WO2007063162A1

WO2007063162A1 - Socionymous method for collaborative filtering and an associated arrangement

Info

Publication number: WO2007063162A1
Application number: PCT/FI2005/000517
Authority: WO
Inventors: Gábor MÁRTON; Zoltan L. Nemeth
Original assignee: Nokia Corporation
Priority date: 2005-11-30
Filing date: 2005-11-30
Publication date: 2007-06-07
Also published as: EP1955266A1; EP1955266A4

Abstract

A method and an arrangement, e.g. an electronic device, for collaborative filtering suggest placing the users of a service into concealing groups (116) in the name of which the individual users can rate various items available through the service. The users may also select a representation group (118) to represent them in front of the service that further utilizes the gathered ratings for providing the representing groups members with item recommendations.

Description

Socionymous method for collaborative filtering and an associated arrangement

FIELD OF THE INVENTION

The present invention relates generally to multi-user services and associated collaborative filtering techniques. Especially the invention concerns digital services provided over the Internet, recommendation systems in those and relating service personalization.

BACKGROUND OF THE INVENTION

Various reputation reporting and recommendation systems have emerged as a great added value to the existing online services such as e-commerce applications during the last few years. The reputation systems encourage service users towards trustworthiness in different transactions by presenting their past behaviour as a publicly available predictor of likely future behaviour, see e.g. reference [1], whereas recommendation systems predict new items of interest to the user on the basis of different relationships found between the items previously selected by the user and/or relationships between the user and other users, see reference [2].

Gathering some kind of feedback, either in a form of preferences or explicit ratings, for estimating the nature of possible future events is the common denominator between reputation and recommendation systems. However, the main difference between these aspects lies in how the information is presented to the users. One corner stone of the recommendation systems is definitely personalization, i.e. the target user has to be taken into account upon determining a proper recommendation while reputation does not (have to) have a similar target user-specific dependency as from the standpoint of other users, no necessarily matter who they are, one particular user just is or is not reliable, for example.

Ratings given by the users of a certain service or product are, of course, generally valuable information but they may also be spurious. Unfairly high ratings known as "ballot stuffing" originate in a scenario wherein a seller bribers a number of buyers to give unfairly ratings to the seller and/or his products in order to bias the public opinion into his favour and thus to increase sales volume and even prices of the products. An opposite situation takes place in "bad-mouthing" wherein a seller colludes with a number of buyers to drive a competitor out of the business via groundlessly low ratings.

On the other hand, in order to construct a maximally authentic rating/feedback system one should be able to authenticate the entities giving the recommendations. Unfortunately some users may not be delighted about an obligation to disclose their identity, which may negatively affect the number of ratings received and the validity of the ratings itself. The resulting dilemma cannot be thus solved through the traditional approaches of

a) obligating all the users to digitally sign, e.g. via PKI, their feedback submissions, or b) letting all the users to vote anonymously.

In the first option (a), the anonymity set associated with a certain rating would be the minimum possible (i.e. one) whereas in the second option (b) the anonymity set would represent the maximum value (i.e. the size of the community).

Further, the users should be prevented from repeatedly submitting their opinion on the same subject to avoid pulling the average rating thereof to any certain direction. The most straightforward preventive strategy against this is naturally user-specific authentication but also other options exist; for example, the user may be allocated with a certain, limited time window to rate the product that has been consumed ("consume and rate"), or the feedback may be submittable only right after receiving the product (for example, while still logged in to a service). Yet in another option the user may be provided with a one-time token to submit his opinion later.

Considering next the existing recommendation systems in more detail, different collaborative filtering (CF) techniques for predicting user preferences have been utilized in various e-commerce applications during the last few years. For example, Internet retailer Amazon exploits a recommendation engine where the customer's preferences, i.e. the items added to the shopping basket, are matched with other customers' history and when detecting a sufficient similarity according to predetermined criteria, the items currently present only in other users' history file are also suggested to the current user. Partially in contrast to collaborative filtering, so- called content-based filtering techniques are solely based on predicting preferences of a certain user on the strength of their own past selections (e.g. ordered goods) and similarities between them.

In a CF system a large number of users' preferences, e.g. through product selections or more explicit ratings, is first registered. Then, by utilizing a predetermined similarity metric, a subgroup of users for representing the current user and his recorded preferences is selected. Then, a (weighted) average of the preferences for the subgroup is calculated and the resulting preference function is used to recommend so far untested products to the current user.

Notwithstanding the many recent advances in the rating and recommendation systems, some problems still remain unsolved. First, a severe trade-off between the gained privacy level and recommendation accuracy seems to be inevitable. Users are often not too happy about being tracked as to their personal data and would thus like to disclose only the minimum information to complete the transactions in question. This, however, fights against the object of providing personalized services. Secondly, various rating and recommendation actions may increase the total number of actions required from the users, from which the overall transparency of the underlying recommendation service clearly suffers.

SUMMARY OF THE INVENTION

The objective of the present invention is to alleviate the defects of prior art solutions and to provide means for collaborative filtering that decrease, in a controllable manner, the amount of revealed personal information during both the rating and recommendation phases of the overall filtering process, but still maintain a satisfactory level of accuracy in the procedure results. The object is achieved by a novel information filtering technique called socionymous collaborative filtering. The inventive concept has a few basic theses:

1.) Ratings are associated with concealing groups, i.e. they are given in the. name of a group, one member of which is the user providing the particular rating in question.

2.) Ratings are authenticated by a group signature, i.e. a received rating can be tracked back to (a further unidentifiable) someone who is known to be a member of the associated concealing group. 3.) The concealing groups may be spontaneous, i.e. users are not aware that they are members of a group. 4.) Recommendations are provided for representing groups, i.e. the target-user for receiving a recommendation is also represented by a group. 5.) The user asking for recommendation in the name of a representing group may not have to be a member of the representing group.

The term "socionymous" has been created on the basis of Latin words "socious'V'societas" (fellow/fellowship) and "anonymous'V'pseudonymous" or "verinymous". It therefore expresses some kind of "group-nymity" instead of full anonymity or full pseudonymity.

According to the invention, a method for collaborative filtering to be performed in relation to a user space comprising a plurality of users of a service has the steps of -obtaining ratings relating to a number of service items,

-providing at least one recommendation of an item to a target user of the- service, wherein said item is still unrated by the target user, characterized in that said method further has the intermediary steps of

-associating each obtained rating with a concealing group of users, said concealing group comprising as its members a plurality of users belonging to said user space, and authenticating the rating so as to verify the user behind said rating to belong to the concealing group but to conceal the more exact identity of the user within the concealing group, and to limit the user to rate each item only once,

-obtaining, from the target user, information identifying a representing group linked with a plurality of users belonging to said user space, to represent the target user to be provided with a recommendation,

-estimating similarities between the ratings by the members of the representing group and the ratings by a number of other users belonging to said user space,

-predicting ratings by the target user for items being still unrated by the target user based on the estimated similarities, and

-determining said at least one recommendation on the basis of the predicted ratings. In the above solution, the representing group is preferably determined so as to best represent the target user in terms of the quality of recommendations derived later on. One may carry out the association/authentication step by utilizing (linkable) group signatures, for example. In similarity estimation phase, and if the CF algorithm is based on user-user similarities, the similarity between the ratings of the representing group and the other users may refer to estimating similarities between the individual members of the group and other users and computing the mean of the member-based similarities in order to determine an aggregate similarity reading, for example. These issues are further discussed hereinafter in the detailed description.

The term "service" relates to whatever application wherein users thereof can rate items addressable through the application and where the ratings are capitalized on producing item recommendations. Examples of such service include different online and especially e-commerce solutions.

In another aspect, a collaborative filtering arrangement for offering personalized service to users thereof comprising processing and memory means for processing and storing instructions and data, and data transfer means for exchanging information with external entities, said arrangement being configured to obtain ratings relating to a number of items addressable through the service and to provide at least one recommendation of an item to a target user of the service, wherein said item is still unrated by the target user, is characterized in that said arrangement is further configured to

authenticate each obtained rating, wherein said rating is associated with a concealing group of users, said concealing group comprising as its members a plurality of users belonging to said user space, so as to verify the user behind the rating to belong to the users of the concealing group but to conceal the more exact identity of the user within the concealing group, and to limit the user to rate each item only once,

obtain, from the target user, information identifying a representing group linked with a plurality of users belonging to said user space, to represent the target user,

estimate similarities between the ratings by the members of the representing group and the ratings by a number of other users, predict ratings by the target user for items still unrated by the target user based on the estimated similarities, and

determine said at least one recommendation on the basis of the predicted ratings.

In a further aspect, a terminal device operable in a communications network, comprising processing and memory means for processing and storing instructions and data, and data transfer means for exchanging information with an external entity, said terminal device being configured to obtain and forward ratings relating to a number of items addressable through a service at least partially hosted by the external entity and to provide at least one recommendation of an item to a target user of the service being the user of the terminal device, wherein said item is still unrated by the target user, is characterized in that said terminal device is further configured to

associate each obtained rating with a concealing group of users, said concealing group comprising as its members a plurality of users belonging to said user space,

obtain, from the target user, information relating to a representing group linked with a plurality of users belonging to said user space, to represent the target user,

transmit said information to the external entity in order to enable estimating similarities between the ratings by the members of the representing group and the ratings by a number of other users, predicting ratings by the target user for items still unrated by the target user based on the estimated similarities, and determining said at least one recommendation on the basis of the predicted ratings, and

receive said at least one recommendation determined by said external entity.

The utility of the invention is based on a plurality of issues. In general terms, service providers receive a blurred picture of user preferences instead of directly trackable information. They cannot directly monitor the ratings by the individual users anymore as the raters' true identities are hidden behind the concealing groups. Moreover, the users' identities are protected also during the recommendation phase as the representing groups camouflage them respectively. Further, the use of linkable group signatures or other means for authenticating the ratings preserves the trustworthiness thereof from ballot stuffing, for example. Still further, the suggested solution is compatible with already existing CF methods that may be configured to" support socionymous CF by the additional group information. Naturally also tailored CF methods may be used with the invention.

In one embodiment of the invention, the solution of the invention is applied in an Internet service to provide the users thereof recommendations of different items available for download or traditional ordering.

Dependent claims disclose various embodiments of the invention.

BRIEF DESCRIPTION OF THE DRAWINGS

Hereinafter the invention is described in more detail by reference to the attached drawings, wherein

Fig. 1 visualizes the invention via its embodiment wherein users are submitting their ratings for different items available in the associated service and likewise request recommendations for acquiring new items.

Fig. 2 discloses the concept of concealing and representing groups.

Fig. 3 is a flow diagram of a method applying the principles of the invention. Fig. 4 is a block diagram disclosing the basic elements of an electronic device configured to carry out the inventive method.

DETAILED DESCRIPTION OF THE EMBODIMENT(S) OF THE INVENTION

Figure 1 visualizes a typical scenario in which the invention may be applied. A service providing a variety of items such as software downloads, music files, or physical products (e.g. books) to the users thereof is run in a server 102 operable in the Internet 112 as a software application. The users may connect to the server 102 by utilizing their (personal) terminals, e.g. a laptop/desktop computer 104 or a mobile phone/PDA (Personal Digital Assistant) 106, that are connected to the Internet 112 via local, wired or wireless, access networks 108, 110. The terminal devices 104, 106 comprise necessary UI means (display, keypad/keyboard, mouse, etc) for exchanging information with the server 102 in order to enable the users to access the service, i.e. order/consume different items, provide the associated ratings, and receive item recommendations. The server 102 comprises a memory with application/database 114 that is required for maintaining the service. The database 114 includes e.g. items data, item ratings and user authentication information. The service application 114 controls the overall functionality related to user operations, data representation, data exchange, security, etc. Blocks 116 and 118 highlight the two aspects of the service that are closely tied to the fulcrum of the invention. Namely, block 116 refers to the rating aspect wherein the users rate the items they have an opinion on, which takes place through a concealing group identity. Meanwhile, block 118 refers to the recommendation aspect in which the user determines a representing group for which he wants to receive item recommendations. In the visualized case (a screenshot) the recommendations list consists of items 1-5, e.g. music tunes, which the user may then download by pressing the corresponding virtual buttons disclosing the text "DLOAD" via the UI of his terminal 104, 106.

Figure 2 discloses, by way of example only, a user space (or "user population") that acts as a resource for constructing the concealing and representing groups. A fϊctive service utilizing the invention has a user space comprising a plurality of users 206, each being visualized as an ellipse. Three concealing groups 202 have been formed (to provide the users with increased anonymity in relation to placing item ratings), see the connecting lines for illustration. Respectively, three representing groups 204 have been formed (to provide the users with increased anonymity also in relation to receiving item recommendations). Although the size of the concealing and representing groups presented in figure 2 varies between 2-7 users only, such simplification was made in favour of clarity, and also other, considerably larger, group sizes (e.g. 10-1000 users per group) are fully possible depending on each particular application. A single user may belong to a plurality of concealing and representing groups as shown in the figure. The user may not even be aware of being a member of a concealing or representative group whenever the group has been created and solely used by another user(s). Note that a user may just as well be aware of being a member of a concealing or representative group: these groups may be created as a result of agreement between a group of users (like an "alliance") to achieve more accuracy in ratings and recommendations and to achieve privacy at the same time.

Concealing groups 202 are advantageously created in secret from the server 102 on the users' end. One possible method of creation is to pick up the users randomly. Note that the actual user, i.e. on whose behalf the concealing group is created, must be one of the members of the group, otherwise authentication of (a group) identity is not possible.

One way of creating the concealing groups implies performing it "on-the-fly" before the rating, based on random selection. The user's agent application running on the personal terminal device 104 or 106 asks for a list of users from the service running on the server 102, from which list it randomly selects m-1 users and adds its own (-user's) identity to come up with a group of size m. The selection of the number m determines how strongly the submitted rating will affect the profile of the user at the server end; see Equation 1 for further explanation. The number m also determines how private the submitted rating will be (i.e. it is the size of the anonymity set). Possible variations of said "on-the-fiy" construction based on random selection are, for example: (1) reusing already constructed concealing groups for greater (run-time) efficiency, (2) the service provides random lists on demand, said lists containing randomly selected users; the user's agent nevertheless can (and should, for increased privacy) select only a subset of the provided list(s) and also select additional users into the concealing group (otherwise the service could "mark" the users by returning a different subset at each demand and log who received and then used which subset).

In order to be able authenticate the ratings, the service maintains a database of the public keys associated with the user identities (see Table 4 and the surrounding text for more information on how the authentication is carried out). The public keys of the users are available for all users so that the necessary group signature can be created (again, see Table 4 and the surrounding text on how the signature is created). The public keys (and the corresponding secret private keys at the users' end) are created when a user joins the "realm" of the service. This aspect falls outside of the scope of this invention; said information is assumed to be in place.

The service may represent the ratings in whatever way appropriate. Table 5 gives a hint on how such a database may look. This aspect, again, falls outside of the scope of this invention; said information is assumed to be in place. On the other hand, the way of updating the rating database upon receiving a socionymous rating is an important part of the invention; see Equation 1 and the preceding text for the details.

Respectively, representing groups 204 are typically created "in secret" on the users' end. One possible method of creation is to pick users randomly. Note that the actual user, i.e. on whose behalf the representing group is created and who asks for a recommendation, may not necessarily be a member of the group, hence increasing the level of privacy. A feasible all-around goal of creating a representing group 204 is to construct it such a way that the induced recommendation is as close to the "real" (i.e. hiding) user's 206 preferences as possible.

Next, the concept of socionymous collaborative filtering shall be described with mathematical rigor.

Considering socionymous ratings, a rating from a user on item/ comes in a concealed way. It is thus possible to use the following notation to represent a socionymous rating event R:

R : /(t_ι, i₂, ... ,ϊ_m) → 7^I, r , which is to be read as: "the user behind the socionymous identity/ — i.e. one known to be i_ls i₂, ..., or i_m — has given rating r to item/¹. This is in contrast to a classic pseudonymous rating: R' \ i → j,r , in which the user's identity would get revealed. Denoting the Mi rating event by R^,

the effective rating ry from user / on item j can be then calculated as a weighted average of the ratings from the affecting rating events: r_ϋ = ∑r_k /mj ∑l/m_k . (1) k:tel_k I k:iel_k

As a result, the database 114 on the server side 102 contains the derived effective ratings, which then are used when making the recommendations (see also Table 5 for illustration).

When the ratings and recommendations are done in overlap (and this is the practical case), calculating the effective ratings according to Equation 1 can be disadvantageous, as the sizes (m^) of the concealing groups have to be remembered all along. To simplify the implementation, the derived effective rating can alternatively be calculated as a simpler weighted sum of the ratings: r_y = ∑r_k lm_k . k:iι=r_k

In this case, the sizes of the concealing groups do not have to be remembered after the update of the rating database. Upon receiving a new socionymous rating R^₊i, the corresponding cells in the rating database are updated as follows. For each member i of the socionymous identity I_k+i'.

^■

Though defining the effective ratings as said simple weighted sum is less correct mathematically than the weighted average of Equation 1, it can support the practical purposes reasonably well, especially when the sizes of the concealing groups are the same or near to each other.

When exploiting socionymous ratings, i.e. asking for a recommendation, a user submits a socionymous identity / (Z₁, Z₂, ..., i_m), called a representing group, of which she might or might not be a member. The recommendation can then be computed by equally considering all the members of/.

This can be done in a number of different ways. In case the core CF algorithm is based on user-user similarities, first the effective similarities between our imaginary user / and the other users (z^'*) are computed as the mean of the member similarities (for more on similatities, see Equations 3 and 4):

Sv = ∑s_n, lm , (2)

and then the recommendation is computed by taking the effective similarities into account, as described, for example, by Equation 5. Considering the authentication of socionymous ratings, the following introduction will summarize the major precept to a person skilled in the art, whereas more thorough analysis can be obtained from cryptography textbooks, e.g. reference [3].

Modern cryptographic solutions are often based on the discrete logarithm problem: "Let p be a large prime, and let q be a large prime factor of p— 1. Let g be an element of order q modulo p. That is, g, g², ..., g^q are all distinct elements modulo p, and g^q = 1 modulo p. It is widely believed that the «discrete log problem» is hard in this setting: given g, p, y, find x such that g^x =y modulo/?" (cited from reference [4]). The group of elements generated by g is denoted by G = (g) . The Schnorr identification protocol can be now explained as follows (based on reference [4]): Let Paul's (user) private key be x and his public key be y = g* . Paul can identify himself to Vicky (service) with the following proof-of-knowledge protocol, where the notation e_r denotes random selection: Table 1

Paul Vicky j w e_r Z_q (initial witness) a = g"

2. c e_r Z_ (challenge)

3. r = cx + w (response) g^r =V«

The Fiat- Shamir transformation is a general technique to obtain a signature scheme from a challenge-response-type identification scheme, just like Schnorr's (explanation based on reference [4]). The idea is to play the challenge-response message exchange in advance and then attach the transcript as the signature to the message; in order the challenge to be a real challenge for the signer, its "surprisingness" and proper "timing" are both to be ensured: it is usually calculated as a one-way function of the message and the encrypted initial witness (a). The one-way function is usually a cryptographic hash function (see reference [3] for more information). E.g. in the case of the above Schnorr identification protocol, the corresponding signature protocol is the following:

Table 2 f ψ Paul/ _r ^{" f} # / ,-tX Sf ^l ' } Wr> * " % & " I ,-J» _tff i /

1 /M S {θ,l} (message to be signed) we_r Z_? a = g^w c = n{m,a) r = cx + w

where H: {0,1} -> Z_q is a cryptographic hash function (e.g. SHA-I) and m e {0,1}^* is the message to be signed.

Reverting now to the problem field of the current invention, the service users shall be authenticated in relation to a certain concealing group while their exact identity within the group shall still advantageously remain hidden upon the rating procedure. Reference [4] discloses the Anonymous Group Membership identification scheme for the following problem: Paul with public key y_\ and private key Xy wants to prove that he is a member of the group of people (e.g. a concealing group) with public keys y_l} y₂, ..., y_m (he could be any other member as well). He does it by proving that Ke knows one of the secrets X_\, X₁, ..., x_m. The idea is that he demonstrates m number of Schnorr identifications simultaneously, of which m— 1 is forged and one is real. To forge a Schnorr transcript, the challenge and the response (C₁, r_t) must be known first, and then can the encrypted initial witness (α,) be calculated (note that the "clear text" initial witness W₁ cannot be calculated at all, otherwise the secret X₁ would also be known, which is a contradiction). In order at least one of the challenges be a real challenge, they must sum up to a given value (c) which Vicky the verifier (e.g. an authentication service on the service side) sends to Paul at the proper time i.e. after he has committed to the initial witnesses. The protocol proceeds as presented in table 3:

Table 3 t »*

Pauf _t * Vicky , ,

* ϊi_

1.

C₁ , V₁ e_r Z for i = 2, ... , m (forged)

JV

2. c e_r Z_q (challenge)

3. ^Cl ^{= C} ~ ^C2 ~ ' ^{• • C}ιr, C₁ + . .. + C_n, =¹ C ^βl.t. AaSm g^r' =" y^c'_aι ϊori = l,...,m

The signature version is derived by applying a Fiat-Shamir transformation: Paul computes his own challenge: c = H(m,a_l,...,a_m,y_y,...,y_m,p,g), where H: {0,1}^* -> Z_q is a cryptographic hash function (e.g. SHA-I) and m e {0,1}^* is the message to be signed. The signature then consists of the challenge c and the forged transcripts a_h c_h r_h ..., a_m, c_m, r_m.

The above signature scheme ensures authenticity of the ratings (to the extent that they really come from a member of the group under the spotlight), but does not eliminate multiple ratings from the same user (ballot stuffing). Therefore, Liu et al, see reference [5], introduced the following group signature scheme. It is linkable, because Vicky is able to detect if the same person has signed two or more messages in the name of the same group. The idea for signing is again to forge all but one Schnorr transcripts, but now in a different way. Unlike in the previous scheme, where the transcripts run "in parallel", they are now run "after each other". The challenge in each run is computed from the previous transcript, and this dependence is cyclic; hence these types of signature schemes are also called ring signatures. We need two statistically independent cryptographic hash functions: Hi: {0,1}^* -> Z₉ and H₂: {0,1}^* — » G. Then, supposing that Paul's position in the group L = (yι, yi, ■ ■ ■, y_m) is π, the signature scheme is as presented by the following table:

Table 4

m.Ci .rj,. -r_m,y ^

Two signatures (q , r_x , ... , r_m , y ) and (c[ , r[, ... , r_m' , y') come from the same signer if y ' = y .

Reverting back to the problem field of the current invention, it is to be ensured that the same item (ϊ) cannot be rated by the same user (/) twice. Hence the basis L of linking is selected as L = i, as opposed to the selection L = (y_\, j/₂, ..., y_m) in the original scheme.

As mentioned hereinbefore, a number of different collaborative filtering (CF) methods exists and it is therefore not necessary to develop a completely new CF method — though it would not do any damage either. In the following, it is analyzed how the proposed privacy enhancement may influence the behaviour of the CF methods in general. For this purpose, a simple mathematical model of CF is needed to represent the key characteristics of various CF methods. Table 5 visualizes a classical CF scenario:

Table 5.

rows represent users (i), columns represent items (/), cells represent ratings (r_v)

Given a set of user-item ratings as illustrated, it is possible to estimate the missing ratings and use them for recommending new items to the users.

CF (collaborative filtering) algorithms are based on intuition: predictions for a user are based on the preference patterns of other users with similar interests. Similarities between users are usually captured by means of correlation coefficients. Then the recommendations utilize these coefficients. Considering user's ratings as a vector in a multidimensional space, similarity between two users (z and z*) can be expressed as the cosine of the angle between the two rating vectors. Hence the Vector Cosine coefficient is defined as (see for example reference [6]):

wherein all summations take place over the items (J) that have been rated by both users (i and i¹). The coefficient can take any value between 1 (total similarity) and —1 (total dissimilarity).

The Pearson correlation coefficient between two users (i and i¹) is defined as (see for example reference [6]):

where j; represents the mean rating from user i:

and again, all summations are over the items (J) — of which the number is %• — that have been rated by both users (i and i¹). Note that this coefficient is also a kind of a vector cosine coefficient in the sense that it can take any value between 1 (total similarity) and-1 (total dissimilarity).

Another form of the Person coefficient, equivalent with the above one, is:

There are different variations of the coefficient, the so-called constrained Pearson coefficients. In one example the user's average rating (Ψ_t) is replaced by a constant, the midpoint of the rating scale (see reference [7] for further information).

The predicted (non-existing/missing) ratings can be calculated as:

^

^{' (5)} where F₁ now means the user's mean rating for all the rated items. What comes to the actual recommendations, the list of recommended items is usually compiled from the items having the highest predicted ratings.

Reverting again to the problem field of the current invention, if the similarity structure of the derived effective ratings approximates well the real similarity structure, a totally pseudonymous recommendation (m = 1) is expected to be of the same quality as in the case of totally pseudonymous ratings. Goals behind socionymous CF are anyhow set for more privacy-friendly solutions (m > 1). Thus the final accuracy of the recommendations for a user depends on the technique the representing group is selected/composed, i.e. how well the derived effective similarities approximate the represented (hidden) user's similarities (Equation 2).

The representing group can be composed in an adaptive, continuously evolving manner. One possibility is to use a genetic algorithm (GA, as described in reference [8]) for obtaining an optimal representing group. The evolution starts from a population of completely random set of representing groups (the individuals in GA terms). In each generation, the fitness of the whole population is evaluated by asking for a recommendation by submitting an individual representing group. Fitness of the individuals is evaluated based on the user's reaction (whether he, for example, really used that recommendation or went for a new one instead). Then multiple individuals are stochastically selected from the current population (based on their fitness), modified (mutated or recombined in GA terms) to form a new population, which becomes the current one in the next iteration of the algorithm. Another possibility is to exchange representing groups between users: two users with similar preferences and with mutual trust can benefit from using each other's representing groups. The two approaches can be combined: in the genetic algorithm described hereinbefore, individuals can be selected for the modification step (mutation or recombination) from the other user's population of representing groups.

An alternative way of creating the representing groups implies constructing them by the service application on the basis of similarities found between the ratings by different users, for example. The service application may evaluate the stored ratings given by the users and create representing groups including a number of users with some common (enough) rating(s) according to predefined criteria but likewise, with some common ratings missing. The representing group may even be created on the fly, i.e. the target user is looking at a certain web page reviewing a certain item, whereupon the service determines different representation groups the members of which have not yet rated that item but some other items instead. One option is to generate the representing groups randomly, either including or excluding the target user. In general sense, the target user either may or may not be a member of the representing group; this depends on the representing group selection by the user, for example. The service may name the representing groups in a descriptive manner that somehow reveals the underlying unity, e.g. utilize the item identifiers under the common ratings with additional written attributes such as "likes/dislikes", i.e. users rating a Celine Dion record very high and Bon Jovi correspondingly low may be named as "representing group favouring Celine Dion and disliking Bon Jovi". Such attributes may also be represented via symbols, e.g. up/down-pointing arrows/fingers, smileys, etc. The target user may then anonymously select, for the sake of recommendation, the representing group he feels is closest to his own profile, or in which he otherwise finds true interest.

Note that it is anyway beneficial, from the privacy point of view, to present a different representing group to the service when asking for recommendation; a static representing group used in all transactions of a given user would become a pseudonym of the user, hence making possible to track her actions.

Figure 3 is a flow diagram of one option for carrying out the method of the invention. In method activation step 302 the rating/recommendation service and necessary external features are ramped up; for example, a server device and the application software actually implementing the service via the device hardware are activated, necessary connections, e.g. to the Internet and/or to the user terminals, are enabled, and the service features are initialized according to the current settings as determined by the service provider. Likewise, local client (~agent) applications residing in the terminal devices may be launched and initialized. In step 304 a user rating for an item is received. For example, in connection with services provided over communication networks the ratings may be submitted by remote users via their terminal devices. Ratings may be input via graphical symbols representing the underlying personal opinion with a predetermined scale, e.g. -5...0...+5 (where positive number typically indicates positive rating and vice versa) or directly as numeric information. In step 306 the obtained rating is analyzed and authenticated, i.e. it is associated with a concealing group and the user giving the rating for the item in question is verified through linkable group signatures, for example. In one preferred embodiment, the terminal device of the user first receives the rating via the UI of the device and associates it with a new or already existing concealing group. The server then receives information from the terminal device indicating both the user rating and the related concealing group (identifier)/signature information. During this procedure, the rating as obtained from the user is also merged into the aggregate concealing group rating as carried by the individual group members afterwards; see e.g. Equation 1 for clarification. Steps 304 and 306 may, in practice, be merged together or executed in reverse order, i.e. the user and his potential rating are authenticated in relation to an item, which may possibly happen transparently/automatically, before actually receiving/accepting the rating itself. For example, this situation may arise in a web service wherein the web page the user is viewing relates to the item and the service authenticates the user and his (right for) rating in advance based on the available information, e.g. a concealing group ID submitted by the user.

In step 308 it is checked whether there are more incoming ratings in the processing queue. If that is the case, the execution of the method is reverted to step 304, otherwise the execution is continued in step 310. As mentioned earlier, the illustrated method is just one example to realize the inventive fulcrum of the invention, and when the service is established enough, recommendations will be given and ratings correspondingly received in parallel and probably also in balance. Should the service be able to provide recommendations in the first place, some ratings must already be available. Therefore the start-up period of the service is inevitably more rating-oriented than the following mature age.

Next, the overall process shifts to the recommendation aspect of the invention. In step 310 information determining a representing group is submitted by a target user utilizing the service via the terminal and finally obtained by the service application located in the server. The service may even assist the user in defining the proper representing group by automatically analyzing the users/concealing groups in the user database and clustering them into new groups according to certain common and/or random factor(s) as explained hereinbefore. It is then possible that the target user selects a suitable representing group (ID) from a visualized list of groups (IDs), for example. In step 312 the similarity between the representing group (members) and a number of other users is estimated; backtrack to the explanation of Equations^" 3 and 4 representing certain options for estimating similarity. In addition, on the basis of available computational resources the number of other users utilized may be limited only to a (random) sample.

In step 314 ratings for items missing from the target user's (-representing group's) existing rating list are predicted, see e.g. Equation 5, and in step 316 a predefined number of recommendations are generated based on the predicted ratings. Normally the items linked with highest predicted ratings would constitute the recommendations list but it is also possible that the service offers the users a possibility to wade through an "anti-recommendations" list either for mere amusement or for finding refreshing new stimulus, for example. In step 318 the target user is provided with the recommendations, which may refer to transmitting the textual/graphical/auditory IDs thereof to the terminal device for review. Figure 4 depicts one option for basic components of an electronic device such as a (desktop/laptop) computer, a mobile terminal, or a communications enabled PDA capable of acting as the service host of the invention. Memory 404, divided between one or more physical memory chips, comprises necessary code, e.g. in a form of a computer program/application 412, and other data 410, e.g. current service configuration and user information including rating and group data. A processing unit 402 is required for the actual execution of the method in accordance with instructions stored in memory 404. Display 406 and keyboard/keypad 408 or other applicable control input means (e.g. touch screen or voice control input) provide the service operator with optional device control and data visualization means (~user interface). Data transfer means 414, e.g. a wired data transmission interface (e.g. Ethernet) or a radio transceiver (GSM, UMTS, WLAN, etc) or both are required for handling data exchange with the clients (aforesaid terminal agent software). The invention may be implemented as a combination of tailored software and more generic hardware, or exclusively through specialized hardware such as programmable logic chips. The client terminal devices may be implemented similarly to the server/service host.

Code for the execution of the proposed method can be stored and delivered on a carrier medium like a floppy, a CD, a hard drive or a memory card.

The scope of the invention can be found in the following claims. However, utilized devices, method steps, UI arrangements, etc may depend on a particular use case still converging to the basic ideas presented herein, as appreciated by a skilled reader.

References:

[1] C. Dellarocas, Immunising Online Reputation Reporting Systems Against Unfair Ratings and Discriminatory Behaviour. ECOO, October 17-20, 2000, Minneapolis, Minnesota. http://portal.acm.org/citation.cfm?doid=352871.352889

[2] M. O'Conner, and J. Herlocker, Clustering Items for Collaborative Filtering. ACM SIGIR '99 Workshop on Recommender Systems: Algorithms and Evaluation, University of California, Berkeley, August 19, 1999. http ://www.csee.umbc.edu/~ian/sigir99-rec/papers/oconner_m.pdf

[3] Bruce Schneier, Applied Cryptography, Second Edition. John Wiley & Sons, 1996. ISBN 0-471-11709-9 , ISBN 0-471-12845-7.

[4] B. Huberman, M. Franklin and T. Hogg, "Enhancing Privacy and Trust in Electronic Communities" in Proc. of the ACM Conf. on Electronic Commerce, pp. 78- 86, 1999.

[5] J. K. Liu, V. K. Wei, and D. S. Wong. Linkable spontaneous anonymous group signature for ad hoc groups (extended abstract). In ACISP'04, volume 3108 of LNCS, pages 325-335. Springer- Verlag, 2004.

[6] John McCrae, Anton Piatek, Adam Langley, Collaborative Filtering, 15th June 2004. http://www.imperialviolet.org/suprema.pdf.

[7] Kai Yu, Xiaowei Xu, Jianhua Tao, Martin Ester, and Hans-Peter Kriegel, Instance Selection Techniques for Memory-Based Collaborative Filtering, Proc. Second SIAM International Conference on Data Mining (SDM'02).

[8] Genetic algorithm. http://en.wikipedia.org/wiki/Genetic_algorithm.

Claims

1. A method for collaborative filtering to be performed in relation to a user space comprising a plurality of users of a service having the steps of

-obtaining ratings relating to a number of service items (304),

-providing at least one recommendation of an item to a target user of the service, wherein said item is still unrated by the target user (318), characterized in that said method further has the intermediary steps of

-associating each obtained rating with a concealing group of users, said concealing group comprising as its members a plurality of users belonging to said user space, and authenticating the rating so as to verify the user behind the rating to belong to the concealing group but to conceal the more exact identity of the user within the concealing group, and to limit the user to rate each item only once (306),

-obtaining, from the target user, information identifying a representing group linked with a plurality of users belonging to said user space, to represent the target user to be provided with a recommendation (310),

-estimating similarities between the ratings by the members of the representing group and the ratings by a number of other users belonging to said user space (312),

-predicting ratings by the target user for items being still unrated by the target user based on the estimated similarities (314), and

-determining said at least one recommendation on the basis of the predicted ratings (316).

2. The method according to claim 1, wherein said step of associating and authenticating utilizes group signatures.

3. The method according to claim 2, wherein said group signatures are linkable group signatures.

4. The method according to any preceding claim, wherein the members of the concealing group are selected based on random selection.

5. The method according to any preceding claim, wherein said representing group is composed by a genetic algorithm in which the population of representing groups is updated based on the users' reaction to recommendations.

6. The method according to any preceding claim, wherein said information identifying the representing group is received responsive to transmitting a list of representation group identifiers to the target user.

7. The method according to any preceding claim, wherein said step of estimating similarities comprises calculation of a number of correlation coefficients.

8. The method according to any preceding claim, wherein said step of estimating similarities comprises calculation of a mean of the similarities between the ratings by each representing group member and the ratings by said number of other users.

9. The method according to any preceding claim, wherein said step of associating and authenticating comprises merging the obtained rating into an aggregate rating of the concealing group members.

10. The method according to any preceding claim, wherein said step of predicting ratings utilizes the target user's mean rating for the rated items and a similarity estimate describing the similarity between the ratings by the target user and said number of other users.

11. The method according to any preceding claim, wherein the service is operated by a server functionally connected to the Internet and providing a plurality of items over the

Internet to a number of remote users.

12. A collaborative filtering arrangement for offering personalized service to users thereof comprising processing (402) and memory means (404) for processing and storing instructions and data, and data transfer means (414) for exchanging information with external entities, said arrangement being configured to obtain ratings relating to a number of items addressable through the service and to provide at least one recommendation of an item to a target user of the service, wherein said item is still unrated by the target user, characterized in that said arrangement is further configured to authenticate each obtained rating, wherein said rating is associated with a concealing group of users, said concealing group comprising as its members a plurality of users belonging to said user space, so as to verify the user behind the rating to belong to the users of the concealing group but to conceal the more exact identity of the user within the concealing group, and to limit the user to rate each item only once, obtain, from the target user, information identifying a representing group linked with a plurality of users belonging to said user space, to represent the target user, estimate similarities between the ratings by the members of the representing group and the ratings by a number of other users, predict ratings by the target user for items still unrated by the target user based on the estimated similarities, and determine said at least one recommendation on the basis of the predicted ratings.

13. The arrangement according to claim 12, configured to utilize a group signature for authenticating the obtained rating.

14. The arrangement according to claim 13, wherein said group signature is a linkable group signature.

15. The arrangement according to any of claims 12-14, wherein the members of the concealing group are selected based on random selection.

16. The arrangement according to any of claims 12-15, wherein the representing group is composed by a genetic algorithm in which the population of representing groups is updated based on the users' reaction to recommendations.

17. The arrangement according to any of claims 12-16, wherein said estimation of similarities comprises calculation of a number of correlation coefficients.

18. The arrangement according to any of claims 12-17 that is a computer server connected to a communications network.

19. A terminal device operable in a communications network, comprising processing (402) and memory (404) means for processing and storing instructions and data, and data transfer means (414) for exchanging information with an external entity, said terminal device being configured to obtain and forward ratings relating to a number of items addressable through a service at least partially hosted by the external entity and to provide at least one recommendation of an item to a target user of the service being the user of the terminal device, wherein said item is still unrated by the target user, characterized in that said terminal device is further configured to associate each obtained rating with a concealing group of users, said concealing group comprising as its members a plurality of users belonging to said user space, obtain, from the target user, information relating to a representing group linked with a plurality of users belonging to said user space, to represent the target user, transmit said information to the external entity in order to enable estimating similarities between the ratings by the members of the representing group and the ratings by a number of other users, predicting ratings by the target user for items still unrated by the target user based on the estimated similarities, and determining said at least one recommendation on the basis of the predicted ratings, and receive said at least one recommendation determined by said external entity.

20. The terminal device according to claim 19, further configured to receive a list of users transmitted by the external entity and to select a plurality of users from said list and add thereto an identity corresponding to the user of the terminal device in order to create the concealing group.

21. The terminal device according to claim 20, further configured to send a request for the list to the external entity.

22. The terminal device according to any of claims 19-21, configured to create the representing group by utilizing a technique selected from the group consisting of: a random selection of group members, and a genetic algorithm in which the population of representing groups is updated based on the users' reaction to recommendations.

23. The terminal device according to any of claims 19-22 that is a wireless communications device.

24. The terminal device according to any of claims 19-23, wherein said external entity is a server functionally connected to said communications network.

25. A computer executable program adapted, when run on a computer, to execute the method steps as defined by any of claims 1-11.

26. A carrier medium carrying the computer program of claim 25.