CLAIMS
`
`1.
`
`A hardware database privacy device, the hardware database privacy device
`
`communicatively coupled to a private database system, and configured to:
`
`receive a request from a client device to perform a query of the private
`
`database system and identifying a level of differential privacy
`
`corresponding to the request, the identified level of differential privacy
`
`comprising privacy parameters a and 6;
`
`identify a set of data stored in the private database system and a set of
`
`operations to be performed on the set of data corresponding to the
`
`requested query;
`
`access the set of data from the private database system;
`
`modify the set of operations based on the identified level of differential
`
`privacy such that a performance of the modified set of operations
`
`produces a result set that is (s,6)—differentially private;
`
`perform the modified set of operations on the accessed set of data to produce
`
`the differentially private result set; and
`
`provide the differentially private result set to the client device for display on a
`
`hardware display of the client device.
`
`2.
`
`The device of claim 1; wherein the set of operations comprises a count operation
`
`on one or more subsets of the set of data; and wherein modifying the set of
`
`operations comprises perturbing results of the count operation on the one or more
`
`subsets by a factor defined by a Laplacian random variable with parameter c1-8:
`
`39
`
`32552/32620/DOCS/3854318.11
`
`
`
`1.
`
`A hardware database privacy device, the hardware database privacy device
`
`communicatively coupled to a private database system, and configured to:
`
`receive a request from a client device to perform a query of the private
`
`database system and identifying a level of differential privacy
`
`corresponding to the request, the identified level of differential privacy
`
`comprising privacy parameters a and 6;
`
`identify a set of data stored in the private database system and a set of
`
`operations to be performed on the set of data corresponding to the
`
`requested query;
`
`access the set of data from the private database system;
`
`modify the set of operations based on the identified level of differential
`
`privacy such that a performance of the modified set of operations
`
`produces a result set that is (s,6)—differentially private;
`
`perform the modified set of operations on the accessed set of data to produce
`
`the differentially private result set; and
`
`provide the differentially private result set to the client device for display on a
`
`hardware display of the client device.
`
`2.
`
`The device of claim 1; wherein the set of operations comprises a count operation
`
`on one or more subsets of the set of data; and wherein modifying the set of
`
`operations comprises perturbing results of the count operation on the one or more
`
`subsets by a factor defined by a Laplacian random variable with parameter c1-8:
`
`39
`
`32552/32620/DOCS/3854318.11
`
`
`
`ch1 '1),E
`
`to produce the differentially private result set, where 01 is a constant.
`
`The device of claim 1, wherein the set of operations comprises a median operation
`
`on elements associated with one or more subsets of the set of data, and wherein
`
`modifying the set of operations comprises perturbing results of the median
`
`operation on the elements by a factor defined by:
`
`C1'5M(U}C2'€)'
`
`
`C(1)
`6
`
`,
`
`to produce the differentially private result set, where c1, 02 are constants, and
`
`SM(U; 628) is a function that computes the smooth sensitivity of the elements with
`
`parameter cm.
`
`The device of claim 3, wherein the set of operations further comprises a mean
`
`operation on the one or more subsets of the set of data, and wherein the elements
`
`associated with the one or more subsets of the set of data are results of the mean
`
`operation on the one or more subsets of the set of data.
`
`The device of claim 3, wherein the set of operations further comprises a variance
`
`operation on the one or more subsets of the set of data, and wherein the elements
`
`associated with the one or more subsets of the set of data are results of the
`
`variance operation on the one or more subsets of the set of data.
`
`40
`
`32552/32620/DOCS/3854318.11
`
`
`
`The device of claim 1, wherein the set of operations comprises an interquartile
`
`range operation on the set of data, and wherein modifying the set of operations
`
`comprises perturbing a result of the interquartile range operation by a factor
`
`defined by:
`
`
`
` ( 1
`
`1+logn
`
`)L(Ce_1)
`
`'
`
`to produce the differentially private result set, where 01 and n are constants.
`
`The device of claim 1, wherein the set of operations comprises 1) identifying a
`
`loss function for the set of data, the loss function comprising a function of a set of
`
`parameters 0 describing correlations in the set of data, and 2) minimizing a
`
`perturbed loss function over the set of parameters 0, and wherein modifying the
`
`set of operations comprises perturbing the loss function by a factor defined by:
`
`4-K2-R5-(log%+e)
`62
`
`T 0
`
`126
`
`to produce the set of parameters 0 that minimize the perturbed loss function as the
`
`differentially private set, where K, R; are constants.
`
`The device of claim 1, wherein the set of operations comprises 1) identifying a
`
`loss function for the set of data, the loss function a function of a set of parameters
`
`0 describing correlations in the set of data, and 2) for each time step, generating
`
`an estimate for the set of parameters 0 that minimize the loss function, and
`
`wherein modifying the set of operations comprises for each time step, perturbing
`
`the estimate for the set of parameters 0 by:
`
`41
`
`32552/32620/DOCS/3854318.11
`
`
`
`cz-nz- logE-logl
`
`WWI (646
`
`)>)
`
`to produce the perturbed estimate of the set of parameters 0 as the differentially
`
`private result set, where m, n, and 01 are constants.
`
`The device of claim 1, wherein each entry in the set of data is labeled with a
`
`category chosen from a set of two or more categories, wherein the set of
`
`operations comprises training a random forest classif1er, the random forest
`
`classif1er comprising a plurality of binary decision trees, a binary decision tree
`
`having one or more leaf nodes each associated with a corresponding subset of
`
`entries in the set of data, and modifying the set of operations comprises for each
`
`leaf node in the plurality of binary decision trees, perturbing relative proportions
`
`of entries labeled with each category by:
`
`E
`L (—l
`log Ntrees
`
`to produce the perturbed leaf nodes as the differentially private result set, where
`
`Ntrmis a constant.
`
`lO.
`
`The device of claim 1, wherein each entry in the set of data is labeled with a
`
`category chosen from a set of two or more categories, and wherein
`
`the set of operations comprises:
`
`receiving a trained classifier and generating an output vector by
`
`applying the classif1er to the entries of the set of data, each element
`
`of the output vector corresponding to a numerical output of the
`
`classif1er for a corresponding entry in the set of data,
`
`42
`
`32552/32620/DOCS/3854318.11
`
`
`
`identifying a threshold value and assigning categories for each of the
`
`elements of the output vector based on a perturbed threshold value;
`
`and
`
`recording counts related to a performance of the classifier, the counts
`
`generated by comparing the assigned categories of the elements of
`
`the output vector to the corresponding label in the set of data, and
`
`modifying the set of operations comprises:
`
`perturbing the threshold value based on the privacy parameter a to
`
`generate the perturbed threshold value; and
`
`perturbing the counts relating to the performance of the classifier
`
`based on the privacy parameter a to produce the perturbed counts
`
`as the differentially private result set.
`
`ll.
`
`A method for implementing differential privacy in a private database system,
`
`comprising:
`
`receiving, by a hardware database privacy device communicatively coupled to
`
`the privacy database system, a request from a client device to perform
`
`a query of the private database system and identifying a level of
`
`differential privacy corresponding to the request, the identified level of
`
`differential privacy comprising privacy parameters a and 6,
`
`identifying, by the hardware database privacy device, a set of data stored in
`
`the private database system and a set of operations to be performed on
`
`the set of data corresponding to the requested query,
`
`43
`
`32552/32620/DOCS/3854318.11
`
`
`
`accessing, by the hardware database privacy device, the set of data from the
`
`private database system;
`
`modifying, by the hardware database privacy device, the set of operations
`
`based on the identified level of differential privacy such that a
`
`performance of the modified set of operations produces a result set that
`
`is (s,6)—differentially private,
`
`performing, by the hardware database privacy device, the modified set of
`
`operations on the accessed set of data to produce the differentially
`
`private result set, and
`
`providing, by the hardware database privacy device, the differentially private
`
`result set to the client device for display on a hardware display of the
`
`client device.
`
`12.
`
`The method of claim 11, wherein the set of operations comprises a count
`
`operation on one or more subsets of the set of data, and wherein modifying the set
`
`of operations comprises perturbing results of the count operation on the one or
`
`more subsets by a factor defined by a Laplacian random variable with parameter
`
`01‘83
`
`Ma '1),E
`
`to produce the differentially private result set, where 01 is a constant.
`
`44
`
`32552/32620/DOCS/3854318.ll
`
`
`
`l3.
`
`The method of claim 11, wherein the set of operations comprises a median
`
`operation on elements associated with one or more subsets of the set of data, and
`
`wherein modifying the set of operations comprises perturbing results of the
`
`median operation on the elements by a factor defined by:
`
`C(1)
`C1'5M(U}C2 '€)'—€
`
`,
`
`to produce the differentially private result set, where c1, 02 are constants, and
`
`SM(U; 628) is a function that computes the smooth sensitivity of the elements with
`
`parameter 628.
`
`14.
`
`The method of claim 13, wherein the set of operations further comprises a mean
`
`operation on the one or more subsets of the set of data, and wherein the elements
`
`associated with the one or more subsets of the set of data are results of the mean
`
`operation on the one or more subsets of the set of data.
`
`15.
`
`The method of claim 13, wherein the set of operations further comprises a
`
`variance operation on the one or more subsets of the set of data, and wherein the
`
`elements associated with the one or more subsets of the set of data are results of
`
`the variance operation on the one or more sub sets of the set of data.
`
`16.
`
`The method of claim 11, wherein the set of operations comprises an interquartile
`
`range operation on the set of data, and wherein modifying the set of operations
`
`comprises perturbing a result of the interquartile range operation by a factor
`
`defined by:
`
`45
`
`32552/32620/DOCS/3854318.11
`
`
`
` 1
`(1+log n)
`
`4%)
`
`'
`
`to produce the differentially private result set, where 01 and n are constants.
`
`17.
`
`The method of claim 11, wherein the set of operations comprises 1) identifying a
`
`loss function for the set of data, the loss function comprising a function of a set of
`
`parameters 0 describing correlations in the set of data, and 2) minimizing a
`
`perturbed loss function over the set of parameters 0, and wherein modifying the
`
`set of operations comprises perturbing the loss function by a factor defined by:
`
`4-K2-Rfi-(log%+e)
`62
`
`T 0
`
`126
`
`to produce the set of parameters 0 that minimize the perturbed loss function as the
`
`differentially private set, where K, R2 are constants.
`
`18.
`
`The method of claim 11, wherein the set of operations comprises 1) identifying a
`
`loss function for the set of data, the loss function a function of a set of parameters
`
`0 describing correlations in the set of data, and 2) for each time step, generating
`
`an estimate for the set of parameters 0 that minimize the loss function, and
`
`wherein modifying the set of operations comprises for each time step, perturbing
`
`the estimate for the set of parameters 0 by:
`
`cz-nz- logfl- log1
`
`,7, . v (G (#)>
`
`to produce the perturbed estimate of the set of parameters 0 as the differentially
`
`private result set, where m, n, and 01 are constants.
`
`46
`
`32552/32620/DOCS/3854318.11
`
`
`
`19.
`
`The method of claim 11, wherein each entry in the set of data is labeled with a
`
`category chosen from a set of two or more categories, wherein the set of
`
`operations comprises training a random forest classifier, the random forest
`
`classifier comprising a plurality of binary decision trees, a binary decision tree
`
`having one or more leaf nodes each associated with a corresponding subset of
`
`entries in the set of data, and modifying the set of operations comprises for each
`
`leaf node in the plurality of binary decision trees, perturbing relative proportions
`
`of entries labeled with each category by:
`
`E
`L (—l
`log Ntrees
`
`to produce the perturbed leaf nodes as the differentially private result set, where
`
`Ntmsis a constant.
`
`20.
`
`The method of claim 11, wherein each entry in the set of data is labeled with a
`
`category chosen from a set of two or more categories, and wherein
`
`the set of operations comprises:
`
`receiving a trained classifier and generating an output vector by
`
`applying the classifier to the entries of the set of data, each element
`
`of the output vector corresponding to a numerical output of the
`
`classifier for a corresponding entry in the set of data,
`
`identifying a threshold value and assigning categories for each of the
`
`elements of the output vector based on a perturbed threshold value,
`
`and
`
`47
`
`32552/32620/DOCS/3854318.11
`
`
`
`recording counts related to a performance of the classifier, the counts
`
`generated by comparing the assigned categories of the elements of
`
`the output vector to the corresponding label in the set of data, and
`
`modifying the set of operations comprises:
`
`perturbing the threshold value based on the privacy parameter a to
`
`generate the perturbed threshold value; and
`
`perturbing the counts relating to the performance of the classifier
`
`based on the privacy parameter a to produce the perturbed counts
`
`as the differentially private result set.
`
`48
`
`32552/32620/DOCS/3854318.11
`
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
