Search

CN-121986339-A - Apparatus and method for providing privacy preserving user data for a recommender system

CN121986339ACN 121986339 ACN121986339 ACN 121986339ACN-121986339-A

Abstract

A client device (120) is disclosed, the client device (120) being for using a service, in particular a recommendation service, provided by a server (140) based on user data (120 d) associated with a user of the client device (120). The client device (120) is configured to apply a first local differential privacy (local DIFFERENTIAL PRIVACY, LDP) mechanism to the user data (120 d) to obtain privacy-preserving user data, the first LDP mechanism being a randomly selected-based LDP mechanism, and a second LDP mechanism being a LDP mechanism for adding noise to input data of the LDP mechanism. Furthermore, the client device (120) is configured to transmit the privacy preserving user data to the server (140).

Inventors

  • Ahmed Frikar
  • JIANG XUE
  • Ricardo Mendes
  • ZHOU XUEBING

Assignees

  • 华为技术有限公司

Dates

Publication Date
20260505
Application Date
20230921

Claims (18)

  1. 1. A client device (120), characterized in that the client device (120) is adapted to use a service provided by a server (140) based on user data (120 d; 124) associated with a user of the client device (120), the client device (120) being adapted to: -applying a first local differential privacy, LDP, mechanism (122) and a second LDP mechanism (126) to said user data (120 d; 124) to obtain privacy-protected user data (130), said first LDP mechanism (122) being a randomly selected based LDP mechanism (122), said second LDP mechanism (126) being a LDP mechanism (126) for adding noise to input data of said LDP mechanism (126); -transmitting the privacy preserving user data (130) to the server (140).
  2. 2. The client device (120) of claim 1, wherein the server (140) is a recommendation server (140), the client device (120) being configured to receive one or more recommendations (145) based on the privacy-preserving user data (130) from the recommendation server (140) in response to transmitting the privacy-preserving user data (130) to the recommendation server (140).
  3. 3. The client device (120) of claim 2, wherein the client device (120) comprises a display for displaying the one or more recommendations (145) received from the recommendation server (140).
  4. 4. The client device (120) according to any of the preceding claims, wherein to apply the first LPD mechanism (122) and the second LDP mechanism (126) to the user data (120 d; 124), the client device (120) is configured to first apply the first LDP mechanism (122) to the user data (120 d; 124) and then to apply the second LDP mechanism (126) to the output of the first LDP mechanism (122) to obtain the privacy-preserving user data (130).
  5. 5. A client device (120) according to any of claims 1-3, characterized in that, in order to apply the first LPD mechanism (122) and the second LDP mechanism (126) to the user data (120 d), the client device (120) is configured to first apply the second LDP mechanism (126) to the user data (120 d; 124) and then to apply the first LDP mechanism (122) to the output of the second LDP mechanism (126) to obtain the privacy-preserving user data (130).
  6. 6. The client device (120) according to any of the preceding claims, wherein the randomly selected LDP-based mechanism (122) is used to output the user data (120 d) or randomly sampled generic user data with a defined probability.
  7. 7. The client device (120) of claim 6, wherein the randomly selected LDP mechanism (122) is a generalized random response, GRR, mechanism (122).
  8. 8. The client device (120) of any of the preceding claims, wherein the second LDP mechanism (126) for adding noise is a laplace LDP mechanism (126) or a gaussian LDP mechanism (126).
  9. 9. The client device (120) of any preceding claim, wherein the client device (120) is configured to implement a machine learning, ML, model (121), the ML model (121) being configured to generate the user data as user data embeddings (124) based on raw user data (120 d).
  10. 10. The client device (120) of claim 9, wherein the randomly selected LDP based mechanism (122) is configured to output the user data embedding (124) based on the original user data (120 d) or a generic user data embedding (125) randomly sampled from a simulated user data embedding distribution with a defined probability.
  11. 11. The client device (120) of claim 10, wherein the client device (120) is configured to implement another ML model (123), the another ML model (123) being configured to generate a plurality of simulated user data embeddings in the simulated user data embedding distribution.
  12. 12. The client device (120) according to any of the preceding claims, wherein the client device (120) is a user equipment, UE (120).
  13. 13. The client device (120) according to any of the preceding claims, wherein the user data (120 d) or the raw user data (120 d) comprises one or more of a name, an age, an address, a gender, a search history, an application usage of the user, a browser history, and/or information about online advertisements previously selected by the user.
  14. 14. A method (400), characterized in that the method (400) is for using a service provided by a server (140) based on user data (120 d; 124) associated with a user of a client device (120), the method (400) being for: -applying (401) a first local differential privacy, LDP, mechanism (122) and a second LDP mechanism (126) to the user data (120 d; 124) to obtain privacy-protected user data (130), the first LDP mechanism (122) being a randomly selected based LDP mechanism (122), the second LDP mechanism (126) being an LDP mechanism (126), the LDP mechanism (126) being for adding noise to input data of the LDP mechanism (126); -transmitting (403) the privacy preserving user data (130) to the server (140).
  15. 15. The method (400) of claim 14, wherein the server (140) is a recommendation server (140), the method (400) further comprising receiving one or more recommendations (145) based on the privacy-preserving user data (130) from the recommendation server (140) in response to transmitting (403) the privacy-preserving user data (130) to the recommendation server (140).
  16. 16. The method (400) of claim 14 or 15, wherein applying (401) the first LPD mechanism (122) and the second LDP mechanism (126) to the user data (120 d; 124) comprises first applying the first LDP mechanism (122) to the user data (120 d; 124) and then applying the second LDP mechanism (126) to an output of the first LDP mechanism (122) to obtain the privacy-preserving user data (130).
  17. 17. The method (400) according to claim 14 or 15, wherein applying (401) the first LPD mechanism (122) and the second LDP mechanism (126) to the user data (120 d; 124) comprises first applying the second LDP mechanism (126) to the user data (120 d; 124) and then applying the first LDP mechanism (122) to the output of the second LDP mechanism (126) to obtain the privacy-preserving user data (130).
  18. 18. A computer program product comprising a computer readable storage medium for storing program code which, when executed by a computer or a processor, causes the computer or the processor to perform the method (400) according to any of claims 14 to 17.

Description

Apparatus and method for providing privacy preserving user data for a recommender system Technical Field The present invention relates to digital security, and in particular to the privacy of user data. More particularly, the present invention relates to an apparatus and method for providing privacy-preserving user data to a server, particularly a recommendation server for generating one or more recommendations based on the privacy-preserving user data. Background A recommender system (also referred to as a recommender system) is an online information filtering system that typically provides suggestions for items, i.e., the most relevant recommendations to a particular user. In general, advice refers to various decision processes such as what products to purchase, what music to listen to, or what online news to read. The recommendation system is particularly useful when an individual needs to select an item from a vast number of items that may be offered by a service. In order to determine the most appropriate recommendation, e.g., an online advertisement for a user, a recommendation system typically requires user data, such as search history, history of previously clicked advertisements, user location, user age, user gender, etc., resulting in a significant risk that the user data may be compromised (i.e., compromised at one or more different stages of the recommendation process). Typically, recommendation systems employ artificial intelligence (ARTIFICIAL INTELLIGENCE, AI), i.e., machine learning (MACHINE LEARNING, ML), models, such as neural networks, for generating the most appropriate recommendations based on user data, which models have been trained using training datasets of user data. There are some suggestions for ensuring privacy of the training data set, i.e. the data that has been used to train the previous users of the recommendation system (e.g. collected from users agreeing to process their data). The proposed solution focuses on preventing potential attackers from deducing whether or not data of a particular user is used to train a recommendation system, for example, by differential private training using an ML model. However, fewer schemes are proposed for ensuring privacy of the inference phase (i.e., when the trained ML model is deployed and serves new users). In the inference phase, each user sends a request for e.g. an advertisement to an advertisement recommendation server via its client device, wherein the request comprises information about the user, i.e. user data. A potential attacker (e.g., the server itself or an external attacker) may then use the transmitted information to leak/infer private information about the user. Thus, there is a need to provide privacy protection schemes for recommender systems, and in particular, the inference phase of recommender systems. Disclosure of Invention It is an object of the present invention to provide improved devices and methods for providing privacy-preserving user data to a server, in particular a recommendation server for generating one or more recommendations based on the privacy-preserving user data. The above object and other objects are achieved by the subject matter as claimed in the independent claims. Other implementations are apparent from the dependent claims, the description and the drawings. According to a first aspect, a client device is provided for using a service (in particular a recommendation service) provided by a server (in particular a recommendation server) based on user data associated with a user of the client device. In one implementation, the client device may be a User Equipment (UE). The client device is configured to apply a first Local Differential Privacy (LDP) mechanism and a second LDP mechanism to the user data to obtain privacy-preserving user data, the first LDP mechanism being a randomly selected-based LDP mechanism, the second LDP mechanism being a LDP mechanism for adding noise to input data of the LDP mechanism. Further, the client device is configured to transmit the privacy preserving user data to the server. According to the first aspect and the different implementations described below, a client device may (a) prevent private user data (sometimes also referred to as attributes) from being inferred based on the privacy-preserving user data provided to the recommendation server, (b) prevent private user data, such as one or more selected recommendations or recommendation-user matching scores, from being inferred based on server-side information, (c) maintain high utility, i.e., provide meaningful responses, particularly recommendations based on the user data, (d) meet hardware and user experience requirements with acceptable speed, bandwidth and memory usage. In another possible implementation, the server is a recommendation server, and the client device is configured to receive one or more recommendations based on the privacy-preserving user data from the recommendation server in response to tra