	US 11,921,888 B2
	System, method, and computer program product for maintaining user privacy in advertisement networks
Jingjing Ren, Boston, MA (US); Abhinav Aggarwal, Albuquerque, NM (US); and Mastooreh Salajegheh, San Jose, CA (US)
Assigned to Visa International Service Association, San Francisco, CA (US)
Filed by Visa International Service Association, San Francisco, CA (US)
Filed on Jul. 12, 2022, as Appl. No. 17/862,504.
Application 17/862,504 is a continuation of application No. 16/558,910, filed on Sep. 3, 2019, granted, now 11,403,420.
Claims priority of provisional application 62/725,520, filed on Aug. 31, 2018.
Prior Publication US 2023/0004674 A1, Jan. 5, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/62 (2013.01); G06F 16/901 (2019.01); G06Q 30/0251 (2023.01); H04L 9/00 (2022.01)

CPC G06F 21/6245 (2013.01) [G06F 16/9027 (2019.01); G06Q 30/0255 (2013.01); H04L 9/006 (2013.01)]

15 Claims

1. A method, comprising:

receiving, with a first user device, first persona data associated with a first user from at least one publisher system;

generalizing, with the first user device, the first persona data to form first generalized persona data;

generating, with the first user device, a session key;

encrypting, with the first user device, the first generalized persona data and the session key with a first public key of an advertisement network system to form a first ciphertext;

communicating, with the first user device, the first ciphertext and first user identity data to a mediator system, the first user identity data associated with an identity of the first user;

receiving, with the first user device, a second ciphertext comprising an encrypted tracking token and a first encrypted targeted advertisement based on the first generalized persona data from the advertisement network system via the mediator system, wherein the second ciphertext was formed by encrypting a first targeted advertisement and a tracking token with the session key; and

decrypting, with the first user device, the second ciphertext with the session key to form the first targeted advertisement and the tracking token,

wherein the first persona data comprises a first vector, wherein a plurality of users comprises the first user, wherein each respective user of the plurality of users is associated with respective persona data comprising a respective vector, wherein each respective vector comprises a plurality of respective attributes, and wherein generalizing the first persona data comprises:

for each respective attribute of the plurality of respective attributes:

generating a tree comprising a plurality of leaf nodes and a plurality of non-leaf nodes, each leaf node associated with at least one possible value of the respective attribute, each non-leaf node associated with a hierarchical category associated with at least two leaf nodes;

counting a number of users of the plurality of users having a respective attribute value for the respective attribute associated with the at least one possible value of each leaf node; and

for each respective non-leaf node, determining a sum of the number of users for all leaf nodes under the respective non-leaf node; and

for each respective attribute of the first vector:

determining whether the number of users of the plurality of users having the respective attribute value for the respective attribute associated with the at least one possible value of a respective leaf node exceeds a threshold; and

in response to determining that the number of users exceeds the threshold, retaining the respective attribute value for the respective attribute, and, in response to determining that the number of users does not exceed the threshold, replacing the respective attribute value for the respective attribute with the hierarchical category associated with a first non-leaf node for which the sum exceeds the threshold above the respective leaf node,

wherein a plurality of user devices comprises a respective user device for each respective user of the plurality of users, wherein counting the number of users comprises:

for each respective attribute of the plurality of respective attributes:

encrypting, with each respective user device, the respective attribute value of the respective attribute with a second public key to form an encrypted respective attribute value, wherein each respective user device comprises a respective share of a private key associated with the second public key;

transmitting, with each respective user device, a message comprising the encrypted respective attribute value to the mediator system;

combining, by the mediator system, the messages from each respective user device with additive homomorphic encryption to form a combined message;

transmitting, by the mediator system, the combined message to each respective user device;

decrypting, with each respective user device, a share of the combined message using the respective share of the private key of the respective user device;

transmitting, with each respective user device, the share of the combined message to the mediator system; and

combining, with the mediator system, the shares of the combined message from each respective user device to form a sum of the messages, wherein the number of users is based on the sum of the messages.