Abstract: A Double Blinded Privacy-Safe Distributed Data Mining Protocol is disclosed, among an aggregator, a data consumer entity having privacy-sensitive information, and data source entities having privacy-sensitive information. The aggregator does not have access to the privacy-sensitive information at either the data consumer entity or the data source entities. The aggregator formulates a query without using privacy-sensitive information, and sends the query to the data consumer entity. The data consumer entity generates a list of specific instances that meet the conditions of the query and sends the list, encrypted, to the data source entities either directly or through the aggregator. The data source entities match the list against transactional data, de-identify the matched results, and send them to the aggregator. The aggregator combines results from data source entities and sends the combined result to the data consumer entity.

Abstract: Privacy Preserving Data-Mining Protocol, between a secure “aggregator” and “sources” having respective access to privacy-sensitive micro-data, the protocol including: the “aggregator” accepting a user query and transmitting a parameter list for that query to the “sources” (often including privacy-problematic identifiable specifics to be analyzed); the “sources” then forming files of privacy-sensitive data-items according to the parameter list and privacy filtering out details particular to less than a predetermined quantity of micro-data-specific data-items; and the “aggregator” merging the privacy-filtered files into a data-warehouse to formulate a privacy-safe response to the user—even though the user may have included privacy-problematic identifiable specifics.