公开(公告)号：US20250086268A1

公开(公告)日：2025-03-13

申请号：US18560759

申请日：2022-12-30

Applicant: Google LLC

Inventor： Nikolaus Rath

IPC: G06F21/53 ,  G06F21/57

Abstract: Methods, systems, and apparatus, including medium-encoded computer program products for secure workflows that enhance data security using sandboxes hosted by trusted execution environments. A digital component (DC) request can be received, and in response, multi-stage workflows can be identified. Each multi-stage workflow (i) being configured to select DCs of multiple content platforms and (ii) including customizable stages. A trusted execution environment of the server can initiate a sandbox environment for executing stages of the workflow, which can be executed within the sandbox environment, preventing the code of the workflow from transmitting user data from the server. Output data can be received from the workflow by the server and from the trusted execution environment. A DC can be selected by the server based on at least a portion of the output data from the workflows. The DC can be provided to the client device for presentation to a user.

公开(公告)号：US20250077643A1

公开(公告)日：2025-03-06

申请号：US18283325

申请日：2022-12-12

Applicant: Google LLC

Inventor： Gang Wang ,  Nikolaus Rath

IPC: G06F21/53

Abstract: Methods, systems, and apparatus, including medium-encoded computer program products, for secure workflows that enhance data security are described. In one aspect, a digital component request is received. In response to receiving the digital component request, a multi-stage workflow for selecting a digital component is identified, and can include customizable stages. The execution of workflow stages includes: (A) identifying a given customizable stage; (B) for the stage: (i) identifying, a customization specific to the stage that generates an output for use in selecting the digital component; (ii) initiating an isolated execution environment for each customization; (iii) executing, within each isolated execution environment, the customization for which the isolated execution environment was initiated; and (iv) obtaining the output generated by the code of each isolated execution environment; and (C) executing a final stage to select a digital component based on the outputs. The selected digital component is sent to the client device.

公开(公告)号：US20250094613A1

公开(公告)日：2025-03-20

申请号：US18559663

申请日：2022-12-12

Applicant: Google LLC

Inventor： Gang Wang ,  Nikolaus Rath

IPC: G06F21/62

Abstract: Methods, systems, and apparatus, including medium-encoded computer program products, for providing secure workflows with rule-based data access security are described. In one aspect, a method includes receiving a digital component (DC) request. A workflow, which can include customizable stages, for selecting a DC is identified. Stages can include executable instructions and can be executed as defined by the workflow. The method can include, for each stage: initiating an isolated environment, receiving a data access request and, for each request, obtaining access rules associated with the request, processing access rules to determine whether to return the data requested by the request, and whenever it is determined to return the data, providing the data to the isolated environment. The method can include, receiving output data from customizable stages and selecting, using a stage and based on the output data received, a DC, which can be sent to the client device.