Patent Grant
9818131
The present disclosure relates generally to maintaining internet privacy.
A consumer may connect to a website and access information or purchase products and/or services. Some websites may display banner advertisements (banner ads) in downloaded webpages. For example, the website may display a banner ad for a watch company while the consumer is viewing a webpage for an on-line news service.
During a first web session, the consumer may access a first website for the watch company or may use an internet search engine to search for watches. The first website or search engine may provide browser history to an advertising network. The advertising network also may have loaded a third party cookie into the browser that contains a user identifier.
The user may later access a second website for the on-line news service. A webpage on the second website may include a banner ad that connects to the advertising network. The third party cookie may send the user identifier and consumer profile information back to the advertising network. The consumer profile information may contain user browsing history, such as the prior visit to the first watch website.
Seeing that the user previously visited the watch website, the advertising network may assume the user is interested in watches. The advertising network then may send an advertisement from a watch company to the second website for the on-line news service for inserting into the banner ad.
Consumers may have privacy concerns with advertising networks tracking their visits to different websites. For example, consumers may not want personally identifiable information, such as email addresses, linked with their browsing history. However, the advertising network may need to track the consumer browser history to locate the correct advertisements for inserting into the banner ads.
Embodiments are illustrated in the figures. However, the embodiments and figures are illustrative rather than limiting.
In the following description, several specific details are presented to provide a thorough understanding of embodiments. One skilled in the relevant art will recognize, however, that the embodiments can be practiced without one or more of the specific details, or in combination with other components, etc. In other instances, well-known implementations or operations are not shown or described in detail to avoid obscuring aspects of various embodiments of the invention.
An anonymous information system (AIS) maintains privacy for internet users by separating personally identifiable information (PII) from online activity. For example, the AIS may avoid tracking user browser history. At the same time, the AIS also may use generic user segment data to customize advertisements for particular user categories.
The AIS system may receive a hashed email address from a publisher website. The AIS system may double hash the email address and discard the hashed email address received from the publisher. The double hashed email address is decoupled from user PII and may be used for tracking the number of unique email addresses provided by the publisher website.
The AIS system also may associate the hashed email address with a consumer file. The AIS may hash an entity identifier associated with the consumer file to create a non-reversible anonymous identifier (anonymous ID). The anonymous ID may be associated with segment information in the consumer file that does not contain PII about the user. The anonymous ID and segment data are therefore also decoupled from consumer PIT and the consumer browser history.
In one example, computer 102 may operate server based applications within a web browser environment. In another example, computer 102 may operate a native application that at times operates independently from the web application operating on website 110 and at other times exchanges data with the web application.
Website 110 may comprise any combination of software and/or hardware for conducting a web session with computer 102. For example, website 110 may operate a web application for purchasing items or services, playing video games, digital navigation, searching the Internet, etc. These of course are just examples of any function that may be performed between website 110 and computer 102. Website 110 may provide email addresses to a service provider network 120 or advertising network and therefore may be alternatively referred to as a publisher website or a publisher.
Service provider network (SPN) 120 may comprise any combination of server computers and software. In one example, SPN 120 may assemble consumer data 130 extracted from different data sources into consumer files 128. Consumer files 128 may contain personally identifiable information (PII) 134 and segment data 136 associated with a particular entity.
PII 134 may comprise any information that may identify, contact, locate, and/or be associated with a single human, small group of humans (i.e. a household), or entity. For example, PII may comprise a name, an address, a phone number, a fax number, an email address, or the like, or any combination thereof. An email address or phone number may not be explicitly PII, but when grouped together with a name or address may be recognized as PII 134.
Segment data 136 may comprise any generic information that may not uniquely identify any one individual human being, household, or entity. For example, segment data 136 may comprise age, gender, geographic location, demographics, buying habits, or the like, or any combination thereof. Segment data 136 also may include non-identifiable business information such as identifiers for high value consumers with expired or soon to be expired services.
Companies also may submit or push consumer data 130 to SPN 120. For example, a company may send consumer phone numbers, postal addresses, and phone service statuses to SPN 120. SPN 120 may add the company information to associated consumer files 128. One example showing how different consumer data 130 may be extracted and associated with a same user is described in U.S. patent application Ser. No. 12/554,306 filed Sep. 23, 2011, entitled: Data Source Attribution System which is incorporated by reference in its entirety.
SPN 120 may assign a unique entity identifier (entity ID) 132 to each consumer file 128. Entity ID 132 may provide a common identifier for multiple different email addresses, phone numbers, and other PII associated with a same person or entity. Entity ID 132 may be a random or semi-random number and contain no specific PII about the entity associated with consumer file 128. For example, entity identifier 132 may not contain any, name, email address, postal address, or any other PII 134 associated with the consumer.
As mentioned above, website 110 may send or publish email addresses to SPN 120. For example, during a web session with computer 102, website 110 may obtain an email address 108 from the user of computer 102. For example, the user of computer 102 may enter email address 108 into a webpage displayed on web browser 104 for logging into website 110. Website 110 may hash email address 108 and send hashed email address 112 to SPN 120. In another example, website 110 may send other user profile data to SPN 120, such as a name, a postal address, etc.
SPN 120 may use a hash algorithm 122 to hash email address 112 a second time to generate a double hashed email address 124. The double hashed address 124 is decoupled from email address 108 and provides a unique identifier for an anonymous user. SPN 120 may count the number of unique double hashed addresses 124 originating from website 110. SPN 120 then may pay the entity operating website 110 a publication fee based on the number of unique double hashed addresses 124 received from website 110.
SPN 120 may use hashed email address 112, or other PII information from website 110, to identify an associated consumer file 128 in database 126. For example, SPN 120 may use a same hash algorithm 122 as website 110 to hash email addresses in consumer data 130. SPN 120 may identify one of consumer files 128 containing a hashed email address matching hashed email address 112.
SPN 120 may discard hashed email address 112 and any other information that may associate the user of computer 102 with website 110. Since hashed email address 112 is not stored in any SPN databases, no information is retained by SPN 120 associating email address 108 with website 110. In other words, SPN 120 is prevented from tracking the browser history for the user of computer 102.
SPN 120 may hash entity ID 132 in the identified consumer file 128 to create an anonymous ID 142. Anonymous ID 142 cannot be reversed to discover associated PII 134 in the identified consumer file 128. SPN 120 then may associate anonymous ID 142 with segment data 136 in the associated consumer file 128.
For example, SPN 120 may derive a first anonymous ID 142A from a first entity ID 132 associated with a first consumer file 128 and may derive a second anonymous ID 142B from a second entity ID 132 associated with a second consumer file 128. SPN 120 then may associate anonymous ID 142A with segment data 136A from the first consumer file 128 and associate anonymous ID 142B with segment data 13613 from the second consumer file 128.
In one example, segment data 136A may comprise an identifier or flag that associates anonymous ID 142A with a preferred consumer of a company. The company may be alternatively referred to as an advertiser since the company may use segment data 136A to send a customized advertisement to the user of computer 102. Of course, this is just one example, and any segment data 136A that may be contained in consumer file 128 and associated with anonymous identifier 142A.
No PII 134 is associated with the anonymous IDs 142. This decouples anonymous IDs 142 and segment data 136 from PII 134. SPN 120 may store anonymous IDs 142 and associated segment data 136 in a database 140 separate from database 130. This further decouples anonymous identifiers 142 and associated segment data 136 from consumer files 128.
SPN 120 may load an anonymous ID 142 and/or associated segment data 136 into a cookie 106 and load the cookie 106 into browser 104 operating on computer 102. For example, cookie 106 may be loaded into web browser 104 and may contain anonymous ID 142A and segment data 136A that identifies the user of computer 102 as one of the preferred consumers of the above mentioned advertiser. Thus, cookie 106 may not contain information identifying email address 108 or identifying any browser history associated with email address 108.
At some later time, the user of computer 102 may access another website 116, In one example, website 116 may include one or more webpages that include banner advertisements (banner ADs) 156. Cookie 106 may send anonymous ID 142A and/or segment data 136A back to SPN 120 via website 116 in response to web browser 104 loading the webpage on website 116.
In one example, SPN 120 may compare anonymous ID 142A received from cookie 106 with anonymous IDs 140 in database 140. SPN 120 may identify segment data 136 in database 140 associated with the matching anonymous ID. For example, SPN 120 may identify segment data 136A in database 140 associated with matching anonymous ID 142A.
Advertiser websites 150 or SPN 120 may operate a database 154 containing advertisements 152 and associated segment data 136. For example, a first advertisement 152A may be associated with segment data 136A identifying preferred consumers for a first company. A second advertisement 152B may be associated with segment data 136B that identify men within a particular age range that have also visited a third website.
SPN 120 may try to match segment data 136A identified in database 140 or segment data 136A sent from cookie 106 with segment data 136 in database 150. SPN 120 may send website 116 an advertisement 152 from database 154 associated with matching segment data 136. For example, advertisement 152A may be associated with an upgrade offer that may only be sent to the preferred consumers of the advertiser company. Because segment data 136A received from cookie 106 identifies a preferred consumer, SPN 120 sends advertisement 152A to website 116. Website 116 may insert advertisement 152A into banner AD 156 within the webpage currently loaded in web browser 104.
Thus, SPN 120 may send customized advertisements or any other type of information to a selected group of users based on non-PII information. Advertisers are able to reach the selected group of users on-line without any tracking of user browser history.
In operation 202, a consumer file is located for the received consumer data. For example, the email addresses and/or phone numbers may be compared with existing email addresses and phone numbers in an existing consumer database.
In operation 204, consumer files may be created or updated to store the consumer data. For example, a new consumer file may be created for an email address or phone number that does not currently exist in the consumer database. The new consumer file may be loaded with PII that identifies the email address and/or phone number and segment data that identifies the consumer as a valued customer.
When an existing consumer file contains a matching email address and/or phone number, the existing file may be updated to include any missing PII such as a missing email address or phone number. The existing consumer file also may be updated with the new segment data that identifies the entity associated with the consumer file as a valued customer.
In operation 206, an entity identifier is assigned to a new consumer file. For example, a unique random or semi-random number may be assigned to the new consumer file. The entity identifier may uniquely identify an associated consumer file but may not contain any PIT information that could personally identify the entity associated with the consumer file.
The SPN in operation 212 may double hash the email address. For example, the SPN may hash the hashed email address received from the publisher website a second time. At this point, the double hashed email address may no longer have any identifiable association with any particular consumer or consumer file or with any cookies. However, the double hashed email address does provide a unique identifier that may be distinguished from other double hashed email addresses.
The SPN in operation 214 may discard the hashed email address received from the publisher website. For example, the SPN may delete and never log the hashed email addresses received from the publisher website. This may prevent the SPN from tracking the browser history of the received email address accessing the publisher website.
Operation 216 may determine if the double hashed email address is unique. For example, the SPN may accumulate all of the double hashed email addresses associated with the publisher website into an associated publisher file. Whenever a new hashed email address is received from the same publisher website, the email address is double hashed and the double hashed value compared with other double hashed values in the publisher file.
If the double hashed value already exists in the publisher file in operation 216, the SPN may return to receiving other hashed email addresses in operation 210. If the double hashed value does not currently exist in the publisher file in operation 216, the SPN may increment an email count for the publisher website in operation 218. The email count in operation 218 allows the SPN to determine the number of unique emails received from a particular publisher website. The email count may be used for determining a publication fee paid to the publisher website.
Operation 224 may hash the entity identifier assigned to the matching consumer file. The hashed entity identifier results in an anonymous identifier for the consumer file and the hashing of the entity identifier may not be reversed and associated with the PII information in any associated consumer file.
The SPN in operation 226 may associate the anonymous identifier with segment data in the associated consumer file. For example, the SPN may load some or all of the segment data from the identified consumer file into a file associated with the anonymous identifier. As mentioned above, segment data also cannot be traced back to any particular individual, entity, or consumer file.
For example, the segment data may contain the information that indicates the consumer is a valued customer. The valued customer identification may not include any personally identifiable information about the consumer and may only comprise a flag or some other non-traceable identifier that indicates the entity associated with the anonymous identifier is considered a valuable consumer of a particular business. Of course the SPN may use any type of non-traceable segment data for associating the anonymous identifier with a particular group of users.
The SPN in operation 228 may load the anonymous identifier and the associated segment data into a second database separated from the database that contains the consumer files that contains PIT. This second database may be alternatively referred to as siloing the anonymous identifiers and associated segment data. The siloing further prevents any association of the anonymous identifiers with PII in the consumer files.
The SPN in operation 232 may load the anonymous identifier and/or the segment data into a cookie. The cookie also may be referred to as a hyper test transport protocol (HTTP) cookie, a web cookie, or a browser cookie. The cookie is usually a small piece of data sent from a website and stored in a web browser while a user is browsing the website. When the user browses the same or another website, the data stored in the cookie may be retrieved by the visited website.
The cookie that contains the anonymous identifier and/or segment data may be sent back to the publisher website that provided the hashed email. The publisher website then may load the cookie into the web browser of the user visiting the publisher website that supplied the original email address.
For example, the cookie may send the anonymous identifier and a flag that indicates the user as a valued customer of a particular company. The SPN in operation 244 may identify an advertisement associated with the preferred customer identifier. For example, the company may have previously provided the SPN with an advertisement for sending to valued customers. The SPN in operation 246 may send the company advertisement to the visited website and the visited website may insert the company advertisement into a banner ad in the visited website webpage loaded into the web browser of the user.
In another example, the cookie may only send the anonymous identifier. In operation 242, the SPN may identify segment data in the siloed database associated with the anonymous identifier. For example, the SPN may identify segment data that includes the flag associating the anonymous identifier with a valued customer of the company. The SPN then identifies the company advertisement associated with the flag and sends the identified company advertisement to the visited website.
Thus, the user of the web browser is provided a customized advertisement from the company without the company or the SPN tracking any of the prior browser history of the user. The SPN may track other anonymous on-line metrics for charging the company. For example, the SPN may track the number of times the company advertisement is sent to a website.
In operation 262, the cookie may send the anonymous identifier and/or segment information to the visited website, the SPN, or to some other advertising network. For example, the cookie may include an HTTP link to the SPN. In operation 264, the visited website may determine if a banner advertisement exists on the webpage that will be loaded into the web browser. If the webpage does not contain a banner advertisement, the website may repeat operation 264 and continue to monitor the webpages selected by the user for any banner ads.
If the webpage contains a banner ad in operation 264, the website may receive an advertisement from the SPN. For example, the website may have received an advertisement for displaying to the valued customers of the company. The advertisement may offer the valued customers a discount for renewing their phone service. In operation 268, the visited website may insert the received valued customer advertisement into the banner ad and display the advertisement to the user.
The cookie may send the anonymous identifier to any websites partnered with the SPN or with any other advertising network. The SPN then may use the anonymous identifier and any associated segment data to customize the advertisements or any other information displayed to the user.
Thus, the number of unique users identified by a publisher website can be tracked without tracking the browser history for the users. Further, anonymous identifiers can be loaded into cookies so that customized advertisements and other information can be displayed to users based on generic segment data. The SPN may provide the advertisements and other information also without tracking any user browser history.
Computer
While only a single computing device 1000 is shown, the computing device 1000 may include any collection of devices or circuitry that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the operations discussed above. Computing device 1000 may be part of an integrated control system or system manager, or may be provided as a portable electronic device configured to interface with a networked system either locally or remotely via wireless transmission.
Processors 1004 may comprise a central processing unit (CPU), a graphics processing unit (GPU), programmable logic devices, dedicated processor systems, micro controllers, or microprocessors that may perform some or all of the operations described above. Processors 1004 may also include, but may not be limited to, an analog processor, a digital processor, a microprocessor, multi-core processor, processor array, network processor, etc.
Some of the operations described above may be implemented in software and other operations may be implemented in hardware. One or more of the operations, processes, or methods described herein may be performed by an apparatus, device, or system similar to those as described herein and with reference to the illustrated figures.
Processors 1004 may execute instructions or “code” 1006 stored in any one of memories 1008, 1010, or 1020. The memories may store data as well. Instructions 1006 and data can also be transmitted or received over a network 1014 via a network interface device 1012 utilizing any one of a number of well-known transfer protocols.
Memories 1008, 1010, and 1020 may be integrated together with processing device 1000, for example RAM or FLASH memory disposed within an integrated circuit microprocessor or the like. In other examples, the memory may comprise an independent device, such as an external disk drive, storage array, or portable FLASH key fob. The memory and processing device may be operatively coupled together, or in communication with each other, for example by an I/O port, network connection, etc. such that the processing device may read a file stored on the memory.
Associated memory may be “read only” by design (ROM) by virtue of permission settings, or not. Other examples of memory may include, but may be not limited to, WORM, EPROM, EEPROM, FLASH, etc. which may be implemented in solid state semiconductor devices. Other memories may comprise moving parts, such a conventional rotating disk drive. All such memories may be “machine-readable” in that they may be readable by a processing device.
“Computer-readable storage medium” (or alternatively, “machine-readable storage medium”) may include all of the foregoing types of memory, as well as new technologies that may arise in the future, as long as they may be capable of storing digital information in the nature of a computer program or other data, at least temporarily, in such a manner that the stored information may be “read” by an appropriate processing device. The term “computer-readable” may not be limited to the historical usage of “computer” to imply a complete mainframe, mini-computer, desktop or even laptop computer. Rather, “computer-readable” may comprise storage medium that may be readable by a processor, processing device, or any computing system. Such media may be any available media that may be locally and/or remotely accessible by a computer or processor, and may include volatile and non-volatile media, and removable and non-removable media.
For the sake of convenience, operations may be described as various interconnected or coupled functional blocks or diagrams. However, there may be cases where these functional blocks or diagrams may be equivalently aggregated into a single logic device, program or operation with unclear boundaries.
Computing device 1000 can further include a video display 1016, such as a liquid crystal display (LCD) or a cathode ray tube (CRT)) and a user interface 1018, such as a keyboard, mouse, or touch screen. All of the components of computing device 1000 may be connected together via a bus 1002 and/or network.
Having described and illustrated the principles of a preferred embodiment, it should be apparent that the embodiments may be modified in arrangement and detail without departing from such principles. Claim 1s made to all modifications and variation coming within the spirit and scope of the disclosure.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5274547 | Zoffel | Dec 1993 | A |
| 5944787 | Zoken | Aug 1999 | A |
| 6327574 | Kramer | Dec 2001 | B1 |
| 6938163 | Birkler | Aug 2005 | B1 |
| 7213032 | Mascarenhas | May 2007 | B2 |
| 7249034 | Schirmer | Jul 2007 | B2 |
| 7346844 | Baer | Mar 2008 | B1 |
| 7603317 | Adler | Oct 2009 | B2 |
| 7853614 | Hoffman | Dec 2010 | B2 |
| 8010460 | Work et al. | Aug 2011 | B2 |
| 8131745 | Hoffman | Mar 2012 | B1 |
| 8468271 | Panwar | Jun 2013 | B1 |
| 8620942 | Hoffman | Dec 2013 | B1 |
| 8621282 | Mixter | Dec 2013 | B1 |
| 20020026581 | Matsuyama | Feb 2002 | A1 |
| 20020049529 | Ikeda | Apr 2002 | A1 |
| 20020065891 | Malik | May 2002 | A1 |
| 20020156895 | Brown | Oct 2002 | A1 |
| 20030192004 | Gopalakrishnan | Oct 2003 | A1 |
| 20030237093 | Marsh | Dec 2003 | A1 |
| 20040139330 | Baar | Jul 2004 | A1 |
| 20040143738 | Savage | Jul 2004 | A1 |
| 20040205008 | Haynie | Oct 2004 | A1 |
| 20050159970 | Buyukkokten et al. | Jul 2005 | A1 |
| 20050192863 | Mohan | Sep 2005 | A1 |
| 20050267973 | Carlson et al. | Dec 2005 | A1 |
| 20060036857 | Hwang | Feb 2006 | A1 |
| 20060179113 | Buckingham | Aug 2006 | A1 |
| 20060224447 | Koningstein | Oct 2006 | A1 |
| 20060224675 | Fox | Oct 2006 | A1 |
| 20070008066 | Fukuda | Jan 2007 | A1 |
| 20070027930 | Alvarado et al. | Feb 2007 | A1 |
| 20070073888 | Madhok | Mar 2007 | A1 |
| 20070143407 | Avritch et al. | Jun 2007 | A1 |
| 20070143469 | Adams et al. | Jun 2007 | A1 |
| 20080092182 | Conant | Apr 2008 | A1 |
| 20080104495 | Craig | May 2008 | A1 |
| 20080109306 | Maigret | May 2008 | A1 |
| 20080154877 | Joshi | Jun 2008 | A1 |
| 20080162157 | Daniluk | Jul 2008 | A1 |
| 20080184366 | Alperovitch et al. | Jul 2008 | A1 |
| 20080235772 | Janzen | Sep 2008 | A1 |
| 20080285464 | Katzir | Nov 2008 | A1 |
| 20080288658 | Banga et al. | Nov 2008 | A1 |
| 20090168995 | Banga et al. | Jul 2009 | A1 |
| 20090248523 | Hueter | Oct 2009 | A1 |
| 20090254971 | Herz et al. | Oct 2009 | A1 |
| 20090276233 | Brimhall | Nov 2009 | A1 |
| 20090281852 | Abhari | Nov 2009 | A1 |
| 20100042466 | Pritchard | Feb 2010 | A1 |
| 20100042497 | Pritchard | Feb 2010 | A1 |
| 20100042930 | Pritchard | Feb 2010 | A1 |
| 20100076987 | Schreiner | Mar 2010 | A1 |
| 20100088313 | Hoffman | Apr 2010 | A1 |
| 20100094758 | Chamberlain | Apr 2010 | A1 |
| 20100225607 | Kim | Sep 2010 | A1 |
| 20100312706 | Combet | Dec 2010 | A1 |
| 20110004504 | Ives et al. | Jan 2011 | A1 |
| 20110071895 | Masri | Mar 2011 | A1 |
| 20110082824 | Allison | Apr 2011 | A1 |
| 20110099202 | Dedeoglu | Apr 2011 | A1 |
| 20110184828 | Siegel | Jul 2011 | A1 |
| 20110287741 | Prabhu | Nov 2011 | A1 |
| 20110314092 | Lunt | Dec 2011 | A1 |
| 20120044156 | Michaelis | Feb 2012 | A1 |
| 20120268248 | Hiraide | Oct 2012 | A1 |
| 20130006766 | Dedeoglu | Jan 2013 | A1 |
| 20130024242 | Villars | Jan 2013 | A1 |
| 20130096986 | Pavagadhi | Apr 2013 | A1 |
| 20130124628 | Weerasinghe | May 2013 | A1 |
| 20130159506 | Stern | Jun 2013 | A1 |
| 20130159826 | Mason | Jun 2013 | A1 |
| 20130268773 | Davis | Oct 2013 | A1 |
| 20130291123 | Rajkumar | Oct 2013 | A1 |
| 20140032318 | Hopwood | Jan 2014 | A1 |
| 20140040463 | Skvortsov | Feb 2014 | A1 |
| 20140095297 | O'Reilly | Apr 2014 | A1 |
| 20140201043 | Arditi | Jul 2014 | A1 |
| 20140278972 | Yonebahashi | Sep 2014 | A1 |
| 20140344954 | Kim | Nov 2014 | A1 |
| Number | Date | Country |
|---|---|---|
| 2008-134769 | Jun 2008 | JP |
| 10-2012-0053296 | May 2012 | KR |
| 2015038948 | Mar 2015 | WO |
| Entry |
|---|
| Gauch, Susan et al., ProFusion: Intelligent Fusion from Multiple, Distributed Search Engines1, Oct. 1996, Google Scholar, 637-649. |
| Stolowitz Ford Cowger LLP, Listing of Related Cases, Oct. 9, 2013. |
| Janez Brank et al., Predictive Algorithms for Browser Support of Habitual User Activities on the Web, 2005, IEEE, 7 pages. |
| Stolowitz Ford Cowger LLP, Listing of Related Cases, Apr. 10, 2013. |
| International Search Report dated Dec. 22, 2014 for PCT/US2014/055475; 2 pages. |
| Number | Date | Country | |
|---|---|---|---|
| 20140278972 A1 | Sep 2014 | US |
