CA2222480C - System and method for providing anonymous personalized browsing in a network - Google Patents
System and method for providing anonymous personalized browsing in a network Download PDFInfo
- Publication number
- CA2222480C CA2222480C CA002222480A CA2222480A CA2222480C CA 2222480 C CA2222480 C CA 2222480C CA 002222480 A CA002222480 A CA 002222480A CA 2222480 A CA2222480 A CA 2222480A CA 2222480 C CA2222480 C CA 2222480C
- Authority
- CA
- Canada
- Prior art keywords
- proxy system
- site
- recited
- user
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- G—PHYSICS
- G01—MEASURING; TESTING
- G01M—TESTING STATIC OR DYNAMIC BALANCE OF MACHINES OR STRUCTURES; TESTING OF STRUCTURES OR APPARATUS, NOT OTHERWISE PROVIDED FOR
- G01M13/00—Testing of machine parts
- G01M13/02—Gearings; Transmission mechanisms
- G01M13/021—Gearings
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/383—Anonymous user system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/30—Managing network names, e.g. use of aliases or nicknames
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/30—Managing network names, e.g. use of aliases or nicknames
- H04L61/301—Name conversion
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/30—Managing network names, e.g. use of aliases or nicknames
- H04L61/3015—Name registration, generation or assignment
- H04L61/3025—Domain name generation or assignment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/565—Conversion or adaptation of application format or content
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/30—Types of network names
- H04L2101/365—Application layer names, e.g. buddy names, unstructured names chosen by a user or home appliance name
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
- H04L67/306—User profiles
Abstract
For use with a network having server sites capable of being browsed by users based on identifiers received into the server sites and personal to the users, alternative proxy systems for providing substitute identifiers to the server sites that allow the users to browse the server sites anonymously via the proxy system. A central proxy system includes computer-executable routines that process site-specific substitute identifiers constructed from data specific to the users, that transmits the substitute identifiers to the server sites, that retransmits browsing commands received from the users to the server sites, and that removes portions of the browsing commands that would identify the users to the server sites. The foregoing functionality is performed consistently by the central proxy system during subsequent visits to a given server site as the same site specific substitute identifiers are reused. Consistent use of the site specific substitute identifiers enables the server site to recognize a returning user and, possibly, provide personalized service.
Description
SYSTEM AND METHOD FOR PROVIDING ANONYMOUS
PERSONALIZED BROWSING IN A NETWORK
TECHNICAL FIELD OF THE INVENTION
The present invention is directed, i:n general, to networks and, more specifically, to a system and method that allows a user to browse personalized server resources on a network anonymously.
BACKGROUND OF THE INVENTION
The Internet is a well-known collection of networks (e. g., public and private data communication and multimedia networks) that work together (cooperate) using common protocols to form a world wide network of networks.
In recent years, the availability of more efficient, reliable and cost-effective computers and networking tools have allowed many companies and individuals (collectively, "users") to become involved in an ever growing electronic marketplace. The immeasurable gains in technology experienced by the computer industry overall have allowed these users to rely on commercially available computers, such as personal computers ("PCs"), to meet their information processing and communication needs. To that end, PC manufacturers equip most PCs with an interface that may be used for communication over networks, such as the Internet.
The Internet continues to increase its position as an integral place for businesses that offers information and services to potential customers. Popular examples of such businesses are news providers (e. g., www.c:nn.com (the Cable News Network), www.nytimes.com (the New York Times), www.wsj.com (the Wall Street Journal), www.ft.com (Financial Times Magazine), www.businessweek.com (Business Week Magazine)); car manufacturers (e. g., www.f:ord.com/us (the Ford Motor Company), www.gm.com (the General Mc>tor Company), www.toyota.com (the Toyota Motor Company)); book stores (e. g., www.amazon.com (Amazon.com books)); software providers (e. g., www.microsoft.com (the Microsoft software company)) and many more.
Most often, such a business sets up a home page on the World Wide Web (a "web-site," the World wide Web is a logical overlay of the Internet). The web-site constitutes an electronically-addressable location that may be used for promoting, advertising and conducting business.
Potential electronic customers use web-browsers (e. g., 1O NETSCAPE NAVIGATOR~, MICROSOFT EXPLORER~, etC . ) t0 aCC2SS the information offered on those web-sites.
An increasing number of web sites offer personalized services that may include "personalized web pages"
customized to a user's interests, with hyper-links (a reference or link from some point in one hypertext document to some point in another document or another place in the same document -- often displayed in some distinguishing way (e.g., in a different color, font or style)) and displayed messages tailored according to the user's preferences. Such preferences can be ascertained by having a user establish an account with that web-site.
This allows the web-site to store information about the user's previous visits, either by tracking the hyper-links the user followed or through explicit dialogs with the user. For example, the Wall Street Journal provides a "personalized journal" to each user, where the sequence and selection of sections is customized. In order to open an account, the user typically has to complete a form electronically, providing a user name, a password, an electronic-mail ("e-mail") address, etc. The latter is often used by the web-site to send back information not provided on the web-site itself to the user.
Given the inherent lack of privacy of electronic communication over the Internet generally, and, particularly, the World Wide Web, it has long been felt r that a system that could ensure private electronic communication would be highly advantageous. As an example of the problem, consider the plight of a customer that would like to browse the World Wide Web in a safe and private (anonymous) manner, visiting sites that provide personalized service. The customer would like to establish accounts on web-sites without revealing his true identity, and without reusing the same user names, passwords, for multiple sites. Customers should refrain from reusing the same user names and passwords at multiple sites to avoid a security breach at one site to affect other sites; additionally, refraining from using such user names and passwords limits the ability of multiple sites from colluding to combine customer information and build dossiers on particular customers.
Typically, the customer visits many of these web-sites, and inventing and remembering new user names and passwords for each web-site becomes tedious. Moreover, many of these web-sites require the customer to include his e-mail address with his user name and password--by providing his e-mail address, the customer reveals his identity.
In addition, there are commercial products available that allow web-sites to track their clients and visitors. Such tracking can be made even when no voluntary information is provided by the user and no form is filled out. Examples of such systems are "Webreporter~," which is available from OPENMARKET, INC., and "SiteTrack~," which is available from GROUP CORTEX, whose advertisement reads a~~ follows:
"Identify who is visiting your site. Record the actual number of people that visit. Find which links they follow and trace their complete path. Learn which site users came from and which site they depart to . . . "
' CA 02222480 1997-11-27 These products are made possible because the hypertext transport protocol ("HTTP-protocol"), on which the World Wide Web is largely based, allows specific information to flow back from the user to the web-site. This can include for example, the user's e-mail address, the last web-site he came from, and information about the user's software and host-computer. Other pertinent user information may be sent by the web-site to the user browser using what are commonly referred to as "cookies" (pieces of information that web-sites may store at the user's browser). On subsequent visits to the web-site, the user's browser sends back information to the web-site without the user's knowledge.
From the foregoing, it is apparent that what is needed in the art is a scheme that provides anonymous personalized web browsing that satisfies two seemingly conflicting objectives, namely, providing user privacy and user identification.
f SUI~tARY OF THE INVENTION
To address the above-discussed deficiencies of the prior art, the present invention introduces a proxy system that performs two basic functions: (1) automatic substitution of user-specific identifiers such that server sites (e. g., web sites, junction points, intelligent portal devices, routers, network servers, etc.) within a network are prevented from determining the true identity of the user browsing (accessing, locating, retrieving, reading, contacting, etc.) the sites; and (2) automatic stripping of any other information associated with browsing commands that would allow the server sites to determine the true identity of the user browsing the server sites. An important aspect of the present invention is that the foregoing functions are performed consistently by the proxy system during subsequent visits to the server site (the same substitute identifiers are used on repeat visits to the server site; the server site also cannot distinguish between information supplied by the user and the proxy system, thus the proxy system is transparent to the server site). The present invention therefore not only introduces anonymous browsing, but also personalization based upon the consistent use of substitute identifiers.
It should be noted that the term "true," as used herein, means accurate, actual, authentic, at least partially correct, genuine, real or the like, the term "or," as used herein, is inclusive, meaning and/or; and the phrase "associated with" and derivatives thereof, as used herein, may mean to include within, interconnect with, contain, be contained within, connect to or with, couple to or with, be communicable with, juxtapose, cooperate with, interleave, be a property of, be bound to or with, have, have a property of, or the like.
As is described in greater detail hereinbelow, the principles of the present invention address the conflicting objectives of user privacy and user identification described hereinabove by providing a proxy system, a peripheral proxy system, and a method of providing substitute identifiers to a server site that allow users to browse the same anonymously via the proxy system.
In one embodiment, the present invention provides, for use with a network having server sites capable of being browsed by users based on identifiers received into the server sites and personal to the users, a central proxy system for providing substitute identifiers to the server sites that allow the users to browse the server sites anonymously via the central proxy system. According to various embodiments of the present invention, the substitute identifiers may be suitably constructed by the user site or a routine associated with the central site (advantageous ways (functions) of constructing the substitute identifiers are described hereinafter). The exemplary central proxy system includes: (1) a computer-executable first routine that processes (receives, accepts, obtains, constructs, produces, etc.) site-specific substitute identifiers constructed from data specific to the users, (2) a computer-executable second routine that transmits the substitute identifiers to the server sites and thereafter retransmits browsing commands received from the users to the server sites and (3) a computer-executable third routine that removes (and possibly substitutes) portions of the browsing commands that would identify the users to the server sites.
"Include" and derivatives thereof, as used herein, means inclusion without limitation.
In one embodiment, the first of the two above enumerated basic functions is performed external to the central proxy system, while in another it is performed, at D
' ' CA 02222480 1997-11-27 least in part, within the central proxy system. The central proxy system processes and forwards the substitute identifiers as appropriate and directly performs the second of the above-enumerated basic functions by stripping other information that would tend to identify the users. An Internet Access Provider ("ISP"), such as NETCOM~, or a networking service, such as AMERICA ONLINE~ or COMPUSERVE~ can advantageously employ the central proxy system to provide anonymous retransmission of browsing commands by their users.
It is important to understand that subsequent use of the proxy system by a "same" user to a "same" server site will cause the proxy system to construct (directly or indirectly) and use the same (site-specific) substitute identifiers. Typically, the proxy system functions as a conduit communicating messages between the user and the server. Depending upon the embodiment, the proxy system may remove or substitute some portion of messages communicated by the user to the server to ensure anonymity.
An alternative advantageous embodiment of the present invention may be provided in the form of a peripheral proxy system designed for use with a network having a server site capable of being browsed by users based on identifiers received into the server site and personal to the users. The peripheral proxy system includes: (1) a computer-executable first routine that constructs a particular substitute identifier from data received from a particular user and (2) a computer-executable second routine that transmits the particular substitute identifier to the central proxy system, the central proxy system retransmitting the particular substitute identifier to the server site and thereafter retransmitting browsing commands received from the particular user to the server site. According to this embodiment, the first routine may _g-be associated, at least in part, with the user site, which distributes the basic functions of the present invention over multiple computer ;systems.
The foregoing has out.linecl, rather broadly, preferred and alternative features c>f the present invention so that those skilled in the art may better understand the detailed description of the invention that follows.
Additional features of the invention will be described hereinafter that form the subject o:f the claims of the 1.0 invention. Those skilled in the art should appreciate that they can readily use the discl~~sed conception and specific embodiment as a basis fc>r ~~lesignin<~ oz: modifying other structures for carrying out the same purposes of the present invention. Those ski:L-~eci in the art: should also 7_5 realize that such equivalent cc;nstructions do not depart from the spirit and t~cope of t:he incent:ion :in its broadest form.
In accordance with one aspect ~f the present invention trere is provided a central proxy system for a?0 coup.ling to a nE:twork: and a for aal.lowing users to browse server site's on said r5etwork anonymously via said central proxy system, said central proxy system comprising: a computer-executable f:i.rst routim:: that processes site-specific substitute identifiers constructed from data, 25 including non-masked <Bata, specific to said users, such that said serveo sitE=~s are una~lf:~ to determine an identity of said user; a computer-executable second routine that transmits said subst .i_t:u.te ident=i:;~ iers to said server sites and thereafter retransmits brows.:ing commands received from 30 said users to said server sites; and a computer-executable third routine that removes port-_.ic~ns of said browsing commands that would identify said users to said server sites.
_ga--In accordance wi~tn another aspect cf the present invention there is provided a peripheral proxy system f:or coupling to a network and for allowing at least one user to browse a server side on said netwoi:-k anonymously via a central proxy system, said peripheral proxy system comprising: a compute.r--executable first routine that constructs a particular substitute identifier from data, including non-masked data, received from a particular user, such that said server site is unable to determine an identity of said user; a:~nd a computer-executable second routine that transmits said particular substitute identifier to said central proxy system, said central proxy system retransm:itting said pai:ti.cular substitute identifier to said server site and thereafter retransmitting browsing commands received from said particular user to said server site.
In accordance wish yet ancther aspect of the present invention there :is pro;rided a method for use with a network having a server_ site capable of being browsed by users and for allowing said users to browse said server site on said network. anonymously via said proxy system, said method comprising the steps of: constructing a particular substitute identifier from data, including non-masked data, received from a particular user, such that:
said server site is unable to determine an s-dentify of said user; transmitting said particular substitute identifier to said server_ site; and tr~ereafter retransmitting browsing commands rece_~ved from said particular user to said server site.
_g_ BRIEF DESCRIPTION OF THE DRAWINGS
For a more complete understanding of the present invention, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, wherein like numbers designate like objects, and in which:
FIGURE 1 illustrates a high-level block diagram of an exemplary distributed network with which the principles of the present invention may be suitably used to provide either a central or a peripheral proxy system for allowing users to provide substitute identifiers to server sites of a network to browse anonymously;
FIGURE 2 illustrates a block diagram of an exemplary sub-network of the distributed network of FIGURE 1 showing a central proxy system that includes each of a user site, a central proxy system and a plurality of illustrative server sites according to the principles of the present invention;
FIGURE 3 illustrates an exemplary full screen window of a proxy system according to the principles of the present invention;
FIGURE 4 illustrates an exemplary full screen window of an interface of a particular server site according to the principles of the present invention;
FIGURE 5 illustrates a block diagram of an exemplary sub-network of the distributed network of FIGURE 1 showing a peripheral proxy system that includes each of a user site, a central proxy system and a plurality of illustrative server site according to the principles of the present invention; and FIGURE 6 illustrates a block diagram of an exemplary sub-network of the distributed network of FIGURE 1 including each of a user site, a central proxy system and a plurality of illustrative server sites according to an exemplary marker proxy embodiment of the present DETAILED DESCRIPTION
Referring initially to FIGURE 1, illustrated is a high-level block diagram of an exemplary distributed network (generally designated 100) with which the principles of the present invention may be suitably used to provide either a central or a peripheral proxy system. Distributed network 100 illustratively includes a plurality of computer sites 105 to 110 that are illustratively associated by Internet 115.
Internet 115 includes the World Wide Web, which is not a network itself, but rather an "abstracti0ll" maintained on top of Internet 115 by a combination of browsers, server sites, HTML pages and the like.
According to the illustrated embodiment, either proxy system provides substitute identifiers to one or more of a plurality of server sites 110 of network 100. The substitute identifiers allow user sites (and, hence, users (not shown)) to browse the server sites anonymously via the proxy system.
Consistent use of the same (site-specific) substitute identifiers at a particular server site personalizes browsing.
For purposes of illustration, site 105a is assumed throughout this document to be a user site, site 110a is assumed to be a central proxy site, and site 1108 is assumed to be a server site.
Those of skill in the pertinent art will understand that FIGURE 1 is illustrative only; in other configurations, any of sites 105 to 110 may be a user, a central proxy or a server site, or a combination of at least two of the same. "Server site," as the term is used herein, is construed broadly, and may include any site capable of being browsed.
Although the illustrated embodiment i_s suitably implemented for and used over Internet 11~>, the principles and broad scope of the present invention may be associated with any appropriately arranged computer, communications, multimedia or other network, whether wired or wireless, that has server sites capable of being browsed by users based on identifiers received into the server sites and that are personal to the users. Further, though the principles of the present invention are illustrated using a single user site 105a, a single central proxy site 110a and a single server site 1108, alternate embodiments within the scope of the same may include a plurality of user, central proxy or server sites.
Exemplary network 100 is assumed to include a plurality of insecure communication channels that operate to intercouple ones of the various sites 105 to 110 of network 100. The concept of communication channels is known and allows insecure communication of information among ones of the intercoupled sites (the Internet employs conventional communication protocols that are also known).
A distributed network operating system executes on at least some of sites 105, 110 and may manage the insecure communication of information therebetween. Distributed network operating systems are also known.
According to exemplary central proxy system 110a of the present invention, which is discussed in detail with reference to FIGURE 2, substitute identifiers may be suitably indirectly provided by central proxy system 110a to server site 1108 (recall that substitute identifiers allow user site 105a to browse server site 110g anonymously). One or more site-specific substitute identifiers are suitably provided or constructed from data specific to user 105a either by user 105a or central proxy system 110a. Central proxy system 110a includes a plurality of executable routines -- a first routine processes site-specific substitute identifiers constructed from data specific to user 105a (site-specific substitute identifiers may be suitably constructed by a central proxy site 110a, such as by a routine associated with central proxy system 110a); a second routine transmits the substitute identifiers to server site 110g (possibly via a plurality of intermediate user and server sites 105, 110) and thereafter retransmits browsing commands received from user site 105a to server site 1108; and a third routine removes (and possibly substitutes) portions of the browsing commands that would identify user site 105a to server site 1108 (and the plurality of intermediate user and server sites 105, 110). The term "routine," as used herein, is construed broadly to not only include conventional meanings such as program, procedure, object, task, subroutine, function, algorithm, instruction set and the like, but also sequences of instructions, as well as functionally equivalent firmware and hardware implementations.
Alternatively, according to an exemplary peripheral proxy system (generally designated 120) of the present invention, which is discussed in detail with reference to FIGURE 5, that is designed for use with network 100 again having a server site 110g capable of being browsed by a user site 105a based on substitute identifiers received into server site 110g and that are personal to user site 105a. Exemplary peripheral proxy system 120 includes first and second executable routines. The first routine, which may advantageously reside in user site 105a or, alternatively, in central proxy system 110a, constructs a particular substitute identifier from data particular to user site 105a. The second routine, which may also advantageously reside in user site 105a or, partially, in user site 105a and central proxy system 110a, transmits the particular substitute identifier to central proxy system 110a. Central proxy system 110a then retransmits the particular substitute identifier to server site 1108 and thereafter communicates (e. g., transmits, receives, etc.) information (e. g., browsing commands, data, etc.) between user site 105a to server site 1108.
According to the illustrated embodiment, peripheral proxy system 120 differs from central proxy system 110a by the location of execution of the first and second routines. In the illustrated central proxy embodiment, all routines are executed by central proxy system 110a, which means that all users must send user specific information to central proxy system 110a. In the illustrated peripheral proxy system 120, the first and second routines may be executed in a proxy subsystem associated with user site 105a. In one advantageous embodiment, user system 105a's user specific information (e. g., user identification, passwords, e-mail addresses, telephone numbers, credit card numbers, postal address, etc.) remain local, which will typically be more secure than central proxy system 110a.
As set forth hereinabove, an ISP, such as NETCOM~, or a networking service, such as AMERICA ONLINE~ or COMPUSERVE~, can advantageously employ either exemplary proxy system (central or peripheral) to provide anonymous communication (transmission, reception, retransmission, etc) of browsing, (e. g., accessing, selection, reading, etc.) commands between user sites and server sites.
An important aspect of the above-identified embodiments is the use of site-specific substitute identifiers to eliminate the need for a user to have to "invent" a new user name and password for each server site which requires the establishment of an account (e.g., the NEW YORK TIMES, the WALL STREET ~TOURNAL, the NEWSPAGE~ arid ESPN~
sites). The illustrated embodiment generates secure substitute identifiers (e. g., alias user names, passwords, e-mail addresses, postal addresses, credit card numbers, etc.) that are distinct and secure for the user. The user provides one or more character strings (which may be random) once, which may advantageously be at the beginning i of a proxy system session. The proxy system uses the same to generate one or more secure site-specific substitute identifiers for the user -- thereby freeing the user from the burden of inventing new and unique identifiers for each server site. Moreover, the user no longer has to type such secure identifiers every time the user returns to a particular server site requiring an account; instead the proxy system provides the appropriate secure identifiers automatically. In an advantageous embodiment to be described, the proxy system filters other identifying information (e.g., HTTP headers, etc.) sent by user site 105a while browsing server sites. It is important to keep in mind that server sites cannot typically distinguish between information supplied by proxy system 110a and information supplied by user site 105a -- central proxy system 110a being transparent to server sites.
In one embodiment, the substitute identifiers are transmitted on demand from servers, without any intervention from the user. This process automates the response to a "basic authentication request," which is a common procedure used by servers to identify users on the World Wide Web. In this way, the user is not burdened by this activity.
According to the illustrated embodiment, to produce substitute identifiers the proxy system may suitably maintain secret information (secret to at least one server-site) in the form of user definable character strings. These character strings may be user defined and may be maintained in some conventional manner, such as storing the same to memory associated with the proxy system, or, advantageously, a function (described hereinafter) may be used to produce the substitute identifiers, at least in part, in association with the secret information. According to one approach, the proxy system maintains a conventional data structure to maintain the same, such as a database, data repository, an array, etc., or even an alias table, that may be used to map user information to their substitute, or alias, identifiers.
According to one advantageous embodiment, the user delivers its own secret (user definable character string) at the beginning of each session, which is used by the proxy system to generate, directly or indirectly, the substitute identifiers for the session. This option has the advantage that a user has the flexibility to choose different proxies at different times and there is no permanent secret information stored on the proxy system.
In another related embodiment, the data comprises at least two secret user definable character strings, wherein the first routine processes substitute identifiers constructed in part from the at least two secret user definable character strings. Of course, alternate suitable approaches may be used to accomplish the purpose of providing anonymous personalized web browsing according to the present invention.
Turning now to FIGURE 2, illustrated is a block diagram of an exemplary sub-network (generally designated 200) of distributed network 100, wherein sub-network 200 includes user site 105a, central proxy system~110a and server site 1108 (shown among a plurality of other illustrative server sites 110 of Internet 115) according to the principles of the present invention.
For purposes of illustration, assume that user site 105a issues a command to access server site 1108 (the NEw YoRx TRIBUNE web-site ( "NYT" ) ) . Such access would be via central proxy system (server site) 110a, which ensures that user specific data concerning user site 105a is not communicated over the remainder of Internet 115 -- there may be HTTP header fields, for example, that include data about user site 105a that central proxy system 110a _ -17-filters.
Exemplary central proxy system 110a advantageously executes on a server site that is not associable with user site 105a by other sites over Internet 115. According to an advantageous embodiment, central proxy system 110a may be suitably distant, both physically and logically, from user site 105a -- user site 105a does not access server-sites directly because the server-sites can determine both physically and logically the Internet Protocol ("IP") --address of the machine that made the request.
According to the exemplary embodiment, if user site 105a's command to access NYT 110g is user site 105a's first request of the current session, central proxy system 110a will recognize the same, and display its own HTML-document, possibly on user site 105a's browser.
Turning momentarily to FIGURE 3, illustrated is an exemplary full screen window of a conventional browser 300 ( "NETSCAPE~" ) displaying an inlaid interface 305 ( "JArrusS~~" ) of central proxy system 110a according to the principles of the present invention. Exemplary interface 305 prompts a user of site 105a to enter user definable character strings, which according to the illustrated embodiment includes identification ("ID") data and secret ("S") data supplied by the user. Each user initially supplies a user ID (e.g., e-mail address) and a user S to allow one or more substitute identifiers to be chosen or constructed (site-specific substitute identifiers are suitably constructed from data specific to user 105a and a particular server site which user 105a intends to browse).
Alternatively, other or further data supplied by the user may be appropriate in some applications (e. g., credit card number, post office address, handle, etc.).
According to the advantageous embodiment, substitute identifiers may be constructed (generated) using a suitable function that includes the features of anonymity, p consistency, collision resistance and uniqueness, protection from creation of dossiers, and single secret and acceptability. Concerning anonymity, the identity of the user should be kept secret; that is, a server site, or a coalition of sites, cannot determine the true identity of the user from its substitute identification.
Concerning consistency, for each server-site, each user should be provided with some substitute identifiers allowing the server site to recognize the user given the same, thereby enabling the server site to personalize the user's access and the user can thus be "registered" at the server site.
With respect to collision resistance and uniqueness, given a user's identity and a server site, a third party should not find a different user identity which results in the same alias (impersonation) for that server site. As to protection from creation of dossiers, the user is likely to be assigned a distinct alias (substitute identifier) for distinct server sites, so that a coalition of sites is unable to learn a user's habits and build a user profile (dossier) based on the set of sites accessed by the user. Lastly, single secret (user definable character string) and acceptability provides, given the user's identity and a single secret, automatic generation of secure, distinct aliases (substitute identifier) as needed for each server-site, transparent to the user --from the user's perspective, the user definable character string is equivalent to a universal password for a collection of server-sites.
According to this embodiment, a user ID is "corrupt"
(not secret) if an adversary (one or more server sites desirous of identifying the user), E, has been able to read the user's secret, S. Alternatively, a user ID is "partially opened" (not fully secure) with respect to a particular server site, w, if E has been able to read the alias password; a user ID is "opened" (not secure) with respect to w, if it is partially opened and E has been able to relate the alias password together with the alias user name to the user ID. Assuming that the function, T(), is defined as follows, T(user ID, web-site ("w"), S) - ( substitute username, passwords ) , hence, T (id, w, S) -(Uw, Pw) ; and Tu (id, w, S) - Uw and Tp (id, w, S) - Pw.
Tu(id,w,S) - Uw = h(enc(k,id,f(sl,w))) and Tp (id, w, S) - Pw = h (enc (k, id, f (s2, w) ) ) , wherein id denotes user site 105a's ID (e.g., e mail address);
w denotes server site 110g's domain name;
// denotes the logical function of concatenation;
S denotes k//sl//s2, a user site 105a definable character string;
xor denotes the Boolean function of exclusive or;
f(k,x) denotes a suitably arranged function for generating pseudo-random values, and may be selected from a group of functions, such as des(k,h(x),x);
enc ( k, x, r) denotes r// ( f ( k, r) xor x) ;
h() denotes a collision-resistant hash function, such as MD5; and des(k,i,x) denotes DES encryption in cipher block chaining ("CBC") mode, which are known, of information x using key k and an initialization vector i.
Both Tu() and Tp() may suitably truncate the result of the hashing function, h(), to fit the longest allowed user name or password or the particular server site.
f Relating this function, T(), to the above-identified and described feat ures yields the following:
F
1. E can only guess at the identity, ID, of a user which is only partially opened and uncorrupted.
2. T() is a deterministic function and E can only guess at the alias-password of a user which is unopened and uncorrupted.
3. Given w and an uncorrupted and unopened user ID, E can only guess at the ID and S.
4 . For an uncorrupted user ID and w, T (id, w, S) does not give to E information about T (id, w', S) for any w' not equal to w.
5 . The range of T (id, w, S) is such that it is accepted by server sites as a valid username and password -- implying a limited length string of printable characters.
Those skilled in the pertinent art will understand that alternate suitable functions may replace or be used in association with the foregoing according to the principles of the present invention.
Use of the foregoing exemplary substitute identifier constructing function, and for that matter, any other suitably arranged function for constructing substitute identifiers according to the present invention, operates to foster the above-identified features of anonymyzed and personalized browsing. The present invention provides the ability to anonymously visit a server site a first time via site-specific substitute identifiers, to interact with the server site as a function thereof, and to re-visit the server site on subsequent occasions using the same site-specific substitute identifiers, interacting with the server site as a return customer -- possibly receiving personalized attention -- as a function of the recognized substitute identifiers. Simply stated, the substitute identifiers are constructed consistently; and in advantageous embodiments in a site-specific manner.
In one embodiment of the present invention, the substitute identifiers include site-specific substitute user names and site-specific substitute user passwords.
"Site-specific" means that the names and passwords vary from site to site, depending perhaps upon the address of each site. This may complicate the task of creating a dossier relative to a given user. In a related embodiment, the first routine constructs site-specific substitute e-mail addresses for user site 105a from the site-specific data. In an alternate advantageous embodiment, the first routine constructs the site-specific substitute identifiers from addresses of the server sites -- of course, site-specific information other than the address of the site may be used to construct the substitute identifiers.
If this is the first contact of the user with central proxy system 110a, then the user may suitably generate a user defined character string (secret) at random and store the same locally. In one advantageous embodiment, the first routine processes substitute identifiers that may be constructed by applying pseudo-random and hash functions (e. g., T() function set forth hereinabove) to the data received from user site 105a -- those skilled in the art are familiar with the structure and operation of pseudo-random and hash functions and their utility. The important aspect of this and related embodiments is that the present invention is adapted to take advantage of current and later-discovered functions to enhance anonymity and security.
Alternatively, if this is the first contact of a current session then the user may suitably enclose the stored user defined character string to central proxy system 110a. Nonetheless, browser 300 sends interface 305 together with a user's ID and other user definable character string to central proxy system 110a. Central proxy system 110a receives this information and may use the same for the rest of the session.
In one advantageous embodiment, the first routine receives or generates session tags that are added to the browsing commands, central proxy site 110a employing the session tags to associate the substitute identifiers with each of the browsing commands -- the session tags, while not necessary to the present invention, provide one manner that allows user sites 105a to supply their data only once, usually at the beginning of each session. In a related advantageous embodiment, central proxy site 110a includes a data store that is capable of containing session information specific to user sites 105a and accessible by server sites 1108.
In one advantageous embodiment, the second routine described above, which may be local to the central proxy system 110a, transmits the substitute identifiers to server site 1108. In a further advantageous embodiment, the second routine transmits the substitute identifiers to server site 110g based on alphanumeric codes supplied in fields of web-pages 305 by the users. The alphanumeric codes prompt the second routine as to how and where to locate the substitute identifiers, removing the users from actually having to provide the substitute identifiers directly. Of course, the alphanumeric codes may be supplied in a different form. In a related, more specific embodiment, the users manually place the alphanumeric codes in the fields of web-pages 305. Of course, the present invention encompasses intelligent parsing of the fields of web pages 305 to determine automatically how and where the alphanumeric codes should be located. Those skilled in the art are familiar with the Internet in general, the World Wide Web in particular and the way in which the structure of the World Wide Web promotes "browsing." The present invention finds apparent utility in conjunction with the Internet and the World Wide Web, however, those skilled in the art will readily understand that the present invention has advantageous application outside of the Internet as well in any suitably arranged computer, communications, multimedia or like network configuration.
Nonetheless, after central proxy system 110a obtains the required information about the user, the above-described third routine removes portions of the browsing commands that would identify user site 105a to server site 1108, and forwards user site 105a's original request for access to NYT-site 1108 (e. g., using an HTTP get-request) -- thereby selectively excluding from the request header-fields or the like that may identify the user.
If this is the user's first visit to NYT-site 110g, then it may suitably provide the user with an electronic form prompting, for example, for a user name, a password and an e-mail address in order to establish an account.
Turning momentarily to FIGURE 4, illustrated is exemplary full screen window of conventional NETSCAPE~ browser 300 displaying an inlaid interface 400 ( "THE NEw YORK TRIBUNE" ) of server site 110g according to the principles of the present invention.
Now, instead of having to provide a unique user name and a secret password, the user may suitably provide these fields with simple escape strings (e.g., "<uuuu>" and "<pppp>"). More specifically, the alphanumeric codes above-described may be suitably arranged into such escape sequences -- those skilled in the art are familiar with escape sequences. These strings are recognized by central proxy site 110a which uses user site 105a's user name and secret (user definable character string) along with the domain-name of the NEw YORK TRIBUNE and computes substitute identifiers (e. g., alias user name, u3, and alias password, p3, in FIGURE 2, etc.), such as by function T(ID, secret, domain-name). The site-specific substitute identifiers may be sent to a particular server site by central proxy system 110a using the same mechanism that the user would submit input to the particular server site.
In other words, proxy system 110a receives information communications, such as browsing commands, from user site 105a intended for server site 110g, and retransmits the same to server site 110g -- central proxy system 110a functioning as a transparent conduit for anonymizing and, through consistent generation of site-specific substitute identifiers, personalizing server site browsing.
On a subsequent visit to NYT-site 1108, which will require that user site 105a authenticate itself (response to the first get-request forwarded to NYT-site 1108 by central proxy system 110a), central proxy system 110a may be suitably operative to automatically recompute u3 and p3 and reply by sending these values back to NYT-site 1108 (re-sending the get-request). User site 105a is thereby freed from the burden of remembering the user name and password of its NYT-site 1108 account. To summarize, the protocol, which may be suitably executed without involving user site 105a, includes: (1) a step of NYT-site server 1108 requesting an authentication from central proxy site 110a by failing the first get request; (2) central proxy site 110a recomputing the substitute identifiers (e. g., (alias-user name, alias-password) - T(ID, secret, domain-name), or the like); (3) central proxy site 110a replying by re-sending the get with the same substitute identifiers.
The substitute identifiers are consistent in the sense that the substitute identifiers are presented on subsequent visits to the same server site by user 105a.
Consistent substitute identifiers allow server sites to recognize returning users and provide personalized service to them. In one embodiment, the second routine transmits the substitute identifiers on demand from servers, without any intervention from user 105a. This process automates the response to a "basic authentication request," which is a common procedure used by servers to identify users 105a on the World Wide Web. In this way, user 105a is not burdened by this activity. In this embodiment, the second routine may have to re-transmit the original user request along with the substitute identifier to the server.
It should be noted that many servers require a valid e-mail address for creating an account -- users cannot use their true e-mail address for this purpose since it uniquely identifies them. The proxy system of the present invention may suitably solve this problem by creating an alias e-mail address for user site 105a and store e-mail in an electronic mailbox. In one advantageous embodiment, central proxy system 110a includes a data store capable of containing e-mail destined for the users, thereby preventing server sites from contacting users directly.
Contrary to prior art anonymous re-mailers, the present embodiment is not required to rely on having to store any translation tables (which may be large and vulnerable) from alias to true user identifiers in central proxy system 110a. This embodiment is inherently securer than prior art approaches as central proxy system 110a is not required to maintain and protect a translation table and cannot be forced to reveal the contents of any such table to a third party.
In an alternate advantageous embodiment, central proxy system 105a further includes a data store capable of containing e-mailboxes for the users and specific to the server sites. According to this embodiment, each user has a mailbox for each site that has generated mail destined for the user. Rather than compromising security by allowing automatic remailing to the user, the present embodiment may store e-mail for explicit retrieval by each user.
r For each server, it may be advantageous for users to have a separate e-mail box, possibly identified by user-substitute identifiers. This approach may allow for suitable disposal of e-mail messages received from the third-parties (e. g., "junk e-mail") as well as the option of selective disposal of e-mail messages.
In one advantageous embodiment, each of e-mailboxes has a key associated therewith, the key being a function of the data and an index number. The use of keys with e-mailboxes is known. In another advantageous embodiment, central proxy system 110a further comprises a computer-executable routine that, given the substitute identifiers, collects e-mail destined for the users and contained within a plurality of site-specific e-mailboxes. This embodiment may suitably employ a mail-collecting routine that automatically locates user site 105a's various mailboxes and retrieves the mail therefrom once the user has supplied the appropriate data.
According to one advantageous embodiment, central proxy system 110a includes functionality necessary to support electronic payment, the users employ electronic payment information to engage in anonymous commerce with the server sites. To facilitate the same, central proxy system 110a may include a data store capable of containing such electronic payment information. Further, substitute identifiers may be constructed, at least in part, using credit/debit card numbers, bank branch or account numbers, postal addresses, telephone numbers., tax identification numbers, social security numbers or the like. Various methods for achieving anonymous commerce are known.
By way of further example, an ever increasing number of sites require a valid credit card number as part of establishing an account, so that such sites may charge the user for their services ( e. g. , WALL STREET JOURNAL~, ESPN~, etc.). V~Thile the above-described proxy system provides f substitute identifiers to free users from remembering these items and by providing a guard on (involuntary) data flowing to the web-site, it may not provide complete anonymity to a user who has provided a credit card number to a site. One solution, described briefly above, requires central proxy system 110a to provide its own valid credit card number to the requesting site and then collect money from its users. If central proxy system 105a is incorporated into an Internet provider, for example, such as AMERICA ONLINE~, then this relationship may-already exist.
Alternatively, central proxy system 110a may be known and trusted by other sites, thereby allowing central proxy system 110a to generate an alias credit card number and expiration date, and then to authenticate this data and send it to a requesting site. The site can then check that this number indeed originates from central proxy system 110a and hence accepts the same as valid, with the understanding that it can collect the money from central proxy system 110a. There no longer is a need to send a "real" credit card number between central proxy system 110a and the sites.
It is important to realize that the various features and aspects of the embodiments above-described may also be suitably implemented in accordance with the peripheral proxy system described with reference to FIGURE 1. More particularly, turning momentarily to FIGURE 5, there is illustrated a block diagram of an exemplary sub-network (generally designated 500) of the distributed network of FIGURE 1 showing a peripheral proxy system 120 that includes each of user site 105a, central proxy system 110a and NYT-site 1108 (shown among a plurality of other illustrative server sites 110 of Internet 115) according to the principles of the present invention.
Peripheral proxy system 120, as set forth above, includes first and second executable routines. The first routine, which advantageously resides in user site 105a, constructs substitute identifiers from data particular to user site 105a. The second routine, which also illustratively resides in user site 105a, transmits the substitute identifiers to central proxy system 110a.
Central proxy system 110a then retransmits the substitute identifiers to server site 1108 and thereafter communicates (e. g., transmits, receives, etc.) information (e. g., browsing commands, data, etc.) between user site 105a to server site 1108. This second configuration is particularly advantageous when users may not trust central proxy system 110a or the communication lines therebetween, and want to keep user identifications and other secret information secure.
A local proxy system 510 may be used to maintain the same, and may use the user's identification and other information to compute the substitute identifiers. Local proxy system 510 communicates with a central proxy system 110a, which may be used to forward communication to servers and handle e-mail. In one embodiment, central proxy system 110a communicates with computer-executable local routines associated with the users, the local routines constructing the site-specific substitute identifiers from data specific to the users. Again, central proxy system 110a may rely on distributed routines, local to each user, that generate the substitute identifiers and transmit the same to central proxy system 110a.
Turning now to FIGURE 6, illustrated is a block diagram of an exemplary sub-network (generally designated 600) of the distributed network 100 including each of user site 105a, central proxy system 110a and a plurality of illustrative server sites 110b, 110c, and 1108 according to an exemplary marker proxy embodiment of the present invention. As described above, the central proxy system of the present invention may be employed in at least two configurations, namely, a central proxy configuration (FIGURE 2) or a peripheral proxy configuration (FIGURE 5).
In the central proxy configuration, central proxy system 110a computes substitute identifiers. An implementation of this configuration may require user site 105a to provide one or more user definable character strings (e. g., user identification, password and other secret information) once, and central proxy system 110a will thereafter generate the substitute identifiers as needed. Central proxy system 110a may associate the user definable character strings with a series of HTTP requests generated by the same user site 105a -- the central proxy system 110a may associate each request with a session, that contains all communication between a specific user site 105a and the central proxy system 110a.
The HTTP protocol however does not generally directly support sessions or relationships between requests. More particularly, each HTTP request may be sent a new socket connection, and there is no required HTTP header field that can link successive requests from the same user.
It should be noted that the session identification is typically not necessary in the peripheral proxy configuration since central proxy system 110a may forward communications without any computation. In a typical embodiment, peripheral proxy system 120 retransmits browsing commands received from user site 105a to central proxy system 110a, which then retransmits such commands to server site 1108. According to one embodiment, peripheral proxy system 120 removes and, possibly, substitutes portions of the browsing commands that would identify user site 105a to server site 1108.
In one advantageous embodiment user site 105a runs a marker program 605 locally. Marker program 605 operates to tag user site 105a's requests with a session tag, t.
Central proxy system 110a uses this tag to identify requests belonging to a particular one of a group of users. Marker program 605 may be implemented to store user site 105a's session tag and add this tag to all requests, and central proxy system 110a removes the session tag before forwarding the request to some server site. The session tag should be unique, as no two users should have the same tag.
It should be noted that NETSCAPE~ uses "cookies, "
which are a mechanism for storing and retrieving long term session information (the use of "cookies" conceptually is known). The cookies are generated by the browsed servers and are associated with a specific domain name. Browsers 300 submit the cookies associated with a specific domain name whenever the user re-visits that domain. Servers typically only generate cookies associated with their domain. Cookies provide an easy mechanism to keep session information, such as the contents of a "shopping cart,"
account name, password, event counters, user preferences, etc.
Some companies, use cookies extensively to track users and their habits. Since the proxy systems of the present invention present substitute identifiers to browsed servers, the servers cannot learn true user identities. Thus all of the information that the server may store in its cookie relates to some "alias persona,"
and not to the true user. Whenever the user returns to the same server, it will present the same substitute identifiers, and may also submit the cookie that the server generated earlier for this alias persona.
It is apparent from above, that the present invention provides, for use with a network having user sites and server sites, wherein the server sites are capable of being browsed by the user sites based on identifiers received into the server sites and personal to the user sites, both a central and a peripheral proxy system for providing consistent substitute identifiers to the server sites that allow the user sites to browse the server sites in an anonymous and personal fashion via the proxy system.
An exemplary central proxy system includes: (1) an executable first routine that processes site-specific substitute identifiers constructed from data specific to the user sites, (2) an executable second routine that transmits the substitute identifiers to the server sites and thereafter retransmits browsing commands received from the user sites to the server sites and (3) an executable third routine that removes (and possibly substitutes) portions of the browsing commands that would identify the user sites to the server sites.
An exemplary peripheral proxy system includes: (1) an executable first routine that constructs a particular substitute identifier from data received from a particular user site and (2) an executable second routine that transmits the particular substitute identifier to a central proxy system, the central proxy system then retransmitting the particular substitute identifier to the server site and thereafter retransmitting browsing commands received from the particular user site to the server site.
Although the present invention has been described in detail, those skilled in the art should understand that they can make various changes, substitutions and alterations herein without departing from the spirit and scope of the invention in its broadest form. More particularly, it should be apparent to those skilled in the pertinent art that the above-described routines are software-based and executable by a suitable conventional computer system/network. Alternate embodiments of the present invention may also be suitably implemented, at least in part, in firmware or hardware, or some suitable combination of at least two of the three. Such firmware-or hardware embodiments may include multi, parallel and distributed processing environments or configurations, as well as alternate programmable logic devices, such as programmable array logic ("PALS") and programmable logic arrays ("PLAs"), digital signal processors ("DSPs"), field programmable gate arrays ("FPGAs"), application specific integrated circuits ("ASICs"), large scale integrated circuits ("LSIs"), very large scale integrated circuits ("VLSIs") or the like -- to form the various types of modules, circuitry, controllers, routines and systems described and claimed herein.
Conventional computer system architecture is more fully discussed in The Indispensable PC Hardware Book, by Hans-Peter Messmer, Addison Wesley (2nd ed. 1995) and Computer Organization and Architecture, by William Stallings, MacMillan Publishing Co. (3rd ed. 1993);
conventional computer, or communications, network design is more fully discussed in Data Network Design, by Darren L. Spohn, McGraw-Hill, Inc. (1993); and conventional data communications is more fully discussed in Voice and Data Communications Handbook, by Bud Bates and Donald Gregory, McGraw-Hill, Inc. (1996), Data Communications Principles, by R. D. Gitlin, J. F. Hayes and S. B. Weinstein, Plenum Press (1992) and The Irwin Handbook of Telecommunications, by James Harry Green, Irwin Professional Publishing (2nd ed. 1992).
PERSONALIZED BROWSING IN A NETWORK
TECHNICAL FIELD OF THE INVENTION
The present invention is directed, i:n general, to networks and, more specifically, to a system and method that allows a user to browse personalized server resources on a network anonymously.
BACKGROUND OF THE INVENTION
The Internet is a well-known collection of networks (e. g., public and private data communication and multimedia networks) that work together (cooperate) using common protocols to form a world wide network of networks.
In recent years, the availability of more efficient, reliable and cost-effective computers and networking tools have allowed many companies and individuals (collectively, "users") to become involved in an ever growing electronic marketplace. The immeasurable gains in technology experienced by the computer industry overall have allowed these users to rely on commercially available computers, such as personal computers ("PCs"), to meet their information processing and communication needs. To that end, PC manufacturers equip most PCs with an interface that may be used for communication over networks, such as the Internet.
The Internet continues to increase its position as an integral place for businesses that offers information and services to potential customers. Popular examples of such businesses are news providers (e. g., www.c:nn.com (the Cable News Network), www.nytimes.com (the New York Times), www.wsj.com (the Wall Street Journal), www.ft.com (Financial Times Magazine), www.businessweek.com (Business Week Magazine)); car manufacturers (e. g., www.f:ord.com/us (the Ford Motor Company), www.gm.com (the General Mc>tor Company), www.toyota.com (the Toyota Motor Company)); book stores (e. g., www.amazon.com (Amazon.com books)); software providers (e. g., www.microsoft.com (the Microsoft software company)) and many more.
Most often, such a business sets up a home page on the World Wide Web (a "web-site," the World wide Web is a logical overlay of the Internet). The web-site constitutes an electronically-addressable location that may be used for promoting, advertising and conducting business.
Potential electronic customers use web-browsers (e. g., 1O NETSCAPE NAVIGATOR~, MICROSOFT EXPLORER~, etC . ) t0 aCC2SS the information offered on those web-sites.
An increasing number of web sites offer personalized services that may include "personalized web pages"
customized to a user's interests, with hyper-links (a reference or link from some point in one hypertext document to some point in another document or another place in the same document -- often displayed in some distinguishing way (e.g., in a different color, font or style)) and displayed messages tailored according to the user's preferences. Such preferences can be ascertained by having a user establish an account with that web-site.
This allows the web-site to store information about the user's previous visits, either by tracking the hyper-links the user followed or through explicit dialogs with the user. For example, the Wall Street Journal provides a "personalized journal" to each user, where the sequence and selection of sections is customized. In order to open an account, the user typically has to complete a form electronically, providing a user name, a password, an electronic-mail ("e-mail") address, etc. The latter is often used by the web-site to send back information not provided on the web-site itself to the user.
Given the inherent lack of privacy of electronic communication over the Internet generally, and, particularly, the World Wide Web, it has long been felt r that a system that could ensure private electronic communication would be highly advantageous. As an example of the problem, consider the plight of a customer that would like to browse the World Wide Web in a safe and private (anonymous) manner, visiting sites that provide personalized service. The customer would like to establish accounts on web-sites without revealing his true identity, and without reusing the same user names, passwords, for multiple sites. Customers should refrain from reusing the same user names and passwords at multiple sites to avoid a security breach at one site to affect other sites; additionally, refraining from using such user names and passwords limits the ability of multiple sites from colluding to combine customer information and build dossiers on particular customers.
Typically, the customer visits many of these web-sites, and inventing and remembering new user names and passwords for each web-site becomes tedious. Moreover, many of these web-sites require the customer to include his e-mail address with his user name and password--by providing his e-mail address, the customer reveals his identity.
In addition, there are commercial products available that allow web-sites to track their clients and visitors. Such tracking can be made even when no voluntary information is provided by the user and no form is filled out. Examples of such systems are "Webreporter~," which is available from OPENMARKET, INC., and "SiteTrack~," which is available from GROUP CORTEX, whose advertisement reads a~~ follows:
"Identify who is visiting your site. Record the actual number of people that visit. Find which links they follow and trace their complete path. Learn which site users came from and which site they depart to . . . "
' CA 02222480 1997-11-27 These products are made possible because the hypertext transport protocol ("HTTP-protocol"), on which the World Wide Web is largely based, allows specific information to flow back from the user to the web-site. This can include for example, the user's e-mail address, the last web-site he came from, and information about the user's software and host-computer. Other pertinent user information may be sent by the web-site to the user browser using what are commonly referred to as "cookies" (pieces of information that web-sites may store at the user's browser). On subsequent visits to the web-site, the user's browser sends back information to the web-site without the user's knowledge.
From the foregoing, it is apparent that what is needed in the art is a scheme that provides anonymous personalized web browsing that satisfies two seemingly conflicting objectives, namely, providing user privacy and user identification.
f SUI~tARY OF THE INVENTION
To address the above-discussed deficiencies of the prior art, the present invention introduces a proxy system that performs two basic functions: (1) automatic substitution of user-specific identifiers such that server sites (e. g., web sites, junction points, intelligent portal devices, routers, network servers, etc.) within a network are prevented from determining the true identity of the user browsing (accessing, locating, retrieving, reading, contacting, etc.) the sites; and (2) automatic stripping of any other information associated with browsing commands that would allow the server sites to determine the true identity of the user browsing the server sites. An important aspect of the present invention is that the foregoing functions are performed consistently by the proxy system during subsequent visits to the server site (the same substitute identifiers are used on repeat visits to the server site; the server site also cannot distinguish between information supplied by the user and the proxy system, thus the proxy system is transparent to the server site). The present invention therefore not only introduces anonymous browsing, but also personalization based upon the consistent use of substitute identifiers.
It should be noted that the term "true," as used herein, means accurate, actual, authentic, at least partially correct, genuine, real or the like, the term "or," as used herein, is inclusive, meaning and/or; and the phrase "associated with" and derivatives thereof, as used herein, may mean to include within, interconnect with, contain, be contained within, connect to or with, couple to or with, be communicable with, juxtapose, cooperate with, interleave, be a property of, be bound to or with, have, have a property of, or the like.
As is described in greater detail hereinbelow, the principles of the present invention address the conflicting objectives of user privacy and user identification described hereinabove by providing a proxy system, a peripheral proxy system, and a method of providing substitute identifiers to a server site that allow users to browse the same anonymously via the proxy system.
In one embodiment, the present invention provides, for use with a network having server sites capable of being browsed by users based on identifiers received into the server sites and personal to the users, a central proxy system for providing substitute identifiers to the server sites that allow the users to browse the server sites anonymously via the central proxy system. According to various embodiments of the present invention, the substitute identifiers may be suitably constructed by the user site or a routine associated with the central site (advantageous ways (functions) of constructing the substitute identifiers are described hereinafter). The exemplary central proxy system includes: (1) a computer-executable first routine that processes (receives, accepts, obtains, constructs, produces, etc.) site-specific substitute identifiers constructed from data specific to the users, (2) a computer-executable second routine that transmits the substitute identifiers to the server sites and thereafter retransmits browsing commands received from the users to the server sites and (3) a computer-executable third routine that removes (and possibly substitutes) portions of the browsing commands that would identify the users to the server sites.
"Include" and derivatives thereof, as used herein, means inclusion without limitation.
In one embodiment, the first of the two above enumerated basic functions is performed external to the central proxy system, while in another it is performed, at D
' ' CA 02222480 1997-11-27 least in part, within the central proxy system. The central proxy system processes and forwards the substitute identifiers as appropriate and directly performs the second of the above-enumerated basic functions by stripping other information that would tend to identify the users. An Internet Access Provider ("ISP"), such as NETCOM~, or a networking service, such as AMERICA ONLINE~ or COMPUSERVE~ can advantageously employ the central proxy system to provide anonymous retransmission of browsing commands by their users.
It is important to understand that subsequent use of the proxy system by a "same" user to a "same" server site will cause the proxy system to construct (directly or indirectly) and use the same (site-specific) substitute identifiers. Typically, the proxy system functions as a conduit communicating messages between the user and the server. Depending upon the embodiment, the proxy system may remove or substitute some portion of messages communicated by the user to the server to ensure anonymity.
An alternative advantageous embodiment of the present invention may be provided in the form of a peripheral proxy system designed for use with a network having a server site capable of being browsed by users based on identifiers received into the server site and personal to the users. The peripheral proxy system includes: (1) a computer-executable first routine that constructs a particular substitute identifier from data received from a particular user and (2) a computer-executable second routine that transmits the particular substitute identifier to the central proxy system, the central proxy system retransmitting the particular substitute identifier to the server site and thereafter retransmitting browsing commands received from the particular user to the server site. According to this embodiment, the first routine may _g-be associated, at least in part, with the user site, which distributes the basic functions of the present invention over multiple computer ;systems.
The foregoing has out.linecl, rather broadly, preferred and alternative features c>f the present invention so that those skilled in the art may better understand the detailed description of the invention that follows.
Additional features of the invention will be described hereinafter that form the subject o:f the claims of the 1.0 invention. Those skilled in the art should appreciate that they can readily use the discl~~sed conception and specific embodiment as a basis fc>r ~~lesignin<~ oz: modifying other structures for carrying out the same purposes of the present invention. Those ski:L-~eci in the art: should also 7_5 realize that such equivalent cc;nstructions do not depart from the spirit and t~cope of t:he incent:ion :in its broadest form.
In accordance with one aspect ~f the present invention trere is provided a central proxy system for a?0 coup.ling to a nE:twork: and a for aal.lowing users to browse server site's on said r5etwork anonymously via said central proxy system, said central proxy system comprising: a computer-executable f:i.rst routim:: that processes site-specific substitute identifiers constructed from data, 25 including non-masked <Bata, specific to said users, such that said serveo sitE=~s are una~lf:~ to determine an identity of said user; a computer-executable second routine that transmits said subst .i_t:u.te ident=i:;~ iers to said server sites and thereafter retransmits brows.:ing commands received from 30 said users to said server sites; and a computer-executable third routine that removes port-_.ic~ns of said browsing commands that would identify said users to said server sites.
_ga--In accordance wi~tn another aspect cf the present invention there is provided a peripheral proxy system f:or coupling to a network and for allowing at least one user to browse a server side on said netwoi:-k anonymously via a central proxy system, said peripheral proxy system comprising: a compute.r--executable first routine that constructs a particular substitute identifier from data, including non-masked data, received from a particular user, such that said server site is unable to determine an identity of said user; a:~nd a computer-executable second routine that transmits said particular substitute identifier to said central proxy system, said central proxy system retransm:itting said pai:ti.cular substitute identifier to said server site and thereafter retransmitting browsing commands received from said particular user to said server site.
In accordance wish yet ancther aspect of the present invention there :is pro;rided a method for use with a network having a server_ site capable of being browsed by users and for allowing said users to browse said server site on said network. anonymously via said proxy system, said method comprising the steps of: constructing a particular substitute identifier from data, including non-masked data, received from a particular user, such that:
said server site is unable to determine an s-dentify of said user; transmitting said particular substitute identifier to said server_ site; and tr~ereafter retransmitting browsing commands rece_~ved from said particular user to said server site.
_g_ BRIEF DESCRIPTION OF THE DRAWINGS
For a more complete understanding of the present invention, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, wherein like numbers designate like objects, and in which:
FIGURE 1 illustrates a high-level block diagram of an exemplary distributed network with which the principles of the present invention may be suitably used to provide either a central or a peripheral proxy system for allowing users to provide substitute identifiers to server sites of a network to browse anonymously;
FIGURE 2 illustrates a block diagram of an exemplary sub-network of the distributed network of FIGURE 1 showing a central proxy system that includes each of a user site, a central proxy system and a plurality of illustrative server sites according to the principles of the present invention;
FIGURE 3 illustrates an exemplary full screen window of a proxy system according to the principles of the present invention;
FIGURE 4 illustrates an exemplary full screen window of an interface of a particular server site according to the principles of the present invention;
FIGURE 5 illustrates a block diagram of an exemplary sub-network of the distributed network of FIGURE 1 showing a peripheral proxy system that includes each of a user site, a central proxy system and a plurality of illustrative server site according to the principles of the present invention; and FIGURE 6 illustrates a block diagram of an exemplary sub-network of the distributed network of FIGURE 1 including each of a user site, a central proxy system and a plurality of illustrative server sites according to an exemplary marker proxy embodiment of the present DETAILED DESCRIPTION
Referring initially to FIGURE 1, illustrated is a high-level block diagram of an exemplary distributed network (generally designated 100) with which the principles of the present invention may be suitably used to provide either a central or a peripheral proxy system. Distributed network 100 illustratively includes a plurality of computer sites 105 to 110 that are illustratively associated by Internet 115.
Internet 115 includes the World Wide Web, which is not a network itself, but rather an "abstracti0ll" maintained on top of Internet 115 by a combination of browsers, server sites, HTML pages and the like.
According to the illustrated embodiment, either proxy system provides substitute identifiers to one or more of a plurality of server sites 110 of network 100. The substitute identifiers allow user sites (and, hence, users (not shown)) to browse the server sites anonymously via the proxy system.
Consistent use of the same (site-specific) substitute identifiers at a particular server site personalizes browsing.
For purposes of illustration, site 105a is assumed throughout this document to be a user site, site 110a is assumed to be a central proxy site, and site 1108 is assumed to be a server site.
Those of skill in the pertinent art will understand that FIGURE 1 is illustrative only; in other configurations, any of sites 105 to 110 may be a user, a central proxy or a server site, or a combination of at least two of the same. "Server site," as the term is used herein, is construed broadly, and may include any site capable of being browsed.
Although the illustrated embodiment i_s suitably implemented for and used over Internet 11~>, the principles and broad scope of the present invention may be associated with any appropriately arranged computer, communications, multimedia or other network, whether wired or wireless, that has server sites capable of being browsed by users based on identifiers received into the server sites and that are personal to the users. Further, though the principles of the present invention are illustrated using a single user site 105a, a single central proxy site 110a and a single server site 1108, alternate embodiments within the scope of the same may include a plurality of user, central proxy or server sites.
Exemplary network 100 is assumed to include a plurality of insecure communication channels that operate to intercouple ones of the various sites 105 to 110 of network 100. The concept of communication channels is known and allows insecure communication of information among ones of the intercoupled sites (the Internet employs conventional communication protocols that are also known).
A distributed network operating system executes on at least some of sites 105, 110 and may manage the insecure communication of information therebetween. Distributed network operating systems are also known.
According to exemplary central proxy system 110a of the present invention, which is discussed in detail with reference to FIGURE 2, substitute identifiers may be suitably indirectly provided by central proxy system 110a to server site 1108 (recall that substitute identifiers allow user site 105a to browse server site 110g anonymously). One or more site-specific substitute identifiers are suitably provided or constructed from data specific to user 105a either by user 105a or central proxy system 110a. Central proxy system 110a includes a plurality of executable routines -- a first routine processes site-specific substitute identifiers constructed from data specific to user 105a (site-specific substitute identifiers may be suitably constructed by a central proxy site 110a, such as by a routine associated with central proxy system 110a); a second routine transmits the substitute identifiers to server site 110g (possibly via a plurality of intermediate user and server sites 105, 110) and thereafter retransmits browsing commands received from user site 105a to server site 1108; and a third routine removes (and possibly substitutes) portions of the browsing commands that would identify user site 105a to server site 1108 (and the plurality of intermediate user and server sites 105, 110). The term "routine," as used herein, is construed broadly to not only include conventional meanings such as program, procedure, object, task, subroutine, function, algorithm, instruction set and the like, but also sequences of instructions, as well as functionally equivalent firmware and hardware implementations.
Alternatively, according to an exemplary peripheral proxy system (generally designated 120) of the present invention, which is discussed in detail with reference to FIGURE 5, that is designed for use with network 100 again having a server site 110g capable of being browsed by a user site 105a based on substitute identifiers received into server site 110g and that are personal to user site 105a. Exemplary peripheral proxy system 120 includes first and second executable routines. The first routine, which may advantageously reside in user site 105a or, alternatively, in central proxy system 110a, constructs a particular substitute identifier from data particular to user site 105a. The second routine, which may also advantageously reside in user site 105a or, partially, in user site 105a and central proxy system 110a, transmits the particular substitute identifier to central proxy system 110a. Central proxy system 110a then retransmits the particular substitute identifier to server site 1108 and thereafter communicates (e. g., transmits, receives, etc.) information (e. g., browsing commands, data, etc.) between user site 105a to server site 1108.
According to the illustrated embodiment, peripheral proxy system 120 differs from central proxy system 110a by the location of execution of the first and second routines. In the illustrated central proxy embodiment, all routines are executed by central proxy system 110a, which means that all users must send user specific information to central proxy system 110a. In the illustrated peripheral proxy system 120, the first and second routines may be executed in a proxy subsystem associated with user site 105a. In one advantageous embodiment, user system 105a's user specific information (e. g., user identification, passwords, e-mail addresses, telephone numbers, credit card numbers, postal address, etc.) remain local, which will typically be more secure than central proxy system 110a.
As set forth hereinabove, an ISP, such as NETCOM~, or a networking service, such as AMERICA ONLINE~ or COMPUSERVE~, can advantageously employ either exemplary proxy system (central or peripheral) to provide anonymous communication (transmission, reception, retransmission, etc) of browsing, (e. g., accessing, selection, reading, etc.) commands between user sites and server sites.
An important aspect of the above-identified embodiments is the use of site-specific substitute identifiers to eliminate the need for a user to have to "invent" a new user name and password for each server site which requires the establishment of an account (e.g., the NEW YORK TIMES, the WALL STREET ~TOURNAL, the NEWSPAGE~ arid ESPN~
sites). The illustrated embodiment generates secure substitute identifiers (e. g., alias user names, passwords, e-mail addresses, postal addresses, credit card numbers, etc.) that are distinct and secure for the user. The user provides one or more character strings (which may be random) once, which may advantageously be at the beginning i of a proxy system session. The proxy system uses the same to generate one or more secure site-specific substitute identifiers for the user -- thereby freeing the user from the burden of inventing new and unique identifiers for each server site. Moreover, the user no longer has to type such secure identifiers every time the user returns to a particular server site requiring an account; instead the proxy system provides the appropriate secure identifiers automatically. In an advantageous embodiment to be described, the proxy system filters other identifying information (e.g., HTTP headers, etc.) sent by user site 105a while browsing server sites. It is important to keep in mind that server sites cannot typically distinguish between information supplied by proxy system 110a and information supplied by user site 105a -- central proxy system 110a being transparent to server sites.
In one embodiment, the substitute identifiers are transmitted on demand from servers, without any intervention from the user. This process automates the response to a "basic authentication request," which is a common procedure used by servers to identify users on the World Wide Web. In this way, the user is not burdened by this activity.
According to the illustrated embodiment, to produce substitute identifiers the proxy system may suitably maintain secret information (secret to at least one server-site) in the form of user definable character strings. These character strings may be user defined and may be maintained in some conventional manner, such as storing the same to memory associated with the proxy system, or, advantageously, a function (described hereinafter) may be used to produce the substitute identifiers, at least in part, in association with the secret information. According to one approach, the proxy system maintains a conventional data structure to maintain the same, such as a database, data repository, an array, etc., or even an alias table, that may be used to map user information to their substitute, or alias, identifiers.
According to one advantageous embodiment, the user delivers its own secret (user definable character string) at the beginning of each session, which is used by the proxy system to generate, directly or indirectly, the substitute identifiers for the session. This option has the advantage that a user has the flexibility to choose different proxies at different times and there is no permanent secret information stored on the proxy system.
In another related embodiment, the data comprises at least two secret user definable character strings, wherein the first routine processes substitute identifiers constructed in part from the at least two secret user definable character strings. Of course, alternate suitable approaches may be used to accomplish the purpose of providing anonymous personalized web browsing according to the present invention.
Turning now to FIGURE 2, illustrated is a block diagram of an exemplary sub-network (generally designated 200) of distributed network 100, wherein sub-network 200 includes user site 105a, central proxy system~110a and server site 1108 (shown among a plurality of other illustrative server sites 110 of Internet 115) according to the principles of the present invention.
For purposes of illustration, assume that user site 105a issues a command to access server site 1108 (the NEw YoRx TRIBUNE web-site ( "NYT" ) ) . Such access would be via central proxy system (server site) 110a, which ensures that user specific data concerning user site 105a is not communicated over the remainder of Internet 115 -- there may be HTTP header fields, for example, that include data about user site 105a that central proxy system 110a _ -17-filters.
Exemplary central proxy system 110a advantageously executes on a server site that is not associable with user site 105a by other sites over Internet 115. According to an advantageous embodiment, central proxy system 110a may be suitably distant, both physically and logically, from user site 105a -- user site 105a does not access server-sites directly because the server-sites can determine both physically and logically the Internet Protocol ("IP") --address of the machine that made the request.
According to the exemplary embodiment, if user site 105a's command to access NYT 110g is user site 105a's first request of the current session, central proxy system 110a will recognize the same, and display its own HTML-document, possibly on user site 105a's browser.
Turning momentarily to FIGURE 3, illustrated is an exemplary full screen window of a conventional browser 300 ( "NETSCAPE~" ) displaying an inlaid interface 305 ( "JArrusS~~" ) of central proxy system 110a according to the principles of the present invention. Exemplary interface 305 prompts a user of site 105a to enter user definable character strings, which according to the illustrated embodiment includes identification ("ID") data and secret ("S") data supplied by the user. Each user initially supplies a user ID (e.g., e-mail address) and a user S to allow one or more substitute identifiers to be chosen or constructed (site-specific substitute identifiers are suitably constructed from data specific to user 105a and a particular server site which user 105a intends to browse).
Alternatively, other or further data supplied by the user may be appropriate in some applications (e. g., credit card number, post office address, handle, etc.).
According to the advantageous embodiment, substitute identifiers may be constructed (generated) using a suitable function that includes the features of anonymity, p consistency, collision resistance and uniqueness, protection from creation of dossiers, and single secret and acceptability. Concerning anonymity, the identity of the user should be kept secret; that is, a server site, or a coalition of sites, cannot determine the true identity of the user from its substitute identification.
Concerning consistency, for each server-site, each user should be provided with some substitute identifiers allowing the server site to recognize the user given the same, thereby enabling the server site to personalize the user's access and the user can thus be "registered" at the server site.
With respect to collision resistance and uniqueness, given a user's identity and a server site, a third party should not find a different user identity which results in the same alias (impersonation) for that server site. As to protection from creation of dossiers, the user is likely to be assigned a distinct alias (substitute identifier) for distinct server sites, so that a coalition of sites is unable to learn a user's habits and build a user profile (dossier) based on the set of sites accessed by the user. Lastly, single secret (user definable character string) and acceptability provides, given the user's identity and a single secret, automatic generation of secure, distinct aliases (substitute identifier) as needed for each server-site, transparent to the user --from the user's perspective, the user definable character string is equivalent to a universal password for a collection of server-sites.
According to this embodiment, a user ID is "corrupt"
(not secret) if an adversary (one or more server sites desirous of identifying the user), E, has been able to read the user's secret, S. Alternatively, a user ID is "partially opened" (not fully secure) with respect to a particular server site, w, if E has been able to read the alias password; a user ID is "opened" (not secure) with respect to w, if it is partially opened and E has been able to relate the alias password together with the alias user name to the user ID. Assuming that the function, T(), is defined as follows, T(user ID, web-site ("w"), S) - ( substitute username, passwords ) , hence, T (id, w, S) -(Uw, Pw) ; and Tu (id, w, S) - Uw and Tp (id, w, S) - Pw.
Tu(id,w,S) - Uw = h(enc(k,id,f(sl,w))) and Tp (id, w, S) - Pw = h (enc (k, id, f (s2, w) ) ) , wherein id denotes user site 105a's ID (e.g., e mail address);
w denotes server site 110g's domain name;
// denotes the logical function of concatenation;
S denotes k//sl//s2, a user site 105a definable character string;
xor denotes the Boolean function of exclusive or;
f(k,x) denotes a suitably arranged function for generating pseudo-random values, and may be selected from a group of functions, such as des(k,h(x),x);
enc ( k, x, r) denotes r// ( f ( k, r) xor x) ;
h() denotes a collision-resistant hash function, such as MD5; and des(k,i,x) denotes DES encryption in cipher block chaining ("CBC") mode, which are known, of information x using key k and an initialization vector i.
Both Tu() and Tp() may suitably truncate the result of the hashing function, h(), to fit the longest allowed user name or password or the particular server site.
f Relating this function, T(), to the above-identified and described feat ures yields the following:
F
1. E can only guess at the identity, ID, of a user which is only partially opened and uncorrupted.
2. T() is a deterministic function and E can only guess at the alias-password of a user which is unopened and uncorrupted.
3. Given w and an uncorrupted and unopened user ID, E can only guess at the ID and S.
4 . For an uncorrupted user ID and w, T (id, w, S) does not give to E information about T (id, w', S) for any w' not equal to w.
5 . The range of T (id, w, S) is such that it is accepted by server sites as a valid username and password -- implying a limited length string of printable characters.
Those skilled in the pertinent art will understand that alternate suitable functions may replace or be used in association with the foregoing according to the principles of the present invention.
Use of the foregoing exemplary substitute identifier constructing function, and for that matter, any other suitably arranged function for constructing substitute identifiers according to the present invention, operates to foster the above-identified features of anonymyzed and personalized browsing. The present invention provides the ability to anonymously visit a server site a first time via site-specific substitute identifiers, to interact with the server site as a function thereof, and to re-visit the server site on subsequent occasions using the same site-specific substitute identifiers, interacting with the server site as a return customer -- possibly receiving personalized attention -- as a function of the recognized substitute identifiers. Simply stated, the substitute identifiers are constructed consistently; and in advantageous embodiments in a site-specific manner.
In one embodiment of the present invention, the substitute identifiers include site-specific substitute user names and site-specific substitute user passwords.
"Site-specific" means that the names and passwords vary from site to site, depending perhaps upon the address of each site. This may complicate the task of creating a dossier relative to a given user. In a related embodiment, the first routine constructs site-specific substitute e-mail addresses for user site 105a from the site-specific data. In an alternate advantageous embodiment, the first routine constructs the site-specific substitute identifiers from addresses of the server sites -- of course, site-specific information other than the address of the site may be used to construct the substitute identifiers.
If this is the first contact of the user with central proxy system 110a, then the user may suitably generate a user defined character string (secret) at random and store the same locally. In one advantageous embodiment, the first routine processes substitute identifiers that may be constructed by applying pseudo-random and hash functions (e. g., T() function set forth hereinabove) to the data received from user site 105a -- those skilled in the art are familiar with the structure and operation of pseudo-random and hash functions and their utility. The important aspect of this and related embodiments is that the present invention is adapted to take advantage of current and later-discovered functions to enhance anonymity and security.
Alternatively, if this is the first contact of a current session then the user may suitably enclose the stored user defined character string to central proxy system 110a. Nonetheless, browser 300 sends interface 305 together with a user's ID and other user definable character string to central proxy system 110a. Central proxy system 110a receives this information and may use the same for the rest of the session.
In one advantageous embodiment, the first routine receives or generates session tags that are added to the browsing commands, central proxy site 110a employing the session tags to associate the substitute identifiers with each of the browsing commands -- the session tags, while not necessary to the present invention, provide one manner that allows user sites 105a to supply their data only once, usually at the beginning of each session. In a related advantageous embodiment, central proxy site 110a includes a data store that is capable of containing session information specific to user sites 105a and accessible by server sites 1108.
In one advantageous embodiment, the second routine described above, which may be local to the central proxy system 110a, transmits the substitute identifiers to server site 1108. In a further advantageous embodiment, the second routine transmits the substitute identifiers to server site 110g based on alphanumeric codes supplied in fields of web-pages 305 by the users. The alphanumeric codes prompt the second routine as to how and where to locate the substitute identifiers, removing the users from actually having to provide the substitute identifiers directly. Of course, the alphanumeric codes may be supplied in a different form. In a related, more specific embodiment, the users manually place the alphanumeric codes in the fields of web-pages 305. Of course, the present invention encompasses intelligent parsing of the fields of web pages 305 to determine automatically how and where the alphanumeric codes should be located. Those skilled in the art are familiar with the Internet in general, the World Wide Web in particular and the way in which the structure of the World Wide Web promotes "browsing." The present invention finds apparent utility in conjunction with the Internet and the World Wide Web, however, those skilled in the art will readily understand that the present invention has advantageous application outside of the Internet as well in any suitably arranged computer, communications, multimedia or like network configuration.
Nonetheless, after central proxy system 110a obtains the required information about the user, the above-described third routine removes portions of the browsing commands that would identify user site 105a to server site 1108, and forwards user site 105a's original request for access to NYT-site 1108 (e. g., using an HTTP get-request) -- thereby selectively excluding from the request header-fields or the like that may identify the user.
If this is the user's first visit to NYT-site 110g, then it may suitably provide the user with an electronic form prompting, for example, for a user name, a password and an e-mail address in order to establish an account.
Turning momentarily to FIGURE 4, illustrated is exemplary full screen window of conventional NETSCAPE~ browser 300 displaying an inlaid interface 400 ( "THE NEw YORK TRIBUNE" ) of server site 110g according to the principles of the present invention.
Now, instead of having to provide a unique user name and a secret password, the user may suitably provide these fields with simple escape strings (e.g., "<uuuu>" and "<pppp>"). More specifically, the alphanumeric codes above-described may be suitably arranged into such escape sequences -- those skilled in the art are familiar with escape sequences. These strings are recognized by central proxy site 110a which uses user site 105a's user name and secret (user definable character string) along with the domain-name of the NEw YORK TRIBUNE and computes substitute identifiers (e. g., alias user name, u3, and alias password, p3, in FIGURE 2, etc.), such as by function T(ID, secret, domain-name). The site-specific substitute identifiers may be sent to a particular server site by central proxy system 110a using the same mechanism that the user would submit input to the particular server site.
In other words, proxy system 110a receives information communications, such as browsing commands, from user site 105a intended for server site 110g, and retransmits the same to server site 110g -- central proxy system 110a functioning as a transparent conduit for anonymizing and, through consistent generation of site-specific substitute identifiers, personalizing server site browsing.
On a subsequent visit to NYT-site 1108, which will require that user site 105a authenticate itself (response to the first get-request forwarded to NYT-site 1108 by central proxy system 110a), central proxy system 110a may be suitably operative to automatically recompute u3 and p3 and reply by sending these values back to NYT-site 1108 (re-sending the get-request). User site 105a is thereby freed from the burden of remembering the user name and password of its NYT-site 1108 account. To summarize, the protocol, which may be suitably executed without involving user site 105a, includes: (1) a step of NYT-site server 1108 requesting an authentication from central proxy site 110a by failing the first get request; (2) central proxy site 110a recomputing the substitute identifiers (e. g., (alias-user name, alias-password) - T(ID, secret, domain-name), or the like); (3) central proxy site 110a replying by re-sending the get with the same substitute identifiers.
The substitute identifiers are consistent in the sense that the substitute identifiers are presented on subsequent visits to the same server site by user 105a.
Consistent substitute identifiers allow server sites to recognize returning users and provide personalized service to them. In one embodiment, the second routine transmits the substitute identifiers on demand from servers, without any intervention from user 105a. This process automates the response to a "basic authentication request," which is a common procedure used by servers to identify users 105a on the World Wide Web. In this way, user 105a is not burdened by this activity. In this embodiment, the second routine may have to re-transmit the original user request along with the substitute identifier to the server.
It should be noted that many servers require a valid e-mail address for creating an account -- users cannot use their true e-mail address for this purpose since it uniquely identifies them. The proxy system of the present invention may suitably solve this problem by creating an alias e-mail address for user site 105a and store e-mail in an electronic mailbox. In one advantageous embodiment, central proxy system 110a includes a data store capable of containing e-mail destined for the users, thereby preventing server sites from contacting users directly.
Contrary to prior art anonymous re-mailers, the present embodiment is not required to rely on having to store any translation tables (which may be large and vulnerable) from alias to true user identifiers in central proxy system 110a. This embodiment is inherently securer than prior art approaches as central proxy system 110a is not required to maintain and protect a translation table and cannot be forced to reveal the contents of any such table to a third party.
In an alternate advantageous embodiment, central proxy system 105a further includes a data store capable of containing e-mailboxes for the users and specific to the server sites. According to this embodiment, each user has a mailbox for each site that has generated mail destined for the user. Rather than compromising security by allowing automatic remailing to the user, the present embodiment may store e-mail for explicit retrieval by each user.
r For each server, it may be advantageous for users to have a separate e-mail box, possibly identified by user-substitute identifiers. This approach may allow for suitable disposal of e-mail messages received from the third-parties (e. g., "junk e-mail") as well as the option of selective disposal of e-mail messages.
In one advantageous embodiment, each of e-mailboxes has a key associated therewith, the key being a function of the data and an index number. The use of keys with e-mailboxes is known. In another advantageous embodiment, central proxy system 110a further comprises a computer-executable routine that, given the substitute identifiers, collects e-mail destined for the users and contained within a plurality of site-specific e-mailboxes. This embodiment may suitably employ a mail-collecting routine that automatically locates user site 105a's various mailboxes and retrieves the mail therefrom once the user has supplied the appropriate data.
According to one advantageous embodiment, central proxy system 110a includes functionality necessary to support electronic payment, the users employ electronic payment information to engage in anonymous commerce with the server sites. To facilitate the same, central proxy system 110a may include a data store capable of containing such electronic payment information. Further, substitute identifiers may be constructed, at least in part, using credit/debit card numbers, bank branch or account numbers, postal addresses, telephone numbers., tax identification numbers, social security numbers or the like. Various methods for achieving anonymous commerce are known.
By way of further example, an ever increasing number of sites require a valid credit card number as part of establishing an account, so that such sites may charge the user for their services ( e. g. , WALL STREET JOURNAL~, ESPN~, etc.). V~Thile the above-described proxy system provides f substitute identifiers to free users from remembering these items and by providing a guard on (involuntary) data flowing to the web-site, it may not provide complete anonymity to a user who has provided a credit card number to a site. One solution, described briefly above, requires central proxy system 110a to provide its own valid credit card number to the requesting site and then collect money from its users. If central proxy system 105a is incorporated into an Internet provider, for example, such as AMERICA ONLINE~, then this relationship may-already exist.
Alternatively, central proxy system 110a may be known and trusted by other sites, thereby allowing central proxy system 110a to generate an alias credit card number and expiration date, and then to authenticate this data and send it to a requesting site. The site can then check that this number indeed originates from central proxy system 110a and hence accepts the same as valid, with the understanding that it can collect the money from central proxy system 110a. There no longer is a need to send a "real" credit card number between central proxy system 110a and the sites.
It is important to realize that the various features and aspects of the embodiments above-described may also be suitably implemented in accordance with the peripheral proxy system described with reference to FIGURE 1. More particularly, turning momentarily to FIGURE 5, there is illustrated a block diagram of an exemplary sub-network (generally designated 500) of the distributed network of FIGURE 1 showing a peripheral proxy system 120 that includes each of user site 105a, central proxy system 110a and NYT-site 1108 (shown among a plurality of other illustrative server sites 110 of Internet 115) according to the principles of the present invention.
Peripheral proxy system 120, as set forth above, includes first and second executable routines. The first routine, which advantageously resides in user site 105a, constructs substitute identifiers from data particular to user site 105a. The second routine, which also illustratively resides in user site 105a, transmits the substitute identifiers to central proxy system 110a.
Central proxy system 110a then retransmits the substitute identifiers to server site 1108 and thereafter communicates (e. g., transmits, receives, etc.) information (e. g., browsing commands, data, etc.) between user site 105a to server site 1108. This second configuration is particularly advantageous when users may not trust central proxy system 110a or the communication lines therebetween, and want to keep user identifications and other secret information secure.
A local proxy system 510 may be used to maintain the same, and may use the user's identification and other information to compute the substitute identifiers. Local proxy system 510 communicates with a central proxy system 110a, which may be used to forward communication to servers and handle e-mail. In one embodiment, central proxy system 110a communicates with computer-executable local routines associated with the users, the local routines constructing the site-specific substitute identifiers from data specific to the users. Again, central proxy system 110a may rely on distributed routines, local to each user, that generate the substitute identifiers and transmit the same to central proxy system 110a.
Turning now to FIGURE 6, illustrated is a block diagram of an exemplary sub-network (generally designated 600) of the distributed network 100 including each of user site 105a, central proxy system 110a and a plurality of illustrative server sites 110b, 110c, and 1108 according to an exemplary marker proxy embodiment of the present invention. As described above, the central proxy system of the present invention may be employed in at least two configurations, namely, a central proxy configuration (FIGURE 2) or a peripheral proxy configuration (FIGURE 5).
In the central proxy configuration, central proxy system 110a computes substitute identifiers. An implementation of this configuration may require user site 105a to provide one or more user definable character strings (e. g., user identification, password and other secret information) once, and central proxy system 110a will thereafter generate the substitute identifiers as needed. Central proxy system 110a may associate the user definable character strings with a series of HTTP requests generated by the same user site 105a -- the central proxy system 110a may associate each request with a session, that contains all communication between a specific user site 105a and the central proxy system 110a.
The HTTP protocol however does not generally directly support sessions or relationships between requests. More particularly, each HTTP request may be sent a new socket connection, and there is no required HTTP header field that can link successive requests from the same user.
It should be noted that the session identification is typically not necessary in the peripheral proxy configuration since central proxy system 110a may forward communications without any computation. In a typical embodiment, peripheral proxy system 120 retransmits browsing commands received from user site 105a to central proxy system 110a, which then retransmits such commands to server site 1108. According to one embodiment, peripheral proxy system 120 removes and, possibly, substitutes portions of the browsing commands that would identify user site 105a to server site 1108.
In one advantageous embodiment user site 105a runs a marker program 605 locally. Marker program 605 operates to tag user site 105a's requests with a session tag, t.
Central proxy system 110a uses this tag to identify requests belonging to a particular one of a group of users. Marker program 605 may be implemented to store user site 105a's session tag and add this tag to all requests, and central proxy system 110a removes the session tag before forwarding the request to some server site. The session tag should be unique, as no two users should have the same tag.
It should be noted that NETSCAPE~ uses "cookies, "
which are a mechanism for storing and retrieving long term session information (the use of "cookies" conceptually is known). The cookies are generated by the browsed servers and are associated with a specific domain name. Browsers 300 submit the cookies associated with a specific domain name whenever the user re-visits that domain. Servers typically only generate cookies associated with their domain. Cookies provide an easy mechanism to keep session information, such as the contents of a "shopping cart,"
account name, password, event counters, user preferences, etc.
Some companies, use cookies extensively to track users and their habits. Since the proxy systems of the present invention present substitute identifiers to browsed servers, the servers cannot learn true user identities. Thus all of the information that the server may store in its cookie relates to some "alias persona,"
and not to the true user. Whenever the user returns to the same server, it will present the same substitute identifiers, and may also submit the cookie that the server generated earlier for this alias persona.
It is apparent from above, that the present invention provides, for use with a network having user sites and server sites, wherein the server sites are capable of being browsed by the user sites based on identifiers received into the server sites and personal to the user sites, both a central and a peripheral proxy system for providing consistent substitute identifiers to the server sites that allow the user sites to browse the server sites in an anonymous and personal fashion via the proxy system.
An exemplary central proxy system includes: (1) an executable first routine that processes site-specific substitute identifiers constructed from data specific to the user sites, (2) an executable second routine that transmits the substitute identifiers to the server sites and thereafter retransmits browsing commands received from the user sites to the server sites and (3) an executable third routine that removes (and possibly substitutes) portions of the browsing commands that would identify the user sites to the server sites.
An exemplary peripheral proxy system includes: (1) an executable first routine that constructs a particular substitute identifier from data received from a particular user site and (2) an executable second routine that transmits the particular substitute identifier to a central proxy system, the central proxy system then retransmitting the particular substitute identifier to the server site and thereafter retransmitting browsing commands received from the particular user site to the server site.
Although the present invention has been described in detail, those skilled in the art should understand that they can make various changes, substitutions and alterations herein without departing from the spirit and scope of the invention in its broadest form. More particularly, it should be apparent to those skilled in the pertinent art that the above-described routines are software-based and executable by a suitable conventional computer system/network. Alternate embodiments of the present invention may also be suitably implemented, at least in part, in firmware or hardware, or some suitable combination of at least two of the three. Such firmware-or hardware embodiments may include multi, parallel and distributed processing environments or configurations, as well as alternate programmable logic devices, such as programmable array logic ("PALS") and programmable logic arrays ("PLAs"), digital signal processors ("DSPs"), field programmable gate arrays ("FPGAs"), application specific integrated circuits ("ASICs"), large scale integrated circuits ("LSIs"), very large scale integrated circuits ("VLSIs") or the like -- to form the various types of modules, circuitry, controllers, routines and systems described and claimed herein.
Conventional computer system architecture is more fully discussed in The Indispensable PC Hardware Book, by Hans-Peter Messmer, Addison Wesley (2nd ed. 1995) and Computer Organization and Architecture, by William Stallings, MacMillan Publishing Co. (3rd ed. 1993);
conventional computer, or communications, network design is more fully discussed in Data Network Design, by Darren L. Spohn, McGraw-Hill, Inc. (1993); and conventional data communications is more fully discussed in Voice and Data Communications Handbook, by Bud Bates and Donald Gregory, McGraw-Hill, Inc. (1996), Data Communications Principles, by R. D. Gitlin, J. F. Hayes and S. B. Weinstein, Plenum Press (1992) and The Irwin Handbook of Telecommunications, by James Harry Green, Irwin Professional Publishing (2nd ed. 1992).
Claims (55)
1. A central proxy system for coupling to a network and a for allowing users to browse server sites on said network anonymously via said central proxy system, said central proxy system comprising:
a computer-executable first routine that processes site-specific substitute identifiers constructed from data, including non-masked data, specific to said users, such that said server sites are unable to determine an identity of said user;
a computer-executable second routine that transmits said substitute identifiers to said server sites and thereafter retransmits browsing commands received from said users to said server sites; and a computer-executable third routine that removes portions of said browsing commands that would identify said users to said server sites.
a computer-executable first routine that processes site-specific substitute identifiers constructed from data, including non-masked data, specific to said users, such that said server sites are unable to determine an identity of said user;
a computer-executable second routine that transmits said substitute identifiers to said server sites and thereafter retransmits browsing commands received from said users to said server sites; and a computer-executable third routine that removes portions of said browsing commands that would identify said users to said server sites.
2. The central proxy system as recited in claim 1 wherein said data comprises identification data and a user definable character string supplied by said users.
3. The central proxy system as recited in claim 1 wherein said site-specific substitute identifiers comprise site-specific substitute user names and site-specific substitute user passwords.
4. The central proxy system as recited in claim 1 wherein said first routine constructs site-specific substitute electronic mail addresses for said users from said data.
5. The central proxy system as recited in claim 1 wherein said first routine constructs said site-specific substitute identifiers from addresses of said server sites.
6. The central proxy system as recited in claim 1 wherein said server sites are World Wide Web sites capable of presenting web pages to said users, said second routine transmitting said substitute identifiers to said server sites under direction of said users.
7. The central proxy system as recited in claim 1 wherein said second routine transmits said substitute identifiers to said server sites based on alphanumeric codes supplied in web page fields by said users.
8. The central proxy system as recited in claim 7 wherein said alphanumeric codes are arranged in escape sequences.
9. The central proxy system as recited in claim 7 wherein said users manually place said alphanumeric codes in said web page fields.
10. The central proxy system as recited in claim 9 wherein said central proxy system communicates with computer-executable local routines associated with said users, said local routines constructing said site-specific substitute identifiers from data specific to said users.
11. The central proxy system as recited in claim 1 further comprising a data store capable of containing electronic mail destined for said users.
12. The central proxy system as recited in claim 1 wherein said first routine processes substitute identifiers constructed by applying pseudo-random and hash functions to said data received from said users.
13. The central proxy system as recited in claim 1 further comprising a data store capable of containing electronic mailboxes for said users and specific to said server sites.
14. The central proxy system as recited in claim 13 wherein each of said electronic mailboxes has a key associated therewith, said key being a function of said data and an index number.
15. The central proxy system as recited in claim 1 further comprising a computer-executable routine that, given said substitute identifiers, collects electronic mail destined for said users and contained within a plurality of site-specific electronic mailboxes.
16. The central proxy system as recited in claim 1 wherein said first routine receives session tags added to said browsing commands, said central proxy system employing said session tags to associate said substitute identifiers with each of said browsing commands.
17. The central proxy system as recited in claim 1 further comprising a data store capable of containing session information specific to said users and accessible by said server sites.
18. The central proxy system as recited in claim 1 further comprising a data store capable of containing electronic payment information, said users employing said electronic payment information to engage in anonymous commerce with said server sites.
19. The central proxy system as recited in claim 1 further comprising an initializing routine that constructs said site-specific substitute identifiers from data specific to said users and communicates said site-specific substitute identifiers to said first routine.
20. A peripheral proxy system for coupling to a network and for allowing at least one user to browse a server site on said network anonymously via a central proxy system, said peripheral proxy system comprising:
a computer-executable first routine that constructs a particular substitute identifier from data, including non-masked data, received from a particular user, such that said server site is unable to determine an identity of said user; and a computer-executable second routine that transmits said particular substitute identifier to said central proxy system, said central proxy system retransmitting said particular substitute identifier to said server site and thereafter retransmitting browsing commands received from said particular user to said server site.
a computer-executable first routine that constructs a particular substitute identifier from data, including non-masked data, received from a particular user, such that said server site is unable to determine an identity of said user; and a computer-executable second routine that transmits said particular substitute identifier to said central proxy system, said central proxy system retransmitting said particular substitute identifier to said server site and thereafter retransmitting browsing commands received from said particular user to said server site.
21. The peripheral proxy system as recited in claim 20 wherein said data comprises identification data and a user definable character string supplied by said particular user.
22. The peripheral proxy system as recited in claim 20 wherein said particular substitute identifier comprises a particular substitute user name and a particular substitute user password.
23. The peripheral proxy system as recited in claim 20 wherein said first routine constructs a particular substitute electronic mail address for said particular user from said data.
24. The peripheral proxy system as recited in claim 20 wherein said first routine constructs said particular substitute identifier from an address of said server site, said particular substitute identifier therefore being specific to said server site.
25. The peripheral proxy system as recited in claim 20 wherein said server site is a World Wide Web site capable of presenting at least one web page to said users, said central proxy system transmitting said particular substitute identifier to said server site under direction of said particular user.
26. The peripheral proxy system as recited in claim 20 wherein said central proxy system transmits said particular substitute identifier to said server site based on alphanumeric codes supplied in web page fields by said user.
27. The peripheral proxy system as recited in claim 26 wherein said alphanumeric codes are arranged in escape sequences.
28. The peripheral proxy system as recited in claim 20 wherein said central proxy system further comprises a computer-executable third routine that removes portions of said browsing commands that would identify said particular user to said server site.
29. The peripheral proxy system as recited in claim 28 wherein said first and second routines are executable on a computer system associated with said particular user and said central proxy system is a computer system having a network address different from said computer system associated with said particular user.
30. The peripheral proxy system as recited in claim 20 wherein said central proxy system further comprises a data store capable of containing electronic mail destined for said particular user.
31. The peripheral proxy system as recited in claim 20 wherein said first routine constructs said particular substitute identifier by applying pseudo-random and hash functions to said data received from said particular user.
32. The peripheral proxy system as recited in claim 20 wherein said central proxy system further comprises a data store capable of containing an electronic mailbox for said particular user and specific to said server site.
33. The peripheral proxy system as recited in claim 32 wherein said electronic mailbox has a key associated therewith, said key being a function of said data and an index number.
34. The peripheral proxy system as recited in claim 20 wherein said central proxy system further comprises a computer-executable routine that, given said particular substitute identifier, collects electronic: mail destined for said particular user and contained within at least two electronic mailboxes.
35. The peripheral proxy system as recited in claim 20 wherein said central proxy system further comprises a computer-executable marker routine that adds session tags to said browsing commands, said proxy system employing said session tags to associate said particular substitute identifier with each of said browsing commands.
36. The peripheral proxy system as recited in claim 20 wherein said central proxy system further comprises a data store capable of containing session information specific to said particular user and accessible by said server site.
37. The peripheral proxy system as recited in claim 20 wherein said central proxy system further comprises a data store capable of containing electronic payment information, said particular user employing said electronic payment information to engage in anonymous commerce with said server site.
38. A method for use with a network having a server site capable of being browsed by users and for allowing said users to browse said server site on said network anonymously via said proxy system, said method comprising the steps of:
constructing a particular substitute identifier from data, including non-masked data, received from a particular user, such that said server site is unable to determine an identify of said user;
transmitting said particular substitute identifier to said server site; and thereafter retransmitting browsing commands received from said particular user to said server site.
constructing a particular substitute identifier from data, including non-masked data, received from a particular user, such that said server site is unable to determine an identify of said user;
transmitting said particular substitute identifier to said server site; and thereafter retransmitting browsing commands received from said particular user to said server site.
39. The method as recited in claim 38 wherein said data comprises identification data and a user definable character string supplied by said particular user.
40. The method as recited in claim 38 wherein said particular substitute identifier comprises a particular substitute user name and a particular substitute user password.
41. The method as recited in claim 38 further comprising the step of constructing a particular substitute electronic mail address for said particular user from said data.
42. The method as recited in claim 38 wherein said step of constructing comprises tree step of constructing said particular substitute identifier from an address of said server site, said particular substitute identifier therefore being specific to said server site.
43. The method as recited in claim 38 wherein said server site is a World Wide Web site capable of presenting at least one web page to said users, said method further comprising the step of transmitting said particular substitute identifier to said server site under direction of said particular user.
44. The method as recited in claim 38 wherein said step of transmitting comprises the step of transmitting said particular substitute identifier to said server site based on alphanumeric codes supplied in web page fields by said user.
45. The method as recited in claim 44 wherein said alphanumeric codes are arranged in escape sequences.
46. The method as recited in claim 38 further comprising the step of removing portions of said browsing commands that would identify said particular user to said server site.
47. The method as recited in claim 46 wherein said step of constructing is performed on a computer system associated with said particular user and said steps of transmitting and thereafter transmitting are performed on a computer system having a network address different from said computer system associated with said particular user.
48. The method as recited in claim 38 further comprising the step of storing electronic mail destined for said particular user.
49. The method as recited in claim 38 wherein said step of constructing comprises the step of applying pseudo-random and hash functions to said data received from said particular user.
50. The method as recited in claim 38 further comprising the step of creating an electronic mailbox for said particular user and specific to said server site.
51. The method as recited in claim 50 wherein said electronic mailbox has a key associated therewith, said key being a function of said data and an index number.
52. The method as recited in claim 38 further comprising the step of collecting electronic mail destined for said particular user and contained within at least two electronic mailboxes given said particular substitute identifier.
53. The method as recited in claim 38 further comprising the step of adding session tags to said browsing commands, said proxy system employing said session tags to associate said particular substitute identifier with each of said browsing commands.
54. The method as recited in claim 38 further comprising the step of storing session information specific to said particular user and accessible by said server site.
55. The method as recited in claim 38 further comprising the step of storing electronic payment information, said particular user employing said electronic payment information to engage in anonymous commerce with said server site.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US787,557 | 1997-01-22 | ||
| US08/787,557 US5961593A (en) | 1997-01-22 | 1997-01-22 | System and method for providing anonymous personalized browsing by a proxy system in a network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2222480A1 CA2222480A1 (en) | 1998-07-22 |
| CA2222480C true CA2222480C (en) | 2004-01-13 |
Family
ID=25141878
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002222480A Expired - Fee Related CA2222480C (en) | 1997-01-22 | 1997-11-27 | System and method for providing anonymous personalized browsing in a network |
Country Status (5)
| Country | Link |
|---|---|
| US (1) | US5961593A (en) |
| EP (1) | EP0855659B1 (en) |
| JP (1) | JPH10254807A (en) |
| CA (1) | CA2222480C (en) |
| DE (1) | DE69838769T2 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8959652B2 (en) | 2004-06-16 | 2015-02-17 | Dormarke Assets Limited Liability Company | Graduated authentication in an identity management system |
Families Citing this family (627)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6535880B1 (en) | 2000-05-09 | 2003-03-18 | Cnet Networks, Inc. | Automated on-line commerce method and apparatus utilizing a shopping server verifying product information on product selection |
| US7082426B2 (en) * | 1993-06-18 | 2006-07-25 | Cnet Networks, Inc. | Content aggregation method and apparatus for an on-line product catalog |
| US6714933B2 (en) | 2000-05-09 | 2004-03-30 | Cnet Networks, Inc. | Content aggregation method and apparatus for on-line purchasing system |
| US7991347B1 (en) | 1994-04-07 | 2011-08-02 | Data Innovation Llc | System and method for accessing set of digital data at a remote site |
| US6021307A (en) * | 1994-04-07 | 2000-02-01 | Chan; Hark C. | Information distribution and processing system |
| US6188869B1 (en) | 1994-04-07 | 2001-02-13 | Hark C. Chan | Information distribution and processing system |
| USRE44685E1 (en) | 1994-04-28 | 2013-12-31 | Opentv, Inc. | Apparatus for transmitting and receiving executable applications as for a multimedia system, and method and system to order an item using a distributed computing system |
| US5694546A (en) | 1994-05-31 | 1997-12-02 | Reisman; Richard R. | System for automatic unattended electronic information transport between a server and a client by a vendor provided transport software with a manifest list |
| US7181758B1 (en) | 1994-07-25 | 2007-02-20 | Data Innovation, L.L.C. | Information distribution and processing system |
| US6289200B1 (en) | 1994-07-25 | 2001-09-11 | Hark C. Chan | Information distribution system which intermittaly transmits radio frequency signal digital data |
| US6460036B1 (en) | 1994-11-29 | 2002-10-01 | Pinpoint Incorporated | System and method for providing customized electronic newspapers and target advertisements |
| US5758257A (en) | 1994-11-29 | 1998-05-26 | Herz; Frederick | System and method for scheduling broadcast of and access to video programs and other data using customer profiles |
| US8606851B2 (en) | 1995-06-06 | 2013-12-10 | Wayport, Inc. | Method and apparatus for geographic-based communications service |
| US5835061A (en) | 1995-06-06 | 1998-11-10 | Wayport, Inc. | Method and apparatus for geographic-based communications service |
| US6119101A (en) | 1996-01-17 | 2000-09-12 | Personal Agents, Inc. | Intelligent agents for electronic commerce |
| US20050114218A1 (en) * | 1996-01-17 | 2005-05-26 | Privacy Infrastructure, Inc. | Third party privacy system |
| US6189030B1 (en) | 1996-02-21 | 2001-02-13 | Infoseek Corporation | Method and apparatus for redirection of server external hyper-link references |
| US6370571B1 (en) | 1997-03-05 | 2002-04-09 | At Home Corporation | System and method for delivering high-performance online multimedia services |
| US7529856B2 (en) * | 1997-03-05 | 2009-05-05 | At Home Corporation | Delivering multimedia services |
| US5983227A (en) * | 1997-06-12 | 1999-11-09 | Yahoo, Inc. | Dynamic page generator |
| US6907315B1 (en) | 1997-09-12 | 2005-06-14 | Amazon.Com, Inc. | Method and system for displaying and editing of information |
| US7222087B1 (en) | 1997-09-12 | 2007-05-22 | Amazon.Com, Inc. | Method and system for placing a purchase order via a communications network |
| US5960411A (en) * | 1997-09-12 | 1999-09-28 | Amazon.Com, Inc. | Method and system for placing a purchase order via a communications network |
| EP0917119A3 (en) * | 1997-11-12 | 2001-01-10 | Citicorp Development Center, Inc. | Distributed network based electronic wallet |
| IL125432A (en) * | 1998-01-30 | 2010-11-30 | Easynet Access Inc | Personalized internet interaction |
| US6112228A (en) * | 1998-02-13 | 2000-08-29 | Novell, Inc. | Client inherited functionally derived from a proxy topology where each proxy is independently configured |
| US6209100B1 (en) * | 1998-03-27 | 2001-03-27 | International Business Machines Corp. | Moderated forums with anonymous but traceable contributions |
| FI105738B (en) * | 1998-05-29 | 2000-09-29 | Alma Media Oyj | Combining services in an Internet-type network |
| EA200100081A1 (en) * | 1998-06-16 | 2001-06-25 | @Еркомманд | THIRD-PARTY PRIVACY POLICY |
| US6615189B1 (en) | 1998-06-22 | 2003-09-02 | Bank One, Delaware, National Association | Debit purchasing of stored value card for use by and/or delivery to others |
| US7809642B1 (en) | 1998-06-22 | 2010-10-05 | Jpmorgan Chase Bank, N.A. | Debit purchasing of stored value card for use by and/or delivery to others |
| US6336116B1 (en) * | 1998-08-06 | 2002-01-01 | Ryan Brown | Search and index hosting system |
| US6374274B1 (en) * | 1998-09-16 | 2002-04-16 | Health Informatics International, Inc. | Document conversion and network database system |
| US6738827B1 (en) * | 1998-09-29 | 2004-05-18 | Eli Abir | Method and system for alternate internet resource identifiers and addresses |
| US6275824B1 (en) * | 1998-10-02 | 2001-08-14 | Ncr Corporation | System and method for managing data privacy in a database management system |
| US6480850B1 (en) * | 1998-10-02 | 2002-11-12 | Ncr Corporation | System and method for managing data privacy in a database management system including a dependently connected privacy data mart |
| US7765279B1 (en) | 1998-10-28 | 2010-07-27 | Verticalone Corporation | System and method for scheduling harvesting of personal information |
| US6871220B1 (en) | 1998-10-28 | 2005-03-22 | Yodlee, Inc. | System and method for distributed storage and retrieval of personal information |
| US6839759B2 (en) | 1998-10-30 | 2005-01-04 | Science Applications International Corp. | Method for establishing secure communication link between computers of virtual private network without user entering any cryptographic information |
| US6502135B1 (en) | 1998-10-30 | 2002-12-31 | Science Applications International Corporation | Agile network protocol for secure communications with assured system availability |
| ES2760905T3 (en) | 1998-10-30 | 2020-05-18 | Virnetx Inc | An agile network protocol for secure communications with assured system availability |
| US10511573B2 (en) | 1998-10-30 | 2019-12-17 | Virnetx, Inc. | Agile network protocol for secure communications using secure domain names |
| US7418504B2 (en) | 1998-10-30 | 2008-08-26 | Virnetx, Inc. | Agile network protocol for secure communications using secure domain names |
| US6874023B1 (en) * | 1998-11-10 | 2005-03-29 | Claria Corporation | Web based email control center for monitoring and providing a sumary of the detected event information organized according to relationships between the user and network sites |
| US6032136A (en) | 1998-11-17 | 2000-02-29 | First Usa Bank, N.A. | Customer activated multi-value (CAM) card |
| US7660763B1 (en) | 1998-11-17 | 2010-02-09 | Jpmorgan Chase Bank, N.A. | Customer activated multi-value (CAM) card |
| US6330605B1 (en) | 1998-11-19 | 2001-12-11 | Volera, Inc. | Proxy cache cluster |
| AU2349200A (en) * | 1998-11-23 | 2000-06-19 | Julie Borges | Electronic factoring |
| US7672879B1 (en) | 1998-12-08 | 2010-03-02 | Yodlee.Com, Inc. | Interactive activity interface for managing personal data and performing transactions over a data packet network |
| US8069407B1 (en) | 1998-12-08 | 2011-11-29 | Yodlee.Com, Inc. | Method and apparatus for detecting changes in websites and reporting results to web developers for navigation template repair purposes |
| US7085997B1 (en) | 1998-12-08 | 2006-08-01 | Yodlee.Com | Network-based bookmark management and web-summary system |
| US6725429B1 (en) * | 1998-12-29 | 2004-04-20 | Pitney Bowes Inc. | System and method for presenting and processing documents on the internet |
| US6496931B1 (en) * | 1998-12-31 | 2002-12-17 | Lucent Technologies Inc. | Anonymous web site user information communication method |
| US6389533B1 (en) * | 1999-02-05 | 2002-05-14 | Intel Corporation | Anonymity server |
| IL128720A (en) | 1999-02-25 | 2009-06-15 | Cidway Technologies Ltd | Method for certification of over the phone transactions |
| US6496855B1 (en) | 1999-03-02 | 2002-12-17 | America Online, Inc. | Web site registration proxy system |
| GB9904791D0 (en) * | 1999-03-02 | 1999-04-28 | Smartport Limited | An internet interface system |
| US7801775B1 (en) | 1999-03-29 | 2010-09-21 | Amazon.Com, Inc. | Method and system for authenticating users when conducting commercial transactions using a computer |
| US7249377B1 (en) * | 1999-03-31 | 2007-07-24 | International Business Machines Corporation | Method for client delegation of security to a proxy |
| US20040083184A1 (en) * | 1999-04-19 | 2004-04-29 | First Data Corporation | Anonymous card transactions |
| US7313381B1 (en) * | 1999-05-03 | 2007-12-25 | Nokia Corporation | Sim based authentication as payment method in public ISP access networks |
| US6227447B1 (en) * | 1999-05-10 | 2001-05-08 | First Usa Bank, Na | Cardless payment system |
| AU4979400A (en) * | 1999-05-14 | 2000-12-05 | Pivia, Inc. | Applications and services supported by a client-server independent intermediary mechanism |
| US7305473B2 (en) * | 1999-05-28 | 2007-12-04 | The Coca-Cola Company | Provision of transparent proxy services to a user of a client device |
| US7752535B2 (en) * | 1999-06-01 | 2010-07-06 | Yodlec.com, Inc. | Categorization of summarized information |
| US7146505B1 (en) | 1999-06-01 | 2006-12-05 | America Online, Inc. | Secure data exchange between date processing systems |
| US7120927B1 (en) * | 1999-06-09 | 2006-10-10 | Siemens Communications, Inc. | System and method for e-mail alias registration |
| US6754183B1 (en) * | 1999-06-14 | 2004-06-22 | Sun Microsystems, Inc. | System and method for integrating a vehicle subnetwork into a primary network |
| US7058817B1 (en) | 1999-07-02 | 2006-06-06 | The Chase Manhattan Bank | System and method for single sign on process for websites with multiple applications and services |
| US6401125B1 (en) * | 1999-08-05 | 2002-06-04 | Nextpage, Inc. | System and method for maintaining state information between a web proxy server and its clients |
| MXPA01004206A (en) * | 1999-08-27 | 2002-06-04 | Netspend Corp | An online purchase system and method. |
| US7343351B1 (en) * | 1999-08-31 | 2008-03-11 | American Express Travel Related Services Company, Inc. | Methods and apparatus for conducting electronic transactions |
| US6732113B1 (en) * | 1999-09-20 | 2004-05-04 | Verispan, L.L.C. | System and method for generating de-identified health care data |
| AU7596500A (en) | 1999-09-20 | 2001-04-24 | Quintiles Transnational Corporation | System and method for analyzing de-identified health care data |
| US7401115B1 (en) | 2000-10-23 | 2008-07-15 | Aol Llc | Processing selected browser requests |
| AU1244201A (en) * | 1999-10-26 | 2001-05-08 | Eugene A. Fusz | Method and apparatus for anonymous data profiling |
| WO2001037517A2 (en) | 1999-11-03 | 2001-05-25 | Wayport, Inc. | Distributed network communication system which enables multiple network providers to use a common distributed network infrastructure |
| WO2001033477A2 (en) | 1999-11-04 | 2001-05-10 | Jpmorgan Chase Bank | System and method for automated financial project management |
| JP4207337B2 (en) * | 1999-11-11 | 2009-01-14 | ソニー株式会社 | Communication system and communication method |
| US7020845B1 (en) * | 1999-11-15 | 2006-03-28 | Gottfurcht Elliot A | Navigating internet content on a television using a simplified interface and a remote control |
| US6600497B1 (en) * | 1999-11-15 | 2003-07-29 | Elliot A. Gottfurcht | Apparatus and method to navigate interactive television using unique inputs with a remote control |
| AU3083501A (en) * | 1999-11-24 | 2001-06-04 | Geopartners Research, Inc. | Method and system for disclosing personal data while protecting personal privacy |
| US8571975B1 (en) | 1999-11-24 | 2013-10-29 | Jpmorgan Chase Bank, N.A. | System and method for sending money via E-mail over the internet |
| US10275780B1 (en) | 1999-11-24 | 2019-04-30 | Jpmorgan Chase Bank, N.A. | Method and apparatus for sending a rebate via electronic mail over the internet |
| US7437550B2 (en) | 1999-12-02 | 2008-10-14 | Ponoi Corp. | System for providing session-based network privacy, private, persistent storage, and discretionary access control for sharing private data |
| US8793160B2 (en) | 1999-12-07 | 2014-07-29 | Steve Sorem | System and method for processing transactions |
| US7720712B1 (en) | 1999-12-23 | 2010-05-18 | Amazon.Com, Inc. | Placing a purchase order using one of multiple procurement options |
| US6601170B1 (en) | 1999-12-30 | 2003-07-29 | Clyde Riley Wallace, Jr. | Secure internet user state creation method and system with user supplied key and seeding |
| WO2001050353A1 (en) * | 2000-01-04 | 2001-07-12 | Ma'at | System and method for anonymous observation and use of premium content |
| US7870065B2 (en) | 2000-01-05 | 2011-01-11 | Uniteller Financial Services, Inc. | Money-transfer techniques |
| US6938013B1 (en) * | 2000-01-05 | 2005-08-30 | Uniteller Financial Services, Inc. | Money-transfer techniques |
| US7720754B1 (en) | 2000-01-05 | 2010-05-18 | Uniteller Financial Services, Inc. | Money-transfer techniques |
| US6934757B1 (en) * | 2000-01-06 | 2005-08-23 | International Business Machines Corporation | Method and system for cross-domain service invocation using a single data handle associated with the stored common data and invocation-specific data |
| AU2001230821A1 (en) * | 2000-01-13 | 2001-07-24 | Yodlee.Com, Inc. | Method and apparatus for automatically filling on-line forms by a third-party server |
| US20010037359A1 (en) * | 2000-02-04 | 2001-11-01 | Mockett Gregory P. | System and method for a server-side browser including markup language graphical user interface, dynamic markup language rewriter engine and profile engine |
| CA2298194A1 (en) * | 2000-02-07 | 2001-08-07 | Profilium Inc. | Method and system for delivering and targeting advertisements over wireless networks |
| US6711682B1 (en) * | 2000-02-09 | 2004-03-23 | Microsoft Corporation | Online service registration system and method |
| US6867789B1 (en) * | 2000-02-15 | 2005-03-15 | Bank One, Delaware, National Association | System and method for generating graphical user interfaces |
| US7644124B1 (en) * | 2000-02-15 | 2010-01-05 | Porter Swain W | Privacy enhanced methods and apparatuses for conducting electronic communications |
| US7249157B2 (en) * | 2000-02-16 | 2007-07-24 | Bea Systems, Inc. | Collaboration system for exchanging of data between electronic participants via collaboration space by using a URL to identify a combination of both collaboration space and business protocol |
| WO2001061967A2 (en) * | 2000-02-17 | 2001-08-23 | Telegea.Com, Inc. | Systems and methods for supporting on-line delivery of communication services |
| US7421395B1 (en) * | 2000-02-18 | 2008-09-02 | Microsoft Corporation | System and method for producing unique account names |
| US7203315B1 (en) | 2000-02-22 | 2007-04-10 | Paul Owen Livesay | Methods and apparatus for providing user anonymity in online transactions |
| US20070229222A1 (en) * | 2000-02-22 | 2007-10-04 | Leeds Richard A | System and method for presenting customized selections over a computer network |
| WO2001065494A2 (en) * | 2000-02-28 | 2001-09-07 | Sprarkcharge, Inc. | System, and method for prepaid anonymous and pseudonymous credit card type transactions |
| WO2001065380A1 (en) * | 2000-02-29 | 2001-09-07 | Iprivacy Llc | Anonymous and private browsing of web-sites through private portals |
| AU2001238588A1 (en) * | 2000-02-29 | 2001-09-12 | Iprivacy Llc | Method and system for user defined filtering of communications to anonymous users in a computer network |
| US7328172B2 (en) * | 2000-03-03 | 2008-02-05 | Gxs, Inc. | Provision of electronic commerce services |
| GB2375697B (en) * | 2000-03-17 | 2004-03-24 | Decode Genetics Ehf | Automatic identity protection system with remote third party monitoring |
| US7493655B2 (en) * | 2000-03-22 | 2009-02-17 | Comscore Networks, Inc. | Systems for and methods of placing user identification in the header of data packets usable in user demographic reporting and collecting usage data |
| US7260837B2 (en) * | 2000-03-22 | 2007-08-21 | Comscore Networks, Inc. | Systems and methods for user identification, user demographic reporting and collecting usage data usage biometrics |
| US7181412B1 (en) * | 2000-03-22 | 2007-02-20 | Comscore Networks Inc. | Systems and methods for collecting consumer data |
| US20030046332A1 (en) * | 2000-03-22 | 2003-03-06 | Maximilian Riegel | Method and communication system for providing geographic data during the retrieval of information from the www/wap |
| US7930285B2 (en) | 2000-03-22 | 2011-04-19 | Comscore, Inc. | Systems for and methods of user demographic reporting usable for identifying users and collecting usage data |
| US6978373B1 (en) * | 2000-03-22 | 2005-12-20 | International Business Machines Corporation | Methods systems and computer program products for providing secure client profile completion by network intermediaries |
| JP2001273257A (en) * | 2000-03-23 | 2001-10-05 | Nippon Telegr & Teleph Corp <Ntt> | Proxy authentication server |
| US9514459B1 (en) * | 2000-03-24 | 2016-12-06 | Emc Corporation | Identity broker tools and techniques for use with forward proxy computers |
| GB2361153A (en) * | 2000-04-04 | 2001-10-10 | Global Knowledge Network Ltd | User security, privacy and anonymity on the Internet |
| US7209959B1 (en) | 2000-04-04 | 2007-04-24 | Wk Networks, Inc. | Apparatus, system, and method for communicating to a network through a virtual domain providing anonymity to a client communicating on the network |
| US6952769B1 (en) * | 2000-04-17 | 2005-10-04 | International Business Machines Corporation | Protocols for anonymous electronic communication and double-blind transactions |
| US6802007B1 (en) | 2000-04-24 | 2004-10-05 | International Business Machines Corporation | Privacy and security for smartcards in a method, system and program |
| US6981028B1 (en) | 2000-04-28 | 2005-12-27 | Obongo, Inc. | Method and system of implementing recorded data for automating internet interactions |
| US6746371B1 (en) * | 2000-04-28 | 2004-06-08 | International Business Machines Corporation | Managing fitness activity across diverse exercise machines utilizing a portable computer system |
| US7822635B1 (en) | 2000-04-28 | 2010-10-26 | International Business Machines Corporation | Managing consumer preferences with a portable data processing system |
| US20060004663A1 (en) * | 2000-05-12 | 2006-01-05 | Singhal Tara C | Method and apparatus for a private information system and service transactions that minimize theft of identity data |
| US7475404B2 (en) | 2000-05-18 | 2009-01-06 | Maquis Techtrix Llc | System and method for implementing click-through for browser executed software including ad proxy and proxy cookie caching |
| US8086697B2 (en) | 2005-06-28 | 2011-12-27 | Claria Innovations, Llc | Techniques for displaying impressions in documents delivered over a computer network |
| US7509490B1 (en) * | 2000-05-26 | 2009-03-24 | Symantec Corporation | Method and apparatus for encrypted communications to a secure server |
| US7673329B2 (en) * | 2000-05-26 | 2010-03-02 | Symantec Corporation | Method and apparatus for encrypted communications to a secure server |
| US7225169B1 (en) * | 2000-05-26 | 2007-05-29 | International Business Machines Corporation | Method and system for commerce with full anonymity |
| AU6397301A (en) * | 2000-05-29 | 2001-12-11 | Nokia Networks Oy | Synchronization method |
| US7426530B1 (en) | 2000-06-12 | 2008-09-16 | Jpmorgan Chase Bank, N.A. | System and method for providing customers with seamless entry to a remote server |
| US10185936B2 (en) | 2000-06-22 | 2019-01-22 | Jpmorgan Chase Bank, N.A. | Method and system for processing internet payments |
| WO2001099359A1 (en) * | 2000-06-22 | 2001-12-27 | Migration Systems Ag | Data transfere device |
| US6983379B1 (en) * | 2000-06-30 | 2006-01-03 | Hitwise Pty. Ltd. | Method and system for monitoring online behavior at a remote site and creating online behavior profiles |
| US8041817B2 (en) | 2000-06-30 | 2011-10-18 | At&T Intellectual Property I, Lp | Anonymous location service for wireless networks |
| US6675017B1 (en) | 2000-06-30 | 2004-01-06 | Bellsouth Intellectual Property Corporation | Location blocking service for wireless networks |
| AU2001271487A1 (en) * | 2000-06-30 | 2002-01-14 | Real Media, Inc. | System and method for delivering advertisement information on a data network with enhanced user privacy |
| US6738808B1 (en) * | 2000-06-30 | 2004-05-18 | Bell South Intellectual Property Corporation | Anonymous location service for wireless networks |
| WO2002003219A1 (en) * | 2000-06-30 | 2002-01-10 | Plurimus Corporation | Method and system for monitoring online computer network behavior and creating online behavior profiles |
| US7349967B2 (en) * | 2000-07-21 | 2008-03-25 | Samsung Electronics Co., Ltd. | Architecture for home network on world wide web with private-public IP address/URL mapping |
| SG97905A1 (en) * | 2000-07-28 | 2003-08-20 | Singapore Comp Systems Ltd | Method and apparatus for accessing web pages |
| WO2002011019A1 (en) | 2000-08-01 | 2002-02-07 | First Usa Bank, N.A. | System and method for transponder-enabled account transactions |
| EP1178409A1 (en) * | 2000-08-01 | 2002-02-06 | DR. Riccardo Genghini Studio Notarile Genghini | Cookiemanager to control the exchange of cookies in an Internet client-server computersystem |
| US7796998B1 (en) | 2000-08-01 | 2010-09-14 | At&T Intellectual Property, I, L.P. | Method and system for delivery of a calling party's location |
| US7257581B1 (en) | 2000-08-04 | 2007-08-14 | Guardian Networks, Llc | Storage, management and distribution of consumer information |
| US9928508B2 (en) | 2000-08-04 | 2018-03-27 | Intellectual Ventures I Llc | Single sign-on for access to a central data repository |
| US8566248B1 (en) | 2000-08-04 | 2013-10-22 | Grdn. Net Solutions, Llc | Initiation of an information transaction over a network via a wireless device |
| US6985963B1 (en) * | 2000-08-23 | 2006-01-10 | At Home Corporation | Sharing IP network resources |
| US7437312B2 (en) * | 2000-08-23 | 2008-10-14 | Bizrate.Com | Method for context personalized web browsing |
| TW515988B (en) * | 2000-09-14 | 2003-01-01 | Synq Technology Inc | Segmented registration system and the method thereof |
| US8335855B2 (en) | 2001-09-19 | 2012-12-18 | Jpmorgan Chase Bank, N.A. | System and method for portal infrastructure tracking |
| US7865569B1 (en) | 2000-09-26 | 2011-01-04 | Juniper Networks, Inc. | Method and system for modifying script portions of requests for remote resources |
| US7136896B1 (en) | 2000-09-26 | 2006-11-14 | Juniper Networks, Inc. | Dynamic toolbar for markup language document |
| US7085817B1 (en) | 2000-09-26 | 2006-08-01 | Juniper Networks, Inc. | Method and system for modifying requests for remote resources |
| US7774455B1 (en) | 2000-09-26 | 2010-08-10 | Juniper Networks, Inc. | Method and system for providing secure access to private networks |
| WO2002027552A2 (en) * | 2000-09-26 | 2002-04-04 | Neoteris, Inc. | Enhanced browsing environment |
| US20050137971A1 (en) * | 2000-10-02 | 2005-06-23 | Ibm Corporation | Personally customizable credit card accounts |
| US20020073165A1 (en) * | 2000-10-23 | 2002-06-13 | Pingpong Technology, Inc. | Real-time context-sensitive customization of user-requested content |
| US20030069857A1 (en) * | 2000-10-23 | 2003-04-10 | Junda Laurence E. | Proxy system for customer confidentiality |
| WO2002035314A2 (en) * | 2000-10-24 | 2002-05-02 | Doubleclick, Inc. | Method and system for sharing anonymous user information |
| JP3520365B2 (en) * | 2000-10-30 | 2004-04-19 | 学校法人 高知工科大学 | Information communication system |
| WO2002037220A2 (en) * | 2000-10-31 | 2002-05-10 | Contextweb | Internet contextual communication system |
| US7277961B1 (en) | 2000-10-31 | 2007-10-02 | Iprivacy, Llc | Method and system for obscuring user access patterns using a buffer memory |
| FR2816417B1 (en) * | 2000-11-06 | 2003-09-26 | Enrico Cartocci | METHOD AND SYSTEM FOR EXTENDING THE FIELD OF PUBLIC ADDRESSES ATTRIBUTABLE TO A CONNECTION TO THE INTERNET NETWORK AND THEIR APPLICATION TO THE FIGHT AGAINST THE ILLEGAL DISTRIBUTION OF PROTECTED WORKS |
| JP5576005B2 (en) * | 2000-11-07 | 2014-08-20 | 株式会社三菱東京Ufj銀行 | Authentication agent device |
| US7996288B1 (en) | 2000-11-15 | 2011-08-09 | Iprivacy, Llc | Method and system for processing recurrent consumer transactions |
| WO2002042982A2 (en) * | 2000-11-27 | 2002-05-30 | Nextworth, Inc. | Anonymous transaction system |
| US7206854B2 (en) * | 2000-12-11 | 2007-04-17 | General Instrument Corporation | Seamless arbitrary data insertion for streaming media |
| JP2002183003A (en) * | 2000-12-12 | 2002-06-28 | Nec Corp | System and method for provider access, and recording medium |
| US7181225B1 (en) | 2000-12-19 | 2007-02-20 | Bellsouth Intellectual Property Corporation | System and method for surveying wireless device users by location |
| US7085555B2 (en) | 2000-12-19 | 2006-08-01 | Bellsouth Intellectual Property Corporation | Location blocking service from a web advertiser |
| US7224978B2 (en) | 2000-12-19 | 2007-05-29 | Bellsouth Intellectual Property Corporation | Location blocking service from a wireless service provider |
| US7116977B1 (en) | 2000-12-19 | 2006-10-03 | Bellsouth Intellectual Property Corporation | System and method for using location information to execute an action |
| US7245925B2 (en) | 2000-12-19 | 2007-07-17 | At&T Intellectual Property, Inc. | System and method for using location information to execute an action |
| US7110749B2 (en) | 2000-12-19 | 2006-09-19 | Bellsouth Intellectual Property Corporation | Identity blocking service from a wireless service provider |
| US7428411B2 (en) | 2000-12-19 | 2008-09-23 | At&T Delaware Intellectual Property, Inc. | Location-based security rules |
| US7130630B1 (en) | 2000-12-19 | 2006-10-31 | Bellsouth Intellectual Property Corporation | Location query service for wireless networks |
| US7475151B2 (en) | 2000-12-22 | 2009-01-06 | Oracle International Corporation | Policies for modifying group membership |
| US7415607B2 (en) | 2000-12-22 | 2008-08-19 | Oracle International Corporation | Obtaining and maintaining real time certificate status |
| US7085834B2 (en) | 2000-12-22 | 2006-08-01 | Oracle International Corporation | Determining a user's groups |
| US7548888B2 (en) * | 2000-12-22 | 2009-06-16 | Schutz Jared P | Digital computer system and methods for implementing a financial transaction |
| US7937655B2 (en) | 2000-12-22 | 2011-05-03 | Oracle International Corporation | Workflows with associated processes |
| US7349912B2 (en) | 2000-12-22 | 2008-03-25 | Oracle International Corporation | Runtime modification of entries in an identity system |
| US7363339B2 (en) * | 2000-12-22 | 2008-04-22 | Oracle International Corporation | Determining group membership |
| US8015600B2 (en) | 2000-12-22 | 2011-09-06 | Oracle International Corporation | Employing electronic certificate workflows |
| US7213249B2 (en) * | 2000-12-22 | 2007-05-01 | Oracle International Corporation | Blocking cache flush requests until completing current pending requests in a local server and remote server |
| US7581011B2 (en) | 2000-12-22 | 2009-08-25 | Oracle International Corporation | Template based workflow definition |
| US7380008B2 (en) * | 2000-12-22 | 2008-05-27 | Oracle International Corporation | Proxy system |
| US7711818B2 (en) | 2000-12-22 | 2010-05-04 | Oracle International Corporation | Support for multiple data stores |
| US7802174B2 (en) | 2000-12-22 | 2010-09-21 | Oracle International Corporation | Domain based workflows |
| JP2002197005A (en) * | 2000-12-26 | 2002-07-12 | Ntt Docomo Inc | Service surrogate control method |
| US7054906B2 (en) * | 2000-12-29 | 2006-05-30 | Levosky Michael P | System and method for controlling and organizing Email |
| US8396810B1 (en) * | 2000-12-29 | 2013-03-12 | Zixit Corporation | Centralized authorization and fraud-prevention system including virtual wallet for network-based transactions |
| US20020087621A1 (en) * | 2000-12-29 | 2002-07-04 | Hendriks Chris L. | Method and system to manage internet user navigation data |
| US7076538B2 (en) * | 2001-01-12 | 2006-07-11 | Lenovo (Singapore) Pte. Ltd. | Method and system for disguising a computer system's identity on a network |
| US20020099832A1 (en) * | 2001-01-22 | 2002-07-25 | Tal Yaegerman | Method for accessing the internet |
| US20020138448A1 (en) * | 2001-01-22 | 2002-09-26 | Younouzov Mehmed K. | Method and apparatus for a virtual e-box |
| US7039721B1 (en) | 2001-01-26 | 2006-05-02 | Mcafee, Inc. | System and method for protecting internet protocol addresses |
| US8812666B2 (en) | 2001-01-29 | 2014-08-19 | Da Capital Fund Limited Liability Company | Remote proxy server agent |
| US7305697B2 (en) | 2001-02-02 | 2007-12-04 | Opentv, Inc. | Service gateway for interactive television |
| US20020111910A1 (en) * | 2001-02-12 | 2002-08-15 | Avenue A, Inc. | Method and facility for preserving internet privacy |
| US20020112013A1 (en) * | 2001-02-12 | 2002-08-15 | Fiona Walsh | Method for generating commercial email communications while preserving Internet privacy |
| US6606690B2 (en) | 2001-02-20 | 2003-08-12 | Hewlett-Packard Development Company, L.P. | System and method for accessing a storage area network as network attached storage |
| US20020120782A1 (en) * | 2001-02-26 | 2002-08-29 | Douglas Dillon | Transparent proxying enhancement |
| US20020138596A1 (en) * | 2001-03-09 | 2002-09-26 | Matthew Darwin | Method to proxy IP services |
| WO2002076041A2 (en) * | 2001-03-20 | 2002-09-26 | Koninklijke Philips Electronics N.V. | Beacon network |
| US20020152272A1 (en) * | 2001-04-12 | 2002-10-17 | Rahav Yairi | Method for managing multiple dynamic e-mail aliases |
| AU2002339711A1 (en) * | 2001-04-20 | 2002-12-03 | Ponoi Corp. | System and method for secure and private communication |
| US8849716B1 (en) | 2001-04-20 | 2014-09-30 | Jpmorgan Chase Bank, N.A. | System and method for preventing identity theft or misuse by restricting access |
| US8095597B2 (en) | 2001-05-01 | 2012-01-10 | Aol Inc. | Method and system of automating data capture from electronic correspondence |
| US8701170B1 (en) | 2001-05-11 | 2014-04-15 | Kount Inc. | System for secure enrollment and secure verification of network users by a centralized identification service |
| US20020184327A1 (en) | 2001-05-11 | 2002-12-05 | Major Robert Drew | System and method for partitioning address space in a proxy cache server cluster |
| US7313546B2 (en) | 2001-05-23 | 2007-12-25 | Jp Morgan Chase Bank, N.A. | System and method for currency selectable stored value instrument |
| JP2002366819A (en) * | 2001-05-31 | 2002-12-20 | Hewlett Packard Co <Hp> | Distribution system for electronic coupon based upon identifier |
| US7730528B2 (en) * | 2001-06-01 | 2010-06-01 | Symantec Corporation | Intelligent secure data manipulation apparatus and method |
| WO2002099598A2 (en) | 2001-06-07 | 2002-12-12 | First Usa Bank, N.A. | System and method for rapid updating of credit information |
| US6937976B2 (en) * | 2001-07-09 | 2005-08-30 | Hewlett-Packard Development Company, L.P. | Method and system for temporary network identity |
| US7266839B2 (en) | 2001-07-12 | 2007-09-04 | J P Morgan Chase Bank | System and method for providing discriminated content to network users |
| US7827278B2 (en) * | 2001-07-23 | 2010-11-02 | At&T Intellectual Property Ii, L.P. | System for automated connection to virtual private networks related applications |
| US8239531B1 (en) * | 2001-07-23 | 2012-08-07 | At&T Intellectual Property Ii, L.P. | Method and apparatus for connection to virtual private networks for secure transactions |
| US7827292B2 (en) * | 2001-07-23 | 2010-11-02 | At&T Intellectual Property Ii, L.P. | Flexible automated connection to virtual private networks |
| AU2002327322A1 (en) | 2001-07-24 | 2003-02-17 | First Usa Bank, N.A. | Multiple account card and transaction routing |
| US20030055872A1 (en) * | 2001-08-03 | 2003-03-20 | Wizsoft Ltd. | System and method for enabling a secure e-commerce server |
| JP2003050932A (en) * | 2001-08-06 | 2003-02-21 | Fuji Bolt Seisakusho:Kk | Method and device for communication data relaying, and method and device for substitutional purchase by relaying of communication data |
| US7311244B1 (en) | 2001-08-13 | 2007-12-25 | Jpmorgan Chase Bank, N.A. | System and method for funding a collective account by use of an electronic tag |
| US8020754B2 (en) | 2001-08-13 | 2011-09-20 | Jpmorgan Chase Bank, N.A. | System and method for funding a collective account by use of an electronic tag |
| US8800857B1 (en) | 2001-08-13 | 2014-08-12 | Jpmorgan Chase Bank, N.A. | System and method for crediting loyalty program points and providing loyalty rewards by use of an electronic tag |
| FI115419B (en) | 2001-08-20 | 2005-04-29 | Helsingin Kauppakorkeakoulu | User-specific personalization of information services |
| FI115420B (en) | 2001-08-20 | 2005-04-29 | Helsingin Kauppakorkeakoulu | User-specific personalization of information services |
| US7313815B2 (en) * | 2001-08-30 | 2007-12-25 | Cisco Technology, Inc. | Protecting against spoofed DNS messages |
| US20030050964A1 (en) * | 2001-09-07 | 2003-03-13 | Philippe Debaty | Method and system for context manager proxy |
| WO2003027798A2 (en) * | 2001-09-21 | 2003-04-03 | First Usa Bank, N.A. | Method for providing cardless payment |
| US7103576B2 (en) | 2001-09-21 | 2006-09-05 | First Usa Bank, Na | System for providing cardless payment |
| US7032017B2 (en) * | 2001-09-25 | 2006-04-18 | Intel Corporation | Identifying unique web visitors behind proxy servers |
| US7472091B2 (en) * | 2001-10-03 | 2008-12-30 | Accenture Global Services Gmbh | Virtual customer database |
| US7552222B2 (en) * | 2001-10-18 | 2009-06-23 | Bea Systems, Inc. | Single system user identity |
| US7516440B2 (en) * | 2001-10-18 | 2009-04-07 | Bea Systems, Inc. | System and method for providing a java interface to an application view component |
| US20030084172A1 (en) | 2001-10-29 | 2003-05-01 | Sun Microsystem, Inc., A Delaware Corporation | Identification and privacy in the World Wide Web |
| US7275260B2 (en) | 2001-10-29 | 2007-09-25 | Sun Microsystems, Inc. | Enhanced privacy protection in identification in a data communications network |
| CA2466071C (en) | 2001-11-01 | 2016-04-12 | Bank One, Delaware, N.A. | System and method for establishing or modifying an account with user selectable terms |
| US7631084B2 (en) | 2001-11-02 | 2009-12-08 | Juniper Networks, Inc. | Method and system for providing secure access to private networks with client redirection |
| US7146403B2 (en) | 2001-11-02 | 2006-12-05 | Juniper Networks, Inc. | Dual authentication of a requestor using a mail server and an authentication server |
| US7225256B2 (en) | 2001-11-30 | 2007-05-29 | Oracle International Corporation | Impersonation in an access system |
| US7987501B2 (en) | 2001-12-04 | 2011-07-26 | Jpmorgan Chase Bank, N.A. | System and method for single session sign-on |
| GB0129767D0 (en) * | 2001-12-12 | 2002-01-30 | Euro Celtique Sa | Medical after sales support |
| US20030115153A1 (en) * | 2001-12-19 | 2003-06-19 | Chen Li | Identifier management in message transmission system |
| US20070061472A1 (en) * | 2001-12-19 | 2007-03-15 | Chen Li | Identifier management in message transmission system |
| NL1019618C2 (en) * | 2001-12-20 | 2003-06-24 | Koninkl Kpn Nv | Method, system and agent for sending information over a communication network. |
| US20030120608A1 (en) * | 2001-12-21 | 2003-06-26 | Jorge Pereyra | Secure method for purchasing and payment over a communication network and method for delivering goods anonymously |
| US6961783B1 (en) | 2001-12-21 | 2005-11-01 | Networks Associates Technology, Inc. | DNS server access control system and method |
| US7076555B1 (en) | 2002-01-23 | 2006-07-11 | Novell, Inc. | System and method for transparent takeover of TCP connections between servers |
| US7996517B2 (en) * | 2002-01-23 | 2011-08-09 | Novell, Inc. | Transparent network connection takeover |
| US7093291B2 (en) * | 2002-01-28 | 2006-08-15 | Bailey Ronn H | Method and system for detecting and preventing an intrusion in multiple platform computing environments |
| US7941533B2 (en) | 2002-02-19 | 2011-05-10 | Jpmorgan Chase Bank, N.A. | System and method for single sign-on session management without central server |
| US7516447B2 (en) | 2002-02-22 | 2009-04-07 | Bea Systems, Inc. | Methods and apparatus for building, customizing and using software abstractions of external entities |
| US8392301B1 (en) | 2002-03-08 | 2013-03-05 | Jpmorgan Chase Bank, N.A. | Financial system for isolated economic environment |
| US7756896B1 (en) | 2002-03-11 | 2010-07-13 | Jp Morgan Chase Bank | System and method for multi-dimensional risk analysis |
| US20180165441A1 (en) | 2002-03-25 | 2018-06-14 | Glenn Cobourn Everhart | Systems and methods for multifactor authentication |
| US7899753B1 (en) | 2002-03-25 | 2011-03-01 | Jpmorgan Chase Bank, N.A | Systems and methods for time variable financial authentication |
| US20040210498A1 (en) | 2002-03-29 | 2004-10-21 | Bank One, National Association | Method and system for performing purchase and other transactions using tokens with multiple chips |
| US8751391B2 (en) | 2002-03-29 | 2014-06-10 | Jpmorgan Chase Bank, N.A. | System and process for performing purchase transactions using tokens |
| US20030191814A1 (en) * | 2002-04-03 | 2003-10-09 | Luu Tran | Personalization in a wireless portal server |
| US7016959B2 (en) * | 2002-04-11 | 2006-03-21 | International Business Machines Corporation | Self service single sign on management system allowing user to amend user directory to include user chosen resource name and resource security data |
| US7526519B2 (en) | 2002-05-01 | 2009-04-28 | Bea Systems, Inc. | High availability application view deployment |
| US7519976B2 (en) * | 2002-05-01 | 2009-04-14 | Bea Systems, Inc. | Collaborative business plug-in framework |
| US7257645B2 (en) | 2002-05-01 | 2007-08-14 | Bea Systems, Inc. | System and method for storing large messages |
| US8135772B2 (en) | 2002-05-01 | 2012-03-13 | Oracle International Corporation | Single servlets for B2B message routing |
| US7350184B2 (en) * | 2002-05-02 | 2008-03-25 | Bea Systems, Inc. | System and method for enterprise application interactions |
| US7676538B2 (en) | 2002-05-02 | 2010-03-09 | Bea Systems, Inc. | Systems and methods for application view transactions |
| US7493628B2 (en) * | 2002-05-02 | 2009-02-17 | Bea Systems, Inc. | Shared common connection factory |
| US7484224B2 (en) * | 2002-05-02 | 2009-01-27 | Bae Systems, Inc. | Adapter deployment without recycle |
| US7222148B2 (en) | 2002-05-02 | 2007-05-22 | Bea Systems, Inc. | System and method for providing highly available processing of asynchronous service requests |
| US7165249B2 (en) * | 2002-05-02 | 2007-01-16 | Bea Systems, Inc. | Systems and methods for modular component deployment |
| US7627631B2 (en) | 2002-05-02 | 2009-12-01 | Bea Systems, Inc. | Systems and methods for collaborative business plug-ins |
| EP1506484A4 (en) * | 2002-05-08 | 2006-05-03 | Canon Kk | Information processing apparatus, information processing system, information processing method, storage medium, and program |
| US7450742B2 (en) | 2002-05-08 | 2008-11-11 | Canon Kabushiki Kaisha | Information processing apparatus, information processing system, information processing method, storage medium, and program |
| US6928619B2 (en) * | 2002-05-10 | 2005-08-09 | Microsoft Corporation | Method and apparatus for managing input focus and z-order |
| US7840658B2 (en) | 2002-05-15 | 2010-11-23 | Oracle International Corporation | Employing job code attributes in provisioning |
| US7216163B2 (en) | 2002-05-15 | 2007-05-08 | Oracle International Corporation | Method and apparatus for provisioning tasks using a provisioning bridge server |
| WO2003104947A2 (en) | 2002-06-06 | 2003-12-18 | Hardt Dick C | Distributed hierarchical identity management |
| WO2003105010A1 (en) | 2002-06-06 | 2003-12-18 | Neoteris, Inc. | Method and system for providing secure access to private networks |
| US6988099B2 (en) * | 2002-06-27 | 2006-01-17 | Bea Systems, Inc. | Systems and methods for maintaining transactional persistence |
| ATE375670T1 (en) * | 2002-07-01 | 2007-10-15 | Ericsson Telefon Ab L M | ARRANGEMENT AND METHOD FOR PROTECTING END USER DATA |
| US7360210B1 (en) | 2002-07-03 | 2008-04-15 | Sprint Spectrum L.P. | Method and system for dynamically varying intermediation functions in a communication path between a content server and a client station |
| US7568002B1 (en) | 2002-07-03 | 2009-07-28 | Sprint Spectrum L.P. | Method and system for embellishing web content during transmission between a content server and a client station |
| US7801945B1 (en) | 2002-07-03 | 2010-09-21 | Sprint Spectrum L.P. | Method and system for inserting web content through intermediation between a content server and a client station |
| US8239304B1 (en) | 2002-07-29 | 2012-08-07 | Jpmorgan Chase Bank, N.A. | Method and system for providing pre-approved targeted products |
| EP1388986A1 (en) * | 2002-08-06 | 2004-02-11 | Hewlett Packard Company, a Delaware Corporation | Process for protecting personal identification data in a network by associating substitute identifiers |
| US20040049467A1 (en) * | 2002-09-11 | 2004-03-11 | Blair Jeffrey D. | Single account world wide web/internet authentication/purchase system and method |
| US7809595B2 (en) | 2002-09-17 | 2010-10-05 | Jpmorgan Chase Bank, Na | System and method for managing risks associated with outside service providers |
| KR20070108249A (en) * | 2002-09-30 | 2007-11-08 | 마츠시타 덴끼 산교 가부시키가이샤 | Information processing system, server apparatus, electronic equipment, computer-readable recording medium, and information processing method |
| US7058660B2 (en) | 2002-10-02 | 2006-06-06 | Bank One Corporation | System and method for network-based project management |
| US8301493B2 (en) | 2002-11-05 | 2012-10-30 | Jpmorgan Chase Bank, N.A. | System and method for providing incentives to consumers to share information |
| US7603341B2 (en) | 2002-11-05 | 2009-10-13 | Claria Corporation | Updating the content of a presentation vehicle in a computer network |
| DE60223060D1 (en) | 2002-12-13 | 2007-11-29 | Hewlett Packard Co | System and method for privacy protection |
| TW587226B (en) * | 2002-12-26 | 2004-05-11 | Min-Jie Su | Card verification and authorization system and method thereof |
| WO2004059940A1 (en) * | 2002-12-30 | 2004-07-15 | Koninklijke Philips Electronics N.V. | Anonymous log-in from an information carrier player to a web server |
| US20040128259A1 (en) * | 2002-12-31 | 2004-07-01 | Blakeley Douglas Burnette | Method for ensuring privacy in electronic transactions with session key blocks |
| US7650591B2 (en) | 2003-01-24 | 2010-01-19 | Bea Systems, Inc. | Marshaling and un-marshaling data types in XML and Java |
| GB0302263D0 (en) * | 2003-01-31 | 2003-03-05 | Roke Manor Research | Secure network browsing |
| US7774697B2 (en) | 2003-02-25 | 2010-08-10 | Bea Systems, Inc. | System and method for structuring distributed applications |
| US7293038B2 (en) * | 2003-02-25 | 2007-11-06 | Bea Systems, Inc. | Systems and methods for client-side filtering of subscribed messages |
| US7752599B2 (en) * | 2003-02-25 | 2010-07-06 | Bea Systems Inc. | Systems and methods extending an existing programming language with constructs |
| US7539985B2 (en) | 2003-02-26 | 2009-05-26 | Bea Systems, Inc. | Systems and methods for dynamic component versioning |
| US7707564B2 (en) * | 2003-02-26 | 2010-04-27 | Bea Systems, Inc. | Systems and methods for creating network-based software services using source code annotations |
| US7076772B2 (en) | 2003-02-26 | 2006-07-11 | Bea Systems, Inc. | System and method for multi-language extensible compiler framework |
| US7650276B2 (en) * | 2003-02-26 | 2010-01-19 | Bea Systems, Inc. | System and method for dynamic data binding in distributed applications |
| US7299454B2 (en) * | 2003-02-26 | 2007-11-20 | Bea Systems, Inc. | Method for multi-language debugging |
| US8032860B2 (en) | 2003-02-26 | 2011-10-04 | Oracle International Corporation | Methods for type-independent source code editing |
| US20040225995A1 (en) * | 2003-02-28 | 2004-11-11 | Kyle Marvin | Reusable software controls |
| US7636722B2 (en) * | 2003-02-28 | 2009-12-22 | Bea Systems, Inc. | System and method for describing application extensions in XML |
| US7444620B2 (en) * | 2003-02-28 | 2008-10-28 | Bea Systems, Inc. | Systems and methods for a common runtime container framework |
| US20050044173A1 (en) * | 2003-02-28 | 2005-02-24 | Olander Daryl B. | System and method for implementing business processes in a portal |
| US7650592B2 (en) * | 2003-03-01 | 2010-01-19 | Bea Systems, Inc. | Systems and methods for multi-view debugging environment |
| US7451113B1 (en) | 2003-03-21 | 2008-11-11 | Mighty Net, Inc. | Card management system and method |
| US7254542B2 (en) | 2003-03-31 | 2007-08-07 | International Business Machines Corporation | Portal data passing through non-persistent browser cookies |
| SG114613A1 (en) * | 2003-04-14 | 2005-09-28 | Pezzaniti Domenico | Marketing method |
| MY145237A (en) * | 2003-05-23 | 2012-01-13 | Ind Tech Res Inst | Personal authentication device and system and method thereof |
| US8306907B2 (en) | 2003-05-30 | 2012-11-06 | Jpmorgan Chase Bank N.A. | System and method for offering risk-based interest rates in a credit instrument |
| US7735122B1 (en) * | 2003-08-29 | 2010-06-08 | Novell, Inc. | Credential mapping |
| US7953663B1 (en) | 2003-09-04 | 2011-05-31 | Jpmorgan Chase Bank, N.A. | System and method for financial instrument pre-qualification and offering |
| US7770204B2 (en) * | 2003-09-30 | 2010-08-03 | Novell, Inc. | Techniques for securing electronic identities |
| US7290278B2 (en) * | 2003-10-02 | 2007-10-30 | Aol Llc, A Delaware Limited Liability Company | Identity based service system |
| US7904487B2 (en) | 2003-10-09 | 2011-03-08 | Oracle International Corporation | Translating data access requests |
| US7882132B2 (en) | 2003-10-09 | 2011-02-01 | Oracle International Corporation | Support for RDBMS in LDAP system |
| US7340447B2 (en) | 2003-10-09 | 2008-03-04 | Oracle International Corporation | Partitioning data access requests |
| US8190893B2 (en) | 2003-10-27 | 2012-05-29 | Jp Morgan Chase Bank | Portable security transaction protocol |
| US8234373B1 (en) | 2003-10-27 | 2012-07-31 | Sprint Spectrum L.P. | Method and system for managing payment for web content based on size of the web content |
| US7991843B2 (en) * | 2003-10-29 | 2011-08-02 | Nokia Corporation | System, method and computer program product for managing user identities |
| TWI290439B (en) * | 2005-11-09 | 2007-11-21 | Min-Chieh Su | Mobile communication terminal verification authorization system and method thereof |
| JP4608246B2 (en) * | 2003-11-13 | 2011-01-12 | 日本電信電話株式会社 | Anonymous communication method |
| WO2005048544A1 (en) | 2003-11-17 | 2005-05-26 | Hardt Dick C | Method and system for pseudonymous email address |
| US8170912B2 (en) | 2003-11-25 | 2012-05-01 | Carhamm Ltd., Llc | Database structure and front end |
| US7810137B1 (en) * | 2003-12-22 | 2010-10-05 | Cisco Technology, Inc. | Method of controlling network access that induces consumption of merchant goods or services |
| US7555107B2 (en) * | 2003-12-30 | 2009-06-30 | Alcatel-Lucent Usa Inc. | “Roaming” method and apparatus for use in emulating a user's “home” telecommunications environment |
| EP1723594B1 (en) * | 2004-02-23 | 2017-11-29 | Symantec International | Token authentication system and method |
| US7494925B2 (en) * | 2004-02-23 | 2009-02-24 | Micron Technology, Inc. | Method for making through-hole conductors for semiconductor substrates |
| US7091718B1 (en) * | 2004-02-27 | 2006-08-15 | Honeywell Federal Manufacturing & Technologies, Llc | System having unmodulated flux locked loop for measuring magnetic fields |
| US7814119B2 (en) * | 2004-03-19 | 2010-10-12 | Hitachi, Ltd. | Control of data linkability |
| US7853782B1 (en) | 2004-04-14 | 2010-12-14 | Sprint Spectrum L.P. | Secure intermediation system and method |
| US9172679B1 (en) | 2004-04-14 | 2015-10-27 | Sprint Spectrum L.P. | Secure intermediation system and method |
| US9245266B2 (en) | 2004-06-16 | 2016-01-26 | Callahan Cellular L.L.C. | Auditable privacy policies in a distributed hierarchical identity management system |
| US8504704B2 (en) | 2004-06-16 | 2013-08-06 | Dormarke Assets Limited Liability Company | Distributed contact information management |
| US8346593B2 (en) | 2004-06-30 | 2013-01-01 | Experian Marketing Solutions, Inc. | System, method, and software for prediction of attitudinal and message responsiveness |
| US7886345B2 (en) * | 2004-07-02 | 2011-02-08 | Emc Corporation | Password-protection module |
| US7392222B1 (en) | 2004-08-03 | 2008-06-24 | Jpmorgan Chase Bank, N.A. | System and method for providing promotional pricing |
| US8255413B2 (en) | 2004-08-19 | 2012-08-28 | Carhamm Ltd., Llc | Method and apparatus for responding to request for information-personalization |
| US8078602B2 (en) | 2004-12-17 | 2011-12-13 | Claria Innovations, Llc | Search engine for a computer network |
| US7725926B1 (en) * | 2004-08-23 | 2010-05-25 | Hewlett-Packard Development Company, L.P. | Authentication |
| US7512973B1 (en) | 2004-09-08 | 2009-03-31 | Sprint Spectrum L.P. | Wireless-access-provider intermediation to facilliate digital rights management for third party hosted content |
| US7630974B2 (en) | 2004-09-28 | 2009-12-08 | Oracle International Corporation | Multi-language support for enterprise identity and access management |
| US7600011B1 (en) | 2004-11-04 | 2009-10-06 | Sprint Spectrum L.P. | Use of a domain name server to direct web communications to an intermediation platform |
| US20060108880A1 (en) * | 2004-11-24 | 2006-05-25 | Lg Electronics Inc. | Linear compressor |
| US8219807B1 (en) * | 2004-12-17 | 2012-07-10 | Novell, Inc. | Fine grained access control for linux services |
| US8271785B1 (en) * | 2004-12-20 | 2012-09-18 | Novell, Inc. | Synthesized root privileges |
| US7693863B2 (en) | 2004-12-20 | 2010-04-06 | Claria Corporation | Method and device for publishing cross-network user behavioral data |
| US7490072B1 (en) | 2005-02-16 | 2009-02-10 | Novell, Inc. | Providing access controls |
| US8645941B2 (en) | 2005-03-07 | 2014-02-04 | Carhamm Ltd., Llc | Method for attributing and allocating revenue related to embedded software |
| JP2006253769A (en) * | 2005-03-08 | 2006-09-21 | National Institute Of Advanced Industrial & Technology | Information processing system and method |
| SE0500541L (en) * | 2005-03-08 | 2006-09-09 | Inator Kb | Authorization system and method |
| US8073866B2 (en) | 2005-03-17 | 2011-12-06 | Claria Innovations, Llc | Method for providing content to an internet user based on the user's demonstrated content preferences |
| US8175889B1 (en) | 2005-04-06 | 2012-05-08 | Experian Information Solutions, Inc. | Systems and methods for tracking changes of address based on service disconnect/connect data |
| US7774332B2 (en) * | 2005-04-12 | 2010-08-10 | International Business Machines Corporation | Enabling interactive integration of network-accessible applications in a content aggregation framework |
| KR100857019B1 (en) * | 2005-04-19 | 2008-09-05 | 주식회사 엘지화학 | Mechanically and Electrically Connecting Member |
| WO2006124841A2 (en) * | 2005-05-17 | 2006-11-23 | Telcordia Technologies, Inc. | Secure virtual point of service for 3g wireless networks |
| US8074214B2 (en) | 2005-05-19 | 2011-12-06 | Oracle International Corporation | System for creating a customized software installation on demand |
| US7702912B2 (en) * | 2005-05-19 | 2010-04-20 | Novell, Inc. | Secure systems management |
| US8352935B2 (en) | 2005-05-19 | 2013-01-08 | Novell, Inc. | System for creating a customized software distribution based on user requirements |
| US7401731B1 (en) | 2005-05-27 | 2008-07-22 | Jpmorgan Chase Bank, Na | Method and system for implementing a card product with multiple customized relationships |
| US8185877B1 (en) | 2005-06-22 | 2012-05-22 | Jpmorgan Chase Bank, N.A. | System and method for testing applications |
| CN101253526B (en) * | 2005-08-11 | 2011-10-19 | 康塔网络公司 | Method and system for placement and pricing of internet-based advertisements or services |
| US8583926B1 (en) | 2005-09-19 | 2013-11-12 | Jpmorgan Chase Bank, N.A. | System and method for anti-phishing authentication |
| US7493329B2 (en) * | 2005-11-17 | 2009-02-17 | Bea Systems, Inc. | System and method for providing generic controls in a communities framework |
| US8185643B2 (en) * | 2005-11-17 | 2012-05-22 | Oracle International Corporation | System and method for providing security in a communities framework |
| US8046696B2 (en) * | 2005-11-17 | 2011-10-25 | Oracle International Corporation | System and method for providing active menus in a communities framework |
| US8078597B2 (en) * | 2005-11-17 | 2011-12-13 | Oracle International Corporation | System and method for providing extensible controls in a communities framework |
| US7590687B2 (en) * | 2005-11-17 | 2009-09-15 | Bea Systems, Inc. | System and method for providing notifications in a communities framework |
| US8255818B2 (en) * | 2005-11-17 | 2012-08-28 | Oracle International Corporation | System and method for providing drag and drop functionality in a communities framework |
| US20070112799A1 (en) * | 2005-11-17 | 2007-05-17 | Bales Christopher E | System and method for providing resource interlinking for a communities framework |
| US7805459B2 (en) * | 2005-11-17 | 2010-09-28 | Bea Systems, Inc. | Extensible controls for a content data repository |
| US20070112913A1 (en) * | 2005-11-17 | 2007-05-17 | Bales Christopher E | System and method for displaying HTML content from portlet as a page element in a communites framework |
| US20070112781A1 (en) * | 2005-11-17 | 2007-05-17 | Mcmullen Cindy | System and method for providing search controls in a communities framework |
| US20070112798A1 (en) * | 2005-11-17 | 2007-05-17 | Bea Systems, Inc. | System and method for providing unique key stores for a communities framework |
| US7680927B2 (en) * | 2005-11-17 | 2010-03-16 | Bea Systems, Inc. | System and method for providing testing for a communities framework |
| US20070112856A1 (en) * | 2005-11-17 | 2007-05-17 | Aaron Schram | System and method for providing analytics for a communities framework |
| EA012795B1 (en) * | 2005-12-29 | 2009-12-30 | Регифи Аг | A communication system for providing the delivery of e-mail message |
| US20090012903A1 (en) * | 2006-01-26 | 2009-01-08 | Contextweb, Inc. | Online exchange for internet ad media |
| WO2007088785A1 (en) * | 2006-01-31 | 2007-08-09 | Hewlett-Packard Development Company, L.P. | Personal information leakage preventive device and method |
| US7784682B2 (en) | 2006-02-08 | 2010-08-31 | Jpmorgan Chase Bank, N.A. | System and method for granting promotional rewards to both customers and non-customers |
| US8408455B1 (en) | 2006-02-08 | 2013-04-02 | Jpmorgan Chase Bank, N.A. | System and method for granting promotional rewards to both customers and non-customers |
| US8676973B2 (en) * | 2006-03-07 | 2014-03-18 | Novell Intellectual Property Holdings, Inc. | Light-weight multi-user browser |
| US7753259B1 (en) | 2006-04-13 | 2010-07-13 | Jpmorgan Chase Bank, N.A. | System and method for granting promotional rewards to both customers and non-customers |
| JP4812508B2 (en) * | 2006-05-12 | 2011-11-09 | 富士通株式会社 | System that handles presence information |
| US8793490B1 (en) | 2006-07-14 | 2014-07-29 | Jpmorgan Chase Bank, N.A. | Systems and methods for multifactor authentication |
| US7730480B2 (en) | 2006-08-22 | 2010-06-01 | Novell, Inc. | System and method for creating a pattern installation by cloning software installed another computer |
| US7606752B2 (en) | 2006-09-07 | 2009-10-20 | Yodlee Inc. | Host exchange in bill paying services |
| US10614459B2 (en) | 2006-10-02 | 2020-04-07 | Segmint, Inc. | Targeted marketing with CPE buydown |
| WO2008042853A2 (en) * | 2006-10-02 | 2008-04-10 | Russel Robert Ii Heiser | Personalized consumer advertising placement |
| US8874465B2 (en) | 2006-10-02 | 2014-10-28 | Russel Robert Heiser, III | Method and system for targeted content placement |
| US20080249951A1 (en) * | 2006-10-10 | 2008-10-09 | Gilder Clark S | Security systems and methods for digital payments |
| BRPI0719186A2 (en) * | 2006-10-12 | 2014-07-01 | Peter A Shapiro | METHOD AND SYSTEM TO MAKE ANONYMOUS VIRTUAL SHOPPING |
| US9355273B2 (en) * | 2006-12-18 | 2016-05-31 | Bank Of America, N.A., As Collateral Agent | System and method for the protection and de-identification of health care data |
| US8620952B2 (en) | 2007-01-03 | 2013-12-31 | Carhamm Ltd., Llc | System for database reporting |
| US8156557B2 (en) * | 2007-01-04 | 2012-04-10 | Cisco Technology, Inc. | Protection against reflection distributed denial of service attacks |
| US7873710B2 (en) * | 2007-02-06 | 2011-01-18 | 5O9, Inc. | Contextual data communication platform |
| US8763136B2 (en) * | 2007-03-22 | 2014-06-24 | Red Hat, Inc. | Privacy enhanced browser |
| US8301787B2 (en) * | 2007-03-22 | 2012-10-30 | Red Hat, Inc. | Selective use of anonymous proxies |
| US8285656B1 (en) | 2007-03-30 | 2012-10-09 | Consumerinfo.Com, Inc. | Systems and methods for data verification |
| US20080271121A1 (en) * | 2007-04-27 | 2008-10-30 | Heather Maria Hinton | External user lifecycle management for federated environments |
| US8473735B1 (en) | 2007-05-17 | 2013-06-25 | Jpmorgan Chase | Systems and methods for managing digital certificates |
| US8676642B1 (en) | 2007-07-05 | 2014-03-18 | Jpmorgan Chase Bank, N.A. | System and method for granting promotional rewards to financial account holders |
| US9392074B2 (en) | 2007-07-07 | 2016-07-12 | Qualcomm Incorporated | User profile generation architecture for mobile content-message targeting |
| US9497286B2 (en) | 2007-07-07 | 2016-11-15 | Qualcomm Incorporated | Method and system for providing targeted information based on a user profile in a mobile environment |
| US20090048977A1 (en) * | 2007-07-07 | 2009-02-19 | Qualcomm Incorporated | User profile generation architecture for targeted content distribution using external processes |
| US20090086963A1 (en) * | 2007-09-28 | 2009-04-02 | Matson Systems, Inc. | Systems and Methods for Protecting the Anonymity of Entities |
| US7689627B2 (en) * | 2007-10-15 | 2010-03-30 | Yahoo! Inc. | Identity management |
| US8417601B1 (en) | 2007-10-18 | 2013-04-09 | Jpmorgan Chase Bank, N.A. | Variable rate payment card |
| US8549279B1 (en) | 2007-10-23 | 2013-10-01 | United Parcel Service Of America, Inc. | Encryption and tokenization architectures |
| US9203911B2 (en) | 2007-11-14 | 2015-12-01 | Qualcomm Incorporated | Method and system for using a cache miss state match indicator to determine user suitability of targeted content messages in a mobile environment |
| US9990674B1 (en) | 2007-12-14 | 2018-06-05 | Consumerinfo.Com, Inc. | Card registry systems and methods |
| US20090177530A1 (en) | 2007-12-14 | 2009-07-09 | Qualcomm Incorporated | Near field communication transactions in a mobile environment |
| US8127986B1 (en) | 2007-12-14 | 2012-03-06 | Consumerinfo.Com, Inc. | Card registry systems and methods |
| US8321682B1 (en) | 2008-01-24 | 2012-11-27 | Jpmorgan Chase Bank, N.A. | System and method for generating and managing administrator passwords |
| US8923806B2 (en) | 2008-03-14 | 2014-12-30 | William J. Johnson | System and method for presenting application data by data processing system(s) in a vicinity |
| US8634796B2 (en) | 2008-03-14 | 2014-01-21 | William J. Johnson | System and method for location based exchanges of data facilitating distributed location applications |
| US8639267B2 (en) | 2008-03-14 | 2014-01-28 | William J. Johnson | System and method for location based exchanges of data facilitating distributed locational applications |
| US8761751B2 (en) | 2008-03-14 | 2014-06-24 | William J. Johnson | System and method for targeting data processing system(s) with data |
| US8566839B2 (en) | 2008-03-14 | 2013-10-22 | William J. Johnson | System and method for automated content presentation objects |
| US8600341B2 (en) | 2008-03-14 | 2013-12-03 | William J. Johnson | System and method for location based exchanges of data facilitating distributed locational applications |
| US11120471B2 (en) | 2013-10-18 | 2021-09-14 | Segmint Inc. | Method and system for targeted content placement |
| US11669866B2 (en) | 2008-03-17 | 2023-06-06 | Segmint Inc. | System and method for delivering a financial application to a prospective customer |
| EP2272037B1 (en) | 2008-03-17 | 2018-10-17 | Segmint Inc. | Method and system for targeted content placement |
| US8234159B2 (en) | 2008-03-17 | 2012-07-31 | Segmint Inc. | Method and system for targeted content placement |
| US11663631B2 (en) | 2008-03-17 | 2023-05-30 | Segmint Inc. | System and method for pulling a credit offer on bank's pre-approved property |
| US10885552B2 (en) | 2008-03-17 | 2021-01-05 | Segmint, Inc. | Method and system for targeted content placement |
| US11138632B2 (en) | 2008-03-17 | 2021-10-05 | Segmint Inc. | System and method for authenticating a customer for a pre-approved offer of credit |
| US7729940B2 (en) | 2008-04-14 | 2010-06-01 | Tra, Inc. | Analyzing return on investment of advertising campaigns by matching multiple data sources |
| US8000993B2 (en) * | 2008-04-14 | 2011-08-16 | Tra, Inc. | Using consumer purchase behavior for television targeting |
| US8261334B2 (en) | 2008-04-25 | 2012-09-04 | Yodlee Inc. | System for performing web authentication of a user by proxy |
| US8312033B1 (en) | 2008-06-26 | 2012-11-13 | Experian Marketing Solutions, Inc. | Systems and methods for providing an integrated identifier |
| USD635186S1 (en) | 2008-06-30 | 2011-03-29 | Jpmorgan Chase Bank, N.A. | Metal transaction device |
| US9305292B1 (en) | 2008-07-03 | 2016-04-05 | Jpmorgan Chase Bank, N.A. | Systems and methods for providing an adaptable transponder device |
| USD636021S1 (en) | 2008-07-17 | 2011-04-12 | Jpmorgan Chase Bank, N.A. | Eco-friendly transaction device |
| EP2329444A4 (en) * | 2008-07-22 | 2011-11-09 | Contextweb Inc | New open insertion order system to interface with an exchange for internet ad media |
| US9256904B1 (en) | 2008-08-14 | 2016-02-09 | Experian Information Solutions, Inc. | Multi-bureau credit file freeze and unfreeze |
| CN101662460B (en) | 2008-08-25 | 2015-07-15 | 阿里巴巴集团控股有限公司 | Method, system and device for cross-domain communication |
| US8447669B2 (en) | 2008-08-26 | 2013-05-21 | Visa U.S.A. Inc. | System and method for implementing financial assistance programs |
| WO2010023496A1 (en) * | 2008-08-27 | 2010-03-04 | Telefonaktiebolaget Lm Ericsson (Publ) | Peer to peer network |
| US8463897B2 (en) | 2008-10-09 | 2013-06-11 | At&T Intellectual Property I, L.P. | Systems and methods to emulate user network activity |
| KR101011326B1 (en) * | 2008-10-24 | 2011-01-28 | 이혁 | System, server and method for communication relay |
| US20100114607A1 (en) * | 2008-11-04 | 2010-05-06 | Sdi Health Llc | Method and system for providing reports and segmentation of physician activities |
| US20100205297A1 (en) * | 2009-02-11 | 2010-08-12 | Gurusamy Sarathy | Systems and methods for dynamic detection of anonymizing proxies |
| US8695091B2 (en) * | 2009-02-11 | 2014-04-08 | Sophos Limited | Systems and methods for enforcing policies for proxy website detection using advertising account ID |
| US9734125B2 (en) | 2009-02-11 | 2017-08-15 | Sophos Limited | Systems and methods for enforcing policies in the discovery of anonymizing proxy communications |
| US20100205215A1 (en) * | 2009-02-11 | 2010-08-12 | Cook Robert W | Systems and methods for enforcing policies to block search engine queries for web-based proxy sites |
| US9141758B2 (en) * | 2009-02-20 | 2015-09-22 | Ims Health Incorporated | System and method for encrypting provider identifiers on medical service claim transactions |
| US8555359B2 (en) | 2009-02-26 | 2013-10-08 | Yodlee, Inc. | System and methods for automatically accessing a web site on behalf of a client |
| US20100229245A1 (en) * | 2009-03-05 | 2010-09-09 | Tara Chand Singhal | System of security that prevents abuse of identity data in global commerce via mobile wireless authorizations |
| WO2010132492A2 (en) | 2009-05-11 | 2010-11-18 | Experian Marketing Solutions, Inc. | Systems and methods for providing anonymized user profile data |
| US9608826B2 (en) | 2009-06-29 | 2017-03-28 | Jpmorgan Chase Bank, N.A. | System and method for partner key management |
| US20110225009A1 (en) * | 2010-03-12 | 2011-09-15 | Kress Andrew E | System and method for providing geographic prescription data |
| US9652802B1 (en) | 2010-03-24 | 2017-05-16 | Consumerinfo.Com, Inc. | Indirect monitoring and reporting of a user's credit data |
| CN114169909A (en) | 2010-05-10 | 2022-03-11 | 塞戈米特公司 | Method, system, and processor for enabling a customer to store an offer |
| WO2011143176A1 (en) | 2010-05-10 | 2011-11-17 | Segmint, Inc. | Targeted marketing to on-hold customer |
| JP5183681B2 (en) * | 2010-06-30 | 2013-04-17 | ヤフー株式会社 | Program and method for returning security token |
| US8931058B2 (en) | 2010-07-01 | 2015-01-06 | Experian Information Solutions, Inc. | Systems and methods for permission arbitrated transaction services |
| US8744956B1 (en) | 2010-07-01 | 2014-06-03 | Experian Information Solutions, Inc. | Systems and methods for permission arbitrated transaction services |
| US8886773B2 (en) | 2010-08-14 | 2014-11-11 | The Nielsen Company (Us), Llc | Systems, methods, and apparatus to monitor mobile internet activity |
| US8910259B2 (en) | 2010-08-14 | 2014-12-09 | The Nielsen Company (Us), Llc | Systems, methods, and apparatus to monitor mobile internet activity |
| US20120209677A1 (en) | 2010-10-20 | 2012-08-16 | Mehta Kaushal N | Person-2-person social network marketing apparatuses, methods and systems |
| US8930262B1 (en) | 2010-11-02 | 2015-01-06 | Experian Technology Ltd. | Systems and methods of assisted strategy design |
| US8484186B1 (en) | 2010-11-12 | 2013-07-09 | Consumerinfo.Com, Inc. | Personalized people finder |
| US9147042B1 (en) | 2010-11-22 | 2015-09-29 | Experian Information Solutions, Inc. | Systems and methods for data verification |
| EP2472820B1 (en) * | 2010-12-31 | 2016-04-20 | Regify S.A. | Network, node and method for anonymizing and routing a user request |
| US20120191790A1 (en) * | 2011-01-24 | 2012-07-26 | appMobi, Inc. | Web-Based Push Messaging Methods and Systems |
| WO2012106655A2 (en) | 2011-02-05 | 2012-08-09 | Visa International Service Association | Merchant-consumer bridging platform apparatuses, methods and systems |
| WO2012109628A2 (en) | 2011-02-10 | 2012-08-16 | Visa International Service Assocation | Electronic coupon issuance and redemption apparatuses, methods and systems |
| US10586227B2 (en) | 2011-02-16 | 2020-03-10 | Visa International Service Association | Snap mobile payment apparatuses, methods and systems |
| SG193481A1 (en) | 2011-02-16 | 2013-10-30 | Visa Int Service Ass | Snap mobile payment apparatuses, methods and systems |
| WO2012116125A1 (en) | 2011-02-22 | 2012-08-30 | Visa International Service Association | Universal electronic payment apparatuses, methods and systems |
| AU2012223415B2 (en) | 2011-02-28 | 2017-05-18 | Visa International Service Association | Secure anonymous transaction apparatuses, methods and systems |
| WO2012122060A1 (en) | 2011-03-04 | 2012-09-13 | Visa International Service Association | Cloud service facilitator apparatuses, methods and systems |
| US9256874B2 (en) | 2011-04-15 | 2016-02-09 | Shift4 Corporation | Method and system for enabling merchants to share tokens |
| US9818111B2 (en) * | 2011-04-15 | 2017-11-14 | Shift4 Corporation | Merchant-based token sharing |
| US8688589B2 (en) | 2011-04-15 | 2014-04-01 | Shift4 Corporation | Method and system for utilizing authorization factor pools |
| US9558519B1 (en) | 2011-04-29 | 2017-01-31 | Consumerinfo.Com, Inc. | Exposing reporting cycle information |
| US9646291B2 (en) | 2011-05-11 | 2017-05-09 | Visa International Service Association | Electronic receipt manager apparatuses, methods and systems |
| WO2012162815A1 (en) | 2011-06-02 | 2012-12-06 | Surfeasy Inc. | Proxy based network communications |
| US10509841B2 (en) * | 2011-06-06 | 2019-12-17 | International Business Machines Corporation | Inferred user identity in content distribution |
| US8504723B2 (en) * | 2011-06-15 | 2013-08-06 | Juniper Networks, Inc. | Routing proxy for resource requests and resources |
| US9363327B2 (en) | 2011-06-15 | 2016-06-07 | Juniper Networks, Inc. | Network integrated dynamic resource routing |
| US9571566B2 (en) | 2011-06-15 | 2017-02-14 | Juniper Networks, Inc. | Terminating connections and selecting target source devices for resource requests |
| US9124920B2 (en) | 2011-06-29 | 2015-09-01 | The Nielson Company (Us), Llc | Methods, apparatus, and articles of manufacture to identify media presentation devices |
| US9621406B2 (en) | 2011-06-30 | 2017-04-11 | Amazon Technologies, Inc. | Remote browsing session management |
| US8594617B2 (en) | 2011-06-30 | 2013-11-26 | The Nielsen Company (Us), Llc | Systems, methods, and apparatus to monitor mobile internet activity |
| US8577963B2 (en) | 2011-06-30 | 2013-11-05 | Amazon Technologies, Inc. | Remote browsing session between client browser and network based browser |
| US8799412B2 (en) | 2011-06-30 | 2014-08-05 | Amazon Technologies, Inc. | Remote browsing session management |
| US10121129B2 (en) | 2011-07-05 | 2018-11-06 | Visa International Service Association | Electronic wallet checkout platform apparatuses, methods and systems |
| US9582598B2 (en) | 2011-07-05 | 2017-02-28 | Visa International Service Association | Hybrid applications utilizing distributed models and views apparatuses, methods and systems |
| US9355393B2 (en) | 2011-08-18 | 2016-05-31 | Visa International Service Association | Multi-directional wallet connector apparatuses, methods and systems |
| US10438176B2 (en) | 2011-07-17 | 2019-10-08 | Visa International Service Association | Multiple merchant payment processor platform apparatuses, methods and systems |
| US9240010B2 (en) | 2011-07-28 | 2016-01-19 | Iii Holdings 1, Llc | Systems and methods for generating and using a digital pass |
| US9037696B2 (en) | 2011-08-16 | 2015-05-19 | Amazon Technologies, Inc. | Managing information associated with network resources |
| US10242358B2 (en) | 2011-08-18 | 2019-03-26 | Visa International Service Association | Remote decoupled application persistent state apparatuses, methods and systems |
| US9710807B2 (en) | 2011-08-18 | 2017-07-18 | Visa International Service Association | Third-party value added wallet features and interfaces apparatuses, methods and systems |
| US10825001B2 (en) | 2011-08-18 | 2020-11-03 | Visa International Service Association | Multi-directional wallet connector apparatuses, methods and systems |
| US10318941B2 (en) | 2011-12-13 | 2019-06-11 | Visa International Service Association | Payment platform interface widget generation apparatuses, methods and systems |
| US9195768B2 (en) | 2011-08-26 | 2015-11-24 | Amazon Technologies, Inc. | Remote browsing session management |
| US10089403B1 (en) | 2011-08-31 | 2018-10-02 | Amazon Technologies, Inc. | Managing network based storage |
| CN102955824A (en) | 2011-08-31 | 2013-03-06 | 国际商业机器公司 | Privacy searching method, privacy searching equipment and computer equipment |
| US9117225B2 (en) | 2011-09-16 | 2015-08-25 | Visa International Service Association | Apparatuses, methods and systems for transforming user infrastructure requests inputs to infrastructure design product and infrastructure allocation outputs |
| US10223730B2 (en) | 2011-09-23 | 2019-03-05 | Visa International Service Association | E-wallet store injection search apparatuses, methods and systems |
| US9641637B1 (en) | 2011-09-27 | 2017-05-02 | Amazon Technologies, Inc. | Network resource optimization |
| US9178955B1 (en) | 2011-09-27 | 2015-11-03 | Amazon Technologies, Inc. | Managing network based content |
| US8914514B1 (en) | 2011-09-27 | 2014-12-16 | Amazon Technologies, Inc. | Managing network based content |
| US8589385B2 (en) | 2011-09-27 | 2013-11-19 | Amazon Technologies, Inc. | Historical browsing session management |
| US9383958B1 (en) | 2011-09-27 | 2016-07-05 | Amazon Technologies, Inc. | Remote co-browsing session management |
| US10693991B1 (en) | 2011-09-27 | 2020-06-23 | Amazon Technologies, Inc. | Remote browsing session management |
| US9152970B1 (en) | 2011-09-27 | 2015-10-06 | Amazon Technologies, Inc. | Remote co-browsing session management |
| US8615431B1 (en) | 2011-09-29 | 2013-12-24 | Amazon Technologies, Inc. | Network content message placement management |
| US20130097046A1 (en) * | 2011-10-14 | 2013-04-18 | Balachander Krishnamurthy | System and Method of Providing Transactional Privacy |
| GB2495797B (en) | 2011-10-19 | 2013-11-20 | Ibm | Protecting privacy when communicating with a web server |
| US11030562B1 (en) | 2011-10-31 | 2021-06-08 | Consumerinfo.Com, Inc. | Pre-data breach monitoring |
| US9313100B1 (en) | 2011-11-14 | 2016-04-12 | Amazon Technologies, Inc. | Remote browsing session management |
| US8972477B1 (en) | 2011-12-01 | 2015-03-03 | Amazon Technologies, Inc. | Offline browsing session management |
| US9009334B1 (en) | 2011-12-09 | 2015-04-14 | Amazon Technologies, Inc. | Remote browsing session management |
| US9117002B1 (en) | 2011-12-09 | 2015-08-25 | Amazon Technologies, Inc. | Remote browsing session management |
| US9953378B2 (en) | 2012-04-27 | 2018-04-24 | Visa International Service Association | Social checkout widget generation and integration apparatuses, methods and systems |
| WO2013090611A2 (en) | 2011-12-13 | 2013-06-20 | Visa International Service Association | Dynamic widget generator apparatuses, methods and systems |
| US9330188B1 (en) | 2011-12-22 | 2016-05-03 | Amazon Technologies, Inc. | Shared browsing sessions |
| US9339691B2 (en) | 2012-01-05 | 2016-05-17 | Icon Health & Fitness, Inc. | System and method for controlling an exercise device |
| US10223710B2 (en) | 2013-01-04 | 2019-03-05 | Visa International Service Association | Wearable intelligent vision device apparatuses, methods and systems |
| US11308227B2 (en) | 2012-01-09 | 2022-04-19 | Visa International Service Association | Secure dynamic page content and layouts apparatuses, methods and systems |
| US10262148B2 (en) | 2012-01-09 | 2019-04-16 | Visa International Service Association | Secure dynamic page content and layouts apparatuses, methods and systems |
| US9509783B1 (en) | 2012-01-26 | 2016-11-29 | Amazon Technlogogies, Inc. | Customized browser images |
| US8627195B1 (en) | 2012-01-26 | 2014-01-07 | Amazon Technologies, Inc. | Remote browsing and searching |
| US8839087B1 (en) | 2012-01-26 | 2014-09-16 | Amazon Technologies, Inc. | Remote browsing and searching |
| US9092405B1 (en) | 2012-01-26 | 2015-07-28 | Amazon Technologies, Inc. | Remote browsing and searching |
| US9336321B1 (en) | 2012-01-26 | 2016-05-10 | Amazon Technologies, Inc. | Remote browsing and searching |
| US9087024B1 (en) | 2012-01-26 | 2015-07-21 | Amazon Technologies, Inc. | Narration of network content |
| AU2013214801B2 (en) | 2012-02-02 | 2018-06-21 | Visa International Service Association | Multi-source, multi-dimensional, cross-entity, multimedia database platform apparatuses, methods and systems |
| US9183258B1 (en) | 2012-02-10 | 2015-11-10 | Amazon Technologies, Inc. | Behavior based processing of content |
| US9037975B1 (en) | 2012-02-10 | 2015-05-19 | Amazon Technologies, Inc. | Zooming interaction tracking and popularity determination |
| US9137210B1 (en) | 2012-02-21 | 2015-09-15 | Amazon Technologies, Inc. | Remote browsing session management |
| US9208316B1 (en) | 2012-02-27 | 2015-12-08 | Amazon Technologies, Inc. | Selective disabling of content portions |
| US10296558B1 (en) | 2012-02-27 | 2019-05-21 | Amazon Technologies, Inc. | Remote generation of composite content pages |
| US9374244B1 (en) | 2012-02-27 | 2016-06-21 | Amazon Technologies, Inc. | Remote browsing session management |
| CA2879180A1 (en) | 2012-03-07 | 2013-09-12 | Snap Trends, Inc. | Methods and systems of aggregating information of social networks based on geographical locations via a network |
| US20130254830A1 (en) * | 2012-03-22 | 2013-09-26 | Madhav Moganti | Apparatus and method for assuring communications of corporate users |
| US9460220B1 (en) | 2012-03-26 | 2016-10-04 | Amazon Technologies, Inc. | Content selection based on target device characteristics |
| US9307004B1 (en) | 2012-03-28 | 2016-04-05 | Amazon Technologies, Inc. | Prioritized content transmission |
| US9772979B1 (en) | 2012-08-08 | 2017-09-26 | Amazon Technologies, Inc. | Reproducing user browsing sessions |
| US8943197B1 (en) | 2012-08-16 | 2015-01-27 | Amazon Technologies, Inc. | Automated content update notification |
| US9060031B1 (en) | 2012-10-18 | 2015-06-16 | Amazon Technologies, Inc. | Anonymized personalization of network content |
| US20140115715A1 (en) * | 2012-10-23 | 2014-04-24 | Babak PASDAR | System and method for controlling, obfuscating and anonymizing data and services when using provider services |
| US10255598B1 (en) | 2012-12-06 | 2019-04-09 | Consumerinfo.Com, Inc. | Credit card account data extraction |
| JP6043630B2 (en) * | 2013-01-11 | 2016-12-14 | Kddi株式会社 | Terminal device, program, and advertisement display method |
| US9910902B1 (en) * | 2013-02-22 | 2018-03-06 | Facebook, Inc. | Anonymizing user identifiable information |
| US9032206B2 (en) | 2013-02-25 | 2015-05-12 | Surfeasy, Inc. | Rule sets for client-applied encryption in communications networks |
| US9697263B1 (en) | 2013-03-04 | 2017-07-04 | Experian Information Solutions, Inc. | Consumer data request fulfillment system |
| US9923897B2 (en) * | 2013-03-06 | 2018-03-20 | Surfeasy, Inc. | Edge server selection for enhanced services network |
| US9254409B2 (en) | 2013-03-14 | 2016-02-09 | Icon Health & Fitness, Inc. | Strength training apparatus with flywheel and related methods |
| US9419957B1 (en) | 2013-03-15 | 2016-08-16 | Jpmorgan Chase Bank, N.A. | Confidence-based authentication |
| US10356579B2 (en) | 2013-03-15 | 2019-07-16 | The Nielsen Company (Us), Llc | Methods and apparatus to credit usage of mobile devices |
| US9301173B2 (en) | 2013-03-15 | 2016-03-29 | The Nielsen Company (Us), Llc | Methods and apparatus to credit internet usage |
| US20140297472A1 (en) * | 2013-03-27 | 2014-10-02 | Michael Joseph Ryan | Anonymous check-in at a merchant location |
| US9578137B1 (en) | 2013-06-13 | 2017-02-21 | Amazon Technologies, Inc. | System for enhancing script execution performance |
| US10152463B1 (en) | 2013-06-13 | 2018-12-11 | Amazon Technologies, Inc. | System for profiling page browsing interactions |
| US9477991B2 (en) | 2013-08-27 | 2016-10-25 | Snap Trends, Inc. | Methods and systems of aggregating information of geographic context regions of social networks based on geographical locations via a network |
| KR102115914B1 (en) * | 2013-09-17 | 2020-05-27 | 삼성전자주식회사 | Method for transmitting anonymous message and Message transmission system thereof |
| US9894489B2 (en) | 2013-09-30 | 2018-02-13 | William J. Johnson | System and method for situational proximity observation alerting privileged recipients |
| JPWO2015072084A1 (en) * | 2013-11-12 | 2017-03-16 | 日本電気株式会社 | Anonymization device, information processing system, anonymization method, information processing method, and computer program |
| US10102536B1 (en) | 2013-11-15 | 2018-10-16 | Experian Information Solutions, Inc. | Micro-geographic aggregation system |
| US9529851B1 (en) | 2013-12-02 | 2016-12-27 | Experian Information Solutions, Inc. | Server architecture for electronic data quality processing |
| WO2015100429A1 (en) | 2013-12-26 | 2015-07-02 | Icon Health & Fitness, Inc. | Magnetic resistance mechanism in a cable machine |
| US9692753B2 (en) * | 2014-01-17 | 2017-06-27 | Safecard, Llc | Password encode card system and method |
| US10148726B1 (en) | 2014-01-24 | 2018-12-04 | Jpmorgan Chase Bank, N.A. | Initiating operating system commands based on browser cookies |
| US10262362B1 (en) | 2014-02-14 | 2019-04-16 | Experian Information Solutions, Inc. | Automatic generation of code for attributes |
| WO2015138339A1 (en) | 2014-03-10 | 2015-09-17 | Icon Health & Fitness, Inc. | Pressure sensor to quantify work |
| US9449346B1 (en) | 2014-05-21 | 2016-09-20 | Plaid Technologies, Inc. | System and method for programmatically accessing financial data |
| US9595023B1 (en) | 2014-05-21 | 2017-03-14 | Plaid Technologies, Inc. | System and method for facilitating programmatic verification of transactions |
| US10426989B2 (en) | 2014-06-09 | 2019-10-01 | Icon Health & Fitness, Inc. | Cable system incorporated into a treadmill |
| US9635041B1 (en) * | 2014-06-16 | 2017-04-25 | Amazon Technologies, Inc. | Distributed split browser content inspection and analysis |
| WO2015195965A1 (en) | 2014-06-20 | 2015-12-23 | Icon Health & Fitness, Inc. | Post workout massage device |
| US11257117B1 (en) | 2014-06-25 | 2022-02-22 | Experian Information Solutions, Inc. | Mobile device sighting location analytics and profiling system |
| US9372987B1 (en) * | 2014-08-04 | 2016-06-21 | Anonyome Labs, Inc. | Apparatus and method for masking a real user controlling synthetic identities |
| US10178106B1 (en) * | 2014-10-06 | 2019-01-08 | Anonyome Labs, Inc. | Apparatus and method for identifying and warning of synthetic identity behavior that reduces user privacy |
| US9762688B2 (en) | 2014-10-31 | 2017-09-12 | The Nielsen Company (Us), Llc | Methods and apparatus to improve usage crediting in mobile devices |
| US11423420B2 (en) | 2015-02-06 | 2022-08-23 | The Nielsen Company (Us), Llc | Methods and apparatus to credit media presentations for online media distributions |
| US11216468B2 (en) | 2015-02-08 | 2022-01-04 | Visa International Service Association | Converged merchant processing apparatuses, methods and systems |
| US10391361B2 (en) | 2015-02-27 | 2019-08-27 | Icon Health & Fitness, Inc. | Simulating real-world terrain on an exercise device |
| AU2016321166B2 (en) | 2015-09-08 | 2021-07-15 | Plaid Inc. | Secure permissioning of access to user accounts, including secure deauthorization of access to user accounts |
| US9767309B1 (en) | 2015-11-23 | 2017-09-19 | Experian Information Solutions, Inc. | Access control system for implementing access restrictions of regulated database records while identifying and providing indicators of regulated database records matching validation criteria |
| US10757154B1 (en) | 2015-11-24 | 2020-08-25 | Experian Information Solutions, Inc. | Real-time event-based notification system |
| US10726491B1 (en) | 2015-12-28 | 2020-07-28 | Plaid Inc. | Parameter-based computer evaluation of user accounts based on user account data stored in one or more databases |
| US10984468B1 (en) | 2016-01-06 | 2021-04-20 | Plaid Inc. | Systems and methods for estimating past and prospective attribute values associated with a user account |
| US10272317B2 (en) | 2016-03-18 | 2019-04-30 | Icon Health & Fitness, Inc. | Lighted pace feature in a treadmill |
| US10493349B2 (en) | 2016-03-18 | 2019-12-03 | Icon Health & Fitness, Inc. | Display on exercise device |
| US10625137B2 (en) | 2016-03-18 | 2020-04-21 | Icon Health & Fitness, Inc. | Coordinated displays in an exercise device |
| US10671705B2 (en) | 2016-09-28 | 2020-06-02 | Icon Health & Fitness, Inc. | Customizing recipe recommendations |
| US10455037B2 (en) | 2016-12-14 | 2019-10-22 | International Business Machines Corporation | Systems and methods to anonymize web browsing |
| US10455413B2 (en) | 2016-12-14 | 2019-10-22 | International Business Machines Corporation | Systems and methods to anonymize web browsing |
| CN116205724A (en) | 2017-01-31 | 2023-06-02 | 益百利信息解决方案公司 | Large scale heterogeneous data ingestion and user resolution |
| US11501258B1 (en) * | 2017-03-03 | 2022-11-15 | Indeed, Inc. | Systems and methods for mediating job applications between user devices and application tracking systems |
| US10467551B2 (en) | 2017-06-12 | 2019-11-05 | Ford Motor Company | Portable privacy management |
| US10735183B1 (en) | 2017-06-30 | 2020-08-04 | Experian Information Solutions, Inc. | Symmetric encryption for private smart contracts among multiple parties in a private peer-to-peer network |
| US10878421B2 (en) | 2017-07-22 | 2020-12-29 | Plaid Inc. | Data verified deposits |
| US11468085B2 (en) | 2017-07-22 | 2022-10-11 | Plaid Inc. | Browser-based aggregation |
| EP3767495B1 (en) | 2017-08-28 | 2023-04-19 | Bright Data Ltd. | Method for improving content fetching by selecting tunnel devices |
| US11190374B2 (en) | 2017-08-28 | 2021-11-30 | Bright Data Ltd. | System and method for improving content fetching by selecting tunnel devices |
| US10664538B1 (en) | 2017-09-26 | 2020-05-26 | Amazon Technologies, Inc. | Data security and data access auditing for network accessible content |
| US10726095B1 (en) | 2017-09-26 | 2020-07-28 | Amazon Technologies, Inc. | Network content layout using an intermediary system |
| US10810324B2 (en) | 2018-04-20 | 2020-10-20 | At&T Intellectual Property I, L.P. | Methods, systems and algorithms for providing anonymization |
| IL278228B2 (en) * | 2018-04-26 | 2023-11-01 | Seclous Gmbh | Methods for multi-factor access control in anonymous systems |
| US10963434B1 (en) | 2018-09-07 | 2021-03-30 | Experian Information Solutions, Inc. | Data architecture for supporting multiple search models |
| US11316862B1 (en) | 2018-09-14 | 2022-04-26 | Plaid Inc. | Secure authorization of access to user accounts by one or more authorization mechanisms |
| WO2020146667A1 (en) | 2019-01-11 | 2020-07-16 | Experian Information Solutions, Inc. | Systems and methods for secure data aggregation and computation |
| EP4236263A3 (en) | 2019-02-25 | 2023-09-06 | Bright Data Ltd. | System and method for url fetching retry mechanism |
| EP4030318A1 (en) | 2019-04-02 | 2022-07-20 | Bright Data Ltd. | System and method for managing non-direct url fetching service |
| US11941065B1 (en) | 2019-09-13 | 2024-03-26 | Experian Information Solutions, Inc. | Single identifier platform for storing entity data |
| US11682041B1 (en) | 2020-01-13 | 2023-06-20 | Experian Marketing Solutions, Llc | Systems and methods of a tracking analytics platform |
| US11887069B2 (en) | 2020-05-05 | 2024-01-30 | Plaid Inc. | Secure updating of allocations to user accounts |
| US11727140B2 (en) | 2020-05-14 | 2023-08-15 | Microsoft Technology Licensing, Llc | Secured use of private user data by third party data consumers |
| US11455420B2 (en) * | 2020-05-14 | 2022-09-27 | Microsoft Technology Licensing, Llc | Providing transparency and user control over use of browsing data |
| US11327960B1 (en) | 2020-10-16 | 2022-05-10 | Plaid Inc. | Systems and methods for data parsing |
| US11880377B1 (en) | 2021-03-26 | 2024-01-23 | Experian Information Solutions, Inc. | Systems and methods for entity resolution |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5550984A (en) * | 1994-12-07 | 1996-08-27 | Matsushita Electric Corporation Of America | Security system for preventing unauthorized communications between networks by translating communications received in ip protocol to non-ip protocol to remove address and routing services information |
| US5742762A (en) * | 1995-05-19 | 1998-04-21 | Telogy Networks, Inc. | Network management gateway |
| WO1997015885A1 (en) * | 1995-10-25 | 1997-05-01 | Open Market, Inc. | Managing transfers of information in a communications network |
| US5768391A (en) * | 1995-12-22 | 1998-06-16 | Mci Corporation | System and method for ensuring user privacy in network communications |
| US5673322A (en) * | 1996-03-22 | 1997-09-30 | Bell Communications Research, Inc. | System and method for providing protocol translation and filtering to access the world wide web from wireless or low-bandwidth networks |
| US5729537A (en) * | 1996-06-14 | 1998-03-17 | Telefonaktiebolaget L M Ericsson (Publ) | Method and apparatus for providing anonymous data transfer in a communication system |
-
1997
- 1997-01-22 US US08/787,557 patent/US5961593A/en not_active Expired - Lifetime
- 1997-11-27 CA CA002222480A patent/CA2222480C/en not_active Expired - Fee Related
-
1998
- 1998-01-13 DE DE69838769T patent/DE69838769T2/en not_active Expired - Lifetime
- 1998-01-13 EP EP98300205A patent/EP0855659B1/en not_active Expired - Lifetime
- 1998-01-22 JP JP10010779A patent/JPH10254807A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8959652B2 (en) | 2004-06-16 | 2015-02-17 | Dormarke Assets Limited Liability Company | Graduated authentication in an identity management system |
Also Published As
| Publication number | Publication date |
|---|---|
| CA2222480A1 (en) | 1998-07-22 |
| US5961593A (en) | 1999-10-05 |
| EP0855659B1 (en) | 2007-11-28 |
| JPH10254807A (en) | 1998-09-25 |
| DE69838769T2 (en) | 2008-11-20 |
| DE69838769D1 (en) | 2008-01-10 |
| EP0855659A1 (en) | 1998-07-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2222480C (en) | System and method for providing anonymous personalized browsing in a network | |
| US9917827B2 (en) | Internet server access control and monitoring systems | |
| US7120927B1 (en) | System and method for e-mail alias registration | |
| Reiter et al. | Anonymous web transactions with crowds | |
| AU2002340207B2 (en) | Verification of a person identifier received online | |
| US6496931B1 (en) | Anonymous web site user information communication method | |
| Kormann et al. | Risks of the passport single signon protocol | |
| US7610390B2 (en) | Distributed network identity | |
| US6175831B1 (en) | Method and apparatus for constructing a networking database and system | |
| US20060059161A1 (en) | Signaling apparatus and method | |
| US20140372176A1 (en) | Method and apparatus for anonymous data profiling | |
| US20030191721A1 (en) | System and method of associating communication devices to secure a commercial transaction over a network | |
| AU2002340207A1 (en) | Verification of a person identifier received online | |
| US20040236962A1 (en) | Method and apparatus for secure browser-based information service | |
| Pfitzmann et al. | Privacy in browser-based attribute exchange | |
| EP1161055A2 (en) | System and method of associating devices to secure commercial transactions performed over the internet | |
| CN1539231B (en) | Procedure and silicon chip on-board system for management of 'cookie' type data files | |
| Xavier | Web Technology & Design | |
| KR101507958B1 (en) | Method for Providing Mobile Webpage for Loading Mobile Messenger | |
| KR20020033891A (en) | unified web-page access system and its method | |
| Gabber et al. | The magazine archive includes every article published in Communications of the ACM for over the past 50 years. | |
| Payne et al. | c12) United States Patent | |
| AU4385300A (en) | Signalling apparatus and method | |
| CA2328036A1 (en) | System and method of associating devices to secure commercial transactions performed over the internet | |
| ZA200402931B (en) | Verification of a person identifier received online. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| MKLA | Lapsed |
Effective date: 20171127 |