs a query message with question ID "QID-003" and query "<app launch time>" and transfers the query message to a group of devices via the analytics network.
[0045] In one or more embodiments of the invention, in STEP 504 the analytics server receives a plurality of anonymous response messages. In one or more embodiments, the anonymous response messages include a question identifier and a question-device hash generated from the question identifier and a device identifier. In one or more embodiments, the anonymous response message comprises a query reply. In one or more embodiments, the analytics server receives a plurality of anonymous response messages from some or all of the group of devices to which the analytics server sent the query message. In one or more embodiments, the plurality of anonymous response messages is received via the analytics network. [0046] In one or more embodiments of the invention, in STEP 506 the analytics server determines a number of unique anonymous response messages based on the question-device hash of each of the plurality of anonymous response messages. For example, anonymous response messages that contain duplicate question-device hashes of already received anonymous response messages may be deleted. In one or more embodiments, the analytics server may determine that question-device hashes are unique even though the question- device hashes correspond to the same question ID. For example, two question- device hashes "EE6E 3 ABC" and "C199 2D17" are unique even though the question-device hashes correspond to the same question ID of "QID-001."
[0047] In one or more embodiments of the invention, in STEP 508 the analytics server provides the number of unique response messages to a user. In one or more embodiments, the analytics server provides the query replies associated with the anonymous response messages. In one or more embodiments, the query replies within the unique response messages are displayed to a user via an output device connected to the analytics server. In one or more embodiments, the query replies within the unique response messages are displayed with a corresponding query. For example, the output device connected to the analytics server may display a query "client device" and display associated query replies of "<ePhone 7x>," "<Nova 4>," and "<Foci s7>." In one or more embodiments of the invention, the analytics server provides the number of unique response messages to a user via a network connection, such as the analytics network. In one or more embodiments of the invention, the analytics server provides the number of unique response messages to a user in a processed, aggregated, formatted, and/or abstracted form. For example, the analytics server provides the "ePhone" corresponding to a query reply of "<ePhone 7x>" within a unique anonymous response message. In another example, the analytics server displays "2 ePhones" corresponding to query replies of "<ePhone 7x>" and "<ePhone 5>" within two unique anonymous response messages. [0048] While the various steps in this flowchart are presented and described sequentially, one of ordinary skill will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel. Furthermore, the steps may be performed actively or passively. For example, some steps may be performed using polling or be interrupt driven in accordance with one or more embodiments of the invention. By way of an example, determination steps may not require a processor to process an instruction unless an interrupt is received to signify that condition exists in accordance with one or more embodiments of the invention. As another example, determination steps may be performed by performing a test, such as checking a data value to test whether the value is consistent with the tested condition in accordance with one or more embodiments of the invention.
[0049] Embodiments of the invention may be implemented on a computing system. Any combination of mobile, desktop, server, embedded, or other types of hardware may be used. For example, as shown in FIG. 6, the computing system (600) may include one or more computer processor(s) (602), associated memory (604) (e.g., random access memory (RAM), cache memory, flash memory, etc.), one or more storage device(s) (606) (e.g., a hard disk, an optical drive such as a compact disk (CD) drive or digital versatile disk (DVD) drive, a flash memory stick, etc.), and numerous other elements and functionalities. The computer processor(s) (602) may be an integrated circuit for processing instructions. For example, the computer processor(s) may be one or more cores, or micro-cores of a processor. The computing system (600) may also include one or more input device(s) (610), such as a touchscreen, keyboard, mouse, microphone, touchpad, electronic pen, or any other type of input device. Further, the computing system (600) may include one or more output device(s) (608), such as a screen (e.g., a liquid crystal display (LCD), a plasma display, touchscreen, cathode ray tube (CRT) monitor, projector, or other display device), a printer, external storage, or any other output device. One or more of the output device(s) may be the same or different from the input device(s). The computing system (600) may be connected to a network (612) (e.g., a local area network (LAN), a wide area network (WAN) such as the Internet, mobile network, or any other type of network) via a network interface connection (not shown). The input and output device(s) may be locally or remotely (e.g., via the network (612)) connected to the computer processor(s) (602), memory (604), and storage device(s) (606). Many different types of computing systems exist, and the aforementioned input and output device(s) may take other forms.
[0050] Software instructions in the form of computer readable program code to perform embodiments of the invention may be stored, in whole or in part, temporarily or permanently, on a non-transitory computer readable medium such as a CD, DVD, storage device, a diskette, a tape, flash memory, physical memory, or any other computer readable storage medium. Specifically, the software instructions may correspond to computer readable program code that when executed by a processor(s), is configured to perform embodiments of the invention.
[0051] Further, one or more elements of the aforementioned computing system (600) may be located at a remote location and connected to the other elements over a network (612). Further, embodiments of the invention may be implemented on a distributed system having a plurality of nodes, where each portion of the invention may be located on a different node within the distributed system. In one embodiment of the invention, the node corresponds to a distinct computing device. Alternatively, the node may correspond to a computer processor with associated physical memory. The node may alternatively correspond to a computer processor or micro-core of a computer processor with shared memory and/or resources.
[0052] While the invention has been described with respect to a limited number of embodiments, those skilled in the art, having benefit of this disclosure, will appreciate that other embodiments can be devised which do not depart from the scope of the invention as disclosed herein. Accordingly, the scope of the invention should be limited only by the attached claims.

Claims

Lat is claimed is:
A non-transitory computer readable medium for collecting analytics from devices comprising instructions that, when executed by a processor, perform a method, the method comprising:
receiving, by a device, a query message comprising a question identifier and a query;
determining a query reply to the query;
obtaining a device identifier for the device;
generating a question-device hash using the question identifier and the device identifier;
generating an anonymous response message comprising the question identifier, the query reply, and the question- device hash; and
sending the anonymous response message to the analytics server.
The non-transitory computer readable medium of claim 1, wherein the determining the query reply to the query comprises:
comparing the query to a security profile for the device; and
determining, based on the comparing, that the query is permitted under the security profile.
A method for collecting analytics from devices comprising:
receiving, by a device, a query message comprising a question identifier and a query;
determining a query reply to the query;
obtaining a device identifier for the device;
generating a question- device hash using the question identifier and the device identifier;
generating an anonymous response message comprising the question identifier, the query reply, and the question-device hash; and sending the anonymous response message to the analytics server.
4. The method of claim 3, further comprising:
comparing the query to a security profile for the device; and
determining, based on the comparing, that the query is permitted under the security profile.
5. A system for collecting analytics from devices comprising:
a processor;
memory; and
a device comprising:
a responder stored in the memory and executing on the processor, configured to:
receive a query message comprising a question identifier and a query,
determine a query reply to the query,
obtain a device identifier for the device,
generate an anonymous response message comprising the question identifier, the query reply, and a question-device hash, and
send the anonymous response message to the analytics server, and
a question-device hash generator stored in the memory and executing on the processor, configured to generate the question-device hash using the question identifier and the device identifier.
6. The system of claim 5, wherein the responder is further configured to:
compare the query to a security profile for the device; and
determine, based on the comparing, that the query is permitted under the security profile.
7. A non-transitory computer readable medium for collecting analytics from devices comprising instructions that, when executed by a processor, perform a method, the method comprising:
sending, to a plurality of devices, a query message comprising a question identifier;
receiving a plurality of anonymous response messages, wherein each of the plurality of anonymous response messages comprises the question identifier and a question-device hash generated from the question identifier and a device identifier;
determining a number of unique anonymous response messages based on the question-device hash of each of the plurality of anonymous response messages; and
providing the number of unique anonymous response messages to a user.
8. A method for collecting analytics from devices comprising:
sending, to a plurality of devices, a query message comprising a question identifier;
receiving a plurality of anonymous response messages, wherein each of the plurality of anonymous response messages comprises the question identifier and a question-device hash generated from the question identifier and a device identifier;
determining a number of unique anonymous response messages based on the question- device hash of each of the plurality of anonymous response messages; and
providing the number of unique anonymous response messages to a user.
9. A system for collecting analytics from devices comprising:
a processor ;
memory; and
an analytics server comprising: a query engine stored in the memory and executing on the processor, configured to:
send, to a plurality of devices, a query message comprising a question identifier;
receive a plurality of anonymous response messages, wherein each of the plurality of anonymous response messages comprises the question identifier and a question-device hash generated from the question identifier and a device identifier;
determine a number of unique anonymous response messages based on the question-device hash of each of the plurality of anonymous response messages; and
provide the number of unique anonymous response messages to a user.
10. A non-transitory computer readable medium for collecting analytics from devices comprising instructions that, when executed by a processor, perform a method, the method comprising:
receiving, from a device, a first anonymous response message comprising a first question identifier, a first query reply, and a first question-device hash generated from the first question identifier and a device identifier, wherein the device identifier is unreadable from the first anonymous response message;
receiving, from the device, a second anonymous response message comprising a second question identifier, a second query reply, and a second question-device hash generated from the second question identifier and the device identifier, wherein the device identifier is unreadable from the second anonymous response message; and
providing the first anonymous response message and the second anonymous response message to a user.
11. A method for collecting analytics from devices comprising:
receiving, from a device, a first anonymous response message comprising a first question identifier, a first query reply, and a first question-device hash generated from the first question identifier and a device identifier, wherein the device identifier is unreadable from the first anonymous response message;
receiving, from the device, a second anonymous response message comprising a second question identifier, a second query reply, and a second question-device hash generated from the second question identifier and the device identifier, wherein the device identifier is unreadable from the second anonymous response message; and
providing the first anonymous response message and the second anonymous response message to a user.
12. A system for collecting analytics from devices comprising:
a processor;
memory; and
an analytics server comprising:
a query engine stored in the memory and executing on the processor, configured to:
receive, from a device, a first anonymous response message comprising a first question identifier, a first query reply, and a first question- device hash generated from the first question identifier and a device identifier, wherein the device identifier is unreadable from the first anonymous response message;
receive, from the device, a second anonymous response message comprising a second question identifier, a second query reply, and a second question-device hash generated from the second question identifier and the device identifier, wherein the device identifier is unreadable from the second anonymous response message; and
provide the first anonymous response message and the second anonymous response message to a user.
PCT/US2015/067933 2014-12-29 2015-12-29 Analytics with privacy WO2016109583A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP15876200.5A EP3241333A4 (en) 2014-12-29 2015-12-29 Analytics with privacy

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201462097417P 2014-12-29 2014-12-29
US62/097,417 2014-12-29

Publications (1)

Publication Number Publication Date
WO2016109583A1 true WO2016109583A1 (en) 2016-07-07

Family

ID=56285008

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2015/067933 WO2016109583A1 (en) 2014-12-29 2015-12-29 Analytics with privacy

Country Status (2)

Country Link
EP (1) EP3241333A4 (en)
WO (1) WO2016109583A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3358875A1 (en) * 2017-02-03 2018-08-08 Alcatel Lucent Method for protecting privacy in data queries

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060095215A (en) * 2005-02-28 2006-08-31 삼성전자주식회사 System and method for electronic voting using mobile terminal
KR20080040932A (en) * 2006-11-06 2008-05-09 한국전자통신연구원 Device and method of e-voting using mobile terminal
KR20080094119A (en) * 2007-04-13 2008-10-23 박종운 System and method for researching customer satisfaction index
JP2009146113A (en) * 2007-12-13 2009-07-02 Ueda Seni Kagaku Shinkokai Marketing information operation processor and its system in university campus and the like
JP2013211729A (en) * 2012-03-30 2013-10-10 Panasonic Corp Multiple dwelling house information system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060095215A (en) * 2005-02-28 2006-08-31 삼성전자주식회사 System and method for electronic voting using mobile terminal
KR20080040932A (en) * 2006-11-06 2008-05-09 한국전자통신연구원 Device and method of e-voting using mobile terminal
KR20080094119A (en) * 2007-04-13 2008-10-23 박종운 System and method for researching customer satisfaction index
JP2009146113A (en) * 2007-12-13 2009-07-02 Ueda Seni Kagaku Shinkokai Marketing information operation processor and its system in university campus and the like
JP2013211729A (en) * 2012-03-30 2013-10-10 Panasonic Corp Multiple dwelling house information system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3241333A4 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3358875A1 (en) * 2017-02-03 2018-08-08 Alcatel Lucent Method for protecting privacy in data queries

Also Published As

Publication number Publication date
EP3241333A1 (en) 2017-11-08
EP3241333A4 (en) 2018-06-06

Similar Documents

Publication Publication Date Title
US10050899B2 (en) Data processing method, apparatus, client, server and system
US10313319B2 (en) Efficient use of keystreams
US9178707B2 (en) Policy based signature authentication system and method
US10630807B2 (en) Method and system for loading application- specific interfaces in a social networking application
US10887655B2 (en) Cluster-based collaborative filtering
US11212371B2 (en) Operation request allocation methods, apparatuses, and devices
US10455542B2 (en) Method of synchronizing notification messages for electronic devices and electronic devices
US10944655B2 (en) Data verification based upgrades in time series system
US11196554B2 (en) Default password removal
US9654479B2 (en) Private discovery of electronic devices
CN109154968B (en) System and method for secure and efficient communication within an organization
JP2017123140A (en) Method and apparatus for updating object data in object storage system
CN108683668A (en) Resource checksum method, apparatus, storage medium and equipment in content distributing network
US9686277B2 (en) Unique identification for an information handling system
CN108289074B (en) User account login method and device
US9781230B2 (en) Broadcast-based update management
CN107918617B (en) Data query method and device
US11070614B2 (en) Load balancing method and related apparatus
US20210112025A1 (en) Method and server for processing messages
CN104601448A (en) Method and device for handling virtual card
CN109391658B (en) Account data synchronization method and equipment, storage medium and terminal thereof
US10003635B1 (en) System and method for tracking event occurrences between applications
US20170169239A1 (en) Method for file synchronization, the receiver equipment and systems
EP3241333A1 (en) Analytics with privacy
US20180322539A1 (en) Running client experiments based on server-side user segment data

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15876200

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

REEP Request for entry into the european phase

Ref document number: 2015876200

Country of ref document: EP