1.1. Field of the Invention
The present invention is in the field of information technology, and relates to method and system for matching a first plurality of private data sets such as a private contact book having typically a few hundred contact entries, stored in a communication client device, with a second plurality of data sets such as a large contact data repository having thousands or even millions of contact entries, stored on a server-based communication system.
1.2. Description and Disadvantages of Prior Art
Popular prior art communication services running on smartphones like WhatsApp use the user's GSM phone number as the user's identity. They provide services like text messaging, calling via Voice-over-IP, and file transfer, at low cost, by transferring the data over the phone's Internet connection. To display to the user the subset of his contacts that are also members of the same communication service, they match the user's contact book with the set of already registered members of the communication service.
So far, this is done in prior art by sending the list of phone numbers to the service provider in an unencrypted and non-anonymized fashion as reported in the journal of “Stiftung Warentest”, volume 6/12, published May 24, 2012, receiving in reply the subset of contacts that are already members. Thus, anyone able to eavesdrop the communication between the phone and the service provider gets access to the user's full contact book. This includes the service provider themselves, of course. However, a contact book constitutes private data, and is a business secret for professionals, revealing valuable contacts and possibly even business strategies.
In order to be able to provide the requested service, e. g. to show the online status of contacts, the user's member contacts must be revealed to the provider of the service. This is permitted because those contacts have agreed to the terms and services of the communication service. In contrast, the contacts not participating in the communication service must not be revealed publicly, and not even to the provider of the communication service. In fact, this would be a breach of the right of informational self determination (“Grundrecht auf informationelle Selbstbestimmung”) of the contact, who most likely has not agreed to their information being shared with such a service provider—as reported in http://www.telemedicus.info/article/2222-LG-Berlin-Das-Facebook-Urteil-im-Detail.html.
as published in the Internet since Mar. 12, 2012, or see the published decision of Landgericht Berlin, LG Berlin, Urteil v. Jun. 3, 2012, Az. 16 O 551/10.
A perfect way privacy-wise would be to asymmetrically encrypt the list of phone numbers entry by entry on both sides with a random and unique key, and to compare the encrypted lists. Since encryption is bijective, it is a bijection on the intersection operator, so the result can easily be transformed backwards by the client. However, encrypting all of a member's phone numbers for each matching is computationally unfeasible, since there could be millions, and multiple queries per second could occur.
Another way would be to send the full list of service participants to the client, and matching them there without further server interaction. However, this is also unfeasible because it would reveal the contact information of all members of the service to a non-trusted user. Even more so, the very long list of members would have to be sent to the client, resulting in possibly many megabytes of data, which is unfeasible particularly for mobile clients.
1.3. Objectives of the Invention
The objective of the present invention is to provide an efficient method and system for transmitting and matching such private data, as mentioned above wherein the data is processed such that any eavesdropping person including the central service provider who actually performs the matching, would have a too hard computational work to invest if he wanted to know about the data, and which method does not consume too much computational power at the client devices and the server.