New Google Patents · Filed Oct 25, 2024 · Published Jul 2, 2026 · verified — real USPTO data

Google Patent Shows Two Protected Systems Sharing Ad Tasks Without Exposing User Data

Google wants to serve you targeted ads without any single server ever knowing who you are and what ad you saw at the same time. The trick is splitting the job between two isolated computing environments that can't leak data to each other.

Google Patent: Privacy-Safe Ad Selection in Secure Environments — figure from US 2026/0187228 A1
FIG. 1A — rendered from the official USPTO publication PDF.
Publication number US 2026/0187228 A1
Applicant GOOGLE LLC
Filing date Oct 25, 2024
Publication date Jul 2, 2026
Inventors Akhil Dhavala, Shruti Murali, Hari Krishna Bikmal, Michael Feng, Oscar Ka Ho Chow, Ouyang Zhang, Jacob Mark Hallberg
CPC classification 726/26
Grant likelihood Medium
Examiner ABRISHAMKAR, KAVEH (Art Unit 2494)
Status Publications -- Issue Fee Payment Received (Jun 10, 2026)
Parent application is a National Stage Entry of PCTUS2023034790 (filed 2023-10-10)
Document 22 claims

How Google picks ads without handing over your personal data

Imagine a bank that processes your payment without the teller ever seeing your account number. Google is trying to do something similar with online ads.

Right now, when a website decides which ad to show you, that decision-making system can see your browsing history, your device, and which ad won the auction all at once. That's a privacy problem. Google's patent describes a system where the job is split between two separate, locked-down servers, called trusted execution environments, that are designed so that no one, not even Google's own engineers, can peek at what's happening inside.

One server handles context about the page you're visiting. The other handles the advertiser's targeting rules. They exchange only the minimum information needed to pick a winner, and the final ad goes to your browser without either server ever building a complete picture of you. It's a more private assembly line for the ads that pay for the internet.

How the two trusted environments divide the selection work

The patent describes a two-stage pipeline built on trusted execution environments (TEEs), which are isolated hardware-level vaults inside a server where code runs in a way that can be verified and can't be tampered with, not even by the machine's owner.

  • A first trusted content platform receives two types of ad candidates: contextual ads (chosen based on what the page is about, not who you are) and constrained ads (chosen based on advertiser targeting rules tied to user data).
  • It sends only the targeting parameters and a set of constraining values (numerical limits that encode what the user is eligible to see without revealing identity) to a second trusted content platform in a separate TEE.
  • The second TEE picks the best constrained ad and sends back a selection value (a score) rather than raw user data.
  • The first TEE combines that score with scores for the contextual ads and picks the overall winner, which then goes to an untrusted delivery layer for display.

By separating contextual signals from user-targeting signals across two isolated environments, the system prevents any one party from combining them into a surveillance-ready profile. The patent also emphasizes reducing latency: the two TEEs work in a coordinated handoff rather than a slow sequential chain.

What this means for privacy-safe advertising after cookies

The ad industry is under pressure to move away from third-party cookies, which currently let advertisers track you across websites. Google's Privacy Sandbox initiative has been trying to build replacement systems for years, and this patent looks like infrastructure for exactly that. A two-TEE architecture could let advertisers still bid on relevant audiences while satisfying regulators who want proof that personal data stays locked up.

For you as a user, the practical bet here is that ads keep working (funding free content) while the data exhaust trail behind you shrinks. Whether that promise holds depends on how these TEEs are audited and who controls them, questions the patent doesn't answer, but the architecture is a meaningful step beyond what today's ad auctions do.

Editorial take

This is genuinely interesting infrastructure work, not a flashy consumer feature. Google has real regulatory and competitive reasons to build privacy-preserving ad systems, and a two-TEE split is a concrete architectural answer to a hard problem. The cynical read is that Google is designing a system where it remains the trusted party inside both vaults, but the technical approach is more substantive than most ad-privacy patents.

Which company should we read for you?

We track 17 companies here. Pro is the same weekly breakdown for any company you choose, delivered privately. Type a name and we'll scope it and send you a quote.

Get one Big Tech patent every Sunday

Plain English, intelligent commentary, no hype. Free.

Source. Full patent text and figures from the official USPTO publication PDF.

Editorial commentary on a publicly published patent application. Not legal advice.