1. Technical Field
Aspects of the example implementations relate to measurement of campaign performance between a first party (e.g., campaign promoter) and a second party (e.g., merchant), without a third party, and without providing user identification information to the campaign promoter, and without providing sensitive information of the first party to the second party, and vice versa.
2. Related Art
A merchant may offer a good or service, or other benefit to a consumer. In exchange, the consumer provides a payment to the merchant. The merchant may seek to increase sales by using a campaign promoter to operate a campaign by providing a coupon that advertises the merchant and incentivizes the transaction, and providing the consumer with a way to use the coupon and purchase from the merchant. The campaign promoter and the merchant may measure the success of the campaign from sales information, such as credit card number of the transaction by the consumer, the credit card number being known by the merchant and the campaign promoter and the payment by this credit card can be measured as part of the success of the campaign.
To process the campaign effectiveness measurement and obtain the credit card numbers associated with the effectiveness of the campaign, the campaign promoter and the merchant may use a third-party company. The method applies hashing of credit card numbers to perform the processing, e.g., a hash applied on the set of credit cards as a deterministic mapping, and each party sends to the third party a list of hashed credit cards, or alternatively, the third party itself hashes the credit cards. However, because the hashing is not randomized, an unauthorized party with access to the lists of hashed credit cards, and additional access to list of credit cards, can hash the credit card number (i.e., the name of the users in the campaign), check the hashed name in the list against a list of credit cards, and recognize the actual credit cards used in a list of hashed credit cards. Further, because a hash translation can be computed, the hashing technique applied by or for the third party company may not provide sufficient security and privacy.
Additionally, the third-party company must be a trusted party (e.g., trusted not to use availability of credit card lists to perform the foregoing credit card identification). Therefore, there is a risk that the third-party company may reveal information (intentionally or unintentionally) without authorization by the user. Moreover, the existence of the third-party having access to the credit card information (or the list of hashed credit cards) that is needed to assess the effectiveness of the campaign may pose a risk of revealing too much information about the effectiveness of the campaign to that third party, which may harm the campaign promoter, as well as revealing too much information about the consumer, which may harm the consumer and the merchant.
Additionally, the third-party function can be implemented in tamper-proof hardware devices at the two parties themselves. However, again, the two parties cannot access the logic of the devices, and the devices may, for example, leak information to other parties, without the parties controlling the devices being notified.