The present invention relates to, "A two-stage homomorphic encryption-based framework for securing user"s privacy in producing online recommendation."
BACKGROUND
Recommendation systems are used to filter a large amount of data to provide results according to the choice of users. Sensitive data of users are being stored in databases before giving recommendations to the users. These datasets are known to be Personally Identifiable Information (PII) [1]. It comprises sensitive data of a user like history of purchasing items, ratings given to the items by the user, location history, and other personal data [2]. Hacking on the data of users, fake marketing of products and advertisements, surveillance of users by the government are general breaches of privacy [3]. Acquiring personal data of users and providing them with fake recommendations generated by the intruders are serious privacy threats posed by third parties[4]. So, to provide a quality recommendation, protection of privacy and integrity of users is also needed [5], Hence, privacy enabled recommendation systems are introduced [6]. Privacy concerns are addressed by many researchers [7].The mistreatment of personal information of users is a severe threat to the privacy of users and could lead to disaster. [8] It has been addressed broadly by the authors. Arjan Jeckmans et al. studied the privacy breaches in the recommehder system and indicated severe outcomes of privacy breaches according to the sensitivity of the user's data [9]. Arik Friedman et al. described several ways to access data like undesirable access by operators, data giving to third parties, and unsolicited data collection that put users at privacy risk [10]. To maintain service quality and accuracy, Arjan jackman demonstrated a cryptographic method to discuss these issues [9]. For privacy concerns, two categories of privacy enabled recommender systems can be there, Obfuscations and Cryptography methods. Obfuscation is a well-known recommender system technique for privacy preserving of user's data that is used to infuse noise on users. This method is used since 1990 i d^M'^^01^^2^^ ^® $^Jt of SbfiESation, which removes the relationship among

data and user for profile obfuscation. Hence used for privacy protection. As the recommendation model is unprotected from attacks, so it can reidentify users [4]. PierangelaSamarati et al. [12] provides an explanation to counter this the authors, give a k-anonymity based technique, and presenting a computational disclosure method. The problem of re-identification is solved by using this method.
Perturbation methods are also used in obfuscation, where noises are inserted on
*
private data of users before transferring to the server for producing the recommendation[4].,
Sheng Zhang et' al. [11] presented data recovery techniques by Singular Value De-composition and K-means clustering, and showed that perturbation methods might not be able to secure the data properly. Encryption and decryption of data are dealt with beneath cryptography, but it doesn't solve all the difficulties. Still, this is a strong tool to maintain the integrity and confidentiality of data. Some of the major cryptographic methods are homomorphic encryption and secure multi-party computation and are broadly used for privacy preserving recommendation techniques. John canny [13] introduced a method from the homomorphic encryption method for collaborative filtering, which is a secure recommendation for privacy-preserving technique. It was proposed for the protection of an individual's data without privacy risk. Then researchers started using the secure multi-party computation technique, as third parties were always there to be trusted by most. In Hoens et al. [14], the authors presented a method by using homomorphic encryption and secure multi-party computation for the protection of privacy of particular ratings by users. But, for several users, this was unworkable, so dependence on the third parties remained an issue as all the method had been ineffective for most of the users. In the proposed framework, we have added the anonymization method for a user profile that protects their details from third parties. It is an improved variant of decentralized privacy-preserving recommendation systems using homomorphic encryption. Hence, it practically solves the current problem.

Figure 1 describes the secure method for recommendation generation while using Internet sites like Instagram, Facebook, etc in such a way which helps in concealing the user identity in front of third parties and the reason for which it can be used.
As shown in figure 1, the user (1) who is using sites on the internet(2) his preferences (including sensitive data like health data) is collected by those sites for better recommendation generation. To obfuscate user profiles for the third party by K-anonymity technique by adding noise(3) into user preferences. Now the preferences with the hidden user profile(4) are sent to a third party(5) The third party in turn performs homomorphic encryption for secure computation. Encrypted user preferences are stored(6) in the database(7) for future use. After fetching encrypted user preferences from the database, it goes for computation(8) to generate a recommendation performed on the encrypted form of data. The recommendation is generated in encrypted form(9,10) which goes back to the third party for decryption. The decrypted form(l l)of recommendation then progress back with the help of third party(12) to the site on the internet for noise removal. Consequently, noise is removed(13) by the site and recommendation is sent to(14) the user securely.
The above invention helps in securing PII including sensitive data from the third party which is an existing problem without affecting recommendation system efficiency. It gives surety of privacy as well as the superior performance.

We claim:
1. A method to address the issue pertaining to the accessibility of the personally identifiable information (PII) of the users by the third party and privacy breaches in recommender system, the present invention regarding privacy protection mechanism for users on the internet whose preferences are collected by online-sites; the k-anonymity technique is used and noise is added into user preferences to anonymize user identity before sending it to a third party for recommendation; then homomorphic encryption is performed by third-party and stored in the database, only ciphertext is sent from databases for computation furthermore, it provides recommendations to third-party in ciphertext form after that reverse process proceed, however, preferences of the user are made accessible to third-parties without revealing user identity and recommendation is produced without compromising with user privacy.
2. A method for privacy protection recommender system as claimed in claim 1 wherein user preferences is stored by sites on the internet for recommendation generation.
3. A method for privacy protection recommender system as claimed in claim 1 wherein the k-anonymity technique is used for making user profile anonymous from third-party and motivated hackers and spoofers.
4. A method for privacy protection recommender system as claimed in claim 1 wherein user preferences is sent to third-party with the anonymous profile.
5. A method for privacy protection recommender system as claimed in claim 1 wherein third-party perform homomorphic encryption on the anonymized user preferences.

6. A method for privacy protection recommender system as claimed in claim 1 wherein all the preferences in the encrypted form as claimed in claim 5 stored in the database.
7. A method for privacy protection recommender system as claimed in claim 1 wherein encrypted preferences as claimed in claim 5 after getting from the database and sent for computation to form a recommendation for the user.
8. A method for privacy protection recommender system as claimed in claim 1 wherein recommendation is generated in an encrypted form where computation is performed as claimed in claim 7.
9. A method for privacy protection recommender system as claimed in claim 1 wherein all the recommendations in the encrypted form as claimed in claim 8 sent to third-party to decrypt and also send back to sites.
10. A method for privacy protection recommender system as claimed in claim 1 wherein noise is removed from user-profiles and recommendation sent to users without privacy breach.