WO2016044129A1 - Method and system for privacy-preserving recommendations - Google Patents

Method and system for privacy-preserving recommendations Download PDF

Info

Publication number
WO2016044129A1
WO2016044129A1 PCT/US2015/049907 US2015049907W WO2016044129A1 WO 2016044129 A1 WO2016044129 A1 WO 2016044129A1 US 2015049907 W US2015049907 W US 2015049907W WO 2016044129 A1 WO2016044129 A1 WO 2016044129A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
comparison
information
encrypted
recommendation
Prior art date
Application number
PCT/US2015/049907
Other languages
French (fr)
Inventor
Marc Joye
Ehud WEINSBERG
Efstratios Ioannidis
Original Assignee
Thomson Licensing
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thomson Licensing filed Critical Thomson Licensing
Publication of WO2016044129A1 publication Critical patent/WO2016044129A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/258Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
    • H04N21/25866Management of end-user data
    • H04N21/25891Management of end-user data being end-user preferences
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/235Processing of additional data, e.g. scrambling of additional data or processing content descriptors
    • H04N21/2351Processing of additional data, e.g. scrambling of additional data or processing content descriptors involving encryption of additional data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/251Learning process for intelligent management, e.g. learning user preferences for recommending movies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/2668Creating a channel for a dedicated end-user group, e.g. insertion of targeted commercials based on end-user profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/435Processing of additional data, e.g. decrypting of additional data, reconstructing software from modules extracted from the transport stream
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/466Learning process for intelligent management, e.g. learning user preferences for recommending movies
    • H04N21/4668Learning process for intelligent management, e.g. learning user preferences for recommending movies for recommending content, e.g. movies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/47End-user applications
    • H04N21/482End-user interface for program selection
    • H04N21/4826End-user interface for program selection using recommendation lists, e.g. of programs or channels sorted out according to their score

Definitions

  • the present disclosure generally relates to recommendation systems and, more particularly, to privacy-preserving recommendations.
  • Home entertainment systems including television and media centers, are converging with the Internet and providing access to a large number of available sources of content, such as video, movies, TV programs, music, etc.
  • This expansion in the number of available sources necessitates a new strategy for navigating a media interface associated with such systems and enabling access to certain portions of media content being consumed by the user.
  • the personal information may describe the user, as well as their interests. Additionally, this personal information may also provide information about content sources available to the particular user.
  • These content sources may be one of a local content source (e.g. on a local area network in a media storage repository) and a third party content source (e.g. subscription based service or pay per view system).
  • user information can be encrypted, for example with the user’s public encryption key, such that the recommender cannot decrypt the user information, but can operate on the encrypted user information to generate user-encrypted comparison information that can be used to determine recommendations for the user.
  • the user information can be kept private because the user information can remain user-encrypted while the recommender uses the user information in determining recommendations.
  • the user-encrypted comparison information can be provided to the user for decryption, and the user can provide results of the decryption to the recommender to use for determining the recommendation.
  • the comparison information can include a comparison of recommendation indicators.
  • the comparison can be a difference between two recommendation indicators, such as the predicted ratings of two content items.
  • certain recommender information can be obscured from the user because, for example, while the user may obtain a value of the difference between two the predicted ratings, the user does not obtain the values of the predicted ratings themselves.
  • FIG. 1 is a block diagram of an example of a system for delivering video content according to various embodiments.
  • FIG. 2 is a block diagram of an example of a computing system, such as a set- top box/digital video recorder (DVR), gateway, etc., according to various
  • FIG. 3 illustrates an example of a touch panel input device according to various embodiments.
  • FIG. 4 illustrates another example of an input device according to various embodiments.
  • FIG. 5 is a block diagram of an example of a privacy-preserving
  • FIG. 6 illustrates an example of a method that can be performed by a user system according to various embodiments.
  • FIG. 7 illustrates an example of a method that can be performed by a recommendation system according to various embodiments.
  • FIG. 8 illustrates an example of a method that can be performed by a user system according to various embodiments.
  • FIG. 9 illustrates another example of a method that can be performed by a user system according to various embodiments.
  • FIG. 10 illustrates an example of a method that can be performed by a recommendation system according to various embodiments.
  • FIG. 1 1 is a diagram that illustrates one example of an implementation of the method of FIG. 10 according to various embodiments.
  • FIG. 12 illustrates an example of a method of determining recommendations using user-encrypted user profiles according to various embodiments.
  • Consumers of content such as movies, television (TV), music, etc.
  • content items can have difficulty finding content they are likely to enjoy. Consumers may be faced with browsing through massive databases of content, for example, and can become overwhelmed and frustrated. Consumers may wish to obtain recommendations for content items (also referred to herein simply as "items"), e.g., movies, TV shows, songs, etc., from a recommender, such as a recommendation systems, a
  • Recommenders can tailor recommendations by analyzing user information to determine indicators (also referred to herein as “recommendation indicators"), such as measures of the user's preferences (e.g., likes, dislikes), predicted ratings, etc., that can be used to determine recommendations tailored to the user.
  • indicators also referred to herein as “recommendation indicators”
  • measures of the user's preferences e.g., likes, dislikes
  • predicted ratings etc.
  • a recommender can require users to provide rating information, such as the user's personal ratings for various content items, and can analyze the user ratings to predict ratings that the user would give to other content items. These predicted ratings can be used to provide recommendations to the user.
  • the recommender could determine a user's predicted ratings for a number of content items (e.g., all of the content items in the recommender's catalog), sort the predicted ratings to determine the content items with the highest predicted ratings, and provide the user information about the content items with the highest predicted ratings.
  • a recommender can determine the top-k content items, where k is a number chosen by the recommender (e.g., the top-5 content items having the five highest predicted ratings), and provide the names of the top-k content items to the user as a
  • Predicted ratings are merely one example of an indicator that can be used to determine recommendations, and one skilled in the art will readily appreciate that there are many such recommendation indicators that can be determined by analyzing user information.
  • vast resources in industry and academia are devoted to predicting what users will like by analyzing user information, such as biographical information (e.g., age, sex, race, etc.), economic information (e.g. income level, etc.), preference information (e.g., what content items users consume and how the users rate the content items, etc.).
  • biographical information e.g., age, sex, race, etc.
  • economic information e.g. income level, etc.
  • preference information e.g., what content items users consume and how the users rate the content items, etc.
  • some users do not want a recommender to know the user's information that forms the basis for the recommendations. In other words, some users want to keep their user information private.
  • a recommender might wish to keep certain information private. For example, if the recommender receives revenue each time a user requests a recommendation, the recommender might want the user to request recommendations periodically, i.e., repeat business. Therefore, the recommender might limit the number of recommendations per request to a predetermined number, k, so that another request would be needed if the user wants more recommendations when done with the k recommendations. For example, each recommendation could identify only the k content items with the highest indications of user preference, i.e., the top-k content items. In addition to limiting the number of recommended items, the recommender might wish to prevent the user from obtaining certain information the recommender uses to determine recommendations.
  • the following disclosure includes various examples for a recommender providing recommendations to a user while keeping certain user information and recommender information private.
  • user information can be encrypted, for example with the user's public encryption key, such that the
  • recommender cannot decrypt the user information, but can operate on the encrypted user information to generate user-encrypted comparison information that can be used to determine recommendations for the user.
  • the user information can be kept private because the user information can remain user- encrypted while the recommender uses the user information in determining recommendations.
  • the user-encrypted comparison information can be provided to the user for decryption, and the user can provide results of the decryption to the recommender to use for determining the recommendation.
  • the comparison information can include a comparison of recommendation indicators.
  • the comparison can be a difference between two recommendation indicators, such as the predicted ratings of two content items.
  • certain recommender information can be obscured from the user because, for example, while the user may obtain a value of the difference between two the predicted ratings, the user does not obtain the values of the predicted ratings themselves.
  • additional steps can be taken to further obscure information while still allowing recommendations to be determined.
  • FIG. 1 illustrates a block diagram of an example of a system 100 for delivering content and recommendations to a home or end user.
  • the content originates from a content source 102, such as a movie studio or production house.
  • the content may be supplied in at least one of two forms.
  • One form may be a broadcast form of content.
  • the broadcast content is provided to the broadcast affiliate manager 104, which is typically a national broadcast service, such as the American Broadcasting Company (ABC), National Broadcasting Company (NBC), Columbia Broadcasting System (CBS), etc.
  • the broadcast affiliate manager may collect and store the content, and may schedule delivery of the content over a delivery network, shown as delivery network 106.
  • Delivery network 106 may include satellite link transmission from a national center to one or more regional or local centers. Delivery network 106 may also include local content delivery using local delivery systems such as over the air broadcast, satellite broadcast, or cable broadcast.
  • the locally delivered content is provided to a user system 107 in a user's home.
  • User system 107 can include a receiving device 108 that can receive and process content and perform other functions described in more detail below. It is to be appreciated that receiving device 108 can be, for example, a set-top box, a digital video recorder (DVR), a gateway, a modem, etc. Receiving device 108 may act as entry point, or gateway, for a home network system that includes additional devices configured as either client or peer devices in the home network.
  • receiving device 108 can be, for example, a set-top box, a digital video recorder (DVR), a gateway, a modem, etc.
  • Receiving device 108 may act as entry point, or gateway, for a home network system that includes additional devices configured as either client or peer devices in the home network.
  • User system 107 can also include a display device 1 14. In some embodiments,
  • display device 1 14 can be an external display coupled to receiving device 108.
  • receiving device 108 and display device 1 14 can be parts of a single device.
  • the display device 1 14 may be, for example, a conventional 2-D type display, an advanced 3-D display, etc.
  • User system 107 can also include an input device 1 16, such as a remote controller, a keyboard, a mouse, a touch panel, a touch screen, etc.
  • the input device 1 16 may be adapted to provide user control for the receiving device 108 and/or the display device 1 14.
  • input device 1 16 may be an external device that can couple to receiving device 108 via, for example, a wired connection, a signal transmission system, such as infra-red (IR), radio frequency (RF) communications, etc., and may include standard protocols such as universal serial bus (USB), infra-red data association (IRDA) standard, Wi-Fi, Bluetooth and the like, proprietary protocols, etc.
  • IR infra-red
  • RF radio frequency
  • standard protocols such as universal serial bus (USB), infra-red data association (IRDA) standard, Wi-Fi, Bluetooth and the like, proprietary protocols, etc.
  • receiving device 108 and input device 1 16 can be part of the same device. Operations of input device 1 16 will be described in further detail below.
  • Special content may include, for example, premium viewing content, pay-per-view content, Internet access, other content otherwise not provided to the broadcast affiliate manager, e.g., movies, video games, other video elements, etc.
  • the special content may be content requested by the user, such as a webpage, a movie download, etc.
  • the special content may be delivered to a content manager 1 10.
  • the content manager 1 10 may be a service provider, such as an Internet website, affiliated, for instance, with a content provider, broadcast service, or delivery network service.
  • the content manager 1 10 may also incorporate Internet content into the delivery system.
  • the content manager 1 10 may deliver the content to the user's receiving device 108 over a communication network, e.g., communication network 1 12.
  • Communication network 1 12 may include high-speed broadband Internet type communications systems. It is important to note that the content from the broadcast affiliate manager 104 may also be delivered using all or parts of communication network 1 12 and content from the content manager 1 10 may be delivered using all or parts of delivery network 106. In some embodiments, the user may obtain content, such as webpages, etc., directly from the Internet 1 13 via communication network 1 12 without necessarily having the content managed by the content manager 1 10.
  • the special content is provided as an
  • the special content may completely replace some programming content provided as broadcast content.
  • the special content may be completely separate from the broadcast content, and may simply be a media alternative that the user may choose to utilize.
  • the special content may be a library of movies that are not yet available as broadcast content.
  • the receiving device 108 may receive different types of content from one or both of delivery network 106 and communication network 1 12.
  • the receiving device 108 processes the content, and provides a separation of the content based on user preferences and commands.
  • the receiving device 108 may also include a storage device, such as a hard drive or optical disk drive, for recording and playing back audio and video content. Further details of the operation of the receiving device 108 and features associated with playing back stored content will be described below in relation to FIG. 2.
  • the processed content is provided to display device 1 14.
  • content manager 1 10 also controls a
  • recommendation system 1 17 that can include a recommendation engine 1 18 and a database 120. Recommendation system 1 17 can process encrypted
  • recommendation system 1 17 is controlled by content manager 1 10 in this example, it should be appreciated that in some embodiments, recommendation systems can be operated by other entities, such as separate recommendation service providers whose primary service is providing recommendations.
  • FIG. 2 includes a block diagram of an example of a computing system, such as a receiving device 200.
  • Receiving device 200 may operate similar to receiving device 108 described in FIG. 1 and may be included as part of a gateway device, modem, set-top box, personal computer, television, tablet computer, smartphone, etc.
  • Receiving device 200 may also be incorporated into other systems including an audio device or a display device.
  • the receiving device 200 may be, for example, a set top box coupled to an external display device (e.g., a television), a personal computer coupled to a display device (e.g., a computer monitor), etc.
  • the receiving device 200 may include an integrated display device, for example, a portable device such as a tablet computer, a smartphone, etc.
  • the input signal receiver 202 may include, for example, receiver circuits used for receiving, demodulation, and decoding signals provided over one of the several possible networks including over the air, cable, satellite, Ethernet, fiber and phone line networks.
  • the desired input signal may be obtained based on user input provided through a user interface 216.
  • the user input may include search terms for a search
  • the input signal received by input signal receiver 202 may include search results.
  • User interface 216 can be coupled to an input device, such as input device 1 16, and can receive and process corresponding user inputs, for example, keystrokes, button presses, touch inputs, such as gestures, audio input, such as voice input, etc., from the input device.
  • User interface 216 may be adapted to interface to a cellular phone, a tablet, a mouse, a remote controller, etc.
  • the decoded output signal is provided to an input stream processor 204.
  • the input stream processor 204 performs the final signal selection and processing, and includes separation of video content from audio content for the content stream.
  • the audio content is provided to an audio processor 206 for conversion from the received format, such as a compressed digital signal, to an analog waveform signal.
  • the analog waveform signal is provided to an audio interface 208 and further to the display device or audio amplifier.
  • the audio interface 208 may provide a digital signal to an audio output device or display device using a High- Definition Multimedia Interface (HDMI) cable, an audio interface such as via a
  • HDMI High- Definition Multimedia Interface
  • the audio interface may also include amplifiers for driving one more sets of speakers.
  • the audio processor 206 also performs any necessary conversion for the storage of the audio signals.
  • the video output from the input stream processor 204 is provided to a video processor 210.
  • the video signal may be one of several formats.
  • the video processor 210 provides, as necessary, a conversion of the video content, based on the input signal format.
  • the video processor 210 also performs any necessary conversion for the storage of the video signals.
  • a storage device 212 stores audio and video content received at the input.
  • the storage device 212 allows later retrieval and playback of the content under the control of a controller 214 and also based on commands, e.g., navigation instructions such as fast-forward (FF) and rewind (RW), received from user interface 216.
  • the storage device 212 may be, for example, a hard disk drive, one or more large capacity integrated electronic memories, such as static RAM (SRAM), or dynamic RAM (DRAM), an interchangeable optical disk storage system such as a compact disk (CD) drive or digital video disk (DVD) drive, etc.
  • the converted video signal from the video processor 210, either originating from the input or from the storage device 212, is provided to the display interface 218.
  • the display interface 218 further provides the display signal to a display device, such as display device 1 14, described above.
  • the controller 214 is interconnected via a bus to several of the components of the device 200, including the input stream processor 204, audio processor 206, video processor 210, storage device 212, and user interface 216.
  • the controller 214 manages the conversion process for converting the input stream signal into a signal for storage on the storage device or for display.
  • the controller 214 also manages the retrieval and playback of stored content.
  • controller 214 can receive rating information input by a user and can perform encryption of the user rating information, as described below in more detail.
  • the controller 214 is further coupled to control memory 220 (e.g., volatile or non-volatile memory, including RAM, SRAM, DRAM, ROM, programmable ROM (PROM), flash memory, electronically programmable ROM (EPROM), electronically erasable programmable ROM (EEPROM), etc.) for storing information and instruction code for controller 214.
  • Control memory 220 may store instructions for controller 214.
  • Control memory 220 may also store a database of elements, such as graphic elements containing content.
  • the database may be stored as a pattern of graphic elements, such as graphic elements containing content, various graphic elements used for generating a displayable user interface for display interface 218, and the like.
  • the memory may store the graphic elements in identified or grouped memory locations and use an access or location table to identify the memory locations for the various portions of information related to the graphic elements. Additional details related to the storage of the graphic elements will be described below.
  • the implementation of the control memory 220 may include several possible embodiments, such as a single memory device, more than one memory circuit communicatively connected or coupled together to form a shared or common memory, etc. Still further, the memory may be included with other circuitry, such as portions of bus communications circuitry, in a larger circuit.
  • FIGS. 3 and 4 represent two examples of input devices, 300 and 400, such as input device 1 16.
  • Input devices 300 and 400 can couple with a user interface, such as user interface 216.
  • Input devices 300 and 400 may be used to initiate and/or select various functions available to a user related to the acquisition, consumption, access and/or modification of content, such as multimedia content, broadcast content, Internet content, etc.
  • Input devices 300 and 400 can also allow a user to input rating information and requests for recommendations, as described below in more detail.
  • FIG. 3 illustrates an example of a touch panel input device 300.
  • the touch panel device 300 may be interfaced, for example, via the user interface 216 of the receiving device 200 in FIG. 2.
  • the touch panel device 300 allows operation of the receiving device or set top box based on hand movements, or gestures, and actions translated through the panel into commands for the set top box or other control device. This is achieved by the controller 214 generating a touch screen user interface including at least one user selectable image element enabling initiation of at least one operational command.
  • the touch screen user interface may be pushed to the touch screen device 300 via the user interface 216.
  • the touch screen user interface generated by the controller 214 may be accessible via a webserver executing on one of the user interface 216.
  • the touch panel 300 may serve as a navigational tool to navigate a grid display, as described above for search results.
  • the touch panel 300 may serve as a display device allowing the user to more directly interact with the navigation through the display of content.
  • the touch panel 300 can also include a camera element and/or at least one audio sensing element.
  • the touch panel 300 employs a gesture sensing controller or touch screen enabling a number of different types of user interaction.
  • the inputs from the controller are used to define gestures and the gestures, in turn, define specific contextual commands.
  • the configuration of the sensors may permit defining movement of a user's fingers on a touch screen or may even permit defining the movement of the controller itself in either one dimension or two dimensions.
  • Two- dimensional motion such as a diagonal, and a combination of yaw, pitch and roll can be used to define any three-dimensional motions, such as a swing.
  • Gestures are interpreted in context and are identified by defined movements made by the user. Depending on the complexity of the sensor system, only simple one-dimensional motions or gestures may be allowed.
  • a simple right or left movement on the sensor as shown here may produce a fast forward or rewind function.
  • multiple sensors could be included and placed at different locations on the touch screen. For instance, a horizontal sensor for left and right movement may be placed in one spot and used for volume up/down, while a vertical sensor for up and down movement may be placed in a different spot and used for channel up/down. In this way specific gesture mappings may be used.
  • the touch screen device 300 may recognize alphanumeric input traces which may be automatically converted into alphanumeric text displayable on one of the touch screen device 300 or output via display interface 218 to a primary display device.
  • FIG. 4 illustrates another example of an input device, input device 400.
  • the input device 400 may, for example, be used to interact with the user interfaces generated by the system and which are output for display by the display interface 218 to a primary display device (e.g. television, monitor, etc).
  • the input device of FIG. 4 may be formed as a remote control having a 12-button alphanumerical keypad 402 and a navigation section 404 including directional navigation buttons and a selector button.
  • the input device 400 may also include a set of function buttons 406 that, when selected, initiate a particular system function (e.g. menu, guide, DVR, etc).
  • the input device 400 may include a set of programmable application specific buttons 408 that, when selected, may initiate a particularly defined function associated with a particular application executed by the controller 214.
  • Input device 400 may include a display screen 410 that can display information, such as program information, menu information, navigation information, etc.
  • the depiction of the input device in FIG. 4 is merely an example, and it should be appreciated that various input devices may include any number and/or arrangement of buttons that enable a user to interact with the user interface process according to various embodiments. Additionally, it should be noted that users may use either or both of the input devices depicted and described in FIGS. 3 and 4 simultaneously and/or sequentially to interact with the system. Other input devices are considered within the scope of the present disclosure.
  • the user input device may include at least one of an audio sensor and a visual sensor.
  • the audio sensor may sense audible commands issued from a user and translate the audible commands into functions to be executed by the user.
  • the visual sensor may sense the user's presence and match user information of the sensed user(s) to stored visual data in the usage database 120 in FIG. 1 . Matching visual data sensed by the visual sensor enables the system to automatically recognize the user's presence and retrieve any user profile information associated with the user. Additionally, the visual sensor may sense physical movements of at least one user present and translate those movements into control commands for controlling the operation of the system.
  • the system may have a set of pre-stored command gestures that, if sensed, enable the controller 214 to execute a particular feature or function of the system.
  • An example of a type of gesture command may include the user waving their hand in a rightward direction which may initiate a fast forward command or a next screen command or a leftward direction which may initiate a rewind or previous screen command depending on the current context.
  • This description of physical gestures able to be recognized by the system is merely exemplary and should not be taken as limiting. Rather, this description is intended to illustrate the general concept of physical gesture control that may be recognized by the system and persons skilled in the art could readily understand that the controller may be programmed to specifically recognize any physical gesture and allow that gesture to be tied to at least one executable function of the system.
  • FIG. 5 is a block diagram of an example of a privacy-preserving
  • System 500 can include a user system 501 , such as user system 107 shown in FIG. 1 , that can be in a user's home, for example.
  • User system 501 can include, for example, a set-top box, a digital video recorder (DVR), a gateway, a modem, etc., that can receive and process content delivered via a communication network, such as communication network 1 12, and that can send communications, such as data, information, messages, requests, etc., via the communication network.
  • System 500 can also include a recommendation system 504, such as recommendation system 1 17 shown in FIG. 1 .
  • recommendation services can require information about a user in order to determine what content the user probably will like.
  • recommendation services can provide recommendations by analyzing user information, for example, biographical information such as age, sex, race, etc., economic information such as income level, etc., preference information such as what content items users consume and how the users rate the content items, etc., to predict what other content items a user will probably like.
  • biographical information such as age, sex, race, etc.
  • economic information such as income level, etc.
  • preference information such as what content items users consume and how the users rate the content items, etc., to predict what other content items a user will probably like.
  • some users may not want to provide such information to a recommendation service.
  • System 500 illustrates an example in which user information can be obscured from the recommender, while still allowing the recommender to analyze the user information and provide recommendations.
  • the user information can include, for example, ratings that the user has given to various content items (e.g., star-ratings the user has given to various movies), identification information of the content items the user has consumed (e.g., the movies the user has watched), viewing habit information (e.g., which types of movies the user has recently watched or partially watched in the evenings, daytime, weekends, etc.), and/or other information that could be used to determine recommendations for content items, as one skilled in the art would appreciate.
  • User system 501 can provide recommendation system 504 with the user information under an encryption that does not allow the
  • recommendation system to decrypt the user information, but allows the user system to decrypt the ratings. For example, the user can encrypt the user information with the user's public encryption key.
  • FIG. 6 illustrates an example of a method that can be performed by a user system, such as user system 501 .
  • the user system can obtain (601 ) user information.
  • the user may view a movie on a display, such as display device 1 14, and the user system may determine various user information associated with the viewing.
  • the user system may determine the time and day of the user's viewing of the movie, the genre of the movie, etc.
  • the user system can encrypt (602) the user information with an encryption that does not allow a
  • recommender such as recommendation system 504 to decrypt the user information, but allows the user system to decrypt the user information.
  • the user system can generate a user-encrypted user information.
  • the user system can encrypt the user information using a public encryption key of the user.
  • the user system can provide (603) the user-encrypted user information to the recommender, for example, by sending a communication including the user- encrypted user information to the recommender, by storing the user-encrypted user information in a storage medium that is accessible to the recommender, etc.
  • FIG. 5 illustrates an example of providing user-encrypted user information by including the user-encrypted user information in a communication 51 1 sent from user system 501 to recommendation system 504.
  • the user- encrypted user information in communication 51 1 can include a single piece of user- encrypted information, for example, a user-encrypted identification (ID) of a movie the user has finished viewing.
  • ID user-encrypted identification
  • user system 501 can automatically encrypt the movie ID and send the user-encrypted movie ID to recommendation system 504 in a communication 51 1 .
  • communication 51 1 may also include unencrypted information, for example, to allow the recommender to better make use of the user-encrypted user information.
  • communication 51 1 may include a user-encrypted rating for a movie the user has rated and also include the
  • unencrypted ID of the movie can, for example, allow the recommender to index and store the user-encrypted rating in an efficient manner, as described in more detail below with respect to FIGS. 9-1 1 .
  • the user-encrypted user information in various embodiments, the user-encrypted user information in
  • communication 51 1 can include multiple distinct pieces, such as user-encrypted IDs for multiple movies viewed, and may also include unencrypted information that can correspond to the user-encrypted information.
  • user system 501 may store the movie IDs of viewed movies and periodically encrypted and send the movie IDs, e.g., user-encrypted movie IDs, in a single communication 51 1 .
  • the user can input a request for a recommendation to user system 501 , and the user system can send a recommendation request as a communication 514 to recommendation system 504.
  • FIG. 7 illustrates an example of a method that can be performed by a recommender, such as recommendation system 504.
  • the recommender can determine (701 ) to provide a recommendation.
  • recommendation system 504 can determine to provide user system 501 with a recommendation in response to receiving the recommendation request in communication 514.
  • the recommender can determine (702) first user-encrypted comparison information based on the user-encrypted user information.
  • the comparison information can be a comparison of two or more
  • recommendation indicators such as measures of user preferences (e.g., likes, dislikes), estimated ratings, etc. As described above, there are many such recommendation indicators that can be determined based on user information and used to guide the selection of recommendations for the user, as understood by one skilled in the art.
  • the user-encrypted comparison information can be determined based on user-encrypted user information obtained by the recommender and can be determined while the user information remains encrypted.
  • the comparison information can include a difference between the predicted ratings of two content items (e.g., item j and item j' ): (1 ) where: is the predicted rating of item j for user i' , and
  • Each predicted rating can be, for example, the rating that the recommender predicts the user (e.g., user / ' out of n users that use the recommender's service) would give to the corresponding content item (e.g., item j (or j' ) out of m content items in the recommender's catalog).
  • the recommender can provide (703) the user-encrypted comparison information to the user.
  • recommendation system 504 can send user system 501 the user-encrypted comparison information in a communication 517.
  • the user can process the user-encrypted comparison information and provide the recommender with information about the results of the processing, for example, using a method such as the one illustrated by FIG. 8.
  • FIG. 8 illustrates an example of a method that can be performed by a user system, such as user system 501 .
  • the user system can obtain (801 ) user-encrypted comparison information, for example, from the recommender.
  • the user system can decrypt (802) the user-encrypted comparison information to determine result information.
  • the comparison information can include the difference between two predicted ratings as shown above in Equation 1
  • the user can obtain the value for the difference between the predicted ratings when decrypting the comparison information.
  • the user would not obtain the actual values jj and jj ' .
  • the user would not be able to determine how the recommender predicts the user would rate item j and item j' .
  • certain recommender information can be obscured from the user.
  • the comparison information would not include identification of the content items being compared, thus, further limiting the information the user can obtain from the decrypted comparison information.
  • the user system can provide (803) the result information to the recommender.
  • user system 501 can send the result information to the recommender.
  • the result information can include the decrypted comparison information and/or information that is based on the decrypted comparison information.
  • An example of including the decrypted comparison information (the difference between two predicted ratings in this example) in the result information can be as follows: when the user system performs the decryption and obtains the result, i.e., the value for the difference between the two predicted ratings, the user system sends the value to the recommender as the result information.
  • An example of including information that is based on the decrypted comparison information can be as follows: when the user system performs the decryption and obtains the result, i.e., the value for the difference between the two predicted ratings, the user system determines whether the value is a positive number (i.e., value > 0), and the user system sends the result of the determination to the recommender as the result information.
  • the recommender can use the result information in determining recommendations, as will described in more detail below.
  • the recommender can obtain (704) the result information from the user.
  • the recommender can determine (705) second user- encrypted comparison information based on the result information. For example, in the case that the comparison information includes the difference between two predicted ratings, the result information can be used to determine which predicted rating is higher than the other. In particular, from the first example described above, if the result information includes the value for the recommender can determine that if the value is positive and determine that if the value
  • the recommender can select the higher predicted rating to use for the next comparison. For example, if the recommender determines from the result information that fjj is higher than f y, the recommender can then compare fy with the predicted rating of another content item (e.g., item j" ). In other words, the recommender can determine a user-encrypted difference between fjj and fy. In contrast to the first user-encrypted comparison information determined at 702, the second user- encrypted comparison information determined at 705 is based on result information obtained from the user.
  • the recommender can provide (706) the second user- encrypted comparison information to the user, and can continue to receive result information, to determine second user-encrypted comparison information (e.g., determine which predicted rating is higher and generate a new comparison between the higher predicted rating and the predicted rating of another content item), and provide the second user-encrypted comparison information to the user. With each iteration, the higher predicted rating is determined, so that when all predicted ratings have been compared, the content item with the highest predicted rating can be identified. The recommender can then determine (708) the recommended content item and provide (709) the user with the recommendation, which is the top-1 content item in this example.
  • the recommender can repeat the process without including the top-1 content item, and the top-2 content item can be identified. Likewise, the recommender can repeat the process until the top-k content items have been identified and provided as recommendations to the user.
  • FIGS. 9-12 illustrate examples of various embodiments according to the disclosure.
  • FIGS. 9-1 1 illustrate examples of obtaining and storing user- encrypted ratings according to various embodiments.
  • FIG. 12 illustrates a more detailed example of providing recommendations according to various embodiments.
  • FIG. 9 illustrates an example of a method that can be performed by a user system, such as user system 501 .
  • the user system can obtain (901 ) a rating for a content item, such as a movie.
  • a content item such as a movie.
  • the user may watch the movie on a display, such as display device 1 14, and then input a rating for the movie using an input device, such as input device 1 16.
  • the user system can encrypt (902) the rating with an encryption that does not allow a recommender, such as
  • the recommendation system 504 to decrypt the ratings, but allows the user system to decrypt the ratings.
  • the user system can generate a user-encrypted rating.
  • the user system can encrypt the rating using a public key of the user system.
  • the user system can send (903) rating information to the
  • the rating information can include the user-encrypted rating together with an unencrypted identification (ID) of the content item.
  • ID an unencrypted identification
  • the unencrypted content item ID can allow the recommender to identify the content item corresponding to the user-encrypted rating. In this way, the recommender can determine what content item corresponds to the rating, but cannot determine a value of the rating.
  • FIG. 10 illustrates an example of a method that can be performed by a recommender, such as recommendation system 504.
  • the recommender can obtain (1001 ) the rating information, i.e., the user-encrypted rating and corresponding content item ID.
  • the recommendation system can index (1002) the user-encrypted rating based on the corresponding content item ID and can store (1003) the user- encrypted rating based on the index.
  • the user-encrypted rating can be stored in a database, such as recommendation information database 120 shown in FIG. 1 .
  • FIG. 1 1 is a diagram that illustrates one example implementation of the method of FIG. 10 according to various embodiments.
  • Multiple users 1 101 can subscribe to a recommendation service that operates a recommendation system that can include a recommendation engine 1 104 and a recommendation information database 1 107.
  • Some users may elect a privacy-preserving option in which their user information remains encrypted, as described above, perhaps at an additional cost.
  • Other users may not be concerned with the privacy of their user information and may send their user information, such as ratings, unencrypted.
  • a matrix M can be stored as a data structure 1 1 14 stored in recommendation information database 1 107.
  • Matrix M can include user-encrypted ratings of users that elect the privacy-preserving option and unencrypted ratings of the other users, where r is
  • each row of matrix M includes the user-encrypted ratings or unencrypted ratings for a particular user
  • each column of matrix M includes the user-encrypted ratings or unencrypted ratings for a particular content item.
  • each row of matrix M can represent a user-encrypted user profile vector or an unencrypted user profile vector u
  • each column of matrix M can represent a content item profile Vj that includes user-encrypted ratings and unencrypted ratings.
  • FIG. 1 1 shows matrix M including entries at some locations, and locations in matrix M that do not have an entry are represented by dashes
  • FIG. 1 1 also illustrates one example of a method for storing user-encrypted ratings and unencrypted ratings in matrix M according to various embodiments.
  • Each communication from a privacy-preserving user can include user-encrypted rating information, such as a user-encrypted rating and a corresponding unencrypted content item ID, together with an unencrypted user ID that can identify the user sending the communication.
  • Each communication from a non-privacy-preserving user can include unencrypted rating information, such as an unencrypted rating and a corresponding unencrypted content item ID, together with an unencrypted user ID that can identify the user sending the communication.
  • FIG. 1 1 shows communications 1 1 1 1 resulting from non-privacy- preserving user (2) rating content item (5), i.e., [user (2) ID, item (5) ID, r], which recommendation engine 1 104 receives, indexes r 2 , 5 , and stores at row 2, column 5 of matrix M.
  • FIG. 1 1 also shows communications 1 1 1 1 from other users that are indexed and stored.
  • matrix M also includes other entries, such as etc., which can be previously-stored ratings resulting from previous communications from users 1 101 , for example.
  • matrix factorization can be used to analyze the user-encrypted ratings while remaining under user encryption to produce user-encrypted predicted ratings for other content items.
  • matrix M can be an n x m matrix with entries corresponding to all user ratings received from the users.
  • the number of entries in matrix M is much smaller than the value of n x m. In other words, for many applications, most of entries in matrix M are empty entries.
  • Matrix factorization can be used to predict the values of the empty entries for a particular user profile u,, and thus predict how the user would rate the content items that the user has not yet rated, while the user profile remains user-encrypted as
  • an additive semantically secure public-key homomorphic encryption Paillier cryptosystem can be used and a user-encrypted predicted user rating can be determined for each empty entry (i,j) in a user-encrypted user profile.
  • Each content item profile vector can be modified by removing the user-encrypted ratings (of other users), resulting in a modified content item profile vector, only the unencrypted ratings. Then each modified content item profile vector can be encrypted using the user's public key to produce a user- encrypted modified content item profile vector, The user-encrypted
  • predicted rating for content item j can be determined by multiplying the user- encrypted user profile vector, with the user-encrypted modified content item profile of content item j,
  • FIG. 12 illustrates an example of a method of determining recommendations using user-encrypted user profiles according to various embodiments.
  • the recommendation system can obtain (1201 ) the user-encrypted user profile of user i,
  • the recommendation system can determine (1203) whether a user-encrypted rating for the ⁇ th content item, exists (i.e., determine whether user (i) has already rated content item (j)) or whether content item j has already been identified as a top-k content item. If exists or content item j is already a top-k item, j can be incremented (1204) (e.g., increased by 1 ), and the process can return to determine (1203) whether exists or content item j is a top-k item.
  • recommendation system can obtain (1205) the user-encrypted modified profile vector of the content item j, and can multiply (1206) with to obtain the user-encrypted predicted rating, , as in Equation (2) above.
  • Recommendation system can encrypt (1207) the user-encrypted predicted rating with the private key of recommender, to obtain a recommender-encrypted, user-encrypted predicted rating, where c indicates recommender encryption.
  • the recommendation system can determine (1208) whether the user- encrypted predicted rating is the first one to be determined after j was initialized. If so, this indicates that a predicted rating for another content item must be determined in order to have a comparison. In other words, if the user-encrypted predicted rating is the first since initialization of j, then the recommendation system has not yet provided the user with comparison information or received result information from the user. Therefore, the process returns to increment j (1204) and determine another user-encrypted predicted rating.
  • the recommendation system determines (1209) first user-encrypted comparison information by performing an operation, "oper", to obtain a user- encrypted difference between the two user-encrypted predicted ratings: (3) where: is the first predicted rating determined after j initialization, and
  • Equation (3) The operation “oper” that can be used to satisfy Equation (3) can depend on the particular encryption method used, as one skilled in the art would understand.
  • the recommendation system can send (1210) the user-encrypted comparison information, together with the corresponding recommender-encrypted, user-encrypted predicted ratings, to the user in a predetermined format, for example, an array: (4)
  • the user system can have predetermined instructions to decrypt the first element determine if the value is positive, and return the second element if the value is positive or return the third element
  • the recommendation system can receive (121 1 ) the result information from the user and can determine (1212) if content item j is the last content item. If content item j is not the last content item, the recommendation system can proceed to increment j (1204) to determine the user-encrypted predicted rating for another content item to compare. However, when the next user-encrypted predicted rating is obtained (1206) and the corresponding recommender-encrypted, user-encrypted predicted rating is determined (1207), the recommender system will determine (1208) that this is not the first pass after j initialization. Therefore, recommender system will proceed to determine (1209) the user-encrypted comparison information based on the result information received from the user.
  • the recommendation system can decrypt the received recommender-encrypted, user-encrypted predicted rating to obtain the user-encrypted predicted rating, which is known to be the higher of the two predicted ratings previously sent to the user.
  • the recommender system can generate a comparison of the returned predicted rating with the newly
  • the process can proceed in this way, with each iteration identifying the currently highest user-encrypted predicted rating, until the recommendation system determines (1212) that result information has been received for the comparison information of the last content item, the user-encrypted predicted rating returned in the result information is determined to be the highest predicted rating.
  • the recommender system can determine (1213) the content item corresponding to the last-received result information is a top-k item and can send (1214) information of the content item to the user as a recommendation.
  • the top-k item can be saved in a list until all top-k items have been determined, and then the list can be sent to the user.
  • the recommender and user can perform a network sorting. In this way, for example, the user can obtain with the entire catalog of content items sorted according to the user's preferences.
  • the recommender can appropriately choose random elements ⁇ and ⁇ , and can prepare user-encrypted comparison information as follows;
  • An example of an appropriate choice of random elements p and ⁇ can be that is in the message space of for all possible values for If the message space is the set of some mod N integers, "negative" representatives as those in the range [N/2, N).
  • the recommender can send the information to the user in a predetermined format, for example, an array: (5)
  • the user system can have predetermined instructions to decrypt the first element (i.e., determine if the value is positive. If the value of the decryption is positive, the user can return: to the recommender, or otherwise (if the value is not positive) the user can return: where K can be a ciphertext of a constant, such as zero (0), prepared by the user:
  • the operation "oper" can be multiplication
  • the recommender's encryption can be partially homomorphic with respect to multiplication
  • the information provided by the recommender to the user can be "randomized” by the random elements ⁇ and ⁇ , and the information returned by the user to the recommender can be "randomized” by K.
  • a Paillier system can be used for the user encryption, and an EIGamal system over can be used for the recommender encryption, N can be an RSA-type modulus, thus: for some random p for some random
  • the recommender can apply a random permutation on the catalog of content items.
  • the user can therefore deduce the top rated item (resp. complete sorting) of the permuted catalog, namely
  • processor or “controller” should not be construed to refer exclusively to hardware capable of executing software, and may implicitly include, without limitation, digital signal processor ("DSP") hardware, read only memory (“ROM”) for storing software, random access memory (“RAM”), and nonvolatile storage.
  • DSP digital signal processor
  • ROM read only memory
  • RAM random access memory
  • any switches shown in the figures are conceptual only. Their function may be carried out through the operation of program logic, through dedicated logic, through the interaction of program control and dedicated logic, or even manually, the particular technique being selectable by the implementer as more specifically understood from the context.
  • any element expressed as a means for performing a specified function is intended to encompass any way of performing that function including, for example, a combination of circuit elements that performs that function, software in any form, including, therefore, firmware, microcode or the like, combined with appropriate circuitry for executing that software to perform the function, etc.
  • the disclosure as defined by such claims resides in the fact that the functionalities provided by the various recited means are combined and brought together in the manner which the claims call for. It is thus regarded that any means that can provide those functionalities are equivalent to those shown herein.

Abstract

Various examples of systems and methods for providing recommendations that can be tailored to a user while preserving the privacy of the user's personal information are disclosed. In various embodiments, user information can be encrypted such that the recommendation service cannot decrypt the user information, yet the recommendation service can analyze the user information to predict user ratings for content items. The predicted user ratings can remain obscured from the recommendation service by encryption, yet can provide the basis for recommendations tailored to the user. In particular, encrypted comparison information of predicted user ratings can be sent to the user, and the user can decrypt the comparison and send result information to the recommender to determine recommendations.

Description

METHOD AND SYSTEM FOR PRIVACY-PRESERVING RECOMMENDATIONS CROSS REFERENCE
This application claims priority to a U.S. Provisional Application, Serial No. 62/051 ,135, filed on September 16, 2014, which is herein incorporated by reference in its entirety. TECHNICAL FIELD
The present disclosure generally relates to recommendation systems and, more particularly, to privacy-preserving recommendations. BACKGROUND
Home entertainment systems, including television and media centers, are converging with the Internet and providing access to a large number of available sources of content, such as video, movies, TV programs, music, etc. This expansion in the number of available sources necessitates a new strategy for navigating a media interface associated with such systems and enabling access to certain portions of media content being consumed by the user. With this expansion, there is a trend towards providing personalized content to a user who has set up a profile including personal information. The personal information may describe the user, as well as their interests. Additionally, this personal information may also provide information about content sources available to the particular user. These content sources may be one of a local content source (e.g. on a local area network in a media storage repository) and a third party content source (e.g. subscription based service or pay per view system). SUMMARY
Various examples of systems and methods for a recommender providing recommendations to a user while keeping certain user information and recommender information private. In various embodiments, user information can be encrypted, for example with the user’s public encryption key, such that the recommender cannot decrypt the user information, but can operate on the encrypted user information to generate user-encrypted comparison information that can be used to determine recommendations for the user. In this way, for example, the user information can be kept private because the user information can remain user-encrypted while the recommender uses the user information in determining recommendations.
In this regard, the user-encrypted comparison information can be provided to the user for decryption, and the user can provide results of the decryption to the recommender to use for determining the recommendation. The comparison information can include a comparison of recommendation indicators. For example, the comparison can be a difference between two recommendation indicators, such as the predicted ratings of two content items. In this way, certain recommender information can be obscured from the user because, for example, while the user may obtain a value of the difference between two the predicted ratings, the user does not obtain the values of the predicted ratings themselves.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a block diagram of an example of a system for delivering video content according to various embodiments.
FIG. 2 is a block diagram of an example of a computing system, such as a set- top box/digital video recorder (DVR), gateway, etc., according to various
embodiments.
FIG. 3 illustrates an example of a touch panel input device according to various embodiments.
FIG. 4 illustrates another example of an input device according to various embodiments.
FIG. 5 is a block diagram of an example of a privacy-preserving
recommendation system according to various embodiments.
FIG. 6 illustrates an example of a method that can be performed by a user system according to various embodiments.
FIG. 7 illustrates an example of a method that can be performed by a recommendation system according to various embodiments. FIG. 8 illustrates an example of a method that can be performed by a user system according to various embodiments.
FIG. 9 illustrates another example of a method that can be performed by a user system according to various embodiments.
FIG. 10 illustrates an example of a method that can be performed by a recommendation system according to various embodiments.
FIG. 1 1 is a diagram that illustrates one example of an implementation of the method of FIG. 10 according to various embodiments.
FIG. 12 illustrates an example of a method of determining recommendations using user-encrypted user profiles according to various embodiments.
It should be understood that the drawings are for purposes of illustrating the concepts of the disclosure and are not necessarily the only possible configurations for illustrating the disclosure.
DETAILED DESCRIPTION
Consumers of content, such as movies, television (TV), music, etc., can have difficulty finding content they are likely to enjoy. Consumers may be faced with browsing through massive databases of content, for example, and can become overwhelmed and frustrated. Consumers may wish to obtain recommendations for content items (also referred to herein simply as "items"), e.g., movies, TV shows, songs, etc., from a recommender, such as a recommendation systems, a
recommendation service, etc.
Recommenders can tailor recommendations by analyzing user information to determine indicators (also referred to herein as "recommendation indicators"), such as measures of the user's preferences (e.g., likes, dislikes), predicted ratings, etc., that can be used to determine recommendations tailored to the user. For example, a recommender can require users to provide rating information, such as the user's personal ratings for various content items, and can analyze the user ratings to predict ratings that the user would give to other content items. These predicted ratings can be used to provide recommendations to the user. For example, the recommender could determine a user's predicted ratings for a number of content items (e.g., all of the content items in the recommender's catalog), sort the predicted ratings to determine the content items with the highest predicted ratings, and provide the user information about the content items with the highest predicted ratings. For example, a recommender can determine the top-k content items, where k is a number chosen by the recommender (e.g., the top-5 content items having the five highest predicted ratings), and provide the names of the top-k content items to the user as a
recommendation.
Predicted ratings are merely one example of an indicator that can be used to determine recommendations, and one skilled in the art will readily appreciate that there are many such recommendation indicators that can be determined by analyzing user information. In fact, vast resources in industry and academia are devoted to predicting what users will like by analyzing user information, such as biographical information (e.g., age, sex, race, etc.), economic information (e.g. income level, etc.), preference information (e.g., what content items users consume and how the users rate the content items, etc.). However, while many users would like to obtain accurate, personalized recommendations, some users do not want a recommender to know the user's information that forms the basis for the recommendations. In other words, some users want to keep their user information private.
Likewise, a recommender might wish to keep certain information private. For example, if the recommender receives revenue each time a user requests a recommendation, the recommender might want the user to request recommendations periodically, i.e., repeat business. Therefore, the recommender might limit the number of recommendations per request to a predetermined number, k, so that another request would be needed if the user wants more recommendations when done with the k recommendations. For example, each recommendation could identify only the k content items with the highest indications of user preference, i.e., the top-k content items. In addition to limiting the number of recommended items, the recommender might wish to prevent the user from obtaining certain information the recommender uses to determine recommendations. Otherwise, the user might be able to generate their own recommendations and not need to pay the recommender for more recommendations. The following disclosure includes various examples for a recommender providing recommendations to a user while keeping certain user information and recommender information private. In various embodiments, user information can be encrypted, for example with the user's public encryption key, such that the
recommender cannot decrypt the user information, but can operate on the encrypted user information to generate user-encrypted comparison information that can be used to determine recommendations for the user. In this way, for example, the user information can be kept private because the user information can remain user- encrypted while the recommender uses the user information in determining recommendations.
In this regard, the user-encrypted comparison information can be provided to the user for decryption, and the user can provide results of the decryption to the recommender to use for determining the recommendation. The comparison information can include a comparison of recommendation indicators. For example, the comparison can be a difference between two recommendation indicators, such as the predicted ratings of two content items. In this way, certain recommender information can be obscured from the user because, for example, while the user may obtain a value of the difference between two the predicted ratings, the user does not obtain the values of the predicted ratings themselves. Moreover, as will be explained in detail below, additional steps can be taken to further obscure information while still allowing recommendations to be determined.
FIG. 1 illustrates a block diagram of an example of a system 100 for delivering content and recommendations to a home or end user. The content originates from a content source 102, such as a movie studio or production house. The content may be supplied in at least one of two forms. One form may be a broadcast form of content. The broadcast content is provided to the broadcast affiliate manager 104, which is typically a national broadcast service, such as the American Broadcasting Company (ABC), National Broadcasting Company (NBC), Columbia Broadcasting System (CBS), etc. The broadcast affiliate manager may collect and store the content, and may schedule delivery of the content over a delivery network, shown as delivery network 106. Delivery network 106 may include satellite link transmission from a national center to one or more regional or local centers. Delivery network 106 may also include local content delivery using local delivery systems such as over the air broadcast, satellite broadcast, or cable broadcast. The locally delivered content is provided to a user system 107 in a user's home.
User system 107 can include a receiving device 108 that can receive and process content and perform other functions described in more detail below. It is to be appreciated that receiving device 108 can be, for example, a set-top box, a digital video recorder (DVR), a gateway, a modem, etc. Receiving device 108 may act as entry point, or gateway, for a home network system that includes additional devices configured as either client or peer devices in the home network.
User system 107 can also include a display device 1 14. In some
embodiments, display device 1 14 can be an external display coupled to receiving device 108. In some embodiments, receiving device 108 and display device 1 14 can be parts of a single device. The display device 1 14 may be, for example, a conventional 2-D type display, an advanced 3-D display, etc. User system 107 can also include an input device 1 16, such as a remote controller, a keyboard, a mouse, a touch panel, a touch screen, etc. The input device 1 16 may be adapted to provide user control for the receiving device 108 and/or the display device 1 14. In some embodiments, input device 1 16 may be an external device that can couple to receiving device 108 via, for example, a wired connection, a signal transmission system, such as infra-red (IR), radio frequency (RF) communications, etc., and may include standard protocols such as universal serial bus (USB), infra-red data association (IRDA) standard, Wi-Fi, Bluetooth and the like, proprietary protocols, etc. In some embodiments, receiving device 108 and input device 1 16 can be part of the same device. Operations of input device 1 16 will be described in further detail below.
A second form of content is referred to as special content. Special content may include, for example, premium viewing content, pay-per-view content, Internet access, other content otherwise not provided to the broadcast affiliate manager, e.g., movies, video games, other video elements, etc. The special content may be content requested by the user, such as a webpage, a movie download, etc. The special content may be delivered to a content manager 1 10. The content manager 1 10 may be a service provider, such as an Internet website, affiliated, for instance, with a content provider, broadcast service, or delivery network service. The content manager 1 10 may also incorporate Internet content into the delivery system. The content manager 1 10 may deliver the content to the user's receiving device 108 over a communication network, e.g., communication network 1 12. Communication network 1 12 may include high-speed broadband Internet type communications systems. It is important to note that the content from the broadcast affiliate manager 104 may also be delivered using all or parts of communication network 1 12 and content from the content manager 1 10 may be delivered using all or parts of delivery network 106. In some embodiments, the user may obtain content, such as webpages, etc., directly from the Internet 1 13 via communication network 1 12 without necessarily having the content managed by the content manager 1 10.
Several adaptations for utilizing the separately delivered content may be possible. In one possible approach, the special content is provided as an
augmentation to the broadcast content, providing alternative displays, purchase and merchandising options, enhancement material, etc. In another embodiment, the special content may completely replace some programming content provided as broadcast content. Finally, the special content may be completely separate from the broadcast content, and may simply be a media alternative that the user may choose to utilize. For instance, the special content may be a library of movies that are not yet available as broadcast content.
The receiving device 108 may receive different types of content from one or both of delivery network 106 and communication network 1 12. The receiving device 108 processes the content, and provides a separation of the content based on user preferences and commands. The receiving device 108 may also include a storage device, such as a hard drive or optical disk drive, for recording and playing back audio and video content. Further details of the operation of the receiving device 108 and features associated with playing back stored content will be described below in relation to FIG. 2. The processed content is provided to display device 1 14.
In the example of FIG. 1 , content manager 1 10 also controls a
recommendation system 1 17 that can include a recommendation engine 1 18 and a database 120. Recommendation system 1 17 can process encrypted
recommendation information that can be used to provide recommendations to the user as will be described in more detail below. Although recommendation system 1 17 is controlled by content manager 1 10 in this example, it should be appreciated that in some embodiments, recommendation systems can be operated by other entities, such as separate recommendation service providers whose primary service is providing recommendations.
FIG. 2 includes a block diagram of an example of a computing system, such as a receiving device 200. Receiving device 200 may operate similar to receiving device 108 described in FIG. 1 and may be included as part of a gateway device, modem, set-top box, personal computer, television, tablet computer, smartphone, etc. Receiving device 200 may also be incorporated into other systems including an audio device or a display device. The receiving device 200 may be, for example, a set top box coupled to an external display device (e.g., a television), a personal computer coupled to a display device (e.g., a computer monitor), etc. In some embodiments, the receiving device 200 may include an integrated display device, for example, a portable device such as a tablet computer, a smartphone, etc.
In receiving device 200 shown in FIG. 2, the content is received by an input signal receiver 202. The input signal receiver 202 may include, for example, receiver circuits used for receiving, demodulation, and decoding signals provided over one of the several possible networks including over the air, cable, satellite, Ethernet, fiber and phone line networks. The desired input signal may be obtained based on user input provided through a user interface 216. For example, the user input may include search terms for a search, and the input signal received by input signal receiver 202 may include search results. User interface 216 can be coupled to an input device, such as input device 1 16, and can receive and process corresponding user inputs, for example, keystrokes, button presses, touch inputs, such as gestures, audio input, such as voice input, etc., from the input device. User interface 216 may be adapted to interface to a cellular phone, a tablet, a mouse, a remote controller, etc.
The decoded output signal is provided to an input stream processor 204. The input stream processor 204 performs the final signal selection and processing, and includes separation of video content from audio content for the content stream. The audio content is provided to an audio processor 206 for conversion from the received format, such as a compressed digital signal, to an analog waveform signal. The analog waveform signal is provided to an audio interface 208 and further to the display device or audio amplifier. In some embodiments, the audio interface 208 may provide a digital signal to an audio output device or display device using a High- Definition Multimedia Interface (HDMI) cable, an audio interface such as via a
Sony/Philips Digital Interconnect Format (SPDIF), etc. The audio interface may also include amplifiers for driving one more sets of speakers. The audio processor 206 also performs any necessary conversion for the storage of the audio signals.
The video output from the input stream processor 204 is provided to a video processor 210. The video signal may be one of several formats. The video processor 210 provides, as necessary, a conversion of the video content, based on the input signal format. The video processor 210 also performs any necessary conversion for the storage of the video signals.
A storage device 212 stores audio and video content received at the input. The storage device 212 allows later retrieval and playback of the content under the control of a controller 214 and also based on commands, e.g., navigation instructions such as fast-forward (FF) and rewind (RW), received from user interface 216. The storage device 212 may be, for example, a hard disk drive, one or more large capacity integrated electronic memories, such as static RAM (SRAM), or dynamic RAM (DRAM), an interchangeable optical disk storage system such as a compact disk (CD) drive or digital video disk (DVD) drive, etc.
The converted video signal, from the video processor 210, either originating from the input or from the storage device 212, is provided to the display interface 218. The display interface 218 further provides the display signal to a display device, such as display device 1 14, described above. The controller 214 is interconnected via a bus to several of the components of the device 200, including the input stream processor 204, audio processor 206, video processor 210, storage device 212, and user interface 216. The controller 214 manages the conversion process for converting the input stream signal into a signal for storage on the storage device or for display. The controller 214 also manages the retrieval and playback of stored content. Furthermore, as will be described below, the controller 214 can receive rating information input by a user and can perform encryption of the user rating information, as described below in more detail. The controller 214 is further coupled to control memory 220 (e.g., volatile or non-volatile memory, including RAM, SRAM, DRAM, ROM, programmable ROM (PROM), flash memory, electronically programmable ROM (EPROM), electronically erasable programmable ROM (EEPROM), etc.) for storing information and instruction code for controller 214. Control memory 220 may store instructions for controller 214. Control memory 220 may also store a database of elements, such as graphic elements containing content. The database may be stored as a pattern of graphic elements, such as graphic elements containing content, various graphic elements used for generating a displayable user interface for display interface 218, and the like. In some embodiments, the memory may store the graphic elements in identified or grouped memory locations and use an access or location table to identify the memory locations for the various portions of information related to the graphic elements. Additional details related to the storage of the graphic elements will be described below. Further, the implementation of the control memory 220 may include several possible embodiments, such as a single memory device, more than one memory circuit communicatively connected or coupled together to form a shared or common memory, etc. Still further, the memory may be included with other circuitry, such as portions of bus communications circuitry, in a larger circuit.
FIGS. 3 and 4 represent two examples of input devices, 300 and 400, such as input device 1 16. Input devices 300 and 400 can couple with a user interface, such as user interface 216. Input devices 300 and 400 may be used to initiate and/or select various functions available to a user related to the acquisition, consumption, access and/or modification of content, such as multimedia content, broadcast content, Internet content, etc. Input devices 300 and 400 can also allow a user to input rating information and requests for recommendations, as described below in more detail.
FIG. 3 illustrates an example of a touch panel input device 300. The touch panel device 300 may be interfaced, for example, via the user interface 216 of the receiving device 200 in FIG. 2. The touch panel device 300 allows operation of the receiving device or set top box based on hand movements, or gestures, and actions translated through the panel into commands for the set top box or other control device. This is achieved by the controller 214 generating a touch screen user interface including at least one user selectable image element enabling initiation of at least one operational command. The touch screen user interface may be pushed to the touch screen device 300 via the user interface 216. In some embodiments, the touch screen user interface generated by the controller 214 may be accessible via a webserver executing on one of the user interface 216. The touch panel 300 may serve as a navigational tool to navigate a grid display, as described above for search results. In some embodiments, the touch panel 300 may serve as a display device allowing the user to more directly interact with the navigation through the display of content. The touch panel 300 can also include a camera element and/or at least one audio sensing element.
In some embodiments, the touch panel 300 employs a gesture sensing controller or touch screen enabling a number of different types of user interaction. The inputs from the controller are used to define gestures and the gestures, in turn, define specific contextual commands. The configuration of the sensors may permit defining movement of a user's fingers on a touch screen or may even permit defining the movement of the controller itself in either one dimension or two dimensions. Two- dimensional motion, such as a diagonal, and a combination of yaw, pitch and roll can be used to define any three-dimensional motions, such as a swing. Gestures are interpreted in context and are identified by defined movements made by the user. Depending on the complexity of the sensor system, only simple one-dimensional motions or gestures may be allowed. For instance, a simple right or left movement on the sensor as shown here may produce a fast forward or rewind function. In addition, multiple sensors could be included and placed at different locations on the touch screen. For instance, a horizontal sensor for left and right movement may be placed in one spot and used for volume up/down, while a vertical sensor for up and down movement may be placed in a different spot and used for channel up/down. In this way specific gesture mappings may be used. For example, the touch screen device 300 may recognize alphanumeric input traces which may be automatically converted into alphanumeric text displayable on one of the touch screen device 300 or output via display interface 218 to a primary display device.
FIG. 4 illustrates another example of an input device, input device 400. The input device 400 may, for example, be used to interact with the user interfaces generated by the system and which are output for display by the display interface 218 to a primary display device (e.g. television, monitor, etc). The input device of FIG. 4 may be formed as a remote control having a 12-button alphanumerical keypad 402 and a navigation section 404 including directional navigation buttons and a selector button. The input device 400 may also include a set of function buttons 406 that, when selected, initiate a particular system function (e.g. menu, guide, DVR, etc). In some embodiments, the input device 400 may include a set of programmable application specific buttons 408 that, when selected, may initiate a particularly defined function associated with a particular application executed by the controller 214. Input device 400 may include a display screen 410 that can display information, such as program information, menu information, navigation information, etc. The depiction of the input device in FIG. 4 is merely an example, and it should be appreciated that various input devices may include any number and/or arrangement of buttons that enable a user to interact with the user interface process according to various embodiments. Additionally, it should be noted that users may use either or both of the input devices depicted and described in FIGS. 3 and 4 simultaneously and/or sequentially to interact with the system. Other input devices are considered within the scope of the present disclosure.
In some embodiments, the user input device may include at least one of an audio sensor and a visual sensor. For example, the audio sensor may sense audible commands issued from a user and translate the audible commands into functions to be executed by the user. The visual sensor may sense the user's presence and match user information of the sensed user(s) to stored visual data in the usage database 120 in FIG. 1 . Matching visual data sensed by the visual sensor enables the system to automatically recognize the user's presence and retrieve any user profile information associated with the user. Additionally, the visual sensor may sense physical movements of at least one user present and translate those movements into control commands for controlling the operation of the system. In this embodiment, the system may have a set of pre-stored command gestures that, if sensed, enable the controller 214 to execute a particular feature or function of the system. An example of a type of gesture command may include the user waving their hand in a rightward direction which may initiate a fast forward command or a next screen command or a leftward direction which may initiate a rewind or previous screen command depending on the current context. This description of physical gestures able to be recognized by the system is merely exemplary and should not be taken as limiting. Rather, this description is intended to illustrate the general concept of physical gesture control that may be recognized by the system and persons skilled in the art could readily understand that the controller may be programmed to specifically recognize any physical gesture and allow that gesture to be tied to at least one executable function of the system.
FIG. 5 is a block diagram of an example of a privacy-preserving
recommendation system 500 according to various embodiments. System 500 can include a user system 501 , such as user system 107 shown in FIG. 1 , that can be in a user's home, for example. User system 501 can include, for example, a set-top box, a digital video recorder (DVR), a gateway, a modem, etc., that can receive and process content delivered via a communication network, such as communication network 1 12, and that can send communications, such as data, information, messages, requests, etc., via the communication network. System 500 can also include a recommendation system 504, such as recommendation system 1 17 shown in FIG. 1 .
The user may wish to obtain recommendations for content items, such as movies, TV shows, music, etc., from recommendation system 504. Typically, recommendation services can require information about a user in order to determine what content the user probably will like. As described above, recommendation services can provide recommendations by analyzing user information, for example, biographical information such as age, sex, race, etc., economic information such as income level, etc., preference information such as what content items users consume and how the users rate the content items, etc., to predict what other content items a user will probably like. However, some users may not want to provide such information to a recommendation service.
System 500 illustrates an example in which user information can be obscured from the recommender, while still allowing the recommender to analyze the user information and provide recommendations. The user information can include, for example, ratings that the user has given to various content items (e.g., star-ratings the user has given to various movies), identification information of the content items the user has consumed (e.g., the movies the user has watched), viewing habit information (e.g., which types of movies the user has recently watched or partially watched in the evenings, daytime, weekends, etc.), and/or other information that could be used to determine recommendations for content items, as one skilled in the art would appreciate. User system 501 can provide recommendation system 504 with the user information under an encryption that does not allow the
recommendation system to decrypt the user information, but allows the user system to decrypt the ratings. For example, the user can encrypt the user information with the user's public encryption key.
In this regard, FIG. 6 illustrates an example of a method that can be performed by a user system, such as user system 501 . The user system can obtain (601 ) user information. For example, the user may view a movie on a display, such as display device 1 14, and the user system may determine various user information associated with the viewing. For example, the user system may determine the time and day of the user's viewing of the movie, the genre of the movie, etc. The user system can encrypt (602) the user information with an encryption that does not allow a
recommender, such as recommendation system 504, to decrypt the user information, but allows the user system to decrypt the user information. In other words, the user system can generate a user-encrypted user information. For example, the user system can encrypt the user information using a public encryption key of the user.
The user system can provide (603) the user-encrypted user information to the recommender, for example, by sending a communication including the user- encrypted user information to the recommender, by storing the user-encrypted user information in a storage medium that is accessible to the recommender, etc.
FIG. 5 illustrates an example of providing user-encrypted user information by including the user-encrypted user information in a communication 51 1 sent from user system 501 to recommendation system 504. In various embodiments, the user- encrypted user information in communication 51 1 can include a single piece of user- encrypted information, for example, a user-encrypted identification (ID) of a movie the user has finished viewing. For example, each time the user views a movie, user system 501 can automatically encrypt the movie ID and send the user-encrypted movie ID to recommendation system 504 in a communication 51 1 . In various embodiments, communication 51 1 may also include unencrypted information, for example, to allow the recommender to better make use of the user-encrypted user information. In various embodiments, for example, communication 51 1 may include a user-encrypted rating for a movie the user has rated and also include the
unencrypted ID of the movie. Providing the unencrypted movie ID corresponding to the user-encrypted rating can, for example, allow the recommender to index and store the user-encrypted rating in an efficient manner, as described in more detail below with respect to FIGS. 9-1 1 .
In various embodiments, the user-encrypted user information in
communication 51 1 can include multiple distinct pieces, such as user-encrypted IDs for multiple movies viewed, and may also include unencrypted information that can correspond to the user-encrypted information. For example, user system 501 may store the movie IDs of viewed movies and periodically encrypted and send the movie IDs, e.g., user-encrypted movie IDs, in a single communication 51 1 .
When the user wishes to receive a recommendation, the user can input a request for a recommendation to user system 501 , and the user system can send a recommendation request as a communication 514 to recommendation system 504.
FIG. 7 illustrates an example of a method that can be performed by a recommender, such as recommendation system 504. The recommender can determine (701 ) to provide a recommendation. For example, recommendation system 504 can determine to provide user system 501 with a recommendation in response to receiving the recommendation request in communication 514. The recommender can determine (702) first user-encrypted comparison information based on the user-encrypted user information.
The comparison information can be a comparison of two or more
recommendation indicators, such as measures of user preferences (e.g., likes, dislikes), estimated ratings, etc. As described above, there are many such recommendation indicators that can be determined based on user information and used to guide the selection of recommendations for the user, as understood by one skilled in the art. The user-encrypted comparison information can be determined based on user-encrypted user information obtained by the recommender and can be determined while the user information remains encrypted. In various embodiments, for example, the comparison information can include a difference between the predicted ratings of two content items (e.g., item j and item j' ):
Figure imgf000018_0001
(1 ) where: is the predicted rating of item
Figure imgf000018_0003
j for user i', and
is the predicted rating of item for user i·
Figure imgf000018_0002
Figure imgf000018_0004
Each predicted rating can be, for example, the rating that the recommender predicts the user (e.g., user /' out of n users that use the recommender's service) would give to the corresponding content item (e.g., item j (or j' ) out of m content items in the recommender's catalog).
The recommender can provide (703) the user-encrypted comparison information to the user. Referring to FIG. 5, for example, recommendation system 504 can send user system 501 the user-encrypted comparison information in a communication 517. The user can process the user-encrypted comparison information and provide the recommender with information about the results of the processing, for example, using a method such as the one illustrated by FIG. 8.
FIG. 8 illustrates an example of a method that can be performed by a user system, such as user system 501 . The user system can obtain (801 ) user-encrypted comparison information, for example, from the recommender. The user system can decrypt (802) the user-encrypted comparison information to determine result information.
In various embodiments in which the comparison information can include the difference between two predicted ratings as shown above in Equation 1 , for example, the user can obtain the value for the difference between the predicted ratings when decrypting the comparison information. However, it is worth noting that the user would not obtain the actual values jj and jj'. In other words, the user would not be able to determine how the recommender predicts the user would rate item j and item j' . In this way, for example, certain recommender information can be obscured from the user. Moreover, in various embodiments, the comparison information would not include identification of the content items being compared, thus, further limiting the information the user can obtain from the decrypted comparison information.
The user system can provide (803) the result information to the recommender. Referring to FIG. 5, user system 501 can send the result information to
recommendation system 504 in a communication 521 .
In various embodiments, the result information can include the decrypted comparison information and/or information that is based on the decrypted comparison information. An example of including the decrypted comparison information (the difference between two predicted ratings in this example) in the result information can be as follows: when the user system performs the decryption and obtains the result, i.e., the value for the difference between the two predicted ratings, the user system sends the value to the recommender as the result information. An example of including information that is based on the decrypted comparison information can be as follows: when the user system performs the decryption and obtains the result, i.e., the value for the difference between the two predicted ratings, the user system determines whether the value is a positive number (i.e., value > 0), and the user system sends the result of the determination to the recommender as the result information. In each of these examples, the recommender can use the result information in determining recommendations, as will described in more detail below.
Referring again to FIG. 7, the recommender can obtain (704) the result information from the user. The recommender can determine (705) second user- encrypted comparison information based on the result information. For example, in the case that the comparison information includes the difference between two predicted ratings, the result information can be used to determine which predicted rating is higher than the other. In particular, from the first example described above, if the result information includes the value for
Figure imgf000019_0002
the recommender can determine that if the value is positive and determine that if the value
Figure imgf000019_0003
Figure imgf000019_0001
is negative. Likewise, from the second example described above, if the result information includes an indication of whether the value of the difference is a positive number, the determination of which predicted rating is higher can be made in a similar fashion. The recommender can select the higher predicted rating to use for the next comparison. For example, if the recommender determines from the result information that fjj is higher than f y, the recommender can then compare fy with the predicted rating of another content item (e.g., item j" ). In other words, the recommender can determine a user-encrypted difference between fjj and fy. In contrast to the first user-encrypted comparison information determined at 702, the second user- encrypted comparison information determined at 705 is based on result information obtained from the user. The recommender can provide (706) the second user- encrypted comparison information to the user, and can continue to receive result information, to determine second user-encrypted comparison information (e.g., determine which predicted rating is higher and generate a new comparison between the higher predicted rating and the predicted rating of another content item), and provide the second user-encrypted comparison information to the user. With each iteration, the higher predicted rating is determined, so that when all predicted ratings have been compared, the content item with the highest predicted rating can be identified. The recommender can then determine (708) the recommended content item and provide (709) the user with the recommendation, which is the top-1 content item in this example.
In order to obtain the next-highest predicted rating, the recommender can repeat the process without including the top-1 content item, and the top-2 content item can be identified. Likewise, the recommender can repeat the process until the top-k content items have been identified and provided as recommendations to the user.
FIGS. 9-12 illustrate examples of various embodiments according to the disclosure. In particular, FIGS. 9-1 1 illustrate examples of obtaining and storing user- encrypted ratings according to various embodiments. FIG. 12 illustrates a more detailed example of providing recommendations according to various embodiments.
In this regard, FIG. 9 illustrates an example of a method that can be performed by a user system, such as user system 501 . The user system can obtain (901 ) a rating for a content item, such as a movie. For example, the user may watch the movie on a display, such as display device 1 14, and then input a rating for the movie using an input device, such as input device 1 16. The user system can encrypt (902) the rating with an encryption that does not allow a recommender, such as
recommendation system 504, to decrypt the ratings, but allows the user system to decrypt the ratings. In other words, the user system can generate a user-encrypted rating. For example, the user system can encrypt the rating using a public key of the user system. The user system can send (903) rating information to the
recommender. The rating information can include the user-encrypted rating together with an unencrypted identification (ID) of the content item. The unencrypted content item ID can allow the recommender to identify the content item corresponding to the user-encrypted rating. In this way, the recommender can determine what content item corresponds to the rating, but cannot determine a value of the rating.
FIG. 10 illustrates an example of a method that can be performed by a recommender, such as recommendation system 504. The recommender can obtain (1001 ) the rating information, i.e., the user-encrypted rating and corresponding content item ID. The recommendation system can index (1002) the user-encrypted rating based on the corresponding content item ID and can store (1003) the user- encrypted rating based on the index. For example, the user-encrypted rating can be stored in a database, such as recommendation information database 120 shown in FIG. 1 .
FIG. 1 1 is a diagram that illustrates one example implementation of the method of FIG. 10 according to various embodiments. Multiple users 1 101 can subscribe to a recommendation service that operates a recommendation system that can include a recommendation engine 1 104 and a recommendation information database 1 107. Some users may elect a privacy-preserving option in which their user information remains encrypted, as described above, perhaps at an additional cost. Other users may not be concerned with the privacy of their user information and may send their user information, such as ratings, unencrypted. A matrix M can be stored as a data structure 1 1 14 stored in recommendation information database 1 107. Matrix M can include user-encrypted ratings
Figure imgf000021_0001
of users that elect the privacy-preserving option and unencrypted ratings of the other users, where r is
Figure imgf000021_0002
the user rating, i is a user index, j is a content item index, and
Figure imgf000021_0003
indicates encryption by user i. That is, each row of matrix M includes the user-encrypted ratings or unencrypted ratings for a particular user, and each column of matrix M includes the user-encrypted ratings or unencrypted ratings for a particular content item. In other words, each row of matrix M can represent a user-encrypted user profile vector
Figure imgf000022_0001
or an unencrypted user profile vector u,, and each column of matrix M can represent a content item profile Vj that includes user-encrypted ratings and unencrypted ratings. FIG. 1 1 shows matrix M including entries at some locations, and locations in matrix M that do not have an entry are represented by dashes
FIG. 1 1 also illustrates one example of a method for storing user-encrypted ratings and unencrypted ratings in matrix M according to various embodiments.
When one of users 1 101 rates a content item, the user's system can send a communication 1 1 1 1 to recommendation engine 1 104. Each communication from a privacy-preserving user can include user-encrypted rating information, such as a user-encrypted rating and a corresponding unencrypted content item ID, together with an unencrypted user ID that can identify the user sending the communication. Each communication from a non-privacy-preserving user can include unencrypted rating information, such as an unencrypted rating and a corresponding unencrypted content item ID, together with an unencrypted user ID that can identify the user sending the communication. For example, a privacy-preserving user (1 ) may input a user rating for content item (3) to the user system of user (1 ), and the user system can encrypt the user rating and send communication 1 1 1 1 that includes a user (1 ) ID, an item (3) ID, and the user-encrypted rating
Figure imgf000022_0003
Recommendation engine 1 104 can receive communication 1 1 1 1 from user (1 ), determine the user index i based on the user ID (i = 1 ), and determine the content item index j based on the content item ID (j = 3). Then, recommendation system can index the included user- encrypted rating
Figure imgf000022_0002
and store the indexed user-encrypted rating, for example, at row 1 , column 3 of matrix M.
Likewise, FIG. 1 1 shows communications 1 1 1 1 resulting from non-privacy- preserving user (2) rating content item (5), i.e., [user (2) ID, item (5) ID, r], which recommendation engine 1 104 receives, indexes r2,5, and stores at row 2, column 5 of matrix M. FIG. 1 1 also shows communications 1 1 1 1 from other users that are indexed and stored. In the example of FIG. 1 1 , matrix M also includes other entries, such as
Figure imgf000023_0001
etc., which can be previously-stored ratings resulting from previous communications from users 1 101 , for example.
In various embodiments, matrix factorization (MF) can be used to analyze the user-encrypted ratings
Figure imgf000023_0002
while remaining under user encryption to produce user-encrypted predicted ratings
Figure imgf000023_0003
for other content items. For example, in the case that the recommendation service has n users (i = 1 ...n) and can provide recommendations for m content items (j = 1 ...m), then matrix M can be an n x m matrix with entries corresponding to all user ratings received from the users. For many applications, the number of entries in matrix M is much smaller than the value of n x m. In other words, for many applications, most of entries in matrix M are empty entries. Matrix factorization can be used to predict the values of the empty entries for a particular user profile u,, and thus predict how the user would rate the content items that the user has not yet rated, while the user profile remains user-encrypted as
Figure imgf000023_0008
In various embodiments, for example, an additive semantically secure public-key homomorphic encryption
Figure imgf000023_0007
Paillier cryptosystem, can be used and a user-encrypted predicted user rating can be determined for each empty entry (i,j) in a user-encrypted user profile. Each content item profile vector can be modified by removing the user-encrypted ratings (of other users), resulting in a modified content item profile vector,
Figure imgf000023_0011
only the unencrypted ratings. Then each modified content item profile vector can be encrypted using the user's public key to produce a user- encrypted modified content item profile vector, The user-encrypted
Figure imgf000023_0006
predicted rating for content item j can be determined by multiplying the user- encrypted user profile vector,
Figure imgf000023_0012
with the user-encrypted modified content item profile of content item j,
Figure imgf000023_0005
(2)
Figure imgf000023_0004
FIG. 12 illustrates an example of a method of determining recommendations using user-encrypted user profiles according to various embodiments. A
recommendation system can obtain (1201 ) the user-encrypted user profile of user i,
Figure imgf000023_0009
The content item index j can be initialized (1202), e.g., by setting j = 1 . The recommendation system can determine (1203) whether a user-encrypted rating for the \th content item,
Figure imgf000023_0010
exists (i.e., determine whether user (i) has already rated content item (j)) or whether content item j has already been identified as a top-k content item. If
Figure imgf000024_0001
exists or content item j is already a top-k item, j can be incremented (1204) (e.g., increased by 1 ), and the process can return to determine (1203) whether
Figure imgf000024_0002
exists or content item j is a top-k item. On the other hand, if it is determined (1203) that
Figure imgf000024_0003
does not exist, recommendation system can obtain (1205) the user-encrypted modified profile vector of the content item j,
Figure imgf000024_0014
and can multiply (1206)
Figure imgf000024_0004
with
Figure imgf000024_0005
to obtain the user-encrypted predicted rating,
Figure imgf000024_0006
, as in Equation (2) above.
Recommendation system can encrypt (1207) the user-encrypted predicted rating with the private key of recommender, to obtain a recommender-encrypted, user-encrypted predicted rating,
Figure imgf000024_0007
where
Figure imgf000024_0008
c indicates recommender encryption. The recommendation system can determine (1208) whether the user- encrypted predicted rating is the first one to be determined after j was initialized. If so, this indicates that a predicted rating for another content item must be determined in order to have a comparison. In other words, if the user-encrypted predicted rating is the first since initialization of j, then the recommendation system has not yet provided the user with comparison information or received result information from the user. Therefore, the process returns to increment j (1204) and determine another user-encrypted predicted rating. In this case, once the other predicted rating is determined, the recommendation system determines (1209) first user-encrypted comparison information by performing an operation, "oper", to obtain a user- encrypted difference between the two user-encrypted predicted ratings:
Figure imgf000024_0009
(3) where: is the first predicted rating determined after j initialization, and
Figure imgf000024_0010
is the second predicted rating determined after j initialization.
The operation "oper" that can be used to satisfy Equation (3) can depend on the particular encryption method used, as one skilled in the art would understand.
The recommendation system can send (1210) the user-encrypted comparison information,
Figure imgf000024_0012
together with the corresponding recommender-encrypted, user-encrypted predicted ratings,
Figure imgf000024_0013
to the user in a predetermined format, for example, an array:
Figure imgf000024_0011
(4) The user system can have predetermined instructions to decrypt the first element determine if the value is positive, and return the second element if the value is positive or return the third element
if the value is not positive.
Figure imgf000025_0001
The recommendation system can receive (121 1 ) the result information from the user and can determine (1212) if content item j is the last content item. If content item j is not the last content item, the recommendation system can proceed to increment j (1204) to determine the user-encrypted predicted rating for another content item to compare. However, when the next user-encrypted predicted rating is obtained (1206) and the corresponding recommender-encrypted, user-encrypted predicted rating is determined (1207), the recommender system will determine (1208) that this is not the first pass after j initialization. Therefore, recommender system will proceed to determine (1209) the user-encrypted comparison information based on the result information received from the user. In particular, the recommendation system can decrypt the received recommender-encrypted, user-encrypted predicted rating to obtain the user-encrypted predicted rating, which is known to be the higher of the two predicted ratings previously sent to the user. The recommender system can generate a comparison of the returned predicted rating with the newly
determined predicted rating using Equation 3 above:
Figure imgf000025_0002
where: s the predicted rating returned in the result information, and
is the predicted rating determined after receiving the result information.
The process can proceed in this way, with each iteration identifying the currently highest user-encrypted predicted rating, until the recommendation system determines (1212) that result information has been received for the comparison information of the last content item, the user-encrypted predicted rating returned in the result information is determined to be the highest predicted rating. The recommender system can determine (1213) the content item corresponding to the last-received result information is a top-k item and can send (1214) information of the content item to the user as a recommendation. In some embodiments, the top-k item can be saved in a list until all top-k items have been determined, and then the list can be sent to the user. The recommendation system can determine (1215) whether the top-k item is the last one to be determined (e.g., if k = the predetermined number of recommended items per recommendation request). If so, the process can end (1216). If not, the recommendation system can initialize j and begin repeat the process to find the next top-k item after removing the currently determined top-k item from consideration in the next iteration.
In some embodiments, instead of simply comparing two items at a time, the recommender and user can perform a network sorting. In this way, for example, the user can obtain with the entire catalog of content items sorted according to the user's preferences.
In some embodiments, the recommender can appropriately choose random elements ρ and θ, and can prepare user-encrypted comparison information as follows;
Figure imgf000026_0001
and can send it to the user together with the corresponding recommender-encrypted, user-encrypted predicted ratings,
Figure imgf000026_0006
An example of an appropriate choice of random elements p and θ can be that
Figure imgf000026_0007
is in the message space of
Figure imgf000026_0009
for all possible values for
Figure imgf000026_0008
If the message space is the set of some mod N integers, "negative" representatives as those in the range [N/2, N). The recommender can send the information to the user in a predetermined format, for example, an array:
Figure imgf000026_0002
(5)
The user system can have predetermined instructions to decrypt the first element (i.e.,
Figure imgf000026_0005
determine if the value is positive. If the value of the decryption is positive, the user can return:
Figure imgf000026_0003
to the recommender, or otherwise (if the value is not positive) the user can return:
Figure imgf000026_0004
where K can be a ciphertext of a constant, such as zero (0), prepared by the user:
Figure imgf000027_0001
In some embodiments, the operation "oper" can be multiplication, and the recommender's encryption,
Figure imgf000027_0002
can be partially homomorphic with respect to multiplication.
In this way, for example, the information provided by the recommender to the user can be "randomized" by the random elements ρ and θ, and the information returned by the user to the recommender can be "randomized" by K.
In some embodiments, a Paillier system can be used for the user encryption, and an EIGamal system over
Figure imgf000027_0003
can be used for the recommender encryption,
Figure imgf000027_0013
N can be an RSA-type modulus, thus:
Figure imgf000027_0004
for some random
Figure imgf000027_0011
p for some random
Figure imgf000027_0005
Figure imgf000027_0012
and mod N2 )
Figure imgf000027_0006
where ρ* = (pr) mod N, g is an element of maximum order in
Figure imgf000027_0009
g* mod N2, where x is the EIGamal private decryption key. Letting
Figure imgf000027_0010
oper
Figure imgf000027_0008
then:
Figure imgf000027_0007
In some embodiments, the recommender can apply a random permutation
Figure imgf000027_0016
on the catalog of content items. The user can therefore deduce the top rated item (resp. complete sorting) of the permuted catalog, namely
Figure imgf000027_0017
Figure imgf000027_0014
Using 1 -out-of-m (resp. k- out-of-m) oblivious transfer, user i can then getj 1 =
Figure imgf000027_0015
It should be appreciated by those skilled in the art that the methods described above may be implemented by, for example, by a computing system such as a general purpose computer through computer-executable instructions (e.g., software, firmware, etc.) stored on a computer-readable medium (e.g., storage disk, memory, etc.) and executed by a computer processor. Referring to FIG. 2, for example, software implementing one or more methods shown in the flowcharts could be stored in storage device 212 and executed by controller 214. It should be understood that various elements shown in the figures may be implemented in various forms of hardware, software or combinations thereof. That is, various elements may be implemented in a combination of hardware and software on one or more
appropriately programmed general-purpose devices, which may include a processor, memory and input/output interfaces.
It should also be appreciated that although various examples of various embodiments have been shown and described in detail herein, those skilled in the art can readily devise other varied embodiments that still remain within the scope of this disclosure.
All examples and conditional language recited herein are intended for instructional purposes to aid the reader in understanding the principles of the disclosure and the concepts contributed by the inventor to furthering the art, and are to be construed as being without limitation to such specifically recited examples and conditions.
Moreover, all statements herein reciting principles, aspects, and embodiments of the disclosure, as well as specific examples thereof, are intended to encompass both structural and functional equivalents thereof. Additionally, it is intended that such equivalents include both currently known equivalents as well as equivalents developed in the future, i.e., any elements developed that perform the same function, regardless of structure.
Thus, for example, it will be appreciated by those skilled in the art that the block diagrams presented herein represent conceptual views of illustrative circuitry embodying the principles of the disclosure. Similarly, it will be appreciated that any flow charts, flow diagrams, state transition diagrams, pseudocode, and the like represent various processes which may be substantially represented in computer readable media and so executed by a computer or processor, whether or not such computer or processor is explicitly shown.
The functions of the various elements shown in the figures may be provided through the use of dedicated hardware as well as hardware capable of executing software in association with appropriate software. When provided by a processor, the functions may be provided by a single dedicated processor, by a single shared processor, or by a plurality of individual processors, some of which may be shared. Moreover, explicit use of the term "processor" or "controller" should not be construed to refer exclusively to hardware capable of executing software, and may implicitly include, without limitation, digital signal processor ("DSP") hardware, read only memory ("ROM") for storing software, random access memory ("RAM"), and nonvolatile storage.
Other hardware, conventional and/or custom, may also be included. Similarly, any switches shown in the figures are conceptual only. Their function may be carried out through the operation of program logic, through dedicated logic, through the interaction of program control and dedicated logic, or even manually, the particular technique being selectable by the implementer as more specifically understood from the context.
In the claims hereof, any element expressed as a means for performing a specified function is intended to encompass any way of performing that function including, for example, a combination of circuit elements that performs that function, software in any form, including, therefore, firmware, microcode or the like, combined with appropriate circuitry for executing that software to perform the function, etc. The disclosure as defined by such claims resides in the fact that the functionalities provided by the various recited means are combined and brought together in the manner which the claims call for. It is thus regarded that any means that can provide those functionalities are equivalent to those shown herein.

Claims

1 . A recommendation system (200) comprising:
a processor (214); and
a memory (220) storing instructions configured to cause the processor to: obtain user-encrypted user information, wherein a user system is able to decrypt the user encryption but the recommendation system is not able to decrypt the user encryption;
determine first user-encrypted comparison information based on the user- encrypted user information without decrypting the user-encrypted user information, wherein the first user-encrypted comparison information includes a first comparison of recommendation indicators for content items of the recommendation system;
provide the first user-encrypted comparison information to the user system; obtain first result information from the user system, wherein the first result information includes an indication of a result of the first comparison;
determine second user-encrypted comparison information based on the first result information without decrypting the user-encrypted user information, wherein the second user-encrypted comparison information includes a second comparison of recommendation indicators for content items;
provide the second user-encrypted comparison information to the user system; obtain second result information from the user system, wherein the second result information includes an indication of a result of the second comparison; and determine a recommendation based on the indications of the results of the first and second comparisons.
2. The recommendation system of claim 1 , wherein the user-encrypted user information includes a user-encrypted rating of one of the content items.
3. The recommendation system of claim 1 , wherein the first comparison includes a comparison of a predicted rating of a first content item and a predicted rating of a second content item.
4. The recommendation system of claim 3, wherein the second comparison includes a comparison of a predicted rating of a third content item and the predicted rating of one of the first or second content items.
5. The recommendation system of claim 1 , wherein the first comparison includes a difference between the values of two recommendation indicators.
6. The recommendation system of claim 5, wherein the first result information includes an indication of which of the two recommendation indicators has a higher value.
7. The recommendation system of claim 6, wherein the second comparison includes a comparison of the higher value recommendation indicator with another recommendation indicator.
8. A non-transitory computer-readable medium (212) storing computer- executable instructions executable to perform a method for providing a
recommendation of a content item of a plurality of content items in a recommendation system, the method comprising:
obtaining user-encrypted user information, wherein a user system is able to decrypt the user encryption but the recommendation system is not able to decrypt the user encryption;
determining first user-encrypted comparison information based on the user- encrypted user information without decrypting the user-encrypted user information, wherein the first user-encrypted comparison information includes a first comparison of recommendation indicators for content items;
providing the first user-encrypted comparison information to the user system; obtaining first result information from the user system, wherein the first result information includes an indication of a result of the first comparison;
determining second user-encrypted comparison information based on the first result information without decrypting the user-encrypted user information, wherein the second user-encrypted comparison information includes a second comparison of recommendation indicators for content items; providing the second user-encrypted comparison information to the user system;
obtaining second result information from the user system, wherein the second result information includes an indication of a result of the second comparison; and determining a recommendation based on the indications of the results of the first and second comparisons.
9. The computer-readable medium of claim 8, wherein the user-encrypted user information includes a user-encrypted rating of one of the content items.
10. The computer-readable medium of claim 8, wherein the first comparison includes a comparison of a predicted rating of a first content item and a predicted rating of a second content item.
1 1 . The computer-readable medium of claim 10, wherein the second comparison includes a comparison of a predicted rating of a third content item and the predicted rating of one of the first or second content items.
12. The computer-readable medium of claim 8, wherein the first comparison includes a difference between the values of two recommendation indicators.
13. The computer-readable medium of claim 12, wherein the first result information includes an indication of which of the two recommendation indicators has a higher value.
14. The computer-readable medium of claim 13, wherein the second comparison includes a comparison of the higher value recommendation indicator with another recommendation indicator.
15. A method for providing a recommendation of a content item of a plurality of content items in a recommendation system, the method comprising:
obtaining user-encrypted user information, wherein a user system is able to decrypt the user encryption but the recommendation system is not able to decrypt the user encryption; determining first user-encrypted comparison information based on the user- encrypted user information without decrypting the user-encrypted user information, wherein the first user-encrypted comparison information includes a first comparison of recommendation indicators for content items;
providing the first user-encrypted comparison information to the user system; obtaining first result information from the user system, wherein the first result information includes an indication of a result of the first comparison;
determining second user-encrypted comparison information based on the first result information without decrypting the user-encrypted user information, wherein the second user-encrypted comparison information includes a second comparison of recommendation indicators for content items;
providing the second user-encrypted comparison information to the user system;
obtaining second result information from the user system, wherein the second result information includes an indication of a result of the second comparison; and determining a recommendation based on the indications of the results of the first and second comparisons.
16. The method of claim 15, wherein the user-encrypted user information includes a user-encrypted rating of one of the content items.
17. The method of claim 15, wherein the first comparison includes a comparison of a predicted rating of a first content item and a predicted rating of a second content item.
18. The method of claim 17, wherein the second comparison includes a comparison of a predicted rating of a third content item and the predicted rating of one of the first or second content items.
19. The method of claim 15, wherein the first comparison includes a difference between the values of two recommendation indicators.
20. The method of claim 19, wherein the first result information includes an indication of which of the two recommendation indicators has a higher value.
21 . The method of claim 20, wherein the second comparison includes a comparison of the higher value recommendation indicator with another
recommendation indicator.
22. A user system (200) comprising:
a processor (214); and
a memory (220) storing instructions configured to cause the processor to: obtain user information;
encrypt the user information with a user encryption, wherein the user system is able to decrypt the user encryption but a recommendation system is not able to decrypt the user encryption;
provide the user-encrypted user information to the recommendation system; obtain first user-encrypted comparison information from the recommendation system, the first user-encrypted comparison information being based on the user- encrypted user information, wherein the first user-encrypted comparison information includes a first comparison of recommendation indicators for content items of the recommendation system;
decrypt the first user-encrypted comparison information to determine first result information, wherein the first result information includes an indication of a result of the first comparison;
provide the first result information to the recommendation system;
obtain second user-encrypted comparison information from the
recommendation system, the first user-encrypted comparison information being based on the result information, wherein the second user-encrypted comparison information includes a second comparison of recommendation indicators for content items;
decrypt the second user-encrypted comparison information to determine second result information, wherein the second result information includes an indication of a result of the second comparison;
provide the second result information to the recommendation system; and obtain a recommendation from the recommendation system, wherein the recommendation is based on the indications of the results of the first and second comparisons.
23. The user system of claim 22, wherein the user-encrypted user information includes a user-encrypted rating of one of the content items.
24. The user system of claim 22, wherein the first comparison includes a comparison of a predicted rating of a first content item and a predicted rating of a second content item.
25. The user system of claim 24, wherein the second comparison includes a comparison of a predicted rating of a third content item and the predicted rating of one of the first or second content items.
26. The user system of claim 22, wherein the first comparison includes a difference between the values of two recommendation indicators.
27. The user system of claim 26, wherein the first result information includes an indication of which of the two recommendation indicators has a higher value.
28. The user system of claim 27, wherein the second comparison includes a comparison of the higher value recommendation indicator with another
recommendation indicator.
29. A non-transitory computer-readable medium (212) storing computer- executable instructions executable to perform a method for obtaining a
recommendation of a content item of a plurality of content items in a recommendation system, the method comprising:
obtaining user information;
encrypting the user information with a user encryption, wherein a user system is able to decrypt the user encryption but a recommendation system is not able to decrypt the user encryption;
providing the user-encrypted user information to the recommendation system; obtaining first user-encrypted comparison information from the
recommendation system, the first user-encrypted comparison information being based on the user-encrypted user information, wherein the first user-encrypted comparison information includes a first comparison of recommendation indicators for content items of the recommendation system;
decrypting the first user-encrypted comparison information to determine first result information, wherein the first result information includes an indication of a result of the first comparison;
providing the first result information to the recommendation system;
obtaining second user-encrypted comparison information from the
recommendation system, the first user-encrypted comparison information being based on the result information, wherein the second user-encrypted comparison information includes a second comparison of recommendation indicators for content items;
decrypting the second user-encrypted comparison information to determine second result information, wherein the second result information includes an indication of a result of the second comparison;
providing the second result information to the recommendation system; and obtaining a recommendation from the recommendation system, wherein the recommendation is based on the indications of the results of the first and second comparisons.
30. The computer-readable medium of claim 29, wherein the user-encrypted user information includes a user-encrypted rating of one of the content items.
31 . The computer-readable medium of claim 29, wherein the first comparison includes a comparison of a predicted rating of a first content item and a predicted rating of a second content item.
32. The computer-readable medium of claim 31 , wherein the second comparison includes a comparison of a predicted rating of a third content item and the predicted rating of one of the first or second content items.
33. The computer-readable medium of claim 29, wherein the first comparison includes a difference between the values of two recommendation indicators.
34. The computer-readable medium of claim 33, wherein the first result information includes an indication of which of the two recommendation indicators has a higher value.
35. The computer-readable medium of claim 34, wherein the second comparison includes a comparison of the higher value recommendation indicator with another recommendation indicator.
36. A method for obtaining a recommendation of a content item of a plurality of content items in a recommendation system, the method comprising:
obtaining user information;
encrypting the user information with a user encryption, wherein a user system is able to decrypt the user encryption but a recommendation system is not able to decrypt the user encryption;
providing the user-encrypted user information to the recommendation system; obtaining first user-encrypted comparison information from the
recommendation system, the first user-encrypted comparison information being based on the user-encrypted user information, wherein the first user-encrypted comparison information includes a first comparison of recommendation indicators for content items of the recommendation system;
decrypting the first user-encrypted comparison information to determine first result information, wherein the first result information includes an indication of a result of the first comparison;
providing the first result information to the recommendation system;
obtaining second user-encrypted comparison information from the
recommendation system, the first user-encrypted comparison information being based on the result information, wherein the second user-encrypted comparison information includes a second comparison of recommendation indicators for content items;
decrypting the second user-encrypted comparison information to determine second result information, wherein the second result information includes an indication of a result of the second comparison;
providing the second result information to the recommendation system; and obtaining a recommendation from the recommendation system, wherein the recommendation is based on the indications of the results of the first and second comparisons.
37. The user system of claim 36, wherein the user-encrypted user information includes a user-encrypted rating of one of the content items.
38. The user system of claim 36, wherein the first comparison includes a comparison of a predicted rating of a first content item and a predicted rating of a second content item.
39. The user system of claim 38, wherein the second comparison includes a comparison of a predicted rating of a third content item and the predicted rating of one of the first or second content items.
40. The user system of claim 36, wherein the first comparison includes a difference between the values of two recommendation indicators.
41 . The user system of claim 40, wherein the first result information includes an indication of which of the two recommendation indicators has a higher value.
42. The user system of claim 41 , wherein the second comparison includes a comparison of the higher value recommendation indicator with another
recommendation indicator.
PCT/US2015/049907 2014-09-16 2015-09-14 Method and system for privacy-preserving recommendations WO2016044129A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201462051135P 2014-09-16 2014-09-16
US62/051,135 2014-09-16

Publications (1)

Publication Number Publication Date
WO2016044129A1 true WO2016044129A1 (en) 2016-03-24

Family

ID=54292900

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2015/049907 WO2016044129A1 (en) 2014-09-16 2015-09-14 Method and system for privacy-preserving recommendations

Country Status (2)

Country Link
TW (1) TW201626805A (en)
WO (1) WO2016044129A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107257499A (en) * 2017-07-21 2017-10-17 安徽大学 Method for secret protection and video recommendation method in a kind of video recommendation system
US10333715B2 (en) 2016-11-14 2019-06-25 International Business Machines Corporation Providing computation services with privacy

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6438579B1 (en) * 1999-07-16 2002-08-20 Agent Arts, Inc. Automated content and collaboration-based system and methods for determining and providing content recommendations
US20070016528A1 (en) * 2003-08-08 2007-01-18 Verhaegh Wilhelmus F J System for processing data and method thereof

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6438579B1 (en) * 1999-07-16 2002-08-20 Agent Arts, Inc. Automated content and collaboration-based system and methods for determining and providing content recommendations
US20070016528A1 (en) * 2003-08-08 2007-01-18 Verhaegh Wilhelmus F J System for processing data and method thereof

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10333715B2 (en) 2016-11-14 2019-06-25 International Business Machines Corporation Providing computation services with privacy
CN107257499A (en) * 2017-07-21 2017-10-17 安徽大学 Method for secret protection and video recommendation method in a kind of video recommendation system

Also Published As

Publication number Publication date
TW201626805A (en) 2016-07-16

Similar Documents

Publication Publication Date Title
US10901511B2 (en) Methods and systems for selecting media guidance functions based on tactile attributes of a user input
US20230138030A1 (en) Methods and systems for correcting, based on speech, input generated using automatic speech recognition
US10735790B2 (en) Systems and methods for recommending content
US9848276B2 (en) Systems and methods for auto-configuring a user equipment device with content consumption material
US20150350729A1 (en) Systems and methods for providing recommendations based on pause point in the media asset
US20140223481A1 (en) Systems and methods for updating a search request
US11375276B2 (en) Methods and systems for recommending media assets based on the geographic location at which the media assets are frequently consumed
US20160345039A1 (en) Proximity dependent media playback
US9288521B2 (en) Systems and methods for updating media asset data based on pause point in the media asset
US9785398B2 (en) Systems and methods for automatically adjusting volume of a media asset based on navigation distance
US20190303420A1 (en) Systems and methods for determining one or more user devices suitable for displaying media assets matching a search query
US20160085800A1 (en) Systems and methods for identifying an intent of a user query
EP3622717A1 (en) Systems and methods for ranking content sources based on a number of media assets identified to be interesting to a user
US10616649B2 (en) Providing recommendations based on passive microphone detections
US11245945B2 (en) Systems and methods for displaying segments of media guidance data
WO2016044129A1 (en) Method and system for privacy-preserving recommendations
EP3119094A1 (en) Methods and systems for clustering-based recommendations
US9135245B1 (en) Filtering content based on acquiring data associated with language identification
US20150326927A1 (en) Portable Device Account Monitoring
WO2015191921A1 (en) Method and system for privacy-preserving recommendations
US20150033269A1 (en) System and method for displaying availability of a media asset
WO2015191919A1 (en) Method and system for privacy-preserving recommendations
US20210089180A1 (en) Methods and systems for performing dynamic searches using a media guidance application
US20150281796A1 (en) Methods and systems for performing binary searches using a media guidance application

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15778793

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15778793

Country of ref document: EP

Kind code of ref document: A1