US20030046198A1 - Anonymous recommendation technique - Google Patents
Anonymous recommendation technique Download PDFInfo
- Publication number
- US20030046198A1 US20030046198A1 US09/976,637 US97663701A US2003046198A1 US 20030046198 A1 US20030046198 A1 US 20030046198A1 US 97663701 A US97663701 A US 97663701A US 2003046198 A1 US2003046198 A1 US 2003046198A1
- Authority
- US
- United States
- Prior art keywords
- entity
- secret
- activities
- shares
- entities
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/06—Buying, selling or leasing transactions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/02—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/383—Anonymous user system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/385—Payment protocols; Details thereof using an alias or single-use codes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/06—Asset management; Financial planning or analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/42—Anonymization, e.g. involving pseudonyms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
Definitions
- the present invention relates generally to electronic commerce systems and, in particular, to a technique for providing anonymous recommendations within such electronic commerce systems.
- an entity 102 such as an individual or organization, may communicate with a provider 104 via a public network 103 .
- the entity 102 transmits a variety of information to the provider 104 in order to acquire a product being offered by the provider 104 .
- the information sent by the entity 102 typically comprises an identification of the entity, an identification of the product being acquired and, optionally, information regarding the price of the product being acquired.
- the provider 104 may supply some or all of the information from the entity 102 to a credit agency 106 .
- the provider 104 has specific knowledge of the products being purchased by the entity 102 .
- the credit agency 106 has specific knowledge that the entity 102 is purchasing products from the provider 104 .
- the provider 104 can often supply one or more recommendations to the entity. That is, if an entity purchases, for example, tickets to a classical music concert, the provider may be able to recommend other classical music concerts or even other products, such as recordings of classical music. As providers become more familiar with additional specific activities performed by specific entities within the electronic commerce system (i.e., develop profiles about the entities), they can further refine their recommendations so as to provide more targeted or relevant recommendations with increased likelihood that the specific entities will follow up on the recommendations.
- a commerce system comprises a plurality of entities each having an associated entity identity that is stored as a plurality of secret shares amongst at least a portion of a plurality of shareholders. Each plurality of secret shares comprises a subset of a finite set of secret share values.
- An apparatus and method for the commerce system includes an association, for each entity of the plurality of entities, for at least one activity conducted by the entity within the commerce system with each of the plurality of secret shares used to store the entity identity corresponding to the entity such that each secret share of the finite set of secret share values has associated therewith a set of activities from at least a portion of the plurality of entities.
- a receiver for receiving sets of activities associated with each secret share of a first plurality of secret shares used to store a first entity identity corresponding to a first entity is included with a generator, coupled to the receiver, for generating an estimated activities list, for the first entity, comprising an intersection of the sets of activities.
- FIG. 1 is a block diagram illustrating a typical arrangement used in electronic commerce in accordance with prior art techniques.
- FIG. 2 is a block diagram illustrating an arrangement that may be used for electronic commerce in accordance with the present invention.
- FIG. 3 is a flow chart illustrating a technique in accordance with the present invention.
- FIGS. 4 - 18 illustrate an example of providing an estimated activities list in accordance with the present invention.
- FIGS. 19 - 33 illustrate another example of providing an estimated activities list in accordance with the present invention.
- the present invention provides a technique for making recommendations to entities in an electronic commerce system (based, for example, on the Internet or World Wide Web) while simultaneously maintaining activities profiles of individual entities in secret.
- activities encompass substantially all actions in which an entity provides its entity identification to a third party including, but not limited to, purchasing a digital object or service, providing information to a third party for the purposes, for example, of rating something in a survey, etc.
- electronic commerce systems as used herein are not limited to systems supporting commercial transactions, but instead encompass all systems whereby an entity at least provides its entity identification to a third party for any purpose.
- the present invention employs secret sharing techniques whereby information regarding particular activities by an entity is kept confidential and yet accessible when required to generate recommendations for the entity's benefit.
- An entity engaging in an activity within the electronic commerce systems supplies data such as an entity identification to an anonymity service.
- the anonymity service splits the entity identification into a plurality of secret shares that are thereafter provided to a corresponding plurality of shareholders.
- the nature of the secret splitting process is such that each shareholder is unable to reproduce the secret corresponding to the shareholder's share without the other shareholders involved in the process.
- the process whereby the secret shares are generated should be reproducible by the anonymity service, such that the anonymity service can generate all the sets of the plurality of secret shares ever generated for a particular entity identification.
- Information regarding the specific activity is associated with each secret share of the plurality of secret shares used to memorialize the entity's identity. Assuming that there are a finite number of secret shares available from which any given entity's plurality of secret shares may be selected, over time and multiple activities conducted by multiple entities, each secret share will have associated therewith a set of activities corresponding to a plurality of entities.
- an intersection of the sets of activities associated with that entity's secret shares is provided as an estimated activities list. That is, activities found in each set of activities associated with each secret share of the given entity's secret shares are included in the estimated activities list, whereas activities found in less than all of the sets of activities associated with the entity's secret shares are excluded. Thereafter, one or more recommendations may be made based on the estimated activities list.
- the present invention facilitates anonymous transactions, particularly anonymous recommendations.
- FIG. 2 there is illustrated a block diagram of a system 200 in accordance with the present invention.
- an anonymity service 203 is provided as an intermediary between entities 202 (e.g., acquirers of services or digital products) and one or more providers 204 .
- the anonymity service 203 and provider 204 can be in communication with a clearing house and a credit agency in support of commercial transactions; for clarity, the clearing house and credit agency are not illustrated in FIG. 2.
- direct connections are illustrated between the anonymity service 203 and the various other elements of the system 200 , it is understood that these connections may comprise paths established through public networks such as the Internet or World Wide Web, within private networks or through a combination of public and private networks.
- each of a plurality of entities 202 may comprise any individual or organization capable of conducting activities within the electronic commerce system 200 .
- activities may comprise virtually any actions in which an entity is willing to include its entity identification.
- activities may include, but are not limited to, providing or acquiring something of value to/from a third party, such as participating in a survey, subscribing to a newsletter or affinity group chat room, or acquiring services or digital products from the provider 204 .
- digital products comprise anything capable of delivery via a communication network.
- digital products may include downloadable software or digital data such as text, audio, video or images.
- each activity conducted within the system 200 should be susceptible to unique identification.
- activities may include actions such as, “purchased video disk of ‘Cinderella”’, “downloaded trial version of XYZ Co.'s video game software”, “donated money to Planned Parenthood”, etc.
- activities in the context of the present invention comprise any actions having associated therewith an entity identification and that are susceptible to a unique identification.
- each entity 202 communicates with the anonymity service 203 via a computer implementing a network communication program, such as a browser or the like.
- the provider 204 may likewise comprise any individual or organization that provides services or digital products or that accepts information from entities via a communication network. More generally, the provider 204 may comprise any individual or organization that is the intended target of an entity's action(s) and is therefore a recipient of that entity's identification.
- the anonymity service 203 preferably comprises a computer-implemented service available via a communication network such as the Internet or World Wide Web. As depicted in FIG. 2, the anonymity service 203 preferably comprises a processor 210 and memory 212 .
- the anonymity service may be implemented using one or more network servers executing stored software routines as known in the art.
- the anonymity service 203 is in communication with a plurality of shareholders 207 .
- each of the shareholders 207 is provided with a secret share (preferably representative of at least an entity's identification) which, by itself, does not enable an individual shareholder to reconstruct a secret, i.e., an entity's identity.
- the process used to generate the secret shares is reproducible; that is, for any given input, a predictable set of secret shares will be provided as output.
- the process used to generate the secret shares possess the property that any secret share is equally likely to take on a particular value as any other value.
- secret shares are expressed as n-bit binary words, there exists a finite set of secret share values comprising 2 n possible values.
- the likelihood of any one secret share value of the finite set of secret share values being generated is preferably equivalent to 1 2 n .
- the set of shareholders 207 is preferably static relative to the anonymity service 203 and to the number of secret share values in the finite set of secret share values. That is, for a given entity's identification, information corresponding to a given secret share value is always sent to the same shareholder of the set of shareholders 207 , which set itself is unchanging from the anonymity service's perspective. For example, if there are ten possible secret shares (S 1 through S 10 ) and ten possible shareholders (H 1 through H 10 ), a possible arrangement is to uniquely assign one of the ten secret share values to a corresponding one of the ten shareholders.
- each shareholder could be associated with its own, well-described and not necessarily static, plurality of shareholders, which plurality of shareholders may or may not include shareholders that are also associated with other anonymity services.
- each shareholder is capable of receiving secret shares and information regarding activities from the anonymity service 203 .
- each shareholder preferably comprises a computer-implemented device capable of communicating with the anonymity service 203 .
- secret sharing schemes are vulnerable to the extent that separate shareholders could collaborate to ascertain the secret in their possession, it is advantageous to maintain the identity of each shareholder in confidence from the other shareholders.
- shareholders in possession of the secret shares corresponding to a single secret may comprise competitors in a given industry. Such competitors are inherently unlikely or unwilling to share information with each other.
- the shareholders may comprise a privacy organization that is dedicated to advocating privacy in electronic commerce, and therefore unlikely to collaborate with other shareholders.
- the entity 202 may comprise one of the shareholders, or the shareholders 207 may be known to the entity 202 , such as family members or friends or an Internet mailing list constructed around a common interest.
- FIG. 3 a method in accordance with the present invention is illustrated.
- the method of FIG. 3 is preferably implemented by the anonymity service 203 .
- two parallel, independent paths are provided. On the left, a path is provided whereby activities by separate entities are added to sets of activities associated with separate secret shares. On the right, a path is provided whereby a set of recommendations, based on the sets of activities associated with the separate secret shares, may be generated.
- the entity identification and information regarding the one or more activities may comprise part of a service request sent to the anonymity service.
- the anonymity service acts as an intermediary between the entity and the third party to which the entity's action activity is directed.
- the anonymity service can be provided as an additional service by an entity's on-line service provider, such as an Internet Service Provider (ISP).
- ISP Internet Service Provider
- the information provided at block 302 is securely transmitted to the anonymity service. Security in the transmission of such information may be provided using known techniques, such as encryption or a trusted path.
- the entity identification may comprise any unique identifier such as a public key, credit card number or the like.
- the information regarding the one or more activities may comprise any unique value or description sufficient to distinguish one activity from another.
- the present invention is limited in its application to the realm of activities related to books (e.g., on-line purchases, ratings, etc.)
- the existing system of International Standard Book Number (ISBN) codes could be used to uniquely identify particular books referenced in a given activity.
- Similar use could be made of stock keeping unit (SKU) codes or similar codes currently provided on many products.
- SKU stock keeping unit
- various schemes have been proposed, such as the so-called Consumer Profile Exchange Standard (CPEX) and Digital Object Identifiers (DOI) that may be applicable across a broad spectrum of activities, and may therefore be beneficially applied to the present invention.
- CPEX Consumer Profile Exchange Standard
- DOI Digital Object Identifiers
- a cryptographic or other secret splitting technique is used to split the entity identification into a plurality of secret shares.
- secret splitting techniques are well known in the art. In essence, a secret splitting technique takes a secret and divides it up into pieces such that each piece by itself does not allow a holder of that piece to reconstruct the secret. However, a holder in possession of all of the pieces is able to reconstruct the secret.
- the present invention requires well-described and reproducible secret splitting, i.e., a secret splitting technique that results in reproducible sets of secret share values for a given entity identification.
- a number of cryptographic secret sharing schemes use random number generation and, as a result, the secret share values are generally not reproducible.
- a seed value is typically used to initialize a process that generates a stream of essentially random data, which random data (i.e., the secret shares) is then used to secure other data. Random number generation usually enhances the secrecy of a scheme because a well-defined, predetermined relationship does not exist between the secret share values and the secret, and the shares hence reveal less information about the secret.
- the present invention cannot be implemented using a secret splitting/sharing scheme that results in secret shares that are different each time for identical inputs. Rather, the present invention is preferably implemented using a secret splitting scheme that generates one of a finite number of possible sets of secret shares each time for identical inputs.
- the number of possible secret share sets for a given entity identification should be small compared to: (a) the average number of times an entity is expected to use the service, and (b) the total number of sets of secret shares possible (for m n-bit secret shares, this number is 2 nm ). Further, depending on usage and number of activities, the size of the number of possible secret share sets for any given entity identity also affects recommendation accuracy.
- random numbers can be generated once, stored with an entity identification by the anonymity service, and used every time the entity identification is received thereafter.
- the same random number can be used for all entity identities.
- the first approach provides more privacy to the consumer relative to the shareholders because the shareholders have data from only one entity to reverse-engineer in order to obtain information about the corresponding random number and, through it and a single secret share value, the entity identification.
- the first approach requires storage of entity identifications by the anonymity service, (not required by the second approach), it provides severely reduced privacy to the consumer with respect to the anonymity service.
- the second approach provides less privacy to the consumer relative to the shareholders because they might be able to analyze patterns of the shares corresponding to different entity identifications to make educated guesses about the single random number, and from that information also determine information about entity identification from a single secret share value. Similar schemes, with the fixed numbers changing every so often, even at random, and being stored against entity identification for later reference, can also be used to provide more privacy to the consumer relative to the shareholders, though these will still be privacy-compromised to some degree with respect to the anonymity service and could decrease recommendation accuracy.
- a third approach is for the anonymity service to use a function of the entity identification to generate the random data for that entity identification so that the random data does not have to be stored.
- the service can thereafter construct the random data each time it is needed. Because each entity identification is presumably unique, the resulting random data will not be the same for all entity identifications, and the function used can be changed occasionally if required.
- the function can be randomly chosen from a small, finite set of functions. The scheme could be made more secure if the function were a so-called one-way function, i.e., a function that is easy to compute but difficult to invert. This would make it harder to recover an entity identification from a secret share value.
- Those having ordinary skill in the art will recognize that other types of permutations may be used to generate reproducible shares in conjunction with the present invention, and the present invention is not limited in this regard.
- A provides Z, X and Y (the secret shares) to, for example, B, C and D (the shareholders), respectively.
- B, C or D is able to reconstruct the secret S based solely on their respective share (Z, X or Y).
- the only way to reconstruct the secret is to combine the secret shares once again:
- X and Y could be outputs of well-defined functions of the entity identification.
- X and Y could be squares, cubes, and/or n th powers of the entity identification. Because X and Y would no longer be random, the security of the secret splitting scheme would be reduced. However, this is a cost of obtaining X and Y values that are reproducible.
- the function can be changed, e.g., to the m th power, after a certain period of time, or it can be a different function depending on parameters such as the day of the week, or it can be a function randomly chosen from a finite set of functions (for example, the function could be one of the 101-105 th powers).
- the total number of different functions used for each entity identification should be small compared to the average number of times each entity identification is used in the anonymity service, and small compared to the total number of sets of secret shares possible. The larger the number of functions, the more privacy is protected from the secret shareholders at the possible expense of recommendation accuracy.
- perfect secret splitting schemes are those schemes that result in secret shares in which any given secret share does not provide any information to an adverse party by which the secret may be identified.
- a number of known perfect secret sharing schemes result in at least one random secret. Modifying a perfect scheme to produce reproducible shares as described earlier could make the scheme non-perfect.
- the secret shares created at block 304 are sent to shareholders along with the information regarding the one or more activities. While the secret shares could be sent to the shareholders in encrypted form in order to enhance security, the secret shares are sent unencrypted in a presently preferred embodiment. Likewise, the information regarding the one or more activities may be sent in an encrypted form or otherwise secure manner, but this is not preferred. Nevertheless, the information regarding the one or more activities is sent to the shareholders each time a secret share is produced.
- the length of time required by each shareholder to store a corresponding secret share is a matter of design choice and may be dictated, for example, by legal requirements setting the length of time documentation regarding a transaction is to be stored.
- the duration for which the information regarding the one or more activities is kept is a matter of design choice.
- the information regarding the one or more activities is kept indefinitely.
- activities are assigned an expiration date such that they are no longer available after the expiration date. Further still, activities could be continuously inspected to see if no one has engaged in a certain activity for a certain period of time, in which case the activity is purged.
- the anonymity service discards any copies of the secret. In essence, the anonymity service consumes each secret and distributes the resulting secret shares to corresponding shareholders. An exception to this, albeit not a preferred one, arises where the anonymity service stores the random number associated with a particular entity identification, as described previously.
- the one or more activities sent to the shareholder are associated with the secret share.
- this is accomplished by each shareholder maintaining one or more profiles of activities in, for example, a computer-readable medium such as a digital memory device or the like.
- Each shareholder maintains a separate activity list for each secret share value. An example illustrating this is provided with reference to FIGS. 4 and 5.
- FIG. 4 illustrates an exemplary system in which it is assumed that the finite set of secret share values comprises only ten values (S 1 through S 10 ).
- the number of possible secret share values in this example has been kept low for ease of illustration; in practice, this number would be substantially larger. Additionally, it is assumed that there are only twenty possible activities (labeled “A” through “T”). Again, the number of possible activities in this example has been kept low for ease of illustration; in an actual implementation, this number would be significantly larger. It is further assumed that the identification of each entity (user) is split into five secret shares, which five secret shares are equally likely take on any of the ten possible secret share values.
- the secret share values derived for any given secret may result in multiple occurrences of the same secret share value, e.g., the identification of User 1 , when split, results in two instances of the S 5 secret share value.
- the activities for any given entity are stored in the same profiles to the extent that the secret splitting scheme always provides a reproducible output in response to the given entity's identity, which output causes the information regarding that entity's activities to always be sent to the same shareholders for association with the same secret share values.
- the secret splitting scheme does not always provide the same output, but provides one of a finite set of outputs, each generated by the use of a different function as described earlier, the activities will go to different profiles.
- the example described herein, for ease of illustration, corresponds to the situation where the secret shares generated for a particular entity identity are always the same.
- each user is assumed to have taken part in three activities randomly chosen from the twenty possible activities.
- the limit of three activities was chosen for ease of illustration. In practice, the number of possible activities engaged in by a given entity could be less and, in many instances, would likely be more. Note that some activities may considered to be more popular, e.g., activity “J”, in that multiple users have engaged in those activities.
- profiles associated with each secret share value sent to the first shareholder (Shareholder 1 ) in this example are further illustrated in FIG. 5.
- Each profile is the result of the activities engaged in by users whose identity, when split according to the secret splitting scheme, results in one of the secret share values shown in FIG. 5.
- the “J” activity is reflected in the each of the S 1 , S 2 and S 3 profiles by virtue of it being included at least in the activities of Users 1 , 2 and 3 .
- Exemplary profiles maintained by each shareholder in the example based on FIG. 4 are shown in each of FIGS. 5 - 9 .
- the process of generating recommendations for a given entity is illustrated by the path comprising blocks 310 - 316 .
- the sets of activities e.g., the profiles
- the profiles associated with secret shares S 1 , S 3 , S 5 , S 7 and S 10 would be obtained. Because each profile includes information regarding not only the activities of User 4 , but a number of the other users as well, knowledge of any one profile does not allow an adverse party to reconstruct User 4 's actual activities list.
- FIGS. 10 - 17 illustrate, for each user, the profiles corresponding to the secret share values generated by the user's identity.
- an estimated activities list corresponding to the given user is generated based on the profiles obtained at block 310 .
- the estimated activities list thus comprises only those activities that are found in each of the profiles obtained at block 310 .
- such estimated activities lists may be stored on a computer-readable medium. With regard to the example based on FIG. 4, this is further illustrated with regard to FIGS. 10 - 18 .
- each activity is seen to occur in each profile associated with the given user. For example, with respect to User 1 (FIG.
- the intersection of the activities associated with secret shares S 3 , S 5 , S 7 , S 5 and S 10 results in an estimated activities list comprising activities “D”, “F”, “G”, “J”, “L” and “M”, as shown.
- Similar estimated activities lists for each of the other seven users are calculated in the same manner.
- the estimated activities lists are preferably generated apart from the corresponding entity identifications.
- FIGS. 19 - 33 The effect of greater uniformity in distribution is shown in FIGS. 19 - 33 .
- Comparison of FIG. 19 with FIG. 4 reveals that the occurrences of activity “J” for Users 1 and 4 have been replaced with occurrences of activity “K” and “F”, respectively.
- the profiles resulting from the example illustrated in FIG. 19 are illustrated in FIGS. 20 - 24 . Note that in the profiles shown in FIGS. 20 - 24 , when compared to those in FIGS. 5 - 9 , the activities are closer to being equally likely. While the example does not illustrate this, this could also slightly compromise entity privacy, which, as alluded to above, usually bears an inverse relationship with recommendation accuracy.
- the intersections of the profiles for each user may be calculated leading to the estimated activities list shown in FIG. 33.
- the estimated activities lists illustrated in FIG. 33 are slightly more accurate than those illustrated in FIG. 18 in that the estimated activities for User 6 do not include an otherwise inaccurate activity “J”.
- a set of recommendations may be generated based on the estimated activities list.
- a recommendation may comprise any information regarding goods, services, opportunities or any other information that may spur the recipient of the information on to further activities.
- the estimated activities list indicates that the corresponding entity has recently applied for a mortgage using an on-line broker
- a set of recommendations may comprise the names of various firms that provide homeowner's insurance.
- the recommendations are provided to the corresponding entity using the entity's identification.
- this is accomplished by reconstructing the entity identification based on the secret shares for that entity.
- the anonymity provider retains, for a given entity, the identifications of the shareholders in possession of secret shares needed to reconstruct the entity identification.
- the anonymity service may retain transaction identifications that identify the particular shareholders needed relative to a given transaction.
- secret shares of public keys may be used to encrypt and decrypt data without reconstructing the public key.
- a provider could send a set of recommendations to an entity in an encrypted form by letting the shareholders encrypt the recommendation using secure multi-party computation.
- the shareholders themselves may implement functions described above as being implemented by the anonymity service (if the shareholders are known to each other) using known techniques.
Abstract
Description
- The present invention is filed as a continuation-in-part of U.S. patent application Ser. No. 09/944,739, titled ANONYMOUS ACQUISITION OF DIGITAL PRODUCTS BASED ON SECRET SPLITTING, filed on Aug. 31, 2001 in behalf of Vora et al., the same inventors as in the present application, which prior application is assigned to the Hewlett-Packard Company, the same assignee as in the present application.
- The present invention relates generally to electronic commerce systems and, in particular, to a technique for providing anonymous recommendations within such electronic commerce systems.
- Electronic commerce is increasingly becoming a part of everyday life. In particular, the rapid growth of the Internet and World Wide Web has lead to a corresponding increase in the ability to acquire goods and services remotely. A generalized example in accordance with current techniques is illustrated in FIG. 1. In particular, an
entity 102, such as an individual or organization, may communicate with aprovider 104 via apublic network 103. Theentity 102 transmits a variety of information to theprovider 104 in order to acquire a product being offered by theprovider 104. The information sent by theentity 102 typically comprises an identification of the entity, an identification of the product being acquired and, optionally, information regarding the price of the product being acquired. In turn, where the acquisition is a purchase, theprovider 104 may supply some or all of the information from theentity 102 to acredit agency 106. As a result, theprovider 104 has specific knowledge of the products being purchased by theentity 102. Likewise, thecredit agency 106 has specific knowledge that theentity 102 is purchasing products from theprovider 104. - Based on the knowledge of what products or services are being acquired, the
provider 104 can often supply one or more recommendations to the entity. That is, if an entity purchases, for example, tickets to a classical music concert, the provider may be able to recommend other classical music concerts or even other products, such as recordings of classical music. As providers become more familiar with additional specific activities performed by specific entities within the electronic commerce system (i.e., develop profiles about the entities), they can further refine their recommendations so as to provide more targeted or relevant recommendations with increased likelihood that the specific entities will follow up on the recommendations. While specific knowledge of a given entity's on-line activities may be valuable to the provider as a source of providing recommendations, which recommendation may even be helpful to or welcomed by some of the targeted entities, an increasing number of consumers object to commercial enterprises and other third parties having specific knowledge of their on-line activities. Clearly, a consumer's desire for privacy conflicts with the desire of commercial enterprises' to be able to recommend additional services and products based on past activities by consumers. - Therefore, a need exists for techniques that allow the formulation of recommendations based on some degree of knowledge about a given entity's on-line activities, but that also provides the given entity with a corresponding degree of privacy.
- 8. A commerce system comprises a plurality of entities each having an associated entity identity that is stored as a plurality of secret shares amongst at least a portion of a plurality of shareholders. Each plurality of secret shares comprises a subset of a finite set of secret share values. An apparatus and method for the commerce system includes an association, for each entity of the plurality of entities, for at least one activity conducted by the entity within the commerce system with each of the plurality of secret shares used to store the entity identity corresponding to the entity such that each secret share of the finite set of secret share values has associated therewith a set of activities from at least a portion of the plurality of entities. A receiver for receiving sets of activities associated with each secret share of a first plurality of secret shares used to store a first entity identity corresponding to a first entity is included with a generator, coupled to the receiver, for generating an estimated activities list, for the first entity, comprising an intersection of the sets of activities.
- FIG. 1 is a block diagram illustrating a typical arrangement used in electronic commerce in accordance with prior art techniques.
- FIG. 2 is a block diagram illustrating an arrangement that may be used for electronic commerce in accordance with the present invention.
- FIG. 3 is a flow chart illustrating a technique in accordance with the present invention.
- FIGS.4-18 illustrate an example of providing an estimated activities list in accordance with the present invention.
- FIGS.19-33 illustrate another example of providing an estimated activities list in accordance with the present invention.
- The present invention provides a technique for making recommendations to entities in an electronic commerce system (based, for example, on the Internet or World Wide Web) while simultaneously maintaining activities profiles of individual entities in secret. In the context of the present invention, activities encompass substantially all actions in which an entity provides its entity identification to a third party including, but not limited to, purchasing a digital object or service, providing information to a third party for the purposes, for example, of rating something in a survey, etc. Furthermore, electronic commerce systems as used herein are not limited to systems supporting commercial transactions, but instead encompass all systems whereby an entity at least provides its entity identification to a third party for any purpose.
- The present invention employs secret sharing techniques whereby information regarding particular activities by an entity is kept confidential and yet accessible when required to generate recommendations for the entity's benefit. An entity engaging in an activity within the electronic commerce systems supplies data such as an entity identification to an anonymity service. In turn, the anonymity service splits the entity identification into a plurality of secret shares that are thereafter provided to a corresponding plurality of shareholders. The nature of the secret splitting process is such that each shareholder is unable to reproduce the secret corresponding to the shareholder's share without the other shareholders involved in the process. Furthermore, the process whereby the secret shares are generated should be reproducible by the anonymity service, such that the anonymity service can generate all the sets of the plurality of secret shares ever generated for a particular entity identification. Information regarding the specific activity (e.g., information identifying the specific activity) is associated with each secret share of the plurality of secret shares used to memorialize the entity's identity. Assuming that there are a finite number of secret shares available from which any given entity's plurality of secret shares may be selected, over time and multiple activities conducted by multiple entities, each secret share will have associated therewith a set of activities corresponding to a plurality of entities.
- When it is desired to generate recommendations for a given entity based on that entity's past activities, an intersection of the sets of activities associated with that entity's secret shares is provided as an estimated activities list. That is, activities found in each set of activities associated with each secret share of the given entity's secret shares are included in the estimated activities list, whereas activities found in less than all of the sets of activities associated with the entity's secret shares are excluded. Thereafter, one or more recommendations may be made based on the estimated activities list. By associating activities with a plurality of secret shares, the present invention facilitates anonymous transactions, particularly anonymous recommendations.
- The present invention may be more readily described with reference to FIGS.2-33. Referring now to FIG. 2, there is illustrated a block diagram of a
system 200 in accordance with the present invention. In particular, ananonymity service 203 is provided as an intermediary between entities 202 (e.g., acquirers of services or digital products) and one ormore providers 204. In practice, theanonymity service 203 andprovider 204 can be in communication with a clearing house and a credit agency in support of commercial transactions; for clarity, the clearing house and credit agency are not illustrated in FIG. 2. Although direct connections are illustrated between theanonymity service 203 and the various other elements of thesystem 200, it is understood that these connections may comprise paths established through public networks such as the Internet or World Wide Web, within private networks or through a combination of public and private networks. - In the context of the present invention, each of a plurality of
entities 202 may comprise any individual or organization capable of conducting activities within theelectronic commerce system 200. Such activities may comprise virtually any actions in which an entity is willing to include its entity identification. For example, such activities may include, but are not limited to, providing or acquiring something of value to/from a third party, such as participating in a survey, subscribing to a newsletter or affinity group chat room, or acquiring services or digital products from theprovider 204. In the context of the present invention, digital products comprise anything capable of delivery via a communication network. For example, digital products may include downloadable software or digital data such as text, audio, video or images. Those having ordinary skill in the art will recognize that other types of digital products may be used in conjunction with the present invention, and the present invention is not limited in this regard. Regardless, each activity conducted within thesystem 200 should be susceptible to unique identification. For example, activities may include actions such as, “purchased video disk of ‘Cinderella”’, “downloaded trial version of XYZ Co.'s video game software”, “donated money to Planned Parenthood”, etc. In sum, activities in the context of the present invention comprise any actions having associated therewith an entity identification and that are susceptible to a unique identification. - In practice, each
entity 202 communicates with theanonymity service 203 via a computer implementing a network communication program, such as a browser or the like. Theprovider 204, in turn, may likewise comprise any individual or organization that provides services or digital products or that accepts information from entities via a communication network. More generally, theprovider 204 may comprise any individual or organization that is the intended target of an entity's action(s) and is therefore a recipient of that entity's identification. Theanonymity service 203 preferably comprises a computer-implemented service available via a communication network such as the Internet or World Wide Web. As depicted in FIG. 2, theanonymity service 203 preferably comprises aprocessor 210 andmemory 212. For example, the anonymity service may be implemented using one or more network servers executing stored software routines as known in the art. - The
anonymity service 203 is in communication with a plurality ofshareholders 207. As described in greater detail below, each of theshareholders 207 is provided with a secret share (preferably representative of at least an entity's identification) which, by itself, does not enable an individual shareholder to reconstruct a secret, i.e., an entity's identity. In a preferred embodiment, the process used to generate the secret shares is reproducible; that is, for any given input, a predictable set of secret shares will be provided as output. Furthermore, it is preferred that the process used to generate the secret shares possess the property that any secret share is equally likely to take on a particular value as any other value. For example, if secret shares are expressed as n-bit binary words, there exists a finite set of secret share values comprising 2n possible values. Thus, the likelihood of any one secret share value of the finite set of secret share values being generated is preferably equivalent to - The set of
shareholders 207 is preferably static relative to theanonymity service 203 and to the number of secret share values in the finite set of secret share values. That is, for a given entity's identification, information corresponding to a given secret share value is always sent to the same shareholder of the set ofshareholders 207, which set itself is unchanging from the anonymity service's perspective. For example, if there are ten possible secret shares (S1 through S10) and ten possible shareholders (H1 through H10), a possible arrangement is to uniquely assign one of the ten secret share values to a corresponding one of the ten shareholders. Further, it is preferable to ensure that the first shareholder always receives the first secret share value produced, the second shareholder always receives the second secret share value produced, and so on. Of course, other arrangements are possible. If multiple anonymity services are provided, each could be associated with its own, well-described and not necessarily static, plurality of shareholders, which plurality of shareholders may or may not include shareholders that are also associated with other anonymity services. - In any event, each shareholder is capable of receiving secret shares and information regarding activities from the
anonymity service 203. To this end, each shareholder preferably comprises a computer-implemented device capable of communicating with theanonymity service 203. Because secret sharing schemes are vulnerable to the extent that separate shareholders could collaborate to ascertain the secret in their possession, it is advantageous to maintain the identity of each shareholder in confidence from the other shareholders. Furthermore, it is preferred to select the shareholders such that they have an inherent reason not to collaborate with each other. For example, shareholders in possession of the secret shares corresponding to a single secret may comprise competitors in a given industry. Such competitors are inherently unlikely or unwilling to share information with each other. Additionally, the shareholders may comprise a privacy organization that is dedicated to advocating privacy in electronic commerce, and therefore unlikely to collaborate with other shareholders. Further still, theentity 202 may comprise one of the shareholders, or theshareholders 207 may be known to theentity 202, such as family members or friends or an Internet mailing list constructed around a common interest. - Referring now to FIG. 3, a method in accordance with the present invention is illustrated. In particular, the method of FIG. 3 is preferably implemented by the
anonymity service 203. As shown, two parallel, independent paths are provided. On the left, a path is provided whereby activities by separate entities are added to sets of activities associated with separate secret shares. On the right, a path is provided whereby a set of recommendations, based on the sets of activities associated with the separate secret shares, may be generated. - At
block 302, it is continuously determined whether a given entity has transmitted its entity identification and information regarding one or more activities to the anonymity service. In an embodiment of the present invention, the entity identification and information regarding the one or more activities may comprise part of a service request sent to the anonymity service. In this manner, the anonymity service acts as an intermediary between the entity and the third party to which the entity's action activity is directed. The anonymity service can be provided as an additional service by an entity's on-line service provider, such as an Internet Service Provider (ISP). In one embodiment of the present invention, the information provided atblock 302 is securely transmitted to the anonymity service. Security in the transmission of such information may be provided using known techniques, such as encryption or a trusted path. - The entity identification may comprise any unique identifier such as a public key, credit card number or the like. Likewise, the information regarding the one or more activities may comprise any unique value or description sufficient to distinguish one activity from another. In practice, at least with initial implementations, it is expected that such activity-describing information will be application dependent. For example, if the present invention is limited in its application to the realm of activities related to books (e.g., on-line purchases, ratings, etc.), the existing system of International Standard Book Number (ISBN) codes could be used to uniquely identify particular books referenced in a given activity. Similar use could be made of stock keeping unit (SKU) codes or similar codes currently provided on many products. More generally, various schemes have been proposed, such as the so-called Consumer Profile Exchange Standard (CPEX) and Digital Object Identifiers (DOI) that may be applicable across a broad spectrum of activities, and may therefore be beneficially applied to the present invention.
- When an entity has transmitted its entity identification and information regarding the one or more activities, processing continues at
block 304 where a cryptographic or other secret splitting technique is used to split the entity identification into a plurality of secret shares. Such secret splitting techniques are well known in the art. In essence, a secret splitting technique takes a secret and divides it up into pieces such that each piece by itself does not allow a holder of that piece to reconstruct the secret. However, a holder in possession of all of the pieces is able to reconstruct the secret. - The present invention requires well-described and reproducible secret splitting, i.e., a secret splitting technique that results in reproducible sets of secret share values for a given entity identification. A number of cryptographic secret sharing schemes use random number generation and, as a result, the secret share values are generally not reproducible. Typically, in such schemes, a seed value is typically used to initialize a process that generates a stream of essentially random data, which random data (i.e., the secret shares) is then used to secure other data. Random number generation usually enhances the secrecy of a scheme because a well-defined, predetermined relationship does not exist between the secret share values and the secret, and the shares hence reveal less information about the secret. As a practical matter, however, the present invention cannot be implemented using a secret splitting/sharing scheme that results in secret shares that are different each time for identical inputs. Rather, the present invention is preferably implemented using a secret splitting scheme that generates one of a finite number of possible sets of secret shares each time for identical inputs. The number of possible secret share sets for a given entity identification should be small compared to: (a) the average number of times an entity is expected to use the service, and (b) the total number of sets of secret shares possible (for m n-bit secret shares, this number is 2nm). Further, depending on usage and number of activities, the size of the number of possible secret share sets for any given entity identity also affects recommendation accuracy.
- Most of the cryptographic secret sharing schemes that require random numbers can be easily modified for use with the present invention. For example, in one approach, random numbers can be generated once, stored with an entity identification by the anonymity service, and used every time the entity identification is received thereafter. In another approach, the same random number can be used for all entity identities.
- However, both of these approaches reduce the secrecy of the schemes. The first approach provides more privacy to the consumer relative to the shareholders because the shareholders have data from only one entity to reverse-engineer in order to obtain information about the corresponding random number and, through it and a single secret share value, the entity identification. However, because the first approach requires storage of entity identifications by the anonymity service, (not required by the second approach), it provides severely reduced privacy to the consumer with respect to the anonymity service.
- The second approach provides less privacy to the consumer relative to the shareholders because they might be able to analyze patterns of the shares corresponding to different entity identifications to make educated guesses about the single random number, and from that information also determine information about entity identification from a single secret share value. Similar schemes, with the fixed numbers changing every so often, even at random, and being stored against entity identification for later reference, can also be used to provide more privacy to the consumer relative to the shareholders, though these will still be privacy-compromised to some degree with respect to the anonymity service and could decrease recommendation accuracy.
- A third approach is for the anonymity service to use a function of the entity identification to generate the random data for that entity identification so that the random data does not have to be stored. The service can thereafter construct the random data each time it is needed. Because each entity identification is presumably unique, the resulting random data will not be the same for all entity identifications, and the function used can be changed occasionally if required. In particular, the function can be randomly chosen from a small, finite set of functions. The scheme could be made more secure if the function were a so-called one-way function, i.e., a function that is easy to compute but difficult to invert. This would make it harder to recover an entity identification from a secret share value. Those having ordinary skill in the art will recognize that other types of permutations may be used to generate reproducible shares in conjunction with the present invention, and the present invention is not limited in this regard.
- An exemplary secret sharing scheme that uses random numbers, and its modification for use with the present invention, is now described. As an example of secret sharing, assume that a party A wishes to split a secret S into three shares that will be subsequently given to parties B, C and D. In accordance with a preferred embodiment of the present invention, further assume that the secret S is represented as a string of bits having length M. First, A generates two random bit strings, X and Y, each of length M. (Techniques for generating random bit strings are well known in the art of cryptography and are therefore not described in detail herein.) The secret S is thereafter exclusive-OR'd with X and Y to provide a new bit string Z, also of length M:
- Z=S⊕X⊕Y
- Thereafter, A provides Z, X and Y (the secret shares) to, for example, B, C and D (the shareholders), respectively. Note that none of B, C or D is able to reconstruct the secret S based solely on their respective share (Z, X or Y). To the contrary, the only way to reconstruct the secret is to combine the secret shares once again:
- Z=S⊕X⊕Y
- The above-described scheme can be modified to generate reproducible secrets instead of random secrets. Instead of random bit strings, X and Y could be outputs of well-defined functions of the entity identification. For example, X and Y could be squares, cubes, and/or nth powers of the entity identification. Because X and Y would no longer be random, the security of the secret splitting scheme would be reduced. However, this is a cost of obtaining X and Y values that are reproducible. To mitigate the impact on the security, the function can be changed, e.g., to the mth power, after a certain period of time, or it can be a different function depending on parameters such as the day of the week, or it can be a function randomly chosen from a finite set of functions (for example, the function could be one of the 101-105th powers). The total number of different functions used for each entity identification should be small compared to the average number of times each entity identification is used in the anonymity service, and small compared to the total number of sets of secret shares possible. The larger the number of functions, the more privacy is protected from the secret shareholders at the possible expense of recommendation accuracy.
- While this is a simple example, it illustrates the basic concept and implementation of secret splitting modified for reproducibility. Simple extensions will be evident to those having ordinary skill in the art. For example, a larger number of shareholders may be employed by simply generating additional reproducible bit strings to combine with the secret. One publication teaching a variety of cryptographic secret splitting techniques is “Applied Cryptography” by Bruce Schneier (John Marley & Sons, 1996), the teachings of which are incorporated herein by this reference. Referring back to FIG. 3, the number of secret shares provided at
block 304 for the entity identification is a matter of design choice. However, in a preferred embodiment, the number of secret shares is always the same and the secret splitting technique is reproducible, though equivalent outputs may not always result from equivalent inputs. - So-called perfect secret splitting schemes are those schemes that result in secret shares in which any given secret share does not provide any information to an adverse party by which the secret may be identified. A number of known perfect secret sharing schemes result in at least one random secret. Modifying a perfect scheme to produce reproducible shares as described earlier could make the scheme non-perfect.
- Besides cryptographic secret splitting schemes, other schemes which require less computation and in which individual secret shares do provide some information regarding the secret may also be used, although are not preferred. A simple illustration of a non-cryptographic secret splitting technique would be to split the secret up into constituent parts and providing those parts as the secret shares directly. For example, if a given entity's identification is simply “John Smith”, the secret shares could be provided as the nine letters in the identification, i.e., “j”, “o”, “h”, “n”, “s”, “m”, “i”, “t” and “h”. While no one secret share (letter) allows a given shareholder to reconstruct the entire secret, it does provide some information about the secret.
- Regardless, at
block 306, the secret shares created atblock 304 are sent to shareholders along with the information regarding the one or more activities. While the secret shares could be sent to the shareholders in encrypted form in order to enhance security, the secret shares are sent unencrypted in a presently preferred embodiment. Likewise, the information regarding the one or more activities may be sent in an encrypted form or otherwise secure manner, but this is not preferred. Nevertheless, the information regarding the one or more activities is sent to the shareholders each time a secret share is produced. - The length of time required by each shareholder to store a corresponding secret share is a matter of design choice and may be dictated, for example, by legal requirements setting the length of time documentation regarding a transaction is to be stored. Likewise, the duration for which the information regarding the one or more activities is kept is a matter of design choice. In one embodiment of the present invention, the information regarding the one or more activities is kept indefinitely. In another embodiment, however, activities are assigned an expiration date such that they are no longer available after the expiration date. Further still, activities could be continuously inspected to see if no one has engaged in a certain activity for a certain period of time, in which case the activity is purged. Those having ordinary skill in the art will recognize that other schemes may be possible or desirable. Regardless, once a secret has been split and sent to the respective shareholders, the anonymity service discards any copies of the secret. In essence, the anonymity service consumes each secret and distributes the resulting secret shares to corresponding shareholders. An exception to this, albeit not a preferred one, arises where the anonymity service stores the random number associated with a particular entity identification, as described previously.
- At block308, the one or more activities sent to the shareholder are associated with the secret share. In a preferred embodiment, this is accomplished by each shareholder maintaining one or more profiles of activities in, for example, a computer-readable medium such as a digital memory device or the like. Each shareholder maintains a separate activity list for each secret share value. An example illustrating this is provided with reference to FIGS. 4 and 5.
- FIG. 4 illustrates an exemplary system in which it is assumed that the finite set of secret share values comprises only ten values (S1 through S10). The number of possible secret share values in this example has been kept low for ease of illustration; in practice, this number would be substantially larger. Additionally, it is assumed that there are only twenty possible activities (labeled “A” through “T”). Again, the number of possible activities in this example has been kept low for ease of illustration; in an actual implementation, this number would be significantly larger. It is further assumed that the identification of each entity (user) is split into five secret shares, which five secret shares are equally likely take on any of the ten possible secret share values. Note that the secret share values derived for any given secret may result in multiple occurrences of the same secret share value, e.g., the identification of
User 1, when split, results in two instances of the S5 secret share value. Finally, there are five shareholders available to receive, according to a predefined distribution scheme, the five secret shares generated for any given secret. For example, for each secret split into the five secret shares, a first secret share is provided to a first shareholder, a second secret share is provided to a second shareholder and so on. In a preferred embodiment, the activities for any given entity are stored in the same profiles to the extent that the secret splitting scheme always provides a reproducible output in response to the given entity's identity, which output causes the information regarding that entity's activities to always be sent to the same shareholders for association with the same secret share values. When the secret splitting scheme does not always provide the same output, but provides one of a finite set of outputs, each generated by the use of a different function as described earlier, the activities will go to different profiles. The example described herein, for ease of illustration, corresponds to the situation where the secret shares generated for a particular entity identity are always the same. - In FIG. 4, eight exemplary users are shown and their corresponding secret shares. The column numbers 1-5 above the secret share values correspond to the shareholders to which each secret share value is sent. That is, the first column of secret share values sets forth those secret share values sent to the first shareholder; the second column sets forth those secret share values sent to the second shareholder; etc. Additionally, each user is assumed to have taken part in three activities randomly chosen from the twenty possible activities. The limit of three activities was chosen for ease of illustration. In practice, the number of possible activities engaged in by a given entity could be less and, in many instances, would likely be more. Note that some activities may considered to be more popular, e.g., activity “J”, in that multiple users have engaged in those activities. Regardless, profiles associated with each secret share value sent to the first shareholder (Shareholder1) in this example are further illustrated in FIG. 5. Each profile is the result of the activities engaged in by users whose identity, when split according to the secret splitting scheme, results in one of the secret share values shown in FIG. 5. For example, note that the “J” activity is reflected in the each of the S1, S2 and S3 profiles by virtue of it being included at least in the activities of
Users - Referring once again to FIG. 3, the process of generating recommendations for a given entity is illustrated by the path comprising blocks310-316. At
block 310, the sets of activities (e.g., the profiles) associated with each secret share corresponding to the given entity are obtained. For example, referring once again to FIGS. 4 and 5, if it was desired to generate recommendations forUser 4, the profiles associated with secret shares S1, S3, S5, S7 and S10 would be obtained. Because each profile includes information regarding not only the activities ofUser 4, but a number of the other users as well, knowledge of any one profile does not allow an adverse party to reconstructUser 4's actual activities list. The process ofblock 310, in implementation, requires that the given entity's identification is first obtained and then split into a corresponding set of secret shares. This set of secret shares is then sent to the corresponding shareholders as part of requests to obtain the profiles corresponding to those secret shares. Once again, this is possible assuming that the secret splitting scheme is statically reproducible. With regard to the current example (FIG. 4), FIGS. 10-17 illustrate, for each user, the profiles corresponding to the secret share values generated by the user's identity. - At
block 312, an estimated activities list corresponding to the given user is generated based on the profiles obtained atblock 310. To this end, an intersection of the multiple profiles fromblock 310 is calculated. The estimated activities list thus comprises only those activities that are found in each of the profiles obtained atblock 310. In one embodiment of the present invention, such estimated activities lists may be stored on a computer-readable medium. With regard to the example based on FIG. 4, this is further illustrated with regard to FIGS. 10-18. Thus, in the estimated activities lists shown in FIG. 18, each activity is seen to occur in each profile associated with the given user. For example, with respect to User 1 (FIG. 10), the intersection of the activities associated with secret shares S3, S5, S7, S5 and S10 results in an estimated activities list comprising activities “D”, “F”, “G”, “J”, “L” and “M”, as shown. Similar estimated activities lists for each of the other seven users (FIGS. 11-17), as shown in FIG. 18, are calculated in the same manner. In order to preserve the anonymity of the entities, the estimated activities lists are preferably generated apart from the corresponding entity identifications. - The nature of the process used to generate estimated activities lists is such that activities not actually engaged in by a given entity can be added to the estimated activities list for that entity. Such “added” activities are illustrated in boldfaced and italicized type in the estimated activities lists of FIG. 18. For example, activity “J”, appearing in each profile, is frequently added to the estimated activities lists of entities that did not actually engage in activity “J”. Additionally, activities “D” and “L”, although not occurring in every profile, occur with sufficient frequency that they too are inaccurately added to the estimated activities lists of
User 5. Such inaccuracies are a cost of being able to provide recommendations in an anonymous manner. The likelihood of such additions to the estimated activities lists is lowest when each activity is equally likely. Each activity is not equally likely in the example shown, where activity J is much more likely than other activities. - The effect of greater uniformity in distribution is shown in FIGS.19-33. Comparison of FIG. 19 with FIG. 4 reveals that the occurrences of activity “J” for
Users User 6 do not include an otherwise inaccurate activity “J”. - When the secret shares are reproducible but not always identical for a given entity identity, the above described process must be repeated for each set of secret shares corresponding to the entity identity. This involves more computation and could reduce recommendation accuracy, but will improve entity privacy with respect to shareholders.
- Referring once again to FIG. 3, at
block 314, a set of recommendations may be generated based on the estimated activities list. In the context of the present invention, a recommendation may comprise any information regarding goods, services, opportunities or any other information that may spur the recipient of the information on to further activities. For example, if the estimated activities list indicates that the corresponding entity has recently applied for a mortgage using an on-line broker, a set of recommendations may comprise the names of various firms that provide homeowner's insurance. Those having ordinary skill in the art will recognize that a variety of techniques exist for establishing a set of recommendations based on knowledge of previous (estimated) activities. Thereafter, atblock 316, the recommendations are provided to the corresponding entity using the entity's identification. Preferably, this is accomplished by reconstructing the entity identification based on the secret shares for that entity. To this end, the anonymity provider retains, for a given entity, the identifications of the shareholders in possession of secret shares needed to reconstruct the entity identification. Furthermore, the anonymity service may retain transaction identifications that identify the particular shareholders needed relative to a given transaction. - For example, assume an entity purchases goods from a provider via the anonymity service. A technique for providing anonymity in such a transaction is disclosed in co-pending U.S. patent application Ser. No. 09/944739 and titled ANONYMOUS ACQUISITION OF DIGITAL PRODUCTS BASED ON SECRET SPLITTING, the teachings of which application have been previously incorporated herein by reference. As disclosed in that application, entities are able to acquire digital products in an anonymous fashion using secret splitting techniques such that third parties (including providers) are unable to identify specific acquisitions made by a given entity. Nevertheless, a provider may wish to make further recommendations for other products based on one or more transactions by a given entity. Using the presently-disclosed technique, the anonymity service can construct a set of recommendations and, using the techniques disclosed in the co-pending application, provide the recommendations in a manner that preserves entity privacy.
- In the foregoing specification, the invention has been described with reference to specific embodiments. However, those of ordinary skill in the art will appreciate that various modifications and changes can be made without departing from the scope of the present invention as set forth in the claims below. Accordingly, the specification and figures are to be regarded in an illustrative rather than a restrictive sense, and all such modifications are intended to be included within the scope of present invention. For example, secure multi-party computing could be used in place of the anonymity service. That is, rather than a single third party managing anonymous transactions, a distributed model may be employed. As known in the art, secure multi-party computation involves computing a function of many variables where many parties each provide one or more variables. For example, secret shares of public keys may be used to encrypt and decrypt data without reconstructing the public key. As a result, a provider could send a set of recommendations to an entity in an encrypted form by letting the shareholders encrypt the recommendation using secure multi-party computation. Thus, in the context of the present invention, the shareholders themselves may implement functions described above as being implemented by the anonymity service (if the shareholders are known to each other) using known techniques.
- Benefits, other advantages, and solutions to problems have been described above with regard to specific embodiments. However, the benefits, advantages, solutions to problems, and any element(s) that may cause any benefit, advantage, or solution to occur or become more pronounced are not to be construed as a critical, required, or essential features or elements of any or all the claims. As used herein, the terms “comprises,” “comprising,” or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Claims (11)
Priority Applications (8)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/976,637 US20030046198A1 (en) | 2001-08-31 | 2001-10-12 | Anonymous recommendation technique |
US10/099,446 US20030046213A1 (en) | 2001-08-31 | 2002-03-15 | Anonymous processing of usage rights with variable degrees of privacy and accuracy |
US10/098,261 US20030046200A1 (en) | 2001-08-31 | 2002-03-15 | Anonymous recommendation technique with variable degrees of privacy and accuracy |
US10/143,081 US7187772B2 (en) | 2001-08-31 | 2002-05-10 | Anonymous transactions based on distributed processing |
GB0218771A GB2382425A (en) | 2001-08-31 | 2002-08-13 | Anonymous transactions based on distributed processing |
EP02255802A EP1288831A1 (en) | 2001-08-31 | 2002-08-20 | Anonymous recommendation technique with variable degrees of privacy and accuracy |
EP02255806A EP1288832A1 (en) | 2001-08-31 | 2002-08-20 | Anonymous recommendation technique |
EP02255794A EP1288830A1 (en) | 2001-08-31 | 2002-08-20 | Anonymous processing of usage rights with variable degrees of privacy and accuracy |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/944,739 US20030046210A1 (en) | 2001-08-31 | 2001-08-31 | Anonymous acquisition of digital products based on secret splitting |
US09/976,637 US20030046198A1 (en) | 2001-08-31 | 2001-10-12 | Anonymous recommendation technique |
Related Parent Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/944,739 Continuation-In-Part US20030046210A1 (en) | 2001-08-31 | 2001-08-31 | Anonymous acquisition of digital products based on secret splitting |
US10/099,446 Continuation-In-Part US20030046213A1 (en) | 2001-08-31 | 2002-03-15 | Anonymous processing of usage rights with variable degrees of privacy and accuracy |
Related Child Applications (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/944,739 Continuation-In-Part US20030046210A1 (en) | 2001-08-31 | 2001-08-31 | Anonymous acquisition of digital products based on secret splitting |
US10/099,446 Continuation-In-Part US20030046213A1 (en) | 2001-08-31 | 2002-03-15 | Anonymous processing of usage rights with variable degrees of privacy and accuracy |
US10/098,261 Continuation-In-Part US20030046200A1 (en) | 2001-08-31 | 2002-03-15 | Anonymous recommendation technique with variable degrees of privacy and accuracy |
US10/143,081 Continuation-In-Part US7187772B2 (en) | 2001-08-31 | 2002-05-10 | Anonymous transactions based on distributed processing |
Publications (1)
Publication Number | Publication Date |
---|---|
US20030046198A1 true US20030046198A1 (en) | 2003-03-06 |
Family
ID=25481980
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/944,739 Abandoned US20030046210A1 (en) | 2001-08-31 | 2001-08-31 | Anonymous acquisition of digital products based on secret splitting |
US09/976,637 Abandoned US20030046198A1 (en) | 2001-08-31 | 2001-10-12 | Anonymous recommendation technique |
US10/121,563 Expired - Fee Related US7711616B2 (en) | 2001-08-31 | 2002-04-12 | Anonymous transactions between an entity and a provider |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/944,739 Abandoned US20030046210A1 (en) | 2001-08-31 | 2001-08-31 | Anonymous acquisition of digital products based on secret splitting |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/121,563 Expired - Fee Related US7711616B2 (en) | 2001-08-31 | 2002-04-12 | Anonymous transactions between an entity and a provider |
Country Status (2)
Country | Link |
---|---|
US (3) | US20030046210A1 (en) |
EP (1) | EP1288829A1 (en) |
Cited By (54)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020023131A1 (en) * | 2000-03-17 | 2002-02-21 | Shuwu Wu | Voice Instant Messaging |
US20020133571A1 (en) * | 2000-10-30 | 2002-09-19 | Karl Jacob | Apparatus and method for specifying and obtaining services through an audio transmission medium |
US20030065721A1 (en) * | 2001-09-28 | 2003-04-03 | Roskind James A. | Passive personalization of buddy lists |
US20050076240A1 (en) * | 2003-04-02 | 2005-04-07 | Barry Appleman | Degrees of separation for handling communications |
US20050076241A1 (en) * | 2003-04-02 | 2005-04-07 | Barry Appelman | Degrees of separation for handling communications |
US20050198131A1 (en) * | 2004-03-05 | 2005-09-08 | Barry Appelman | Passively populating a participant list with known contacts |
US20060031772A1 (en) * | 2001-09-28 | 2006-02-09 | Judson Valeski | Automatic categorization of entries in a contact list |
US20060258368A1 (en) * | 2005-05-11 | 2006-11-16 | Jennifer Granito | Personalized location information for mobile devices |
US20060277108A1 (en) * | 2003-10-06 | 2006-12-07 | Utbk, Inc. | Methods and apparatuses for advertisement presentation |
US20070121844A1 (en) * | 2003-10-06 | 2007-05-31 | Utbk, Inc. | Methods and apparatuses for offline selection of pay-per-call advertisers |
US20070121846A1 (en) * | 2003-10-06 | 2007-05-31 | Utbk, Inc. | Methods and apparatuses for advertisements on mobile devices for communication connections |
US20070121845A1 (en) * | 2003-10-06 | 2007-05-31 | Utbk, Inc. | Methods and apparatuses for offline selection of pay-per-call advertisers via visual advertisements |
US20070143182A1 (en) * | 2003-10-06 | 2007-06-21 | Utbk, Inc. | Methods and Apparatuses to Provide Application Programming Interface for Retrieving Pay Per Call Advertisements |
US20070140451A1 (en) * | 2003-10-06 | 2007-06-21 | Utbk, Inc. | Methods and Systems for Pay For Performance Advertisements |
US20080262910A1 (en) * | 2007-04-20 | 2008-10-23 | Utbk, Inc. | Methods and Systems to Connect People via Virtual Reality for Real Time Communications |
US20080263460A1 (en) * | 2007-04-20 | 2008-10-23 | Utbk, Inc. | Methods and Systems to Connect People for Virtual Meeting in Virtual Reality |
US20090016507A1 (en) * | 2005-02-25 | 2009-01-15 | Utbk, Inc. | Systems and Methods for Dynamic Pay for Performance Advertisements |
US20090070205A1 (en) * | 2007-09-07 | 2009-03-12 | Utbk, Inc. | Systems and Methods to Provide Information and Connect People for Real Time Communications |
US20090158184A1 (en) * | 2003-03-03 | 2009-06-18 | Aol Llc, A Delaware Limited Liability Company (Formerly Known As Ameria Online, Inc.) | Reactive avatars |
US20090187757A1 (en) * | 2008-01-18 | 2009-07-23 | Sap Ag | Method and system for mediated secure computation |
US20090234922A1 (en) * | 2004-12-01 | 2009-09-17 | Aol Llc | Automatically Enabling the Forwarding of Instant Messages |
US20090248816A1 (en) * | 2001-09-28 | 2009-10-01 | Aol Llc, A Delaware Limited Liability Company (Formerly Known As America Online, Inc.) | Passive Personalization of Buddy Lists |
US20100056183A1 (en) * | 2008-08-28 | 2010-03-04 | Aol Llc | Methods and system for providing location-based communication services |
US7698560B2 (en) | 2002-04-11 | 2010-04-13 | Spitlock Holdings Pty Ltd | Information storage system |
US20100169801A1 (en) * | 2002-11-21 | 2010-07-01 | Aol Llc | Multiple avatar personalities |
US7765265B1 (en) * | 2005-05-11 | 2010-07-27 | Aol Inc. | Identifying users sharing common characteristics |
US20110148916A1 (en) * | 2003-03-03 | 2011-06-23 | Aol Inc. | Modifying avatar behavior based on user action or mood |
US7979802B1 (en) | 2000-05-04 | 2011-07-12 | Aol Inc. | Providing supplemental contact information corresponding to a referenced individual |
US7984098B2 (en) | 2000-07-25 | 2011-07-19 | AOL, Inc. | Video messaging |
US20110209198A1 (en) * | 2003-03-03 | 2011-08-25 | Aol Inc. | Applying access controls to communications with avatars |
US8037150B2 (en) | 2002-11-21 | 2011-10-11 | Aol Inc. | System and methods for providing multiple personas in a communications environment |
US8132110B1 (en) | 2000-05-04 | 2012-03-06 | Aol Inc. | Intelligently enabled menu choices based on online presence state in address book |
US8474628B1 (en) | 2000-05-04 | 2013-07-02 | Facebook, Inc. | Presenting a recipient of an e-mail with an option to instant message a sender or another recipient based on the sender's or the other recipient's address and online status |
US8595146B1 (en) | 2004-03-15 | 2013-11-26 | Aol Inc. | Social networking permissions |
US8681778B2 (en) | 2006-01-10 | 2014-03-25 | Ingenio Llc | Systems and methods to manage privilege to speak |
US8837698B2 (en) | 2003-10-06 | 2014-09-16 | Yp Interactive Llc | Systems and methods to collect information just in time for connecting people for real time communications |
US8843392B2 (en) | 2001-03-13 | 2014-09-23 | Yp Interactive Llc | Apparatus and method for recruiting, communicating with, and paying participants of interactive advertising |
USRE45254E1 (en) | 2002-12-31 | 2014-11-18 | Facebook, Inc. | Implicit population of access control lists |
US8959164B2 (en) | 2000-05-04 | 2015-02-17 | Facebook, Inc. | Tri-state presence indicator |
US9002949B2 (en) | 2004-12-01 | 2015-04-07 | Google Inc. | Automatically enabling the forwarding of instant messages |
US9043418B2 (en) | 2000-05-04 | 2015-05-26 | Facebook, Inc. | Systems and methods for instant messaging persons referenced in an electronic message |
US9049569B2 (en) | 2004-12-01 | 2015-06-02 | Google Inc. | Prohibiting mobile forwarding |
US9100221B2 (en) | 2000-05-04 | 2015-08-04 | Facebook, Inc. | Systems for messaging senders and recipients of an electronic message |
US9118778B2 (en) | 2003-10-06 | 2015-08-25 | Yellowpages.Com Llc | Methods and apparatuses for pay for deal advertisements |
US9185067B1 (en) | 1999-12-01 | 2015-11-10 | Facebook, Inc. | System and method for analyzing communications |
US9197479B2 (en) | 2006-01-10 | 2015-11-24 | Yellowpages.Com Llc | Systems and methods to manage a queue of people requesting real time communication connections |
US9356894B2 (en) | 2000-05-04 | 2016-05-31 | Facebook, Inc. | Enabled and disabled menu choices based on presence state |
US9363213B2 (en) | 2000-06-26 | 2016-06-07 | Facebook, Inc. | E-mail integrated instant messaging |
US9516125B2 (en) | 2003-03-26 | 2016-12-06 | Facebook, Inc. | Identifying and using identities deemed to be known to a user |
US9553851B2 (en) | 2005-09-28 | 2017-01-24 | Yellowpages.Com Llc | Methods and apparatuses to track information using call signaling messages |
US9652809B1 (en) | 2004-12-21 | 2017-05-16 | Aol Inc. | Using user profile information to determine an avatar and/or avatar characteristics |
US10074110B2 (en) | 2003-10-06 | 2018-09-11 | Yellowpages.Com Llc | Methods and apparatuses for pay-per-call advertising in mobile/wireless applications |
US10102548B2 (en) | 2003-10-06 | 2018-10-16 | Yellowpages.Com Llc | Method and apparatuses for offline selection of pay-per-call advertisers |
US20200301793A1 (en) * | 2014-06-27 | 2020-09-24 | Pq Solutions Limited | Systems and methods for quorum-based data processing |
Families Citing this family (32)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8135621B2 (en) * | 2002-04-26 | 2012-03-13 | At&T Intellectual Property I, L.P. | System and method for supporting anonymous transactions |
JP4292835B2 (en) * | 2003-03-13 | 2009-07-08 | 沖電気工業株式会社 | Secret reconstruction method, distributed secret reconstruction device, and secret reconstruction system |
WO2004099934A2 (en) * | 2003-05-05 | 2004-11-18 | Interactions, Llc | Apparatus and method for processing service interactions |
US9710819B2 (en) | 2003-05-05 | 2017-07-18 | Interactions Llc | Real-time transcription system utilizing divided audio chunks |
US20040225573A1 (en) * | 2003-05-09 | 2004-11-11 | Ling Marvin T. | Methods and apparatus for anonymously transacting internet shopping and shipping |
US7734282B2 (en) * | 2003-08-28 | 2010-06-08 | Qwest Communications International Inc | System and method for provisioning customer premises equipment |
US7445559B2 (en) * | 2005-03-16 | 2008-11-04 | Graco Children's Products Inc. | Swing with support base |
US7937270B2 (en) * | 2007-01-16 | 2011-05-03 | Mitsubishi Electric Research Laboratories, Inc. | System and method for recognizing speech securely using a secure multi-party computation protocol |
US20080208697A1 (en) * | 2007-02-23 | 2008-08-28 | Kargman James B | Secure system and method for payment card and data storage and processing via information splitting |
US20130036474A1 (en) * | 2011-02-08 | 2013-02-07 | Telcordia Technologies, Inc. | Method and Apparatus for Secure Data Representation Allowing Efficient Collection, Search and Retrieval |
WO2012116221A1 (en) | 2011-02-23 | 2012-08-30 | Mastercard International, Inc. | Demand deposit account payment system |
US9536268B2 (en) | 2011-07-26 | 2017-01-03 | F. David Serena | Social network graph inference and aggregation with portability, protected shared content, and application programs spanning multiple social networks |
US11411910B2 (en) * | 2011-07-26 | 2022-08-09 | Frank A Serena | Shared video content employing social network graph inference |
US11200560B2 (en) * | 2014-12-19 | 2021-12-14 | Capital One Services, Llc | Systems and methods for contactless and secure data transfer |
SG10202011641RA (en) | 2016-02-23 | 2021-01-28 | Nchain Holdings Ltd | Tokenisation method and system for implementing exchanges on a blockchain |
KR20180114198A (en) | 2016-02-23 | 2018-10-17 | 엔체인 홀딩스 리미티드 | A Universal Tokenization System for Block Cache-Based Cryptography |
MX2018010050A (en) | 2016-02-23 | 2019-01-21 | Nchain Holdings Ltd | Agent-based turing complete transactions integrating feedback within a blockchain system. |
JP6995762B2 (en) | 2016-02-23 | 2022-01-17 | エヌチェーン ホールディングス リミテッド | Cryptographic methods and systems for the secure extraction of data from the blockchain |
AU2017223136B2 (en) | 2016-02-23 | 2022-06-02 | nChain Holdings Limited | Registry and automated management method for blockchain-enforced smart contracts |
BR112018016822A2 (en) | 2016-02-23 | 2018-12-26 | Nchain Holdings Ltd | computer-implemented method for performing an entity exchange between a first user and a second user, processor, and computer readable medium |
KR20180115293A (en) | 2016-02-23 | 2018-10-22 | 엔체인 홀딩스 리미티드 | Method and system for secure transmission of objects on a block chain |
BR112018016819A2 (en) | 2016-02-23 | 2018-12-26 | Nchain Holdings Ltd | method and systems for protecting a controlled digital resource using a distributed scatter table and ledger and a blockchain |
WO2017145047A1 (en) | 2016-02-23 | 2017-08-31 | nChain Holdings Limited | Blockchain-implemented method for control and distribution of digital content |
SG11201805542TA (en) | 2016-02-23 | 2018-09-27 | Nchain Holdings Ltd | Secure multiparty loss resistant storage and transfer of cryptographic keys for blockchain based systems in conjunction with a wallet management system |
EP3257006B1 (en) | 2016-02-23 | 2018-10-03 | Nchain Holdings Limited | Personal device security using elliptic curve cryptography for secret sharing |
JP6515246B2 (en) | 2016-02-23 | 2019-05-15 | エヌチェーン ホールディングス リミテッドNchain Holdings Limited | Determination of common secrets for the secure exchange of information and hierarchical and deterministic encryption keys |
US11606219B2 (en) | 2016-02-23 | 2023-03-14 | Nchain Licensing Ag | System and method for controlling asset-related actions via a block chain |
BR112018016805A2 (en) | 2016-02-23 | 2018-12-26 | Nchain Holdings Ltd | method and system for efficient cryptocurrency transfer associated with a payment on a blockchain that leads to an automated payment, smart contract-based method and system |
US10289835B1 (en) * | 2016-06-13 | 2019-05-14 | EMC IP Holding Company LLC | Token seed protection for multi-factor authentication systems |
US11636225B2 (en) * | 2020-05-22 | 2023-04-25 | The Toronto-Dominion Bank | Method and system for managing access to entity identity data |
US11669855B2 (en) * | 2021-07-01 | 2023-06-06 | Capital One Services, Llc | Split up a single transaction into many transactions based on category spend |
US11539674B2 (en) * | 2022-02-14 | 2022-12-27 | Rafal Marek Leszczyna | Method and system for anonymous sending of physical items with possibility of responding |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5839119A (en) * | 1996-09-27 | 1998-11-17 | Xerox Corporation | Method of electronic payments that prevents double-spending |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020022967A1 (en) * | 2000-08-18 | 2002-02-21 | International Business Machines Corporation | Goods delivery method, online shopping method, online shopping system, server, and vender server |
-
2001
- 2001-08-31 US US09/944,739 patent/US20030046210A1/en not_active Abandoned
- 2001-10-12 US US09/976,637 patent/US20030046198A1/en not_active Abandoned
-
2002
- 2002-04-12 US US10/121,563 patent/US7711616B2/en not_active Expired - Fee Related
- 2002-08-20 EP EP02255792A patent/EP1288829A1/en not_active Withdrawn
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5839119A (en) * | 1996-09-27 | 1998-11-17 | Xerox Corporation | Method of electronic payments that prevents double-spending |
Cited By (147)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9819629B2 (en) | 1999-12-01 | 2017-11-14 | Facebook, Inc. | System and method for analyzing communications |
US9405843B2 (en) | 1999-12-01 | 2016-08-02 | Facebook, Inc. | System and method for analyzing communications |
US9749276B2 (en) | 1999-12-01 | 2017-08-29 | Facebook, Inc. | System and method for analyzing communications |
US9749279B2 (en) | 1999-12-01 | 2017-08-29 | Facebook, Inc. | System and method for analyzing communications |
US9705834B2 (en) | 1999-12-01 | 2017-07-11 | Facebook, Inc. | System and method for analyzing communications |
US9185067B1 (en) | 1999-12-01 | 2015-11-10 | Facebook, Inc. | System and method for analyzing communications |
US9813370B2 (en) | 1999-12-01 | 2017-11-07 | Facebook, Inc. | System and method for analyzing communications |
US9514233B2 (en) | 1999-12-01 | 2016-12-06 | Facebook, Inc. | System and method for analyzing communications |
US9619575B2 (en) | 1999-12-01 | 2017-04-11 | Facebook, Inc. | System and method for analyzing communications |
US9049159B2 (en) | 2000-03-17 | 2015-06-02 | Facebook, Inc. | Establishing audio communication sessions |
US8429231B2 (en) | 2000-03-17 | 2013-04-23 | Facebook, Inc. | Voice instant messaging |
US20020023131A1 (en) * | 2000-03-17 | 2002-02-21 | Shuwu Wu | Voice Instant Messaging |
US8041768B2 (en) | 2000-03-17 | 2011-10-18 | Aol Inc. | Voice instant messaging |
US9356891B2 (en) | 2000-03-17 | 2016-05-31 | Facebook, Inc. | Voice messaging interface |
US10158588B2 (en) | 2000-05-04 | 2018-12-18 | Facebook, Inc. | Providing supplemental contact information corresponding to a referenced individual |
US9360996B2 (en) | 2000-05-04 | 2016-06-07 | Facebook, Inc. | Intelligently enabled menu choices based on online presence state in address book |
US20110231507A1 (en) * | 2000-05-04 | 2011-09-22 | Aol Inc. | Providing supplemental contact information corresponding to a referenced individual |
US9699122B2 (en) | 2000-05-04 | 2017-07-04 | Facebook, Inc. | User interfaces for providing supplemental contact information corresponding to a referenced individual |
US8959164B2 (en) | 2000-05-04 | 2015-02-17 | Facebook, Inc. | Tri-state presence indicator |
US9621493B2 (en) | 2000-05-04 | 2017-04-11 | Facebook, Inc. | Providing supplemental information corresponding to a referenced individual |
US10122658B2 (en) | 2000-05-04 | 2018-11-06 | Facebook, Inc. | System for instant messaging the sender and recipients of an e-mail message |
US9531654B2 (en) | 2000-05-04 | 2016-12-27 | Facebook, Inc. | Adding contacts from a hovering interface |
US9100221B2 (en) | 2000-05-04 | 2015-08-04 | Facebook, Inc. | Systems for messaging senders and recipients of an electronic message |
US8132110B1 (en) | 2000-05-04 | 2012-03-06 | Aol Inc. | Intelligently enabled menu choices based on online presence state in address book |
US8474628B1 (en) | 2000-05-04 | 2013-07-02 | Facebook, Inc. | Presenting a recipient of an e-mail with an option to instant message a sender or another recipient based on the sender's or the other recipient's address and online status |
US7979802B1 (en) | 2000-05-04 | 2011-07-12 | Aol Inc. | Providing supplemental contact information corresponding to a referenced individual |
US9356894B2 (en) | 2000-05-04 | 2016-05-31 | Facebook, Inc. | Enabled and disabled menu choices based on presence state |
US9043418B2 (en) | 2000-05-04 | 2015-05-26 | Facebook, Inc. | Systems and methods for instant messaging persons referenced in an electronic message |
US10313297B2 (en) | 2000-06-26 | 2019-06-04 | Facebook, Inc. | E-mail integrated instant messaging |
US9363213B2 (en) | 2000-06-26 | 2016-06-07 | Facebook, Inc. | E-mail integrated instant messaging |
US9628431B2 (en) | 2000-06-26 | 2017-04-18 | Facebook, Inc. | E-mail integrated instant messaging |
US9100538B2 (en) | 2000-07-25 | 2015-08-04 | Facebook, Inc. | Limited length video messaging |
US8918727B2 (en) | 2000-07-25 | 2014-12-23 | Facebook, Inc. | Video messaging |
US9071725B2 (en) | 2000-07-25 | 2015-06-30 | Facebook, Inc. | Methods and user interfaces for video messaging |
US7984098B2 (en) | 2000-07-25 | 2011-07-19 | AOL, Inc. | Video messaging |
US8078678B2 (en) | 2000-07-25 | 2011-12-13 | Aol Inc. | Video messaging |
US7475149B2 (en) * | 2000-10-30 | 2009-01-06 | Utbk, Inc. | Apparatus and method for specifying and obtaining services through an audio transmission medium |
US20020133571A1 (en) * | 2000-10-30 | 2002-09-19 | Karl Jacob | Apparatus and method for specifying and obtaining services through an audio transmission medium |
US8843392B2 (en) | 2001-03-13 | 2014-09-23 | Yp Interactive Llc | Apparatus and method for recruiting, communicating with, and paying participants of interactive advertising |
US20060031772A1 (en) * | 2001-09-28 | 2006-02-09 | Judson Valeski | Automatic categorization of entries in a contact list |
US7765484B2 (en) | 2001-09-28 | 2010-07-27 | Aol Inc. | Passive personalization of lists |
US9729476B2 (en) | 2001-09-28 | 2017-08-08 | Facebook, Inc. | Personalization of recent contacts list |
US20030065721A1 (en) * | 2001-09-28 | 2003-04-03 | Roskind James A. | Passive personalization of buddy lists |
US7774711B2 (en) | 2001-09-28 | 2010-08-10 | Aol Inc. | Automatic categorization of entries in a contact list |
US9083661B2 (en) | 2001-09-28 | 2015-07-14 | Facebook, Inc. | Passive personalization of buddy lists |
US20090248816A1 (en) * | 2001-09-28 | 2009-10-01 | Aol Llc, A Delaware Limited Liability Company (Formerly Known As America Online, Inc.) | Passive Personalization of Buddy Lists |
US20100146288A1 (en) * | 2002-04-11 | 2010-06-10 | Andrew Dominic Tune | information storage system |
US7698560B2 (en) | 2002-04-11 | 2010-04-13 | Spitlock Holdings Pty Ltd | Information storage system |
US8090953B2 (en) | 2002-04-11 | 2012-01-03 | Splitlock Holdings Pty Ltd. | Information storage system |
US8250144B2 (en) | 2002-11-21 | 2012-08-21 | Blattner Patrick D | Multiple avatar personalities |
US9807130B2 (en) | 2002-11-21 | 2017-10-31 | Microsoft Technology Licensing, Llc | Multiple avatar personalities |
US10291556B2 (en) | 2002-11-21 | 2019-05-14 | Microsoft Technology Licensing, Llc | Multiple personalities |
US9215095B2 (en) | 2002-11-21 | 2015-12-15 | Microsoft Technology Licensing, Llc | Multiple personalities |
US20100169801A1 (en) * | 2002-11-21 | 2010-07-01 | Aol Llc | Multiple avatar personalities |
US8037150B2 (en) | 2002-11-21 | 2011-10-11 | Aol Inc. | System and methods for providing multiple personas in a communications environment |
USRE48102E1 (en) | 2002-12-31 | 2020-07-14 | Facebook, Inc. | Implicit population of access control lists |
USRE45254E1 (en) | 2002-12-31 | 2014-11-18 | Facebook, Inc. | Implicit population of access control lists |
US9483859B2 (en) | 2003-03-03 | 2016-11-01 | Microsoft Technology Licensing, Llc | Reactive avatars |
US8402378B2 (en) | 2003-03-03 | 2013-03-19 | Microsoft Corporation | Reactive avatars |
US20110209198A1 (en) * | 2003-03-03 | 2011-08-25 | Aol Inc. | Applying access controls to communications with avatars |
US9256861B2 (en) | 2003-03-03 | 2016-02-09 | Microsoft Technology Licensing, Llc | Modifying avatar behavior based on user action or mood |
US10616367B2 (en) | 2003-03-03 | 2020-04-07 | Microsoft Technology Licensing, Llc | Modifying avatar behavior based on user action or mood |
US10504266B2 (en) | 2003-03-03 | 2019-12-10 | Microsoft Technology Licensing, Llc | Reactive avatars |
US20110148916A1 (en) * | 2003-03-03 | 2011-06-23 | Aol Inc. | Modifying avatar behavior based on user action or mood |
US8627215B2 (en) | 2003-03-03 | 2014-01-07 | Microsoft Corporation | Applying access controls to communications with avatars |
US20090158184A1 (en) * | 2003-03-03 | 2009-06-18 | Aol Llc, A Delaware Limited Liability Company (Formerly Known As Ameria Online, Inc.) | Reactive avatars |
US9516125B2 (en) | 2003-03-26 | 2016-12-06 | Facebook, Inc. | Identifying and using identities deemed to be known to a user |
US9531826B2 (en) | 2003-03-26 | 2016-12-27 | Facebook, Inc. | Managing electronic messages based on inference scores |
US9736255B2 (en) | 2003-03-26 | 2017-08-15 | Facebook, Inc. | Methods of providing access to messages based on degrees of separation |
US8185638B2 (en) | 2003-04-02 | 2012-05-22 | Aol Inc. | Degrees of separation for handling communications |
US20050076241A1 (en) * | 2003-04-02 | 2005-04-07 | Barry Appelman | Degrees of separation for handling communications |
US9462046B2 (en) | 2003-04-02 | 2016-10-04 | Facebook, Inc. | Degrees of separation for handling communications |
US7945674B2 (en) | 2003-04-02 | 2011-05-17 | Aol Inc. | Degrees of separation for handling communications |
US7949759B2 (en) | 2003-04-02 | 2011-05-24 | AOL, Inc. | Degrees of separation for handling communications |
US20050076240A1 (en) * | 2003-04-02 | 2005-04-07 | Barry Appleman | Degrees of separation for handling communications |
US8930480B2 (en) | 2003-04-02 | 2015-01-06 | Facebook, Inc. | Degrees of separation for filtering communications |
US20110196939A1 (en) * | 2003-04-02 | 2011-08-11 | Aol Inc. | Degrees of separation for handling communications |
US8560706B2 (en) | 2003-04-02 | 2013-10-15 | Facebook, Inc. | Degrees of separation for handling communications |
US20060277108A1 (en) * | 2003-10-06 | 2006-12-07 | Utbk, Inc. | Methods and apparatuses for advertisement presentation |
US9203974B2 (en) | 2003-10-06 | 2015-12-01 | Yellowpages.Com Llc | Methods and apparatuses for offline selection of pay-per-call advertisers |
US10074110B2 (en) | 2003-10-06 | 2018-09-11 | Yellowpages.Com Llc | Methods and apparatuses for pay-per-call advertising in mobile/wireless applications |
US9208495B2 (en) | 2003-10-06 | 2015-12-08 | Yellowpages.Com Llc | Methods and apparatuses for advertisement presentation |
US9202220B2 (en) | 2003-10-06 | 2015-12-01 | Yellowpages.Com Llc | Methods and apparatuses to provide application programming interface for retrieving pay per call advertisements |
US8837698B2 (en) | 2003-10-06 | 2014-09-16 | Yp Interactive Llc | Systems and methods to collect information just in time for connecting people for real time communications |
US20070140451A1 (en) * | 2003-10-06 | 2007-06-21 | Utbk, Inc. | Methods and Systems for Pay For Performance Advertisements |
US10102548B2 (en) | 2003-10-06 | 2018-10-16 | Yellowpages.Com Llc | Method and apparatuses for offline selection of pay-per-call advertisers |
US20070143182A1 (en) * | 2003-10-06 | 2007-06-21 | Utbk, Inc. | Methods and Apparatuses to Provide Application Programming Interface for Retrieving Pay Per Call Advertisements |
US9118778B2 (en) | 2003-10-06 | 2015-08-25 | Yellowpages.Com Llc | Methods and apparatuses for pay for deal advertisements |
US20070121844A1 (en) * | 2003-10-06 | 2007-05-31 | Utbk, Inc. | Methods and apparatuses for offline selection of pay-per-call advertisers |
US10425538B2 (en) | 2003-10-06 | 2019-09-24 | Yellowpages.Com Llc | Methods and apparatuses for advertisements on mobile devices for communication connections |
US20070121846A1 (en) * | 2003-10-06 | 2007-05-31 | Utbk, Inc. | Methods and apparatuses for advertisements on mobile devices for communication connections |
US20070121845A1 (en) * | 2003-10-06 | 2007-05-31 | Utbk, Inc. | Methods and apparatuses for offline selection of pay-per-call advertisers via visual advertisements |
US8918460B2 (en) | 2004-03-05 | 2014-12-23 | Facebook, Inc. | Organizing entries in participant lists based on communications strengths |
US10341289B2 (en) | 2004-03-05 | 2019-07-02 | Facebook, Inc. | Systems and methods of calculating communications strengths |
US20050198131A1 (en) * | 2004-03-05 | 2005-09-08 | Barry Appelman | Passively populating a participant list with known contacts |
US8898239B2 (en) | 2004-03-05 | 2014-11-25 | Aol Inc. | Passively populating a participant list with known contacts |
US8595146B1 (en) | 2004-03-15 | 2013-11-26 | Aol Inc. | Social networking permissions |
US10367860B2 (en) | 2004-03-15 | 2019-07-30 | Oath Inc. | Social networking permissions |
US9002949B2 (en) | 2004-12-01 | 2015-04-07 | Google Inc. | Automatically enabling the forwarding of instant messages |
US20090234922A1 (en) * | 2004-12-01 | 2009-09-17 | Aol Llc | Automatically Enabling the Forwarding of Instant Messages |
US9049569B2 (en) | 2004-12-01 | 2015-06-02 | Google Inc. | Prohibiting mobile forwarding |
US9560495B2 (en) | 2004-12-01 | 2017-01-31 | Google Inc. | Automatically enabling the forwarding of instant messages |
US9088879B2 (en) | 2004-12-01 | 2015-07-21 | Google Inc. | Automatically enabling the forwarding of instant messages |
US9872157B2 (en) | 2004-12-01 | 2018-01-16 | Google Inc. | Prohibiting mobile forwarding |
US9615225B2 (en) | 2004-12-01 | 2017-04-04 | Google Inc. | Automatically enabling the forwarding of instant messages |
US9510168B2 (en) | 2004-12-01 | 2016-11-29 | Google Inc. | Prohibiting mobile forwarding |
US8060566B2 (en) | 2004-12-01 | 2011-11-15 | Aol Inc. | Automatically enabling the forwarding of instant messages |
US9727631B2 (en) | 2004-12-20 | 2017-08-08 | Facebook, Inc. | Automatic categorization of entries in a contact list |
US8910056B2 (en) | 2004-12-20 | 2014-12-09 | Facebook, Inc. | Automatic categorization of entries in a contact list |
US8775950B2 (en) | 2004-12-20 | 2014-07-08 | Facebook, Inc. | Automatic categorization of entries in a contact list |
US9652809B1 (en) | 2004-12-21 | 2017-05-16 | Aol Inc. | Using user profile information to determine an avatar and/or avatar characteristics |
US20090016507A1 (en) * | 2005-02-25 | 2009-01-15 | Utbk, Inc. | Systems and Methods for Dynamic Pay for Performance Advertisements |
US8934614B2 (en) | 2005-02-25 | 2015-01-13 | YP Interatcive LLC | Systems and methods for dynamic pay for performance advertisements |
US20130179524A1 (en) * | 2005-05-11 | 2013-07-11 | Facebook, Inc. | Identifying users sharing common characteristics |
US8805408B2 (en) | 2005-05-11 | 2014-08-12 | Facebook, Inc. | Personalized location information for mobile devices |
US9571975B2 (en) | 2005-05-11 | 2017-02-14 | Facebook, Inc. | Identifying users of a communications system at commonn geographic locations |
US8719354B2 (en) | 2005-05-11 | 2014-05-06 | Facebook, Inc. | Identifying users sharing common characteristics |
US8787940B2 (en) | 2005-05-11 | 2014-07-22 | Facebook, Inc. | Personalized location information for mobile devices |
US7765265B1 (en) * | 2005-05-11 | 2010-07-27 | Aol Inc. | Identifying users sharing common characteristics |
US8787932B2 (en) | 2005-05-11 | 2014-07-22 | Facebook, Inc. | Personalized location information for mobile devices |
US20100318622A1 (en) * | 2005-05-11 | 2010-12-16 | Aol Inc. | Identifying Users Sharing Common Characteristics |
US9369411B2 (en) | 2005-05-11 | 2016-06-14 | Facebook, Inc. | Identifying users sharing common characteristics |
US9049160B2 (en) | 2005-05-11 | 2015-06-02 | Facebook, Inc. | Identifying users sharing common characteristics |
US8818407B2 (en) | 2005-05-11 | 2014-08-26 | Facebook, Inc. | Personalized location information for mobile devices |
US7890123B2 (en) | 2005-05-11 | 2011-02-15 | Aol Inc. | Personalized location information for mobile devices |
US8712431B2 (en) | 2005-05-11 | 2014-04-29 | Facebook, Inc. | Personalized location information for mobile devices |
US9210546B2 (en) | 2005-05-11 | 2015-12-08 | Facebook, Inc. | Commenting on location information for mobile devices |
US9204255B2 (en) | 2005-05-11 | 2015-12-01 | Facebook, Inc. | Providing a log of location information for a mobile device |
US9203787B2 (en) | 2005-05-11 | 2015-12-01 | Facebook, Inc. | Identifying users sharing common characteristics |
US9197999B2 (en) | 2005-05-11 | 2015-11-24 | Facebook, Inc. | Providing a location identifier for a location with multiple co-users |
US8868112B2 (en) | 2005-05-11 | 2014-10-21 | Facebook, Inc. | Personalized location information for mobile devices |
US20060258368A1 (en) * | 2005-05-11 | 2006-11-16 | Jennifer Granito | Personalized location information for mobile devices |
US9553851B2 (en) | 2005-09-28 | 2017-01-24 | Yellowpages.Com Llc | Methods and apparatuses to track information using call signaling messages |
US8681778B2 (en) | 2006-01-10 | 2014-03-25 | Ingenio Llc | Systems and methods to manage privilege to speak |
US9197479B2 (en) | 2006-01-10 | 2015-11-24 | Yellowpages.Com Llc | Systems and methods to manage a queue of people requesting real time communication connections |
US20080263460A1 (en) * | 2007-04-20 | 2008-10-23 | Utbk, Inc. | Methods and Systems to Connect People for Virtual Meeting in Virtual Reality |
US20080262910A1 (en) * | 2007-04-20 | 2008-10-23 | Utbk, Inc. | Methods and Systems to Connect People via Virtual Reality for Real Time Communications |
US8838476B2 (en) | 2007-09-07 | 2014-09-16 | Yp Interactive Llc | Systems and methods to provide information and connect people for real time communications |
US20090070205A1 (en) * | 2007-09-07 | 2009-03-12 | Utbk, Inc. | Systems and Methods to Provide Information and Connect People for Real Time Communications |
US20090187757A1 (en) * | 2008-01-18 | 2009-07-23 | Sap Ag | Method and system for mediated secure computation |
US8010782B2 (en) * | 2008-01-18 | 2011-08-30 | Sap Ag | Method and system for mediated secure computation |
US9705996B2 (en) | 2008-08-28 | 2017-07-11 | Aol Inc. | Methods and system for providing location-based communication services |
US9154561B2 (en) | 2008-08-28 | 2015-10-06 | Aol Inc. | Methods and system for providing location-based communication services |
US8548503B2 (en) | 2008-08-28 | 2013-10-01 | Aol Inc. | Methods and system for providing location-based communication services |
US20100056183A1 (en) * | 2008-08-28 | 2010-03-04 | Aol Llc | Methods and system for providing location-based communication services |
US20200301793A1 (en) * | 2014-06-27 | 2020-09-24 | Pq Solutions Limited | Systems and methods for quorum-based data processing |
US11853171B2 (en) * | 2014-06-27 | 2023-12-26 | Pq Solutions Limited | Systems and methods for quorum-based data processing |
Also Published As
Publication number | Publication date |
---|---|
US7711616B2 (en) | 2010-05-04 |
US20030046202A1 (en) | 2003-03-06 |
EP1288829A1 (en) | 2003-03-05 |
US20030046210A1 (en) | 2003-03-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20030046198A1 (en) | Anonymous recommendation technique | |
US7187772B2 (en) | Anonymous transactions based on distributed processing | |
EP2494486B1 (en) | System for protecting an encrypted information unit | |
EP2605205A1 (en) | Privacy-preserving behavior targeting for digital coupons | |
EP1288832A1 (en) | Anonymous recommendation technique | |
CN110337665A (en) | System and method for information protection | |
WO2020051710A1 (en) | System and process for managing digitized security tokens | |
Bao et al. | Privacy protection for transactions of digital goods | |
EP4181456A1 (en) | Secure integer comparison using binary trees | |
Guan et al. | Secure fair and efficient data trading without third party using blockchain | |
JP2014003602A (en) | Outsourcing method of data for secure processing by unreliable third person | |
Malhotra | Bitcoin Protocol: Model of ‘Cryptographic Proof’Based Global Crypto-Currency & Electronic Payments System | |
CN113746621B (en) | Multi-chain architecture information sharing system based on block chain technology | |
US6873977B1 (en) | Achieving buyer-seller anonymity for unsophisticated users under collusion amongst intermediaries | |
US7979712B2 (en) | Network system, server and information terminal for list matching | |
CN115423455A (en) | Method for creating anonymous transaction on block chain | |
KR100441416B1 (en) | The system of sharing customer data with security and the method of that | |
EP1288831A1 (en) | Anonymous recommendation technique with variable degrees of privacy and accuracy | |
EP1288830A1 (en) | Anonymous processing of usage rights with variable degrees of privacy and accuracy | |
Wong et al. | A privacy-preserving coalition loyalty program | |
US7844496B2 (en) | Method and system for processing a request of a customer | |
CA2426794C (en) | Method and system for processing a request of a customer | |
Fan et al. | Fair transaction protocols based on electronic cash | |
Prabhu et al. | Enhancing retail business and customer experience using blockchain approach | |
JP2006236093A (en) | Electronic procurement bid method, electronic procurement bid system, and electronic procurement bid program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: HEWLETT-PACKARD COMPANY, COLORADO Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KNAPP, VERNA E.;VORA, POORI L.;REEL/FRAME:012885/0894 Effective date: 20011012 |
|
AS | Assignment |
Owner name: HEWLETT-PACKARD DEVELOPMENT COMPANY L.P., TEXAS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HEWLETT-PACKARD COMPANY;REEL/FRAME:014061/0492 Effective date: 20030926 Owner name: HEWLETT-PACKARD DEVELOPMENT COMPANY L.P.,TEXAS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HEWLETT-PACKARD COMPANY;REEL/FRAME:014061/0492 Effective date: 20030926 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |