公开(公告)号：US12107969B2

公开(公告)日：2024-10-01

申请号：US17633291

申请日：2021-03-16

Applicant: GOOGLE LLC

Inventor： Gang Wang ,  Marcel M. Moti Yung

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/3257 ,  H04L9/0825 ,  H04L9/3249

Abstract: Methods, systems, and computer media provide attestation tokens that protect the integrity of communications transmitted from client devices, while at the same time avoiding the use of stable device identifiers that could be used to track client devices or their users. In one approach, client devices can receive batches of N device integrity elements from a device integrity computing system, each corresponding to a different public key. The N device elements can be signed by a device integrity computing system. The signing by the device integrity computing system can be signing with a blind signature scheme. Client devices can include throttlers imposing limits on the quantity of attestation tokens created by the client device.

公开(公告)号：US12105843B2

公开(公告)日：2024-10-01

申请号：US18462031

申请日：2023-09-06

Applicant: Google LLC

Inventor： Gang Wang ,  Marcel M. Moti Yung

IPC: G06F21/62 ,  H04L9/30 ,  H04L9/32

CPC classification number: G06F21/6245 ,  H04L9/30 ,  H04L9/3213 ,  H04L9/3247

Abstract: Methods, systems, and apparatus, including a method for updating user consent in a verifiable manner. In some aspects, a method includes receiving, from a client device, a request including an attestation token. The attestation token includes a set of data that includes at least a user identifier that uniquely identifies a user of the client device, a token creation time that indicates a time at which the attestation token was created, user consent data specifying whether one or more entities that receive the attestation token are eligible to use data of the user, an action to be performed in response to the request. The attestation token also includes a digital signature of at least a portion of the set of data, including at least the user identifier and the token creation time. An integrity of the request is verified using the attestation token.

公开(公告)号：US20240297796A1

公开(公告)日：2024-09-05

申请号：US18649413

申请日：2024-04-29

Applicant: Google LLC

Inventor： Gang Wang ,  Marcel M. Moti Yung

IPC: H04L9/32

CPC classification number: H04L9/3255 ,  H04L9/3257 ,  H04L9/3263 ,  H04L2209/42

Abstract: Methods, systems, and computer media provide attestation tokens that protect the integrity of communications transmitted from client devices, while at the same time avoiding the use of stable device identifiers that could be used to track client devices or their users. In one approach, client devices can receive anonymous certificates from a device integrity computing system signifying membership in a selected device trustworthiness group, and attestation tokens can be signed anonymously with the anonymous certificates using a group signature scheme. Client devices can include throttlers imposing limits on the quantity of attestation tokens created by the client device.

公开(公告)号：US20240022392A1

公开(公告)日：2024-01-18

申请号：US17801326

申请日：2022-03-07

Applicant: Google LLC

Inventor： Gang Wang ,  Marcel M. Moti Yung

IPC: H04L9/00 ,  H04L9/08

CPC classification number: H04L9/008 ,  H04L9/085 ,  H04L2209/46

Abstract: This document relates to using secure MPC to select digital components in ways that preserve user privacy and protects the security of data of each party that is involved in the selection process. In one aspect, a method includes performing, by a first server of a secure MPC system in collaboration with one or more second servers of the secure MPC system, a selection process to select a digital component based in part on a selection value for each digital component in the selection process. This includes determining a first secret share of a winner parameter for each digital component in the selection process. The first server determines, for each given digital component in the selection process and in collaboration with the second server(s), a highest other selection value that corresponds to a different digital component that is different from the given digital component.

公开(公告)号：US11790111B2

公开(公告)日：2023-10-17

申请号：US17286626

申请日：2020-10-01

Applicant: Google LLC

Inventor： Gang Wang ,  Marcel M. Moti Yung

IPC: G06F21/62 ,  H04L9/30 ,  H04L9/32

CPC classification number: G06F21/6245 ,  H04L9/30 ,  H04L9/3213 ,  H04L9/3247

Abstract: Methods, systems, and apparatus, including a method for updating user consent in a verifiable manner. In some aspects, a method includes receiving, from a client device, a request including an attestation token. The attestation token includes a set of data that includes at least a user identifier that uniquely identifies a user of the client device, a token creation time that indicates a time at which the attestation token was created, user consent data specifying whether one or more entities that receive the attestation token are eligible to use data of the user, an action to be performed in response to the request. The attestation token also includes a digital signature of at least a portion of the set of data, including at least the user identifier and the token creation time. An integrity of the request is verified using the attestation token.

公开(公告)号：US20230141428A1

公开(公告)日：2023-05-11

申请号：US17916194

申请日：2021-12-15

Applicant: Google LLC

Inventor： Alex Daniel Jacobson ,  Gang Wang ,  Marcel M. Moti Yung

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/3247 ,  H04L9/3297 ,  H04L9/0825

Abstract: This disclosure describes systems and techniques for using controlling access to user information using ephemeral user identifiers. In one aspect, a method includes determining, for a given domain, engagement by a user with content provided by the given domain for display by an application at a client device of the user. A determination is made, based on the engagement by the user, to extend, for the given domain, a linkage between user identifiers for a user of the application. In response to determining to extend, for the given domain, the linkage between the user identifiers for the user of the application, one or more future domain-specific ephemeral user identifiers for the user and the given domain are obtained. An attestation record that includes a current domain-specific ephemeral user identifier and the one or more is generated and sent to the given domain.

公开(公告)号：US20230078704A1

公开(公告)日：2023-03-16

申请号：US17795131

申请日：2021-12-17

Applicant: Google LLC

Inventor： Yunting Sun ,  Marcel M. Moti Yung ,  Gang Wang

IPC: H04L9/08 ,  G06N20/00

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for identifying labels for a dataset without revealing the dataset to any individual computing system. Methods can include receiving, by a first computing system of a multi-party computation (MPC) system, a query that includes a first and second share of a given user profile. The second share is encrypted with a key that prevents the first computing system from accessing the second share. The second share is transmitted to a second computing system of the MPC system. The first and the second computing system generates a machine learning model and identifies a respective first and a second label. The first computing system receives the second label as a response from the second computing system. The first computing system responds to the query with a response that includes the first and the second label.

公开(公告)号：US20230060782A1

公开(公告)日：2023-03-02

申请号：US17431486

申请日：2020-12-11

Applicant: Google LLC

Inventor： Gang Wang ,  Marcel M. Moti Yung ,  David Bruce Turner

IPC: G06F21/44 ,  G06F21/45 ,  G06F21/56 ,  H04L9/32

Abstract: This disclosure relates to using trust tokens to verify the integrity of devices and applications from which data is received. In one aspects, a method includes receiving, from a client device, a request for one or more trust tokens. The request includes at least one of one or more device-level fraud detection signals obtained from the client device or data representing code of an application that initiated the request. The request also includes a respective nonce for each of the one or more trust tokens. A determination is made, based on at least one of the one or more device-level fraud signals or the data representing the code of the application, to issue the one or more trust tokens to the client device. Each trust token is generated using the nonce for the trust token. The one or more trust tokens are provided to the client device.

公开(公告)号：US20230034384A1

公开(公告)日：2023-02-02

申请号：US17786006

申请日：2021-10-08

Applicant: Google LLC

Inventor： Yiran Mao ,  Gang Wang ,  Marcel M. Moti Yung

IPC: G06N20/00 ,  G06N5/04

Abstract: This describes a privacy preserving machine learning platform. In one aspect, a method includes receiving, by a first computing system of multiple multi-party computation (MPC) systems, an inference request including a first share of a given user profile. A predicted label for the given user profile is determined based at least in part on a first machine learning model. A predicted residue value for the given user profile indicating a predicted error in the predicted label is determined. The first computing system determines the first share of the predicted residue value for the given user profile based at least in part on the first share of the given user profile and a second machine learning model. The first computing system receives, from a second computing system of the MPC computing systems, data indicating the second share of the predicted residue value for the given user profile.

公开(公告)号：US20220417034A1

公开(公告)日：2022-12-29

申请号：US17633291

申请日：2021-03-16

Applicant: GOOGLE LLC

Inventor： Gang Wang ,  Marcel M. Moti Yung

IPC: H04L9/32 ,  H04L9/08

Abstract: Methods, systems, and computer media provide attestation tokens that protect the integrity of communications transmitted from client devices, while at the same time avoiding the use of stable device identifiers that could be used to track client devices or their users. In one approach, client devices can receive batches of N device integrity elements from a device integrity computing system, each corresponding to a different public key. The N device elements can be signed by a device integrity computing system. The signing by the device integrity computing system can be signing with a blind signature scheme. Client devices can include throttlers imposing limits on the quantity of attestation tokens created by the client device.