Abstract: Embodiments of a privacy preserving supplemental content server (PPSCS) implements a privacy preserving protocol with a content server that requests the PPSCS to serve supplemental content for users. In embodiments, a user-to-segment map (USM) containing user-private information is split into secret shares and stored separately at the PPSCS and the content server. When servicing a request, the USM data is used to identify a key segment of a user, which is in turn used to select a supplemental content for the user. Advantageously, the selection process is performed according to the privacy preserving protocol, which guarantees that (a) the content server does not learn any user-private information about the user in the USM, (b) the PPSCS learns at most one user segment of the user (e.g. the key segment), and (c) the PPSCS cannot track the user over time using any user-private information about the user learned during the execution.

Abstract: Embodiments of a privacy preserving supplemental content server (PPSCS) implements a privacy preserving protocol with a content server that requests the PPSCS to serve supplemental content for users. In embodiments, a user-to-segment map (USM) containing user-private information is split into secret shares and stored separately at the PPSCS and the content server. When servicing a request, the USM data is used to identify a key segment of a user, which is in turn used to select a supplemental content for the user. Advantageously, the selection process is performed according to the privacy preserving protocol, which guarantees that (a) the content server does not learn any user-private information about the user in the USM, (b) the PPSCS learns at most one user segment of the user (e.g. the key segment), and (c) the PPSCS cannot track the user over time using any user-private information about the user learned during the execution.

Abstract: A method and apparatus are provided for compliance checking in a trust-management system. A request r, a policy assertion (ƒ0, POLICY), and n−1 credential assertions (ƒ1, s1) . . . , (ƒn−1, sn-1) are received, each credential assertion comprising a credential function ƒi and a credential source si. Each assertion may be monotonic, authentic, and locally bounded. An acceptance record set S is initialized to {(&Lgr;, &Lgr;, R)}, where &Lgr; represents a distinguished null string, and R represents the request r. Each assertion (ƒi, si), where i represents the integers from n−1 to 0, is run and the result is added to the acceptance record set S. This is repeated mn times, where m represents a number greater than 1, and an acceptance is output if any of the results in the acceptance record set S comprise an acceptance record (0, POLICY, R).

Abstract: A method and apparatus are provided for compliance checking in a trust-management system A request r, a policy assertion (ƒ0, POLICY), and n−1 credential assertions (ƒ1, s1) , . . . , (ƒn−1, sn−1) are received, each credential assertion comprising a credential function ƒi and a credential source si. Each assertion may be monotonic, authentic, and locally bounded. An acceptance record set S is initialized to {(&Lgr;, &Lgr;, R)}, where A represents a distinguished null string, and R represents the request r. Each assertion (ƒi, si), where i represents the integers from n−1 to 0, is run and the result is added to the acceptance record set S. This is repeated mn times, where m represents a number greater than 1, and an acceptance is output if any of the results in the acceptance record set S comprise an acceptance record (0, POLICY, R).